EAP-AKA': Comment out EAP-AKA' server KDF negotiation

Since only one KDF is currently supported, the negotiation is not
allowed and peer must be rejected if it tries to send KDF selection in a
Challenge message. The negotiation code is left in the file and just
commented out since it was tested to work and can be used in the future
if another KDF is added.

diff --git a/src/eap_server/eap_aka_prime.c b/src/eap_server/eap_aka_prime.c
index 1563086..4627a94 100644 (file)
--- a/src/eap_server/eap_aka_prime.c
+++ b/src/eap_server/eap_aka_prime.c
@@ -761,6 +761,9 @@ static void eap_aka_process_challenge(struct eap_sm *sm,
 
        wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Challenge");
 
+#if 0
+       /* KDF negotiation; to be enabled only after more than one KDF is
+        * supported */
        if (data->eap_method == EAP_TYPE_AKA_PRIME &&
            attr->kdf_count == 1 && attr->mac == NULL) {
                if (attr->kdf[0] != EAP_AKA_PRIME_KDF) {
@@ -779,6 +782,7 @@ static void eap_aka_process_challenge(struct eap_sm *sm,
                wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
                return;
        }
+#endif
 
        if (attr->checkcode &&
            eap_aka_verify_checkcode(data, attr->checkcode,