Question about wpa_supplicant for 802.1x wired authentication

Jouni Malinen jkmaline at cc.hut.fi
Fri Apr 8 00:51:59 EDT 2005


On Thu, Apr 07, 2005 at 01:50:53PM -0700, Sanchez, Ricardo J wrote:

> My setup is geared toward wired, not wireless, user authentication
> using 802.1X. After the user authentication completes, we go further
> and attempt to encrypt data over the supplicant/authenticator using 
> derived keying material. This is all experimental and not conventional
> setup, similar to 802.11i but in a different form, to perform 
> data encryption over the wired link between the supplicant/authenticator
> and using IEEE 802.1X EAPOL-Key frames to exchange the keying material.

OK, that makes it clear why you are interested in the PMK as part of
wired authentication.

> Assuming that our setup is configured for WPA on the supplicant, and
> forget
> wired authentication for a moment, my question is at what point should 
> I expect to have "equal" PMKs on both supplicant and authenticator? 

There's only one PMK, so it is "equal" all the time..

> Does the authenticator use the truncated 32-bytes of MS-MPPE-Recv-Key as
> the PMK? 

Yes, the first 32 bytes of MS-MPPE-Recv-Key are indeed used as the PMK.

> As for the supplicant, and assuming the keying material is obtained from
> Xsupplicant, 
> is the 32-bytes passed from the Xsupplicant as keying material used
> directly as 
> the PMK by wpa_supplicant? 

That's the way it is supposed to work. I have to admit that I haven't
tested this kind of configuration for a long time, so something may have
changed in the Xsupplicant implementation and the key delivery to
wpa_supplicant may not have been updated for that.

> Despite the fact that our setup uses wired authentication and I perform
> a successful user authentication session, I have yet to see equal PMKs
> at both end of the supplicant/authenticator link.

Here's an example output from different network components when using
EAP-PEAP/MSCHAPv2.

authentication server (hostapd as RADIUS server):

EAP-PEAP: Derived key - hexdump(len=64): c6 d4 52 df 1a 75 a9 cc 49 61
b3 ac a3 49 10 d7 38 b1 c3 ef dc 30 e4 11 85 cb f6 09 89 4b 01 d4 f1 62
7c 26 8d 87 5b 5c 75 db b6 94 ab 6a d1 c6 b3 67 1a 00 03 d3 b1 88 08 2e
d1 73 53 68 c0 0c

RADIUS SRV: Reply to 127.0.0.1:59396
RADIUS message: code=2 (Access-Accept) identifier=10 length=160
   Attribute 79 (EAP-Message) length=6
      Value: 03 0a 00 04
   Attribute 26 (Vendor-Specific) length=58
      Value: 00 00 01 37 10 34 a3 c6 32 cd 37 9a c3 3b be 92 5d 75 2e 8f
21 87 a2 cd 44 ad c0 b3 1a 8e 5e 8f 5d cc 26 dd 35 45 31 c7 c0 f0 d7 d4
fa 9c 9c 06 99 0f 64 4a 9e 4c 4d e4
   Attribute 26 (Vendor-Specific) length=58
      Value: 00 00 01 37 11 34 a3 c7 8f 54 78 41 0e eb d5 da c6 6e d7 b1
77 ac 79 ac 86 db 1a fe ad f7 94 e1 6e 4b a8 e6 26 6d 1e 1c ae be f7 23
d0 3f b7 04 ab 80 ee fc a1 e5 b1 8a
   Attribute 80 (Message-Authenticator) length=18
      Value: 3a 16 f1 87 54 ab 64 92 d4 71 1f 54 bc 4a c3 44


Authenticator (another hostapd process):

Received 160 bytes from RADIUS server
Received RADIUS message
MS-MPPE-Send-Key (len=32): f1 62 7c 26 8d 87 5b 5c 75 db b6 94 ab 6a d1
c6 b3 67 1a 00 03 d3 b1 88 08 2e d1 73 53 68 c0 0c
MS-MPPE-Recv-Key (len=32): c6 d4 52 df 1a 75 a9 cc 49 61 b3 ac a3 49 10
d7 38 b1 c3 ef dc 30 e4 11 85 cb f6 09 89 4b 01 d4


Supplicant (preauth_test; which is using the same code as wpa_supplicant
for this part of the authentication):

EAP-PEAP: Derived key - hexdump(len=64): c6 d4 52 df 1a 75 a9 cc 49 61
b3 ac a3 49 10 d7 38 b1 c3 ef dc 30 e4 11 85 cb f6 09 89 4b 01 d4 f1 62
7c 26 8d 87 5b 5c 75 db b6 94 ab 6a d1 c6 b3 67 1a 00 03 d3 b1 88 08 2e
d1 73 53 68 c0 0c


In other words, AS, Authenticator, and Supplicant got the same PMK (c6
d4 52 ... 01 d4). In case of AS and Supplicant, this was the key derived
during TLS handshake; in case of Authenticator, this was the key
decrypted from MS-MPPE-Recv-Key.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list