<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Hi<br>
<br>
You were right, I had a bug there. The Auth type was invalid.<br>
<br>
However, still there is a one problem. The secret for the AUTH payload
is not in a clear format as in PSK. It seems that the secret is
sometype of hash of secret?<br>
Is it just an ordinary hash and with what type of algorithm?<br>
<br>
Below is shown the log and the secret. The secret value is "password", but is seems to be hashed to 20 bytes.<br>
<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] SK_p => 20 bytes @ 0x9ec9c38<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 0: 30 CE E9 23 0F C9 21 1E 67 CE 36 4B 0D C7 09 A3 0..#..!.g.6K....<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 16: D8 A2 E3 A2 ....<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] octets = message + nonce + prf(Sk_px, IDx') => 280 bytes @ 0x9eca7a8<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 0: 00 00 00 2B D2 40 95 65 00 00 00 00 00 00 00 00 ...+.@.e........<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 16: 21 20 22 08 00 00 00 00 00 00 00 E4 22 00 00 2C ! "........."..,<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 04 00 00 02 ...(............<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 48: 03 00 00 08 02 00 00 02 03 00 00 08 01 00 00 03 ................<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 64: 00 00 00 08 03 00 00 02 28 00 00 88 00 02 00 00 ........(.......<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 80: 90 8C C8 EE A8 F0 FB 54 73 AC 32 E7 21 15 06 EE .......Ts.2.!...<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 96: CC D8 05 43 AC 2A 4A 60 64 BC E1 B9 62 9A 88 23 ...C.*J`d...b..#<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 112: 97 CC 45 9E 37 9B 87 10 6C 16 52 2E 56 3C F2 09 ..E.7...l.R.V<..<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 128: 18 34 57 49 1E 49 E9 7A A1 82 5F 5C EF B3 2B 24 .4WI.I.z.._\..+$<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 144: 6E 6A 55 09 39 4C AD E8 79 79 41 77 70 5F 3B FF njU.9L..yyAwp_;.<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 160: 7E 5E 62 74 54 E8 46 B4 F6 48 F2 DA 8D 26 0D 86 ~^btT.F..H...&..<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 176: A9 6F 49 48 EC 75 45 E6 DD 85 97 94 DA 09 7F 3B .oIH.uE........;<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 192: 99 86 55 86 7F 41 C8 4F CD 42 D2 2E B0 D2 25 48 ..U..A.O.B....%H<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 208: 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 ................<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 224: 00 00 00 01 D6 87 EE 62 43 E5 90 C3 32 17 65 74 .......bC...2.et<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 240: 14 03 F6 EA DA A2 2F 22 8E 3C 01 32 84 1D 4E BA ....../".<.2..N.<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 256: 28 AA 7D 71 3B FE 84 20 B0 9F A1 E7 79 30 B3 27 (.}q;.. ....y0.'<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 272: 7E D8 79 6C 0A EC 10 4A ~.yl...J<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] secret => 20 bytes @ 0x9ec9c38<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 0: 30 CE E9 23 0F C9 21 1E 67 CE 36 4B 0D C7 09 A3 0..#..!.g.6K....<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 16: D8 A2 E3 A2 ....<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] prf(secret, keypad) => 20 bytes @ 0x9ec5ad8<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 0: BF F8 BB D7 49 24 C2 AC D1 7F 89 38 9F 4E A7 94 ....I$.....8.N..<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 16: D3 A6 8D D4 ....<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] AUTH = prf(prf(secret, keypad), octets) => 20 bytes @ 0x9ec6ae8<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 0: F6 A6 7A D6 FA 82 5C 7E 1C 99 9F CD FE BF C2 A6 ..z...\~........<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] 16: 92 9D D6 E9 ....<br>
Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] verification of AUTH payload without EAP MSK failed<br>
<br><br>> Subject: RE: [strongSwan] Authentication Payload after succesfull EAP-MD5 authentication<br>> From: martin@strongswan.org<br>> To: ukir85@hotmail.com<br>> CC: users@lists.strongswan.org<br>> Date: Thu, 21 Oct 2010 15:50:08 +0200<br>> <br>> <br>> > AUTHENTICATION verification failed<br>> <br>> This means that the structure of the AUTHENTICATION payload is invalid,<br>> most likely the Auth Method field has an invalid value. Make sure you're<br>> using the value 2 here.<br>> <br>> Regards<br>> Martin<br>> <br><br><br>> Subject: RE: [strongSwan] Authentication Payload after succesfull EAP-MD5 authentication<br>> From: martin@strongswan.org<br>> To: ukir85@hotmail.com<br>> CC: users@lists.strongswan.org<br>> Date: Thu, 21 Oct 2010 15:50:08 +0200<br>> <br>> <br>> > AUTHENTICATION verification failed<br>> <br>> This means that the structure of the AUTHENTICATION payload is invalid,<br>> most likely the Auth Method field has an invalid value. Make sure you're<br>> using the value 2 here.<br>> <br>> Regards<br>> Martin<br>> <br> </body>
</html>