def Payload_Challenge_Response(ID, RAND, ETYPE): # Let's build EAP-Payload Challenge-Response AVP # Create EAP-Payload (empty) EAP = eap.EAPItem() # Set command code EAP.cmd = eap.EAP_CODE_RESPONSE # Set id EAP.id = ID # Set type EAP.type = ETYPE # Set sub-type EAP.stype = eap.dictEAPSUBname2type("AKA-Challenge") # RAND is copied from Challenge # These values can be calculated or entered manually # XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,Ki,RAND) # Or copy from MAA # IK=Identity-Key # CK=Confidentiality-Key # XRES=SIP-Authorization IK = "2d346b8c456223bc7519823a0abc94fd" CK = "07fc3189172095ddce5b4ba2bfb70f7f" XRES = "e818fbf691ae3b97" if EAP.type == eap.EAP_TYPE_AKAPRIME: # For AKA' KENCR, KAUT, MSK, EMSK, KRE = eap.akap_calc_keys(IDENTITY, CK, IK) else: # For AKA KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(IDENTITY, CK, IK) # Add AT_RES EAP.avps.append(("AT_RES", XRES)) # Add AT_MAC as last eap.addMAC(EAP, KAUT, "") # Do not add any AVPs after adding MAC Payload = eap.encode_EAP(EAP) # Payload now contains EAP-Payload AVP return Payload
def Payload_Challenge_Response(ID, RAND, ETYPE): # Let's build EAP-Payload Challenge-Response AVP # Create EAP-Payload (empty) EAP = eap.EAPItem() # Set command code EAP.cmd = eap.EAP_CODE_RESPONSE # Set id EAP.id = ID # Set type EAP.type = ETYPE # Set sub-type EAP.stype = eap.dictEAPSUBname2type("AKA-Challenge") # RAND is copied from Challenge # These values can be calculated or entered manually #XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,Ki,RAND) # Or copy from MAA # IK=Identity-Key # CK=Confidentiality-Key # XRES=SIP-Authorization IK = "2d346b8c456223bc7519823a0abc94fd" CK = "07fc3189172095ddce5b4ba2bfb70f7f" XRES = "e818fbf691ae3b97" if EAP.type == eap.EAP_TYPE_AKAPRIME: # For AKA' KENCR, KAUT, MSK, EMSK, KRE = eap.akap_calc_keys(IDENTITY, CK, IK) else: # For AKA KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(IDENTITY, CK, IK) # Add AT_RES EAP.avps.append(("AT_RES", XRES)) # Add AT_MAC as last eap.addMAC(EAP, KAUT, '') # Do not add any AVPs after adding MAC Payload = eap.encode_EAP(EAP) # Payload now contains EAP-Payload AVP return Payload
ENCR_DATA = "" #============================= # Procedure # 1) From OP,K,RAND calculate XRES,Ck,Ik (milenage-f2345) # This is enough to build response, but let's calculate a bit further # 2) From Identity,Ck,Ik calculate keys (aka) # If AT_ENCR_DATA AVP exist # 3) Using those keys to decode AT_ENCR_DATA # 4) Using OP,K,RAND,SQN,AMF calculate XMAC, MAC_S (milenage-f1) to verify AUTN # ============================================================ # Step 1 XRES, CK, IK, AK, AKS = eap.aka_calc_milenage(OP, K, RAND) print XRES, CK, IK, AK, AKS print "=" * 30 # Step 2 KENCR, KAUT, MSK, EMSK, KRE = eap.akap_calc_keys(Identity, CK, IK) print KENCR print "+" * 30 # Step 3 # Example how to decode Reauth-Id DATA = eap.decrypt_data(IV, KENCR, ENCR_DATA) print DATA print "-" * 30 avps = eap.splitEAPAVPs(DATA) for avp in avps: (Name, Value) = avp print Name, "=", Value REAUTH = findAVP("AT_NEXT_REAUTH_ID", avps) if REAUTH <> -1: print REAUTH.decode("hex") print "=" * 30
ENCR_DATA = "" #============================= # Procedure # 1) From OP,K,RAND calculate XRES,Ck,Ik (milenage-f2345) # This is enough to build response, but let's calculate a bit further # 2) From Identity,Ck,Ik calculate keys (aka) # If AT_ENCR_DATA AVP exist # 3) Using those keys to decode AT_ENCR_DATA # 4) Using OP,K,RAND,SQN,AMF calculate XMAC, MAC_S (milenage-f1) to verify AUTN # ============================================================ # Step 1 XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,K,RAND) print XRES,CK,IK,AK,AKS print "="*30 # Step 2 KENCR,KAUT,MSK,EMSK,KRE=eap.akap_calc_keys(Identity,CK,IK) print KENCR print "+"*30 # Step 3 # Example how to decode Reauth-Id DATA=eap.decrypt_data(IV,KENCR,ENCR_DATA) print DATA print "-"*30 avps=eap.splitEAPAVPs(DATA) for avp in avps: (Name,Value)=avp print Name,"=",Value REAUTH=findAVP("AT_NEXT_REAUTH_ID",avps) if REAUTH<>-1: print REAUTH.decode("hex") print "="*30