hostapd/src/eap_server
David Benjamin 7358170787 TLS: Split tls_connection_prf() into two functions
Most protocols extracting keys from TLS use RFC 5705 exporters which is
commonly implemented in TLS libraries. This is the mechanism used by
EAP-TLS. (EAP-TLS actually predates RFC 5705, but RFC 5705 was defined
to be compatible with it.)

EAP-FAST, however, uses a legacy mechanism. It reuses the TLS internal
key block derivation and derives key material after the key block. This
is uncommon and a misuse of TLS internals, so not all TLS libraries
support this. Instead, we reimplement the PRF for the OpenSSL backend
and don't support it at all in the GnuTLS one.

Since these two are very different operations, split
tls_connection_prf() in two. tls_connection_export_key() implements the
standard RFC 5705 mechanism that we expect most TLS libraries to
support. tls_connection_get_eap_fast_key() implements the
EAP-FAST-specific legacy mechanism which may not be implemented on all
backends but is only used by EAP-FAST.

Signed-Off-By: David Benjamin <davidben@google.com>
2016-05-23 20:40:12 +03:00
..
eap.h EAP server: Add tls_session_lifetime configuration 2015-08-24 02:29:30 +03:00
eap_i.h EAP server: Add tls_session_lifetime configuration 2015-08-24 02:29:30 +03:00
eap_methods.h EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server.c EAP server: Add tls_session_lifetime configuration 2015-08-24 02:29:30 +03:00
eap_server_aka.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_eke.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_fast.c TLS: Split tls_connection_prf() into two functions 2016-05-23 20:40:12 +03:00
eap_server_gpsk.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_gtc.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_identity.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_ikev2.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_md5.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_methods.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_mschapv2.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_pax.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_peap.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_psk.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_pwd.c EAP-pwd server: Use os_get_random() for unpredictable token 2016-02-19 18:44:40 +02:00
eap_server_sake.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_sim.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_tls.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_tls_common.c TLS: Split tls_connection_prf() into two functions 2016-05-23 20:40:12 +03:00
eap_server_tnc.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_ttls.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_vendor_test.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_server_wsc.c EAP server: Simplify EAP method registration call 2016-01-13 23:35:53 +02:00
eap_sim_db.c eap_sim_db: Implement eap_sim_db_expire_pending() 2015-10-31 16:28:16 +02:00
eap_sim_db.h eap_sim_db: Implement eap_sim_db_expire_pending() 2015-10-31 16:28:16 +02:00
eap_tls_common.h EAP server: Disable TLS session ticket with EAP-TLS/TTLS/PEAP 2015-08-24 02:29:30 +03:00
ikev2.c EAP-IKEv2 server: Avoid undefined behavior in pointer arithmetic 2015-10-24 21:43:54 +03:00
ikev2.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
Makefile tests: Add ap-mgmt-fuzzer 2015-04-22 11:44:19 +03:00
tncs.c TNC: Allow TNC to be enabled dynamically 2014-05-17 20:05:55 +03:00
tncs.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00