EAP-pwd server: Use os_get_random() for unpredictable token

Do not use os_random() that uses a low quality PRNG to generate the
anti-clogging token. The construction can be improved upon by replacing
it with a call to os_get_random(), which uses a high quality PRNG. While
the RFC 5931 explictly recommends not to do this ("SHOULD NOT be from a
source of random entropy"), it does still mandate unpredicability ("MUST
be unpredictable"). The anti-clogging token is most unpredictable when
it is taken from a high quality PRNG.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>

diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 36ac555..64bf708 100644 (file)
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -178,8 +178,13 @@ static void eap_pwd_build_id_req(struct eap_sm *sm, struct eap_pwd_data *data,
                return;
        }
 
-       /* an lfsr is good enough to generate unpredictable tokens */
-       data->token = os_random();
+       if (os_get_random((u8 *) &data->token, sizeof(data->token)) < 0) {
+               wpabuf_free(data->outbuf);
+               data->outbuf = NULL;
+               eap_pwd_state(data, FAILURE);
+               return;
+       }
+
        wpabuf_put_be16(data->outbuf, data->group_num);
        wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);
        wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);