From: Hai Shalom <haishalom@google.com>
Date: Fri, 16 Oct 2020 19:47:28 +0000 (-0700)
Subject: EAP-SIM peer: Send AT_IDENTITY first
X-Git-Tag: hostap_2_10~793
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e779873ed01d3c8ca974e1b0c5994ebe1ee61fd;p=thirdparty%2Fhostap.git

EAP-SIM peer: Send AT_IDENTITY first

For EAP-SIM connections, reorder the order of the attributes in
EAP-Response/SIM/Start message: Send AT_IDENTITY first, then
AT_NONCE and AT_VERSION instead of AT_IDENTITY last. Even though there
is no order requirements in the RFC, some implementations expect the
order of the attributes to be exactly as described in the RFC figures.

Peer                                      Authenticator
|                                                 |
|                      +------------------------------+
|                      | Server does not have a       |
|                      | Subscriber identity available|
|                      | When starting EAP-SIM        |
|                      +------------------------------+
|                                                 |
|          EAP-Request/SIM/Start                  |
|          (AT_ANY_ID_REQ, AT_VERSION_LIST)       |
|<------------------------------------------------|
|                                                 |
|                                                 |
| EAP-Response/SIM/Start                          |
| (AT_IDENTITY, AT_NONCE_MT,                      |
|  AT_SELECTED_VERSION)                           |
|------------------------------------------------>|
|                                                 |

Signed-off-by: Hai Shalom <haishalom@google.com>
---

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index eaa1ad715..09866277d 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -520,6 +520,12 @@ static struct wpabuf * eap_sim_response_start(struct eap_sm *sm,
 	wpa_printf(MSG_DEBUG, "Generating EAP-SIM Start (id=%d)", id);
 	msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id,
 			       EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START);
+	if (identity) {
+		wpa_hexdump_ascii(MSG_DEBUG, "   AT_IDENTITY",
+				  identity, identity_len);
+		eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
+				identity, identity_len);
+	}
 	if (!data->reauth) {
 		wpa_hexdump(MSG_DEBUG, "   AT_NONCE_MT",
 			    data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
@@ -531,13 +537,6 @@ static struct wpabuf * eap_sim_response_start(struct eap_sm *sm,
 				data->selected_version, NULL, 0);
 	}
 
-	if (identity) {
-		wpa_hexdump_ascii(MSG_DEBUG, "   AT_IDENTITY",
-				  identity, identity_len);
-		eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
-				identity, identity_len);
-	}
-
 	resp = eap_sim_msg_finish(msg, EAP_TYPE_SIM, NULL, NULL, 0);
 	if (resp)
 		eap_sim_state(data, START_DONE);