From 5a9bd8a06a110fa77e63f497ba165a018a2a3415 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 1 Dec 2022 16:03:06 +0200 Subject: [PATCH] EAP-TEAP: Use EAP-FAST-MSCHAPv2 in the tunnel While RFC 7170 does not describe this, EAP-TEAP has been deployed with implementations that use the EAP-FAST-MSCHAPv2, instead of the EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here to interoperate with other implementations since that seems to be direction that IETF EMU WG is likely to go with an RFC 7170 update. This breaks interoperability with earlier hostapd/wpa_supplicant versions. Signed-off-by: Jouni Malinen --- src/eap_peer/eap_teap.c | 7 +++++++ src/eap_server/eap_server_teap.c | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/src/eap_peer/eap_teap.c b/src/eap_peer/eap_teap.c index bc7f6f4f5..85b089ad4 100644 --- a/src/eap_peer/eap_teap.c +++ b/src/eap_peer/eap_teap.c @@ -319,6 +319,13 @@ static int eap_teap_init_phase2_method(struct eap_sm *sm, if (!data->phase2_method) return -1; + /* While RFC 7170 does not describe this, EAP-TEAP has been deployed + * with implementations that use the EAP-FAST-MSCHAPv2, instead of the + * EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here + * to interoperate. + */ + sm->eap_fast_mschapv2 = true; + sm->init_phase2 = 1; data->phase2_priv = data->phase2_method->init(sm); sm->init_phase2 = 0; diff --git a/src/eap_server/eap_server_teap.c b/src/eap_server/eap_server_teap.c index 691b44a8d..1e5e9a562 100644 --- a/src/eap_server/eap_server_teap.c +++ b/src/eap_server/eap_server_teap.c @@ -1008,6 +1008,13 @@ static int eap_teap_phase2_init(struct eap_sm *sm, struct eap_teap_data *data, if (!data->phase2_method) return -1; + /* While RFC 7170 does not describe this, EAP-TEAP has been deployed + * with implementations that use the EAP-FAST-MSCHAPv2, instead of the + * EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here + * to interoperate. + */ + sm->eap_fast_mschapv2 = true; + sm->init_phase2 = 1; data->phase2_priv = data->phase2_method->init(sm); sm->init_phase2 = 0; -- 2.47.2