From: Jouni Malinen <j@w1.fi>
Date: Sat, 1 Sep 2012 21:39:48 +0000 (+0300)
Subject: EAP-SIM peer: Fix AT_COUNTER_TOO_SMALL use
X-Git-Tag: hostap_2_0~274
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5d65ca514dfdac74eb6af72ffd30a578b9df4cfa;p=thirdparty%2Fhostap.git

EAP-SIM peer: Fix AT_COUNTER_TOO_SMALL use

The AT_NONCE_S value needs to be used in AT_MAC calculation for
SIM/Re-authentication response even if re-authentication is rejected
with AT_COUNTER_TOO_SMALL.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
---

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index fb4ae8242..30614b901 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -432,7 +432,8 @@ static struct wpabuf * eap_sim_response_challenge(struct eap_sim_data *data,
 
 
 static struct wpabuf * eap_sim_response_reauth(struct eap_sim_data *data,
-					       u8 id, int counter_too_small)
+					       u8 id, int counter_too_small,
+					       const u8 *nonce_s)
 {
 	struct eap_sim_msg *msg;
 	unsigned int counter;
@@ -467,7 +468,7 @@ static struct wpabuf * eap_sim_response_reauth(struct eap_sim_data *data,
 	}
 	wpa_printf(MSG_DEBUG, "   AT_MAC");
 	eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
-	return eap_sim_msg_finish(msg, data->k_aut, data->nonce_s,
+	return eap_sim_msg_finish(msg, data->k_aut, nonce_s,
 				  EAP_SIM_NONCE_S_LEN);
 }
 
@@ -863,7 +864,7 @@ static struct wpabuf * eap_sim_process_reauthentication(
 		data->reauth_id = NULL;
 		data->reauth_id_len = 0;
 		os_free(decrypted);
-		return eap_sim_response_reauth(data, id, 1);
+		return eap_sim_response_reauth(data, id, 1, eattr.nonce_s);
 	}
 	data->counter = eattr.counter;
 
@@ -894,7 +895,7 @@ static struct wpabuf * eap_sim_process_reauthentication(
 		eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
 	}
 	os_free(decrypted);
-	return eap_sim_response_reauth(data, id, 0);
+	return eap_sim_response_reauth(data, id, 0, data->nonce_s);
 }