aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/tls.h
diff options
context:
space:
mode:
Diffstat (limited to 'wpa_supplicant/tls.h')
-rw-r--r--wpa_supplicant/tls.h35
1 files changed, 25 insertions, 10 deletions
diff --git a/wpa_supplicant/tls.h b/wpa_supplicant/tls.h
index 08dc42e..b38b686 100644
--- a/wpa_supplicant/tls.h
+++ b/wpa_supplicant/tls.h
@@ -18,21 +18,12 @@
struct tls_connection;
struct tls_keys {
- const u8 *master_key;
+ const u8 *master_key; /* TLS master secret */
size_t master_key_len;
const u8 *client_random;
size_t client_random_len;
const u8 *server_random;
size_t server_random_len;
-
- /*
- * If TLS library does not provide access to master_key, but only to
- * EAP key block, this pointer can be set to point to the result of
- * PRF(master_secret, "client EAP encryption",
- * client_random + server_random).
- */
- const u8 *eap_tls_prf;
- size_t eap_tls_prf_len;
};
struct tls_config {
@@ -256,6 +247,30 @@ int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
struct tls_keys *keys);
/**
+ * tls_connection_prf - Use TLS-PRF to derive keying material
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @label: Label (e.g., description of the key) for PRF
+ * @server_random_first: seed is 0 = client_random|server_random,
+ * 1 = server_random|client_random
+ * @out: Buffer for output data from TLS-PRF
+ * @out_len: Length of the output buffer
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is optional to implement if tls_connection_get_keys() provides
+ * access to master secret and server/client random values. If these values are
+ * not exported from the TLS library, tls_connection_prf() is required so that
+ * further keying material can be derived from the master secret. If not
+ * implemented, the function will still need to be defined, but it can just
+ * return -1. Example implementation of this function is in tls_prf() function
+ * when it is called with seed set to client_random|server_random (or
+ * server_random|client_random).
+ */
+int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
+ const char *label, int server_random_first,
+ u8 *out, size_t out_len);
+
+/**
* tls_connection_handshake - Process TLS handshake (client side)
* @tls_ctx: TLS context data from tls_init()
* @conn: Connection context data from tls_connection_init()