7358170787
Most protocols extracting keys from TLS use RFC 5705 exporters which is commonly implemented in TLS libraries. This is the mechanism used by EAP-TLS. (EAP-TLS actually predates RFC 5705, but RFC 5705 was defined to be compatible with it.) EAP-FAST, however, uses a legacy mechanism. It reuses the TLS internal key block derivation and derives key material after the key block. This is uncommon and a misuse of TLS internals, so not all TLS libraries support this. Instead, we reimplement the PRF for the OpenSSL backend and don't support it at all in the GnuTLS one. Since these two are very different operations, split tls_connection_prf() in two. tls_connection_export_key() implements the standard RFC 5705 mechanism that we expect most TLS libraries to support. tls_connection_get_eap_fast_key() implements the EAP-FAST-specific legacy mechanism which may not be implemented on all backends but is only used by EAP-FAST. Signed-Off-By: David Benjamin <davidben@google.com> |
||
---|---|---|
.. | ||
chap.c | ||
chap.h | ||
eap_common.c | ||
eap_common.h | ||
eap_defs.h | ||
eap_eke_common.c | ||
eap_eke_common.h | ||
eap_fast_common.c | ||
eap_fast_common.h | ||
eap_gpsk_common.c | ||
eap_gpsk_common.h | ||
eap_ikev2_common.c | ||
eap_ikev2_common.h | ||
eap_pax_common.c | ||
eap_pax_common.h | ||
eap_peap_common.c | ||
eap_peap_common.h | ||
eap_psk_common.c | ||
eap_psk_common.h | ||
eap_pwd_common.c | ||
eap_pwd_common.h | ||
eap_sake_common.c | ||
eap_sake_common.h | ||
eap_sim_common.c | ||
eap_sim_common.h | ||
eap_tlv_common.h | ||
eap_ttls.h | ||
eap_wsc_common.c | ||
eap_wsc_common.h | ||
ikev2_common.c | ||
ikev2_common.h | ||
Makefile |