def Payload_Challenge_Response(ID, RAND, ETYPE):
# Let's build EAP-Payload Challenge-Response AVP
# Create EAP-Payload (empty)
EAP = eap.EAPItem()
# Set command code
EAP.cmd = eap.EAP_CODE_RESPONSE
# Set id
EAP.id = ID
# Set type
EAP.type = ETYPE
# Set sub-type
EAP.stype = eap.dictEAPSUBname2type("AKA-Challenge")
# RAND is copied from Challenge
# These values can be calculated or entered manually
# XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,Ki,RAND)
# Or copy from MAA
# IK=Identity-Key
# CK=Confidentiality-Key
# XRES=SIP-Authorization
IK = "2d346b8c456223bc7519823a0abc94fd"
CK = "07fc3189172095ddce5b4ba2bfb70f7f"
XRES = "e818fbf691ae3b97"
if EAP.type == eap.EAP_TYPE_AKAPRIME:
# For AKA'
KENCR, KAUT, MSK, EMSK, KRE = eap.akap_calc_keys(IDENTITY, CK, IK)
else:
# For AKA
KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(IDENTITY, CK, IK)
# Add AT_RES
EAP.avps.append(("AT_RES", XRES))
# Add AT_MAC as last
eap.addMAC(EAP, KAUT, "")
# Do not add any AVPs after adding MAC
Payload = eap.encode_EAP(EAP)
# Payload now contains EAP-Payload AVP
return Payload
def Payload_Challenge_Response(ID, RAND, ETYPE):
# Let's build EAP-Payload Challenge-Response AVP
# Create EAP-Payload (empty)
EAP = eap.EAPItem()
# Set command code
EAP.cmd = eap.EAP_CODE_RESPONSE
# Set id
EAP.id = ID
# Set type
EAP.type = ETYPE
# Set sub-type
EAP.stype = eap.dictEAPSUBname2type("AKA-Challenge")
# RAND is copied from Challenge
# These values can be calculated or entered manually
#XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,Ki,RAND)
# Or copy from MAA
# IK=Identity-Key
# CK=Confidentiality-Key
# XRES=SIP-Authorization
IK = "2d346b8c456223bc7519823a0abc94fd"
CK = "07fc3189172095ddce5b4ba2bfb70f7f"
XRES = "e818fbf691ae3b97"
if EAP.type == eap.EAP_TYPE_AKAPRIME:
# For AKA'
KENCR, KAUT, MSK, EMSK, KRE = eap.akap_calc_keys(IDENTITY, CK, IK)
else:
# For AKA
KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(IDENTITY, CK, IK)
# Add AT_RES
EAP.avps.append(("AT_RES", XRES))
# Add AT_MAC as last
eap.addMAC(EAP, KAUT, '')
# Do not add any AVPs after adding MAC
Payload = eap.encode_EAP(EAP)
# Payload now contains EAP-Payload AVP
return Payload
ENCR_DATA = ""
#=============================
# Procedure
# 1) From OP,K,RAND calculate XRES,Ck,Ik (milenage-f2345)
# This is enough to build response, but let's calculate a bit further
# 2) From Identity,Ck,Ik calculate keys (aka)
# If AT_ENCR_DATA AVP exist
# 3) Using those keys to decode AT_ENCR_DATA
# 4) Using OP,K,RAND,SQN,AMF calculate XMAC, MAC_S (milenage-f1) to verify AUTN
# ============================================================
# Step 1
XRES, CK, IK, AK, AKS = eap.aka_calc_milenage(OP, K, RAND)
print XRES, CK, IK, AK, AKS
print "=" * 30
# Step 2
KENCR, KAUT, MSK, EMSK, KRE = eap.akap_calc_keys(Identity, CK, IK)
print KENCR
print "+" * 30
# Step 3
# Example how to decode Reauth-Id
DATA = eap.decrypt_data(IV, KENCR, ENCR_DATA)
print DATA
print "-" * 30
avps = eap.splitEAPAVPs(DATA)
for avp in avps:
(Name, Value) = avp
print Name, "=", Value
REAUTH = findAVP("AT_NEXT_REAUTH_ID", avps)
if REAUTH <> -1:
print REAUTH.decode("hex")
print "=" * 30
ENCR_DATA = ""
#=============================
# Procedure
# 1) From OP,K,RAND calculate XRES,Ck,Ik (milenage-f2345)
# This is enough to build response, but let's calculate a bit further
# 2) From Identity,Ck,Ik calculate keys (aka)
# If AT_ENCR_DATA AVP exist
# 3) Using those keys to decode AT_ENCR_DATA
# 4) Using OP,K,RAND,SQN,AMF calculate XMAC, MAC_S (milenage-f1) to verify AUTN
# ============================================================
# Step 1
XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,K,RAND)
print XRES,CK,IK,AK,AKS
print "="*30
# Step 2
KENCR,KAUT,MSK,EMSK,KRE=eap.akap_calc_keys(Identity,CK,IK)
print KENCR
print "+"*30
# Step 3
# Example how to decode Reauth-Id
DATA=eap.decrypt_data(IV,KENCR,ENCR_DATA)
print DATA
print "-"*30
avps=eap.splitEAPAVPs(DATA)
for avp in avps:
(Name,Value)=avp
print Name,"=",Value
REAUTH=findAVP("AT_NEXT_REAUTH_ID",avps)
if REAUTH<>-1:
print REAUTH.decode("hex")
print "="*30
