]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cba9ebf)
EAP-PEAP peer: Cryptobinding in fast-reconnect case with inner EAP
authorJouni Malinen <j@w1.fi>
Tue, 5 Jan 2016 21:50:50 +0000 (23:50 +0200)
committerJouni Malinen <j@w1.fi>
Tue, 5 Jan 2016 21:50:50 +0000 (23:50 +0200)
This was reported to fail with Windows 2012r2 with "Invalid Compound_MAC
in cryptobinding TLV". It turns out that the server decided to go
through inner EAP method (EAP-MSCHAPv2 in the reported case) even when
using PEAP fast-reconnect. This seems to be against the [MS-PEAP]
specification which claims that inner EAP method is not used in such a
case. This resulted in a different CMK being derived by the server (used
the version that used ISK) and wpa_supplicant (used the version where
IPMK|CMK = TK without ISK when using fast-reconnect).

Fix this interop issue by making wpa_supplicant to use the
fast-reconnect version of CMK derivation only when using TLS session
resumption and the server having not initiated inner EAP method before
going through the cryptobinding exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/eap_peer/eap_peap.c patch | blob | blame | history

diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 503d4b02d09952069787e9d527fc56209b02120c..bf420cc8c5d45622d646e548376990dd642468a9 100644 (file)
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -253,6 +253,7 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
 {
        u8 *tk;
        u8 isk[32], imck[60];
+       int resumed;
 
        /*
         * Tunnel key (TK) is the first 60 octets of the key generated by
@@ -263,8 +264,12 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
                return -1;
        wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
 
-       if (data->reauth &&
-           tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
+       resumed = tls_connection_resumed(sm->ssl_ctx, data->ssl.conn);
+       wpa_printf(MSG_DEBUG,
+                  "EAP-PEAP: CMK derivation - reauth=%d resumed=%d phase2_eap_started=%d phase2_success=%d",
+                  data->reauth, resumed, data->phase2_eap_started,
+                  data->phase2_success);
+       if (data->reauth && !data->phase2_eap_started && resumed) {
                /* Fast-connect: IPMK|CMK = TK */
                os_memcpy(data->ipmk, tk, 40);
                wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK from TK",
Unnamed repository; edit this file 'description' to name the repository.