idnits 2.17.1 draft-urien-eap-smartcard-37.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 63) being 59 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 1295 has weird spacing: '...Private key ...' == Line 1296 has weird spacing: '...Private key ...' == Line 1297 has weird spacing: '... Public key...' == Line 1298 has weird spacing: '... Public key...' == Line 2353 has weird spacing: '... octets eap.r...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 2019) is 1748 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'RFC2119' is mentioned on line 25, but not defined == Missing Reference: 'EAP-TLS' is mentioned on line 200, but not defined == Missing Reference: 'IEEE-802.1X' is mentioned on line 218, but not defined == Missing Reference: 'IEEE-802.11' is mentioned on line 219, but not defined == Missing Reference: 'IEEE-802.16e' is mentioned on line 220, but not defined == Missing Reference: 'L2TP' is mentioned on line 221, but not defined -- Looks like a reference, but probably isn't: '1' on line 1966 == Missing Reference: 'FIPS' is mentioned on line 1487, but not defined == Missing Reference: 'COMMON CRITERIA' is mentioned on line 1487, but not defined -- Looks like a reference, but probably isn't: '0' on line 1962 -- Looks like a reference, but probably isn't: '2' on line 1970 -- Looks like a reference, but probably isn't: '3' on line 1974 == Unused Reference: 'L2P' is defined on line 2855, but no explicit reference was found in the text == Unused Reference: 'RFC 5216' is defined on line 2891, but no explicit reference was found in the text == Unused Reference: 'PKCS6' is defined on line 2896, but no explicit reference was found in the text == Unused Reference: 'PEAP' is defined on line 2959, but no explicit reference was found in the text -- No information found for draft-aboba-eap-keying-extens - is the name correct? Summary: 0 errors (**), 0 flaws (~~), 19 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 EAP Working Group P. Urien 3 Internet Draft Telecom ParisTech 4 Intended status: Informational G. Pujolle 5 LIP6 6 June 2019 7 Expires: December 2019 9 EAP Support in Smartcard 10 draft-urien-eap-smartcard-37.txt 12 Abstract 14 This document describes the functional interface, based on the 15 ISO7816 standard, to EAP methods, fully and securely executed in 16 smart cards. This class of tamper resistant device may deliver 17 client or server services; it can compute Root Keys from an Extended 18 Master Session Key (EMSK). 20 Requirements Language 22 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 23 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 24 document are to be interpreted as described in RFC 2119 [RFC2119]. 26 Status of this Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six 37 months and may be updated, replaced, or obsoleted by other documents 38 at any time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on December 2019. 43 Copyright Notice 45 Copyright (c) 2019 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with 53 respect to this document. 55 Table of Contents 57 Abstract........................................................... 1 58 Requirements Language.............................................. 1 59 Status of this Memo................................................ 1 60 Copyright Notice................................................... 2 61 1 Overview......................................................... 5 62 2 Relationships with RFC 3748...................................... 6 63 2.1 EAP multiplexing model...................................... 6 64 2.2 EAP smartcards.............................................. 6 65 3 Overview of EAP smartcards in the IETF context................... 7 66 3.1 Network Interface........................................... 8 67 3.2 Other services.............................................. 9 68 3.3 Out Of Band (OOB) facilities................................ 9 69 4 User's Identity.................................................. 9 70 5 EAP smartcard services.......................................... 10 71 5.1 Add-Identity............................................... 10 72 5.2 Delete-Identity............................................ 10 73 5.3 Get-Preferred-Identity..................................... 10 74 5.4 Get-Current-Identity....................................... 10 75 5.5 Get-Next-Identity.......................................... 10 76 5.6 Set-Identity............................................... 11 77 5.7 Get-Profile-Data........................................... 11 78 5.8 Process-EAP................................................ 11 79 5.9 Process-EAP-OOB............................................ 12 80 5.10 Get-Session-Key........................................... 12 81 5.11 Get-State................................................. 12 82 5.12 Reset-State............................................... 12 83 5.13 Method Functions.......................................... 13 84 5.14 Multiple EAP Identity selections.......................... 13 85 5.15 Get-Exported-Parameters................................... 13 86 5.17 Get-AMSK.................................................. 14 87 6 Client and Server facilities.................................... 15 88 7 IEEE 802.16 services............................................ 15 89 7.1 Get-Certificate............................................ 15 90 7.2 Private-Key-Decryption..................................... 16 91 8 Relationships with the Smartcard Interface Entity............... 16 92 9 ISO 7816-4 APDUs................................................ 16 93 9.1 ISO 7816 Status Word....................................... 17 94 9.2 Segmentation/Reassembly rules.............................. 17 95 9.2.1 Segmentation ........................................ 17 96 9.2.2 Reassembly .......................................... 18 97 9.3 PIN Management............................................. 18 98 9.3.1 Verify PIN .......................................... 18 99 9.3.2 Change PIN .......................................... 18 100 9.3.3 Enable PIN .......................................... 18 101 9.3.4 Disable PIN ......................................... 19 102 9.3.5 Unblock PIN ......................................... 19 103 9.4 Multi-Applications smartcard considerations................ 19 104 9.5 Add-Identity............................................... 20 105 9.6 Delete-Identity............................................ 20 106 9.7 Get-Preferred-Identity..................................... 20 107 9.8 Get-Current-Identity....................................... 20 108 9.9 Get-Next-Identity.......................................... 21 109 9.10 Get-Profile-Data.......................................... 21 110 9.11 Set-Identity.............................................. 21 111 9.12 Set-Multiple-Identity..................................... 22 112 9.13 Process-EAP............................................... 22 113 9.13.1 Standard format .................................... 22 114 9.13.2 ETSI format ........................................ 23 115 9.14 Process-EAP-OOB........................................... 24 116 9.15 Get-Session-Key........................................... 25 117 9.16 Get-Current-Version....................................... 25 118 9.17 Get-State................................................. 25 119 9.18 Reset-State............................................... 26 120 9.19 Get-Exported-Parameter.................................... 26 121 9.20 Get-AMSK.................................................. 27 122 9.21 Method Functions.......................................... 27 123 9.22 IEEE 802.16 Services...................................... 28 124 9.23 Commands summary.......................................... 29 125 10 Security Considerations........................................ 30 126 10.1 Security Claims........................................... 30 127 10.2 Smart Card Technology..................................... 30 128 10.3 Tamper Resistant Storage and Execution.................... 30 129 10.4 Multi Factor Authentication............................... 31 130 10.5 Random Number Generation.................................. 31 131 10.6 Cryptographic Capabilities................................ 31 132 10.7 Secure Provisioning....................................... 31 133 10.8 Certification............................................. 31 134 10.9 Smart Cards and EAP Security Claims....................... 32 135 10.9.1 Mutual Authentication .............................. 32 136 10.9.2 Confidentiality .................................... 32 137 10.9.3 Key Derivation ..................................... 32 138 10.9.4 Man-in-the-Middle Attacks .......................... 32 139 10.9.5 Dictionary Attacks ................................. 32 140 10.9.6 Cryptographic Binding .............................. 32 141 10.9.7 Channel Binding .................................... 33 142 10.9.8 Protection Against Rogue Networks .................. 33 143 10.9.9 Authentication Method Security ..................... 33 144 11 Intellectual Property Right Notice............................. 33 145 12 Annex 1, EAP-SIM packets details............................... 34 146 12.1 Full Authentication....................................... 34 147 12.2 Re-Authentication......................................... 35 148 13 Annex 2, EAP-MD5 packet details................................ 37 149 14 Annex 3 - TLS support.......................................... 39 150 14.1 Unix Time issue........................................... 39 151 14.2 Fragment Maximum Size..................................... 39 152 14.3 EAP/TLS messages format................................... 40 153 14.4 Example of EAP/TLS Authentication......................... 41 154 15 Annex 4 ASN.1 BER Tag coding for the subscriber profile 155 information....................................................... 41 156 15.1 ASN.1 Subscriber Profile Encoding......................... 42 157 15.1.1 EapID .............................................. 42 158 15.1.2 EapType ............................................ 42 159 15.1.3 Version ............................................ 42 160 15.1.4 User Credential .................................... 42 161 15.1.5 UserProfile ........................................ 43 162 15.1.6 UserProfile encoding example ....................... 43 163 16 Annex 5 APDUs exchange example................................. 44 164 17 Annex 6, EAP-TLS ISO7816 APDUs Trace (T=0 Protocol)............ 45 165 17.1 EAP-TLS session parameters................................ 45 166 17.1.1 CA Public Key (2048 bits) .......................... 45 167 17.1.2 Server Public Key (1024 bits) ...................... 45 168 17.1.3 Client Private Key (1024 bits) ..................... 45 169 17.2 Full EAP-TLS trace (mode 2)............................... 46 170 17.3 EAP-TLS mode1 ISO7816 trace (T=0 protocol)................ 53 171 18 Annex 7, EAP-AKA ISO7816 APDUs Trace (T=0 Protocol)............ 56 172 19 IANA Considerations............................................ 61 173 20 References..................................................... 61 174 20.1 Normative References...................................... 61 175 20.2 Informative References.................................... 63 176 21 Authors' Addresses............................................. 63 177 1 Overview 179 All wireless LAN technologies derived from IEEE 802.11 or IEEE 180 802.16 specifications need strong security protocols for data 181 privacy, integrity and network access control. 183 Standards such as [802.1X], [IEEE 802.16e], [IKEv2], require the 184 Extensible Authentication Protocol (EAP) [RFC 3748] as the framework 185 for authentication purposes, with a mutual authentication between a 186 client (supplicant, subscriber's terminal, VPN user) and an 187 authentication server (AS). 189 EAP methods MAY be implemented in smart cards. 191 This draft describes a standard interface to EAP methods embedded in 192 ISO7816 smart cards. These devices are generally considered as one 193 of the most secure computing platform. As an illustration the NIST 194 issued a set of specifications [NIST-PIV], dealing with the Personal 195 Identity Verification (PIV) integrated circuit card. 197 Annex one provides a reference example for a SIM based 198 authentication [EAP-SIM]. Annex two gives a reference example for a 199 MD5 based authentication. Annex three presents a reference example 200 for a TLS based authentication [EAP-TLS]. Annex four describes the 201 optional user's profile according to the ASN.1 [ASN.1] syntax. Annex 202 five illustrates an MD5 authentication scenario working with an EAP 203 smartcard. Annex six shows ISO 7816 data exchanges with EAP-TLS 204 smartcards. Annex seven presents ISO 7816 data exchanges with EAP- 205 AKA [EAP-AKA] smart cards. 207 2 Relationships with RFC 3748 209 2.1 EAP multiplexing model 211 According to [RFC 3748], EAP implementations conceptually consist of 212 the four following components: 214 1- Lower layer. The lower layer is responsible for transmitting and 215 receiving EAP frames between the peer and authenticator. EAP has 216 been run over a variety of lower layers including 217 - PPP; 218 - Wired IEEE 802 LANs [IEEE-802.1X]; 219 - IEEE 802.11 wireless LANs [IEEE-802.11]; 220 - IEEE 802.16e Wireless Metropolitan LANs [IEEE-802.16e]; 221 - UDP (L2TP [L2TP] and IKEv2 [IKEv2]) 223 2- EAP layer. The EAP layer receives and transmits EAP packets via 224 the lower layer; it implements duplicate detection and 225 retransmission, and delivers and receives EAP messages to and from 226 EAP methods. 228 3- EAP peer and authenticator layers. Based on the Code field, the 229 EAP layer de-multiplexes incoming EAP packets to the EAP peer and 230 authenticator layers. Typically, an EAP implementation on a given 231 host will support either peer or authenticator functionality. 233 4- EAP method. EAP methods implement the authentication algorithms 234 and receive and transmit EAP messages. Since fragmentation support 235 is not provided by EAP itself, this is the responsibility of EAP 236 methods. 238 2.2 EAP smartcards 240 An EAP smart card implements one or several EAP methods, and works 241 in cooperation with a Smartcard Interface Entity, that sends and 242 receives EAP messages to/from this device. The simplest form of this 243 interface is a software bridge that transparently forwards EAP 244 messages to smart card. 246 +-+-+-+-+-+-+ +-+-+-+-+-+-+ 247 | EAP method| | EAP method| 248 | Smartcard | | Smartcard | 249 | Client | | Server | 250 | Type = X | | Type = Y | 251 +-+-+-+-+-+-+ +-+-+-+-+-+-+ 252 ! ! 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 | Smartcard | EAP method| | EAP method | Smartcard | 255 | Interface | Type = Y | | Type = X | Interface | 256 | Entity | | | | Entity | 257 +-+-+-+-V-+-+-+-+-+-+-+-+-+ +-+-+-+-!-+-+-+-+-+-+-+-+-+ 258 | ! | | ! | 259 | EAP ! Peer Layer | | EAP ! Auth. Layer | 260 | ! | | ! | 261 +-+-+-+-!-+-+-+-+-+-+-+-+-+ +-+-+-+-!-+-+-+-+-+-+-+-+-+ 262 | ! | | ! | 263 | EAP ! Layer | | EAP ! Layer | 264 | ! | | ! | 265 +-+-+-+-!-+-+-+-+-+-+-+-+-+ +-+-+-+-!-+-+-+-+-+-+-+-+-+ 266 | ! | | ! | 267 | Lower ! Layer | | Lower ! Layer | 268 | ! | | ! | 269 +-+-+-+-!-+-+-+-+-+-+-+-+-+ +-+-+-+-!-+-+-+-+-+-+-+-+-+ 270 ! ! Authentication 271 ! Peer ! Server 272 +------------>---------------+ 274 3 Overview of EAP smartcards in the IETF context. 276 Peer-Layer Interface EAP Smartcard Exported- 277 (RFC 4137) Additional Services Parameters 279 | |Content |Security |Identity | 280 | |Mngt |Mngt |Mngt | 281 | | | | | 282 | +V+-+-+-+-+V+-+-+-+-+V+ | 283 | | EAP Smartcard | SC.Get-Exp-Param | 284 | | Method |-> Channel Binding | 285 | SC.Reset,SC.Get-State | |-> Peer-ID | 286 | MethodState ->| Secure Method |-> Server-ID | 287 | | Processing |-> Method-ID | 288 | SC.Process-EAP | | | 289 | eapReqData ->| Secure Storage of | SC.Get-Session-Key | 290 | | Method Credentials |-> MSK | 291 | | | | 292 | | Keys caching | SC.Get-AMSK | 293 | | (EMSK) |-> AMSK | 294 +-+-+-+-+-+-+-+-+-+-+-+ 295 The EAP smartcard offers four classes of services, the network 296 interface, the content management, the security management and the 297 identity management. 299 3.1 Network Interface 301 Network services comprise two kinds of functional interfaces, 302 described in [RFC 4137] and in [EAP-KEY], that we call Peer-Layer 303 and Exported-Parameters. 305 The interface between EAP methods and the Peer-Layer is introduced 306 in [RFC 4137] and comprises two main procedures: 308 - methodState() initializes a method or gets its current state. This 309 function is realized by two EAP-Smartcard procedures named SC.Reset- 310 State and SC.Get-State. 312 - eapReqData() forwards EAP messages to methods, and optionally 313 returns a response. The EAP smartcard uses the SC.Process-EAP 314 command for that purpose. 316 Upon success, the method computes a set of values, whose use is more 317 precisely defined in [EAP-KEY], and which are made available for 318 other EAP layers: 320 - The Master Session Key (MSK) used as a shared secret, involved in 321 cryptographic material generation. The SC.Get-Session-Key command 322 returns this value. 324 - An additional key, the Extended Master Session Key (EMSK), never 325 shared with a third party. This key is 'cached' by the Smartcard. 327 - Application Master Session Keys (AMSK) introduced by in [EAP-EXT] 328 and obtained through a key distribution function (KDF) using EMSK 329 and other values, as input parameters. This key is collected by the 330 SC.Get-AMSK command. 332 - Method-ID used as a unique identifier of an EAP conversation. It's 333 typically obtained by the concatenation of two random values 334 generated by server and client entities. This value is obtained via 335 the SC.Get-Exported-Parameter command. 337 - Server-ID corresponding to the identity, if any, of the server. 338 For example it's the subject field of an X.509 certificate. This 339 value is obtained via the SC.Get-Exported-Parameter command. 341 - Peer-ID used for the identity of the client, if any. It could be 342 the subject field of an X.509 certificate. This value is obtained 343 via the SC.Get-Exported-Parameter command. 345 - Channel Bindings used as elements of information, typically 346 relative to the IEEE 802.1x access point (Called-Station-Id, 347 Calling-Station-Id, NAS-Identifier, NAS IP-Address, etc.). They are 348 optionally mirrored during an EAP session, from server to client. 349 This value is obtained via the SC.Get-Exported-Parameter command. 351 3.2 Other services 353 An EAP-Smartcard has a physical interface with the EAP-Peer layer 354 and produces output values as described in the previous section. 355 However other management services are required for practical 356 reasons: 358 - Content Management. It's the set of operations needed to download 359 credentials required by a particular method (X.509 certificates, 360 cryptographic keys ...). 362 - Security Management. This service manages mechanisms (PIN codes, 363 biometric techniques ...) that restrict EAP-Smartcard use to 364 authorized bearers. 366 - Identity Management. When several methods (or instances of 367 methods) are available, this service allows selecting one of them. 369 3.3 Out Of Band (OOB) facilities 371 EAP sessions may tunnel protocols such as NAP (Network Access 372 Protection) or NAC (Network Admission Control). It is likely that 373 these transported messages will be encrypted and protected according 374 to mechanisms managed by EAP methods. 376 OOB facilities are services that enable Smartcard Interface Entities 377 to exchange OOB messages (such as NAP or NAC) tunneled by smart card 378 embedded EAP methods. 380 4 User's Identity 382 The user's identity is a pointer to a tuple of values comprising: 384 - The EAP-ID (the parameter returned in the EAP-Response Identity 385 message), 386 - The method type, 387 - Credentials (certificates, private keys, shared secrets...) 388 associated to this particular type. 390 It may be of various types: 392 - A network SSID as described in the 802.11 standard [IEEE 802.11]. 393 - A user's identifier (UserID) e.g. an ASCII string. A network 394 access identifier, NAI [RFC 7542] MAY be used as UserID. 395 - A pseudonym, i.e. a friendly name. 397 - Etc... 399 5 EAP smartcard services 401 Mandatory services MUST be implemented in any smartcard that claims 402 conformance with this draft. 404 Optional services are not required by basic authentication 405 operations. 407 Secure services MAY be protected by a PIN code. Non secure services 408 MUST be freely accessible. 410 5.1 Add-Identity 411 Status: Optional. 412 Security: Secure(ISSUER). 413 The smartcard is usually manufactured without any user's identity. 414 The personalization software or the Identity Management software, 415 assigns to the smartcard a user's identity that can be retrieved by 416 other commands. 418 5.2 Delete-Identity 419 Status: Optional 420 Security: Secure(ISSUER) 421 The smartcard contains a list of one or several user's identity 422 discovered by the Identity Management software. This command deletes 423 one entry of this list. 425 5.3 Get-Preferred-Identity 426 Status: Optional 427 Security: Non Secure. 428 The smartcard contains at least one user's identity. The Identity 429 Management software gets from the smartcard the initial and 430 preferred user's identity. If the user has more than one identity, 431 the Identity Management software uses the Get-Next-Identity to read 432 all available identities. 434 5.4 Get-Current-Identity 435 Status: Mandatory 436 Security: Non Secure 437 The smartcard contains at least one user's identity related to the 438 user's subscriptions. The Identity Management software gets from the 439 smartcard its current user's identity. 441 5.5 Get-Next-Identity 442 Status: Mandatory 443 Security: Non Secure 444 The smartcard may contain one or more user's identities according to 445 the user's subscriptions. The Identity Management software MAY 446 prompt the user's identities and a subsequent selection allows the 447 smartcard to process the appropriate EAP authentication type. The 448 Get-Next-Identity command allows the Identity Management software to 449 read all the available user's identities. 451 The Get-Next-Identity command MAY inform the Identity Management 452 software when all user's identities have been read. Otherwise the 453 Identity Management software detects the identity list end, when it 454 collects again the first identity. 456 5.6 Set-Identity 457 Status: Mandatory 458 Security: Secure(BEARER) 459 Once the Identity selection is processed, the Identity Management 460 software needs to set the smartcard EAP framework, according to the 461 selected user's identity. The Set-Identity sets the smartcard EAP 462 state machine to the NOT-AUTHENTICATED state. 464 5.7 Get-Profile-Data 465 Status: Optional 466 Security: Secure(BEARER) 467 The Identity Management software MAY request the subscriber's 468 profile information. The Get-Profile-Data returns all related 469 information available in the smartcard. Details of the subscriber's 470 profile information are given in annex 4. The implementation of the 471 information may be ruled by ASN.1 BER coding specification [ASN.1] 472 or by an XML dialect [XML]. 474 5.8 Process-EAP 475 Status: Mandatory 476 Security: Secure(BEARER) 477 The EAP process is described in the RFC 3748 specification and 478 involves several EAP requests and responses packets, 480 1) EAP request/response Identity; 481 2) A suite of EAP request/response related to a particular 482 authentication scenario; and 483 3) EAP success or failure. 485 The Set-Identity command restarts the smartcard EAP framework state 486 machine for further processing using the EAP-Packets method. 488 An incoming EAP/Request/Identity restarts the smartcard EAP 489 framework state machine for further processing using other EAP- 490 Packets methods. 492 The smartcard receives RFC 3748 packets. It retrieves the 493 appropriate EAP authentication type and its associated identifier. 495 The smartcard maintains the EAP state machine and returns an EAP NAK 496 packet if this state sequence is broken. In that case it reaches the 497 NOT-AUTHENTICATED state. 499 Any EAP request/response is silently ignored if the state machine 500 was not started. 502 The last step of the protocol retrieves the Session Key from the 503 smartcard. The smartcard reaches the AUTHENTICATED state. 505 5.9 Process-EAP-OOB 506 Status: Optional. 507 Security: Secure (BEARER) 509 EAP method may tunnel Out Of Band messages used by protocols such as 510 NAP or NAC. 512 According to [RFC 7542] an EAP packet includes a length field that 513 indicates the whole packet size. 515 OOB data are appended to EAP packets, and their optional presence is 516 implicitly notified by the use of the Process-EAP-OOB command. 518 5.10 Get-Session-Key 519 Status: Mandatory. 520 Security: Secure(BEARER) 522 At the end of a successful authentication the Smartcard Interface 523 Entity needs to update the appropriate crypto suite (if any) using 524 the master session key (MSK). 526 The Get-Session-Key returns MSK to the Smartcard Interface Entity. 528 In the 801.1X context, MSK should be interpreted as the unicast key. 530 In the 802.11i or WPA context MSK should be interpreted as the PMK 531 (Pairwise Master Key). 533 5.11 Get-State. 534 Status: Optional. 535 Security: Secure(BEARER) 537 This command returns the current smartcard state: 539 1) IDENTITY-NOT-SET, no user's identity has been selected. 540 2) AUTHENTICATING, an authentication session is in progress. 541 3) AUTHENTICATED, last authentication session was successful. 542 4) NOT-AUTHENTICATED, no authentication in progress, or last 543 authentication session failed. 545 5.12 Reset-State. 546 Status: Mandatory. 547 Security: Secure(BEARER) 548 If the current state is IDENTITY-NOT-SET, this command has no 549 effect. 551 Otherwise this command forces the EAP smartcard in the 552 AUTHENTICATING state. 554 5.13 Method Functions 555 Status: Optional. 556 Security: Secure(BEARER) 558 These facilities are dedicated to test issues and SHOULD BE 559 forbidden in operational environments. The following services MAY be 560 supported: 562 -X509 Certificate storage. 563 -Random generator. 564 -Private key encryption. 565 -Private key decryption. 566 -Public key encryption. 567 -Public key decryption. 568 -Symmetric key encryption. 569 -Symmetric key decryption. 571 5.14 Multiple EAP Identity selections 573 Status: Optional. 574 Security: Secure(BEARER) 576 Multiple EAP authentications MAY be processed simultaneously in the 577 same smartcard. If this capability is supported, the following rules 578 apply: 580 1) Multiple EAP Identities MAY be selected at the same time. 581 2) Each selected EAP identity is associated with a short (one byte) 582 identifier, returned by the Set-Identity command. 584 The Smartcard Interface Entity software MUST include this short 585 identifier when necessary, in order to inform which of the selected 586 EAP identities the command is targeted to. 588 The smartcard software MUST maintain a separate EAP state machine 589 for each of the different selected EAP identities. 591 5.15 Get-Exported-Parameters 593 Status: Optional. 594 Security: Secure(BEARER) 596 According to [EAP-KEY], EAP methods export a set of parameters that 597 MAY be used by other EAP layers. In this draft, each attribute is 598 identified by an index, and is read thanks to the Get-Exported- 599 Parameter(index) command. 601 Six indexes are defined, that are associated to the following 602 attributes: 604 Index 1: Peer-ID. 605 The peer identity authenticated by the EAP method. 607 Index 2: Server-ID: 608 It's the optional server identity, authenticated by the EAP method. 610 Index 3: Method-ID. 611 EAP method specifications deriving keys MUST specify a temporally 612 unique method identifier known as the Method-ID. 614 Index 4: Session-ID. 615 The Session-ID uniquely identifies an EAP session between an EAP 616 peer (as identified by the Peer-ID) and server (as identified by the 617 Server-ID). 619 Index 5: Key-Lifetime. 620 While EAP itself does not support key lifetime negotiation, it is 621 possible to specify methods that do. 623 Index 6: Channel Bindings. 624 Channel Bindings include lower layer parameters that are verified 625 for consistency between the EAP peer and server. In order to avoid 626 introducing media dependencies, EAP methods that transport Channel 627 Binding data MUST treat this data as opaque octets. 629 5.17 Get-AMSK 631 According to [RFC 4017] EMSK is an "additional keying material 632 derived between the EAP client and server that are exported by the 633 EAP method. The EMSK is at least 64 octets in length. The EMSK is 634 not shared with the authenticator or any other third party. The EMSK 635 is reserved for future uses that are not yet defined". 637 It has been suggested in [EAP-EXT] to derive Application-specific 638 Master Session Keys (AMSKs) from EMSK. As an illustration AMSK MAY 639 be obtained by a Key Derivation Function (KDF), such as 641 AMSK = KDF(EMSK, label, length) 643 As pointed in [HOKEY-EMSK] "Different uses for keys derived from the 644 EMSK have been proposed. Some examples include hand off across 645 access points in various mobile technologies, mobile IP 646 authentication and higher layer application authentication". This 647 document introduces Specific Root Keys (USRK), and defines a special 648 class of USRK, called a Domain Specific Root Key (DSRK); each DSRK 649 is a root key used to derive Domain Specific Usage Specific Root 650 Keys (DSUSRK). 652 EMSK 653 / \ 654 USRK DSRK 655 / \ 656 DSUSRK1 DSUSRK2 658 The USRK key derivation function is based on a pseudo random 659 function (PRF) that has the following function prototype: 661 KDF = PRF(key, data), key=EMSK 663 and DSUSRK = KDF(DSRK, key label, optional data, length) 665 In [WiMAX-Forum-Stage2] the Mobile IP Root Key (MIP-RK) is generated 666 at the EAP-Authentication Server which is collocated with the HAAA 667 and at the EAP-Peer located in the MS. 669 MIP-RK = HMAC-SHA1(EMSK, "MIP APPLICATION ROOT KEY") 671 The Get-AMSK(index, data) is a generic command, used to compute AMSK 672 key, (as defined in [HOKEY-EMSK], [WiMAX-Forum-Stage2]) identified 673 by an index and optionally associated to data, needed to its 674 calculation. 676 6 Client and Server facilities 678 EAP smartcard MAY offer two classes of services, 679 - Client smartcards process EAP requests and return EAP responses 680 - Server smartcards process EAP responses and return EAP requests 682 7 IEEE 802.16 services 684 The [IEEE 802.16] security is based on the PKM (Privacy Key 685 Management) protocol which requires, on the user's side, an X509 686 certificate and a private RSA key. 688 [IEEE 802.16e] MAY support a version of PKM, referred as PKM-EAP, 689 which at the end of authentication scenario, produces a MSK key, 690 according to [RFC 3748] 692 An IEEE 802.16 service is a couple of credentials (X509Certificate, 693 Private RSA Key), associated to a given identification label, and 694 therefore working with a particular EAP method. 696 Two services are defined. 698 7.1 Get-Certificate 699 Status: Optional. 700 Security: Secure(BEARER) 702 This command reads the X509 certificate, associated with an 703 identification label, which is either implicit or identified by an 704 index. 706 7.2 Private-Key-Decryption 708 Status: Optional. 709 Security: Secure(BEARER) 711 This command decrypts a message encrypted with the client public 712 key, according to [PKCS1]. 714 8 Relationships with the Smartcard Interface Entity. 716 The Smartcard Interface Entity is a piece of software that 717 establishes a logical bridge with smartcards. It MUST be able to 718 detect a smartcard. If the device is not present, or if it silently 719 discards an EAP message, then the Smartcard Interface Entity MUST 720 reject all incoming request messages by the NAK code. 722 9 ISO 7816-4 APDUs 724 This section of the document provides an implementation of the 725 previous descriptions for ISO 7816-4 compatible smartcards. The 726 section does not preclude of the transport protocol used between the 727 smartcard and the reader. Thus, this specification does not mandate- 728 to-implement any transport protocol such as T=0 or T=1, which are 729 not in the scope of this document. It should be noticed that all 730 values are in hexadecimal representation. 732 Annexes of this document give implementation examples. 734 Note: The class byte value defined in this section ('A0') SHALL be 735 interpreted as an implementation example. Other values MAY be used 736 respecting conventions, defined in ISO 78176-4. 738 9.1 ISO 7816 Status Word 740 According to ISO 7816, the status word SW1, SW2 is a two bytes word, 741 giving information about current operation either success or 742 failure. 744 '90' '00' indicates an operation success 745 '63' 'xx' indicates that a PIN code presentation is required, with 746 xx attempts left. 747 '9F' 'xx' indicates that xx bytes (mod 256) are ready for reading. 748 - Operation result MUST be fetched by the ISO Get Response APDU (CLA 749 = 'C0', P3= 'XX') 750 '67' 'XX' 751 - Incorrect parameter P3 752 '6B' 'XX' 753 - Incorrect parameter P1 or P2 754 '6D' 'XX' 755 - Unknown instruction code (INS) given in the command 756 '6E' 'XX' 757 - Wrong instruction class (CLA) given in the command 758 '6F' 'XX' 759 - Technical problem, not implemented... 760 '61 ''XX' 761 - Operation result MUST be fetched by the ISO Get Response APDU (CLA 762 = 'C0', P3= 'XX') 763 '6C ''XX' 764 - Operation must be performed again, with the LE parameter value 765 sets to 'XX'. 766 '70' '00' 767 - Packet silently discarded. 768 '70' '01' 769 - Authentication failure 771 9.2 Segmentation/Reassembly rules 773 9.2.1 Segmentation 775 When a command transfers a payload, whose size is greater than 255 776 bytes, the less significant bit of the P1 byte is used as a 'More' 777 flag. 779 - This bit is equal to zero for a non-fragmented payload or a last 780 fragment (More = 0 = False). 782 - This bit is set to one (More = 1 = True) for a payload fragment. 784 See annexes for examples. 786 9.2.2 Reassembly 788 - When a command reads less than 256 bytes, or in the last bloc 789 case, the returned payload ends by the 9000 Status Word. 791 - When a command returns more than 256 bytes, each payload bloc 792 (except for the last one) ends by the 9yxx Status Word, in which xx 793 indicates the length of the next bloc and y MAY have any value 794 between 1 and F. The GET (INS=C0) command (A0C00000xx) is used to 795 read the next bloc. 797 - See annexes for examples. 799 9.3 PIN Management 801 Some services require that the smartcard's bearer presents its PIN 802 code. 804 Smartcard returns the '63' 'xx' status word when it's necessary to 805 check the PIN code, before accessing to a particular service (see 806 previous section). A PIN code is typically a four/eight digits 807 decimal number, ASCII encoded, and ranging between '0000' and 808 '9999'. 810 9.3.1 Verify PIN 811 +--------+-----+----------+----+----+----+----+ 812 |Command |Class| INS | P1 | P2 | Lc | Le | 813 +--------+-----+----------+----+----+----+----+ 814 | Verify | A0 | 20 or 2A | 00 | 00 | 08 | 00 | 815 +--------+-----+----------+----+----+----+----+ 817 The ISO APDU Verify is used when a PIN code presentation is 818 required. 819 Lc is the PIN code length, typically height (or four) ASCII encoded 820 bytes. 822 9.3.2 Change PIN 824 This APDU modifies the user PIN code. 825 +--------+-----+-----+----+----+----+----+ 826 |Command |Class| INS | P1 | P2 | Lc | Le | 827 +--------+-----+-----+----+----+----+----+ 828 | Change | A0 | 24 | 00 | 00 | 10 | 00 | 829 +--------+-----+-----+----+----+----+----+ 831 The old PIN (8 bytes) and new PIN (8 bytes) are presented 833 9.3.3 Enable PIN 835 This APDU enables the user's PIN function. 837 +--------+-----+-----+----+----+----+----+ 838 |Command |Class| INS | P1 | P2 | Lc | Le | 839 +--------+-----+-----+----+----+----+----+ 840 | Enable | A0 | 26 | 00 | 00 | 08 | 00 | 841 +--------+-----+-----+----+----+----+----+ 843 The user PIN code (8 bytes) is presented. 845 9.3.4 Disable PIN 846 This APDU disables the user's PIN function. 848 +--------+-----+-----+----+----+----+----+ 849 |Command |Class| INS | P1 | P2 | Lc | Le | 850 +--------+-----+-----+----+----+----+----+ 851 | Disable| A0 | 28 | 00 | 00 | 08 | 00 | 852 +--------+-----+-----+----+----+----+----+ 854 The user PIN code is presented. 856 9.3.5 Unblock PIN 858 This APDU unblocks a smartcard, blocked after three wrong PIN code 859 presentations. 861 +--------+-----+-----+----+----+----+----+ 862 |Command |Class| INS | P1 | P2 | Lc | Le | 863 +--------+-----+-----+----+----+----+----+ 864 | Unblock| A0 | 2C | 00 | 00 | 10 | 00 | 865 +--------+-----+-----+----+----+----+----+ 867 The user PIN's code (8 bytes) and an unblock code (8 bytes) are 868 presented. 870 9.4 Multi-Applications smartcard considerations 872 A smartcard may store several applications, each of them being 873 identified by a set of bytes referred as the Application IDentifier 874 (AID). 875 The ISO APDU Select is used when it's necessary to select an 876 application, able to process one or more EAP authentication scenari. 878 +--------+-----+-----+----+----+----+----+ 879 |Command |Class| INS | P1 | P2 | Lc | Le | 880 +--------+-----+-----+----+----+----+----+ 881 | Select | 00 | A4 | 04 | 00 | xx | 00 | 882 +--------+-----+-----+----+----+----+----+ 884 Lc is the AID length. 886 According to ISO 7816-7, AID is made of two parts : 888 -RID, a mandatory 5 bytes field that identifies a company or a 889 standardization body. 890 -PIX, up to 11 bytes, which identify an application. 892 9.5 Add-Identity 894 This command stores a new identity. The identity list is managed by 895 the smartcard. The new identification label is appended as the last 896 element of the list. 898 +--------+-----+-----+----+----+----+----+ 899 |Command |Class| INS | P1 | P2 | Lc | Le | 900 +--------+-----+-----+----+----+----+----+ 901 | | A0 | 17 | 00 | 81 | xx | 00 | 902 +--------+-----+-----+----+----+----+----+ 904 9.6 Delete-Identity 906 This command deletes an identity. The command parameter gives the 907 identification label to be deleted. 909 +--------+-----+-----+----+----+----+----+ 910 |Command |Class| INS | P1 | P2 | Lc | Le | 911 +--------+-----+-----+----+----+----+----+ 912 | | A0 | 17 | 00 | 82 | xx | 00 | 913 +--------+-----+-----+----+----+----+----+ 915 9.7 Get-Preferred-Identity 917 This command returns the user's preferred identification label 919 +--------+-----+-----+----+----+----+----+ 920 |Command |Class| INS | P1 | P2 | Lc | Le | 921 +--------+-----+-----+----+----+----+----+ 922 | | A0 | 17 | 00 | 02 | 00 | XX | 923 +--------+-----+-----+----+----+----+----+ 925 9.8 Get-Current-Identity 927 This command returns user's current identification label. 929 +--------+-----+-----+----+----+----+----+ 930 |Command |Class| INS | P1 | P2 | Lc | Le | 931 +--------+-----+-----+----+----+----+----+ 932 | | A0 | 18 | 00 | AA | 00 | XX | 933 +--------+-----+-----+----+----+----+----+ 935 If "multiple EAP Identity selection" is not supported, P2 (AA value) 936 shall be set to '00'. 938 If "multiple EAP Identity selection" is supported, P2 (AA value) 939 shall indicate the short identifier associated with the selected EAP 940 identity to which the command is targeted. These short identifiers 941 are coded as described in the Set-Identity command. 943 9.9 Get-Next-Identity 945 This command returns a user's identification label. 947 +--------+-----+-----+----+----+----+----+ 948 |Command |Class| INS | P1 | P2 | Lc | Le | 949 +--------+-----+-----+----+----+----+----+ 950 | | A0 | 17 | 00 | 01 | 00 | XX | 951 +--------+-----+-----+----+----+----+----+ 953 9.10 Get-Profile-Data 955 The command returns the related subscriber profile information 956 according to the application requirements and format. Profile coding 957 rules are defined in annex 4. 959 +--------+-----+-----+----+----+----+----+ 960 |Command |Class| INS | P1 | P2 | Lc | Le | 961 +--------+-----+-----+----+----+----+----+ 962 | | A0 | 1A | 00 | AA | 00 | YY | 963 +--------+-----+-----+----+----+----+----+ 965 If "multiple EAP Identity selection" is not supported, P2 (AA value) 966 shall be set to '00'. 968 If "multiple EAP Identity selection" is supported, P2 (AA value) 969 shall indicate the short identifier associated with the selected EAP 970 identity to which the command is targeted. These short identifiers 971 are coded as described 973 9.11 Set-Identity 975 The command resets and initializes the state machine for processing 976 the EAP Packets. The first step after this command is an EAP request 977 identity packet. If a different EAP packet is sent to the smartcard 978 the smartcard returns an EAP NAK response. 980 +--------+-----+-----+----+----+----+----+ 981 |Command |Class| INS | P1 | P2 | Lc | Le | 982 +--------+-----+-----+----+----+----+----+ 983 | | A0 | 16 | 00 | 80 | XX | 00 | 984 +--------+-----+-----+----+----+----+----+ 985 9.12 Set-Multiple-Identity 987 +--------+-----+-----+----+----+----+----+ 988 |Command |Class| INS | P1 | P2 | Lc | Le | 989 +--------+-----+-----+----+----+----+----+ 990 | | A0 | 16 | 00 | 83 | XX | 00 | 991 +--------+-----+-----+----+----+----+----+ 993 The command resets and initializes the state machine for processing 994 the EAP Packets. The first step after this command is an EAP request 995 identity packet. If a different EAP packet is sent to the smartcard 996 the device returns an EAP NAK response. 998 When "multiple EAP Identity selection" is supported, then the first 999 status byte is '90' and the second one indicates the short 1000 identifier (coded in one byte) to be associated with the selected 1001 identity. 1003 9.13 Process-EAP 1005 9.13.1 Standard format 1007 The command is used for EAP packet management. The smartcard parses 1008 the EAP packet type and processes the EAP authentication according 1009 to the current state machine. 1011 +--------+-----+-----+----+----+----+----+ 1012 |Command |Class| INS | P1 | P2 | Lc | Le | 1013 +--------+-----+-----+----+----+----+----+ 1014 | | A0 | 80 | 00 | AA | XX | YY | 1015 +--------+-----+-----+----+----+----+----+ 1017 Lc indicates the ingoing EAP message length. 1018 Le indicates the outgoing EAP message length, plus an optional OOB 1019 data size 1021 The EAP request or response packets lengths are represented by the 1022 unknown value XX and YY. The Smartcard Interface Entity software 1023 should set these elements in accordance with the EAP packet types. 1025 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1026 shall be set to '00'. 1028 If "multiple EAP Identity selection" is supported, P2 (AA value) 1029 shall indicate the short identifier associated with the selected EAP 1030 identity to which the command is targeted. These short identifiers 1031 are coded as described in the Set-Identity command. 1033 Most EAP request packets will produce an EAP response packet from 1034 the smartcard. If no response is to be produced (e.g. packet 1035 silently discarded because invalid sequence) the smartcard shall 1036 inform the client software with an alert status word ('7000'). 1038 When the size of a returned EAP message is greater than the value 1039 indicated by the EAP length field, additional data should be 1040 interpreted as OOB messages. 1042 Success and failure packets do not imply any response. A success 1043 Status Word ('9000') shall be produced by the smartcard, when a 1044 "Success EAP packet" is processed. 1046 An alert status word ('7000') MAY be sent from the smartcard once a 1047 "Failure EAP packet" is received. 1049 EAP Identity packets are independent of the authentication type; 1050 this section of the document provides the packet details. The rest 1051 of the EAP packet being authentication protocol dependent, they are 1052 detailed in the informative annex of this document. 1054 The description of the EAP/Request/Identity is detailed according to 1055 the IETF RFC 3748 [1]. 1057 0 1 2 3 1058 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1059 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1060 | Request | Identifier | Length = 5 | 1061 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1062 | Type = 01 | 1063 +-+-+-+-+-+-+-+-+ 1065 The description of the EAP/Response/identity is detailed according 1066 to the IETF RFC 3748. 1068 0 1 2 3 1069 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1070 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1071 | Response | Identifier | Length | 1072 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1073 | Type = 01 | | 1074 +-+-+-+-+-+-+-+-+ | 1075 | User's Identity | 1076 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1078 9.13.2 ETSI format 1080 +--------+-----+-----+----+----+----+----+ 1081 |Command |Class| INS | P1 | P2 | Lc | Le | 1082 +--------+-----+-----+----+----+----+----+ 1083 | | A0 | 88 | 00 | vv | XX | YY | 1084 +--------+-----+-----+----+----+----+----+ 1085 The ETSI standard [TS 102 310] defines a framework for EAP support 1086 in SIM cards. EAP packets are pushed in smart cards thanks to the 1087 EAP Authenticate command. 1089 For compatibility reasons, this command MAY be supported according 1090 to the following rules : 1092 - The Class byte is set to 0xA0 1093 - The INS byte is set to 0x88 1094 - The P1 byte is set to a NULL value 1095 - The P2 byte is not interpreted 1096 - The P3 byte is the segment length 1098 The [TS 102 310] standard works with implicit segmentation 1099 mechanisms. When an EAP request is greater than the maximum ISO 7816 1100 size (255 bytes) it is fragmented in several segments whose size is 1101 less than 255. The first segment includes the packet length; 1102 therefore the transfer process is completed when the total length of 1103 exchanged data reaches this value. 1105 Here is a brief example. 1107 First Segment, A0 88 00 00 P3=FF [segment 1] 1108 Other Segment, A0 88 00 00 P3=FF [segment k] 1109 Last Segment, A0 88 00 00 P3=xx [segment n] 1111 EAP-Length = P3.1 + P3.k + P3.n 1113 9.14 Process-EAP-OOB 1115 This command has the same effects than Process-EAP, excepted that 1116 OOB data are concatenated to the incoming EAP message. 1118 +--------+-----+-----+----+----+----+----+ 1119 |Command |Class| INS | P1 | P2 | Lc | Le | 1120 +--------+-----+-----+----+----+----+----+ 1121 | | A0 | 80 | 00 | AA | XX | YY | 1122 +--------+-----+-----+----+----+----+----+ 1124 Lc indicates the ingoing EAP message length plus the OOB data size. 1125 Le indicates the outgoing EAP message length plus an optional OOB 1126 data size 1128 The EAP request or response packets lengths are represented by the 1129 unknown value XX and YY. The Smartcard Interface Entity software 1130 should set these elements in accordance with the EAP packet types. 1132 9.15 Get-Session-Key 1134 Once the state machine has received the EAP Success packet the 1135 Smartcard Interface is able to send the Master Session Key used by 1136 the 802.1X or the 802.11i specification for the crypto-suite. 1138 +--------+-----+-----+----+----+----+----+ 1139 |Command |Class| INS | P1 | P2 | Lc | Le | 1140 +--------+-----+-----+----+----+----+----+ 1141 | | A0 | A6 | 00 | AA | 00 | 40 | 1142 +--------+-----+-----+----+----+----+----+ 1144 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1145 shall be set to '00'. 1147 If "multiple EAP Identity selection" is supported, P2 (AA value) 1148 shall indicate the short identifier associated with the selected EAP 1149 identity to which the command is targeted. These short identifiers 1150 are coded as described in Set-Identity Command. 1152 9.16 Get-Current-Version 1154 This command returns the EAP protocol version. 1156 +--------+-----+-----+----+----+----+----+ 1157 |Command |Class| INS | P1 | P2 | Lc | Le | 1158 +--------+-----+-----+----+----+----+----+ 1159 | | A0 | 18 | xx | yy | 00 | 02 | 1160 +--------+-----+-----+----+----+----+----+ 1162 P1=00, EAP engine version. 1163 P1=01, selected method version. 1165 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1166 shall be set to '00'. 1168 If "multiple EAP Identity selection" is supported, P2 (AA value) 1169 shall indicate the short identifier associated with the selected EAP 1170 identity to which the command is targeted. These short identifiers 1171 are coded as described in Set-Identity Command. 1173 9.17 Get-State 1175 This command returns the current smartcard state. 1177 +--------+-----+-----+----+----+----+----+ 1178 |Command |Class| INS | P1 | P2 | Lc | Le | 1179 +--------+-----+-----+----+----+----+----+ 1180 | | A0 | 19 | 00 | AA | 00 | 01 | 1181 +--------+-----+-----+----+----+----+----+ 1182 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1183 shall be set to '00'. 1185 If "multiple EAP Identity selection" is supported, P2 (AA value) 1186 shall indicate the short identifier associated with the selected EAP 1187 identity to which the command is targeted. These short identifiers 1188 are coded as described in Set-Identity Command. 1190 Returned values: 1191 01 IDENTITY-NOT-SET, EAP messages silently discarded. 1192 02 AUTHENTICATING, Authentication in progress. 1193 03 AUTHENTICATED 1194 04 NOT-AUTHENTICATED 1196 9.18 Reset-State 1198 This command forces the EAP smartcard to the AUTHENTICATING state 1199 +--------+-----+-----+----+----+----+----+ 1200 |Command |Class| INS | P1 | P2 | Lc | Le | 1201 +--------+-----+-----+----+----+----+----+ 1202 | | A0 | 19 | 10 | AA | 00 | 00 | 1203 +--------+-----+-----+----+----+----+----+ 1205 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1206 shall be set to '00'. 1208 If "multiple EAP Identity selection" is supported, P2 (AA value) 1209 shall indicate the short identifier associated with the selected EAP 1210 identity to which the command is targeted. These short identifiers 1211 are coded as described in Set-Identity Command. 1213 Returned values: 1214 - None 1216 9.19 Get-Exported-Parameter 1218 This command read an exported parameter, identified by its index 1220 +--------+-----+-----+----+----+----+----+ 1221 |Command |Class| INS | P1 | P2 | Lc | Le | 1222 +--------+-----+-----+----+----+----+----+ 1223 | | A0 | 86 | 00 | AA | 01 | yy | 1224 +--------+-----+-----+----+----+----+----+ 1226 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1227 shall be set to '00'. 1229 If "multiple EAP Identity selection" is supported, P2 (AA value) 1230 shall indicate the short identifier associated with the selected EAP 1231 identity to which the command is targeted. These short identifiers 1232 are coded as described in Set-Identity Command. 1234 Returned value: The value of the requested parameter. 1236 9.20 Get-AMSK 1238 This command reads an AMSK key, identified by its index. An optional 1239 label may be provided for this AMSK calculation. 1241 +--------+-----+-----+----+----+----+----+ 1242 |Command |Class| INS | P1 | P2 | Lc | Le | 1243 +--------+-----+-----+----+----+----+----+ 1244 | | A0 | 88 | 00 | AA | xx | yy | 1245 +--------+-----+-----+----+----+----+----+ 1247 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1248 shall be set to '00'. 1250 If "multiple EAP Identity selection" is supported, P2 (AA value) 1251 shall indicate the short identifier associated with the selected EAP 1252 identity to which the command is targeted. These short identifiers 1253 are coded as described in Set-Identity Command. 1255 The less significant bit of P1 is used as a "More" indicator, as 1256 previously defined in 10.2. Other bits of P1 (b7...b1) represent the 1257 left shifted value of an AMSK index (a value ranging between 0 and 1258 127). 1260 Lc gives the length (in bytes) of optional data. 1262 Returned value: the value of the requested parameter. If no AMSK is 1263 available, the Le field is null. 1265 9.21 Method Functions. 1267 These facilities are available for test purposes only. They SHOULD 1268 NOT be available in operational environments. 1270 +------------+-----+----------+----+----+----+----+ 1271 | Command |Class| INS | P1 | P2 | Lc | Le | 1272 +------------+-----+----------+----+----+----+----+ 1273 | Method-FCT | A0 | 60 or 82 | zz | AA | xx | yy | 1274 +------------+-----+----------+----+----+----+----+ 1276 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1277 shall be set to '00'. 1279 If "multiple EAP Identity selection" is supported, P2 (AA value) 1280 shall indicate the short identifier associated with the selected EAP 1281 identity to which the command is targeted. These short identifiers 1282 are coded as described in Set-Identity Command. 1284 xx is the length of the input value. 1285 yy is the length of the returned value. 1287 P1 identifies a particular function, and is organized according to 1288 the following scheme: 1290 b7b6 00-Do.Final, 01-Initialize 10-More 11-Reserved 1291 b5b4 Function index 1292 b3b2b1 Function type 1293 0 X509 Certificate reading 1294 1 Random Number Generator 1295 2 Private key encryption 1296 3 Private key decryption 1297 4 Public key encryption 1298 5 Public key decryption 1299 6 Symmetric key encryption 1300 7 Symmetric key decryption 1301 b0 reserved (More bit) 1303 9.22 IEEE 802.16 Services 1305 Each EAP method MAY be associated to IEEE 802.16 services. 1307 +------------+-----+-----+----+----+----+----+ 1308 | Command |Class| INS | P1 | P2 | Lc | Le | 1309 +------------+-----+-----+----+----+----+----+ 1310 | Method-FCT | A0 | 84 | zz | AA | xx | yy | 1311 +------------+-----+-----+----+----+----+----+ 1313 If "multiple EAP Identity selection" is not supported, P2 (AA value) 1314 shall be set to '00'. If "multiple EAP Identity selection" is 1315 supported, P2 (AA value) shall indicate the short identifier 1316 associated with the selected EAP identity to which the command is 1317 targeted. These short identifiers are coded as described in Set- 1318 Identity Command. 1320 xx is the length of the input value. 1321 yy is the length of the returned value. 1323 P1 identifies a particular function, and is organized according to 1324 the following scheme: 1326 b7b6 00-Do.Final, 01-Initialize, 10-More, 11-Reserved 1327 b5b4 RFU (always 00) 1328 b3b2b1 Function type 1329 0 X509 Certificate reading 1330 3 Private key decryption 1331 b0 reserved (More bit) 1332 9.23 Commands summary. 1334 +------------------------+-----+-----+----+----+----+----+ 1335 | Command |Class| INS | P1 | P2 | Lc | Le | 1336 +------------------------+-----+-----+----+----+----+----+ 1337 | Process-EAP | A0 |80-88| 00 | ii | xx | yy | 1338 +------------------------+-----+-----+----+----+----+----+ 1339 | Process-EAP-OOB | A0 | 80 | 00 | ii | xx | yy | 1340 +------------------------+-----+-----+----+----+----+----+ 1341 | Method-FCT | A0 |60-82| zz | ii | xx | yy | 1342 +------------------------+-----+-----+----+----+----+----+ 1343 | IEEE-802.16-Services | A0 | 84 | zz | ii | xx | yy | 1344 +------------------------+-----+-----+----+----+----+----+ 1345 | Get-Exported-Parameter | A0 | 86 | 00 | ii | 01 | yy | 1346 +------------------------+-----+-----+----+----+----+----+ 1347 | Get-AMSK | A0 | 88 | zz | ii | xx | yy | 1348 +------------------------+-----+-----+----+----+----+----+ 1349 | Get-State | A0 | 19 | 00 | ii | 00 | 00 | 1350 +------------------------+-----+-----+----+----+----+----+ 1351 | Reset-State | A0 | 19 | 10 | ii | 00 | 01 | 1352 +------------------------+-----+-----+----+----+----+----+ 1353 | Get-Session-Key | A0 | A6 | 00 | ii | 00 | xx | 1354 +------------------------+-----+-----+----+----+----+----+ 1355 | Get-Profile-Data | A0 | 1A | 00 | ii | 00 | yy | 1356 +------------------------+-----+-----+----+----+----+----+ 1357 | Get-Current-Identity | A0 | 18 | 00 | ii | 00 | yy | 1358 +------------------------+-----+-----+----+----+----+----+ 1359 | Get-Next-Identity | A0 | 17 | 00 | 01 | 00 | yy | 1360 +------------------------+-----+-----+----+----+----+----+ 1361 | Get-Preferred-Identity | A0 | 17 | 00 | 02 | 00 | yy | 1362 +------------------------+-----+-----+----+----+----+----+ 1363 | Set-Identity | A0 | 16 | 00 | 80 | xx | 00 | 1364 +------------------------+-----+-----+----+----+----+----+ 1365 | Set-Multiple-Identity | A0 | 16 | 00 | 83 | xx | 00 | 1366 +------------------------+-----+-----+----+----+----+----+ 1367 | Add-Identity | A0 | 17 | 00 | 81 | xx | 00 | 1368 +------------------------+-----+-----+----+----+----+----+ 1369 | Delete-Identity | A0 | 17 | 00 | 82 | xx | 00 | 1370 +------------------------+-----+-----+----+----+----+----+ 1371 | Get-Current-Version | A0 | 18 | xx | yy | 00 | 02 | 1372 +------------------------+-----+-----+----+----+----+----+ 1373 | Verify-PIN | A0 |20-2A| 00 | 00 | 08 | 00 | 1374 +------------------------+-----+-----+----+----+----+----+ 1375 | Change-PIN | A0 | 24 | 00 | 00 | 10 | 00 | 1376 +------------------------+-----+-----+----+----+----+----+ 1377 | Enable-PIN | A0 | 26 | 00 | 00 | 08 | 00 | 1378 +------------------------+-----+-----+----+----+----+----+ 1379 | Disable-PIN | A0 | 28 | 00 | 00 | 08 | 00 | 1380 +------------------------+-----+-----+----+----+----+----+ 1381 | Unblock-PIN | A0 | 2C | 00 | 00 | 10 | 00 | 1382 +------------------------+-----+-----+----+----+----+----+ 1383 | Select-AID | A0 | A4 | 04 | 00 | xx | 00 | 1384 +------------------------+-----+-----+----+----+----+----+ 1385 | Get-Response | A0 | C0 | 00 | 00 | 00 | xx | 1386 +------------------------+-----+-----+----+----+----+----+ 1387 | FETCH | A0 | 12 | 00 | 00 | 00 | xx | 1388 +------------------------+-----+-----+----+----+----+----+ 1390 10 Security Considerations 1391 Smart cards are a highly effective means of enforcing security 1392 policies. They are typically carried by one party (the end user, 1393 such as an employee or customer) but are controlled by another party 1394 (the issuer, such as an enterprise or service provider). 1395 Applications running in the Smart Card are controlled by the issuer, 1396 and serve to protect the interests of the issuer. 1398 10.1 Security Claims 1400 Security claims expressed in this section are imported from [EAP-SC] 1402 Integrity Protection: no 1403 Replay Protection: no 1404 Confidentiality: yes (section 10.9.2) 1405 Key Derivation: yes (section 10.9.3) 1406 Key Strength: no 1407 Dictionary Attacks: yes (section 10.9.5) 1408 Fast Reconnect: no 1409 Cryptographic Binding: yes (section 10.9.6) 1410 Session Independence: no 1411 Fragmentation: no 1412 Channel Binding: yes (section 10.9.7) 1414 10.2 Smart Card Technology 1415 The Smart Card consists of a microprocessor and non-volatile memory 1416 chipset enclosed in a physically tamper resistant module. This 1417 module is then embedded in a plastic card, or the module may be 1418 integrated into an alternative form factor, such as a USB device. 1420 10.3 Tamper Resistant Storage and Execution 1421 Smart cards provide protective measures against physical and logical 1422 attacks against the processor and non-volatile memory. This enables 1423 the secure storage of end user cryptographic keys and user 1424 credentials, and secures execution of security sensitive operations 1425 such as encryption and digital signatures. 1427 The EAP-SC Authentication Method MUST store all secret cryptographic 1428 keys on the smart card in non-volatile memory. The EAP-SC 1429 Authentication Method MUST execute in the smart card all 1430 cryptographic functions that use stored secret cryptographic keys. 1431 The EAP-SC Authentication Method MUST NOT export any secret 1432 cryptographic keys from the smart card. 1434 10.4 Multi Factor Authentication 1435 Smart cards generally require a Smart Card handler to authenticate 1436 to the Smart Card in order to access data or application 1437 functionality. This makes it possible to enforce multi factor user 1438 authentication by combining something the user has (the smart card) 1439 with something the user knows (such as PIN) or is (Biometric 1440 authentication). 1442 The EAP Authentication Method MUST enforce the use of the user PIN 1443 or Biometric before user credentials may be accessed or used. 1445 10.5 Random Number Generation 1446 Smart Cards generally contain a hardware based true random number 1447 generator independent of external or internal clocks and immune to 1448 outside interferences. The quality of the hardware generator is 1449 further enhanced by logical processing to ensure excellent 1450 statistical properties; and these properties are checked regularly 1451 on-board. 1453 The EAP Authentication Method MUST use the Smart Card Random Number 1454 Generator anywhere Random Numbers are required. 1456 10.6 Cryptographic Capabilities 1457 Smart cards provide certified, built-in implementation and optimized 1458 execution of common cryptographic algorithms such as AES, DES, RSA, 1459 and ECC... 1461 The EAP Authentication Method MUST use the built-in Smart Card 1462 cryptographic capabilities for the execution of any cryptographic 1463 functionality. 1465 10.7 Secure Provisioning 1466 Smart cards provide a secure method of provisioning credentials, 1467 applications and trusted network information from the issuer or 1468 service provider to the end user, and managing this information 1469 after the card has been issued. Smart cards support automated 1470 personalization (including card initialization, loading of card data 1471 and printing) enabling issuance in very large numbers. 1473 The EAP-SC Authentication method MUST implement support for pre- 1474 issuance personalization, as for example by supporting [GLOBAL 1475 PLATFORM] or similar functionality. The EAP-SC Authentication method 1476 SHOULD implement support for post-issuance card and application 1477 management. 1479 10.8 Certification 1480 The processes for designing and manufacturing smart cards are 1481 subject to rigorous security controls. This makes possible the 1482 certification of Smart Card functionality and applications by 1483 standardization organizations. 1485 The EAP-SC Authentication method MUST be implemented on a Smart Card 1486 platform that has been evaluated for security by a standards 1487 organization program such as [FIPS] or [COMMON CRITERIA]. 1489 10.9 Smart Cards and EAP Security Claims 1491 EAP-SC enhances the security of Authentication Methods by enabling 1492 the enforcement of security policies on the End User platform. The 1493 overall security of EAP-SC is dependent on the security of the 1494 Authentication Method implemented on the Smart Card. 1496 The following section discusses certain EAP Security Claims and how 1497 they are enhanced by Smart Card security features. 1499 10.9.1 Mutual Authentication 1501 Mutual authentication processes are generally based upon the use of 1502 random numbers. Smart Cards enhance the security of these processes 1503 by providing true random number generation. 1505 10.9.2 Confidentiality 1507 Smart Cards improve the robustness of EAP messages encryption, by 1508 providing tamper resistant storage for the encryption keys and 1509 secure execution of the encryption algorithms. 1510 10.9.3 Key Derivation 1512 Smart Cards improve the confidentiality of the key derivation 1513 process by providing tamper resistant storage for the master keys 1514 and secure execution of the key derivation algorithms. 1516 10.9.4 Man-in-the-Middle Attacks 1518 Smart Cards improve security against Trojan Horse attacks by 1519 providing a logically tamper resistant environment for the full 1520 implementation of EAP methods and secure execution of the encryption 1521 algorithms. 1523 10.9.5 Dictionary Attacks 1525 Smart Cards access is commonly protected via pin codes with a 1526 limited number of retries; permanent blocking of the device is 1527 enforced when the number of retries is exceeded. This mechanism 1528 provides enhanced protection against dictionary attacks aiming at 1529 discovering passwords. 1531 10.9.6 Cryptographic Binding 1532 Smart Cards provide tamper resistant storage for cryptographic keys 1533 and secure execution of the tunnel creation algorithms thus 1534 enhancing the cryptographic binding process. 1536 10.9.7 Channel Binding 1538 Smart Cards can be used as a secure out of band distribution method 1539 for channel parameters and therefore enhance the channel binding 1540 process. 1542 10.9.8 Protection Against Rogue Networks 1544 Smart Cards facilitate the provisioning and secure storage of 1545 information about trusted parties, such as the root certificates of 1546 trusted networks. This protects the end user against rogue networks 1547 and enables the enforcement of network roaming policies. 1549 10.9.9 Authentication Method Security 1551 The overall security of EAP-SC is dependent on the encapsulated EAP- 1552 SC Authentication Method. Weaknesses in the underlying method, such 1553 as weaknesses in integrity protection, replay protection or key 1554 strength, are detrimental to the overall security. 1556 11 Intellectual Property Right Notice 1558 To be specify according to the Author and Participants. 1560 12 Annex 1, EAP-SIM packets details. 1562 The protocol implementation is out of the scope of this document but 1563 as a reference implementation this section gives details using the 1564 SIM as specified by [EAP-SIM]. This section of the document gives 1565 the APDU coding. 1567 12.1 Full Authentication 1568 The following traces illustrate a full EAP-SIM authentication 1569 scenario, as described in annex A (tests vector) of EAP-SIM [EAP- 1570 SIM] specification 1572 // select TEAPM 1573 Tx: 00A40400 10 A0 00 00 00 30 00 02 FF FF FF FF 89 31 32 38 00 1574 Rx: 90 00 1576 // Verify User PIN 1577 Tx: A0 20 00 00 04 30 30 30 30 1578 Rx: 90 00 1580 // Set-Identity ('sim') type=EAP-SIM 1581 Tx: A0 16 00 80 03 73 69 6D 1582 Rx: 90 00 1584 // Identity request 1585 Tx: A0 80 00 00 05 01A4 0005 01 1586 Rx: 61 16 1588 Tx: A0 C0 00 00 16 1589 // Identity.response: anonymous@dot.com 1590 Rx: 02 A4 00 16 01 61 6E 6F 6E 79 6D 6F 75 73 40 64 1591 6F 74 2E 63 6F 6D 1592 90 00 1594 // SIM-START.request AT-VERSION AT-PERMANENT 1595 Tx: A0 80 00 00 14 01A6 0014 120a0000 0f02000200010000 0A010000 1596 Rx: 61 40 1598 Tx: A0C0 0000 40 1599 // SIM-START.response AT-IDENTITY AT-SELECTED-VERSION AT-NOUNCE 1600 Rx: 02 A6 00 40 0C 0A 00 00 0E 08 00 1B 31 32 34 34 1601 30 37 30 31 30 30 30 30 30 30 30 31 40 65 61 70 1602 73 69 6D 2E 66 6F 6F 00 07 05 00 00 01 02 03 04 1603 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 10 01 00 01 1605 // EAP-Request/SIM/Challenge - first fragment 1607 Tx: A0 80 01 00 C8 01 02 01 18 12 0b 00 00 01 0d 00 1608 00 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1609 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 1610 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 1611 3f 81 05 00 00 9e 18 b0 c2 9a 65 22 63 c0 6e fb 1612 54 dd 00 a8 95 82 2d 00 00 55 f2 93 9b bd b1 b1 1613 9e a1 b4 7f c0 b3 e0 be 4c ab 2c f7 37 2d 98 e3 1614 02 3c 6b b9 24 15 72 3d 58 ba d6 6c e0 84 e1 01 1615 b6 0f 53 58 35 4b d4 21 82 78 ae a7 bf 2c ba ce 1616 33 10 6a ed dc 62 5b 0c 1d 5a a6 7a 41 73 9a e5 1617 b5 79 50 97 3f c7 ff 83 01 07 3c 6f 95 31 50 fc 1618 30 3e a1 52 d1 e1 0a 2d 1f 4f 52 26 da a1 ee 90 1619 05 47 22 52 bd b3 b7 1d 6f 0c 3a 34 90 1620 Rx: 90 00 1622 // EAP-Request/SIM/Challenge - second and last fragment 1624 Tx: A0 80 00 00 50 31 6c 46 92 98 71 bd 45 cd fd bc 1625 a6 11 2f 07 f8 be 71 79 90 d2 5f 6d d7 f2 b7 b3 1626 20 bf 4d 5a 99 2e 88 03 31 d7 29 94 5a ec 75 ae 1627 5d 43 c8 ed a5 fe 62 33 fc ac 49 4e e6 7a 0d 50 1628 4d 0b 05 00 00 fe f3 24 ac 39 62 b5 9f 3b d7 82 1629 53 ae 4d cb 6A 1630 Rx: 61 1C 1631 Tx: 0C0 0000 1C 1633 // EAP-Response/SIM/Challenge 1634 Rx: 02 02 00 1C 12 0B 00 00 0B 05 00 00 F5 6D 64 33 1635 E6 8E D2 97 6A C1 19 37 FC 3D 11 54 1636 90 00 1638 // EAP Success 1639 Tx: A0 80 00 00 04 03 02 00 04 1640 Rx: 90 00 1642 // Reading MSK and EMSK keys. 1643 Tx: A0 A6 00 00 80 1644 Rx: 39 d4 5a ea f4 e3 06 01 98 3e 97 2b 6c fd 46 d1 1645 c3 63 77 33 65 69 0d 09 cd 44 97 6b 52 5f 47 d3 1646 a6 0a 98 5e 95 5c 53 b0 90 b2 e4 b7 37 19 19 6a 1647 40 25 42 96 8f d1 4a 88 8f 46 b9 a7 88 6e 44 88 1648 59 49 ea b0 ff f6 9d 52 31 5c 6c 63 4f d1 4a 7f 1649 0d 52 02 3d 56 f7 96 98 fa 65 96 ab ee d4 f9 3f 1650 bb 48 eb 53 4d 98 54 14 ce ed 0d 9a 8e d3 3c 38 1651 7c 9d fd ab 92 ff bd f2 40 fc ec f6 5a 2c 93 b9 1652 9000 1654 12.2 Re-Authentication 1655 The following traces illustrate a EAP-SIM Re-Authentication 1656 scenario, as described in annex A (tests vector) of EAP-SIM [EAP- 1657 SIM] specification 1659 //Identity request 1660 Tx: A0 80 00 00 14 01 A5 00 05 01 1661 RX: 61 56 1662 // PSEUDONYM 1664 Tx: A0 C0 00 56 1665 Rx: 02 00 00 56 01 59 32 34 66 4e 53 72 7a 38 42 50 1666 32 37 34 6a 4f 4a 61 46 31 37 57 66 78 49 38 59 1667 4f 37 51 58 30 30 70 4d 58 6b 39 58 4d 4d 56 4f 1668 77 37 62 72 6f 61 4e 68 54 63 7a 75 46 71 35 33 1669 61 45 70 4f 6b 6b 33 4c 30 64 6d 40 65 61 70 73 1670 69 6d 2e 66 6f 1671 90 00 1673 // SIM-START.request AT-VERSION AT-ANY-ID-REQ 1674 Tx: A0 80 00 00 14 01A6 0014 120a0000 0f02000200010000 0D01 0000 1675 Rx: 61 60 1676 Tx: A0 C0 00 00 60 1677 Rx: 02 A6 00 60 12 0A 00 00 0E 16 00 51 59 32 34 66 1678 4E 53 72 7A 38 42 50 32 37 34 6A 4F 4A 61 46 31 1679 37 57 66 78 49 38 59 4F 37 51 58 30 30 70 4D 58 1680 6B 39 58 4D 4D 56 4F 77 37 62 72 6F 61 4E 68 54 1681 63 7A 75 46 71 35 33 61 45 70 4F 6B 6B 33 4C 30 1682 64 6D 40 65 61 70 73 69 6D 2E 66 6F 6F 00 00 00 1683 90 00 1685 // EAP-Request/SIM/Re-authentication 1686 Tx: A0 80 00 00 A4 01 01 00 a4 12 0d 00 00 81 05 00 1687 00 d5 85 ac 77 86 b9 03 36 65 7c 77 b4 65 75 b9 1688 c4 82 1d 00 00 68 62 91 a9 d2 ab c5 8c aa 32 94 1689 b6 e8 5b 44 84 6c 44 e5 dc b2 de 8b 9e 80 d6 9d 1690 49 85 8A 5d b8 4c dc 1c 9b c9 5c 01 b9 6b 6e ca 1691 31 34 74 ae a6 d3 14 16 e1 9d aa 9d f7 0f 05 00 1692 88 41 ca 80 14 96 4d 3b 30 a4 9b cf 43 e4 d3 f1 1693 8e 86 29 5a 4a 2b 38 d9 6c 97 05 c2 bb b0 5c 4A 1694 ac e9 7d 5e af f5 64 04 6c 8b d3 0b c3 9b e5 e1 1695 7a ce 2b 10 a6 0b 05 00 00 48 3a 17 99 b8 3d 7c 1696 d3 d0 a1 e4 01 d9 ee 47 70 1697 Rx: 61 44 1699 Tx: A0 C0 00 00 44 1701 // EAP-Response/SIM/Re-authentication 1702 Rx: 02 01 00 44 12 0D 00 00 81 05 00 00 CD F7 FF A6 1703 5D E0 4C 02 6B 56 C8 6B 76 B1 02 EA 82 05 00 00 1704 B6 ED D3 82 79 E2 A1 42 3C 1A FC 5C 45 5C 7D 56 1705 0B 05 00 00 FA F7 6B 71 FB E2 D2 55 B9 6A 35 66 1706 C9 15 C6 17 1707 90 00 1709 // EAP Success 1710 Tx: A0 80 00 00 04 03 01 00 04 1711 Rx: 90 00 1712 // Get MSK 1713 Tx: A0 A6 00 00 40 1714 RX: 6263f614 973895e1 335f7e30 cff028ee 1715 2176f519 002c9abe 732fe0ef 00cf167c 1716 756d9e4c ed6d5ed6 40eb3fe3 8565ca07 1717 6e7fb8a8 17cfe8d9 adbce441 d47c4f5e 1718 90 00 1720 13 Annex 2, EAP-MD5 packet details 1722 The first EAP packet is the EAP Request Identity. This initial 1723 packet format complies with the RFC 3748. The smartcard returns an 1724 EAP response identity according to the NAI length. 1726 +--------+-----+-----+----+----+----+----+ 1727 |Command |Class| INS | P1 | P2 | Lc | Le | 1728 +--------+-----+-----+----+----+----+----+ 1729 | | A0 | 80 | 00 | 00 | 05 | YY | 1730 +--------+-----+-----+----+----+----+----+ 1732 The description of the EAP/Request/identity is detailed according to 1733 the [RFC 3748]. 1735 0 1 2 3 1736 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1737 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1738 | Request | Identifier | Length = 5 | 1739 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1740 | Type = 01 | 1741 +-+-+-+-+-+-+-+-+ 1743 The description of the EAP/Response/identity is detailed according 1744 to [RFC 3748]. 1746 0 1 2 3 1747 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1748 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1749 | Response | Identifier | Length | 1750 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1751 | Type = 01 | | 1752 |-+-+-+-+-+-+-+-+ Identity Value | 1753 | | 1754 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1756 The second EAP Packet is the EAP/request/MD5/challenge as 1757 represented in [RFC 3748]. 1759 +--------+-----+-----+----+----+----+----+ 1760 |Command |Class| INS | P1 | P2 | Lc | Le | 1761 +--------+-----+-----+----+----+----+----+ 1762 | | A0 | 80 | 00 | 00 | XX | 16 | 1763 +--------+-----+-----+----+----+----+----+ 1764 The description of the EAP/Request/MD5/challenge is detailed 1765 according to [RFC 3748]. 1767 0 1 2 3 1768 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1769 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1770 | Request | Identifier | Length | 1771 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1772 | Type = 04 | | 1773 |-+-+-+-+-+-+-+-+ MD5-Challenge.Value | 1774 | | 1775 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1777 The description of the EAP/Response/MD5/challenge is detailed 1778 according to [RFC 3748]. 1780 0 1 2 3 1781 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1782 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1783 | Response | Identifier | Length = 16 | 1784 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1785 | Type = 04 | Type_Size=10 | | 1786 |-+-+-+-+-+-+-+-+---------------+ MD5 Digest Value | 1787 | | 1788 | | 1789 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1791 The third EAP Packet is the EAP success notification as represented 1792 in the IETF RFC 3748 [1]. 1793 +--------+-----+-----+----+----+----+----+ 1794 |Command |Class| INS | P1 | P2 | Lc | Le | 1795 +--------+-----+-----+----+----+----+----+ 1796 | | A0 | 80 | 00 | 00 | 04 | 00 | 1797 +--------+-----+-----+----+----+-- -+----+ 1799 0 1 2 3 1800 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1801 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1802 | Success | Identifier | Length = 04 | 1803 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1805 Further information can be retrieved from [RFC 3748]. 1807 14 Annex 3 - TLS support. 1809 EAP-TLS smartcards securely store at least the following items 1810 - Client X509 certificate 1811 - Client Private RSA Key 1812 - Certification Authority Public Key 1814 14.1 Unix Time issue. 1816 As mentioned in [TLS] TLS RFC the client hello message includes a 32 1817 byte random number, whose first 4 bytes are interpreted as the Unix 1818 Time. As smartcard is not able to maintain a clock, this parameter 1819 MUST be added to the EAP-TLS Start message by the Smartcard 1820 Interface. 1822 +--------+-----+-----+----+----+----+----+ 1823 |Command |Class| INS | P1 | P2 | Lc | Le | 1824 +--------+-----+-----+----+----+----+----+ 1825 | | A0 | 80 | 00 | 00 | 0A | YY | 1826 +--------+-----+-----+----+----+----+----+ 1828 0 1 2 3 1829 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1830 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1831 | Code=01 | Identifier | Length = 6 | 1832 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1833 | Type = 13 | Flag=20 | Unix Time | 1834 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1835 | Unix Time | 1836 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1838 14.2 Fragment Maximum Size. 1840 A single TLS record may be up to 16384 octets in length, but a TLS 1841 message may span multiple TLS records, and a TLS certificate message 1842 may in principle be as long as 16MB. The group of EAP-TLS messages 1843 sent in a single round may thus be larger than the maximum RADIUS 1844 packet size of 4096 octets, or the maximum 802 LAN frame size. 1846 The chaining and extended length mechanisms identified in this 1847 document provide enough extension to manage incoming and outgoing 1848 EAP-TLS packets. Then, authenticator shall not necessary follow a 1849 specific fragment policy regarding whether EAP-TLS is provided by 1850 the smartcard or not. 1852 However, in order to prevent multiple segmentation and re-assembly 1853 operations, the maximum EAP message length of no fragmented packets 1854 issued by smartcard SHALL be set to an adapted value. 1856 As defined in EAP-TLS, when the smartcard receives an EAP-Request 1857 packet with the M bit set, it MUST respond with an EAP-Response with 1858 EAP-Type=EAP-TLS and no data. This serves as a fragment ACK. 1860 14.3 EAP/TLS messages format. 1862 0 1 2 3 1863 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1864 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1865 | Code | Identifier | Length <= 240 | 1866 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1867 | Type = 13 | Flag | TLS Message Length | 1868 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1869 | TLS Message Length | TLS DATA | 1870 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1871 | | 1872 | | 1873 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1875 Flags 1876 0 1 2 3 4 5 6 7 1877 +-+-+-+-+-+-+-+-+ 1878 |L M S R R R R R| 1879 +-+-+-+-+-+-+-+-+ 1880 L = Length included. 1881 M = More fragments 1882 S = EAP-TLS start, set in an EAP-TLS Start message. 1883 R = Reserved 1884 14.4 Example of EAP/TLS Authentication 1886 Smartcard Authentication Server 1887 <- EAP-Request/ 1888 Identity 1889 EAP-Response/ 1890 Identity (MyID) -> 1891 <- EAP-Request/ 1892 EAP-Type=EAP-TLS 1893 (TLS Start) 1894 EAP-Response/ 1895 EAP-Type=EAP-TLS 1896 TLS client_hello)-> 1897 <- EAP-Request/ 1898 EAP-Type=EAP-TLS 1899 (TLS server_hello, 1900 TLS certificate, 1901 TLS certificate_request, 1902 TLS server_hello_done) 1903 (Fragment 1: L, M bits set) 1904 EAP-Response/ 1905 EAP-Type=EAP-TLS -> 1906 <- PPP EAP-Request/ 1907 EAP-Type=EAP-TLS 1908 (Fragment 2) 1910 EAP-Type=EAP-TLS 1911 (TLS certificate, 1912 TLS client_key_exchange, 1913 TLS certificate_verify, 1914 TLS change_cipher_spec, 1915 TLS finished) -> 1916 <- EAP-Request/ 1917 EAP-Type=EAP-TLS 1918 (TLS change_cipher_spec, 1919 TLS finished) 1920 EAP-Response/ 1921 EAP-Type=EAP-TLS -> 1922 <- EAP-Success 1924 15 Annex 4 ASN.1 BER Tag coding for the subscriber profile information 1926 The subscriber profile is a collection of data associated to every 1927 identity. It can be used be the operating system of a wireless 1928 terminal in order to get information about user credentials. 1930 Various information MAY be also available. 1932 15.1 ASN.1 Subscriber Profile Encoding 1934 15.1.1 EapID 1936 EapID ::= OCTET STRING 1938 The EAP-ID associated to the current identity. 1940 15.1.2 EapType 1942 EapType ::= INTEGER 1944 The EAP type associated to the current identity. 1946 15.1.3 Version 1948 Version ::= INTEGER 1950 The protocol version associated to an EAP type. 1952 15.1.4 User Credential 1954 UserCredential ::= SEQUENCE OF CredentialObject 1956 CredentialObject ::= SEQUENCE { 1957 ObjectValue SubscriberInformation 1958 } 1960 SubscriberInformation ::= CHOICE { 1962 SSIDList [0] IMPLICIT SEQUENCE OF { 1963 SSIDName OCTET STRING 1964 }, 1966 SubscriberCertificate [1] IMPLICIT SEQUENCE OF { 1967 Certificate X509Certificate 1968 }, 1970 RootCertificate [2] IMPLICIT SEQUENCE OF { 1971 Certificate X509Certificate 1972 } 1974 UserData [3] IMPLICIT SEQUENCE OF { 1975 { SubscriberFile UserFile 1976 } 1978 UserFile SEQUENCE OF { 1979 Name OCTET STRING, 1980 Value BIT STRING Value 1981 } 1982 X509Certificate an ASN.1 definition, as described in [PKCS#6]. 1983 15.1.5 UserProfile 1985 UserProfile ::= SEQUENCE { 1986 ThisEapID EapID, 1987 ThisEapType EapType, 1988 ThisVersion Version, 1989 ThisCredential UserCredential 1990 } 1992 15.1.6 UserProfile encoding example 1994 30 82 xx yy 1995 04 05 31 32 33 34 35 EapID = 1235 1996 02 01 0D EapType = EAP-TLS 1997 02 01 01 Version = 1 1998 30 xx 1999 A0 0E 2000 04 05 61 62 63 64 65 SSID = abcde 2001 04 05 66 67 68 69 6A SSID = fghij 2002 A1 82 xx yy 2003 First X509Certificate 2004 Second X509Certificate 2005 A2 82 xx yy 2006 First Root X509Certificate 2007 Second Root X509Certificate 2008 A3 82 xx yy 2009 30 82 zz tt 2010 04 05 61 62 63 64 65 // Name = abcde 2011 03 82 zz tt 2012 File content 2013 16 Annex 5 APDUs exchange example 2015 This annex shows ISO 7816 (T=0) TPDUs exchanged between the 2016 smartcard and the authentication agent 2018 // Select EAP application (AID= 11 22 33 44 55 66 01) 2019 Select.request: 00 A4 04 00 07 11 22 33 44 55 66 01 2020 Select.response: 90 00 2022 // Get current identity 2023 Get-Current-Identity.request: A0 18 00 00 00 2024 Get-Current-Identity.response 63 03 2025 // !Pin code is requested 2027 // PIN code verification (0000) 2028 Verify.request: A0 20 00 00 08 30 30 30 30 FF FF FF FF 2029 Verify.response: 90 00 2031 // Try again 2032 Get-Current-Identity.request: A0 18 00 00 00 2033 Get-Current-Identity.response: 6C 04 2034 Get-Current-Identity.request A0 18 00 00 04 2035 Get-Current-Identity.response: 61 62 63 64 90 00 2037 // Get-Next-Identity() 2038 Get-Next-Identity.request: A0 17 00 01 00 2039 Get-Next-Identity.response: 6C 04 2040 Get-Next-Identity.request: A0 17 00 01 04 2041 Get-Next-Identity.response: 61 62 63 64 90 00 2043 // Set-Identity() 2044 Set-Identity.request: A0 16 00 80 04 61 62 63 64 2045 Set-Identity.response: 90 00 2047 // Process EAP-Packets() 2048 EAP-Packet.request: A0 80 00 00 05 01 A5 00 05 01 2049 EAP-Packet.response: 61 09 2050 GetResponse.request: A0 C0 00 00 09 2051 GetResponse.response: 02 A5 00 09 01 61 62 63 64 90 00 2052 EAP-Packet.request A0 80 00 00 08 01 A6 00 08 04 02 12 34 2053 EAP-Packet.response: 61 16 2054 GetResponse.request: A0 C0 00 00 16 2055 GetResponse.response: 02 A6 00 16 04 10 CF A5 2D CD 63 5F 5C 6D 2056 55 B8 09 FD B7 BB EC 3C 90 00 2057 17 Annex 6, EAP-TLS ISO7816 APDUs Trace (T=0 Protocol) 2059 17.1 EAP-TLS session parameters 2061 17.1.1 CA Public Key (2048 bits) 2063 modulus: 2064 00:a5:62:a0:41:52:9a:ec:8e:27:24:a1:0c:a2:45: 2065 68:e3:ed:bd:3d:64:9a:7c:c2:74:5a:e2:60:fa:ac: 2066 6d:0f:dd:4c:45:ce:9d:b9:74:4e:35:fd:74:cd:13: 2067 63:dd:dc:ce:19:25:b9:d7:06:31:13:d7:ea:1e:54: 2068 1a:07:36:eb:97:2f:88:19:58:c5:76:ec:f9:b3:71: 2069 66:fa:3a:4e:94:f9:04:98:ff:b0:7f:b0:dc:af:c3: 2070 c8:a6:35:3d:ab:d4:67:07:ff:c6:e8:f0:03:a5:f1: 2071 5b:00:c8:8f:36:a1:f3:88:e8:23:f1:04:c6:d4:26: 2072 af:37:ad:a2:54:83:ab:13:56:83:8e:6f:b4:3a:d3: 2073 63:95:00:ad:ec:57:5d:95:2d:01:f5:7b:ae:6c:b6: 2074 43:4b:da:2b:e1:ed:f4:ab:e1:75:27:0f:2e:06:5c: 2075 42:30:b4:5e:06:59:58:e4:4b:b6:0e:ba:71:d6:1c: 2076 a0:70:ac:b1:2c:b2:fe:6b:7d:d8:42:1d:45:9d:d5: 2077 4a:62:06:2e:e2:dc:88:5b:8b:72:45:ac:e1:24:ea: 2078 08:66:30:5f:8c:e6:52:12:37:70:04:b0:37:5c:09: 2079 1e:3b:d4:97:0c:9b:41:3f:86:08:d7:db:19:cb:07: 2080 a3:b9:cb:75:49:99:dc:20:cd:f0:db:52:19:4b:15: 2081 f1:6d 2082 publicExponent: 65537 (0x10001) 2084 17.1.2 Server Public Key (1024 bits) 2085 modulus: 2086 00:bc:67:01:3c:b9:15:ec:12:81:e6:5a:4d:af:49: 2087 80:1d:db:6d:5c:f3:0c:fd:2f:f6:3f:5d:37:79:29: 2088 c7:39:1b:fd:76:6f:67:dd:0f:e9:e8:42:51:43:ba: 2089 46:ae:95:ff:76:91:9f:30:a3:9c:45:9a:22:f2:2b: 2090 75:66:52:97:95:c3:2f:ee:7d:cf:c9:dc:de:11:69: 2091 a3:46:ef:e8:25:24:62:14:df:02:2b:ad:f9:83:b9: 2092 3c:bb:a8:1c:44:c1:5a:11:39:70:1b:69:f9:95:4c: 2093 9b:d2:fd:fa:1a:e4:01:e3:bd:6f:d0:6c:f5:85:41: 2094 3c:28:ae:80:2b:46:70:a8:f3 2095 publicExponent: 65537 (0x10001) 2097 17.1.3 Client Private Key (1024 bits) 2098 modulus: // N 2099 00:de:7d:0e:f5:1d:17:16:c0:6f:51:b0:4c:ef:2e: 2100 c6:ca:f4:d8:66:01:bc:7b:21:12:37:ce:dc:61:72: 2101 f3:c8:ff:83:5c:2f:f5:2b:f8:f0:0f:bd:89:86:6a: 2102 3f:c2:8b:3b:bd:c7:98:fd:4b:1d:67:8f:85:66:12: 2103 74:6f:64:74:d0:31:07:46:04:ba:b1:74:70:b1:fc: 2104 d9:42:44:f8:97:c2:74:b9:45:5c:84:15:33:ec:4a: 2105 cb:41:d2:6e:7c:6d:bd:bc:cd:3e:64:ff:8f:33:63: 2106 fe:06:55:69:96:c6:96:fa:17:db:f8:7f:eb:5b:fe: 2107 00:3e:d1:8e:42:83:62:be:c3 2108 publicExponent: 65537 (0x10001) 2109 privateExponent: 2110 00:9f:ad:4b:5d:d9:79:e7:a7:46:7d:6f:35:57:f7: 2111 cf:4e:7b:f9:0f:04:b1:fc:00:99:2d:9a:76:0a:2e: 2112 51:0e:71:6b:1a:6f:84:db:01:37:71:64:8b:5d:ff: 2113 c5:30:df:72:89:da:c5:4f:0c:68:d7:19:67:19:01: 2114 a7:b5:06:78:da:57:2f:2f:f6:c5:ce:75:b7:ca:9d: 2115 b2:f8:5a:62:27:40:b2:5c:42:f3:78:fd:42:f6:1a: 2116 56:44:a3:42:94:24:f6:37:53:fc:78:42:06:8a:1a: 2117 0b:43:cf:f8:92:60:8d:10:61:2c:ff:d3:79:ba:78: 2118 ed:f7:28:fb:61:dc:88:37:91 2119 prime1: // P 2120 00:fc:30:c8:10:41:80:f7:f2:1a:0c:28:2b:58:a0: 2121 44:3e:01:13:91:66:4f:96:27:0e:c3:0a:4f:58:b5: 2122 73:9a:3c:7a:fa:b9:19:8f:2b:32:8b:c8:bf:6c:77: 2123 b3:4d:e5:71:80:e5:74:9a:76:a5:c0:41:14:81:76: 2124 e0:9b:46:bd:db 2125 prime2: // Q 2126 00:e1:d9:6b:5e:41:2d:3e:b9:2a:a8:6b:6e:d0:fc: 2127 aa:b1:df:a7:4e:90:8d:11:54:7c:0d:ea:64:d5:f5: 2128 c1:d1:2b:02:77:b2:d2:6e:d8:93:56:ad:ee:ca:5a: 2129 c0:92:64:4b:b8:d8:f4:a2:8c:f0:18:17:64:51:0b: 2130 db:04:f3:3b:39 2131 exponent1: // DP1 2132 00:db:27:a9:34:37:38:54:3f:d7:d2:e8:b5:82:77: 2133 03:d6:be:28:bb:1a:25:df:5e:61:bd:ac:9f:f7:7e: 2134 f7:ce:f8:f0:06:22:04:cc:1d:c5:f7:23:a4:f6:25: 2135 af:73:ea:08:10:f3:55:b9:45:92:14:d8:79:71:68: 2136 55:17:9b:0a:31 2137 exponent2: // DQ1 2138 37:87:0e:27:d9:5c:77:6c:6d:39:85:58:74:97:7a: 2139 9c:4b:01:c6:86:31:b8:ce:0d:c6:1a:17:fa:a6:f6: 2140 a5:27:ae:ee:a1:0f:ad:e3:1f:ae:93:0a:ff:c3:7a: 2141 4f:43:cb:7e:42:11:3b:99:ed:39:ef:1e:61:f2:c9: 2142 41:99:4f:b9 2143 coefficient: //PQ 2144 5f:88:21:11:1f:0d:f0:cd:56:47:4f:1f:64:81:0e: 2145 d1:02:eb:39:42:01:c7:e4:4b:b6:31:65:2a:fd:51: 2146 11:1f:cd:3a:68:d4:e8:3c:4e:47:c1:ce:76:6b:2b: 2147 52:bd:76:dd:71:81:76:0f:69:9a:94:c3:41:3a:2e: 2148 c9:47:3c:e5 2150 17.2 Full EAP-TLS trace (mode 2) 2152 // TLS-START + GMT-UNIX-TIME 2153 Tx: A080000000A 011400060D20 3FAA2B6A 2154 Rx: 6150 2156 Tx: A0C0000050 // Read Client Hello 2157 Rx: 021400500D800000004616030100410100003D03013FAA2B6A08BDD285B43D1F 2158 3BC9715FC9F85FC453FE58F3A9E07FF397CD65392200001600040005000A0009 2159 006400620003000600130012006301009000 2161 // Forward Server_Hello frag#1 1396 octets, total size = 4710 octets 2162 // eap.request#15 2164 Tx: A0800100F0011505740DC00000126616030112610200004603013FAA2B9BCC3D 2165 6179E2D7E78460A2596342C5014289B753209CA02A31DEDB9142206124000089 2166 2B16D27FEBD10B93D1EFC224C322B69B994C1A8FB2B5BD4094861A0004000B00 2167 05A80005A50005A23082059E30820486A003020102020A613116E50000000000 2168 03300D06092A864886F70D0101050500305231123010060A0992268993F22C64 2169 01191602667231143012060A0992268993F22C6401191604656E737431153013 2170 060A0992268993F22C64011916056261647261310F300D060355040313066361 2171 77696669301E170D3033313030323135323331345A 2172 Rx: 9000 2174 Tx: A0800100F0170D3035313030313135323331345A3066310B3009060355040613 2175 024652311630140603550408130D696C65206465206672616E6365310E300C06 2176 0355040713057061726973310D300B060355040A1304656E7374310F300D0603 2177 55040B1306696E66726573310F300D06035504031306616B6B61723130819F30 2178 0D06092A864886F70D010101050003818D0030818902818100BC67013CB915EC 2179 1281E65A4DAF49801DDB6D5CF30CFD2FF63F5D377929C7391BFD766F67DD0FE9 2180 E8425143BA46AE95FF76919F30A39C459A22F22B7566529795C32FEE7DCFC9DC 2181 DE1169A346EFE825246214DF022BADF983B93CBBA8 2182 Rx: 9000 2184 Tx: A0800100F01C44C15A1139701B69F9954C9BD2FDFA1AE401E3BD6FD06CF58541 2185 3C28AE802B4670A8F30203010001A38202E4308202E0300B0603551D0F040403 2186 0205A0304406092A864886F70D01090F04373035300E06082A864886F70D0302 2187 02020080300E06082A864886F70D030402020080300706052B0E030207300A06 2188 082A864886F70D030730130603551D25040C300A06082B06010505070301301D 2189 0603551D0E04160414234B9E6578CB280E3D968C5B6C4EA0911C1A7F73301F06 2190 03551D23041830168014E56DC55020881E3900398AF99EE0789DA4230F893081 2191 FB0603551D1F0481F33081F03081EDA081EAA081E7 2192 Rx: 9000 2194 Tx: A0800100F08681B16C6461703A2F2F2F434E3D6361776966692C434E3D616B6B 2195 6172312C434E3D4344502C434E3D5075626C69632532304B6579253230536572 2196 76696365732C434E3D53657276696365732C434E3D436F6E6669677572617469 2197 6F6E2C44433D62616472612C44433D656E73742C44433D66723F636572746966 2198 69636174655265766F636174696F6E4C6973743F626173653F6F626A65637443 2199 6C6173733D63524C446973747269627574696F6E506F696E748631687474703A 2200 2F2F616B6B6172312E62616472612E656E73742E66722F43657274456E726F6C 2201 6C2F6361776966692E63726C3082011306082B0601 2202 Rx: 9000 2204 Tx: A0800100F0050507010104820105308201013081AA06082B0601050507300286 2205 819D6C6461703A2F2F2F434E3D6361776966692C434E3D4149412C434E3D5075 2206 626C69632532304B657925323053657276696365732C434E3D53657276696365 2207 732C434E3D436F6E66696775726174696F6E2C44433D62616472612C44433D65 2208 6E73742C44433D66723F634143657274696669636174653F626173653F6F626A 2209 656374436C6173733D63657274696669636174696F6E417574686F7269747930 2210 5206082B060105050730028646687474703A2F2F616B6B6172312E6261647261 2211 2E656E73742E66722F43657274456E726F6C6C2F61 2212 Rx: 9000 2214 Tx: A0800000C46B6B6172312E62616472612E656E73742E66725F6361776966692E 2215 637274302106092B060104018237140204141E12005700650062005300650072 2216 007600650072300D06092A864886F70D01010505000382010100946E33F7044A 2217 18F16E18337D8A22A230415DF07766ED94835E8A1FCBB7B16571D6EC6A9564AA 2218 C163383D17B223C29AB57825AE36156083249AA0A8EABED8C880D7E1EE58A301 2219 9D04D935EA3C6427052FDE1CCB60681691436C3580439F4C592ABA6489D43ABF 2220 EF9660EF60DA97FDA9 2221 Rx: 6106 2223 Tx: A0C0000006 // READ ACK#15 2224 Rx: 021500060D009000 2226 // Transfer Server Hello frag#2 1396 octets eap.request#16 2228 Tx: A0800100F0011605740D40E8436722315A8D1479DCA19BFFC9F6B15A538D80E1 2229 A0C107F079DF79DB2674DD914481C8E1B388577645C100F44F4EC3A7E077CC4B 2230 3AC3577FD1CD0575E651FF1BCD6C716402DD83858563EC791593018CEB0BD9DB 2231 12F4B2E8D19FC185787E1717265BA3E11E76E343D2DA8AD83C77188E4E96C049 2232 B3F3B7BCB886BB574858FE331EE4407AA893212C171B1883A3B0EA580D000C63 2233 0201020C5E00C43081C1310B300906035504061302555331173015060355040A 2234 130E566572695369676E2C20496E632E313C303A060355040B1333436C617373 2235 2031205075626C6963205072696D61727920436572 2236 Rx: 9000 2238 Tx: A0800100F074696669636174696F6E20417574686F72697479202D204732313A 2239 3038060355040B1331286329203139393820566572695369676E2C20496E632E 2240 202D20466F7220617574686F72697A656420757365206F6E6C79311F301D0603 2241 55040B1316566572695369676E205472757374204E6574776F726B00C43081C1 2242 310B300906035504061302555331173015060355040A130E566572695369676E 2243 2C20496E632E313C303A060355040B1333436C6173732034205075626C696320 2244 5072696D6172792043657274696669636174696F6E20417574686F7269747920 2245 2D204732313A3038060355040B1331286329203139 2246 Rx: 9000 2248 Tx: A0800100F0393820566572695369676E2C20496E632E202D20466F7220617574 2249 686F72697A656420757365206F6E6C79311F301D060355040B13165665726953 2250 69676E205472757374204E6574776F726B00D43081D1310B3009060355040613 2251 025A41311530130603550408130C5765737465726E2043617065311230100603 2252 55040713094361706520546F776E311A3018060355040A131154686177746520 2253 436F6E73756C74696E6731283026060355040B131F4365727469666963617469 2254 6F6E205365727669636573204469766973696F6E312430220603550403131B54 2255 686177746520506572736F6E616C20467265656D61 2256 Rx: 9000 2258 Tx: A0800100F0696C204341312B302906092A864886F70D010901161C706572736F 2259 6E616C2D667265656D61696C407468617774652E636F6D00D23081CF310B3009 2260 060355040613025A41311530130603550408130C5765737465726E2043617065 2261 31123010060355040713094361706520546F776E311A3018060355040A131154 2262 686177746520436F6E73756C74696E6731283026060355040B131F4365727469 2263 6669636174696F6E205365727669636573204469766973696F6E312330210603 2264 550403131A54686177746520506572736F6E616C205072656D69756D20434131 2265 2A302806092A864886F70D010901161B706572736F 2266 Rx: 9000 2268 Tx: A0800100F06E616C2D7072656D69756D407468617774652E636F6D0086308183 2269 310B3009060355040613025553312D302B060355040A13244669727374204461 2270 7461204469676974616C2043657274696669636174657320496E632E31453043 2271 0603550403133C46697273742044617461204469676974616C20436572746966 2272 69636174657320496E632E2043657274696669636174696F6E20417574686F72 2273 69747900CE3081CB310B3009060355040613025A41311530130603550408130C 2274 5765737465726E204361706531123010060355040713094361706520546F776E 2275 311A3018060355040A131154686177746520436F6E 2276 Rx: 9000 2278 Tx: A0800000C473756C74696E6731283026060355040B131F436572746966696361 2279 74696F6E205365727669636573204469766973696F6E3121301F060355040313 2280 1854686177746520506572736F6E616C2042617369632043413128302606092A 2281 864886F70D0109011619706572736F6E616C2D6261736963407468617774652E 2282 636F6D0061305F310B300906035504061302555331173015060355040A130E56 2283 6572695369676E2C20496E632E31373035060355040B132E436C617373203320 2284 5075626C6963205072 2285 Rx: 6106 2287 Tx: A0C0000006 // Read ACK#16 2288 Rx: 021600060D009000 2290 // Transfer Server Hello frag#3 1396 octets eap.request#17 2292 Tx: A0800100F0011705740D40696D6172792043657274696669636174696F6E2041 2293 7574686F726974790061305F310B300906035504061302555331173015060355 2294 040A130E566572695369676E2C20496E632E31373035060355040B132E436C61 2295 73732032205075626C6963205072696D6172792043657274696669636174696F 2296 6E20417574686F726974790061305F310B300906035504061302555331173015 2297 060355040A130E566572695369676E2C20496E632E31373035060355040B132E 2298 436C6173732031205075626C6963205072696D61727920436572746966696361 2299 74696F6E20417574686F7269747900C43081C1310B 2300 Rx: 9000 2302 Tx: A0800100F0300906035504061302555331173015060355040A130E5665726953 2303 69676E2C20496E632E313C303A060355040B1333436C6173732033205075626C 2304 6963205072696D6172792043657274696669636174696F6E20417574686F7269 2305 7479202D204732313A3038060355040B13312863292031393938205665726953 2306 69676E2C20496E632E202D20466F7220617574686F72697A656420757365206F 2307 6E6C79311F301D060355040B1316566572695369676E205472757374204E6574 2308 776F726B009C308199310B30090603550406130248553111300F060355040713 2309 08427564617065737431273025060355040A131E4E 2310 Rx: 9000 2311 Tx: A0800100F065744C6F636B2048616C6F7A617462697A746F6E73616769204B66 2312 742E311A3018060355040B131154616E7573697476616E796B6961646F6B3132 2313 3030060355040313294E65744C6F636B20557A6C6574692028436C6173732042 2314 292054616E7573697476616E796B6961646F00473045310B3009060355040613 2315 02555331183016060355040A130F47544520436F72706F726174696F6E311C30 2316 1A06035504031313475445204379626572547275737420526F6F740077307531 2317 0B300906035504061302555331183016060355040A130F47544520436F72706F 2318 726174696F6E31273025060355040B131E47544520 2319 Rx: 9000 2321 Tx: A0800100F04379626572547275737420536F6C7574696F6E732C20496E632E31 2322 2330210603550403131A475445204379626572547275737420476C6F62616C20 2323 526F6F7400C63081C3310B300906035504061302555331143012060355040A13 2324 0B456E74727573742E6E6574313B3039060355040B13327777772E656E747275 2325 73742E6E65742F43505320696E636F72702E206279207265662E20286C696D69 2326 7473206C6961622E2931253023060355040B131C286329203139393920456E74 2327 727573742E6E6574204C696D69746564313A303806035504031331456E747275 2328 73742E6E6574205365637572652053657276657220 2329 Rx: 9000 2331 Tx: A0800100F043657274696669636174696F6E20417574686F7269747900B23081 2332 AF310B30090603550406130248553110300E0603550408130748756E67617279 2333 3111300F06035504071308427564617065737431273025060355040A131E4E65 2334 744C6F636B2048616C6F7A617462697A746F6E73616769204B66742E311A3018 2335 060355040B131154616E7573697476616E796B6961646F6B3136303406035504 2336 03132D4E65744C6F636B204B6F7A6A6567797A6F692028436C61737320412920 2337 54616E7573697476616E796B6961646F00C43081C1310B300906035504061302 2338 555331173015060355040A130E566572695369676E 2339 Rx: 9000 2341 Tx: A0800000C42C20496E632E313C303A060355040B1333436C6173732032205075 2342 626C6963205072696D6172792043657274696669636174696F6E20417574686F 2343 72697479202D204732313A3038060355040B1331286329203139393820566572 2344 695369676E2C20496E632E202D20466F7220617574686F72697A656420757365 2345 206F6E6C79311F301D060355040B1316566572695369676E205472757374204E 2346 6574776F726B0070306E310B300906035504061302555331183016060355040A 2347 130F47544520436F72 2348 Rx: 6106 2350 Tx: A0C0000006 // Transfer ACK#17 2351 RX: 021700060D009000 2353 // Read Server Hello frag#4 550 octets eap.request#18 2354 Tx: A0800100F0011802260D00706F726174696F6E31273025060355040B131E4754 2355 45204379626572547275737420536F6C7574696F6E732C20496E632E311C301A 2356 06035504031313475445204379626572547275737420526F6F74009E30819B31 2357 0B30090603550406130248553111300F06035504071308427564617065737431 2358 273025060355040A131E4E65744C6F636B2048616C6F7A617462697A746F6E73 2359 616769204B66742E311A3018060355040B131154616E7573697476616E796B69 2360 61646F6B313430320603550403132B4E65744C6F636B20457870726573737A20 2361 28436C6173732043292054616E7573697476616E79 2362 Rx: 9000 2364 Tx: A0800100F06B6961646F0054305231123010060A0992268993F22C6401191602 2365 667231143012060A0992268993F22C6401191604656E737431153013060A0992 2366 268993F22C64011916056261647261310F300D06035504031306636177696669 2367 00723070312B3029060355040B1322436F707972696768742028632920313939 2368 37204D6963726F736F667420436F72702E311E301C060355040B13154D696372 2369 6F736F667420436F72706F726174696F6E3121301F060355040313184D696372 2370 6F736F667420526F6F7420417574686F726974790061305F31133011060A0992 2371 268993F22C6401191603636F6D31193017060A0992 2372 Rx: 9000 2374 Tx: A080000046268993F22C64011916096D6963726F736F6674312D302B06035504 2375 0313244D6963726F736F667420526F6F74204365727469666963617465204175 2376 74686F726974790E000000 2377 Rx: 9F00 2379 // Transfer Smartcard Response, eap.response#18 2381 // 1st fragment 1594 bytes - 05D6 - Code=2 id=18 2382 // Length=1494 Type=0D Flag=C0 Size=1825 2384 Tx: A012000000 2385 Rx: 021805D60DC00000072116030106F10B0005E10005DE0005DB308205D7308204 2386 BFA003020102020A61253DFF000000000006300D06092A864886F70D01010505 2387 00305231123010060A0992268993F22C6401191602667231143012060A099226 2388 8993F22C6401191604656E737431153013060A0992268993F22C640119160562 2389 61647261310F300D06035504031306636177696669301E170D30333131303630 2390 39333635395A170D3034313130353039333635395A306231123010060A099226 2391 8993F22C6401191602667231143012060A0992268993F22C6401191604656E73 2392 7431153013060A0992268993F22C64011916056261647261310E300C06035504 2393 9F00 2395 Tx: A012000000 2396 Rx: 0313055573657273310F300D0603550403130668616A6A656830819F300D0609 2397 2A864886F70D010101050003818D0030818902818100DE7D0EF51D1716C06F51 2398 B04CEF2EC6CAF4D86601BC7B211237CEDC6172F3C8FF835C2FF52BF8F00FBD89 2399 866A3FC28B3BBDC798FD4B1D678F856612746F6474D031074604BAB17470B1FC 2400 D94244F897C274B9455C841533EC4ACB41D26E7C6DBDBCCD3E64FF8F3363FE06 2401 556996C696FA17DBF87FEB5BFE003ED18E428362BEC30203010001A382032130 2402 82031D300B0603551D0F0404030205A0304406092A864886F70D01090F043730 2403 35300E06082A864886F70D030202020080300E06082A864886F70D0304020200 2404 9F00 2406 Tx: A012000000 2407 Rx: 80300706052B0E030207300A06082A864886F70D0307301D0603551D0E041604 2408 14526E170649667E12FD1EC69D4CC8A02640B75928301706092B060104018237 2409 1402040A1E080055007300650072301F0603551D23041830168014E56DC55020 2410 881E3900398AF99EE0789DA4230F893081FB0603551D1F0481F33081F03081ED 2411 A081EAA081E78681B16C6461703A2F2F2F434E3D6361776966692C434E3D616B 2412 6B6172312C434E3D4344502C434E3D5075626C69632532304B65792532305365 2413 7276696365732C434E3D53657276696365732C434E3D436F6E66696775726174 2414 696F6E2C44433D62616472612C44433D656E73742C44433D66723F6365727469 2415 9F00 2417 Tx: A012000000 2418 Rx: 6669636174655265766F636174696F6E4C6973743F626173653F6F626A656374 2419 436C6173733D63524C446973747269627574696F6E506F696E74863168747470 2420 3A2F2F616B6B6172312E62616472612E656E73742E66722F43657274456E726F 2421 6C6C2F6361776966692E63726C3082011306082B060105050701010482010530 2422 8201013081AA06082B0601050507300286819D6C6461703A2F2F2F434E3D6361 2423 776966692C434E3D4149412C434E3D5075626C69632532304B65792532305365 2424 7276696365732C434E3D53657276696365732C434E3D436F6E66696775726174 2425 696F6E2C44433D62616472612C44433D656E73742C44433D66723F6341436572 2426 9F00 2428 Tx: A012000000 2429 Rx: 74696669636174653F626173653F6F626A656374436C6173733D636572746966 2430 69636174696F6E417574686F72697479305206082B0601050507300286466874 2431 74703A2F2F616B6B6172312E62616472612E656E73742E66722F43657274456E 2432 726F6C6C2F616B6B6172312E62616472612E656E73742E66725F636177696669 2433 2E63727430290603551D2504223020060A2B0601040182370A030406082B0601 2434 050507030406082B06010505070302302F0603551D1104283026A024060A2B06 2435 0104018237140203A0160C1468616A6A65684062616472612E656E73742E6672 2436 300D06092A864886F70D0101050500038201010013A233AA6EDB4282A69EF9D0 2437 9FD6 2439 Tx: A0120000D6 2440 Rx: 23D51F32FD0B97AF03C4BACD6B7ED5C155110EBACC3F0FAD6D853DEE845CC33D 2441 0E9D8ECC7514295F854D16F6409DFEB61A60C9A1EF0BC09AD3C1A93BEE546B2D 2442 F9DBAB8AD9A90AAB5CEE35FF6751275873D1C5093339B4ADEA0F40C54754DAE7 2443 461966322B5772B460B7FA2F5985D496C52CAF7456DF2D78E4DE9B1C48F2ACB9 2444 87BA9BDE3D1624645330F0FBF0103C547DA547C1F03B1C2BB5CDD06D38D2ABFA 2445 FD06387235E8E49DEDCB7E2B7E80A15B1317A04ECF1ADBF475AC82D67514A6EF 2446 5EBFFAD40D5D5F7395179677703BFC3A9D34623BD28E9000 2448 // Read ACK#19 2449 Tx: A080000006011900060D00 2450 Rx: 9F00 2452 // Transfer 2nd fragment, 347 bytes, Code=2 id=19 Length=347 2453 // Type=0D Flag=00 2454 // 2455 Tx: A012000000 2456 Rx: 0219015B0D00C9186A1078130652552D5CFEF1B6CDBA5197910A4C87CAD1F92F 2457 A7EB7A0B1000008200808FD83C571FE7D71E76A86405BDBC95BA4BD67A48F4BD 2458 8084F4F944C1ACDF1FACF85FFC111BE3CE8AFFB48F6DA6C5477761A34C7889CB 2459 148DA42141BBC1E942BAC8752B7FD255574F654DBED3DEF89EE0F79BEEBF43DC 2460 737F158F99C17A2461B2C5D5E2A75FCBBD7F5275AD781127300E46EC61408EF2 2461 BABC200F85363926301E0F0000820080BDD2429D21DAE14D9727D2F715BF30A6 2462 5E61C7608D5C0B6035BCCC014BAFE24BB98550AF86E13B6D8D371E5A922D20DD 2463 338B563B7E9C9AF0EF9110C77B468A651915575D348A7D29B89CC5A8D4B8AA71 2464 9F5B 2466 Tx: A01200005B 2467 Rx: 5D53E340E6E7AD6B6E3438F358B870C5DA5E61C45EE5E3F9454219F48A34CC98 2468 10A946F0C652675E3CA81ABA229309B71403010001011603010020C97EBCFF0C 2469 20271CAE21FAA80898278660D393CB4C640390CDEB14592A0392F79000 2471 // Transfer Server last message, eap request #1A 2472 Tx: A080000035011A00350D800000002B14030100010116030100209255D2089E41 2473 30B5984AF43B604A108AA11376F368E71BCF81EEFEBC00289C1C 2474 Rx: 6106 2476 // Read ACK#1A 2477 Tx: A0C0000006 2478 Rx: 021A00060D009000 2480 // Read MSK 2481 Tx: A0A6000040 2482 Rx: 8F0A6773E9C0264015861CE712C9A692844A28B6D5641E4D90D38994A94A2C6D 2483 B7CD0C7DCBD83D45B2DB1D6598FE696A10176E21B62D8A33AD2970A560CE5E84 2484 9000 2485 // 2486 17.3 EAP-TLS mode1 ISO7816 trace (T=0 protocol) 2488 The EAP-TLS smartcard mode1, supports five functions 2489 - Public Key Encryption, with the server public key 2490 - Private Key Encryption, with the client private key 2491 - Public Key decryption, with the Certification Authority (CA) 2492 public key 2493 - Reading of the client's certificate 2494 - Random Number Generator 2496 In this mode the EAP-TLS smartcard interface doesn't provide RSA 2497 functions. Furthermore all client's parameters (RSA keys and 2498 certificate) are stored in the smartcard. 2500 // Set-Identity (abc TLS) type=TLS 2501 Tx: A016800003616263 2502 Rx: 9000 2504 // RANDOM Number Generator 2505 Tx: A060 0200 1C // 28 bytes 2506 Rx: 08BDD285B43D1F3BC9715FC9F85FC453FE58F3A9E07FF397CD653922 2508 // Set Server Public KEY (FCT = Initialize + Public-Encrypt) 2509 Tx: A0604800870080bc67013cb915ec1281e65a4daf49801ddb6d5cf30cfd2ff63f 2510 5d377929c7391bfd766f67dd0fe9e8425143ba46ae95ff76919f30a39c459a22 2511 f22b7566529795c32fee7dcfc9dcde1169a346efe825246214df022badf983b9 2512 cbba81c44c15a1139701b69f9954c9bd2fdfa1ae401e3bd6fd06cf585413c28a 2513 e802b4670a8f30003010001 2514 // Pre-Master Secret Encryption with the Server Public Key 2515 // FCT = Do-Final + Public-Encrypt 2516 Tx: A0600800300301c5a68fb75123308e2ddbb27b63fe021e8724e7bc5c17078b3b 2517 3f90ba00d128f80b07ad786b6de36e5f94ffdfeb49 2518 RX: 6180 2519 TX: 8fd83c571fe7d71e76a86405bdbc95ba4bd67a48f4bd8084f4f944c1acdf1fac 2520 f85ffc111be3ce8affb48f6da6c5477761a34c7889cb148da42141bbc1e942ba 2521 c8752b7fd255574f654dbed3def89ee0f79beebf43dc737f158f99c17a2461b2 2522 c5d5e2a75fcbbd7f5275ad781127300e46ec61408ef2babc200f85363926301e 2524 // Private Encrypt with Client Private Key 2525 // FCT = Do-Final + Private-Encrypt 2526 // (Client Certificate Verify) 2527 Tx: A0604002249c0326e6d899fa802cc981b86e9b65f41234db8e2456e5f3dccd68 2528 a34f25b4e72153f50e 2529 Rx: 6180 2530 Tx: A0C0000080 2531 Rx: bdd2429d21dae14d9727d2f715bf30a65e61c7608d5c0b6035bccc014bafe24b 2532 b98550af86e13b6d8d371e5a922d20dd338b563b7e9c9af0ef9110c77b468a65 2533 1915575d348a7d29b89cc5a8d4b8aa715d53e340e6e7ad6b6e3438f358b870c5 2534 da5e61c45ee5e3f9454219f48a34cc9810a946f0c652675e3ca81aba229309b7 2536 // Public Decrypt#1 with CA public key, first byte 2537 // FCT = Do-Final + Index#1 + Public-Decrypt 2538 // Checking of server certificate 2539 Tx: A061 1B 00 01 13 2540 Rx: 9000 2541 // Public Decrypt#1 (with CA public key, 255 bytes) 2542 Tx: A0601A00FFA233AA6EDB4282A69EF9D023D51F32FD0B97AF03C4BACD6B7ED5C1 2543 55110EBACC3F0FAD6D853DEE845CC33D0E9D8ECC7514295F854D16F6409DFEB6 2544 1A60C9A1EF0BC09AD3C1A93BEE546B2DF9DBAB8AD9A90AAB5CEE35FF67512758 2545 73D1C5093339B4ADEA0F40C54754DAE7461966322B5772B460B7FA2F5985D496 2546 C52CAF7456DF2D78E4DE9B1C48F2ACB987BA9BDE3D1624645330F0FBF0103C54 2547 7DA547C1F03B1C2BB5CDD06D38D2ABFAFD06387235E8E49DEDCB7E2B7E80A15B 2548 1317A04ECF1ADBF475AC82D67514A6EF5EBFFAD40D5D5F7395179677703BFC3A 2549 9D34623BD28EC9186A1078130652552D5CFEF1B6CDBA5197910A4C87CAD1F92F 2550 A7EB7A0B 2551 Rx: 6123 2552 Tx: A0C0000023 // Certificate Hash 2553 Rx: 3021300906052B0E03021A0500041429A563710F25832AFB692E44F4B9AFF36F 2554 BE91A79000 2556 // Read Client Certificate 2557 Tx: A060000000 // Certificate 1st fragment 2558 Rx: 308205D7308204BFA003020102020A61253DFF000000000006300D06092A8648 2559 86F70D0101050500305231123010060A0992268993F22C640119160266723114 2560 3012060A0992268993F22C6401191604656E737431153013060A0992268993F2 2561 2C64011916056261647261310F300D06035504031306636177696669301E170D 2562 3033313130363039333635395A170D3034313130353039333635395A30623112 2563 3010060A0992268993F22C6401191602667231143012060A0992268993F22C64 2564 01191604656E737431153013060A0992268993F22C6401191605626164726131 2565 0E300C060355040313055573657273310F300D0603550403130668616A6A6568 2566 9F00 2567 Tx: A012000000 // Certificate 2nd fragment 2568 Rx: 30819F300D06092A864886F70D010101050003818D0030818902818100DE7D0E 2569 F51D1716C06F51B04CEF2EC6CAF4D86601BC7B211237CEDC6172F3C8FF835C2F 2570 F52BF8F00FBD89866A3FC28B3BBDC798FD4B1D678F856612746F6474D0310746 2571 04BAB17470B1FCD94244F897C274B9455C841533EC4ACB41D26E7C6DBDBCCD3E 2572 64FF8F3363FE06556996C696FA17DBF87FEB5BFE003ED18E428362BEC3020301 2573 0001A38203213082031D300B0603551D0F0404030205A0304406092A864886F7 2574 0D01090F04373035300E06082A864886F70D030202020080300E06082A864886 2575 F70D030402020080300706052B0E030207300A06082A864886F70D0307301D06 2576 9F00 2577 Tx: A012000000 // Certificate 3rd fragment 2578 Rx: 03551D0E04160414526E170649667E12FD1EC69D4CC8A02640B7592830170609 2579 2B0601040182371402040A1E080055007300650072301F0603551D2304183016 2580 8014E56DC55020881E3900398AF99EE0789DA4230F893081FB0603551D1F0481 2581 F33081F03081EDA081EAA081E78681B16C6461703A2F2F2F434E3D6361776966 2582 692C434E3D616B6B6172312C434E3D4344502C434E3D5075626C69632532304B 2583 657925323053657276696365732C434E3D53657276696365732C434E3D436F6E 2584 66696775726174696F6E2C44433D62616472612C44433D656E73742C44433D66 2585 723F63657274696669636174655265766F636174696F6E4C6973743F62617365 2586 9F00 2587 Tx: A012000000 // Certificate 4th fragment 2588 Rx: 3F6F626A656374436C6173733D63524C446973747269627574696F6E506F696E 2589 748631687474703A2F2F616B6B6172312E62616472612E656E73742E66722F43 2590 657274456E726F6C6C2F6361776966692E63726C3082011306082B0601050507 2591 010104820105308201013081AA06082B0601050507300286819D6C6461703A2F 2592 2F2F434E3D6361776966692C434E3D4149412C434E3D5075626C69632532304B 2593 657925323053657276696365732C434E3D53657276696365732C434E3D436F6E 2594 66696775726174696F6E2C44433D62616472612C44433D656E73742C44433D66 2595 723F634143657274696669636174653F626173653F6F626A656374436C617373 2596 9F00 2597 Tx: A012000000 // Certificate 5th fragment 2598 Rx: 3D63657274696669636174696F6E417574686F72697479305206082B06010505 2599 0730028646687474703A2F2F616B6B6172312E62616472612E656E73742E6672 2600 2F43657274456E726F6C6C2F616B6B6172312E62616472612E656E73742E6672 2601 5F6361776966692E63727430290603551D2504223020060A2B0601040182370A 2602 030406082B0601050507030406082B06010505070302302F0603551D11042830 2603 26A024060A2B060104018237140203A0160C1468616A6A65684062616472612E 2604 656E73742E6672300D06092A864886F70D0101050500038201010013A233AA6E 2605 DB4282A69EF9D023D51F32FD0B97AF03C4BACD6B7ED5C155110EBACC3F0FAD6D 2606 9FDB 2607 Tx: A0120000DB // Certificate 6th and last fragment 2608 Rx: 853DEE845CC33D0E9D8ECC7514295F854D16F6409DFEB61A60C9A1EF0BC09AD3 2609 C1A93BEE546B2DF9DBAB8AD9A90AAB5CEE35FF6751275873D1C5093339B4ADEA 2610 0F40C54754DAE7461966322B5772B460B7FA2F5985D496C52CAF7456DF2D78E4 2611 DE9B1C48F2ACB987BA9BDE3D1624645330F0FBF0103C547DA547C1F03B1C2BB5 2612 CDD06D38D2ABFAFD06387235E8E49DEDCB7E2B7E80A15B1317A04ECF1ADBF475 2613 AC82D67514A6EF5EBFFAD40D5D5F7395179677703BFC3A9D34623BD28EC9186A 2614 1078130652552D5CFEF1B6CDBA5197910A4C87CAD1F92FA7EB7A0B9000 2615 18 Annex 7, EAP-AKA ISO7816 APDUs Trace (T=0 Protocol) 2617 This annex gives test vectors for the EAP-AKA protocol, introduced 2618 by [EAP-AKA] 2620 // Select EAP_APPLICATION 2621 Tx: 00A40400 07 11 22 33 44 55 66 01 2622 Rx: 9000 2624 // Verify User PIN ('0000') 2625 Tx: A020000004 30303030 2626 Rx: 9000 2628 // Set-Identity ('zzz') type=AKA 2629 Tx: A0 16 00 80 03 7A 7A 7A 2630 // 90 00 2632 // EAP-Identity request 2633 Tx: A0 80 00 00 05 01 A4 00 05 01 2634 // Identity.response: anonymous@dot.com 2635 Rx: 02 A4 00 16 01 61 6E 6F 6E 79 6D 6F 75 73 40 64 6F 74 2E 63 6F 2636 6D 90 00 2638 // EAP-AKA GET AT-PERMANENT-ID-REQ: aka@dot.com 2639 Tx: A0 80 00 00 0A 01A6 000A 1705 0A01 0000 2640 Rx: 02 A6 00 16 17 05 0E 04 00 0B 61 6B 61 40 64 6F 74 2E 63 6F 6D 2641 00 90 00 2642 //================= 2643 // Milenage Values= 2644 //================= 2645 // These values are imported from 2646 // 3GPP TS 35.207 V5.0.0 (2002-06), 2647 // sections 4.3-Test set 1 and 6.3-Test set 1 2649 // K: 465b5ce8 b199b49f aa5f0a2e e238a6bc 2650 // OP: cdc202d5 123e20f6 2b6d676a c72cb318 2651 // SQN: ff9bb4d0b607 2652 // AMF: b9b9 2653 // RAND: 23553cbe 9637a89d 218ae64d ae47bf35 2655 // f1|f1*: 4A 9F FA C3 54 DF AF B3 01 CF AF 9E C4 E8 71 E9 2656 // f2/sres A5 42 11 D5 E3 BA 50 BF 2657 // f3/ck B4 0B A9 A3 C5 8B 2A 05 BB F0 D9 87 B2 1B F8 CB 2658 // f4/ik F7 69 BC D7 51 04 46 04 12 76 72 71 1C 6D 34 41 2659 // f5/ak AA 68 9C 64 83 70 2660 // f5*/ak2 45 1E 8B EC A4 3B 2661 //============================= 2662 // Values for XKEY & PRF(XKEY)= 2663 //============================= 2664 // ID: 61 6B 61 40 64 6F 74 2E 63 6F 6D = aka@dot.com 2665 // IK: F7 69 BC D7 51 04 46 04 12 76 72 71 1C 6D 34 41 2666 // CK: B4 0B A9 A3 C5 8B 2A 05 BB F0 D9 87 B2 1B F8 CB 2667 // XKEY = MK = sha1(ID|IK|CK) = 2668 // C4 83 4F 21 BE AD F0 9E 7A 3B E8 17 97 5A BA 99 DD B4 0C 9A 2670 // PRF(XKEY) 2671 // K_Encr: 28 FF 32 38 42 05 6B 55 4B 85 A5 11 16 34 5A A4 2672 // K_Auth: B3 08 06 82 48 8E 68 6F AC 3E 1C F8 24 8E 73 63 2673 // MSK: BE 12 98 C0 B5 33 8C 91 D6 E1 1B 33 AE 7D 46 2D 2674 // E2 99 64 64 0C F5 05 FF 26 AE D5 98 82 2D 41 F9 2675 // 20 AF 49 FD CB 77 00 8C 2A AC DB A3 A1 AE 79 75 2676 // 20 8C 25 E5 40 17 5D 22 D5 48 0C DE 88 D7 90 33 2677 // EMSK: CD 10 C9 14 BB 54 DC 97 AE E8 96 06 67 F8 C8 59 2678 // 12 44 DF E7 BD 4A C1 B1 6E 63 1B 4D FA 5D F6 97 2679 // 4A 4C 51 F5 D8 19 FE 68 E7 37 0F 9E 47 43 9B 43 2680 // FD 6E 83 CC 35 7A 01 E7 16 57 F3 BE 6D 26 4A 2B 2682 //========================================= 2683 // Test #1 : FULL AUTHENTICATION, GOOD SQN 2684 //========================================= 2685 //AT-RAND AT-AUTN AT-MAC 2686 Tx: A0 80 00 0044 01A5 0044 17010000 01050000 23553CBE 2687 9637A89D 218AE64D AE47BF35 02050000 55F328B43577 B9B9 4A9FFAC3 2688 54DFAFB3 0B050000 C7003536 662D5201 B011F20F E5DD8CE4 2690 // AT-RES AT-MAC 2691 Rx: 02 A5 0028 17010000 03030040 A54211D5 E3BA50BF 2692 0B050000 45703D12 9567DCA9 2C9101C4 9392F267 9000 2694 // Get MSK 2695 Tx: A0 A6 00 00 40 2696 Rx: 20 AF 49 FD CB 77 00 8C 2A AC DB A3 A1 AE 79 75 20 8C 25 E5 40 2697 17 5D 22 D5 48 0C DE 88 D7 90 33 BE 12 98 C0 B5 33 8C 91 D6 E1 2698 1B 33 AE 7D 46 2D E2 99 64 64 0C F5 05 FF 26 AE D5 98 82 2D 41 2699 F9 90 00 2700 //========================================== 2701 // Test #2 : FULL AUTHENTICATION, WRONG SQN 2702 //========================================== 2703 //GPP TS 33.102, Release 9 V9.2.0 (2010-03), page 23: 2704 //The AMF used to calculate MAC-S assumes a dummy value of all zeros 2705 //so that it does not need to be transmitted in the clear in the 2706 //re-synch message. 2708 Tx: A0 80 00 0044 01A5 0044 17010000 01050000 23553CBE 2709 9637A89D 218AE64D AE47BF35 02050000 55F328B43577 B9B9 4A9FFAC3 2710 54DFAFB3 0B050000 C7003536 662D5201 B011F20F E5DD8CE4 2712 // According to 3GPP TS 33.102 V6.4.0 (2005-09) 2713 // AT_AUTS = AK2+SQNms | MAC-S 2714 // MAC-S = f1*(AMF=0000,RAND,SQNms) 2715 // AK2 = f5*(RAND) 2717 // AK2 = 45 1E 8B EC A4 3B 2718 // SQNms = ff 9b b4 d0 b6 08 2719 // MAC-S = 00 10 C1 DA 38 A7 5A 31 2721 Rx: 02A50018 1704 0000 0404 BA853F3C1233 0010C1DA38A75A31 9000 2723 //========================================== 2724 // Test #3 : FULL AUTHENTICATION, WRONG MAC= 2725 //========================================== 2726 Tx: A0 80 00 0044 01A5 0044 17010000 01050000 23553CBE 2727 9637A89D 218AE64D AE47BF36 02050000 55F328B43577 B9B9 4A9FFAC3 2728 54DFAFB3 0B050000 C7003536 662D5201 B011F20F E5DD8CE4 2730 // AKA-Authentication-Reject 2731 Rx: 02 A5 0008 17020000 9000 2733 //=========================================== 2734 // Test #4 : Full Authentication + PSEUDO-ID= 2735 //=========================================== 2737 // AT-RAND AT-AUTN AT-ENCR AT-MAC 2738 // AT-ENCR: 82090000 8205000D 31323334 31323334 31323334 31000000 2739 // 06030000 00000000 00000000 2741 Tx: A0 80 00 00 7C 01A5 007C 17010000 01050000 23553CBE 9637A89D 2742 218AE64D AE47BF35 02050000 55F328B43577 B9B9 2743 4A9FFAC3 54DFAFB3 81050000 12345678 12345678 12345678 12345678 2744 82090000 819DCAF9 E851072D 660A36FB 79D96C09 6AC36F2E 58D6E32D 2745 3FC84869 9DA076D4 0B050000 B05E0FFC 0A99A434 2A2BFAD8 1900F1B3 2747 // AT-RES AT-MAC 2748 Rx: 02 A5 00 28 17010000 03030040 A54211D5 E3BA50BF 0B050000 2749 45703D12 9567DCA9 2C9101C4 9392F267 9000 2750 // AT-FULLAUTH-ID-REQ = "12341234123412341@dot.com" 2751 Tx: A0 80 00 00 0C 01A6 000C 17050000 11010000 2752 Rx: 02 A6 00 24 17050000 0E070015 31323334 31323334 31323334 2753 3140646F 742E636F 6D000000 9000 2755 // AT-PERMANENT-ID-REQ = "aka@dot.com" 2756 Tx: A0 80 00 00 0C 01A6 000C 17050000 0A010000 2758 Rx: 02 A6 00 18 17050000 0E04000B 616B6140 646F742E 636F6D00 9000 2760 //=========================================== 2761 // Test #5 : Full Authentication + ReAUTH-ID= 2762 //=========================================== 2763 // AT-RAND AT-AUTN AT-ENCR AT-MAC 2764 // AT-ENCR: 82090000 8505000D 31323334 31323334 31323334 31000000 2765 // 06030000 00000000 00000000 2767 Tx: A0 80 00 00 7C 01A5 007C 17010000 01050000 23553CBE 9637A89D 2768 218AE64D AE47BF35 02050000 55F328B43577 B9B9 2769 4A9FFAC354DFAFB3 81050000 12345678 12345678 12345678 12345678 2770 82090000 49E8E4BE 42452611 89AFE3A1 E913953F 4A966DBE 53D621A8 2771 CC771072 DA7B1964 2772 0B050000 4081C920 AB6A42EB A06DD4B6 A598D741 2774 // AT-RES AT-MAC 2775 Rx: 02 A5 00 28 17010000 03030040 A5 42 11 D5 E3 BA 50 BF 2776 0B050000 45703D12 9567DCA9 2C9101C4 9392F267 9000 2778 // GET AT-ANY-ID-REQ: "1234123412341" 2779 Tx: A0 80 00 00 0C 01A6 000C 17050000 0D010000 2780 Rx: 02 A6 00 1C 17050000 0E05000D 31323334 31323334 31323334 2781 31000000 9000 2783 //============================== 2784 // Test #6: ReAUTH, GoodCounter= 2785 //============================== 2787 According to [EAP-AKA] for EAP-Response/AKA-Reauthentication, the 2788 MAC code is calculated over the following data: EAP packet | NONCE-S 2790 // XKEY' = SHA1(Identity | counter | NONCE-S | MK) 2791 // Identity = 31323334 31323334 31323334 31 2792 // Counter= 0001 2793 // NONCE-S= 12345678 12345678 12345678 12345678 2794 // MK = C4834F21BEADF09E7A3BE817975ABA99DDB40C9A 2795 // XKEY'= 7A790D9602767568BF4D9AD23C0E28F44A0A64B3 2796 // PRF(XKEY') = 2797 // C2BCFE5D383ED9C30F55B83619BF1C7A09A26320AF7F323AD9A0E58CCBE1FA7E 2798 // 6894EE064D7E38C6EBEFFE95DBEC150759B08C18B6AF02EF9D7E52A52B670E13 2799 // AT-IV AT-ENCR AT-MAC 2800 // ENCR: 82090000 13010001 15050000 12345678 12345678 12345678 2801 // 12345678 85020004 31323334 2803 Tx: A080000054 01A50054 170D0000 2804 81050000 12345678 12345678 12345678 12345678 2805 82090000 99571855 2FAF6D99 57A67521 3A37A839 A76923F4 6A0040CF 2806 839AC1E4 DC8B3CDF 2807 0B050000 842D9F634BAA8D4BC10EF5A78C90F705 2809 // AT-ENCR AT-COUNTER AT-PADDING 2810 // AT_ENCR: 82040000 13010001 06030000 00000000 00000000 2812 Rx: 02A50044 170D0000 81050000 A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5 2813 82050000 C528C7A2154DF5BA6744A249557CC823 2814 0B050000 99B31F633BB5BD9399DBD2B321376258 2815 9000 2817 // Get MSK 2818 Tx: A0 A6 00 00 40 2819 Rx: 6894EE064D7E38C6EBEFFE95DBEC150759B08C18B6AF02EF9D7E52A52B670E13 2820 C2BCFE5D383ED9C30F55B83619BF1C7A09A26320AF7F323AD9A0E58CCBE1FA7E 2821 9000 2823 //============================== 2824 // Test #7: ReAUTH,WrongCounter= 2825 //============================== 2827 // AT-IV AT-ENCR AT-MAC 2828 // AT-ENCR: 82090000 13010001 15050000 12345678 12345678 12345678 2829 // 12345678 85020004 31323334 2831 Tx: A080000054 01A50054 170D0000 2832 81050000 12345678 12345678 12345678 12345678 2833 82090000 99571855 2FAF6D99 57A67521 3A37A839 A76923F4 6A0040CF 2834 839AC1E4 DC8B3CDF 2835 0B050000 842D9F634BAA8D4BC10EF5A78C90F705 2837 // AT-ENCR AT-COUNTER-TOO-SMALL AT-COUNTER AT-PADDING 2838 // AT-ENCR: 82050000 14010000 13010001 06020000 00000000 2840 Rx: 02A50044 170D0000 81050000 A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5 2841 82050000 605F0CA17BBDE27ABFF0A82D20E2B945 2842 0B050000 C79D53756722DEDC753FD0D85C1A90FD 2843 9000 2844 19 IANA Considerations 2846 This draft does not require any action from IANA. 2848 20 References 2850 20.1 Normative References 2852 [RFC 3748] B. Aboba, L. Blunk, J. Vollbrecht,C. Sun, H. Levkowetz, 2853 "Extensible Authentication Protocol (EAP)", RFC 3748, June 2004 2855 [L2P] W. Townsley, A. Valencia, A. Rubens, G. Pall, G. Zorn, B. 2856 Palter "Layer Two Tunneling Protocol", RFC 2661, August 1999 2858 [TLS] E. Rescorla, "The Transport Layer Security (TLS) 2859 Protocol Version 1.3, RFC 8446, August 2018. 2861 [GSM 11.11] GSM Technical Specification GSM 11.11. Digital cellular 2862 telecommunications system (Phase 2+); Specification of the 2863 Subscriber Identity Module - Mobile Equipment (SIM - ME) 2865 [IEEE 802.11] Institute of Electrical and Electronics Engineers, 2866 "Standard for Telecommunications and Information Exchange Between 2867 Systems - LAN/MAN Specific Requirements - Part 11: Wireless LAN 2868 Medium Access Control (MAC) and Physical Layer (PHY) 2869 Specifications", IEEE Standard 802.11, 1999 2871 [IEEE 802.1X] Institute of Electrical and Electronics Engineers, 2872 "Local and Metropolitan Area Networks: Port-Based Network Access 2873 Control", IEEE Standard 802.1X, September 2001. 2875 [IEEE 802.11i] Institute of Electrical and Electronics Engineers, 2876 "Approved Draft Supplement to Standard for Telecommunications and 2877 Information Exchange Between Systems-LAN/MAN Specific Requirements - 2878 Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer 2879 (PHY) Specifications: Specification for Enhanced Security", IEEE 2880 802.11i-2004, 2004. 2882 [RFC 7542] A. DeKok, "The Network Access Identifier" RFC 7542, May 2883 2015 2885 [ASN.1] ASN.1 standard 2002 edition ISO/IEC 8825.1. 2886 http://asn1.elibel.tm.fr/en/standards/index.htm 2888 [XML] Extensible Markup Language (XML) 1.0 (Second Edition), W3C 2889 Recommendation 6 October 2000 2891 [RFC 5216] B. Aboba, D. Simon, R. Hurst, "EAP TLS Authentication 2892 Protocol" RFC 5216, March 2008. 2894 [PKCS1] "PKCS #1: RSA Encryption Standard", RSA Laboratories, 2896 [PKCS6] PKCS #6: "Extended-Certificate Syntax Standard, An RSA 2897 Laboratories Technical Note", RSA Laboratories. 2899 [RFC 3748] B. Aboba, L. Blunk, J. Vollbrecht, J. C. Sun, H. 2900 Levkowetz, "Extensible Authentication Protocol (EAP)" RFC 3748, June 2901 2004 2903 [RFC 4017] D. Stanley, J. Walker, B. Aboba, "Extensible 2904 Authentication Protocol (EAP) Method Requirements for Wireless 2905 LANs", March 2005. 2907 [RFC 4137] J. Vollbrecht, P. Eronen, N. Petroni, Y. Ohba, "State 2908 Machines for Extensible Authentication Protocol (EAP)Peer and 2909 Authenticator", August 2005 2911 [EAP-SIM] H. Haverinen, J. Salowey, "Extensible Authentication 2912 Protocol Method for GSM Subscriber Identity Modules (EAP-SIM)", EAP 2913 SIM Authentication", RFC 4186, January 2006. 2915 [EAP-AKA] J. Arkko, H. Haverinen, "Extensible Authentication 2916 Protocol Method for 3rd Generation Authentication and Key Agreement 2917 (EAP-AKA)" RFC 4187, January 2006 2919 [IKEv2] C. Kaufman, P. Hoffman, Y. Nir, P. Eronen, T. Kivinen, 2920 "Internet Key Exchange (IKEv2) Protocol", RFC 7296, October 2014 2922 [IEEE 802.16-2004] IEEE Standard for Local and metropolitan area 2923 networks. Part 16: Air Interface for Fixed Broadband Wireless Access 2924 Systems - 2004 2926 [IEEE 802.16e] IEEE Standard for Local and metropolitan area 2927 networks. - Part 16: Air Interface for Fixed and Mobile 2928 Broadband Wireless Access Systems - Amendment 2: Physical and Medium 2929 Access Control Layers for Combined Fixed and Mobile Operation in 2930 Licensed Bands and Corrigendum 1, February 2006 2932 [TS 102 310] ETSI TS 102 310 V6.2.0 (2005-09) Technical 2933 Specification Smart Cards; Extensible Authentication Protocol 2934 support in the UICC(Release 6) 2936 [HOKEY-EMSK] J. Salowey, L. Dondeti, V. Narayanan, M. Nakhjiri, 2937 "Specification for the Derivation of Root Keys from an Extended 2938 Master Session Key (EMSK)", RFC 5295, August 2008 2940 [EAP-KEY] Bernard Aboba, Dan Simon, P. Eronen, H. Levkowetz, 2941 "Extensible Authentication Protocol (EAP) Key Management Framework", 2942 RFC 5247, August 2008 2943 20.2 Informative References 2945 [NIST-PIV]: Special Publication 800-73-1 Interfaces for Personal 2946 Identity Verification, March 2006 2948 [EAP-SC] P.Urien, W.Habraken, D.Flattin , H.Ganem , "draft-urien- 2949 eap-smartcard-type-02.txt", October 2005 2951 [WiMAX-Forum-Stage2] "WiMAX End-to-End Network Systems Architecture 2952 (Stage 2: Architecture Tenets, Reference Model and Reference 2953 Points)" draft, august 2006 2955 [EAP-EXT] Bernard Aboba, "Extensible Authentication Protocol (EAP) 2956 Key Management Extensions", draft-aboba-eap-keying-extens-00.txt, 2957 April 2005 2959 [PEAP] Ashwin Palekar, Dan Simon, Joe Salowey, Hao Zhou, Glen 2960 Zorn,S. Josefsson, "Protected EAP Protocol (PEAP) Version 2" draft- 2961 josefsson-pppext-eap-tls-eap-10.txt, work-in-progress, October 2004. 2963 21 Authors' Addresses 2965 Pascal Urien 2966 Telecom ParisTech 2967 23 avenue d' Italie 2968 75013 Paris Phone: NA 2969 France Email: Pascal.Urien@telecom-paristech.fr 2971 Guy Pujolle 2972 LIP6 - University Paris 6 2973 4 place jussieu Phone: NA 2974 Paris 75005 France Email: guy.Pujolle@lip6.fr