EAP-TLS: Derive Session-Id using TLS-Exporter when TLS v1.3 is used

This updates Session-Id derivation with TLS v1.3 per
draft-ietf-emu-eap-tls13-00.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 8572005d70ae2d3c0a646be65a6b0de9822e77e4..0de131526a5197598b90cdcabc17c2b630eb8016 100644 (file)
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -387,6 +387,13 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
        struct tls_random keys;
        u8 *out;
 
+       if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
+               *len = 64;
+               return eap_peer_tls_derive_key(sm, data,
+                                              "EXPORTER_EAP_TLS_Session-Id",
+                                              64);
+       }
+
        if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys) ||
            keys.client_random == NULL || keys.server_random == NULL)
                return NULL;

diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index c2e0cf0c883bb9c5a6474a6d3d5be78a0cd9d309..4f9cb0875748d166b70f1745a3dd1e17e0605085 100644 (file)
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -145,6 +145,13 @@ u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
        struct tls_random keys;
        u8 *out;
 
+       if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
+               *len = 64;
+               return eap_server_tls_derive_key(sm, data,
+                                                "EXPORTER_EAP_TLS_Session-Id",
+                                                64);
+       }
+
        if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys))
                return NULL;