idnits 2.17.1 draft-urien-eap-smartcard-34.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 1347 has weird spacing: '...Private key ...' == Line 1348 has weird spacing: '...Private key ...' == Line 1349 has weird spacing: '... Public key...' == Line 1350 has weird spacing: '... Public key...' == Line 2449 has weird spacing: '... octets eap.r...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 2017) is 2324 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'RFC2119' is mentioned on line 25, but not defined == Missing Reference: 'EAP-TLS' is mentioned on line 206, but not defined == Missing Reference: 'IEEE-802.1X' is mentioned on line 226, but not defined == Missing Reference: 'IEEE-802.11' is mentioned on line 227, but not defined == Missing Reference: 'IEEE-802.16e' is mentioned on line 228, but not defined == Missing Reference: 'L2TP' is mentioned on line 229, but not defined -- Looks like a reference, but probably isn't: '1' on line 2046 == Missing Reference: 'FIPS' is mentioned on line 1547, but not defined == Missing Reference: 'COMMON CRITERIA' is mentioned on line 1547, but not defined -- Looks like a reference, but probably isn't: '0' on line 2042 -- Looks like a reference, but probably isn't: '2' on line 2050 -- Looks like a reference, but probably isn't: '3' on line 2054 == Unused Reference: 'L2P' is defined on line 2973, but no explicit reference was found in the text == Unused Reference: 'RFC 5216' is defined on line 3009, but no explicit reference was found in the text == Unused Reference: 'PKCS6' is defined on line 3015, but no explicit reference was found in the text == Unused Reference: 'PEAP' is defined on line 3080, but no explicit reference was found in the text ** Obsolete normative reference: RFC 5246 (ref. 'TLS') (Obsoleted by RFC 8446) -- No information found for draft-aboba-eap-keying-extens - is the name correct? Summary: 1 error (**), 0 flaws (~~), 18 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 EAP Working Group P. Urien 3 Internet Draft Telecom ParisTech 4 Intended status: Informational G. Pujolle 5 LIP6 6 December 2017 7 Expires: June 2018 9 EAP Support in Smartcard 10 draft-urien-eap-smartcard-34.txt 12 Abstract 14 This document describes the functional interface, based on the 15 ISO7816 standard, to EAP methods, fully and securely executed in 16 smart cards. This class of tamper resistant device may deliver 17 client or server services; it can compute Root Keys from an Extended 18 Master Session Key (EMSK). 20 Requirements Language 22 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 23 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 24 document are to be interpreted as described in RFC 2119 [RFC2119]. 26 Status of this Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six 37 months and may be updated, replaced, or obsoleted by other documents 38 at any time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on June 2018. 43 Copyright Notice 45 Copyright (c) 2017 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with 53 respect to this document. 55 Table of Contents 57 Abstract........................................................... 1 58 Requirements Language.............................................. 1 59 Status of this Memo................................................ 1 60 Copyright Notice................................................... 2 61 1 Overview......................................................... 5 62 2 Relationships with RFC 3748...................................... 6 63 2.1 EAP multiplexing model...................................... 6 64 2.2 EAP smartcards.............................................. 6 65 3 Overview of EAP smartcards in the IETF context................... 7 66 3.1 Network Interface........................................... 8 67 3.2 Other services.............................................. 9 68 3.3 Out Of Band (OOB) facilities................................ 9 69 4 User's Identity.................................................. 9 70 5 EAP smartcard services.......................................... 10 71 5.1 Add-Identity............................................... 10 72 5.2 Delete-Identity............................................ 10 73 5.3 Get-Preferred-Identity..................................... 10 74 5.4 Get-Current-Identity....................................... 10 75 5.5 Get-Next-Identity.......................................... 10 76 5.6 Set-Identity............................................... 11 77 5.7 Get-Profile-Data........................................... 11 78 5.8 Process-EAP................................................ 11 79 5.9 Process-EAP-OOB............................................ 12 80 5.10 Get-Session-Key........................................... 12 81 5.11 Get-State................................................. 12 82 5.12 Reset-State............................................... 12 83 5.13 Method Functions.......................................... 13 84 5.14 Multiple EAP Identity selections.......................... 13 85 5.15 Get-Exported-Parameters................................... 13 86 5.17 Get-AMSK.................................................. 14 87 6 Client and Server facilities.................................... 15 88 7 IEEE 802.16 services............................................ 15 89 7.1 Get-Certificate............................................ 15 90 7.2 Private-Key-Decryption..................................... 16 91 8 Relationships with the Smartcard Interface Entity............... 16 92 9 ISO 7816-4 APDUs................................................ 16 93 9.1 ISO 7816 Status Word....................................... 17 94 EAP Support in Smartcard December 2017 96 9.2 Segmentation/Reassembly rules.............................. 17 97 9.2.1 Segmentation ........................................ 17 98 9.2.2 Reassembly .......................................... 18 99 9.3 PIN Management............................................. 18 100 9.3.1 Verify PIN .......................................... 18 101 9.3.2 Change PIN .......................................... 18 102 9.3.3 Enable PIN .......................................... 18 103 9.3.4 Disable PIN ......................................... 19 104 9.3.5 Unblock PIN ......................................... 19 105 9.4 Multi-Applications smartcard considerations................ 19 106 9.5 Add-Identity............................................... 20 107 9.6 Delete-Identity............................................ 20 108 9.7 Get-Preferred-Identity..................................... 20 109 9.8 Get-Current-Identity....................................... 20 110 9.9 Get-Next-Identity.......................................... 21 111 9.10 Get-Profile-Data.......................................... 21 112 9.11 Set-Identity.............................................. 21 113 9.12 Set-Multiple-Identity..................................... 22 114 9.13 Process-EAP............................................... 22 115 9.13.1 Standard format .................................... 22 116 9.13.2 ETSI format ........................................ 23 117 9.14 Process-EAP-OOB........................................... 24 118 9.15 Get-Session-Key........................................... 25 119 9.16 Get-Current-Version....................................... 25 120 9.17 Get-State................................................. 25 121 9.18 Reset-State............................................... 26 122 9.19 Get-Exported-Parameter.................................... 26 123 9.20 Get-AMSK.................................................. 27 124 9.21 Method Functions.......................................... 27 125 9.22 IEEE 802.16 Services...................................... 28 126 9.23 Commands summary.......................................... 29 127 10 Security Considerations........................................ 30 128 10.1 Security Claims........................................... 30 129 10.2 Smart Card Technology..................................... 30 130 10.3 Tamper Resistant Storage and Execution.................... 30 131 10.4 Multi Factor Authentication............................... 31 132 10.5 Random Number Generation.................................. 31 133 10.6 Cryptographic Capabilities................................ 31 134 10.7 Secure Provisioning....................................... 31 135 10.8 Certification............................................. 31 136 10.9 Smart Cards and EAP Security Claims....................... 32 137 10.9.1 Mutual Authentication .............................. 32 138 10.9.2 Confidentiality .................................... 32 139 10.9.3 Key Derivation ..................................... 32 140 10.9.4 Man-in-the-Middle Attacks .......................... 32 141 10.9.5 Dictionary Attacks ................................. 32 142 10.9.6 Cryptographic Binding .............................. 32 143 10.9.7 Channel Binding .................................... 33 144 10.9.8 Protection Against Rogue Networks .................. 33 145 10.9.9 Authentication Method Security ..................... 33 146 11 Intellectual Property Right Notice............................. 33 147 EAP Support in Smartcard December 2017 149 12 Annex 1, EAP-SIM packets details............................... 34 150 12.1 Full Authentication....................................... 34 151 12.2 Re-Authentication......................................... 35 152 13 Annex 2, EAP-MD5 packet details................................ 37 153 14 Annex 3 - TLS support.......................................... 39 154 14.1 Unix Time issue........................................... 39 155 14.2 Fragment Maximum Size..................................... 39 156 14.3 EAP/TLS messages format.................................... 40 157 14.4 Example of EAP/TLS Authentication......................... 41 158 15 Annex 4 ASN.1 BER Tag coding for the subscriber profile 159 information....................................................... 41 160 15.1 ASN.1 Subscriber Profile Encoding......................... 42 161 15.1.1 EapID .............................................. 42 162 15.1.2 EapType ............................................ 42 163 15.1.3 Version ............................................ 42 164 15.1.4 User Credential .................................... 42 165 15.1.5 UserProfile ........................................ 43 166 15.1.6 UserProfile encoding example ....................... 43 167 16 Annex 5 APDUs exchange example................................. 44 168 17 Annex 6, EAP-TLS ISO7816 APDUs Trace (T=0 Protocol)............ 45 169 17.1 EAP-TLS session parameters................................ 45 170 17.1.1 CA Public Key (2048 bits) .......................... 45 171 17.1.2 Server Public Key (1024 bits) ...................... 45 172 17.1.3 Client Private Key (1024 bits) ..................... 45 173 17.2 Full EAP-TLS trace (mode 2)............................... 46 174 17.3 EAP-TLS mode1 ISO7816 trace (T=0 protocol)................ 53 175 18 Annex 7, EAP-AKA ISO7816 APDUs Trace (T=0 Protocol)............ 56 176 19 IANA Considerations............................................ 61 177 20 References..................................................... 61 178 20.1 Normative References...................................... 61 179 20.2 Informative References.................................... 63 180 21 Authors' Addresses............................................. 63 181 EAP Support in Smartcard December 2017 183 1 Overview 185 All wireless LAN technologies derived from IEEE 802.11 or IEEE 186 802.16 specifications need strong security protocols for data 187 privacy, integrity and network access control. 189 Standards such as [802.1X], [IEEE 802.16e], [IKEv2], require the 190 Extensible Authentication Protocol (EAP) [RFC 3748] as the framework 191 for authentication purposes, with a mutual authentication between a 192 client (supplicant, subscriber's terminal, VPN user) and an 193 authentication server (AS). 195 EAP methods MAY be implemented in smart cards. 197 This draft describes a standard interface to EAP methods embedded in 198 ISO7816 smart cards. These devices are generally considered as one 199 of the most secure computing platform. As an illustration the NIST 200 issued a set of specifications [NIST-PIV], dealing with the Personal 201 Identity Verification (PIV) integrated circuit card. 203 Annex one provides a reference example for a SIM based 204 authentication [EAP-SIM]. Annex two gives a reference example for a 205 MD5 based authentication. Annex three presents a reference example 206 for a TLS based authentication [EAP-TLS]. Annex four describes the 207 optional user's profile according to the ASN.1 [ASN.1] syntax. Annex 208 five illustrates an MD5 authentication scenario working with an EAP 209 smartcard. Annex six shows ISO 7816 data exchanges with EAP-TLS 210 smartcards. Annex seven presents ISO 7816 data exchanges with EAP- 211 AKA [EAP-AKA] smart cards. 213 EAP Support in Smartcard December 2017 215 2 Relationships with RFC 3748 217 2.1 EAP multiplexing model 219 According to [RFC 3748], EAP implementations conceptually consist of 220 the four following components: 222 1- Lower layer. The lower layer is responsible for transmitting and 223 receiving EAP frames between the peer and authenticator. EAP has 224 been run over a variety of lower layers including 225 - PPP; 226 - Wired IEEE 802 LANs [IEEE-802.1X]; 227 - IEEE 802.11 wireless LANs [IEEE-802.11]; 228 - IEEE 802.16e Wireless Metropolitan LANs [IEEE-802.16e]; 229 - UDP (L2TP [L2TP] and IKEv2 [IKEv2]) 231 2- EAP layer. The EAP layer receives and transmits EAP packets via 232 the lower layer; it implements duplicate detection and 233 retransmission, and delivers and receives EAP messages to and from 234 EAP methods. 236 3- EAP peer and authenticator layers. Based on the Code field, the 237 EAP layer de-multiplexes incoming EAP packets to the EAP peer and 238 authenticator layers. Typically, an EAP implementation on a given 239 host will support either peer or authenticator functionality. 241 4- EAP method. EAP methods implement the authentication algorithms 242 and receive and transmit EAP messages. Since fragmentation support 243 is not provided by EAP itself, this is the responsibility of EAP 244 methods. 246 2.2 EAP smartcards 248 An EAP smart card implements one or several EAP methods, and works 249 in cooperation with a Smartcard Interface Entity, that sends and 250 receives EAP messages to/from this device. The simplest form of this 251 interface is a software bridge that transparently forwards EAP 252 messages to smart card. 254 EAP Support in Smartcard December 2017 256 +-+-+-+-+-+-+ +-+-+-+-+-+-+ 257 | EAP method| | EAP method| 258 | Smartcard | | Smartcard | 259 | Client | | Server | 260 | Type = X | | Type = Y | 261 +-+-+-+-+-+-+ +-+-+-+-+-+-+ 262 ! ! 263 +-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+ 264 | Smartcard | EAP method| | EAP method | Smartcard | 265 | Interface | Type = Y | | Type = X | Interface | 266 | Entity | | | | Entity | 267 +-+-+-+-V-+-+-+-+-+-+-+-+-+ +-+-+-+-!-+-+-+-+-+-+-+-+-+ 268 | ! | | ! | 269 | EAP ! Peer Layer | | EAP ! Auth. Layer | 270 | ! | | ! | 271 +-+-+-+-!-+-+-+-+-+-+-+-+-+ +-+-+-+-!-+-+-+-+-+-+-+-+-+ 272 | ! | | ! | 273 | EAP ! Layer | | EAP ! Layer | 274 | ! | | ! | 275 +-+-+-+-!-+-+-+-+-+-+-+-+-+ +-+-+-+-!-+-+-+-+-+-+-+-+-+ 276 | ! | | ! | 277 | Lower ! Layer | | Lower ! Layer | 278 | ! | | ! | 279 +-+-+-+-!-+-+-+-+-+-+-+-+-+ +-+-+-+-!-+-+-+-+-+-+-+-+-+ 280 ! ! Authentication 281 ! Peer ! Server 282 +------------>---------------+ 284 3 Overview of EAP smartcards in the IETF context. 286 Peer-Layer Interface EAP Smartcard Exported- 287 (RFC 4137) Additional Services Parameters 289 | |Content |Security |Identity | 290 | |Mngt |Mngt |Mngt | 291 | | | | | 292 | +V+-+-+-+-+V+-+-+-+-+V+ | 293 | | EAP Smartcard | SC.Get-Exp-Param | 294 | | Method |-> Channel Binding | 295 | SC.Reset,SC.Get-State | |-> Peer-ID | 296 | MethodState ->| Secure Method |-> Server-ID | 297 | | Processing |-> Method-ID | 298 | SC.Process-EAP | | | 299 | eapReqData ->| Secure Storage of | SC.Get-Session-Key | 300 | | Method Credentials |-> MSK | 301 | | | | 302 | | Keys caching | SC.Get-AMSK | 303 | | (EMSK) |-> AMSK | 304 +-+-+-+-+-+-+-+-+-+-+-+ 305 EAP Support in Smartcard December 2017 307 The EAP smartcard offers four classes of services, the network 308 interface, the content management, the security management and the 309 identity management. 311 3.1 Network Interface 313 Network services comprise two kinds of functional interfaces, 314 described in [RFC 4137] and in [EAP-KEY], that we call Peer-Layer 315 and Exported-Parameters. 317 The interface between EAP methods and the Peer-Layer is introduced 318 in [RFC 4137] and comprises two main procedures: 320 - methodState() initializes a method or gets its current state. This 321 function is realized by two EAP-Smartcard procedures named SC.Reset- 322 State and SC.Get-State. 324 - eapReqData() forwards EAP messages to methods, and optionally 325 returns a response. The EAP smartcard uses the SC.Process-EAP 326 command for that purpose. 328 Upon success, the method computes a set of values, whose use is more 329 precisely defined in [EAP-KEY], and which are made available for 330 other EAP layers: 332 - The Master Session Key (MSK) used as a shared secret, involved in 333 cryptographic material generation. The SC.Get-Session-Key command 334 returns this value. 336 - An additional key, the Extended Master Session Key (EMSK), never 337 shared with a third party. This key is 'cached' by the Smartcard. 339 - Application Master Session Keys (AMSK) introduced by in [EAP-EXT] 340 and obtained through a key distribution function (KDF) using EMSK 341 and other values, as input parameters. This key is collected by the 342 SC.Get-AMSK command. 344 - Method-ID used as a unique identifier of an EAP conversation. It's 345 typically obtained by the concatenation of two random values 346 generated by server and client entities. This value is obtained via 347 the SC.Get-Exported-Parameter command. 349 - Server-ID corresponding to the identity, if any, of the server. 350 For example it's the subject field of an X.509 certificate. This 351 value is obtained via the SC.Get-Exported-Parameter command. 353 - Peer-ID used for the identity of the client, if any. It could be 354 the subject field of an X.509 certificate. This value is obtained 355 via the SC.Get-Exported-Parameter command. 357 EAP Support in Smartcard December 2017 359 - Channel Bindings used as elements of information, typically 360 relative to the IEEE 802.1x access point (Called-Station-Id, 361 Calling-Station-Id, NAS-Identifier, NAS IP-Address, etc.). They are 362 optionally mirrored during an EAP session, from server to client. 363 This value is obtained via the SC.Get-Exported-Parameter command. 365 3.2 Other services 367 An EAP-Smartcard has a physical interface with the EAP-Peer layer 368 and produces output values as described in the previous section. 369 However other management services are required for practical 370 reasons: 372 - Content Management. It's the set of operations needed to download 373 credentials required by a particular method (X.509 certificates, 374 cryptographic keys ...). 376 - Security Management. This service manages mechanisms (PIN codes, 377 biometric techniques ...) that restrict EAP-Smartcard use to 378 authorized bearers. 380 - Identity Management. When several methods (or instances of 381 methods) are available, this service allows selecting one of them. 383 3.3 Out Of Band (OOB) facilities 385 EAP sessions may tunnel protocols such as NAP (Network Access 386 Protection) or NAC (Network Admission Control). It is likely that 387 these transported messages will be encrypted and protected according 388 to mechanisms managed by EAP methods. 390 OOB facilities are services that enable Smartcard Interface Entities 391 to exchange OOB messages (such as NAP or NAC) tunneled by smart card 392 embedded EAP methods. 394 4 User's Identity 396 The user's identity is a pointer to a tuple of values comprising: 398 - The EAP-ID (the parameter returned in the EAP-Response Identity 399 message), 400 - The method type, 401 - Credentials (certificates, private keys, shared secrets...) 402 associated to this particular type. 404 It may be of various types: 406 - A network SSID as described in the 802.11 standard [IEEE 802.11]. 407 - A user's identifier (UserID) e.g. an ASCII string. A network 408 access identifier, NAI [RFC 7542] MAY be used as UserID. 409 - A pseudonym, i.e. a friendly name. 411 EAP Support in Smartcard December 2017 413 - Etc... 415 5 EAP smartcard services 417 Mandatory services MUST be implemented in any smartcard that claims 418 conformance with this draft. 420 Optional services are not required by basic authentication 421 operations. 423 Secure services MAY be protected by a PIN code. Non secure services 424 MUST be freely accessible. 426 5.1 Add-Identity 427 Status: Optional. 428 Security: Secure(ISSUER). 429 The smartcard is usually manufactured without any user's identity. 430 The personalization software or the Identity Management software, 431 assigns to the smartcard a user's identity that can be retrieved by 432 other commands. 434 5.2 Delete-Identity 435 Status: Optional 436 Security: Secure(ISSUER) 437 The smartcard contains a list of one or several user's identity 438 discovered by the Identity Management software. This command deletes 439 one entry of this list. 441 5.3 Get-Preferred-Identity 442 Status: Optional 443 Security: Non Secure. 444 The smartcard contains at least one user's identity. The Identity 445 Management software gets from the smartcard the initial and 446 preferred user's identity. If the user has more than one identity, 447 the Identity Management software uses the Get-Next-Identity to read 448 all available identities. 450 5.4 Get-Current-Identity 451 Status: Mandatory 452 Security: Non Secure 453 The smartcard contains at least one user's identity related to the 454 user's subscriptions. The Identity Management software gets from the 455 smartcard its current user's identity. 457 5.5 Get-Next-Identity 458 Status: Mandatory 459 Security: Non Secure 460 The smartcard may contain one or more user's identities according to 461 the user's subscriptions. The Identity Management software MAY 462 prompt the user's identities and a subsequent selection allows the 463 smartcard to process the appropriate EAP authentication type. The 464 EAP Support in Smartcard December 2017 466 Get-Next-Identity command allows the Identity Management software to 467 read all the available user's identities. 469 The Get-Next-Identity command MAY inform the Identity Management 470 software when all user's identities have been read. Otherwise the 471 Identity Management software detects the identity list end, when it 472 collects again the first identity. 474 5.6 Set-Identity 475 Status: Mandatory 476 Security: Secure(BEARER) 477 Once the Identity selection is processed, the Identity Management 478 software needs to set the smartcard EAP framework, according to the 479 selected user's identity. The Set-Identity sets the smartcard EAP 480 state machine to the NOT-AUTHENTICATED state. 482 5.7 Get-Profile-Data 483 Status: Optional 484 Security: Secure(BEARER) 485 The Identity Management software MAY request the subscriber's 486 profile information. The Get-Profile-Data returns all related 487 information available in the smartcard. Details of the subscriber's 488 profile information are given in annex 4. The implementation of the 489 information may be ruled by ASN.1 BER coding specification [ASN.1] 490 or by an XML dialect [XML]. 492 5.8 Process-EAP 493 Status: Mandatory 494 Security: Secure(BEARER) 495 The EAP process is described in the RFC 3748 specification and 496 involves several EAP requests and responses packets, 498 1) EAP request/response Identity; 499 2) A suite of EAP request/response related to a particular 500 authentication scenario; and 501 3) EAP success or failure. 503 The Set-Identity command restarts the smartcard EAP framework state 504 machine for further processing using the EAP-Packets method. 506 An incoming EAP/Request/Identity restarts the smartcard EAP 507 framework state machine for further processing using other EAP- 508 Packets methods. 510 The smartcard receives RFC 3748 packets. It retrieves the 511 appropriate EAP authentication type and its associated identifier. 513 The smartcard maintains the EAP state machine and returns an EAP NAK 514 packet if this state sequence is broken. In that case it reaches the 515 NOT-AUTHENTICATED state. 517 EAP Support in Smartcard December 2017 519 Any EAP request/response is silently ignored if the state machine 520 was not started. 522 The last step of the protocol retrieves the Session Key from the 523 smartcard. The smartcard reaches the AUTHENTICATED state. 525 5.9 Process-EAP-OOB 526 Status: Optional. 527 Security: Secure (BEARER) 529 EAP method may tunnel Out Of Band messages used by protocols such as 530 NAP or NAC. 532 According to [RFC 7542] an EAP packet includes a length field that 533 indicates the whole packet size. 535 OOB data are appended to EAP packets, and their optional presence is 536 implicitly notified by the use of the Process-EAP-OOB command. 538 5.10 Get-Session-Key 539 Status: Mandatory. 540 Security: Secure(BEARER) 542 At the end of a successful authentication the Smartcard Interface 543 Entity needs to update the appropriate crypto suite (if any) using 544 the master session key (MSK). 546 The Get-Session-Key returns MSK to the Smartcard Interface Entity. 548 In the 801.1X context, MSK should be interpreted as the unicast key. 550 In the 802.11i or WPA context MSK should be interpreted as the PMK 551 (Pairwise Master Key). 553 5.11 Get-State. 554 Status: Optional. 555 Security: Secure(BEARER) 557 This command returns the current smartcard state: 559 1) IDENTITY-NOT-SET, no user's identity has been selected. 560 2) AUTHENTICATING, an authentication session is in progress. 561 3) AUTHENTICATED, last authentication session was successful. 562 4) NOT-AUTHENTICATED, no authentication in progress, or last 563 authentication session failed. 565 5.12 Reset-State. 566 Status: Mandatory. 567 Security: Secure(BEARER) 568 EAP Support in Smartcard December 2017 570 If the current state is IDENTITY-NOT-SET, this command has no 571 effect. 573 Otherwise this command forces the EAP smartcard in the 574 AUTHENTICATING state. 576 5.13 Method Functions 577 Status: Optional. 578 Security: Secure(BEARER) 580 These facilities are dedicated to test issues and SHOULD BE 581 forbidden in operational environments. The following services MAY be 582 supported: 584 -X509 Certificate storage. 585 -Random generator. 586 -Private key encryption. 587 -Private key decryption. 588 -Public key encryption. 589 -Public key decryption. 590 -Symmetric key encryption. 591 -Symmetric key decryption. 593 5.14 Multiple EAP Identity selections 595 Status: Optional. 596 Security: Secure(BEARER) 598 Multiple EAP authentications MAY be processed simultaneously in the 599 same smartcard. If this capability is supported, the following rules 600 apply: 602 1) Multiple EAP Identities MAY be selected at the same time. 603 2) Each selected EAP identity is associated with a short (one byte) 604 identifier, returned by the Set-Identity command. 606 The Smartcard Interface Entity software MUST include this short 607 identifier when necessary, in order to inform which of the selected 608 EAP identities the command is targeted to. 610 The smartcard software MUST maintain a separate EAP state machine 611 for each of the different selected EAP identities. 613 5.15 Get-Exported-Parameters 615 Status: Optional. 616 Security: Secure(BEARER) 618 According to [EAP-KEY], EAP methods export a set of parameters that 619 MAY be used by other EAP layers. In this draft, each attribute is 620 EAP Support in Smartcard December 2017 622 identified by an index, and is read thanks to the Get-Exported- 623 Parameter(index) command. 625 Six indexes are defined, that are associated to the following 626 attributes: 628 Index 1: Peer-ID. 629 The peer identity authenticated by the EAP method. 631 Index 2: Server-ID: 632 It's the optional server identity, authenticated by the EAP method. 634 Index 3: Method-ID. 635 EAP method specifications deriving keys MUST specify a temporally 636 unique method identifier known as the Method-ID. 638 Index 4: Session-ID. 639 The Session-ID uniquely identifies an EAP session between an EAP 640 peer (as identified by the Peer-ID) and server (as identified by the 641 Server-ID). 643 Index 5: Key-Lifetime. 644 While EAP itself does not support key lifetime negotiation, it is 645 possible to specify methods that do. 647 Index 6: Channel Bindings. 648 Channel Bindings include lower layer parameters that are verified 649 for consistency between the EAP peer and server. In order to avoid 650 introducing media dependencies, EAP methods that transport Channel 651 Binding data MUST treat this data as opaque octets. 653 5.17 Get-AMSK 655 According to [RFC 4017] EMSK is an "additional keying material 656 derived between the EAP client and server that are exported by the 657 EAP method. The EMSK is at least 64 octets in length. The EMSK is 658 not shared with the authenticator or any other third party. The EMSK 659 is reserved for future uses that are not yet defined". 661 It has been suggested in [EAP-EXT] to derive Application-specific 662 Master Session Keys (AMSKs) from EMSK. As an illustration AMSK MAY 663 be obtained by a Key Derivation Function (KDF), such as 665 AMSK = KDF(EMSK, label, length) 667 As pointed in [HOKEY-EMSK] "Different uses for keys derived from the 668 EMSK have been proposed. Some examples include hand off across 669 access points in various mobile technologies, mobile IP 670 authentication and higher layer application authentication". This 671 document introduces Specific Root Keys (USRK), and defines a special 672 class of USRK, called a Domain Specific Root Key (DSRK); each DSRK 673 EAP Support in Smartcard December 2017 675 is a root key used to derive Domain Specific Usage Specific Root 676 Keys (DSUSRK). 678 EMSK 679 / \ 680 USRK DSRK 681 / \ 682 DSUSRK1 DSUSRK2 684 The USRK key derivation function is based on a pseudo random 685 function (PRF) that has the following function prototype: 687 KDF = PRF(key, data), key=EMSK 689 and DSUSRK = KDF(DSRK, key label, optional data, length) 691 In [WiMAX-Forum-Stage2] the Mobile IP Root Key (MIP-RK) is generated 692 at the EAP-Authentication Server which is collocated with the HAAA 693 and at the EAP-Peer located in the MS. 695 MIP-RK = HMAC-SHA1(EMSK, "MIP APPLICATION ROOT KEY") 697 The Get-AMSK(index, data) is a generic command, used to compute AMSK 698 key, (as defined in [HOKEY-EMSK], [WiMAX-Forum-Stage2]) identified 699 by an index and optionally associated to data, needed to its 700 calculation. 702 6 Client and Server facilities 704 EAP smartcard MAY offer two classes of services, 705 - Client smartcards process EAP requests and return EAP responses 706 - Server smartcards process EAP responses and return EAP requests 708 7 IEEE 802.16 services 710 The [IEEE 802.16] security is based on the PKM (Privacy Key 711 Management) protocol which requires, on the user's side, an X509 712 certificate and a private RSA key. 714 [IEEE 802.16e] MAY support a version of PKM, referred as PKM-EAP, 715 which at the end of authentication scenario, produces a MSK key, 716 according to [RFC 3748] 718 An IEEE 802.16 service is a couple of credentials (X509Certificate, 719 Private RSA Key), associated to a given identification label, and 720 therefore working with a particular EAP method. 722 Two services are defined. 724 7.1 Get-Certificate 725 EAP Support in Smartcard December 2017 727 Status: Optional. 728 Security: Secure(BEARER) 730 This command reads the X509 certificate, associated with an 731 identification label, which is either implicit or identified by an 732 index. 734 7.2 Private-Key-Decryption 736 Status: Optional. 737 Security: Secure(BEARER) 739 This command decrypts a message encrypted with the client public 740 key, according to [PKCS1]. 742 8 Relationships with the Smartcard Interface Entity. 744 The Smartcard Interface Entity is a piece of software that 745 establishes a logical bridge with smartcards. It MUST be able to 746 detect a smartcard. If the device is not present, or if it silently 747 discards an EAP message, then the Smartcard Interface Entity MUST 748 reject all incoming request messages by the NAK code. 750 9 ISO 7816-4 APDUs 752 This section of the document provides an implementation of the 753 previous descriptions for ISO 7816-4 compatible smartcards. The 754 section does not preclude of the transport protocol used between the 755 smartcard and the reader. Thus, this specification does not mandate- 756 to-implement any transport protocol such as T=0 or T=1, which are 757 not in the scope of this document. It should be noticed that all 758 values are in hexadecimal representation. 760 Annexes of this document give implementation examples. 762 Note: The class byte value defined in this section ('A0') SHALL be 763 interpreted as an implementation example. Other values MAY be used 764 respecting conventions, defined in ISO 78176-4. 766 EAP Support in Smartcard December 2017 768 9.1 ISO 7816 Status Word 770 According to ISO 7816, the status word SW1, SW2 is a two bytes word, 771 giving information about current operation either success or 772 failure. 774 '90' '00' indicates an operation success 775 '63' 'xx' indicates that a PIN code presentation is required, with 776 xx attempts left. 777 '9F' 'xx' indicates that xx bytes (mod 256) are ready for reading. 778 - Operation result MUST be fetched by the ISO Get Response APDU (CLA 779 = 'C0', P3= 'XX') 780 '67' 'XX' 781 - Incorrect parameter P3 782 '6B' 'XX' 783 - Incorrect parameter P1 or P2 784 '6D' 'XX' 785 - Unknown instruction code (INS) given in the command 786 '6E' 'XX' 787 - Wrong instruction class (CLA) given in the command 788 '6F' 'XX' 789 - Technical problem, not implemented... 790 '61 ''XX' 791 - Operation result MUST be fetched by the ISO Get Response APDU (CLA 792 = 'C0', P3= 'XX') 793 '6C ''XX' 794 - Operation must be performed again, with the LE parameter value 795 sets to 'XX'. 796 '70' '00' 797 - Packet silently discarded. 798 '70' '01' 799 - Authentication failure 801 9.2 Segmentation/Reassembly rules 803 9.2.1 Segmentation 805 When a command transfers a payload, whose size is greater than 255 806 bytes, the less significant bit of the P1 byte is used as a 'More' 807 flag. 809 - This bit is equal to zero for a non-fragmented payload or a last 810 fragment (More = 0 = False). 812 - This bit is set to one (More = 1 = True) for a payload fragment. 814 See annexes for examples. 816 EAP Support in Smartcard December 2017 818 9.2.2 Reassembly 820 - When a command reads less than 256 bytes, or in the last bloc 821 case, the returned payload ends by the 9000 Status Word. 823 - When a command returns more than 256 bytes, each payload bloc 824 (except for the last one) ends by the 9yxx Status Word, in which xx 825 indicates the length of the next bloc and y MAY have any value 826 between 1 and F. The GET (INS=C0) command (A0C00000xx) is used to 827 read the next bloc. 829 - See annexes for examples. 831 9.3 PIN Management 833 Some services require that the smartcard's bearer presents its PIN 834 code. 836 Smartcard returns the '63' 'xx' status word when it's necessary to 837 check the PIN code, before accessing to a particular service (see 838 previous section). A PIN code is typically a four/eight digits 839 decimal number, ASCII encoded, and ranging between '0000' and 840 '9999'. 842 9.3.1 Verify PIN 843 +--------+-----+----------+----+----+----+----+ 844 |Command |Class| INS | P1 | P2 | Lc | Le | 845 +--------+-----+----------+----+----+----+----+ 846 | Verify | A0 | 20 or 2A | 00 | 00 | 08 | 00 | 847 +--------+-----+----------+----+----+----+----+ 849 The ISO APDU Verify is used when a PIN code presentation is 850 required. 851 Lc is the PIN code length, typically height (or four) ASCII encoded 852 bytes. 854 9.3.2 Change PIN 856 This APDU modifies the user PIN code. 857 +--------+-----+-----+----+----+----+----+ 858 |Command |Class| INS | P1 | P2 | Lc | Le | 859 +--------+-----+-----+----+----+----+----+ 860 | Change | A0 | 24 | 00 | 00 | 10 | 00 | 861 +--------+-----+-----+----+----+----+----+ 863 The old PIN (8 bytes) and new PIN (8 bytes) are presented 865 9.3.3 Enable PIN 867 This APDU enables the user's PIN function. 869 EAP Support in Smartcard December 2017 871 +--------+-----+-----+----+----+----+----+ 872 |Command |Class| INS | P1 | P2 | Lc | Le | 873 +--------+-----+-----+----+----+----+----+ 874 | Enable | A0 | 26 | 00 | 00 | 08 | 00 | 875 +--------+-----+-----+----+----+----+----+ 877 The user PIN code (8 bytes) is presented. 879 9.3.4 Disable PIN 880 This APDU disables the user's PIN function. 882 +--------+-----+-----+----+----+----+----+ 883 |Command |Class| INS | P1 | P2 | Lc | Le | 884 +--------+-----+-----+----+----+----+----+ 885 | Disable| A0 | 28 | 00 | 00 | 08 | 00 | 886 +--------+-----+-----+----+----+----+----+ 888 The user PIN code is presented. 890 9.3.5 Unblock PIN 892 This APDU unblocks a smartcard, blocked after three wrong PIN code 893 presentations. 895 +--------+-----+-----+----+----+----+----+ 896 |Command |Class| INS | P1 | P2 | Lc | Le | 897 +--------+-----+-----+----+----+----+----+ 898 | Unblock| A0 | 2C | 00 | 00 | 10 | 00 | 899 +--------+-----+-----+----+----+----+----+ 901 The user PIN's code (8 bytes) and an unblock code (8 bytes) are 902 presented. 904 9.4 Multi-Applications smartcard considerations 906 A smartcard may store several applications, each of them being 907 identified by a set of bytes referred as the Application IDentifier 908 (AID). 909 The ISO APDU Select is used when it's necessary to select an 910 application, able to process one or more EAP authentication scenari. 912 +--------+-----+-----+----+----+----+----+ 913 |Command |Class| INS | P1 | P2 | Lc | Le | 914 +--------+-----+-----+----+----+----+----+ 915 | Select | 00 | A4 | 04 | 00 | xx | 00 | 916 +--------+-----+-----+----+----+----+----+ 918 Lc is the AID length. 920 According to ISO 7816-7, AID is made of two parts : 922 EAP Support in Smartcard December 2017 924 -RID, a mandatory 5 bytes field that identifies a company or a 925 standardization body. 926 -PIX, up to 11 bytes, which identify an application. 928 9.5 Add-Identity 930 This command stores a new identity. The identity list is managed by 931 the smartcard. The new identification label is appended as the last 932 element of the list. 934 +--------+-----+-----+----+----+----+----+ 935 |Command |Class| INS | P1 | P2 | Lc | Le | 936 +--------+-----+-----+----+----+----+----+ 937 | | A0 | 17 | 00 | 81 | xx | 00 | 938 +--------+-----+-----+----+----+----+----+ 940 9.6 Delete-Identity 942 This command deletes an identity. The command parameter gives the 943 identification label to be deleted. 945 +--------+-----+-----+----+----+----+----+ 946 |Command |Class| INS | P1 | P2 | Lc | Le | 947 +--------+-----+-----+----+----+----+----+ 948 | | A0 | 17 | 00 | 82 | xx | 00 | 949 +--------+-----+-----+----+----+----+----+ 951 9.7 Get-Preferred-Identity 953 This command returns the user's preferred identification label 955 +--------+-----+-----+----+----+----+----+ 956 |Command |Class| INS | P1 | P2 | Lc | Le | 957 +--------+-----+-----+----+----+----+----+ 958 | | A0 | 17 | 00 | 02 | 00 | XX | 959 +--------+-----+-----+----+----+----+----+ 961 9.8 Get-Current-Identity 963 This command returns user's current identification label. 965 +--------+-----+-----+----+----+----+----+ 966 |Command |Class| INS | P1 | P2 | Lc | Le | 967 +--------+-----+-----+----+----+----+----+ 968 | | A0 | 18 | 00 | AA | 00 | XX | 969 +--------+-----+-----+----+----+----+----+ 971 If "multiple EAP Identity selection" is not supported, P2 (AA value) 972 shall be set to '00'. 974 EAP Support in Smartcard December 2017 976 If "multiple EAP Identity selection" is supported, P2 (AA value) 977 shall indicate the short identifier associated with the selected EAP 978 identity to which the command is targeted. These short identifiers 979 are coded as described in the Set-Identity command. 981 9.9 Get-Next-Identity 983 This command returns a user's identification label. 985 +--------+-----+-----+----+----+----+----+ 986 |Command |Class| INS | P1 | P2 | Lc | Le | 987 +--------+-----+-----+----+----+----+----+ 988 | | A0 | 17 | 00 | 01 | 00 | XX | 989 +--------+-----+-----+----+----+----+----+ 991 9.10 Get-Profile-Data 993 The command returns the related subscriber profile information 994 according to the application requirements and format. Profile coding 995 rules are defined in annex 4. 997 +--------+-----+-----+----+----+----+----+ 998 |Command |Class| INS | P1 | P2 | Lc | Le | 999 +--------+-----+-----+----+----+----+----+ 1000 | | A0 | 1A | 00 | AA | 00 | YY | 1001 +--------+-----+-----+----+----+----+----+ 1003 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1004 shall be set to '00'. 1006 If "multiple EAP Identity selection" is supported, P2 (AA value) 1007 shall indicate the short identifier associated with the selected EAP 1008 identity to which the command is targeted. These short identifiers 1009 are coded as described 1011 9.11 Set-Identity 1013 The command resets and initializes the state machine for processing 1014 the EAP Packets. The first step after this command is an EAP request 1015 identity packet. If a different EAP packet is sent to the smartcard 1016 the smartcard returns an EAP NAK response. 1018 +--------+-----+-----+----+----+----+----+ 1019 |Command |Class| INS | P1 | P2 | Lc | Le | 1020 +--------+-----+-----+----+----+----+----+ 1021 | | A0 | 16 | 00 | 80 | XX | 00 | 1022 +--------+-----+-----+----+----+----+----+ 1023 EAP Support in Smartcard December 2017 1025 9.12 Set-Multiple-Identity 1027 +--------+-----+-----+----+----+----+----+ 1028 |Command |Class| INS | P1 | P2 | Lc | Le | 1029 +--------+-----+-----+----+----+----+----+ 1030 | | A0 | 16 | 00 | 83 | XX | 00 | 1031 +--------+-----+-----+----+----+----+----+ 1033 The command resets and initializes the state machine for processing 1034 the EAP Packets. The first step after this command is an EAP request 1035 identity packet. If a different EAP packet is sent to the smartcard 1036 the device returns an EAP NAK response. 1038 When "multiple EAP Identity selection" is supported, then the first 1039 status byte is '90' and the second one indicates the short 1040 identifier (coded in one byte) to be associated with the selected 1041 identity. 1043 9.13 Process-EAP 1045 9.13.1 Standard format 1047 The command is used for EAP packet management. The smartcard parses 1048 the EAP packet type and processes the EAP authentication according 1049 to the current state machine. 1051 +--------+-----+-----+----+----+----+----+ 1052 |Command |Class| INS | P1 | P2 | Lc | Le | 1053 +--------+-----+-----+----+----+----+----+ 1054 | | A0 | 80 | 00 | AA | XX | YY | 1055 +--------+-----+-----+----+----+----+----+ 1057 Lc indicates the ingoing EAP message length. 1058 Le indicates the outgoing EAP message length, plus an optional OOB 1059 data size 1061 The EAP request or response packets lengths are represented by the 1062 unknown value XX and YY. The Smartcard Interface Entity software 1063 should set these elements in accordance with the EAP packet types. 1065 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1066 shall be set to '00'. 1068 If "multiple EAP Identity selection" is supported, P2 (AA value) 1069 shall indicate the short identifier associated with the selected EAP 1070 identity to which the command is targeted. These short identifiers 1071 are coded as described in the Set-Identity command. 1073 Most EAP request packets will produce an EAP response packet from 1074 the smartcard. If no response is to be produced (e.g. packet 1075 EAP Support in Smartcard December 2017 1077 silently discarded because invalid sequence) the smartcard shall 1078 inform the client software with an alert status word ('7000'). 1080 When the size of a returned EAP message is greater than the value 1081 indicated by the EAP length field, additional data should be 1082 interpreted as OOB messages. 1084 Success and failure packets do not imply any response. A success 1085 Status Word ('9000') shall be produced by the smartcard, when a 1086 "Success EAP packet" is processed. 1088 An alert status word ('7000') MAY be sent from the smartcard once a 1089 "Failure EAP packet" is received. 1091 EAP Identity packets are independent of the authentication type; 1092 this section of the document provides the packet details. The rest 1093 of the EAP packet being authentication protocol dependent, they are 1094 detailed in the informative annex of this document. 1096 The description of the EAP/Request/Identity is detailed according to 1097 the IETF RFC 3748 [1]. 1099 0 1 2 3 1100 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1101 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1102 | Request | Identifier | Length = 5 | 1103 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1104 | Type = 01 | 1105 +-+-+-+-+-+-+-+-+ 1107 The description of the EAP/Response/identity is detailed according 1108 to the IETF RFC 3748. 1110 0 1 2 3 1111 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1112 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1113 | Response | Identifier | Length | 1114 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1115 | Type = 01 | | 1116 +-+-+-+-+-+-+-+-+ | 1117 | User's Identity | 1118 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1120 9.13.2 ETSI format 1122 +--------+-----+-----+----+----+----+----+ 1123 |Command |Class| INS | P1 | P2 | Lc | Le | 1124 +--------+-----+-----+----+----+----+----+ 1125 | | A0 | 88 | 00 | vv | XX | YY | 1126 +--------+-----+-----+----+----+----+----+ 1127 EAP Support in Smartcard December 2017 1129 The ETSI standard [TS 102 310] defines a framework for EAP support 1130 in SIM cards. EAP packets are pushed in smart cards thanks to the 1131 EAP Authenticate command. 1133 For compatibility reasons, this command MAY be supported according 1134 to the following rules : 1136 - The Class byte is set to 0xA0 1137 - The INS byte is set to 0x88 1138 - The P1 byte is set to a NULL value 1139 - The P2 byte is not interpreted 1140 - The P3 byte is the segment length 1142 The [TS 102 310] standard works with implicit segmentation 1143 mechanisms. When an EAP request is greater than the maximum ISO 7816 1144 size (255 bytes) it is fragmented in several segments whose size is 1145 less than 255. The first segment includes the packet length; 1146 therefore the transfer process is completed when the total length of 1147 exchanged data reaches this value. 1149 Here is a brief example. 1151 First Segment, A0 88 00 00 P3=FF [segment 1] 1152 Other Segment, A0 88 00 00 P3=FF [segment k] 1153 Last Segment, A0 88 00 00 P3=xx [segment n] 1155 EAP-Length = P3.1 + P3.k + P3.n 1157 9.14 Process-EAP-OOB 1159 This command has the same effects than Process-EAP, excepted that 1160 OOB data are concatenated to the incoming EAP message. 1162 +--------+-----+-----+----+----+----+----+ 1163 |Command |Class| INS | P1 | P2 | Lc | Le | 1164 +--------+-----+-----+----+----+----+----+ 1165 | | A0 | 80 | 00 | AA | XX | YY | 1166 +--------+-----+-----+----+----+----+----+ 1168 Lc indicates the ingoing EAP message length plus the OOB data size. 1169 Le indicates the outgoing EAP message length plus an optional OOB 1170 data size 1172 The EAP request or response packets lengths are represented by the 1173 unknown value XX and YY. The Smartcard Interface Entity software 1174 should set these elements in accordance with the EAP packet types. 1176 EAP Support in Smartcard December 2017 1178 9.15 Get-Session-Key 1180 Once the state machine has received the EAP Success packet the 1181 Smartcard Interface is able to send the Master Session Key used by 1182 the 802.1X or the 802.11i specification for the crypto-suite. 1184 +--------+-----+-----+----+----+----+----+ 1185 |Command |Class| INS | P1 | P2 | Lc | Le | 1186 +--------+-----+-----+----+----+----+----+ 1187 | | A0 | A6 | 00 | AA | 00 | 40 | 1188 +--------+-----+-----+----+----+----+----+ 1190 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1191 shall be set to '00'. 1193 If "multiple EAP Identity selection" is supported, P2 (AA value) 1194 shall indicate the short identifier associated with the selected EAP 1195 identity to which the command is targeted. These short identifiers 1196 are coded as described in Set-Identity Command. 1198 9.16 Get-Current-Version 1200 This command returns the EAP protocol version. 1202 +--------+-----+-----+----+----+----+----+ 1203 |Command |Class| INS | P1 | P2 | Lc | Le | 1204 +--------+-----+-----+----+----+----+----+ 1205 | | A0 | 18 | xx | yy | 00 | 02 | 1206 +--------+-----+-----+----+----+----+----+ 1208 P1=00, EAP engine version. 1209 P1=01, selected method version. 1211 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1212 shall be set to '00'. 1214 If "multiple EAP Identity selection" is supported, P2 (AA value) 1215 shall indicate the short identifier associated with the selected EAP 1216 identity to which the command is targeted. These short identifiers 1217 are coded as described in Set-Identity Command. 1219 9.17 Get-State 1221 This command returns the current smartcard state. 1223 +--------+-----+-----+----+----+----+----+ 1224 |Command |Class| INS | P1 | P2 | Lc | Le | 1225 +--------+-----+-----+----+----+----+----+ 1226 | | A0 | 19 | 00 | AA | 00 | 01 | 1227 +--------+-----+-----+----+----+----+----+ 1228 EAP Support in Smartcard December 2017 1230 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1231 shall be set to '00'. 1233 If "multiple EAP Identity selection" is supported, P2 (AA value) 1234 shall indicate the short identifier associated with the selected EAP 1235 identity to which the command is targeted. These short identifiers 1236 are coded as described in Set-Identity Command. 1238 Returned values: 1239 01 IDENTITY-NOT-SET, EAP messages silently discarded. 1240 02 AUTHENTICATING, Authentication in progress. 1241 03 AUTHENTICATED 1242 04 NOT-AUTHENTICATED 1244 9.18 Reset-State 1246 This command forces the EAP smartcard to the AUTHENTICATING state 1247 +--------+-----+-----+----+----+----+----+ 1248 |Command |Class| INS | P1 | P2 | Lc | Le | 1249 +--------+-----+-----+----+----+----+----+ 1250 | | A0 | 19 | 10 | AA | 00 | 00 | 1251 +--------+-----+-----+----+----+----+----+ 1253 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1254 shall be set to '00'. 1256 If "multiple EAP Identity selection" is supported, P2 (AA value) 1257 shall indicate the short identifier associated with the selected EAP 1258 identity to which the command is targeted. These short identifiers 1259 are coded as described in Set-Identity Command. 1261 Returned values: 1262 - None 1264 9.19 Get-Exported-Parameter 1266 This command read an exported parameter, identified by its index 1268 +--------+-----+-----+----+----+----+----+ 1269 |Command |Class| INS | P1 | P2 | Lc | Le | 1270 +--------+-----+-----+----+----+----+----+ 1271 | | A0 | 86 | 00 | AA | 01 | yy | 1272 +--------+-----+-----+----+----+----+----+ 1274 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1275 shall be set to '00'. 1277 If "multiple EAP Identity selection" is supported, P2 (AA value) 1278 shall indicate the short identifier associated with the selected EAP 1279 EAP Support in Smartcard December 2017 1281 identity to which the command is targeted. These short identifiers 1282 are coded as described in Set-Identity Command. 1284 Returned value: The value of the requested parameter. 1286 9.20 Get-AMSK 1288 This command reads an AMSK key, identified by its index. An optional 1289 label may be provided for this AMSK calculation. 1291 +--------+-----+-----+----+----+----+----+ 1292 |Command |Class| INS | P1 | P2 | Lc | Le | 1293 +--------+-----+-----+----+----+----+----+ 1294 | | A0 | 88 | 00 | AA | xx | yy | 1295 +--------+-----+-----+----+----+----+----+ 1297 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1298 shall be set to '00'. 1300 If "multiple EAP Identity selection" is supported, P2 (AA value) 1301 shall indicate the short identifier associated with the selected EAP 1302 identity to which the command is targeted. These short identifiers 1303 are coded as described in Set-Identity Command. 1305 The less significant bit of P1 is used as a "More" indicator, as 1306 previously defined in 10.2. Other bits of P1 (b7...b1) represent the 1307 left shifted value of an AMSK index (a value ranging between 0 and 1308 127). 1310 Lc gives the length (in bytes) of optional data. 1312 Returned value: the value of the requested parameter. If no AMSK is 1313 available, the Le field is null. 1315 9.21 Method Functions. 1317 These facilities are available for test purposes only. They SHOULD 1318 NOT be available in operational environments. 1320 +------------+-----+----------+----+----+----+----+ 1321 | Command |Class| INS | P1 | P2 | Lc | Le | 1322 +------------+-----+----------+----+----+----+----+ 1323 | Method-FCT | A0 | 60 or 82 | zz | AA | xx | yy | 1324 +------------+-----+----------+----+----+----+----+ 1326 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1327 shall be set to '00'. 1329 If "multiple EAP Identity selection" is supported, P2 (AA value) 1330 shall indicate the short identifier associated with the selected EAP 1331 EAP Support in Smartcard December 2017 1333 identity to which the command is targeted. These short identifiers 1334 are coded as described in Set-Identity Command. 1336 xx is the length of the input value. 1337 yy is the length of the returned value. 1339 P1 identifies a particular function, and is organized according to 1340 the following scheme: 1342 b7b6 00-Do.Final, 01-Initialize 10-More 11-Reserved 1343 b5b4 Function index 1344 b3b2b1 Function type 1345 0 X509 Certificate reading 1346 1 Random Number Generator 1347 2 Private key encryption 1348 3 Private key decryption 1349 4 Public key encryption 1350 5 Public key decryption 1351 6 Symmetric key encryption 1352 7 Symmetric key decryption 1353 b0 reserved (More bit) 1355 9.22 IEEE 802.16 Services 1357 Each EAP method MAY be associated to IEEE 802.16 services. 1359 +------------+-----+-----+----+----+----+----+ 1360 | Command |Class| INS | P1 | P2 | Lc | Le | 1361 +------------+-----+-----+----+----+----+----+ 1362 | Method-FCT | A0 | 84 | zz | AA | xx | yy | 1363 +------------+-----+-----+----+----+----+----+ 1365 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1366 shall be set to '00'. If "multiple EAP Identity selection" is 1367 supported, P2 (AA value) shall indicate the short identifier 1368 associated with the selected EAP identity to which the command is 1369 targeted. These short identifiers are coded as described in Set- 1370 Identity Command. 1372 xx is the length of the input value. 1373 yy is the length of the returned value. 1375 P1 identifies a particular function, and is organized according to 1376 the following scheme: 1378 b7b6 00-Do.Final, 01-Initialize, 10-More, 11-Reserved 1379 b5b4 RFU (always 00) 1380 b3b2b1 Function type 1381 0 X509 Certificate reading 1382 3 Private key decryption 1383 b0 reserved (More bit) 1384 EAP Support in Smartcard December 2017 1386 9.23 Commands summary. 1388 +------------------------+-----+-----+----+----+----+----+ 1389 | Command |Class| INS | P1 | P2 | Lc | Le | 1390 +------------------------+-----+-----+----+----+----+----+ 1391 | Process-EAP | A0 |80-88| 00 | ii | xx | yy | 1392 +------------------------+-----+-----+----+----+----+----+ 1393 | Process-EAP-OOB | A0 | 80 | 00 | ii | xx | yy | 1394 +------------------------+-----+-----+----+----+----+----+ 1395 | Method-FCT | A0 |60-82| zz | ii | xx | yy | 1396 +------------------------+-----+-----+----+----+----+----+ 1397 | IEEE-802.16-Services | A0 | 84 | zz | ii | xx | yy | 1398 +------------------------+-----+-----+----+----+----+----+ 1399 | Get-Exported-Parameter | A0 | 86 | 00 | ii | 01 | yy | 1400 +------------------------+-----+-----+----+----+----+----+ 1401 | Get-AMSK | A0 | 88 | zz | ii | xx | yy | 1402 +------------------------+-----+-----+----+----+----+----+ 1403 | Get-State | A0 | 19 | 00 | ii | 00 | 00 | 1404 +------------------------+-----+-----+----+----+----+----+ 1405 | Reset-State | A0 | 19 | 10 | ii | 00 | 01 | 1406 +------------------------+-----+-----+----+----+----+----+ 1407 | Get-Session-Key | A0 | A6 | 00 | ii | 00 | xx | 1408 +------------------------+-----+-----+----+----+----+----+ 1409 | Get-Profile-Data | A0 | 1A | 00 | ii | 00 | yy | 1410 +------------------------+-----+-----+----+----+----+----+ 1411 | Get-Current-Identity | A0 | 18 | 00 | ii | 00 | yy | 1412 +------------------------+-----+-----+----+----+----+----+ 1413 | Get-Next-Identity | A0 | 17 | 00 | 01 | 00 | yy | 1414 +------------------------+-----+-----+----+----+----+----+ 1415 | Get-Preferred-Identity | A0 | 17 | 00 | 02 | 00 | yy | 1416 +------------------------+-----+-----+----+----+----+----+ 1417 | Set-Identity | A0 | 16 | 00 | 80 | xx | 00 | 1418 +------------------------+-----+-----+----+----+----+----+ 1419 | Set-Multiple-Identity | A0 | 16 | 00 | 83 | xx | 00 | 1420 +------------------------+-----+-----+----+----+----+----+ 1421 | Add-Identity | A0 | 17 | 00 | 81 | xx | 00 | 1422 +------------------------+-----+-----+----+----+----+----+ 1423 | Delete-Identity | A0 | 17 | 00 | 82 | xx | 00 | 1424 +------------------------+-----+-----+----+----+----+----+ 1425 | Get-Current-Version | A0 | 18 | xx | yy | 00 | 02 | 1426 +------------------------+-----+-----+----+----+----+----+ 1427 | Verify-PIN | A0 |20-2A| 00 | 00 | 08 | 00 | 1428 +------------------------+-----+-----+----+----+----+----+ 1429 | Change-PIN | A0 | 24 | 00 | 00 | 10 | 00 | 1430 +------------------------+-----+-----+----+----+----+----+ 1431 | Enable-PIN | A0 | 26 | 00 | 00 | 08 | 00 | 1432 +------------------------+-----+-----+----+----+----+----+ 1433 | Disable-PIN | A0 | 28 | 00 | 00 | 08 | 00 | 1434 +------------------------+-----+-----+----+----+----+----+ 1435 | Unblock-PIN | A0 | 2C | 00 | 00 | 10 | 00 | 1436 +------------------------+-----+-----+----+----+----+----+ 1437 EAP Support in Smartcard December 2017 1439 | Select-AID | A0 | A4 | 04 | 00 | xx | 00 | 1440 +------------------------+-----+-----+----+----+----+----+ 1441 | Get-Response | A0 | C0 | 00 | 00 | 00 | xx | 1442 +------------------------+-----+-----+----+----+----+----+ 1443 | FETCH | A0 | 12 | 00 | 00 | 00 | xx | 1444 +------------------------+-----+-----+----+----+----+----+ 1446 10 Security Considerations 1447 Smart cards are a highly effective means of enforcing security 1448 policies. They are typically carried by one party (the end user, 1449 such as an employee or customer) but are controlled by another party 1450 (the issuer, such as an enterprise or service provider). 1451 Applications running in the Smart Card are controlled by the issuer, 1452 and serve to protect the interests of the issuer. 1454 10.1 Security Claims 1456 Security claims expressed in this section are imported from [EAP-SC] 1458 Integrity Protection: no 1459 Replay Protection: no 1460 Confidentiality: yes (section 10.9.2) 1461 Key Derivation: yes (section 10.9.3) 1462 Key Strength: no 1463 Dictionary Attacks: yes (section 10.9.5) 1464 Fast Reconnect: no 1465 Cryptographic Binding: yes (section 10.9.6) 1466 Session Independence: no 1467 Fragmentation: no 1468 Channel Binding: yes (section 10.9.7) 1470 10.2 Smart Card Technology 1471 The Smart Card consists of a microprocessor and non-volatile memory 1472 chipset enclosed in a physically tamper resistant module. This 1473 module is then embedded in a plastic card, or the module may be 1474 integrated into an alternative form factor, such as a USB device. 1476 10.3 Tamper Resistant Storage and Execution 1477 Smart cards provide protective measures against physical and logical 1478 attacks against the processor and non-volatile memory. This enables 1479 the secure storage of end user cryptographic keys and user 1480 credentials, and secures execution of security sensitive operations 1481 such as encryption and digital signatures. 1483 The EAP-SC Authentication Method MUST store all secret cryptographic 1484 keys on the smart card in non-volatile memory. The EAP-SC 1485 Authentication Method MUST execute in the smart card all 1486 cryptographic functions that use stored secret cryptographic keys. 1487 The EAP-SC Authentication Method MUST NOT export any secret 1488 cryptographic keys from the smart card. 1490 EAP Support in Smartcard December 2017 1492 10.4 Multi Factor Authentication 1493 Smart cards generally require a Smart Card handler to authenticate 1494 to the Smart Card in order to access data or application 1495 functionality. This makes it possible to enforce multi factor user 1496 authentication by combining something the user has (the smart card) 1497 with something the user knows (such as PIN) or is (Biometric 1498 authentication). 1500 The EAP Authentication Method MUST enforce the use of the user PIN 1501 or Biometric before user credentials may be accessed or used. 1503 10.5 Random Number Generation 1504 Smart Cards generally contain a hardware based true random number 1505 generator independent of external or internal clocks and immune to 1506 outside interferences. The quality of the hardware generator is 1507 further enhanced by logical processing to ensure excellent 1508 statistical properties; and these properties are checked regularly 1509 on-board. 1511 The EAP Authentication Method MUST use the Smart Card Random Number 1512 Generator anywhere Random Numbers are required. 1514 10.6 Cryptographic Capabilities 1515 Smart cards provide certified, built-in implementation and optimized 1516 execution of common cryptographic algorithms such as AES, DES, RSA, 1517 and ECC... 1519 The EAP Authentication Method MUST use the built-in Smart Card 1520 cryptographic capabilities for the execution of any cryptographic 1521 functionality. 1523 10.7 Secure Provisioning 1524 Smart cards provide a secure method of provisioning credentials, 1525 applications and trusted network information from the issuer or 1526 service provider to the end user, and managing this information 1527 after the card has been issued. Smart cards support automated 1528 personalization (including card initialization, loading of card data 1529 and printing) enabling issuance in very large numbers. 1531 The EAP-SC Authentication method MUST implement support for pre- 1532 issuance personalization, as for example by supporting [GLOBAL 1533 PLATFORM] or similar functionality. The EAP-SC Authentication method 1534 SHOULD implement support for post-issuance card and application 1535 management. 1537 10.8 Certification 1538 The processes for designing and manufacturing smart cards are 1539 subject to rigorous security controls. This makes possible the 1540 certification of Smart Card functionality and applications by 1541 standardization organizations. 1543 EAP Support in Smartcard December 2017 1545 The EAP-SC Authentication method MUST be implemented on a Smart Card 1546 platform that has been evaluated for security by a standards 1547 organization program such as [FIPS] or [COMMON CRITERIA]. 1549 10.9 Smart Cards and EAP Security Claims 1551 EAP-SC enhances the security of Authentication Methods by enabling 1552 the enforcement of security policies on the End User platform. The 1553 overall security of EAP-SC is dependent on the security of the 1554 Authentication Method implemented on the Smart Card. 1556 The following section discusses certain EAP Security Claims and how 1557 they are enhanced by Smart Card security features. 1559 10.9.1 Mutual Authentication 1561 Mutual authentication processes are generally based upon the use of 1562 random numbers. Smart Cards enhance the security of these processes 1563 by providing true random number generation. 1565 10.9.2 Confidentiality 1567 Smart Cards improve the robustness of EAP messages encryption, by 1568 providing tamper resistant storage for the encryption keys and 1569 secure execution of the encryption algorithms. 1570 10.9.3 Key Derivation 1572 Smart Cards improve the confidentiality of the key derivation 1573 process by providing tamper resistant storage for the master keys 1574 and secure execution of the key derivation algorithms. 1576 10.9.4 Man-in-the-Middle Attacks 1578 Smart Cards improve security against Trojan Horse attacks by 1579 providing a logically tamper resistant environment for the full 1580 implementation of EAP methods and secure execution of the encryption 1581 algorithms. 1583 10.9.5 Dictionary Attacks 1585 Smart Cards access is commonly protected via pin codes with a 1586 limited number of retries; permanent blocking of the device is 1587 enforced when the number of retries is exceeded. This mechanism 1588 provides enhanced protection against dictionary attacks aiming at 1589 discovering passwords. 1591 10.9.6 Cryptographic Binding 1592 EAP Support in Smartcard December 2017 1594 Smart Cards provide tamper resistant storage for cryptographic keys 1595 and secure execution of the tunnel creation algorithms thus 1596 enhancing the cryptographic binding process. 1598 10.9.7 Channel Binding 1600 Smart Cards can be used as a secure out of band distribution method 1601 for channel parameters and therefore enhance the channel binding 1602 process. 1604 10.9.8 Protection Against Rogue Networks 1606 Smart Cards facilitate the provisioning and secure storage of 1607 information about trusted parties, such as the root certificates of 1608 trusted networks. This protects the end user against rogue networks 1609 and enables the enforcement of network roaming policies. 1611 10.9.9 Authentication Method Security 1613 The overall security of EAP-SC is dependent on the encapsulated EAP- 1614 SC Authentication Method. Weaknesses in the underlying method, such 1615 as weaknesses in integrity protection, replay protection or key 1616 strength, are detrimental to the overall security. 1618 11 Intellectual Property Right Notice 1620 To be specify according to the Author and Participants. 1622 EAP Support in Smartcard December 2017 1624 12 Annex 1, EAP-SIM packets details. 1626 The protocol implementation is out of the scope of this document but 1627 as a reference implementation this section gives details using the 1628 SIM as specified by [EAP-SIM]. This section of the document gives 1629 the APDU coding. 1631 12.1 Full Authentication 1632 The following traces illustrate a full EAP-SIM authentication 1633 scenario, as described in annex A (tests vector) of EAP-SIM [EAP- 1634 SIM] specification 1636 // select TEAPM 1637 Tx: 00A40400 10 A0 00 00 00 30 00 02 FF FF FF FF 89 31 32 38 00 1638 Rx: 90 00 1640 // Verify User PIN 1641 Tx: A0 20 00 00 04 30 30 30 30 1642 Rx: 90 00 1644 // Set-Identity ('sim') type=EAP-SIM 1645 Tx: A0 16 00 80 03 73 69 6D 1646 Rx: 90 00 1648 // Identity request 1649 Tx: A0 80 00 00 05 01A4 0005 01 1650 Rx: 61 16 1652 Tx: A0 C0 00 00 16 1653 // Identity.response: anonymous@dot.com 1654 Rx: 02 A4 00 16 01 61 6E 6F 6E 79 6D 6F 75 73 40 64 1655 6F 74 2E 63 6F 6D 1656 90 00 1658 // SIM-START.request AT-VERSION AT-PERMANENT 1659 Tx: A0 80 00 00 14 01A6 0014 120a0000 0f02000200010000 0A010000 1660 Rx: 61 40 1662 Tx: A0C0 0000 40 1663 // SIM-START.response AT-IDENTITY AT-SELECTED-VERSION AT-NOUNCE 1664 Rx: 02 A6 00 40 0C 0A 00 00 0E 08 00 1B 31 32 34 34 1665 30 37 30 31 30 30 30 30 30 30 30 31 40 65 61 70 1666 73 69 6D 2E 66 6F 6F 00 07 05 00 00 01 02 03 04 1667 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 10 01 00 01 1669 // EAP-Request/SIM/Challenge - first fragment 1671 Tx: A0 80 01 00 C8 01 02 01 18 12 0b 00 00 01 0d 00 1672 00 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1673 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 1674 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 1675 EAP Support in Smartcard December 2017 1677 3f 81 05 00 00 9e 18 b0 c2 9a 65 22 63 c0 6e fb 1678 54 dd 00 a8 95 82 2d 00 00 55 f2 93 9b bd b1 b1 1679 9e a1 b4 7f c0 b3 e0 be 4c ab 2c f7 37 2d 98 e3 1680 02 3c 6b b9 24 15 72 3d 58 ba d6 6c e0 84 e1 01 1681 b6 0f 53 58 35 4b d4 21 82 78 ae a7 bf 2c ba ce 1682 33 10 6a ed dc 62 5b 0c 1d 5a a6 7a 41 73 9a e5 1683 b5 79 50 97 3f c7 ff 83 01 07 3c 6f 95 31 50 fc 1684 30 3e a1 52 d1 e1 0a 2d 1f 4f 52 26 da a1 ee 90 1685 05 47 22 52 bd b3 b7 1d 6f 0c 3a 34 90 1686 Rx: 90 00 1688 // EAP-Request/SIM/Challenge - second and last fragment 1690 Tx: A0 80 00 00 50 31 6c 46 92 98 71 bd 45 cd fd bc 1691 a6 11 2f 07 f8 be 71 79 90 d2 5f 6d d7 f2 b7 b3 1692 20 bf 4d 5a 99 2e 88 03 31 d7 29 94 5a ec 75 ae 1693 5d 43 c8 ed a5 fe 62 33 fc ac 49 4e e6 7a 0d 50 1694 4d 0b 05 00 00 fe f3 24 ac 39 62 b5 9f 3b d7 82 1695 53 ae 4d cb 6A 1696 Rx: 61 1C 1697 Tx: 0C0 0000 1C 1699 // EAP-Response/SIM/Challenge 1700 Rx: 02 02 00 1C 12 0B 00 00 0B 05 00 00 F5 6D 64 33 1701 E6 8E D2 97 6A C1 19 37 FC 3D 11 54 1702 90 00 1704 // EAP Success 1705 Tx: A0 80 00 00 04 03 02 00 04 1706 Rx: 90 00 1708 // Reading MSK and EMSK keys. 1709 Tx: A0 A6 00 00 80 1710 Rx: 39 d4 5a ea f4 e3 06 01 98 3e 97 2b 6c fd 46 d1 1711 c3 63 77 33 65 69 0d 09 cd 44 97 6b 52 5f 47 d3 1712 a6 0a 98 5e 95 5c 53 b0 90 b2 e4 b7 37 19 19 6a 1713 40 25 42 96 8f d1 4a 88 8f 46 b9 a7 88 6e 44 88 1714 59 49 ea b0 ff f6 9d 52 31 5c 6c 63 4f d1 4a 7f 1715 0d 52 02 3d 56 f7 96 98 fa 65 96 ab ee d4 f9 3f 1716 bb 48 eb 53 4d 98 54 14 ce ed 0d 9a 8e d3 3c 38 1717 7c 9d fd ab 92 ff bd f2 40 fc ec f6 5a 2c 93 b9 1718 9000 1720 12.2 Re-Authentication 1721 The following traces illustrate a EAP-SIM Re-Authentication 1722 scenario, as described in annex A (tests vector) of EAP-SIM [EAP- 1723 SIM] specification 1725 //Identity request 1726 Tx: A0 80 00 00 14 01 A5 00 05 01 1727 RX: 61 56 1728 EAP Support in Smartcard December 2017 1730 // PSEUDONYM 1732 Tx: A0 C0 00 56 1733 Rx: 02 00 00 56 01 59 32 34 66 4e 53 72 7a 38 42 50 1734 32 37 34 6a 4f 4a 61 46 31 37 57 66 78 49 38 59 1735 4f 37 51 58 30 30 70 4d 58 6b 39 58 4d 4d 56 4f 1736 77 37 62 72 6f 61 4e 68 54 63 7a 75 46 71 35 33 1737 61 45 70 4f 6b 6b 33 4c 30 64 6d 40 65 61 70 73 1738 69 6d 2e 66 6f 1739 90 00 1741 // SIM-START.request AT-VERSION AT-ANY-ID-REQ 1742 Tx: A0 80 00 00 14 01A6 0014 120a0000 0f02000200010000 0D01 0000 1743 Rx: 61 60 1744 Tx: A0 C0 00 00 60 1745 Rx: 02 A6 00 60 12 0A 00 00 0E 16 00 51 59 32 34 66 1746 4E 53 72 7A 38 42 50 32 37 34 6A 4F 4A 61 46 31 1747 37 57 66 78 49 38 59 4F 37 51 58 30 30 70 4D 58 1748 6B 39 58 4D 4D 56 4F 77 37 62 72 6F 61 4E 68 54 1749 63 7A 75 46 71 35 33 61 45 70 4F 6B 6B 33 4C 30 1750 64 6D 40 65 61 70 73 69 6D 2E 66 6F 6F 00 00 00 1751 90 00 1753 // EAP-Request/SIM/Re-authentication 1754 Tx: A0 80 00 00 A4 01 01 00 a4 12 0d 00 00 81 05 00 1755 00 d5 85 ac 77 86 b9 03 36 65 7c 77 b4 65 75 b9 1756 c4 82 1d 00 00 68 62 91 a9 d2 ab c5 8c aa 32 94 1757 b6 e8 5b 44 84 6c 44 e5 dc b2 de 8b 9e 80 d6 9d 1758 49 85 8A 5d b8 4c dc 1c 9b c9 5c 01 b9 6b 6e ca 1759 31 34 74 ae a6 d3 14 16 e1 9d aa 9d f7 0f 05 00 1760 88 41 ca 80 14 96 4d 3b 30 a4 9b cf 43 e4 d3 f1 1761 8e 86 29 5a 4a 2b 38 d9 6c 97 05 c2 bb b0 5c 4A 1762 ac e9 7d 5e af f5 64 04 6c 8b d3 0b c3 9b e5 e1 1763 7a ce 2b 10 a6 0b 05 00 00 48 3a 17 99 b8 3d 7c 1764 d3 d0 a1 e4 01 d9 ee 47 70 1765 Rx: 61 44 1767 Tx: A0 C0 00 00 44 1769 // EAP-Response/SIM/Re-authentication 1770 Rx: 02 01 00 44 12 0D 00 00 81 05 00 00 CD F7 FF A6 1771 5D E0 4C 02 6B 56 C8 6B 76 B1 02 EA 82 05 00 00 1772 B6 ED D3 82 79 E2 A1 42 3C 1A FC 5C 45 5C 7D 56 1773 0B 05 00 00 FA F7 6B 71 FB E2 D2 55 B9 6A 35 66 1774 C9 15 C6 17 1775 90 00 1777 // EAP Success 1778 Tx: A0 80 00 00 04 03 01 00 04 1779 Rx: 90 00 1780 EAP Support in Smartcard December 2017 1782 // Get MSK 1783 Tx: A0 A6 00 00 40 1784 RX: 6263f614 973895e1 335f7e30 cff028ee 1785 2176f519 002c9abe 732fe0ef 00cf167c 1786 756d9e4c ed6d5ed6 40eb3fe3 8565ca07 1787 6e7fb8a8 17cfe8d9 adbce441 d47c4f5e 1788 90 00 1790 13 Annex 2, EAP-MD5 packet details 1792 The first EAP packet is the EAP Request Identity. This initial 1793 packet format complies with the RFC 3748. The smartcard returns an 1794 EAP response identity according to the NAI length. 1796 +--------+-----+-----+----+----+----+----+ 1797 |Command |Class| INS | P1 | P2 | Lc | Le | 1798 +--------+-----+-----+----+----+----+----+ 1799 | | A0 | 80 | 00 | 00 | 05 | YY | 1800 +--------+-----+-----+----+----+----+----+ 1802 The description of the EAP/Request/identity is detailed according to 1803 the [RFC 3748]. 1805 0 1 2 3 1806 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1807 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1808 | Request | Identifier | Length = 5 | 1809 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1810 | Type = 01 | 1811 +-+-+-+-+-+-+-+-+ 1813 The description of the EAP/Response/identity is detailed according 1814 to [RFC 3748]. 1816 0 1 2 3 1817 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1818 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1819 | Response | Identifier | Length | 1820 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1821 | Type = 01 | | 1822 |-+-+-+-+-+-+-+-+ Identity Value | 1823 | | 1824 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1826 The second EAP Packet is the EAP/request/MD5/challenge as 1827 represented in [RFC 3748]. 1829 EAP Support in Smartcard December 2017 1831 +--------+-----+-----+----+----+----+----+ 1832 |Command |Class| INS | P1 | P2 | Lc | Le | 1833 +--------+-----+-----+----+----+----+----+ 1834 | | A0 | 80 | 00 | 00 | XX | 16 | 1835 +--------+-----+-----+----+----+----+----+ 1836 The description of the EAP/Request/MD5/challenge is detailed 1837 according to [RFC 3748]. 1839 0 1 2 3 1840 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1841 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1842 | Request | Identifier | Length | 1843 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1844 | Type = 04 | | 1845 |-+-+-+-+-+-+-+-+ MD5-Challenge.Value | 1846 | | 1847 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1849 The description of the EAP/Response/MD5/challenge is detailed 1850 according to [RFC 3748]. 1852 0 1 2 3 1853 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1854 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1855 | Response | Identifier | Length = 16 | 1856 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1857 | Type = 04 | Type_Size=10 | | 1858 |-+-+-+-+-+-+-+-+---------------+ MD5 Digest Value | 1859 | | 1860 | | 1861 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1863 The third EAP Packet is the EAP success notification as represented 1864 in the IETF RFC 3748 [1]. 1865 +--------+-----+-----+----+----+----+----+ 1866 |Command |Class| INS | P1 | P2 | Lc | Le | 1867 +--------+-----+-----+----+----+----+----+ 1868 | | A0 | 80 | 00 | 00 | 04 | 00 | 1869 +--------+-----+-----+----+----+-- -+----+ 1871 0 1 2 3 1872 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1873 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1874 | Success | Identifier | Length = 04 | 1875 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1877 Further information can be retrieved from [RFC 3748]. 1879 EAP Support in Smartcard December 2017 1881 14 Annex 3 - TLS support. 1883 EAP-TLS smartcards securely store at least the following items 1884 - Client X509 certificate 1885 - Client Private RSA Key 1886 - Certification Authority Public Key 1888 14.1 Unix Time issue. 1890 As mentioned in [TLS] TLS RFC the client hello message includes a 32 1891 byte random number, whose first 4 bytes are interpreted as the Unix 1892 Time. As smartcard is not able to maintain a clock, this parameter 1893 MUST be added to the EAP-TLS Start message by the Smartcard 1894 Interface. 1896 +--------+-----+-----+----+----+----+----+ 1897 |Command |Class| INS | P1 | P2 | Lc | Le | 1898 +--------+-----+-----+----+----+----+----+ 1899 | | A0 | 80 | 00 | 00 | 0A | YY | 1900 +--------+-----+-----+----+----+----+----+ 1902 0 1 2 3 1903 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1904 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1905 | Code=01 | Identifier | Length = 6 | 1906 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1907 | Type = 13 | Flag=20 | Unix Time | 1908 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1909 | Unix Time | 1910 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1912 14.2 Fragment Maximum Size. 1914 A single TLS record may be up to 16384 octets in length, but a TLS 1915 message may span multiple TLS records, and a TLS certificate message 1916 may in principle be as long as 16MB. The group of EAP-TLS messages 1917 sent in a single round may thus be larger than the maximum RADIUS 1918 packet size of 4096 octets, or the maximum 802 LAN frame size. 1920 The chaining and extended length mechanisms identified in this 1921 document provide enough extension to manage incoming and outgoing 1922 EAP-TLS packets. Then, authenticator shall not necessary follow a 1923 specific fragment policy regarding whether EAP-TLS is provided by 1924 the smartcard or not. 1926 However, in order to prevent multiple segmentation and re-assembly 1927 operations, the maximum EAP message length of no fragmented packets 1928 issued by smartcard SHALL be set to an adapted value. 1930 EAP Support in Smartcard December 2017 1932 As defined in EAP-TLS, when the smartcard receives an EAP-Request 1933 packet with the M bit set, it MUST respond with an EAP-Response with 1934 EAP-Type=EAP-TLS and no data. This serves as a fragment ACK. 1936 14.3 EAP/TLS messages format. 1938 0 1 2 3 1939 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1940 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1941 | Code | Identifier | Length <= 240 | 1942 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1943 | Type = 13 | Flag | TLS Message Length | 1944 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1945 | TLS Message Length | TLS DATA | 1946 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1947 | | 1948 | | 1949 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1951 Flags 1952 0 1 2 3 4 5 6 7 1953 +-+-+-+-+-+-+-+-+ 1954 |L M S R R R R R| 1955 +-+-+-+-+-+-+-+-+ 1956 L = Length included. 1957 M = More fragments 1958 S = EAP-TLS start, set in an EAP-TLS Start message. 1959 R = Reserved 1960 EAP Support in Smartcard December 2017 1962 14.4 Example of EAP/TLS Authentication 1964 Smartcard Authentication Server 1965 <- EAP-Request/ 1966 Identity 1967 EAP-Response/ 1968 Identity (MyID) -> 1969 <- EAP-Request/ 1970 EAP-Type=EAP-TLS 1971 (TLS Start) 1972 EAP-Response/ 1973 EAP-Type=EAP-TLS 1974 TLS client_hello)-> 1975 <- EAP-Request/ 1976 EAP-Type=EAP-TLS 1977 (TLS server_hello, 1978 TLS certificate, 1979 TLS certificate_request, 1980 TLS server_hello_done) 1981 (Fragment 1: L, M bits set) 1982 EAP-Response/ 1983 EAP-Type=EAP-TLS -> 1984 <- PPP EAP-Request/ 1985 EAP-Type=EAP-TLS 1986 (Fragment 2) 1988 EAP-Type=EAP-TLS 1989 (TLS certificate, 1990 TLS client_key_exchange, 1991 TLS certificate_verify, 1992 TLS change_cipher_spec, 1993 TLS finished) -> 1994 <- EAP-Request/ 1995 EAP-Type=EAP-TLS 1996 (TLS change_cipher_spec, 1997 TLS finished) 1998 EAP-Response/ 1999 EAP-Type=EAP-TLS -> 2000 <- EAP-Success 2002 15 Annex 4 ASN.1 BER Tag coding for the subscriber profile information 2004 The subscriber profile is a collection of data associated to every 2005 identity. It can be used be the operating system of a wireless 2006 terminal in order to get information about user credentials. 2008 Various information MAY be also available. 2010 EAP Support in Smartcard December 2017 2012 15.1 ASN.1 Subscriber Profile Encoding 2014 15.1.1 EapID 2016 EapID ::= OCTET STRING 2018 The EAP-ID associated to the current identity. 2020 15.1.2 EapType 2022 EapType ::= INTEGER 2024 The EAP type associated to the current identity. 2026 15.1.3 Version 2028 Version ::= INTEGER 2030 The protocol version associated to an EAP type. 2032 15.1.4 User Credential 2034 UserCredential ::= SEQUENCE OF CredentialObject 2036 CredentialObject ::= SEQUENCE { 2037 ObjectValue SubscriberInformation 2038 } 2040 SubscriberInformation ::= CHOICE { 2042 SSIDList [0] IMPLICIT SEQUENCE OF { 2043 SSIDName OCTET STRING 2044 }, 2046 SubscriberCertificate [1] IMPLICIT SEQUENCE OF { 2047 Certificate X509Certificate 2048 }, 2050 RootCertificate [2] IMPLICIT SEQUENCE OF { 2051 Certificate X509Certificate 2052 } 2054 UserData [3] IMPLICIT SEQUENCE OF { 2055 { SubscriberFile UserFile 2056 } 2058 UserFile SEQUENCE OF { 2059 Name OCTET STRING, 2060 Value BIT STRING Value 2061 } 2062 EAP Support in Smartcard December 2017 2064 X509Certificate an ASN.1 definition, as described in [PKCS#6]. 2065 15.1.5 UserProfile 2067 UserProfile ::= SEQUENCE { 2068 ThisEapID EapID, 2069 ThisEapType EapType, 2070 ThisVersion Version, 2071 ThisCredential UserCredential 2072 } 2074 15.1.6 UserProfile encoding example 2076 30 82 xx yy 2077 04 05 31 32 33 34 35 EapID = 1235 2078 02 01 0D EapType = EAP-TLS 2079 02 01 01 Version = 1 2080 30 xx 2081 A0 0E 2082 04 05 61 62 63 64 65 SSID = abcde 2083 04 05 66 67 68 69 6A SSID = fghij 2084 A1 82 xx yy 2085 First X509Certificate 2086 Second X509Certificate 2087 A2 82 xx yy 2088 First Root X509Certificate 2089 Second Root X509Certificate 2090 A3 82 xx yy 2091 30 82 zz tt 2092 04 05 61 62 63 64 65 // Name = abcde 2093 03 82 zz tt 2094 File content 2095 EAP Support in Smartcard December 2017 2097 16 Annex 5 APDUs exchange example 2099 This annex shows ISO 7816 (T=0) TPDUs exchanged between the 2100 smartcard and the authentication agent 2102 // Select EAP application (AID= 11 22 33 44 55 66 01) 2103 Select.request: 00 A4 04 00 07 11 22 33 44 55 66 01 2104 Select.response: 90 00 2106 // Get current identity 2107 Get-Current-Identity.request: A0 18 00 00 00 2108 Get-Current-Identity.response 63 03 2109 // !Pin code is requested 2111 // PIN code verification (0000) 2112 Verify.request: A0 20 00 00 08 30 30 30 30 FF FF FF FF 2113 Verify.response: 90 00 2115 // Try again 2116 Get-Current-Identity.request: A0 18 00 00 00 2117 Get-Current-Identity.response: 6C 04 2118 Get-Current-Identity.request A0 18 00 00 04 2119 Get-Current-Identity.response: 61 62 63 64 90 00 2121 // Get-Next-Identity() 2122 Get-Next-Identity.request: A0 17 00 01 00 2123 Get-Next-Identity.response: 6C 04 2124 Get-Next-Identity.request: A0 17 00 01 04 2125 Get-Next-Identity.response: 61 62 63 64 90 00 2127 // Set-Identity() 2128 Set-Identity.request: A0 16 00 80 04 61 62 63 64 2129 Set-Identity.response: 90 00 2131 // Process EAP-Packets() 2132 EAP-Packet.request: A0 80 00 00 05 01 A5 00 05 01 2133 EAP-Packet.response: 61 09 2134 GetResponse.request: A0 C0 00 00 09 2135 GetResponse.response: 02 A5 00 09 01 61 62 63 64 90 00 2136 EAP-Packet.request A0 80 00 00 08 01 A6 00 08 04 02 12 34 2137 EAP-Packet.response: 61 16 2138 GetResponse.request: A0 C0 00 00 16 2139 GetResponse.response: 02 A6 00 16 04 10 CF A5 2D CD 63 5F 5C 6D 2140 55 B8 09 FD B7 BB EC 3C 90 00 2141 EAP Support in Smartcard December 2017 2143 17 Annex 6, EAP-TLS ISO7816 APDUs Trace (T=0 Protocol) 2145 17.1 EAP-TLS session parameters 2147 17.1.1 CA Public Key (2048 bits) 2149 modulus: 2150 00:a5:62:a0:41:52:9a:ec:8e:27:24:a1:0c:a2:45: 2151 68:e3:ed:bd:3d:64:9a:7c:c2:74:5a:e2:60:fa:ac: 2152 6d:0f:dd:4c:45:ce:9d:b9:74:4e:35:fd:74:cd:13: 2153 63:dd:dc:ce:19:25:b9:d7:06:31:13:d7:ea:1e:54: 2154 1a:07:36:eb:97:2f:88:19:58:c5:76:ec:f9:b3:71: 2155 66:fa:3a:4e:94:f9:04:98:ff:b0:7f:b0:dc:af:c3: 2156 c8:a6:35:3d:ab:d4:67:07:ff:c6:e8:f0:03:a5:f1: 2157 5b:00:c8:8f:36:a1:f3:88:e8:23:f1:04:c6:d4:26: 2158 af:37:ad:a2:54:83:ab:13:56:83:8e:6f:b4:3a:d3: 2159 63:95:00:ad:ec:57:5d:95:2d:01:f5:7b:ae:6c:b6: 2160 43:4b:da:2b:e1:ed:f4:ab:e1:75:27:0f:2e:06:5c: 2161 42:30:b4:5e:06:59:58:e4:4b:b6:0e:ba:71:d6:1c: 2162 a0:70:ac:b1:2c:b2:fe:6b:7d:d8:42:1d:45:9d:d5: 2163 4a:62:06:2e:e2:dc:88:5b:8b:72:45:ac:e1:24:ea: 2164 08:66:30:5f:8c:e6:52:12:37:70:04:b0:37:5c:09: 2165 1e:3b:d4:97:0c:9b:41:3f:86:08:d7:db:19:cb:07: 2166 a3:b9:cb:75:49:99:dc:20:cd:f0:db:52:19:4b:15: 2167 f1:6d 2168 publicExponent: 65537 (0x10001) 2170 17.1.2 Server Public Key (1024 bits) 2171 modulus: 2172 00:bc:67:01:3c:b9:15:ec:12:81:e6:5a:4d:af:49: 2173 80:1d:db:6d:5c:f3:0c:fd:2f:f6:3f:5d:37:79:29: 2174 c7:39:1b:fd:76:6f:67:dd:0f:e9:e8:42:51:43:ba: 2175 46:ae:95:ff:76:91:9f:30:a3:9c:45:9a:22:f2:2b: 2176 75:66:52:97:95:c3:2f:ee:7d:cf:c9:dc:de:11:69: 2177 a3:46:ef:e8:25:24:62:14:df:02:2b:ad:f9:83:b9: 2178 3c:bb:a8:1c:44:c1:5a:11:39:70:1b:69:f9:95:4c: 2179 9b:d2:fd:fa:1a:e4:01:e3:bd:6f:d0:6c:f5:85:41: 2180 3c:28:ae:80:2b:46:70:a8:f3 2181 publicExponent: 65537 (0x10001) 2183 17.1.3 Client Private Key (1024 bits) 2184 modulus: // N 2185 00:de:7d:0e:f5:1d:17:16:c0:6f:51:b0:4c:ef:2e: 2186 c6:ca:f4:d8:66:01:bc:7b:21:12:37:ce:dc:61:72: 2187 f3:c8:ff:83:5c:2f:f5:2b:f8:f0:0f:bd:89:86:6a: 2188 3f:c2:8b:3b:bd:c7:98:fd:4b:1d:67:8f:85:66:12: 2189 74:6f:64:74:d0:31:07:46:04:ba:b1:74:70:b1:fc: 2190 d9:42:44:f8:97:c2:74:b9:45:5c:84:15:33:ec:4a: 2191 cb:41:d2:6e:7c:6d:bd:bc:cd:3e:64:ff:8f:33:63: 2192 fe:06:55:69:96:c6:96:fa:17:db:f8:7f:eb:5b:fe: 2193 00:3e:d1:8e:42:83:62:be:c3 2194 EAP Support in Smartcard December 2017 2196 publicExponent: 65537 (0x10001) 2197 privateExponent: 2198 00:9f:ad:4b:5d:d9:79:e7:a7:46:7d:6f:35:57:f7: 2199 cf:4e:7b:f9:0f:04:b1:fc:00:99:2d:9a:76:0a:2e: 2200 51:0e:71:6b:1a:6f:84:db:01:37:71:64:8b:5d:ff: 2201 c5:30:df:72:89:da:c5:4f:0c:68:d7:19:67:19:01: 2202 a7:b5:06:78:da:57:2f:2f:f6:c5:ce:75:b7:ca:9d: 2203 b2:f8:5a:62:27:40:b2:5c:42:f3:78:fd:42:f6:1a: 2204 56:44:a3:42:94:24:f6:37:53:fc:78:42:06:8a:1a: 2205 0b:43:cf:f8:92:60:8d:10:61:2c:ff:d3:79:ba:78: 2206 ed:f7:28:fb:61:dc:88:37:91 2207 prime1: // P 2208 00:fc:30:c8:10:41:80:f7:f2:1a:0c:28:2b:58:a0: 2209 44:3e:01:13:91:66:4f:96:27:0e:c3:0a:4f:58:b5: 2210 73:9a:3c:7a:fa:b9:19:8f:2b:32:8b:c8:bf:6c:77: 2211 b3:4d:e5:71:80:e5:74:9a:76:a5:c0:41:14:81:76: 2212 e0:9b:46:bd:db 2213 prime2: // Q 2214 00:e1:d9:6b:5e:41:2d:3e:b9:2a:a8:6b:6e:d0:fc: 2215 aa:b1:df:a7:4e:90:8d:11:54:7c:0d:ea:64:d5:f5: 2216 c1:d1:2b:02:77:b2:d2:6e:d8:93:56:ad:ee:ca:5a: 2217 c0:92:64:4b:b8:d8:f4:a2:8c:f0:18:17:64:51:0b: 2218 db:04:f3:3b:39 2219 exponent1: // DP1 2220 00:db:27:a9:34:37:38:54:3f:d7:d2:e8:b5:82:77: 2221 03:d6:be:28:bb:1a:25:df:5e:61:bd:ac:9f:f7:7e: 2222 f7:ce:f8:f0:06:22:04:cc:1d:c5:f7:23:a4:f6:25: 2223 af:73:ea:08:10:f3:55:b9:45:92:14:d8:79:71:68: 2224 55:17:9b:0a:31 2225 exponent2: // DQ1 2226 37:87:0e:27:d9:5c:77:6c:6d:39:85:58:74:97:7a: 2227 9c:4b:01:c6:86:31:b8:ce:0d:c6:1a:17:fa:a6:f6: 2228 a5:27:ae:ee:a1:0f:ad:e3:1f:ae:93:0a:ff:c3:7a: 2229 4f:43:cb:7e:42:11:3b:99:ed:39:ef:1e:61:f2:c9: 2230 41:99:4f:b9 2231 coefficient: //PQ 2232 5f:88:21:11:1f:0d:f0:cd:56:47:4f:1f:64:81:0e: 2233 d1:02:eb:39:42:01:c7:e4:4b:b6:31:65:2a:fd:51: 2234 11:1f:cd:3a:68:d4:e8:3c:4e:47:c1:ce:76:6b:2b: 2235 52:bd:76:dd:71:81:76:0f:69:9a:94:c3:41:3a:2e: 2236 c9:47:3c:e5 2238 17.2 Full EAP-TLS trace (mode 2) 2240 // TLS-START + GMT-UNIX-TIME 2241 Tx: A080000000A 011400060D20 3FAA2B6A 2242 Rx: 6150 2244 Tx: A0C0000050 // Read Client Hello 2245 Rx: 021400500D800000004616030100410100003D03013FAA2B6A08BDD285B43D1F 2246 3BC9715FC9F85FC453FE58F3A9E07FF397CD65392200001600040005000A0009 2247 EAP Support in Smartcard December 2017 2249 006400620003000600130012006301009000 2251 // Forward Server_Hello frag#1 1396 octets, total size = 4710 octets 2252 // eap.request#15 2254 Tx: A0800100F0011505740DC00000126616030112610200004603013FAA2B9BCC3D 2255 6179E2D7E78460A2596342C5014289B753209CA02A31DEDB9142206124000089 2256 2B16D27FEBD10B93D1EFC224C322B69B994C1A8FB2B5BD4094861A0004000B00 2257 05A80005A50005A23082059E30820486A003020102020A613116E50000000000 2258 03300D06092A864886F70D0101050500305231123010060A0992268993F22C64 2259 01191602667231143012060A0992268993F22C6401191604656E737431153013 2260 060A0992268993F22C64011916056261647261310F300D060355040313066361 2261 77696669301E170D3033313030323135323331345A 2262 Rx: 9000 2264 Tx: A0800100F0170D3035313030313135323331345A3066310B3009060355040613 2265 024652311630140603550408130D696C65206465206672616E6365310E300C06 2266 0355040713057061726973310D300B060355040A1304656E7374310F300D0603 2267 55040B1306696E66726573310F300D06035504031306616B6B61723130819F30 2268 0D06092A864886F70D010101050003818D0030818902818100BC67013CB915EC 2269 1281E65A4DAF49801DDB6D5CF30CFD2FF63F5D377929C7391BFD766F67DD0FE9 2270 E8425143BA46AE95FF76919F30A39C459A22F22B7566529795C32FEE7DCFC9DC 2271 DE1169A346EFE825246214DF022BADF983B93CBBA8 2272 Rx: 9000 2274 Tx: A0800100F01C44C15A1139701B69F9954C9BD2FDFA1AE401E3BD6FD06CF58541 2275 3C28AE802B4670A8F30203010001A38202E4308202E0300B0603551D0F040403 2276 0205A0304406092A864886F70D01090F04373035300E06082A864886F70D0302 2277 02020080300E06082A864886F70D030402020080300706052B0E030207300A06 2278 082A864886F70D030730130603551D25040C300A06082B06010505070301301D 2279 0603551D0E04160414234B9E6578CB280E3D968C5B6C4EA0911C1A7F73301F06 2280 03551D23041830168014E56DC55020881E3900398AF99EE0789DA4230F893081 2281 FB0603551D1F0481F33081F03081EDA081EAA081E7 2282 Rx: 9000 2284 Tx: A0800100F08681B16C6461703A2F2F2F434E3D6361776966692C434E3D616B6B 2285 6172312C434E3D4344502C434E3D5075626C69632532304B6579253230536572 2286 76696365732C434E3D53657276696365732C434E3D436F6E6669677572617469 2287 6F6E2C44433D62616472612C44433D656E73742C44433D66723F636572746966 2288 69636174655265766F636174696F6E4C6973743F626173653F6F626A65637443 2289 6C6173733D63524C446973747269627574696F6E506F696E748631687474703A 2290 2F2F616B6B6172312E62616472612E656E73742E66722F43657274456E726F6C 2291 6C2F6361776966692E63726C3082011306082B0601 2292 Rx: 9000 2294 Tx: A0800100F0050507010104820105308201013081AA06082B0601050507300286 2295 819D6C6461703A2F2F2F434E3D6361776966692C434E3D4149412C434E3D5075 2296 626C69632532304B657925323053657276696365732C434E3D53657276696365 2297 732C434E3D436F6E66696775726174696F6E2C44433D62616472612C44433D65 2298 6E73742C44433D66723F634143657274696669636174653F626173653F6F626A 2299 656374436C6173733D63657274696669636174696F6E417574686F7269747930 2300 EAP Support in Smartcard December 2017 2302 5206082B060105050730028646687474703A2F2F616B6B6172312E6261647261 2303 2E656E73742E66722F43657274456E726F6C6C2F61 2304 Rx: 9000 2306 Tx: A0800000C46B6B6172312E62616472612E656E73742E66725F6361776966692E 2307 637274302106092B060104018237140204141E12005700650062005300650072 2308 007600650072300D06092A864886F70D01010505000382010100946E33F7044A 2309 18F16E18337D8A22A230415DF07766ED94835E8A1FCBB7B16571D6EC6A9564AA 2310 C163383D17B223C29AB57825AE36156083249AA0A8EABED8C880D7E1EE58A301 2311 9D04D935EA3C6427052FDE1CCB60681691436C3580439F4C592ABA6489D43ABF 2312 EF9660EF60DA97FDA9 2313 Rx: 6106 2315 Tx: A0C0000006 // READ ACK#15 2316 Rx: 021500060D009000 2318 // Transfer Server Hello frag#2 1396 octets eap.request#16 2320 Tx: A0800100F0011605740D40E8436722315A8D1479DCA19BFFC9F6B15A538D80E1 2321 A0C107F079DF79DB2674DD914481C8E1B388577645C100F44F4EC3A7E077CC4B 2322 3AC3577FD1CD0575E651FF1BCD6C716402DD83858563EC791593018CEB0BD9DB 2323 12F4B2E8D19FC185787E1717265BA3E11E76E343D2DA8AD83C77188E4E96C049 2324 B3F3B7BCB886BB574858FE331EE4407AA893212C171B1883A3B0EA580D000C63 2325 0201020C5E00C43081C1310B300906035504061302555331173015060355040A 2326 130E566572695369676E2C20496E632E313C303A060355040B1333436C617373 2327 2031205075626C6963205072696D61727920436572 2328 Rx: 9000 2330 Tx: A0800100F074696669636174696F6E20417574686F72697479202D204732313A 2331 3038060355040B1331286329203139393820566572695369676E2C20496E632E 2332 202D20466F7220617574686F72697A656420757365206F6E6C79311F301D0603 2333 55040B1316566572695369676E205472757374204E6574776F726B00C43081C1 2334 310B300906035504061302555331173015060355040A130E566572695369676E 2335 2C20496E632E313C303A060355040B1333436C6173732034205075626C696320 2336 5072696D6172792043657274696669636174696F6E20417574686F7269747920 2337 2D204732313A3038060355040B1331286329203139 2338 Rx: 9000 2340 Tx: A0800100F0393820566572695369676E2C20496E632E202D20466F7220617574 2341 686F72697A656420757365206F6E6C79311F301D060355040B13165665726953 2342 69676E205472757374204E6574776F726B00D43081D1310B3009060355040613 2343 025A41311530130603550408130C5765737465726E2043617065311230100603 2344 55040713094361706520546F776E311A3018060355040A131154686177746520 2345 436F6E73756C74696E6731283026060355040B131F4365727469666963617469 2346 6F6E205365727669636573204469766973696F6E312430220603550403131B54 2347 686177746520506572736F6E616C20467265656D61 2348 Rx: 9000 2350 Tx: A0800100F0696C204341312B302906092A864886F70D010901161C706572736F 2351 6E616C2D667265656D61696C407468617774652E636F6D00D23081CF310B3009 2352 060355040613025A41311530130603550408130C5765737465726E2043617065 2353 EAP Support in Smartcard December 2017 2355 31123010060355040713094361706520546F776E311A3018060355040A131154 2356 686177746520436F6E73756C74696E6731283026060355040B131F4365727469 2357 6669636174696F6E205365727669636573204469766973696F6E312330210603 2358 550403131A54686177746520506572736F6E616C205072656D69756D20434131 2359 2A302806092A864886F70D010901161B706572736F 2360 Rx: 9000 2362 Tx: A0800100F06E616C2D7072656D69756D407468617774652E636F6D0086308183 2363 310B3009060355040613025553312D302B060355040A13244669727374204461 2364 7461204469676974616C2043657274696669636174657320496E632E31453043 2365 0603550403133C46697273742044617461204469676974616C20436572746966 2366 69636174657320496E632E2043657274696669636174696F6E20417574686F72 2367 69747900CE3081CB310B3009060355040613025A41311530130603550408130C 2368 5765737465726E204361706531123010060355040713094361706520546F776E 2369 311A3018060355040A131154686177746520436F6E 2370 Rx: 9000 2372 Tx: A0800000C473756C74696E6731283026060355040B131F436572746966696361 2373 74696F6E205365727669636573204469766973696F6E3121301F060355040313 2374 1854686177746520506572736F6E616C2042617369632043413128302606092A 2375 864886F70D0109011619706572736F6E616C2D6261736963407468617774652E 2376 636F6D0061305F310B300906035504061302555331173015060355040A130E56 2377 6572695369676E2C20496E632E31373035060355040B132E436C617373203320 2378 5075626C6963205072 2379 Rx: 6106 2381 Tx: A0C0000006 // Read ACK#16 2382 Rx: 021600060D009000 2384 // Transfer Server Hello frag#3 1396 octets eap.request#17 2386 Tx: A0800100F0011705740D40696D6172792043657274696669636174696F6E2041 2387 7574686F726974790061305F310B300906035504061302555331173015060355 2388 040A130E566572695369676E2C20496E632E31373035060355040B132E436C61 2389 73732032205075626C6963205072696D6172792043657274696669636174696F 2390 6E20417574686F726974790061305F310B300906035504061302555331173015 2391 060355040A130E566572695369676E2C20496E632E31373035060355040B132E 2392 436C6173732031205075626C6963205072696D61727920436572746966696361 2393 74696F6E20417574686F7269747900C43081C1310B 2394 Rx: 9000 2396 Tx: A0800100F0300906035504061302555331173015060355040A130E5665726953 2397 69676E2C20496E632E313C303A060355040B1333436C6173732033205075626C 2398 6963205072696D6172792043657274696669636174696F6E20417574686F7269 2399 7479202D204732313A3038060355040B13312863292031393938205665726953 2400 69676E2C20496E632E202D20466F7220617574686F72697A656420757365206F 2401 6E6C79311F301D060355040B1316566572695369676E205472757374204E6574 2402 776F726B009C308199310B30090603550406130248553111300F060355040713 2403 08427564617065737431273025060355040A131E4E 2404 Rx: 9000 2405 EAP Support in Smartcard December 2017 2407 Tx: A0800100F065744C6F636B2048616C6F7A617462697A746F6E73616769204B66 2408 742E311A3018060355040B131154616E7573697476616E796B6961646F6B3132 2409 3030060355040313294E65744C6F636B20557A6C6574692028436C6173732042 2410 292054616E7573697476616E796B6961646F00473045310B3009060355040613 2411 02555331183016060355040A130F47544520436F72706F726174696F6E311C30 2412 1A06035504031313475445204379626572547275737420526F6F740077307531 2413 0B300906035504061302555331183016060355040A130F47544520436F72706F 2414 726174696F6E31273025060355040B131E47544520 2415 Rx: 9000 2417 Tx: A0800100F04379626572547275737420536F6C7574696F6E732C20496E632E31 2418 2330210603550403131A475445204379626572547275737420476C6F62616C20 2419 526F6F7400C63081C3310B300906035504061302555331143012060355040A13 2420 0B456E74727573742E6E6574313B3039060355040B13327777772E656E747275 2421 73742E6E65742F43505320696E636F72702E206279207265662E20286C696D69 2422 7473206C6961622E2931253023060355040B131C286329203139393920456E74 2423 727573742E6E6574204C696D69746564313A303806035504031331456E747275 2424 73742E6E6574205365637572652053657276657220 2425 Rx: 9000 2427 Tx: A0800100F043657274696669636174696F6E20417574686F7269747900B23081 2428 AF310B30090603550406130248553110300E0603550408130748756E67617279 2429 3111300F06035504071308427564617065737431273025060355040A131E4E65 2430 744C6F636B2048616C6F7A617462697A746F6E73616769204B66742E311A3018 2431 060355040B131154616E7573697476616E796B6961646F6B3136303406035504 2432 03132D4E65744C6F636B204B6F7A6A6567797A6F692028436C61737320412920 2433 54616E7573697476616E796B6961646F00C43081C1310B300906035504061302 2434 555331173015060355040A130E566572695369676E 2435 Rx: 9000 2437 Tx: A0800000C42C20496E632E313C303A060355040B1333436C6173732032205075 2438 626C6963205072696D6172792043657274696669636174696F6E20417574686F 2439 72697479202D204732313A3038060355040B1331286329203139393820566572 2440 695369676E2C20496E632E202D20466F7220617574686F72697A656420757365 2441 206F6E6C79311F301D060355040B1316566572695369676E205472757374204E 2442 6574776F726B0070306E310B300906035504061302555331183016060355040A 2443 130F47544520436F72 2444 Rx: 6106 2446 Tx: A0C0000006 // Transfer ACK#17 2447 RX: 021700060D009000 2449 // Read Server Hello frag#4 550 octets eap.request#18 2450 Tx: A0800100F0011802260D00706F726174696F6E31273025060355040B131E4754 2451 45204379626572547275737420536F6C7574696F6E732C20496E632E311C301A 2452 06035504031313475445204379626572547275737420526F6F74009E30819B31 2453 0B30090603550406130248553111300F06035504071308427564617065737431 2454 273025060355040A131E4E65744C6F636B2048616C6F7A617462697A746F6E73 2455 616769204B66742E311A3018060355040B131154616E7573697476616E796B69 2456 61646F6B313430320603550403132B4E65744C6F636B20457870726573737A20 2457 28436C6173732043292054616E7573697476616E79 2458 EAP Support in Smartcard December 2017 2460 Rx: 9000 2462 Tx: A0800100F06B6961646F0054305231123010060A0992268993F22C6401191602 2463 667231143012060A0992268993F22C6401191604656E737431153013060A0992 2464 268993F22C64011916056261647261310F300D06035504031306636177696669 2465 00723070312B3029060355040B1322436F707972696768742028632920313939 2466 37204D6963726F736F667420436F72702E311E301C060355040B13154D696372 2467 6F736F667420436F72706F726174696F6E3121301F060355040313184D696372 2468 6F736F667420526F6F7420417574686F726974790061305F31133011060A0992 2469 268993F22C6401191603636F6D31193017060A0992 2470 Rx: 9000 2472 Tx: A080000046268993F22C64011916096D6963726F736F6674312D302B06035504 2473 0313244D6963726F736F667420526F6F74204365727469666963617465204175 2474 74686F726974790E000000 2475 Rx: 9F00 2477 // Transfer Smartcard Response, eap.response#18 2479 // 1st fragment 1594 bytes - 05D6 - Code=2 id=18 2480 // Length=1494 Type=0D Flag=C0 Size=1825 2482 Tx: A012000000 2483 Rx: 021805D60DC00000072116030106F10B0005E10005DE0005DB308205D7308204 2484 BFA003020102020A61253DFF000000000006300D06092A864886F70D01010505 2485 00305231123010060A0992268993F22C6401191602667231143012060A099226 2486 8993F22C6401191604656E737431153013060A0992268993F22C640119160562 2487 61647261310F300D06035504031306636177696669301E170D30333131303630 2488 39333635395A170D3034313130353039333635395A306231123010060A099226 2489 8993F22C6401191602667231143012060A0992268993F22C6401191604656E73 2490 7431153013060A0992268993F22C64011916056261647261310E300C06035504 2491 9F00 2493 Tx: A012000000 2494 Rx: 0313055573657273310F300D0603550403130668616A6A656830819F300D0609 2495 2A864886F70D010101050003818D0030818902818100DE7D0EF51D1716C06F51 2496 B04CEF2EC6CAF4D86601BC7B211237CEDC6172F3C8FF835C2FF52BF8F00FBD89 2497 866A3FC28B3BBDC798FD4B1D678F856612746F6474D031074604BAB17470B1FC 2498 D94244F897C274B9455C841533EC4ACB41D26E7C6DBDBCCD3E64FF8F3363FE06 2499 556996C696FA17DBF87FEB5BFE003ED18E428362BEC30203010001A382032130 2500 82031D300B0603551D0F0404030205A0304406092A864886F70D01090F043730 2501 35300E06082A864886F70D030202020080300E06082A864886F70D0304020200 2502 9F00 2504 Tx: A012000000 2505 Rx: 80300706052B0E030207300A06082A864886F70D0307301D0603551D0E041604 2506 14526E170649667E12FD1EC69D4CC8A02640B75928301706092B060104018237 2507 1402040A1E080055007300650072301F0603551D23041830168014E56DC55020 2508 881E3900398AF99EE0789DA4230F893081FB0603551D1F0481F33081F03081ED 2509 A081EAA081E78681B16C6461703A2F2F2F434E3D6361776966692C434E3D616B 2510 6B6172312C434E3D4344502C434E3D5075626C69632532304B65792532305365 2511 EAP Support in Smartcard December 2017 2513 7276696365732C434E3D53657276696365732C434E3D436F6E66696775726174 2514 696F6E2C44433D62616472612C44433D656E73742C44433D66723F6365727469 2515 9F00 2517 Tx: A012000000 2518 Rx: 6669636174655265766F636174696F6E4C6973743F626173653F6F626A656374 2519 436C6173733D63524C446973747269627574696F6E506F696E74863168747470 2520 3A2F2F616B6B6172312E62616472612E656E73742E66722F43657274456E726F 2521 6C6C2F6361776966692E63726C3082011306082B060105050701010482010530 2522 8201013081AA06082B0601050507300286819D6C6461703A2F2F2F434E3D6361 2523 776966692C434E3D4149412C434E3D5075626C69632532304B65792532305365 2524 7276696365732C434E3D53657276696365732C434E3D436F6E66696775726174 2525 696F6E2C44433D62616472612C44433D656E73742C44433D66723F6341436572 2526 9F00 2528 Tx: A012000000 2529 Rx: 74696669636174653F626173653F6F626A656374436C6173733D636572746966 2530 69636174696F6E417574686F72697479305206082B0601050507300286466874 2531 74703A2F2F616B6B6172312E62616472612E656E73742E66722F43657274456E 2532 726F6C6C2F616B6B6172312E62616472612E656E73742E66725F636177696669 2533 2E63727430290603551D2504223020060A2B0601040182370A030406082B0601 2534 050507030406082B06010505070302302F0603551D1104283026A024060A2B06 2535 0104018237140203A0160C1468616A6A65684062616472612E656E73742E6672 2536 300D06092A864886F70D0101050500038201010013A233AA6EDB4282A69EF9D0 2537 9FD6 2539 Tx: A0120000D6 2540 Rx: 23D51F32FD0B97AF03C4BACD6B7ED5C155110EBACC3F0FAD6D853DEE845CC33D 2541 0E9D8ECC7514295F854D16F6409DFEB61A60C9A1EF0BC09AD3C1A93BEE546B2D 2542 F9DBAB8AD9A90AAB5CEE35FF6751275873D1C5093339B4ADEA0F40C54754DAE7 2543 461966322B5772B460B7FA2F5985D496C52CAF7456DF2D78E4DE9B1C48F2ACB9 2544 87BA9BDE3D1624645330F0FBF0103C547DA547C1F03B1C2BB5CDD06D38D2ABFA 2545 FD06387235E8E49DEDCB7E2B7E80A15B1317A04ECF1ADBF475AC82D67514A6EF 2546 5EBFFAD40D5D5F7395179677703BFC3A9D34623BD28E9000 2548 // Read ACK#19 2549 Tx: A080000006011900060D00 2550 Rx: 9F00 2552 // Transfer 2nd fragment, 347 bytes, Code=2 id=19 Length=347 2553 // Type=0D Flag=00 2554 // 2555 Tx: A012000000 2556 Rx: 0219015B0D00C9186A1078130652552D5CFEF1B6CDBA5197910A4C87CAD1F92F 2557 A7EB7A0B1000008200808FD83C571FE7D71E76A86405BDBC95BA4BD67A48F4BD 2558 8084F4F944C1ACDF1FACF85FFC111BE3CE8AFFB48F6DA6C5477761A34C7889CB 2559 148DA42141BBC1E942BAC8752B7FD255574F654DBED3DEF89EE0F79BEEBF43DC 2560 737F158F99C17A2461B2C5D5E2A75FCBBD7F5275AD781127300E46EC61408EF2 2561 BABC200F85363926301E0F0000820080BDD2429D21DAE14D9727D2F715BF30A6 2562 5E61C7608D5C0B6035BCCC014BAFE24BB98550AF86E13B6D8D371E5A922D20DD 2563 338B563B7E9C9AF0EF9110C77B468A651915575D348A7D29B89CC5A8D4B8AA71 2564 EAP Support in Smartcard December 2017 2566 9F5B 2568 Tx: A01200005B 2569 Rx: 5D53E340E6E7AD6B6E3438F358B870C5DA5E61C45EE5E3F9454219F48A34CC98 2570 10A946F0C652675E3CA81ABA229309B71403010001011603010020C97EBCFF0C 2571 20271CAE21FAA80898278660D393CB4C640390CDEB14592A0392F79000 2573 // Transfer Server last message, eap request #1A 2574 Tx: A080000035011A00350D800000002B14030100010116030100209255D2089E41 2575 30B5984AF43B604A108AA11376F368E71BCF81EEFEBC00289C1C 2576 Rx: 6106 2578 // Read ACK#1A 2579 Tx: A0C0000006 2580 Rx: 021A00060D009000 2582 // Read MSK 2583 Tx: A0A6000040 2584 Rx: 8F0A6773E9C0264015861CE712C9A692844A28B6D5641E4D90D38994A94A2C6D 2585 B7CD0C7DCBD83D45B2DB1D6598FE696A10176E21B62D8A33AD2970A560CE5E84 2586 9000 2587 // 2588 17.3 EAP-TLS mode1 ISO7816 trace (T=0 protocol) 2590 The EAP-TLS smartcard mode1, supports five functions 2591 - Public Key Encryption, with the server public key 2592 - Private Key Encryption, with the client private key 2593 - Public Key decryption, with the Certification Authority (CA) 2594 public key 2595 - Reading of the client's certificate 2596 - Random Number Generator 2598 In this mode the EAP-TLS smartcard interface doesn't provide RSA 2599 functions. Furthermore all client's parameters (RSA keys and 2600 certificate) are stored in the smartcard. 2602 // Set-Identity (abc TLS) type=TLS 2603 Tx: A016800003616263 2604 Rx: 9000 2606 // RANDOM Number Generator 2607 Tx: A060 0200 1C // 28 bytes 2608 Rx: 08BDD285B43D1F3BC9715FC9F85FC453FE58F3A9E07FF397CD653922 2610 // Set Server Public KEY (FCT = Initialize + Public-Encrypt) 2611 Tx: A0604800870080bc67013cb915ec1281e65a4daf49801ddb6d5cf30cfd2ff63f 2612 5d377929c7391bfd766f67dd0fe9e8425143ba46ae95ff76919f30a39c459a22 2613 f22b7566529795c32fee7dcfc9dcde1169a346efe825246214df022badf983b9 2614 cbba81c44c15a1139701b69f9954c9bd2fdfa1ae401e3bd6fd06cf585413c28a 2615 e802b4670a8f30003010001 2616 EAP Support in Smartcard December 2017 2618 // Pre-Master Secret Encryption with the Server Public Key 2619 // FCT = Do-Final + Public-Encrypt 2620 Tx: A0600800300301c5a68fb75123308e2ddbb27b63fe021e8724e7bc5c17078b3b 2621 3f90ba00d128f80b07ad786b6de36e5f94ffdfeb49 2622 RX: 6180 2623 TX: 8fd83c571fe7d71e76a86405bdbc95ba4bd67a48f4bd8084f4f944c1acdf1fac 2624 f85ffc111be3ce8affb48f6da6c5477761a34c7889cb148da42141bbc1e942ba 2625 c8752b7fd255574f654dbed3def89ee0f79beebf43dc737f158f99c17a2461b2 2626 c5d5e2a75fcbbd7f5275ad781127300e46ec61408ef2babc200f85363926301e 2628 // Private Encrypt with Client Private Key 2629 // FCT = Do-Final + Private-Encrypt 2630 // (Client Certificate Verify) 2631 Tx: A0604002249c0326e6d899fa802cc981b86e9b65f41234db8e2456e5f3dccd68 2632 a34f25b4e72153f50e 2633 Rx: 6180 2634 Tx: A0C0000080 2635 Rx: bdd2429d21dae14d9727d2f715bf30a65e61c7608d5c0b6035bccc014bafe24b 2636 b98550af86e13b6d8d371e5a922d20dd338b563b7e9c9af0ef9110c77b468a65 2637 1915575d348a7d29b89cc5a8d4b8aa715d53e340e6e7ad6b6e3438f358b870c5 2638 da5e61c45ee5e3f9454219f48a34cc9810a946f0c652675e3ca81aba229309b7 2640 // Public Decrypt#1 with CA public key, first byte 2641 // FCT = Do-Final + Index#1 + Public-Decrypt 2642 // Checking of server certificate 2643 Tx: A061 1B 00 01 13 2644 Rx: 9000 2645 // Public Decrypt#1 (with CA public key, 255 bytes) 2646 Tx: A0601A00FFA233AA6EDB4282A69EF9D023D51F32FD0B97AF03C4BACD6B7ED5C1 2647 55110EBACC3F0FAD6D853DEE845CC33D0E9D8ECC7514295F854D16F6409DFEB6 2648 1A60C9A1EF0BC09AD3C1A93BEE546B2DF9DBAB8AD9A90AAB5CEE35FF67512758 2649 73D1C5093339B4ADEA0F40C54754DAE7461966322B5772B460B7FA2F5985D496 2650 C52CAF7456DF2D78E4DE9B1C48F2ACB987BA9BDE3D1624645330F0FBF0103C54 2651 7DA547C1F03B1C2BB5CDD06D38D2ABFAFD06387235E8E49DEDCB7E2B7E80A15B 2652 1317A04ECF1ADBF475AC82D67514A6EF5EBFFAD40D5D5F7395179677703BFC3A 2653 9D34623BD28EC9186A1078130652552D5CFEF1B6CDBA5197910A4C87CAD1F92F 2654 A7EB7A0B 2655 Rx: 6123 2656 Tx: A0C0000023 // Certificate Hash 2657 Rx: 3021300906052B0E03021A0500041429A563710F25832AFB692E44F4B9AFF36F 2658 BE91A79000 2660 // Read Client Certificate 2661 Tx: A060000000 // Certificate 1st fragment 2662 Rx: 308205D7308204BFA003020102020A61253DFF000000000006300D06092A8648 2663 86F70D0101050500305231123010060A0992268993F22C640119160266723114 2664 3012060A0992268993F22C6401191604656E737431153013060A0992268993F2 2665 2C64011916056261647261310F300D06035504031306636177696669301E170D 2666 3033313130363039333635395A170D3034313130353039333635395A30623112 2667 3010060A0992268993F22C6401191602667231143012060A0992268993F22C64 2668 01191604656E737431153013060A0992268993F22C6401191605626164726131 2669 EAP Support in Smartcard December 2017 2671 0E300C060355040313055573657273310F300D0603550403130668616A6A6568 2672 9F00 2673 Tx: A012000000 // Certificate 2nd fragment 2674 Rx: 30819F300D06092A864886F70D010101050003818D0030818902818100DE7D0E 2675 F51D1716C06F51B04CEF2EC6CAF4D86601BC7B211237CEDC6172F3C8FF835C2F 2676 F52BF8F00FBD89866A3FC28B3BBDC798FD4B1D678F856612746F6474D0310746 2677 04BAB17470B1FCD94244F897C274B9455C841533EC4ACB41D26E7C6DBDBCCD3E 2678 64FF8F3363FE06556996C696FA17DBF87FEB5BFE003ED18E428362BEC3020301 2679 0001A38203213082031D300B0603551D0F0404030205A0304406092A864886F7 2680 0D01090F04373035300E06082A864886F70D030202020080300E06082A864886 2681 F70D030402020080300706052B0E030207300A06082A864886F70D0307301D06 2682 9F00 2683 Tx: A012000000 // Certificate 3rd fragment 2684 Rx: 03551D0E04160414526E170649667E12FD1EC69D4CC8A02640B7592830170609 2685 2B0601040182371402040A1E080055007300650072301F0603551D2304183016 2686 8014E56DC55020881E3900398AF99EE0789DA4230F893081FB0603551D1F0481 2687 F33081F03081EDA081EAA081E78681B16C6461703A2F2F2F434E3D6361776966 2688 692C434E3D616B6B6172312C434E3D4344502C434E3D5075626C69632532304B 2689 657925323053657276696365732C434E3D53657276696365732C434E3D436F6E 2690 66696775726174696F6E2C44433D62616472612C44433D656E73742C44433D66 2691 723F63657274696669636174655265766F636174696F6E4C6973743F62617365 2692 9F00 2693 Tx: A012000000 // Certificate 4th fragment 2694 Rx: 3F6F626A656374436C6173733D63524C446973747269627574696F6E506F696E 2695 748631687474703A2F2F616B6B6172312E62616472612E656E73742E66722F43 2696 657274456E726F6C6C2F6361776966692E63726C3082011306082B0601050507 2697 010104820105308201013081AA06082B0601050507300286819D6C6461703A2F 2698 2F2F434E3D6361776966692C434E3D4149412C434E3D5075626C69632532304B 2699 657925323053657276696365732C434E3D53657276696365732C434E3D436F6E 2700 66696775726174696F6E2C44433D62616472612C44433D656E73742C44433D66 2701 723F634143657274696669636174653F626173653F6F626A656374436C617373 2702 9F00 2703 Tx: A012000000 // Certificate 5th fragment 2704 Rx: 3D63657274696669636174696F6E417574686F72697479305206082B06010505 2705 0730028646687474703A2F2F616B6B6172312E62616472612E656E73742E6672 2706 2F43657274456E726F6C6C2F616B6B6172312E62616472612E656E73742E6672 2707 5F6361776966692E63727430290603551D2504223020060A2B0601040182370A 2708 030406082B0601050507030406082B06010505070302302F0603551D11042830 2709 26A024060A2B060104018237140203A0160C1468616A6A65684062616472612E 2710 656E73742E6672300D06092A864886F70D0101050500038201010013A233AA6E 2711 DB4282A69EF9D023D51F32FD0B97AF03C4BACD6B7ED5C155110EBACC3F0FAD6D 2712 9FDB 2713 Tx: A0120000DB // Certificate 6th and last fragment 2714 Rx: 853DEE845CC33D0E9D8ECC7514295F854D16F6409DFEB61A60C9A1EF0BC09AD3 2715 C1A93BEE546B2DF9DBAB8AD9A90AAB5CEE35FF6751275873D1C5093339B4ADEA 2716 0F40C54754DAE7461966322B5772B460B7FA2F5985D496C52CAF7456DF2D78E4 2717 DE9B1C48F2ACB987BA9BDE3D1624645330F0FBF0103C547DA547C1F03B1C2BB5 2718 CDD06D38D2ABFAFD06387235E8E49DEDCB7E2B7E80A15B1317A04ECF1ADBF475 2719 AC82D67514A6EF5EBFFAD40D5D5F7395179677703BFC3A9D34623BD28EC9186A 2720 1078130652552D5CFEF1B6CDBA5197910A4C87CAD1F92FA7EB7A0B9000 2721 EAP Support in Smartcard December 2017 2723 18 Annex 7, EAP-AKA ISO7816 APDUs Trace (T=0 Protocol) 2725 This annex gives test vectors for the EAP-AKA protocol, introduced 2726 by [EAP-AKA] 2728 // Select EAP_APPLICATION 2729 Tx: 00A40400 07 11 22 33 44 55 66 01 2730 Rx: 9000 2732 // Verify User PIN ('0000') 2733 Tx: A020000004 30303030 2734 Rx: 9000 2736 // Set-Identity ('zzz') type=AKA 2737 Tx: A0 16 00 80 03 7A 7A 7A 2738 // 90 00 2740 // EAP-Identity request 2741 Tx: A0 80 00 00 05 01 A4 00 05 01 2742 // Identity.response: anonymous@dot.com 2743 Rx: 02 A4 00 16 01 61 6E 6F 6E 79 6D 6F 75 73 40 64 6F 74 2E 63 6F 2744 6D 90 00 2746 // EAP-AKA GET AT-PERMANENT-ID-REQ: aka@dot.com 2747 Tx: A0 80 00 00 0A 01A6 000A 1705 0A01 0000 2748 Rx: 02 A6 00 16 17 05 0E 04 00 0B 61 6B 61 40 64 6F 74 2E 63 6F 6D 2749 00 90 00 2750 //================= 2751 // Milenage Values= 2752 //================= 2753 // These values are imported from 2754 // 3GPP TS 35.207 V5.0.0 (2002-06), 2755 // sections 4.3-Test set 1 and 6.3-Test set 1 2757 // K: 465b5ce8 b199b49f aa5f0a2e e238a6bc 2758 // OP: cdc202d5 123e20f6 2b6d676a c72cb318 2759 // SQN: ff9bb4d0b607 2760 // AMF: b9b9 2761 // RAND: 23553cbe 9637a89d 218ae64d ae47bf35 2763 // f1|f1*: 4A 9F FA C3 54 DF AF B3 01 CF AF 9E C4 E8 71 E9 2764 // f2/sres A5 42 11 D5 E3 BA 50 BF 2765 // f3/ck B4 0B A9 A3 C5 8B 2A 05 BB F0 D9 87 B2 1B F8 CB 2766 // f4/ik F7 69 BC D7 51 04 46 04 12 76 72 71 1C 6D 34 41 2767 // f5/ak AA 68 9C 64 83 70 2768 // f5*/ak2 45 1E 8B EC A4 3B 2769 EAP Support in Smartcard December 2017 2771 //============================= 2772 // Values for XKEY & PRF(XKEY)= 2773 //============================= 2774 // ID: 61 6B 61 40 64 6F 74 2E 63 6F 6D = aka@dot.com 2775 // IK: F7 69 BC D7 51 04 46 04 12 76 72 71 1C 6D 34 41 2776 // CK: B4 0B A9 A3 C5 8B 2A 05 BB F0 D9 87 B2 1B F8 CB 2777 // XKEY = MK = sha1(ID|IK|CK) = 2778 // C4 83 4F 21 BE AD F0 9E 7A 3B E8 17 97 5A BA 99 DD B4 0C 9A 2780 // PRF(XKEY) 2781 // K_Encr: 28 FF 32 38 42 05 6B 55 4B 85 A5 11 16 34 5A A4 2782 // K_Auth: B3 08 06 82 48 8E 68 6F AC 3E 1C F8 24 8E 73 63 2783 // MSK: BE 12 98 C0 B5 33 8C 91 D6 E1 1B 33 AE 7D 46 2D 2784 // E2 99 64 64 0C F5 05 FF 26 AE D5 98 82 2D 41 F9 2785 // 20 AF 49 FD CB 77 00 8C 2A AC DB A3 A1 AE 79 75 2786 // 20 8C 25 E5 40 17 5D 22 D5 48 0C DE 88 D7 90 33 2787 // EMSK: CD 10 C9 14 BB 54 DC 97 AE E8 96 06 67 F8 C8 59 2788 // 12 44 DF E7 BD 4A C1 B1 6E 63 1B 4D FA 5D F6 97 2789 // 4A 4C 51 F5 D8 19 FE 68 E7 37 0F 9E 47 43 9B 43 2790 // FD 6E 83 CC 35 7A 01 E7 16 57 F3 BE 6D 26 4A 2B 2792 //========================================= 2793 // Test #1 : FULL AUTHENTICATION, GOOD SQN 2794 //========================================= 2795 //AT-RAND AT-AUTN AT-MAC 2796 Tx: A0 80 00 0044 01A5 0044 17010000 01050000 23553CBE 2797 9637A89D 218AE64D AE47BF35 02050000 55F328B43577 B9B9 4A9FFAC3 2798 54DFAFB3 0B050000 C7003536 662D5201 B011F20F E5DD8CE4 2800 // AT-RES AT-MAC 2801 Rx: 02 A5 0028 17010000 03030040 A54211D5 E3BA50BF 2802 0B050000 45703D12 9567DCA9 2C9101C4 9392F267 9000 2804 // Get MSK 2805 Tx: A0 A6 00 00 40 2806 Rx: 20 AF 49 FD CB 77 00 8C 2A AC DB A3 A1 AE 79 75 20 8C 25 E5 40 2807 17 5D 22 D5 48 0C DE 88 D7 90 33 BE 12 98 C0 B5 33 8C 91 D6 E1 2808 1B 33 AE 7D 46 2D E2 99 64 64 0C F5 05 FF 26 AE D5 98 82 2D 41 2809 F9 90 00 2810 EAP Support in Smartcard December 2017 2812 //========================================== 2813 // Test #2 : FULL AUTHENTICATION, WRONG SQN 2814 //========================================== 2815 //GPP TS 33.102, Release 9 V9.2.0 (2010-03), page 23: 2816 //The AMF used to calculate MAC-S assumes a dummy value of all zeros 2817 //so that it does not need to be transmitted in the clear in the 2818 //re-synch message. 2820 Tx: A0 80 00 0044 01A5 0044 17010000 01050000 23553CBE 2821 9637A89D 218AE64D AE47BF35 02050000 55F328B43577 B9B9 4A9FFAC3 2822 54DFAFB3 0B050000 C7003536 662D5201 B011F20F E5DD8CE4 2824 // According to 3GPP TS 33.102 V6.4.0 (2005-09) 2825 // AT_AUTS = AK2+SQNms | MAC-S 2826 // MAC-S = f1*(AMF=0000,RAND,SQNms) 2827 // AK2 = f5*(RAND) 2829 // AK2 = 45 1E 8B EC A4 3B 2830 // SQNms = ff 9b b4 d0 b6 08 2831 // MAC-S = 00 10 C1 DA 38 A7 5A 31 2833 Rx: 02A50018 1704 0000 0404 BA853F3C1233 0010C1DA38A75A31 9000 2835 //========================================== 2836 // Test #3 : FULL AUTHENTICATION, WRONG MAC= 2837 //========================================== 2838 Tx: A0 80 00 0044 01A5 0044 17010000 01050000 23553CBE 2839 9637A89D 218AE64D AE47BF36 02050000 55F328B43577 B9B9 4A9FFAC3 2840 54DFAFB3 0B050000 C7003536 662D5201 B011F20F E5DD8CE4 2842 // AKA-Authentication-Reject 2843 Rx: 02 A5 0008 17020000 9000 2845 //=========================================== 2846 // Test #4 : Full Authentication + PSEUDO-ID= 2847 //=========================================== 2849 // AT-RAND AT-AUTN AT-ENCR AT-MAC 2850 // AT-ENCR: 82090000 8205000D 31323334 31323334 31323334 31000000 2851 // 06030000 00000000 00000000 2853 Tx: A0 80 00 00 7C 01A5 007C 17010000 01050000 23553CBE 9637A89D 2854 218AE64D AE47BF35 02050000 55F328B43577 B9B9 2855 4A9FFAC3 54DFAFB3 81050000 12345678 12345678 12345678 12345678 2856 82090000 819DCAF9 E851072D 660A36FB 79D96C09 6AC36F2E 58D6E32D 2857 3FC84869 9DA076D4 0B050000 B05E0FFC 0A99A434 2A2BFAD8 1900F1B3 2859 // AT-RES AT-MAC 2860 Rx: 02 A5 00 28 17010000 03030040 A54211D5 E3BA50BF 0B050000 2861 45703D12 9567DCA9 2C9101C4 9392F267 9000 2862 EAP Support in Smartcard December 2017 2864 // AT-FULLAUTH-ID-REQ = "12341234123412341@dot.com" 2865 Tx: A0 80 00 00 0C 01A6 000C 17050000 11010000 2866 Rx: 02 A6 00 24 17050000 0E070015 31323334 31323334 31323334 2867 3140646F 742E636F 6D000000 9000 2869 // AT-PERMANENT-ID-REQ = "aka@dot.com" 2870 Tx: A0 80 00 00 0C 01A6 000C 17050000 0A010000 2872 Rx: 02 A6 00 18 17050000 0E04000B 616B6140 646F742E 636F6D00 9000 2874 //=========================================== 2875 // Test #5 : Full Authentication + ReAUTH-ID= 2876 //=========================================== 2877 // AT-RAND AT-AUTN AT-ENCR AT-MAC 2878 // AT-ENCR: 82090000 8505000D 31323334 31323334 31323334 31000000 2879 // 06030000 00000000 00000000 2881 Tx: A0 80 00 00 7C 01A5 007C 17010000 01050000 23553CBE 9637A89D 2882 218AE64D AE47BF35 02050000 55F328B43577 B9B9 2883 4A9FFAC354DFAFB3 81050000 12345678 12345678 12345678 12345678 2884 82090000 49E8E4BE 42452611 89AFE3A1 E913953F 4A966DBE 53D621A8 2885 CC771072 DA7B1964 2886 0B050000 4081C920 AB6A42EB A06DD4B6 A598D741 2888 // AT-RES AT-MAC 2889 Rx: 02 A5 00 28 17010000 03030040 A5 42 11 D5 E3 BA 50 BF 2890 0B050000 45703D12 9567DCA9 2C9101C4 9392F267 9000 2892 // GET AT-ANY-ID-REQ: "1234123412341" 2893 Tx: A0 80 00 00 0C 01A6 000C 17050000 0D010000 2894 Rx: 02 A6 00 1C 17050000 0E05000D 31323334 31323334 31323334 2895 31000000 9000 2897 //============================== 2898 // Test #6: ReAUTH, GoodCounter= 2899 //============================== 2901 According to [EAP-AKA] for EAP-Response/AKA-Reauthentication, the 2902 MAC code is calculated over the following data: EAP packet | NONCE-S 2904 // XKEY' = SHA1(Identity | counter | NONCE-S | MK) 2905 // Identity = 31323334 31323334 31323334 31 2906 // Counter= 0001 2907 // NONCE-S= 12345678 12345678 12345678 12345678 2908 // MK = C4834F21BEADF09E7A3BE817975ABA99DDB40C9A 2909 // XKEY'= 7A790D9602767568BF4D9AD23C0E28F44A0A64B3 2910 // PRF(XKEY') = 2911 // C2BCFE5D383ED9C30F55B83619BF1C7A09A26320AF7F323AD9A0E58CCBE1FA7E 2912 // 6894EE064D7E38C6EBEFFE95DBEC150759B08C18B6AF02EF9D7E52A52B670E13 2913 EAP Support in Smartcard December 2017 2915 // AT-IV AT-ENCR AT-MAC 2916 // ENCR: 82090000 13010001 15050000 12345678 12345678 12345678 2917 // 12345678 85020004 31323334 2919 Tx: A080000054 01A50054 170D0000 2920 81050000 12345678 12345678 12345678 12345678 2921 82090000 99571855 2FAF6D99 57A67521 3A37A839 A76923F4 6A0040CF 2922 839AC1E4 DC8B3CDF 2923 0B050000 842D9F634BAA8D4BC10EF5A78C90F705 2925 // AT-ENCR AT-COUNTER AT-PADDING 2926 // AT_ENCR: 82040000 13010001 06030000 00000000 00000000 2928 Rx: 02A50044 170D0000 81050000 A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5 2929 82050000 C528C7A2154DF5BA6744A249557CC823 2930 0B050000 99B31F633BB5BD9399DBD2B321376258 2931 9000 2933 // Get MSK 2934 Tx: A0 A6 00 00 40 2935 Rx: 6894EE064D7E38C6EBEFFE95DBEC150759B08C18B6AF02EF9D7E52A52B670E13 2936 C2BCFE5D383ED9C30F55B83619BF1C7A09A26320AF7F323AD9A0E58CCBE1FA7E 2937 9000 2939 //============================== 2940 // Test #7: ReAUTH,WrongCounter= 2941 //============================== 2943 // AT-IV AT-ENCR AT-MAC 2944 // AT-ENCR: 82090000 13010001 15050000 12345678 12345678 12345678 2945 // 12345678 85020004 31323334 2947 Tx: A080000054 01A50054 170D0000 2948 81050000 12345678 12345678 12345678 12345678 2949 82090000 99571855 2FAF6D99 57A67521 3A37A839 A76923F4 6A0040CF 2950 839AC1E4 DC8B3CDF 2951 0B050000 842D9F634BAA8D4BC10EF5A78C90F705 2953 // AT-ENCR AT-COUNTER-TOO-SMALL AT-COUNTER AT-PADDING 2954 // AT-ENCR: 82050000 14010000 13010001 06020000 00000000 2956 Rx: 02A50044 170D0000 81050000 A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5 2957 82050000 605F0CA17BBDE27ABFF0A82D20E2B945 2958 0B050000 C79D53756722DEDC753FD0D85C1A90FD 2959 9000 2960 EAP Support in Smartcard December 2017 2962 19 IANA Considerations 2964 This draft does not require any action from IANA. 2966 20 References 2968 20.1 Normative References 2970 [RFC 3748] B. Aboba, L. Blunk, J. Vollbrecht,C. Sun, H. Levkowetz, 2971 "Extensible Authentication Protocol (EAP)", RFC 3748, June 2004 2973 [L2P] W. Townsley, A. Valencia, A. Rubens, G. Pall, G. Zorn, B. 2974 Palter "Layer Two Tunneling Protocol", RFC 2661, August 1999 2976 [TLS] T.Dierks, E. Rescorla, RFC 5246, "The TLS Protocol Version 2977 1.2", August 2008. 2979 [GSM 11.11] GSM Technical Specification GSM 11.11. Digital cellular 2980 telecommunications system (Phase 2+); Specification of the 2981 Subscriber Identity Module - Mobile Equipment (SIM - ME) 2983 [IEEE 802.11] Institute of Electrical and Electronics Engineers, 2984 "Standard for Telecommunications and Information Exchange Between 2985 Systems - LAN/MAN Specific Requirements - Part 11: Wireless LAN 2986 Medium Access Control (MAC) and Physical Layer (PHY) 2987 Specifications", IEEE Standard 802.11, 1999 2989 [IEEE 802.1X] Institute of Electrical and Electronics Engineers, 2990 "Local and Metropolitan Area Networks: Port-Based Network Access 2991 Control", IEEE Standard 802.1X, September 2001. 2993 [IEEE 802.11i] Institute of Electrical and Electronics Engineers, 2994 "Approved Draft Supplement to Standard for Telecommunications and 2995 Information Exchange Between Systems-LAN/MAN Specific Requirements - 2996 Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer 2997 (PHY) Specifications: Specification for Enhanced Security", IEEE 2998 802.11i-2004, 2004. 3000 [RFC 7542] A. DeKok, "The Network Access Identifier" RFC 7542, May 3001 2015 3003 [ASN.1] ASN.1 standard 2002 edition ISO/IEC 8825.1. 3004 http://asn1.elibel.tm.fr/en/standards/index.htm 3006 [XML] Extensible Markup Language (XML) 1.0 (Second Edition), W3C 3007 Recommendation 6 October 2000 3009 [RFC 5216] B. Aboba, D. Simon, R. Hurst, "EAP TLS Authentication 3010 Protocol" RFC 5216, March 2008. 3012 [PKCS1] "PKCS #1: RSA Encryption Standard", RSA Laboratories, 3013 EAP Support in Smartcard December 2017 3015 [PKCS6] PKCS #6: "Extended-Certificate Syntax Standard, An RSA 3016 Laboratories Technical Note", RSA Laboratories. 3018 [RFC 3748] B. Aboba, L. Blunk, J. Vollbrecht, J. C. Sun, H. 3019 Levkowetz, "Extensible Authentication Protocol (EAP)" RFC 3748, June 3020 2004 3022 [RFC 4017] D. Stanley, J. Walker, B. Aboba, "Extensible 3023 Authentication Protocol (EAP) Method Requirements for Wireless 3024 LANs", March 2005. 3026 [RFC 4137] J. Vollbrecht, P. Eronen, N. Petroni, Y. Ohba, "State 3027 Machines for Extensible Authentication Protocol (EAP)Peer and 3028 Authenticator", August 2005 3030 [EAP-SIM] H. Haverinen, J. Salowey, "Extensible Authentication 3031 Protocol Method for GSM Subscriber Identity Modules (EAP-SIM)", EAP 3032 SIM Authentication", RFC 4186, January 2006. 3034 [EAP-AKA] J. Arkko, H. Haverinen, "Extensible Authentication 3035 Protocol Method for 3rd Generation Authentication and Key Agreement 3036 (EAP-AKA)" RFC 4187, January 2006 3038 [IKEv2] C. Kaufman, P. Hoffman, Y. Nir, P. Eronen, T. Kivinen, 3039 "Internet Key Exchange (IKEv2) Protocol", RFC 7296, October 2014 3041 [IEEE 802.16-2004] IEEE Standard for Local and metropolitan area 3042 networks. Part 16: Air Interface for Fixed Broadband Wireless Access 3043 Systems - 2004 3045 [IEEE 802.16e] IEEE Standard for Local and metropolitan area 3046 networks. - Part 16: Air Interface for Fixed and Mobile 3047 Broadband Wireless Access Systems - Amendment 2: Physical and Medium 3048 Access Control Layers for Combined Fixed and Mobile Operation in 3049 Licensed Bands and Corrigendum 1, February 2006 3051 [TS 102 310] ETSI TS 102 310 V6.2.0 (2005-09) Technical 3052 Specification Smart Cards; Extensible Authentication Protocol 3053 support in the UICC(Release 6) 3055 [HOKEY-EMSK] J. Salowey, L. Dondeti, V. Narayanan, M. Nakhjiri, 3056 "Specification for the Derivation of Root Keys from an Extended 3057 Master Session Key (EMSK)", RFC 5295, August 2008 3059 [EAP-KEY] Bernard Aboba, Dan Simon, P. Eronen, H. Levkowetz, 3060 "Extensible Authentication Protocol (EAP) Key Management Framework", 3061 RFC 5247, August 2008 3062 EAP Support in Smartcard December 2017 3064 20.2 Informative References 3066 [NIST-PIV]: Special Publication 800-73-1 Interfaces for Personal 3067 Identity Verification, March 2006 3069 [EAP-SC] P.Urien, W.Habraken, D.Flattin , H.Ganem , "draft-urien- 3070 eap-smartcard-type-02.txt", October 2005 3072 [WiMAX-Forum-Stage2] "WiMAX End-to-End Network Systems Architecture 3073 (Stage 2: Architecture Tenets, Reference Model and Reference 3074 Points)" draft, august 2006 3076 [EAP-EXT] Bernard Aboba, "Extensible Authentication Protocol (EAP) 3077 Key Management Extensions", draft-aboba-eap-keying-extens-00.txt, 3078 April 2005 3080 [PEAP] Ashwin Palekar, Dan Simon, Joe Salowey, Hao Zhou, Glen 3081 Zorn,S. Josefsson, "Protected EAP Protocol (PEAP) Version 2" draft- 3082 josefsson-pppext-eap-tls-eap-10.txt, work-in-progress, October 2004. 3084 21 Authors' Addresses 3086 Pascal Urien 3087 Telecom ParisTech 3088 23 avenue d' Italie 3089 75013 Paris Phone: NA 3090 France Email: Pascal.Urien@telecom-paristech.fr 3092 Guy Pujolle 3093 LIP6 - University Paris 6 3094 4 place jussieu Phone: NA 3095 Paris 75005 France Email: Guy.Pujolle@lip6.fr