EAP-SIM peer: Fix AT_COUNTER_TOO_SMALL use

The AT_NONCE_S value needs to be used in AT_MAC calculation for
SIM/Re-authentication response even if re-authentication is rejected
with AT_COUNTER_TOO_SMALL.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index fb4ae82421cb88f13b430bf34b875f3257dc4141..30614b90170fe40f39e5f56a0cf02ead2ad06fb0 100644 (file)
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -432,7 +432,8 @@ static struct wpabuf * eap_sim_response_challenge(struct eap_sim_data *data,
 
 
 static struct wpabuf * eap_sim_response_reauth(struct eap_sim_data *data,
-                                              u8 id, int counter_too_small)
+                                              u8 id, int counter_too_small,
+                                              const u8 *nonce_s)
 {
        struct eap_sim_msg *msg;
        unsigned int counter;
@@ -467,7 +468,7 @@ static struct wpabuf * eap_sim_response_reauth(struct eap_sim_data *data,
        }
        wpa_printf(MSG_DEBUG, "   AT_MAC");
        eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
-       return eap_sim_msg_finish(msg, data->k_aut, data->nonce_s,
+       return eap_sim_msg_finish(msg, data->k_aut, nonce_s,
                                  EAP_SIM_NONCE_S_LEN);
 }
 
@@ -863,7 +864,7 @@ static struct wpabuf * eap_sim_process_reauthentication(
                data->reauth_id = NULL;
                data->reauth_id_len = 0;
                os_free(decrypted);
-               return eap_sim_response_reauth(data, id, 1);
+               return eap_sim_response_reauth(data, id, 1, eattr.nonce_s);
        }
        data->counter = eattr.counter;
 
@@ -894,7 +895,7 @@ static struct wpabuf * eap_sim_process_reauthentication(
                eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
        }
        os_free(decrypted);
-       return eap_sim_response_reauth(data, id, 0);
+       return eap_sim_response_reauth(data, id, 0, data->nonce_s);
 }