aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd/hlr_auc_gw.txt
blob: 097bbce36297d3774a32965aac1c71db20dc41f7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator

hlr_auc_gw is an example implementation of the EAP-SIM/AKA/AKA'
database/authentication gateway interface to HLR/AuC. It could be
replaced with an implementation of SS7 gateway to GSM/UMTS
authentication center (HLR/AuC). hostapd will send SIM/AKA
authentication queries over a UNIX domain socket to and external
program, e.g., hlr_auc_gw.

hlr_auc_gw can be configured with GSM and UMTS authentication data with
text files: GSM triplet file (see hostapd.sim_db) and Milenage file (see
hlr_auc_gw.milenage_db). Milenage parameters can be used to generate
dynamic authentication data for EAP-SIM, EAP-AKA, and EAP-AKA' while the
GSM triplet data is used for a more static configuration (e.g., triplets
extracted from a SIM card).

Alternatively, hlr_auc_gw can be built with support for an SQLite
database for more dynamic operations. This is enabled by adding
"CONFIG_SQLITE=y" into hostapd/.config before building hlr_auc_gw ("make
clean; make hlr_auc_gw" in this directory).

hostapd is configured to use hlr_auc_gw with the eap_sim_db parameter in
hostapd.conf (e.g., "eap_sim_db=unix:/tmp/hlr_auc_gw.sock"). hlr_auc_gw
is configured with command line parameters:

hlr_auc_gw [-hu] [-s<socket path>] [-g<triplet file>] [-m<milenage file>] \
        [-D<DB file>] [-i<IND len in bits>]

options:
  -h = show this usage help
  -u = update SQN in Milenage file on exit
  -s<socket path> = path for UNIX domain socket
                    (default: /tmp/hlr_auc_gw.sock)
  -g<triplet file> = path for GSM authentication triplets
  -m<milenage file> = path for Milenage keys
  -D<DB file> = path to SQLite database
  -i<IND len in bits> = IND length for SQN (default: 5)


The SQLite database can be initialized with sqlite, e.g., by running
following commands in "sqlite3 /path/to/hlr_auc_gw.db":

CREATE TABLE milenage(
  imsi INTEGER PRIMARY KEY NOT NULL,
  ki CHAR(32) NOT NULL,
  opc CHAR(32) NOT NULL,
  amf CHAR(4) NOT NULL,
  sqn CHAR(12) NOT NULL
);
INSERT INTO milenage(imsi,ki,opc,amf,sqn) VALUES(
  232010000000000,
  '90dca4eda45b53cf0f12d7c9c3bc6a89',
  'cb9cccc4b9258e6dca4760379fb82581',
  '61df',
  '000000000000'
);
INSERT INTO milenage(imsi,ki,opc,amf,sqn) VALUES(
  555444333222111,
  '5122250214c33e723a5dd523fc145fc0',
  '981d464c7c52eb6e5036234984ad0bcf',
  'c3ab',
  '16f3b3f70fc1'
);


hostapd (EAP server) can also be configured to store the EAP-SIM/AKA
pseudonyms and reauth information into a SQLite database. This is
configured with the db parameter within the eap_sim_db configuration
option.


"hlr_auc_gw -D /path/to/hlr_auc_gw.db" can then be used to fetch
Milenage parameters based on IMSI from the database. The database can be
updated dynamically while hlr_auc_gw is running to add/remove/modify
entries.


Example configuration files for hostapd to operate as a RADIUS
authentication server for EAP-SIM/AKA/AKA':

hostapd.conf:

driver=none
radius_server_clients=hostapd.radius_clients
eap_server=1
eap_user_file=hostapd.eap_user
eap_sim_db=unix:/tmp/hlr_auc_gw.sock db=/tmp/eap_sim.db
eap_sim_aka_result_ind=1

hostapd.radius_clients:

0.0.0.0/0 radius

hostapd.eap_user:

"0"*  AKA
"1"*  SIM
"2"*  AKA
"3"*  SIM
"4"*  AKA
"5"*  SIM
"6"*  AKA'
"7"*  AKA'
"8"*  AKA'