DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-AKA': Update to RFC 5448

Browse source 
There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.

Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
This commit is contained in:
Jouni Malinen 2012-05-02 20:45:01 +03:00
parent 8351998313
commit 762e4ce620
8 changed files with 113 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/eap_server/eap_server_aka.c
View file

@ -1,6 +1,6 @@
/*
* hostapd / EAP-AKA (RFC 4187) and EAP-AKA' (draft-arkko-eap-aka-kdf)
* Copyright (c) 2005-2008, Jouni Malinen <j@w1.fi>
* hostapd / EAP-AKA (RFC 4187) and EAP-AKA' (RFC 5448)
* Copyright (c) 2005-2012, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@ -294,7 +294,10 @@ static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
os_free(data->next_pseudonym);
if (nonce_s == NULL) {
data->next_pseudonym =
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 1);
eap_sim_db_get_next_pseudonym(
sm->eap_sim_db_priv,
data->eap_method == EAP_TYPE_AKA_PRIME ?
EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA);
} else {
/* Do not update pseudonym during re-authentication */
data->next_pseudonym = NULL;
@ -302,7 +305,10 @@ static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
os_free(data->next_reauth_id);
if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
data->next_reauth_id =
eap_sim_db_get_next_reauth_id(sm->eap_sim_db_priv, 1);
eap_sim_db_get_next_reauth_id(
sm->eap_sim_db_priv,
data->eap_method == EAP_TYPE_AKA_PRIME ?
EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA);
} else {
wpa_printf(MSG_DEBUG, "EAP-AKA: Max fast re-authentication "
"count exceeded - force full authentication");
@ -620,7 +626,8 @@ static void eap_aka_determine_identity(struct eap_sm *sm,
identity = data->reauth->identity;
identity_len = data->reauth->identity_len;
} else if (sm->identity && sm->identity_len > 0 &&
sm->identity[0] == EAP_AKA_PERMANENT_PREFIX) {
(sm->identity[0] == EAP_AKA_PERMANENT_PREFIX ||
sm->identity[0] == EAP_AKA_PRIME_PERMANENT_PREFIX)) {
identity = sm->identity;
identity_len = sm->identity_len;
} else {