Thank you Michael Lecuyer for such detailed description. I will look at those RFCs.
/Khan On Thu, Jul 15, 2010 at 5:45 PM, Michael Lecuyer <m...@iterpacis.org> wrote: > I'm not sure it would help you to know how the Master Keys are generated or > encoded - it's not simple. > > It's a process involving the accumulated TLS handshake messages, random > number generation, various sorts of key exchanges, cryptographic hashes, and > the PRF function described in the TLS RFC's. Not really casual reading. > > TTLS and TLS use different TLS PRF (Pseudo-Random Function) labels to > generate the key material. The MMPE RFC 3079 describes the generation of the > master MPPE keys from the PRF and how the supplicant should use them. Some > of us find this casual reading :) > > Encoding attribute data is done using a salt encoding described in RFC 2548 > with a Microsoft modification described in some MPPE RFC. > > The 'code' is scattered throughout the FR rlm source (those dealing with > TLS and the many mschap's) and in the separate OpenSSL source dealing with > SSL/TLS. > > However, in FR, it just automagically works. > > Khan Ferdous Wahid wrote: > >> Hi, >> I want to know about the Master key (MK) encapsulation and Pairwise Master >> key (PMK) generation during EAP-TLS or EAP-TTLS methods. When the supplicant >> is authenticated, the server generates a MK and sends it in encrypted format >> to the supplicant. How this MK (I think it is a random number) is encrypted? >> Which algorithm is used and which parameters are included (input) to >> disguise the MK? Then how the PMK is generated independently inside server >> and supplicant? What algorithm and parameters are used to cryptically pass >> the PMK to authenticator (Access point)? Please tell me clearly because I am >> a newbie. Which source codes include these operations, where should I look? >> >> Thank you. >> >> /Khan >> >> >> ------------------------------------------------------------------------ >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html