diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-08-06 17:33:46 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-08-07 11:26:04 +0200 |
| commit | a6444fcdd4013656de768c751922287a33853334 (patch) | |
| tree | 80dcaddb11b837a2c6653bf735351585504b1698 /src/libtls | |
| parent | b4d30a425e2f0b855ba6ecf3b23c4b1bc1412eaf (diff) | |
| download | strongswan-a6444fcdd4013656de768c751922287a33853334.tar.bz2 strongswan-a6444fcdd4013656de768c751922287a33853334.tar.xz | |
EAP-TLS and EAP-TTLS use different constant MSK PRF label
Diffstat (limited to 'src/libtls')
| -rw-r--r-- | src/libtls/tls.c | 4 | ||||
| -rw-r--r-- | src/libtls/tls.h | 3 | ||||
| -rw-r--r-- | src/libtls/tls_crypto.c | 12 | ||||
| -rw-r--r-- | src/libtls/tls_crypto.h | 4 |
4 files changed, 16 insertions, 7 deletions
diff --git a/src/libtls/tls.c b/src/libtls/tls.c index 4384c0749..f8f7e848e 100644 --- a/src/libtls/tls.c +++ b/src/libtls/tls.c @@ -172,7 +172,7 @@ METHOD(tls_t, destroy, void, * See header */ tls_t *tls_create(bool is_server, identification_t *server, - identification_t *peer) + identification_t *peer, char *msk_label) { private_tls_t *this; @@ -193,7 +193,7 @@ tls_t *tls_create(bool is_server, identification_t *server, .peer = peer->clone(peer), ); - this->crypto = tls_crypto_create(&this->public); + this->crypto = tls_crypto_create(&this->public, msk_label); if (is_server) { this->handshake = &tls_server_create(&this->public, this->crypto, diff --git a/src/libtls/tls.h b/src/libtls/tls.h index 67ee74230..923c87ae1 100644 --- a/src/libtls/tls.h +++ b/src/libtls/tls.h @@ -162,9 +162,10 @@ struct tls_t { * @param is_server TRUE to act as server, FALSE for client * @param server server identity * @param peer peer identity + * @param msk_label ASCII string constant used as seed for MSK PRF * @return TLS stack */ tls_t *tls_create(bool is_server, identification_t *server, - identification_t *peer); + identification_t *peer, char *msk_label); #endif /** TLS_H_ @}*/ diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 0bbfd81fb..b8eb87bf6 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -316,9 +316,14 @@ struct private_tls_crypto_t { chunk_t iv_out; /** - * EAP-TLS MSK + * EAP-[T]TLS MSK */ chunk_t msk; + + /** + * ASCII string constant used as seed for EAP-[T]TLS MSK PRF + */ + char *msk_label; }; typedef struct { @@ -855,7 +860,7 @@ METHOD(tls_crypto_t, derive_eap_msk, void, seed = chunk_cata("cc", client_random, server_random); free(this->msk.ptr); this->msk = chunk_alloc(64); - this->prf->get_bytes(this->prf, "client EAP encryption", seed, + this->prf->get_bytes(this->prf, this->msk_label, seed, this->msk.len, this->msk.ptr); } @@ -884,7 +889,7 @@ METHOD(tls_crypto_t, destroy, void, /** * See header */ -tls_crypto_t *tls_crypto_create(tls_t *tls) +tls_crypto_t *tls_crypto_create(tls_t *tls, char *msk_label) { private_tls_crypto_t *this; @@ -904,6 +909,7 @@ tls_crypto_t *tls_crypto_create(tls_t *tls) .destroy = _destroy, }, .tls = tls, + .msk_label = msk_label ); build_cipher_suite_list(this); diff --git a/src/libtls/tls_crypto.h b/src/libtls/tls_crypto.h index 5fe90d868..09f1a0e8a 100644 --- a/src/libtls/tls_crypto.h +++ b/src/libtls/tls_crypto.h @@ -359,7 +359,9 @@ struct tls_crypto_t { /** * Create a tls_crypto instance. + * + * @param msk_label ASCII string constant used as seed for MSK PRF */ -tls_crypto_t *tls_crypto_create(tls_t *tls); +tls_crypto_t *tls_crypto_create(tls_t *tls, char *msk_label); #endif /** TLS_CRYPTO_H_ @}*/ |