DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-TEAP peer: Support vendor EAP method in Phase 2

Browse source 
The implementation was previously hardcoded to use only the non-expanded
IETF EAP methods in Phase 2. Extend that to allow vendor EAP methods
with expanded header to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-08-17 16:12:09 +03:00
parent aba8dc82fc
commit 62af2b18f7
3 changed files with 37 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/eap_common/eap_teap_common.c
View file

@ -679,12 +679,13 @@ struct wpabuf * eap_teap_tlv_error(enum teap_error_codes error)
}
int eap_teap_allowed_anon_prov_phase2_method(u8 type)
int eap_teap_allowed_anon_prov_phase2_method(int vendor, enum eap_type type)
{
/* RFC 7170, Section 3.8.3: MUST provide mutual authentication,
* provide key generation, and be resistant to dictionary attack.
* Section 3.8 also mentions requirement for using EMSK Compound MAC. */
return type == EAP_TYPE_PWD || type == EAP_TYPE_EKE;
return vendor == EAP_VENDOR_IETF &&
(type == EAP_TYPE_PWD || type == EAP_TYPE_EKE);
}