3.1.5.7 Key Management

Article
04/23/2024

PEAP methods MUST generate MPPE keys as follows.

If a PEAP server and PEAP peer have successfully exchanged cryptobinding TLVs, then the keys are generated as follows:

The Compound Session Key (CSK) is derived with the following equation.
```
 CSK = PRF+ (IPMK, "Session Key Generating Function", 128)
```
The output length of the CSK MUST be 128 bytes. IPMK and PRF+ function is defined in section 3.1.5.5.2.2.

For the seed value for the PRF+ function for the CSK, an implementation MUST create a byte array containing the ASCII values for the string "Session Key Generating Function" appended with a NULL(0x00) byte.

The first 64 bytes of the CSK are split into two MPPE keys, as follows.

	First 32 bytes of CSK	Second 32 bytes of CSK
PEAP peer	MS-MPPE-Send-Key	MS-MPPE-Recv-Key
PEAP server	MS-MPPE-Recv-Key	MS-MPPE-Send-Key

When an endpoint (either a PEAP server or PEAP peer) is incapable of sending cryptobinding TLVs, and the other endpoint is configured to accept such authentications, then the keys are obtained from the first 64 octets of the Key_Material, as specified in [RFC5216]: TLS-PRF-128 (master secret, "clientEAP encryption", client.random || server.random).

	First 32 bytes of Key_Material	Second 32 bytes of Key_Material
PEAP peer	MS-MPPE-Send-Key	MS-MPPE-Recv-Key
PEAP server	MS-MPPE-Recv-Key	MS-MPPE-Send-Key

Partager via

3.1.5.7 Key Management

Ressources supplémentaires