Changeset 610:a137913d9f88 in freeDiameter for extensions/app_diameap/plugins/eap_tls/eap_tls.c

Timestamp:

Dec 1, 2010, 6:19:54 PM (13 years ago)

Author:

Sebastien Decugis <sdecugis@nict.go.jp>

Branch:

default

Phase:

public

Message:

Added ability to extract the Extended MSK (EMSK) for future use

File:

• extensions/app_diameap/plugins/eap_tls/eap_tls.c (modified) (2 diffs)

extensions/app_diameap/plugins/eap_tls/eap_tls.c

@@ -50 +50 @@
                 struct eap_packet eapRespData);
 boolean eap_tls_isDone(struct eap_state_machine *smd);
-int eap_tls_getKey(struct eap_state_machine *smd, u8** key, int * keylen);
+int eap_tls_getKey(struct eap_state_machine *smd, u8** msk, int * msklen, u8** emsk, int * emsklen);
 void eap_tls_unregister(void);
 void eap_tls_free(void * data);
@@ -289 +289 @@
 }
 
-int eap_tls_getKey(struct eap_state_machine *smd, u8 ** key, int *keylen)
+int eap_tls_getKey(struct eap_state_machine *smd, u8 ** msk, int *msklen, u8 ** emsk, int *emsklen)
 {
         struct tls_data * data;
+        int len = emsk ? 128 : 64;
         data = (struct tls_data *) smd->methodData;
-        *key = malloc(64);
+        *msk = malloc(len);
         if (gnutls_prf(data->session, strlen("client EAP encryption"),
-                        "client EAP encryption", 0, 0, NULL, 64, (char *) *key)
+                        "client EAP encryption", 0, 0, NULL, len, (char *) *msk)
                         != GNUTLS_E_SUCCESS)
         {
-                free(*key);
-                *key = NULL;
-                *keylen = 0;
+                free(*msk);
+                *msk = NULL;
+                *msklen = 0;
                 return 1;
         }
         else
         {
-                *keylen = 64;
+                *msklen = 64;
+        }
+        if (emsk) {
+                *emsk = malloc(64);
+                memcpy(*emsk, (*msk)+64, 64);
+                memset((*msk)+64, 0, 64);
+                *emsklen = 64;
         }