aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--hostapd/ChangeLog3
-rw-r--r--src/eap_server/eap_aka.c33
-rw-r--r--src/eap_server/eap_sim.c33
3 files changed, 39 insertions, 30 deletions
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 563115c..2a71ea2 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -22,6 +22,9 @@ ChangeLog for hostapd
be used
* added a workaround for EAP-SIM/AKA peers that include incorrect null
termination in the username
+ * fixed EAP-SIM/AKA protected result indication to include AT_COUNTER
+ attribute in notification messages only when using fast
+ reauthentication
2008-01-01 - v0.6.2
* fixed EAP-SIM and EAP-AKA message parser to validate attribute
diff --git a/src/eap_server/eap_aka.c b/src/eap_server/eap_aka.c
index aba2c72..7ec67ef 100644
--- a/src/eap_server/eap_aka.c
+++ b/src/eap_server/eap_aka.c
@@ -381,24 +381,27 @@ static struct wpabuf * eap_aka_build_notification(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Notification");
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA,
EAP_AKA_SUBTYPE_NOTIFICATION);
- wpa_printf(MSG_DEBUG, " AT_NOTIFICATION");
+ wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification);
eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification,
NULL, 0);
if (data->use_result_ind) {
- wpa_printf(MSG_DEBUG, " AT_IV");
- wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
- eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
- EAP_SIM_AT_ENCR_DATA);
- wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)", data->counter);
- eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter, NULL,
- 0);
-
- if (eap_sim_msg_add_encr_end(msg, data->k_encr,
- EAP_SIM_AT_PADDING)) {
- wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt "
- "AT_ENCR_DATA");
- eap_sim_msg_free(msg);
- return NULL;
+ if (data->reauth) {
+ wpa_printf(MSG_DEBUG, " AT_IV");
+ wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
+ eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
+ EAP_SIM_AT_ENCR_DATA);
+ wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)",
+ data->counter);
+ eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
+ NULL, 0);
+
+ if (eap_sim_msg_add_encr_end(msg, data->k_encr,
+ EAP_SIM_AT_PADDING)) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Failed to "
+ "encrypt AT_ENCR_DATA");
+ eap_sim_msg_free(msg);
+ return NULL;
+ }
}
wpa_printf(MSG_DEBUG, " AT_MAC");
diff --git a/src/eap_server/eap_sim.c b/src/eap_server/eap_sim.c
index 6abcd43..21e7b36 100644
--- a/src/eap_server/eap_sim.c
+++ b/src/eap_server/eap_sim.c
@@ -271,24 +271,27 @@ static struct wpabuf * eap_sim_build_notification(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Notification");
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM,
EAP_SIM_SUBTYPE_NOTIFICATION);
- wpa_printf(MSG_DEBUG, " AT_NOTIFICATION");
+ wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification);
eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification,
NULL, 0);
if (data->use_result_ind) {
- wpa_printf(MSG_DEBUG, " AT_IV");
- wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
- eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
- EAP_SIM_AT_ENCR_DATA);
- wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)", data->counter);
- eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter, NULL,
- 0);
-
- if (eap_sim_msg_add_encr_end(msg, data->k_encr,
- EAP_SIM_AT_PADDING)) {
- wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
- "AT_ENCR_DATA");
- eap_sim_msg_free(msg);
- return NULL;
+ if (data->reauth) {
+ wpa_printf(MSG_DEBUG, " AT_IV");
+ wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
+ eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
+ EAP_SIM_AT_ENCR_DATA);
+ wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)",
+ data->counter);
+ eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
+ NULL, 0);
+
+ if (eap_sim_msg_add_encr_end(msg, data->k_encr,
+ EAP_SIM_AT_PADDING)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Failed to "
+ "encrypt AT_ENCR_DATA");
+ eap_sim_msg_free(msg);
+ return NULL;
+ }
}
wpa_printf(MSG_DEBUG, " AT_MAC");