aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-01-05 16:00:26 (GMT)
committerJouni Malinen <j@w1.fi>2019-01-05 16:00:26 (GMT)
commitaae0eece5f9629077bd1a4e686e1a6404205e2c9 (patch)
tree24dd1b18379aa34b6e24509b033d6e6bbe4a03ea
parent67e34a284a80e497cb5099b0248042d285cca50d (diff)
downloadhostap-aae0eece5f9629077bd1a4e686e1a6404205e2c9.zip
hostap-aae0eece5f9629077bd1a4e686e1a6404205e2c9.tar.gz
hostap-aae0eece5f9629077bd1a4e686e1a6404205e2c9.tar.bz2
EAP-TLS: Update Session-Id derivation with TLS v1.3
Move to the version used in draft-ietf-emu-eap-tls13-03.txt, i.e., include the 0x0D prefix and use a different TLS-Exporter() label string. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/eap_peer/eap_tls_common.c24
-rw-r--r--src/eap_server/eap_server_tls_common.c24
2 files changed, 40 insertions, 8 deletions
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 8641a2f..7dbd364 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -396,10 +396,26 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
u8 *out;
if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
- *len = 64;
- return eap_peer_tls_derive_key(sm, data,
- "EXPORTER_EAP_TLS_Session-Id",
- 64);
+ u8 *id, *method_id;
+
+ /* Session-Id = <EAP-Type> || Method-Id
+ * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
+ * "", 64)
+ */
+ *len = 1 + 64;
+ id = os_malloc(*len);
+ if (!id)
+ return NULL;
+ method_id = eap_peer_tls_derive_key(
+ sm, data, "EXPORTER_EAP_TLS_Method-Id", 64);
+ if (!method_id) {
+ os_free(id);
+ return NULL;
+ }
+ id[0] = eap_type;
+ os_memcpy(id + 1, method_id, 64);
+ os_free(method_id);
+ return id;
}
if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys) ||
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 0ae7867..4ba7c24 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -146,10 +146,26 @@ u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
u8 *out;
if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
- *len = 64;
- return eap_server_tls_derive_key(sm, data,
- "EXPORTER_EAP_TLS_Session-Id",
- 64);
+ u8 *id, *method_id;
+
+ /* Session-Id = <EAP-Type> || Method-Id
+ * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
+ * "", 64)
+ */
+ *len = 1 + 64;
+ id = os_malloc(*len);
+ if (!id)
+ return NULL;
+ method_id = eap_server_tls_derive_key(
+ sm, data, "EXPORTER_EAP_TLS_Method-Id", 64);
+ if (!method_id) {
+ os_free(id);
+ return NULL;
+ }
+ id[0] = eap_type;
+ os_memcpy(id + 1, method_id, 64);
+ os_free(method_id);
+ return id;
}
if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys))