eap Mailing List: Re: EAP-AKA Test Vectors

[Pascal Urien (urienp]

Dear Mr  Melovatsky,

  I greatly appreciate your very pertinent analysis for test #2.
  You are right , the MAC-S value that is wrong.

  MAC-S = f1*(AMF,RAND,SQNms)
  AK2 = f5*(RAND)
  AT_AUTS = AK2+SEQms | MAC-S

  The correct value will be included in the next version of 
draft-urien-eap-smartcard

   Please let me known if you find other errors.

  Thank you again

 Best regards

Pascal Urien

At 15:53 16/09/2005 +0400, you wrote:

> Dear Mr. Urien:
>
> I have studied the corrected version of tests for 
> draft-urien-eap-smartcard-08.txt
> and faced a small problem while doing test #2. Could you help us deal with it?
>
> As far as I understand, when performing test #2, wrong SQN is set on the
> smartcard ("ff9bb4d0b608"). Messages with valid SQN come from the network.
> The first message is similar to EAP_AKA_CHALLENGE_REQUEST provided in Test #1
>  (SQN="ff9bb4d0b607" is used to form it).
>
> While processing EAP_AKA_CHALLENGE_REQUEST on USIM the contradiction of
> SQN is determined. In this case we should send AKA-Synchronization-Failure
> with the field AUTS. To compute AUTS, AK and MAC_S are used. To compute MAC_S,
> SQN is used. According to 3GPP PP TS 33.102 V4.4.0 (2002-06)  SQNms is used
> for this purpose. I suppose that in this case the AT_AUTS value (its MAC-S
> part) will be not "BA 85 3F 3C 12 33 01 CF AF 9E C4 E8 71 E9 ", and when using
>  SQNms="ff9bb4d0b608" -> "BA 85 3F 3C 12 33 7C D9 24 E7 39 F1 23 69".
>
>  Could you tell me what you think about it?
>
>
> >>//==========================================
> >>// Test #2 : FULL AUTHENTICATION, WRONG #SEQ
> >>//==========================================
> >>Tx: A0 80 00 00 44
> >       01
> >       A5
> >       00 44
> >       17
> >       01
> >       00 00
> >       01 05 00 00     //AT_RAND
> >       23 55 3C BE 96 37 A8 9D 21 8A E6 4D AE 47 BF 35
> >
> >       02 05 00 00     //AT_AUTN
> >       55 F3 28 B4 35 77 B9 B9 4A 9F FA C3 54 DF AF B3
> >
> >       0B 05 00 00     //AT_MAC
> >       C7 00 35 36 66 2D 52 01 B0 11 F2 0F E5 DD 8C E4
> >
> >>
> >>// AT_AUTS = AK2+SEQ | MAC-S
> >>// AK2 =  45 1E 8B EC A4 3B
> >>// SEQ =  ff 9b b4 d0 b6 08 (right value = ff9bb4d0b607)
> >>// MAC-S= 01 CF AF 9E C4 E8 71 E9
> >>
> >>Rx:
> >       02
> >       A5
> >       00 18
> >
> >       17
> >       04      //AKA_SYNCHRONIZATION_FAILURE
> >       00 00
> >       04 04   //AT_AUTS
> >       BA 85 3F 3C 12 33 01 CF AF 9E C4 E8 71 E9
> >>90 00
>
>
>
> Best regards,
>
> A. Melovatsky