Re: [Emu] Key derivation differences

Wed, 11 Feb 2009 14:58:17 -0800

Earlier, I felt like asking if there were any independently developed implementations of EAP-FAST, now I see one.

And we see what gets discovered when you attempt interoperabilty testing with real running code.
Dave.


Feb 11, 2009 05:13:19 PM, j...@w1.fi wrote:

On Wed, Feb 11, 2009 at 01:29:34PM -0800, Bernard Aboba wrote:

> Are you suggesting that the version of EAP-MSCHAPv2 described in the document differs in terms
> of the MSK/EMSK derivation?  Or are you suggesting that further details are needed on how padding
> is accomplished with respect to ISK derivation?  

Former (for MSK part) as far as using EAP-MSCHAPv2 inside EAP-FAST is
concerned (the document itself does not describe EAP-MSCHAPv2 MSK
derivation).

> In general, ISK derivation doesn't relate to an EAP method so much as the tunneling method that
> utilizes the keys exported by the inner method.  So if the issue is purely in the ISKs, then this
> doesn't really relate to EAP-FAST-MSCHAPv2 or EAP-MSCHAPv2 so much as to EAP-FAST
> provisioning mechanism.

What I noticed when implementing EAP-FAST and cryptobinding support for
EAP-PEAPv0 is that I have to swap the order of MS-MPPE send/recv keys
(i.e., swap octets 0..15 with 16..31) of the MSK from EAP-MSCHAPv2
between PEAPv0 and EAP-FAST uses in order to interoperate with other
implementations.

In other words, EAP-FAST and EAP-PEAPv0(with cryptobinding) seem to use
different derivation of ISK when using EAP-MSCHAPv2 as the inner method.
I do not see need for similar swapping of the ISK octets with EAP-TLS as
the inner method, so I would assume the difference is indeed in how the
EAP-MSCHAPv2 MSK derivation is defined. After reviewing the description
of the MS-CHAPv2 key derivation, I think I ended up agreeing with the
way this is done in PEAPv0+cryptobinding and the order used in deployed
EAP-FAST implementations would thus not match with the EAP-MSCHAPv2
definition for MSK derivation.

--
Jouni Malinen                                            PGP id EFC895FA
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to