3.3.7.3 EAP Inner Method Authentication Success

  • Article

Input: EAP Packet

Output: MPPE send and receive keys, and their lengths.

If EAP inner method authentication is successful, then:

  • This event will be received from the respective EAP method layer in response to an EAP packet passed to it. If currentState is not set to PHASE2_EAP_INPROGRESS, ignore this event. Otherwise, the PEAP layer MUST do the following:

    1. Store InnerMPPESendKey, InnerMPPESendKeyLength, InnerMPPERecvKey and InnerMPPERecvKeyLength as returned by the inner EAP method.

    2. Create an EAP TLV Extensions Method (section 2.2.8.1) packet with Result TLV (section 2.2.8.1.2) (the value field set to 1) and if isCryptoSupported is set to TRUE, add a Cryptobinding TLV (section 2.2.8.1.1) (with a value generated by the server, as described in section 3.3.5.3) and if both peer and server have exchanged SoH Request (section 2.2.8.2.1) and SoH (section 2.2.8.2.2) TLVs, add a SoH Response TLV (section 2.2.8.1.3).

    3. Encrypt the packet generated in the preceding step by passing it to the TLS layer using the EncryptMessage method, and after receiving the encrypted data, prepare a PEAP packet with encrypted data as the Data field and send it to the peer (see section 3.1.5.2.2). Change currentState to SUCCESS_TLV_SENT.