From 5e779873ed01d3c8ca974e1b0c5994ebe1ee61fd Mon Sep 17 00:00:00 2001
From: Hai Shalom <haishalom@google.com>
Date: Fri, 16 Oct 2020 12:47:28 -0700
Subject: [PATCH] EAP-SIM peer: Send AT_IDENTITY first

For EAP-SIM connections, reorder the order of the attributes in
EAP-Response/SIM/Start message: Send AT_IDENTITY first, then
AT_NONCE and AT_VERSION instead of AT_IDENTITY last. Even though there
is no order requirements in the RFC, some implementations expect the
order of the attributes to be exactly as described in the RFC figures.

Peer                                      Authenticator
|                                                 |
|                      +------------------------------+
|                      | Server does not have a       |
|                      | Subscriber identity available|
|                      | When starting EAP-SIM        |
|                      +------------------------------+
|                                                 |
|          EAP-Request/SIM/Start                  |
|          (AT_ANY_ID_REQ, AT_VERSION_LIST)       |
|<------------------------------------------------|
|                                                 |
|                                                 |
| EAP-Response/SIM/Start                          |
| (AT_IDENTITY, AT_NONCE_MT,                      |
|  AT_SELECTED_VERSION)                           |
|------------------------------------------------>|
|                                                 |

Signed-off-by: Hai Shalom <haishalom@google.com>
---
 src/eap_peer/eap_sim.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index eaa1ad715..09866277d 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -520,6 +520,12 @@ static struct wpabuf * eap_sim_response_start(struct eap_sm *sm,
 	wpa_printf(MSG_DEBUG, "Generating EAP-SIM Start (id=%d)", id);
 	msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id,
 			       EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START);
+	if (identity) {
+		wpa_hexdump_ascii(MSG_DEBUG, "   AT_IDENTITY",
+				  identity, identity_len);
+		eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
+				identity, identity_len);
+	}
 	if (!data->reauth) {
 		wpa_hexdump(MSG_DEBUG, "   AT_NONCE_MT",
 			    data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
@@ -531,13 +537,6 @@ static struct wpabuf * eap_sim_response_start(struct eap_sm *sm,
 				data->selected_version, NULL, 0);
 	}
 
-	if (identity) {
-		wpa_hexdump_ascii(MSG_DEBUG, "   AT_IDENTITY",
-				  identity, identity_len);
-		eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
-				identity, identity_len);
-	}
-
 	resp = eap_sim_msg_finish(msg, EAP_TYPE_SIM, NULL, NULL, 0);
 	if (resp)
 		eap_sim_state(data, START_DONE);