EAP-SIM with sim card?

Zoltán Faigl zfaigl
Thu Oct 9 11:05:09 PDT 2008 

Hi!

>
> Did you build EAP-SIM code with PC/SC support? It looks like the
> Makefile used in the IKEv2 project does not support this. Please take a
> look at wpa_supplicant Makefile and CONFIG_PCSC option (you will need to
> add -DPCSC_FUNCS to CFLAGS and link in pcsc_funcs.o and add -lpcsclite
> to get the library in, too).
>
> --
> Jouni Malinen




I recompiled and installed libsupplicant library using these additions,
i.e.,

CFLAGS += -DPCSC_FUNCS -I/usr/include/PCSC
OBJS += pcsc_funcs.o
# -lpthread may not be needed depending on how pcsc-lite was configured
LIBS += -lpcsclite -lpthread

I built again ikev2 daemon, and I linked the new libsupplicant library.
First time the build was not successful, because it wrote the follwoing
errors:

gcc -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -Wall -g
-O2 -o ikev2 main.o message.o payload.o session.o sm.o message_msg.o
-pthread  -lsupplicant -L/usr/local/include/wpa/ ./.libs/libframework.a
-L/usr/local/lib -lfl /usr/lib/libgthread-2.0.so -lpthread -lrt /usr/lib/
libglib-2.0.so -lcrypto -lssl /usr/local/lib/libcurl.so /usr/lib/libidn.so
-lz
/usr/local/lib/libsupplicant.so: undefined reference to `SCardConnect'
/usr/local/lib/libsupplicant.so: undefined reference to `SCardTransmit'
/usr/local/lib/libsupplicant.so: undefined reference to
`SCardEstablishContext'
/usr/local/lib/libsupplicant.so: undefined reference to
`SCardReleaseContext'
/usr/local/lib/libsupplicant.so: undefined reference to `SCardDisconnect'
/usr/local/lib/libsupplicant.so: undefined reference to `SCardListReaders'
/usr/local/lib/libsupplicant.so: undefined reference to `g_rgSCardT0Pci'
/usr/local/lib/libsupplicant.so: undefined reference to `g_rgSCardT1Pci'
collect2: ld returned 1 exit status
make[1]: *** [ikev2] Error 1

So I added during the configuration of ikev2 daemon the following includes
and libraries:
CPPFLAGS+=-I/usr/include/PCSC  LDFLAGS+=-lpcsclite

Finally, the build was sucessful.

I tried out again the deamon with the following eap.conf:
network={
        #identity="1001011111111111 at example.org" //identity is not given
        key_mgmt=WPA-EAP
        eap=SIM
        pin="1111"
        pcsc=""
}

And the authentication was again unsuccessful, with the following cause:

1223571959.850 supplicant INFO - EAP-SIM: Identity not configured
1223571959.850 supplicant INFO - CTRL-REQ-IDENTITY-0:Identity needed for
SSID
1223571959.850 supplicant DEBUG - EAP: method process -> ignore=TRUE
methodState=INIT decision=FAIL
1223571959.850 supplicant TRACE - get_bool: 321: called get_bool for
variable EAPOL_eapRestart (0)
1223571959.850 supplicant TRACE - get_bool: 346: called get_bool for
variable EAPOL_portEnabled (1)
1223571959.850 supplicant DEBUG - EAP: EAP entering state DISCARD
1223571959.850 supplicant TRACE - set_bool: 407: called set_bool for
variable EAPOL_eapReq (0)
1223571959.850 supplicant TRACE - set_bool: 401: called set_bool for
variable EAPOL_eapNoResp (1)
1223571959.850 supplicant TRACE - get_bool: 321: called get_bool for
variable EAPOL_eapRestart (0)
1223571959.850 supplicant TRACE - get_bool: 346: called get_bool for
variable EAPOL_portEnabled (1)
1223571959.850 supplicant DEBUG - EAP: EAP entering state IDLE
1223571959.850 supplicant TRACE - get_bool: 321: called get_bool for
variable EAPOL_eapRestart (0)
1223571959.850 supplicant TRACE - get_bool: 346: called get_bool for
variable EAPOL_portEnabled (1)
1223571959.850 supplicant TRACE - get_bool: 341: called get_bool for
variable EAPOL_eapReq (0)
1223571959.850 supplicant TRACE - get_bool: 351: called get_bool for
variable EAPOL_altAccept (0)
1223571959.850 supplicant TRACE - get_int: 441: called get_int for variable
EAPOL_idleWhile (0)
1223571959.850 supplicant TRACE - get_bool: 356: called get_bool for
variable EAPOL_altReject (0)
1223571959.850 supplicant TRACE - get_int: 441: called get_int for variable
EAPOL_idleWhile (0)
1223571959.850 supplicant DEBUG - EAP: EAP entering state FAILURE
1223571959.850 supplicant TRACE - set_bool: 389: called set_bool for
variable EAPOL_eapFail (1)
1223571959.850 supplicant TRACE - set_bool: 407: called set_bool for
variable EAPOL_eapReq (0)
1223571959.850 supplicant TRACE - set_bool: 401: called set_bool for
variable EAPOL_eapNoResp (1)
1223571959.850 supplicant INFO - CTRL-EVENT-EAP-FAILURE EAP authentication
failed


I thought that it will work, but it is not the case. Do you know why?
Should an instance of wpa_supplicant run in order to catch that CTRL-EVENT?


Thank you for your help.
BR,
Zolt?n Faigl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20081009/3c0ae665/attachment.htm

More information about the Hostap mailing list