EAP-SIM/AKA: Separate identity for MK derivation This allows a separate configuration parameter (imsi_identity) to be used in EAP-SIM/AKA/AKA' profiles to override the identity used in MK derivation for the case where the identity is expected to be from the last AT_IDENTITY attribute (or EAP-Response/Identity if AT_IDENTITY was not used). This may be needed to avoid sending out an unprotected permanent identity information over-the-air and if the EAP-SIM/AKA server ends up using a value based on the real IMSI during the internal key derivation operation (that does not expose the data to others). Bug: 30988281 Change-Id: I41df97009fbd4dbeb968b3ec31d0c1b45d8f2c70 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

commit: a3cb6f0cb4a583fbfbd08bcac10af3a13635423d [log] [tgz]
author: Jouni Malinen <jouni@qca.qualcomm.com> Fri Dec 08 17:05:40 2017 +0200
committer: Ecco Park <eccopark@google.com> Fri Jan 26 11:28:25 2018 -0800
tree: ae51bdadb2e7cd71e70970bfe45a480093922d3d
parent: 1de8d6736221947129c41efb93de4e88a5660e27 [diff] [blame]
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index a0d480e..a22434c 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c

@@ -2154,6 +2154,7 @@
 	{ FUNC(eap) },
 	{ STR_LENe(identity) },
 	{ STR_LENe(anonymous_identity) },
+	{ STR_LENe(imsi_identity) },
 	{ FUNC_KEY(password) },
 	{ STRe(ca_cert) },
 	{ STRe(ca_path) },
@@ -2411,6 +2412,7 @@
 	os_free(eap->eap_methods);
 	bin_clear_free(eap->identity, eap->identity_len);
 	os_free(eap->anonymous_identity);
+	os_free(eap->imsi_identity);
 	bin_clear_free(eap->password, eap->password_len);
 	os_free(eap->ca_cert);
 	os_free(eap->ca_path);
commit	a3cb6f0cb4a583fbfbd08bcac10af3a13635423d	[log] [tgz]
author	Jouni Malinen <jouni@qca.qualcomm.com>	Fri Dec 08 17:05:40 2017 +0200
committer	Ecco Park <eccopark@google.com>	Fri Jan 26 11:28:25 2018 -0800
tree	ae51bdadb2e7cd71e70970bfe45a480093922d3d
parent	1de8d6736221947129c41efb93de4e88a5660e27 [diff] [blame]