EAP-pwd: Validate Prep field in EAP-pwd-ID/Response

RFC 5931 Section 2.8.5.1 does not list the Prep field as something that
the server validates to match the Request. However, the supplicant side
has to use the same pre-processing mechanism for the password for the
authentication to work, so we may as well as enforce this field to match
the requested value now that wpa_supplicant implementation is fixed to
copy the value from the request.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 64bf708e039a4a1579ee78a8303732fb8582bb41..c60539fac14381ecbae21a7fb4ae6a6af1f8173c 100644 (file)
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -602,7 +602,9 @@ static void eap_pwd_process_id_resp(struct eap_sm *sm,
        if ((data->group_num != be_to_host16(id->group_num)) ||
            (id->random_function != EAP_PWD_DEFAULT_RAND_FUNC) ||
            (os_memcmp(id->token, (u8 *)&data->token, sizeof(data->token))) ||
-           (id->prf != EAP_PWD_DEFAULT_PRF)) {
+           (id->prf != EAP_PWD_DEFAULT_PRF) ||
+           id->prep !=
+           data->password_hash ? EAP_PWD_PREP_MS : EAP_PWD_PREP_NONE) {
                wpa_printf(MSG_INFO, "EAP-pwd: peer changed parameters");
                eap_pwd_state(data, FAILURE);
                return;