On 31 Mar 2015, at 06:19, Jouni Malinen <jkmalinen@gmail.com> wrote:
On Tue, Mar 31, 2015 at 3:17 AM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 30 Mar 2015, at 20:09, Matthew Newton <mcn4@leicester.ac.uk> wrote: Compatibility with what?
eapol_test, booo.
Compatibility with any correct TLSv1.2 -based implementation..
:)
Noticed today that with TLS 1.2 FR and eapol_test 2.4 (and so presumably wpa_supplicant) disagreed on the MPPE keys. Not sure where the fault lies there. Both were running on the same machine, linked against the same version of OpenSSL.
FreeRADIUS has incorrect key derivation for TLSv1.2. eaptls_gen_mppe_keys() has not taken into account that the PRF algorithm changes in the new TLS version. That PRF() call there would need to be modified to take into acocunt that difference between TLS versions. Or likely much more easily, you could move to using SSL_export_keying_material() whenever building with OpenSSL 1.0.1 or newer. That has some complexities for EAP-FAST (not supported by that OpenSSL function because someone thought that it would be create to design EAP-FAST in a way that is different from others..). Anyway, EAP-FAST is not supported yet by FreeRADIUS and has interop issues with TLS v1.2 anyway, so it is unclear when it is going to need new key derivation..
wpa_supplicant, and as such, eapol_test, too, uses SSL_export_keying_material() in this case to get the correct keys out from OpenSSL.
Ok, i'll take a look at fixing that. Thanks! -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2