aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2011-11-27 19:27:01 (GMT)
committerJouni Malinen <j@w1.fi>2011-11-27 19:27:01 (GMT)
commitcd52acec8587f6530a4434ea78159ce5b4b34bb2 (patch)
tree7d930921a74dedcf07ea1b006617f6a2ae3db083
parentebe4e8f814456bc74534d7c99e1dd6b184b79858 (diff)
downloadhostap-cd52acec8587f6530a4434ea78159ce5b4b34bb2.zip
hostap-cd52acec8587f6530a4434ea78159ce5b4b34bb2.tar.gz
hostap-cd52acec8587f6530a4434ea78159ce5b4b34bb2.tar.bz2
Rename tls_prf() to tls_prf_sha1_md5()
Prepare for multiple TLS PRF functions by renaming the SHA1+MD5 based TLS PRF function to more specific name and add tls_prf() within the internal TLS implementation as a wrapper for this for now. Signed-hostap: Jouni Malinen <j@w1.fi>
-rw-r--r--src/crypto/sha1-tlsprf.c6
-rw-r--r--src/crypto/sha1.h6
-rw-r--r--src/crypto/tls.h2
-rw-r--r--src/eap_common/eap_fast_common.c6
-rw-r--r--src/eap_peer/eap_tls_common.c6
-rw-r--r--src/eap_server/eap_server_tls_common.c6
-rw-r--r--src/tls/tlsv1_common.c9
-rw-r--r--src/tls/tlsv1_common.h2
-rw-r--r--tests/test-sha1.c5
9 files changed, 30 insertions, 18 deletions
diff --git a/src/crypto/sha1-tlsprf.c b/src/crypto/sha1-tlsprf.c
index 04f614c..f98fd65 100644
--- a/src/crypto/sha1-tlsprf.c
+++ b/src/crypto/sha1-tlsprf.c
@@ -20,7 +20,7 @@
/**
- * tls_prf - Pseudo-Random Function for TLS (TLS-PRF, RFC 2246)
+ * tls_prf_sha1_md5 - Pseudo-Random Function for TLS (TLS-PRF, RFC 2246)
* @secret: Key for PRF
* @secret_len: Length of the key in bytes
* @label: A unique label for each purpose of the PRF
@@ -33,8 +33,8 @@
* This function is used to derive new, cryptographically separate keys from a
* given key in TLS. This PRF is defined in RFC 2246, Chapter 5.
*/
-int tls_prf(const u8 *secret, size_t secret_len, const char *label,
- const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
+int tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label,
+ const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
{
size_t L_S1, L_S2, i;
const u8 *S1, *S2;
diff --git a/src/crypto/sha1.h b/src/crypto/sha1.h
index c1a6233..f0c1a5f 100644
--- a/src/crypto/sha1.h
+++ b/src/crypto/sha1.h
@@ -25,9 +25,9 @@ int sha1_prf(const u8 *key, size_t key_len, const char *label,
const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
int sha1_t_prf(const u8 *key, size_t key_len, const char *label,
const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len);
-int __must_check tls_prf(const u8 *secret, size_t secret_len,
- const char *label, const u8 *seed, size_t seed_len,
- u8 *out, size_t outlen);
+int __must_check tls_prf_sha1_md5(const u8 *secret, size_t secret_len,
+ const char *label, const u8 *seed,
+ size_t seed_len, u8 *out, size_t outlen);
int pbkdf2_sha1(const char *passphrase, const char *ssid, size_t ssid_len,
int iterations, u8 *buf, size_t buflen);
#endif /* SHA1_H */
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index 0761266..d9d88cb 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -305,7 +305,7 @@ int __must_check tls_connection_get_keys(void *tls_ctx,
* not exported from the TLS library, tls_connection_prf() is required so that
* further keying material can be derived from the master secret. If not
* implemented, the function will still need to be defined, but it can just
- * return -1. Example implementation of this function is in tls_prf() function
+ * return -1. Example implementation of this function is in tls_prf_sha1_md5()
* when it is called with seed set to client_random|server_random (or
* server_random|client_random).
*/
diff --git a/src/eap_common/eap_fast_common.c b/src/eap_common/eap_fast_common.c
index 4de34a8..d3406f3 100644
--- a/src/eap_common/eap_fast_common.c
+++ b/src/eap_common/eap_fast_common.c
@@ -133,9 +133,9 @@ u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: master_secret for key "
"expansion", keys.master_key, keys.master_key_len);
- if (tls_prf(keys.master_key, keys.master_key_len,
- label, rnd, keys.client_random_len +
- keys.server_random_len, out, block_size + len))
+ if (tls_prf_sha1_md5(keys.master_key, keys.master_key_len,
+ label, rnd, keys.client_random_len +
+ keys.server_random_len, out, block_size + len))
goto fail;
os_free(rnd);
os_memmove(out, out + block_size, len);
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 93df756..2934ba4 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -294,9 +294,9 @@ u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
os_memcpy(rnd + keys.client_random_len, keys.server_random,
keys.server_random_len);
- if (tls_prf(keys.master_key, keys.master_key_len,
- label, rnd, keys.client_random_len +
- keys.server_random_len, out, len))
+ if (tls_prf_sha1_md5(keys.master_key, keys.master_key_len,
+ label, rnd, keys.client_random_len +
+ keys.server_random_len, out, len))
goto fail;
os_free(rnd);
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index e149ee3..0bb9d14 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -94,9 +94,9 @@ u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
os_memcpy(rnd + keys.client_random_len, keys.server_random,
keys.server_random_len);
- if (tls_prf(keys.master_key, keys.master_key_len,
- label, rnd, keys.client_random_len +
- keys.server_random_len, out, len))
+ if (tls_prf_sha1_md5(keys.master_key, keys.master_key_len,
+ label, rnd, keys.client_random_len +
+ keys.server_random_len, out, len))
goto fail;
os_free(rnd);
diff --git a/src/tls/tlsv1_common.c b/src/tls/tlsv1_common.c
index 67b56df..326ff70 100644
--- a/src/tls/tlsv1_common.c
+++ b/src/tls/tlsv1_common.c
@@ -15,6 +15,7 @@
#include "includes.h"
#include "common.h"
+#include "crypto/sha1.h"
#include "x509v3.h"
#include "tlsv1_common.h"
@@ -265,3 +266,11 @@ const char * tls_version_str(u16 ver)
return "?";
}
+
+
+int tls_prf(const u8 *secret, size_t secret_len, const char *label,
+ const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
+{
+ return tls_prf_sha1_md5(secret, secret_len, label, seed, seed_len, out,
+ outlen);
+}
diff --git a/src/tls/tlsv1_common.h b/src/tls/tlsv1_common.h
index 0c4f7df..d13dacd 100644
--- a/src/tls/tlsv1_common.h
+++ b/src/tls/tlsv1_common.h
@@ -220,5 +220,7 @@ void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
void tls_verify_hash_free(struct tls_verify_hash *verify);
int tls_version_ok(u16 ver);
const char * tls_version_str(u16 ver);
+int tls_prf(const u8 *secret, size_t secret_len, const char *label,
+ const u8 *seed, size_t seed_len, u8 *out, size_t outlen);
#endif /* TLSV1_COMMON_H */
diff --git a/tests/test-sha1.c b/tests/test-sha1.c
index 6c48f2b..1b390f1 100644
--- a/tests/test-sha1.c
+++ b/tests/test-sha1.c
@@ -137,8 +137,9 @@ static int test_eap_fast(void)
}
printf("- PRF (TLS, SHA1/MD5) test case / key_block\n");
- if (tls_prf(master_secret, sizeof(master_secret), "key expansion",
- seed, sizeof(seed), buf, sizeof(key_block)) ||
+ if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
+ "key expansion", seed, sizeof(seed),
+ buf, sizeof(key_block)) ||
memcmp(key_block, buf, sizeof(key_block)) != 0) {
printf("PRF test - FAILED!\n");
errors++;