PMK derivation in Host AP (wpa_supplicant)
Manoj Verma, Noida
manojv at noida.hcltech.com
Tue Sep 7 02:46:09 EDT 2004
> -----Original Message-----
> From: hostap-bounces+manojv=noida.hcltech.com at shmoo.com [mailto:hostap-
> bounces+manojv=noida.hcltech.com at shmoo.com] On Behalf Of Jouni Malinen
> Sent: Tuesday, September 07, 2004 1:26 AM
> To: hostap at shmoo.com
> Subject: Re: PMK derivation in Host AP (wpa_supplicant)
> On Tue, Sep 07, 2004 at 01:16:56AM +0530, Manoj Verma, Noida wrote:
> > I was trying to find out the exact place in the Host-AP code for the
> > derivation of PMK (256 bit) from the master secret key.
> Calling this "Host-AP code" is somewhat confusing, since apparently you
> are talking about wpa_supplicant..
> > In function eap_ttls_process (), the master secret is passed as a
> > to eap_tls_derive_key(), which internally user eap_prf() function, to
> > the another key.
> > My confusion is, the key above obtained is of length EAP_TLS_KEY_LEN
> > 64, then where exactly the 256 bit PMK is derived in the code.
> Each EAP method that generates suitable keying data is expected to store
> this data in eapKeyData (struct eap_sm). Most methods, like TLS, TTLS,
> PEAP, SIM, generate more than 256 bits of keying material (e.g., MSK,
> EMSK, etc.). MSK is expected to start from the beginning of eapKeyData
> and first 256 bits of this is used as PMK for WPA/IEEE 802.11i.
[Manoj] If we see the file "eap_tls.c" the statement:
sm->eapKeyData = eap_tls_derive_key(..)
So just to confirm once again, if I take first 256 bits of sm->eapKeyData,
that is my PMK.
> Jouni Malinen PGP id EFC895FA
> HostAP mailing list
> HostAP at shmoo.com
More information about the HostAP