mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-24 06:52:37 +01:00
build: Use new l_tls_prf_get_bytes and remove ell/tls-private.h usage
This commit is contained in:
parent
467d3958b4
commit
8f8a214fbd
@ -29,8 +29,6 @@
|
||||
#include <errno.h>
|
||||
#include <ell/ell.h>
|
||||
|
||||
#include "ell/tls-private.h"
|
||||
|
||||
#include "eap.h"
|
||||
#include "eap-private.h"
|
||||
|
||||
@ -495,7 +493,6 @@ static void eap_peap_tunnel_ready(const char *peer_identity, void *user_data)
|
||||
struct eap_peap_state *peap = eap_get_data(eap);
|
||||
|
||||
uint8_t msk_emsk[128];
|
||||
uint8_t random[64];
|
||||
|
||||
/*
|
||||
* PEAPv1: draft-josefsson-pppext-eap-tls-eap-05, Section 2.1.1
|
||||
@ -515,14 +512,8 @@ static void eap_peap_tunnel_ready(const char *peer_identity, void *user_data)
|
||||
eap_start_complete_timeout(eap);
|
||||
|
||||
/* MSK, EMSK and challenge derivation */
|
||||
memcpy(random + 0, peap->tunnel->pending.client_random, 32);
|
||||
memcpy(random + 32, peap->tunnel->pending.server_random, 32);
|
||||
|
||||
l_tls_prf_get_bytes(peap->tunnel, L_CHECKSUM_SHA256, 32,
|
||||
peap->tunnel->pending.master_secret,
|
||||
sizeof(peap->tunnel->pending.master_secret),
|
||||
"client EAP encryption", random, 64,
|
||||
msk_emsk, 128);
|
||||
l_tls_prf_get_bytes(peap->tunnel, L_CHECKSUM_SHA256, 32, true,
|
||||
"client EAP encryption", msk_emsk, 128);
|
||||
|
||||
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0);
|
||||
|
||||
|
@ -29,8 +29,6 @@
|
||||
#include <errno.h>
|
||||
#include <ell/ell.h>
|
||||
|
||||
#include "ell/tls-private.h"
|
||||
|
||||
#include "eap.h"
|
||||
#include "eap-private.h"
|
||||
|
||||
@ -137,7 +135,6 @@ static void eap_tls_ready_cb(const char *peer_identity, void *user_data)
|
||||
struct eap_tls_state *tls = eap_get_data(eap);
|
||||
uint8_t msk_emsk[128];
|
||||
uint8_t iv[64];
|
||||
uint8_t seed[64];
|
||||
|
||||
/* TODO: if we have a CA certificate require non-NULL peer_identity */
|
||||
|
||||
@ -147,19 +144,10 @@ static void eap_tls_ready_cb(const char *peer_identity, void *user_data)
|
||||
eap_start_complete_timeout(eap);
|
||||
|
||||
/* MSK, EMSK and IV derivation */
|
||||
memcpy(seed + 0, tls->tls->pending.client_random, 32);
|
||||
memcpy(seed + 32, tls->tls->pending.server_random, 32);
|
||||
|
||||
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32,
|
||||
tls->tls->pending.master_secret,
|
||||
sizeof(tls->tls->pending.master_secret),
|
||||
"client EAP encryption", seed, 64,
|
||||
msk_emsk, 128);
|
||||
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, NULL, 0,
|
||||
"client EAP encryption", seed, 64,
|
||||
iv, 64);
|
||||
|
||||
memset(seed, 0, 64);
|
||||
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, true,
|
||||
"client EAP encryption", msk_emsk, 128);
|
||||
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, false,
|
||||
"client EAP encryption", iv, 64);
|
||||
|
||||
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64);
|
||||
}
|
||||
|
@ -29,8 +29,6 @@
|
||||
#include <errno.h>
|
||||
#include <ell/ell.h>
|
||||
|
||||
#include "ell/tls-private.h"
|
||||
|
||||
#include "util.h"
|
||||
#include "eap.h"
|
||||
#include "eap-private.h"
|
||||
@ -455,18 +453,8 @@ static void eap_ttls_phase2_chap_generate_challenge(struct l_tls *tunnel,
|
||||
uint8_t *challenge,
|
||||
size_t challenge_len)
|
||||
{
|
||||
uint8_t seed[64];
|
||||
|
||||
memcpy(seed + 0, tunnel->pending.client_random, 32);
|
||||
memcpy(seed + 32, tunnel->pending.server_random, 32);
|
||||
|
||||
l_tls_prf_get_bytes(tunnel, L_CHECKSUM_SHA256, 32,
|
||||
tunnel->pending.master_secret,
|
||||
sizeof(tunnel->pending.master_secret),
|
||||
"ttls challenge", seed, 64,
|
||||
challenge, challenge_len);
|
||||
|
||||
memset(seed, 0, 64);
|
||||
l_tls_prf_get_bytes(tunnel, L_CHECKSUM_SHA256, 32, true,
|
||||
"ttls challenge", challenge, challenge_len);
|
||||
}
|
||||
|
||||
static bool eap_ttls_phase2_chap_init(struct eap_state *eap)
|
||||
@ -696,7 +684,6 @@ static void eap_ttls_ready_cb(const char *peer_identity, void *user_data)
|
||||
struct eap_state *eap = user_data;
|
||||
struct eap_ttls_state *ttls = eap_get_data(eap);
|
||||
uint8_t msk_emsk[128];
|
||||
uint8_t seed[64];
|
||||
|
||||
/* TODO: if we have a CA certificate require non-NULL peer_identity */
|
||||
|
||||
@ -710,16 +697,8 @@ static void eap_ttls_ready_cb(const char *peer_identity, void *user_data)
|
||||
eap_method_success(eap);
|
||||
|
||||
/* MSK, EMSK and challenge derivation */
|
||||
memcpy(seed + 0, ttls->tls->pending.client_random, 32);
|
||||
memcpy(seed + 32, ttls->tls->pending.server_random, 32);
|
||||
|
||||
l_tls_prf_get_bytes(ttls->tls, L_CHECKSUM_SHA256, 32,
|
||||
ttls->tls->pending.master_secret,
|
||||
sizeof(ttls->tls->pending.master_secret),
|
||||
"ttls keying material", seed, 64,
|
||||
msk_emsk, 128);
|
||||
|
||||
memset(seed, 0, 64);
|
||||
l_tls_prf_get_bytes(ttls->tls, L_CHECKSUM_SHA256, 32, true,
|
||||
"ttls keying material", msk_emsk, 128);
|
||||
|
||||
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64,
|
||||
NULL, 0);
|
||||
|
@ -30,8 +30,6 @@
|
||||
#include <linux/if_ether.h>
|
||||
#include <ell/ell.h>
|
||||
|
||||
#include "ell/tls-private.h"
|
||||
|
||||
#include "src/util.h"
|
||||
#include "src/eapol.h"
|
||||
#include "src/crypto.h"
|
||||
@ -2840,20 +2838,14 @@ static void eapol_sm_test_tls_test_ready(const char *peer_identity,
|
||||
void *user_data)
|
||||
{
|
||||
struct eapol_8021x_tls_test_state *s = user_data;
|
||||
uint8_t seed[64];
|
||||
|
||||
assert(!s->tx_ack);
|
||||
/* TODO: require the right peer_identity */
|
||||
|
||||
s->success = true;
|
||||
|
||||
memcpy(seed + 0, s->tls->pending.client_random, 32);
|
||||
memcpy(seed + 32, s->tls->pending.server_random, 32);
|
||||
|
||||
l_tls_prf_get_bytes(s->tls, L_CHECKSUM_SHA256, 32,
|
||||
s->tls->pending.master_secret,
|
||||
sizeof(s->tls->pending.master_secret),
|
||||
"client EAP encryption", seed, 64, s->pmk, 32);
|
||||
l_tls_prf_get_bytes(s->tls, L_CHECKSUM_SHA256, 32, true,
|
||||
"client EAP encryption", s->pmk, 32);
|
||||
}
|
||||
|
||||
static void eapol_sm_test_tls_test_disconnected(enum l_tls_alert_desc reason,
|
||||
@ -3164,19 +3156,12 @@ static void eapol_sm_test_eap_ttls_test_ready(const char *peer_identity,
|
||||
void *user_data)
|
||||
{
|
||||
struct eapol_8021x_eap_ttls_test_state *s = user_data;
|
||||
uint8_t seed[64];
|
||||
|
||||
assert(!s->tls.tx_ack);
|
||||
/* TODO: require the right peer_identity */
|
||||
|
||||
memcpy(seed + 0, s->tls.tls->pending.client_random, 32);
|
||||
memcpy(seed + 32, s->tls.tls->pending.server_random, 32);
|
||||
|
||||
l_tls_prf_get_bytes(s->tls.tls, L_CHECKSUM_SHA256, 32,
|
||||
s->tls.tls->pending.master_secret,
|
||||
sizeof(s->tls.tls->pending.master_secret),
|
||||
"ttls keying material", seed, 64,
|
||||
s->tls.pmk, 32);
|
||||
l_tls_prf_get_bytes(s->tls.tls, L_CHECKSUM_SHA256, 32, true,
|
||||
"ttls keying material", s->tls.pmk, 32);
|
||||
|
||||
s->challenge_sent = false;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user