Bernard Aboba wrote: > Are you suggesting that the version of EAP-MSCHAPv2 described in the > document differs in terms of the MSK/EMSK derivation? Or are you > suggesting that further details are needed on how padding is > accomplished with respect to ISK derivation?
Hmm.. it seems the EAP-MSCHAPv2 specification (on msdn.microsoft.com) itself does not really specify how the MSK is derived. The spec says: 3.1.5.1 Master Session Key (MSK) Derivation Upon successful authentication, Extensible Authentication Protocol Method for Microsoft CHAP derives the Master Session Key ([RFC3748]), as specified in [RFC3079], section 3.3. But Section 3.3 of RFC 3079 is not about EAP. It does specify how to calculate a 128-bit MasterKey, a 128-bit MasterSendKey, a 128-bit MasterReceiveKey, a 128-bit SendSessionKey, and a 128-bit ReceiveSessionKey. But how to get an EAP MSK from those is not specified. The PEAP specification (also on msdn.microsoft.com) specifies how to derive an "ISK" from MS-MPPE-Send-Key and MS-MPPE-Recv-Key produced by the inner method (but not from inner method MSK!). 3.1.5.6.2.2 Intermediate PEAP MAC Key (IPMK) and Compound MAC Key (CMK) [..] Peer ISK = MS-MPPE-Send-Key | MS-MPPE-Recv-Key Server ISK = MS-MPPE-Recv-Key | MS-MPPE-Send-Key So even PEAP seems to use both orders of send/recv keys... (But I agree that it wouldn't hurt to say which order is used where.) Best regards, Pasi _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
