2 * HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator
3 * Copyright (c) 2005-2007, 2012-2013, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This is an example implementation of the EAP-SIM/AKA database/authentication
9 * gateway interface to HLR/AuC. It is expected to be replaced with an
10 * implementation of SS7 gateway to GSM/UMTS authentication center (HLR/AuC) or
11 * a local implementation of SIM triplet and AKA authentication data generator.
13 * hostapd will send SIM/AKA authentication queries over a UNIX domain socket
14 * to and external program, e.g., this hlr_auc_gw. This interface uses simple
17 * EAP-SIM / GSM triplet query/response:
18 * SIM-REQ-AUTH <IMSI> <max_chal>
19 * SIM-RESP-AUTH <IMSI> Kc1:SRES1:RAND1 Kc2:SRES2:RAND2 [Kc3:SRES3:RAND3]
20 * SIM-RESP-AUTH <IMSI> FAILURE
22 * EAP-AKA / UMTS query/response:
24 * AKA-RESP-AUTH <IMSI> <RAND> <AUTN> <IK> <CK> <RES>
25 * AKA-RESP-AUTH <IMSI> FAILURE
27 * EAP-AKA / UMTS AUTS (re-synchronization):
28 * AKA-AUTS <IMSI> <AUTS> <RAND>
30 * IMSI and max_chal are sent as an ASCII string,
31 * Kc/SRES/RAND/AUTN/IK/CK/RES/AUTS as hex strings.
33 * An example implementation here reads GSM authentication triplets from a
34 * text file in IMSI:Kc:SRES:RAND format, IMSI in ASCII, other fields as hex
35 * strings. This is used to simulate an HLR/AuC. As such, it is not very useful
36 * for real life authentication, but it is useful both as an example
37 * implementation and for EAP-SIM/AKA/AKA' testing.
39 * For a stronger example design, Milenage and GSM-Milenage algorithms can be
40 * used to dynamically generate authenticatipn information for EAP-AKA/AKA' and
41 * EAP-SIM, respectively, if Ki is known.
43 * SQN generation follows the not time-based Profile 2 described in
44 * 3GPP TS 33.102 Annex C.3.2. The length of IND is 5 bits by default, but this
45 * can be changed with a command line options if needed.
52 #endif /* CONFIG_SQLITE */
55 #include "crypto/milenage.h"
56 #include "crypto/random.h"
58 static const char *default_socket_path = "/tmp/hlr_auc_gw.sock";
59 static const char *socket_path;
60 static int serv_sock = -1;
61 static char *milenage_file = NULL;
62 static int update_milenage = 0;
63 static int sqn_changes = 0;
64 static int ind_len = 5;
65 static int stdout_debug = 1;
69 struct gsm_triplet *next;
76 static struct gsm_triplet *gsm_db = NULL, *gsm_db_pos = NULL;
78 /* OPc and AMF parameters for Milenage (Example algorithms for AKA). */
79 struct milenage_parameters {
80 struct milenage_parameters *next;
89 static struct milenage_parameters *milenage_db = NULL;
91 #define EAP_SIM_MAX_CHAL 3
93 #define EAP_AKA_RAND_LEN 16
94 #define EAP_AKA_AUTN_LEN 16
95 #define EAP_AKA_AUTS_LEN 14
96 #define EAP_AKA_RES_MAX_LEN 16
97 #define EAP_AKA_IK_LEN 16
98 #define EAP_AKA_CK_LEN 16
103 static sqlite3 *sqlite_db = NULL;
104 static struct milenage_parameters db_tmp_milenage;
107 static int db_table_exists(sqlite3 *db, const char *name)
110 os_snprintf(cmd, sizeof(cmd), "SELECT 1 FROM %s;", name);
111 return sqlite3_exec(db, cmd, NULL, NULL, NULL) == SQLITE_OK;
115 static int db_table_create_milenage(sqlite3 *db)
119 "CREATE TABLE milenage("
120 " imsi INTEGER PRIMARY KEY NOT NULL,"
121 " ki CHAR(32) NOT NULL,"
122 " opc CHAR(32) NOT NULL,"
123 " amf CHAR(4) NOT NULL,"
124 " sqn CHAR(12) NOT NULL"
127 printf("Adding database table for milenage information\n");
128 if (sqlite3_exec(db, sql, NULL, NULL, &err) != SQLITE_OK) {
129 printf("SQLite error: %s\n", err);
138 static sqlite3 * db_open(const char *db_file)
142 if (sqlite3_open(db_file, &db)) {
143 printf("Failed to open database %s: %s\n",
144 db_file, sqlite3_errmsg(db));
149 if (!db_table_exists(db, "milenage") &&
150 db_table_create_milenage(db) < 0) {
159 static int get_milenage_cb(void *ctx, int argc, char *argv[], char *col[])
161 struct milenage_parameters *m = ctx;
166 for (i = 0; i < argc; i++) {
167 if (os_strcmp(col[i], "ki") == 0 && argv[i] &&
168 hexstr2bin(argv[i], m->ki, sizeof(m->ki))) {
169 printf("Invalid ki value in database\n");
173 if (os_strcmp(col[i], "opc") == 0 && argv[i] &&
174 hexstr2bin(argv[i], m->opc, sizeof(m->opc))) {
175 printf("Invalid opcvalue in database\n");
179 if (os_strcmp(col[i], "amf") == 0 && argv[i] &&
180 hexstr2bin(argv[i], m->amf, sizeof(m->amf))) {
181 printf("Invalid amf value in database\n");
185 if (os_strcmp(col[i], "sqn") == 0 && argv[i] &&
186 hexstr2bin(argv[i], m->sqn, sizeof(m->sqn))) {
187 printf("Invalid sqn value in database\n");
196 static struct milenage_parameters * db_get_milenage(const char *imsi_txt)
199 unsigned long long imsi;
201 os_memset(&db_tmp_milenage, 0, sizeof(db_tmp_milenage));
202 imsi = atoll(imsi_txt);
203 os_snprintf(db_tmp_milenage.imsi, sizeof(db_tmp_milenage.imsi),
205 os_snprintf(cmd, sizeof(cmd),
206 "SELECT ki,opc,amf,sqn FROM milenage WHERE imsi=%llu;",
208 if (sqlite3_exec(sqlite_db, cmd, get_milenage_cb, &db_tmp_milenage,
212 if (!db_tmp_milenage.set)
214 return &db_tmp_milenage;
218 static int db_update_milenage_sqn(struct milenage_parameters *m)
220 char cmd[128], val[13], *pos;
222 if (sqlite_db == NULL)
226 pos += wpa_snprintf_hex(pos, sizeof(val), m->sqn, 6);
228 os_snprintf(cmd, sizeof(cmd),
229 "UPDATE milenage SET sqn='%s' WHERE imsi=%s;",
231 if (sqlite3_exec(sqlite_db, cmd, NULL, NULL, NULL) != SQLITE_OK) {
232 printf("Failed to update SQN in database for IMSI %s\n",
239 #endif /* CONFIG_SQLITE */
242 static int open_socket(const char *path)
244 struct sockaddr_un addr;
247 s = socket(PF_UNIX, SOCK_DGRAM, 0);
249 perror("socket(PF_UNIX)");
253 memset(&addr, 0, sizeof(addr));
254 addr.sun_family = AF_UNIX;
255 os_strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
256 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
257 perror("hlr-auc-gw: bind(PF_UNIX)");
266 static int read_gsm_triplets(const char *fname)
269 char buf[200], *pos, *pos2;
270 struct gsm_triplet *g = NULL;
276 f = fopen(fname, "r");
278 printf("Could not open GSM tripler data file '%s'\n", fname);
283 while (fgets(buf, sizeof(buf), f)) {
286 /* Parse IMSI:Kc:SRES:RAND */
287 buf[sizeof(buf) - 1] = '\0';
291 while (*pos != '\0' && *pos != '\n')
299 g = os_zalloc(sizeof(*g));
306 pos2 = strchr(pos, ':');
308 printf("%s:%d - Invalid IMSI (%s)\n",
314 if (strlen(pos) >= sizeof(g->imsi)) {
315 printf("%s:%d - Too long IMSI (%s)\n",
320 os_strlcpy(g->imsi, pos, sizeof(g->imsi));
324 pos2 = strchr(pos, ':');
326 printf("%s:%d - Invalid Kc (%s)\n", fname, line, pos);
331 if (strlen(pos) != 16 || hexstr2bin(pos, g->kc, 8)) {
332 printf("%s:%d - Invalid Kc (%s)\n", fname, line, pos);
339 pos2 = strchr(pos, ':');
341 printf("%s:%d - Invalid SRES (%s)\n", fname, line,
347 if (strlen(pos) != 8 || hexstr2bin(pos, g->sres, 4)) {
348 printf("%s:%d - Invalid SRES (%s)\n", fname, line,
356 pos2 = strchr(pos, ':');
359 if (strlen(pos) != 32 || hexstr2bin(pos, g->_rand, 16)) {
360 printf("%s:%d - Invalid RAND (%s)\n", fname, line,
379 static struct gsm_triplet * get_gsm_triplet(const char *imsi)
381 struct gsm_triplet *g = gsm_db_pos;
384 if (strcmp(g->imsi, imsi) == 0) {
385 gsm_db_pos = g->next;
392 while (g && g != gsm_db_pos) {
393 if (strcmp(g->imsi, imsi) == 0) {
394 gsm_db_pos = g->next;
404 static int read_milenage(const char *fname)
407 char buf[200], *pos, *pos2;
408 struct milenage_parameters *m = NULL;
414 f = fopen(fname, "r");
416 printf("Could not open Milenage data file '%s'\n", fname);
421 while (fgets(buf, sizeof(buf), f)) {
424 /* Parse IMSI Ki OPc AMF SQN */
425 buf[sizeof(buf) - 1] = '\0';
429 while (*pos != '\0' && *pos != '\n')
437 m = os_zalloc(sizeof(*m));
444 pos2 = strchr(pos, ' ');
446 printf("%s:%d - Invalid IMSI (%s)\n",
452 if (strlen(pos) >= sizeof(m->imsi)) {
453 printf("%s:%d - Too long IMSI (%s)\n",
458 os_strlcpy(m->imsi, pos, sizeof(m->imsi));
462 pos2 = strchr(pos, ' ');
464 printf("%s:%d - Invalid Ki (%s)\n", fname, line, pos);
469 if (strlen(pos) != 32 || hexstr2bin(pos, m->ki, 16)) {
470 printf("%s:%d - Invalid Ki (%s)\n", fname, line, pos);
477 pos2 = strchr(pos, ' ');
479 printf("%s:%d - Invalid OPc (%s)\n", fname, line, pos);
484 if (strlen(pos) != 32 || hexstr2bin(pos, m->opc, 16)) {
485 printf("%s:%d - Invalid OPc (%s)\n", fname, line, pos);
492 pos2 = strchr(pos, ' ');
494 printf("%s:%d - Invalid AMF (%s)\n", fname, line, pos);
499 if (strlen(pos) != 4 || hexstr2bin(pos, m->amf, 2)) {
500 printf("%s:%d - Invalid AMF (%s)\n", fname, line, pos);
507 pos2 = strchr(pos, ' ');
510 if (strlen(pos) != 12 || hexstr2bin(pos, m->sqn, 6)) {
511 printf("%s:%d - Invalid SEQ (%s)\n", fname, line, pos);
517 m->next = milenage_db;
529 static void update_milenage_file(const char *fname)
533 char *end = buf + sizeof(buf);
534 struct milenage_parameters *m;
537 f = fopen(fname, "r");
539 printf("Could not open Milenage data file '%s'\n", fname);
543 snprintf(buf, sizeof(buf), "%s.new", fname);
544 f2 = fopen(buf, "w");
546 printf("Could not write Milenage data file '%s'\n", buf);
551 while (fgets(buf, sizeof(buf), f)) {
552 /* IMSI Ki OPc AMF SQN */
553 buf[sizeof(buf) - 1] = '\0';
555 pos = strchr(buf, ' ');
556 if (buf[0] == '#' || pos == NULL || pos - buf >= 20)
559 imsi_len = pos - buf;
561 for (m = milenage_db; m; m = m->next) {
562 if (strncmp(buf, m->imsi, imsi_len) == 0 &&
563 m->imsi[imsi_len] == '\0')
571 pos += snprintf(pos, end - pos, "%s ", m->imsi);
572 pos += wpa_snprintf_hex(pos, end - pos, m->ki, 16);
574 pos += wpa_snprintf_hex(pos, end - pos, m->opc, 16);
576 pos += wpa_snprintf_hex(pos, end - pos, m->amf, 2);
578 pos += wpa_snprintf_hex(pos, end - pos, m->sqn, 6);
582 fprintf(f2, "%s", buf);
588 snprintf(buf, sizeof(buf), "%s.bak", fname);
589 if (rename(fname, buf) < 0) {
594 snprintf(buf, sizeof(buf), "%s.new", fname);
595 if (rename(buf, fname) < 0) {
603 static struct milenage_parameters * get_milenage(const char *imsi)
605 struct milenage_parameters *m = milenage_db;
608 if (strcmp(m->imsi, imsi) == 0)
615 m = db_get_milenage(imsi);
616 #endif /* CONFIG_SQLITE */
622 static int sim_req_auth(char *imsi, char *resp, size_t resp_len)
624 int count, max_chal, ret;
627 struct milenage_parameters *m;
628 struct gsm_triplet *g;
632 pos = strchr(imsi, ' ');
635 max_chal = atoi(pos);
636 if (max_chal < 1 || max_chal > EAP_SIM_MAX_CHAL)
637 max_chal = EAP_SIM_MAX_CHAL;
639 max_chal = EAP_SIM_MAX_CHAL;
641 rend = resp + resp_len;
643 ret = snprintf(rpos, rend - rpos, "SIM-RESP-AUTH %s", imsi);
644 if (ret < 0 || ret >= rend - rpos)
648 m = get_milenage(imsi);
650 u8 _rand[16], sres[4], kc[8];
651 for (count = 0; count < max_chal; count++) {
652 if (random_get_bytes(_rand, 16) < 0)
654 gsm_milenage(m->opc, m->ki, _rand, sres, kc);
656 rpos += wpa_snprintf_hex(rpos, rend - rpos, kc, 8);
658 rpos += wpa_snprintf_hex(rpos, rend - rpos, sres, 4);
660 rpos += wpa_snprintf_hex(rpos, rend - rpos, _rand, 16);
667 while (count < max_chal && (g = get_gsm_triplet(imsi))) {
668 if (strcmp(g->imsi, imsi) != 0)
673 rpos += wpa_snprintf_hex(rpos, rend - rpos, g->kc, 8);
676 rpos += wpa_snprintf_hex(rpos, rend - rpos, g->sres, 4);
679 rpos += wpa_snprintf_hex(rpos, rend - rpos, g->_rand, 16);
684 printf("No GSM triplets found for %s\n", imsi);
685 ret = snprintf(rpos, rend - rpos, " FAILURE");
686 if (ret < 0 || ret >= rend - rpos)
695 static void inc_sqn(u8 *sqn)
700 * SQN = SEQ | IND = SEQ1 | SEQ2 | IND
702 * The mechanism used here is not time-based, so SEQ2 is void and
703 * SQN = SEQ1 | IND. The length of IND is ind_len bits and the length
704 * of SEQ1 is 48 - ind_len bits.
707 /* Increment both SEQ and IND by one */
708 val = ((u64) WPA_GET_BE32(sqn) << 16) | ((u64) WPA_GET_BE16(sqn + 4));
709 seq = (val >> ind_len) + 1;
710 ind = (val + 1) & ((1 << ind_len) - 1);
711 val = (seq << ind_len) | ind;
712 WPA_PUT_BE32(sqn, val >> 16);
713 WPA_PUT_BE16(sqn + 4, val & 0xffff);
717 static int aka_req_auth(char *imsi, char *resp, size_t resp_len)
719 /* AKA-RESP-AUTH <IMSI> <RAND> <AUTN> <IK> <CK> <RES> */
721 u8 _rand[EAP_AKA_RAND_LEN];
722 u8 autn[EAP_AKA_AUTN_LEN];
723 u8 ik[EAP_AKA_IK_LEN];
724 u8 ck[EAP_AKA_CK_LEN];
725 u8 res[EAP_AKA_RES_MAX_LEN];
728 struct milenage_parameters *m;
731 m = get_milenage(imsi);
733 if (random_get_bytes(_rand, EAP_AKA_RAND_LEN) < 0)
735 res_len = EAP_AKA_RES_MAX_LEN;
738 db_update_milenage_sqn(m);
739 #endif /* CONFIG_SQLITE */
742 printf("AKA: Milenage with SQN=%02x%02x%02x%02x%02x%02x\n",
743 m->sqn[0], m->sqn[1], m->sqn[2],
744 m->sqn[3], m->sqn[4], m->sqn[5]);
746 milenage_generate(m->opc, m->amf, m->ki, m->sqn, _rand,
747 autn, ik, ck, res, &res_len);
749 printf("Unknown IMSI: %s\n", imsi);
750 #ifdef AKA_USE_FIXED_TEST_VALUES
751 printf("Using fixed test values for AKA\n");
752 memset(_rand, '0', EAP_AKA_RAND_LEN);
753 memset(autn, '1', EAP_AKA_AUTN_LEN);
754 memset(ik, '3', EAP_AKA_IK_LEN);
755 memset(ck, '4', EAP_AKA_CK_LEN);
756 memset(res, '2', EAP_AKA_RES_MAX_LEN);
757 res_len = EAP_AKA_RES_MAX_LEN;
758 #else /* AKA_USE_FIXED_TEST_VALUES */
760 #endif /* AKA_USE_FIXED_TEST_VALUES */
764 end = resp + resp_len;
765 ret = snprintf(pos, end - pos, "AKA-RESP-AUTH %s ", imsi);
766 if (ret < 0 || ret >= end - pos)
770 ret = snprintf(pos, end - pos, "FAILURE");
771 if (ret < 0 || ret >= end - pos)
776 pos += wpa_snprintf_hex(pos, end - pos, _rand, EAP_AKA_RAND_LEN);
778 pos += wpa_snprintf_hex(pos, end - pos, autn, EAP_AKA_AUTN_LEN);
780 pos += wpa_snprintf_hex(pos, end - pos, ik, EAP_AKA_IK_LEN);
782 pos += wpa_snprintf_hex(pos, end - pos, ck, EAP_AKA_CK_LEN);
784 pos += wpa_snprintf_hex(pos, end - pos, res, res_len);
790 static int aka_auts(char *imsi, char *resp, size_t resp_len)
793 u8 _auts[EAP_AKA_AUTS_LEN], _rand[EAP_AKA_RAND_LEN], sqn[6];
794 struct milenage_parameters *m;
798 /* AKA-AUTS <IMSI> <AUTS> <RAND> */
800 auts = strchr(imsi, ' ');
805 __rand = strchr(auts, ' ');
811 printf("AKA-AUTS: IMSI=%s AUTS=%s RAND=%s\n",
814 if (hexstr2bin(auts, _auts, EAP_AKA_AUTS_LEN) ||
815 hexstr2bin(__rand, _rand, EAP_AKA_RAND_LEN)) {
816 printf("Could not parse AUTS/RAND\n");
820 m = get_milenage(imsi);
822 printf("Unknown IMSI: %s\n", imsi);
826 if (milenage_auts(m->opc, m->ki, _rand, _auts, sqn)) {
827 printf("AKA-AUTS: Incorrect MAC-S\n");
829 memcpy(m->sqn, sqn, 6);
831 printf("AKA-AUTS: Re-synchronized: "
832 "SQN=%02x%02x%02x%02x%02x%02x\n",
833 sqn[0], sqn[1], sqn[2], sqn[3], sqn[4], sqn[5]);
836 db_update_milenage_sqn(m);
837 #endif /* CONFIG_SQLITE */
845 static int process_cmd(char *cmd, char *resp, size_t resp_len)
847 if (os_strncmp(cmd, "SIM-REQ-AUTH ", 13) == 0)
848 return sim_req_auth(cmd + 13, resp, resp_len);
850 if (os_strncmp(cmd, "AKA-REQ-AUTH ", 13) == 0)
851 return aka_req_auth(cmd + 13, resp, resp_len);
853 if (os_strncmp(cmd, "AKA-AUTS ", 9) == 0)
854 return aka_auts(cmd + 9, resp, resp_len);
856 printf("Unknown request: %s\n", cmd);
861 static int process(int s)
863 char buf[1000], resp[1000];
864 struct sockaddr_un from;
868 fromlen = sizeof(from);
869 res = recvfrom(s, buf, sizeof(buf), 0, (struct sockaddr *) &from,
879 if ((size_t) res >= sizeof(buf))
880 res = sizeof(buf) - 1;
883 printf("Received: %s\n", buf);
885 if (process_cmd(buf, resp, sizeof(resp)) < 0) {
886 printf("Failed to process request\n");
890 if (resp[0] == '\0') {
891 printf("No response\n");
895 printf("Send: %s\n", resp);
897 if (sendto(s, resp, os_strlen(resp), 0, (struct sockaddr *) &from,
905 static void cleanup(void)
907 struct gsm_triplet *g, *gprev;
908 struct milenage_parameters *m, *prev;
910 if (update_milenage && milenage_file && sqn_changes)
911 update_milenage_file(milenage_file);
934 sqlite3_close(sqlite_db);
937 #endif /* CONFIG_SQLITE */
941 static void handle_term(int sig)
943 printf("Signal %d - terminate\n", sig);
948 static void usage(void)
950 printf("HLR/AuC testing gateway for hostapd EAP-SIM/AKA "
951 "database/authenticator\n"
952 "Copyright (c) 2005-2007, 2012-2013, Jouni Malinen <j@w1.fi>\n"
955 "hlr_auc_gw [-hu] [-s<socket path>] [-g<triplet file>] "
956 "[-m<milenage file>] \\\n"
957 " [-D<DB file>] [-i<IND len in bits>] [command]\n"
960 " -h = show this usage help\n"
961 " -u = update SQN in Milenage file on exit\n"
962 " -s<socket path> = path for UNIX domain socket\n"
964 " -g<triplet file> = path for GSM authentication triplets\n"
965 " -m<milenage file> = path for Milenage keys\n"
966 " -D<DB file> = path to SQLite database\n"
967 " -i<IND len in bits> = IND length for SQN (default: 5)\n"
969 "If the optional command argument, like "
970 "\"AKA-REQ-AUTH <IMSI>\" is used, a single\n"
971 "command is processed with response sent to stdout. Otherwise, "
973 "a control interface and processes commands sent through it "
974 "(e.g., by EAP server\n"
976 default_socket_path);
980 int main(int argc, char *argv[])
983 char *gsm_triplet_file = NULL;
984 char *sqlite_db_file = NULL;
987 if (os_program_init())
990 socket_path = default_socket_path;
993 c = getopt(argc, argv, "D:g:hi:m:s:u");
999 sqlite_db_file = optarg;
1001 #else /* CONFIG_SQLITE */
1002 printf("No SQLite support included in the build\n");
1004 #endif /* CONFIG_SQLITE */
1006 gsm_triplet_file = optarg;
1012 ind_len = atoi(optarg);
1013 if (ind_len < 0 || ind_len > 32) {
1014 printf("Invalid IND length\n");
1019 milenage_file = optarg;
1022 socket_path = optarg;
1025 update_milenage = 1;
1033 if (!gsm_triplet_file && !milenage_file && !sqlite_db_file) {
1038 #ifdef CONFIG_SQLITE
1039 if (sqlite_db_file && (sqlite_db = db_open(sqlite_db_file)) == NULL)
1041 #endif /* CONFIG_SQLITE */
1043 if (gsm_triplet_file && read_gsm_triplets(gsm_triplet_file) < 0)
1046 if (milenage_file && read_milenage(milenage_file) < 0)
1049 if (optind == argc) {
1050 serv_sock = open_socket(socket_path);
1054 printf("Listening for requests on %s\n", socket_path);
1057 signal(SIGTERM, handle_term);
1058 signal(SIGINT, handle_term);
1066 if (process_cmd(argv[optind], buf, sizeof(buf)) < 0) {
1070 printf("%s\n", buf);
1075 #ifdef CONFIG_SQLITE
1077 sqlite3_close(sqlite_db);
1080 #endif /* CONFIG_SQLITE */
1082 os_program_deinit();