Changeset 610:a137913d9f88 in freeDiameter

Timestamp:

Dec 1, 2010, 6:19:54 PM (13 years ago)

Author:

Sebastien Decugis <sdecugis@nict.go.jp>

Branch:

default

Phase:

public

Message:

Added ability to extract the Extended MSK (EMSK) for future use

Location:

extensions/app_diameap

Files:

: 6 edited

diameap_eap.c (modified) (2 diffs)
diameap_eap.h (modified) (1 diff)
diameap_plugins.c (modified) (1 diff)
diameap_server.c (modified) (2 diffs)
libdiameap.h (modified) (1 diff)
plugins/eap_tls/eap_tls.c (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

extensions/app_diameap/diameap_eap.c

r438	r610
444	444	{
445	445	/diameap_ba_PolicyUpdate();/
446		eap_i->aaaEapKeyLength = 0;
	446	eap_i->aaaEapMSKLength = 0;
	447	eap_i->aaaEapEMSKLength = 0;
447	448	if (eap_sm->selectedMethod->eap_method_getKey)
448	449	{
449	450	if ((*eap_sm->selectedMethod->eap_method_getKey)(eap_sm,
450		&eap_i->aaaEapKeyData, &eap_i->aaaEapKeyLength))
	451	&eap_i->aaaEapMSKData, &eap_i->aaaEapMSKLength,
	452	&eap_i->aaaEapEMSKData, &eap_i->aaaEapEMSKLength))
451	453	{
452	454	TRACE_DEBUG(INFO,"%s[EAP Protocol] Generating EAP Master Key failed.",DIAMEAP_EXTENSION,eap_sm->selectedMethod->methodname)
453		eap_i->aaaEapKeyLength = 0;
	455	eap_i->aaaEapMSKLength = 0;
	456	eap_i->aaaEapEMSKLength = 0;
454	457	eap_i->aaaEapKeyAvailable = FALSE;
455	458	}
…	…
556	559	CHECK_FCT(diameap_eap_new(EAP_SUCCESS, (u8) eap_sm->currentId, TYPE_NONE, NULL, 0,&eap_i->aaaEapReqData))
557	560	;
558		if (eap_i->aaaEap~~Key~~Data != NULL)
	561	if (eap_i->aaaEapMSKData != NULL)
559	562	{
560	563	TRACE_DEBUG(FULL+1,"%s[EAP Protocol] EAP Key available [User: %s].",DIAMEAP_EXTENSION,eap_sm->user.userid);

extensions/app_diameap/diameap_eap.h

-                      r438
+                      r610
         boolean aaaFail;
         struct eap_packet aaaEapReqData;
+        u8 *aaaEapKeyData;
+        int aaaEapKeyLength;
+        u8 *aaaEapMSKData;
+        int aaaEapMSKLength;
+        u8 *aaaEapEMSKData;
+        int aaaEapEMSKLength;
         boolean aaaEapKeyAvailable;
         int aaaMethodTimeout;

extensions/app_diameap/diameap_plugins.c

r425	r610
329	329	{
330	330	plugin->eap_method_getKey = (int()(struct eap_state_machine ,
331		u8*, int)) dlsym(plugin->handler, registerplugin->getKey);
	331	u8*, int,u8*, int)) dlsym(plugin->handler, registerplugin->getKey);
332	332	if (plugin->eap_method_getKey == NULL)
333	333	{

extensions/app_diameap/diameap_server.c

-                      r577
+                      r610
         eap_i->aaaFail = FALSE;
         eap_i->aaaEapReqData.data = NULL;
+        eap_i->aaaEapKeyData = NULL;
+        eap_i->aaaEapMSKData = NULL;
+        eap_i->aaaEapEMSKData = NULL;
         eap_i->aaaEapKeyAvailable = FALSE;
         eap_i->aaaMethodTimeout = 0;
 …
+        {
                 CHECK_FCT(fd_msg_avp_new(dataobj_eap_master_session_key, 0, &avp));
                 avp_val.os.data = eap_i.aaaEapKeyData;
                 avp_val.os.len = eap_i.aaaEapKeyLength;
+                avp_val.os.data = eap_i.aaaEapMSKData;
+                avp_val.os.len = eap_i.aaaEapMSKLength;
                 CHECK_FCT(fd_msg_avp_setvalue(avp, &avp_val));
                 CHECK_FCT( fd_msg_avp_add( ans, MSG_BRW_LAST_CHILD, avp ) );

extensions/app_diameap/libdiameap.h

-                      r425
+                      r610
                         struct eap_packet eapRespData); /* address of the eap_method_process method */
         boolean (*eap_method_isDone)(struct eap_state_machine *smd); /* address of the eap_method_isDone method */
+        int (*eap_method_getKey)(struct eap_state_machine *smd, u8 ** key,int *keylength); /* address of the eap_method_getKey method */
+        int (*eap_method_getKey)(struct eap_state_machine *smd, u8 ** msk,int *msklength,
+                        u8 ** emsk,int *emsklength); /* address of the eap_method_getKey method */
         void (*eap_method_unregister)(void); /* (Optional) address of the eap_method_unregister method */
         void (*eap_method_free)(void *); /* (Optional) address of the eap_method_datafree method */

extensions/app_diameap/plugins/eap_tls/eap_tls.c

-                      r577
+                      r610
                 struct eap_packet eapRespData);
 boolean eap_tls_isDone(struct eap_state_machine *smd);
 int eap_tls_getKey(struct eap_state_machine *smd, u8** key, int * keylen);
+int eap_tls_getKey(struct eap_state_machine *smd, u8** msk, int * msklen, u8** emsk, int * emsklen);
 void eap_tls_unregister(void);
 void eap_tls_free(void * data);
 …
+}
 int eap_tls_getKey(struct eap_state_machine *smd, u8 ** key, int *keylen)
+int eap_tls_getKey(struct eap_state_machine *smd, u8 ** msk, int *msklen, u8 ** emsk, int *emsklen)
+{
         struct tls_data * data;
+        int len = emsk ? 128 : 64;
         data = (struct tls_data *) smd->methodData;
         *key = malloc(64);
+        *msk = malloc(len);
         if (gnutls_prf(data->session, strlen("client EAP encryption"),
                         "client EAP encryption", 0, 0, NULL, 64, (char *) *key)
+                        "client EAP encryption", 0, 0, NULL, len, (char *) *msk)
                         != GNUTLS_E_SUCCESS)
+        {
                 free(*key);
                 *key = NULL;
                 *keylen = 0;
+                free(*msk);
+                *msk = NULL;
+                *msklen = 0;
                 return 1;
+        }
         else
+        {
+                *keylen = 64;
+                *msklen = 64;
+        }
+        if (emsk) {
+                *emsk = malloc(64);
+                memcpy(*emsk, (*msk)+64, 64);
+                memset((*msk)+64, 0, 64);
+                *emsklen = 64;
+        }

Note: See TracChangeset for help on using the changeset viewer.

Navigation