About Shared secret from DH key exchange

Jack Yip Jack
Wed Apr 2 23:04:49 PDT 2008

I am working with the EAP-FAST with the Cisco Server AP.
But I got  the following debug msg from the Cisco Server. And it said there is invalid tunnel MIC.
*Mar  8 06:02:30.107: RADSRV EAP-FAST: Add teap client 0011.d605.2cdc
*Mar  8 06:02:30.107: RADSRV EAP-FAST:  Sending TEAP start
*Mar  8 06:02:30.253: RADSRV EAP-FAST: verify client_hello
*Mar  8 06:02:30.253: RADSRV EAP-FAST: PAC to be provisioned, parsed 49, length

*Mar  8 06:02:30.253: RADSRV EAP-FAST: Build (provision) Server Hello, 0011.d605
*Mar  8 06:02:30.254: RADSRV EAP-FAST: Calculting DH Server public.. 0011.d605.2
*Mar  8 06:02:30.466: RADSRV EAP-FAST: DH public number generation failed
*Mar  8 06:02:30.466: RADSRV EAP-FAST:  Sending Server Hello, 0011.d605.2cdc
*Mar  8 06:02:41.137: RADSRV EAP-FAST: verify client_finished, 0011.d605.2cdc
*Mar  8 06:02:41.137: RADSRV EAP-FAST: Calculting premaster secret..
*Mar  8 06:02:41.405: RADSRV EAP-FAST: Calculating Master secret...
*Mar  8 06:02:41.408: RADSRV EAP-FAST: tunnel Decrypt pak (size 48):
*Mar  8 06:02:41.408:  Data out
00DAA450:                            59C9D621              YIV!
00DAA460: CCF5E055 050EB6CB B37CF708 D97A0DB5  Lu`U..6K3|w.Yz.5
00DAA470: C6D7FF1C 65B2A7FB 6A8D2F7A CEC3BB13  FW..e2'{j./zNC;.
00DAA480: 16D843E6 46E37722 E3B7C3EF           .XCfFcw"c7Co
*Mar  8 06:02:41.409: RADSRV EAP-FAST: invalid tunnel MIC
*Mar  8 06:02:41.409: RADSRV EAP-FAST: sending alert level 2, desc 0
*Mar  8 06:02:56.409: RADSRV EAP-FAST: Timer expired,  teap client 0011.d605.2cd
*Mar  8 06:02:56.409: RADSRV EAP-FAST: Delete teap client 0011.d605.2cdc


In addition I got the following debug msg from the supplicant program:

6.0660: TLSv1: Send ClientKeyExchange
6.0660: TLSv1: DH client's secret value - hexdump(len=256): [REMOVED]
15.0400: TLSv1: DH Yc (client's public value) - hexdump(len=256): [REMOVED]
16.0990: TLSv1: Shared secret from DH key exchange - hexdump(len=0): [REMOVED]
16.0990: TLSv1: pre_master_secret - hexdump(len=0): [REMOVED]

I found that the Shared secret from DH key exchange has 0 length.
This is very abnormal!
Does anyone know the reason or any hints for this issue???
Please advise!!! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080403/433e5ecb/attachment.htm 

More information about the Hostap mailing list