EAP-TTLS: Key derivation per draft-ietf-emu-tls-eap-types-00

Use the TLS-Exporter with the label and context as defined in
draft-ietf-emu-tls-eap-types-00 when deriving keys for EAP-TTLS with TLS
1.3.

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>

diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index 3bf1e97e6a3e111fb8ff7a8b6d85488a0c589d9a..b8e33217b735d716bb6abcbaa9ff40e2eef66419 100644 (file)
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -268,10 +268,22 @@ static int eap_ttls_avp_encapsulate(struct wpabuf **resp, u32 avp_code,
 static int eap_ttls_v0_derive_key(struct eap_sm *sm,
                                  struct eap_ttls_data *data)
 {
+       const char *label;
+       const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS };
+       const u8 *context = NULL;
+       size_t context_len = 0;
+
+       if (data->ssl.tls_v13) {
+               label = "EXPORTER_EAP_TLS_Key_Material";
+               context = eap_tls13_context;
+               context_len = sizeof(eap_tls13_context);
+       } else {
+               label = "ttls keying material";
+       }
+
        eap_ttls_free_key(data);
-       data->key_data = eap_peer_tls_derive_key(sm, &data->ssl,
-                                                "ttls keying material",
-                                                NULL, 0,
+       data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label,
+                                                context, context_len,
                                                 EAP_TLS_KEY_LEN +
                                                 EAP_EMSK_LEN);
        if (!data->key_data) {

diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index 2f0c041d5a9e17e3e6f4f9dc5a8d8956dfca1dbd..b89352244148ea0666bda40deed6155e286ebf4f 100644 (file)
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -1271,13 +1271,25 @@ static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
 {
        struct eap_ttls_data *data = priv;
        u8 *eapKeyData;
+       const char *label;
+       const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS };
+       const u8 *context = NULL;
+       size_t context_len = 0;
 
        if (data->state != SUCCESS)
                return NULL;
 
+       if (data->ssl.tls_v13) {
+               label = "EXPORTER_EAP_TLS_Key_Material";
+               context = eap_tls13_context;
+               context_len = sizeof(eap_tls13_context);
+       } else {
+               label = "ttls keying material";
+       }
+
        eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
-                                              "ttls keying material", NULL, 0,
-                                              EAP_TLS_KEY_LEN);
+                                              label, context, context_len,
+                                              EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
        if (eapKeyData) {
                *len = EAP_TLS_KEY_LEN;
                wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
@@ -1313,12 +1325,24 @@ static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
 {
        struct eap_ttls_data *data = priv;
        u8 *eapKeyData, *emsk;
+       const char *label;
+       const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS };
+       const u8 *context = NULL;
+       size_t context_len = 0;
 
        if (data->state != SUCCESS)
                return NULL;
 
+       if (data->ssl.tls_v13) {
+               label = "EXPORTER_EAP_TLS_Key_Material";
+               context = eap_tls13_context;
+               context_len = sizeof(eap_tls13_context);
+       } else {
+               label = "ttls keying material";
+       }
+
        eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
-                                              "ttls keying material", NULL, 0,
+                                              label, context, context_len,
                                               EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
        if (eapKeyData) {
                emsk = os_malloc(EAP_EMSK_LEN);