Question regarding SQN in EAP-AKA in v4.0.0
Alan DeKok
aland at deployingradius.com
Tue Feb 8 22:31:50 UTC 2022
On Feb 8, 2022, at 4:49 PM, Shane Guan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> We are currently using freeradius v4.0.0 on the nested_coding branch
As I noted in the other message, please don't use that branch. Things have changed a lot since then, and for the better. The "master" branch is being used in str
> to test our peer with the eap-aka method. We noticed a discrepancy in our understanding of the behavior of the AuC and what freeradius does. In TS 133 102 - V8.1.0 - Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Security architecture (3GPP TS 33.102 version 8.1.0 Release 8) (etsi.org)<https://www.etsi.org/deliver/etsi_ts/133100_133199/133102/08.01.00_60/ts_133102v080100p.pdf> sections C.1.1.2, C.1.2, and C.3 imply that the sequence number generated by the AuC should have the least significant bits reserved for an index value IND, while the others are for the SEQ. While it doesn't specify how many bits are reserved for the IND, section C.3 suggests that 5 is a common number. However, freeradius doesn't seem to use any bits for the index, as the default SQN it uses if none is provided is 0x2. Is this desired behavior for freeradius?
I'm not entirely sure... Arran has spent a lot more time in that code, and knows it a lot better than I do.
Alan DeKok.
More information about the Freeradius-Users
mailing list