]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e698bde) | patch
libradius: Pad received MSK to at least 64 bytes
authorTobias Brunner <tobias@strongswan.org>
Fri, 26 Jan 2018 08:51:07 +0000 (09:51 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 9 Feb 2018 09:44:52 +0000 (10:44 +0100)
commit73cbce60132301f9eea1ddf6d3cd284b0e8cb058
tree81439a8b34b4a05ae4ca4b0e70634f5048238285tree | snapshot
parente698bdea247edd9f251ef6cd92cc75d4a31cc751commit | diff
libradius: Pad received MSK to at least 64 bytes

According to RFC 3748 MSKs must be at least 64 bytes, however, that's
not the case for the MSK derived via EAP-MSCHAPv2.  The two key parts
received are only 16 bytes each (derived according to RFC 3079,
section 3.3), so we end up with an MSK of only 32 bytes. The eap-mschapv2
plugin, on the other hand, pads these two parts with 32 zeros.

Interestingly, this is not a problem in many cases as the SHA1/2 based
PRFs used later use a block size that's >= 64 bytes, so the shorter MSK
is just padded with zeros then.  However, with AES-XCBC-PRF-128, for
instance, which uses a block size of 16 bytes, the different MSKs are an
issue as XCBC is applied to both to shorten them, with different results.
This eventually causes the authentication to fail if the client uses a
zero-padded MSK produced by the eap-mschapv2 plugin and the server the 32
byte MSK received via RADIUS.
src/libradius/radius_socket.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.