diff options
| author | Dmitry Shmidt <dimitrysh@google.com> | 2014-05-12 09:46:02 -0700 |
|---|---|---|
| committer | Dmitry Shmidt <dimitrysh@google.com> | 2014-05-12 09:46:02 -0700 |
| commit | 5a1480c7c46c4236d93bfd303dde32062bee04ac (patch) | |
| tree | d4a12c83482c624a61490c5d98c3699a2acdc62b /src/eap_server | |
| parent | 15f1742631bd80013697505636721d34482d4d6b (diff) | |
| download | android_external_wpa_supplicant_8-5a1480c7c46c4236d93bfd303dde32062bee04ac.tar.gz android_external_wpa_supplicant_8-5a1480c7c46c4236d93bfd303dde32062bee04ac.tar.bz2 android_external_wpa_supplicant_8-5a1480c7c46c4236d93bfd303dde32062bee04ac.zip | |
Cumulative patch from commit f4626235de4b6d19c7399a2522241f7c43e0caf6
f462623 EAP-pwd server: Allow fragment_size to be configured
c876dcd EAP-IKEv2: Allow frag ack without integrity checksum
0f73c64 EAP-pwd: Fix processing of group setup failure
13e2574 EAP-pwd peer: Export Session-Id through getSessionId callback
cfdb32e eapol_test: Check EAP-Key-Name
251c53e RADIUS: Define EAP-Key-Name
04cad50 EAP-SIM peer: Fix counter-too-small message building
270c9a4 Interworking: Allow FT to be used for connection
81ed499 Remove duplicated ibss_rsn_deinit() call
144f104 X.509: Fix v3 parsing with issuerUniqueID/subjectUniqueID present
0f1034e P2P: Refrain from performing extended listen during P2P connection
8d0dd4e Add macsec_qca driver wrapper
dd10abc MACsec: wpa_supplicant integration
887d9d0 MACsec: Add PAE implementation
7baec80 MACsec: Add driver_ops
4e9528c MACsec: Add common IEEE 802.1X definitions
3bcfab8 MACsec: Add define for EAPOL type MKA
0836c04 MACsec: Allow EAPOL version 3 to be configured
49be483 Add function to fetch EAP Session-Id from EAPOL supplicant
ea40a57 nl80211: Use max associated STAs information in AP mode
Change-Id: I0e37a10ca58d0dc1be95a0088d6a4c37b2505ad4
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Diffstat (limited to 'src/eap_server')
| -rw-r--r-- | src/eap_server/eap_server_ikev2.c | 9 | ||||
| -rw-r--r-- | src/eap_server/eap_server_pwd.c | 10 |
2 files changed, 13 insertions, 6 deletions
diff --git a/src/eap_server/eap_server_ikev2.c b/src/eap_server/eap_server_ikev2.c index 1ada0c8a..3e32cc90 100644 --- a/src/eap_server/eap_server_ikev2.c +++ b/src/eap_server/eap_server_ikev2.c @@ -256,7 +256,8 @@ static Boolean eap_ikev2_check(struct eap_sm *sm, void *priv, static int eap_ikev2_process_icv(struct eap_ikev2_data *data, const struct wpabuf *respData, - u8 flags, const u8 *pos, const u8 **end) + u8 flags, const u8 *pos, const u8 **end, + int frag_ack) { if (flags & IKEV2_FLAGS_ICV_INCLUDED) { int icv_len = eap_ikev2_validate_icv( @@ -266,7 +267,7 @@ static int eap_ikev2_process_icv(struct eap_ikev2_data *data, return -1; /* Hide Integrity Checksum Data from further processing */ *end -= icv_len; - } else if (data->keys_ready) { + } else if (data->keys_ready && !frag_ack) { wpa_printf(MSG_INFO, "EAP-IKEV2: The message should have " "included integrity checksum"); return -1; @@ -365,7 +366,9 @@ static void eap_ikev2_process(struct eap_sm *sm, void *priv, } else flags = *pos++; - if (eap_ikev2_process_icv(data, respData, flags, pos, &end) < 0) { + if (eap_ikev2_process_icv(data, respData, flags, pos, &end, + data->state == WAIT_FRAG_ACK && len == 0) < 0) + { eap_ikev2_state(data, FAIL); return; } diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c index 3467dd16..ec53481f 100644 --- a/src/eap_server/eap_server_pwd.c +++ b/src/eap_server/eap_server_pwd.c @@ -45,6 +45,7 @@ struct eap_pwd_data { u8 msk[EAP_MSK_LEN]; u8 emsk[EAP_EMSK_LEN]; + u8 session_id[1 + SHA256_MAC_LEN]; BN_CTX *bnctx; }; @@ -123,7 +124,8 @@ static void * eap_pwd_init(struct eap_sm *sm) data->in_frag_pos = data->out_frag_pos = 0; data->inbuf = data->outbuf = NULL; - data->mtu = 1020; /* default from RFC 5931, make it configurable! */ + /* use default MTU from RFC 5931 if not configured otherwise */ + data->mtu = sm->fragment_size > 0 ? sm->fragment_size : 1020; return data; } @@ -598,7 +600,8 @@ static void eap_pwd_process_id_resp(struct eap_sm *sm, wpa_hexdump_ascii(MSG_DEBUG, "EAP-PWD (server): peer sent id of", data->id_peer, data->id_peer_len); - if ((data->grp = os_malloc(sizeof(EAP_PWD_group))) == NULL) { + data->grp = os_zalloc(sizeof(EAP_PWD_group)); + if (data->grp == NULL) { wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for " "group"); return; @@ -841,7 +844,8 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data, wpa_printf(MSG_DEBUG, "EAP-pwd (server): confirm verified"); if (compute_keys(data->grp, data->bnctx, data->k, data->peer_scalar, data->my_scalar, conf, - data->my_confirm, &cs, data->msk, data->emsk) < 0) + data->my_confirm, &cs, data->msk, data->emsk, + data->session_id) < 0) eap_pwd_state(data, FAILURE); else eap_pwd_state(data, SUCCESS); |