a 802.1x-ttls supplicant (client) needs to compute a
session-key using material gathered in the tls handshake:
the prf, master secret, client-random and server-random.
Either all these have to be exposed to the user,
or the session-key computation has to be done as part
of the tls handshake. I'm suggesting to do the latter here,
by extending the TLSconn.

As far as I can see, this change should not break any
existing code, although recompilation is needed.

I could imagine other situations where also a session-key
has to be computed, but in a different way.
I tried to cater for that by the sessionType field
which allows/forces the user to specify some kind of
computation scheme.

If there is a better way to do this please let me know
(I tried to get feedback via 9fans, without success).

Axel.

Reference: /n/sources/patch/applied/tlshand-session-key
Date: Fri Aug 19 22:37:58 CES 2005

--- /sys/include/libsec.h	Fri Aug 19 22:17:39 2005
+++ /sys/include/libsec.h	Fri Aug 19 22:17:37 2005
@@ -339,6 +339,10 @@
 	int certlen, sessionIDlen;
 	int (*trace)(char*fmt, ...);
 	PEMChain *chain; // optional extra certificate evidence for servers to present
+	char *sessionType;
+	uchar *sessionKey;
+	int sessionKeylen;
+	char *sessionConst;
 } TLSconn;
 
 // tlshand.c
--- /sys/src/libsec/port/tlshand.c	Fri Aug 19 22:17:53 2005
+++ /sys/src/libsec/port/tlshand.c	Fri Aug 19 22:17:49 2005
@@ -357,6 +357,8 @@
 	conn->sessionIDlen = tls->sid->len;
 	conn->sessionID = emalloc(conn->sessionIDlen);
 	memcpy(conn->sessionID, tls->sid->data, conn->sessionIDlen);
+	if(conn->sessionKey != nil && conn->sessionType != nil && strcmp(conn->sessionType, "ttls") ==0)
+		tls->sec->prf(conn->sessionKey, conn->sessionKeylen, tls->sec->sec, MasterSecretSize, conn->sessionConst,  tls->sec->crandom, RandomSize, tls->sec->srandom, RandomSize);
 	tlsConnectionFree(tls);
 	return data;
 }
@@ -408,6 +410,8 @@
 	conn->sessionIDlen = tls->sid->len;
 	conn->sessionID = emalloc(conn->sessionIDlen);
 	memcpy(conn->sessionID, tls->sid->data, conn->sessionIDlen);
+	if(conn->sessionKey != nil && conn->sessionType != nil && strcmp(conn->sessionType, "ttls") ==0)
+		tls->sec->prf(conn->sessionKey, conn->sessionKeylen, tls->sec->sec, MasterSecretSize, conn->sessionConst,  tls->sec->crandom, RandomSize, tls->sec->srandom, RandomSize);
 	tlsConnectionFree(tls);
 	return data;
 }
--- /sys/man/2/pushtls	Fri Aug 19 22:18:06 2005
+++ /sys/man/2/pushtls	Fri Aug 19 22:18:04 2005
@@ -96,6 +96,10 @@
       int certlen, sessionIDlen;
       void (*trace)(char*fmt, ...);
       PEMChain *chain;
+      char *sessionType;
+      uchar *sessionKey;
+      int sessionKeylen;
+      char *sessionConst;
    } TLSconn;
 .EE
 defined in
@@ -115,7 +119,13 @@
 is returned in
 .IR conn ,
 to be checked by the caller
-according to its needs.  One mechanism is supplied by
+according to its needs.
+A session key of length sessionKeylen will be computed
+in sessionKey (to be allocated by the user)
+using scheme sessionType and string sessionConst,
+if sessionType and sessionKey are non-nil.
+The only known sessionType is "ttls".
+One mechanism to check the remote's certificate is supplied by
 .I initThumbprints
 and
 .I freeThumbprints