[PATCH] EAP-TEAP: like EAP-FAST, reverse the order of the MS-MPPE keys

Alexander Clouter alex+hostapd at coremem.com
Mon Jul 4 13:19:10 PDT 2022 

This gets us working with FreeRADIUS (which works for Win11).

Signed-off-by: Alexander Clouter <alex at coremem.com>
---
  src/eap_common/eap_teap_common.c | 25 +++++++++++++++++++------
  src/eap_common/eap_teap_common.h |  1 +
  src/eap_peer/eap_teap.c          |  1 +
  src/eap_server/eap_server_teap.c |  1 +
  4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/src/eap_common/eap_teap_common.c b/src/eap_common/eap_teap_common.c
index ffb9a6234..e58089b74 100644
--- a/src/eap_common/eap_teap_common.c
+++ b/src/eap_common/eap_teap_common.c
@@ -143,6 +143,7 @@ int eap_teap_derive_cmk_basic_pw_auth(u16 tls_cs, const u8 *s_imck_msk, u8 *cmk)
  
  
  int eap_teap_derive_imck(u16 tls_cs,
+			 const int phase2_vendor, const u32 phase2_method,
  			 const u8 *prev_s_imck_msk, const u8 *prev_s_imck_emsk,
  			 const u8 *msk, size_t msk_len,
  			 const u8 *emsk, size_t emsk_len,
@@ -204,12 +205,24 @@ int eap_teap_derive_imck(u16 tls_cs,
  	}
  
  	if (msk && msk_len > 0) {
-		size_t copy_len = msk_len;
-
-		os_memset(imsk, 0, 32); /* zero pad, if needed */
-		if (copy_len > 32)
-			copy_len = 32;
-		os_memcpy(imsk, msk, copy_len);
+		if (msk_len == 32 &&
+		    phase2_vendor == EAP_VENDOR_IETF &&
+		    phase2_method == EAP_TYPE_MSCHAPV2) {
+	                /*
+	                 * EAP-TEAP uses reverse order for MS-MPPE keys when deriving
+	                 * MSK from EAP-MSCHAPv2. Swap the keys here to get the correct
+	                 * ISK for EAP-TEAP cryptobinding.
+	                 */
+	                os_memcpy(imsk, msk + 16, 16);
+	                os_memcpy(imsk + 16, msk, 16);
+		} else {
+			size_t copy_len = msk_len;
+
+			os_memset(imsk, 0, 32); /* zero pad, if needed */
+			if (copy_len > 32)
+				copy_len = 32;
+			os_memcpy(imsk, msk, copy_len);
+		}
  		wpa_hexdump_key(MSG_DEBUG, "EAP-TEAP: IMSK from MSK", imsk, 32);
  	} else {
  		os_memset(imsk, 0, 32);
diff --git a/src/eap_common/eap_teap_common.h b/src/eap_common/eap_teap_common.h
index 3a2587949..382044e7a 100644
--- a/src/eap_common/eap_teap_common.h
+++ b/src/eap_common/eap_teap_common.h
@@ -208,6 +208,7 @@ int eap_teap_derive_eap_emsk(u16 tls_cs, const u8 *simck, u8 *emsk);
  int eap_teap_derive_cmk_basic_pw_auth(u16 tls_cs, const u8 *s_imck_msk,
  				      u8 *cmk);
  int eap_teap_derive_imck(u16 tls_cs,
+			 const int phase2_vendor, const u32 phase2_method,
  			 const u8 *prev_s_imck_msk, const u8 *prev_s_imck_emsk,
  			 const u8 *msk, size_t msk_len,
  			 const u8 *emsk, size_t emsk_len,
diff --git a/src/eap_peer/eap_teap.c b/src/eap_peer/eap_teap.c
index bc7f6f4f5..42769eb64 100644
--- a/src/eap_peer/eap_teap.c
+++ b/src/eap_peer/eap_teap.c
@@ -767,6 +767,7 @@ static int eap_teap_get_cmk(struct eap_sm *sm, struct eap_teap_data *data,
  	}
  
  	res = eap_teap_derive_imck(data->tls_cs,
+				   data->phase2_method->vendor, data->phase2_method->method,
  				   data->simck_msk, data->simck_emsk,
  				   msk, msk_len, emsk, emsk_len,
  				   data->simck_msk, cmk_msk,
diff --git a/src/eap_server/eap_server_teap.c b/src/eap_server/eap_server_teap.c
index 691b44a8d..1ef4054f7 100644
--- a/src/eap_server/eap_server_teap.c
+++ b/src/eap_server/eap_server_teap.c
@@ -340,6 +340,7 @@ static int eap_teap_update_icmk(struct eap_sm *sm, struct eap_teap_data *data)
  	}
  
  	res = eap_teap_derive_imck(data->tls_cs,
+				   data->phase2_method->vendor, data->phase2_method->method,
  				   data->simck_msk, data->simck_emsk,
  				   msk, msk_len, emsk, emsk_len,
  				   data->simck_msk, data->cmk_msk,
-- 
2.35.1

More information about the Hostap mailing list