diff options
| author | Jouni Malinen <j@w1.fi> | 2012-05-02 17:45:01 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2012-05-02 17:45:01 (GMT) |
| commit | 762e4ce620125f233bec964413354601b0d9654c (patch) | |
| tree | eb7577b1d6a44bd21d3fed38aad7348bdeeb1bc6 /src/eap_server/eap_server_aka.c | |
| parent | 83519983138b0e9c19a4beb3a763e2289d5a51cb (diff) | |
| download | hostap-762e4ce620125f233bec964413354601b0d9654c.zip hostap-762e4ce620125f233bec964413354601b0d9654c.tar.gz hostap-762e4ce620125f233bec964413354601b0d9654c.tar.bz2 | |
EAP-AKA': Update to RFC 5448
There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.
Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
Diffstat (limited to 'src/eap_server/eap_server_aka.c')
| -rw-r--r-- | src/eap_server/eap_server_aka.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c index 54f6ba1..de05dd5 100644 --- a/src/eap_server/eap_server_aka.c +++ b/src/eap_server/eap_server_aka.c @@ -1,6 +1,6 @@ /* - * hostapd / EAP-AKA (RFC 4187) and EAP-AKA' (draft-arkko-eap-aka-kdf) - * Copyright (c) 2005-2008, Jouni Malinen <j@w1.fi> + * hostapd / EAP-AKA (RFC 4187) and EAP-AKA' (RFC 5448) + * Copyright (c) 2005-2012, Jouni Malinen <j@w1.fi> * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -294,7 +294,10 @@ static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data, os_free(data->next_pseudonym); if (nonce_s == NULL) { data->next_pseudonym = - eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 1); + eap_sim_db_get_next_pseudonym( + sm->eap_sim_db_priv, + data->eap_method == EAP_TYPE_AKA_PRIME ? + EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA); } else { /* Do not update pseudonym during re-authentication */ data->next_pseudonym = NULL; @@ -302,7 +305,10 @@ static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data, os_free(data->next_reauth_id); if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) { data->next_reauth_id = - eap_sim_db_get_next_reauth_id(sm->eap_sim_db_priv, 1); + eap_sim_db_get_next_reauth_id( + sm->eap_sim_db_priv, + data->eap_method == EAP_TYPE_AKA_PRIME ? + EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA); } else { wpa_printf(MSG_DEBUG, "EAP-AKA: Max fast re-authentication " "count exceeded - force full authentication"); @@ -620,7 +626,8 @@ static void eap_aka_determine_identity(struct eap_sm *sm, identity = data->reauth->identity; identity_len = data->reauth->identity_len; } else if (sm->identity && sm->identity_len > 0 && - sm->identity[0] == EAP_AKA_PERMANENT_PREFIX) { + (sm->identity[0] == EAP_AKA_PERMANENT_PREFIX || + sm->identity[0] == EAP_AKA_PRIME_PERMANENT_PREFIX)) { identity = sm->identity; identity_len = sm->identity_len; } else { |