Compartir a través de


3.1.5.5.2 Key Used in the Cryptobinding HMAC-SHA1-160 Operation

The key used by the HMAC-SHA1-160 operation to create the Compound MAC field is called the Compound MAC Key (CMK). The CMK MUST be constructed by following the steps specified later in this section. These steps produce the following intermediate values:

  • Tunnel key (TK): A 60-octet key generated by phase 1 of PEAP. For details, see section 3.1.5.5.2.1. The generated Tunnel Key is stored in the variable TunnelKey.

  • Inner Session Key (ISK): A 32-octet string generated from keys provided by the inner method (or 32 zero octets if the inner method does not provide keys), if PEAP did not resume an authentication using fast-reconnect (as specified in 3.1.5.5.2.2). An ISK is not generated in the case of fast-reconnect, because the Intermediate PEAP MAC Key (IPMK) is generated from TK (as specified in 3.1.5.5.2.2). The generated Inner Session Key is stored in the variable InnerSessionKey.

  • Intermediate PEAP MAC Key (IPMK): The intermediate combined key used to derive the Compound MAC (as specified in section 3.1.5.5.2.2).

  • IPMK Seed: The seed value used in the call to the PRF+ operation (for more information, see [RFC4306] section 2.13). For details, see section 3.1.5.5.2.2.