On Wed, 2011-01-05 at 18:03 +0900, Naoki Hamada wrote: > Hello, guys! > > I copied my WiMAX_DB.bin and WiMAX_Def.bin from Windows XP and decoded > them with iTool > (http://forum.yotatester.ru/showpost.php?p=70773&postcount=1255). > Just placing them as WiMAX_DB.xml and WiMAX_Def.xml in > /var/lib/wimax/, I could begin an EAP-TTLS session with UQ WiMAX, > which still always fails during authentication. > > After slight tackling the trace module told me that wimaxd tries not > MSCHAPV2 but EAP in phase 2. > > There does exist an entry for UQ WiMAX which specifies EAP-TTLS and > MSCHAPV2: > > > <EAP> > > <x1> > > <METHOD_TYPE>EAP_TTLS</METHOD_TYPE> > > <VENDOR_ID>-1</VENDOR_ID> > > <VENDOR_TYPE>-1</VENDOR_TYPE> > > <USER_IDENTITY></USER_IDENTITY> > > > <PROVISIONED_PSEUDO_IDENTITY></PROVISIONED_PSEUDO_IDENTITY> > > <PASSWORD></PASSWORD> > > <REALM>so-net.ne.jp</REALM> > > <USE_PRIVACY>True</USE_PRIVACY> > > <ENCAPS>-1</ENCAPS> > > <VFY_SERVER_REALM>False</VFY_SERVER_REALM> > > <SERVER_REALMS> > > <x1> > > > <SERVER_REALM>uqc.ne.jp</SERVER_REALM> > > </x1> > > <x2> > > > <SERVER_REALM>uqc.ne.jp</SERVER_REALM> > > </x2> > > </SERVER_REALMS> > > <CERT> > > <x1> > > <CERT_TYPE>DEVICE</CERT_TYPE> > > <SER_NUM></SER_NUM> > > <ISSUER></ISSUER> > > </x1> > > <x2> > > <CERT_TYPE>CA</CERT_TYPE> > > <SER_NUM></SER_NUM> > > <ISSUER></ISSUER> > > </x2> > > </CERT> > > </x1> > > <x2> > > <METHOD_TYPE></METHOD_TYPE> > > <VENDOR_ID>24757</VENDOR_ID> > > <VENDOR_TYPE>1</VENDOR_TYPE> > > <USER_IDENTITY>(removed)</USER_IDENTITY> > > > <PROVISIONED_PSEUDO_IDENTITY></PROVISIONED_PSEUDO_IDENTITY> > > <PASSWORD > Encrypted="True">(removed)</PASSWORD> > > <REALM></REALM> > > <USE_PRIVACY>False</USE_PRIVACY> > > <ENCAPS>1</ENCAPS> > > <VFY_SERVER_REALM>False</VFY_SERVER_REALM> > > <SERVER_REALMS></SERVER_REALMS> > > <CERT></CERT> > > </x2> > > </EAP> > > Changing wpa_debug_level in wpa_supplicant_0.7.3/src/utils/wpa_debug.c > from MSG_INFO to MSG_MSGDUMP, the supplicant shows pretty messages: > > ># wimaxd -d -i wmx0 > >Enter Command: > >q - Quit AppSrv > >t - Trace ReInit (ReLoads Registry Values) > >u - uplink(Apdo uplink event > >h - Help > >d - Toggle driver messages to display - debug & internal only > > > > > >AppSrv is ready ! > >Act_FullRestart! > >Act_DriverDeviceStatus - DRIVER_UP > >EAP: EAP entering state IDLE > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Request id=9 method=1 vendor=0 vendorMethod=0 > >EAP: EAP entering state IDENTITY > >CTRL-EVENT-EAP-STARTED EAP authentication started > >EAP: EAP-Request Identity data - hexdump_ascii(len=0): > >EAP: using anonymous identity - hexdump_ascii(len=45): > > 33 44 39 35 44 39 33 37 31 39 44 44 31 44 41 46 > 3D95D93719DD1DAF > > 31 38 33 46 39 37 42 45 32 36 46 32 39 34 31 39 > 183F97BE26F29419 > > 40 73 6f 2d 6e 65 74 2e 6e 65 2e 6a 70 @so-net.ne.jp > >EAP: EAP entering state SEND_RESPONSE > >EAP: EAP entering state IDLE > >Sending EapResponse. Data size: 50 > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Request id=10 method=21 vendor=0 vendorMethod=0 > >EAP: EAP entering state GET_METHOD > >CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 > >EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS) > >EAP-TTLS: Phase2 type: EAP > >TLS: Phase2 EAP types - hexdump(len=72): 00 00 00 00 04 00 00 00 00 > 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 > 00 00 00 00 11 00 00 00 00 00 00 00 2f 00 00 00 00 00 00 00 2e 00 00 > 00 00 00 00 00 30 00 00 00 00 00 00 00 33 00 00 00 > >CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected > >EAP: EAP entering state METHOD > >SSL: Received packet(len=6) - Flags 0x20 > >EAP-TTLS: Start (server ver=0, own ver=0) > >TLS: using phase1 config options > >EAP-TTLS: Start > >SSL: 54 bytes left to be sent out (of total 54 bytes) > >EAP: method process -> ignore=FALSE methodState=MAY_CONT > decision=FAIL > >EAP: EAP entering state SEND_RESPONSE > >EAP: EAP entering state IDLE > >Sending EapResponse. Data size: 60 > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Request id=11 method=21 vendor=0 vendorMethod=0 > >EAP: EAP entering state METHOD > >SSL: Received packet(len=1020) - Flags 0xc0 > >SSL: TLS Message Length: 1915 > >SSL: Need 905 bytes more input data > >SSL: Building ACK (type=21 id=11 ver=0) > >EAP: method process -> ignore=FALSE methodState=MAY_CONT > decision=FAIL > >EAP: EAP entering state SEND_RESPONSE > >EAP: EAP entering state IDLE > >Sending EapResponse. Data size: 6 > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Request id=12 method=21 vendor=0 vendorMethod=0 > >EAP: EAP entering state METHOD > >SSL: Received packet(len=911) - Flags 0x00 > >SSL: 326 bytes left to be sent out (of total 326 bytes) > >EAP: method process -> ignore=FALSE methodState=MAY_CONT > decision=FAIL > >EAP: EAP entering state SEND_RESPONSE > >EAP: EAP entering state IDLE > >Sending EapResponse. Data size: 332 > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Request id=13 method=21 vendor=0 vendorMethod=0 > >EAP: EAP entering state METHOD > >SSL: Received packet(len=69) - Flags 0x80 > >SSL: TLS Message Length: 59 > >SSL: No data to be sent out > >EAP-TTLS: TLS done, proceed to Phase 2 > >EAP-TTLS: Derived key - hexdump(len=64): [REMOVED] > >EAP-TTLS: received 0 bytes encrypted data for Phase 2 > >EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request > Identity > >EAP-TTLS: Phase 2 EAP Request: type=1 > >EAP: using real identity - hexdump_ascii(len=20): > >(removed) > >EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=25): (removed) > >EAP-TTLS: Phase 2 - request OK > >EAP-TTLS: Encrypting Phase 2 data - hexdump(len=36): [REMOVED] > >SSL: 69 bytes left to be sent out (of total 69 bytes) > >EAP: method process -> ignore=FALSE methodState=MAY_CONT > decision=FAIL > >EAP: EAP entering state SEND_RESPONSE > >EAP: EAP entering state IDLE > >Sending EapResponse. Data size: 75 > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Failure > >EAP: EAP entering state FAILURE > >CTRL-EVENT-EAP-FAILURE EAP authentication failed > > If the supplicant is forced to use MSCHAPV2, the messages seem more > reasonable. Comparing USB packets with those generated by Windows > supports this analysis. > > ># wimaxd -d -i wmx0 > >Enter Command: > >q - Quit AppSrv > >t - Trace ReInit (ReLoads Registry Values) > >u - uplink(Apdo uplink event > >h - Help > >d - Toggle driver messages to display - debug & internal only > > > > > >AppSrv is ready ! > >Act_FullRestart! > >Act_DriverDeviceStatus - DRIVER_UP > >EAP: EAP entering state IDLE > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Request id=244 method=1 vendor=0 vendorMethod=0 > >EAP: EAP entering state IDENTITY > >CTRL-EVENT-EAP-STARTED EAP authentication started > >EAP: EAP-Request Identity data - hexdump_ascii(len=0): > >EAP: using anonymous identity - hexdump_ascii(len=45): > > 36 38 38 39 36 37 38 45 31 31 42 46 43 36 46 32 > 6889678E11BFC6F2 > > 34 35 38 30 33 39 34 30 34 34 31 33 43 31 31 39 > 458039404413C119 > > 40 73 6f 2d 6e 65 74 2e 6e 65 2e 6a 70 @so-net.ne.jp > >EAP: EAP entering state SEND_RESPONSE > >EAP: EAP entering state IDLE > >Sending EapResponse. Data size: 50 > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Request id=245 method=21 vendor=0 vendorMethod=0 > >EAP: EAP entering state GET_METHOD > >CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 > >EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS) > >EAP-TTLS: Phase2 type: MSCHAPV2 > >CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected > >EAP: EAP entering state METHOD > >SSL: Received packet(len=6) - Flags 0x20 > >EAP-TTLS: Start (server ver=0, own ver=0) > >TLS: using phase1 config options > >EAP-TTLS: Start > >SSL: 54 bytes left to be sent out (of total 54 bytes) > >EAP: method process -> ignore=FALSE methodState=MAY_CONT > decision=FAIL > >EAP: EAP entering state SEND_RESPONSE > >EAP: EAP entering state IDLE > >Sending EapResponse. Data size: 60 > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Request id=246 method=21 vendor=0 vendorMethod=0 > >EAP: EAP entering state METHOD > >SSL: Received packet(len=1020) - Flags 0xc0 > >SSL: TLS Message Length: 1915 > >SSL: Need 905 bytes more input data > >SSL: Building ACK (type=21 id=246 ver=0) > >EAP: method process -> ignore=FALSE methodState=MAY_CONT > decision=FAIL > >EAP: EAP entering state SEND_RESPONSE > >EAP: EAP entering state IDLE > >Sending EapResponse. Data size: 6 > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Request id=247 method=21 vendor=0 vendorMethod=0 > >EAP: EAP entering state METHOD > >SSL: Received packet(len=911) - Flags 0x00 > >SSL: 326 bytes left to be sent out (of total 326 bytes) > >EAP: method process -> ignore=FALSE methodState=MAY_CONT > decision=FAIL > >EAP: EAP entering state SEND_RESPONSE > >EAP: EAP entering state IDLE > >Sending EapResponse. Data size: 332 > >EAP: EAP entering state RECEIVED > >EAP: Received EAP-Request id=248 method=21 vendor=0 vendorMethod=0 > >EAP: EAP entering state METHOD > >SSL: Received packet(len=69) - Flags 0x80 > >SSL: TLS Message Length: 59 > >SSL: No data to be sent out > >EAP-TTLS: TLS done, proceed to Phase 2 > >EAP-TTLS: Derived key - hexdump(len=64): [REMOVED] > >EAP-TTLS: received 0 bytes encrypted data for Phase 2 > >EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request > Identity > >EAP-TTLS: Phase 2 MSCHAPV2 Request > >MSCHAPV2: Identity - hexdump_ascii(len=20): > >(removed) > >MSCHAPV2: Username - hexdump_ascii(len=20): > >(removed) > >MSCHAPV2: auth_challenge - hexdump(len=16): 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 > >MSCHAPV2: peer_challenge - hexdump(len=16): 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 > >MSCHAPV2: username - hexdump_ascii(len=20): > >(removed) > >MSCHAPV2: password - hexdump_ascii(len=5): [REMOVED] > >MSCHAPV2: NT Response - hexdump(len=24): 7b cf 98 b6 28 77 56 56 15 > 20 ad 57 8b df f7 4c 99 80 4d 93 cf 1c 3f ee > >MSCHAPV2: Auth Response - hexdump(len=20): 7a 81 a2 8a d1 12 9b 3b 45 > ef aa ed 7e 18 3f 64 51 cf de 86 > >MSCHAPV2: Master Key - hexdump(len=16): [REMOVED] > >EAP-TTLS/MSCHAPV2: Derived response > >*** glibc detected *** wimaxd: free(): invalid next size (fast): > 0x09896278 *** > > At last, wimaxd suddenly aborts. This is another problem, which should > be left for further enjoyment, I suppose. > > Am I proceeding toward right direction? I am a bit tired of swimming > in > the sea of cryptic L4, L5, NDnS and so on. I want some encouraging > comment before I get totally drowned. You might want to run wimaxd under valgrind just for kicks, to see where the double-free comes from. You'll get a *lot* of valgrind messages that (while valid) you can ignore for now, but you should get some more insight into the crash. Would be interesting to know what the problem is in wimaxd. If the crash gets fixed, you might get further and thus figure out the next step. Dan
