[RFC][PATCH 0/5] wpa_supplicant: Support realms according to 3GPP TS 23.003

Jouni Malinen j at w1.fi
Sun Jan 8 23:43:29 EST 2012


On Tue, Jan 03, 2012 at 12:29:09AM +0100, Simon Baatz wrote:
> here is a set of proposed patches to derive the realm from the IMSI
> according to 3GPP TS 23.003 for EAP-SIM and EAP-AKA in wpa_supplicant as
> recommended by the respective RFCs.

Thanks!

Could you please read the CONTRIBUTIONS file in the top directory of
hostap.git (*) and send the patches with Signed-hostap line in the
commit message?

(*)
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=CONTRIBUTIONS

> Patches 1/5 and 2/5 are improvements with respect to pseudonym handling. RFC
> 4186 states in section 4.2.1.9:
> 
>   When using a pseudonym username in an environment where a realm
>   portion is used, the peer concatenates the received pseudonym
>   username with the "@" character and an NAI realm portion.
> 
> (The same applies to EAP-AKA.) Thus, if the permanent identity includes a
> realm, this realm should be appended to the received pseudonyms as well.

Sounds reasonable.

> Patch 3/5 adds a function to read the MNC length from the EF-AD file on the
> SIM/USIM.  I could only test this with one SIM/USIM card, which has an MNC
> length of two.  If possible, this should be tested with other cards as well,
> but I don't have the means to do this.

I have a set of test cards and number of them from US, so I hope I can
run somewhat more complete testing once I get back home.

> Patch 4/5 adds the config item to enable the feature and 5/5 adds the actual
> derivation of the realm from the IMSI.

Do we really need the extra configuration parameter for this? Shouldn't
it be fine to add the realm always when generating the identity
automatically? If someone really needs to get the realm removed, it
should be fine to require identity to be configured for that case.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list