[PATCH] EAP-TEAP peer: keep inner EAP method when processing Identity method

Jouni Malinen j at w1.fi
Sun Nov 27 06:47:34 PST 2022


On Sun, Nov 27, 2022 at 02:13:33PM +0000, Alexander Clouter wrote:
> We need the inner EAP method's MSK/EMSK material to verify/calculate
> the Cryptobinding CMACs so do not dispose of them when seeing an
> Identity request; this occurs duing EAP sequences (machine+user auth)

Why would this be needed for the Identity method? It is not an EAP
authentication method and it is not followed by the
Intermediate-Result/Crypto-Binding exchange (unlike the actual EAP
authentication methods would be). Unless I missed something here, this
seems to be related to this errata entry on the RFC 7170:
https://www.rfc-editor.org/errata/eid5767
 
-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list