EAP-TEAP: Use EAP-FAST-MSCHAPv2 in the tunnel

While RFC 7170 does not describe this, EAP-TEAP has been deployed with
implementations that use the EAP-FAST-MSCHAPv2, instead of the
EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here to
interoperate with other implementations since that seems to be direction
that IETF EMU WG is likely to go with an RFC 7170 update.

This breaks interoperability with earlier hostapd/wpa_supplicant
versions.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-12-01 16:03:06 +02:00 committed by Jouni Malinen
parent 364b6500b8
commit 5a9bd8a06a
2 changed files with 14 additions and 0 deletions

View file

@ -319,6 +319,13 @@ static int eap_teap_init_phase2_method(struct eap_sm *sm,
if (!data->phase2_method) if (!data->phase2_method)
return -1; return -1;
/* While RFC 7170 does not describe this, EAP-TEAP has been deployed
* with implementations that use the EAP-FAST-MSCHAPv2, instead of the
* EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here
* to interoperate.
*/
sm->eap_fast_mschapv2 = true;
sm->init_phase2 = 1; sm->init_phase2 = 1;
data->phase2_priv = data->phase2_method->init(sm); data->phase2_priv = data->phase2_method->init(sm);
sm->init_phase2 = 0; sm->init_phase2 = 0;

View file

@ -1008,6 +1008,13 @@ static int eap_teap_phase2_init(struct eap_sm *sm, struct eap_teap_data *data,
if (!data->phase2_method) if (!data->phase2_method)
return -1; return -1;
/* While RFC 7170 does not describe this, EAP-TEAP has been deployed
* with implementations that use the EAP-FAST-MSCHAPv2, instead of the
* EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here
* to interoperate.
*/
sm->eap_fast_mschapv2 = true;
sm->init_phase2 = 1; sm->init_phase2 = 1;
data->phase2_priv = data->phase2_method->init(sm); data->phase2_priv = data->phase2_method->init(sm);
sm->init_phase2 = 0; sm->init_phase2 = 0;