From patchwork Thu Feb  9 01:47:57 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Stewart <pstew@google.com>
X-Patchwork-Id: 725914
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3vJhSW0CRHz9s85
	for <incoming@patchwork.ozlabs.org>;
	Thu,  9 Feb 2017 13:13:15 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=google.com header.i=@google.com
	header.b="n+eoI9MR"; dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1cbeDa-0003Sb-B6; Thu, 09 Feb 2017 02:12:18 +0000
Received: from mail-pg0-f50.google.com ([74.125.83.50])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1cbeDK-0003IA-RD
	for hostap@lists.infradead.org; Thu, 09 Feb 2017 02:12:09 +0000
Received: by mail-pg0-f50.google.com with SMTP id 14so53009571pgg.1
	for <hostap@lists.infradead.org>;
	Wed, 08 Feb 2017 18:11:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=20161025; h=message-id:from:date:subject:to;
	bh=WbusVdvPoROTsaVUJWrPxidwvoO0ZDBihNwqVbmW0Nw=;
	b=n+eoI9MR3xy8uj1OXt5ltwG6X+8yj2bNG3BoyUaOOrcRngvYN6pSkHDzOjqP16xsSe
	KaOzZLXGyb8JAxJBWwbnJrlHtnEId7GU2rEJooLHstZe1DlzmojpvlxZNUtlj57kILhm
	4g59R/qZ3Ti4mRWRrK69DBgwbNJJvJUnwTkb3lIOZJQAT1GnkrFK/1AFgNv4yi00sT84
	mpmCCHkIb6qg9G3dR24OZ0HtupX3m+51jKqy84RsWwbwovKM0vMlfK0FoGMzAGxbxaCU
	gV/x0QThl3baUkmCQqNwXrdpWKfBmaVkpdtb21h724vS3Q8DcaUtBIbRyDZZMTmlkIH0
	1DaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:message-id:from:date:subject:to;
	bh=WbusVdvPoROTsaVUJWrPxidwvoO0ZDBihNwqVbmW0Nw=;
	b=OQR/68AHaZHd3F6DskAqfy4MJ2kaXfGDimJNux4tMh+YvuhowQXQFYCjW3uWxLRQy1
	GU9b2zHmQQEIWkw6wxtpQNEAkD/KY260EoS+UtHMGPuH30NF8nJjeZm6+xfafJR9nmle
	6eUAjcFIsACg/fTgBbiSdv1jIf2wyD8ukfXtAwLZvAjbKApkWmgLjZnenxWFcnsh3Ofq
	FV06jUYA8T/gdijzU52kcHWV3A1nM276/dHPCtY9ZrlQsHGqbICshO7toFsy9PRPA6AP
	khUIPKt2QiNCWtBr33dNRfiWcHOIi5og3LRnezO5PaWhlU8eoA+l0kDznTQ3/R2uupeu
	6GvQ==
X-Gm-Message-State: 
 AMke39loOGqod2bfLkHUOefd1+ggx4cnkU8avzY1qPE5G4nLzFFCwpe2nwuCspq0Z0HDa8Qr
X-Received: by 10.98.87.142 with SMTP id i14mr798288pfj.85.1486606241073;
	Wed, 08 Feb 2017 18:10:41 -0800 (PST)
Received: from pstew.mtv.corp.google.com
	([2620:0:1000:1500:91ec:2d92:53a0:1a6f])
	by smtp.gmail.com with ESMTPSA id
	a2sm23397481pfc.72.2017.02.08.18.10.40
	for <hostap@lists.infradead.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 08 Feb 2017 18:10:40 -0800 (PST)
Message-ID: <589bcfa0.0266620a.1b7d1.f800@mx.google.com>
From: Paul Stewart <pstew@google.com>
Date: Wed, 8 Feb 2017 17:47:57 -0800
Subject: [PATCH] EAP-SIM: Don't use anonymous identity in phase2
To: hostap@lists.infradead.org
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20170208_181203_061002_EF291722 
X-CRM114-Status: GOOD (  10.62  )
X-Spam-Score: -1.5 (-)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-1.5 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	0.5 RCVD_IN_SORBS_SPAM     RBL: SORBS: sender is a spam source
	[74.125.83.50 listed in dnsbl.sorbs.net]
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no trust [74.125.83.50 listed in list.dnswl.org]
	-0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
	[74.125.83.50 listed in wl.mailspike.net]
	-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

The "anonymous_identity" configuration field has more than one
semantic meaning.  For tunneled EAP methods, this refers to the
outer EAP identity.  For EAP-SIM, this refers to the pseudonym
identity.  Also, interestingly, EAP-SIM can overwrite the
"anonymous_identity" field if one is provided to it by the
authenticator.

When EAP-SIM is tunneled within an outer method, it makes sense
to only use this value for the outer method, since it's unlikely
that this will also be valid as an identity for the inner EAP-SIM
method.  Also, presumably since the outer method protects the
EAP-SIM transaction, there is no need for a pseudonym in this
usage.

Similarly, if EAP-SIM is being used as an inner method, it must
not push the pseudonym identity using eap_set_anon_id() since it
could overwrite the identity for the outer EAP method.

Signed-off-by: Paul Stewart <pstew@google.com>
---
 src/eap_peer/eap_sim.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index b97c95db1..9422786b0 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -46,6 +46,7 @@ struct eap_sim_data {
 		CONTINUE, RESULT_SUCCESS, SUCCESS, FAILURE
 	} state;
 	int result_ind, use_result_ind;
+	int use_pseudonym;
 };
 
 
@@ -115,7 +116,8 @@ static void * eap_sim_init(struct eap_sm *sm)
 			NULL;
 	}
 
-	if (config && config->anonymous_identity) {
+	data->use_pseudonym = !sm->init_phase2;
+	if (config && config->anonymous_identity && data->use_pseudonym) {
 		data->pseudonym = os_malloc(config->anonymous_identity_len);
 		if (data->pseudonym) {
 			os_memcpy(data->pseudonym, config->anonymous_identity,
@@ -372,7 +374,8 @@ static void eap_sim_clear_identities(struct eap_sm *sm,
 		os_free(data->pseudonym);
 		data->pseudonym = NULL;
 		data->pseudonym_len = 0;
-		eap_set_anon_id(sm, NULL, 0);
+		if (data->use_pseudonym)
+			eap_set_anon_id(sm, NULL, 0);
 	}
 	if ((id & CLEAR_REAUTH_ID) && data->reauth_id) {
 		wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old reauth_id");
@@ -427,7 +430,8 @@ static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data,
 				  realm, realm_len);
 		}
 		data->pseudonym_len = attr->next_pseudonym_len + realm_len;
-		eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len);
+		if (data->use_pseudonym)
+			eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len);
 	}
 
 	if (attr->next_reauth_id) {