|
Home > Archive > Radius Server > February 2007 > Require Info on EAP extension development for windows mobile
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Require Info on EAP extension development for windows mobile
|
|
|
| Hi,
We are developing an EAP module for the Windows Mobile 5.0 as per the
documentation provided at the MSDN site for the EAP extension development.
http://msdn2.microsoft.com/en-gb/library/aa363504.aspx
We succeeded in writing the whole EAP module. The whole EAP authentication
goes through well with the AAA server(RADIUS) with the extension dll we wrote
and we finally receive the outer EAP success, sent as part of the
Access-Accept from RADIUS, which indicates the EAP authentication has
succeeded. Now as per the documentation in MSDN, we are supposed to pass the
MPPE-Send key and MPPE-Recv Key from the RasEapMakeMessage function using the
pUserAttributes member of the pEapOutput structure in the final step. These
keys are supposed to be used in the EAPOL module in the 4way handshake for
the WPA MSK derivation.
But its not much clear on how the pUserAttributes is to be filled with these
keys. We filled in the pUserAttributes pointer from what we can make out from
the following MSDN link in the Remarks section at
http://msdn2.microsoft.com/en-gb/library/aa363518.aspx .
and another section that appears in the EAP Host documentation for Windows
Vista and XP on how MPPE keys are to be handled at
http://msdn2.microsoft.com/en-us/library/aa363636.aspx, which we think might
also be relevant for the EAP extension development. But they don't seem to
work.
We tried a lot of combinations but nothing seems to work. When we
sniffed/traced on Access Point's logs the supplicant doesn't seem to respond
to the EAPOL key request at all as part of the 4 way handshake for the WPA
key(MSK) generation.
There is int much help at the MSDN apart from the above. The following is
the code peice on how we filled in the fields, can anyone check if the code
and tell what is wrong with this and the correct way of doing it
The excerpts from the code is as follows:
typedef unsigned char u8;
struct vsa
{
u8 attr_type;
u8 length;
u8 salt[2];
u8 lenofkey;
u8 value[32];
u8 padding[15];
};
struct vsa mppe_send_key, mppe_recv_key;
char *pos = NULL;
// 1-MPPE-Send Key, 1-MPPE-Recv Key, 1-raatMinimum(for
termination)
lenofuserattr = 3 * sizeof(RAS_AUTH_ATTRIBUTE);
pEapOutput->pUserAttributes = (RAS_AUTH_ATTRIBUTE *) malloc(lenofuserattr);
pos = (u8 *) pEapOutput->pUserAttributes;
memset(pos, 0, lenofuserattr);
/*
As per MSDN
52 for the sub-attribute AVP which would hold the MPPE
keys
4 for Vendor-Id(311 for Microsoft)
*/
lenofvalue = 52 + 4;
//MPPE-RECV-KEY
pEapOutput->pUserAttributes[0].raaType = (raatVendorSpecific); //ras auth
attribute type (VSA)
pEapOutput->pUserAttributes[0].dwLength = (lenofvalue);
pEapOutput->pUserAttributes[0].Value = (u8 *) malloc( sizeof(u8) *
(lenofvalue) );
pos = (u8 *) pEapOutput->pUserAttributes[0].Value;
memset(pos, 0, lenofvalue);
vid= ntohl(311);
memcpy(pos, &vid, 4);
pos += 4;
mppe_recv_key.attr_type = 17;//Type MPPE-Recv-Key
mppe_recv_key.length = 52; //Total AVP length
mppe_recv_key.salt[0] = 0x00;
mppe_recv_key.salt[1] = 0x00;
mppe_recv_key.lenofkey = 32; // Key length only
// The second 32 bits of the buffer 'mppe_keys' is the
MPPE-Recv key
memcpy(mppe_recv_key.value, mppe_keys + 32, 32);//MPPE-Recv Key
memset(mppe_recv_key.padding, 0, 15); //padding
memcpy(pos, &mppe_recv_key, sizeof(struct vsa)); //sizeof(struct vsa) is
equal to 52
//MPPE-SEND-KEY
pEapOutput->pUserAttributes[1].raaType = (raatVendorSpecific); //ras auth
attribute type (VSA)
pEapOutput->pUserAttributes[1].dwLength = (lenofvalue);//4 - Vendor-Id
pEapOutput->pUserAttributes[1].Value = (u8 *) malloc( sizeof(u8) *
(lenofvalue));
pos = (u8 *) pEapOutput->pUserAttributes[1].Value;
memset(pos, 0, lenofvalue);
vid= ntohl(311);
memcpy(pos, &vid, 4);
pos += 4;
mppe_send_key.attr_type = 16; //Type MPPE-Send-Key
mppe_send_key.length = 52; //Total AVP length
mppe_send_key.salt[0] = 0x00;
mppe_send_key.salt[1] = 0x00;
mppe_send_key.lenofkey = 32; // Key length only
// The first 32 bits of the buffer 'mppe_keys' is the
MPPE-Send key
memcpy(mppe_send_key.value, mppe_keys, 32); //MPPE-Send-Key
memset(mppe_send_key.padding, 0, 15); // Padding
memcpy(pos, &mppe_send_key, 52);
//Terminate with raat Minimum
pEapOutput->pUserAttributes[2].raaType = (raatMinimum);
pEapOutput->pUserAttributes[2].dwLength = (0);
pEapOutput->pUserAttributes[2].Value = NULL;
Thanks,
Vijay
| |
| rt-seb 2007-02-21, 7:25 am |
| Hello Vijay,
I don't know if it helps but you could take a look at the RRas EAP
sample provided by the PSDK. IIRC this sample code demonstrates
how to handle MPPE-Send/-Receive keys.
Sebastian
"Vijay" wrote:
> Hi,
> We are developing an EAP module for the Windows Mobile 5.0 as per the
> documentation provided at the MSDN site for the EAP extension development.
> http://msdn2.microsoft.com/en-gb/library/aa363504.aspx
>
> We succeeded in writing the whole EAP module. The whole EAP authentication
> goes through well with the AAA server(RADIUS) with the extension dll we wrote
> and we finally receive the outer EAP success, sent as part of the
> Access-Accept from RADIUS, which indicates the EAP authentication has
> succeeded. Now as per the documentation in MSDN, we are supposed to pass the
> MPPE-Send key and MPPE-Recv Key from the RasEapMakeMessage function using the
> pUserAttributes member of the pEapOutput structure in the final step. These
> keys are supposed to be used in the EAPOL module in the 4way handshake for
> the WPA MSK derivation.
>
> But its not much clear on how the pUserAttributes is to be filled with these
> keys. We filled in the pUserAttributes pointer from what we can make out from
> the following MSDN link in the Remarks section at
> http://msdn2.microsoft.com/en-gb/library/aa363518.aspx .
> and another section that appears in the EAP Host documentation for Windows
> Vista and XP on how MPPE keys are to be handled at
> http://msdn2.microsoft.com/en-us/library/aa363636.aspx, which we think might
> also be relevant for the EAP extension development. But they don't seem to
> work.
>
> We tried a lot of combinations but nothing seems to work. When we
> sniffed/traced on Access Point's logs the supplicant doesn't seem to respond
> to the EAPOL key request at all as part of the 4 way handshake for the WPA
> key(MSK) generation.
> There is int much help at the MSDN apart from the above. The following is
> the code peice on how we filled in the fields, can anyone check if the code
> and tell what is wrong with this and the correct way of doing it
>
> [...]
>
> Thanks,
> Vijay
>
>
| |
|
| Hi,
Can you provide any links to these contents. I am not sure where can I find
them.
It would be good if I get a look at any sample codes for this.
--Vijay
"rt-seb" wrote:
[vbcol=seagreen]
> Hello Vijay,
>
> I don't know if it helps but you could take a look at the RRas EAP
> sample provided by the PSDK. IIRC this sample code demonstrates
> how to handle MPPE-Send/-Receive keys.
>
> Sebastian
>
>
> "Vijay" wrote:
>
| |
| rt-seb 2007-02-21, 7:25 am |
| Hello,
"Vijay" wrote:
> Hi,
> Can you provide any links to these contents. I am not sure where can I find
> them.
> It would be good if I get a look at any sample codes for this.
>
Just grab the platform sdk from msdn. The sample code is included there.
Sebastian[vbcol=seagreen]
>
> "rt-seb" wrote:
>
|
|
|
|
|