Re: Questions about source code
Hao Wang wrote:
1. In which variable (and in which file) in the source code is the session key (or TEK) stored after successful authentication? TEK? What's that?
By TEK I meant traffic encryption key, which is used to encrypt the message transfered. And which session key are you referring to? I meant the key used to encrypt the messages transfered between the authentication server and the client. However, all I need is just anything that was created "after" a successful authentication in both the client and the authentication server side, not necessarily the session key. I simply need to use something agreed by both sides.
I have to use it. In the src/modules/rlm_eap/libeap/eapcrypto.c file, eapsim_calculate_keys() produces 4 other keys after ek->master_key is calculated. Is one of them used as the session key? And where is the session key if PAP authentication is used?
If you're not sure... it would be best to go read the specifications. They define what the session key is.
2. What symmetric-key encryption/decryption algorithm (like AES, Twofish, or others) is used? And where is it in the source code?
It's not. FreeRADIUS uses OpenSSL, which implements all of the encryption code.
3. If I want to generate a key from a random integer, is it proper to use SHA-1? Go read the specifications to see how the keys are supposed to be generated.
A specification is what I seek for. Where can I find it? The Wiki and the comment in the source code are not detailed enough for me. I am not able to find the answer of my questions above in both of them. Thanks for your help. Hao Wang
Hao Wang wrote:
By TEK I meant traffic encryption key, which is used to encrypt the message transfered.
Which message? The RADIUS packet? If so, the common term is not "TEK", but "shared secret". Please don't invent phrases or acronyms to describe things. It wastes everyone's time.
And which session key are you referring to?
I meant the key used to encrypt the messages transfered between the authentication server and the client.
Do you mean supplicant? i.e. PC running Windows? It's not normally called "client".
However, all I need is just anything that was created "after" a successful authentication in both the client and the authentication server side, not necessarily the session key. I simply need to use something agreed by both sides.
Something... for what?
A specification is what I seek for. Where can I find it? The Wiki and the comment in the source code are not detailed enough for me. I am not able to find the answer of my questions above in both of them.
Specification to do... what? Perhaps part of the reason why you can't find specifications is you're using the wrong words to describe things. Please go read a few 802.1X "howtos" or guides to learn how it works, and what the common terminology is. Alan DeKok.
participants (2)
-
Alan DeKok -
Hao Wang