EAP-TTLS phase 2 configured to use EAP not MSCHAPV2

nao at tom-yam.or.jp (Naoki Hamada) · Fri, 7 Jan 2011 22:26:07 +0900

Hi, Dan.

Thank you very much for your advice. Valgrind powerfully unleashed
me from the hell of aborting. With the following patches authentication
still fails, but the treasure island is not very far, I hope.

---
wimax-network-service/InfraStack/OSAgnostic/WiMax/Wrappers/Supplicant/wmxSDK_Sup_Impl.c-
2011-01-05 10:26:51.630063723 +0900

+++ wimax-network-service/InfraStack/OSAgnostic/WiMax/Wrappers/Supplicant/wmxSDK_Sup_Impl.c	2011-01-07
11:00:34.657228034 +0900
@@ -1240,9 +1240,7 @@
 {
 	tTLSOperationRequest r;
 	wmx_Status_t res;
-#ifdef WPA_OPEN_SOURCE

-	out_len = 0x40;
-#endif
+
 	size_t in_len = OSAL_strnlen(label, MAX_STRING_VALIDATE) + 1;
 	res = SendTLSRequest(&r, ETLSOP_PRF, tls_ctx, conn,
server_random_first, (UINT32)out_len,
 		(const UINT8 *)label, (UINT32)in_len);

--- wpa_supplicant-0.7.3/src/eap_peer/eap_ttls.c- 2010-09-08
00:43:39.000000000 +0900

+++ wpa_supplicant-0.7.3/src/eap_peer/eap_ttls.c	2011-01-07
21:43:46.262647701 +0900
@@ -125,6 +125,12 @@
 			data->phase2_type = EAP_TTLS_PHASE2_CHAP;

 		}
 	}
+
+	/* xxx quick hack to force ms-chap-v2 xxx */
+	selected = "MSCHAPV2";
+	data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2;
+	/* xxx */
+
 	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 type: %s", selected);


 	if (data->phase2_type == EAP_TTLS_PHASE2_EAP) {
@@ -667,14 +673,13 @@

 	/* MS-CHAP-Challenge */
 	challenge = eap_ttls_implicit_challenge(
-		sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
+		sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);

 	if (challenge == NULL) {
 		wpabuf_free(msg);
 		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
 			   "implicit challenge");
 		return -1;
 	}
-	peer_challenge = challenge + 1 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN;


 	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE,
 			       RADIUS_VENDOR_ID_MICROSOFT, 1,
@@ -687,6 +692,8 @@
 	data->ident = challenge[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN];
 	*pos++ = data->ident;

 	*pos++ = 0; /* Flags */
+	peer_challenge = os_malloc(EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
+	os_get_random(peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
 	os_memcpy(pos, peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);

 	pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN;
 	os_memset(pos, 0, 8); /* Reserved, must be zero */
@@ -706,6 +713,7 @@

 	pos += 24;
 	os_free(challenge);
+	os_free(peer_challenge);
 	AVP_PAD(buf, pos);


 	wpabuf_put(msg, pos - buf);

Naoki Hamada
nao at tom-yam.or.jp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxwimax.org/pipermail/wimax/attachments/20110107/388df48a/attachment.html>





