Expose MSK and EMSK

diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
index 4d2dd65..7b23676 100644 (file)
--- a/share/dictionary.freeradius.internal
+++ b/share/dictionary.freeradius.internal
@@ -194,6 +194,12 @@ VALUE      EAP-Session-Resumed             no                      0
 VALUE  EAP-Session-Resumed             yes                     1
 
 #
+#      Expose EAP keys in the reply.
+#
+ATTRIBUTE      EAP-MSK                                 1129    octets
+ATTRIBUTE      EAP-EMSK                                1130    octets
+
+#
 #      Range:  1200-1279
 #              EAP-SIM (and other EAP type) weirdness.
 #

diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c
index 4c0b841..f868a31 100644 (file)
--- a/src/modules/rlm_eap/libeap/mppe_keys.c
+++ b/src/modules/rlm_eap/libeap/mppe_keys.c
@@ -127,7 +127,7 @@ static void PRF(const unsigned char *secret, unsigned int secret_len,
 void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s,
                          const char *prf_label)
 {
-       unsigned char out[2*EAPTLS_MPPE_KEY_LEN], buf[2*EAPTLS_MPPE_KEY_LEN];
+       unsigned char out[4*EAPTLS_MPPE_KEY_LEN], buf[4*EAPTLS_MPPE_KEY_LEN];
        unsigned char seed[64 + 2*SSL3_RANDOM_SIZE];
        unsigned char *p = seed;
        size_t prf_size;
@@ -151,6 +151,9 @@ void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s,
        add_reply(reply_vps, "MS-MPPE-Recv-Key", p, EAPTLS_MPPE_KEY_LEN);
        p += EAPTLS_MPPE_KEY_LEN;
        add_reply(reply_vps, "MS-MPPE-Send-Key", p, EAPTLS_MPPE_KEY_LEN);
+
+       add_reply(reply_vps, "EAP-MSK", out, 64);
+       add_reply(reply_vps, "EAP-EMSK", out + 64, 64);
 }