Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

ERP: Derive ERP key only after successful EAP authentication

ERP key was previously derived immediately after the availability of
EMSK and Session-Id and the ERP key hierarchy was saved even if the
authentication resulted in failure eventually. Instead, derive the ERP
key only after a successful EAP authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Vidyullatha Kanchanapally 7 years ago
parent
528b655788
commit
2a71673e27
1 changed files with 7 additions and 4 deletions
Split View Show Diff Stats
  1. 7 4
      src/eap_peer/eap.c

+ 7 - 4
src/eap_peer/eap.c
View File 

@@ -907,8 +907,6 @@ SM_STATE(EAP, METHOD)
 
 
 	if (sm->m->isKeyAvailable && sm->m->getKey &&
 
 	    sm->m->isKeyAvailable(sm, sm->eap_method_priv)) {
 
-		struct eap_peer_config *config = eap_get_config(sm);
 
-
 
 		eap_sm_free_key(sm);
 
 		sm->eapKeyData = sm->m->getKey(sm, sm->eap_method_priv,
 
 					       &sm->eapKeyDataLen);
 
@@ -921,8 +919,6 @@ SM_STATE(EAP, METHOD)
 
 			wpa_hexdump(MSG_DEBUG, "EAP: Session-Id",
 
 				    sm->eapSessionId, sm->eapSessionIdLen);
 
 		}
 
-		if (config->erp && sm->m->get_emsk && sm->eapSessionId)
 
-			eap_peer_erp_init(sm, NULL, 0, NULL, 0);
 
 	}
 
 }
 
 
@@ -1020,6 +1016,8 @@ SM_STATE(EAP, RETRANSMIT)
 
  */
 
 SM_STATE(EAP, SUCCESS)
 
 {
 
+	struct eap_peer_config *config = eap_get_config(sm);
 
+
 
 	SM_ENTRY(EAP, SUCCESS);
 
 	if (sm->eapKeyData != NULL)
 
 		sm->eapKeyAvailable = TRUE;
 
@@ -1042,6 +1040,11 @@ SM_STATE(EAP, SUCCESS)
 
 
 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
 
 		"EAP authentication completed successfully");
 
+
 
+	if (config->erp && sm->m->get_emsk && sm->eapSessionId &&
 
+	    sm->m->isKeyAvailable &&
 
+	    sm->m->isKeyAvailable(sm, sm->eap_method_priv))
 
+		eap_peer_erp_init(sm, NULL, 0, NULL, 0);
 
 }