Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

build: Use new l_tls_prf_get_bytes and remove ell/tls-private.h usage

This commit is contained in:
Marcel Holtmann 2018-10-19 09:30:59 +02:00
parent 467d3958b4
commit 8f8a214fbd
4 changed files with 14 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/eap-peap.c
View File

@ -29,8 +29,6 @@
#include <errno.h>
#include <ell/ell.h>
#include "ell/tls-private.h"
#include "eap.h"
#include "eap-private.h"
@ -495,7 +493,6 @@ static void eap_peap_tunnel_ready(const char *peer_identity, void *user_data)
struct eap_peap_state *peap = eap_get_data(eap);
uint8_t msk_emsk[128];
uint8_t random[64];
/*
* PEAPv1: draft-josefsson-pppext-eap-tls-eap-05, Section 2.1.1
@ -515,14 +512,8 @@ static void eap_peap_tunnel_ready(const char *peer_identity, void *user_data)
eap_start_complete_timeout(eap);
/* MSK, EMSK and challenge derivation */
memcpy(random + 0, peap->tunnel->pending.client_random, 32);
memcpy(random + 32, peap->tunnel->pending.server_random, 32);
l_tls_prf_get_bytes(peap->tunnel, L_CHECKSUM_SHA256, 32,
peap->tunnel->pending.master_secret,
sizeof(peap->tunnel->pending.master_secret),
"client EAP encryption", random, 64,
msk_emsk, 128);
l_tls_prf_get_bytes(peap->tunnel, L_CHECKSUM_SHA256, 32, true,
"client EAP encryption", msk_emsk, 128);
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0);

20
src/eap-tls.c
View File

@ -29,8 +29,6 @@
#include <errno.h>
#include <ell/ell.h>
#include "ell/tls-private.h"
#include "eap.h"
#include "eap-private.h"
@ -137,7 +135,6 @@ static void eap_tls_ready_cb(const char *peer_identity, void *user_data)
struct eap_tls_state *tls = eap_get_data(eap);
uint8_t msk_emsk[128];
uint8_t iv[64];
uint8_t seed[64];
/* TODO: if we have a CA certificate require non-NULL peer_identity */
@ -147,19 +144,10 @@ static void eap_tls_ready_cb(const char *peer_identity, void *user_data)
eap_start_complete_timeout(eap);
/* MSK, EMSK and IV derivation */
memcpy(seed + 0, tls->tls->pending.client_random, 32);
memcpy(seed + 32, tls->tls->pending.server_random, 32);
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32,
tls->tls->pending.master_secret,
sizeof(tls->tls->pending.master_secret),
"client EAP encryption", seed, 64,
msk_emsk, 128);
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, NULL, 0,
"client EAP encryption", seed, 64,
iv, 64);
memset(seed, 0, 64);
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, true,
"client EAP encryption", msk_emsk, 128);
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, false,
"client EAP encryption", iv, 64);
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64);
}

29
src/eap-ttls.c
View File

@ -29,8 +29,6 @@
#include <errno.h>
#include <ell/ell.h>
#include "ell/tls-private.h"
#include "util.h"
#include "eap.h"
#include "eap-private.h"
@ -455,18 +453,8 @@ static void eap_ttls_phase2_chap_generate_challenge(struct l_tls *tunnel,
uint8_t *challenge,
size_t challenge_len)
{
uint8_t seed[64];
memcpy(seed + 0, tunnel->pending.client_random, 32);
memcpy(seed + 32, tunnel->pending.server_random, 32);
l_tls_prf_get_bytes(tunnel, L_CHECKSUM_SHA256, 32,
tunnel->pending.master_secret,
sizeof(tunnel->pending.master_secret),
"ttls challenge", seed, 64,
challenge, challenge_len);
memset(seed, 0, 64);
l_tls_prf_get_bytes(tunnel, L_CHECKSUM_SHA256, 32, true,
"ttls challenge", challenge, challenge_len);
}
static bool eap_ttls_phase2_chap_init(struct eap_state *eap)
@ -696,7 +684,6 @@ static void eap_ttls_ready_cb(const char *peer_identity, void *user_data)
struct eap_state *eap = user_data;
struct eap_ttls_state *ttls = eap_get_data(eap);
uint8_t msk_emsk[128];
uint8_t seed[64];
/* TODO: if we have a CA certificate require non-NULL peer_identity */
@ -710,16 +697,8 @@ static void eap_ttls_ready_cb(const char *peer_identity, void *user_data)
eap_method_success(eap);
/* MSK, EMSK and challenge derivation */
memcpy(seed + 0, ttls->tls->pending.client_random, 32);
memcpy(seed + 32, ttls->tls->pending.server_random, 32);
l_tls_prf_get_bytes(ttls->tls, L_CHECKSUM_SHA256, 32,
ttls->tls->pending.master_secret,
sizeof(ttls->tls->pending.master_secret),
"ttls keying material", seed, 64,
msk_emsk, 128);
memset(seed, 0, 64);
l_tls_prf_get_bytes(ttls->tls, L_CHECKSUM_SHA256, 32, true,
"ttls keying material", msk_emsk, 128);
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64,
NULL, 0);

23
unit/test-eapol.c
View File

@ -30,8 +30,6 @@
#include <linux/if_ether.h>
#include <ell/ell.h>
#include "ell/tls-private.h"
#include "src/util.h"
#include "src/eapol.h"
#include "src/crypto.h"
@ -2840,20 +2838,14 @@ static void eapol_sm_test_tls_test_ready(const char *peer_identity,
void *user_data)
{
struct eapol_8021x_tls_test_state *s = user_data;
uint8_t seed[64];
assert(!s->tx_ack);
/* TODO: require the right peer_identity */
s->success = true;
memcpy(seed + 0, s->tls->pending.client_random, 32);
memcpy(seed + 32, s->tls->pending.server_random, 32);
l_tls_prf_get_bytes(s->tls, L_CHECKSUM_SHA256, 32,
s->tls->pending.master_secret,
sizeof(s->tls->pending.master_secret),
"client EAP encryption", seed, 64, s->pmk, 32);
l_tls_prf_get_bytes(s->tls, L_CHECKSUM_SHA256, 32, true,
"client EAP encryption", s->pmk, 32);
}
static void eapol_sm_test_tls_test_disconnected(enum l_tls_alert_desc reason,
@ -3164,19 +3156,12 @@ static void eapol_sm_test_eap_ttls_test_ready(const char *peer_identity,
void *user_data)
{
struct eapol_8021x_eap_ttls_test_state *s = user_data;
uint8_t seed[64];
assert(!s->tls.tx_ack);
/* TODO: require the right peer_identity */
memcpy(seed + 0, s->tls.tls->pending.client_random, 32);
memcpy(seed + 32, s->tls.tls->pending.server_random, 32);
l_tls_prf_get_bytes(s->tls.tls, L_CHECKSUM_SHA256, 32,
s->tls.tls->pending.master_secret,
sizeof(s->tls.tls->pending.master_secret),
"ttls keying material", seed, 64,
s->tls.pmk, 32);
l_tls_prf_get_bytes(s->tls.tls, L_CHECKSUM_SHA256, 32, true,
"ttls keying material", s->tls.pmk, 32);
s->challenge_sent = false;
}