hlr_auc_gw.txt 2.9 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
  1. HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator
  2. hlr_auc_gw is an example implementation of the EAP-SIM/AKA/AKA'
  3. database/authentication gateway interface to HLR/AuC. It could be
  4. replaced with an implementation of SS7 gateway to GSM/UMTS
  5. authentication center (HLR/AuC). hostapd will send SIM/AKA
  6. authentication queries over a UNIX domain socket to and external
  7. program, e.g., hlr_auc_gw.
  8. hlr_auc_gw can be configured with GSM and UMTS authentication data with
  9. text files: GSM triplet file (see hostapd.sim_db) and Milenage file (see
  10. hlr_auc_gw.milenage_db). Milenage parameters can be used to generate
  11. dynamic authentication data for EAP-SIM, EAP-AKA, and EAP-AKA' while the
  12. GSM triplet data is used for a more static configuration (e.g., triplets
  13. extracted from a SIM card).
  14. Alternatively, hlr_auc_gw can be built with support for an SQLite
  15. database for more dynamic operations. This is enabled by adding
  16. "CONFIG_SQLITE=y" into hostapd/.config before building hlr_auc_gw ("make
  17. clean; make hlr_auc_gw" in this directory).
  18. hostapd is configured to use hlr_auc_gw with the eap_sim_db parameter in
  19. hostapd.conf (e.g., "eap_sim_db=unix:/tmp/hlr_auc_gw.sock"). hlr_auc_gw
  20. is configured with command line parameters:
  21. hlr_auc_gw [-hu] [-s<socket path>] [-g<triplet file>] [-m<milenage file>] \
  22. [-D<DB file>] [-i<IND len in bits>]
  23. options:
  24. -h = show this usage help
  25. -u = update SQN in Milenage file on exit
  26. -s<socket path> = path for UNIX domain socket
  27. (default: /tmp/hlr_auc_gw.sock)
  28. -g<triplet file> = path for GSM authentication triplets
  29. -m<milenage file> = path for Milenage keys
  30. -D<DB file> = path to SQLite database
  31. -i<IND len in bits> = IND length for SQN (default: 5)
  32. The SQLite database can be initialized with sqlite, e.g., by running
  33. following commands in "sqlite3 /path/to/hlr_auc_gw.db":
  34. CREATE TABLE milenage(
  35. imsi INTEGER PRIMARY KEY NOT NULL,
  36. ki CHAR(32) NOT NULL,
  37. opc CHAR(32) NOT NULL,
  38. amf CHAR(4) NOT NULL,
  39. sqn CHAR(12) NOT NULL
  40. );
  41. INSERT INTO milenage(imsi,ki,opc,amf,sqn) VALUES(
  42. 232010000000000,
  43. '90dca4eda45b53cf0f12d7c9c3bc6a89',
  44. 'cb9cccc4b9258e6dca4760379fb82581',
  45. '61df',
  46. '000000000000'
  47. );
  48. INSERT INTO milenage(imsi,ki,opc,amf,sqn) VALUES(
  49. 555444333222111,
  50. '5122250214c33e723a5dd523fc145fc0',
  51. '981d464c7c52eb6e5036234984ad0bcf',
  52. 'c3ab',
  53. '16f3b3f70fc1'
  54. );
  55. "hlr_auc_gw -D /path/to/hlr_auc_gw.db" can then be used to fetch
  56. Milenage parameters based on IMSI from the database. The database can be
  57. updated dynamically while hlr_auc_gw is running to add/remove/modify
  58. entries.
  59. Example configuration files for hostapd to operate as a RADIUS
  60. authentication server for EAP-SIM/AKA/AKA':
  61. hostapd.conf:
  62. driver=none
  63. radius_server_clients=hostapd.radius_clients
  64. eap_server=1
  65. eap_user_file=hostapd.eap_user
  66. eap_sim_db=unix:/tmp/hlr_auc_gw.sock
  67. eap_sim_aka_result_ind=1
  68. hostapd.radius_clients:
  69. 0.0.0.0/0 radius
  70. hostapd.eap_user:
  71. "0"* AKA
  72. "1"* SIM
  73. "2"* AKA
  74. "3"* SIM
  75. "4"* AKA
  76. "5"* SIM
  77. "6"* AKA'
  78. "7"* AKA'
  79. "8"* AKA'