EAP-SIM peer: Fix AT_COUNTER_TOO_SMALL use
The AT_NONCE_S value needs to be used in AT_MAC calculation for SIM/Re-authentication response even if re-authentication is rejected with AT_COUNTER_TOO_SMALL. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
This commit is contained in:
Jouni Malinen
parent
31a3de8af3
commit
5d65ca514d
1 changed files with 5 additions and 4 deletions
|
|
@ -432,7 +432,8 @@ static struct wpabuf * eap_sim_response_challenge(struct eap_sim_data *data,
|
|||
|
||||
|
||||
static struct wpabuf * eap_sim_response_reauth(struct eap_sim_data *data,
|
||||
u8 id, int counter_too_small)
|
||||
u8 id, int counter_too_small,
|
||||
const u8 *nonce_s)
|
||||
{
|
||||
struct eap_sim_msg *msg;
|
||||
unsigned int counter;
|
||||
|
|
@ -467,7 +468,7 @@ static struct wpabuf * eap_sim_response_reauth(struct eap_sim_data *data,
|
|||
}
|
||||
wpa_printf(MSG_DEBUG, " AT_MAC");
|
||||
eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
|
||||
return eap_sim_msg_finish(msg, data->k_aut, data->nonce_s,
|
||||
return eap_sim_msg_finish(msg, data->k_aut, nonce_s,
|
||||
EAP_SIM_NONCE_S_LEN);
|
||||
}
|
||||
|
||||
|
|
@ -863,7 +864,7 @@ static struct wpabuf * eap_sim_process_reauthentication(
|
|||
data->reauth_id = NULL;
|
||||
data->reauth_id_len = 0;
|
||||
os_free(decrypted);
|
||||
return eap_sim_response_reauth(data, id, 1);
|
||||
return eap_sim_response_reauth(data, id, 1, eattr.nonce_s);
|
||||
}
|
||||
data->counter = eattr.counter;
|
||||
|
||||
|
|
@ -894,7 +895,7 @@ static struct wpabuf * eap_sim_process_reauthentication(
|
|||
eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
|
||||
}
|
||||
os_free(decrypted);
|
||||
return eap_sim_response_reauth(data, id, 0);
|
||||
return eap_sim_response_reauth(data, id, 0, data->nonce_s);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue