EAP-AKA peer: Keep pseudonym identity across EAP exchanges

This updates EAP-AKA peer implementation with the changes that previous
commits did for EAP-SIM.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2011-12-04 17:21:22 +02:00
parent 1037235ca0
commit 8b41e05656

View file

@ -235,21 +235,20 @@ static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data)
static void eap_aka_clear_identities(struct eap_aka_data *data, int id) static void eap_aka_clear_identities(struct eap_aka_data *data, int id)
{ {
wpa_printf(MSG_DEBUG, "EAP-AKA: forgetting old%s%s%s",
id & CLEAR_PSEUDONYM ? " pseudonym" : "",
id & CLEAR_REAUTH_ID ? " reauth_id" : "",
id & CLEAR_EAP_ID ? " eap_id" : "");
if (id & CLEAR_PSEUDONYM) { if (id & CLEAR_PSEUDONYM) {
wpa_printf(MSG_DEBUG, "EAP-AKA: forgetting old pseudonym");
os_free(data->pseudonym); os_free(data->pseudonym);
data->pseudonym = NULL; data->pseudonym = NULL;
data->pseudonym_len = 0; data->pseudonym_len = 0;
} }
if (id & CLEAR_REAUTH_ID) { if (id & CLEAR_REAUTH_ID) {
wpa_printf(MSG_DEBUG, "EAP-AKA: forgetting old reauth_id");
os_free(data->reauth_id); os_free(data->reauth_id);
data->reauth_id = NULL; data->reauth_id = NULL;
data->reauth_id_len = 0; data->reauth_id_len = 0;
} }
if (id & CLEAR_EAP_ID) { if (id & CLEAR_EAP_ID) {
wpa_printf(MSG_DEBUG, "EAP-AKA: forgetting old eap_id");
os_free(data->last_eap_identity); os_free(data->last_eap_identity);
data->last_eap_identity = NULL; data->last_eap_identity = NULL;
data->last_eap_identity_len = 0; data->last_eap_identity_len = 0;
@ -880,11 +879,11 @@ static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,
EAP_AKA_UNABLE_TO_PROCESS_PACKET); EAP_AKA_UNABLE_TO_PROCESS_PACKET);
} }
/* Old reauthentication and pseudonym identities must not be used /* Old reauthentication identity must not be used anymore. In
* anymore. In other words, if no new identities are received, full * other words, if no new identities are received, full
* authentication will be used on next reauthentication. */ * authentication will be used on next reauthentication (using
eap_aka_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID | * pseudonym identity or permanent identity). */
CLEAR_EAP_ID); eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
if (attr->encr_data) { if (attr->encr_data) {
u8 *decrypted; u8 *decrypted;