Add eap-tls key derivation in the examples.

Add support for eap-tls key derivation functionality, in `ssl_client2` and `ssl_server2` reference applications.
2019-05-12 11:03:32 +03:00 · 2019-05-12 11:03:32 +03:00 · b7fd64ce2b
commit b7fd64ce2b
parent c4d3ef4721
3 changed files with 193 additions and 2 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -168,6 +168,7 @@ int main( void )
 #define DFL_EXTENDED_MS         -1
 #define DFL_ETM                 -1
 #define DFL_CA_CALLBACK         0
+#define DFL_EAP_TLS             0

 #define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
    "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
@ -281,6 +282,13 @@ int main( void )
 #define USAGE_TICKETS ""
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */

+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+#define USAGE_EAP_TLS                                       \
+    "    eap_tls=%%d          default: 0 (disabled)\n"
+#else
+#define USAGE_EAP_TLS ""
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
 #if defined(MBEDTLS_SSL_CACHE_C)
 #define USAGE_CACHE                                             \
    "    cache_max=%%d        default: cache default (50)\n"    \
@ -442,6 +450,7 @@ int main( void )
    "    exchanges=%%d        default: 1\n"                 \
    "\n"                                                    \
    USAGE_TICKETS                                           \
+    USAGE_EAP_TLS                                           \
    USAGE_CACHE                                             \
    USAGE_MAX_FRAG_LEN                                      \
    USAGE_TRUNC_HMAC                                        \
@ -563,10 +572,44 @@ struct options
    int dtls_mtu;               /* UDP Maximum tranport unit for DTLS       */
    int dgram_packing;          /* allow/forbid datagram packing            */
    int badmac_limit;           /* Limit of records with bad MAC            */
+    int eap_tls;                /* derive EAP-TLS keying material?          */
 } opt;

 int query_config( const char *config );

+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+typedef struct eap_tls_keys
+{
+    unsigned char master_secret[48];
+    unsigned char randbytes[64];
+    mbedtls_ssl_tls_prf *tls_prf;
+} eap_tls_keys;
+
+static int eap_tls_key_derivation ( void *p_expkey,
+                                    const unsigned char *ms,
+                                    const unsigned char *kb,
+                                    size_t maclen,
+                                    size_t keylen,
+                                    size_t ivlen,
+                                    mbedtls_ssl_tls_prf *tls_prf,
+                                    unsigned char client_random[32],
+                                    unsigned char server_random[32] )
+{
+    eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
+
+    ( ( void ) kb );
+    ( ( void ) maclen );
+    ( ( void ) keylen );
+    ( ( void ) ivlen );
+    memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
+    memcpy( keys->randbytes, client_random, 32 );
+    memcpy( keys->randbytes + 32, server_random, 32 );
+    keys->tls_prf = tls_prf;
+
+    return( 0 );
+}
+#endif
+
 static void my_debug( void *ctx, int level,
                      const char *file, int line,
                      const char *str )
@ -1444,6 +1487,12 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_status_t status;
 #endif
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+    unsigned char eap_tls_keymaterial[16];
+    unsigned char eap_tls_iv[8];
+    const char* eap_tls_label = "client EAP encryption";
+    eap_tls_keys eap_tls_keying;
+#endif

 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
    mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
@ -1585,6 +1634,7 @@ int main( int argc, char *argv[] )
    opt.badmac_limit        = DFL_BADMAC_LIMIT;
    opt.extended_ms         = DFL_EXTENDED_MS;
    opt.etm                 = DFL_ETM;
+    opt.eap_tls             = DFL_EAP_TLS;

    for( i = 1; i < argc; i++ )
    {
@ -1975,6 +2025,12 @@ int main( int argc, char *argv[] )
        {
            return query_config( q );
        }
+        else if( strcmp( p, "eap_tls" ) == 0 )
+        {
+            opt.eap_tls = atoi( q );
+            if( opt.eap_tls < 0 || opt.eap_tls > 1 )
+                goto usage;
+        }
        else
            goto usage;
    }
@ -2537,6 +2593,12 @@ int main( int argc, char *argv[] )
        mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
 #endif

+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+    if( opt.eap_tls != 0 )
+        mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
+                                             &eap_tls_keying );
+#endif
+
 #if defined(MBEDTLS_SSL_ALPN)
    if( opt.alpn_string != NULL )
        if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
@ -3117,6 +3179,40 @@ handshake:
    }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+    if( opt.eap_tls != 0 &&
+        eap_tls_keying.tls_prf != NULL )
+    {
+        size_t j = 0;
+        eap_tls_keying.tls_prf( eap_tls_keying.master_secret,
+                                sizeof( eap_tls_keying.master_secret ),
+                                eap_tls_label,
+                                eap_tls_keying.randbytes,
+                                sizeof( eap_tls_keying.randbytes ),
+                                eap_tls_keymaterial,
+                                sizeof( eap_tls_keymaterial ) );
+        mbedtls_printf( "    EAP-TLS key material is:" );
+        for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ )
+        {
+            if( j % 8 == 0 )
+                mbedtls_printf("\n    ");
+            mbedtls_printf("%02x ", eap_tls_keymaterial[j] );
+        }
+        mbedtls_printf("\n");
+
+        eap_tls_keying.tls_prf( NULL, 0, eap_tls_label, eap_tls_keying.randbytes,
+                                sizeof( eap_tls_keying.randbytes ), eap_tls_iv,
+                                sizeof( eap_tls_iv  ) );
+        mbedtls_printf( "    EAP-TLS IV is:" );
+        for( j = 0; j < sizeof( eap_tls_iv ); j++ )
+        {
+            if( j % 8 == 0 )
+                mbedtls_printf("\n    ");
+            mbedtls_printf("%02x ", eap_tls_iv[j] );
+        }
+        mbedtls_printf("\n");
+    }
+#endif
    if( opt.exchanges == 0 )
        goto close_notify;