wpa_supplicant: problems with EAP-SIM

Pete Young pete
Wed Feb 1 09:25:50 PST 2006 

Pete Young wrote:

> That patch has the SIM initialising and I can see APDUs being sent to
> the card.

... USIM APDUs, which confused the SIM somewhat. This is a test SIM
with the PIN disabled, I'm not sure if there is anything else
unusual about it. It does still authenticate to the same radius
server using xsupplicant.

I've  modified the source of pcsc_funcs.c to ensure that
GSM APDUs (with 'A0' prefix) are sent to the card, I'm now getting
authentication failures due to

EAP-SIM: Challenge message used invalid AT_MAC

Full trace attached:


[root at client1 wpa_supplicant-0.4.7]# ./wpa_supplicant -dd -ieth0 
-cwpa_supplicant.conf.eapsim
Initializing interface 'eth0' conf 'wpa_supplicant.conf.eapsim' driver 
'default' ctrl_interface 'N/A'
Configuration file 'wpa_supplicant.conf.eapsim' -> 
'/home/siteadm/wpa_supplicant-0.4.7/wpa_supplicant.conf.eapsim'
Reading configuration file 
'/home/siteadm/wpa_supplicant-0.4.7/wpa_supplicant.conf.eapsim'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=10 (from group name 'wheel')
eapol_version=1
ap_scan=0
Line: 19 - start of a new network block
key_mgmt: 0x1
eap methods - hexdump(len=2): 12 00
pin - hexdump_ascii(len=4): [REMOVED]
pcsc - hexdump_ascii(len=0):
eapol_flags=0 (0x0)
Priority group 0
    id=0 ssid=''
Initializing interface (2) 'eth0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wired_init: Added multicast membership with packet socket
Own MAC address: 00:30:1b:35:35:03
Setting scan request: 0 sec 100000 usec
Added interface eth0
EAPOL: External notification - portControl=Auto
Already associated with a configured network - generating associated event
Association info event
State: DISCONNECTED -> ASSOCIATED
Associated to a new BSS: BSSID=01:80:c2:00:00:03
No keys have been configured - skip key clearing
Network configuration found for the current AP
WPA: No WPA/RSN IE available from association info
WPA: Set cipher suites based on configuration
WPA: Selected cipher suites: group 30 pairwise 24 key_mgmt 1
WPA: clearing AP WPA IE
WPA: clearing AP RSN IE
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 
01 00 00
0f ac 04 01 00 00 0f ac 01 00 00
EAPOL: External notification - portControl=Auto
Associated with 01:80:c2:00:00:03
Selected network is configured to use SIM - initialize PCSC
SCARD: initializing smart card interface
SCARD: Selected reader='Omnikey CardMan 6020 00 00'
SCARD: card=118473 active_protocol=1
SCARD: select file 3f00
SCARD: scard_transmit: send - hexdump(len=7): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=2): 9f 1e
SCARD: trying to get response (30 bytes)
SCARD: scard_transmit: send - hexdump(len=5): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=32): 00 00 b5 ea 3f 00 01 00 
ff ff ff
01 11 9b 03 0a 06 00 83 8a 83 8a 00 83 00 00 00 83 00 00 90 00
SCARD: select file 7f20
SCARD: scard_transmit: send - hexdump(len=7): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=2): 9f 1e
SCARD: trying to get response (30 bytes)
SCARD: scard_transmit: send - hexdump(len=5): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=32): 00 00 b5 ea 7f 20 02 00 
f4 f4 ff
01 11 9b 00 16 06 00 83 8a 83 8a 00 83 00 00 00 83 00 00 90 00
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL - hexdump(len=4): 01 01 00 00
RX EAPOL from 00:13:1a:c0:5c:01
RX EAPOL - hexdump(len=46): 01 00 00 04 04 01 00 04 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Workaround for unexpected identifier field in EAP Success: reqId=1 
lastId=-1 (these are supposed to be same)
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: authWhile --> 0
RX EAPOL from 00:13:1a:c0:5c:01
RX EAPOL - hexdump(len=46): 01 00 00 05 01 01 00 05 01 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=1
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=0):
EAP: buildIdentity: identity configuration was not available
SCARD: reading IMSI from (GSM) EF-IMSI
SCARD: select file 6f07
SCARD: scard_transmit: send - hexdump(len=7): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=2): 9f 0f
SCARD: trying to get response (15 bytes)
SCARD: scard_transmit: send - hexdump(len=5): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=17): 00 00 00 09 6f 07 04 00 
1f ff 1f
01 02 00 00 90 00
SCARD: IMSI file length=9 imsilen=15
SCARD: scard_transmit: send - hexdump(len=5): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=11): 08 29 53 77 72 10 02 50 
60 90 00
IMSI - hexdump_ascii(len=15):
      32 33 35 37 37 32 37 30 31 32 30 30 35 30 36      235772701200506
permanent identity from IMSI - hexdump_ascii(len=16):
      31 32 33 35 37 37 32 37 30 31 32 30 30 35 30 36   1235772701200506
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=25): 01 00 00 15 02 01 00 15 01 31 32 33 35 37 37 
32 37 30 31 32 30 30 35 30 36
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:13:1a:c0:5c:01
RX EAPOL - hexdump(len=46): 01 00 00 05 01 00 00 05 01 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=16):
      31 32 33 35 37 37 32 37 30 31 32 30 30 35 30 36   1235772701200506
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=25): 01 00 00 15 02 00 00 15 01 31 32 33 35 37 37 
32 37 30 31 32 30 30 35 30 36
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:13:1a:c0:5c:01
RX EAPOL - hexdump(len=46): 01 00 00 10 01 01 00 10 12 0a 00 00 0f 02 00 
02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=18 id=1
EAP: EAP entering state GET_METHOD
EAP: initialize selected EAP method (18, SIM)
CTRL-EVENT-EAP-METHOD EAP method 18 (SIM) selected
EAP: EAP entering state METHOD
EAP-SIM: EAP data - hexdump(len=16): 01 01 00 10 12 0a 00 00 0f 02 00 02 
00 01 00 00
EAP-SIM: Subtype=10
EAP-SIM: Attribute: Type=15 Len=8
EAP-SIM: Attribute data - hexdump(len=6): 00 02 00 01 00 00
EAP-SIM: AT_VERSION_LIST
EAP-SIM: Attributes parsed successfully (aka=0 encr=0)
EAP-SIM: subtype Start
EAP-SIM: Selected Version 1
Generating EAP-SIM Start (id=1)
    AT_NONCE_MT - hexdump(len=16): 0a 2f 1c 05 e3 0b be 1f dd f3 a8 c8 
c8 4b 85 6e
    AT_SELECTED_VERSION 1
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=36): 01 00 00 20 02 01 00 20 12 0a 00 00 07 05 00 
00 0a 2f 1c 05 e3 0b be 1f dd f3 a8 c8 c8 4b 85 6e 10 01
00 01
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:13:1a:c0:5c:01
RX EAPOL - hexdump(len=84): 01 00 00 50 01 02 00 50 12 0b 00 00 01 0d 00 
00 47 51 80 51 ec 57 7a 28 38 d3 51 6a 80 ce 7d 41 08 b8
19 c5 29 c7 b3 9b 0e ce 70 3f
60 65 6d a5 d2 05 37 6d 3f 26 5f 5a 06 a4 e6 c5 82 da fe cf 0b 05 00 00 
73 58 cf 97 eb d3 db 66 45 09 a5 3f 29 c4 70 0b
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=18 id=2
EAP: EAP entering state METHOD
EAP-SIM: EAP data - hexdump(len=80): 01 02 00 50 12 0b 00 00 01 0d 00 00 
47 51 80 51 ec 57 7a 28 38 d3 51 6a 80 ce 7d 41 08 b8 19
c5 29 c7 b3 9b 0e ce 70 3f 60
65 6d a5 d2 05 37 6d 3f 26 5f 5a 06 a4 e6 c5 82 da fe cf 0b 05 00 00 73 
58 cf 97 eb d3 db 66 45 09 a5 3f 29 c4 70 0b
EAP-SIM: Subtype=11
EAP-SIM: Attribute: Type=1 Len=52
EAP-SIM: Attribute data - hexdump(len=50): 00 00 47 51 80 51 ec 57 7a 28 
38 d3 51 6a 80 ce 7d 41 08 b8 19 c5 29 c7 b3 9b 0e ce 70
3f 60 65 6d a5 d2 05 37 6d 3f
26 5f 5a 06 a4 e6 c5 82 da fe cf
EAP-SIM: AT_RAND
EAP-SIM: Attribute: Type=11 Len=20
EAP-SIM: Attribute data - hexdump(len=18): 00 00 73 58 cf 97 eb d3 db 66 
45 09 a5 3f 29 c4 70 0b
EAP-SIM: AT_MAC
EAP-SIM: Attributes parsed successfully (aka=0 encr=0)
EAP-SIM: subtype Challenge
EAP-SIM: 3 challenges
EAP-SIM: GSM authentication algorithm
SCARD: GSM auth - RAND - hexdump(len=16): 47 51 80 51 ec 57 7a 28 38 d3 
51 6a 80 ce 7d 41
SCARD: scard_transmit: send - hexdump(len=22): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=2): 9f 0c
SCARD: scard_transmit: send - hexdump(len=5): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=14): 62 08 34 d8 81 fd 94 78 
28 76 5b
63 90 00
SCARD: GSM auth - SRES - hexdump(len=4): 62 08 34 d8
SCARD: GSM auth - Kc - hexdump(len=8): 81 fd 94 78 28 76 5b 63
SCARD: GSM auth - RAND - hexdump(len=16): 08 b8 19 c5 29 c7 b3 9b 0e ce 
70 3f 60 65 6d a5
SCARD: scard_transmit: send - hexdump(len=22): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=2): 9f 0c
SCARD: scard_transmit: send - hexdump(len=5): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=14): 2f 87 d0 7c ce 1f ad d4 
8c 99 d2
58 90 00
SCARD: GSM auth - SRES - hexdump(len=4): 2f 87 d0 7c
SCARD: GSM auth - Kc - hexdump(len=8): ce 1f ad d4 8c 99 d2 58
SCARD: GSM auth - RAND - hexdump(len=16): d2 05 37 6d 3f 26 5f 5a 06 a4 
e6 c5 82 da fe cf
SCARD: scard_transmit: send - hexdump(len=22): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=2): 9f 0c
SCARD: scard_transmit: send - hexdump(len=5): [REMOVED]
SCARD: scard_transmit: recv - hexdump(len=14): be e4 42 13 28 00 9e f2 
d9 7c 8c
f5 90 00
SCARD: GSM auth - SRES - hexdump(len=4): be e4 42 13
SCARD: GSM auth - Kc - hexdump(len=8): 28 00 9e f2 d9 7c 8c f5
EAP-SIM: Selected identity for MK derivation - hexdump_ascii(len=16):
      31 32 33 35 37 37 32 37 30 31 32 30 30 35 30 36   1235772701200506
EAP-SIM: MK - hexdump(len=20): [REMOVED]
EAP-SIM: K_encr - hexdump(len=16): [REMOVED]
EAP-SIM: K_aut - hexdump(len=16): [REMOVED]
EAP-SIM: MSK - hexdump(len=8): [REMOVED]
EAP-SIM: Ext. MSK - hexdump(len=8): [REMOVED]
EAP-SIM: keying material - hexdump(len=64): [REMOVED]
EAP-SIM: Challenge message used invalid AT_MAC
EAP: method process -> ignore=FALSE methodState=DONE decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=16): 01 00 00 0c 02 02 00 0c 12 0e 00 00 16 01 00 00
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:13:1a:c0:5c:01
RX EAPOL - hexdump(len=46): 01 00 00 04 04 00 00 04 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP-Success Id mismatch - reqId=0 lastId=2
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: heldWhile --> 0
EAPOL: authWhile --> 0
EAPOL: SUPP_BE entering state TIMEOUT
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE



-- 
   ____________________________________________________________________
   Pete Young          pete.young at bt.com          Phone +44 1473 642740
       "Just another crouton, floating on the bouillabaisse of life"

More information about the Hostap mailing list