hostapd: Recommended way to extract MSK/PMK from EAP-TLS process
Roman Wambacher (DEG)
wambacher at digital-enabler.com
Wed Oct 16 11:25:56 PDT 2024
Hello experts,
we are implementing IEEE802.1X device authentication using EAP-TLS (auth by Radius) in a PLC environment.
The PLC transceiver chips (for which we are developing a wpa_supplicant/hostapd driver) are handling a 4-way handshake similar to the WPA2 process themselves.
We only need to provide the transceivers (on both ends) the PMK (from EAP-TLS auth process).
In wpa_supplicant's side we receive the PMK easily from wpa_suppliant via driver's interface (event callback).
But on hostapd side we are unsure how to get the PMK to our hostapd driver (which seemed to be strored in eap_if.eapKeyData / eap_if.aaaEapKeyData of the eap state machine data structure)
There seems not to be an event upon Radius Access-Accept which provides this information to drivers.
Any recommendation would be highly appreciated.
Roman
More information about the Hostap
mailing list