Mercurial > hg > freeDiameter
changeset 610:a137913d9f88
Added ability to extract the Extended MSK (EMSK) for future use
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Wed, 01 Dec 2010 18:19:54 +0900 |
parents | 2d15fd8ef5ba |
children | 1aee784f70e0 |
files | extensions/app_diameap/diameap_eap.c extensions/app_diameap/diameap_eap.h extensions/app_diameap/diameap_plugins.c extensions/app_diameap/diameap_server.c extensions/app_diameap/libdiameap.h extensions/app_diameap/plugins/eap_tls/eap_tls.c |
diffstat | 6 files changed, 33 insertions(+), 19 deletions(-) [+] |
line wrap: on
line diff
--- a/extensions/app_diameap/diameap_eap.c Wed Dec 01 17:52:28 2010 +0900 +++ b/extensions/app_diameap/diameap_eap.c Wed Dec 01 18:19:54 2010 +0900 @@ -443,14 +443,17 @@ if ((*eap_sm->selectedMethod->eap_method_isDone)(eap_sm) == TRUE) { /*diameap_ba_PolicyUpdate();*/ - eap_i->aaaEapKeyLength = 0; + eap_i->aaaEapMSKLength = 0; + eap_i->aaaEapEMSKLength = 0; if (eap_sm->selectedMethod->eap_method_getKey) { if ((*eap_sm->selectedMethod->eap_method_getKey)(eap_sm, - &eap_i->aaaEapKeyData, &eap_i->aaaEapKeyLength)) + &eap_i->aaaEapMSKData, &eap_i->aaaEapMSKLength, + &eap_i->aaaEapEMSKData, &eap_i->aaaEapEMSKLength)) { TRACE_DEBUG(INFO,"%s[EAP Protocol] Generating EAP Master Key failed.",DIAMEAP_EXTENSION,eap_sm->selectedMethod->methodname) - eap_i->aaaEapKeyLength = 0; + eap_i->aaaEapMSKLength = 0; + eap_i->aaaEapEMSKLength = 0; eap_i->aaaEapKeyAvailable = FALSE; } else @@ -555,7 +558,7 @@ diameap_ba_nextid(eap_sm, &eap_sm->currentId); CHECK_FCT(diameap_eap_new(EAP_SUCCESS, (u8) eap_sm->currentId, TYPE_NONE, NULL, 0,&eap_i->aaaEapReqData)) ; - if (eap_i->aaaEapKeyData != NULL) + if (eap_i->aaaEapMSKData != NULL) { TRACE_DEBUG(FULL+1,"%s[EAP Protocol] EAP Key available [User: %s].",DIAMEAP_EXTENSION,eap_sm->user.userid); eap_i->aaaEapKeyAvailable = TRUE;
--- a/extensions/app_diameap/diameap_eap.h Wed Dec 01 17:52:28 2010 +0900 +++ b/extensions/app_diameap/diameap_eap.h Wed Dec 01 18:19:54 2010 +0900 @@ -58,8 +58,10 @@ boolean aaaSuccess; boolean aaaFail; struct eap_packet aaaEapReqData; - u8 *aaaEapKeyData; - int aaaEapKeyLength; + u8 *aaaEapMSKData; + int aaaEapMSKLength; + u8 *aaaEapEMSKData; + int aaaEapEMSKLength; boolean aaaEapKeyAvailable; int aaaMethodTimeout;
--- a/extensions/app_diameap/diameap_plugins.c Wed Dec 01 17:52:28 2010 +0900 +++ b/extensions/app_diameap/diameap_plugins.c Wed Dec 01 18:19:54 2010 +0900 @@ -328,7 +328,7 @@ if (registerplugin->getKey) { plugin->eap_method_getKey = (int(*)(struct eap_state_machine *, - u8**, int*)) dlsym(plugin->handler, registerplugin->getKey); + u8**, int*,u8**, int*)) dlsym(plugin->handler, registerplugin->getKey); if (plugin->eap_method_getKey == NULL) { TRACE_DEBUG(
--- a/extensions/app_diameap/diameap_server.c Wed Dec 01 17:52:28 2010 +0900 +++ b/extensions/app_diameap/diameap_server.c Wed Dec 01 18:19:54 2010 +0900 @@ -308,7 +308,8 @@ eap_i->aaaSuccess = FALSE; eap_i->aaaFail = FALSE; eap_i->aaaEapReqData.data = NULL; - eap_i->aaaEapKeyData = NULL; + eap_i->aaaEapMSKData = NULL; + eap_i->aaaEapEMSKData = NULL; eap_i->aaaEapKeyAvailable = FALSE; eap_i->aaaMethodTimeout = 0; @@ -2956,8 +2957,8 @@ if (eap_i.aaaEapKeyAvailable == TRUE) { CHECK_FCT(fd_msg_avp_new(dataobj_eap_master_session_key, 0, &avp)); - avp_val.os.data = eap_i.aaaEapKeyData; - avp_val.os.len = eap_i.aaaEapKeyLength; + avp_val.os.data = eap_i.aaaEapMSKData; + avp_val.os.len = eap_i.aaaEapMSKLength; CHECK_FCT(fd_msg_avp_setvalue(avp, &avp_val)); CHECK_FCT( fd_msg_avp_add( ans, MSG_BRW_LAST_CHILD, avp ) );
--- a/extensions/app_diameap/libdiameap.h Wed Dec 01 17:52:28 2010 +0900 +++ b/extensions/app_diameap/libdiameap.h Wed Dec 01 18:19:54 2010 +0900 @@ -113,7 +113,8 @@ int (*eap_method_process)(struct eap_state_machine *smd, struct eap_packet eapRespData); /* address of the eap_method_process method */ boolean (*eap_method_isDone)(struct eap_state_machine *smd); /* address of the eap_method_isDone method */ - int (*eap_method_getKey)(struct eap_state_machine *smd, u8 ** key,int *keylength); /* address of the eap_method_getKey method */ + int (*eap_method_getKey)(struct eap_state_machine *smd, u8 ** msk,int *msklength, + u8 ** emsk,int *emsklength); /* address of the eap_method_getKey method */ void (*eap_method_unregister)(void); /* (Optional) address of the eap_method_unregister method */ void (*eap_method_free)(void *); /* (Optional) address of the eap_method_datafree method */
--- a/extensions/app_diameap/plugins/eap_tls/eap_tls.c Wed Dec 01 17:52:28 2010 +0900 +++ b/extensions/app_diameap/plugins/eap_tls/eap_tls.c Wed Dec 01 18:19:54 2010 +0900 @@ -49,7 +49,7 @@ int eap_tls_process(struct eap_state_machine *smd, struct eap_packet eapRespData); boolean eap_tls_isDone(struct eap_state_machine *smd); -int eap_tls_getKey(struct eap_state_machine *smd, u8** key, int * keylen); +int eap_tls_getKey(struct eap_state_machine *smd, u8** msk, int * msklen, u8** emsk, int * emsklen); void eap_tls_unregister(void); void eap_tls_free(void * data); @@ -288,23 +288,30 @@ return TRUE; } -int eap_tls_getKey(struct eap_state_machine *smd, u8 ** key, int *keylen) +int eap_tls_getKey(struct eap_state_machine *smd, u8 ** msk, int *msklen, u8 ** emsk, int *emsklen) { struct tls_data * data; + int len = emsk ? 128 : 64; data = (struct tls_data *) smd->methodData; - *key = malloc(64); + *msk = malloc(len); if (gnutls_prf(data->session, strlen("client EAP encryption"), - "client EAP encryption", 0, 0, NULL, 64, (char *) *key) + "client EAP encryption", 0, 0, NULL, len, (char *) *msk) != GNUTLS_E_SUCCESS) { - free(*key); - *key = NULL; - *keylen = 0; + free(*msk); + *msk = NULL; + *msklen = 0; return 1; } else { - *keylen = 64; + *msklen = 64; + } + if (emsk) { + *emsk = malloc(64); + memcpy(*emsk, (*msk)+64, 64); + memset((*msk)+64, 0, 64); + *emsklen = 64; } return 0;