[BUG] Wpa-supplicant EAP-SIM/AKA support - compile error

pilovis · October 19, 2019, 4:01pm

to enable wpa_supplicant with EAP-SIM and EAP-AKA I edited the file wpa_supplicant-full.config and set:
CONFIG_PCSC=y
CONFIG_EAP_AKA=y and CONFIG_EAP_SIM=y

hostapd compiling error:

make[4]: 'wpa_cli' is up to date.
  CC  ../src/utils/pcsc_funcs.c
../src/utils/pcsc_funcs.o: In function `scard_transmit':
pcsc_funcs.c:(.text.scard_transmit+0x22): undefined reference to `SCardTransmit'
pcsc_funcs.c:(.text.scard_transmit+0x44): undefined reference to `g_rgSCardT0Pci'
pcsc_funcs.c:(.text.scard_transmit+0x4c): undefined reference to `g_rgSCardT1Pci'
../src/utils/pcsc_funcs.o: In function `scard_deinit':
pcsc_funcs.c:(.text.scard_deinit+0xa): undefined reference to `SCardDisconnect'
pcsc_funcs.c:(.text.scard_deinit+0x14): undefined reference to `SCardReleaseContext'
../src/utils/pcsc_funcs.o: In function `scard_init':
pcsc_funcs.c:(.text.scard_init+0x22): undefined reference to `SCardEstablishContext'
pcsc_funcs.c:(.text.scard_init+0x34): undefined reference to `SCardListReaders'
pcsc_funcs.c:(.text.scard_init+0x52): undefined reference to `SCardListReaders'
pcsc_funcs.c:(.text.scard_init+0xe8): undefined reference to `SCardConnect'
pcsc_funcs.c:(.text.scard_init+0x106): undefined reference to `SCardBeginTransaction'
pcsc_funcs.c:(.text.scard_init+0x16c): undefined reference to `SCardEndTransaction'
pcsc_funcs.c:(.text.scard_init+0x354): undefined reference to `SCardEndTransaction'
collect2: error: ld returned 1 exit status
Makefile:1923: recipe for target 'wpa_supplicant' failed
make[4]: *** [wpa_supplicant] Error 1

Does anyone can help?

juppin · October 19, 2019, 5:22pm

Seems you miss a header file or library to link against...

https://w1.fi/wpa_supplicant/devel/pcsc__funcs_8c.html
In this source file, i´m a bit confused about the include: #include <winscard.h>
Is this feature only available on windows???

pilovis · December 5, 2019, 7:50am

I suppose there is a bug in the sources, can Nobody help?
I think the WPA EAP-SIM AKA is the future in WiFi scenario, does anyone want to help in implementing this feature in Openwrt?

juppin · December 5, 2019, 9:26pm

You should consider to ask your question on the development mailing list...

http://lists.infradead.org/mailman/listinfo/hostap

Found on:
https://w1.fi/wpa_supplicant/

mrstdn · June 21, 2020, 6:49am

Hello,
I was trying to do the same thing (before I discovered this thread).
Same issue -

../src/utils/pcsc_funcs.c:17:10: fatal error: winscard.h: No such file or directory
#include <winscard.h>
^~~~~~~~~~~~
compilation terminated.

Did you manage to compile it?

pilovis · June 21, 2020, 11:01am

Unfortunately not

micmac1 · June 21, 2020, 8:56pm

This needs pcsc-lite. hostapd needs to find the headers, the lib needs to be linked in and the dependency to the lib needs to be added.

This is quick-and_DIRTY (!!!) for wpad. It's so DIRTY it'd never get accepted in OpenWrt

 diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index d754f19857..5a8ff04894 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -213,6 +213,7 @@ define Package/wpad
 $(call Package/wpad/Default,$(1))
   TITLE+= (full)
   VARIANT:=wpad-full-internal
+  DEPENDS+=+libpcsclite
 endef
 
 define Package/wpad/description
@@ -438,6 +439,7 @@ define Build/Configure
 endef
 
 TARGET_CPPFLAGS := \
+	-I$(STAGING_DIR)/usr/include/PCSC \
 	-I$(STAGING_DIR)/usr/include/libnl-tiny \
 	-I$(PKG_BUILD_DIR)/src/crypto \
 	$(TARGET_CPPFLAGS) \
@@ -446,7 +448,7 @@ TARGET_CPPFLAGS := \
 	$(if $(CONFIG_WPA_MSG_MIN_PRIORITY),-DCONFIG_MSG_MIN_PRIORITY=$(CONFIG_WPA_MSG_MIN_PRIORITY))
 
 TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
-TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver -fuse-linker-plugin -lubox -lubus
+TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver -fuse-linker-plugin -lubox -lubus -lpcsclite
 
 ifdef CONFIG_PACKAGE_kmod-cfg80211
   TARGET_LDFLAGS += -lm -lnl-tiny
diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config
index 982f4d5534..4ae56d38b9 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-full.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-full.config
@@ -128,7 +128,7 @@ CONFIG_EAP_GTC=y
 CONFIG_EAP_OTP=y
 
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-#CONFIG_EAP_SIM=y
+CONFIG_EAP_SIM=y
 
 # Enable SIM simulator (Milenage) for EAP-SIM
 #CONFIG_SIM_SIMULATOR=y
@@ -146,7 +146,7 @@ CONFIG_EAP_OTP=y
 CONFIG_EAP_LEAP=y
 
 # EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA=y
 
 # EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
 # This requires CONFIG_EAP_AKA to be enabled, too.
@@ -195,7 +195,7 @@ CONFIG_SMARTCARD=y
 
 # PC/SC interface for smartcards (USIM, GSM SIM)
 # Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
+CONFIG_PCSC=y
 
 # Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
 CONFIG_HT_OVERRIDES=y

mrstdn · June 22, 2020, 4:25am

Thanks, micmac1! It worked!
(I tried to add libpcslite as dependency before, but did not add -lpcsclite to linkers args)

Will deploy it to router and test if it works as expected soon!

guifort · July 15, 2021, 11:17am

Hello,

Sorry for revice this topic but I get same issue, I try to use a OpenWRT router as EAPSIM Client, I have tried the patch but it seem not working with last release.

@micmac1 do you get the patch working with last version ?

micmac1 · July 20, 2021, 8:52pm

I never did Because I don't use wpa_supplicant this way. @vk496 raised a pull request for this some days ago, though. Maybe this helps you.

vk496 · July 20, 2021, 9:29pm

I have a Turris router on which I would like to have EAP-SIM auth.

However even with the patch, I think hostapd requires comunicate with the card over PC/SC.

And this is done with OpenCT, for which there are not package available (right now).

A reference for what I'm talking about: https://ohnomoregadgets.wordpress.com/2013/08/28/free-wifi-with-eap-sim-on-a-desktop-computer/

In any case, adding EAP-SIM to hostapd implies a new dependencie for wpad/wpa_supplicant (libpcsclite), which is a critical package for OpenWrt architecture. I would like some feedback from some core developer, because maybe it could be more interesting a dedicated wpad/wpa_supplicant/hostapd package.

Br,
Valentin

guifort · August 4, 2021, 7:02am

Hello,

On my side with pcsc_scan I can see the card,

Do you patch with success the last version of OpenWRT with the patch ? on my side It fail

vk496 · August 4, 2021, 8:20am

Hi,

You have a Turris? and in your side it detects the card with pcsc_scan?

I couldn't test the patch I sent, so not sure if it works. Since I can't play with my main router too much, I've ordered a 4€ usb SIM reader and will do all the tests with a VM and wifi dongle

Br

guifort · August 4, 2021, 4:40pm

On my side I have do that with a SFR Neufbox 6, regarding the card reader I use this one https://www.amazon.fr/gp/product/B08D8RJ56J/

I have successfully try with a Intel NUC device and the card reader.

I can keep internet access, I just need some script for check and reconnect if needed.

The reference in your last post is good, I have used it for do my "box" but I am currently searching a solution for do that with OpenWRT