About Shared secret from DH key exchange

Jouni Malinen j
Thu Apr 3 00:02:07 PDT 2008

On Thu, Apr 03, 2008 at 02:04:49PM +0800, Jack Yip wrote:

> *Mar  8 06:02:30.254: RADSRV EAP-FAST: Calculting DH Server public.. 0011.d605.2
> cdc
> *Mar  8 06:02:30.466: RADSRV EAP-FAST: DH public number generation failed

I don't know what exactly this means in case of Cisco AP, but it does
not look very promising..

> In addition I got the following debug msg from the supplicant program:
> 6.0660: TLSv1: Send ClientKeyExchange
> 6.0660: TLSv1: DH client's secret value - hexdump(len=256): [REMOVED]
> 15.0400: TLSv1: DH Yc (client's public value) - hexdump(len=256): [REMOVED]
> 16.0990: TLSv1: Shared secret from DH key exchange - hexdump(len=0): [REMOVED]
> 16.0990: TLSv1: pre_master_secret - hexdump(len=0): [REMOVED]
> I found that the Shared secret from DH key exchange has 0 length.

This doesn't look good either. It looks like something is going wrong in
Diffie-Hellman handshake. Maybe the parameter from the server was
invalid (the debug log from it claims that there was an error in
generating it..). Could you please send full debug log from
wpa_supplicant showing all parts of the negotiation and with the keying
material included (i.e., -k on the command line or if you do not use
command line version, with the global wpa_debug_show_keys variable set
to 1).

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list