PEAP key derivation Help required for 802.11i(802.1x)

Harsha gowda harsha.k.gowda
Fri Jul 10 13:12:58 PDT 2009 

I know HTTPS decryption with private key,
I want to know how can i derive final WPA2 key used between Authenticator
and Wireless client to exchange data after authentication

As per MS-PEAP standard say,
 PEAP Is like half TLS ,Means client does not have PKI infrastructure,
So The Pre-master-key is encrypted by client with Servers public key,

So both entity have

1)Client.hello.Random
2)Server.hello.Random
3)Client.Key-exchange.Pre-master-key

So i can derive master Key by below formula,

master_secret = PRF(pre_master_secret, "master secret", ClientHello.random +
ServerHello.random)


So master key can be used to derive Key-Block in TLS

key_block = PRF(master_secret, "Key Expannsion", server_random +
client_random);

But PEAP says we have to use "Client EAP Encryption" for PEAP v0 as below

key_block = PRF(master_secret, "Client EAP Encryption", server_random +
client_random);

The output of key block can be extracted as below

client_write_MAC_secret[SecurityParameters.hash_size]
server_write_MAC_secret[SecurityParameters.hash_size]
client_write_key[SecurityParameters.key_material_length]
server_write_key[SecurityParameters.key_material_length]
client_write_IV[SecurityParameters.IV_size]
server_write_IV[SecurityParameters.IV_size]

Assuming:
SecurityParameters.hash_size(MD5)=16 bytes
SecurityParameters.hash_size(SHA)=20 bytes


So my question is The TLS tunnel is encrypted decrypted using same keys as
TLS keys?

And how can i Derive WEP key,

Currently I am abled to Sniff packets and decrypt for HTTPS connection (TLS
V1.0),

Now i want to use my module to decrypt PEAP data (Phase2)
and Derive Final Key required to Decrypt the WPA2 session.

Also what all Paramaters are required to derive Pairwise Transient Key ?

Does Client random Number sent in Client hello message is same as CNounce ?

Thanks for replying My query

Thanks & Regards
Harsha Gowda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20090711/87aab4c7/attachment.htm

More information about the Hostap mailing list