aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_sim.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2008-11-06 02:21:32 (GMT)
committerJouni Malinen <j@w1.fi>2008-11-06 02:21:32 (GMT)
commit81eec387dd7c1f4521822e48023e950dfa7b5a52 (patch)
tree6becba9eb4af77dbb4cc22d19d4f342d4fef7cdf /src/eap_peer/eap_sim.c
parent31cbe002c9f818ff616938855cf3744ab2c4590d (diff)
downloadhostap-81eec387dd7c1f4521822e48023e950dfa7b5a52.zip
hostap-81eec387dd7c1f4521822e48023e950dfa7b5a52.tar.gz
hostap-81eec387dd7c1f4521822e48023e950dfa7b5a52.tar.bz2
Added Milenage-GSM simulator for EAP-SIM
CONFIG_SIM_SIMULATOR=y in .config and password="Ki:OPc" in network config to enable.
Diffstat (limited to 'src/eap_peer/eap_sim.c')
-rw-r--r--src/eap_peer/eap_sim.c85
1 files changed, 73 insertions, 12 deletions
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index c89eddd..b0523eb 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -19,6 +19,9 @@
#include "eap_config.h"
#include "pcsc_funcs.h"
#include "eap_common/eap_sim_common.h"
+#ifdef CONFIG_SIM_SIMULATOR
+#include "hlr_auc_gw/milenage.h"
+#endif /* CONFIG_SIM_SIMULATOR */
struct eap_sim_data {
@@ -142,26 +145,76 @@ static void eap_sim_deinit(struct eap_sm *sm, void *priv)
static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
{
+ struct eap_peer_config *conf;
+
wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
-#ifdef PCSC_FUNCS
- if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
- data->sres[0], data->kc[0]) ||
- scard_gsm_auth(sm->scard_ctx, data->rand[1],
- data->sres[1], data->kc[1]) ||
- (data->num_chal > 2 &&
- scard_gsm_auth(sm->scard_ctx, data->rand[2],
- data->sres[2], data->kc[2]))) {
- wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM authentication could "
- "not be completed");
+
+ conf = eap_get_config(sm);
+ if (conf == NULL)
return -1;
+ if (conf->pcsc) {
+ if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
+ data->sres[0], data->kc[0]) ||
+ scard_gsm_auth(sm->scard_ctx, data->rand[1],
+ data->sres[1], data->kc[1]) ||
+ (data->num_chal > 2 &&
+ scard_gsm_auth(sm->scard_ctx, data->rand[2],
+ data->sres[2], data->kc[2]))) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM "
+ "authentication could not be completed");
+ return -1;
+ }
+ return 0;
+ }
+
+#ifdef CONFIG_SIM_SIMULATOR
+ if (conf->password) {
+ u8 opc[16], k[16];
+ const char *pos;
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Use internal GSM-Milenage "
+ "implementation for authentication");
+ if (conf->password_len < 65) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: invalid GSM-Milenage "
+ "password");
+ return -1;
+ }
+ pos = (const char *) conf->password;
+ if (hexstr2bin(pos, k, 16))
+ return -1;
+ pos += 32;
+ if (*pos != ':')
+ return -1;
+ pos++;
+
+ if (hexstr2bin(pos, opc, 16))
+ return -1;
+
+ if (gsm_milenage(opc, k, data->rand[0],
+ data->sres[0], data->kc[0]) ||
+ gsm_milenage(opc, k, data->rand[1],
+ data->sres[1], data->kc[1]) ||
+ (data->num_chal > 2 &&
+ gsm_milenage(opc, k, data->rand[2],
+ data->sres[2], data->kc[2]))) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: GSM-Milenage "
+ "authentication could not be completed");
+ return -1;
+ }
+ return 0;
}
-#else /* PCSC_FUNCS */
+#endif /* CONFIG_SIM_SIMULATOR */
+
+#ifdef CONFIG_SIM_HARDCODED
/* These hardcoded Kc and SRES values are used for testing. RAND to
* KC/SREC mapping is very bogus as far as real authentication is
* concerned, but it is quite useful for cases where the AS is rotating
* the order of pre-configured values. */
{
size_t i;
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Use hardcoded Kc and SRES "
+ "values for testing");
+
for (i = 0; i < data->num_chal; i++) {
if (data->rand[i][0] == 0xaa) {
os_memcpy(data->kc[i],
@@ -184,8 +237,16 @@ static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
}
}
}
-#endif /* PCSC_FUNCS */
+
return 0;
+
+#else /* CONFIG_SIM_HARDCODED */
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: No GSM authentication algorithm "
+ "enabled");
+ return -1;
+
+#endif /* CONFIG_SIM_HARDCODED */
}