Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / 2b93d6a7a2f956629cf4225457d023afff8d780d / . / src / test / setup / radius-config / freeradius / mods-available / wimax
blob: c2aa42ff676a7bd1b2d97cca6d0ca298f799c9be [file] [log] [blame]
Chetan Gaonker7f4bf742016-05-04 15:56:08 -0700[diff] [blame]1#
2# The WiMAX module currently takes no configuration.
3#
4# It should be listed in the "authorize" and "preacct" sections.
5# This enables the module to fix the horrible binary version
6# of Calling-Station-Id to the normal format, as specified in
7# RFC 3580, Section 3.21.
8#
9# In order to calculate the various WiMAX keys, the module should
10# be listed in the "post-auth" section. If EAP authentication
11# has been used, AND the EAP method derives MSK and EMSK, then
12# the various WiMAX keys can be calculated.
13#
14# Some useful things to remember:
15#
16# WiMAX-MSK = EAP MSK, but is 64 octets.
17#
18# MIP-RK-1 = HMAC-SHA256(ESMK, "miprk@wimaxforum.org" | 0x00020001)
19# MIP-RK-2 = HMAC-SHA256(ESMK, MIP-RK-1 | "miprk@wimaxforum.org" | 0x00020002)
20# MIP-RK = MIP-RK-1 | MIP-RK-2
21#
22# MIP-SPI = first 4 octets of HMAC-SHA256(MIP-RK, "SPI CMIP PMIP")
23# plus some magic... you've got to track *all* MIP-SPI's
24# on your system!
25#
26# SPI-CMIP4 = MIP-SPI
27# SPI-PMIP4 = MIP-SPI + 1
28# SPI-CMIP6 = MIP-SPI + 2
29#
30# MN-NAI is the Mobile node NAI. You have to create it, and put
31# it into the request or reply as something like:
32#
33# WiMAX-MN-NAI = "%{User-Name}"
34#
35# You will also have to have the appropriate IP address (v4 or v6)
36# in order to calculate the keys below.
37#
38# Lifetimes are derived from Session-Timeout. It needs to be set
39# to some useful number.
40#
41# The hash function below H() is HMAC-SHA1.
42#
43#
44# MN-HA-CMIP4 = H(MIP-RK, "CMIP4 MN HA" | HA-IPv4 | MN-NAI)
45#
46# Where HA-IPv4 is WiMAX-hHA-IP-MIP4
47# or maybe WiMAX-vHA-IP-MIP4
48#
49# Which goes into WiMAX-MN-hHA-MIP4-Key
50# or maybe WiMAX-RRQ-MN-HA-Key
51# or maybe even WiMAX-vHA-MIP4-Key
52#
53# The corresponding SPI is SPI-CMIP4, which is MIP-SPI,
54#
55# which goes into WiMAX-MN-hHA-MIP4-SPI
56# or maybe WiMAX-RRQ-MN-HA-SPI
57# or even WiMAX-MN-vHA-MIP4-SPI
58#
59# MN-HA-PMIP4 = H(MIP-RK, "PMIP4 MN HA" | HA-IPv4 | MN-NAI)
60# MN-HA-CMIP6 = H(MIP-RK, "CMIP6 MN HA" | HA-IPv6 | MN-NAI)
61#
62# both with similar comments to above for MN-HA-CMIP4.
63#
64# In order to tell which one to use (CMIP4, PMIP4, or CMIP6),
65# you have to set WiMAX-IP-Technology in the reply to one of
66# the appropriate values.
67#
68#
69# FA-RK = H(MIP-RK, "FA-RK")
70#
71# MN-FA = H(FA-RK, "MN FA" | FA-IP | MN-NAI)
72#
73# Where does the FA-IP come from? No idea...
74#
75#
76# The next two keys (HA-RK and FA-HA) are not generated
77# for every authentication request, but only on demand.
78#
79# HA-RK = 160-bit random number assigned by the AAA server
80# to a specific HA.
81#
82# FA-HA = H(HA-RK, "FA-HA" | HA-IPv4 | FA-CoAv4 | SPI)
83#
84# where HA-IPv4 is as above.
85# and FA-CoAv4 address of the FA as seen by the HA
86# and SPI is the relevant SPI for the HA-RK.
87#
88# DHCP-RK = 160-bit random number assigned by the AAA server
89# to a specific DHCP server. vDHCP-RK is the same
90# thing.
91#
92wimax {
93 #
94 # Some WiMAX equipment requires that the MS-MPPE-*-Key
95 # attributes are sent in the Access-Accept, in addition to
96 # the WiMAX-MSK attribute.
97 #
98 # Other WiMAX equipment request that the MS-MPPE-*-Key
99 # attributes are NOT sent in the Access-Accept.
100 #
101 # By default, the EAP modules sends MS-MPPE-*-Key attributes.
102 # The default virtual server (raddb/sites-available/default)
103 # contains examples of adding the WiMAX-MSK.
104 #
105 # This configuration option makes the WiMAX module delete
106 # the MS-MPPE-*-Key attributes. The default is to leave
107 # them in place.
108 #
109 # If the keys are deleted (by setting this to "yes"), then
110 # the WiMAX-MSK attribute is automatically added to the reply.
111 delete_mppe_keys = no
112}