git.ipfire.org Git - thirdparty/hostap.git/commit

author	Jouni Malinen <j@w1.fi>
	Sun, 24 May 2015 08:58:45 +0000 (11:58 +0300)
committer	Jouni Malinen <j@w1.fi>
	Sun, 24 May 2015 08:58:45 +0000 (11:58 +0300)
commit	ca24117a5a11ea8c9b4418cdd2cb8c9a77d9c31f
tree	24665b7d324e0a777fef7e67848c1a6c2bed8531	tree
parent	5748d1e5f8489305a09595007711ee0e1767b2ce	commit \| diff

EAP-EKE: Add Session-Id

While RFC 6124 does not define how Session-Id is constructed for
EAP-EKE, there seems to be consensus among the authors on the
construction. Use this Type | Nonce_P | Nonce_S construction based on
the following email:

From: Yaron Sheffer <yaronf.ietf at gmail.com>
To: ietf at ietf.org
Date: Wed, 17 Nov 2010 13:13:42 +0200

Expanding on my previous response, I suggest to resolve Bernard's
concern by adding the following text:

5.6 EAP Key Generation

EAP-EKE can be used for EAP key generation, as defined by [RFC 5247].
When used in this manner, the values required to establish the key
hierarchy are defined as follows:

- Peer-Id is the EAP-EKE ID_P value.
- Server-Id is the EAP-EKE ID_S value.
- Session-Id is the concatenated Type | Nonce_P | Nonce_S, where Type is
the method type defined for EAP-EKE in [Sec. 4.1], a single octet.

Thanks,
Yaron

Signed-off-by: Jouni Malinen <j@w1.fi>

src/eap_peer/eap_eke.c		diff \| blob \| blame \| history
src/eap_server/eap_server_eke.c		diff \| blob \| blame \| history