diff options
-rw-r--r-- | hostapd/ChangeLog | 1 | ||||
-rw-r--r-- | src/eap_peer/eap_peap.c | 9 | ||||
-rw-r--r-- | src/eap_server/eap_peap.c | 9 | ||||
-rw-r--r-- | wpa_supplicant/ChangeLog | 1 |
4 files changed, 16 insertions, 4 deletions
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog index 84a3ce5..0c31086 100644 --- a/hostapd/ChangeLog +++ b/hostapd/ChangeLog @@ -8,6 +8,7 @@ ChangeLog for hostapd (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST changes needed to run two methods in sequence (IF-T) and the IF-IMV and IF-TNCCS interfaces from TNCS) + * added support for optional cryptobinding with PEAPv0 2008-02-22 - v0.6.3 * fixed Reassociation Response callback processing when using internal diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c index 2c6932e..47a6c35 100644 --- a/src/eap_peer/eap_peap.c +++ b/src/eap_peer/eap_peap.c @@ -117,7 +117,7 @@ static void * eap_peap_init(struct eap_sm *sm) data->peap_version = EAP_PEAP_VERSION; data->force_peap_version = -1; data->peap_outer_success = 2; - data->crypto_binding = NO_BINDING; + data->crypto_binding = OPTIONAL_BINDING; if (config && config->phase1 && eap_peap_parse_phase1(data, config->phase1) < 0) { @@ -1249,9 +1249,14 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->crypto_binding_used) { u8 csk[128]; + /* + * Note: It looks like Microsoft implementation requires null + * termination for this label while the one used for deriving + * IPMK|CMK did not use null termination. + */ peap_prfplus(data->peap_version, data->ipmk, 40, "Session Key Generating Function", - (u8 *) "", 0, csk, sizeof(csk)); + (u8 *) "\00", 1, csk, sizeof(csk)); wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk)); os_memcpy(key, csk, EAP_TLS_KEY_LEN); wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key", diff --git a/src/eap_server/eap_peap.c b/src/eap_server/eap_peap.c index d38a115..081ca34 100644 --- a/src/eap_server/eap_peap.c +++ b/src/eap_server/eap_peap.c @@ -177,7 +177,7 @@ static void * eap_peap_init(struct eap_sm *sm) data->peap_version = data->force_version; } data->state = START; - data->crypto_binding = NO_BINDING; + data->crypto_binding = OPTIONAL_BINDING; if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) { wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL."); @@ -1271,9 +1271,14 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len) if (data->crypto_binding_used) { u8 csk[128]; + /* + * Note: It looks like Microsoft implementation requires null + * termination for this label while the one used for deriving + * IPMK|CMK did not use null termination. + */ peap_prfplus(data->peap_version, data->ipmk, 40, "Session Key Generating Function", - (u8 *) "", 0, csk, sizeof(csk)); + (u8 *) "\00", 1, csk, sizeof(csk)); wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk)); eapKeyData = os_malloc(EAP_TLS_KEY_LEN); if (eapKeyData) { diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog index 7def00c..852a087 100644 --- a/wpa_supplicant/ChangeLog +++ b/wpa_supplicant/ChangeLog @@ -4,6 +4,7 @@ ChangeLog for wpa_supplicant * added support for EAP Sequences in EAP-FAST Phase 2 * added support for using TNC with EAP-FAST * added driver_ps3 for the PS3 Linux wireless driver + * added support for optional cryptobinding with PEAPv0 2008-02-22 - v0.6.3 * removed 'nai' and 'eappsk' network configuration variables that were |