DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-SIM/AKA: Add support for anonymous@realm

Browse source 
SIM-based EAP authentication with IMSI encryption requires a special EAP
Identity response: anonymous@realm. Then the server sends AKA-Identity
request which is answered with the encrypted IMSI. Add logic that
indicates if the special anonymous identity is used. Otherwise, this
field is used for storing the pseudonym.

Test: Connect to Carrier Wi-Fi, verify correct behavior from captures
Test: Connect to non IMSI encrypted EAP-AKA AP, verify pseudonym usage
Signed-off-by: Hai Shalom <haishalom@google.com>
This commit is contained in:
Hai Shalom 2019-05-28 20:30:41 -07:00 committed by Jouni Malinen
parent 14d85a5af7
commit 4df4133917
4 changed files with 29 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/eap_peer/eap_aka.c
View file

@ -623,7 +623,9 @@ static struct wpabuf * eap_aka_response_identity(struct eap_sm *sm,
identity_len = data->reauth_id_len;
data->reauth = 1;
} else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) &&
data->pseudonym) {
data->pseudonym &&
!eap_sim_anonymous_username(data->pseudonym,
data->pseudonym_len)) {
identity = data->pseudonym;
identity_len = data->pseudonym_len;
eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID);
@ -1027,7 +1029,9 @@ static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,
if (data->last_eap_identity) {
identity = data->last_eap_identity;
identity_len = data->last_eap_identity_len;
} else if (data->pseudonym) {
} else if (data->pseudonym &&
!eap_sim_anonymous_username(data->pseudonym,
data->pseudonym_len)) {
identity = data->pseudonym;
identity_len = data->pseudonym_len;
} else {

8
src/eap_peer/eap_sim.c
View file

@ -493,7 +493,9 @@ static struct wpabuf * eap_sim_response_start(struct eap_sm *sm,
identity_len = data->reauth_id_len;
data->reauth = 1;
} else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) &&
data->pseudonym) {
data->pseudonym &&
!eap_sim_anonymous_username(data->pseudonym,
data->pseudonym_len)) {
identity = data->pseudonym;
identity_len = data->pseudonym_len;
eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID);
@ -769,7 +771,9 @@ static struct wpabuf * eap_sim_process_challenge(struct eap_sm *sm,
if (data->last_eap_identity) {
identity = data->last_eap_identity;
identity_len = data->last_eap_identity_len;
} else if (data->pseudonym) {
} else if (data->pseudonym &&
!eap_sim_anonymous_username(data->pseudonym,
data->pseudonym_len)) {
identity = data->pseudonym;
identity_len = data->pseudonym_len;
} else {