DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-PEAP: Key derivation per draft-ietf-emu-tls-eap-types-00

Browse source 
Use the TLS-Exporter with the label and context as defined in
draft-ietf-emu-tls-eap-types-00 when deriving keys for PEAP with TLS
1.3.

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
This commit is contained in:
Alexander Clouter 2020-10-16 09:49:38 +01:00 committed by Jouni Malinen
parent 872609c151
commit c74f230200
2 changed files with 62 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
src/eap_peer/eap_peap.c
View file

@ -1085,7 +1085,11 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
} }
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
char *label; const char *label;
const u8 eap_tls13_context[1] = { EAP_TYPE_PEAP };
const u8 *context = NULL;
size_t context_len = 0;
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"EAP-PEAP: TLS done, proceed to Phase 2"); "EAP-PEAP: TLS done, proceed to Phase 2");
eap_peap_free_key(data); eap_peap_free_key(data);
@ -1095,16 +1099,25 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
* PEAPv1 implementations seem to be using the old * PEAPv1 implementations seem to be using the old
* label, "client EAP encryption", instead. Use the old * label, "client EAP encryption", instead. Use the old
* label by default, but allow it to be configured with * label by default, but allow it to be configured with
* phase1 parameter peaplabel=1. */ * phase1 parameter peaplabel=1.
if (data->force_new_label) *
* When using TLS 1.3, draft-ietf-emu-tls-eap-types
* defines a new set of label and context parameters.
*/
if (data->ssl.tls_v13) {
label = "EXPORTER_EAP_TLS_Key_Material";
context = eap_tls13_context;
context_len = sizeof(eap_tls13_context);
} else if (data->force_new_label) {
label = "client PEAP encryption"; label = "client PEAP encryption";
else } else {
label = "client EAP encryption"; label = "client EAP encryption";
}
wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in " wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in "
"key derivation", label); "key derivation", label);
data->key_data = data->key_data =
eap_peer_tls_derive_key(sm, &data->ssl, label, eap_peer_tls_derive_key(sm, &data->ssl, label,
NULL, 0, context, context_len,
EAP_TLS_KEY_LEN + EAP_TLS_KEY_LEN +
EAP_EMSK_LEN); EAP_EMSK_LEN);
if (data->key_data) { if (data->key_data) {

50
src/eap_server/eap_server_peap.c
View file

@ -325,13 +325,27 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
u8 *tk; u8 *tk;
u8 isk[32], imck[60]; u8 isk[32], imck[60];
int res; int res;
const char *label;
const u8 eap_tls13_context[1] = { EAP_TYPE_PEAP };
const u8 *context = NULL;
size_t context_len = 0;
if (data->ssl.tls_v13) {
label = "EXPORTER_EAP_TLS_Key_Material";
context = eap_tls13_context;
context_len = sizeof(eap_tls13_context);
} else {
/* TODO: PEAPv1 - different label in some cases */
label = "client EAP encryption";
}
/* /*
* Tunnel key (TK) is the first 60 octets of the key generated by * Tunnel key (TK) is the first 60 octets of the key generated by
* phase 1 of PEAP (based on TLS). * phase 1 of PEAP (based on TLS).
*/ */
tk = eap_server_tls_derive_key(sm, &data->ssl, "client EAP encryption", tk = eap_server_tls_derive_key(sm, &data->ssl, label,
NULL, 0, EAP_TLS_KEY_LEN); context, context_len,
EAP_TLS_KEY_LEN);
if (tk == NULL) if (tk == NULL)
return -1; return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60); wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
@ -1300,6 +1314,10 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
{ {
struct eap_peap_data *data = priv; struct eap_peap_data *data = priv;
u8 *eapKeyData; u8 *eapKeyData;
const char *label;
const u8 eap_tls13_context[1] = { EAP_TYPE_PEAP };
const u8 *context = NULL;
size_t context_len = 0;
if (data->state != SUCCESS) if (data->state != SUCCESS)
return NULL; return NULL;
@ -1332,9 +1350,17 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
return eapKeyData; return eapKeyData;
} }
/* TODO: PEAPv1 - different label in some cases */ if (data->ssl.tls_v13) {
label = "EXPORTER_EAP_TLS_Key_Material";
context = eap_tls13_context;
context_len = sizeof(eap_tls13_context);
} else {
/* TODO: PEAPv1 - different label in some cases */
label = "client EAP encryption";
}
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
"client EAP encryption", NULL, 0, label, context, context_len,
EAP_TLS_KEY_LEN + EAP_EMSK_LEN); EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
if (eapKeyData) { if (eapKeyData) {
os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN); os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN);
@ -1353,6 +1379,10 @@ static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
{ {
struct eap_peap_data *data = priv; struct eap_peap_data *data = priv;
u8 *eapKeyData, *emsk; u8 *eapKeyData, *emsk;
const char *label;
const u8 eap_tls13_context[1] = { EAP_TYPE_PEAP };
const u8 *context = NULL;
size_t context_len = 0;
if (data->state != SUCCESS) if (data->state != SUCCESS)
return NULL; return NULL;
@ -1362,9 +1392,17 @@ static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
return NULL; return NULL;
} }
/* TODO: PEAPv1 - different label in some cases */ if (data->ssl.tls_v13) {
label = "EXPORTER_EAP_TLS_Key_Material";
context = eap_tls13_context;
context_len = sizeof(eap_tls13_context);
} else {
/* TODO: PEAPv1 - different label in some cases */
label = "client EAP encryption";
}
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
"client EAP encryption", NULL, 0, label, context, context_len,
EAP_TLS_KEY_LEN + EAP_EMSK_LEN); EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
if (eapKeyData) { if (eapKeyData) {
emsk = os_memdup(eapKeyData + EAP_TLS_KEY_LEN, EAP_EMSK_LEN); emsk = os_memdup(eapKeyData + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);