ERP: Fix rIK derivation

author Jouni Malinen <jouni@qca.qualcomm.com>

Fri, 3 Feb 2017 12:37:30 +0000 (14:37 +0200)

committer Jouni Malinen <j@w1.fi>

Fri, 3 Feb 2017 13:34:59 +0000 (15:34 +0200)
author Jouni Malinen <jouni@qca.qualcomm.com>
Fri, 3 Feb 2017 12:37:30 +0000 (14:37 +0200)
committer Jouni Malinen <j@w1.fi>
Fri, 3 Feb 2017 13:34:59 +0000 (15:34 +0200)
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c

index 1c6116aab3d0922ad34ac52cd2f66f62dda6d79a..cd43934d0cb4020f538a411dce658468fad125fe 100644 (file)
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -489,7 +489,7 @@ static void eap_peer_erp_init(struct eap_sm *sm)
         u8 *emsk = NULL;
         size_t emsk_len = 0;
         u8 EMSKname[EAP_EMSK_NAME_LEN];
-       u8 len[2];
+       u8 len[2], ctx[3];
         char *realm;
         size_t realm_len, nai_buf_len;
         struct eap_erp_key *erp = NULL;
@@ -550,9 +550,11 @@ static void eap_peer_erp_init(struct eap_sm *sm)
         erp->rRK_len = emsk_len;
         wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rRK", erp->rRK, erp->rRK_len);
  
+       ctx[0] = EAP_ERP_CS_HMAC_SHA256_128;
+       WPA_PUT_BE16(&ctx[1], erp->rRK_len);
         if (hmac_sha256_kdf(erp->rRK, erp->rRK_len,
-                           "EAP Re-authentication Integrity Key@ietf.org",
-                           len, sizeof(len), erp->rIK, erp->rRK_len) < 0) {
+                           "Re-authentication Integrity Key@ietf.org",
+                           ctx, sizeof(ctx), erp->rIK, erp->rRK_len) < 0) {
                 wpa_printf(MSG_DEBUG, "EAP: Could not derive rIK for ERP");
                 goto fail;
         }
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c

index 08cc171870fbb786f39a5dba2fb6de61b67d537e..ebfaa122fcdf685a67f5ecbfcdaef6239e126960 100644 (file)
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -415,7 +415,7 @@ static void eap_server_erp_init(struct eap_sm *sm)
         u8 *emsk = NULL;
         size_t emsk_len = 0;
         u8 EMSKname[EAP_EMSK_NAME_LEN];
-       u8 len[2];
+       u8 len[2], ctx[3];
         const char *domain;
         size_t domain_len, nai_buf_len;
         struct eap_server_erp_key *erp = NULL;
@@ -476,9 +476,11 @@ static void eap_server_erp_init(struct eap_sm *sm)
         erp->rRK_len = emsk_len;
         wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rRK", erp->rRK, erp->rRK_len);
  
+       ctx[0] = EAP_ERP_CS_HMAC_SHA256_128;
+       WPA_PUT_BE16(&ctx[1], erp->rRK_len);
         if (hmac_sha256_kdf(erp->rRK, erp->rRK_len,
-                           "EAP Re-authentication Integrity Key@ietf.org",
-                           len, sizeof(len), erp->rIK, erp->rRK_len) < 0) {
+                           "Re-authentication Integrity Key@ietf.org",
+                           ctx, sizeof(ctx), erp->rIK, erp->rRK_len) < 0) {
                 wpa_printf(MSG_DEBUG, "EAP: Could not derive rIK for ERP");
                 goto fail;
         }
author	Jouni Malinen <jouni@qca.qualcomm.com>
	Fri, 3 Feb 2017 12:37:30 +0000 (14:37 +0200)
committer	Jouni Malinen <j@w1.fi>
	Fri, 3 Feb 2017 13:34:59 +0000 (15:34 +0200)
src/eap_peer/eap.c		patch \| blob \| blame \| history
src/eap_server/eap_server.c		patch \| blob \| blame \| history