Geoffroy Arnoud wrote:
I took a look at EAP method source code (even if crypto is not my speciality), and I'm wondering if all EAP methods shipped into freeRADIUS are compliant with RFC3748, regarding MSK and EMSK generation?
No. EAP-MD5 explicitely doesn't do MSK generation.
Which are the EAP methods that supports key derivation?
All of the SSL enabled methods. (PEAP, TLS, TTLS, SIM).
And regarding other EAP methods, is there a way to add EMSK generation (maybe this is a stupid question)?
src/modules/rlm_eap/libeap/eapcrypto.c It already does EMSK generation for SIM.
I need those answers to see if FreeRADIUS would be able to act as a EAP RADIUS server compliant with WiMAX NWG stage 3.
I'm not sure what that means. Can you clarify? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog