I am writing a 802.11 wireless client that communicates with the access
point using PEAP and MSCHAPV2. I am having trouble establishing a
secure TLS tunnel in which to perform the PEAP phase 2 handshake.
My client sends a TLS Client Hello message. The servers respond with
their "Server Hello, Certificate, and Server Hello Done".
So far, so good.
But after I send my "Client Key Exchange, Change Cipher Spec, Encrypted
Handshake Message" message I get an error.
Specifically in the PEAP protocol I get a "TLS bad record mac" or "TLS
alert, unexpected message" error from the server. Hostap sends the
"unexpected message" error, other servers send "bad record mac".
My theory is that I am not correctly maintaining the correct handshake
message buffer described in RFC 2246 7.4.8, so my finished message is
not computing the correct "verify_data" value described in RFC 2246
Can someone point me to the code in hostapd and/or openssl in which this
buffer is constructed, and in particular where the actual verify_data
buffer is calculated?