About Shared secret from DH key exchange
Jack Yip
Jack
Wed Apr 2 23:04:49 PDT 2008
Hi,
I am working with the EAP-FAST with the Cisco Server AP.
But I got the following debug msg from the Cisco Server. And it said there is invalid tunnel MIC.
**********************************************************************************************************
*Mar 8 06:02:30.107: RADSRV EAP-FAST: Add teap client 0011.d605.2cdc
*Mar 8 06:02:30.107: RADSRV EAP-FAST: Sending TEAP start
*Mar 8 06:02:30.253: RADSRV EAP-FAST: verify client_hello
*Mar 8 06:02:30.253: RADSRV EAP-FAST: PAC to be provisioned, parsed 49, length
49
*Mar 8 06:02:30.253: RADSRV EAP-FAST: Build (provision) Server Hello, 0011.d605
.2cdc
*Mar 8 06:02:30.254: RADSRV EAP-FAST: Calculting DH Server public.. 0011.d605.2
cdc
*Mar 8 06:02:30.466: RADSRV EAP-FAST: DH public number generation failed
*Mar 8 06:02:30.466: RADSRV EAP-FAST: Sending Server Hello, 0011.d605.2cdc
*Mar 8 06:02:41.137: RADSRV EAP-FAST: verify client_finished, 0011.d605.2cdc
*Mar 8 06:02:41.137: RADSRV EAP-FAST: Calculting premaster secret..
*Mar 8 06:02:41.405: RADSRV EAP-FAST: Calculating Master secret...
*Mar 8 06:02:41.408: RADSRV EAP-FAST: tunnel Decrypt pak (size 48):
*Mar 8 06:02:41.408: Data out
00DAA450: 59C9D621 YIV!
00DAA460: CCF5E055 050EB6CB B37CF708 D97A0DB5 Lu`U..6K3|w.Yz.5
00DAA470: C6D7FF1C 65B2A7FB 6A8D2F7A CEC3BB13 FW..e2'{j./zNC;.
00DAA480: 16D843E6 46E37722 E3B7C3EF .XCfFcw"c7Co
*Mar 8 06:02:41.409: RADSRV EAP-FAST: invalid tunnel MIC
*Mar 8 06:02:41.409: RADSRV EAP-FAST: sending alert level 2, desc 0
*Mar 8 06:02:56.409: RADSRV EAP-FAST: Timer expired, teap client 0011.d605.2cd
c
*Mar 8 06:02:56.409: RADSRV EAP-FAST: Delete teap client 0011.d605.2cdc
*****************************************************************************************************
In addition I got the following debug msg from the supplicant program:
6.0660: TLSv1: Send ClientKeyExchange
6.0660: TLSv1: DH client's secret value - hexdump(len=256): [REMOVED]
15.0400: TLSv1: DH Yc (client's public value) - hexdump(len=256): [REMOVED]
16.0990: TLSv1: Shared secret from DH key exchange - hexdump(len=0): [REMOVED]
16.0990: TLSv1: pre_master_secret - hexdump(len=0): [REMOVED]
I found that the Shared secret from DH key exchange has 0 length.
This is very abnormal!
Does anyone know the reason or any hints for this issue???
Please advise!!!
Jack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080403/433e5ecb/attachment.htm
More information about the Hostap
mailing list