[PATCH] Send Client-Error when AT_KDF attributes from the server are incorrect
Hatano, Tomoharu (Sony Mobile)
Tomoharu.Hatano at sony.com
Sun Sep 10 22:53:05 PDT 2017
Hi Jouni,
Thank you for your approval.
Best Regards,
Tomoharu Hatano
-----Original Message-----
From: Jouni Malinen [mailto:j at w1.fi]
Sent: Monday, September 11, 2017 4:51 AM
To: Hatano, Tomoharu (Sony Mobile) <Tomoharu.Hatano at sony.com>
Cc: hostap at lists.infradead.org; Akihiro Onodera <akihiro.onodera at sony.com>; Nanbu, Tomonori (Sony Mobile) <Tomonori.Nanbu at sony.com>; Sogo, Shinji (Sony Mobile) <Shinji.Sogo at sony.com>
Subject: Re: [PATCH] Send Client-Error when AT_KDF attributes from the server are incorrect
On Tue, Jul 25, 2017 at 12:25:51PM +0900, Tomoharu Hatano wrote:
> After KDF negotiation, must check only requested change occurred in
> the list of AT_KDF attributes. If there are any other changes, the
> peer must behave like the case that AT_MAC had been incorrect and
> authentication is failed. These are defined in EAP-AKA' specification RFC5448.
>
> Adds a complete check of AT_KDF attributes and sends Client-Error if a
> change which is not requested is included in it.
Thanks, applied.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list