[PATCH] Add Type-Code context to EAP_TLS 1.3 exported Key_Material and Method-Id

Ervin Oro ervin.oro at aalto.fi
Mon Apr 15 10:05:49 PDT 2019


Change to require the Type-Code in context for Key_Material and Method-Id has
now been published as draft-ietf-emu-eap-tls13-04.
https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-04#section-2.3

Signed-off-by: Ervin Oro <ervin.oro at aalto.fi>
---
 src/eap_peer/eap_tls.c                 |  7 ++++++-
 src/eap_peer/eap_tls_common.c          |  5 +++--
 src/eap_server/eap_server_tls.c        | 24 ++++++++++++++++++------
 src/eap_server/eap_server_tls_common.c |  5 +++--
 4 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c
index ffea9d213..c4ef11770 100644
--- a/src/eap_peer/eap_tls.c
+++ b/src/eap_peer/eap_tls.c
@@ -174,6 +174,9 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
 			    struct eap_method_ret *ret)
 {
 	const char *label;
+	const u8 eap_tls13_context[] = {EAP_TYPE_TLS};
+	const u8 *context = NULL;
+	size_t context_len = 0;
 
 	wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
 
@@ -184,6 +187,8 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
 
 	if (data->ssl.tls_v13) {
 		label = "EXPORTER_EAP_TLS_Key_Material";
+		context = eap_tls13_context;
+		context_len = 1;
 
 		/* A possible NewSessionTicket may be received before
 		 * EAP-Success, so need to allow it to be received. */
@@ -198,7 +203,7 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
 
 	eap_tls_free_key(data);
 	data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label,
-						 NULL, 0,
+						 context, context_len,
 						 EAP_TLS_KEY_LEN +
 						 EAP_EMSK_LEN);
 	if (data->key_data) {
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index cb94c452e..5947c1539 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -407,14 +407,15 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
 
 		/* Session-Id = <EAP-Type> || Method-Id
 		 * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
-		 *                          "", 64)
+		 *                          Type-Code, 64)
 		 */
 		*len = 1 + 64;
 		id = os_malloc(*len);
 		if (!id)
 			return NULL;
+		const u8 context[] = {EAP_TYPE_TLS};
 		method_id = eap_peer_tls_derive_key(
-			sm, data, "EXPORTER_EAP_TLS_Method-Id", NULL, 0, 64);
+			sm, data, "EXPORTER_EAP_TLS_Method-Id", context, 1, 64);
 		if (!method_id) {
 			os_free(id);
 			return NULL;
diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 357e72a82..7e6854049 100644
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -322,16 +322,22 @@ static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len)
 	struct eap_tls_data *data = priv;
 	u8 *eapKeyData;
 	const char *label;
+	const u8 eap_tls13_context[] = {EAP_TYPE_TLS};
+	const u8 *context = NULL;
+	size_t context_len = 0;
 
 	if (data->state != SUCCESS)
 		return NULL;
 
-	if (data->ssl.tls_v13)
+	if (data->ssl.tls_v13) {
 		label = "EXPORTER_EAP_TLS_Key_Material";
-	else
+		context = eap_tls13_context;
+		context_len = 1;
+	} else {
 		label = "client EAP encryption";
+	}
 	eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label,
-					       NULL, 0,
+					       context, context_len,
 					       EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
 	if (eapKeyData) {
 		*len = EAP_TLS_KEY_LEN;
@@ -351,16 +357,22 @@ static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
 	struct eap_tls_data *data = priv;
 	u8 *eapKeyData, *emsk;
 	const char *label;
+	const u8 eap_tls13_context[] = {EAP_TYPE_TLS};
+	const u8 *context = NULL;
+	size_t context_len = 0;
 
 	if (data->state != SUCCESS)
 		return NULL;
 
-	if (data->ssl.tls_v13)
+	if (data->ssl.tls_v13) {
 		label = "EXPORTER_EAP_TLS_Key_Material";
-	else
+		context = eap_tls13_context;
+		context_len = 1;
+	} else {
 		label = "client EAP encryption";
+	}
 	eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label,
-					       NULL, 0,
+					       context, context_len,
 					       EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
 	if (eapKeyData) {
 		emsk = os_malloc(EAP_EMSK_LEN);
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 0eca0ff77..ed67654e2 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -151,14 +151,15 @@ u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
 
 		/* Session-Id = <EAP-Type> || Method-Id
 		 * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
-		 *                          "", 64)
+		 *                          Type-Code, 64)
 		 */
 		*len = 1 + 64;
 		id = os_malloc(*len);
 		if (!id)
 			return NULL;
+		const u8 context[] = {EAP_TYPE_TLS};
 		method_id = eap_server_tls_derive_key(
-			sm, data, "EXPORTER_EAP_TLS_Method-Id", NULL, 0, 64);
+			sm, data, "EXPORTER_EAP_TLS_Method-Id", context, 1, 64);
 		if (!method_id) {
 			os_free(id);
 			return NULL;
-- 
2.17.1




More information about the Hostap mailing list