EAP-PEAP: Key derivation per draft-ietf-emu-tls-eap-types-00
Use the TLS-Exporter with the label and context as defined in draft-ietf-emu-tls-eap-types-00 when deriving keys for PEAP with TLS 1.3. Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
This commit is contained in:
Alexander Clouter
Jouni Malinen
parent
872609c151
commit
c74f230200
2 changed files with 62 additions and 11 deletions
|
|
@ -1085,7 +1085,11 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
|
|||
}
|
||||
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||
char *label;
|
||||
const char *label;
|
||||
const u8 eap_tls13_context[1] = { EAP_TYPE_PEAP };
|
||||
const u8 *context = NULL;
|
||||
size_t context_len = 0;
|
||||
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-PEAP: TLS done, proceed to Phase 2");
|
||||
eap_peap_free_key(data);
|
||||
|
|
@ -1095,16 +1099,25 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
|
|||
* PEAPv1 implementations seem to be using the old
|
||||
* label, "client EAP encryption", instead. Use the old
|
||||
* label by default, but allow it to be configured with
|
||||
* phase1 parameter peaplabel=1. */
|
||||
if (data->force_new_label)
|
||||
* phase1 parameter peaplabel=1.
|
||||
*
|
||||
* When using TLS 1.3, draft-ietf-emu-tls-eap-types
|
||||
* defines a new set of label and context parameters.
|
||||
*/
|
||||
if (data->ssl.tls_v13) {
|
||||
label = "EXPORTER_EAP_TLS_Key_Material";
|
||||
context = eap_tls13_context;
|
||||
context_len = sizeof(eap_tls13_context);
|
||||
} else if (data->force_new_label) {
|
||||
label = "client PEAP encryption";
|
||||
else
|
||||
} else {
|
||||
label = "client EAP encryption";
|
||||
}
|
||||
wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in "
|
||||
"key derivation", label);
|
||||
data->key_data =
|
||||
eap_peer_tls_derive_key(sm, &data->ssl, label,
|
||||
NULL, 0,
|
||||
context, context_len,
|
||||
EAP_TLS_KEY_LEN +
|
||||
EAP_EMSK_LEN);
|
||||
if (data->key_data) {
|
||||
|
|
|
|||
|
|
@ -325,13 +325,27 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
|
|||
u8 *tk;
|
||||
u8 isk[32], imck[60];
|
||||
int res;
|
||||
const char *label;
|
||||
const u8 eap_tls13_context[1] = { EAP_TYPE_PEAP };
|
||||
const u8 *context = NULL;
|
||||
size_t context_len = 0;
|
||||
|
||||
if (data->ssl.tls_v13) {
|
||||
label = "EXPORTER_EAP_TLS_Key_Material";
|
||||
context = eap_tls13_context;
|
||||
context_len = sizeof(eap_tls13_context);
|
||||
} else {
|
||||
/* TODO: PEAPv1 - different label in some cases */
|
||||
label = "client EAP encryption";
|
||||
}
|
||||
|
||||
/*
|
||||
* Tunnel key (TK) is the first 60 octets of the key generated by
|
||||
* phase 1 of PEAP (based on TLS).
|
||||
*/
|
||||
tk = eap_server_tls_derive_key(sm, &data->ssl, "client EAP encryption",
|
||||
NULL, 0, EAP_TLS_KEY_LEN);
|
||||
tk = eap_server_tls_derive_key(sm, &data->ssl, label,
|
||||
context, context_len,
|
||||
EAP_TLS_KEY_LEN);
|
||||
if (tk == NULL)
|
||||
return -1;
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
|
||||
|
|
@ -1300,6 +1314,10 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
|||
{
|
||||
struct eap_peap_data *data = priv;
|
||||
u8 *eapKeyData;
|
||||
const char *label;
|
||||
const u8 eap_tls13_context[1] = { EAP_TYPE_PEAP };
|
||||
const u8 *context = NULL;
|
||||
size_t context_len = 0;
|
||||
|
||||
if (data->state != SUCCESS)
|
||||
return NULL;
|
||||
|
|
@ -1332,9 +1350,17 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
|||
return eapKeyData;
|
||||
}
|
||||
|
||||
if (data->ssl.tls_v13) {
|
||||
label = "EXPORTER_EAP_TLS_Key_Material";
|
||||
context = eap_tls13_context;
|
||||
context_len = sizeof(eap_tls13_context);
|
||||
} else {
|
||||
/* TODO: PEAPv1 - different label in some cases */
|
||||
label = "client EAP encryption";
|
||||
}
|
||||
|
||||
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
|
||||
"client EAP encryption", NULL, 0,
|
||||
label, context, context_len,
|
||||
EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
|
||||
if (eapKeyData) {
|
||||
os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN);
|
||||
|
|
@ -1353,6 +1379,10 @@ static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
|
|||
{
|
||||
struct eap_peap_data *data = priv;
|
||||
u8 *eapKeyData, *emsk;
|
||||
const char *label;
|
||||
const u8 eap_tls13_context[1] = { EAP_TYPE_PEAP };
|
||||
const u8 *context = NULL;
|
||||
size_t context_len = 0;
|
||||
|
||||
if (data->state != SUCCESS)
|
||||
return NULL;
|
||||
|
|
@ -1362,9 +1392,17 @@ static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (data->ssl.tls_v13) {
|
||||
label = "EXPORTER_EAP_TLS_Key_Material";
|
||||
context = eap_tls13_context;
|
||||
context_len = sizeof(eap_tls13_context);
|
||||
} else {
|
||||
/* TODO: PEAPv1 - different label in some cases */
|
||||
label = "client EAP encryption";
|
||||
}
|
||||
|
||||
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
|
||||
"client EAP encryption", NULL, 0,
|
||||
label, context, context_len,
|
||||
EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
|
||||
if (eapKeyData) {
|
||||
emsk = os_memdup(eapKeyData + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
|
||||
|
|
|
|||
Loading…
Reference in a new issue