EAP-SIM/AKA: Add support for anonymous@realm

SIM-based EAP authentication with IMSI encryption requires a special EAP Identity response: anonymous@realm. Then the server sends AKA-Identity request which is answered with the encrypted IMSI. Add logic that indicates if the special anonymous identity is used. Otherwise, this field is used for storing the pseudonym. Test: Connect to Carrier Wi-Fi, verify correct behavior from captures Test: Connect to non IMSI encrypted EAP-AKA AP, verify pseudonym usage Signed-off-by: Hai Shalom <haishalom@google.com>
2019-05-28 20:30:41 -07:00 · 2019-05-28 20:30:41 -07:00 · 4df4133917
commit 4df4133917
parent 14d85a5af7
4 changed files with 29 additions and 4 deletions
--- a/src/eap_common/eap_sim_common.c
+++ b/src/eap_common/eap_sim_common.c
@ -1203,3 +1203,19 @@ void eap_sim_report_notification(void *msg_ctx, int notification, int aka)
 		}
 	}
 }
+
+
+int eap_sim_anonymous_username(const u8 *id, size_t id_len)
+{
+	static const char *anonymous_id_prefix = "anonymous@";
+	size_t anonymous_id_len = os_strlen(anonymous_id_prefix);
+
+	if (id_len > anonymous_id_len &&
+	    os_memcmp(id, anonymous_id_prefix, anonymous_id_len) == 0)
+		return 1; /* 'anonymous@realm' */
+
+	if (id_len > 1 && id[0] == '@')
+		return 1; /* '@realm' */
+
+	return 0;
+}
--- a/src/eap_common/eap_sim_common.h
+++ b/src/eap_common/eap_sim_common.h
@ -226,5 +226,6 @@ int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr,
 			     int attr_pad);

 void eap_sim_report_notification(void *msg_ctx, int notification, int aka);
+int eap_sim_anonymous_username(const u8 *id, size_t id_len);

 #endif /* EAP_SIM_COMMON_H */