Automatic report from sources (radiusd) between 19.11.2007 - 20.11.2007 GMT
CVS log entries from 19.11.2007 (Mon) 09:00:01 - 20.11.2007 (Tue) 09:00:01 GMT ===================================================== Summary by authors ===================================================== Author: aland File: radiusd/src/modules/rlm_eap/types/rlm_eap_peap/peap.c; Revisions: 1.28 File: radiusd/src/modules/rlm_eap/eap.c; Revisions: 1.68 File: radiusd/src/modules/rlm_eap/rlm_eap.c; Revisions: 1.49 ===================================================== Combined list of identical log entries ===================================================== Description: Permit TLS inside of PEAP/TTLS tunnels. It won't work, but it won't crash the system, either. Maybe enbling it will let someone debug the issues. Modified files: File: radiusd/src/modules/rlm_eap/eap.c; Revision: 1.68; Date: 2007/11/20 08:12:39; Author: aland; Lines: (+3 -4) File: radiusd/src/modules/rlm_eap/rlm_eap.c; Revision: 1.49; Date: 2007/11/20 08:12:38; Author: aland; Lines: (+3 -6) ===================================================== Log entries ===================================================== Description: Handle multiple EAP-Messages inside of a PEAP tunnel. Modified files: File: radiusd/src/modules/rlm_eap/types/rlm_eap_peap/peap.c; Revision: 1.28; Date: 2007/11/20 03:08:05; Author: aland; Lines: (+31 -19) ===================================================== Summary of modified files ===================================================== File: radiusd/src/modules/rlm_eap/eap.c Revisions: 1.68 Authors: aland (+3 -4) ------------------------------- File: radiusd/src/modules/rlm_eap/rlm_eap.c Revisions: 1.49 Authors: aland (+3 -6) ------------------------------- File: radiusd/src/modules/rlm_eap/types/rlm_eap_peap/peap.c Revisions: 1.28 Authors: aland (+31 -19) -- Automatic cron job from /web/pages/us.freeradius.org/bin/new_makelog.pl
On Tue, Nov 20, 2007 at 03:03:21AM -0600, Automatic cvs log generator wrote:
Description: Handle multiple EAP-Messages inside of a PEAP tunnel. Modified files: File: radiusd/src/modules/rlm_eap/types/rlm_eap_peap/peap.c; Revision: 1.28; Date: 2007/11/20 03:08:05; Author: aland; Lines: (+31 -19)
This doesn't build: @@ -504,7 +516,7 @@ static int eappeap_postproxy(EAP_HANDLER eaptls_success(handler->eap_ds, 0); eaptls_gen_mppe_keys(&handler->request->reply->vps, tls_session->ssl, - "client EAP encryption"); + tls_session->client_encryption_key); peap.c: In function 'eappeap_postproxy': peap.c:534: error: 'tls_session_t' has no member named 'client_encryption_key' Was this supposed to be part of this commit (it looks somewhat separate from the main change) or was a change to eap_tls.h (and somewhere else to set variable) forgotten from this commit? -- Jouni Malinen PGP id EFC895FA
Jouni Malinen wrote:
This doesn't build:
Fixed.
Was this supposed to be part of this commit (it looks somewhat separate from the main change) or was a change to eap_tls.h (and somewhere else to set variable) forgotten from this commit?
It was part of another piece of work. The code should now get a little farther in doing PEAP/EAP-TLS, but it still doesn't work. I'm no OpenSSL expert, but at least the FreeRADIUS side looks a little better now. Alan DeKok.
On Wed, Nov 21, 2007 at 03:56:09AM +0100, Alan DeKok wrote:
The code should now get a little farther in doing PEAP/EAP-TLS, but it still doesn't work. I'm no OpenSSL expert, but at least the FreeRADIUS side looks a little better now.
Something odd is happening with the EAP-PEAP fragmentation.. If I set fragment_size=1300 in FreeRADIUS configuration, the first Phase 2 message from FreeRADIUS has TLS Message Length of 1333. The first fragment includes 1300 bytes, so I would expect to see the remaining 33 bytes on the next fragment. However, that fragment is 37 bytes, i.e., extra 4 bytes. If I change fragment_size to 1200, the TLS Message Length become 1237. This does not sound correct, since the total data length should be more or less the same here regardless of the fragment size (well, up to a certain limit since making this very small could add more fragmentation overhead to phase 2). However, with this fragment_size, the second message is 37 bytes and that matches with the TLS Message Length. The reassembled data is not a valid SSL record, though.. It looks like there are at least two issues. The TLS Message Length is set to about fragment_size regardless of the real phase 2 length, i.e., the phase 2 gets truncated, not fragmented in full. In addition, the phase 1 fragmentation seems to end up reporting incorrect total length for the fragments (i.e., TLS Message Length can be smaller than the sum of the lengths of all fragments). -- Jouni Malinen PGP id EFC895FA
Jouni Malinen wrote:
Something odd is happening with the EAP-PEAP fragmentation.. If I set fragment_size=1300 in FreeRADIUS configuration, the first Phase 2 message from FreeRADIUS has TLS Message Length of 1333. The first fragment includes 1300 bytes, so I would expect to see the remaining 33 bytes on the next fragment. However, that fragment is 37 bytes, i.e., extra 4 bytes.
Hmm... I don't see that with the CVS head. I've just committed a fix where it would allow 10 bytes more than "fragment_size" in an EAP packet. The fragment size was being used to fragment EAP-TLS *data*, and wasn't accounting for the header.
If I change fragment_size to 1200, the TLS Message Length become 1237. This does not sound correct, since the total data length should be more or less the same here regardless of the fragment size (well, up to a certain limit since making this very small could add more fragmentation overhead to phase 2). However, with this fragment_size, the second message is 37 bytes and that matches with the TLS Message Length. The reassembled data is not a valid SSL record, though..
I don't see 33 extra bytes. I *did* see 10, but a recent commit fixes that.
It looks like there are at least two issues. The TLS Message Length is set to about fragment_size regardless of the real phase 2 length, i.e., the phase 2 gets truncated, not fragmented in full. In addition, the phase 1 fragmentation seems to end up reporting incorrect total length for the fragments (i.e., TLS Message Length can be smaller than the sum of the lengths of all fragments).
I've also tried setting "fragment_size" to 1300, 1200, and 600, and testing with EAP-TTLS (pap), and PEAP (EAP-MSCHAPv2). In those tests, it now sets the maximum EAP packet size to the fragment size. The TLS message length stays the same for all fragment sizes. The phase 2 data doesn't get fragmented in FreeRADIUS. The code doesn't handle that at all. It just gets truncated. When trying PEAP with tunneled EAP-TLS, (and some additional patches), it gets to the point where the server is looking for a client certificate, and doesn't get one. In response to the server ACK, wpa_supplicant just sends another ACK... and the cycle repeats until it gives up. I don't know much about EAP-TLS inside of PEAP... maybe there isn't supposed to be a client certificate? Alan DeKok.
On Wed, Nov 21, 2007 at 11:07:16AM +0100, Alan DeKok wrote:
Jouni Malinen wrote:
Something odd is happening with the EAP-PEAP fragmentation.. If I set fragment_size=1300 in FreeRADIUS configuration, the first Phase 2 message from FreeRADIUS has TLS Message Length of 1333. The first fragment includes 1300 bytes, so I would expect to see the remaining 33 bytes on the next fragment. However, that fragment is 37 bytes, i.e., extra 4 bytes.
Hmm... I don't see that with the CVS head.
I still do. How large certificates are you using? I'm hitting the fragment limit in phase 2 and the bug is triggered when sending the second fragment of the message that includes server certificate.
I've just committed a fix where it would allow 10 bytes more than "fragment_size" in an EAP packet. The fragment size was being used to fragment EAP-TLS *data*, and wasn't accounting for the header.
I don't think this is the same issue.
The phase 2 data doesn't get fragmented in FreeRADIUS. The code doesn't handle that at all. It just gets truncated.
Not fragmenting phase 2 data sounds fine, but truncating it does not.. I would have expected this to be handled by fragmenting the long phase 2 data in phase 1.
When trying PEAP with tunneled EAP-TLS, (and some additional patches), it gets to the point where the server is looking for a client certificate, and doesn't get one. In response to the server ACK, wpa_supplicant just sends another ACK... and the cycle repeats until it gives up.
How did you configure wpa_supplicant? The network block should have something like this: identity="jkm" ca_cert="FreeRADIUS/ca.pem" ca_cert2="FreeRADIUS/ca.pem" client_cert2="FreeRADIUS/user.pem" private_key2="FreeRADIUS/user.pem" private_key2_passwd="whatever" phase2="auth=TLS"
I don't know much about EAP-TLS inside of PEAP... maybe there isn't supposed to be a client certificate?
The EAP-TLS inside the PEAP tunnel should look just like EAP-TLS without PEAP. I started looking into more details and it looks like the bug is in how FreeRADIUS handles fragmentation for the encrypted phase 2 data. The issue I'm seeing is triggered by eappeap_authenticate() processing status==EAPTLS_SUCCESS by adding an EAP packet into tls_session->clean_in while there is pending data (the second fragment) of the tunneled EAP-TLS message. This will make clean_in->used > 0 check in tls_handshake_send() trigger and this new EAP message from eappeap_authenticate() is written into TLS data (SSL_write()) and dirty_out is now corrupted by using the encrypted, incorrect EAP packet (BIO_read in tls_handshake_send() overrides the pending second fragment). I did not understand what the EAPTLS_SUCCESS processing in eappeap_authenticate() was supposed to do, but in practice, the current implementation is corrupting any PEAP phase 2 data that needs to be fragmented. I would assume that eappeap_authenticate() would need to be modified not to add this new EAP packet if there is pending data to be sent out, but I don't know how exactly this should be done. Anyway, I tested a quick hack that prevented clean_in from being modified here and that allowed the fragmented message to go through successfully (i.e., unmodified eapol_test received the frame and was able to decrypt it). This hack was not enough to handle further processing, so someone will need to figure out how to fix this properly. -- Jouni Malinen PGP id EFC895FA
Jouni Malinen wrote:
Hmm... I don't see that with the CVS head.
I still do. How large certificates are you using? I'm hitting the fragment limit in phase 2 and the bug is triggered when sending the second fragment of the message that includes server certificate.
I'm using 1024 bit keys, ~3k .pem files.
The phase 2 data doesn't get fragmented in FreeRADIUS. The code doesn't handle that at all. It just gets truncated.
Not fragmenting phase 2 data sounds fine, but truncating it does not.. I would have expected this to be handled by fragmenting the long phase 2 data in phase 1.
Well, yes. The issue is I don't know much about SSL, EAP-TLS... and the code in rlm_eap is "interesting". It's been hacked to work, and then hacked further to shove policy management and proxying into the middle of the EAP sessions. It's ugly... I've just committed some more fixes that make TTLS/PEAP call the tls_hanshake_recv() function, which takes care of fragments and ACKs. That appears to work a little better.
When trying PEAP with tunneled EAP-TLS, (and some additional patches), it gets to the point where the server is looking for a client certificate, and doesn't get one. In response to the server ACK, wpa_supplicant just sends another ACK... and the cycle repeats until it gives up.
How did you configure wpa_supplicant? The network block should have something like this:
Pretty much. I didn't have the ca_certs in there, but that doesn't seem to make any difference.
I started looking into more details and it looks like the bug is in how FreeRADIUS handles fragmentation for the encrypted phase 2 data. The issue I'm seeing is triggered by eappeap_authenticate() processing status==EAPTLS_SUCCESS by adding an EAP packet into tls_session->clean_in while there is pending data (the second fragment) of the tunneled EAP-TLS message. This will make clean_in->used > 0 check in tls_handshake_send() trigger and this new EAP message from eappeap_authenticate() is written into TLS data (SSL_write()) and dirty_out is now corrupted by using the encrypted, incorrect EAP packet (BIO_read in tls_handshake_send() overrides the pending second fragment).
OK. I've updated libeap/tls.c, eaptls_ack_handler() to look for dirty_out.used, and return EAPTLS_REQUEST, rather than EAPTLS_SUCCESS. That permits the phase 2 data to be fragmented.
I did not understand what the EAPTLS_SUCCESS processing in eappeap_authenticate() was supposed to do, but in practice, the current implementation is corrupting any PEAP phase 2 data that needs to be fragmented. I would assume that eappeap_authenticate() would need to be modified not to add this new EAP packet if there is pending data to be sent out, but I don't know how exactly this should be done.
I've made a bunch of changes which should fix that problem.
Anyway, I tested a quick hack that prevented clean_in from being modified here and that allowed the fragmented message to go through successfully (i.e., unmodified eapol_test received the frame and was able to decrypt it). This hack was not enough to handle further processing, so someone will need to figure out how to fix this properly.
I've made some more hacks (uncommitted) to work around certain assumptions in the internal implementation of the server. I now see the connection established, and then the inner EAP-TLS session says: rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a8], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A wpa_supplicant sends the certificate in 3 fragments, including change cipher specs, and FreeRADIUS receives the fragments. However, FreeRADIUS doesn't process the data, and instead asks for more. Alan DeKok.
On Thu, Nov 22, 2007 at 01:57:01PM +0100, Alan DeKok wrote:
I've just committed some more fixes that make TTLS/PEAP call the tls_hanshake_recv() function, which takes care of fragments and ACKs. That appears to work a little better.
It looks like I can now receive the first fragment of the long phase 2 message from the server. This is sent in two phase 1 fragments and the combined data can be decrypted correctly. However, after this, the server does not seem to be sending out the following data from phase 2. The phase 2 message (the one with EAP-TLS ServerHello, Certificate, ServerKeyExchange, and CertificateRequest) is 3808 bytes and it looks like only the first 1020 bytes (fragment_size - 4 octets for TLS Message Length field) is transmitted. Is the phase 2 data actually truncated somewhere?
I've made some more hacks (uncommitted) to work around certain assumptions in the internal implementation of the server. I now see the connection established, and then the inner EAP-TLS session says:
rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a8], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A
This should show up even before the server has sent out the first large message from phase 2 (I see the same in the debug log).
wpa_supplicant sends the certificate in 3 fragments, including change cipher specs, and FreeRADIUS receives the fragments. However, FreeRADIUS doesn't process the data, and instead asks for more.
However, this would require the larger server message to go through which is something I do not see. Could you please send me the hacks needed to get here? -- Jouni Malinen PGP id EFC895FA
Jouni Malinen wrote:
It looks like I can now receive the first fragment of the long phase 2 message from the server. This is sent in two phase 1 fragments and the combined data can be decrypted correctly. However, after this, the server does not seem to be sending out the following data from phase 2.
Yup.
The phase 2 message (the one with EAP-TLS ServerHello, Certificate, ServerKeyExchange, and CertificateRequest) is 3808 bytes and it looks like only the first 1020 bytes (fragment_size - 4 octets for TLS Message Length field) is transmitted. Is the phase 2 data actually truncated somewhere?
No. From what I've seen in the debug output, the issue is that there's an out TLS ACK message where (perhaps naively) I would expect outer encrypted data, inner tunnel TLS ACK for the next fragment. FreeRADIUS remembers the EAP sessions internally, along with what it expects to see "next". The implementation choice is that the inner tunnel EAP Id's are faked out by copying the outer tunnel ones. So if the inner tunnel isn't called for an ACK, the Id's "skip" one number, and the code gets excited that it can't find a matching Id. The explanation is complicated... ...
However, this would require the larger server message to go through which is something I do not see. Could you please send me the hacks needed to get here?
Attached. In short, the sessions are matched only by the State attribute, and it ignores EAP Id's. This is arguably the correct thing to do anyways... Alan DeKok.
Hi, I have a requirement to handle 15 authentication requests within 1 sec. I went through the code of Free Radius Client code, where in after sending EAP request packet to the Radius Server, the Radius Client waits on 'select' call for the response, this makes the other requests to block. Do we need to do any customizations to the Radius Client to achieve this, or do we need to split the Radius Client task, where in one task sends requests to Radius Server and the other handles the response? Please suggest a better solution for this. Thanks, Veerendra The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
Veerendra wrote:
I have a requirement to handle 15 authentication requests within 1 sec. I went through the code of Free Radius Client code, where in after sending EAP request packet to the Radius Server, the Radius Client waits on 'select' call for the response, this makes the other requests to block. Do we need to do any customizations to the Radius Client to achieve this, or do we need to split the Radius Client task, where in one task sends requests to Radius Server and the other handles the response? Please suggest a better solution for this.
The existing RADIUS clients do not handle multiple streams of EAP requests. If you need that, I suggest running many copies of the client at the same time. Alan DeKok.
Thanks Alan, But how about splitting the task, one handling the Tx part, the other handling the Rx, of-course there will be some communication that needs to be done between these two tasks. Kindly comment on this. Thanks, Veerendra Alan DeKok wrote:
Veerendra wrote:
I have a requirement to handle 15 authentication requests within 1 sec. I went through the code of Free Radius Client code, where in after sending EAP request packet to the Radius Server, the Radius Client waits on 'select' call for the response, this makes the other requests to block. Do we need to do any customizations to the Radius Client to achieve this, or do we need to split the Radius Client task, where in one task sends requests to Radius Server and the other handles the response? Please suggest a better solution for this.
The existing RADIUS clients do not handle multiple streams of EAP requests. If you need that, I suggest running many copies of the client at the same time.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
Veerendra wrote:
But how about splitting the task, one handling the Tx part, the other handling the Rx, of-course there will be some communication that needs to be done between these two tasks. Kindly comment on this.
There isn't a need for two tasks. It can all be done as part of one process. But the client code can be converted from sychnronous to asynchronous. As always, patches are welcome. Alan DeKok.
Thanks Alan, To convert the client code from synchronous to asynchronous, Do you mean to say, I need to bypass 'select' call and the response from Radius Server should be handled like an Interrupt. How do we achieve this. Kindly comment. Thanks, Veerendra Alan DeKok wrote:
Veerendra wrote:
But how about splitting the task, one handling the Tx part, the other handling the Rx, of-course there will be some communication that needs to be done between these two tasks. Kindly comment on this.
There isn't a need for two tasks. It can all be done as part of one process. But the client code can be converted from sychnronous to asynchronous.
As always, patches are welcome.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
Veerendra wrote:
To convert the client code from synchronous to asynchronous, Do you mean to say, I need to bypass 'select' call and the response from Radius Server should be handled like an Interrupt. How do we achieve this. Kindly comment.
If you don't have experience doing network programming, this is not the place to learn. If this is important to you, perhaps you could sponsor someone to do the work. Alan DeKok.
Veerendra, Just to add my 2¢ to the conversation above. Really what you'd want is to make freeradius client code provide the possibility of using select() in your own code and not a part of performing radius_auth() where select() is buried in the code of send_server(). In this way you can make your code more "even-driven". This is an area where I'd like to make an improvement in the freeradius client code (just haven't got to it yet due to though schedules at work). However, what you may want to check out is the freebsd code for libradius, I haven't tried so yet, but I believe I read somewhere that it provides such an API where your application performs the select and you call one of its API functions if that FD triggers. API for libradius: http://www.gsp.com/cgi-bin/man.cgi?section=3&topic=libradius rad_init_send_request rad_continue_send_request rad_send_request You should look into it and see if this API provide you the interface that you need for your application. Best Regards, - Eivind On Nov 26, 2007 8:24 AM, Alan DeKok <aland@deployingradius.com> wrote:
Veerendra wrote:
To convert the client code from synchronous to asynchronous, Do you mean to say, I need to bypass 'select' call and the response from Radius Server should be handled like an Interrupt. How do we achieve this. Kindly comment.
If you don't have experience doing network programming, this is not the place to learn.
If this is important to you, perhaps you could sponsor someone to do the work.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
participants (5)
-
Alan DeKok -
Automatic cvs log generator -
Eivind Naess -
Jouni Malinen -
Veerendra