MBIM interface for AKA authentication

Hi,

I brought a MC7455 and want to use the mbim interface for the authentication.

Now I meet a problem that it always responds ‘AuthIncorrectAuth’ when I execute the CID_AKA_AUTH.

Below are the printout on the openwrt with umbim:
sending (80): 03 00 00 00 50 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 1d 2b 5f f7 0a a1 48 b2 aa 52 50 f1 57 67 17 4e 01 00 00 00 00 00 00 00 20 00 00 00 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36
header_type: 0003
header_length: 0050
header_transaction: 0004
reading (48): 03 00 00 80 30 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 1d 2b 5f f7 0a a1 48 b2 aa 52 50 f1 57 67 17 4e 01 00 00 00 23 00 00 00 00 00 00 00
header_type: 80000003 -> command-done
header_length: 0030
header_transaction: 0004
Expected: 80000003, received: 80000003, matched.
Received cmd done
command_id: 0001 -> device-caps
status_code: 0023 -> AuthIncorrectAuth
buffer_length: 0000
sending (16): 02 00 00 00 10 00 00 00 05 00 00 00 01 00 00 00
header_type: 0002
header_length: 0010
header_transaction: 0005
reading (16): 02 00 00 80 10 00 00 00 05 00 00 00 00 00 00 00
header_type: 80000002 -> close-done
header_length: 0010
header_transaction: 0005

who can help on it or give some tips? thanks!

So you added some code to umbim to do this, but did not think that was important to mention when asking for free help? Or am I mssing somethng?

This cannot possibly be correct, so ‘AuthIncorrectAuth’ is the expected response. Looks like the modem works fine to me.

I believe the answer to that is: You. No one else has seen the code generating the request, so there isn’t really much anyone else can do, is there?

Hi,

Yes, I added some code to the umbim source code. The major purpose is to intergate the AKA_AUTH to our call flow. I want to simulate an LTE connection via software. The software uses EAP AKA for the authenciation. It works well with a software AKA library. Now I want to replace the soft aka library with the SIM card via MBIM. That’s why I tried the MC7455 with the MBIM interface. I believe the whole procedures works well, as I can make a connection to the LTE packet core via the soft aka library.

It is not easy to copy the whole source code here, I list some related cose as below:
//the request structure
struct mbim_auth_aka_q {
/* array type: byte-array /
uint8_t rand[MBIM_AUTH_RAND_LEN];
/
array type: byte-array */
uint8_t autn[MBIM_AUTH_RAND_LEN];
} attribute((packed));

//send the aka parameters to the mbim
//the __autn and __rand1 are retrieved from the AAA server
static int
mbim_aka_request(void)
{
struct mbim_auth_aka_q *rs =
(struct mbim_auth_aka_q *) mbim_setup_command_msg(basic_auth,
MBIM_MESSAGE_COMMAND_TYPE_QUERY, MBIM_CMD_AUTH_AKA,
sizeof(struct mbim_auth_aka_q));

if (__autn == NULL)
{
	printf ("Invalid autn\n");
	return -1;
}
memcpy(rs->autn, __autn, sizeof(rs->autn)); 

if (__rand1 == NULL)
{
	printf ("Invalid rand\n");
	return -1;
}
memcpy(rs->rand, __rand1, sizeof(rs->rand)); 

return mbim_send_command_msg();

}

The MBIM packet looks fine. The AutN value is wrong. The modem responds with the appropriate status code. This is all as expected AFAICS.

Hi,

Thanks for you response.

So from your point of view, the AKA works as expected. It must be a good begin for me :slight_smile:

Is there any mbim AKA samples? or do you have the AKA authention experiences on the mbim interface that can share with me? like how did you gerenated the right antn and what AKA identifier you used in you verification. Now I use a AAA server to retrieve the autn. The AAA server also serves for the LTE network. so I believe it can generate the right autn. I’m not sure what kind of AKA identifier was used between the AAA server and the SIM card.IMSI or APN?

Hi,

This seems like a standard thing to want to do, but I’m struggling to find a clear solution.

Now could anyone can tell me how CID_AKA_AUTH works via MBIM? does it need the SIM card to expose the AKA interface? and how to check it?

if the SIM card doesn’t support the AKA_AUTH, what code will returned via the MBIM?

Thanks!