On May 31, 2011, at 8:02 AM, Neo Liu wrote: > Hi, everyone, > > I'm developing a EAP-TLS server using OpenSSL. I need to derive key material > from TLS session as described in RFC5216. Like the follow figure shows: > > | | pre_master_secret | > server| | | > client > Random| V | Random > | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | > | | | > | > +---->| master_secret |<----+ > | | | > | > | | | > | > | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | > | | > | > V V V > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | > | > | MSK, EMSK > | > | label == "client EAP encryption" | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | | > | MSK(0,31) | MSK(32,63) | EMSK(0,63) > | | | > | | | > V V V > > Figure 2 - EAP-TLS Key Hierarchy > > > How could I do this in OpenSSL? What about using SSL_tls1_key_extractor()?
Best regards Michael > > Thanks > > Neo LIu ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
