[strongSwan-dev] AUTH4 check fails with Blackberry device but works fine with Android, anyone any ideas?

[Alan Evans]

Hello Martin,

I have increased the log levels, however it's impossible to do a side
by side analysis of the working and non-working cases due to the
random NONCE_MT included in the Mater Key algorithm, even if I make
the GSM triplet RANDs the same the NONCE_MT is different every time
which generates a completely different MK.

I've studied the specs and the code and can't see where I have gone
wrong, except it just doesn't work.

If I ignore the AUTH4 failure and carry on then the RIM device just
ignores the next message.

So it seems it is a key mismatch rather than an incompatibility in the
AUTH payload calculation.

I agree, it's unlikely to be a stongSwan issue, I'm hoping someone out
there has come across something similar and can point me down the
right path.

As an aside, I can dump the debug logs off the RIM device but the file
is encrypted and needs to be decrypted by RIM, maybe someone on the
list knows someone who could do this for me.

Regards
AlanE

On Mon, Oct 22, 2012 at 1:10 PM, Martin Willi <martin at strongswan.org> wrote:
> Hi Alan,
>
>> 02[IKE] RADIUS authentication of '...' successful
>> 02[IKE] EAP method EAP_SIM succeeded, MSK established
>
>> 01[IKE] verification of AUTH payload with EAP MSK failed
>
>> Bear in mind that the same SIM Card and Security Gateway works fine on
>> Andorid.
>
> It don't think it is related to strongSwan. As you're using a RADIUS
> backend, EAP-SIM and MSK derivation happens outside of strongSwan.
>
> As it works with Android, it might be that the Blackberry is calculating
> the IKEv2 AUTH payload from the MSK differently.
>
> You might try to increase the debug level on strongSwan to see what
> values are used for AUTH payload calculation. If you can compare these
> values with those one your UMA client, you might see a difference.
>
> Regards
> Martin
>