Require Info on EAP extension development for windows mobile - Wireless

This is a discussion on Require Info on EAP extension development for windows mobile - Wireless ; Hi, We are developing an EAP module for the Windows Mobile 5.0 as per the documentation provided at the MSDN site for the EAP extension development. http://msdn2.microsoft.com/en-gb/library/aa363504.aspx We succeeded in writing the whole EAP module. The whole EAP authentication goes ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Require Info on EAP extension development for windows mobile

  1. Require Info on EAP extension development for windows mobile

    Hi,
    We are developing an EAP module for the Windows Mobile 5.0 as per the
    documentation provided at the MSDN site for the EAP extension development.
    http://msdn2.microsoft.com/en-gb/library/aa363504.aspx

    We succeeded in writing the whole EAP module. The whole EAP authentication
    goes through well with the AAA server(RADIUS) with the extension dll we wrote
    and we finally receive the outer EAP success, sent as part of the
    Access-Accept from RADIUS, which indicates the EAP authentication has
    succeeded. Now as per the documentation in MSDN, we are supposed to pass the
    MPPE-Send key and MPPE-Recv Key from the RasEapMakeMessage function using the
    pUserAttributes member of the pEapOutput structure in the final step. These
    keys are supposed to be used in the EAPOL module in the 4way handshake for
    the WPA MSK derivation.

    But its not much clear on how the pUserAttributes is to be filled with these
    keys. We filled in the pUserAttributes pointer from what we can make out from
    the following MSDN link in the Remarks section at
    http://msdn2.microsoft.com/en-gb/library/aa363518.aspx .
    and another section that appears in the EAP Host documentation for Windows
    Vista and XP on how MPPE keys are to be handled at
    http://msdn2.microsoft.com/en-us/library/aa363636.aspx, which we think might
    also be relevant for the EAP extension development. But they don't seem to
    work.

    We tried a lot of combinations but nothing seems to work. When we
    sniffed/traced on Access Point's logs the supplicant doesn't seem to respond
    to the EAPOL key request at all as part of the 4 way handshake for the WPA
    key(MSK) generation.
    There is int much help at the MSDN apart from the above. The following is
    the code peice on how we filled in the fields, can anyone check if the code
    and tell what is wrong with this and the correct way of doing it


    The excerpts from the code is as follows:

    typedef unsigned char u8;
    struct vsa
    {
    u8 attr_type;
    u8 length;
    u8 salt[2];
    u8 lenofkey;
    u8 value[32];
    u8 padding[15];
    };


    struct vsa mppe_send_key, mppe_recv_key;
    char *pos = NULL;
    // 1-MPPE-Send Key, 1-MPPE-Recv Key, 1-raatMinimum(for
    termination)
    lenofuserattr = 3 * sizeof(RAS_AUTH_ATTRIBUTE);
    pEapOutput->pUserAttributes = (RAS_AUTH_ATTRIBUTE *) malloc(lenofuserattr);
    pos = (u8 *) pEapOutput->pUserAttributes;
    memset(pos, 0, lenofuserattr);
    /*
    As per MSDN
    52 for the sub-attribute AVP which would hold the MPPE
    keys
    4 for Vendor-Id(311 for Microsoft)
    */
    lenofvalue = 52 + 4;

    //MPPE-RECV-KEY
    pEapOutput->pUserAttributes[0].raaType = (raatVendorSpecific); //ras auth
    attribute type (VSA)
    pEapOutput->pUserAttributes[0].dwLength = (lenofvalue);
    pEapOutput->pUserAttributes[0].Value = (u8 *) malloc( sizeof(u8) *
    (lenofvalue) );
    pos = (u8 *) pEapOutput->pUserAttributes[0].Value;

    memset(pos, 0, lenofvalue);
    vid= ntohl(311);
    memcpy(pos, &vid, 4);
    pos += 4;

    mppe_recv_key.attr_type = 17;//Type MPPE-Recv-Key
    mppe_recv_key.length = 52; //Total AVP length

    mppe_recv_key.salt[0] = 0x00;
    mppe_recv_key.salt[1] = 0x00;

    mppe_recv_key.lenofkey = 32; // Key length only
    // The second 32 bits of the buffer 'mppe_keys' is the
    MPPE-Recv key
    memcpy(mppe_recv_key.value, mppe_keys + 32, 32);//MPPE-Recv Key
    memset(mppe_recv_key.padding, 0, 15); //padding

    memcpy(pos, &mppe_recv_key, sizeof(struct vsa)); //sizeof(struct vsa) is
    equal to 52


    //MPPE-SEND-KEY
    pEapOutput->pUserAttributes[1].raaType = (raatVendorSpecific); //ras auth
    attribute type (VSA)
    pEapOutput->pUserAttributes[1].dwLength = (lenofvalue);//4 - Vendor-Id
    pEapOutput->pUserAttributes[1].Value = (u8 *) malloc( sizeof(u8) *
    (lenofvalue));
    pos = (u8 *) pEapOutput->pUserAttributes[1].Value;

    memset(pos, 0, lenofvalue);
    vid= ntohl(311);
    memcpy(pos, &vid, 4);

    pos += 4;

    mppe_send_key.attr_type = 16; //Type MPPE-Send-Key
    mppe_send_key.length = 52; //Total AVP length

    mppe_send_key.salt[0] = 0x00;
    mppe_send_key.salt[1] = 0x00;

    mppe_send_key.lenofkey = 32; // Key length only
    // The first 32 bits of the buffer 'mppe_keys' is the
    MPPE-Send key
    memcpy(mppe_send_key.value, mppe_keys, 32); //MPPE-Send-Key
    memset(mppe_send_key.padding, 0, 15); // Padding

    memcpy(pos, &mppe_send_key, 52);

    //Terminate with raat Minimum
    pEapOutput->pUserAttributes[2].raaType = (raatMinimum);
    pEapOutput->pUserAttributes[2].dwLength = (0);
    pEapOutput->pUserAttributes[2].Value = NULL;



    Thanks,
    Vijay


  2. Re: Require Info on EAP extension development for windows mobile

    I am also facing the same issue. Could anyone help me for this issue?

+ Reply to Thread