diff options
author | Martin Willi <martin@strongswan.org> | 2009-10-28 14:15:24 +0100 |
---|---|---|
committer | Martin Willi <martin@strongswan.org> | 2009-11-12 10:34:00 +0100 |
commit | 454b59c5fd7c7d01c28ec74a03f09af185046876 (patch) | |
tree | 8db35c8640c8153d0374e7e50ede89c447aaa97e /src/charon/plugins/eap_aka | |
parent | e1a8729de0ebe5e1f7ac14b3b852f9b7142ae582 (diff) | |
download | strongswan-454b59c5fd7c7d01c28ec74a03f09af185046876.tar.bz2 strongswan-454b59c5fd7c7d01c28ec74a03f09af185046876.tar.xz |
EAP-SIM/AKA crypto helper supports key derivation for fast reauthentication
Diffstat (limited to 'src/charon/plugins/eap_aka')
-rw-r--r-- | src/charon/plugins/eap_aka/eap_aka_peer.c | 6 | ||||
-rw-r--r-- | src/charon/plugins/eap_aka/eap_aka_server.c | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.c b/src/charon/plugins/eap_aka/eap_aka_peer.c index b83833bf8..136a774db 100644 --- a/src/charon/plugins/eap_aka/eap_aka_peer.c +++ b/src/charon/plugins/eap_aka/eap_aka_peer.c @@ -82,7 +82,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this, enumerator_t *enumerator; simaka_attribute_t type; sim_card_t *card; - chunk_t data, rand = chunk_empty, autn = chunk_empty; + chunk_t data, rand = chunk_empty, autn = chunk_empty, mk; u_char res[AKA_RES_LEN], ck[AKA_CK_LEN], ik[AKA_IK_LEN], auts[AKA_AUTS_LEN]; status_t status = NOT_FOUND; @@ -155,7 +155,9 @@ static status_t process_challenge(private_eap_aka_peer_t *this, data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN), chunk_create(ck, AKA_CK_LEN)); free(this->msk.ptr); - this->msk = this->crypto->derive_keys_full(this->crypto, this->peer, data); + this->msk = this->crypto->derive_keys_full(this->crypto, this->peer, + data, &mk); + free(mk.ptr); /* verify EAP message MAC AT_MAC */ if (!in->verify(in, chunk_empty)) diff --git a/src/charon/plugins/eap_aka/eap_aka_server.c b/src/charon/plugins/eap_aka/eap_aka_server.c index 0431feb12..9f6e71ad7 100644 --- a/src/charon/plugins/eap_aka/eap_aka_server.c +++ b/src/charon/plugins/eap_aka/eap_aka_server.c @@ -98,7 +98,7 @@ static status_t initiate(private_eap_aka_server_t *this, eap_payload_t **out) sim_provider_t *provider; char rand[AKA_RAND_LEN], xres[AKA_RES_LEN]; char ck[AKA_CK_LEN], ik[AKA_IK_LEN], autn[AKA_AUTN_LEN]; - chunk_t data; + chunk_t data, mk; bool found = FALSE; enumerator = charon->sim->create_provider_enumerator(charon->sim); @@ -122,7 +122,9 @@ static status_t initiate(private_eap_aka_server_t *this, eap_payload_t **out) data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN), chunk_create(ck, AKA_CK_LEN)); free(this->msk.ptr); - this->msk = this->crypto->derive_keys_full(this->crypto, this->peer, data); + this->msk = this->crypto->derive_keys_full(this->crypto, this->peer, + data, &mk); + free(mk.ptr); this->rand = chunk_clone(chunk_create(rand, AKA_RAND_LEN)); this->xres = chunk_clone(chunk_create(xres, AKA_RES_LEN)); |