EAP-SIM with sim card?

Jouni Malinen j at w1.fi
Thu Oct 9 10:15:31 EDT 2008


On Thu, Oct 09, 2008 at 12:37:56PM +0200, Zoltán Faigl wrote:

> I am trying to test the IKEv2 daemon from IKEv2 project with EAP
> authentication methods. This daemon uses a wpa supplicant compiled as a
> library, i.e., there is a Makefile that the developper of ikev2 provides .
> This makefile must be used to compile the libsupplicant library from
> wpasupplicant-0.4.x. Then this library is used during the configuration and
> compilation of ikev2.

This would be easier with wpa_supplicant 0.6.x which comes with an
example Makefile on how to build a library from the EAP peer
implementation.. Anyway, I would expect that 0.4.x can be made to work,
too, with some changes.

> I bought an omnikey cardman 3121 reader that supports PC/SC, and I have two
> GSM test sim cards, which support COMP 128 V1, COMP 128 V2 gsm
> authentication.

> Now, if I change the triplet from the hardcoded one to non-hardcoded one on
> radius side, e.g. I modify the first byte of RAND values to not to be the
> expected one, then I would like to see, that the supplicant looks into my
> simcard, and calls the rungsm algorithm, and gets back diffrent Kc and RES
> values
> 
> However this does not happen, and I don't know where is the problem. How to
> test easily, that the supplicant library can see my SIM card, and call the
> run gsm algorithm?

Did you build EAP-SIM code with PC/SC support? It looks like the
Makefile used in the IKEv2 project does not support this. Please take a
look at wpa_supplicant Makefile and CONFIG_PCSC option (you will need to
add -DPCSC_FUNCS to CFLAGS and link in pcsc_funcs.o and add -lpcsclite
to get the library in, too).

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list