1 HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator 2 3 hlr_auc_gw is an example implementation of the EAP-SIM/AKA/AKA' 4 database/authentication gateway interface to HLR/AuC. It could be 5 replaced with an implementation of SS7 gateway to GSM/UMTS 6 authentication center (HLR/AuC). hostapd will send SIM/AKA 7 authentication queries over a UNIX domain socket to and external 8 program, e.g., hlr_auc_gw. 9 10 hlr_auc_gw can be configured with GSM and UMTS authentication data with 11 text files: GSM triplet file (see hostapd.sim_db) and Milenage file (see 12 hlr_auc_gw.milenage_db). Milenage parameters can be used to generate 13 dynamic authentication data for EAP-SIM, EAP-AKA, and EAP-AKA' while the 14 GSM triplet data is used for a more static configuration (e.g., triplets 15 extracted from a SIM card). 16 17 Alternatively, hlr_auc_gw can be built with support for an SQLite 18 database for more dynamic operations. This is enabled by adding 19 "CONFIG_SQLITE=y" into hostapd/.config before building hlr_auc_gw ("make 20 clean; make hlr_auc_gw" in this directory). 21 22 hostapd is configured to use hlr_auc_gw with the eap_sim_db parameter in 23 hostapd.conf (e.g., "eap_sim_db=unix:/tmp/hlr_auc_gw.sock"). hlr_auc_gw 24 is configured with command line parameters: 25 26 hlr_auc_gw [-hu] [-s<socket path>] [-g<triplet file>] [-m<milenage file>] \ 27 [-D<DB file>] [-i<IND len in bits>] 28 29 options: 30 -h = show this usage help 31 -u = update SQN in Milenage file on exit 32 -s<socket path> = path for UNIX domain socket 33 (default: /tmp/hlr_auc_gw.sock) 34 -g<triplet file> = path for GSM authentication triplets 35 -m<milenage file> = path for Milenage keys 36 -D<DB file> = path to SQLite database 37 -i<IND len in bits> = IND length for SQN (default: 5) 38 39 40 The SQLite database can be initialized with sqlite, e.g., by running 41 following commands in "sqlite3 /path/to/hlr_auc_gw.db": 42 43 CREATE TABLE milenage( 44 imsi INTEGER PRIMARY KEY NOT NULL, 45 ki CHAR(32) NOT NULL, 46 opc CHAR(32) NOT NULL, 47 amf CHAR(4) NOT NULL, 48 sqn CHAR(12) NOT NULL 49 ); 50 INSERT INTO milenage(imsi,ki,opc,amf,sqn) VALUES( 51 232010000000000, 52 '90dca4eda45b53cf0f12d7c9c3bc6a89', 53 'cb9cccc4b9258e6dca4760379fb82581', 54 '61df', 55 '000000000000' 56 ); 57 INSERT INTO milenage(imsi,ki,opc,amf,sqn) VALUES( 58 555444333222111, 59 '5122250214c33e723a5dd523fc145fc0', 60 '981d464c7c52eb6e5036234984ad0bcf', 61 'c3ab', 62 '16f3b3f70fc1' 63 ); 64 65 66 hostapd (EAP server) can also be configured to store the EAP-SIM/AKA 67 pseudonyms and reauth information into a SQLite database. This is 68 configured with the db parameter within the eap_sim_db configuration 69 option. 70 71 72 "hlr_auc_gw -D /path/to/hlr_auc_gw.db" can then be used to fetch 73 Milenage parameters based on IMSI from the database. The database can be 74 updated dynamically while hlr_auc_gw is running to add/remove/modify 75 entries. 76 77 78 Example configuration files for hostapd to operate as a RADIUS 79 authentication server for EAP-SIM/AKA/AKA': 80 81 hostapd.conf: 82 83 driver=none 84 radius_server_clients=hostapd.radius_clients 85 eap_server=1 86 eap_user_file=hostapd.eap_user 87 eap_sim_db=unix:/tmp/hlr_auc_gw.sock db=/tmp/eap_sim.db 88 eap_sim_aka_result_ind=1 89 90 hostapd.radius_clients: 91 92 0.0.0.0/0 radius 93 94 hostapd.eap_user: 95 96 "0"* AKA 97 "1"* SIM 98 "2"* AKA 99 "3"* SIM 100 "4"* AKA 101 "5"* SIM 102 "6"* AKA' 103 "7"* AKA' 104 "8"* AKA' 105
