From patchwork Mon Apr 15 17:05:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ervin Oro X-Patchwork-Id: 1085795 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=aalto.fi Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="mzFa2M2w"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=aalto.fi header.i=@aalto.fi header.b="mvdhqb3z"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44jZfb3Xhgz9s00 for ; Tue, 16 Apr 2019 03:06:47 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=GrpBgC/Bk2aG1Zx2as5WRJjiMEYy9YWd9YSsrwWjWYs=; b=mzFa2M2w3O5xhG GbZZxi2qAN9o/EK6djsvepkWOd5PWgm+7EK7GKBVfpGM2pdjTJfvgLHwrmGGn8oZYGf38aFd0D5vP 7EbmA8bOFuczBVasETVVv7CDUpstrbFsnzTFill4ztnyKvW7xaJ6ONrvqEMJ2aLV1qvw//tdi8Dov KDRb+DicY3tdkyfWY0XxDYzeSRgLce8PfEZoh5PVdjvsBwym5XDsOkU1+yPdqq4uc9SRgOJkEjYVF m/zxBCHOpIMb/Yb6TSSR5a545Y5wVguCBVUfMAzksWOYKc+rixfoO7tLE01tZpGIX/WebonTiLyHS 2umL6/hdyfihZtWdNDHg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hG547-0002Pi-C2; Mon, 15 Apr 2019 17:06:43 +0000 Received: from smtp-out-01.aalto.fi ([130.233.228.120]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hG542-0002HW-TQ for hostap@lists.infradead.org; Mon, 15 Apr 2019 17:06:41 +0000 Received: from smtp-out-01.aalto.fi (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id A61FA115512_CB4B8CBB; Mon, 15 Apr 2019 17:00:59 +0000 (GMT) Received: from exng1.org.aalto.fi (exng1.org.aalto.fi [130.233.223.20]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (Client CN "exng1.org.aalto.fi", Issuer "org.aalto.fi RootCA" (not verified)) by smtp-out-01.aalto.fi (Sophos Email Appliance) with ESMTPS id CC56F1154B2_CB4B8CAF; Mon, 15 Apr 2019 17:00:58 +0000 (GMT) Received: from exng5.org.aalto.fi (130.233.223.24) by exng1.org.aalto.fi (130.233.223.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Mon, 15 Apr 2019 20:06:27 +0300 Received: from DESKTOP-BM6EJS7.lan (130.233.0.5) by exng5.org.aalto.fi (130.233.223.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Mon, 15 Apr 2019 20:06:27 +0300 From: Ervin Oro To: Jouni Malinen Subject: [PATCH] Add Type-Code context to EAP_TLS 1.3 exported Key_Material and Method-Id Date: Mon, 15 Apr 2019 20:05:49 +0300 Message-ID: <20190415170549.16857-1-ervin.oro@aalto.fi> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190316173109.GA29788@w1.fi> References: <20190316173109.GA29788@w1.fi> MIME-Version: 1.0 X-Originating-IP: [130.233.0.5] X-ClientProxiedBy: exng1.org.aalto.fi (130.233.223.20) To exng5.org.aalto.fi (130.233.223.24) X-SASI-RCODE: 200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aalto.fi; h=from:to:cc:subject:date:message-id:in-reply-to:references:mime-version:content-type; s=its18; bh=6APuRVXpt+u9TIts1WVJfGRj+lRIvHRx8wWtXNYUL+c=; b=mvdhqb3z32WGgCzIkJw6xAibFXFKd0kDE+aFhjVzbRwmTRlto8HWaBy1tuRZRJ6Ax7ToxUV+F+l9nxHe9nQBTssT9wc2MhoK7Q9yB5ddRl3jJP7r1QwHd53ZcuhXi2iXy3W2a5BTO4wguqgpGNAHUUc6XCkTK2C/dF8MQE520ARdez5EoKhHTZc3fOpn9qQTXadAdlf0TXaOUS0s/MzMtEehBtC11zzrd6xH8vM1HryycDrnKssq3ala/EWzvFqQbMWSUYnDEKFCy1/YcvO+JVHyMjUx9B9GHlTzjzFiKKbEXA9S0BnZYgP2WKPhHB75vemRQQDmJKQNXrO9m/p0tw== X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190415_100639_484813_63DB127F X-CRM114-Status: UNSURE ( 9.99 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.5 (--) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-2.5 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [130.233.228.120 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ervin Oro , hostap@lists.infradead.org Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Change to require the Type-Code in context for Key_Material and Method-Id has now been published as draft-ietf-emu-eap-tls13-04. https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-04#section-2.3 Signed-off-by: Ervin Oro --- src/eap_peer/eap_tls.c | 7 ++++++- src/eap_peer/eap_tls_common.c | 5 +++-- src/eap_server/eap_server_tls.c | 24 ++++++++++++++++++------ src/eap_server/eap_server_tls_common.c | 5 +++-- 4 files changed, 30 insertions(+), 11 deletions(-) diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c index ffea9d213..c4ef11770 100644 --- a/src/eap_peer/eap_tls.c +++ b/src/eap_peer/eap_tls.c @@ -174,6 +174,9 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data, struct eap_method_ret *ret) { const char *label; + const u8 eap_tls13_context[] = {EAP_TYPE_TLS}; + const u8 *context = NULL; + size_t context_len = 0; wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); @@ -184,6 +187,8 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data, if (data->ssl.tls_v13) { label = "EXPORTER_EAP_TLS_Key_Material"; + context = eap_tls13_context; + context_len = 1; /* A possible NewSessionTicket may be received before * EAP-Success, so need to allow it to be received. */ @@ -198,7 +203,7 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data, eap_tls_free_key(data); data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label, - NULL, 0, + context, context_len, EAP_TLS_KEY_LEN + EAP_EMSK_LEN); if (data->key_data) { diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c index cb94c452e..5947c1539 100644 --- a/src/eap_peer/eap_tls_common.c +++ b/src/eap_peer/eap_tls_common.c @@ -407,14 +407,15 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm, /* Session-Id = || Method-Id * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id", - * "", 64) + * Type-Code, 64) */ *len = 1 + 64; id = os_malloc(*len); if (!id) return NULL; + const u8 context[] = {EAP_TYPE_TLS}; method_id = eap_peer_tls_derive_key( - sm, data, "EXPORTER_EAP_TLS_Method-Id", NULL, 0, 64); + sm, data, "EXPORTER_EAP_TLS_Method-Id", context, 1, 64); if (!method_id) { os_free(id); return NULL; diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c index 357e72a82..7e6854049 100644 --- a/src/eap_server/eap_server_tls.c +++ b/src/eap_server/eap_server_tls.c @@ -322,16 +322,22 @@ static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len) struct eap_tls_data *data = priv; u8 *eapKeyData; const char *label; + const u8 eap_tls13_context[] = {EAP_TYPE_TLS}; + const u8 *context = NULL; + size_t context_len = 0; if (data->state != SUCCESS) return NULL; - if (data->ssl.tls_v13) + if (data->ssl.tls_v13) { label = "EXPORTER_EAP_TLS_Key_Material"; - else + context = eap_tls13_context; + context_len = 1; + } else { label = "client EAP encryption"; + } eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label, - NULL, 0, + context, context_len, EAP_TLS_KEY_LEN + EAP_EMSK_LEN); if (eapKeyData) { *len = EAP_TLS_KEY_LEN; @@ -351,16 +357,22 @@ static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) struct eap_tls_data *data = priv; u8 *eapKeyData, *emsk; const char *label; + const u8 eap_tls13_context[] = {EAP_TYPE_TLS}; + const u8 *context = NULL; + size_t context_len = 0; if (data->state != SUCCESS) return NULL; - if (data->ssl.tls_v13) + if (data->ssl.tls_v13) { label = "EXPORTER_EAP_TLS_Key_Material"; - else + context = eap_tls13_context; + context_len = 1; + } else { label = "client EAP encryption"; + } eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label, - NULL, 0, + context, context_len, EAP_TLS_KEY_LEN + EAP_EMSK_LEN); if (eapKeyData) { emsk = os_malloc(EAP_EMSK_LEN); diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c index 0eca0ff77..ed67654e2 100644 --- a/src/eap_server/eap_server_tls_common.c +++ b/src/eap_server/eap_server_tls_common.c @@ -151,14 +151,15 @@ u8 * eap_server_tls_derive_session_id(struct eap_sm *sm, /* Session-Id = || Method-Id * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id", - * "", 64) + * Type-Code, 64) */ *len = 1 + 64; id = os_malloc(*len); if (!id) return NULL; + const u8 context[] = {EAP_TYPE_TLS}; method_id = eap_server_tls_derive_key( - sm, data, "EXPORTER_EAP_TLS_Method-Id", NULL, 0, 64); + sm, data, "EXPORTER_EAP_TLS_Method-Id", context, 1, 64); if (!method_id) { os_free(id); return NULL;