Merged the hostap_2.6 updates, and the Leap of Faith work, from the hostap_update...

[mech_eap.git] / libeap / src / eap_common / eap_pax_common.c

diff --git a/libeap/src/eap_common/eap_pax_common.c b/libeap/src/eap_common/eap_pax_common.c
index 32dc80c..a11bce8 100644 (file)
--- a/libeap/src/eap_common/eap_pax_common.c
+++ b/libeap/src/eap_common/eap_pax_common.c
@@ -2,14 +2,8 @@
  * EAP server/peer: EAP-PAX shared routines
  * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
  */
 
 #include "includes.h"
@@ -63,7 +57,8 @@ int eap_pax_kdf(u8 mac_id, const u8 *key, size_t key_len,
        left = output_len;
        for (counter = 1; counter <= (u8) num_blocks; counter++) {
                size_t clen = left > EAP_PAX_MAC_LEN ? EAP_PAX_MAC_LEN : left;
-               hmac_sha1_vector(key, key_len, 3, addr, len, mac);
+               if (hmac_sha1_vector(key, key_len, 3, addr, len, mac) < 0)
+                       return -1;
                os_memcpy(pos, mac, clen);
                pos += clen;
                left -= clen;
@@ -112,7 +107,8 @@ int eap_pax_mac(u8 mac_id, const u8 *key, size_t key_len,
        len[2] = data3_len;
 
        count = (data1 ? 1 : 0) + (data2 ? 1 : 0) + (data3 ? 1 : 0);
-       hmac_sha1_vector(key, key_len, count, addr, len, hash);
+       if (hmac_sha1_vector(key, key_len, count, addr, len, hash) < 0)
+               return -1;
        os_memcpy(mac, hash, EAP_PAX_MAC_LEN);
 
        return 0;
@@ -127,10 +123,11 @@ int eap_pax_mac(u8 mac_id, const u8 *key, size_t key_len,
  * @mk: Buffer for the derived Master Key
  * @ck: Buffer for the derived Confirmation Key
  * @ick: Buffer for the derived Integrity Check Key
+ * @mid: Buffer for the derived Method ID
  * Returns: 0 on success, -1 on failure
  */
 int eap_pax_initial_key_derivation(u8 mac_id, const u8 *ak, const u8 *e,
-                                  u8 *mk, u8 *ck, u8 *ick)
+                                  u8 *mk, u8 *ck, u8 *ick, u8 *mid)
 {
        wpa_printf(MSG_DEBUG, "EAP-PAX: initial key derivation");
        if (eap_pax_kdf(mac_id, ak, EAP_PAX_AK_LEN, "Master Key",
@@ -138,13 +135,16 @@ int eap_pax_initial_key_derivation(u8 mac_id, const u8 *ak, const u8 *e,
            eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Confirmation Key",
                        e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_CK_LEN, ck) ||
            eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Integrity Check Key",
-                       e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_ICK_LEN, ick))
+                       e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_ICK_LEN, ick) ||
+           eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Method ID",
+                       e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_MID_LEN, mid))
                return -1;
 
        wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: AK", ak, EAP_PAX_AK_LEN);
        wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: MK", mk, EAP_PAX_MK_LEN);
        wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: CK", ck, EAP_PAX_CK_LEN);
        wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: ICK", ick, EAP_PAX_ICK_LEN);
+       wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: MID", mid, EAP_PAX_MID_LEN);
 
        return 0;
 }