@ -325,13 +325,27 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
u8 * tk ;
u8 isk [ 32 ] , imck [ 60 ] ;
int res ;
const char * label ;
const u8 eap_tls13_context [ 1 ] = { EAP_TYPE_PEAP } ;
const u8 * context = NULL ;
size_t context_len = 0 ;
if ( data - > ssl . tls_v13 ) {
label = " EXPORTER_EAP_TLS_Key_Material " ;
context = eap_tls13_context ;
context_len = sizeof ( eap_tls13_context ) ;
} else {
/* TODO: PEAPv1 - different label in some cases */
label = " client EAP encryption " ;
}
/*
* Tunnel key ( TK ) is the first 60 octets of the key generated by
* phase 1 of PEAP ( based on TLS ) .
*/
tk = eap_server_tls_derive_key ( sm , & data - > ssl , " client EAP encryption " ,
NULL , 0 , EAP_TLS_KEY_LEN ) ;
tk = eap_server_tls_derive_key ( sm , & data - > ssl , label ,
context , context_len ,
EAP_TLS_KEY_LEN ) ;
if ( tk = = NULL )
return - 1 ;
wpa_hexdump_key ( MSG_DEBUG , " EAP-PEAP: TK " , tk , 60 ) ;
@ -1300,6 +1314,10 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
{
struct eap_peap_data * data = priv ;
u8 * eapKeyData ;
const char * label ;
const u8 eap_tls13_context [ 1 ] = { EAP_TYPE_PEAP } ;
const u8 * context = NULL ;
size_t context_len = 0 ;
if ( data - > state ! = SUCCESS )
return NULL ;
@ -1332,9 +1350,17 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
return eapKeyData ;
}
/* TODO: PEAPv1 - different label in some cases */
if ( data - > ssl . tls_v13 ) {
label = " EXPORTER_EAP_TLS_Key_Material " ;
context = eap_tls13_context ;
context_len = sizeof ( eap_tls13_context ) ;
} else {
/* TODO: PEAPv1 - different label in some cases */
label = " client EAP encryption " ;
}
eapKeyData = eap_server_tls_derive_key ( sm , & data - > ssl ,
" client EAP encryption " , NULL , 0 ,
label , context , context_len ,
EAP_TLS_KEY_LEN + EAP_EMSK_LEN ) ;
if ( eapKeyData ) {
os_memset ( eapKeyData + EAP_TLS_KEY_LEN , 0 , EAP_EMSK_LEN ) ;
@ -1353,6 +1379,10 @@ static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
{
struct eap_peap_data * data = priv ;
u8 * eapKeyData , * emsk ;
const char * label ;
const u8 eap_tls13_context [ 1 ] = { EAP_TYPE_PEAP } ;
const u8 * context = NULL ;
size_t context_len = 0 ;
if ( data - > state ! = SUCCESS )
return NULL ;
@ -1362,9 +1392,17 @@ static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
return NULL ;
}
/* TODO: PEAPv1 - different label in some cases */
if ( data - > ssl . tls_v13 ) {
label = " EXPORTER_EAP_TLS_Key_Material " ;
context = eap_tls13_context ;
context_len = sizeof ( eap_tls13_context ) ;
} else {
/* TODO: PEAPv1 - different label in some cases */
label = " client EAP encryption " ;
}
eapKeyData = eap_server_tls_derive_key ( sm , & data - > ssl ,
" client EAP encryption " , NULL , 0 ,
label , context , context_len ,
EAP_TLS_KEY_LEN + EAP_EMSK_LEN ) ;
if ( eapKeyData ) {
emsk = os_memdup ( eapKeyData + EAP_TLS_KEY_LEN , EAP_EMSK_LEN ) ;