Commit Graph

9 Commits

Author SHA1 Message Date
Jouni Malinen
9bf403b920 EAP-SIM server: Store permanent username in session data
This allows identity use to be cleaned up in various operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 19:15:01 +03:00
Jouni Malinen
15cfe2b40f EAP-SIM server: Require SIM/Start response to include identity
Since we always request an identity in the request, the response
has to include AT_IDENTITY. This allows the SIM/Start response
processing to be simplified a bit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 18:56:35 +03:00
Jouni Malinen
336a46aeda EAP-SIM server: Use simpler SIM/Start identity request determination
There is no need to use eap_sim_db_identity_known() here since a new
SIM/Start message is built only if the identity in the previous response
was not recognized. The first round will always request AT_ANY_ID_REQ to
meet the RFC 4186 recommendation on EAP method specific identity request
being used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 18:51:09 +03:00
Jouni Malinen
1cebaabd80 EAP-SIM/AKA server: Allow pseudonym to be used after unknown reauth id
If the peer uses an unknown reauth id, it would still be possible to use
pseudonym instead of permanent id. Allow this by changing the
AT_PERMANENT_ID_REQ to AT_FULLAUTH_ID_REQ in case unknown reauth id is
used in EAP-Response/Identity.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-15 18:49:54 +03:00
Jouni Malinen
762e4ce620 EAP-AKA': Update to RFC 5448
There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.

Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:45:01 +03:00
Jouni Malinen
0047c047fc EAP-SIM/AKA server: Fix re-authentication not to update pseudonym
AT_NEXT_PSEUDONYM is supposed to be included only in the Challenge
messages, not in the Re-authentication messages. This attribute was
incorrectly included in the Re-authentication messages and could have
been used to update the pseudonym state on the server without the peer
updating its state.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-02-16 23:31:30 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
3642c4313a Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
2010-11-24 01:05:20 +02:00
Jouni Malinen
94d9bfd59b Rename EAP server source files to avoid duplicate names
This makes it easier to build both EAP peer and server functionality
into the same project with some toolchains.
2010-02-19 18:54:07 +02:00