/** * RFC 4851 section 5.2 - Intermediate Compound Key Derivations */ static void eap_fast_update_icmk(REQUEST *request, tls_session_t *tls_session, uint8_t *msk) { eap_fast_tunnel_t *t = talloc_get_type_abort(tls_session->opaque, eap_fast_tunnel_t); uint8_t imck[EAP_FAST_SIMCK_LEN + EAP_FAST_CMK_LEN]; RDEBUG2("Updating ICMK"); T_PRF(t->s_imck, EAP_FAST_SIMCK_LEN, "Inner Methods Compound Keys", msk, 32, imck, sizeof(imck)); //-V512 memcpy(t->s_imck, imck, EAP_FAST_SIMCK_LEN); RHEXDUMP(L_DBG_LVL_MAX, t->s_imck, EAP_FAST_SIMCK_LEN, "S-IMCK[j]"); memcpy(t->cmk, &imck[EAP_FAST_SIMCK_LEN], EAP_FAST_CMK_LEN); RHEXDUMP(L_DBG_LVL_MAX, t->cmk, EAP_FAST_CMK_LEN, "CMK[j]"); t->imck_count++; /* * Calculate MSK/EMSK at the same time as they are coupled to ICMK * * RFC 4851 section 5.4 - EAP Master Session Key Generation */ t->msk = talloc_array(t, uint8_t, EAP_FAST_KEY_LEN); T_PRF(t->s_imck, EAP_FAST_SIMCK_LEN, "Session Key Generating Function", NULL, 0, t->msk, EAP_FAST_KEY_LEN); RHEXDUMP(L_DBG_LVL_MAX, t->msk, EAP_FAST_KEY_LEN, "MSK"); t->emsk = talloc_array(t, uint8_t, EAP_EMSK_LEN); T_PRF(t->s_imck, EAP_FAST_SIMCK_LEN, "Extended Session Key Generating Function", NULL, 0, t->emsk, EAP_EMSK_LEN); RHEXDUMP(L_DBG_LVL_MAX, t->emsk, EAP_EMSK_LEN, "EMSK"); }
static void eap_fast_session_ticket(tls_session_t *tls_session, uint8_t *client_random, uint8_t *server_random, uint8_t *secret, int *secret_len) { eap_fast_tunnel_t *t = (eap_fast_tunnel_t *) tls_session->opaque; uint8_t seed[2 * SSL3_RANDOM_SIZE]; rad_assert(t->pac.key); memcpy(seed, server_random, SSL3_RANDOM_SIZE); memcpy(&seed[SSL3_RANDOM_SIZE], client_random, SSL3_RANDOM_SIZE); T_PRF(t->pac.key, PAC_KEY_LENGTH, "PAC to master secret label hash", seed, sizeof(seed), secret, SSL_MAX_MASTER_KEY_LENGTH); *secret_len = SSL_MAX_MASTER_KEY_LENGTH; }