How to derive EAP-TLS key material from TLS?

Neo Liu Mon, 30 May 2011 23:04:14 -0700

Hi, everyone,

I'm developing a EAP-TLS server using OpenSSL. I need to derive key material
from TLS session as described in RFC5216. Like the follow figure shows:


         |                             | pre_master_secret       |
   server|                          |                                   |
client
   Random|                      V                                   | Random
         |     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
         |     |
|      |
         +---->|             master_secret                       |<----+
         |     |
|      |
         |     |
|      |
         |     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+       |
         |                         |
        |
         V                       V
V
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|
|
   |                        MSK, EMSK
     |
   |               label == "client EAP encryption"
|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                    |                    |
     | MSK(0,31)   | MSK(32,63)  | EMSK(0,63)
     |                    |                    |
     |                    |                    |
    V                   V                  V

                     Figure 2 - EAP-TLS Key Hierarchy


How could I do this in OpenSSL?

Thanks

Neo LIu

How to derive EAP-TLS key material from TLS?

Reply via email to