I'm not sure it would help you to know how the Master Keys are generated
or encoded - it's not simple.
It's a process involving the accumulated TLS handshake messages, random
number generation, various sorts of key exchanges, cryptographic hashes,
and the PRF function described in the TLS RFC's. Not really casual reading.
TTLS and TLS use different TLS PRF (Pseudo-Random Function) labels to
generate the key material. The MMPE RFC 3079 describes the generation of
the master MPPE keys from the PRF and how the supplicant should use
them. Some of us find this casual reading :)
Encoding attribute data is done using a salt encoding described in RFC
2548 with a Microsoft modification described in some MPPE RFC.
The 'code' is scattered throughout the FR rlm source (those dealing with
TLS and the many mschap's) and in the separate OpenSSL source dealing
with SSL/TLS.
However, in FR, it just automagically works.
Khan Ferdous Wahid wrote:
Hi,
I want to know about the Master key (MK) encapsulation and Pairwise
Master key (PMK) generation during EAP-TLS or EAP-TTLS methods. When the
supplicant is authenticated, the server generates a MK and sends it in
encrypted format to the supplicant. How this MK (I think it is a random
number) is encrypted? Which algorithm is used and which parameters are
included (input) to disguise the MK? Then how the PMK is generated
independently inside server and supplicant? What algorithm and
parameters are used to cryptically pass the PMK to authenticator (Access
point)? Please tell me clearly because I am a newbie. Which source codes
include these operations, where should I look?
Thank you.
/Khan
------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
