#include "eap_config.h"
#include "pcsc_funcs.h"
#include "eap_common/eap_sim_common.h"
+#ifdef CONFIG_SIM_SIMULATOR
+#include "hlr_auc_gw/milenage.h"
+#endif /* CONFIG_SIM_SIMULATOR */
struct eap_sim_data {
static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
{
+ struct eap_peer_config *conf;
+
wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
-#ifdef PCSC_FUNCS
- if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
- data->sres[0], data->kc[0]) ||
- scard_gsm_auth(sm->scard_ctx, data->rand[1],
- data->sres[1], data->kc[1]) ||
- (data->num_chal > 2 &&
- scard_gsm_auth(sm->scard_ctx, data->rand[2],
- data->sres[2], data->kc[2]))) {
- wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM authentication could "
- "not be completed");
+
+ conf = eap_get_config(sm);
+ if (conf == NULL)
return -1;
+ if (conf->pcsc) {
+ if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
+ data->sres[0], data->kc[0]) ||
+ scard_gsm_auth(sm->scard_ctx, data->rand[1],
+ data->sres[1], data->kc[1]) ||
+ (data->num_chal > 2 &&
+ scard_gsm_auth(sm->scard_ctx, data->rand[2],
+ data->sres[2], data->kc[2]))) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM "
+ "authentication could not be completed");
+ return -1;
+ }
+ return 0;
+ }
+
+#ifdef CONFIG_SIM_SIMULATOR
+ if (conf->password) {
+ u8 opc[16], k[16];
+ const char *pos;
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Use internal GSM-Milenage "
+ "implementation for authentication");
+ if (conf->password_len < 65) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: invalid GSM-Milenage "
+ "password");
+ return -1;
+ }
+ pos = (const char *) conf->password;
+ if (hexstr2bin(pos, k, 16))
+ return -1;
+ pos += 32;
+ if (*pos != ':')
+ return -1;
+ pos++;
+
+ if (hexstr2bin(pos, opc, 16))
+ return -1;
+
+ if (gsm_milenage(opc, k, data->rand[0],
+ data->sres[0], data->kc[0]) ||
+ gsm_milenage(opc, k, data->rand[1],
+ data->sres[1], data->kc[1]) ||
+ (data->num_chal > 2 &&
+ gsm_milenage(opc, k, data->rand[2],
+ data->sres[2], data->kc[2]))) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: GSM-Milenage "
+ "authentication could not be completed");
+ return -1;
+ }
+ return 0;
}
-#else /* PCSC_FUNCS */
+#endif /* CONFIG_SIM_SIMULATOR */
+
+#ifdef CONFIG_SIM_HARDCODED
/* These hardcoded Kc and SRES values are used for testing. RAND to
* KC/SREC mapping is very bogus as far as real authentication is
* concerned, but it is quite useful for cases where the AS is rotating
* the order of pre-configured values. */
{
size_t i;
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Use hardcoded Kc and SRES "
+ "values for testing");
+
for (i = 0; i < data->num_chal; i++) {
if (data->rand[i][0] == 0xaa) {
os_memcpy(data->kc[i],
}
}
}
-#endif /* PCSC_FUNCS */
+
return 0;
+
+#else /* CONFIG_SIM_HARDCODED */
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: No GSM authentication algorithm "
+ "enabled");
+ return -1;
+
+#endif /* CONFIG_SIM_HARDCODED */
}
projects / mech_eap.git / blobdiff