EAP-TLS: Update Session-Id derivation with TLS v1.3

Move to the version used in draft-ietf-emu-eap-tls13-03.txt, i.e.,
include the 0x0D prefix and use a different TLS-Exporter() label string.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-01-05 18:00:26 +02:00
parent 67e34a284a
commit aae0eece5f
2 changed files with 40 additions and 8 deletions

View File

@ -396,10 +396,26 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
u8 *out; u8 *out;
if (eap_type == EAP_TYPE_TLS && data->tls_v13) { if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
*len = 64; u8 *id, *method_id;
return eap_peer_tls_derive_key(sm, data,
"EXPORTER_EAP_TLS_Session-Id", /* Session-Id = <EAP-Type> || Method-Id
64); * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
* "", 64)
*/
*len = 1 + 64;
id = os_malloc(*len);
if (!id)
return NULL;
method_id = eap_peer_tls_derive_key(
sm, data, "EXPORTER_EAP_TLS_Method-Id", 64);
if (!method_id) {
os_free(id);
return NULL;
}
id[0] = eap_type;
os_memcpy(id + 1, method_id, 64);
os_free(method_id);
return id;
} }
if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys) || if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys) ||

View File

@ -146,10 +146,26 @@ u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
u8 *out; u8 *out;
if (eap_type == EAP_TYPE_TLS && data->tls_v13) { if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
*len = 64; u8 *id, *method_id;
return eap_server_tls_derive_key(sm, data,
"EXPORTER_EAP_TLS_Session-Id", /* Session-Id = <EAP-Type> || Method-Id
64); * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
* "", 64)
*/
*len = 1 + 64;
id = os_malloc(*len);
if (!id)
return NULL;
method_id = eap_server_tls_derive_key(
sm, data, "EXPORTER_EAP_TLS_Method-Id", 64);
if (!method_id) {
os_free(id);
return NULL;
}
id[0] = eap_type;
os_memcpy(id + 1, method_id, 64);
os_free(method_id);
return id;
} }
if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys)) if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys))