Master key and Pairwise Master Key encryption

Khan Ferdous Wahid khanferdous.wahid at gmail.com
Mon Jul 19 20:47:07 CEST 2010 

Thank you Michael Lecuyer for such detailed description. I will look at
those RFCs.

/Khan

On Thu, Jul 15, 2010 at 5:45 PM, Michael Lecuyer <mjl at iterpacis.org> wrote:

> I'm not sure it would help you to know how the Master Keys are generated or
> encoded - it's not simple.
>
> It's a process involving the accumulated TLS handshake messages, random
> number generation, various sorts of key exchanges, cryptographic hashes, and
> the PRF function described in the TLS RFC's. Not really casual reading.
>
> TTLS and TLS use different TLS PRF (Pseudo-Random Function) labels to
> generate the key material. The MMPE RFC 3079 describes the generation of the
> master MPPE keys from the PRF and how the supplicant should use them. Some
> of us find this casual reading :)
>
> Encoding attribute data is done using a salt encoding described in RFC 2548
> with a Microsoft modification described in some MPPE RFC.
>
> The 'code' is scattered throughout the FR rlm source (those dealing with
> TLS and the many mschap's) and in the separate OpenSSL source dealing with
> SSL/TLS.
>
> However, in FR, it just automagically works.
>
> Khan Ferdous Wahid wrote:
>
>> Hi,
>> I want to know about the Master key (MK) encapsulation and Pairwise Master
>> key (PMK) generation during EAP-TLS or EAP-TTLS methods. When the supplicant
>> is authenticated, the server generates a MK and sends it in encrypted format
>> to the supplicant. How this MK (I think it is a random number) is encrypted?
>> Which algorithm is used and which parameters are included (input) to
>> disguise the MK? Then how the PMK is generated independently inside server
>> and supplicant? What algorithm and parameters are used to cryptically pass
>> the PMK to authenticator (Access point)? Please tell me clearly because I am
>> a newbie. Which source codes include these operations, where should I look?
>>
>> Thank you.
>>
>> /Khan
>>
>>
>> ------------------------------------------------------------------------
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100719/a91173ba/attachment.html>

More information about the Freeradius-Users mailing list