|
wpa_supplicant / hostapd 2.0
|
|
wpa_supplicant / hostapd 2.0
|
HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator. More...
#include "includes.h"#include <sys/un.h>#include "common.h"#include "crypto/milenage.h"#include "crypto/random.h"Data Structures | |
| struct | gsm_triplet |
| struct | milenage_parameters |
Defines | |
| #define | EAP_SIM_MAX_CHAL 3 |
| #define | EAP_AKA_RAND_LEN 16 |
| #define | EAP_AKA_AUTN_LEN 16 |
| #define | EAP_AKA_AUTS_LEN 14 |
| #define | EAP_AKA_RES_MAX_LEN 16 |
| #define | EAP_AKA_IK_LEN 16 |
| #define | EAP_AKA_CK_LEN 16 |
Functions | |
| int | main (int argc, char *argv[]) |
Variables | |
| static struct gsm_triplet * | gsm_db_pos = NULL |
HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator.
This software may be distributed under the terms of the BSD license. See README for more details.
This is an example implementation of the EAP-SIM/AKA database/authentication gateway interface to HLR/AuC. It is expected to be replaced with an implementation of SS7 gateway to GSM/UMTS authentication center (HLR/AuC) or a local implementation of SIM triplet and AKA authentication data generator.
hostapd will send SIM/AKA authentication queries over a UNIX domain socket to and external program, e.g., this hlr_auc_gw. This interface uses simple text-based format:
EAP-SIM / GSM triplet query/response: SIM-REQ-AUTH <IMSI> <max_chal> SIM-RESP-AUTH <IMSI> Kc1:SRES1:RAND1 Kc2:SRES2:RAND2 [Kc3:SRES3:RAND3] SIM-RESP-AUTH <IMSI> FAILURE
EAP-AKA / UMTS query/response: AKA-REQ-AUTH <IMSI> AKA-RESP-AUTH <IMSI> <RAND> <AUTN> <IK> <CK> <RES> AKA-RESP-AUTH <IMSI> FAILURE
EAP-AKA / UMTS AUTS (re-synchronization): AKA-AUTS <IMSI> <AUTS> <RAND>
IMSI and max_chal are sent as an ASCII string, Kc/SRES/RAND/AUTN/IK/CK/RES/AUTS as hex strings.
The example implementation here reads GSM authentication triplets from a text file in IMSI:Kc:SRES:RAND format, IMSI in ASCII, other fields as hex strings. This is used to simulate an HLR/AuC. As such, it is not very useful for real life authentication, but it is useful both as an example implementation and for EAP-SIM testing.
1.7.3