From 37a3652d1e3e7b7724d7e0a7c68197c396979d97 Mon Sep 17 00:00:00 2001
From: Jimmy Chen <jimmycmchen@google.com>
Date: Thu, 9 Jun 2022 22:35:49 +0800
Subject: eap: look for the realm of anonymous identity as well

Some carriers won't ask for real identity at the beginning,
they will use anonymous identity instead,
ex. anonymous@wlan.mncXXX.mccYYY.3gppnetwork.org.
In this case, wpa_supplicant should look for the realm of
anonymous identity to decorate new pseudonym.

Bug: 233283842
Test: verify roaming flow: AP1 -> AP2 -> AP1 -> AP2
Change-Id: I2099bcd5554aed68b36fad1b866541fa441d210a
---
 src/eap_peer/eap_aka.c | 12 ++++++++++++
 src/eap_peer/eap_sim.c | 12 ++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index 8c475f13..ee7010d4 100644
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -385,6 +385,7 @@ static int eap_aka_learn_ids(struct eap_sm *sm, struct eap_aka_data *data,
 		size_t identity_len = 0;
 		const u8 *realm = NULL;
 		size_t realm_len = 0;
+		struct eap_peer_config *config = eap_get_config(sm);
 
 		wpa_hexdump_ascii(MSG_DEBUG,
 				  "EAP-AKA: (encr) AT_NEXT_PSEUDONYM",
@@ -400,6 +401,17 @@ static int eap_aka_learn_ids(struct eap_sm *sm, struct eap_aka_data *data,
 					break;
 			}
 		}
+		// If no realm from the permanent identity, look for the
+		// realm of the anonymous identity.
+		if (realm_len == 0 && config && config->anonymous_identity
+		    && config->anonymous_identity_len > 0) {
+			for (realm = config->anonymous_identity,
+			    realm_len = config->anonymous_identity_len;
+			    realm_len > 0; realm_len--, realm++) {
+				if (*realm == '@')
+					break;
+			}
+		}
 		data->pseudonym = os_malloc(attr->next_pseudonym_len +
 					    realm_len);
 		if (data->pseudonym == NULL) {
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index 09866277..de423e8b 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -407,6 +407,7 @@ static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data,
 		size_t identity_len = 0;
 		const u8 *realm = NULL;
 		size_t realm_len = 0;
+		struct eap_peer_config *config = eap_get_config(sm);
 
 		wpa_hexdump_ascii(MSG_DEBUG,
 				  "EAP-SIM: (encr) AT_NEXT_PSEUDONYM",
@@ -422,6 +423,17 @@ static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data,
 					break;
 			}
 		}
+		// If no realm from the permanent identity, look for the
+		// realm of the anonymous identity.
+		if (realm_len == 0 && config && config->anonymous_identity
+		    && config->anonymous_identity_len > 0) {
+			for (realm = config->anonymous_identity,
+			    realm_len = config->anonymous_identity_len;
+			    realm_len > 0; realm_len--, realm++) {
+				if (*realm == '@')
+					break;
+			}
+		}
 		data->pseudonym = os_malloc(attr->next_pseudonym_len +
 					    realm_len);
 		if (data->pseudonym == NULL) {
-- 
cgit v1.2.3