EAP-TLS peer: MSK/EMSK derivation with TLS v1.3

Use new MSK/EMSK derivation mechanism if TLS v1.3 or newer is used per
draft-mattsson-eap-tls13-02.txt.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-05-01 17:53:07 +03:00
parent 1854981c78
commit 0de820b333

View file

@ -173,6 +173,8 @@ static struct wpabuf * eap_tls_failure(struct eap_sm *sm,
static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
struct eap_method_ret *ret)
{
const char *label;
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
if (data->ssl.tls_out) {
@ -181,18 +183,21 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
}
if (data->ssl.tls_v13) {
label = "client EAP encryption KM";
/* A possible NewSessionTicket may be received before
* EAP-Success, so need to allow it to be received. */
ret->methodState = METHOD_MAY_CONT;
ret->decision = DECISION_COND_SUCC;
} else {
label = "client EAP encryption";
ret->methodState = METHOD_DONE;
ret->decision = DECISION_UNCOND_SUCC;
}
eap_tls_free_key(data);
data->key_data = eap_peer_tls_derive_key(sm, &data->ssl,
"client EAP encryption",
data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label,
EAP_TLS_KEY_LEN +
EAP_EMSK_LEN);
if (data->key_data) {