wpa_supplicant / hostapd
2.5
|
HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator. More...
#include "includes.h"
#include <sys/un.h>
#include "common.h"
#include "crypto/milenage.h"
#include "crypto/random.h"
Data Structures | |
struct | gsm_triplet |
struct | milenage_parameters |
Functions | |
int | main (int argc, char *argv[]) |
HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator.
This is an example implementation of the EAP-SIM/AKA database/authentication gateway interface to HLR/AuC. It is expected to be replaced with an implementation of SS7 gateway to GSM/UMTS authentication center (HLR/AuC) or a local implementation of SIM triplet and AKA authentication data generator.
hostapd will send SIM/AKA authentication queries over a UNIX domain socket to and external program, e.g., this hlr_auc_gw. This interface uses simple text-based format:
EAP-SIM / GSM triplet query/response: SIM-REQ-AUTH <IMSI> <max_chal> SIM-RESP-AUTH <IMSI> Kc1:SRES1:RAND1 Kc2:SRES2:RAND2 [Kc3:SRES3:RAND3] SIM-RESP-AUTH <IMSI> FAILURE GSM-AUTH-REQ <IMSI> RAND1:RAND2[:RAND3] GSM-AUTH-RESP <IMSI> Kc1:SRES1:Kc2:SRES2[:Kc3:SRES3] GSM-AUTH-RESP <IMSI> FAILURE
EAP-AKA / UMTS query/response: AKA-REQ-AUTH <IMSI> AKA-RESP-AUTH <IMSI> <RAND> <AUTN> <IK> <CK> <RES> AKA-RESP-AUTH <IMSI> FAILURE
EAP-AKA / UMTS AUTS (re-synchronization): AKA-AUTS <IMSI> <AUTS> <RAND>
IMSI and max_chal are sent as an ASCII string, Kc/SRES/RAND/AUTN/IK/CK/RES/AUTS as hex strings.
An example implementation here reads GSM authentication triplets from a text file in IMSI:Kc:SRES:RAND format, IMSI in ASCII, other fields as hex strings. This is used to simulate an HLR/AuC. As such, it is not very useful for real life authentication, but it is useful both as an example implementation and for EAP-SIM/AKA/AKA' testing.
For a stronger example design, Milenage and GSM-Milenage algorithms can be used to dynamically generate authenticatipn information for EAP-AKA/AKA' and EAP-SIM, respectively, if Ki is known.
SQN generation follows the not time-based Profile 2 described in 3GPP TS 33.102 Annex C.3.2. The length of IND is 5 bits by default, but this can be changed with a command line options if needed.