科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>python - Algorithm of AT_MAC generation for EAP-AKA - Stack Overflow

    python - Algorithm of AT_MAC generation for EAP-AKA - Stack Overflow

    programmeradmin0浏览0评论

    Maybe anybody can help with algorithm of calculation AT_MAC parameter for EAP-AKA authentication ? I need to answer out with 3 parameters: AT_RAND, AT_AUTN, AT_MAC. It's clear how to generate AT_RAND and AT_AUTN.

    I have such input options:

    • 3GPP-SIP-Authorization
    • Confidentiality-Key
    • Integrity-Key
    • Identity
    • 3GPP-SIP-Authenticate

    When i tried to calculate it like this (RFC 4187), it's not working:

    10.15.  AT_MAC

   The AT_MAC attribute is used for EAP-AKA message authentication.
   Section 9 specifies in which messages AT_MAC MUST be included.

   The value field of the AT_MAC attribute contains two reserved bytes
   followed by a keyed message authentication code (MAC).  The MAC is
   calculated over the whole EAP packet and concatenated with optional
   message-specific data, with the exception that the value field of the
   MAC attribute is set to zero when calculating the MAC.  The EAP
   packet includes the EAP header that begins with the Code field, the
   EAP-AKA header that begins with the Subtype field, and all the
   attributes, as specified in Section 8.1.  The reserved bytes in
   AT_MAC are set to zero when sending and ignored on reception.  The
   contents of the message-specific data that may be included in the MAC
   calculation are specified separately for each EAP-AKA message in
   Section 9.

   The format of the AT_MAC attribute is shown below.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     AT_MAC    | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                           MAC                                 |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The MAC algorithm is HMAC-SHA1-128 [RFC2104] keyed hash value.  (The
   HMAC-SHA1-128 value is obtained from the 20-byte HMAC-SHA1 value by
   truncating the output to 16 bytes.  Hence, the length of the MAC is
   16 bytes.)  The derivation of the authentication key (K_aut) used in
   the calculation of the MAC is specified in Section 7.

   When the AT_MAC attribute is included in an EAP-AKA message, the
   recipient MUST process the AT_MAC attribute before looking at any
   other attributes, except when processing EAP-Request/AKA-Challenge.
   The processing of EAP-Request/AKA-Challenge is specified in

Arkko & Haverinen            Informational                     [Page 63]
RFC 4187                 EAP-AKA Authentication             January 2006

   Section 9.3.  If the message authentication code is invalid, then the
   recipient MUST ignore all other attributes in the message and operate
   as specified in Section 6.3.



7.  Key Generation

   This section specifies how keying material is generated.

   On EAP-AKA full authentication, a Master Key (MK) is derived from the
   underlying AKA values (CK and IK keys), and the identity, as follows.

   MK = SHA1(Identity|IK|CK)

   In the formula above, the "|" character denotes concatenation.
   Identity denotes the peer identity string without any terminating
   null characters.  It is the identity from the last AT_IDENTITY
   attribute sent by the peer in this exchange, or, if AT_IDENTITY was

    Specification is clear but the result is different with working system.

    If anybody can share working script on python or any other language it will be grate.

    Here is my python script

    import hmac
import hashlib

#input parameters
identity = b"[email protected]"
ck = bytes.fromhex("86a2d3c129a5d184b4a9fd3c5ac47739")
ik = bytes.fromhex("c2d815eeee312ca4c82d1308fea1bbe7")
rand = bytes.fromhex("0000fae5fb79279e2ea292f6366820e02a13")
autn = bytes.fromhex("0000ff4b031189580000224dd374c08abba9")
mac0 = bytes.fromhex("000000000000000000000000000000000000")

# k_aut calculation (Section 7 RFC 4187)
concatenated_k_aut = identity + ik + ck
concatenated_k_aut_hash = hashlib.sha1(concatenated_k_aut).hexdigest()
k_aut = bytes.fromhex(concatenated_k_aut_hash)[:16] # Truncate to 128 bits
print("k_aut:", k_aut.hex())

# Construct eap_aka_message
eap_header = bytes.fromhex("01 02 00 44 17")  # EAP Header
eap_aka_header = bytes.fromhex("01 00 00")  # EAP-AKA Header
at_rand = bytes.fromhex("01 05") + rand    # AT_RAND
at_autn = bytes.fromhex("02 05") + autn    # AT_AUTN
at_mac = bytes.fromhex("0b 05") + mac0    # EMPTY MAC value
eap_aka_message = eap_header + eap_aka_header + at_rand + at_autn + at_mac
print("eap_aka_message:", eap_aka_message.hex())

# Calculate AT_MAC
hmac_sha11 = hmac.new(k_aut, eap_aka_message, hashlib.sha1).digest()
at_mac = hmac_sha11[:16]
print("AT_MAC:", at_mac.hex())


#output
#k_aut: d3585fc249bf60bcb528842aa27eb3e5
#eap_aka_message: 010200441701000001050000fae5fb79279e2ea292f6366820e02a1302050000ff4b031189580000224dd374c08abba90b05000000000000000000000000000000000000
#AT_MAC: a06b277a5f7f626c62c8cd58c3b469e7

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论