3.2.5.3 PEAP Peer Cryptobinding Validation

Upon receipt of the cryptobinding request, the PEAP peer MUST validate the message using the following process.

The cryptobinding TLV MUST specify the appropriate subtype (for example, a request must specify a request and a response must specify a response); otherwise the validation is declared as failed.

The PEAP peer MUST then construct the cryptobinding structure (see cryptobinding TLV), populating its Nonce field with the nonce supplied in the corresponding cryptobinding request. The implementation then MUST compute the Compound MAC as specified in 3.1.5.5.

A PEAP peer implementation MUST then compare the Compound MAC contained in the cryptobinding request with the Compound MAC that the peer itself computed. If the Compound MACs do not match, then the validation is declared as failed; otherwise, the validation is declared as success.