PERFORCE change 137038 for review
Sam Leffler
sam at FreeBSD.org
Thu Mar 6 23:59:02 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=137038
Change 137038 by sam at sam_ebb on 2008/03/06 23:58:49
import hostapd 0.5.10
Affected files ...
.. //depot/projects/vap/contrib/hostapd/ChangeLog#3 edit
.. //depot/projects/vap/contrib/hostapd/README#3 edit
.. //depot/projects/vap/contrib/hostapd/aes_wrap.c#3 edit
.. //depot/projects/vap/contrib/hostapd/aes_wrap.h#3 edit
.. //depot/projects/vap/contrib/hostapd/common.c#3 edit
.. //depot/projects/vap/contrib/hostapd/common.h#3 edit
.. //depot/projects/vap/contrib/hostapd/driver_test.c#3 edit
.. //depot/projects/vap/contrib/hostapd/eap.c#3 edit
.. //depot/projects/vap/contrib/hostapd/eap.h#3 edit
.. //depot/projects/vap/contrib/hostapd/eap_aka.c#3 edit
.. //depot/projects/vap/contrib/hostapd/eap_gpsk.c#3 edit
.. //depot/projects/vap/contrib/hostapd/eap_gpsk_common.c#3 edit
.. //depot/projects/vap/contrib/hostapd/eap_gpsk_common.h#3 edit
.. //depot/projects/vap/contrib/hostapd/eap_sim.c#3 edit
.. //depot/projects/vap/contrib/hostapd/eap_sim_common.c#3 edit
.. //depot/projects/vap/contrib/hostapd/eap_sim_db.c#3 edit
.. //depot/projects/vap/contrib/hostapd/eap_tls_common.c#3 edit
.. //depot/projects/vap/contrib/hostapd/eapol_sm.c#3 edit
.. //depot/projects/vap/contrib/hostapd/hostapd.c#3 edit
.. //depot/projects/vap/contrib/hostapd/hostapd.conf#3 edit
.. //depot/projects/vap/contrib/hostapd/ieee802_11.c#3 edit
.. //depot/projects/vap/contrib/hostapd/ieee802_1x.c#3 edit
.. //depot/projects/vap/contrib/hostapd/ieee802_1x.h#3 edit
.. //depot/projects/vap/contrib/hostapd/madwifi.conf#3 edit
.. //depot/projects/vap/contrib/hostapd/os.h#3 edit
.. //depot/projects/vap/contrib/hostapd/os_unix.c#3 edit
.. //depot/projects/vap/contrib/hostapd/radius.c#3 edit
.. //depot/projects/vap/contrib/hostapd/radius.h#3 edit
.. //depot/projects/vap/contrib/hostapd/radius_client.c#3 edit
.. //depot/projects/vap/contrib/hostapd/radius_server.c#3 edit
.. //depot/projects/vap/contrib/hostapd/tls_openssl.c#3 edit
.. //depot/projects/vap/contrib/hostapd/version.h#3 edit
.. //depot/projects/vap/contrib/hostapd/wpa.c#3 edit
Differences ...
==== //depot/projects/vap/contrib/hostapd/ChangeLog#3 (text+ko) ====
@@ -1,5 +1,25 @@
ChangeLog for hostapd
+2008-02-19 - v0.5.10
+ * fixed EAP-SIM and EAP-AKA message parser to validate attribute
+ lengths properly to avoid potential crash caused by invalid messages
+ * fixed Reassociation Response callback processing when using internal
+ MLME (driver_{hostap,devicescape,test}.c)
+ * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
+ be used
+ * added a workaround for EAP-SIM/AKA peers that include incorrect null
+ termination in the username
+ * fixed EAP-SIM Start response processing for fast reauthentication
+ case
+ * copy optional Proxy-State attributes into RADIUS response when acting
+ as a RADIUS authentication server
+
+2007-12-02 - v0.5.9
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-07.txt)
+ * fixed debugging code not to use potentially unaligned read to fetch
+ IPv4 addresses
+
2007-05-28 - v0.5.8
* updated driver_devicescape.c to build with the current
wireless-dev.git tree and net/d80211 changes
==== //depot/projects/vap/contrib/hostapd/README#3 (text+ko) ====
@@ -2,7 +2,7 @@
Authenticator and RADIUS authentication server
================================================================
-Copyright (c) 2002-2007, Jouni Malinen <j at w1.fi> and contributors
+Copyright (c) 2002-2008, Jouni Malinen <j at w1.fi> and contributors
All Rights Reserved.
This program is dual-licensed under both the GPL version 2 and BSD
==== //depot/projects/vap/contrib/hostapd/aes_wrap.c#3 (text+ko) ====
@@ -7,7 +7,7 @@
* - AES-128 EAX mode encryption/decryption
* - AES-128 CBC
*
- * Copyright (c) 2003-2005, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2003-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -34,10 +34,11 @@
/**
* aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
- * @kek: Key encryption key (KEK)
- * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
- * @plain: Plaintext key to be wrapped, n * 64 bit
- * @cipher: Wrapped key, (n + 1) * 64 bit
+ * @kek: 16-octet Key encryption key (KEK)
+ * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
+ * bytes
+ * @plain: Plaintext key to be wrapped, n * 64 bits
+ * @cipher: Wrapped key, (n + 1) * 64 bits
* Returns: 0 on success, -1 on failure
*/
int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
@@ -93,9 +94,10 @@
/**
* aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
* @kek: Key encryption key (KEK)
- * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
- * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bit
- * @plain: Plaintext key, n * 64 bit
+ * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
+ * bytes
+ * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits
+ * @plain: Plaintext key, n * 64 bits
* Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
*/
int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
@@ -167,28 +169,45 @@
/**
- * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
+ * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
* @key: 128-bit key for the hash operation
- * @data: Data buffer for which a MAC is determined
- * @data: Length of data buffer in bytes
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
* Returns: 0 on success, -1 on failure
*/
-int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+int omac1_aes_128_vector(const u8 *key, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
{
void *ctx;
u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE];
- const u8 *pos = data;
- size_t i, left = data_len;
+ const u8 *pos, *end;
+ size_t i, e, left, total_len;
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memset(cbc, 0, BLOCK_SIZE);
+ total_len = 0;
+ for (e = 0; e < num_elem; e++)
+ total_len += len[e];
+ left = total_len;
+
+ e = 0;
+ pos = addr[0];
+ end = pos + len[0];
+
while (left >= BLOCK_SIZE) {
- for (i = 0; i < BLOCK_SIZE; i++)
+ for (i = 0; i < BLOCK_SIZE; i++) {
cbc[i] ^= *pos++;
+ if (pos >= end) {
+ e++;
+ pos = addr[e];
+ end = pos + len[e];
+ }
+ }
if (left > BLOCK_SIZE)
aes_encrypt(ctx, cbc, cbc);
left -= BLOCK_SIZE;
@@ -198,9 +217,15 @@
aes_encrypt(ctx, pad, pad);
gf_mulx(pad);
- if (left || data_len == 0) {
- for (i = 0; i < left; i++)
+ if (left || total_len == 0) {
+ for (i = 0; i < left; i++) {
cbc[i] ^= *pos++;
+ if (pos >= end) {
+ e++;
+ pos = addr[e];
+ end = pos + len[e];
+ }
+ }
cbc[left] ^= 0x80;
gf_mulx(pad);
}
@@ -212,6 +237,24 @@
return 0;
}
+
+/**
+ * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
+ * @key: 128-bit key for the hash operation
+ * @data: Data buffer for which a MAC is determined
+ * @data_len: Length of data buffer in bytes
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This is a mode for using block cipher (AES in this case) for authentication.
+ * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
+ * (SP) 800-38B.
+ */
+int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+{
+ return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
+}
+
#endif /* CONFIG_NO_AES_OMAC1 */
==== //depot/projects/vap/contrib/hostapd/aes_wrap.h#3 (text+ko) ====
@@ -7,7 +7,7 @@
* - AES-128 EAX mode encryption/decryption
* - AES-128 CBC
*
- * Copyright (c) 2003-2005, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2003-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -24,6 +24,8 @@
int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher);
int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain);
+int omac1_aes_128_vector(const u8 *key, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac);
int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac);
int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out);
int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
==== //depot/projects/vap/contrib/hostapd/common.c#3 (text+ko) ====
@@ -20,7 +20,6 @@
#ifdef CONFIG_DEBUG_FILE
static FILE *out_file = NULL;
#endif /* CONFIG_DEBUG_FILE */
-int wpa_debug_use_file = 0;
int wpa_debug_level = MSG_INFO;
int wpa_debug_show_keys = 0;
int wpa_debug_timestamp = 0;
@@ -344,32 +343,29 @@
}
-int wpa_debug_open_file(void)
+int wpa_debug_open_file(const char *path)
{
#ifdef CONFIG_DEBUG_FILE
- static int count = 0;
- char fname[64];
- if (!wpa_debug_use_file)
+ if (!path)
return 0;
-#ifdef _WIN32
- os_snprintf(fname, sizeof(fname), "\\Temp\\wpa_supplicant-log-%d.txt",
- count++);
-#else /* _WIN32 */
- os_snprintf(fname, sizeof(fname), "/tmp/wpa_supplicant-log-%d.txt",
- count++);
+ out_file = fopen(path, "a");
+ if (out_file == NULL) {
+ wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open "
+ "output file, using standard output");
+ return -1;
+ }
+#ifndef _WIN32
+ setvbuf(out_file, NULL, _IOLBF, 0);
#endif /* _WIN32 */
- out_file = fopen(fname, "w");
- return out_file == NULL ? -1 : 0;
-#else /* CONFIG_DEBUG_FILE */
+#endif /* CONFIG_DEBUG_FILE */
return 0;
-#endif /* CONFIG_DEBUG_FILE */
}
void wpa_debug_close_file(void)
{
#ifdef CONFIG_DEBUG_FILE
- if (!wpa_debug_use_file)
+ if (!out_file)
return;
fclose(out_file);
out_file = NULL;
==== //depot/projects/vap/contrib/hostapd/common.h#3 (text+ko) ====
@@ -264,12 +264,12 @@
#define wpa_hexdump_key(l,t,b,le) do { } while (0)
#define wpa_hexdump_ascii(l,t,b,le) do { } while (0)
#define wpa_hexdump_ascii_key(l,t,b,le) do { } while (0)
-#define wpa_debug_open_file() do { } while (0)
+#define wpa_debug_open_file(p) do { } while (0)
#define wpa_debug_close_file() do { } while (0)
#else /* CONFIG_NO_STDOUT_DEBUG */
-int wpa_debug_open_file(void);
+int wpa_debug_open_file(const char *path);
void wpa_debug_close_file(void);
/**
==== //depot/projects/vap/contrib/hostapd/driver_test.c#3 (text+ko) ====
@@ -170,9 +170,10 @@
u16 fc;
if (drv->test_socket < 0 || len < 10 || drv->socket_dir == NULL) {
- wpa_printf(MSG_DEBUG, "%s: invalid parameters (sock=%d len=%d "
- "socket_dir=%p)",
- __func__, drv->test_socket, len, drv->socket_dir);
+ wpa_printf(MSG_DEBUG, "%s: invalid parameters (sock=%d len=%lu"
+ " socket_dir=%p)",
+ __func__, drv->test_socket, (unsigned long) len,
+ drv->socket_dir);
return -1;
}
==== //depot/projects/vap/contrib/hostapd/eap.c#3 (text+ko) ====
@@ -10,8 +10,6 @@
* license.
*
* See README and COPYING for more details.
- *
- * $FreeBSD: src/contrib/hostapd/eap.c,v 1.4 2007/07/09 16:20:41 sam Exp $
*/
#include "includes.h"
==== //depot/projects/vap/contrib/hostapd/eap.h#3 (text+ko) ====
@@ -1,5 +1,3 @@
-/* $FreeBSD: src/contrib/hostapd/eap.h,v 1.4 2007/07/09 16:20:41 sam Exp $ */
-
/*
* hostapd / EAP Standalone Authenticator state machine (RFC 4137)
* Copyright (c) 2004-2005, Jouni Malinen <j at w1.fi>
==== //depot/projects/vap/contrib/hostapd/eap_aka.c#3 (text+ko) ====
@@ -1,6 +1,6 @@
/*
* hostapd / EAP-AKA (RFC 4187)
- * Copyright (c) 2005-2007, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2005-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -124,6 +124,14 @@
sm->identity_len)) {
wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
+ } else {
+ /*
+ * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is
+ * ignored and the AKA/Identity is used to request the
+ * identity.
+ */
+ wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ");
+ eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
}
return eap_sim_msg_finish(msg, reqDataLen, NULL, NULL, 0);
}
@@ -445,10 +453,16 @@
sm->method_pending = METHOD_PENDING_NONE;
}
+ identity_len = sm->identity_len;
+ while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
+ wpa_printf(MSG_DEBUG, "EAP-AKA: Workaround - drop last null "
+ "character from identity");
+ identity_len--;
+ }
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",
- sm->identity, sm->identity_len);
+ sm->identity, identity_len);
- eap_aka_derive_mk(sm->identity, sm->identity_len, data->ik, data->ck,
+ eap_aka_derive_mk(sm->identity, identity_len, data->ik, data->ck,
data->mk);
eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
data->emsk);
==== //depot/projects/vap/contrib/hostapd/eap_gpsk.c#3 (text+ko) ====
@@ -1,5 +1,5 @@
/*
- * hostapd / EAP-GPSK (draft-ietf-emu-eap-gpsk-03.txt) server
+ * hostapd / EAP-GPSK (draft-ietf-emu-eap-gpsk-08.txt) server
* Copyright (c) 2006-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
@@ -23,15 +23,15 @@
struct eap_gpsk_data {
enum { GPSK_1, GPSK_3, SUCCESS, FAILURE } state;
u8 rand_server[EAP_GPSK_RAND_LEN];
- u8 rand_client[EAP_GPSK_RAND_LEN];
+ u8 rand_peer[EAP_GPSK_RAND_LEN];
u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN];
u8 sk[EAP_GPSK_MAX_SK_LEN];
size_t sk_len;
u8 pk[EAP_GPSK_MAX_PK_LEN];
size_t pk_len;
- u8 *id_client;
- size_t id_client_len;
+ u8 *id_peer;
+ size_t id_peer_len;
u8 *id_server;
size_t id_server_len;
#define MAX_NUM_CSUITES 2
@@ -85,17 +85,17 @@
data->csuite_count = 0;
if (eap_gpsk_supported_ciphersuite(EAP_GPSK_VENDOR_IETF,
EAP_GPSK_CIPHER_AES)) {
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].vendor,
+ WPA_PUT_BE32(data->csuite_list[data->csuite_count].vendor,
EAP_GPSK_VENDOR_IETF);
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].specifier,
+ WPA_PUT_BE16(data->csuite_list[data->csuite_count].specifier,
EAP_GPSK_CIPHER_AES);
data->csuite_count++;
}
if (eap_gpsk_supported_ciphersuite(EAP_GPSK_VENDOR_IETF,
EAP_GPSK_CIPHER_SHA256)) {
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].vendor,
+ WPA_PUT_BE32(data->csuite_list[data->csuite_count].vendor,
EAP_GPSK_VENDOR_IETF);
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].specifier,
+ WPA_PUT_BE16(data->csuite_list[data->csuite_count].specifier,
EAP_GPSK_CIPHER_SHA256);
data->csuite_count++;
}
@@ -108,7 +108,7 @@
{
struct eap_gpsk_data *data = priv;
free(data->id_server);
- free(data->id_client);
+ free(data->id_peer);
free(data);
}
@@ -174,8 +174,8 @@
wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-3");
miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
- len = 1 + 2 * EAP_GPSK_RAND_LEN + sizeof(struct eap_gpsk_csuite) + 2 +
- miclen;
+ len = 1 + 2 * EAP_GPSK_RAND_LEN + 2 + data->id_server_len +
+ sizeof(struct eap_gpsk_csuite) + 2 + miclen;
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, reqDataLen,
len, EAP_CODE_REQUEST, id, &pos);
if (req == NULL) {
@@ -188,13 +188,18 @@
*pos++ = EAP_GPSK_OPCODE_GPSK_3;
start = pos;
- memcpy(pos, data->rand_client, EAP_GPSK_RAND_LEN);
+ memcpy(pos, data->rand_peer, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
memcpy(pos, data->rand_server, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
+ WPA_PUT_BE16(pos, data->id_server_len);
+ pos += 2;
+ if (data->id_server)
+ memcpy(pos, data->id_server, data->id_server_len);
+ pos += data->id_server_len;
csuite = (struct eap_gpsk_csuite *) pos;
- WPA_PUT_BE24(csuite->vendor, data->vendor);
- WPA_PUT_BE24(csuite->specifier, data->specifier);
+ WPA_PUT_BE32(csuite->vendor, data->vendor);
+ WPA_PUT_BE16(csuite->specifier, data->specifier);
pos += sizeof(*csuite);
/* no PD_Payload_2 */
@@ -282,7 +287,7 @@
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
- "ID_Client length");
+ "ID_Peer length");
eap_gpsk_state(data, FAILURE);
return;
}
@@ -290,21 +295,21 @@
pos += 2;
if (end - pos < alen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
- "ID_Client");
+ "ID_Peer");
eap_gpsk_state(data, FAILURE);
return;
}
- free(data->id_client);
- data->id_client = malloc(alen);
- if (data->id_client == NULL) {
+ free(data->id_peer);
+ data->id_peer = malloc(alen);
+ if (data->id_peer == NULL) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Not enough memory to store "
- "%d-octet ID_Client", alen);
+ "%d-octet ID_Peer", alen);
return;
}
- memcpy(data->id_client, pos, alen);
- data->id_client_len = alen;
- wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Client",
- data->id_client, data->id_client_len);
+ memcpy(data->id_peer, pos, alen);
+ data->id_peer_len = alen;
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Peer",
+ data->id_peer, data->id_peer_len);
pos += alen;
if (end - pos < 2) {
@@ -332,13 +337,13 @@
if (end - pos < EAP_GPSK_RAND_LEN) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
- "RAND_Client");
+ "RAND_Peer");
eap_gpsk_state(data, FAILURE);
return;
}
- memcpy(data->rand_client, pos, EAP_GPSK_RAND_LEN);
- wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Client",
- data->rand_client, EAP_GPSK_RAND_LEN);
+ memcpy(data->rand_peer, pos, EAP_GPSK_RAND_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer",
+ data->rand_peer, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
if (end - pos < EAP_GPSK_RAND_LEN) {
@@ -397,13 +402,13 @@
if (i == data->csuite_count) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Peer selected unsupported "
"ciphersuite %d:%d",
- WPA_GET_BE24(csuite->vendor),
- WPA_GET_BE24(csuite->specifier));
+ WPA_GET_BE32(csuite->vendor),
+ WPA_GET_BE16(csuite->specifier));
eap_gpsk_state(data, FAILURE);
return;
}
- data->vendor = WPA_GET_BE24(csuite->vendor);
- data->specifier = WPA_GET_BE24(csuite->specifier);
+ data->vendor = WPA_GET_BE32(csuite->vendor);
+ data->specifier = WPA_GET_BE16(csuite->specifier);
wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_Sel %d:%d",
data->vendor, data->specifier);
pos += sizeof(*csuite);
@@ -434,8 +439,8 @@
if (eap_gpsk_derive_keys(sm->user->password, sm->user->password_len,
data->vendor, data->specifier,
- data->rand_client, data->rand_server,
- data->id_client, data->id_client_len,
+ data->rand_peer, data->rand_server,
+ data->id_peer, data->id_peer_len,
data->id_server, data->id_server_len,
data->msk, data->emsk,
data->sk, &data->sk_len,
==== //depot/projects/vap/contrib/hostapd/eap_gpsk_common.c#3 (text+ko) ====
@@ -18,8 +18,9 @@
#include "eap_defs.h"
#include "aes_wrap.h"
#include "crypto.h"
-#include "sha1.h"
+#ifdef EAP_GPSK_SHA256
#include "sha256.h"
+#endif /* EAP_GPSK_SHA256 */
#include "eap_gpsk_common.h"
@@ -43,31 +44,29 @@
}
-static int eap_gpsk_gkdf(const u8 *psk /* Y */, size_t psk_len,
- const u8 *data /* Z */, size_t data_len,
- u8 *buf, size_t len /* X */)
+static int eap_gpsk_gkdf_cmac(const u8 *psk /* Y */,
+ const u8 *data /* Z */, size_t data_len,
+ u8 *buf, size_t len /* X */)
{
u8 *opos;
size_t i, n, hashlen, left, clen;
- u8 ibuf[2], hash[SHA1_MAC_LEN];
- const u8 *addr[3];
- size_t vlen[3];
+ u8 ibuf[2], hash[16];
+ const u8 *addr[2];
+ size_t vlen[2];
- hashlen = SHA1_MAC_LEN;
- /* M_i = Hash-Function (i || Y || Z); */
+ hashlen = sizeof(hash);
+ /* M_i = MAC_Y (i || Z); (MAC = AES-CMAC-128) */
addr[0] = ibuf;
vlen[0] = sizeof(ibuf);
- addr[1] = psk;
- vlen[1] = psk_len;
- addr[2] = data;
- vlen[2] = data_len;
+ addr[1] = data;
+ vlen[1] = data_len;
opos = buf;
left = len;
n = (len + hashlen - 1) / hashlen;
for (i = 1; i <= n; i++) {
WPA_PUT_BE16(ibuf, i);
- sha1_vector(3, addr, vlen, hash);
+ omac1_aes_128_vector(psk, 2, addr, vlen, hash);
clen = left > hashlen ? hashlen : left;
os_memcpy(opos, hash, clen);
opos += clen;
@@ -78,112 +77,30 @@
}
-static int eap_gpsk_derive_keys_aes(const u8 *psk, size_t psk_len,
- const u8 *seed, size_t seed_len,
- u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
- u8 *pk, size_t *pk_len)
-{
-#define EAP_GPSK_SK_LEN_AES 16
-#define EAP_GPSK_PK_LEN_AES 16
- u8 zero_string[1], mk[32], *pos, *data;
- u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_AES +
- EAP_GPSK_PK_LEN_AES];
- size_t data_len;
-
- /*
- * inputString = RAND_Client || ID_Client || RAND_Server || ID_Server
- * (= seed)
- * KS = 16, PL = psk_len, CSuite_Sel = 0x000000 0x000001
- * MK = GKDF-32 (0x00, PL || PSK || CSuite_Sel || inputString)
- * MSK = GKDF-160 (MK, inputString)[0..63]
- * EMSK = GKDF-160 (MK, inputString)[64..127]
- * SK = GKDF-160 (MK, inputString)[128..143]
- * PK = GKDF-160 (MK, inputString)[144..159]
- * MID = GKDF-16(0x00, "Method ID" || EAP_Method_Type || CSuite_Sel ||
- * inputString)
- * Hash-Function = SHA-1 (see [RFC3174])
- * hashlen = 20 octets (160 bits)
- */
-
- os_memset(zero_string, 0, sizeof(zero_string));
-
- data_len = 2 + psk_len + 6 + seed_len;
- data = os_malloc(data_len);
- if (data == NULL)
- return -1;
- pos = data;
- WPA_PUT_BE16(pos, psk_len);
- pos += 2;
- os_memcpy(pos, psk, psk_len);
- pos += psk_len;
- WPA_PUT_BE24(pos, 0); /* CSuite/Vendor = IETF */
- pos += 3;
- WPA_PUT_BE24(pos, EAP_GPSK_CIPHER_AES); /* CSuite/Specifier */
- pos += 3;
- os_memcpy(pos, seed, seed_len); /* inputString */
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation (AES)",
- data, data_len);
-
- if (eap_gpsk_gkdf(zero_string, sizeof(zero_string), data, data_len,
- mk, sizeof(mk)) < 0) {
- os_free(data);
- return -1;
- }
- os_free(data);
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, sizeof(mk));
-
- if (eap_gpsk_gkdf(mk, sizeof(mk), seed, seed_len,
- kdf_out, sizeof(kdf_out)) < 0)
- return -1;
-
- pos = kdf_out;
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MSK", pos, EAP_MSK_LEN);
- os_memcpy(msk, pos, EAP_MSK_LEN);
- pos += EAP_MSK_LEN;
-
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: EMSK", pos, EAP_EMSK_LEN);
- os_memcpy(emsk, pos, EAP_EMSK_LEN);
- pos += EAP_EMSK_LEN;
-
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK", pos, EAP_GPSK_SK_LEN_AES);
- os_memcpy(sk, pos, EAP_GPSK_SK_LEN_AES);
- *sk_len = EAP_GPSK_SK_LEN_AES;
- pos += EAP_GPSK_SK_LEN_AES;
-
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PK", pos, EAP_GPSK_PK_LEN_AES);
- os_memcpy(pk, pos, EAP_GPSK_PK_LEN_AES);
- *pk_len = EAP_GPSK_PK_LEN_AES;
-
- return 0;
-}
-
-
#ifdef EAP_GPSK_SHA256
-static int eap_gpsk_gkdf_sha256(const u8 *psk /* Y */, size_t psk_len,
+static int eap_gpsk_gkdf_sha256(const u8 *psk /* Y */,
const u8 *data /* Z */, size_t data_len,
u8 *buf, size_t len /* X */)
{
u8 *opos;
size_t i, n, hashlen, left, clen;
u8 ibuf[2], hash[SHA256_MAC_LEN];
- const u8 *addr[3];
- size_t vlen[3];
+ const u8 *addr[2];
+ size_t vlen[2];
hashlen = SHA256_MAC_LEN;
- /* M_i = Hash-Function (i || Y || Z); */
+ /* M_i = MAC_Y (i || Z); (MAC = HMAC-SHA256) */
addr[0] = ibuf;
vlen[0] = sizeof(ibuf);
- addr[1] = psk;
- vlen[1] = psk_len;
- addr[2] = data;
- vlen[2] = data_len;
+ addr[1] = data;
+ vlen[1] = data_len;
opos = buf;
left = len;
n = (len + hashlen - 1) / hashlen;
for (i = 1; i <= n; i++) {
WPA_PUT_BE16(ibuf, i);
- sha256_vector(3, addr, vlen, hash);
+ hmac_sha256_vector(psk, 32, 2, addr, vlen, hash);
clen = left > hashlen ? hashlen : left;
os_memcpy(opos, hash, clen);
opos += clen;
@@ -192,37 +109,40 @@
return 0;
}
+#endif /* EAP_GPSK_SHA256 */
-static int eap_gpsk_derive_keys_sha256(const u8 *psk, size_t psk_len,
+static int eap_gpsk_derive_keys_helper(u32 csuite_specifier,
+ u8 *kdf_out, size_t kdf_out_len,
+ const u8 *psk, size_t psk_len,
const u8 *seed, size_t seed_len,
u8 *msk, u8 *emsk,
- u8 *sk, size_t *sk_len,
- u8 *pk, size_t *pk_len)
+ u8 *sk, size_t sk_len,
+ u8 *pk, size_t pk_len)
{
-#define EAP_GPSK_SK_LEN_SHA256 SHA256_MAC_LEN
-#define EAP_GPSK_PK_LEN_SHA256 SHA256_MAC_LEN
- u8 mk[SHA256_MAC_LEN], zero_string[1], *pos, *data;
- u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_SHA256 +
- EAP_GPSK_PK_LEN_SHA256];
- size_t data_len;
+ u8 mk[32], *pos, *data;
+ size_t data_len, mk_len;
+ int (*gkdf)(const u8 *psk, const u8 *data, size_t data_len,
+ u8 *buf, size_t len);
- /*
- * inputString = RAND_Client || ID_Client || RAND_Server || ID_Server
- * (= seed)
- * KS = 32, PL = psk_len, CSuite_Sel = 0x000000 0x000002
- * MK = GKDF-32 (0x00, PL || PSK || CSuite_Sel || inputString)
- * MSK = GKDF-192 (MK, inputString)[0..63]
- * EMSK = GKDF-192 (MK, inputString)[64..127]
- * SK = GKDF-192 (MK, inputString)[128..159]
- * PK = GKDF-192 (MK, inputString)[160..191]
- * MID = GKDF-16(0x00, "Method ID" || EAP_Method_Type || CSuite_Sel ||
- * inputString)
- * Hash-Function = SHA256 (see [RFC4634])
- * hashlen = 32 octets (256 bits)
- */
+ gkdf = NULL;
+ switch (csuite_specifier) {
+ case EAP_GPSK_CIPHER_AES:
+ gkdf = eap_gpsk_gkdf_cmac;
+ mk_len = 16;
+ break;
+#ifdef EAP_GPSK_SHA256
+ case EAP_GPSK_CIPHER_SHA256:
+ gkdf = eap_gpsk_gkdf_sha256;
+ mk_len = SHA256_MAC_LEN;
+ break;
+#endif /* EAP_GPSK_SHA256 */
+ default:
+ return -1;
+ }
- os_memset(zero_string, 0, sizeof(zero_string));
+ if (psk_len < mk_len)
+ return -1;
data_len = 2 + psk_len + 6 + seed_len;
data = os_malloc(data_len);
@@ -233,24 +153,22 @@
pos += 2;
os_memcpy(pos, psk, psk_len);
pos += psk_len;
- WPA_PUT_BE24(pos, 0); /* CSuite/Vendor = IETF */
- pos += 3;
- WPA_PUT_BE24(pos, EAP_GPSK_CIPHER_SHA256); /* CSuite/Specifier */
- pos += 3;
+ WPA_PUT_BE32(pos, EAP_GPSK_VENDOR_IETF); /* CSuite/Vendor = IETF */
+ pos += 4;
+ WPA_PUT_BE16(pos, csuite_specifier); /* CSuite/Specifier */
+ pos += 2;
os_memcpy(pos, seed, seed_len); /* inputString */
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation (SHA256)",
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation",
data, data_len);
- if (eap_gpsk_gkdf_sha256(zero_string, sizeof(zero_string),
- data, data_len, mk, sizeof(mk)) < 0) {
+ if (gkdf(psk, data, data_len, mk, mk_len) < 0) {
os_free(data);
return -1;
}
os_free(data);
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, sizeof(mk));
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, mk_len);
- if (eap_gpsk_gkdf_sha256(mk, sizeof(mk), seed, seed_len,
- kdf_out, sizeof(kdf_out)) < 0)
+ if (gkdf(mk, seed, seed_len, kdf_out, kdf_out_len) < 0)
return -1;
pos = kdf_out;
@@ -262,46 +180,113 @@
os_memcpy(emsk, pos, EAP_EMSK_LEN);
pos += EAP_EMSK_LEN;
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK",
- pos, EAP_GPSK_SK_LEN_SHA256);
- os_memcpy(sk, pos, EAP_GPSK_SK_LEN_SHA256);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK", pos, sk_len);
+ os_memcpy(sk, pos, sk_len);
+ pos += sk_len;
+
+ if (pk) {
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PK", pos, pk_len);
+ os_memcpy(pk, pos, pk_len);
+ }
+
+ return 0;
+}
+
+
+static int eap_gpsk_derive_keys_aes(const u8 *psk, size_t psk_len,
+ const u8 *seed, size_t seed_len,
+ u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
+ u8 *pk, size_t *pk_len)
+{
+#define EAP_GPSK_SK_LEN_AES 16
+#define EAP_GPSK_PK_LEN_AES 16
+ u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_AES +
+ EAP_GPSK_PK_LEN_AES];
+
+ /*
+ * inputString = RAND_Peer || ID_Peer || RAND_Server || ID_Server
+ * (= seed)
+ * KS = 16, PL = psk_len, CSuite_Sel = 0x00000000 0x0001
+ * MK = GKDF-16 (PSK[0..15], PL || PSK || CSuite_Sel || inputString)
+ * MSK = GKDF-160 (MK, inputString)[0..63]
+ * EMSK = GKDF-160 (MK, inputString)[64..127]
+ * SK = GKDF-160 (MK, inputString)[128..143]
+ * PK = GKDF-160 (MK, inputString)[144..159]
+ * zero = 0x00 || 0x00 || ... || 0x00 (16 times)
+ * Method-ID = GKDF-16 (zero, "Method ID" || EAP_Method_Type ||
+ * CSuite_Sel || inputString)
+ */
+
*sk_len = EAP_GPSK_SK_LEN_AES;
- pos += EAP_GPSK_SK_LEN_AES;
+ *pk_len = EAP_GPSK_PK_LEN_AES;
+
+ return eap_gpsk_derive_keys_helper(EAP_GPSK_CIPHER_AES,
+ kdf_out, sizeof(kdf_out),
+ psk, psk_len, seed, seed_len,
+ msk, emsk, sk, *sk_len,
+ pk, *pk_len);
+}
+
+
+#ifdef EAP_GPSK_SHA256
+static int eap_gpsk_derive_keys_sha256(const u8 *psk, size_t psk_len,
+ const u8 *seed, size_t seed_len,
+ u8 *msk, u8 *emsk,
+ u8 *sk, size_t *sk_len)
+{
+#define EAP_GPSK_SK_LEN_SHA256 SHA256_MAC_LEN
+#define EAP_GPSK_PK_LEN_SHA256 SHA256_MAC_LEN
+ u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_SHA256 +
+ EAP_GPSK_PK_LEN_SHA256];
+
+ /*
+ * inputString = RAND_Peer || ID_Peer || RAND_Server || ID_Server
+ * (= seed)
+ * KS = 32, PL = psk_len, CSuite_Sel = 0x00000000 0x0002
+ * MK = GKDF-32 (PSK[0..31], PL || PSK || CSuite_Sel || inputString)
+ * MSK = GKDF-160 (MK, inputString)[0..63]
+ * EMSK = GKDF-160 (MK, inputString)[64..127]
+ * SK = GKDF-160 (MK, inputString)[128..159]
+ * zero = 0x00 || 0x00 || ... || 0x00 (32 times)
+ * Method-ID = GKDF-16 (zero, "Method ID" || EAP_Method_Type ||
+ * CSuite_Sel || inputString)
+ */
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PK",
- pos, EAP_GPSK_PK_LEN_SHA256);
- os_memcpy(pk, pos, EAP_GPSK_PK_LEN_SHA256);
- *pk_len = EAP_GPSK_PK_LEN_SHA256;
+ *sk_len = EAP_GPSK_SK_LEN_SHA256;
- return 0;
+ return eap_gpsk_derive_keys_helper(EAP_GPSK_CIPHER_SHA256,
+ kdf_out, sizeof(kdf_out),
+ psk, psk_len, seed, seed_len,
+ msk, emsk, sk, *sk_len,
+ NULL, 0);
}
#endif /* EAP_GPSK_SHA256 */
/**
* eap_gpsk_derive_keys - Derive EAP-GPSK keys
- * @psk: Pre-shared key (at least 16 bytes if AES is used)
+ * @psk: Pre-shared key
* @psk_len: Length of psk in bytes
* @vendor: CSuite/Vendor
* @specifier: CSuite/Specifier
- * @rand_client: 32-byte RAND_Client
+ * @rand_peer: 32-byte RAND_Peer
* @rand_server: 32-byte RAND_Server
- * @id_client: ID_Client
- * @id_client_len: Length of ID_Client
+ * @id_peer: ID_Peer
+ * @id_peer_len: Length of ID_Peer
* @id_server: ID_Server
* @id_server_len: Length of ID_Server
* @msk: Buffer for 64-byte MSK
* @emsk: Buffer for 64-byte EMSK
* @sk: Buffer for SK (at least EAP_GPSK_MAX_SK_LEN bytes)
* @sk_len: Buffer for returning length of SK
- * @pk: Buffer for SK (at least EAP_GPSK_MAX_PK_LEN bytes)
+ * @pk: Buffer for PK (at least EAP_GPSK_MAX_PK_LEN bytes)
* @pk_len: Buffer for returning length of PK
* Returns: 0 on success, -1 on failure
*/
int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor,
int specifier,
- const u8 *rand_client, const u8 *rand_server,
- const u8 *id_client, size_t id_client_len,
+ const u8 *rand_peer, const u8 *rand_server,
+ const u8 *id_peer, size_t id_peer_len,
const u8 *id_server, size_t id_server_len,
u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
u8 *pk, size_t *pk_len)
@@ -318,8 +303,8 @@
wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PSK", psk, psk_len);
- /* Seed = RAND_Client || ID_Client || RAND_Server || ID_Server */
- seed_len = 2 * EAP_GPSK_RAND_LEN + id_server_len + id_client_len;
+ /* Seed = RAND_Peer || ID_Peer || RAND_Server || ID_Server */
+ seed_len = 2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len;
seed = os_malloc(seed_len);
if (seed == NULL) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to allocate memory "
@@ -328,10 +313,10 @@
}
pos = seed;
- os_memcpy(pos, rand_client, EAP_GPSK_RAND_LEN);
+ os_memcpy(pos, rand_peer, EAP_GPSK_RAND_LEN);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list