Added Milenage-GSM simulator for EAP-SIM

CONFIG_SIM_SIMULATOR=y in .config and password="Ki:OPc" in network config
to enable.
This commit is contained in:
Jouni Malinen 2008-11-06 04:21:32 +02:00 committed by Jouni Malinen
parent 31cbe002c9
commit 81eec387dd
3 changed files with 86 additions and 16 deletions

View file

@ -19,6 +19,9 @@
#include "eap_config.h" #include "eap_config.h"
#include "pcsc_funcs.h" #include "pcsc_funcs.h"
#include "eap_common/eap_sim_common.h" #include "eap_common/eap_sim_common.h"
#ifdef CONFIG_SIM_SIMULATOR
#include "hlr_auc_gw/milenage.h"
#endif /* CONFIG_SIM_SIMULATOR */
struct eap_sim_data { struct eap_sim_data {
@ -142,8 +145,14 @@ static void eap_sim_deinit(struct eap_sm *sm, void *priv)
static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data) static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
{ {
struct eap_peer_config *conf;
wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm"); wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
#ifdef PCSC_FUNCS
conf = eap_get_config(sm);
if (conf == NULL)
return -1;
if (conf->pcsc) {
if (scard_gsm_auth(sm->scard_ctx, data->rand[0], if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
data->sres[0], data->kc[0]) || data->sres[0], data->kc[0]) ||
scard_gsm_auth(sm->scard_ctx, data->rand[1], scard_gsm_auth(sm->scard_ctx, data->rand[1],
@ -151,17 +160,61 @@ static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
(data->num_chal > 2 && (data->num_chal > 2 &&
scard_gsm_auth(sm->scard_ctx, data->rand[2], scard_gsm_auth(sm->scard_ctx, data->rand[2],
data->sres[2], data->kc[2]))) { data->sres[2], data->kc[2]))) {
wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM authentication could " wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM "
"not be completed"); "authentication could not be completed");
return -1; return -1;
} }
#else /* PCSC_FUNCS */ return 0;
}
#ifdef CONFIG_SIM_SIMULATOR
if (conf->password) {
u8 opc[16], k[16];
const char *pos;
wpa_printf(MSG_DEBUG, "EAP-SIM: Use internal GSM-Milenage "
"implementation for authentication");
if (conf->password_len < 65) {
wpa_printf(MSG_DEBUG, "EAP-SIM: invalid GSM-Milenage "
"password");
return -1;
}
pos = (const char *) conf->password;
if (hexstr2bin(pos, k, 16))
return -1;
pos += 32;
if (*pos != ':')
return -1;
pos++;
if (hexstr2bin(pos, opc, 16))
return -1;
if (gsm_milenage(opc, k, data->rand[0],
data->sres[0], data->kc[0]) ||
gsm_milenage(opc, k, data->rand[1],
data->sres[1], data->kc[1]) ||
(data->num_chal > 2 &&
gsm_milenage(opc, k, data->rand[2],
data->sres[2], data->kc[2]))) {
wpa_printf(MSG_DEBUG, "EAP-SIM: GSM-Milenage "
"authentication could not be completed");
return -1;
}
return 0;
}
#endif /* CONFIG_SIM_SIMULATOR */
#ifdef CONFIG_SIM_HARDCODED
/* These hardcoded Kc and SRES values are used for testing. RAND to /* These hardcoded Kc and SRES values are used for testing. RAND to
* KC/SREC mapping is very bogus as far as real authentication is * KC/SREC mapping is very bogus as far as real authentication is
* concerned, but it is quite useful for cases where the AS is rotating * concerned, but it is quite useful for cases where the AS is rotating
* the order of pre-configured values. */ * the order of pre-configured values. */
{ {
size_t i; size_t i;
wpa_printf(MSG_DEBUG, "EAP-SIM: Use hardcoded Kc and SRES "
"values for testing");
for (i = 0; i < data->num_chal; i++) { for (i = 0; i < data->num_chal; i++) {
if (data->rand[i][0] == 0xaa) { if (data->rand[i][0] == 0xaa) {
os_memcpy(data->kc[i], os_memcpy(data->kc[i],
@ -184,8 +237,16 @@ static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
} }
} }
} }
#endif /* PCSC_FUNCS */
return 0; return 0;
#else /* CONFIG_SIM_HARDCODED */
wpa_printf(MSG_DEBUG, "EAP-SIM: No GSM authentication algorithm "
"enabled");
return -1;
#endif /* CONFIG_SIM_HARDCODED */
} }

View file

@ -1,10 +1,10 @@
ChangeLog for wpa_supplicant ChangeLog for wpa_supplicant
????-??-?? - v0.6.6 ????-??-?? - v0.6.6
* added Milenage USIM emulator for EAP-AKA (can be used to simulate * added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA
test USIM card with a known private key; enable with (can be used to simulate test SIM/USIM card with a known private key;
CONFIG_USIM_SIMULATOR in .config and password="Ki:OPc:SQN" in enable with CONFIG_SIM_SIMULATOR=y/CONFIG_USIM_SIMULATOR=y in .config
network configuration) and password="Ki:OPc"/password="Ki:OPc:SQN" in network configuration)
2008-11-01 - v0.6.5 2008-11-01 - v0.6.5
* added support for SHA-256 as X.509 certificate digest when using the * added support for SHA-256 as X.509 certificate digest when using the

View file

@ -578,8 +578,17 @@ LIBS += -lpcsclite -lpthread
endif endif
endif endif
ifdef CONFIG_SIM_SIMULATOR
CFLAGS += -DCONFIG_SIM_SIMULATOR
NEED_MILENAGE=y
endif
ifdef CONFIG_USIM_SIMULATOR ifdef CONFIG_USIM_SIMULATOR
CFLAGS += -DCONFIG_USIM_SIMULATOR CFLAGS += -DCONFIG_USIM_SIMULATOR
NEED_MILENAGE=y
endif
ifdef NEED_MILENAGE
OBJS += ../src/hlr_auc_gw/milenage.o OBJS += ../src/hlr_auc_gw/milenage.o
endif endif