1 Cisco LEAP protocol description
5 EAP = Extensible Authentication Protocol
7 _________________________________________________________________
10 cameron macnally <descriptive2001@yahoo.com>
13 Thu, 6 Sep 2001 03:39:40 -0700 (PDT)
16 http://lists.cistron.nl/pipermail/cistron-radius/2001-September/002042.html
18 Adam Sulmicki <adam@cfar.umd.edu>
19 since I could not find any ASCII version I took above html version
20 and formated it as it is below.
22 Alan DeKok <aland@freeradius.org>
23 The information in the original posting wasn't entirely
24 correct, but it was close. This updated version is correct,
25 and contains additional specifics not found in the original post.
27 _________________________________________________________________
30 This document describes the LEAP authentication protocol as used by Cisco
31 Aironet wireless routers etc. It was deduced by analysis of packets passed
32 between an Aironet and Cisco ACS.
34 Relevant RFCs are: 2284, 2716, 2433.
36 LEAP is a type of Radius EAP protocol (see RFC draft-ietf-radius-eap-05.txt
37 "Extensible Authentication Protocol Support in RADIUS"). The EAP type for
38 LEAP is 17 (0x11). It is used to authenticate access by a wireless client
39 (typically a laptop or pc) to a wireless router, typically a Cisco Aironet
43 AP: Access Point (the Aironet base station)
45 APC: Access Point Challenge
46 APR: Access Point Response
49 PW: Users plaintext ASCII password
51 SS: Shared Secret shared between AP (or upstream proxy) and RS
52 AUTH: The 16 octet Radius authenticator of the incomintg request
54 A typical successful LEAP authentication sequence consists of the
55 following Radius packets passed between the wireless access point (AP) and
56 the Radius server (RS). Each packet contains an EAP-Message as described
57 below. The EAP Message-Authenticator attribute is always present as usual
60 The general description of the protocol is:
62 1. AP->RS: Access-Request/EAP Identity, containing the name of the
63 user to be authenticated
65 2. RS->AP: Access-Challenge/EAP Request/LEAP, containing a 8 octet random
66 MSCHAP Peer Challenge (PC) + State
68 3. AP->RS: Access-Request/EAP Response/LEAP, containing the 24 octet MSCHAP
69 response to the challenge in 2 above (PR) + State
71 4. RS->AP: Access-Challenge/EAP Success (with EAP id++)
72 + State (may be different than the satate send in <2>)
74 5. AP->RS: Access-Request/EAP Request/LEAP, containing 8 octet Access Point
75 Challenge (APC) + State
77 6. RS->AP: Radius Access-Accept/EAP Response/LEAP, containing 24 octet
78 response to the challenge in 5 above (APR), plus a session key sent
79 in a cisco-avpair vendor-specific attribute:
81 Cisco-AVPair = "leap:session-key=..."
83 where the '...' are 34 binary octets of encrypted data. This data MUST
84 follow the '=', and is NOT in ASCII.
86 LEAP data is carried in an EAP-Message in the Type-Data subfield. The
87 format of the Type-Data subfield is:
89 1 octet LEAP protocol version number, currently always 0x01.
90 1 unused octet, currently always 0x00.
91 1 octet byte count for the following binary data
92 m octets of binary data
93 n octets, the name of the user being authenticated
95 So, for example, packet 2 in the above sequence, containg the access point
96 challenge (APC) would contain an EAP-Message Request (Code 0x01) attribute
100 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
102 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
103 | Code 0x01 | Identifier | Length |
105 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
106 | Type 0x11 | Version 0x01 | Unused 0x00 | Count 0x08 |
108 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
111 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
114 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
116 +-+-+-+-+-+-+-+-+-+-+-+-+-+-
119 Count is 8 octets since the Peer challenge is 8 bytes.
120 count is 24 for EAP response, with MSCHAP response.
121 Length is the total number of octets in the EAP-Message.
123 The Session Key (SK) is sent from RS to AP in the final packet. It is
124 carried in a cisco-avpair vendor specific radius attribute. The value of
125 the attribute is: "leap:session-key=nnnn" where nnnn is 34 octets of
126 binary data as described in SK below.
128 Algorithms for each field are described below. Function names are those
129 from RFC 2433. '+' means concatenation. mppe_encrypt is the algorithm for
130 encrypting MS-MPPE-Send-Key as described in RFC 2548.txt, which is
131 also the same as the 'Tunnel-Password' encryption.
133 PC: 8 octets random binary data sent to AP
135 PR: 24 octets NtChallengeResponse(PC, Unicode(PW))
136 e.g. AP sends MS-CHAP response to RADIUS server challenge.
138 APC: 8 octets random binary data sent by the AP
140 MPPEHASH: 16 octets NtPasswordHash(NtPasswordHash(Unicode(PW))))
142 APR: 24 octets ChallengeResponse(APC, MPPEHASH)
143 e.g. RADIUS server sends MS-CHAP response to AP challenge.
145 SK: 34 octets mppe_encrypt(SS, AUTH,MD5Digest(MPPEHASH + APC + APR + PC + PR))
146 via rad_tunnel_pwencode()
149 1. Some versions of Cisco ACS incorrectly drop the first 2 bytes of the
150 user name at the end of the EAP-MEssage in the Peer Challenge packet.
152 2. If the user name does not exist, the response to packet 1 is a
153 Radius Access-Reject/EAP Failure
155 _________________________________________________________________