Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 08:48:31 -05:00
Code Issues Projects Releases Wiki Activity

EAP-TLS peer: MSK/EMSK derivation with TLS v1.3

Browse Source 
Use new MSK/EMSK derivation mechanism if TLS v1.3 or newer is used per
draft-mattsson-eap-tls13-02.txt.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-05-01 17:53:07 +03:00
parent 1854981c78
commit 0de820b333
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/eap_peer/eap_tls.c
View File

@ -173,6 +173,8 @@ static struct wpabuf * eap_tls_failure(struct eap_sm *sm,
static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data, static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
struct eap_method_ret *ret) struct eap_method_ret *ret)
{ {
const char *label;
wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
if (data->ssl.tls_out) { if (data->ssl.tls_out) {
@ -181,18 +183,21 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
} }
if (data->ssl.tls_v13) { if (data->ssl.tls_v13) {
label = "client EAP encryption KM";
/* A possible NewSessionTicket may be received before /* A possible NewSessionTicket may be received before
* EAP-Success, so need to allow it to be received. */ * EAP-Success, so need to allow it to be received. */
ret->methodState = METHOD_MAY_CONT; ret->methodState = METHOD_MAY_CONT;
ret->decision = DECISION_COND_SUCC; ret->decision = DECISION_COND_SUCC;
} else { } else {
label = "client EAP encryption";
ret->methodState = METHOD_DONE; ret->methodState = METHOD_DONE;
ret->decision = DECISION_UNCOND_SUCC; ret->decision = DECISION_UNCOND_SUCC;
} }
eap_tls_free_key(data); eap_tls_free_key(data);
data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label,
"client EAP encryption",
EAP_TLS_KEY_LEN + EAP_TLS_KEY_LEN +
EAP_EMSK_LEN); EAP_EMSK_LEN);
if (data->key_data) { if (data->key_data) {