> > RFC 5216 describes the relationship between the MSK and the receive > > and send keys (which was how the MSK was originally defined > > in RFC 2716): > > > > Enc-RECV-Key = MSK(0,31) = Peer to Authenticator Encryption Key > > (MS-MPPE-Recv-Key in [RFC2548]). Also known as the > > PMK in [IEEE-802.11]. > > Enc-SEND-Key = MSK(32,63) = Authenticator to Peer Encryption Key > > (MS-MPPE-Send-Key in [RFC2548] > > Right, but this formula assumes that MS-MPPE-Recv-Key and -Send-Key > are 32 bytes (256 bits). The keys produced by RFC 3079 Section 3.3 > are only 128 bits, so concatenating any two of them (in any order) > doesn't produce an EAP MSK (which is at least 64 octets).
Does the following more accurately describe what you are seeing? At the end of successful authentication, EAP-MSCHAPv2 derives two 16-byte MPPE keys as specified in [RFC3079] Section 3.3. The Master Session Key ([RFC3748]) is derived from the two MPPE keys as follows: MSK = 16-byte MPPE-Send-Key + 16 bytes zeroes (padding) + 16-byte MPPE-Receive-Key + 16 bytes zeroes (padding)
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
