Problem in porting to PALM
Jack Yip
Jack
Mon Mar 24 09:13:21 PDT 2008
Thank you very much for your answering!!!
I have captured the debug msg with binary packet printed out from the CISCO server.
Here it is:
********************************************************************************************************************************
*Mar 8 00:24:06.587: RADSRV EAP-FAST: Add teap client 0011.d605.2cdc
*Mar 8 00:24:06.587: RADSRV EAP-FAST: EAP-FAST pak rx:
01814770: 02 02000E01 616E6F6E 796D6F75 .....anonymou
01814780: 73 s
*Mar 8 00:24:06.587: RADSRV EAP-FAST: EAP-FAST pak tx:
01851070: 0103 001A2B21 ....+!
01851080: 00040010 4C4F4341 4C205241 44495553 ....LOCAL RADIUS
01851090: 20534552 SER
*Mar 8 00:24:06.588: RADSRV EAP-FAST: Sending TEAP start
*Mar 8 00:24:06.731: RADSRV EAP-FAST: EAP-FAST pak rx:
01819650: 02 0300402B ... at +
01819660: 01160301 00350100 00310301 45986005 .....5...1..E.`.
01819670: BDA2B8BA 4D2702EA 306B7F69 80119AE7 ="8:M'.j0k.i...g
01819680: BD3B975E 41E59F87 E7830B97 00000A00 =;.^Ae..g.......
01819690: 3A003400 1B001800 1A0100 :.4........
*Mar 8 00:24:06.732: RADSRV EAP-FAST: verify client_hello
*Mar 8 00:24:06.732: RADSRV EAP-FAST: Cipher RC4_128_SHA / TLS_DH_anon_WITH_AES
_128_CBC_SHA1 not found, client may be open source
*Mar 8 00:24:06.732: RADSRV EAP-FAST: PAC to be provisioned, parsed 49, length
49
*Mar 8 00:24:06.732: RADSRV EAP-FAST: Build (provision) Server Hello, 0011.d605
.2cdc
*Mar 8 00:24:06.733: RADSRV EAP-FAST: Calculting DH Server public.. 0011.d605.2
cdc
*Mar 8 00:24:06.945: RADSRV EAP-FAST: DH public number generation failed
*Mar 8 00:24:06.945: RADSRV EAP-FAST: EAP-FAST pak tx:
01227980: 01040252 2B810000 ...R+...
01227990: 02481603 01002A02 00002603 01CE4A3B .H....*...&..NJ;
012279A0: 4A8E1EAD 848E1EAD 84C515B7 67C515B7 J..-...-.E.7gE.7
012279B0: 676DE075 0A6DE075 0A9EEB71 BC000034 gm`u.m`u..kq<..4
012279C0: 00160301 020B0C00 02070100 FFFFFFFF ................
012279D0: FFFFFFFF C90FDAA2 2168C234 C4C6628B ....I.Z"!hB4DFb.
012279E0: 80DC1CD1 29024E08 8A67CC74 020BBEA6 .\.Q).N..gLt..>&
012279F0: 3B139B22 514A0879 8E3404DD EF9519B3 ;.."QJ.y.4.]o..3
01227A00: CD3A431B 302B0A6D F25F1437 4FE1356D M:C.0+.mr_.7Oa5m
01227A10: 6D51C245 E485B576 625E7EC6 F44C42E9 mQBEd.5vb^~FtLBi
01227A20: A637ED6B 0BFF5CB6 F406B7ED EE386BFB &7mk..\6t.7mn8k{
01227A30: 5A899FA5 AE9F2411 7C4B1FE6 49286651 Z..%..$.|K.fI(fQ
01227A40: ECE45B3D C2007CB8 A163BF05 98DA4836 ld[=B.|8!c?..ZH6
01227A50: 1C55D39A 69163FA8 FD24CF5F 83655D23 .US.i.?(}$O_.e]#
01227A60: DCA3AD96 1C62F356 208552BB 9ED52907 \#-..bsV .R;.U).
01227A70: 7096966D 670C354E 4ABC9804 F1746C08 p..mg.5NJ<..qtl.
01227A80: CA18217C 32905E46 2E36CE3B E39E772C J.!|2.^F.6N;c.w,
01227A90: 180E8603 9B2783A2 EC07A28F B5C55DF0 .....'."l.".5E]p
01227AA0: 6F4C52C9 DE2BCBF6 95581718 3995497C oLRI^+Kv.X..9.I|
01227AB0: EA956AE5 15D22618 98FA0510 15728E5A j.je.R&..z...r.Z
01227AC0: 8AACAA68 FFFFFFFF FFFFFFFF 00010201 .,*h............
01227AD0: 00408DE6 6F737F89 59C36DB8 509A52EB . at .fos..YCm8P.Rk
01227AE0: 78660B1E C42A8B9A D2D94F38 CEB224BF xf..D*..RYO8N2$?
01227AF0: 5AE8D260 333059E1 EA58DB40 9A60C706 ZhR`30YajX[@.`G.
01227B00: 7A40434C F64DEB74 3697926F ED37DE66 z at CLvMkt6..om7^f
01227B10: 8251F979 42D1302D BB30B970 11B9CEDF .QyyBQ0-;09p.9N_
01227B20: 742D7712 E1398469 85DFCB09 5C40D44B t-w.a9.i._K.\@TK
01227B30: C0D86D3F 7048E09B 39EAF0B2 A4DBBA2D @Xm?pH`.9jp2$[:-
01227B40: B82BAAAE 0F3D3408 239BB270 0750D863 8+*..=4.#.2p.PXc
01227B50: 5175AA5A 0B2D9F5C 242D14E0 393F10E8 Qu*Z.-.\$-.`9?.h
01227B60: 48A9D38D 9EAF3A36 CA931201 30B09D46 H)S../:6J...00.F
01227B70: 0566BA16 491F8B1B 42603BBE 3F6562A4 .f:.I...B`;>?eb$
01227B80: 7D91DD78 B5FD5DA8 A394DFF4 BCEDF8BF }.]x5}](#._t<mx?
01227B90: 7CAD7845 626D3A15 6FF8715A AF36F98C |-xEbm:.oxqZ/6y.
01227BA0: 9506AE67 6560101E C4029146 DFE425D8 ...ge`..D..F_d%X
01227BB0: FC1AE41F 3CFFC39A DB005679 77C85156 |.d.<.C.[.VywHQV
01227BC0: A49BEBA3 48CFB8BE C8EF993B 4B34E7AB $.k#HO8>Ho.;K4g+
01227BD0: E1160301 00040E00 0000 a.........
*Mar 8 00:24:06.951: RADSRV EAP-FAST: Sending Server Hello, 0011.d605.2cdc
*Mar 8 00:24:17.624: RADSRV EAP-FAST: EAP-FAST pak rx:
00EB00E0: 0204014C 2B011603 01010610 00010201 ...L+...........
00EB00F0: 00703026 EB7BE782 8494D35F A266201E .p0&k{g...S_"f .
00EB0100: 4771FA27 418E1C7D 0F3D14A4 4AB54AF5 Gqz'A..}.=.$J5Ju
00EB0110: C8AB1598 CD5E120C 763B56CD 51F73571 H+..M^..v;VMQw5q
00EB0120: 0A480967 B8A44841 E1ED1E08 85F6A3D1 .H.g8$HAam...v#Q
00EB0130: AA907637 0DA5601E D78BEE7A 562BE9E3 *.v7.%`.W.nzV+ic
00EB0140: 91E68B20 C366DD11 FEC1D700 6366F57F .f. Cf].~AW.cfu.
00EB0150: 98666E4B 88C87DE7 15754452 EBF5F01E .fnK.H}g.uDRkup.
00EB0160: 56608309 0FF33A4A 79B34349 12C5523F V`...s:Jy3CI.ER?
00EB0170: 16F02C3D BD50B6E2 507187B8 74DDA734 .p,==P6bPq.8t]'4
00EB0180: 766D92CA D0E5676C 837839D6 AFC98003 vm.JPegl.x9V/I..
00EB0190: 5EA03958 ED527911 2181EC13 6C4E53E3 ^ 9XmRy.!.l.lNSc
00EB01A0: 6B7C3A2D 11B75FE2 F28BC194 67FDAC15 k|:-.7_br.A.g},.
00EB01B0: 6F564D19 F53277D8 56BC6C6D 2349B343 oVM.u2wXV<lm#I3C
00EB01C0: 2CBB7E9A 8ED39577 BF0F76D6 B3FEC304 ,;~..S.w?.vV3~C.
00EB01D0: B959AA11 3BAF5AAE C77A4E91 E845BD35 9Y*.;/Z.GzN.hE=5
00EB01E0: D6520C35 4F4F26A6 825C1167 F485579A VR.5OO&&.\.gt.W.
00EB01F0: F4140301 00010116 03010030 303C621F t..........00<b.
00EB0200: 4E461CDB CD706B1C 838EEC91 C2A67BEA NF.[Mpk...l.B&{j
00EB0210: 2D0A14BF 12472A40 6D616553 92275DA0 -..?.G*@maeS.']
00EB0220: 23025793 F75158CC A71E847D #.W.wQXL'..}
*Mar 8 00:24:17.627: RADSRV EAP-FAST: verify client_finished, 0011.d605.2cdc
*Mar 8 00:24:17.627: RADSRV EAP-FAST: Calculting premaster secret..
*Mar 8 00:24:17.894: RADSRV EAP-FAST: Calculating Master secret...
*Mar 8 00:24:17.897: RADSRV EAP-FAST: sending alert level 2, desc 0
*Mar 8 00:24:17.897: RADSRV EAP-FAST: EAP-FAST pak tx:
01855490: 0105 00112B81 ....+.
018554A0: 00000007 15030100 020200 ...........
********************************************************************************************************************************
Do you know what is going on???
Thank you very much!!!
By the way, I should be using the wpa_supplicant-0.5.9.tar.gz for porting(not wpa_supplicant-0.5.10.tar.gz ), does it work with EAP-FAST?
Jack
--------------------------------------------------------------------------------
From: hostap-bounces at lists.shmoo.com on behalf of Jouni Malinen
Sent: Mon 3/24/2008 2:41 PM
To: hostap at shmoo.com
Subject: Re: Problem in porting to PALM
On Mon, Mar 24, 2008 at 10:49:08AM +0800, Jack Yip wrote:
> I use the wpa_supplicant-0.5.10.tar.gz <http://hostap.epitest.fi/releases/wpa_supplicant-0.5.10.tar.gz> and port it to the PALM OS to make my device work in EAP-FAST.
> However, the CISCO server have the following debug message:
Which version of ACS are you using? Are you using OpenSSL as the TLS
library?
> Do anyone know why there is such message"Cipher RC4_128_SHA / TLS_DH_anon_WITH_AES
> _128_CBC_SHA1 not found, client may be open source"? And after calculating master secret, the CISCO server will send back alert signal, do anyone know the reason?
I've never seen that message.. Would it be possible for you to capture
the EAP messages between the client and the server (either with a
wireless sniffer between the AP and the client or with a wired sniffer
between the AP and the server)? I would like to see what exactly is in
that ClientHello message. Could you send debug log from wpa_supplicant
showing this failed handshake?
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
HostAP mailing list
HostAP at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
________________________________
From: hostap-bounces at lists.shmoo.com on behalf of Jouni Malinen
Sent: Mon 3/24/2008 2:41 PM
To: hostap at shmoo.com
Subject: Re: Problem in porting to PALM
On Mon, Mar 24, 2008 at 10:49:08AM +0800, Jack Yip wrote:
> I use the wpa_supplicant-0.5.10.tar.gz <http://hostap.epitest.fi/releases/wpa_supplicant-0.5.10.tar.gz> and port it to the PALM OS to make my device work in EAP-FAST.
> However, the CISCO server have the following debug message:
Which version of ACS are you using? Are you using OpenSSL as the TLS
library?
> Do anyone know why there is such message"Cipher RC4_128_SHA / TLS_DH_anon_WITH_AES
> _128_CBC_SHA1 not found, client may be open source"? And after calculating master secret, the CISCO server will send back alert signal, do anyone know the reason?
I've never seen that message.. Would it be possible for you to capture
the EAP messages between the client and the server (either with a
wireless sniffer between the AP and the client or with a wired sniffer
between the AP and the server)? I would like to see what exactly is in
that ClientHello message. Could you send debug log from wpa_supplicant
showing this failed handshake?
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
HostAP mailing list
HostAP at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080325/47e159e0/attachment.htm
More information about the Hostap
mailing list