EAP-FAST failures
Bill Hegardt
bill at hegardt.com
Fri Jan 6 10:14:52 PST 2023
I have a test environment set up with Cisco ISE 3.0, the latest
2.11-devel supplicant, and latest OpenSSL 3.0.7.
I have not been able to get EAP-FAST working. It auto-provisions
successfully, and my client gets a pac file using
"fast_provisioning=1"
Then when it authenticates using the pac file, it fails during phase 2
with the error "Compound MAC did not match".
The Cisco ISE reports the error as 12118 EAP-FAST cryptobinding
verification failed.
I have an older client using wpa_supplicant 2.1 and OpenSSL 1.02 that
is able to auto provision and authenticate successfully with the same
SSID and wpa_supplicant.conf file.
Thinking it might be related to OpenSSL 3.07, I tried OpenSSL 1.1.1s
with the same results.
Working client uses TLS 1.2 with cipher ADH-AES128-SHA
Failing client uses TLS 1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
Below is an excerpt from the supplicant log file. I can provide more
details if anyone is interested.
EAP-FAST: Received 95 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
EAP-FAST: Decrypted Phase 2 TLV(s) - hexdump(len=66): 80 03 00 02 00
01 80 0c 00 38 00 01 01 00 52 30 ad bf ac 46 44 9c f0 8b ab 03 e1 15
1b a1 5d ee b4 7c 8a c9 8c aa 05 75 85 6a 3f 3f fa ea bf bf 8f 05 b7
79 0c f8 ef 62 ac 67 5a 46 a7 84 51 08 91 e0
EAP-FAST: Received Phase 2: TLV type 3 length 2 (mandatory)
EAP-FAST: Result TLV - hexdump(len=2): 00 01
EAP-FAST: Result: Success
EAP-FAST: Received Phase 2: TLV type 12 length 56 (mandatory)
EAP-FAST: Crypto-Binding TLV - hexdump(len=56): 00 01 01 00 52 30 ad
bf ac 46 44 9c f0 8b ab 03 e1 15 1b a1 5d ee b4 7c 8a c9 8c aa 05 75
85 6a 3f 3f fa ea bf bf 8f 05 b7 79 0c f8 ef 62 ac 67 5a 46 a7 84 51
08 91 e0
EAP-FAST: Crypto-Binding TLV: Version 1 Received Version 1 SubType 0
EAP-FAST: NONCE - hexdump(len=32): 52 30 ad bf ac 46 44 9c f0 8b ab 03
e1 15 1b a1 5d ee b4 7c 8a c9 8c aa 05 75 85 6a 3f 3f fa ea
EAP-FAST: Compound MAC - hexdump(len=20): bf bf 8f 05 b7 79 0c f8 ef
62 ac 67 5a 46 a7 84 51 08 91 e0
EAP-FAST: Determining CMK[1] for Compound MIC calculation
EAP-MSCHAPV2: Derived key - hexdump(len=32): [REMOVED]
EAP-FAST: ISK[j] - hexdump(len=32): [REMOVED]
EAP-FAST: S-IMCK[j] - hexdump(len=40): [REMOVED]
EAP-FAST: CMK[j] - hexdump(len=20): [REMOVED]
EAP-FAST: Crypto-Binding TLV for Compound MAC calculation -
hexdump(len=60): 80 0c 00 38 00 01 01 00 52 30 ad bf ac 46 44 9c f0 8b
ab 03 e1 15 1b a1 5d ee b4 7c 8a c9 8c aa 05 75 85 6a 3f 3f fa ea 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAP-FAST: Received Compound MAC - hexdump(len=20): bf bf 8f 05 b7 79
0c f8 ef 62 ac 67 5a 46 a7 84 51 08 91 e0
EAP-FAST: Calculated Compound MAC - hexdump(len=20): 79 77 0e fa 0e 27
f3 88 67 25 3f 1a fe 41 5a fe aa 60 8d 5d
EAP-FAST: Compound MAC did not match
EAP-FAST: Add Result TLV(status=2)
EAP-FAST: Encrypting Phase 2 data - hexdump(len=6): 80 03 00 02 00 02
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: 35 bytes left to be sent out (of total 35 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
eapRespData=0x14784b8
EAP: EAP entering state SEND_RESPONSE
More information about the Hostap
mailing list