EAP-AKA Support in 8950 AAA

EAP-AKA Overview

EAP-AKA is an EAP type based on the Authentication and Key Agreement (AKA) mechanism used in the 3rd generation mobile networks Universal Mobile Telecommunications System (UMTS) and cdma2000. In addition to authentication and session key generation, EAP-AKA includes user anonymity support, result indications, and a fast re-authentication procedure. Support for EAP-AKA' is also supported.

For more information on EAP-AKA see:

http://www.ietf.org/rfc/rfc4187.txt

For more information on EAP-AKA', see:

http://tools.ietf.org/html/draft-arkko-eap-aka-kdf-10

Information on EAP

IETF RFC on EAP can be found at: http://www.ietf.org/rfc/rfc3748.txt
IETF RFC on EAP usage with RADIUS can be found at: http://www.ietf.org/rfc/rfc3579.txt

Plug-ins

Overview

8950 AAA contains four plug-ins to support EAP-AKA: AuthEapAka, ReadMapGateway, GenerateAkaQuintet, and RecoverImsi.

AuthEapAka Plug-in

The AuthEapAka plug-in generates EAP-AKA requests and processes EAP-AKA responses. In order for the AuthEapAka plug-in to authenticate the supplicant, it needs a source of AKA quintets. To allow for different sources of AKA quintets, the AuthEapAka plug-in calls a quintet policy flow with the permanent identity and IMSI of the peer. The quintet policy flow uses other plug-ins to either fetch quintets from a data source or generate quintets for a given AKA algorithm and key.

For more information see the plug-in reference documentation:

AuthEapAka.htm

ReadMapGateway Plug-in

The ReadMapGateway plug-in fetches quintets from a Home Location Registry (HLR). The ReadMapGateway sends requests to an Ulticom MAP Gateway which in turn sends SS7 MAP requests to a HLR.

For more information see the plug-in reference documentation:

ReadMapGateway.htm

GenerateAkaQuintet Plug-in

The GenerateAkaQuintet plug-in generates quintets from an AKA algorithm and key.

For more information see the plug-in reference documentation:

GenerateAkaQuintet.htm

RecoverImsi Plug-in

The RecoverImsi plug-in can be used to recover an IMSI from an EAP-AKA pseudonym or fast re-authentication username and is useful in associating billing records with a subscriber.

For more information see the plug-in reference documentation:

RecoverImsi.htm

Testing

EAP-AKA Client Callbacks

8950 AAA includes both a RADIUS EAP-AKA client callback and a Diameter EAP-AKA client callback for use with testing. The RADIUS EAP-AKA client callback is used with the 8950 AAA RADIUS Client Tool, aaa-rt, and with the RadiusTask which is used in Ant build scripts. The Diameter EAP-AKA client callback is used with the 8950 AAA Diameter Client Tool, aaa-dt, and with the DiameterTask which is used in Ant build scripts. Both callbacks can be used to test EAP-AKA authentication in 8950 AAA or other RADIUS servers implementing EAP-AKA. In response to identity requests from the server, the callbacks will always favor a fast re-authentication identity over a temporary identity and a temporary identity over a permanent identity. Selection is based on which identities are configured and the type of identity requested by the server. The callbacks allow specifying a customer specific AKA algorithm and configration string for generating AKA quintets.

Arguments added to testing tool:

-identity <value> or -id <value>: The value specified by this argument is the identity sent with the EAP-Identity message. The RADIUS server should have a policy that authenticates this identity using EAP-AKA. The default value is empty which allows for requesting identity in a AKA-Identity request.
-incrementidentity <value>: If the value of this argument is set to true then the numeric portion of the identity argument is incremented for each request sent. The default value is false.
-identitymodulus <value>: The value specified by this argument is the used with the incrementidentity argument. If specified to a value greater than 0 the the modulus will be used with the current request count to limit the identity values generated to a fixed range. The default value is 0 which means do not use.
-permid <value>: The value specified by this argument is the permanent identity for the client. This value may be sent in response to a AKA-Identity request depending on the type of identity requested by the server.
-tempid <value>: The value specified by this argument is the temporary identity for the client. The temporary identity is a combination of a pseudonym sent by the server and any realm information. This value may be sent in response to a AKA-Identity request depending on the type of identity requested by the server.
-reauthid <value>: The value specified by this argument is the fast reauthentication identity for the client. This value may be sent in response to a AKA-Identity request depending on the type of identity requested by the server.
-reauthcount <value>: The value specified by this argument is the reauthentication counter value for the client. This value is used to test fast reauthentication.
-masterkey <value>: The value specified by this argument is the master key for the client. This value is used to test fast reauthentication. This value is expected to be a hex encoded.
-akakey <value>: The value specified by this argument is the AKA key for the client. This value is used to test full authentication. This value is expected to be a hex encoded.
-maxseq <value>: The value specified by this argument is the maximum sequence number seen by the client.
-akaclass <value>: The value specified by this argument is the class to use for the AKA algorithm used for generating AKA quintets. The default value is com.lucent.aaa.AkaQuinet$AkaMilenage (3GPP TS 35.206). 8950 AAA also includes com.lucent.aaa.AkaQuinet$AkaXor (3GPP TS 34.108), com.lucent.aaa.AkaQuintet$AkaSha1 (3GPP2 S.S0055-A) and com.lucent.aaa.AkaQuinet$AkaMilenageOpc (3GPP TS 35.206).
-akaconfig <value>: The value specified by this argument is the configuration string used for setting up the AKA algorithm used for generating AKA quintets. The default value is empty. For com.lucent.aaa.AkaQuinet$AkaMilenage the configuration string is the hex value for OP as specified in the MILENAGE specification. For com.lucent.aaa.AkaQuinet$AkaMilenageOpc the configuration string is the hex value for op_c as specified in the MILENAGE specification. For both com.lucent.aaa.AkaQuinet$AkaXor and com.lucent.aaa.AkaQuintet$AkaSha1 the value is length of XRES in bytes, if not specified the default length for XRES is 16 bytes.
-sendresultind <value>: The value specified by this argument determines whether the client will request result indicators be sent by the server on success. The default value is false.
-allowfastreauth <value>: The value specified by this argument determines whether the client will support fast reauthentication. The default value is true.
-allowprime <value>: The value specified by this argument determines whether the client will support EAP-AKA'. The default value is false.
-reuseclients <value>: The value specified by this argument determines whether the EAP-AKA clients should be reused. By setting this argument to true, authentications can be chained to use results of previous authentications. The default value is false.
-checkkeys <value> or -ck <value>: The value specified whether the session keys sent by the server should be checked by the client. The default value is true.

Sample Usage:

C:\va\run>..\bin\aaa-rt -callback EapAka -permid 0111111111111111@read.aka.key.com
 -akakey 11111111111111111111111111111111 -loglevel verbose
Xmit: Access-Request

Type=1, Ident=0, Len=20, Auth=60 B4 20 BB 38 51 D9 D4 7A CB 93 3D BE 70 39 9B

         0: 01 00 00 14 60 B4 20 BB 38 51 D9 D4 7A CB 93 3D [....`. .8Q..z..=]
        16: BE 70 39 9B                                     [.p9.            ]

Recv: Access-Challenge after 937 ms.
        Message-Authenticator = "D0E6C7762D8EFF0BFCD37476A7732598"
        State = "1"
        Session-Timeout = 180
        EAP-Message = "Request/EAP-AKA(1): (Identity) 00000D010000"

Type=11, Ident=0, Len=61, Auth=B4 3E 45 D1 02 C0 4E 0B 16 EF 3D 4B 73 7F 3B 34
     Off=20, Attr=80, Len=18        50 12 D0 E6 C7 76 2D 8E [P....v-.]
                                    FF 0B FC D3 74 76 A7 73 [....tv.s]
                                    25 98                   [%.      ]
     Off=38, Attr=79, Len=14        4F 0E 01 01 00 0C 17 05 [O.......]
                                    00 00 0D 01 00 00       [......  ]
     Off=52, Attr=24, Len=3         18 03 31                [..1     ]
     Off=55, Attr=27, Len=6         1B 06 00 00 00 B4       [......  ]

         0: 0B 00 00 3D B4 3E 45 D1 02 C0 4E 0B 16 EF 3D 4B [...=.>E...N...=K]
        16: 73 7F 3B 34 50 12 D0 E6 C7 76 2D 8E FF 0B FC D3 [s.;4P....v-.....]
        32: 74 76 A7 73 25 98 4F 0E 01 01 00 0C 17 05 00 00 [tv.s%.O.........]
        48: 0D 01 00 00 18 03 31 1B 06 00 00 00 B4          [......1......   ]

EAP-Request/AKA_IDENTITY reserved = 0000 Attributes:
        Name = AT_ANY_ID_REQ, Length = 1, Data = 0000
Sending identity response
EAP-Response/AKA_IDENTITY reserved = 0000 Attributes:
        Name = AT_IDENTITY, Length = 10, Data = 00213031313131313131313131313131
313140726561642E616B612E6B65792E636F6D000000
Added response for state "1" to queue...
Xmit: Access-Request
        EAP-Message = "Response/EAP-AKA(1): (Identity) 00000E0A00213031313131313
131313131313131313140726561642E616B612E6B65792E636F6D000000"
        Message-Authenticator = "00000000000000000000000000000000"
        State = "1"

Type=1, Ident=1, Len=91, Auth=F6 C9 2D A3 3A F0 1D 4F B7 70 E9 8C 03 25 F4 1D
     Off=20, Attr=79, Len=50        4F 32 02 01 00 30 17 05 [O2...0..]
                                    00 00 0E 0A 00 21 30 31 [.....!01]
                                    31 31 31 31 31 31 31 31 [11111111]
                                    31 31 31 31 31 31 40 72 [111111@r]
                                    65 61 64 2E 61 6B 61 2E [ead.aka.]
                                    6B 65 79 2E 63 6F 6D 00 [key.com.]
                                    00 00                   [..      ]
     Off=70, Attr=80, Len=18        50 12 8B 1C A1 14 1C 33 [P......3]
                                    10 EE 44 FF F3 EA E8 9A [..D.....]
                                    4C 47                   [LG      ]
     Off=88, Attr=24, Len=3         18 03 31                [..1     ]

         0: 01 01 00 5B F6 C9 2D A3 3A F0 1D 4F B7 70 E9 8C [...[..-.:..O.p..]
        16: 03 25 F4 1D 4F 32 02 01 00 30 17 05 00 00 0E 0A [.%..O2...0......]
        32: 00 21 30 31 31 31 31 31 31 31 31 31 31 31 31 31 [.!01111111111111]
        48: 31 31 40 72 65 61 64 2E 61 6B 61 2E 6B 65 79 2E [11@read.aka.key.]
        64: 63 6F 6D 00 00 00 50 12 8B 1C A1 14 1C 33 10 EE [com...P......3..]
        80: 44 FF F3 EA E8 9A 4C 47 18 03 31                [D.....LG..1     ]

Recv: Access-Challenge after 500 ms.
        Message-Authenticator = "5C6E501A2D789F03738CE9911ACE4382"
        State = "2"
        Session-Timeout = 180
        EAP-Message = "Request/EAP-AKA(2): (Challenge) 000001050000E81F6C9AC47CC
7864F472114E0BC81020205000016A60EE368BE3039B1BC2604673A90790B050000801262F5FD029
5EEB49EC23243C033D6860600006F5042C2E24E07ADE28EAEF056F626AD3797483A810500006AB6C
1B3B87C5D5A58A187C84966BCD28215000028A4CB09E19F8D8B9DFF8FB40F74DB496EFAF0900113D
0C85AE5BC0E6BABD2E06B611F2C87EE8BC65464C1E8190CD2D6D1A2F5344BEE937C662F020DFFE66
3992EF3C472DF5627DF62FC8A0095647E95"

Type=11, Ident=1, Len=245, Auth=F8 5F 1A 8A DA 88 7F 4F 42 28 9B 7B 5E 28 FF C9

     Off=20, Attr=80, Len=18        50 12 5C 6E 50 1A 2D 78 [P.\nP.-x]
                                    9F 03 73 8C E9 91 1A CE [..s.....]
                                    43 82                   [C.      ]
     Off=38, Attr=79, Len=198       4F C6 01 02 00 C4 17 01 [O.......]
                                    00 00 01 05 00 00 E8 1F [........]
                                    6C 9A C4 7C C7 86 4F 47 [l..|..OG]
                                    21 14 E0 BC 81 02 02 05 [!.......]
                                    00 00 16 A6 0E E3 68 BE [......h.]
                                    30 39 B1 BC 26 04 67 3A [09..&.g:]
                                    90 79 0B 05 00 00 80 12 [.y......]
                                    62 F5 FD 02 95 EE B4 9E [b.......]
                                    C2 32 43 C0 33 D6 86 06 [.2C.3...]
                                    00 00 6F 50 42 C2 E2 4E [..oPB..N]
                                    07 AD E2 8E AE F0 56 F6 [......V.]
                                    26 AD 37 97 48 3A 81 05 [&.7.H:..]
                                    00 00 6A B6 C1 B3 B8 7C [..j....|]
                                    5D 5A 58 A1 87 C8 49 66 []ZX...If]
                                    BC D2 82 15 00 00 28 A4 [......(.]
                                    CB 09 E1 9F 8D 8B 9D FF [........]
                                    8F B4 0F 74 DB 49 6E FA [...t.In.]
                                    F0 90 01 13 D0 C8 5A E5 [......Z.]
                                    BC 0E 6B AB D2 E0 6B 61 [..k...ka]
                                    1F 2C 87 EE 8B C6 54 64 [.,....Td]
                                    C1 E8 19 0C D2 D6 D1 A2 [........]
                                    F5 34 4B EE 93 7C 66 2F [.4K..|f/]
                                    02 0D FF E6 63 99 2E F3 [....c...]
                                    C4 72 DF 56 27 DF 62 FC [.r.V'.b.]
                                    8A 00 95 64 7E 95       [...d~.  ]
     Off=236, Attr=24, Len=3        18 03 32                [..2     ]
     Off=239, Attr=27, Len=6        1B 06 00 00 00 B4       [......  ]

         0: 0B 01 00 F5 F8 5F 1A 8A DA 88 7F 4F 42 28 9B 7B [....._.....OB(.{]
        16: 5E 28 FF C9 50 12 5C 6E 50 1A 2D 78 9F 03 73 8C [^(..P.\nP.-x..s.]
        32: E9 91 1A CE 43 82 4F C6 01 02 00 C4 17 01 00 00 [....C.O.........]
        48: 01 05 00 00 E8 1F 6C 9A C4 7C C7 86 4F 47 21 14 [......l..|..OG!.]
        64: E0 BC 81 02 02 05 00 00 16 A6 0E E3 68 BE 30 39 [............h.09]
        80: B1 BC 26 04 67 3A 90 79 0B 05 00 00 80 12 62 F5 [..&.g:.y......b.]
        96: FD 02 95 EE B4 9E C2 32 43 C0 33 D6 86 06 00 00 [.......2C.3.....]
       112: 6F 50 42 C2 E2 4E 07 AD E2 8E AE F0 56 F6 26 AD [oPB..N......V.&.]
       128: 37 97 48 3A 81 05 00 00 6A B6 C1 B3 B8 7C 5D 5A [7.H:....j....|]Z]
       144: 58 A1 87 C8 49 66 BC D2 82 15 00 00 28 A4 CB 09 [X...If......(...]
       160: E1 9F 8D 8B 9D FF 8F B4 0F 74 DB 49 6E FA F0 90 [.........t.In...]
       176: 01 13 D0 C8 5A E5 BC 0E 6B AB D2 E0 6B 61 1F 2C [....Z...k...ka.,]
       192: 87 EE 8B C6 54 64 C1 E8 19 0C D2 D6 D1 A2 F5 34 [....Td.........4]
       208: 4B EE 93 7C 66 2F 02 0D FF E6 63 99 2E F3 C4 72 [K..|f/....c....r]
       224: DF 56 27 DF 62 FC 8A 00 95 64 7E 95 18 03 32 1B [.V'.b....d~...2.]
       240: 06 00 00 00 B4                                  [.....           ]

EAP-Request/AKA_CHALLENGE reserved = 0000 Attributes:
        Name = AT_RAND, Length = 5, Data = 0000E81F6C9AC47CC7864F472114E0BC8102
        Name = AT_AUTN, Length = 5, Data = 000016A60EE368BE3039B1BC2604673A9079
        Name = AT_MAC, Length = 5, Data = 0000801262F5FD0295EEB49EC23243C033D6
        Name = AT_CHECKCODE, Length = 6, Data = 00006F5042C2E24E07ADE28EAEF056F6
26AD3797483A
        Name = AT_IV, Length = 5, Data = 00006AB6C1B3B87C5D5A58A187C84966BCD2
        Name = AT_ENCR_DATA, Length = 21, Data = 000028A4CB09E19F8D8B9DFF8FB40F7
4DB496EFAF0900113D0C85AE5BC0E6BABD2E06B611F2C87EE8BC65464C1E8190CD2D6D1A2F5344BE
E937C662F020DFFE663992EF3C472DF5627DF62FC8A0095647E95
m_akaKey = 11111111111111111111111111111111
m_randRxed = E81F6C9AC47CC7864F472114E0BC8102
ak = 16A60EE3F507
m_autnRxed = 16A60EE368BE3039B1BC2604673A9079
seqRxed = 1261, indRxed = 25
m_maxSeq = 0, m_lastSeq[25] = 0
computeXKEY(): identity = 0111111111111111@read.aka.key.com ik = EB07363C444080B
EDDB8818AB97C86A9 ck = FF6A847F9A0892DD0F5A9CF91CAC50BD
master_key = 5243D94DEDC9EA006B2041139541A9FB1E7D4503
k_encr = 85D0363D2191DD6019FB0BDA61522E18
k_aut = 5825D17426B4E359D2B54BF41D0A519C
msk = 780001FD7F169CA8A70BE4FB1A8682CE704EA4AEF5A7B6219984AC3E19D5760CD8DFAC8395
A4D0A7AF86AC2097371256E23432EA5AE70ACB981D0241C44BB3C1
emsk = 382CB431006E25F2F0906B34FB8A50CAC3807759D23120A8295AF1C097B9D56B508CB66B3
1CAF1B808E6E71A7C9C58F29EDB6E6BA333D6BA2BA4417BE1A0D691
computeMac(): len = 196 offset = 52 k_auth = 5825D17426B4E359D2B54BF41D0A519C
decryptAttributeData(): length = 80
Decrypted attributes:
        Name = AT_NEXT_PSEUDONYM, Length = 8, Data = 0019327A58556535674F35706F6
C2B344C787247784A676F554D4C000000
        Name = AT_NEXT_REAUTH_ID, Length = 12, Data = 002A344F5A6753397171753661
4361546367436A2B422B396F746240726561642E616B612E6B65792E636F6D0000
next_pseudonym = 2zXUe5gO5pol+4LxrGxJgoUML
next_reauth_id = 4OZgS9qqu6aCaTcgCj+B+9otb@read.aka.key.com
Sending challenge response
computeMac(): len = 64 offset = 48 k_auth = 5825D17426B4E359D2B54BF41D0A519C
Copying AT_MAC to pkt, mac = 317E7FCE1C0461155D21DC8F48FE775EE2635F54
EAP-Response/AKA_CHALLENGE reserved = 0000 Attributes:
        Name = AT_CHECKCODE, Length = 6, Data = 0000DA39A3EE5E6B4B0D3255BFEF9560
1890AFD80709
        Name = AT_RES, Length = 3, Data = 0040FCA3E90D7269C857
        Name = AT_MAC, Length = 5, Data = 0000317E7FCE1C0461155D21DC8F48FE775E
Added response for state "2" to queue...
Xmit: Access-Request
        EAP-Message = "Response/EAP-AKA(2): (Challenge) 000086060000DA39A3EE5E6B
4B0D3255BFEF95601890AFD8070903030040FCA3E90D7269C8570B050000317E7FCE1C0461155D21
DC8F48FE775E"
        Message-Authenticator = "00000000000000000000000000000000"
        State = "2"

Type=1, Ident=2, Len=107, Auth=3E BA F8 98 6D A7 12 C8 2B CD 4D 55 4B F0 B5 40
     Off=20, Attr=79, Len=66        4F 42 02 02 00 40 17 01 [OB...@..]
                                    00 00 86 06 00 00 DA 39 [.......9]
                                    A3 EE 5E 6B 4B 0D 32 55 [..^kK.2U]
                                    BF EF 95 60 18 90 AF D8 [...`....]
                                    07 09 03 03 00 40 FC A3 [.....@..]
                                    E9 0D 72 69 C8 57 0B 05 [..ri.W..]
                                    00 00 31 7E 7F CE 1C 04 [..1~....]
                                    61 15 5D 21 DC 8F 48 FE [a.]!..H.]
                                    77 5E                   [w^      ]
     Off=86, Attr=80, Len=18        50 12 90 B5 43 D9 6B 4F [P...C.kO]
                                    D8 67 B6 E9 85 8F 32 24 [.g....2$]
                                    4D 95                   [M.      ]
     Off=104, Attr=24, Len=3        18 03 32                [..2     ]

         0: 01 02 00 6B 3E BA F8 98 6D A7 12 C8 2B CD 4D 55 [...k>...m...+.MU]
        16: 4B F0 B5 40 4F 42 02 02 00 40 17 01 00 00 86 06 [K..@OB...@......]
        32: 00 00 DA 39 A3 EE 5E 6B 4B 0D 32 55 BF EF 95 60 [...9..^kK.2U...`]
        48: 18 90 AF D8 07 09 03 03 00 40 FC A3 E9 0D 72 69 [.........@....ri]
        64: C8 57 0B 05 00 00 31 7E 7F CE 1C 04 61 15 5D 21 [.W....1~....a.]!]
        80: DC 8F 48 FE 77 5E 50 12 90 B5 43 D9 6B 4F D8 67 [..H.w^P...C.kO.g]
        96: B6 E9 85 8F 32 24 4D 95 18 03 32                [....2$M...2     ]

Recv: Access-Accept after 156 ms.
        MS-MPPE-Recv-Key = 780001FD7F169CA8A70BE4FB1A8682CE704EA4AEF5A7B6219984A
C3E19D5760C
        MS-MPPE-Send-Key = D8DFAC8395A4D0A7AF86AC2097371256E23432EA5AE70ACB981D0
241C44BB3C1
        User-Name = "0111111111111111@read.aka.key.com"
        Message-Authenticator = "093F6136470BA1B8E3D7A2CABA5D77AF"
        Service-Type = Framed-User
        Session-Timeout = 300
        Framed-IP-Address = 255.255.255.255
        Termination-Action = Radius-Request
        EAP-Message = "Success(2)"

Type=2, Ident=2, Len=219, Auth=25 02 8B B5 1B 72 C1 44 BD 89 02 B8 63 B4 07 9B
     Off=20, Attr=26, Len=58        1A 3A 00 00 01 37 11 34 [.:...7.4]
                                    80 01 C2 1D B5 54 F5 68 [.....T.h]
                                    8B 65 58 F7 25 C0 C4 1C [.eX.%...]
                                    3D 01 62 B1 D7 E3 86 1C [=.b.....]
                                    9C 22 00 E1 7D 40 B7 CA [."..}@..]
                                    22 1A 84 61 33 F2 8C 6F ["..a3..o]
                                    45 CA AB 1C 72 41 E3 4C [E...rA.L]
                                    FA AF                   [..      ]
     Off=78, Attr=26, Len=58        1A 3A 00 00 01 37 10 34 [.:...7.4]
                                    80 02 FF 65 6C 51 EE 14 [...elQ..]
                                    76 E4 84 F9 96 31 ED C6 [v....1..]
                                    3F A8 91 2F 6F F0 66 34 [?../o.f4]
                                    03 F1 AF FE 03 5A C4 4E [.....Z.N]
                                    74 5B 18 FF 4C 67 F7 FC [t[..Lg..]
                                    15 EB 6B 70 A4 B3 97 56 [..kp...V]
                                    F7 50                   [.P      ]
     Off=136, Attr=1, Len=35        01 23 30 31 31 31 31 31 [.#011111]
                                    31 31 31 31 31 31 31 31 [11111111]
                                    31 31 40 72 65 61 64 2E [11@read.]
                                    61 6B 61 2E 6B 65 79 2E [aka.key.]
                                    63 6F 6D                [com     ]
     Off=171, Attr=80, Len=18       50 12 09 3F 61 36 47 0B [P..?a6G.]
                                    A1 B8 E3 D7 A2 CA BA 5D [.......]]
                                    77 AF                   [w.      ]
     Off=189, Attr=79, Len=6        4F 06 03 02 00 04       [O.....  ]
     Off=195, Attr=6, Len=6         06 06 00 00 00 02       [......  ]
     Off=201, Attr=27, Len=6        1B 06 00 00 01 2C       [.....,  ]
     Off=207, Attr=8, Len=6         08 06 FF FF FF FF       [......  ]
     Off=213, Attr=29, Len=6        1D 06 00 00 00 01       [......  ]

         0: 02 02 00 DB 25 02 8B B5 1B 72 C1 44 BD 89 02 B8 [....%....r.D....]
        16: 63 B4 07 9B 1A 3A 00 00 01 37 11 34 80 01 C2 1D [c....:...7.4....]
        32: B5 54 F5 68 8B 65 58 F7 25 C0 C4 1C 3D 01 62 B1 [.T.h.eX.%...=.b.]
        48: D7 E3 86 1C 9C 22 00 E1 7D 40 B7 CA 22 1A 84 61 [....."..}@.."..a]
        64: 33 F2 8C 6F 45 CA AB 1C 72 41 E3 4C FA AF 1A 3A [3..oE...rA.L...:]
        80: 00 00 01 37 10 34 80 02 FF 65 6C 51 EE 14 76 E4 [...7.4...elQ..v.]
        96: 84 F9 96 31 ED C6 3F A8 91 2F 6F F0 66 34 03 F1 [...1..?../o.f4..]
       112: AF FE 03 5A C4 4E 74 5B 18 FF 4C 67 F7 FC 15 EB [...Z.Nt[..Lg....]
       128: 6B 70 A4 B3 97 56 F7 50 01 23 30 31 31 31 31 31 [kp...V.P.#011111]
       144: 31 31 31 31 31 31 31 31 31 31 40 72 65 61 64 2E [1111111111@read.]
       160: 61 6B 61 2E 6B 65 79 2E 63 6F 6D 50 12 09 3F 61 [aka.key.comP..?a]
       176: 36 47 0B A1 B8 E3 D7 A2 CA BA 5D 77 AF 4F 06 03 [6G........]w.O..]
       192: 02 00 04 06 06 00 00 00 02 1B 06 00 00 01 2C 08 [..............,.]
       208: 06 FF FF FF FF 1D 06 00 00 00 01                [...........     ]

clientRecvKey=780001FD7F169CA8A70BE4FB1A8682CE704EA4AEF5A7B6219984AC3E19D5760C
clientSendKey=D8DFAC8395A4D0A7AF86AC2097371256E23432EA5AE70ACB981D0241C44BB3C1
    ----- statistics -----
    requests: 3
    answers:  3
    timeouts: 0
    errors:   0

    ----- result codes -----
    Access-Accept = 1
    Access-Challenge = 2

    ----- performance -----
    transaction count: 1
    elapsed time(ms):  2797
    trans per second:  0.3575259206292456
    seconds per tran:  2.797

Closing client
Reply count is: 1