Interesting, so it looks like EAP-MSCHAPv2 isn't fully defined except within a tunnel method, so its behavior is specific to the tunnel method...
> -----Original Message----- > From: emu-boun...@ietf.org [mailto:emu-boun...@ietf.org] On > Behalf Of pasi.ero...@nokia.com > Sent: Thursday, February 12, 2009 5:18 AM > To: bernard_ab...@hotmail.com; emu@ietf.org > Subject: Re: [Emu] Key derivation differences > > Bernard Aboba wrote: > > Are you suggesting that the version of EAP-MSCHAPv2 > described in the > > document differs in terms of the MSK/EMSK derivation? Or are you > > suggesting that further details are needed on how padding is > > accomplished with respect to ISK derivation? > > Hmm.. it seems the EAP-MSCHAPv2 specification (on > msdn.microsoft.com) itself does not really specify how the > MSK is derived. The spec says: > > 3.1.5.1 Master Session Key (MSK) Derivation > > Upon successful authentication, Extensible Authentication Protocol > Method for Microsoft CHAP derives the Master Session Key > ([RFC3748]), as specified in [RFC3079], section 3.3. > > But Section 3.3 of RFC 3079 is not about EAP. It does specify > how to calculate a 128-bit MasterKey, a 128-bit > MasterSendKey, a 128-bit MasterReceiveKey, a 128-bit > SendSessionKey, and a 128-bit ReceiveSessionKey. But how to > get an EAP MSK from those is not specified. > > The PEAP specification (also on msdn.microsoft.com) specifies > how to derive an "ISK" from MS-MPPE-Send-Key and > MS-MPPE-Recv-Key produced by the inner method (but not from > inner method MSK!). > > 3.1.5.6.2.2 Intermediate PEAP MAC Key (IPMK) and Compound > MAC Key (CMK) > [..] > Peer ISK = MS-MPPE-Send-Key | MS-MPPE-Recv-Key > Server ISK = MS-MPPE-Recv-Key | MS-MPPE-Send-Key > > So even PEAP seems to use both orders of send/recv keys... > > (But I agree that it wouldn't hurt to say which order is used > where.) > > Best regards, > Pasi > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
