Questions about source code

Hao Wang wanghau.ms89 at gmail.com
Mon Sep 22 19:11:20 CEST 2008


Hao Wang wrote:
> 1. In which variable (and in which file) in the source code is the
> session key (or TEK) stored after successful authentication?
 TEK?  What's that?

By TEK I meant traffic encryption key, which is used to encrypt the message
transfered.

 And which session key are you referring to?

I meant the key used to encrypt the messages transfered between the
authentication server and the client.
However, all I need is just anything that was created "after" a successful
authentication in both the client and the authentication server side, not
necessarily the session key. I simply need to use something agreed by both
sides.

> I have to
> use it. In the src/modules/rlm_eap/libeap/eapcrypto.c file,
> eapsim_calculate_keys() produces 4 other keys after ek->master_key is
> calculated. Is one of them used as the session key? And where is the
> session key if PAP authentication is used?

 If you're not sure... it would be best to go read the specifications.
 They define what the session key is.

> 2. What symmetric-key encryption/decryption algorithm (like AES,
> Twofish, or others) is used? And where is it in the source code?

 It's not.  FreeRADIUS uses OpenSSL, which implements all of the
encryption code.

> 3. If I want to generate a key from a random integer, is it proper to
> use SHA-1?
 Go read the specifications to see how the keys are supposed to be
generated.

A specification is what I seek for. Where can I find it? The Wiki and the
comment in the source code are not detailed enough for me. I am not able to
find the answer of my questions above in both of them.

Thanks for your help.

Hao Wang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20080923/863f4a7e/attachment.html>


More information about the Freeradius-Devel mailing list