PEAPv0 TLS 1.3 EMSK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In previous TLS versions (<= 1.3) the output of the PRF used for key derivation did not vary depending on the number of bytes generated.

i.e. if 32 bytes were requested from the PRF, then 64 bytes were requested, provided the other inputs were the same, the first 32 bytes of both values generated would be the same.

Requested 64 bytes, got 1b60d72a7084e51c4026157eadea8b9bd52afb78018b88739ed784f9d36ddb13a4cd5dfa6beac449819dbf94392b83d121ed62de5bfedd04346301b56f0d9a7d
Requested 96 bytes, got 1b60d72a7084e51c4026157eadea8b9bd52afb78018b88739ed784f9d36ddb13a4cd5dfa6beac449819dbf94392b83d121ed62de5bfedd04346301b56f0d9a7d20ea49fb3377bff735c0b79c87c4d5d8ae9fc6bf91facb0aae8f1aec1dff505a
Requested 97 bytes, got 1b60d72a7084e51c4026157eadea8b9bd52afb78018b88739ed784f9d36ddb13a4cd5dfa6beac449819dbf94392b83d121ed62de5bfedd04346301b56f0d9a7d20ea49fb3377bff735c0b79c87c4d5d8ae9fc6bf91facb0aae8f1aec1dff505a7f

With TLS 1.3 and HKDF, this is no longer the case.

Requested 64 bytes, got 487815c39caacd0bc41f5dbec4a72029b3f4f8a62f0025e081038a09ec1906926cfc53cc9ffeb97bd50bcf170020e934fa03e7c46b004ef903eba6fbd7d97af7
Requested 96 bytes, got 5d3f4be6a4e3586c5f49a657bdda80a1a0369d7166c9dbdea35fd83c4d80b7a76be32ec2ddd4212243dadfcee13a4d0717f082115ac8e2bed0b22342e6cbe9e934309c087103c7bcfe909b06c50afff5a51a38c992818bb672d050f1e71af710
Requested 97 bytes, got 4cc94b965994016b39d5c326b220484a1d81205c8d713c6f8cb89051aa5fe82ba86d160c2b141d87f014323fd3e18be986cfa6cb2b56125450fe9bd1174f00d60139c7161dc5f5acd67f3e05f0965cd38e15058ed5d205abd3970553de4a809324

This means when the EAP client and EAP server are deriving keying material, they must request the same number of bytes from the PRF.

For PEAPv0 The current FreeRADIUS code requests 128 bytes from the PRF to generate both a MSK and EMSK.
For PEAPv0 wpa_supplicant requests 64 bytes and does not generate MSK and EMSK values.

Because of the differing number of bytes requested from HKDF, the output of HKDF differs on the EAP-Client and EAP-Server.

Does anyone have any thoughts on solving this interoperability issue?

-Arran
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux