/**
* RFC 4851 section 5.2 - Intermediate Compound Key Derivations
*/
static void eap_fast_update_icmk(REQUEST *request, tls_session_t *tls_session, uint8_t *msk)
{
eap_fast_tunnel_t *t = talloc_get_type_abort(tls_session->opaque, eap_fast_tunnel_t);
uint8_t imck[EAP_FAST_SIMCK_LEN + EAP_FAST_CMK_LEN];
RDEBUG2("Updating ICMK");
T_PRF(t->s_imck, EAP_FAST_SIMCK_LEN, "Inner Methods Compound Keys", msk, 32, imck, sizeof(imck)); //-V512
memcpy(t->s_imck, imck, EAP_FAST_SIMCK_LEN);
RHEXDUMP(L_DBG_LVL_MAX, t->s_imck, EAP_FAST_SIMCK_LEN, "S-IMCK[j]");
memcpy(t->cmk, &imck[EAP_FAST_SIMCK_LEN], EAP_FAST_CMK_LEN);
RHEXDUMP(L_DBG_LVL_MAX, t->cmk, EAP_FAST_CMK_LEN, "CMK[j]");
t->imck_count++;
/*
* Calculate MSK/EMSK at the same time as they are coupled to ICMK
*
* RFC 4851 section 5.4 - EAP Master Session Key Generation
*/
t->msk = talloc_array(t, uint8_t, EAP_FAST_KEY_LEN);
T_PRF(t->s_imck, EAP_FAST_SIMCK_LEN, "Session Key Generating Function", NULL, 0, t->msk, EAP_FAST_KEY_LEN);
RHEXDUMP(L_DBG_LVL_MAX, t->msk, EAP_FAST_KEY_LEN, "MSK");
t->emsk = talloc_array(t, uint8_t, EAP_EMSK_LEN);
T_PRF(t->s_imck, EAP_FAST_SIMCK_LEN, "Extended Session Key Generating Function", NULL, 0, t->emsk, EAP_EMSK_LEN);
RHEXDUMP(L_DBG_LVL_MAX, t->emsk, EAP_EMSK_LEN, "EMSK");
}
static void eap_fast_session_ticket(tls_session_t *tls_session, uint8_t *client_random,
uint8_t *server_random, uint8_t *secret, int *secret_len)
{
eap_fast_tunnel_t *t = (eap_fast_tunnel_t *) tls_session->opaque;
uint8_t seed[2 * SSL3_RANDOM_SIZE];
rad_assert(t->pac.key);
memcpy(seed, server_random, SSL3_RANDOM_SIZE);
memcpy(&seed[SSL3_RANDOM_SIZE], client_random, SSL3_RANDOM_SIZE);
T_PRF(t->pac.key, PAC_KEY_LENGTH, "PAC to master secret label hash",
seed, sizeof(seed), secret, SSL_MAX_MASTER_KEY_LENGTH);
*secret_len = SSL_MAX_MASTER_KEY_LENGTH;
}