Radiator SIM Support revision history

Revision 2.0 (2016-06-16)
  • Added Radiator SIM module reference manual in doc directory
  • Added Radiator 3GPP AAA Server module files in Radiator SIM Support distribution
  • See 3gpp-aaa-server.cfg in goodies directory for a configuration sample
  • Added Radiator 3GPP AAA Server reference manual in doc directory
  • Requires Radiator 4.14 or later and Radiator Carrier module for 3GPP AAA Server functionality
Revision 1.47 (2016-05-16)
  • Removed unneeded column TMSI from SIMUSER table in eap-sim-mysql.sql. Clarified some of the comments in eap-sim-mysql.sql
    Updated all configuration samples to use radius_sim database.
  • AuthAKA now deletes the re-authentication context only when MaxReauthentications limit is reached. The call is now done correctly with re-authentication id instead of IMSI.
    Updated the DeleteReauthQuery in AKA sample configuration files to use SQL delete instead of update.
  • Removed obsolete files from goodies. Removed obsolete AuthSIMOPERATOR.pm
  • Updated the sample configuration files in goodies to work without SQL database by default. UseTMSI and UseReauthentiation is now disabled in the configuration samples. SQL is still needed when UseTMSI or UseReauthentication is enabled
  • Unified and improved error checks, error handling and logging in AuthBy SIM and AuthBy AKA. Error messages are now more clear about failure reasons.
  • Auth SIMSQL and AKASQL now call finish for the SQL handle only when there were results
  • Requires Radiator 4.14 or later
Revision 1.46 (2016-03-16)
  • EAP-Request/AKA-Identity can now be skipped if the application that uses AKA, for example Diameter SWm, wishes to do so.
  • Logging enhancements. The current request object is now passed to more log() calls.
  • Corrected Visted-Network-Identifier flags to M in the SWx dictionary
  • Requires Radiator 4.14 or later
Revision 1.45 (2016-02-24)
  • LocalAddress and LocalPort are now available for configuring SIGTRAN PeerSP clauses. These allow binding the SIGTRAN connections to explicit source IP address and port.
  • Significant updates to the SWx dictionary. Added SIP-Number-Auth-Items in the Wx dictionary
  • Added new configuration parameters SCTPPeer and PeerGlobalTitleHook for SIGTRAN support.
    PeerGlobalTitleHook can be used to derive peer's GT, for example, from IMSI. SCTPPeer allows defining multiple SCTP peer addresses the PeerSP should try when initiating a connection to the peer.
    Added goodies/sigtran-peer-gt-hook.pl for PeerGlobalTitleHook example.
  • Added examples of SCTPPeer, LocalAddress and LocalPort in eap_aka_map.cfg and eap_sim_map.cfg in goodies.
  • Some errors in authentication that possibly caused the client to time out are now more clearly rejected.
  • Updated the README file to include SIGTRAN and the current prerequisites
  • Requires Radiator 4.14 or later
Revision 1.44 (2015-04-10)
  • Added support for EAP-SIM and EAP-AKA authentication with MAP M3UA/SIGTRAN
  • Warnings about EAP SIM and AKA Success notification are now suppressed. Notifications with code "Success" are normal and expected when Radiator has been configured with UseResultInd flag parameter
  • Updated the MySQL schema eap-sim-mysql.sql in goodies. Changes make the SQL tables easier to use with other SQL servers. The char() types were changed to varchar(). Updated the configuration examples to use radius_sim as the database name
  • Updated AuthAKATEST to support the current 3GPPAuthcentre API
  • Requires Radiator 4.14
Revision 1.43 (2014-08-15)
  • Added support in AuthBy SIMWX for converting AKA quintets to GSM triplets. Radiator can now support EAP-SIM when the HSS supports only Diameter SWx. AKA quintets received over Diamter Wx can also be converted. The conversion function is the 3GPP TS 55.205 SRES Derivation Function #1 and its use is enabled with ConvertAKAVectors configuration parameter flag.
  • Added confguration parameters LocalAddress and LocalPort for setting the local IP address and port for TCP and SCTP. These parameters are available for AuthBy SIMWX and AuthBy AKAWX.
  • Tested EAP-SIM with Nokia Windows Phone 8.1 update developer preview
  • Requires Radiator 4.13
Revision 1.42 (2014-04-16)
  • Added dictionaries for Wx and SWx. The Wx and SWx attribute names now match the names 3GPP specifications use
  • ServerWXMAP now advertises Vendor-Auth-Application-Ids Wx and SWx
  • Tested EAP-SIM with Nokia Windows Phone 8.1 developer preview
  • Requires Radiator 4.13
Revision 1.41 (2014-03-24)
  • EAP-SIM, EAP-AKA and EAP-AKA' no longer use EAP-Response/Identity for establishing the peer identity. Identity is always requested with AT_IDENTITY when EAP authentication starts.
  • Improved how EAP-SIM, EAP-AKA and EAP-AKA' request the peer identity when the identity provided by the peer was not recognised by Radiator.
  • Fast Re-Authentication MaxReauthentications parameter now correctly works with EAP-AKA and EAP-AKA'.
  • ReauthenticationRealm parameter now supports %0 which is replaced with the SIM or AKA identity realm part. Special % formats based on the current request $p are also supported.
  • 3GPPAuthCentre now supports variable IND length for the AKA authentication vectors. Configurable via ServerWXMAP parameter IndLength which defaults to 5. SQN is incremented using 3GPP TS 33.102 Annex C.3.2 profile 2.
  • 3GPPAuthCentre now sets the AMF separation bit only when quints are requested over Diameter SWx. The AMF bit is never cleared. This partly reverts the change in 1.40.
  • 3GPPAuthCentre now increments SQN only once for each request
  • ServerWXMAP does not send any Auth- or Acct-Application-Id attributes by default. Supported-Vendor-Id 10415 (3GPP) is advertised by default.
  • Improved logging in 3GPPAuthCentre
  • Corrected some log messages in AuthAKAWX.pm
  • Clarified the configuration examples eap_sim_wx.cfg eap_aka_wx.cfg, eap_aka_prime_wx.cfg and wxmap.cfg in goodies.
  • Tested EAP-AKA with Android 4.1 and 4.2, IOS 7.1, Nokia Symbian S60 v3.0 and v3.1.
  • Tested EAP-SIM with the above and Nokia Windows Phone 8 and Nokia Symbian S80 v2.0.
  • Requires Radiator 4.12 or 4.12.1
Revision 1.40 (2014-03-07)
  • Fixed a bug in AKA and AKA' attribute parsing exposed by Apple IOS.
  • EAP-SIM now logs a warning if the number of returned triplets does not match the requested number. This can happen if HLR/Auc or HSS configuration is incorrect.
  • Auth AKAWX now transforms CK and IK to CK' and IK' when quints were fetched over Diameter Wx. No transformation is done or required when Diameter SWx is used.
  • ServerWXMAP now mandates the presence of ANID attribute when Diameter SWx is used.
  • 3GPP Authentication Centre now sets the AMF separation bit and returns CK' and IK' when quints are requested for AKA'. The AMF separation bit is otherwise cleared when quints are returned.
  • ServerWXMAP requests CK' and IK' from the 3GPP Authentication Centre when MAR was received over Diameter SWx.
  • Added ReauthenticationRealm example in eap_aka_wx.cfg and eap_aka_prime_wx.cfg in goodies directory.
  • Added MaxReauthentications example in eap_sim_wx.cfg.
Revision 1.39 (2013-12-17)
  • Improved Destination-Host and Destination-Realm handling.
  • OriginHost, OriginRealm, DestinationHost and DestinationRealm configuration options now support special characters.
Revision 1.38 (2013-12-11)
  • WxClient and AuthAKAWX were updated to work with Diameter SWx specification 3GPP TS 29.273. WxClient should now comply with all SWx versions and Wx versions 6.4.0 and later, 7, 8, 9, 10 and 11.
  • AuthAKAWX supports new configuration parameter Interface for choosing Wx or SWx.
  • AKAPrimeNetworkName configuration parameter now defaults to 'WLAN'.
  • ServerWXMAP was updated to work with both Wx and SWx.
  • Requires Radiator 4.12 or later.
  • Updated white paper for SWx interface.
Revision 1.37 (2013-09-30)
  • WxClient was tested and updated to work with HSS supporting 3GPP specification 29.234 version 7.7.0 Release 7. WxClient should now comply with versions 6.4.0 and later, 7, 8, 9, 10 and 11.
  • Requires Radiator 4.12 or later.
  • Updated white paper to cover different scenarios for communicating with 4G/LTE HSS services, 3G/2G HLR/AuC services and MAP gateways.
  • Updated white paper to cover accounting and billing over Diameter.
Revision 1.36 (2013-04-26)
  • AuthBy AKA and AKA-PRIME ReauthenticationRealm was missing from the list of configurable parameters.
  • AuthBy AKA and AKA-PRIME now support AuthorisedHook configuration parameter.
  • Updated example SIM config files to reflect the fact that some smartphones require NumTriplets to be 3.
  • Added some notes to README about acquiring and configuring eapol_test.
Revision 1.35 (2012-10-23)
  • Added support for Ulticom DSC Diameter-MAP gateway (http://www.ulticom.com/products-dsc/), and support for using it with EAP-SIM, EAP-AKA and EAP-AKA-PRIME. Can now authenticate both SIM and AKA to any operator's HLR and AuC via SS7 or Sigtran. See Ulticom for product detials and pricing.
  • Requires Radiator 4.10 plus latest patches or later.
  • Updated white paper.
  • Added Wx Diameter MAP gateway simulator and sample configuration file, which can be used for testing SIM and AKA. Can also be used to authenticate privately issued SIM and uSIM cards for SIM and AKA.
  • Added example WPA Supplicant eapol_test configuration files that can be used to test WPA Supplicant against Radiator and the Wx Diameter MAP gateway simulator.
  • Reinstated use of Digest::SHA1 in FIPS.pm. Now need both Digest::SHA and Digest::SHA1 installed.
  • Updated AKA and AKA-PRIME support in AuthBy AKATEST to the test card database has jsut the IMSO and not the 0 or 6 prefix.
  • Some minor changes to the internal API for AuthBy AKA.
  • Added support for 2G GSM triplets to 3GPPAuthCentre. Can now generate both SIM triplets and AKA quints from Milenage card details in the card database file.
  • Changed the name of the sample aka_db card data file to simcards.dat.
  • Deleted support for Cisco and SGSA MAP gateways, which have been discontinued by their vendors.
Revision 1.34 (2012-06-15)
  • Removed use of Digest::SHA1, replaced with Digest::SHA,which is now included with all perls. Digest::SHA is now an absolute prerequisite.
  • Updated sgsasim.pl and sgsatest.pl to use Getopt::Long
  • Fixed a problem in sgsatest.pl that could cause a crash with "Can't call method "format_ctime" on unblessed reference..."
Revision 1.33 (2012-06-01)
  • Updated gettriplets to use Getopt::Long.
  • Added support for UseReauthentication to enable fast reauthentication in EAP-AKA and EAP-AKA-PRIME.
  • Added support for UseTMSI to enable fast pseudonyms in EAP-AKA and EAP-AKA-PRIME.
Revision 1.32 (2011-09-12)
  • Added support for AKA-PRIME as per RFC 5448. Requires Radiator 4.8 and latest patches or later. Added new sample eap_aka_prime_test.cfg
Revision 1.31 (2011-06-08)
  • Added missing finish() calls to AuthBy SIMSQL.
  • TestClient option in AuthBy SIM now delivers 3 triplets as required by newer eapol_test.
  • Fixed potential memory leaks in AuthBy SIM when UseReauthentication was not in use.
  • Fixed a problem where EAP-AKA authentication could fail if an EAP Response/Identitiy is not received as the first request in a conversation.
Revision 1.30 (2009-10-27)
  • AuthBy SIM AuthorisedHook now passes $result and $reason, allowing the hook to change the result of the authentication. REquested by Sam Lin.
Revision 1.29 (2009-08-25)
  • AuthBy SIMSQL and subclasses now supports bind parameters for the SQL queries SaveTripletsQuery, SaveTMSIQuery, SaveReauthQuery, UpdateReauthQuery and DeleteReauthQuery using SaveTripletsQueryParam, SaveTMSIQueryParam, SaveReauthQueryParam, UpdateReauthQueryParam and DeleteReauthQueryParam respectively.
Revision 1.28 (2009-08-21)
  • AuthBy SIMSQL and subclasses now supports bind parameters for the SQL queries GetTripletsQuery, GetTMSIQuery and GetReauthQuery, using GetTripletsQueryParam, GetTMSIQueryParam and GetReauthQueryParam respectively.
Revision 1.27 (2009-08-20)
  • Fixed a crash in goodies/sgsasim.pl.
  • AuthBy SIMSGSA now supports ConnectOnDemand. Caution: this flag will cause connect() to block until it either succeeds or fails. This can hae an impact on performance if there are network problems between Radiator and hte SGSA server. Caution: Requires Radiator 4.4 and patch set 1.1086 or later.
  • AuthBy SIM and subclasses now support special characters in NumTriplets and ReauthenticationRealm. Requested by Sam Lin.
  • AuthBy SIMSGSA now support special characters in SGSN and SGSNAddress. Requested by Sam Lin.
Revision 1.26 (2009-08-07)
  • Fixed a problem with EAP-SIM where some SIM clients that append a realm to a pseudonym would not be authenticatied correctly when attempting to authenticate with the pseudonym. Reported by CHIROSSEL, Olivier.
Revision 1.25 (2009-07-27)
  • Fixed a problem with compatibility with some EAP-SIM and EAP-AKA clients when protected success indications are used.
Revision 1.24 (2009-06-29)
  • AuthBy SIM and subclasses is now compliant with RFC4186. Support for optional protected success indications as per RFC4186 added for both authentication and reauthentication.
  • AuthBy AKA and subclasses is now compliant with RFC4187 (reauthentication is not yet supported). Support for optional protected success indications as per RFC4187 added for authentication.
  • Improved and extended AT_MAC checking for AuthBy SIM as per RFC4186.
  • Improved and extended AT_MAC checking for AuthBy AKA as per RFC4187.
  • Testing against wpa_supplicant 0.6.9 (Caution: there is a bug in protected AKA in wpa_supplicant 0.6.9 that prevents protected results working correctly. A patch to fix this has been submitted to the author of wpa_supplicant.).
Revision 1.23 (2008-11-26)
  • Improvements to AuthBy AKATEST. The USIM card database now contains the OPc and AMF fields for each card, rather than them being configured for all cards in the AuthBy AKATEST clause. This permits easier testing against multiple cards with different Operator Codes. The format of the aka_db file is ow the same as that used in hlr_auc_gw.milenage_db in hostapd.
Revision 1.22 (2008-11-11)
  • In Auth AKATEST, can now specify the USIM Operator Code in its encrypted form (this is sometimes the case with some USIM test cards) by setting the 3GPPOperatorCodeEncrypted flag.
Revision 1.21 (2008-11-07)
  • Fixed a problem with AKA when the AKA identity had a trailing @xxxx decoration, resulting in incorrect master key. Reported by Jouni Malinen.
Revision 1.20 (2008-10-22)
  • AuthBy AKATEST now implements internal authentication of 3G USIM cards which use the Milenage algorithm, and for which you know the secret code.
  • Fixed a problem with encryption of Cisco ITP MAP data.
Revision 1.19 (2008-06-16)
  • Improvements to behaviour of mapUpdateLocation to be compatible with Cisco ITP support modules (available as separate download for qualified Cisco ITP customers).
Revision 1.18 (2008-01-15)
  • Updated to be compatible with Radiator 4.0. Requires Radiator 4.0 or later. Added documentation to ConfigKeywords, added activate() functions.
  • Fixed a error in computing the length of AT_RES when ResLengthInBytes is not set. Reported by Klaus Warnke.
Revision 1.17 (2006-12-04)
  • AuthBy AKA is now compliant with RFC 4187, but with an optional flag to comply with earlier draft RFC.
  • AuthBy AKA now implements Synchronisation-Failure correctly. Fixed problems with encoding of AT_AUTS, AT_RES. Sample implementation of operator-specific AuthBy AKATEST, which talks to a simple 3GPP Authentication Centre. Tested against Juniper Odyssey 4.52.0.2843 and wpa_supplicant 0.4.9.
Revision 1.16 (2006-05-15)
  • Fixed a problem in sgsasim.pl that could cause a crash with an undefined init_sock when used with recent versions of Radiator (due to changes in the Radius::Stream API). Reported by Manuel Kasper.
Revision 1.15 (2005-10-03)
  • Improved operation in the case where both UseReauthentication and UseTMSI are enabled and an unrecognised TMSI is offered by the client. Reported by Jan Zorz.
Revision 1.14 (2005-09-08)
  • Compatibility with Radiator 3.13 patch set of 2005-09-01.
Revision 1.13 (2005-08-12)
  • Testing with Funk Odyssey 4.01 client and EAP-SIM. OK.
  • Testing with Funk Odyssey 4.01 client and EAP-AKA. Not fully working.
  • Further work on EAP-AKA, against draft-arkko-pppext-eap-aka-15.txt, Funk Odyssey 4.01 client and EAP-AKA
  • AuthSIMSGSA.pm was accidentally left out of the distribution.
Revision 1.12 (2005-03-22)
Improved compatibility with AEGIS EAP-SIM client
  • Fixed a problem where an AT_IDENTITY in the Start might not be correctly interpreted if the EAP Identity did not match it. Reported by Dmitry Teleganov.
  • Cleaned up sim_get_reauth_context, removed sim_get_reauth_context_reauth_response. sim_get_reauth_context now returns the same args list as sim_get_reauth_context_reauth_response so the subclass can choose what to do. GetReauthQuery must now return REAUTH_ID fetched from databaseas second field and GetReauthQueryEAP is no longer required (goodies/eap_simoperator.cfg and goodies/eap_simsgsa.cfg updated to reflect this). This gives the subclass the opportunity to do wierd things with reauth_ids in the database.
  • All functions in AuthSIMSQL now get $p passed, so subclasses can customisations can use attributes from the current request.
  • Improved compatibility with Meetinghouse Haverinen 16 EAP-SIM client.
Revision 1.11 (2005-03-17)
Support for PT SGSA MAP Gateway
  • Testing on Windows. Made prebuilt Windows PPM binaries for Chipcard-PCSC and Crypt-Rijndael, available at http://www.open.com.au/radiator/free-downloads.
  • Fixed a problem in SimCard.pm that could cause a crash during card disconnection in gettriplets etc when running on Windows.
  • Initial versions of SGSA interface code, SGSA simulator and SGSA test client, for interoperation with Performance Technologies SGSA MAP gateway (www.pt.com)
  • Fixed a number of issues with Meetinghouse AEGIS EAP-SIM client. Reported by Dmitry Teleganov.
Revision 1.10 (2004-10-05)
Haverinen 13 compatibility
  • Extensive testing with XSupplicant and hostap, courtesy Jouni Malinen.
  • Fixed a problem introduced in 1.9 to do with decoding AT_SELECTED_VERSION. Reported by Jouni Malinen.
  • Fixed errors in documentation of the order of fields in the triplets file. Reported by Jouni Malinen.
  • Fixed some interop problems with AKA and xsupplicant. Patch provided by Jouni Malinen.
  • Added support for Client-Error as required by Haverinen 13.
  • Added support for Notification as required by Haverinen 13. SIM Notification is now sent for all error conditions when using SIM version 1. SIM Version 0 either REJECTs or IGNOREs, depending on the setting of NoSilientDeny.
  • Improved support for fast re-authentication after COUNTER_TOO_SMALL.
  • Added missing example GetReauthQueryEAP to sample eap_simoperator.cfg. Reported by Jouni Malinen.
  • Caution: Due to changes in the behaviour of MySQL 4, the suggested table structure for the example SIMOPERATOR has changed. MySQL 4 has changed the behaviour of the 'replace' query in a way that is incompatible with earlier versions. Previously 'replace' would not alter columns that were not explicitly mentioned in the query. This has resulted in the previous sample TMSI and Reauthentication 'replace' queries not working as required. The example table structure for SIMOPERATOR is now one table for pseudonyms and one for reauthentication data. See new example MySQL tables in goodies/eap-sim-mysql.sql
Revision 1.9 (2004-09-01)
  • Fixed a problem where EAP requests were not correctly ignored.
  • Fixed a problem in SIM and AKA attribute decoding where an empty variable length attribute could be unpacked incorrectly.
  • Fixes for compatibility with the xsupplicant AKA client, with much assistance from Chris Hessing. Partial Arkko version 12 compatibility.
Revision 1.8 (2004-03-27)
  • Fixed incorrect documentation of the order of KC, SRES, RAND in triplet usage. Reported by Neil Schonwald.
  • New Config parameter implemented NoSilentDeny - if set the Server sends REJECT instead of IGNORE. Contributed by Martin Noha.
  • MaxReauthentication implemented (configparameter works). Contributed by Martin Noha.
  • Error in request GPRS Update corrected. It was called during re-Authentication but not during full Authentication. Contributed by Martin Noha.
  • Improvements to AuthSIMOPERATOR, if the MAP gateways returns other than an Access-Accept, the clients request is rejected. Contributed by Martin Noha.
Revision 1.7 (2003-10-21)
Improved reauthentication support, Minor fixes
  • New attributes in dictionary.sim.
  • Removed debugging in reauthentication code.
  • Fixed some typos in AuthAKA.pm after initial testing by Chris Hessing.
  • Testing of reauthentication with several different clients by Noha.
Revision 1.6 (2003-10-03)
Improved reauthentication support, Minor fixes
  • EAP Request/SIM/Challenge contained incorrect attributes if reauthentication was enabled. AT_COUNTER and AT_NONCE were incorrectly included.
  • Fixed an error in the calculation of the length of AT_PADDING.
  • Fixed an error in README about how to test the MAP simulator with the example saved triplets. IMSI was wrong.
  • Fixed a problem where a client with no version number was accepted, even if the SupportVersions list did not include version 0.
  • Added ReauthenticationRealm to AuthBy SIM. ReauthenticationRealm will be appended to the reauthentication ID. It may be used to ensure Radius routing gets the reauthentication request back to this server. Defaults to empty string.
  • Improvements to Haverinen 11 reauthentication, including changes to API for sim_get_reauth_context, sim_save_reauth_context and sim_update_reauth_context, plus new columns in example SQL table for SIMOPERATOR.
  • TMSI and reauthenticaiotn IDs reduced to 16 hex characters due to problems in clients caused by ids with 32 hex characters.
  • AuthSIMOPERATOR and example mysql tables adjusted to store master key to enable calculation of new MPPE keys during reauthentication.
  • Fixed problem with MPPE keys during reauthentications.
  • Added DeleteReauthQuery and reauth context deletion code, to support incorrect counters etc.
  • Added some more attributes for GSM to dictionary.sim.
Revision 1.5 (2003-08-28)
Improvements to MAP gateway simulator
  • Fixed a problem where AT_ANY_ID_REQ was not correctly defined.
  • SIM card access rooutines moved to Radius/SimCard.pm for easy access and reuse
  • AuthBy SIM $context->{imsi} now has the leading 1 stripped from it, which is the real IMSI, as defined by the GSM operators.
  • AuthBy MAP gateway can now read saved triplets from a data file. New script goodies/getttriplets can read triplets from a SIM card and save them in such a triplets data file. This means that you can now test the EAP-SIM module without needing duplicate cards. You only need to save some triplets from any GSM SIM card to a data file, then the same card can be used in an EAP-SIM client. AuthBy MAP can still read from a locally connected SIM card if triplets are not found in the data file.
  • Added goodies/README file
Revision 1.4 (2003-08-21)
Minor fixes.
  • Added support for SupportVersions parameter, which allows you to control which client versions to support. Defaults to all the versions the software can support.
  • Fixed an error in the Actual Version List Length part of the AT_VERSION_LIST parameter.
  • Fix so that an identitiy that does not look like either an IMSI or TMSI will result in an AT_ANY_ID_REQ. By default, IMSIs are expected to be 16 digits, starting with a 1 with an optional realm.
Revision 1.3 (2003-08-08)
Beta testing, Haverinen 11 compliance, new features, performance improvements etc
  • Added GSM-TMSI to dictionary.sim
  • SIM and AKA both now use Digest::HMAC_SHA1 to implement hmac_sha1_128. New prerequesite is Digest-HMAC-1.01 (in order to get access to Digest::HMAC_SHA1). Results in performance improvement.
  • A number of subclassable functions in AuthSIM and AuthSIMOPERATOR had there names changed to prefix 'sim_', in order to allow future coexistence and compatibility with AKA.
  • The majority of the SIM identity response code was moved from EAP_18.pm to AuthSIM.pm for easier understanding and subclassing.
  • AT_VERSION of 1 is now taken to be Haverinen draft 11. Compatibility with latest Secartis client.
  • Multiple changes to AuthSIMOPERATOR and the names of the functions required to be overridden.
  • Added support for AT_CHECKCODE to EAP-SIM per Haverinen 11. Requires patches of 2003-08-06 or later for Radiator 3.6.
  • Added support for Reauthentication to EAP-SIM per Haverinen 11 (beta testing).
  • Added support for Pseudonyms to EAP-SIM per Haverinen 11 (beta testing).
  • Added new table SIMUSER to sampleSQL file
Revision 1.2 (2003-06-06)
External alpha testing
  • FIPS algorithm moved to separate file FIPS.pm for sharing
  • Added early version of EAP-AKA support for client development purposes, including goodies/eap_aka.cfg Radius/EAP_23.pm Radius/AuthAKA.pm
  • Added support for AuthorisedHook to AuthBy SIM. Useful for adding interesting things to the final Access-Accept, and other operator specific final cleanup things.
Revision 1.1 (2003-06-06)
External alpha testing
  • Top level operator specific module example renamed to AuthSIMOPERATOR.pm. Similar changes for eap_simoperator.cfg etc.
  • Added eap-sim-whitepaper.pdf, history.html etc.
  • Testing with Cisco ACU version 1.1 EAP-SIM on XP (requires Cisco patch from ftp://ftpeng.cisco.com/ftp/pwlan/eapsim/CiscoEapSimV5.zip, including end-to-end tsting with the MAP simulator and 2 identical GSM SIM cards.
  • AuthMAP.pm now uses latest version of pcsc-lite (1.1.1) and pcsc-perl (1.2.2). Caution: AuthMAP.pm is now incompatible with earlier versions of pcsc-perl.
Revision 1.0 (2003-01-23)
Initial version external evaluation)