| Message ID | 589bcfa0.0266620a.1b7d1.f800@mx.google.com |
|---|---|
| State | Accepted |
| Headers | show |
On Wed, Feb 08, 2017 at 05:47:57PM -0800, Paul Stewart wrote: > The "anonymous_identity" configuration field has more than one > semantic meaning. For tunneled EAP methods, this refers to the > outer EAP identity. For EAP-SIM, this refers to the pseudonym > identity. Also, interestingly, EAP-SIM can overwrite the > "anonymous_identity" field if one is provided to it by the > authenticator. > > When EAP-SIM is tunneled within an outer method, it makes sense > to only use this value for the outer method, since it's unlikely > that this will also be valid as an identity for the inner EAP-SIM > method. Also, presumably since the outer method protects the > EAP-SIM transaction, there is no need for a pseudonym in this > usage. > > Similarly, if EAP-SIM is being used as an inner method, it must > not push the pseudonym identity using eap_set_anon_id() since it > could overwrite the identity for the outer EAP method. Thanks, applied. I did same changes for EAP-AKA as well and also extended the EAP-TTLS/PEAP reauthentication cases to cover this properly. With those changes, EAP-SIM and EAP-AKA worked fine with hwsim test cases within EAP-TTLS/PEAP/FAST tunnel; including the EAP reauthentication sequence.
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c index b97c95db1..9422786b0 100644 --- a/src/eap_peer/eap_sim.c +++ b/src/eap_peer/eap_sim.c @@ -46,6 +46,7 @@ struct eap_sim_data { CONTINUE, RESULT_SUCCESS, SUCCESS, FAILURE } state; int result_ind, use_result_ind; + int use_pseudonym; }; @@ -115,7 +116,8 @@ static void * eap_sim_init(struct eap_sm *sm) NULL; } - if (config && config->anonymous_identity) { + data->use_pseudonym = !sm->init_phase2; + if (config && config->anonymous_identity && data->use_pseudonym) { data->pseudonym = os_malloc(config->anonymous_identity_len); if (data->pseudonym) { os_memcpy(data->pseudonym, config->anonymous_identity, @@ -372,7 +374,8 @@ static void eap_sim_clear_identities(struct eap_sm *sm, os_free(data->pseudonym); data->pseudonym = NULL; data->pseudonym_len = 0; - eap_set_anon_id(sm, NULL, 0); + if (data->use_pseudonym) + eap_set_anon_id(sm, NULL, 0); } if ((id & CLEAR_REAUTH_ID) && data->reauth_id) { wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old reauth_id"); @@ -427,7 +430,8 @@ static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data, realm, realm_len); } data->pseudonym_len = attr->next_pseudonym_len + realm_len; - eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len); + if (data->use_pseudonym) + eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len); } if (attr->next_reauth_id) {
The "anonymous_identity" configuration field has more than one semantic meaning. For tunneled EAP methods, this refers to the outer EAP identity. For EAP-SIM, this refers to the pseudonym identity. Also, interestingly, EAP-SIM can overwrite the "anonymous_identity" field if one is provided to it by the authenticator. When EAP-SIM is tunneled within an outer method, it makes sense to only use this value for the outer method, since it's unlikely that this will also be valid as an identity for the inner EAP-SIM method. Also, presumably since the outer method protects the EAP-SIM transaction, there is no need for a pseudonym in this usage. Similarly, if EAP-SIM is being used as an inner method, it must not push the pseudonym identity using eap_set_anon_id() since it could overwrite the identity for the outer EAP method. Signed-off-by: Paul Stewart <pstew@google.com> --- src/eap_peer/eap_sim.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)