From 42e37285e58af9abfca459575b84b20bfd24906e Mon Sep 17 00:00:00 2001 From: Alexander Clouter Date: Fri, 16 Oct 2020 09:49:38 +0100 Subject: [PATCH] EAP-TTLS: Key derivation per draft-ietf-emu-tls-eap-types-00 Use the TLS-Exporter with the label and context as defined in draft-ietf-emu-tls-eap-types-00 when deriving keys for EAP-TTLS with TLS 1.3. Signed-off-by: Alexander Clouter --- .../wpa_supplicant/src/eap_peer/eap_ttls.c | 21 +++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/components/wpa_supplicant/src/eap_peer/eap_ttls.c b/components/wpa_supplicant/src/eap_peer/eap_ttls.c index a094ce5c61..0c7f8a9dc9 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_ttls.c +++ b/components/wpa_supplicant/src/eap_peer/eap_ttls.c @@ -217,11 +217,24 @@ static int eap_ttls_avp_encapsulate(struct wpabuf **resp, u32 avp_code, static int eap_ttls_v0_derive_key(struct eap_sm *sm, struct eap_ttls_data *data) { + const char *label; + const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS }; + const u8 *context = NULL; + size_t context_len = 0; + + if (data->ssl.tls_v13) { + label = "EXPORTER_EAP_TLS_Key_Material"; + context = eap_tls13_context; + context_len = sizeof(eap_tls13_context); + } else { + label = "ttls keying material"; + } + eap_ttls_free_key(data); - data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, - "ttls keying material", - NULL, 0, - EAP_TLS_KEY_LEN); + data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label, + context, context_len, + EAP_TLS_KEY_LEN + + EAP_EMSK_LEN); if (!data->key_data) { wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to derive key"); return -1;