[BUG] Wpa-supplicant EAP-SIM/AKA support - compile error

to enable wpa_supplicant with EAP-SIM and EAP-AKA I edited the file wpa_supplicant-full.config and set:
CONFIG_PCSC=y
CONFIG_EAP_AKA=y and CONFIG_EAP_SIM=y

hostapd compiling error:

make[4]: 'wpa_cli' is up to date.
  CC  ../src/utils/pcsc_funcs.c
../src/utils/pcsc_funcs.o: In function `scard_transmit':
pcsc_funcs.c:(.text.scard_transmit+0x22): undefined reference to `SCardTransmit'
pcsc_funcs.c:(.text.scard_transmit+0x44): undefined reference to `g_rgSCardT0Pci'
pcsc_funcs.c:(.text.scard_transmit+0x4c): undefined reference to `g_rgSCardT1Pci'
../src/utils/pcsc_funcs.o: In function `scard_deinit':
pcsc_funcs.c:(.text.scard_deinit+0xa): undefined reference to `SCardDisconnect'
pcsc_funcs.c:(.text.scard_deinit+0x14): undefined reference to `SCardReleaseContext'
../src/utils/pcsc_funcs.o: In function `scard_init':
pcsc_funcs.c:(.text.scard_init+0x22): undefined reference to `SCardEstablishContext'
pcsc_funcs.c:(.text.scard_init+0x34): undefined reference to `SCardListReaders'
pcsc_funcs.c:(.text.scard_init+0x52): undefined reference to `SCardListReaders'
pcsc_funcs.c:(.text.scard_init+0xe8): undefined reference to `SCardConnect'
pcsc_funcs.c:(.text.scard_init+0x106): undefined reference to `SCardBeginTransaction'
pcsc_funcs.c:(.text.scard_init+0x16c): undefined reference to `SCardEndTransaction'
pcsc_funcs.c:(.text.scard_init+0x354): undefined reference to `SCardEndTransaction'
collect2: error: ld returned 1 exit status
Makefile:1923: recipe for target 'wpa_supplicant' failed
make[4]: *** [wpa_supplicant] Error 1

Does anyone can help?

Seems you miss a header file or library to link against...

https://w1.fi/wpa_supplicant/devel/pcsc__funcs_8c.html
In this source file, i´m a bit confused about the include: #include <winscard.h>
Is this feature only available on windows???

I suppose there is a bug in the sources, can Nobody help?
I think the WPA EAP-SIM AKA is the future in WiFi scenario, does anyone want to help in implementing this feature in Openwrt?

You should consider to ask your question on the development mailing list...

http://lists.infradead.org/mailman/listinfo/hostap

Found on:
https://w1.fi/wpa_supplicant/

Hello,
I was trying to do the same thing (before I discovered this thread).
Same issue -

../src/utils/pcsc_funcs.c:17:10: fatal error: winscard.h: No such file or directory
#include <winscard.h>
^~~~~~~~~~~~
compilation terminated.

Did you manage to compile it?

Unfortunately not :unamused:

This needs pcsc-lite. hostapd needs to find the headers, the lib needs to be linked in and the dependency to the lib needs to be added.

This is quick-and_DIRTY (!!!) for wpad. It's so DIRTY it'd never get accepted in OpenWrt :wink:

 diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index d754f19857..5a8ff04894 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -213,6 +213,7 @@ define Package/wpad
 $(call Package/wpad/Default,$(1))
   TITLE+= (full)
   VARIANT:=wpad-full-internal
+  DEPENDS+=+libpcsclite
 endef
 
 define Package/wpad/description
@@ -438,6 +439,7 @@ define Build/Configure
 endef
 
 TARGET_CPPFLAGS := \
+	-I$(STAGING_DIR)/usr/include/PCSC \
 	-I$(STAGING_DIR)/usr/include/libnl-tiny \
 	-I$(PKG_BUILD_DIR)/src/crypto \
 	$(TARGET_CPPFLAGS) \
@@ -446,7 +448,7 @@ TARGET_CPPFLAGS := \
 	$(if $(CONFIG_WPA_MSG_MIN_PRIORITY),-DCONFIG_MSG_MIN_PRIORITY=$(CONFIG_WPA_MSG_MIN_PRIORITY))
 
 TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
-TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver -fuse-linker-plugin -lubox -lubus
+TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver -fuse-linker-plugin -lubox -lubus -lpcsclite
 
 ifdef CONFIG_PACKAGE_kmod-cfg80211
   TARGET_LDFLAGS += -lm -lnl-tiny
diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config
index 982f4d5534..4ae56d38b9 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-full.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-full.config
@@ -128,7 +128,7 @@ CONFIG_EAP_GTC=y
 CONFIG_EAP_OTP=y
 
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-#CONFIG_EAP_SIM=y
+CONFIG_EAP_SIM=y
 
 # Enable SIM simulator (Milenage) for EAP-SIM
 #CONFIG_SIM_SIMULATOR=y
@@ -146,7 +146,7 @@ CONFIG_EAP_OTP=y
 CONFIG_EAP_LEAP=y
 
 # EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA=y
 
 # EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
 # This requires CONFIG_EAP_AKA to be enabled, too.
@@ -195,7 +195,7 @@ CONFIG_SMARTCARD=y
 
 # PC/SC interface for smartcards (USIM, GSM SIM)
 # Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
+CONFIG_PCSC=y
 
 # Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
 CONFIG_HT_OVERRIDES=y
1 Like

Thanks, micmac1! It worked!
(I tried to add libpcslite as dependency before, but did not add -lpcsclite to linkers args)

Will deploy it to router and test if it works as expected soon!

Hello,

Sorry for revice this topic but I get same issue, I try to use a OpenWRT router as EAPSIM Client, I have tried the patch but it seem not working with last release.

@micmac1 do you get the patch working with last version ?

I never did :slight_smile: Because I don't use wpa_supplicant this way. @vk496 raised a pull request for this some days ago, though. Maybe this helps you.

I have a Turris router on which I would like to have EAP-SIM auth.

However even with the patch, I think hostapd requires comunicate with the card over PC/SC.

And this is done with OpenCT, for which there are not package available (right now).

A reference for what I'm talking about: https://ohnomoregadgets.wordpress.com/2013/08/28/free-wifi-with-eap-sim-on-a-desktop-computer/

In any case, adding EAP-SIM to hostapd implies a new dependencie for wpad/wpa_supplicant (libpcsclite), which is a critical package for OpenWrt architecture. I would like some feedback from some core developer, because maybe it could be more interesting a dedicated wpad/wpa_supplicant/hostapd package.

Br,
Valentin

Hello,

On my side with pcsc_scan I can see the card,

Do you patch with success the last version of OpenWRT with the patch ? on my side It fail

Hi,

You have a Turris? and in your side it detects the card with pcsc_scan?

I couldn't test the patch I sent, so not sure if it works. Since I can't play with my main router too much, I've ordered a 4€ usb SIM reader and will do all the tests with a VM and wifi dongle

Br

On my side I have do that with a SFR Neufbox 6, regarding the card reader I use this one https://www.amazon.fr/gp/product/B08D8RJ56J/

I have successfully try with a Intel NUC device and the card reader.

I can keep internet access, I just need some script for check and reconnect if needed.

The reference in your last post is good, I have used it for do my "box" but I am currently searching a solution for do that with OpenWRT