EAP-AKA server: Require AKA/Identity response to include identity

Since we always request an identity in the request, the response
has to include AT_IDENTITY. This allows the AKA/Identity response
processing to be simplified a bit.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-09-01 19:23:14 +03:00
parent b4569a3bd8
commit 02a0ce13bc

View file

@ -773,6 +773,8 @@ static void eap_aka_process_identity(struct eap_sm *sm,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
u8 *new_identity;
wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");
if (attr->mac || attr->iv || attr->encr_data) {
@ -783,15 +785,28 @@ static void eap_aka_process_identity(struct eap_sm *sm,
return;
}
if (attr->identity) {
/*
* We always request identity with AKA/Identity, so the peer is
* required to have replied with one.
*/
if (!attr->identity || attr->identity_len == 0) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Peer did not provide any "
"identity");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
new_identity = os_malloc(attr->identity_len);
if (new_identity == NULL) {
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
os_free(sm->identity);
sm->identity = os_malloc(attr->identity_len);
if (sm->identity) {
os_memcpy(sm->identity, attr->identity,
attr->identity_len);
sm->identity = new_identity;
os_memcpy(sm->identity, attr->identity, attr->identity_len);
sm->identity_len = attr->identity_len;
}
}
eap_aka_determine_identity(sm, data, 0, 0);
if (eap_get_id(respData) == data->pending_id) {