[strongSwan] Authentication Payload after succesfull EAP-MD5 authentication

R R ukir85 at hotmail.com
Fri Oct 22 13:49:43 CEST 2010


Hi



You were right, I had a bug there. The Auth type was invalid.



However, still there is a one problem. The secret for the AUTH payload
is not in a clear format as in PSK. It seems that the secret is
sometype of hash of secret?

Is it just an ordinary hash and with what type of algorithm?



Below is shown the log and the secret. The secret value is "password", but is seems to be hashed to 20 bytes.



Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] SK_p => 20 bytes @ 0x9ec9c38

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]    0: 30 CE E9 23 0F C9 21 1E 67 CE 36 4B 0D C7 09 A3  0..#..!.g.6K....

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]   16: D8 A2 E3 A2                                      ....

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] octets = message + nonce + prf(Sk_px, IDx') => 280 bytes @ 0x9eca7a8

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]    0: 00 00 00 2B D2 40 95 65 00 00 00 00 00 00 00 00  ...+. at .e........

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]   16: 21 20 22 08 00 00 00 00 00 00 00 E4 22 00 00 2C  ! "........."..,

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]   32: 00 00 00 28 01 01 00 04 03 00 00 08 04 00 00 02  ...(............

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]   48: 03 00 00 08 02 00 00 02 03 00 00 08 01 00 00 03  ................

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]   64: 00 00 00 08 03 00 00 02 28 00 00 88 00 02 00 00  ........(.......

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]   80: 90 8C C8 EE A8 F0 FB 54 73 AC 32 E7 21 15 06 EE  .......Ts.2.!...

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]   96: CC D8 05 43 AC 2A 4A 60 64 BC E1 B9 62 9A 88 23  ...C.*J`d...b..#

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  112: 97 CC 45 9E 37 9B 87 10 6C 16 52 2E 56 3C F2 09  ..E.7...l.R.V<..

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  128: 18 34 57 49 1E 49 E9 7A A1 82 5F 5C EF B3 2B 24  .4WI.I.z.._\..+$

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  144: 6E 6A 55 09 39 4C AD E8 79 79 41 77 70 5F 3B FF  njU.9L..yyAwp_;.

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  160: 7E 5E 62 74 54 E8 46 B4 F6 48 F2 DA 8D 26 0D 86  ~^btT.F..H...&..

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  176: A9 6F 49 48 EC 75 45 E6 DD 85 97 94 DA 09 7F 3B  .oIH.uE........;

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  192: 99 86 55 86 7F 41 C8 4F CD 42 D2 2E B0 D2 25 48  ..U..A.O.B....%H

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  208: 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00  ................

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  224: 00 00 00 01 D6 87 EE 62 43 E5 90 C3 32 17 65 74  .......bC...2.et

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  240: 14 03 F6 EA DA A2 2F 22 8E 3C 01 32 84 1D 4E BA  ....../".<.2..N.

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  256: 28 AA 7D 71 3B FE 84 20 B0 9F A1 E7 79 30 B3 27  (.}q;.. ....y0.'

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]  272: 7E D8 79 6C 0A EC 10 4A                          ~.yl...J

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] secret => 20 bytes @ 0x9ec9c38

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]    0: 30 CE E9 23 0F C9 21 1E 67 CE 36 4B 0D C7 09 A3  0..#..!.g.6K....

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]   16: D8 A2 E3 A2                                      ....

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] prf(secret, keypad) => 20 bytes @ 0x9ec5ad8

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]    0: BF F8 BB D7 49 24 C2 AC D1 7F 89 38 9F 4E A7 94  ....I$.....8.N..

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]   16: D3 A6 8D D4                                      ....

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] AUTH = prf(prf(secret, keypad), octets) => 20 bytes @ 0x9ec6ae8

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]    0: F6 A6 7A D6 FA 82 5C 7E 1C 99 9F CD FE BF C2 A6  ..z...\~........

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE]   16: 92 9D D6 E9                                      ....

Oct 21 15:55:50 riku-ubuntu charon: 11[IKE] verification of AUTH payload without EAP MSK failed



> Subject: RE: [strongSwan] Authentication Payload after succesfull EAP-MD5 authentication
> From: martin at strongswan.org
> To: ukir85 at hotmail.com
> CC: users at lists.strongswan.org
> Date: Thu, 21 Oct 2010 15:50:08 +0200
> 
> 
> > AUTHENTICATION verification failed
> 
> This means that the structure of the AUTHENTICATION payload is invalid,
> most likely the Auth Method field has an invalid value. Make sure you're
> using the value 2 here.
> 
> Regards
> Martin
> 


> Subject: RE: [strongSwan] Authentication Payload after succesfull EAP-MD5 authentication
> From: martin at strongswan.org
> To: ukir85 at hotmail.com
> CC: users at lists.strongswan.org
> Date: Thu, 21 Oct 2010 15:50:08 +0200
> 
> 
> > AUTHENTICATION verification failed
> 
> This means that the structure of the AUTHENTICATION payload is invalid,
> most likely the Auth Method field has an invalid value. Make sure you're
> using the value 2 here.
> 
> Regards
> Martin
> 
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101022/e3a54626/attachment.html>


More information about the Users mailing list