Master key and Pairwise Master Key encryption
Michael Lecuyer
mjl at iterpacis.org
Thu Jul 15 17:45:55 CEST 2010
I'm not sure it would help you to know how the Master Keys are generated
or encoded - it's not simple.
It's a process involving the accumulated TLS handshake messages, random
number generation, various sorts of key exchanges, cryptographic hashes,
and the PRF function described in the TLS RFC's. Not really casual reading.
TTLS and TLS use different TLS PRF (Pseudo-Random Function) labels to
generate the key material. The MMPE RFC 3079 describes the generation of
the master MPPE keys from the PRF and how the supplicant should use
them. Some of us find this casual reading :)
Encoding attribute data is done using a salt encoding described in RFC
2548 with a Microsoft modification described in some MPPE RFC.
The 'code' is scattered throughout the FR rlm source (those dealing with
TLS and the many mschap's) and in the separate OpenSSL source dealing
with SSL/TLS.
However, in FR, it just automagically works.
Khan Ferdous Wahid wrote:
> Hi,
> I want to know about the Master key (MK) encapsulation and Pairwise
> Master key (PMK) generation during EAP-TLS or EAP-TTLS methods. When the
> supplicant is authenticated, the server generates a MK and sends it in
> encrypted format to the supplicant. How this MK (I think it is a random
> number) is encrypted? Which algorithm is used and which parameters are
> included (input) to disguise the MK? Then how the PMK is generated
> independently inside server and supplicant? What algorithm and
> parameters are used to cryptically pass the PMK to authenticator (Access
> point)? Please tell me clearly because I am a newbie. Which source codes
> include these operations, where should I look?
>
> Thank you.
>
> /Khan
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list