[Emu] Revised resolution for Erratum 5128

Thu, 29 Oct 2020 22:44:32 -0700 

I think this one is also done.  PR is here
https://github.com/emu-wg/teap-errata/pull/4.  Please comment on this
thread or PR if you think it still needs work:

Errata 5128: https://www.rfc-editor.org/errata/eid5128
Proposed State: Verified
Revision:

Section 5.2. says

 S-IMCK[0] = session_key_seed
  For j = 1 to n-1 do
       IMCK[j] = TLS-PRF(S-IMCK[j-1], "Inner Methods Compound Keys",
            IMSK[j], 60)
       S-IMCK[j] = first 40 octets of IMCK[j]
       CMK[j] = last 20 octets of IMCK[j]

where TLS-PRF is the PRF negotiated as part of TLS handshake [RFC5246].

It Should Say:

 S-IMCK[0] = session_key_seed
    For j = 1 to n-1 do
           IMCK[j] = the first 60 octets of TLS-PRF(S-IMCK[j-1],
              "Inner Methods Compound Keys", IMSK[j])
           S-IMCK[j] = first 40 octets of IMCK[j]
           CMK[j] = last 20 octets of IMCK[j]

    where "|" denotes concatenation and the TLS-PRF is defined in
    [RFC5246] as

        PRF(secret, label, seed) = P_<hash>(secret, label | seed).

    the secret is S-IMCK[j-1],  the label is
    "Inner Methods Compound Keys" consisting of the ASCII value for the
    label "Inner Methods Compound Keys" (without quotes),  the seed
    consists IMSK[j].

Section 5.4 Says:

  MSK  = TLS-PRF(S-IMCK[j], "Session Key Generating Function", 64)
  EMSK = TLS-PRF(S-IMCK[j],
       "Extended Session Key Generating Function", 64)

  where j is the number of the last successfully executed inner EAP method.

It should say:

      MSK = the first 64 octets of TLS-PRF(S-IMCK[j],
           "Session Key Generating Function")
      EMSK = the first 64 octets of TLS-PRF(S-IMCK[j],
           "Extended Session Key Generating Function")

      where "|" denotes concatenation and the TLS-PRF is defined in
      [RFC5246] as

        PRF(secret, label, seed) = P_<hash>(secret, label | seed).

     The secret is S-IMCK[j]  where j is the number of the last generated
     S-IMCK from section 5.2.  The label is is the ASCII value for the
     string without quotes.  The seed is empty (0 length) and omitted from
     the derivation.

Notes:

According to

RFC5246 The Transport Layer Security (TLS) Protocol Version 1.2

5. HMAC and the Pseudorandom Function

"TLS's PRF is created by applying P_hash to the secret as:

PRF(secret, label, seed) = P_<hash>(secret, label + seed)"

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to