EAP SM should prefer first specified EAP method for IMSI authentication

Kaustav Dey Biswas kaustav_deybiswas
Wed Sep 12 08:13:26 PDT 2012


Hi all,

In the EAP state machine, while retrieving identity information for the SCARD, the eap_sm_imsi_identity() function (eap_peer/eap.c) would go over all the configured EAP methods and would essentially select one from EAP-SIM, EAP-AKA and EAP-AKA-PRIME. The way this currently works is, first, the method is defaulted to EAP-SIM. Then, all the available methods are looped over, and it is checked whether EAP-AKA or EAP-AKA-PRIME is there in the list, and if so, either of them (respectively) is selected. However, this approach actually de-prioritizes EAP-SIM in scenarios where both EAP-SIM and EAP-AKA (or PRIME) are present. In such a case, whatever be the order of the specified methods, EAP-SIM never gets selected.

Is this the intended behaviour? Wouldn't it be more logical to select the first method in the list, since many applications would list out the available EAP methods in the order of preference? This can be achieved by adding a simple check for EAP-SIM in the loop (similar to the EAP-AKA and EAP-AKA-PRIME checks), so that it is ensured that if EAP-SIM is first in the list, it gets selected. This way, the first specified EAP method would always get selected and EAP-SIM wouldn't be de-prioritized where multiple EAP methods are available.

Please share your opinion about this.

Thanks & Regards,
Kaustav




More information about the Hostap mailing list