def Payload_Challenge_Response(ID, RAND, ETYPE): # Let's build EAP-Payload Challenge-Response AVP # Create EAP-Payload (empty) EAP = eap.EAPItem() # Set command code EAP.cmd = eap.EAP_CODE_RESPONSE # Set id EAP.id = ID # Set type EAP.type = ETYPE # Set sub-type EAP.stype = eap.dictEAPSUBname2type("SIM-Challenge") # RAND is copied from Challenge # These values can be calculated or entered manually # Copied from SIP-Auth-Data-Item->Authentication-Information-SIM(301) a1 = "8b7e0f1147f9af050809bbaf50881dbb08014ca81b36d9fa" # Copied from SIP-Auth-Data-Item->Authorization-Information-SIM(302) b1 = "334131fc" RAND, KC = prepareKeysFromTriplets(a1, a1, a1) SRES = b1 + b1 + b1 # Step 2 KENCR, KAUT, MSK, EMSK, MK = eap.sim_calc_keys(IDENTITY, KC, NONCE_MT, VERSION_LIST, "1") # Add AT_MAC as last eap.addMAC(EAP, KAUT, SRES) # Do not add any AVPs after adding MAC Payload = eap.encode_EAP(EAP) # Payload now contains EAP-Payload AVP return Payload
def Payload_Challenge_Response(ID, RAND, ETYPE): # Let's build EAP-Payload Challenge-Response AVP # Create EAP-Payload (empty) EAP = eap.EAPItem() # Set command code EAP.cmd = eap.EAP_CODE_RESPONSE # Set id EAP.id = ID # Set type EAP.type = ETYPE # Set sub-type EAP.stype = eap.dictEAPSUBname2type("AKA-Challenge") # RAND is copied from Challenge # These values can be calculated or entered manually #XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,Ki,RAND) # Or copy from MAA # IK=Identity-Key # CK=Confidentiality-Key # XRES=SIP-Authorization IK = "952A44900B7FAFF249763475B3AA77EE" CK = "F16A4BB5112DBA580132E29882FEC143" XRES = "E818FBF691AE3B97" KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(IDENTITY, CK, IK) # Add AT_RES EAP.avps.append(("AT_RES", XRES)) # Add AT_MAC as last eap.addMAC(EAP, KAUT, "") # Do not add any AVPs after adding MAC Payload = eap.encode_EAP(EAP) # Payload now contains EAP-Payload AVP return Payload
def Payload_Identity(): # Let's build EAP-Payload Identity AVP # Create EAP-Payload (empty) EAP = eap.EAPItem() # Set command code # Remember - Requests normally starts from AAA-> UE, so # even when skipped, identity is actually an response EAP.cmd = eap.EAP_CODE_RESPONSE # Set id EAP.id = 1 # Set type EAP.type = eap.EAP_TYPE_IDENTITY # Add Identity EAP.msg = eap.addEAPIdentity(IDENTITY) Payload = eap.encode_EAP(EAP) return Payload
def Payload_AKA_Identity(ID, ETYPE): # Let's build EAP-Payload with AT_IDENTITY AVP # Create EAP-Payload (empty) EAP = eap.EAPItem() # Set command code # Remember - Requests normally starts from AAA-> UE, so # even when skipped, identity is actually an response EAP.cmd = eap.EAP_CODE_RESPONSE # Set id EAP.id = ID # Set type EAP.type = ETYPE # Set sub-type EAP.stype = eap.dictEAPSUBname2type("AKA-Identity") EAP.avps.append(("AT_IDENTITY", IDENTITY)) Payload = eap.encode_EAP(EAP) # Payload now contains EAP-Payload AVP return Payload
def Payload_AT_Identity(ID, ETYPE): # Let's build EAP-Payload with AT_IDENTITY AVP # Create EAP-Payload (empty) EAP = eap.EAPItem() # Set command code # Remember - Requests normally starts from AAA-> UE, so # even when skipped, identity is actually an response EAP.cmd = eap.EAP_CODE_RESPONSE # Set id EAP.id = ID # Set type EAP.type = ETYPE # Set sub-type EAP.stype = eap.dictEAPSUBname2type("SIM-Start") EAP.avps.append(("AT_IDENTITY", IDENTITY.encode("hex"))) EAP.avps.append(("AT_SELECTED_VERSION", SELECTED_VER)) EAP.avps.append(("AT_NONCE_MT", NONCE_MT)) Payload = eap.encode_EAP(EAP) print "S Payload", Payload # Payload now contains EAP-Payload AVP return Payload
def Payload_Challenge_Response(ID, RAND, ETYPE): # Let's build EAP-Payload Challenge-Response AVP # Create EAP-Payload (empty) EAP = eap.EAPItem() # Set command code EAP.cmd = eap.EAP_CODE_RESPONSE # Set id EAP.id = ID # Set type EAP.type = ETYPE # Set sub-type EAP.stype = eap.dictEAPSUBname2type("AKA-Challenge") # RAND is copied from Challenge # These values can be calculated or entered manually #XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,Ki,RAND) # Or copy from MAA # IK=Identity-Key # CK=Confidentiality-Key # XRES=SIP-Authorization IK = "2d346b8c456223bc7519823a0abc94fd" CK = "07fc3189172095ddce5b4ba2bfb70f7f" XRES = "e818fbf691ae3b97" if EAP.type == eap.EAP_TYPE_AKAPRIME: # For AKA' KENCR, KAUT, MSK, EMSK, KRE = eap.akap_calc_keys(IDENTITY, CK, IK) else: # For AKA KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(IDENTITY, CK, IK) # Add AT_RES EAP.avps.append(("AT_RES", XRES)) # Add AT_MAC as last eap.addMAC(EAP, KAUT, '') # Do not add any AVPs after adding MAC Payload = eap.encode_EAP(EAP) # Payload now contains EAP-Payload AVP return Payload
#Next two lines are to include parent directory for testing import sys sys.path.append("..") # Remove them normally import eap import logging if __name__ == "__main__": logging.basicConfig(level=logging.DEBUG) #logging.basicConfig(level=logging.INFO) eap.LoadEAPDictionary("../dictEAP.xml") EAP = eap.EAPItem() # Set command code # Remember - Requests normally starts from AAA-> UE, so # even when skipped, identity is actually an response EAP.cmd = eap.EAP_CODE_RESPONSE # Set id EAP.id = 1 # Set type EAP.type = eap.EAP_TYPE_AKA # Set sub-type EAP.stype = eap.dictEAPSUBname2type("AKA-Identity") I = "0031303231313131323334353631303540776c616e2e6d6e633032332e6d63633236322e336770706e6574776f726b2e6f7267" print len(I), len(I) / 4, len(I) / 8 IDENTITY = I.decode("hex") EAP.avps.append(("AT_IDENTITY", IDENTITY.encode("hex"))) Payload = eap.encode_EAP(EAP) print "S Payload", Payload # Payload now contains EAP-Payload AVP E = eap.decode_EAP(Payload)