EAP-TEAP: Use EAP-FAST-MSCHAPv2 in the tunnel
While RFC 7170 does not describe this, EAP-TEAP has been deployed with implementations that use the EAP-FAST-MSCHAPv2, instead of the EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here to interoperate with other implementations since that seems to be direction that IETF EMU WG is likely to go with an RFC 7170 update. This breaks interoperability with earlier hostapd/wpa_supplicant versions. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
parent
364b6500b8
commit
5a9bd8a06a
2 changed files with 14 additions and 0 deletions
|
@ -319,6 +319,13 @@ static int eap_teap_init_phase2_method(struct eap_sm *sm,
|
||||||
if (!data->phase2_method)
|
if (!data->phase2_method)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
/* While RFC 7170 does not describe this, EAP-TEAP has been deployed
|
||||||
|
* with implementations that use the EAP-FAST-MSCHAPv2, instead of the
|
||||||
|
* EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here
|
||||||
|
* to interoperate.
|
||||||
|
*/
|
||||||
|
sm->eap_fast_mschapv2 = true;
|
||||||
|
|
||||||
sm->init_phase2 = 1;
|
sm->init_phase2 = 1;
|
||||||
data->phase2_priv = data->phase2_method->init(sm);
|
data->phase2_priv = data->phase2_method->init(sm);
|
||||||
sm->init_phase2 = 0;
|
sm->init_phase2 = 0;
|
||||||
|
|
|
@ -1008,6 +1008,13 @@ static int eap_teap_phase2_init(struct eap_sm *sm, struct eap_teap_data *data,
|
||||||
if (!data->phase2_method)
|
if (!data->phase2_method)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
/* While RFC 7170 does not describe this, EAP-TEAP has been deployed
|
||||||
|
* with implementations that use the EAP-FAST-MSCHAPv2, instead of the
|
||||||
|
* EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here
|
||||||
|
* to interoperate.
|
||||||
|
*/
|
||||||
|
sm->eap_fast_mschapv2 = true;
|
||||||
|
|
||||||
sm->init_phase2 = 1;
|
sm->init_phase2 = 1;
|
||||||
data->phase2_priv = data->phase2_method->init(sm);
|
data->phase2_priv = data->phase2_method->init(sm);
|
||||||
sm->init_phase2 = 0;
|
sm->init_phase2 = 0;
|
||||||
|
|
Loading…
Reference in a new issue