[PATCH 2/2] EAP peer/server: support for draft-ietf-emu-tls-eap-types
Alexander Clouter
alex at digriz.org.uk
Mon Jul 6 11:34:37 EDT 2020
Plumbing in for TLS 1.3 label/context for EAP-{TTLS,PEAP} as described
in draft-ietf-emu-tls-eap-types
Signed-off-by: Alexander Clouter <alex at digriz.org.uk>
---
src/eap_peer/eap_peap.c | 13 ++++++--
src/eap_peer/eap_tls_common.c | 4 +--
src/eap_peer/eap_ttls.c | 16 ++++++++--
src/eap_server/eap_server_peap.c | 41 ++++++++++++++++++++++----
src/eap_server/eap_server_tls_common.c | 4 +--
src/eap_server/eap_server_ttls.c | 26 ++++++++++++++--
6 files changed, 87 insertions(+), 17 deletions(-)
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index a13428d37..ba8b76cbf 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -1085,10 +1085,17 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
}
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
- char *label;
+ const char *label;
+ const u8 eap_tls13_context[] = { EAP_TYPE_PEAP };
+ const u8 *context = NULL;
+ size_t context_len = 0;
wpa_printf(MSG_DEBUG,
"EAP-PEAP: TLS done, proceed to Phase 2");
eap_peap_free_key(data);
+ if (data->ssl.tls_v13) {
+ label = "EXPORTER_EAP_TLS_Key_Material";
+ context = eap_tls13_context;
+ context_len = 1;
/* draft-josefsson-ppext-eap-tls-eap-05.txt
* specifies that PEAPv1 would use "client PEAP
* encryption" as the label. However, most existing
@@ -1096,7 +1103,7 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
* label, "client EAP encryption", instead. Use the old
* label by default, but allow it to be configured with
* phase1 parameter peaplabel=1. */
- if (data->force_new_label)
+ } else if (data->force_new_label)
label = "client PEAP encryption";
else
label = "client EAP encryption";
@@ -1104,7 +1111,7 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
"key derivation", label);
data->key_data =
eap_peer_tls_derive_key(sm, &data->ssl, label,
- NULL, 0,
+ context, context_len,
EAP_TLS_KEY_LEN +
EAP_EMSK_LEN);
if (data->key_data) {
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index ab1067878..c1837db06 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -413,9 +413,9 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
struct tls_random keys;
u8 *out;
- if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
+ if (data->tls_v13) {
u8 *id, *method_id;
- const u8 context[] = { EAP_TYPE_TLS };
+ const u8 context[] = { eap_type };
/* Session-Id = <EAP-Type> || Method-Id
* Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index 3bf1e97e6..b36e44660 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -268,10 +268,22 @@ static int eap_ttls_avp_encapsulate(struct wpabuf **resp, u32 avp_code,
static int eap_ttls_v0_derive_key(struct eap_sm *sm,
struct eap_ttls_data *data)
{
+ const char *label;
+ const u8 eap_tls13_context[] = { EAP_TYPE_TTLS };
+ const u8 *context = NULL;
+ size_t context_len = 0;
+
+ if (data->ssl.tls_v13) {
+ label = "EXPORTER_EAP_TLS_Key_Material";
+ context = eap_tls13_context;
+ context_len = 1;
+ } else
+ label = "ttls keying material";
+
eap_ttls_free_key(data);
data->key_data = eap_peer_tls_derive_key(sm, &data->ssl,
- "ttls keying material",
- NULL, 0,
+ label,
+ context, context_len,
EAP_TLS_KEY_LEN +
EAP_EMSK_LEN);
if (!data->key_data) {
diff --git a/src/eap_server/eap_server_peap.c b/src/eap_server/eap_server_peap.c
index f234f6fa5..ff330875a 100644
--- a/src/eap_server/eap_server_peap.c
+++ b/src/eap_server/eap_server_peap.c
@@ -325,13 +325,24 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
u8 *tk;
u8 isk[32], imck[60];
int res;
+ const char *label;
+ const u8 eap_tls13_context[] = { EAP_TYPE_PEAP };
+ const u8 *context = NULL;
+
+ if (data->ssl.tls_v13) {
+ label = "EXPORTER_EAP_TLS_Key_Material";
+ context = eap_tls13_context;
+ context_len = 1;
+ } else
+ label = "client EAP encryption"; /* TODO: PEAPv1 - different label in some cases */
/*
* Tunnel key (TK) is the first 60 octets of the key generated by
* phase 1 of PEAP (based on TLS).
*/
- tk = eap_server_tls_derive_key(sm, &data->ssl, "client EAP encryption",
- NULL, 0, EAP_TLS_KEY_LEN);
+ tk = eap_server_tls_derive_key(sm, &data->ssl, label,
+ context, context_len,
+ EAP_TLS_KEY_LEN);
if (tk == NULL)
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
@@ -1300,6 +1311,9 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
{
struct eap_peap_data *data = priv;
u8 *eapKeyData;
+ const char *label;
+ const u8 eap_tls13_context[] = { EAP_TYPE_PEAP };
+ const u8 *context = NULL;
if (data->state != SUCCESS)
return NULL;
@@ -1332,9 +1346,15 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
return eapKeyData;
}
- /* TODO: PEAPv1 - different label in some cases */
+ if (data->ssl.tls_v13) {
+ label = "EXPORTER_EAP_TLS_Key_Material";
+ context = eap_tls13_context;
+ context_len = 1;
+ } else
+ label = "client EAP encryption"; /* TODO: PEAPv1 - different label in some cases */
+
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
- "client EAP encryption", NULL, 0,
+ label, context, context_len,
EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
if (eapKeyData) {
os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN);
@@ -1353,6 +1373,9 @@ static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
{
struct eap_peap_data *data = priv;
u8 *eapKeyData, *emsk;
+ const char *label;
+ const u8 eap_tls13_context[] = { EAP_TYPE_PEAP };
+ const u8 *context = NULL;
if (data->state != SUCCESS)
return NULL;
@@ -1362,9 +1385,15 @@ static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
return NULL;
}
- /* TODO: PEAPv1 - different label in some cases */
+ if (data->ssl.tls_v13) {
+ label = "EXPORTER_EAP_TLS_Key_Material";
+ context = eap_tls13_context;
+ context_len = 1;
+ } else
+ label = "client EAP encryption"; /* TODO: PEAPv1 - different label in some cases */
+
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
- "client EAP encryption", NULL, 0,
+ label, context, context_len,
EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
if (eapKeyData) {
emsk = os_memdup(eapKeyData + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index b38f1e0ba..4b832d097 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -146,10 +146,10 @@ u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
{
struct tls_random keys;
u8 *out;
- const u8 context[] = { EAP_TYPE_TLS };
- if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
+ if (data->tls_v13) {
u8 *id, *method_id;
+ const u8 context[] = { eap_type };
/* Session-Id = <EAP-Type> || Method-Id
* Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index 2f0c041d5..a1c5dad2d 100644
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -1271,12 +1271,23 @@ static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
{
struct eap_ttls_data *data = priv;
u8 *eapKeyData;
+ const char *label;
+ const u8 eap_tls13_context[] = { EAP_TYPE_TTLS };
+ const u8 *context = NULL;
+ size_t context_len = 0;
if (data->state != SUCCESS)
return NULL;
+ if (data->ssl.tls_v13) {
+ label = "EXPORTER_EAP_TLS_Key_Material";
+ context = eap_tls13_context;
+ context_len = 1;
+ } else
+ label = "ttls keying material";
+
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
- "ttls keying material", NULL, 0,
+ label, context, context_len,
EAP_TLS_KEY_LEN);
if (eapKeyData) {
*len = EAP_TLS_KEY_LEN;
@@ -1313,12 +1324,23 @@ static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
{
struct eap_ttls_data *data = priv;
u8 *eapKeyData, *emsk;
+ const char *label;
+ const u8 eap_tls13_context[] = { EAP_TYPE_TTLS };
+ const u8 *context = NULL;
+ size_t context_len = 0;
if (data->state != SUCCESS)
return NULL;
+ if (data->ssl.tls_v13) {
+ label = "EXPORTER_EAP_TLS_Key_Material";
+ context = eap_tls13_context;
+ context_len = 1;
+ } else
+ label = "ttls keying material";
+
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
- "ttls keying material", NULL, 0,
+ label, context, context_len,
EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
if (eapKeyData) {
emsk = os_malloc(EAP_EMSK_LEN);
--
2.20.1
More information about the Hostap
mailing list