I have a test environment set up with Cisco ISE 3.0, the latest 2.11-devel supplicant, and latest OpenSSL 3.0.7. I have not been able to get EAP-FAST working. It auto-provisions successfully, and my client gets a pac file using "fast_provisioning=1" Then when it authenticates using the pac file, it fails during phase 2 with the error "Compound MAC did not match". The Cisco ISE reports the error as 12118 EAP-FAST cryptobinding verification failed. I have an older client using wpa_supplicant 2.1 and OpenSSL 1.02 that is able to auto provision and authenticate successfully with the same SSID and wpa_supplicant.conf file. Thinking it might be related to OpenSSL 3.07, I tried OpenSSL 1.1.1s with the same results. Working client uses TLS 1.2 with cipher ADH-AES128-SHA Failing client uses TLS 1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 Below is an excerpt from the supplicant log file. I can provide more details if anyone is interested. EAP-FAST: Received 95 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x0 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): [REMOVED] EAP-FAST: Decrypted Phase 2 TLV(s) - hexdump(len=66): 80 03 00 02 00 01 80 0c 00 38 00 01 01 00 52 30 ad bf ac 46 44 9c f0 8b ab 03 e1 15 1b a1 5d ee b4 7c 8a c9 8c aa 05 75 85 6a 3f 3f fa ea bf bf 8f 05 b7 79 0c f8 ef 62 ac 67 5a 46 a7 84 51 08 91 e0 EAP-FAST: Received Phase 2: TLV type 3 length 2 (mandatory) EAP-FAST: Result TLV - hexdump(len=2): 00 01 EAP-FAST: Result: Success EAP-FAST: Received Phase 2: TLV type 12 length 56 (mandatory) EAP-FAST: Crypto-Binding TLV - hexdump(len=56): 00 01 01 00 52 30 ad bf ac 46 44 9c f0 8b ab 03 e1 15 1b a1 5d ee b4 7c 8a c9 8c aa 05 75 85 6a 3f 3f fa ea bf bf 8f 05 b7 79 0c f8 ef 62 ac 67 5a 46 a7 84 51 08 91 e0 EAP-FAST: Crypto-Binding TLV: Version 1 Received Version 1 SubType 0 EAP-FAST: NONCE - hexdump(len=32): 52 30 ad bf ac 46 44 9c f0 8b ab 03 e1 15 1b a1 5d ee b4 7c 8a c9 8c aa 05 75 85 6a 3f 3f fa ea EAP-FAST: Compound MAC - hexdump(len=20): bf bf 8f 05 b7 79 0c f8 ef 62 ac 67 5a 46 a7 84 51 08 91 e0 EAP-FAST: Determining CMK[1] for Compound MIC calculation EAP-MSCHAPV2: Derived key - hexdump(len=32): [REMOVED] EAP-FAST: ISK[j] - hexdump(len=32): [REMOVED] EAP-FAST: S-IMCK[j] - hexdump(len=40): [REMOVED] EAP-FAST: CMK[j] - hexdump(len=20): [REMOVED] EAP-FAST: Crypto-Binding TLV for Compound MAC calculation - hexdump(len=60): 80 0c 00 38 00 01 01 00 52 30 ad bf ac 46 44 9c f0 8b ab 03 e1 15 1b a1 5d ee b4 7c 8a c9 8c aa 05 75 85 6a 3f 3f fa ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAP-FAST: Received Compound MAC - hexdump(len=20): bf bf 8f 05 b7 79 0c f8 ef 62 ac 67 5a 46 a7 84 51 08 91 e0 EAP-FAST: Calculated Compound MAC - hexdump(len=20): 79 77 0e fa 0e 27 f3 88 67 25 3f 1a fe 41 5a fe aa 60 8d 5d EAP-FAST: Compound MAC did not match EAP-FAST: Add Result TLV(status=2) EAP-FAST: Encrypting Phase 2 data - hexdump(len=6): 80 03 00 02 00 02 OpenSSL: TX ver=0x0 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): [REMOVED] SSL: 35 bytes left to be sent out (of total 35 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x14784b8 EAP: EAP entering state SEND_RESPONSE _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
