[RADIATOR] EAP-SIM Authentication Issue

Rajesh Thota rajesh.thota at prontonetworks.com
Thu Jun 24 08:55:12 CDT 2010 

Hello All,

I am in the process of evaluating Radiator.  2 Main features I would be
needing is EAP-SIM and EAP-PEAP.

I have been working on modifying the EAP-SIM.pm  file  I have just modified
the sim_request_triplets subroutine to pull the GSM triplets using a HTTP
GET request to a server.  The HTTP Server talks to the MAP gateway passing
the IMSI.  For the time being I have hard-coded the IMSI onto the URL.   The
IMSI on the URL and the request is same.  I am passing the RAND, SRES & Kc
from this routine as shown in the sample code(comment).

Any help is appreciated on this front.

Thanks & Regards

Rajesh

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

sub sim_request_triplets
{
    my ($self, $context, $p, $n) = @_;

    my $ua1 = new LWP::UserAgent;
    $ua1->agent("AgentName/0.1 " . $ua1->agent);

    # Create a request
    my $req = new HTTP::Request GET => '
http://192.168.1.127:8080/cgi-bin/hlr_hex_cgi?TRANS_ID=102&IMSI=405803190032618
';
    $req->content_type('application/x-www-form-urlencoded');
    $req->content('match=www&errors=0');

    # Pass request to the user agent and get a response back
    my $res = $ua1->request($req);
    my $webOut;

    # Check the outcome of the response
    if ($res->is_success) {
        $webOut = $res->content;
    } else {
        print "Bad luck this time\n";
    }

    my $row;
    @$row = split( /\n/, $webOut);

    my $myARand;
    my $myASres;
    my $myAKc;

    @$myARand=split(/\=/, @$row[6]);
    @$myASres=split(/\=/, @$row[7]);
    @$myAKc=split(/\=/, @$row[8]);

    my $myKc = @$myAKc[1];
    my $mySres = @$myASres[1];
    my $myRand = @$myARand[1];

    $self->log($main::LOG_DEBUG, "$myRand | $mySres | $myKc
...................");

    return (
            pack('H*', $myKc), pack('H*', $mySres), pack('H*', $myRand),
            pack('H*', $myKc), pack('H*', $mySres), pack('H*', $myRand),
            pack('H*', $myKc), pack('H*', $mySres), pack('H*', $myRand),
            );

    return;
}

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

The Radius LOG file prints the following :

*** Received from 192.168.1.152 port 2049 ....
Code:       Access-Request
Identifier: 9
Authentic:  <145>BZ<135><209><1>Qi<214><11>r<248>e<174><141><224>
Attributes:
        User-Name = "1405803190032618 at wlan.mnc080.mcc405.3gppnetwork.org"
        NAS-IP-Address = 192.168.1.152
        NAS-Identifier = "Wireless LAN Access Point"
        NAS-Port = 0
        Called-Station-Id = "00-80-48-67-43-25:SIM-Test"
        Calling-Station-Id = "00-24-7D-4A-52-87"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802-11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = <2><0><0>8<1>
1405803190032618 at wlan.mnc080.mcc405.3gppnetwork.org
        Message-Authenticator = <212>I<163>k?gNAGu<5><228><7><200>"<197>

Thu Jun 24 19:02:13 2010: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Jun 24 19:02:13 2010: DEBUG:  Deleting session for
1405803190032618 at wlan.mnc080.mcc405.3gppnetwork.org, 192.168.1.152, 0
Thu Jun 24 19:02:13 2010: DEBUG: Handling with Radius::AuthSIM:
Thu Jun 24 19:02:13 2010: DEBUG: Handling with EAP: code 2, 0, 56, 1
Thu Jun 24 19:02:13 2010: DEBUG: Response type 1
Thu Jun 24 19:02:13 2010: DEBUG: EAP result: 3, EAP SIM/Start
Thu Jun 24 19:02:13 2010: DEBUG: AuthBy SIM result: CHALLENGE, EAP SIM/Start
Thu Jun 24 19:02:13 2010: DEBUG: Access challenged for
1405803190032618 at wlan.mnc080.mcc405.3gppnetwork.org: EAP SIM/Start
Thu Jun 24 19:02:13 2010: DEBUG: Packet dump:
*** Sending to 192.168.1.152 port 2049 ....
Code:       Access-Challenge
Identifier: 9
Authentic:  <179><251><218><160><134><176><0><241>m'<240><216><136><188>kF
Attributes:
        EAP-Message = <1><1><0><16><18><10><0><0><15><2><0><4><0><0><0><1>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Thu Jun 24 19:02:13 2010: DEBUG: Packet dump:
*** Received from 192.168.1.152 port 2049 ....
Code:       Access-Request
Identifier: 10
Authentic:
 <205><19><175><222><132><4>#<7><128><206><241><232><144><169><205>2
Attributes:
        User-Name = "1405803190032618 at wlan.mnc080.mcc405.3gppnetwork.org"
        NAS-IP-Address = 192.168.1.152
        NAS-Identifier = "Wireless LAN Access Point"
        NAS-Port = 0
        Called-Station-Id = "00-80-48-67-43-25:SIM-Test"
        Calling-Station-Id = "00-24-7D-4A-52-87"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802-11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = <2><1><0>
<18><10><0><0><7><5><0><0><4><171><176><171><217>[$<216><231><10><135>|<181><172><167><245><16><1><0><1>
        Message-Authenticator =
i<26>=/<243><153>,<192><215><237>~<157><240><163><S

Thu Jun 24 19:02:13 2010: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Jun 24 19:02:13 2010: DEBUG:  Deleting session for
1405803190032618 at wlan.mnc080.mcc405.3gppnetwork.org, 192.168.1.152, 0
Thu Jun 24 19:02:13 2010: DEBUG: Handling with Radius::AuthSIM:
Thu Jun 24 19:02:13 2010: DEBUG: Handling with EAP: code 2, 1, 32, 18
Thu Jun 24 19:02:13 2010: DEBUG: Response type 18
Thu Jun 24 19:02:13 2010: DEBUG: ..........................
 2c191a3d8f1a2fd2553ff272433f142 | c56c879a | 2098f32fbf3e86b1
...................
Thu Jun 24 19:02:13 2010: DEBUG: EAP result: 3, EAP SIM/Challenge
Thu Jun 24 19:02:13 2010: DEBUG: AuthBy SIM result: CHALLENGE, EAP
SIM/Challenge
Thu Jun 24 19:02:13 2010: DEBUG: Access challenged for
1405803190032618 at wlan.mnc080.mcc405.3gppnetwork.org: EAP SIM/Challenge
Thu Jun 24 19:02:13 2010: DEBUG: Packet dump:
*** Sending to 192.168.1.152 port 2049 ....
Code:       Access-Challenge
Identifier: 10
Authentic:  g<141><12><241>Bt<201>zf<202>lG<216>W<166>}
Attributes:
        EAP-Message =
<1><2><0>P<18><11><0><0><1><13><0><0>,<25><26>=<143><26>/<210>U?<242>rC?<20>
,<25><26>=<143><26>/<210>U?<242>rC?<20>
,<25><26>=<143><26>/<210>U?<242>rC?<20>
<11><5><0><0><234><197>L'<152><227><237><153><164>^<200><152>P<239><10>h
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Thu Jun 24 19:02:17 2010: DEBUG: Packet dump:
*** Received from 192.168.1.152 port 2049 ....
Code:       Access-Request
Identifier: 11
Authentic:  <238>H<203><145><189><211><135>g<230><145><233><234>R<170>+5
Attributes:
        User-Name = "1405803190032618 at wlan.mnc080.mcc405.3gppnetwork.org"
        NAS-IP-Address = 192.168.1.152
        NAS-Identifier = "Wireless LAN Access Point"
        NAS-Port = 0
        Called-Station-Id = "00-80-48-67-43-25:SIM-Test"
        Calling-Station-Id = "00-24-7D-4A-52-87"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802-11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = <2><2><0><12><18><14><0><0><22><1><0><0>
        Message-Authenticator =
<164>.n<14><227><19>szL<200><175><193><221><21>#'

Thu Jun 24 19:02:17 2010: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Jun 24 19:02:17 2010: DEBUG:  Deleting session for
1405803190032618 at wlan.mnc080.mcc405.3gppnetwork.org, 192.168.1.152, 0
Thu Jun 24 19:02:17 2010: DEBUG: Handling with Radius::AuthSIM:
Thu Jun 24 19:02:17 2010: DEBUG: Handling with EAP: code 2, 2, 12, 18
Thu Jun 24 19:02:17 2010: DEBUG: Response type 18
Thu Jun 24 19:02:17 2010: WARNING: EAP SIM Client Error code 0: Unable to
Process
Thu Jun 24 19:02:17 2010: DEBUG: EAP result: 1, EAP SIM Client Error
Thu Jun 24 19:02:17 2010: DEBUG: AuthBy SIM result: REJECT, EAP SIM Client
Error
Thu Jun 24 19:02:17 2010: INFO: Access rejected for
1405803190032618 at wlan.mnc080.mcc405.3gppnetwork.org: EAP SIM Client Error
Thu Jun 24 19:02:17 2010: DEBUG: Packet dump:
*** Sending to 192.168.1.152 port 2049 ....
Code:       Access-Reject
Identifier: 11
Authentic:
 #<145><185><187><185>y<216><180><140><26>B<217><176><210><146><224>
Attributes:
        EAP-Message = <4><2><0><4>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
        Reply-Message = "Request Denied"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

The CGI program I am invoking returns the following

TRANS_ID=102
PRIM_ID=56242
IMSI=405803190032618
RESPONSE_CODE=0
VECTOR_COUNT=1
VECTOR_TYPE=2G
RAND=c2de1c1ec4d73dc1e6ece5ce624e85
SRES=84566be
KC=bb2a2c1388718b99
;


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Wondering What is going Wrong ?  Any help is much appreciated.

-- 
RAJESH THOTA
Pronto Networks Inc IDC., Bangalore, India.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100624/b4ef26b7/attachment.html

More information about the radiator mailing list