Support for (EAP-TLS) RFC 5216 to generate key_material
Currently mbedTLS has support to export keys, master secret using callback function. User need to define MBEDTLS_SSL_EXPORT_KEYS and register callback function for exporting using api 'mbedtls_ssl_conf_export_keys_cb'.
But for EAP-TLS, I need 'key_material' which is generated from master secret and handshake randbytes with label 'client EAP encryption' (ref. RFC 5216: https://www.ietf.org/rfc/rfc5216.txt). But mbedTLS does have support to generate this key_material.
I created patch for that, in which key_material will generated with the same method as keyblk (ref: library/ssl_tls.c:658), difference in the label only, and before handshake randbytes gets swapped. This can be exported instead of keyblk.
Is this correct approach for this.
Without looking at your change, it seems that your patch should work, depending where you put this change. Please note in the code:
/* * Swap the client and server random values. */ memcpy( tmp, handshake->randbytes, 64 ); memcpy( handshake->randbytes, tmp + 32, 32 ); memcpy( handshake->randbytes + 32, tmp, 32 ); mbedtls_zeroize( tmp, sizeof( tmp ) );
the client and server random bytes are being swapped, according to rfc5246, which is not the order of random values needed for 'key_material' according to rfc5216.
As a general note, if you want a feature request, we recommend you request it in the github issues, so it could be better addressed by the community, and also create a PR, for it to be contributed, and better reviewed.
mbed TLS Team member