From a80423b5210ba0a1e158ec2c1b5caf9206e87f59 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Tue, 1 May 2018 17:47:22 +0300
Subject: [PATCH] EAP-TLS server: MSK/EMSK derivation with TLS v1.3

Use new MSK/EMSK derivation mechanism if TLS v1.3 or newer is used per
draft-mattsson-eap-tls13-02.txt.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/eap_server/eap_server_tls.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 724985884..37ce4cc9f 100644
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -302,17 +302,22 @@ static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len)
 {
 	struct eap_tls_data *data = priv;
 	u8 *eapKeyData;
+	const char *label;
 
 	if (data->state != SUCCESS)
 		return NULL;
 
-	eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
-					       "client EAP encryption",
-					       EAP_TLS_KEY_LEN);
+	if (data->ssl.tls_v13)
+		label = "client EAP encryption KM";
+	else
+		label = "client EAP encryption";
+	eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label,
+					       EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
 	if (eapKeyData) {
 		*len = EAP_TLS_KEY_LEN;
 		wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived key",
 			    eapKeyData, EAP_TLS_KEY_LEN);
+		os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN);
 	} else {
 		wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive key");
 	}
@@ -325,12 +330,12 @@ static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
 {
 	struct eap_tls_data *data = priv;
 	u8 *eapKeyData, *emsk;
+	const char *label = "client EAP encryption";
 
 	if (data->state != SUCCESS)
 		return NULL;
 
-	eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
-					       "client EAP encryption",
+	eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label,
 					       EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
 	if (eapKeyData) {
 		emsk = os_malloc(EAP_EMSK_LEN);