[strongSwan] EAP-AKA failure: AKA_SYNCHRONIZATION_FAILURE
Tobias Brunner
tobias at strongswan.org
Wed May 22 18:27:44 CEST 2019
Hi Tomasz,
> There is a bug in the
> eap-aka-3gpp plugin implementation regarding updating of SQN.
> ...
> However, based on [1] the SQN (32 bits)
> is composed of two elements: SEQ
> + IND. SEQ is the actual sequence indicator, while IND is some kind of
> the index and normally it occupies 5 bits.
It's not really a bug. How IND is handled is basically implementation
specific (see section C.4). So this is a matter of configuration (or
patching, as these plugins are for testing purposes only anyway). But
both client/USIM and server/AuC, obviously, have to do it in a
compatible way.
While the document recommends to use 5 bits, there is no requirement or
restriction to use anything else. If no array index is required, it
seems fine to use no bits for IND (the plugin doesn't use such complex
mechanisms - and, as mentioned before, the SQN is a global value, which
is definitely not how TS 33.102 defines it). I guess for a bit more
flexibility out of the box, a configuration option for the length of SEQ
(or IND) in bits might be a possible extension.
Regards,
Tobias
More information about the Users
mailing list