Table of Contents Table of contents: Radiator® AAA Server Installing Radiator SIM Module 2 - Installing Radiator SIM Module Configuring Radiator SIM Module 4 - Configuring Radiator SIM Module

3. Testing Radiator SIM Module

This section describes the test scenarios for Radiator SIM Module and how to compile eapol_test for testing different EAP protocols without the actual infrastructure.

3.1. Compiling eapol_test

eapol_test is a part of wpa_supplicant suite Opens in new window. It is a tool for testing Radiator EAP-SIM, EAP-AKA, and EAP-AKA' protocols. You can configure it to act as a supplicant to generate RADIUS requests which are sent directly to the RADIUS server. With eapol_test, you can test the system without the hardware client, supplicant, and wireless access point.
Note
The eapol_test configuration .config file is in directory wpa_supplicant/. After creating or updating it, always rerun make eapol_test because the eapol_test target is not a part of the default make target.

Enabling SIM method

EAP-SIM is not enabled by default. If you try to test it when it is disabled, the following error occurs: 
Line 19: unknown EAP method 'SIM'
You may need to add support for this EAP method during wpa_supplicant build time configuration.
See README for more information.
To enable EAP-SIM, add CONFIG_EAP_SIM to .config file and re-compile:
echo CONFIG_EAP_SIM=y >> .config
make eapol_test

Enabling Milenage SIM emulator for EAP-SIM

To be able to use format password="Ki:OPc" in eapol_test .config file, eapol_test must be compiled with the internal GSM-Milenage implementation. If it is not compiled, the authentication process gives the following error message:
EAP-SIM: 3 challenges
EAP-SIM: GSM authentication algorithm
EAP-SIM: No GSM authentication algorithm enabled
EAP-SIM: GSM authentication failed
To compile the eapol_test with the internal GSM-Milenage implementation:
echo CONFIG_SIM_SIMULATOR=y >> .config
make eapol_test

Enabling AKA methods and USIM simulator

EAP-AKA and EAP-AKA' require similar configuration than EAP-SIM. For EAP-AKA and EAP-AKA' the Milenage parameters are defined in format password="Ki:OPc:SQN" in eapol_test .config file.
To enable the AKA methods and USIM (Universal Subscriber Identity Module) simulator: 
echo CONFIG_EAP_AKA=y >> .config
echo CONFIG_EAP_AKA_PRIME=y >> .config
echo CONFIG_USIM_SIMULATOR=y >> .config
make eapol_test

3.2. Testing EAP-SIM, EAP-AKA and EAP-AKA' with a known Milenage SIM/3G/LTE SIM card

About this task

This scenario shows how to test EAP-SIM, EAP-AKA and EAP-AKA' functionality when the SIM card has the Milenage key algorithm and its secret keys are known.

Before you begin

You need a SIM card for which you know the embedded Milenage keys. You also need eapol_test or Wi-Fi client device with that supports one of the SIM based EAP methods.

Procedure

To execute the test:
  1. Copy the sample card data file /opt/radiator/radiator-sim/goodies/simcards.dat in a directory writable by Radiator process. Radiator will update the file in the directory: 
    sudo mkdir /etc/radiator/simcards
sudo cp /opt/radiator/radiator-sim/goodies/simcards.dat /etc/radiator/simcards/
sudo chown radiator:radiator /etc/radiator/simcards/
  2. Copy Radiator SWx/Cx/Wx (HSS) Diameter server configuration file /opt/radiator/radiator-sim/goodies/wxmap.cfg to /etc/radiator/radiator-wxmap.conf
  3. Verify that the card data file path in /etc/radiator/radiator-wxmap.conf is set up correctly. 
    3GPPCardDatabaseFilename %D/simcards/simcards.dat
  4. Run the Radiator SWx/Cx/Wx server and verify from log file in /var/log/radiator/ that the server has started correctly. 
    sudo systemctl start radiator@wxmap
  5. Copy Radiator EAP-SIM server configuration file /opt/radiator/radiator-sim/goodies/eap_sim_wx.cfg to /etc/radiator/radiator-eapsim.conf
  6. Run the Radiator EAP-SIM server and verify from log file in /var/log/radiator/ that the server has started correctly. 
    sudo systemctl start radiator@eapsim
  7. To verify configuration, run eapol_test with a configuration that simulates the card. The values in sim-simulator.conf match values in simcards.dat.
    eapol_test -p 1645 -s mysecret -c
    /opt/radiator/radiator-sim/goodies/sim-simulator.conf
  8. To test with Wi-Fi device, first add Milenage key data of one or more cards to the card data file. Use the following format. See the file for examples:
    IMSI (International mobile subscriber identity):Ki (Authentication key):OPc (Operator Code):AMF (Authentication Management Field):SQN (Sequence Number)
  9. Then insert the test SIM card to the EAP-SIM Wi-Fi device and configure your Wi-Fi access point or controller to use Radiator as the authentication server. See, and possibly set, <Client DEFAULT> in radiator-eapsim.conf for the shared secret value. The secret defaults to mysecret. Configure the Wi-Fi client device to use EAP-SIM and follow the authentication in the Radiator log file.
  10. For TMSI (Temporary Mobile Subscriber Identity) or Fast Re-Authentication support, enable UseTMSI and UseReauthentication flags in the Radiator EAP server configuration file.
  11. To test EAP-AKA, use /opt/radiator/radiator-sim/goodies/eap_aka_wx.cfg and /opt/radiator/radiator-sim/goodies/aka-simulator.conf for Radiator and eapol_test, respectively. EAP-AKA' files are named eap_aka_prime_wx.cfg and aka-prime-simulator.conf

3.3. Testing EAP-SIM with an unknown SIM card and canned triplets

About this task

This test scenario tests EAP-SIM functionality when the SIM card's secret keys are not known. This does not work for EAP-AKA or EAP-AKA'. The SIM triplets are generated by the SIM card and added to a triplet file. Radiator SWx/Cx/Wx Diameter server is configured to use the triplet file for authentication.

Before you begin

You need the following accessories and softwares for this test scenario:

Procedure

To execute the test, set up Radiator EAP-SIM configuration as described in Section 3.2. Testing EAP-SIM, EAP-AKA and EAP-AKA' with a known Milenage SIM/3G/LTE SIM card. Then generate triplets and configure Radiator HSS to use the newly generated triplets.
  1. Generate triplets with the test GSM SIM card and add them to the triplets file. Use the correct PIN. 
    cd /opt/radiator/radiator-sim/
./goodies/gettriplets -pin 1234 >>/path/to/triplets.dat
  2. Specify the triplets file path in /etc/radiator/radiator-wxmap.conf file. Ensure that Radiator process can access and read the file. Comment out 3GPPCardDatabaseFile parameter. 
    TripletsFile /path/to/triplets.dat
# 3GPPCardDatabaseFilename %D/simcards/simcards.dat
  3. Run the Radiator SWx/Cx/Wx (HSS) Diameter server. Verify from log file in /var/log/radiator/ that the server has started correctly. 
    sudo systemctl restart radiator@wxmap
  4. Verify that Radiator EAP-SIM server is runningEAP. Verify from log file in /var/log/radiator/ that the server has started correctly. 
    sudo systemctl restart radiator@eapsim
  5. Test with your EAP-SIM Wi-Fi device. Follow the authentication in the Radiator log file.
  6. For TMSI or Fast Re-Authentication support, enable UseTMSI and UseReauthentication flags in the Radiator EAP server configuration file.
Table of Contents Table of contents: Radiator® AAA Server Installing Radiator SIM Module 2 - Installing Radiator SIM Module Configuring Radiator SIM Module 4 - Configuring Radiator SIM Module