EAP-TLS peer: MSK/EMSK derivation with TLS v1.3
Use new MSK/EMSK derivation mechanism if TLS v1.3 or newer is used per draft-mattsson-eap-tls13-02.txt. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
1854981c78
commit
0de820b333
1 changed files with 7 additions and 2 deletions
|
@ -173,6 +173,8 @@ static struct wpabuf * eap_tls_failure(struct eap_sm *sm,
|
|||
static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
|
||||
struct eap_method_ret *ret)
|
||||
{
|
||||
const char *label;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
|
||||
|
||||
if (data->ssl.tls_out) {
|
||||
|
@ -181,18 +183,21 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
|
|||
}
|
||||
|
||||
if (data->ssl.tls_v13) {
|
||||
label = "client EAP encryption KM";
|
||||
|
||||
/* A possible NewSessionTicket may be received before
|
||||
* EAP-Success, so need to allow it to be received. */
|
||||
ret->methodState = METHOD_MAY_CONT;
|
||||
ret->decision = DECISION_COND_SUCC;
|
||||
} else {
|
||||
label = "client EAP encryption";
|
||||
|
||||
ret->methodState = METHOD_DONE;
|
||||
ret->decision = DECISION_UNCOND_SUCC;
|
||||
}
|
||||
|
||||
eap_tls_free_key(data);
|
||||
data->key_data = eap_peer_tls_derive_key(sm, &data->ssl,
|
||||
"client EAP encryption",
|
||||
data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label,
|
||||
EAP_TLS_KEY_LEN +
|
||||
EAP_EMSK_LEN);
|
||||
if (data->key_data) {
|
||||
|
|
Loading…
Reference in a new issue