<div>Hi All,</div> <div> </div> <div>I have downloaded patch from <A href="http://bugs.freeradius.org/show_bug.cgi?id=386">http://bugs.freeradius.org/show_bug.cgi?id=386</A>.</div> <div>I have succesfully applied patch to Freeradius1.1.2. Few questions i have..</div> <div> </div> <div>a) Does patch supports <SPAN lang=EN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">optional identity privacy support, optional result indications, and an optional fast re-authentication procedure.</SPAN></div> <div><SPAN lang=EN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></SPAN> </div> <div><SPAN lang=EN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman';
mso-ansi-language: EN; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">b) <SPAN style="mso-list: Ignore"><SPAN style="FONT: 7pt 'Times New Roman'"> </SPAN></SPAN>After receiving EAP-Request/AKA-Challenge from server, client should calculate AT_MAC and compares with the received one. If it matches it should send back the EAP-Response/AKA-Challenge with AT_RES and new AT_MAC. </SPAN></div> <div><SPAN lang=EN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">As per section 10.8 of RFC 4187, AT_RES should be encoded as follows. </SPAN></SPAN></div><SPAN lang=EN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family:
'Times New Roman'; mso-ansi-language: EN; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"> <div class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><EM><SPAN></SPAN></EM> </div> <div class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><EM><SPAN> The value
field of this attribute begins with the <FONT color=#000000><SPAN style="COLOR: blue">2-byte RES Length,which </SPAN>identifies the exact length of the RES in bits</FONT></SPAN><SPAN lang=EN style="mso-ansi-language: EN">.<SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="COLOR: black">The RES length is followed by t</SPAN></SPAN><SPAN lang=EN style="COLOR: black; mso-ansi-language: EN">he AKA RES parameter.<SPAN style="mso-spacerun: yes"> </SPAN>According to [<A title='"3GPP Technical Specification 3GPP TS 33.105 4.1.0: "' href="http://tools.ietf.org/html/rfc4187#ref-TS33.105"><SPAN style="COLOR: black">TS33.105</SPAN></A>], the length of the AKA R</SPAN><SPAN lang=EN style="COLOR: black; mso-ansi-language: EN">ES can vary between 32 and 128 bits.<SPAN style="mso-spacerun:
yes"> </SPAN>Because the length of the AT_RES <SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-tab-count: 1"> </SPAN></SPAN><SPAN lang=EN style="COLOR: black; mso-ansi-language: EN">attribute must be a multiple of 4 bytes, the sender pads the RES with zero bits </SPAN><SPAN lang=EN style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN style="mso-spacerun: yes"> </SPAN>where necessary</SPAN></EM></SPAN></SPAN></div> <div class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify"><SPAN style="mso-tab-count: 1"> </SPAN></div> <div class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify"><SPAN style="mso-tab-count: 1">Trace below is packet from client to
server:-</SPAN></div> <div class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify"><SPAN style="mso-tab-count: 1"></SPAN> </div> <div class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify"><SPAN style="mso-tab-count: 1"></SPAN>0x0242003017010000<B style="mso-bidi-font-weight: normal"><SPAN style="COLOR: black">0305</SPAN><SPAN style="COLOR: blue">0000</SPAN><SPAN style="COLOR: black">d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0</SPAN></B>0b0500<SPAN style="mso-tab-count: 1"> </SPAN>000d6eb3a8082c9d2c0a031505b7a0fac0</div> <div></SPAN> </div> <div>c) <FONT face="Times New Roman"><SPAN style="mso-list: Ignore"><SPAN style="FONT: 7pt 'Times New Roman'"> </SPAN></SPAN><FONT size=3>As per section 3 (Figure 2) from RFC 4187, if server is unable to authenticate client if AT_MAC or AT_RES is incorrect, it should back the EAP-Request/AKA-Notification to client and client should respond
back with EAP-Response/AKA-Notification. Then only server should send back EAP result as Failure. <SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">But Freeradius1.1.2 sends back the EAP Result (FAILURE) with Access-Reject. <SPAN style="mso-tab-count: 1"> </SPAN>How ever success scenarion works perfectly.</SPAN></FONT></FONT></div> <div><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></SPAN></FONT></FONT> </div> <div><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language:
EN-US; mso-bidi-language: AR-SA">d) After receiving AKA-Challenge from Radius server, does patch supports the checking of Sequence No from AUTN parameter? </SPAN></FONT></FONT></div> <div><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></SPAN></FONT></FONT> </div> <div><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">Do we have any latest patch to support EAP-AKA?</SPAN></FONT></FONT></div> <div><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US;
mso-bidi-language: AR-SA"></SPAN></FONT></FONT> </div> <div><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">Thanks</SPAN></FONT></FONT></div> <div><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></SPAN></FONT></FONT> </div> <div><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></SPAN></FONT></FONT> </div> <div><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman';
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></SPAN></FONT></FONT> </div> <div> </div><p>
<hr size=1><a href="
http://us.rd.yahoo.com/evt=49981/*http://advision.webevents.yahoo.com/mailbeta/features_spam.html">Sucker-punch spam</a> with award-winning protection.<br> Try the <a href="
http://us.rd.yahoo.com/evt=49981/*http://advision.webevents.yahoo.com/mailbeta/features_spam.html">free Yahoo! Mail Beta.</a>