EAP-SIM works in simulation mode but does not work with real SIM card

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I am testing the EAP-SIM authentication method using hostapd and
eapol_test program. I have written the Ki and OPc values on the SIM
and used the following configuration to run the test scenario:

# wpa_supplicant.conf
network={
        key_mgmt=WPA-EAP
        eap=SIM
        identity="1001010000000003"
        password="11111111111111111111111111111111:11111111111111111111111111111111"
#       pcsc=""
#       pin="1234"
}

The above configuration works fine when using the simulator mode of
eapol_test, but it does not work when commenting identity and password
and uncommenting pcsc and pin, even though I write the same values as
Ki and OPc to the SIM. I should note that the error reported by
eapol_test is: "EAP-SIM: Challenge message used invalid AT_MAC". Do
you have any suggestions?

P.S: The eapol_test logs and the corresponding pcap attached.

Reading configuration file 'mcifi.conf'
Line: 3 - start of a new network block
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00
pcsc - hexdump_ascii(len=0):
pin - hexdump_ascii(len=4):
     31 32 33 34                                       1234            
Priority group 0
   id=0 ssid=''
Authentication server 127.0.0.1:1812
RADIUS local address: 127.0.0.1:36876
Selected network is configured to use SIM (sim=1 aka=0) - initialize PCSC
SCARD: initializing smart card interface
SCARD: Readers - hexdump_ascii(len=43):
     41 43 53 20 41 43 52 33 38 55 2d 53 41 4d 20 30   ACS ACR38U-SAM 0
     30 20 30 30 00 41 43 53 20 41 43 52 33 38 55 2d   0 00_ACS ACR38U-
     53 41 4d 20 30 30 20 30 31 00 00                  SAM 00 01__     
SCARD: Selected reader='ACS ACR38U-SAM 00 00'
SCARD: card=0x20cceef1 active_protocol=1 (T0)
SCARD: verifying USIM support
SCARD: select file 3f00
SCARD: scard_transmit: send - hexdump(len=7): 00 a4 00 04 02 3f 00
SCARD: scard_transmit: recv - hexdump(len=2): 61 1f
SCARD: trying to get response (31 bytes)
SCARD: scard_transmit: send - hexdump(len=5): 00 c0 00 00 1f
SCARD: scard_transmit: recv - hexdump(len=33): 62 1d 82 02 78 21 83 02 3f 00 a5 03 80 01 71 8a 01 05 8b 03 2f 06 01 c6 06 90 01 00 83 01 01 90 00
SCARD: USIM is supported
SCARD: select file 2f00
SCARD: scard_transmit: send - hexdump(len=7): 00 a4 00 04 02 2f 00
SCARD: scard_transmit: recv - hexdump(len=2): 61 21
SCARD: trying to get response (33 bytes)
SCARD: scard_transmit: send - hexdump(len=5): 00 c0 00 00 21
SCARD: scard_transmit: recv - hexdump(len=35): 62 1f 82 05 42 21 00 26 01 83 02 2f 00 a5 03 80 01 71 8a 01 05 8b 03 2f 06 01 80 02 00 26 88 01 f0 90 00
SCARD: EF_DIR select - hexdump(len=33): 62 1f 82 05 42 21 00 26 01 83 02 2f 00 a5 03 80 01 71 8a 01 05 8b 03 2f 06 01 80 02 00 26 88 01 f0
SCARD: scard_transmit: send - hexdump(len=5): 00 b2 01 04 ff
SCARD: scard_transmit: recv - hexdump(len=2): 6c 26
SCARD: file length determination response - hexdump(len=2): 6c 26
SCARD: scard_transmit: send - hexdump(len=5): 00 b2 01 04 26
SCARD: scard_transmit: recv - hexdump(len=40): 61 1d 4f 10 a0 00 00 00 87 10 02 ff 86 ff ff 89 ff ff ff ff 50 09 55 6e 69 76 65 72 53 49 4d ff 20 20 20 20 20 20 90 00
SCARD: EF_DIR record - hexdump(len=38): 61 1d 4f 10 a0 00 00 00 87 10 02 ff 86 ff ff 89 ff ff ff ff 50 09 55 6e 69 76 65 72 53 49 4d ff 20 20 20 20 20 20
SCARD: AID from EF_DIR record - hexdump(len=16): a0 00 00 00 87 10 02 ff 86 ff ff 89 ff ff ff ff
SCARD: 3G USIM app found from EF_DIR record 1
SCARD: 3G USIM AID - hexdump(len=16): a0 00 00 00 87 10 02 ff 86 ff ff 89 ff ff ff ff
SCARD: select file 0000
SCARD: select file by AID - hexdump(len=16): a0 00 00 00 87 10 02 ff 86 ff ff 89 ff ff ff ff
SCARD: scard_transmit: send - hexdump(len=21): 00 a4 04 04 10 a0 00 00 00 87 10 02 ff 86 ff ff 89 ff ff ff ff
SCARD: scard_transmit: recv - hexdump(len=2): 61 34
SCARD: trying to get response (52 bytes)
SCARD: scard_transmit: send - hexdump(len=5): 00 c0 00 00 34
SCARD: scard_transmit: recv - hexdump(len=54): 62 32 82 02 78 21 83 02 7f f0 84 10 a0 00 00 00 87 10 02 ff 86 ff ff 89 ff ff ff ff a5 03 80 01 71 8a 01 05 8b 03 2f 06 01 c6 09 90 01 40 83 01 01 83 01 81 90 00
SCARD: file header FSP template - hexdump(len=50): 82 02 78 21 83 02 7f f0 84 10 a0 00 00 00 87 10 02 ff 86 ff ff 89 ff ff ff ff a5 03 80 01 71 8a 01 05 8b 03 2f 06 01 c6 09 90 01 40 83 01 01 83 01 81
SCARD: file header TLV 0x82 len=2
SCARD: File Descriptor TLV - hexdump(len=2): 78 21
SCARD: file header TLV 0x83 len=2
SCARD: File Identifier TLV - hexdump(len=2): 7f f0
SCARD: file header TLV 0x84 len=16
SCARD: DF name (AID) TLV - hexdump(len=16): a0 00 00 00 87 10 02 ff 86 ff ff 89 ff ff ff ff
SCARD: file header TLV 0xa5 len=3
SCARD: Proprietary information TLV - hexdump(len=3): 80 01 71
SCARD: file header TLV 0x8a len=1
SCARD: Life Cycle Status Integer TLV - hexdump(len=1): 05
SCARD: file header TLV 0x8b len=3
SCARD: Security attribute TLV - hexdump(len=3): 2f 06 01
SCARD: file header TLV 0xc6 len=9
SCARD: PIN Status Template DO TLV - hexdump(len=9): 90 01 40 83 01 01 83 01 81
SCARD: PS_DO=0x40
ENGINE: Loading builtin engines
ENGINE: Loading builtin engines
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=140 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=0): [NULL]
SCARD: reading IMSI from (GSM) EF-IMSI
SCARD: select file 6f07
SCARD: scard_transmit: send - hexdump(len=7): 00 a4 00 04 02 6f 07
SCARD: scard_transmit: recv - hexdump(len=2): 61 1e
SCARD: trying to get response (30 bytes)
SCARD: scard_transmit: send - hexdump(len=5): 00 c0 00 00 1e
SCARD: scard_transmit: recv - hexdump(len=32): 62 1c 82 02 41 21 83 02 6f 07 a5 03 80 01 71 8a 01 05 8b 03 6f 06 02 80 02 00 09 88 01 38 90 00
SCARD: file header FSP template - hexdump(len=28): 82 02 41 21 83 02 6f 07 a5 03 80 01 71 8a 01 05 8b 03 6f 06 02 80 02 00 09 88 01 38
SCARD: file header TLV 0x82 len=2
SCARD: File Descriptor TLV - hexdump(len=2): 41 21
SCARD: file header TLV 0x83 len=2
SCARD: File Identifier TLV - hexdump(len=2): 6f 07
SCARD: file header TLV 0xa5 len=3
SCARD: Proprietary information TLV - hexdump(len=3): 80 01 71
SCARD: file header TLV 0x8a len=1
SCARD: Life Cycle Status Integer TLV - hexdump(len=1): 05
SCARD: file header TLV 0x8b len=3
SCARD: Security attribute TLV - hexdump(len=3): 6f 06 02
SCARD: file header TLV 0x80 len=2
SCARD: File size TLV - hexdump(len=2): 00 09
SCARD: file_size=9
SCARD: file header TLV 0x88 len=1
SCARD: Short File Identifier (SFI) TLV - hexdump(len=1): 38
SCARD: IMSI file length=9 imsilen=15
SCARD: scard_transmit: send - hexdump(len=5): 00 b0 00 00 09
SCARD: scard_transmit: recv - hexdump(len=11): 10 09 10 10 00 00 00 00 30 90 00
IMSI - hexdump_ascii(len=15):
     30 30 31 30 31 30 30 30 30 30 30 30 30 30 33      001010000000003 
SCARD: reading MNC len from (GSM) EF-AD
SCARD: select file 6fad
SCARD: scard_transmit: send - hexdump(len=7): 00 a4 00 04 02 6f ad
SCARD: scard_transmit: recv - hexdump(len=2): 61 1e
SCARD: trying to get response (30 bytes)
SCARD: scard_transmit: send - hexdump(len=5): 00 c0 00 00 1e
SCARD: scard_transmit: recv - hexdump(len=32): 62 1c 82 02 41 21 83 02 6f ad a5 03 80 01 71 8a 01 05 8b 03 6f 06 01 80 02 00 04 88 01 18 90 00
SCARD: file header FSP template - hexdump(len=28): 82 02 41 21 83 02 6f ad a5 03 80 01 71 8a 01 05 8b 03 6f 06 01 80 02 00 04 88 01 18
SCARD: file header TLV 0x82 len=2
SCARD: File Descriptor TLV - hexdump(len=2): 41 21
SCARD: file header TLV 0x83 len=2
SCARD: File Identifier TLV - hexdump(len=2): 6f ad
SCARD: file header TLV 0xa5 len=3
SCARD: Proprietary information TLV - hexdump(len=3): 80 01 71
SCARD: file header TLV 0x8a len=1
SCARD: Life Cycle Status Integer TLV - hexdump(len=1): 05
SCARD: file header TLV 0x8b len=3
SCARD: Security attribute TLV - hexdump(len=3): 6f 06 01
SCARD: file header TLV 0x80 len=2
SCARD: File size TLV - hexdump(len=2): 00 04
SCARD: file_size=4
SCARD: file header TLV 0x88 len=1
SCARD: Short File Identifier (SFI) TLV - hexdump(len=1): 18
SCARD: scard_transmit: send - hexdump(len=5): 00 b0 00 00 04
SCARD: scard_transmit: recv - hexdump(len=6): 00 00 00 02 90 00
SCARD: MNC length=2
IMSI + realm - hexdump_ascii(len=50):
     30 30 31 30 31 30 30 30 30 30 30 30 30 30 33 40   001010000000003@
     77 6c 61 6e 2e 6d 6e 63 30 30 31 2e 6d 63 63 30   wlan.mnc001.mcc0
     30 31 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f   01.3gppnetwork.o
     72 67                                             rg              
permanent identity from IMSI - hexdump_ascii(len=51):
     31 30 30 31 30 31 30 30 30 30 30 30 30 30 30 33   1001010000000003
     40 77 6c 61 6e 2e 6d 6e 63 30 30 31 2e 6d 63 63   @wlan.mnc001.mcc
     30 30 31 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e   001.3gppnetwork.
     6f 72 67                                          org             
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=56)
TX EAP -> RADIUS - hexdump(len=56): 02 8c 00 38 01 31 30 30 31 30 31 30 30 30 30 30 30 30 30 30 33 40 77 6c 61 6e 2e 6d 6e 63 30 30 31 2e 6d 63 63 30 30 31 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=51): 31 30 30 31 30 31 30 30 30 30 30 30 30 30 30 33 40 77 6c 61 6e 2e 6d 6e 63 30 30 31 2e 6d 63 63 30 30 31 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=216
   Attribute 1 (User-Name) length=53
      Value: '1001010000000003@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 6 (Service-Type) length=6
      Value: 2
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=58
      Value: 028c0038013130303130313030303030303030303340776c616e2e6d6e633030312e6d63633030312e336770706e6574776f726b2e6f7267
   Attribute 80 (Message-Authenticator) length=18
      Value: 0881c2aa6339069e656b6673b683a5b3
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 66 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=66
   Attribute 24 (State) length=6
      Value: 00000018
   Attribute 79 (EAP-Message) length=22
      Value: 018d0014120a00000d0100000f02000200010000
   Attribute 80 (Message-Authenticator) length=18
      Value: 0fc1afd30be99ae5283d047531abff49
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=141 len=20) from RADIUS server: EAP-Request-SIM (18)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=141 method=18 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=18
EAP: Status notification: accept proposed method (param=SIM)
EAP: Initialize selected EAP method: vendor 0 method 18 (SIM)
Get randomness: len=16 entropy=0
random from os_get_random - hexdump(len=16): 0d 2b fe a4 ef c6 22 71 1f 0c 20 63 28 29 fc 61
random_mix_pool - hexdump(len=20): 0d b9 b1 bf 70 7c bd fa 8b 8c 0a 46 d8 96 87 a4 8e 89 0d 7d
random from internal pool - hexdump(len=16): 52 c7 66 0a bf 85 ed d3 d8 c1 5b 8c 5d 36 f0 8e
mixed random - hexdump(len=16): 5f ec 98 ae 50 43 cf a2 c7 cd 7b ef 75 1f 0c ef
EAP-SIM: CONTINUE -> CONTINUE
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 18 (SIM) selected
EAP: EAP entering state METHOD
EAP-SIM: EAP data - hexdump(len=20): 01 8d 00 14 12 0a 00 00 0d 01 00 00 0f 02 00 02 00 01 00 00
EAP-SIM: Subtype=10
EAP-SIM: Attribute: Type=13 Len=4
EAP-SIM: Attribute data - hexdump(len=2): 00 00
EAP-SIM: AT_ANY_ID_REQ
EAP-SIM: Attribute: Type=15 Len=8
EAP-SIM: Attribute data - hexdump(len=6): 00 02 00 01 00 00
EAP-SIM: AT_VERSION_LIST
EAP-SIM: Attributes parsed successfully (aka=0 encr=0)
EAP-SIM: subtype Start
EAP-SIM: Selected Version 1
Generating EAP-SIM Start (id=141)
   AT_IDENTITY - hexdump_ascii(len=51):
     31 30 30 31 30 31 30 30 30 30 30 30 30 30 30 33   1001010000000003
     40 77 6c 61 6e 2e 6d 6e 63 30 30 31 2e 6d 63 63   @wlan.mnc001.mcc
     30 30 31 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e   001.3gppnetwork.
     6f 72 67                                          org             
   AT_NONCE_MT - hexdump(len=16): 5f ec 98 ae 50 43 cf a2 c7 cd 7b ef 75 1f 0c ef
   AT_SELECTED_VERSION 1
EAP-SIM: CONTINUE -> START_DONE
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x556b76247080
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=88)
TX EAP -> RADIUS - hexdump(len=88): 02 8d 00 58 12 0a 00 00 0e 0e 00 33 31 30 30 31 30 31 30 30 30 30 30 30 30 30 30 33 40 77 6c 61 6e 2e 6d 6e 63 30 30 31 2e 6d 63 63 30 30 31 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67 00 07 05 00 00 5f ec 98 ae 50 43 cf a2 c7 cd 7b ef 75 1f 0c ef 10 01 00 01
Encapsulating EAP message into a RADIUS packet
  Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=254
   Attribute 1 (User-Name) length=53
      Value: '1001010000000003@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 6 (Service-Type) length=6
      Value: 2
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=90
      Value: 028d0058120a00000e0e00333130303130313030303030303030303340776c616e2e6d6e633030312e6d63633030312e336770706e6574776f726b2e6f726700070500005fec98ae5043cfa2c7cd7bef751f0cef10010001
   Attribute 24 (State) length=6
      Value: 00000018
   Attribute 80 (Message-Authenticator) length=18
      Value: 0a2e9d7fbcc39981fea34e3ba51d4f4a
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 126 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=126
   Attribute 24 (State) length=6
      Value: 00000018
   Attribute 79 (EAP-Message) length=82
      Value: 018e0050120b0000010d00007137a728977ce4e05c5601f18e1333bcd23b8281907f5bed084e6fd2db0e17fb2faeb0402e97586cde32166f5634d4000b050000cb75e2e4b47747467e1e34e91874288d
   Attribute 80 (Message-Authenticator) length=18
      Value: d6be210cad564a43bbc5178aa2786279
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=142 len=80) from RADIUS server: EAP-Request-SIM (18)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=142 method=18 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
EAP-SIM: EAP data - hexdump(len=80): 01 8e 00 50 12 0b 00 00 01 0d 00 00 71 37 a7 28 97 7c e4 e0 5c 56 01 f1 8e 13 33 bc d2 3b 82 81 90 7f 5b ed 08 4e 6f d2 db 0e 17 fb 2f ae b0 40 2e 97 58 6c de 32 16 6f 56 34 d4 00 0b 05 00 00 cb 75 e2 e4 b4 77 47 46 7e 1e 34 e9 18 74 28 8d
EAP-SIM: Subtype=11
EAP-SIM: Attribute: Type=1 Len=52
EAP-SIM: Attribute data - hexdump(len=50): 00 00 71 37 a7 28 97 7c e4 e0 5c 56 01 f1 8e 13 33 bc d2 3b 82 81 90 7f 5b ed 08 4e 6f d2 db 0e 17 fb 2f ae b0 40 2e 97 58 6c de 32 16 6f 56 34 d4 00
EAP-SIM: AT_RAND
EAP-SIM: Attribute: Type=11 Len=20
EAP-SIM: Attribute data - hexdump(len=18): 00 00 cb 75 e2 e4 b4 77 47 46 7e 1e 34 e9 18 74 28 8d
EAP-SIM: AT_MAC
EAP-SIM: Attributes parsed successfully (aka=0 encr=0)
EAP-SIM: subtype Challenge
EAP-SIM: 3 challenges
EAP-SIM: GSM authentication algorithm
SCARD: GSM auth - RAND - hexdump(len=16): 71 37 a7 28 97 7c e4 e0 5c 56 01 f1 8e 13 33 bc
SCARD: scard_transmit: send - hexdump(len=22): 00 88 00 80 11 10 71 37 a7 28 97 7c e4 e0 5c 56 01 f1 8e 13 33 bc
SCARD: scard_transmit: recv - hexdump(len=2): 61 0e
SCARD: scard_transmit: send - hexdump(len=5): 00 c0 00 00 0e
SCARD: scard_transmit: recv - hexdump(len=16): 04 2b 32 c0 a4 08 9c 53 88 18 df 47 b4 5c 90 00
SCARD: GSM auth - SRES - hexdump(len=4): 2b 32 c0 a4
SCARD: GSM auth - Kc - hexdump(len=8): 9c 53 88 18 df 47 b4 5c
SCARD: GSM auth - RAND - hexdump(len=16): d2 3b 82 81 90 7f 5b ed 08 4e 6f d2 db 0e 17 fb
SCARD: scard_transmit: send - hexdump(len=22): 00 88 00 80 11 10 d2 3b 82 81 90 7f 5b ed 08 4e 6f d2 db 0e 17 fb
SCARD: scard_transmit: recv - hexdump(len=2): 61 0e
SCARD: scard_transmit: send - hexdump(len=5): 00 c0 00 00 0e
SCARD: scard_transmit: recv - hexdump(len=16): 04 8b db e1 a7 08 ad 97 9a f7 81 bf 85 91 90 00
SCARD: GSM auth - SRES - hexdump(len=4): 8b db e1 a7
SCARD: GSM auth - Kc - hexdump(len=8): ad 97 9a f7 81 bf 85 91
SCARD: GSM auth - RAND - hexdump(len=16): 2f ae b0 40 2e 97 58 6c de 32 16 6f 56 34 d4 00
SCARD: scard_transmit: send - hexdump(len=22): 00 88 00 80 11 10 2f ae b0 40 2e 97 58 6c de 32 16 6f 56 34 d4 00
SCARD: scard_transmit: recv - hexdump(len=2): 61 0e
SCARD: scard_transmit: send - hexdump(len=5): 00 c0 00 00 0e
SCARD: scard_transmit: recv - hexdump(len=16): 04 b6 4c aa 09 08 64 32 10 c1 ba e7 79 cc 90 00
SCARD: GSM auth - SRES - hexdump(len=4): b6 4c aa 09
SCARD: GSM auth - Kc - hexdump(len=8): 64 32 10 c1 ba e7 79 cc
EAP-SIM: Selected identity for MK derivation - hexdump_ascii(len=51):
     31 30 30 31 30 31 30 30 30 30 30 30 30 30 30 33   1001010000000003
     40 77 6c 61 6e 2e 6d 6e 63 30 30 31 2e 6d 63 63   @wlan.mnc001.mcc
     30 30 31 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e   001.3gppnetwork.
     6f 72 67                                          org             
EAP-SIM: MK - hexdump(len=20): df cc f0 2a 5c 83 b8 2d 3f 4b 60 e9 b1 2b d6 be bd 88 a0 45
EAP-SIM: K_encr - hexdump(len=16): 84 aa d2 cb 1e 85 4b ad a5 d1 ea 8a 12 af 42 1e
EAP-SIM: K_aut - hexdump(len=16): c7 11 ba cd bf 03 13 7d 8b 4d 02 ac e6 4c 44 72
EAP-SIM: keying material (MSK) - hexdump(len=64): 7f 04 df 9b fe 64 70 c6 b9 bc 3b d5 31 6f b9 82 4f 5e 57 77 89 9b 14 0f 4e 6e b7 99 58 68 00 18 69 9b 36 30 7e fa fd 48 e3 74 01 fd 43 10 f2 c3 45 e4 c6 62 c8 3a c9 5b 68 cb a3 4e b9 6a a7 f4
EAP-SIM: EMSK - hexdump(len=64): 47 49 6c 7b 6b 75 2b 4e 22 30 46 a8 e9 6f 52 84 9f c1 72 11 75 e8 39 00 77 50 fa be 74 15 c6 78 c5 d9 cd e2 3f 9f 10 55 cc a3 32 b0 f0 5e 81 ba 74 01 37 eb 8c 53 ef e6 72 4d 81 9a bb 74 81 11
EAP-SIM: Verify MAC - msg - hexdump(len=80): 01 8e 00 50 12 0b 00 00 01 0d 00 00 71 37 a7 28 97 7c e4 e0 5c 56 01 f1 8e 13 33 bc d2 3b 82 81 90 7f 5b ed 08 4e 6f d2 db 0e 17 fb 2f ae b0 40 2e 97 58 6c de 32 16 6f 56 34 d4 00 0b 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAP-SIM: Verify MAC - extra data - hexdump(len=16): 5f ec 98 ae 50 43 cf a2 c7 cd 7b ef 75 1f 0c ef
EAP-SIM: Verify MAC - K_aut - hexdump(len=16): c7 11 ba cd bf 03 13 7d 8b 4d 02 ac e6 4c 44 72
EAP-SIM: Verify MAC: MAC - hexdump(len=16): 0c 33 eb c8 05 f9 7d 3f dc 1e b0 11 db 04 1c ab
EAP-SIM: Challenge message used invalid AT_MAC
EAP-SIM: START_DONE -> FAILURE
EAP-SIM: Send Client-Error (error code 0)
EAP: method process -> ignore=FALSE methodState=DONE decision=FAIL eapRespData=0x556b76246690
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=12)
TX EAP -> RADIUS - hexdump(len=12): 02 8e 00 0c 12 0e 00 00 16 01 00 00
Encapsulating EAP message into a RADIUS packet
  Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=178
   Attribute 1 (User-Name) length=53
      Value: '1001010000000003@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 6 (Service-Type) length=6
      Value: 2
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=14
      Value: 028e000c120e000016010000
   Attribute 24 (State) length=6
      Value: 00000018
   Attribute 80 (Message-Authenticator) length=18
      Value: 3f9d961365eec22613023797c7cd4e0d
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 50 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=2 length=50
   Attribute 79 (EAP-Message) length=6
      Value: 048e0004
   Attribute 185 (WLAN-Reason-Code) length=6
      Value: 23
   Attribute 80 (Message-Authenticator) length=18
      Value: 79db0b7f762a10825cd65f399cc84ba8
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=4 id=142 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Status notification: completion (param=failure)
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=0
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (18, SIM) at EAP deinit
SCARD: deinitializing smart card interface
MPPE keys OK: 0  mismatch: 0
FAILURE

Attachment: eap_pcsc_failed.pcapng
Description: application/pcapng

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux