Questions on using EAP-AKA

Ben Greear greearb
Mon Dec 30 11:04:13 PST 2013

On 12/24/2013 01:34 PM, Jouni Malinen wrote:
> On Tue, Dec 24, 2013 at 12:01:26PM -0800, Ben Greear wrote:
>> It seems that the SQN is expected to start at some known value, and increment
>> for each connection attempt (from brief reading of RFC 4187).
>> There is a protocol (AUTS) to re-sync if UE is out of sync.
>> Do you know if this is properly handled in wpa_supplicant?
> Yes
>> If so, does it really matter much what the SQN is initially configured to be?
> For many testing cases, this does not really matter much unless you are
> looking into testing EAP-AKA replay protection itself.

Ok, I am not sure the SQN handling is working properly or not, but
it appears the main failure at this point is that I am using gnutls
and it does not support a method called by eap_sim_derive_keys:

int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
	/* FIX: how to do this with libgcrypt? */
	return -1;

I see another note in the supplicant config file that openssl does
not support all of EAP-FAST unless patched.

So, question is, what SSL should I use for fullest functionality?

I will add some extra logging to print big errors if eap_sim_derive_keys
fails, as it appears that can only happen when the SSL implementation
is deficient.

Maybe it should even be a build error to compile in AKA while using gnutls?


Ben Greear <greearb at>
Candela Technologies Inc

More information about the Hostap mailing list