[9fans] libsec tls extension: computation of session key?

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Axel Belinfante <Axel.Belinfante@cs.utwente.nl>
To: 9fans@cse.psu.edu
Subject: [9fans] libsec tls extension: computation of session key?
Date: Fri, 12 Aug 2005 10:21:52 +0200	[thread overview]
Message-ID: <200508120821.j7C8Lqq14607@zamenhof.cs.utwente.nl> (raw)

the standard that describes the 802.1x eap-ttls method
discusses the computation of some 'keying material'
as result of the auth handshake.

this material is computed as:
   tls->sec->prf(resultBuf, resultLen,
                 tls->sec->sec, MasterSecretSize,
                 labelString,
                 tls->sec->crandom, RandomSize,
                 tls->sec->srandom, RandomSize );

where labelString is a string prescribed by the protocol,
and resultBuf is the buffer to be holding the result of resultLen.

Either we can expose all details necessary for the computation,
or we can just do the computation and only expose the result.
I have done the latter, by adding resultBuf, resultLen, and
labelString to the TLSconn struct, and doing above computation
(and only doing it if the resultbuf pointer is non-nil)
near the end of the tlsClient function.

Is this a reasonable way of doing this?
If so, should I just submit a patch? (for tlshand.c and libsec.h)

on a related note: there is a minor decoding error in tlshand.c,
in the HCertificateRequest; I'll submit a separate patch.
our universities's server seems to computing some lenth field
of the HCertificateRequest erroneously, I could work around 
that by slightly relaxing size checking of HCertificateRequest;
I'll submit a separate patch for that, I guess...

Axel.

                 reply	other threads:[~2005-08-12  8:21 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200508120821.j7C8Lqq14607@zamenhof.cs.utwente.nl \
    --to=axel.belinfante@cs.utwente.nl \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).