cbb->binding.subtype = ((emsklen ? EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH : EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK) << 4) | EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST;
- RDEBUG("Phase 2: Sending Cryptobinding flags=%d", emsklen ? EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH : EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK);
+ RDEBUG("Phase 2: Sending Crypto-Binding Flags=%d", emsklen ? EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH : EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK);
rad_assert(sizeof(cbb->binding.nonce) % sizeof(uint32_t) == 0);
RANDFILL(cbb->binding.nonce);
if ((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK) != 0) {
HMAC(md, &t->imck_msk.cmk, sizeof(t->imck_msk.cmk), buf, buflen, mac, &maclen);
if (memcmp(binding->msk_compound_mac, mac, sizeof(binding->msk_compound_mac))) {
- RDEBUG2("Phase 2: Crypto-Binding TLV (MSK) mis-match");
+ RWDEBUG2("Phase 2: Crypto-Binding TLV (MSK) mis-match");
return PW_CODE_ACCESS_REJECT;
}
imck = &t->imck_msk;
}
+ if (((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_EMSK) != 0) && !t->imck_emsk_available) {
+ fr_assert(0);
+ }
+
if (((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_EMSK) != 0) && t->imck_emsk_available) {
HMAC(md, &t->imck_emsk.cmk, sizeof(t->imck_emsk.cmk), buf, buflen, mac, &maclen);
if (memcmp(binding->emsk_compound_mac, mac, sizeof(binding->emsk_compound_mac))) {
- RDEBUG2("Phase 2: Crypto-Binding TLV (EMSK) mis-match");
+ RWDEBUG2("Phase 2: Crypto-Binding TLV (EMSK) mis-match");
return PW_CODE_ACCESS_REJECT;
}
projects / thirdparty / freeradius-server.git / commitdiff
