PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

Support for (EAP-TLS) RFC 5216 to generate key_material

Feb 17, 2017 05:49
Rohan Ghige


Currently mbedTLS has support to export keys, master secret using callback function. User need to define MBEDTLS_SSL_EXPORT_KEYS and register callback function for exporting using api 'mbedtls_ssl_conf_export_keys_cb'.

But for EAP-TLS, I need 'key_material' which is generated from master secret and handshake randbytes with label 'client EAP encryption' (ref. RFC 5216: https://www.ietf.org/rfc/rfc5216.txt). But mbedTLS does have support to generate this key_material.

I created patch for that, in which key_material will generated with the same method as keyblk (ref: library/ssl_tls.c:658), difference in the label only, and before handshake randbytes gets swapped. This can be exported instead of keyblk.

Is this correct approach for this.

Feb 19, 2017 14:43
Ron Eldor

Hi Rohan,
Without looking at your change, it seems that your patch should work, depending where you put this change. Please note in the code:

     * Swap the client and server random values.
    memcpy( tmp, handshake->randbytes, 64 );
    memcpy( handshake->randbytes, tmp + 32, 32 );
    memcpy( handshake->randbytes + 32, tmp, 32 );
    mbedtls_zeroize( tmp, sizeof( tmp ) );

the client and server random bytes are being swapped, according to rfc5246, which is not the order of random values needed for 'key_material' according to rfc5216.
As a general note, if you want a feature request, we recommend you request it in the github issues, so it could be better addressed by the community, and also create a PR, for it to be contributed, and better reviewed.
mbed TLS Team member