Added generic TLS purposes
authorMartin Willi <martin@revosec.ch>
Tue, 24 Aug 2010 06:42:10 +0000 (08:42 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 24 Aug 2010 06:45:49 +0000 (08:45 +0200)
src/libtls/tls.h
src/libtls/tls_crypto.c
src/libtls/tls_server.c

index 36ca592..aa840f8 100644 (file)
@@ -98,6 +98,10 @@ enum tls_purpose_t {
        TLS_PURPOSE_EAP_TTLS,
        /** EAP-TTLS with client authentication */
        TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH,
+       /** non-EAP TLS without client authentication */
+       TLS_PURPOSE_GENERIC,
+       /** non-EAP TLS with client authentication */
+       TLS_PURPOSE_GENERIC_CLIENT_AUTH,
 };
 
 /**
index a12944a..12c6b98 100644 (file)
@@ -862,13 +862,16 @@ METHOD(tls_crypto_t, change_cipher, void,
 METHOD(tls_crypto_t, derive_eap_msk, void,
        private_tls_crypto_t *this, chunk_t client_random, chunk_t server_random)
 {
-       chunk_t seed;
+       if (this->msk_label)
+       {
+               chunk_t seed;
 
-       seed = chunk_cata("cc", client_random, server_random);
-       free(this->msk.ptr);
-       this->msk = chunk_alloc(64);
-       this->prf->get_bytes(this->prf, this->msk_label, seed,
-                                                this->msk.len, this->msk.ptr);
+               seed = chunk_cata("cc", client_random, server_random);
+               free(this->msk.ptr);
+               this->msk = chunk_alloc(64);
+               this->prf->get_bytes(this->prf, this->msk_label, seed,
+                                                        this->msk.len, this->msk.ptr);
+       }
 }
 
 METHOD(tls_crypto_t, get_eap_msk, chunk_t,
@@ -931,6 +934,10 @@ tls_crypto_t *tls_crypto_create(tls_t *tls)
                        this->msk_label = "ttls keying material";
                        build_cipher_suite_list(this, TRUE);
                        break;
+               case TLS_PURPOSE_GENERIC:
+               case TLS_PURPOSE_GENERIC_CLIENT_AUTH:
+                       build_cipher_suite_list(this, TRUE);
+                       break;
        }
        return &this->public;
 }
index 77e26d6..a169770 100644 (file)
@@ -683,9 +683,11 @@ tls_server_t *tls_server_create(tls_t *tls,
        {
                case TLS_PURPOSE_EAP_TLS:
                case TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH:
+               case TLS_PURPOSE_GENERIC_CLIENT_AUTH:
                        this->request_peer_auth = TRUE;
                        break;
                case TLS_PURPOSE_EAP_TTLS:
+               case TLS_PURPOSE_GENERIC:
                        break;
        }
        return &this->public;