EAP peer: Cache decrypted requests for EAP-SIM/AKA/AKA'

Add an internal flag which indicates to tunneled EAP methods (FAST,
PEAP, TTLS) that they should cache decrypted EAP-SIM/AKA/AKA' requests.
This allows EAP-SIM/AKA/AKA' to be tunneled within these outer methods
while using an external SIM authenticator over the control interface.

Signed-off-by: Paul Stewart <pstew@google.com>

diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 15584a478b74820feaea77b994d602791ecd4530..bc90c7af99214b1f15921f74c7a6af9e6f214f02 100644 (file)
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2246,6 +2246,7 @@ static void eap_sm_request(struct eap_sm *sm, enum wpa_ctrl_req_type field,
                config->pending_req_passphrase++;
                break;
        case WPA_CTRL_REQ_SIM:
+               config->pending_req_sim++;
                txt = msg;
                break;
        case WPA_CTRL_REQ_EXT_CERT_CHECK:

diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
index f98007263b3380f3b8fa7383d127318afb73eedd..16521c3a180d2a37da8d092d3e462a1166fe7a0a 100644 (file)
--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
@@ -627,6 +627,15 @@ struct eap_peer_config {
         */
        int pending_req_passphrase;
 
+       /**
+        * pending_req_sim - Pending SIM request
+        *
+        * This field should not be set in configuration step. It is only used
+        * internally when control interface is used to request needed
+        * information.
+        */
+       int pending_req_sim;
+
        /**
         * pending_req_otp - Whether there is a pending OTP request
         *

diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index 964ebe74fede8003aeba4575a5531fbb2a9d841b..6f2b2a2572cd5cb4d510ae1821e6b224f29065d8 100644 (file)
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -484,7 +484,8 @@ static int eap_fast_phase2_request(struct eap_sm *sm,
 
        if (*resp == NULL && config &&
            (config->pending_req_identity || config->pending_req_password ||
-            config->pending_req_otp || config->pending_req_new_password)) {
+            config->pending_req_otp || config->pending_req_new_password ||
+            config->pending_req_sim)) {
                wpabuf_free(data->pending_phase2_req);
                data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
        } else if (*resp == NULL)

diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index efeddb853a14a7aeedc4b2e5b0543e3d13282cd9..2d79f1c3b1a0f1b683152879218d37bbf52480b3 100644 (file)
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -726,7 +726,8 @@ static int eap_peap_phase2_request(struct eap_sm *sm,
 
        if (*resp == NULL &&
            (config->pending_req_identity || config->pending_req_password ||
-            config->pending_req_otp || config->pending_req_new_password)) {
+            config->pending_req_otp || config->pending_req_new_password ||
+            config->pending_req_sim)) {
                wpabuf_free(data->pending_phase2_req);
                data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
        }

diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index e4bc22fcce27aaa6f822503596fa1f095611d0e8..ea4946ab5ae76b9cd3080a7b0b05e194e9ee243e 100644 (file)
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -458,7 +458,7 @@ static int eap_ttls_phase2_request_eap(struct eap_sm *sm,
 
        if (*resp == NULL &&
            (config->pending_req_identity || config->pending_req_password ||
-            config->pending_req_otp)) {
+            config->pending_req_otp || config->pending_req_sim)) {
                return 0;
        }
 
@@ -1280,7 +1280,8 @@ static int eap_ttls_process_decrypted(struct eap_sm *sm,
        } else if (config->pending_req_identity ||
                   config->pending_req_password ||
                   config->pending_req_otp ||
-                  config->pending_req_new_password) {
+                  config->pending_req_new_password ||
+                  config->pending_req_sim) {
                wpabuf_free(data->pending_phase2_req);
                data->pending_phase2_req = wpabuf_dup(in_decrypted);
        }
@@ -1317,7 +1318,8 @@ static int eap_ttls_implicit_identity_request(struct eap_sm *sm,
                    (config->pending_req_identity ||
                     config->pending_req_password ||
                     config->pending_req_otp ||
-                    config->pending_req_new_password)) {
+                    config->pending_req_new_password ||
+                    config->pending_req_sim)) {
                        /*
                         * Use empty buffer to force implicit request
                         * processing when EAP request is re-processed after

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index f89a71a61024b8f7dce1f0ea8c60b07bbd4c71fa..11bb7b93c08a50659edcc78aaae3234df78a305d 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -5974,6 +5974,7 @@ int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
        case WPA_CTRL_REQ_SIM:
                str_clear_free(eap->external_sim_resp);
                eap->external_sim_resp = os_strdup(value);
+               eap->pending_req_sim = 0;
                break;
        case WPA_CTRL_REQ_PSK_PASSPHRASE:
                if (wpa_config_set(ssid, "psk", value, 0) < 0)