EAP-TEAP Compound MAC calculation

Suriya Shankar suriya.dshankar at gmail.com
Wed Aug 16 20:01:18 UTC 2023


I am trying to calculate the Compound MAC for EAP-TEAP. But the description
in the rfc 7170 is bit confusing

Section 4.2.13 mentions both the MSK and EMSK Compound MAC is either Server
MAC or Client MAC (not sure what exactly are those).
Section 5.3 gives the calculation where we have to zero out both MSK and
EMSK Compound MAC and apply the MAC function to calculate the Compound MAC.

   - What's the resultant Compound MAC we get from trying section 5.3 (MSK
   or EMSK Compound MAC)
   - What algorithm should we use? The document adds to consider TLS 1.2
   rfc 5246 where the recommended algorithm is HMAC 256 that results in 32
   octet digest instead of the expected 20 octet one.

Could any please help me in understanding the Compound MAC calculation or
guide me in the right direction


More information about the Freeradius-Devel mailing list