Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_external_wpa_supplicant_8 / bd916f819ff0cc1e76d36c54b59fd81f4ee76175 / . / hostapd / hlr_auc_gw.txt
blob: 097bbce36297d3774a32965aac1c71db20dc41f7 [file] [log] [blame]
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]1HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator
2
3hlr_auc_gw is an example implementation of the EAP-SIM/AKA/AKA'
4database/authentication gateway interface to HLR/AuC. It could be
5replaced with an implementation of SS7 gateway to GSM/UMTS
6authentication center (HLR/AuC). hostapd will send SIM/AKA
7authentication queries over a UNIX domain socket to and external
8program, e.g., hlr_auc_gw.
9
10hlr_auc_gw can be configured with GSM and UMTS authentication data with
11text files: GSM triplet file (see hostapd.sim_db) and Milenage file (see
12hlr_auc_gw.milenage_db). Milenage parameters can be used to generate
13dynamic authentication data for EAP-SIM, EAP-AKA, and EAP-AKA' while the
14GSM triplet data is used for a more static configuration (e.g., triplets
15extracted from a SIM card).
16
17Alternatively, hlr_auc_gw can be built with support for an SQLite
18database for more dynamic operations. This is enabled by adding
19"CONFIG_SQLITE=y" into hostapd/.config before building hlr_auc_gw ("make
20clean; make hlr_auc_gw" in this directory).
21
22hostapd is configured to use hlr_auc_gw with the eap_sim_db parameter in
23hostapd.conf (e.g., "eap_sim_db=unix:/tmp/hlr_auc_gw.sock"). hlr_auc_gw
24is configured with command line parameters:
25
26hlr_auc_gw [-hu] [-s<socket path>] [-g<triplet file>] [-m<milenage file>] \
27 [-D<DB file>] [-i<IND len in bits>]
28
29options:
30 -h = show this usage help
31 -u = update SQN in Milenage file on exit
32 -s<socket path> = path for UNIX domain socket
33 (default: /tmp/hlr_auc_gw.sock)
34 -g<triplet file> = path for GSM authentication triplets
35 -m<milenage file> = path for Milenage keys
36 -D<DB file> = path to SQLite database
37 -i<IND len in bits> = IND length for SQN (default: 5)
38
39
40The SQLite database can be initialized with sqlite, e.g., by running
41following commands in "sqlite3 /path/to/hlr_auc_gw.db":
42
43CREATE TABLE milenage(
44 imsi INTEGER PRIMARY KEY NOT NULL,
45 ki CHAR(32) NOT NULL,
46 opc CHAR(32) NOT NULL,
47 amf CHAR(4) NOT NULL,
48 sqn CHAR(12) NOT NULL
49);
50INSERT INTO milenage(imsi,ki,opc,amf,sqn) VALUES(
51 232010000000000,
52 '90dca4eda45b53cf0f12d7c9c3bc6a89',
53 'cb9cccc4b9258e6dca4760379fb82581',
54 '61df',
55 '000000000000'
56);
57INSERT INTO milenage(imsi,ki,opc,amf,sqn) VALUES(
58 555444333222111,
59 '5122250214c33e723a5dd523fc145fc0',
60 '981d464c7c52eb6e5036234984ad0bcf',
61 'c3ab',
62 '16f3b3f70fc1'
63);
64
65
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]66hostapd (EAP server) can also be configured to store the EAP-SIM/AKA
67pseudonyms and reauth information into a SQLite database. This is
68configured with the db parameter within the eap_sim_db configuration
69option.
70
71
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]72"hlr_auc_gw -D /path/to/hlr_auc_gw.db" can then be used to fetch
73Milenage parameters based on IMSI from the database. The database can be
74updated dynamically while hlr_auc_gw is running to add/remove/modify
75entries.
76
77
78Example configuration files for hostapd to operate as a RADIUS
79authentication server for EAP-SIM/AKA/AKA':
80
81hostapd.conf:
82
83driver=none
84radius_server_clients=hostapd.radius_clients
85eap_server=1
86eap_user_file=hostapd.eap_user
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]87eap_sim_db=unix:/tmp/hlr_auc_gw.sock db=/tmp/eap_sim.db
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]88eap_sim_aka_result_ind=1
89
90hostapd.radius_clients:
91
920.0.0.0/0 radius
93
94hostapd.eap_user:
95
96"0"* AKA
97"1"* SIM
98"2"* AKA
99"3"* SIM
100"4"* AKA
101"5"* SIM
102"6"* AKA'
103"7"* AKA'
104"8"* AKA'