aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorAndreas Steffen <andreas.steffen@strongswan.org>2010-08-06 17:33:46 +0200
committerAndreas Steffen <andreas.steffen@strongswan.org>2010-08-07 11:26:04 +0200
commita6444fcdd4013656de768c751922287a33853334 (patch)
tree80dcaddb11b837a2c6653bf735351585504b1698 /src
parentb4d30a425e2f0b855ba6ecf3b23c4b1bc1412eaf (diff)
downloadstrongswan-a6444fcdd4013656de768c751922287a33853334.tar.bz2
strongswan-a6444fcdd4013656de768c751922287a33853334.tar.xz
EAP-TLS and EAP-TTLS use different constant MSK PRF label
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/plugins/eap_tls/eap_tls.c3
-rw-r--r--src/libcharon/plugins/eap_ttls/eap_ttls.c3
-rw-r--r--src/libtls/tls.c4
-rw-r--r--src/libtls/tls.h3
-rw-r--r--src/libtls/tls_crypto.c12
-rw-r--r--src/libtls/tls_crypto.h4
6 files changed, 20 insertions, 9 deletions
diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c
index 453a4cc05..03e0d58fd 100644
--- a/src/libcharon/plugins/eap_tls/eap_tls.c
+++ b/src/libcharon/plugins/eap_tls/eap_tls.c
@@ -424,7 +424,8 @@ static eap_tls_t *eap_tls_create(identification_t *server,
},
.is_server = is_server,
);
- this->tls = tls_create(is_server, server, peer);
+ /* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */
+ this->tls = tls_create(is_server, server, peer, "client EAP encryption");
return &this->public;
}
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c
index 96b4cff90..fa812a194 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c
@@ -424,7 +424,8 @@ static eap_ttls_t *eap_ttls_create(identification_t *server,
},
.is_server = is_server,
);
- this->tls = tls_create(is_server, server, peer);
+ /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
+ this->tls = tls_create(is_server, server, peer, "ttls keying material");
return &this->public;
}
diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index 4384c0749..f8f7e848e 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -172,7 +172,7 @@ METHOD(tls_t, destroy, void,
* See header
*/
tls_t *tls_create(bool is_server, identification_t *server,
- identification_t *peer)
+ identification_t *peer, char *msk_label)
{
private_tls_t *this;
@@ -193,7 +193,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
.peer = peer->clone(peer),
);
- this->crypto = tls_crypto_create(&this->public);
+ this->crypto = tls_crypto_create(&this->public, msk_label);
if (is_server)
{
this->handshake = &tls_server_create(&this->public, this->crypto,
diff --git a/src/libtls/tls.h b/src/libtls/tls.h
index 67ee74230..923c87ae1 100644
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@@ -162,9 +162,10 @@ struct tls_t {
* @param is_server TRUE to act as server, FALSE for client
* @param server server identity
* @param peer peer identity
+ * @param msk_label ASCII string constant used as seed for MSK PRF
* @return TLS stack
*/
tls_t *tls_create(bool is_server, identification_t *server,
- identification_t *peer);
+ identification_t *peer, char *msk_label);
#endif /** TLS_H_ @}*/
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 0bbfd81fb..b8eb87bf6 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -316,9 +316,14 @@ struct private_tls_crypto_t {
chunk_t iv_out;
/**
- * EAP-TLS MSK
+ * EAP-[T]TLS MSK
*/
chunk_t msk;
+
+ /**
+ * ASCII string constant used as seed for EAP-[T]TLS MSK PRF
+ */
+ char *msk_label;
};
typedef struct {
@@ -855,7 +860,7 @@ METHOD(tls_crypto_t, derive_eap_msk, void,
seed = chunk_cata("cc", client_random, server_random);
free(this->msk.ptr);
this->msk = chunk_alloc(64);
- this->prf->get_bytes(this->prf, "client EAP encryption", seed,
+ this->prf->get_bytes(this->prf, this->msk_label, seed,
this->msk.len, this->msk.ptr);
}
@@ -884,7 +889,7 @@ METHOD(tls_crypto_t, destroy, void,
/**
* See header
*/
-tls_crypto_t *tls_crypto_create(tls_t *tls)
+tls_crypto_t *tls_crypto_create(tls_t *tls, char *msk_label)
{
private_tls_crypto_t *this;
@@ -904,6 +909,7 @@ tls_crypto_t *tls_crypto_create(tls_t *tls)
.destroy = _destroy,
},
.tls = tls,
+ .msk_label = msk_label
);
build_cipher_suite_list(this);
diff --git a/src/libtls/tls_crypto.h b/src/libtls/tls_crypto.h
index 5fe90d868..09f1a0e8a 100644
--- a/src/libtls/tls_crypto.h
+++ b/src/libtls/tls_crypto.h
@@ -359,7 +359,9 @@ struct tls_crypto_t {
/**
* Create a tls_crypto instance.
+ *
+ * @param msk_label ASCII string constant used as seed for MSK PRF
*/
-tls_crypto_t *tls_crypto_create(tls_t *tls);
+tls_crypto_t *tls_crypto_create(tls_t *tls, char *msk_label);
#endif /** TLS_CRYPTO_H_ @}*/
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-01 07:57:25 +0000