aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap_sim.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-02-03 03:41:07 (GMT)
committerJouni Malinen <j@w1.fi>2008-02-03 03:41:07 (GMT)
commiteb6657f904e243a71398438fbd9d59d89f19dd57 (patch)
tree2a002b4ae9d4d2a8693ec67de0694274a47061f6 /src/eap_server/eap_sim.c
parent986aadcf6d3f21f5ff8a4dd649e84ba9ba05c3f7 (diff)
downloadhostap-history-eb6657f904e243a71398438fbd9d59d89f19dd57.zip
hostap-history-eb6657f904e243a71398438fbd9d59d89f19dd57.tar.gz
hostap-history-eb6657f904e243a71398438fbd9d59d89f19dd57.tar.bz2
Remove AT_COUNTER from EAP-SIM/AKA result indication in full authentication
Previous version was incorrectly including AT_COUNTER in the Notification message even for full authentication. This caused interoperability issues and was against the RFCs, so AT_COUNTER (and the additional encryption attributes) is now only included in case the notification follows fast reauthentication.
Diffstat (limited to 'src/eap_server/eap_sim.c')
-rw-r--r--src/eap_server/eap_sim.c33
1 files changed, 18 insertions, 15 deletions
diff --git a/src/eap_server/eap_sim.c b/src/eap_server/eap_sim.c
index 6abcd43..21e7b36 100644
--- a/src/eap_server/eap_sim.c
+++ b/src/eap_server/eap_sim.c
@@ -271,24 +271,27 @@ static struct wpabuf * eap_sim_build_notification(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Notification");
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM,
EAP_SIM_SUBTYPE_NOTIFICATION);
- wpa_printf(MSG_DEBUG, " AT_NOTIFICATION");
+ wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification);
eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification,
NULL, 0);
if (data->use_result_ind) {
- wpa_printf(MSG_DEBUG, " AT_IV");
- wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
- eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
- EAP_SIM_AT_ENCR_DATA);
- wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)", data->counter);
- eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter, NULL,
- 0);
-
- if (eap_sim_msg_add_encr_end(msg, data->k_encr,
- EAP_SIM_AT_PADDING)) {
- wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
- "AT_ENCR_DATA");
- eap_sim_msg_free(msg);
- return NULL;
+ if (data->reauth) {
+ wpa_printf(MSG_DEBUG, " AT_IV");
+ wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
+ eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
+ EAP_SIM_AT_ENCR_DATA);
+ wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)",
+ data->counter);
+ eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
+ NULL, 0);
+
+ if (eap_sim_msg_add_encr_end(msg, data->k_encr,
+ EAP_SIM_AT_PADDING)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Failed to "
+ "encrypt AT_ENCR_DATA");
+ eap_sim_msg_free(msg);
+ return NULL;
+ }
}
wpa_printf(MSG_DEBUG, " AT_MAC");