[PATCH 32/44] RADIUS: enable PSK generation at RADIUS Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Michael Braun <michael-dev@xxxxxxxxxxxxx>

If the AP is slow, passphrase hashing takes to long to serve the client
before timeout. Thus interpret 64 char Tunnel-Password as already hashed
PSK and send SSID to RADIUS server.

This is especially important for FT-PSK with FT-over-air, where hashing
cannot be deferred.

Signed-off-by: Michael Braun <michael-dev@xxxxxxxxxxxxx>
---
 src/ap/ieee802_11_auth.c | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
index c6a5b67..8058505 100644
--- a/src/ap/ieee802_11_auth.c
+++ b/src/ap/ieee802_11_auth.c
@@ -460,23 +460,40 @@ static void decode_tunnel_passwords(struct hostapd_data *hapd,
 		 */
 		if (passphrase == NULL)
 			break;
+
+		/*
+		 * Passphase should be 8..63 chars (to be hashed with ssid)
+		 * or 64 chars hex string (already hashed with ssid)
+		 */
+
+		if (passphraselen < 8 || passphraselen > PASSPHRASE_LEN)
+			continue;
+
 		/*
 		 * passphrase does not contain the NULL termination.
 		 * Add it here as pbkdf2_sha1() requires it.
 		 */
 		psk = os_zalloc(sizeof(struct hostapd_sta_wpa_psk_short));
 		if (psk) {
-			if (passphraselen > PASSPHRASE_LEN - 1)
-				os_memcpy(psk->passphrase, passphrase,
-					  PASSPHRASE_LEN - 1);
-			else
+			if ((passphraselen == PASSPHRASE_LEN) &&
+			    (hexstr2bin(passphrase, psk->psk, PMK_LEN) < 0)) {
+				hostapd_logger(hapd, cache->addr,
+					       HOSTAPD_MODULE_RADIUS,
+					       HOSTAPD_LEVEL_WARNING,
+					       "invalid hex string (%d chars) "
+					       "in Tunnel-Password",
+					       passphraselen);
+				goto skip;
+			} else if (passphraselen < PASSPHRASE_LEN) {
 				os_memcpy(psk->passphrase, passphrase,
 					  passphraselen);
-			psk->ispassphrase = 1;
+				psk->ispassphrase = 1;
+			}
 			psk->next = cache->psk;
 			cache->psk = psk;
 			psk = NULL;
 		}
+skip:
 		os_free(psk);
 		os_free(passphrase);
 	}
-- 
1.9.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux