def Payload_Challenge_Response(ID,RAND,ETYPE):
# Let's build EAP-Payload Challenge-Response AVP
# Create EAP-Payload (empty)
EAP=eap.EAPItem()
# Set command code
EAP.cmd=eap.EAP_CODE_RESPONSE
# Set id
EAP.id=ID
# Set type
EAP.type=ETYPE
# Set sub-type
EAP.stype=eap.dictEAPSUBname2type("AKA-Challenge")
# RAND is copied from Challenge
# These values can be calculated or entered manually
#XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,Ki,RAND)
# Or copy from MAA
# IK=Identity-Key
# CK=Confidentiality-Key
# XRES=SIP-Authorization
IK = "952A44900B7FAFF249763475B3AA77EE";
CK = "F16A4BB5112DBA580132E29882FEC143";
XRES = "E818FBF691AE3B97";
KENCR,KAUT,MSK,EMSK,MK=eap.aka_calc_keys(IDENTITY,CK,IK)
# Add AT_RES
EAP.avps.append(("AT_RES",XRES))
# Add AT_MAC as last
eap.addMAC(EAP,KAUT,"")
# Do not add any AVPs after adding MAC
Payload=eap.encode_EAP(EAP)
# Payload now contains EAP-Payload AVP
return Payload
def Payload_Challenge_Response(ID, RAND, ETYPE):
# Let's build EAP-Payload Challenge-Response AVP
# Create EAP-Payload (empty)
EAP = eap.EAPItem()
# Set command code
EAP.cmd = eap.EAP_CODE_RESPONSE
# Set id
EAP.id = ID
# Set type
EAP.type = ETYPE
# Set sub-type
EAP.stype = eap.dictEAPSUBname2type("AKA-Challenge")
# RAND is copied from Challenge
# These values can be calculated or entered manually
#XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,Ki,RAND)
# Or copy from MAA
# IK=Identity-Key
# CK=Confidentiality-Key
# XRES=SIP-Authorization
IK = "952A44900B7FAFF249763475B3AA77EE"
CK = "F16A4BB5112DBA580132E29882FEC143"
XRES = "E818FBF691AE3B97"
KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(IDENTITY, CK, IK)
# Add AT_RES
EAP.avps.append(("AT_RES", XRES))
# Add AT_MAC as last
eap.addMAC(EAP, KAUT, "")
# Do not add any AVPs after adding MAC
Payload = eap.encode_EAP(EAP)
# Payload now contains EAP-Payload AVP
return Payload
def Payload_Challenge_Response(ID, RAND, ETYPE):
# Let's build EAP-Payload Challenge-Response AVP
# Create EAP-Payload (empty)
EAP = eap.EAPItem()
# Set command code
EAP.cmd = eap.EAP_CODE_RESPONSE
# Set id
EAP.id = ID
# Set type
EAP.type = ETYPE
# Set sub-type
EAP.stype = eap.dictEAPSUBname2type("AKA-Challenge")
# RAND is copied from Challenge
# These values can be calculated or entered manually
#XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,Ki,RAND)
# Or copy from MAA
# IK=Identity-Key
# CK=Confidentiality-Key
# XRES=SIP-Authorization
IK = "2d346b8c456223bc7519823a0abc94fd"
CK = "07fc3189172095ddce5b4ba2bfb70f7f"
XRES = "e818fbf691ae3b97"
if EAP.type == eap.EAP_TYPE_AKAPRIME:
# For AKA'
KENCR, KAUT, MSK, EMSK, KRE = eap.akap_calc_keys(IDENTITY, CK, IK)
else:
# For AKA
KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(IDENTITY, CK, IK)
# Add AT_RES
EAP.avps.append(("AT_RES", XRES))
# Add AT_MAC as last
eap.addMAC(EAP, KAUT, '')
# Do not add any AVPs after adding MAC
Payload = eap.encode_EAP(EAP)
# Payload now contains EAP-Payload AVP
return Payload
def Payload_Challenge_Response(ID, RAND, ETYPE):
# Let's build EAP-Payload Challenge-Response AVP
# Create EAP-Payload (empty)
EAP = eap.EAPItem()
# Set command code
EAP.cmd = eap.EAP_CODE_RESPONSE
# Set id
EAP.id = ID
# Set type
EAP.type = ETYPE
# Set sub-type
EAP.stype = eap.dictEAPSUBname2type("AKA-Challenge")
# RAND is copied from Challenge
# These values can be calculated or entered manually
# XRES,CK,IK,AK,AKS=eap.aka_calc_milenage(OP,Ki,RAND)
# Or copy from MAA
# IK=Identity-Key
# CK=Confidentiality-Key
# XRES=SIP-Authorization
IK = "2d346b8c456223bc7519823a0abc94fd"
CK = "07fc3189172095ddce5b4ba2bfb70f7f"
XRES = "e818fbf691ae3b97"
if EAP.type == eap.EAP_TYPE_AKAPRIME:
# For AKA'
KENCR, KAUT, MSK, EMSK, KRE = eap.akap_calc_keys(IDENTITY, CK, IK)
else:
# For AKA
KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(IDENTITY, CK, IK)
# Add AT_RES
EAP.avps.append(("AT_RES", XRES))
# Add AT_MAC as last
eap.addMAC(EAP, KAUT, "")
# Do not add any AVPs after adding MAC
Payload = eap.encode_EAP(EAP)
# Payload now contains EAP-Payload AVP
return Payload
ENCR_DATA = "C977562B704A8FF57782FBA5DC039BA12D6E34AA7DA5E9ABCE0E07FA3C5FC85F3487747063442D859C3A9F8351D34138FEA922B88FE785EE94C4C42DAC796FF7"
# =============================
# Procedure
# 1) From OP,K,RAND calculate XRES,Ck,Ik (milenage-f2345)
# This is enough to build response, but let's calculate a bit further
# 2) From Identity,Ck,Ik calculate keys (aka)
# If AT_ENCR_DATA AVP exist
# 3) Using those keys to decode AT_ENCR_DATA
# 4) Using OP,K,RAND,SQN,AMF calculate XMAC, MAC_S (milenage-f1) to verify AUTN
# ============================================================
# Step 1
XRES, CK, IK, AK, AKS = eap.aka_calc_milenage(OP, K, RAND)
print XRES, CK, IK, AK, AKS
print "=" * 30
# Step 2
KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(Identity, CK, IK)
print KENCR
print "+" * 30
# Step 3
# Example how to decode Reauth-Id
DATA = eap.decrypt_data(IV, KENCR, ENCR_DATA)
print DATA
print "-" * 30
avps = eap.splitEAPAVPs(DATA)
for avp in avps:
(Name, Value) = avp
print Name, "=", Value
REAUTH = findAVP("AT_NEXT_REAUTH_ID", avps)
if REAUTH <> -1:
print REAUTH.decode("hex")
print "=" * 30
ENCR_DATA = "C977562B704A8FF57782FBA5DC039BA12D6E34AA7DA5E9ABCE0E07FA3C5FC85F3487747063442D859C3A9F8351D34138FEA922B88FE785EE94C4C42DAC796FF7"
#=============================
# Procedure
# 1) From OP,K,RAND calculate XRES,Ck,Ik (milenage-f2345)
# This is enough to build response, but let's calculate a bit further
# 2) From Identity,Ck,Ik calculate keys (aka)
# If AT_ENCR_DATA AVP exist
# 3) Using those keys to decode AT_ENCR_DATA
# 4) Using OP,K,RAND,SQN,AMF calculate XMAC, MAC_S (milenage-f1) to verify AUTN
# ============================================================
# Step 1
XRES, CK, IK, AK, AKS = eap.aka_calc_milenage(OP, K, RAND)
print XRES, CK, IK, AK, AKS
print "=" * 30
# Step 2
KENCR, KAUT, MSK, EMSK, MK = eap.aka_calc_keys(Identity, CK, IK)
print KENCR
print "+" * 30
# Step 3
# Example how to decode Reauth-Id
DATA = eap.decrypt_data(IV, KENCR, ENCR_DATA)
print DATA
print "-" * 30
avps = eap.splitEAPAVPs(DATA)
for avp in avps:
(Name, Value) = avp
print Name, "=", Value
REAUTH = findAVP("AT_NEXT_REAUTH_ID", avps)
if REAUTH <> -1:
print REAUTH.decode("hex")
print "=" * 30
