Hi Emu,
FYI...
Size of the log message exceeds limit of 40K. Hence, sending the logs
in next 4 different mails.
Sorry for inconvenience caused.
Regards
Yogendra Pal
---------- Forwarded message ----------
From: yogendra pal <jntu...@gmail.com>
Date: Sat, Dec 20, 2008 at 6:05 PM
Subject: Re: [Emu] Suggestion: draft-arkko-eap-aka-kdf-09
To: Jari Arkko <jari.ar...@piuha.net>
Cc: Jouni Malinen <j...@w1.fi>, Russ Housley <hous...@vigilsec.com>,
emu@ietf.org
Hi Jari and Jouni,
In order to test the test vectors provided by Jouni I have implemented the
Full Authentication process of draft-arkko-eap-aka-kdf-10.txt and tested
Full Authentication part of the test vectors. Moreover, I have attached the
logs generated from the freeradius1.1.4 side while testing test vectors.
Name of the log files are in following format:<Identity_networkname.log>
For example: 0232010000000000_HRPD.log,
0232010000000000_WLAN.log
I have tested your test vectors with Access network identity as:
a) "WLAN"
b) "HRPD"
Refer the logs of the freeradius for more details. However, details of the keys
generated in the peer side is given below:
Case-1: Identity: "0232010000000000" and
Access network identity as "WLAN"
RAND=93919412b4f77039967312e67c8fa082
AUTN=b475f7abb53e61dfde33aa7e70a35faf
IK=e0f3d116c8e47b7304aaa43847f240ad
CK=0f894edd1b37b9f7fd52dbd1ac97986a
RES=f28f28e92bd22166
Based on the 33402_CR0033_(Rel-8)_S3-081100 revised
S3-081071 PCR 33402 Annex A KDF.doc
CK' generated as:
00000000: 6836 dd1e ddcc 8abd 29ce 2e66 4753 ed77 h6......)..fGS.w
IK' generated as:
00000000: 1810 5327 f8a5 c98b dc10 360d c8cc ef5b ..S'......6....[
MK = PRF'(IK'|CK',"EAP-AKA'"|Identity) generated and the
keys are as follows:
K_encr:
00000000: 12c6 6e38 1183 69dc 388c 08c9 d8af 2f73 ..n8..i.8...../s
K_aut:
00000000: 53fc ca89 940b 9a88 02e1 9bde 730c c449 S...........s..I
00000010: 7d21 a207 0ca1 40b4 fe0f 0189 61b4 8337 }!....@.....a..7
K_re:
00000000: e5cf eb09 ad34 f0b4 7c4c 880d fd49 58bd .....4..|L...IX.
00000010: 0a1d 71aa 6bbb b82c 319b 9e91 ddb8 6761 ..q.k..,1.....ga
MSK:
00000000: 9085 aad9 74d3 323a 96fa 68c0 db54 afdc ....t.2:..h..T..
00000010: 5387 44f2 6f8c 3386 9199 d1e0 9bf0 81ed S.D.o.3.........
00000020: 0d85 bdd4 b813 6cff 0f59 ce83 8405 8721 ......l..Y.....!
00000030: 1d59 88a6 9a60 b332 3e2b c8ec c466 78e1 .Y...`.2>+...fx.
EMSK:
00000000: 439a 9fb8 300f 3362 8882 f9d0 ca10 1d34 C...0.3b.......4
00000010: b0c1 ffb7 806c 597e a37a c0f9 49ef a59e .....lY~.z..I...
00000020: 2b10 e4b6 2638 93f9 8249 ffcd caef 12ed +...&8...I......
00000030: 4b6e 24a4 98d0 19a5 bb4b 9e54 f898 9e37 Kn$......K.T...7
Case-2: Identity: "0232010000000000" and
Access network identity as "HRPD"
RAND=93919412b4f77039967312e67c8fa082
AUTN=b475f7abb53e61dfde33aa7e70a35faf
IK=e0f3d116c8e47b7304aaa43847f240ad
CK=0f894edd1b37b9f7fd52dbd1ac97986a
RES=f28f28e92bd22166
Based on the 33402_CR0033_(Rel-8)_S3-081100 revised
S3-081071 PCR 33402 Annex A KDF.doc
CK' generated as:
00000000: 6d10 1bc4 6c6d 0032 9dcb d245 a191 1acb m...lm.2...E....
IK' generated as:
00000000: 8753 eb55 2b22 d6d5 bd30 08c8 eaf8 b4a2 .S.U+"...0......
MK = PRF'(IK'|CK',"EAP-AKA'"|Identity) generated and the
keys are as follows:
K_encr:
00000000: 1c13 122e c517 2614 867f 6ff0 f45a a7b4 ......&...o..Z..
K_aut:
00000000: ed57 9074 0d6e 1a69 953f 3117 3523 d07b .W.t.n.i.?1.5#.{
00000010: 044a 5c31 70a1 a5d0 37d5 b2da 48ea 52f9 .J\1p...7...H.R.
K_re:
00000000: 590a e44d 52ac 6b32 1f53 7b97 a348 65f3 Y..MR.k2.S{..He.
00000010: 52d7 59ec 1737 d7e5 76a3 ee88 33e7 a66c R.Y..7..v...3..l
MSK:
00000000: b3b4 1981 6a68 21e6 b1a6 e4af 4e2d 49d2 ....jh!.....N-I.
00000010: aef2 8602 77f9 d025 c327 eda4 fc8d d9b2 ....w..%.'......
00000020: f054 8158 0705 605f e811 f7cd 86e5 c7fd .T.X..`_........
00000030: 2dd0 fea2 47ac 7323 f572 9be8 5261 8bd9 -...G.s#.r..Ra..
EMSK:
00000000: 89fd c2eb a353 47e2 56ca 3a15 4677 f24c .....SG.V.:.Fw.L
00000010: cd16 7752 e1d1 d060 355d dc97 bdef 7892 ..wR...`5]....x.
00000020: 6a79 0b02 0243 9978 6da1 41a8 afd0 970a jy...C.xm.A.....
00000030: aa2d 46d3 2208 6818 6406 4f82 cdce d88b .-F.".h.d.O.....
I have found another set of test vectors which can also be
incorporated in the draft of
draft-arkko-eap-aka-kdf-10.txt. See below:
Case-3: Identity: "0555444333222111" and
Access network identity as "WLAN"
RAND=0xe0e0e0e0e0e0e0e0e0e0e0e0e0e0e0e0
AUTN=0xa0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0
IK=0xb0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0
CK=0xc0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0
RES=0xd0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0
Based on the 33402_CR0033_(Rel-8)_S3-081100 revised
S3-081071 PCR 33402 Annex A KDF.doc
CK' generated as:
00000000: cd4c 8e5c 68f5 7dd1 d7d7 dfd0 c538 e577 .L.\h.}......8.w
IK' generated as:
00000000: 3ece 6b70 5dbb f7df c459 a112 80c6 5524 >.kp]....Y....U$
MK = PRF'(IK'|CK',"EAP-AKA'"|Identity) generated and the
keys are as follows:
K_encr:
00000000: 897d 302f a284 7416 488c 28e2 0dcb 7be4 .}0/..t.H.(...{.
K_aut:
00000000: c407 00e7 7224 83ae 3dc7 139e b0b8 8bb5 ....r$..=.......
00000010: 58cb 3081 eccd 057f 9207 d128 6ee7 dd53 X.0........(n..S
K_re:
00000000: 0a59 1a22 dd8b 5b1c f29e 3d50 8c91 dbbd .Y."..[...=P....
00000010: b4ae e230 5189 2c42 b6a2 de66 ea50 4473 ...0Q.,B...f.PDs
MSK:
00000000: 9f7d ca9e 37bb 2202 9ed9 86e7 cd09 d4a7 .}..7.".........
00000010: 0d1a c76d 9553 5c5c ac40 a750 4699 bb89 ...m.s...@.pf...
00000020: 61a2 9ef6 f3e9 0f18 3de5 861a d1be dc81 a.......=.......
00000030: ce99 1639 1b40 1aa0 06c9 8785 a575 6df7 .....@.......um.
EMSK:
00000000: 724d e00b db9e 5681 87be 3fe7 4611 4557 rM....V...?.F.EW
00000010: d501 8779 537e e37f 4d3c 6c73 8cb9 7b9d ...yS~..M<ls..{.
00000020: c651 bc19 bfad c344 ffe2 b52c a78b d831 .Q.....D...,...1
00000030: 6b51 dacc 5f2b 1440 cb95 1552 1cc7 ba23 kq.....@...r...#
Case-4: Identity: "0555444333222111" and
Access network identity as "HRPD"
RAND=0xe0e0e0e0e0e0e0e0e0e0e0e0e0e0e0e0
AUTN=0xa0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0
IK=0xb0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0
CK=0xc0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0
RES=0xd0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0
Based on the 33402_CR0033_(Rel-8)_S3-081100 revised
S3-081071 PCR 33402 Annex A KDF.doc
CK' generated as:
00000000: 8310 a71c e6f7 5488 9613 da8f 64d5 fb46 ......T.....d..F
IK' generated as:
00000000: 5adf 1436 0ae8 3819 2db2 3f6f cb7f 8c76 Z..6..8.-.?o...v
MK = PRF'(IK'|CK',"EAP-AKA'"|Identity) generated and the
keys are as follows:
K_encr:
00000000: 745e 7439 ba23 8f50 fcac 4d15 d47c d1d9 t^t9.#.P..M..|..
K_aut:
00000000: 3e1d 2aa4 e677 025c fd86 2a4b e183 61a1 >.*..w.\..*K..a.
00000010: 3a64 5765 5714 63df 833a 9759 e809 9879 :dWeW.c..:.Y...y
K_re:
00000000: 99da 835e 2ae8 2462 576f e651 6fad 1f80 ...^*.$bWo.Qo...
00000010: 2f0f a119 1655 dd0a 273d a96d 04e0 fcd3 /....U..'=.m....
MSK:
00000000: c6d3 a6e0 ceea 951e b20d 74f3 2c30 61d0 ..........t.,0a.
00000010: 680a 04b0 b086 ee87 00ac e3e0 b95f a026 h............_.&
00000020: 83c2 87be ee44 4322 94ff 98af 26d2 cc78 .....DC"....&..x
00000030: 3bac e75c 4b0a f7fd feb5 511b a8e4 cbd0 ;..\K.....Q.....
EMSK:
00000000: 7fb5 6813 838a dafa 99d1 40c2 f198 f6da ..h.......@.....
00000010: cebf b6af ee44 4961 1054 02b5 08c7 f363 .....DIa.T.....c
00000020: 352c b291 9644 b504 63e6 a693 5415 0147 5,...D..c...T..G
00000030: ae09 cbc5 4b8a 651d 8787 a689 3ed8 536d ....K.e.....>.Sm
I hope Jouni can test the case-2, case-3, case-4 with his
implementation for further verification. Although
Jouni's test vector is complete for both authentication (Full
authentication and Fast re-authentication), I would still recommend to
add the case numbers 2,3,4 also in the draft.
I think Jari should include these test vectors in the draft if we are
not very late.
Regards
Yogendra Pal
On Fri, Dec 5, 2008 at 2:55 AM, Jari Arkko <jari.ar...@piuha.net> wrote:
> This is very interesting and potentially useful. Note that the RFC probably
> comes out sometime in January, so if you have some way of verifying (e.g.,
> to another implementation) before then, perhaps we could argue for this to
> be added to an appendix. And its always possible to publish a very simple
> second RFC that just contains the test vectors. I can agree to take care of
> the practical details of that, if someone provides the actual data.
>
> Jari
>
> Jouni Malinen wrote:
>>
>> On Tue, Nov 11, 2008 at 08:55:36AM +0200, Jari Arkko wrote:
>>
>>>
>>> Yes, that is the question. I do not myself have an implementation yet. I
>>> know people are working on one, but without an implementation I'm not sure I
>>> can provide test vectors.
>>>
>>
>> This may be a bit late for the RFC, but how about something like the
>> following text? A small disclaimer is in order, though: I haven't
>> checked the correctness of the implementation yet (i.e., these are the
>> results from more or less the first developer test run when my own
>> server and peer implementation managed to complete negotiation), so I
>> would obviously appreciate it if someone could verify whether they get
>> the same results. Likewise, I would be interested in running an interop
>> test with another implementation to verify that I've interpreted the
>> draft correctly for areas that do not show up that easily in just
>> comparing test vectors. If I didn't miss anything, I think I now have
>> most of the draft implemented apart from the use of AT_BIDDING in
>> EAP-AKA since IANA does not appear to have allocated an attribute value
>> for it yet.
>>
>>
>> EAP-AKA' (draft-arkko-eap-aka-kdf-10.txt)
>>
>> Test USIM with parameters from 3GPP TS 35.208 v6.0.0 4.3.20 Test Set 20
>> (Milenage):
>> IMSI="232010000000000"
>> Ki=90dca4eda45b53cf0f12d7c9c3bc6a89
>> OPc=cb9cccc4b9258e6dca4760379fb82581
>> AMF=61df
>>
>>
>> Full authentication
>> -------------------
>>
>> Identity: "0232010000000000"
>>
>> RAND=93919412b4f77039967312e67c8fa082
>> AUTN=b475f7abb53e61dfde33aa7e70a35faf
>> IK=e0f3d116c8e47b7304aaa43847f240ad
>> CK=0f894edd1b37b9f7fd52dbd1ac97986a
>> RES=f28f28e92bd22166
>>
>> AK=b475f7abb46a
>> SQN=000000000154
>>
>> (CK',IK') = F(CK, IK, <access network identity>)
>> (based on 33.402 CR 0033 to v8.1.1)
>>
>> CK: 0f894edd1b37b9f7fd52dbd1ac97986a
>> IK: e0f3d116c8e47b7304aaa43847f240ad
>> FC = 0x20
>> P0 = Access network identity: "WLAN" (574c414e)
>> P1 = SQN xor AK: b475f7abb53e
>> Key = CK || IK:
>> 0f894edd1b37b9f7fd52dbd1ac97986ae0f3d116c8e47b7304aaa43847f240ad
>> KDF output (CK' || IK'):
>> 6836dd1eddcc8abd29ce2e664753ed7718105327f8a5c98bdc10360dc8ccef5b
>> CK': 6836dd1eddcc8abd29ce2e664753ed77
>> IK': 18105327f8a5c98bdc10360dc8ccef5b
>>
>>
>> Selected identity for MK derivation: "0232010000000000"
>> MK = PRF'(IK'|CK',"EAP-AKA'"|Identity)
>> K_encr: 12c66e38118369dc388c08c9d8af2f73
>> K_aut: 53fcca89940b9a8802e19bde730cc4497d21a2070ca140b4fe0f018961b48337
>> K_re: e5cfeb09ad34f0b47c4c880dfd4958bd0a1d71aa6bbbb82c319b9e91ddb86761
>> MSK:
>> 9085aad974d3323a96fa68c0db54afdc538744f26f8c33869199d1e09bf081ed0d85bdd4b8136cff0f59ce83840587211d5988a69a60b3323e2bc8ecc46678e1
>> EMSK:
>> 439a9fb8300f33628882f9d0ca101d34b0c1ffb7806c597ea37ac0f949efa59e2b10e4b6263893f98249ffcdcaef12ed4b6e24a498d019a5bb4b9e54f8989e37
>>
>> NEXT_PSEUDONYM="28c179b81ab38747021e2"
>> NEXT_REAUTH_ID="4ec9a95ae5b8deaceb0d8"
>>
>>
>> Fast re-authentication
>> ----------------------
>>
>> Identity: "4ec9a95ae5b8deaceb0d8"
>> COUNTER: 1
>> NONCE_S: 2a949450a95d31eaa2a4f6ea9faaa56c
>>
>> MK = PRF'(K_re,"EAP-AKA' re-auth"|Identity|counter|NONCE_S)
>>
>> MSK:
>> c2ad95db83cfbd1b886d3c91f355d321903107f9e77377671d1b2772ed1c475c36b92a1d07dca082962b83ac7d6cd70ef024d4cf2f4ce97716e15f9fa4fb934c
>> EMSK:
>> 229a30ae81329be2516da975335a7d95956f8a9524548845b97a89778e18f98bd901cb33fa3389add3f29eb1b671af338744a8b9219715fbb96f8a20d724bd88
>>
>>
>>
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
>
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
