Question about wpa_supplicant for 802.1x wired authentication

Jouni Malinen jkmaline
Wed Apr 6 19:25:47 PDT 2005

On Wed, Apr 06, 2005 at 06:45:03PM -0700, Sanchez, Ricardo J wrote:

> I have been using Xsupplicant with PEAP (MS-CHAP-v2) 
> in conjunction with hostapd (authenticator) and a Cisco ACS
> (Radius server) for testing authentication and 
> it all works fine. However, I want to experiment with
> the key hierarchy and have configured wpa_supplicant 
> to obtain the master keying information from Xsupplicant
> using a wired driver.

I do not understand fully what you are trying to do here.. Xsupplicant
can be used as an external EAP peer for wpa_supplicant, but that is not
needed (nor recommended anymore) and anyway, it would only be used for
WPA/WPA2, i.e., when 4-Way Handshake is used. There is not much point in
using this for wired authentication since wpa_supplicant would not
really be used for anything in that case. If you want to use Xsupplicant
for EAP, I don't see why you would use it with wpa_supplicant in case of
wired authentication.

> On the authenticator side, I have noticed that in the last
> Access-Accept message from Radius there are two "MS MPPE keys" 
> (MS MPPE Recv Key & MS MPPE Send Key) encrypted as Radius attributes. 

That's correct.

> The authenticator then performs a decryption of those keys
> and generates two 32-bytes unencrypted keys for peer encryption
> and EAP-server encryption.

I'm not sure what you mean with peer encryption and EAP-server
encryption, but yes, Authenticator does indeed decrypt the
MS-MPPE-{Recv,Send}-Key attributes.

> On the supplicant side, Xsupplicant derives keying information
> after the last EAP-SUCCESS message is received from the authenticator
> and pass it on to the wpa_supplicant. I have noticed that 
> this "master" key is 32 bytes long but it does not resemble in 
> any way any of the unencrypted MPPE keys residing in the authenticator.
> Isn't it true that the derived master key (or PMK) has to be the same
> on both supplicant and authenticator?

Yes, PMK does indeed need to be same.

> What is exactly used as PMK on the
> wpa_supplicant (w/ Xsupplicant) and on the hostapd (authenticator)? 
> Does the PMK passed to the wpa_supplicant goes thru 
> another transformation/manipulation to obtain the actual PMK that 
> matches the one on the authenticator?

No, it is supposed to be same. Anyway, I don't really see what you are
trying to do here, since PMK is not really used in case of wired
authentication.. It would be useful if you are setting data encryption
keys, e.g., with WPA/WPA2 or IEEE 802.1X EAPOL-Key frames.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list