| Message ID | CAFk-A4kdwfJNhMvXeGCYDhUx6no-CNKb7xvn3Oa2+fkvrQadCQ@mail.gmail.com |
|---|---|
| State | Accepted |
| Commit | eb324600295a570199a5e25eb64e60781a04fb74 |
| Headers | show |
Jouni Malinen, Is there any comment on my patch ? Regards, Masashi Honma. 2013/7/30 Masashi Honma <masashi.honma@gmail.com>: > # I forgot to write "Signed-hostap". So I resubmit. > > Switching eap method from EAP-SIM to EAP-AKA fails. > wpa_cli commands are below. > > ------------------ > sudo wpa_cli add_network > sudo wpa_cli set_network 0 ssid '"eap-sim"' > sudo wpa_cli set_network 0 key_mgmt WPA-EAP > sudo wpa_cli set_network 0 eap SIM > sudo wpa_cli set_network 0 pin '"1234"' > sudo wpa_cli set_network 0 pcsc '""' > sudo wpa_cli select_network 0 > > sudo wpa_cli disable_network 0 > sudo wpa_cli disconnect > sudo wpa_cli remove_network 0 > > sudo wpa_cli add_network > sudo wpa_cli set_network 0 ssid '"eap-sim"' > sudo wpa_cli set_network 0 key_mgmt WPA-EAP > sudo wpa_cli set_network 0 eap AKA > sudo wpa_cli set_network 0 pin '"1234"' > sudo wpa_cli set_network 0 pcsc '""' > sudo wpa_cli select_network 0 > ------------------ > > Then EAP-AKA connection resulted in fail. > wpa_supplicant log is below. > > ------------------ > wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 23 (AKA) selected > SCARD: Non-USIM card - cannot do UMTS auth > EAP-AKA: UMTS authentication failed (AUTN) > wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed > ------------------ > > This occurs because on the first EAP-SIM authentication, the SIM/USIM card in > the device was recognized as SIM card even if it is USIM card. > > So this patch changes it to recognize as USIM card even if EAP-SIM > authentication was required. > > I have tested these switching cases. > EAP-SIM -> EAP-AKA > EAP-SIM -> EAP-AKA' > EAP-AKA -> EAP-SIM > EAP-AKA -> EAP-AKA' > EAP-AKA' -> EAP-SIM > EAP-AKA' -> EAP-AKA > > Signed-hostap: Masashi Honma <masashi.honma@gmail.com> > > diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c > index bcfac21..2474db5 100644 > --- a/wpa_supplicant/events.c > +++ b/wpa_supplicant/events.c > @@ -272,7 +272,7 @@ int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s, > { > #ifdef IEEE8021X_EAPOL > #ifdef PCSC_FUNCS > - int aka = 0, sim = 0, type; > + int aka = 0, sim = 0; > > if (ssid->eap.pcsc == NULL || wpa_s->scard != NULL) > return 0; > @@ -311,14 +311,9 @@ int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s, > > wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to use SIM " > "(sim=%d aka=%d) - initialize PCSC", sim, aka); > - if (sim && aka) > - type = SCARD_TRY_BOTH; > - else if (aka) > - type = SCARD_USIM_ONLY; > - else > - type = SCARD_GSM_SIM_ONLY; > > - wpa_s->scard = scard_init(type, NULL); > + wpa_s->scard = scard_init((!sim && aka) ? > + SCARD_USIM_ONLY : SCARD_TRY_BOTH, NULL); > if (wpa_s->scard == NULL) { > wpa_msg(wpa_s, MSG_WARNING, "Failed to initialize SIM " > "(pcsc-lite)"); > > > Regards, > Masashi Honma.
On Tue, Jul 30, 2013 at 11:32:40AM +0900, Masashi Honma wrote: > Switching eap method from EAP-SIM to EAP-AKA fails. > This occurs because on the first EAP-SIM authentication, the SIM/USIM card in > the device was recognized as SIM card even if it is USIM card. > > So this patch changes it to recognize as USIM card even if EAP-SIM > authentication was required. Thanks, applied. Though, I don't think even this is really completely correct, but it is obviously better than the previous situation. It might be worthwhile to just remove the sim_type argument to scard_init() completely and always initialize PC/SC with an attempt to use both types. Validation of EAP-SIM and EAP-AKA/AKA' compatibility should be done properly for each network separately rather than during initial setup of the scard context.
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index bcfac21..2474db5 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -272,7 +272,7 @@ int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s, { #ifdef IEEE8021X_EAPOL #ifdef PCSC_FUNCS - int aka = 0, sim = 0, type; + int aka = 0, sim = 0; if (ssid->eap.pcsc == NULL || wpa_s->scard != NULL) return 0; @@ -311,14 +311,9 @@ int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s, wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to use SIM " "(sim=%d aka=%d) - initialize PCSC", sim, aka); - if (sim && aka) - type = SCARD_TRY_BOTH; - else if (aka) - type = SCARD_USIM_ONLY; - else - type = SCARD_GSM_SIM_ONLY; - wpa_s->scard = scard_init(type, NULL); + wpa_s->scard = scard_init((!sim && aka) ? + SCARD_USIM_ONLY : SCARD_TRY_BOTH, NULL); if (wpa_s->scard == NULL) { wpa_msg(wpa_s, MSG_WARNING, "Failed to initialize SIM " "(pcsc-lite)");