[strongSwan] About migrating the milenage of 3GPP and the USIM card API

kenxin lau liuqixing2005 at gmail.com
Mon Apr 23 18:28:33 CEST 2012 

About migrating the milenage of 3GPP and the USIM card API

hi,
I want to migrate the milenage of 3GPP to the strongswan,just as the
software algorithm eap-aka-3gpp2 ,but I have

two question about the migration :

*Question 1 *: Can I add the milenage algoritm by modifying the USIM API
 card_get_quintuplet( )   in the file

simaka_manager.c ? Would it check wether there is one USIM as default ?


*Question 2 *: Can I add the milenage algoritm by modifying the algorithm
function in  eap-aka-3gpp2 ? I haved

finished the migration  ,but when I tested it as client with the radius
service ,AAA , it failed to work ,the radius

service  and AAA had send "chanllge accept " to the client, but the client
 report with   "unable to use EAP-SIM, missing

algorithms". This is the ipsec.conf :

*client :*

ipsec.conf:

......
leftauth=eap
leftid=123456 at strongswan.org
rightauth=eap
rightid=@moon.stronswan.org
eap_identity=123456
......

strongswan.conf:

charon {

charon {
  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation
hmac xcbc stroke kernel-

netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
}


*radius service*:

ipsec.conf:

......
leftauth=eap-aka
leftid=@moon.strongswan.org
rightauth=eap-radius
rightid=*@strongswan.org

......

strongswan.conf:

charon {
  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation
hmac xcbc stroke kernel-netlink

socket-default fips-prf eap-radius updown
  plugins {
    eap-radius {
      secret = gv6URkSs
      server = 10.1.0.10
    }
  }
}


*Question 3 *: I aslo will use a USIM card of 3GPP to achieve the EAP-AKA ,
would I need to  modify the code of

strongswan  ? Or I just use the USIM API  card_get_quintuplet( ) in the
file simaka_manager.c ? Is there any API which  I

must use to connect to the USIM driver ?

Eagerly expecting your reply !
Best wish!
                                                                kenxin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120424/a3eda79c/attachment.html>

More information about the Users mailing list