3.3.5.3 PEAP Server Cryptobinding Validation

Upon receipt of the cryptobinding response, the PEAP server MUST validate the message using the following process.

The server implementation MUST construct the cryptobinding structure, populating its Nonce field with the nonce supplied in the corresponding cryptobinding response. The implementation MUST then compute the Compound MAC, as specified in section 3.1.5.5.

A PEAP server implementation MUST then compare the Compound MAC contained in the cryptobinding response with the Compound MAC that it computed. If the computed Compound MAC and the Compound MAC reported within the cryptobinding response do not match, then the validation is declared as failed. Otherwise it is declared as success.