Mbed TLS is now part of TrustedFirmware.org.

MPPE key is not matching when we use tls-prf function for SHA38

Jan 10, 2018 14:25
mani teja

Hi Mbed TLS,

Thanks in-advance.

I'm running Mbed TLS as a core security library, in embedded platform. my application is used to connect to enterprise network using PEAPv0 with mschapv2 as phase2 authentication.

Following are the setup details server setup on Ubuntu Eap Server : Free radius with version 3.0.15 openssl :1.0.2g Ubuntu version : 16.04LTS Client side setup platform : Micro controller based platform OS : FreeRTOS

I'm using TLSv1.2 with cipher-suite MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 / MBEDTLS_TLS_ECDHE_WITH_AES_256_GCM_SHA384 and im taking help of inbuilt tls-prf function for the mentioned cipher suites and it uses tls_prf_sha384 function, what i found is the MPPE key generated at client side and server side is not matching.

But when i use MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA256 / MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA which intern uses tls_prf_sha256, what i found is MPPE key generated is matching at both end

However as per TLS v1.2 RFC, provision has been made to dynamically select the cipher-suite based on the client-server negotiation. but in case of less than TLSv1.2 it uses tls1_prf function.

When i looking into openssl code, freeradius and wpa_supplicant code it uses the function SSL_export_keying_material . Then alos im Not able to find the implementation difference wrt openssl "SSL_export_keying_material" function and the Mbedtls "tls_prf".

May i know what else im missing.

Thanks & Regards, Teja.

Jan 14, 2018 11:56
Ron Eldor

Hi mani,
To rule out the basics, please verify you have MBEDTLS_SHA512_C defined in your configuration file.
The key material is generated in mbedtls_ssl_derive_keys(). It should derive same key that is derived using SSL_export_keying_material().
If possible, you should check that the input parameters are same for both client and server, for example, you don't have a memory issue on your platform, the causes corruption in you buffer.
Mbed TLs Team member