On Jan 5, 2021, at 11:13 AM, Mohit Sethi M <mohit.m.se...@ericsson.com> wrote:
>
> Hi Alan,
>
> Cleaning up the email. The current draft says the exporter should be called
> once as:
>
>> Key_Material = TLS-Exporter("EXPORTER_EAP_TLS_Key_Material",
>> Type-Code, 128)
>>
> and then split the 128 into MSK (64) and EMSK (64). As said, from initial
> glance, it seems the exporter is called twice (once in eap_tls_get_emsk and
> once in eap_tls_getKey). Both the calls are with exactly the same context,
> context length, and labels. In getKey, the EMSK parts are cleared with
>> os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN);
> while in get_emsk, they are read with
>
>
>> os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN,
>>
>>
>> EAP_EMSK_LEN);
> Maybe we can live with this. But if exporter is called twice, we should use
> different labels as suggested by Martin?
Yes.
Perhaps as Joe suggested: EXPORTER_EAP_TLS_MSK and EXPORTER_EAP_TLS_EMSK,
which seem simple enough.
Alan DeKok.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
