|
Posted by on February 21, 2007, 7:18 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
We are developing an EAP module for the Windows Mobile 5.0 as per
the documentation provided at the MSDN site for the EAP extension
development.
http://msdn2.microsoft.com/en-gb/library/aa363504.aspx
We succeeded in writing the whole EAP module. The whole EAP
authentication goes through well with the AAA server(RADIUS) with the
extension dll we wrote and we finally receive the outer EAP success,
sent as part of the Access-Accept from RADIUS, which indicates the EAP
authentication has succeeded. Now as per the documentation in MSDN, we
are supposed to pass the MPPE-Send key and MPPE-Recv Key from the
RasEapMakeMessage function using the pUserAttributes member of the
pEapOutput structure in the final step. These keys are supposed to be
used in the EAPOL module in the 4way handshake for the WPA MSK
derivation.
But its not much clear on how the pUserAttributes is to be filled with
these keys. We filled in the pUserAttributes pointer from what we can
make out from the following MSDN link in the Remarks section at
http://msdn2.microsoft.com/en-gb/library/aa363518.aspx .
and another section that appears in the EAP Host documentation for
Windows Vista and XP on how MPPE keys are to be handled at
http://msdn2.microsoft.com/en-us/library/aa363636.aspx, which we think
might also be relevant for the EAP extension development. But they
don't seem to work.
We tried a lot of combinations but nothing seems to work. When we
sniffed/traced on Access Point's logs the supplicant doesn't seem to
respond to the EAPOL key request at all as part of the 4 way handshake
for the WPA key(MSK) generation.
There isin't much help at the MSDN apart from the above. The following
is the code piece on how we filled in the fields, can anyone check if
the code and tell what is wrong with this and the correct way of doing
it
The excerpts from the code is as follows:
typedef unsigned char u8;
struct vsa
{
u8 attr_type;
u8 length;
u8 salt[2];
u8 lenofkey;
u8 value[32];
u8 padding[15];
};
struct vsa mppe_send_key, mppe_recv_key;
char *pos = NULL;
// 1-MPPE-Send Key, 1-MPPE-Recv Key, 1-raatMinimum(for
termination)
lenofuserattr = 3 * sizeof(RAS_AUTH_ATTRIBUTE);
pEapOutput->pUserAttributes = (RAS_AUTH_ATTRIBUTE *)
malloc(lenofuserattr);
pos = (u8 *) pEapOutput->pUserAttributes;
memset(pos, 0, lenofuserattr);
/*
As per MSDN
52 for the sub-attribute AVP which would hold the
MPPE keys
4 for Vendor-Id(311 for Microsoft)
*/
lenofvalue = 52 + 4;
//MPPE-RECV-KEY
pEapOutput->pUserAttributes[0].raaType = (raatVendorSpecific); //ras
auth attribute type (VSA)
pEapOutput->pUserAttributes[0].dwLength = (lenofvalue);
pEapOutput->pUserAttributes[0].Value = (u8 *) malloc( sizeof(u8) *
(lenofvalue) );
pos = (u8 *) pEapOutput->pUserAttributes[0].Value;
memset(pos, 0, lenofvalue);
vid= ntohl(311);
memcpy(pos, &vid, 4);
pos += 4;
mppe_recv_key.attr_type = 17;//Type MPPE-Recv-Key
mppe_recv_key.length = 52; //Total AVP length
mppe_recv_key.salt[0] = 0x00;
mppe_recv_key.salt[1] = 0x00;
mppe_recv_key.lenofkey = 32; // Key length only
// The second 32 bits of the buffer 'mppe_keys' is the
MPPE-Recv key
memcpy(mppe_recv_key.value, mppe_keys + 32, 32);//MPPE-Recv Key
memset(mppe_recv_key.padding, 0, 15); //padding
memcpy(pos, &mppe_recv_key, sizeof(struct vsa)); //sizeof(struct
vsa) is equal to 52
//MPPE-SEND-KEY
pEapOutput->pUserAttributes[1].raaType = (raatVendorSpecific); //ras
auth attribute type (VSA)
pEapOutput->pUserAttributes[1].dwLength = (lenofvalue);//4 - Vendor-
Id
pEapOutput->pUserAttributes[1].Value = (u8 *) malloc( sizeof(u8) *
(lenofvalue));
pos = (u8 *) pEapOutput->pUserAttributes[1].Value;
memset(pos, 0, lenofvalue);
vid= ntohl(311);
memcpy(pos, &vid, 4);
pos += 4;
mppe_send_key.attr_type = 16; //Type MPPE-Send-Key
mppe_send_key.length = 52; //Total AVP length
mppe_send_key.salt[0] = 0x00;
mppe_send_key.salt[1] = 0x00;
mppe_send_key.lenofkey = 32; // Key length only
// The first 32 bits of the buffer 'mppe_keys' is the
MPPE-Send key
memcpy(mppe_send_key.value, mppe_keys, 32); //MPPE-Send-Key
memset(mppe_send_key.padding, 0, 15); // Padding
memcpy(pos, &mppe_send_key, 52);
//Terminate with raat Minimum
pEapOutput->pUserAttributes[2].raaType = (raatMinimum);
pEapOutput->pUserAttributes[2].dwLength = (0);
pEapOutput->pUserAttributes[2].Value = NULL;
Thanks,
Vijay
|
|
Posted by S. Pidgorny on February 23, 2007, 6:00 am
If you were Registered and logged in, you could reply and use other advanced thread options
Vijay, I suggest posting to the microsoft.public.pocketpc.developer, or to
the .Net Mobile framework group (if applicable), and to MSDN forums.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
>> pEapOutput->pUserAttributes[0].dwLength = (lenofvalue);
|
| Similar Threads | Posted | | Send Free SMS Worlwide to any mobile phone iphone gsm http://free4sms.info | November 28, 2008, 10:41 pm |
| IPSec client for Windows Mobile 2003 | May 15, 2006, 10:58 am |
| Cisco VPN client for Windows Mobile 2003 | June 9, 2006, 10:09 am |
| Re: (CORRECTION): How Does One Show ".$#!" Extension For "Cryptext" Under Windows XP Pro? | March 2, 2006, 1:54 pm |
| Windows Mobile 5 email encryption and digital signature | October 9, 2007, 12:53 pm |
| Require updates | September 1, 2006, 1:32 pm |
| Need security advice from Admins at Software Development companies | October 18, 2005, 11:29 am |
| Running 3rd party apps that require admin privs on Vista | January 24, 2008, 2:33 pm |
| .ip extension | March 5, 2007, 1:04 pm |
| Mobile Messanger | September 22, 2005, 4:01 am |
|
XML site map