3.1.5.1 Master Session Key (MSK) Derivation
Upon successful authentication, Extensible Authentication Protocol Method for Microsoft CHAP derives two 16-byte keys, MasterSendKey and MasterReceiveKey (as specified in [RFC3079], section 3.3).
MS-MPPE key attributes, defined in [RFC2548] section 2.4.2 and 2.4.3, are defined as follows on an Authenticator:
-
MS-MPPE-Recv-Key = MasterReceiveKey MS-MPPE-Send-Key = MasterSendKey
MS-MPPE keys attributes on a Peer are as populated as follows.
-
MS-MPPE-Recv-Key = MasterSendKey MS-MPPE-Send-Key = MasterReceiveKey
The Master Session Key [RFC3748] is derived from the two keys as follows:
-
MSK = MasterReceiveKey + MasterSendKey + 32 bytes zeroes (padding)