projects / libeap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a78d3db)
PEAPv0: Added support for IPMK/CMK derivation in session resumption case
authorJouni Malinen <j@w1.fi>
Wed, 26 Nov 2008 11:27:40 +0000 (13:27 +0200)
committerJouni Malinen <j@w1.fi>
Wed, 26 Nov 2008 11:27:40 +0000 (13:27 +0200)
src/eap_peer/eap_peap.c patch | blob | history

diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index a350448..392b36a 100644 (file)
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -60,6 +60,7 @@ struct eap_peap_data {
                                 * EAP-Success and expect AS to send outer
                                 * (unencrypted) EAP-Success after this */
        int resuming; /* starting a resumed session */
+       int reauth; /* reauthentication */
        u8 *key_data;
 
        struct wpabuf *pending_phase2_req;
@@ -269,6 +270,18 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
                return -1;
        wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
 
+       if (data->reauth &&
+           tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
+               /* Fast-connect: IPMK|CMK = TK */
+               os_memcpy(data->ipmk, tk, 40);
+               wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK from TK",
+                               data->ipmk, 40);
+               os_memcpy(data->cmk, tk + 40, 20);
+               wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK from TK",
+                               data->cmk, 20);
+               return 0;
+       }
+
        if (eap_peap_get_isk(sm, data, isk, sizeof(isk)) < 0)
                return -1;
        wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: ISK", isk, sizeof(isk));
@@ -286,7 +299,6 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
        wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)",
                        imck, sizeof(imck));
 
-       /* TODO: fast-connect: IPMK|CMK = TK */
        os_memcpy(data->ipmk, imck, 40);
        wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40);
        os_memcpy(data->cmk, imck + 40, 20);
@@ -1191,6 +1203,7 @@ static void * eap_peap_init_for_reauth(struct eap_sm *sm, void *priv)
        data->phase2_eap_success = 0;
        data->phase2_eap_started = 0;
        data->resuming = 1;
+       data->reauth = 1;
        sm->peap_done = FALSE;
        return priv;
 }
EAP library