Added Milenage-GSM simulator for EAP-SIM

CONFIG_SIM_SIMULATOR=y in .config and password="Ki:OPc" in network config
to enable.

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index c89eddd..b0523eb 100644 (file)
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -19,6 +19,9 @@
 #include "eap_config.h"
 #include "pcsc_funcs.h"
 #include "eap_common/eap_sim_common.h"
+#ifdef CONFIG_SIM_SIMULATOR
+#include "hlr_auc_gw/milenage.h"
+#endif /* CONFIG_SIM_SIMULATOR */
 
 
 struct eap_sim_data {
@@ -142,26 +145,76 @@ static void eap_sim_deinit(struct eap_sm *sm, void *priv)
 
 static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
 {
+       struct eap_peer_config *conf;
+
        wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
-#ifdef PCSC_FUNCS
-       if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
-                          data->sres[0], data->kc[0]) ||
-           scard_gsm_auth(sm->scard_ctx, data->rand[1],
-                          data->sres[1], data->kc[1]) ||
-           (data->num_chal > 2 &&
-            scard_gsm_auth(sm->scard_ctx, data->rand[2],
-                           data->sres[2], data->kc[2]))) {
-               wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM authentication could "
-                          "not be completed");
+
+       conf = eap_get_config(sm);
+       if (conf == NULL)
                return -1;
+       if (conf->pcsc) {
+               if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
+                                  data->sres[0], data->kc[0]) ||
+                   scard_gsm_auth(sm->scard_ctx, data->rand[1],
+                                  data->sres[1], data->kc[1]) ||
+                   (data->num_chal > 2 &&
+                    scard_gsm_auth(sm->scard_ctx, data->rand[2],
+                                   data->sres[2], data->kc[2]))) {
+                       wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM "
+                                  "authentication could not be completed");
+                       return -1;
+               }
+               return 0;
+       }
+
+#ifdef CONFIG_SIM_SIMULATOR
+       if (conf->password) {
+               u8 opc[16], k[16];
+               const char *pos;
+               wpa_printf(MSG_DEBUG, "EAP-SIM: Use internal GSM-Milenage "
+                          "implementation for authentication");
+               if (conf->password_len < 65) {
+                       wpa_printf(MSG_DEBUG, "EAP-SIM: invalid GSM-Milenage "
+                                  "password");
+                       return -1;
+               }
+               pos = (const char *) conf->password;
+               if (hexstr2bin(pos, k, 16))
+                       return -1;
+               pos += 32;
+               if (*pos != ':')
+                       return -1;
+               pos++;
+
+               if (hexstr2bin(pos, opc, 16))
+                       return -1;
+
+               if (gsm_milenage(opc, k, data->rand[0],
+                                data->sres[0], data->kc[0]) ||
+                   gsm_milenage(opc, k, data->rand[1],
+                                data->sres[1], data->kc[1]) ||
+                   (data->num_chal > 2 &&
+                    gsm_milenage(opc, k, data->rand[2],
+                                 data->sres[2], data->kc[2]))) {
+                       wpa_printf(MSG_DEBUG, "EAP-SIM: GSM-Milenage "
+                                  "authentication could not be completed");
+                       return -1;
+               }
+               return 0;
        }
-#else /* PCSC_FUNCS */
+#endif /* CONFIG_SIM_SIMULATOR */
+
+#ifdef CONFIG_SIM_HARDCODED
        /* These hardcoded Kc and SRES values are used for testing. RAND to
         * KC/SREC mapping is very bogus as far as real authentication is
         * concerned, but it is quite useful for cases where the AS is rotating
         * the order of pre-configured values. */
        {
                size_t i;
+
+               wpa_printf(MSG_DEBUG, "EAP-SIM: Use hardcoded Kc and SRES "
+                          "values for testing");
+
                for (i = 0; i < data->num_chal; i++) {
                        if (data->rand[i][0] == 0xaa) {
                                os_memcpy(data->kc[i],
@@ -184,8 +237,16 @@ static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
                        }
                }
        }
-#endif /* PCSC_FUNCS */
+
        return 0;
+
+#else /* CONFIG_SIM_HARDCODED */
+
+       wpa_printf(MSG_DEBUG, "EAP-SIM: No GSM authentication algorithm "
+                  "enabled");
+       return -1;
+
+#endif /* CONFIG_SIM_HARDCODED */
 }
 
 

diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index 3917392..251e95a 100644 (file)
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -1,10 +1,10 @@
 ChangeLog for wpa_supplicant
 
 ????-??-?? - v0.6.6
-       * added Milenage USIM emulator for EAP-AKA (can be used to simulate
-         test USIM card with a known private key; enable with
-         CONFIG_USIM_SIMULATOR in .config and password="Ki:OPc:SQN" in
-         network configuration)
+       * added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA
+         (can be used to simulate test SIM/USIM card with a known private key;
+         enable with CONFIG_SIM_SIMULATOR=y/CONFIG_USIM_SIMULATOR=y in .config
+         and password="Ki:OPc"/password="Ki:OPc:SQN" in network configuration)
 
 2008-11-01 - v0.6.5
        * added support for SHA-256 as X.509 certificate digest when using the

diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index 79b3e13..badda34 100644 (file)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -578,8 +578,17 @@ LIBS += -lpcsclite -lpthread
 endif
 endif
 
+ifdef CONFIG_SIM_SIMULATOR
+CFLAGS += -DCONFIG_SIM_SIMULATOR
+NEED_MILENAGE=y
+endif
+
 ifdef CONFIG_USIM_SIMULATOR
 CFLAGS += -DCONFIG_USIM_SIMULATOR
+NEED_MILENAGE=y
+endif
+
+ifdef NEED_MILENAGE
 OBJS += ../src/hlr_auc_gw/milenage.o
 endif