I'm running Mbed TLS as a core security library, in embedded platform. my application is used to connect to enterprise network using PEAPv0 with mschapv2 as phase2 authentication.
Following are the setup details server setup on Ubuntu
Eap Server : Free radius with version 3.0.15
openssl :1.0.2g
Ubuntu version : 16.04LTS
Client side setup
platform : Micro controller based platform
OS : FreeRTOS
I'm using TLSv1.2 with cipher-suite MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 / MBEDTLS_TLS_ECDHE_WITH_AES_256_GCM_SHA384 and im taking help of inbuilt tls-prf function for the mentioned cipher suites and it uses tls_prf_sha384 function, what i found is the MPPE key generated at client side and server side is not matching.
But when i use MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA256 / MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA which intern uses tls_prf_sha256, what i found is MPPE key generated is matching at both end
However as per TLS v1.2 RFC, provision has been made to dynamically select the cipher-suite based on the client-server negotiation. but in case of less than TLSv1.2 it uses tls1_prf function.
When i looking into openssl code, freeradius and wpa_supplicant code it uses the function SSL_export_keying_material . Then alos im Not able to find the implementation difference wrt openssl "SSL_export_keying_material" function and the Mbedtls "tls_prf".
May i know what else im missing.
