Add UNAUTH-TLS vendor specific EAP type
This EAP type uses a vendor specific expanded EAP header to encapsulate EAP-TLS with a configuration where the EAP server does not authenticate the EAP peer. In other words, this method includes only server authentication. The peer is configured with only the ca_cert parameter (similarly to other TLS-based EAP methods). This method can be used for cases where the network provides free access to anyone, but use of RSN with a securely derived unique PMK for each station is desired. The expanded EAP header uses the hostapd/wpa_supplicant vendor code 39068 and vendor type 1 to identify the UNAUTH-TLS method. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
d13f9857f8
commit
065d2895b4
13 changed files with 225 additions and 23 deletions
|
|
@ -75,6 +75,9 @@ enum {
|
|||
EAP_VENDOR_HOSTAP = 39068 /* hostapd/wpa_supplicant project */
|
||||
};
|
||||
|
||||
#define EAP_VENDOR_UNAUTH_TLS EAP_VENDOR_HOSTAP
|
||||
#define EAP_VENDOR_TYPE_UNAUTH_TLS 1
|
||||
|
||||
#define EAP_MSK_LEN 64
|
||||
#define EAP_EMSK_LEN 64
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue