Hi,
After reading the draft-congdon-radius-8021x-18.txt , I try to setup the environment and sniff the packet. But I find there's something wrong with my test. The signature I generated is not the same as the one generated by Cisco AP350. I will describe my procedure in the following. My environment: Client - Windows XP AP - Cisco AP350 RADIUS - Microsoft IAS AccessRequest's Authenticator 0x2F-0x95-0x31-0xD9 0x5D-0x8C-0x1C-0x43 0x82-0xCD-0xAF-0x6F 0x29-0xD0-0xC5-0xAC MS-MPEE-SEND-KEY 0x1A-0x3A-0x00-0x00 0x01-0x37-0x10-0x34 0x80-0x1D-0xDD-0x1D 0xDF-0x50-0x0C-0xEF 0x97-0xF0-0x67-0x3E 0x45-0x93-0xFD-0x55 0xC2-0xB3-0x78-0x39 0x83-0x87-0xF4-0xAD 0x90-0xAE-0xA3-0x48 0x34-0x24-0x1F-0x06 0xF8-0xB4-0x27-0xD4 0x4C-0x24-0x44-0xAF 0xE9-0x76-0xDD-0x12 0x9B-0x29-0xE4-0x56 0x4F-0x98 MS-MPEE-RECV-KEY 0x1A-0x3A-0x00-0x00 0x01-0x37-0x11-0x34 0x80-0x1E-0x64-0xA5 0x0D-0x3A-0xAC-0x28 0x09-0x76-0x73-0x34 0x2B-0xED-0xD9-0x95 0x53-0xEB-0x21-0xD3 0xBF-0xD8-0xE5-0x3A 0xDD-0xE4-0x22-0xDA 0x2D-0xF6-0x16-0x52 0x75-0x77-0x9F-0xBB 0x9C-0x69-0xE5-0x81 0x7B-0xF3-0x4A-0x6D 0xB3-0xAF-0x80-0x7D 0xE8-0xB5 Shared Secret 4 bytes "1234" The MS-MPEE-SEND-KEY decoded by my program according to RFC.2548 0x20-0x1F-0xB3-0x42 0xA4-0x47-0x95-0x2C 0x7A-0xB0-0xB7-0x9E 0xFF-0x9C-0x80-0x03 0x60-0x78-0x06-0x5D 0x98-0xA7-0x0F-0x21 0xC2-0x09-0x7B-0x25 0x21-0xA7-0xF9-0x38 0x29-0x00-0x00-0x00 0x00-0x00-0x00-0x00 0x00-0x00-0x00-0x00 0x00-0x00-0x00-0x00 The EAPOL-Key packet 0x88-0x8E-0x01-0x03 0x00-0x31-0x01-0x00 0x05-0x00-0x23-0x00 0x02-0x5C-0xD4-0x00 0x11-0x24-0x46-0x22 0x27-0x43-0xAF-0x13 0x55-0x78-0x02-0x04 0x57-0x61-0xE0-0x7D 0x13-0x00-0xED-0xF9 0xE3-0xD5-0xA5-0x8D 0xC3-0xC4-0x90-0x4E 0x04-0xBA-0x05-0xA2 0xDC-0x68-0x9E-0x40 0x2A-0x1D-0x00 The signature generate by my program according to the draft-congdon-radius-8021x-18.txt I am using the decoded MS-MPEE-SEND-KEY (0x1F-0xB3-0x42...) as input(size 0x20). 0xAA-0xC5-0x35-0x5E 0x52-0x54-0x46-0x35 0x43-0xCE-0x98-0x5A 0xA8-0x82-0xDD-0xBB Not the same as the one generated by AP350 0xED-0xF9-0xE3-0xD5 0xA5-0x8D-0xC3-0xC4 0x90-0x4E-0x04-0xBA 0x05-0xA2-0xDC-0x68 >I've been asked by the IEEE 802.1aa group to prepare a revision to the >IEEE 802.1X RADIUS usage guidelines Appendix, in order to better specify >how the fields within the EAPOL-Key descriptor are prepared. If you have >every puzzled over this, or are interested in checking a specification for >accuracy and completeness, you might wish to check out the following >document: > >http://www.drizzle.com/~aboba/IEEE/draft-congdon-radius-8021x-18.txt -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
