What is needed to support EAP-AKA with HS20?
Wed Mar 5 09:11:14 PST 2014
On 03/04/2014 01:38 PM, Jouni Malinen wrote:
> On Tue, Mar 04, 2014 at 12:24:32PM -0800, Ben Greear wrote:
>> Would this be the pertinent example?
>> # imsi="310026-000000000"
>> # milenage="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82"
> Not really. I was talking about the AP side configuration. You would
> need to have anqp_3gpp_cell_net in hostapd.conf to match the SIM/USIM on
> the station side. The function you referred to in wpa_supplicant was for
> a case where NAI Realm list is used to select the network while SIM/USIM
> would use this 3GPP Cellular Network information. Obviously you do also
> need to configure the station side with a suitable SIM/USIM credential,
> e.g., with that cred block here if you are doing this for testing
> purposes without a real SIM/USIM, but that's a separate point.
>> And if so, in the example conf, there is this:
>> # milenage: Milenage parameters for SIM/USIM simulator in <Ki>:<OPc>:<SQN>
>> # format
>> Looks like we don't really care about SQN when configuring a 'cred' section?
> EAP-AKA and EAP-AKA' do care about the SQN.
Ok...I have documented how I got all this working using our product to
configure things. I also included the various conf files that our tool
creates, so maybe it will be useful to others trying to set up and test
EAP-AKA and/or HS20.
I think maybe a few conf file options are only supported by patches that we
carry in our hostapd tree and have not gotten upstream yet. Should be able to
safely comment those out, or can use my hostapd code tree:
If anyone has suggestions for improving the info on the EAP-AKA page, please
let me know.
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Hostap