diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog index 960111258..84a3ce5a3 100644 --- a/hostapd/ChangeLog +++ b/hostapd/ChangeLog @@ -4,6 +4,10 @@ ChangeLog for hostapd * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2 Identity Request if identity is already known * added support for EAP Sequences in EAP-FAST Phase 2 + * added support for EAP-TNC (Trusted Network Connect) + (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST + changes needed to run two methods in sequence (IF-T) and the IF-IMV + and IF-TNCCS interfaces from TNCS) 2008-02-22 - v0.6.3 * fixed Reassociation Response callback processing when using internal diff --git a/hostapd/defconfig b/hostapd/defconfig index 56ecfc665..623f86a2a 100644 --- a/hostapd/defconfig +++ b/hostapd/defconfig @@ -101,6 +101,9 @@ CONFIG_EAP_TTLS=y # EAP-IKEv2 #CONFIG_EAP_IKEV2=y +# Trusted Network Connect (EAP-TNC) +#CONFIG_EAP_TNC=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y diff --git a/hostapd/eap_testing.txt b/hostapd/eap_testing.txt index c0516bcc1..04468c39f 100644 --- a/hostapd/eap_testing.txt +++ b/hostapd/eap_testing.txt @@ -49,6 +49,7 @@ EAP-TTLS/EAP-MSCHAPv2 + + - - - EAP-TTLS/EAP-TLS + F - - - EAP-TTLS/EAP-SIM + + - - - EAP-TTLS/EAP-AKA + + - - - +EAP-TTLS + TNC + - - - - EAP-SIM + + - - + EAP-AKA + + - - - EAP-PAX + - - - - @@ -67,7 +68,9 @@ EAP-FAST/MD5(auth) + - + - - EAP-FAST/TLS(auth) + - - - - EAP-FAST/SIM(auth) + - - - - EAP-FAST/AKA(auth) + - - - - +EAP-FAST + TNC + - - - - EAP-IKEv2 + - - - - +EAP-TNC + - - - - 1) EAP-TLS itself worked, but peer certificate validation failed at least when using the internal TLS server (peer included incorrect diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 3c9fc6557..1d8bfa75a 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -490,6 +490,12 @@ eap_server=0 # (default: 0 = disabled). #eap_sim_aka_result_ind=1 +# Trusted Network Connect (TNC) +# If enabled, TNC validation will be required before the peer is allowed to +# connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other +# EAP method is enabled, the peer will be allowed to connect without TNC. +#tnc=1 + ##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) ####################### diff --git a/wpa_supplicant/eap_testing.txt b/wpa_supplicant/eap_testing.txt index c55806cea..bdcb21bef 100644 --- a/wpa_supplicant/eap_testing.txt +++ b/wpa_supplicant/eap_testing.txt @@ -91,6 +91,7 @@ EAP-TTLS/EAP-PSK - - - - - - - - - - + - EAP-TTLS/EAP-PAX - - - - - - - - - - + - EAP-TTLS/EAP-SAKE - - - - - - - - - - + - EAP-TTLS/EAP-GPSK - - - - - - - - - - + - +EAP-TTLS + TNC - - - - - + - - - - + - EAP-SIM + - - ? - + - ? - - + - EAP-AKA - - - - - + - - - - + - EAP-PSK +7 - - - - + - - - - + - @@ -110,8 +111,9 @@ EAP-FAST/MD5(auth) - - - - - - - - - - + - EAP-FAST/TLS(auth) - - - - - - - - - - + + EAP-FAST/SIM(auth) - - - - - - - - - - + - EAP-FAST/AKA(auth) - - - - - - - - - - + - +EAP-FAST + TNC - - - - - - - - - - + - LEAP + - + + + + F +6 - + - + -EAP-TNC +9 - - - - + - - - - - - +EAP-TNC +9 - - - - + - - - - + - EAP-IKEv2 +10 - - - - - - - - - + - 1) PEAPv1 required new label, "client PEAP encryption" instead of "client EAP diff --git a/www/hostapd/index.html b/www/hostapd/index.html index c50a265e9..72331e4a0 100644 --- a/www/hostapd/index.html +++ b/www/hostapd/index.html @@ -3,7 +3,7 @@ hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator - + @@ -68,6 +68,7 @@ material, they cannot be used with WPA or IEEE 802.1X WEP keying.

  • EAP-MD5-Challenge
  • EAP-MSCHAPv2
  • EAP-GTC
  • +
  • EAP-TNC (Trusted Network Connect; TNCS, IF-IMV, IF-T, IF-TNCCS)
  • More information about EAP methods and interoperability testing is @@ -265,7 +266,7 @@ Internet Systems Consortium (ISC).

    Jouni Malinen
    -Last modified: Sat Feb 23 15:47:24 PST 2008 +Last modified: Sun Mar 9 12:12:08 EET 2008