git.ipfire.org Git - thirdparty/hostap.git/commit

author	Jouni Malinen <jouni@qca.qualcomm.com>
	Fri, 3 Feb 2017 12:37:30 +0000 (14:37 +0200)
committer	Jouni Malinen <j@w1.fi>
	Fri, 3 Feb 2017 13:34:59 +0000 (15:34 +0200)
commit	bb3ea71a23bcd675bc45981cb2403109c6d4948d
tree	e7d7b652d8e3351e32f43e624790b9c7bc6fab91	tree
parent	eeea363cab6611af4372718cdafd6d25a0daa89c	commit \| diff

ERP: Fix rIK derivation

Unlike the EMSKname and rRK derivations, rIK derivation is actually
using the "optional data" component in the context data (see RFC 5295).
RFC 6696 defines that optional data to be the cryptosuite field for rIK.
This was missing from the previous implementation and that resulted in
incorrect rIK being derived.

In addition, the rIK Label string does not actually include the "EAP "
prefix in the way as the rRK Label in RFC 6696 does. This would also
have resulted in incorrect rIK value.

Fix rIK derivation by adding the cryptosuite value into the KDF context
data and fixing the label string. This change is not backwards
compatible and breaks all ERP use cases (including FILS shared key
authentication) with older (broken) and new (fixed)
hostapd/wpa_supplicant builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

src/eap_peer/eap.c		diff \| blob \| blame \| history
src/eap_server/eap_server.c		diff \| blob \| blame \| history