EAP-TLS: Update Session-Id derivation with TLS v1.3

Move to the version used in draft-ietf-emu-eap-tls13-03.txt, i.e.,
include the 0x0D prefix and use a different TLS-Exporter() label string.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 8641a2f0cdea49f391560abfef59f2ef1b0be9bc..7dbd364a5a237743741616a6a8ef8c92f21582d4 100644 (file)
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -396,10 +396,26 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
        u8 *out;
 
        if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
-               *len = 64;
-               return eap_peer_tls_derive_key(sm, data,
-                                              "EXPORTER_EAP_TLS_Session-Id",
-                                              64);
+               u8 *id, *method_id;
+
+               /* Session-Id = <EAP-Type> || Method-Id
+                * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
+                *                          "", 64)
+                */
+               *len = 1 + 64;
+               id = os_malloc(*len);
+               if (!id)
+                       return NULL;
+               method_id = eap_peer_tls_derive_key(
+                       sm, data, "EXPORTER_EAP_TLS_Method-Id", 64);
+               if (!method_id) {
+                       os_free(id);
+                       return NULL;
+               }
+               id[0] = eap_type;
+               os_memcpy(id + 1, method_id, 64);
+               os_free(method_id);
+               return id;
        }
 
        if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys) ||

diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 0ae7867fccf7fe2e9d0395bee20e34b05b3c10a6..4ba7c24993741d3e937434afd5a51aa52ccce934 100644 (file)
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -146,10 +146,26 @@ u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
        u8 *out;
 
        if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
-               *len = 64;
-               return eap_server_tls_derive_key(sm, data,
-                                                "EXPORTER_EAP_TLS_Session-Id",
-                                                64);
+               u8 *id, *method_id;
+
+               /* Session-Id = <EAP-Type> || Method-Id
+                * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
+                *                          "", 64)
+                */
+               *len = 1 + 64;
+               id = os_malloc(*len);
+               if (!id)
+                       return NULL;
+               method_id = eap_server_tls_derive_key(
+                       sm, data, "EXPORTER_EAP_TLS_Method-Id", 64);
+               if (!method_id) {
+                       os_free(id);
+                       return NULL;
+               }
+               id[0] = eap_type;
+               os_memcpy(id + 1, method_id, 64);
+               os_free(method_id);
+               return id;
        }
 
        if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys))