Hello all,
In according to the EAP-TLS rfc(2716) section 5 (Key derivation)
I generate the 4 keys
first 32 bytes : peer encryption key
next 32 bytes : server encryption key
next 32 bytes: client auth key
last 32 bytes : server auth key
Now when I send the Radius packet (Access Accept) with the embedded EAP
Sucess
I also need to send the MPPE-Recv-Key and MPPE-Send-Key attributes.
for MPPE-Recv-Key I'm setting its value to the peer encryption key (i.e.
first 32 bytes)
and for MPPE-Send-Key the next 32 bytes.
On the ethereal dump on the client side I see that the cleint receves the
EAPOL keys.
However I'm unable to connect to the internet.
I suspect the keys that I'm sending to be wrong.
Could someone tell me if the values that I'm sending in the above 2
attributes correct?
Also do I need to encrypt these values?
Regards,
Avinash
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
