eap-tls, ttls, peap: Update for l_tls API changes
This commit is contained in:
Andrew Zaborowski
Denis Kenzior
parent
6bf79dbb8b
commit
d7dc6606de
|
|
@ -512,7 +512,7 @@ static void eap_peap_tunnel_ready(const char *peer_identity, void *user_data)
|
||||||
eap_start_complete_timeout(eap);
|
eap_start_complete_timeout(eap);
|
||||||
|
|
||||||
/* MSK, EMSK and challenge derivation */
|
/* MSK, EMSK and challenge derivation */
|
||||||
l_tls_prf_get_bytes(peap->tunnel, L_CHECKSUM_SHA256, 32, true,
|
l_tls_prf_get_bytes(peap->tunnel, true,
|
||||||
"client EAP encryption", msk_emsk, 128);
|
"client EAP encryption", msk_emsk, 128);
|
||||||
|
|
||||||
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0);
|
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0);
|
||||||
|
|
@ -554,14 +554,13 @@ static bool eap_peap_tunnel_init(struct eap_state *eap)
|
||||||
l_tls_set_debug(peap->tunnel, eap_peap_debug_cb, NULL, NULL);
|
l_tls_set_debug(peap->tunnel, eap_peap_debug_cb, NULL, NULL);
|
||||||
|
|
||||||
if (!l_tls_set_auth_data(peap->tunnel, peap->client_cert,
|
if (!l_tls_set_auth_data(peap->tunnel, peap->client_cert,
|
||||||
peap->client_key, NULL)) {
|
peap->client_key, NULL) ||
|
||||||
|
(peap->ca_cert &&
|
||||||
|
!l_tls_set_cacert(peap->tunnel, peap->ca_cert))) {
|
||||||
l_error("PEAP: Failed to set authentication data.");
|
l_error("PEAP: Failed to set authentication data.");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (peap->ca_cert)
|
|
||||||
l_tls_set_cacert(peap->tunnel, peap->ca_cert);
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -146,9 +146,9 @@ static void eap_tls_ready_cb(const char *peer_identity, void *user_data)
|
||||||
eap_start_complete_timeout(eap);
|
eap_start_complete_timeout(eap);
|
||||||
|
|
||||||
/* MSK, EMSK and IV derivation */
|
/* MSK, EMSK and IV derivation */
|
||||||
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, true,
|
l_tls_prf_get_bytes(tls->tls, true,
|
||||||
"client EAP encryption", msk_emsk, 128);
|
"client EAP encryption", msk_emsk, 128);
|
||||||
l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, false,
|
l_tls_prf_get_bytes(tls->tls, false,
|
||||||
"client EAP encryption", iv, 64);
|
"client EAP encryption", iv, 64);
|
||||||
|
|
||||||
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64);
|
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64);
|
||||||
|
|
@ -317,11 +317,13 @@ static void eap_tls_handle_request(struct eap_state *eap,
|
||||||
if (getenv("IWD_TLS_DEBUG"))
|
if (getenv("IWD_TLS_DEBUG"))
|
||||||
l_tls_set_debug(tls->tls, eap_tls_debug_cb, NULL, NULL);
|
l_tls_set_debug(tls->tls, eap_tls_debug_cb, NULL, NULL);
|
||||||
|
|
||||||
l_tls_set_auth_data(tls->tls, tls->client_cert, tls->client_key,
|
if (!l_tls_set_auth_data(tls->tls, tls->client_cert,
|
||||||
tls->passphrase);
|
tls->client_key, tls->passphrase) ||
|
||||||
|
(tls->ca_cert &&
|
||||||
if (tls->ca_cert)
|
!l_tls_set_cacert(tls->tls, tls->ca_cert))) {
|
||||||
l_tls_set_cacert(tls->tls, tls->ca_cert);
|
l_error("Error loading EAP-TLS keys or certificates");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
|
|
@ -509,7 +509,7 @@ static void eap_ttls_phase2_chap_generate_challenge(struct l_tls *tunnel,
|
||||||
uint8_t *challenge,
|
uint8_t *challenge,
|
||||||
size_t challenge_len)
|
size_t challenge_len)
|
||||||
{
|
{
|
||||||
l_tls_prf_get_bytes(tunnel, L_CHECKSUM_SHA256, 32, true,
|
l_tls_prf_get_bytes(tunnel, true,
|
||||||
"ttls challenge", challenge, challenge_len);
|
"ttls challenge", challenge, challenge_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -792,7 +792,7 @@ static void eap_ttls_ready_cb(const char *peer_identity, void *user_data)
|
||||||
eap_method_success(eap);
|
eap_method_success(eap);
|
||||||
|
|
||||||
/* MSK, EMSK and challenge derivation */
|
/* MSK, EMSK and challenge derivation */
|
||||||
l_tls_prf_get_bytes(ttls->tls, L_CHECKSUM_SHA256, 32, true,
|
l_tls_prf_get_bytes(ttls->tls, true,
|
||||||
"ttls keying material", msk_emsk, 128);
|
"ttls keying material", msk_emsk, 128);
|
||||||
|
|
||||||
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64,
|
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64,
|
||||||
|
|
@ -1012,11 +1012,13 @@ add_to_pkt_buf:
|
||||||
if (getenv("IWD_TLS_DEBUG"))
|
if (getenv("IWD_TLS_DEBUG"))
|
||||||
l_tls_set_debug(ttls->tls, eap_ttls_debug_cb, NULL, NULL);
|
l_tls_set_debug(ttls->tls, eap_ttls_debug_cb, NULL, NULL);
|
||||||
|
|
||||||
l_tls_set_auth_data(ttls->tls, ttls->client_cert,
|
if (!l_tls_set_auth_data(ttls->tls, ttls->client_cert,
|
||||||
ttls->client_key, ttls->passphrase);
|
ttls->client_key, ttls->passphrase) ||
|
||||||
|
(ttls->ca_cert &&
|
||||||
if (ttls->ca_cert)
|
!l_tls_set_cacert(ttls->tls, ttls->ca_cert))) {
|
||||||
l_tls_set_cacert(ttls->tls, ttls->ca_cert);
|
l_error("Error loading EAP-TTLS keys or certificates");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* RFC5281 section 9.1: "For all packets other than a
|
* RFC5281 section 9.1: "For all packets other than a
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue