projects / thirdparty / hostap.git / blame
| Commit | Line | Data |
|---|---|---|
| 6fc6879b JM |
1 | /* |
| 2 | * EAP peer method: EAP-SAKE (RFC 4763) | |
| 3 | * Copyright (c) 2006-2008, Jouni Malinen <j@w1.fi> | |
| 4 | * | |
| 0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
| 6 | * See README for more details. | |
| 6fc6879b JM |
7 | */ |
| 8 | ||
| 9 | #include "includes.h" | |
| 10 | ||
| 11 | #include "common.h" | |
| 3642c431 | 12 | #include "crypto/random.h" |
| 6fc6879b JM |
13 | #include "eap_peer/eap_i.h" |
| 14 | #include "eap_common/eap_sake_common.h" | |
| 15 | ||
| 16 | struct eap_sake_data { | |
| 17 | enum { IDENTITY, CHALLENGE, CONFIRM, SUCCESS, FAILURE } state; | |
| 18 | u8 root_secret_a[EAP_SAKE_ROOT_SECRET_LEN]; | |
| 19 | u8 root_secret_b[EAP_SAKE_ROOT_SECRET_LEN]; | |
| 20 | u8 rand_s[EAP_SAKE_RAND_LEN]; | |
| 21 | u8 rand_p[EAP_SAKE_RAND_LEN]; | |
| 22 | struct { | |
| 23 | u8 auth[EAP_SAKE_TEK_AUTH_LEN]; | |
| 24 | u8 cipher[EAP_SAKE_TEK_CIPHER_LEN]; | |
| 25 | } tek; | |
| 26 | u8 msk[EAP_MSK_LEN]; | |
| 27 | u8 emsk[EAP_EMSK_LEN]; | |
| 28 | u8 session_id; | |
| 29 | int session_id_set; | |
| 30 | u8 *peerid; | |
| 31 | size_t peerid_len; | |
| 32 | u8 *serverid; | |
| 33 | size_t serverid_len; | |
| 34 | }; | |
| 35 | ||
| 36 | ||
| 37 | static const char * eap_sake_state_txt(int state) | |
| 38 | { | |
| 39 | switch (state) { | |
| 40 | case IDENTITY: | |
| 41 | return "IDENTITY"; | |
| 42 | case CHALLENGE: | |
| 43 | return "CHALLENGE"; | |
| 44 | case CONFIRM: | |
| 45 | return "CONFIRM"; | |
| 46 | case SUCCESS: | |
| 47 | return "SUCCESS"; | |
| 48 | case FAILURE: | |
| 49 | return "FAILURE"; | |
| 50 | default: | |
| 51 | return "?"; | |
| 52 | } | |
| 53 | } | |
| 54 | ||
| 55 | ||
| 56 | static void eap_sake_state(struct eap_sake_data *data, int state) | |
| 57 | { | |
| 58 | wpa_printf(MSG_DEBUG, "EAP-SAKE: %s -> %s", | |
| 59 | eap_sake_state_txt(data->state), | |
| 60 | eap_sake_state_txt(state)); | |
| 61 | data->state = state; | |
| 62 | } | |
| 63 | ||
| 64 | ||
| 65 | static void eap_sake_deinit(struct eap_sm *sm, void *priv); | |
| 66 | ||
| 67 | ||
| 68 | static void * eap_sake_init(struct eap_sm *sm) | |
| 69 | { | |
| 70 | struct eap_sake_data *data; | |
| 71 | const u8 *identity, *password; | |
| 72 | size_t identity_len, password_len; | |
| 73 | ||
| 74 | password = eap_get_config_password(sm, &password_len); | |
| 75 | if (!password || password_len != 2 * EAP_SAKE_ROOT_SECRET_LEN) { | |
| 76 | wpa_printf(MSG_INFO, "EAP-SAKE: No key of correct length " | |
| 77 | "configured"); | |
| 78 | return NULL; | |
| 79 | } | |
| 80 | ||
| 81 | data = os_zalloc(sizeof(*data)); | |
| 82 | if (data == NULL) | |
| 83 | return NULL; | |
| 84 | data->state = IDENTITY; | |
| 85 | ||
| 86 | identity = eap_get_config_identity(sm, &identity_len); | |
| 87 | if (identity) { | |
| 88 | data->peerid = os_malloc(identity_len); | |
| 89 | if (data->peerid == NULL) { | |
| 90 | eap_sake_deinit(sm, data); | |
| 91 | return NULL; | |
| 92 | } | |
| 93 | os_memcpy(data->peerid, identity, identity_len); | |
| 94 | data->peerid_len = identity_len; | |
| 95 | } | |
| 96 | ||
| 97 | os_memcpy(data->root_secret_a, password, EAP_SAKE_ROOT_SECRET_LEN); | |
| 98 | os_memcpy(data->root_secret_b, | |
| 99 | password + EAP_SAKE_ROOT_SECRET_LEN, | |
| 100 | EAP_SAKE_ROOT_SECRET_LEN); | |
| 101 | ||
| 102 | return data; | |
| 103 | } | |
| 104 | ||
| 105 | ||
| 106 | static void eap_sake_deinit(struct eap_sm *sm, void *priv) | |
| 107 | { | |
| 108 | struct eap_sake_data *data = priv; | |
| 109 | os_free(data->serverid); | |
| 110 | os_free(data->peerid); | |
| 111 | os_free(data); | |
| 112 | } | |
| 113 | ||
| 114 | ||
| 115 | static struct wpabuf * eap_sake_build_msg(struct eap_sake_data *data, | |
| 116 | int id, size_t length, u8 subtype) | |
| 117 | { | |
| 118 | struct eap_sake_hdr *sake; | |
| 119 | struct wpabuf *msg; | |
| 120 | size_t plen; | |
| 121 | ||
| 122 | plen = length + sizeof(struct eap_sake_hdr); | |
| 123 | ||
| 124 | msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_SAKE, plen, | |
| 125 | EAP_CODE_RESPONSE, id); | |
| 126 | if (msg == NULL) { | |
| 127 | wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to allocate memory " | |
| 128 | "request"); | |
| 129 | return NULL; | |
| 130 | } | |
| 131 | ||
| 132 | sake = wpabuf_put(msg, sizeof(*sake)); | |
| 133 | sake->version = EAP_SAKE_VERSION; | |
| 134 | sake->session_id = data->session_id; | |
| 135 | sake->subtype = subtype; | |
| 136 | ||
| 137 | return msg; | |
| 138 | } | |
| 139 | ||
| 140 | ||
| 141 | static struct wpabuf * eap_sake_process_identity(struct eap_sm *sm, | |
| 142 | struct eap_sake_data *data, | |
| 143 | struct eap_method_ret *ret, | |
| 144 | const struct wpabuf *reqData, | |
| 145 | const u8 *payload, | |
| 146 | size_t payload_len) | |
| 147 | { | |
| 148 | struct eap_sake_parse_attr attr; | |
| 149 | struct wpabuf *resp; | |
| 150 | ||
| 151 | if (data->state != IDENTITY) { | |
| 152 | ret->ignore = TRUE; | |
| 153 | return NULL; | |
| 154 | } | |
| 155 | ||
| 156 | wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Identity"); | |
| 157 | ||
| 158 | if (eap_sake_parse_attributes(payload, payload_len, &attr)) | |
| 159 | return NULL; | |
| 160 | ||
| 161 | if (!attr.perm_id_req && !attr.any_id_req) { | |
| 162 | wpa_printf(MSG_INFO, "EAP-SAKE: No AT_PERM_ID_REQ or " | |
| 163 | "AT_ANY_ID_REQ in Request/Identity"); | |
| 164 | return NULL; | |
| 165 | } | |
| 166 | ||
| 167 | wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Identity"); | |
| 168 | ||
| 169 | resp = eap_sake_build_msg(data, eap_get_id(reqData), | |
| 170 | 2 + data->peerid_len, | |
| 171 | EAP_SAKE_SUBTYPE_IDENTITY); | |
| 172 | if (resp == NULL) | |
| 173 | return NULL; | |
| 174 | ||
| 175 | wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PEERID"); | |
| 176 | eap_sake_add_attr(resp, EAP_SAKE_AT_PEERID, | |
| 177 | data->peerid, data->peerid_len); | |
| 178 | ||
| 179 | eap_sake_state(data, CHALLENGE); | |
| 180 | ||
| 181 | return resp; | |
| 182 | } | |
| 183 | ||
| 184 | ||
| 185 | static struct wpabuf * eap_sake_process_challenge(struct eap_sm *sm, | |
| 186 | struct eap_sake_data *data, | |
| 187 | struct eap_method_ret *ret, | |
| 188 | const struct wpabuf *reqData, | |
| 189 | const u8 *payload, | |
| 190 | size_t payload_len) | |
| 191 | { | |
| 192 | struct eap_sake_parse_attr attr; | |
| 193 | struct wpabuf *resp; | |
| 194 | u8 *rpos; | |
| 195 | size_t rlen; | |
| 196 | ||
| 197 | if (data->state != IDENTITY && data->state != CHALLENGE) { | |
| 198 | wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Challenge received " | |
| 199 | "in unexpected state (%d)", data->state); | |
| 200 | ret->ignore = TRUE; | |
| 201 | return NULL; | |
| 202 | } | |
| 203 | if (data->state == IDENTITY) | |
| 204 | eap_sake_state(data, CHALLENGE); | |
| 205 | ||
| 206 | wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Challenge"); | |
| 207 | ||
| 208 | if (eap_sake_parse_attributes(payload, payload_len, &attr)) | |
| 209 | return NULL; | |
| 210 | ||
| 211 | if (!attr.rand_s) { | |
| 212 | wpa_printf(MSG_INFO, "EAP-SAKE: Request/Challenge did not " | |
| 213 | "include AT_RAND_S"); | |
| 214 | return NULL; | |
| 215 | } | |
| 216 | ||
| 217 | os_memcpy(data->rand_s, attr.rand_s, EAP_SAKE_RAND_LEN); | |
| 218 | wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)", | |
| 219 | data->rand_s, EAP_SAKE_RAND_LEN); | |
| 220 | ||
| 3642c431 | 221 | if (random_get_bytes(data->rand_p, EAP_SAKE_RAND_LEN)) { |
| 6fc6879b JM |
222 | wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data"); |
| 223 | return NULL; | |
| 224 | } | |
| 225 | wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_P (peer rand)", | |
| 226 | data->rand_p, EAP_SAKE_RAND_LEN); | |
| 227 | ||
| 228 | os_free(data->serverid); | |
| 229 | data->serverid = NULL; | |
| 230 | data->serverid_len = 0; | |
| 231 | if (attr.serverid) { | |
| 232 | wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-SAKE: SERVERID", | |
| 233 | attr.serverid, attr.serverid_len); | |
| 234 | data->serverid = os_malloc(attr.serverid_len); | |
| 235 | if (data->serverid == NULL) | |
| 236 | return NULL; | |
| 237 | os_memcpy(data->serverid, attr.serverid, attr.serverid_len); | |
| 238 | data->serverid_len = attr.serverid_len; | |
| 239 | } | |
| 240 | ||
| 241 | eap_sake_derive_keys(data->root_secret_a, data->root_secret_b, | |
| 242 | data->rand_s, data->rand_p, | |
| 243 | (u8 *) &data->tek, data->msk, data->emsk); | |
| 244 | ||
| 245 | wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Challenge"); | |
| 246 | ||
| 247 | rlen = 2 + EAP_SAKE_RAND_LEN + 2 + EAP_SAKE_MIC_LEN; | |
| 248 | if (data->peerid) | |
| 249 | rlen += 2 + data->peerid_len; | |
| 250 | resp = eap_sake_build_msg(data, eap_get_id(reqData), rlen, | |
| 251 | EAP_SAKE_SUBTYPE_CHALLENGE); | |
| 252 | if (resp == NULL) | |
| 253 | return NULL; | |
| 254 | ||
| 255 | wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_RAND_P"); | |
| 256 | eap_sake_add_attr(resp, EAP_SAKE_AT_RAND_P, | |
| 257 | data->rand_p, EAP_SAKE_RAND_LEN); | |
| 258 | ||
| 259 | if (data->peerid) { | |
| 260 | wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PEERID"); | |
| 261 | eap_sake_add_attr(resp, EAP_SAKE_AT_PEERID, | |
| 262 | data->peerid, data->peerid_len); | |
| 263 | } | |
| 264 | ||
| 265 | wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_MIC_P"); | |
| 266 | wpabuf_put_u8(resp, EAP_SAKE_AT_MIC_P); | |
| 267 | wpabuf_put_u8(resp, 2 + EAP_SAKE_MIC_LEN); | |
| 268 | rpos = wpabuf_put(resp, EAP_SAKE_MIC_LEN); | |
| 269 | if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p, | |
| 270 | data->serverid, data->serverid_len, | |
| 271 | data->peerid, data->peerid_len, 1, | |
| 272 | wpabuf_head(resp), wpabuf_len(resp), rpos, | |
| 273 | rpos)) { | |
| 274 | wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC"); | |
| 275 | wpabuf_free(resp); | |
| 276 | return NULL; | |
| 277 | } | |
| 278 | ||
| 279 | eap_sake_state(data, CONFIRM); | |
| 280 | ||
| 281 | return resp; | |
| 282 | } | |
| 283 | ||
| 284 | ||
| 285 | static struct wpabuf * eap_sake_process_confirm(struct eap_sm *sm, | |
| 286 | struct eap_sake_data *data, | |
| 287 | struct eap_method_ret *ret, | |
| 288 | const struct wpabuf *reqData, | |
| 289 | const u8 *payload, | |
| 290 | size_t payload_len) | |
| 291 | { | |
| 292 | struct eap_sake_parse_attr attr; | |
| 293 | u8 mic_s[EAP_SAKE_MIC_LEN]; | |
| 294 | struct wpabuf *resp; | |
| 295 | u8 *rpos; | |
| 296 | ||
| 297 | if (data->state != CONFIRM) { | |
| 298 | ret->ignore = TRUE; | |
| 299 | return NULL; | |
| 300 | } | |
| 301 | ||
| 302 | wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Confirm"); | |
| 303 | ||
| 304 | if (eap_sake_parse_attributes(payload, payload_len, &attr)) | |
| 305 | return NULL; | |
| 306 | ||
| 307 | if (!attr.mic_s) { | |
| 308 | wpa_printf(MSG_INFO, "EAP-SAKE: Request/Confirm did not " | |
| 309 | "include AT_MIC_S"); | |
| 310 | return NULL; | |
| 311 | } | |
| 312 | ||
| 313 | eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p, | |
| 314 | data->serverid, data->serverid_len, | |
| 315 | data->peerid, data->peerid_len, 0, | |
| 316 | wpabuf_head(reqData), wpabuf_len(reqData), | |
| 317 | attr.mic_s, mic_s); | |
| 318 | if (os_memcmp(attr.mic_s, mic_s, EAP_SAKE_MIC_LEN) != 0) { | |
| 319 | wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_S"); | |
| 320 | eap_sake_state(data, FAILURE); | |
| 321 | ret->methodState = METHOD_DONE; | |
| 322 | ret->decision = DECISION_FAIL; | |
| 323 | ret->allowNotifications = FALSE; | |
| 324 | wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending " | |
| 325 | "Response/Auth-Reject"); | |
| 326 | return eap_sake_build_msg(data, eap_get_id(reqData), 0, | |
| 327 | EAP_SAKE_SUBTYPE_AUTH_REJECT); | |
| 328 | } | |
| 329 | ||
| 330 | wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Confirm"); | |
| 331 | ||
| 332 | resp = eap_sake_build_msg(data, eap_get_id(reqData), | |
| 333 | 2 + EAP_SAKE_MIC_LEN, | |
| 334 | EAP_SAKE_SUBTYPE_CONFIRM); | |
| 335 | if (resp == NULL) | |
| 336 | return NULL; | |
| 337 | ||
| 338 | wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_MIC_P"); | |
| 339 | wpabuf_put_u8(resp, EAP_SAKE_AT_MIC_P); | |
| 340 | wpabuf_put_u8(resp, 2 + EAP_SAKE_MIC_LEN); | |
| 341 | rpos = wpabuf_put(resp, EAP_SAKE_MIC_LEN); | |
| 342 | if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p, | |
| 343 | data->serverid, data->serverid_len, | |
| 344 | data->peerid, data->peerid_len, 1, | |
| 345 | wpabuf_head(resp), wpabuf_len(resp), rpos, | |
| 346 | rpos)) { | |
| 347 | wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC"); | |
| 348 | wpabuf_free(resp); | |
| 349 | return NULL; | |
| 350 | } | |
| 351 | ||
| 352 | eap_sake_state(data, SUCCESS); | |
| 353 | ret->methodState = METHOD_DONE; | |
| 354 | ret->decision = DECISION_UNCOND_SUCC; | |
| 355 | ret->allowNotifications = FALSE; | |
| 356 | ||
| 357 | return resp; | |
| 358 | } | |
| 359 | ||
| 360 | ||
| 361 | static struct wpabuf * eap_sake_process(struct eap_sm *sm, void *priv, | |
| 362 | struct eap_method_ret *ret, | |
| 363 | const struct wpabuf *reqData) | |
| 364 | { | |
| 365 | struct eap_sake_data *data = priv; | |
| 366 | const struct eap_sake_hdr *req; | |
| 367 | struct wpabuf *resp; | |
| 368 | const u8 *pos, *end; | |
| 369 | size_t len; | |
| 370 | u8 subtype, session_id; | |
| 371 | ||
| 372 | pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SAKE, reqData, &len); | |
| 373 | if (pos == NULL || len < sizeof(struct eap_sake_hdr)) { | |
| 374 | ret->ignore = TRUE; | |
| 375 | return NULL; | |
| 376 | } | |
| 377 | ||
| 378 | req = (const struct eap_sake_hdr *) pos; | |
| 379 | end = pos + len; | |
| 380 | subtype = req->subtype; | |
| 381 | session_id = req->session_id; | |
| 382 | pos = (const u8 *) (req + 1); | |
| 383 | ||
| 384 | wpa_printf(MSG_DEBUG, "EAP-SAKE: Received frame: subtype %d " | |
| 385 | "session_id %d", subtype, session_id); | |
| 386 | wpa_hexdump(MSG_DEBUG, "EAP-SAKE: Received attributes", | |
| 387 | pos, end - pos); | |
| 388 | ||
| 389 | if (data->session_id_set && data->session_id != session_id) { | |
| 390 | wpa_printf(MSG_INFO, "EAP-SAKE: Session ID mismatch (%d,%d)", | |
| 391 | session_id, data->session_id); | |
| 392 | ret->ignore = TRUE; | |
| 393 | return NULL; | |
| 394 | } | |
| 395 | data->session_id = session_id; | |
| 396 | data->session_id_set = 1; | |
| 397 | ||
| 398 | ret->ignore = FALSE; | |
| 399 | ret->methodState = METHOD_MAY_CONT; | |
| 400 | ret->decision = DECISION_FAIL; | |
| 401 | ret->allowNotifications = TRUE; | |
| 402 | ||
| 403 | switch (subtype) { | |
| 404 | case EAP_SAKE_SUBTYPE_IDENTITY: | |
| 405 | resp = eap_sake_process_identity(sm, data, ret, reqData, | |
| 406 | pos, end - pos); | |
| 407 | break; | |
| 408 | case EAP_SAKE_SUBTYPE_CHALLENGE: | |
| 409 | resp = eap_sake_process_challenge(sm, data, ret, reqData, | |
| 410 | pos, end - pos); | |
| 411 | break; | |
| 412 | case EAP_SAKE_SUBTYPE_CONFIRM: | |
| 413 | resp = eap_sake_process_confirm(sm, data, ret, reqData, | |
| 414 | pos, end - pos); | |
| 415 | break; | |
| 416 | default: | |
| 417 | wpa_printf(MSG_DEBUG, "EAP-SAKE: Ignoring message with " | |
| 418 | "unknown subtype %d", subtype); | |
| 419 | ret->ignore = TRUE; | |
| 420 | return NULL; | |
| 421 | } | |
| 422 | ||
| 423 | if (ret->methodState == METHOD_DONE) | |
| 424 | ret->allowNotifications = FALSE; | |
| 425 | ||
| 426 | return resp; | |
| 427 | } | |
| 428 | ||
| 429 | ||
| 430 | static Boolean eap_sake_isKeyAvailable(struct eap_sm *sm, void *priv) | |
| 431 | { | |
| 432 | struct eap_sake_data *data = priv; | |
| 433 | return data->state == SUCCESS; | |
| 434 | } | |
| 435 | ||
| 436 | ||
| 437 | static u8 * eap_sake_getKey(struct eap_sm *sm, void *priv, size_t *len) | |
| 438 | { | |
| 439 | struct eap_sake_data *data = priv; | |
| 440 | u8 *key; | |
| 441 | ||
| 442 | if (data->state != SUCCESS) | |
| 443 | return NULL; | |
| 444 | ||
| 445 | key = os_malloc(EAP_MSK_LEN); | |
| 446 | if (key == NULL) | |
| 447 | return NULL; | |
| 448 | os_memcpy(key, data->msk, EAP_MSK_LEN); | |
| 449 | *len = EAP_MSK_LEN; | |
| 450 | ||
| 451 | return key; | |
| 452 | } | |
| 453 | ||
| 454 | ||
| 9ca84274 JM |
455 | static u8 * eap_sake_get_session_id(struct eap_sm *sm, void *priv, size_t *len) |
| 456 | { | |
| 457 | struct eap_sake_data *data = priv; | |
| 458 | u8 *id; | |
| 459 | ||
| 460 | if (data->state != SUCCESS) | |
| 461 | return NULL; | |
| 462 | ||
| 463 | *len = 1 + 2 * EAP_SAKE_RAND_LEN; | |
| 464 | id = os_malloc(*len); | |
| 465 | if (id == NULL) | |
| 466 | return NULL; | |
| 467 | ||
| 468 | id[0] = EAP_TYPE_SAKE; | |
| 469 | os_memcpy(id + 1, data->rand_s, EAP_SAKE_RAND_LEN); | |
| 470 | os_memcpy(id + 1 + EAP_SAKE_RAND_LEN, data->rand_s, EAP_SAKE_RAND_LEN); | |
| 471 | wpa_hexdump(MSG_DEBUG, "EAP-SAKE: Derived Session-Id", id, *len); | |
| 472 | ||
| 473 | return id; | |
| 474 | } | |
| 475 | ||
| 476 | ||
| 6fc6879b JM |
477 | static u8 * eap_sake_get_emsk(struct eap_sm *sm, void *priv, size_t *len) |
| 478 | { | |
| 479 | struct eap_sake_data *data = priv; | |
| 480 | u8 *key; | |
| 481 | ||
| 482 | if (data->state != SUCCESS) | |
| 483 | return NULL; | |
| 484 | ||
| 485 | key = os_malloc(EAP_EMSK_LEN); | |
| 486 | if (key == NULL) | |
| 487 | return NULL; | |
| 488 | os_memcpy(key, data->emsk, EAP_EMSK_LEN); | |
| 489 | *len = EAP_EMSK_LEN; | |
| 490 | ||
| 491 | return key; | |
| 492 | } | |
| 493 | ||
| 494 | ||
| 495 | int eap_peer_sake_register(void) | |
| 496 | { | |
| 497 | struct eap_method *eap; | |
| 498 | int ret; | |
| 499 | ||
| 500 | eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION, | |
| 501 | EAP_VENDOR_IETF, EAP_TYPE_SAKE, "SAKE"); | |
| 502 | if (eap == NULL) | |
| 503 | return -1; | |
| 504 | ||
| 505 | eap->init = eap_sake_init; | |
| 506 | eap->deinit = eap_sake_deinit; | |
| 507 | eap->process = eap_sake_process; | |
| 508 | eap->isKeyAvailable = eap_sake_isKeyAvailable; | |
| 509 | eap->getKey = eap_sake_getKey; | |
| 9ca84274 | 510 | eap->getSessionId = eap_sake_get_session_id; |
| 6fc6879b JM |
511 | eap->get_emsk = eap_sake_get_emsk; |
| 512 | ||
| 513 | ret = eap_peer_method_register(eap); | |
| 514 | if (ret) | |
| 515 | eap_peer_method_free(eap); | |
| 516 | return ret; | |
| 517 | } |