Require Info on EAP extension development for windows mobile

Discussion in 'Wireless Networking' started by =?Utf-8?B?VmlqYXk=?=, Feb 21, 2007.

  1. Hi,
    We are developing an EAP module for the Windows Mobile 5.0 as per the
    documentation provided at the MSDN site for the EAP extension development.

    We succeeded in writing the whole EAP module. The whole EAP authentication
    goes through well with the AAA server(RADIUS) with the extension dll we wrote
    and we finally receive the outer EAP success, sent as part of the
    Access-Accept from RADIUS, which indicates the EAP authentication has
    succeeded. Now as per the documentation in MSDN, we are supposed to pass the
    MPPE-Send key and MPPE-Recv Key from the RasEapMakeMessage function using the
    pUserAttributes member of the pEapOutput structure in the final step. These
    keys are supposed to be used in the EAPOL module in the 4way handshake for
    the WPA MSK derivation.

    But its not much clear on how the pUserAttributes is to be filled with these
    keys. We filled in the pUserAttributes pointer from what we can make out from
    the following MSDN link in the Remarks section at .
    and another section that appears in the EAP Host documentation for Windows
    Vista and XP on how MPPE keys are to be handled at, which we think might
    also be relevant for the EAP extension development. But they don't seem to

    We tried a lot of combinations but nothing seems to work. When we
    sniffed/traced on Access Point's logs the supplicant doesn't seem to respond
    to the EAPOL key request at all as part of the 4 way handshake for the WPA
    key(MSK) generation.
    There is int much help at the MSDN apart from the above. The following is
    the code peice on how we filled in the fields, can anyone check if the code
    and tell what is wrong with this and the correct way of doing it

    The excerpts from the code is as follows:

    typedef unsigned char u8;
    struct vsa
    u8 attr_type;
    u8 length;
    u8 salt[2];
    u8 lenofkey;
    u8 value[32];
    u8 padding[15];

    struct vsa mppe_send_key, mppe_recv_key;
    char *pos = NULL;
    // 1-MPPE-Send Key, 1-MPPE-Recv Key, 1-raatMinimum(for
    lenofuserattr = 3 * sizeof(RAS_AUTH_ATTRIBUTE);
    pEapOutput->pUserAttributes = (RAS_AUTH_ATTRIBUTE *) malloc(lenofuserattr);
    pos = (u8 *) pEapOutput->pUserAttributes;
    memset(pos, 0, lenofuserattr);
    As per MSDN
    52 for the sub-attribute AVP which would hold the MPPE
    4 for Vendor-Id(311 for Microsoft)
    lenofvalue = 52 + 4;

    pEapOutput->pUserAttributes[0].raaType = (raatVendorSpecific); //ras auth
    attribute type (VSA)
    pEapOutput->pUserAttributes[0].dwLength = (lenofvalue);
    pEapOutput->pUserAttributes[0].Value = (u8 *) malloc( sizeof(u8) *
    (lenofvalue) );
    pos = (u8 *) pEapOutput->pUserAttributes[0].Value;

    memset(pos, 0, lenofvalue);
    vid= ntohl(311);
    memcpy(pos, &vid, 4);
    pos += 4;

    mppe_recv_key.attr_type = 17;//Type MPPE-Recv-Key
    mppe_recv_key.length = 52; //Total AVP length

    mppe_recv_key.salt[0] = 0x00;
    mppe_recv_key.salt[1] = 0x00;

    mppe_recv_key.lenofkey = 32; // Key length only
    // The second 32 bits of the buffer 'mppe_keys' is the
    MPPE-Recv key
    memcpy(mppe_recv_key.value, mppe_keys + 32, 32);//MPPE-Recv Key
    memset(mppe_recv_key.padding, 0, 15); //padding

    memcpy(pos, &mppe_recv_key, sizeof(struct vsa)); //sizeof(struct vsa) is
    equal to 52

    pEapOutput->pUserAttributes[1].raaType = (raatVendorSpecific); //ras auth
    attribute type (VSA)
    pEapOutput->pUserAttributes[1].dwLength = (lenofvalue);//4 - Vendor-Id
    pEapOutput->pUserAttributes[1].Value = (u8 *) malloc( sizeof(u8) *
    pos = (u8 *) pEapOutput->pUserAttributes[1].Value;

    memset(pos, 0, lenofvalue);
    vid= ntohl(311);
    memcpy(pos, &vid, 4);

    pos += 4;

    mppe_send_key.attr_type = 16; //Type MPPE-Send-Key
    mppe_send_key.length = 52; //Total AVP length

    mppe_send_key.salt[0] = 0x00;
    mppe_send_key.salt[1] = 0x00;

    mppe_send_key.lenofkey = 32; // Key length only
    // The first 32 bits of the buffer 'mppe_keys' is the
    MPPE-Send key
    memcpy(mppe_send_key.value, mppe_keys, 32); //MPPE-Send-Key
    memset(mppe_send_key.padding, 0, 15); // Padding

    memcpy(pos, &mppe_send_key, 52);

    //Terminate with raat Minimum
    pEapOutput->pUserAttributes[2].raaType = (raatMinimum);
    pEapOutput->pUserAttributes[2].dwLength = (0);
    pEapOutput->pUserAttributes[2].Value = NULL;

    =?Utf-8?B?VmlqYXk=?=, Feb 21, 2007
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    Aug 27, 2011
  2. frank

    EAP SIM and EAP AKA methods with WZCSVC

    frank, Nov 24, 2006, in forum: Wireless Networking
    Nov 24, 2006
  3. Giuen
    Sep 12, 2008
  4. scblason
    Oct 2, 2008
  5. scblason
    Oct 7, 2008