[strongSwan] About migrating the milenage of 3GPP and the USIM card API

kenxin lau liuqixing2005 at gmail.com
Sun Apr 29 02:53:44 CEST 2012 

I have solved the problem ,that is not a bug!

2012/4/24 kenxin lau <liuqixing2005 at gmail.com>

> About migrating the milenage of 3GPP and the USIM card API
>
> hi,
> I want to migrate the milenage of 3GPP to the strongswan,just as the
> software algorithm eap-aka-3gpp2 ,but I have
>
> two question about the migration :
>
> *Question 1 *: Can I add the milenage algoritm by modifying the USIM API
>  card_get_quintuplet( )   in the file
>
> simaka_manager.c ? Would it check wether there is one USIM as default ?
>
>
> *Question 2 *: Can I add the milenage algoritm by modifying the algorithm
> function in  eap-aka-3gpp2 ? I haved
>
> finished the migration  ,but when I tested it as client with the radius
> service ,AAA , it failed to work ,the radius
>
> service  and AAA had send "chanllge accept " to the client, but the client
>  report with   "unable to use EAP-SIM, missing
>
> algorithms". This is the ipsec.conf :
>
> *client :*
>
> ipsec.conf:
>
> ......
>  leftauth=eap
> leftid=123456 at strongswan.org
>  rightauth=eap
> rightid=@moon.stronswan.org
>  eap_identity=123456
> ......
>
> strongswan.conf:
>
>  charon {
>
> charon {
>   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation
> hmac xcbc stroke kernel-
>
> netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
> }
>  }
>
>
> *radius service*:
>
> ipsec.conf:
>
> ......
>  leftauth=eap-aka
> leftid=@moon.strongswan.org
>  rightauth=eap-radius
> rightid=*@strongswan.org
>
> ......
>
> strongswan.conf:
>
> charon {
>   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation
> hmac xcbc stroke kernel-netlink
>
> socket-default fips-prf eap-radius updown
>   plugins {
>     eap-radius {
>       secret = gv6URkSs
>       server = 10.1.0.10
>     }
>   }
> }
>
>
> *Question 3 *: I aslo will use a USIM card of 3GPP to achieve the EAP-AKA
> , would I need to  modify the code of
>
> strongswan  ? Or I just use the USIM API  card_get_quintuplet( ) in the
> file simaka_manager.c ? Is there any API which  I
>
> must use to connect to the USIM driver ?
>
>  Eagerly expecting your reply !
> Best wish!
>                                                                 kenxin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120429/ad0f3d35/attachment.html>

More information about the Users mailing list