PMK derivation in Host AP (wpa_supplicant)
Manoj Verma, Noida
manojv
Mon Sep 6 23:46:09 PDT 2004
> -----Original Message-----
> From: hostap-bounces+manojv=noida.hcltech.com at shmoo.com [mailto:hostap-
> bounces+manojv=noida.hcltech.com at shmoo.com] On Behalf Of Jouni Malinen
> Sent: Tuesday, September 07, 2004 1:26 AM
> To: hostap at shmoo.com
> Subject: Re: PMK derivation in Host AP (wpa_supplicant)
>
> On Tue, Sep 07, 2004 at 01:16:56AM +0530, Manoj Verma, Noida wrote:
>
> > I was trying to find out the exact place in the Host-AP code for the
> > derivation of PMK (256 bit) from the master secret key.
>
> Calling this "Host-AP code" is somewhat confusing, since apparently you
> are talking about wpa_supplicant..
[Manoj] Agree.
>
> > In function eap_ttls_process (), the master secret is passed as a
> parameter
> > to eap_tls_derive_key(), which internally user eap_prf() function, to
> get
> > the another key.
> >
> > My confusion is, the key above obtained is of length EAP_TLS_KEY_LEN
i.e.
> > 64, then where exactly the 256 bit PMK is derived in the code.
>
> Each EAP method that generates suitable keying data is expected to store
> this data in eapKeyData (struct eap_sm). Most methods, like TLS, TTLS,
> PEAP, SIM, generate more than 256 bits of keying material (e.g., MSK,
> EMSK, etc.). MSK is expected to start from the beginning of eapKeyData
> and first 256 bits of this is used as PMK for WPA/IEEE 802.11i.
>
[Manoj] If we see the file "eap_tls.c" the statement:
sm->eapKeyData = eap_tls_derive_key(..)
So just to confirm once again, if I take first 256 bits of sm->eapKeyData,
that is my PMK.
> --
> Jouni Malinen PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
More information about the Hostap
mailing list