},
.is_server = is_server,
);
- this->tls = tls_create(is_server, server, peer);
+ /* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */
+ this->tls = tls_create(is_server, server, peer, "client EAP encryption");
return &this->public;
}
},
.is_server = is_server,
);
- this->tls = tls_create(is_server, server, peer);
+ /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
+ this->tls = tls_create(is_server, server, peer, "ttls keying material");
return &this->public;
}
* See header
*/
tls_t *tls_create(bool is_server, identification_t *server,
- identification_t *peer)
+ identification_t *peer, char *msk_label)
{
private_tls_t *this;
.peer = peer->clone(peer),
);
- this->crypto = tls_crypto_create(&this->public);
+ this->crypto = tls_crypto_create(&this->public, msk_label);
if (is_server)
{
this->handshake = &tls_server_create(&this->public, this->crypto,
* @param is_server TRUE to act as server, FALSE for client
* @param server server identity
* @param peer peer identity
+ * @param msk_label ASCII string constant used as seed for MSK PRF
* @return TLS stack
*/
tls_t *tls_create(bool is_server, identification_t *server,
- identification_t *peer);
+ identification_t *peer, char *msk_label);
#endif /** TLS_H_ @}*/
chunk_t iv_out;
/**
- * EAP-TLS MSK
+ * EAP-[T]TLS MSK
*/
chunk_t msk;
+
+ /**
+ * ASCII string constant used as seed for EAP-[T]TLS MSK PRF
+ */
+ char *msk_label;
};
typedef struct {
seed = chunk_cata("cc", client_random, server_random);
free(this->msk.ptr);
this->msk = chunk_alloc(64);
- this->prf->get_bytes(this->prf, "client EAP encryption", seed,
+ this->prf->get_bytes(this->prf, this->msk_label, seed,
this->msk.len, this->msk.ptr);
}
/**
* See header
*/
-tls_crypto_t *tls_crypto_create(tls_t *tls)
+tls_crypto_t *tls_crypto_create(tls_t *tls, char *msk_label)
{
private_tls_crypto_t *this;
.destroy = _destroy,
},
.tls = tls,
+ .msk_label = msk_label
);
build_cipher_suite_list(this);
/**
* Create a tls_crypto instance.
+ *
+ * @param msk_label ASCII string constant used as seed for MSK PRF
*/
-tls_crypto_t *tls_crypto_create(tls_t *tls);
+tls_crypto_t *tls_crypto_create(tls_t *tls, char *msk_label);
#endif /** TLS_CRYPTO_H_ @}*/