Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

eap-tls, ttls, peap: Update for l_tls API changes

This commit is contained in:
Andrew Zaborowski 2018-11-17 15:01:32 +01:00 committed by Denis Kenzior
parent 6bf79dbb8b
commit d7dc6606de
3 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/eap-peap.c
View File

@ -512,7 +512,7 @@ static void eap_peap_tunnel_ready(const char *peer_identity, void *user_data)
eap_start_complete_timeout(eap);
/* MSK, EMSK and challenge derivation */
l_tls_prf_get_bytes(peap->tunnel, L_CHECKSUM_SHA256, 32, true,
l_tls_prf_get_bytes(peap->tunnel, true,
"client EAP encryption", msk_emsk, 128);
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0);
@ -554,14 +554,13 @@ static bool eap_peap_tunnel_init(struct eap_state *eap)
l_tls_set_debug(peap->tunnel, eap_peap_debug_cb, NULL, NULL);
if (!l_tls_set_auth_data(peap->tunnel, peap->client_cert,
peap->client_key, NULL)) {
peap->client_key, NULL) ||
(peap->ca_cert &&
!l_tls_set_cacert(peap->tunnel, peap->ca_cert))) {
l_error("PEAP: Failed to set authentication data.");
return false;
}
if (peap->ca_cert)
l_tls_set_cacert(peap->tunnel, peap->ca_cert);
return true;
}

16
src/eap-tls.c
View File

@ -146,9 +146,9 @@ static void eap_tls_ready_cb(const char *peer_identity, void *user_data)
eap_start_complete_timeout(eap);
/* MSK, EMSK and IV derivation */
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, true,
l_tls_prf_get_bytes(tls->tls, true,
"client EAP encryption", msk_emsk, 128);
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, false,
l_tls_prf_get_bytes(tls->tls, false,
"client EAP encryption", iv, 64);
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64);
@ -317,11 +317,13 @@ static void eap_tls_handle_request(struct eap_state *eap,
if (getenv("IWD_TLS_DEBUG"))
l_tls_set_debug(tls->tls, eap_tls_debug_cb, NULL, NULL);
l_tls_set_auth_data(tls->tls, tls->client_cert, tls->client_key,
tls->passphrase);
if (tls->ca_cert)
l_tls_set_cacert(tls->tls, tls->ca_cert);
if (!l_tls_set_auth_data(tls->tls, tls->client_cert,
tls->client_key, tls->passphrase) ||
(tls->ca_cert &&
!l_tls_set_cacert(tls->tls, tls->ca_cert))) {
l_error("Error loading EAP-TLS keys or certificates");
goto err;
}
}
/*

16
src/eap-ttls.c
View File

@ -509,7 +509,7 @@ static void eap_ttls_phase2_chap_generate_challenge(struct l_tls *tunnel,
uint8_t *challenge,
size_t challenge_len)
{
l_tls_prf_get_bytes(tunnel, L_CHECKSUM_SHA256, 32, true,
l_tls_prf_get_bytes(tunnel, true,
"ttls challenge", challenge, challenge_len);
}
@ -792,7 +792,7 @@ static void eap_ttls_ready_cb(const char *peer_identity, void *user_data)
eap_method_success(eap);
/* MSK, EMSK and challenge derivation */
l_tls_prf_get_bytes(ttls->tls, L_CHECKSUM_SHA256, 32, true,
l_tls_prf_get_bytes(ttls->tls, true,
"ttls keying material", msk_emsk, 128);
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64,
@ -1012,11 +1012,13 @@ add_to_pkt_buf:
if (getenv("IWD_TLS_DEBUG"))
l_tls_set_debug(ttls->tls, eap_ttls_debug_cb, NULL, NULL);
l_tls_set_auth_data(ttls->tls, ttls->client_cert,
ttls->client_key, ttls->passphrase);
if (ttls->ca_cert)
l_tls_set_cacert(ttls->tls, ttls->ca_cert);
if (!l_tls_set_auth_data(ttls->tls, ttls->client_cert,
ttls->client_key, ttls->passphrase) ||
(ttls->ca_cert &&
!l_tls_set_cacert(ttls->tls, ttls->ca_cert))) {
l_error("Error loading EAP-TTLS keys or certificates");
goto err;
}
/*
* RFC5281 section 9.1: "For all packets other than a