From 89ae746305215c5dd077441ba796ff37b03fdaa3 Mon Sep 17 00:00:00 2001 From: Andreas Schultz Date: Fri, 24 Feb 2012 13:47:13 +0100 Subject: Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS as transport layer need to generate additional application specific key material. One way to generate such material is to use the TLS PRF and key material from the TLS session itself. This change makes it possible to use a TLS sessions PRF either with the session internal or caller supplied key material to generate additional key material. --- lib/ssl/src/ssl_handshake.erl | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'lib/ssl/src/ssl_handshake.erl') diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 542033e6ce..ef60cac6df 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -37,7 +37,7 @@ finished/4, verify_connection/5, get_tls_handshake/2, decode_client_key/3, server_hello_done/0, encode_handshake/2, init_hashes/0, update_hashes/2, - decrypt_premaster_secret/2]). + decrypt_premaster_secret/2, prf/5]). -export([dec_hello_extensions/2]). @@ -542,6 +542,18 @@ server_key_exchange_hash(Algorithm, Value) when Algorithm == rsa; server_key_exchange_hash(dhe_dss, Value) -> crypto:sha(Value). +%%-------------------------------------------------------------------- +-spec prf(tls_version(), binary(), binary(), binary(), non_neg_integer()) -> + {ok, binary()} | {error, undefined}. +%% +%% Description: use the TLS PRF to generate key material +%%-------------------------------------------------------------------- +prf({3,0}, _, _, _, _) -> + {error, undefined}; +prf({3,N}, Secret, Label, Seed, WantedLength) + when N == 1; N == 2 -> + {ok, ssl_tls1:prf(Secret, Label, Seed, WantedLength)}. + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- -- cgit v1.2.3