EAP-SIM peer: Send AT_IDENTITY first

For EAP-SIM connections, reorder the order of the attributes in
EAP-Response/SIM/Start message: Send AT_IDENTITY first, then
AT_NONCE and AT_VERSION instead of AT_IDENTITY last. Even though there
is no order requirements in the RFC, some implementations expect the
order of the attributes to be exactly as described in the RFC figures.

Peer                                      Authenticator
|                                                 |
|                      +------------------------------+
|                      | Server does not have a       |
|                      | Subscriber identity available|
|                      | When starting EAP-SIM        |
|                      +------------------------------+
|                                                 |
|          EAP-Request/SIM/Start                  |
|          (AT_ANY_ID_REQ, AT_VERSION_LIST)       |
|<------------------------------------------------|
|                                                 |
|                                                 |
| EAP-Response/SIM/Start                          |
| (AT_IDENTITY, AT_NONCE_MT,                      |
|  AT_SELECTED_VERSION)                           |
|------------------------------------------------>|
|                                                 |

Signed-off-by: Hai Shalom <haishalom@google.com>

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index eaa1ad7152e74886fe99ad19f67ed4fc2b52510a..09866277d6a85720a7aa812500e7c6c911a15a04 100644 (file)
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -520,6 +520,12 @@ static struct wpabuf * eap_sim_response_start(struct eap_sm *sm,
        wpa_printf(MSG_DEBUG, "Generating EAP-SIM Start (id=%d)", id);
        msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id,
                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START);
+       if (identity) {
+               wpa_hexdump_ascii(MSG_DEBUG, "   AT_IDENTITY",
+                                 identity, identity_len);
+               eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
+                               identity, identity_len);
+       }
        if (!data->reauth) {
                wpa_hexdump(MSG_DEBUG, "   AT_NONCE_MT",
                            data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
@@ -531,13 +537,6 @@ static struct wpabuf * eap_sim_response_start(struct eap_sm *sm,
                                data->selected_version, NULL, 0);
        }
 
-       if (identity) {
-               wpa_hexdump_ascii(MSG_DEBUG, "   AT_IDENTITY",
-                                 identity, identity_len);
-               eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
-                               identity, identity_len);
-       }
-
        resp = eap_sim_msg_finish(msg, EAP_TYPE_SIM, NULL, NULL, 0);
        if (resp)
                eap_sim_state(data, START_DONE);