From patchwork Sun Jan 15 20:32:46 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Baatz X-Patchwork-Id: 136207 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "maxx.shmoo.com", Issuer "CA Cert Signing Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 4ABBBB6EF7 for ; Mon, 16 Jan 2012 07:33:29 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 9A1C39C1B4; Sun, 15 Jan 2012 15:33:24 -0500 (EST) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at maxx.shmoo.com X-Amavis-Alert: BAD HEADER, Duplicate header field: "In-Reply-To" Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tZj+NJzQB8RE; Sun, 15 Jan 2012 15:33:24 -0500 (EST) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 1A6FC9C1BD; Sun, 15 Jan 2012 15:33:05 -0500 (EST) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id B08D99C34F for ; Sun, 15 Jan 2012 15:33:03 -0500 (EST) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at maxx.shmoo.com X-Amavis-Alert: BAD HEADER, Duplicate header field: "In-Reply-To" Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zPikMdjBGGVE for ; Sun, 15 Jan 2012 15:32:59 -0500 (EST) Received: from mail-ey0-f172.google.com (mail-ey0-f172.google.com [209.85.215.172]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (not verified)) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id 7AFAE9C1B8 for ; Sun, 15 Jan 2012 15:32:55 -0500 (EST) Received: by eaai13 with SMTP id i13so185788eaa.17 for ; Sun, 15 Jan 2012 12:32:54 -0800 (PST) Received: by 10.213.8.3 with SMTP id f3mr862852ebf.71.1326659574546; Sun, 15 Jan 2012 12:32:54 -0800 (PST) Received: from gandalf.schnuecks.de (p5DE8F246.dip.t-dialin.net. [93.232.242.70]) by mx.google.com with ESMTPS id a60sm63007008eeb.4.2012.01.15.12.32.51 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 15 Jan 2012 12:32:52 -0800 (PST) Received: by gandalf.schnuecks.de (Postfix, from userid 500) id 323B740072; Sun, 15 Jan 2012 21:32:49 +0100 (CET) From: Simon Baatz To: hostap@lists.shmoo.com Subject: [PATCH 2/4] EAP AKA peer: append realm when learning the pseudonym Date: Sun, 15 Jan 2012 21:32:46 +0100 Message-Id: <111123f4db873ab0ad28ce8dd079ecf085698fd7.1326658542.git.gmbnomis@gmail.com> X-Mailer: git-send-email 1.7.5.4 In-Reply-To: References: <20120109044329.GA16253@w1.fi> In-Reply-To: References: X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com The peudonym identity should use a realm in environments where a realm is used. Thus, the realm of the permanent identity is added to the pseudonym username sent by the server. Signed-hostap: Simon Baatz --- src/eap_peer/eap_aka.c | 41 +++++++++++++++++++++++++++++++---------- 1 files changed, 31 insertions(+), 10 deletions(-) diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c index 766764b..d8bef2e 100644 --- a/src/eap_peer/eap_aka.c +++ b/src/eap_peer/eap_aka.c @@ -256,24 +256,44 @@ static void eap_aka_clear_identities(struct eap_aka_data *data, int id) } -static int eap_aka_learn_ids(struct eap_aka_data *data, +static int eap_aka_learn_ids(struct eap_sm *sm, + struct eap_aka_data *data, struct eap_sim_attrs *attr) { if (attr->next_pseudonym) { + const u8 *identity = NULL; + size_t identity_len = 0; + const u8 *realm = NULL; + size_t realm_len = 0; + + wpa_hexdump_ascii(MSG_DEBUG, + "EAP-AKA: (encr) AT_NEXT_PSEUDONYM", + attr->next_pseudonym, + attr->next_pseudonym_len); os_free(data->pseudonym); - data->pseudonym = os_malloc(attr->next_pseudonym_len); + /* Look for the realm of the permanent identity */ + identity = eap_get_config_identity(sm, &identity_len); + if (identity) { + for (realm = identity, realm_len = identity_len; + realm_len > 0; realm_len--, realm++) { + if (*realm == '@') break; + } + } + data->pseudonym = os_malloc(attr->next_pseudonym_len + + realm_len); if (data->pseudonym == NULL) { wpa_printf(MSG_INFO, "EAP-AKA: (encr) No memory for " "next pseudonym"); + data->pseudonym_len = 0; return -1; } os_memcpy(data->pseudonym, attr->next_pseudonym, attr->next_pseudonym_len); - data->pseudonym_len = attr->next_pseudonym_len; - wpa_hexdump_ascii(MSG_DEBUG, - "EAP-AKA: (encr) AT_NEXT_PSEUDONYM", - data->pseudonym, - data->pseudonym_len); + if (realm_len) { + os_memcpy(data->pseudonym + attr->next_pseudonym_len, + realm, realm_len); + } + data->pseudonym_len = attr->next_pseudonym_len + realm_len; } if (attr->next_reauth_id) { @@ -282,7 +302,8 @@ static int eap_aka_learn_ids(struct eap_aka_data *data, if (data->reauth_id == NULL) { wpa_printf(MSG_INFO, "EAP-AKA: (encr) No memory for " "next reauth_id"); - return -1; + data->reauth_id_len = 0; + return -1; } os_memcpy(data->reauth_id, attr->next_reauth_id, attr->next_reauth_id_len); @@ -894,7 +915,7 @@ static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm, return eap_aka_client_error( data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } - eap_aka_learn_ids(data, &eattr); + eap_aka_learn_ids(sm, data, &eattr); os_free(decrypted); } @@ -1112,7 +1133,7 @@ static struct wpabuf * eap_aka_process_reauthentication( data->msk, data->emsk); } eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID); - eap_aka_learn_ids(data, &eattr); + eap_aka_learn_ids(sm, data, &eattr); if (data->result_ind && attr->result_ind) data->use_result_ind = 1;