FR 3.0.21 on Debian Buster not setting EAP_TLS "More fragments" bit where needed?
Martin Pauly
pauly at hrz.uni-marburg.de
Thu Aug 13 10:18:23 CEST 2020
Hi,
this is a followup to my previous posts, but I'd rather like to forget those.
Please accept my apologies for
- not reading RFC 2716 again before posting
- screwing up the EAP-TTLS/PAP tests, they fail, too (makes much more sense, btw)
- not translating an SSL flags octet of value 0x40 correctly to binary
At least the approach of compairing the working to failing situation seems to give a good starting point.
> I suggest looking at the packet traces with wireshark. It does a good job of piecing the packets together.
yep, see attached pcaps from the respective server interfaces.
What ovbiously differs, is the SSL Flags octet in Byte 5 of Packet 12 in each .pcap recording
(which is consistent with the client side analysis of eapol_test output)
It is 0x04 in the working case and 0x00 in the fail case.
I.e. in the working case, the server sets the M or "More Fragments" bit because there are more fragments to deliver.
AFAIU, the negotiations goes like this:
In both cases, it we have the EAP Start in Packet 4. In the OK case, the server continues to
send (and announce by the M bit) EAP fragments up to Packet 16 which correctly lacks the M bit
because it contains the last fragment of this message.
In the fail case, the missing M bit in Packet 12 mistakenly informs the client that this is it.
IMO, any client bothering to verify the server cert will bail out here.
The pcaps file are small (26 and 14 Frames) and are available for download here:
https://hessenbox.uni-marburg.de/getlink/fi4uTVNtu63s93cTpxpNrt4U/radius-cert-ok.pcap
https://hessenbox.uni-marburg.de/getlink/fiDUMxNR3AuATuGTBMPzcbmq/radius-fail.pcap
For those who don't like the binary files, please find a text version of the detailed
wireshark EAP view of the (IMO) crucial frame 12 of each capture below
(could you get it this detailed with something like tcpdump -vvr <file.pcap>?)
Martin
::::::::::::::
Wireshark view of Frame 12 from radius-cert-ok.pcap
::::::::::::::
Frame 12: 1106 bytes on wire (8848 bits), 1106 bytes captured (8848 bits)
Ethernet II, Src: Vmware_9e:04:cc (00:50:56:9e:04:cc), Dst: Vmware_9e:9d:fd (00:50:56:9e:9d:fd)
Internet Protocol Version 4, Src: 172.25.1.26, Dst: 172.25.1.136
User Datagram Protocol, Src Port: 1812, Dst Port: 52334
RADIUS Protocol
Code: Access-Challenge (11)
Packet identifier: 0x5 (5)
Length: 1064
Authenticator: a2087c11d371aab961d06781244abb8f
[This is a response to a request in frame 11]
[Time from request: 0.000416000 seconds]
Attribute Value Pairs
AVP: t=EAP-Message(79) l=255 Segment[1]
Type: 79
Length: 255
EAP fragment: 010603e819403040a03ea03c863a687474703a2f2f636470...
AVP: t=EAP-Message(79) l=255 Segment[2]
Type: 79
Length: 255
EAP fragment: 2d726f6f742d67322d63612f7075622f6361636572742f63...
AVP: t=EAP-Message(79) l=255 Segment[3]
Type: 79
Length: 255
EAP fragment: 5c84a829396c94fc1092067b9eeed846b41bb5030c38d9dc...
AVP: t=EAP-Message(79) l=243 Last Segment[4]
Type: 79
Length: 243
EAP fragment: 6d732054727573742043656e746572312530230603550403...
Extensible Authentication Protocol
Code: Request (1)
Id: 6
Length: 1000
Type: Protected EAP (EAP-PEAP) (25)
EAP-TLS Flags: 0x40
0... .... = Length Included: False
.1.. .... = More Fragments: True
..0. .... = Start: False
.... .000 = Version: 0
[6 EAP-TLS Fragments (5266 bytes): #6(994), #8(994), #10(994), #12(994), #14(994), #16(296)]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 89
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 85
Version: TLS 1.2 (0x0303)
Random: ececff1afc020cca949fef413b65d9bb9a81ccbb7318c8de...
Session ID Length: 32
Session ID: 3dc4544aae705e713864d2afb2a807dd999588e556a041e6...
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Compression Method: null (0)
Extensions Length: 13
Extension: renegotiation_info (len=1)
Extension: ec_point_formats (len=4)
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4820
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 4816
Certificates Length: 4813
Certificates (4813 bytes)
Certificate Length: 2046
Certificate: 308207fa308206e2a003020102020c22ff0567818198c001... (id-at-commonName=radius.staff.uni-marburg.de,id-at-organizationName=Philipps-Universitaet Marburg,id-at-localityName=Marburg,id-at-stateOrProvinceName=Hessen,id-at-countryNa
signedCertificate
version: v3 (2)
serialNumber: 0x22ff0567818198c00178abea
signature (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 4 items (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
RDNSequence item: 1 item (id-at-countryName=DE)
RelativeDistinguishedName item (id-at-countryName=DE)
Id: 2.5.4.6 (id-at-countryName)
CountryName: DE
RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
Id: 2.5.4.11 (id-at-organizationalUnitName)
DirectoryString: uTF8String (4)
uTF8String: DFN-PKI
RDNSequence item: 1 item (id-at-commonName=DFN-Verein Global Issuing CA)
RelativeDistinguishedName item (id-at-commonName=DFN-Verein Global Issuing CA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: DFN-Verein Global Issuing CA
validity
subject: rdnSequence (0)
subjectPublicKeyInfo
extensions: 10 items
algorithmIdentifier (sha256WithRSAEncryption)
Padding: 0
encrypted: 64daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d3...
Certificate Length: 1456
Certificate: 308205ac30820494a00302010202071b63bad01e2c3d300d... (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
signedCertificate
version: v3 (2)
serialNumber: 7709478377892925
signature (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 4 items (id-at-commonName=DFN-Verein Certification Authority 2,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
RDNSequence item: 1 item (id-at-countryName=DE)
RelativeDistinguishedName item (id-at-countryName=DE)
Id: 2.5.4.6 (id-at-countryName)
CountryName: DE
RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: printableString (1)
printableString: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
Id: 2.5.4.11 (id-at-organizationalUnitName)
DirectoryString: printableString (1)
printableString: DFN-PKI
RDNSequence item: 1 item (id-at-commonName=DFN-Verein Certification Authority 2)
RelativeDistinguishedName item (id-at-commonName=DFN-Verein Certification Authority 2)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: printableString (1)
printableString: DFN-Verein Certification Authority 2
validity
subject: rdnSequence (0)
subjectPublicKeyInfo
extensions: 7 items
algorithmIdentifier (sha256WithRSAEncryption)
Padding: 0
encrypted: 817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3f...
Certificate Length: 1302
Certificate: 30820512308203faa003020102020900e30bd5f8af25d981... (id-at-commonName=DFN-Verein Certification Authority 2,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=
signedCertificate
version: v3 (2)
serialNumber: 16360405335420557697
signature (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 4 items (id-at-commonName=T-TeleSec GlobalRoot Class 2,id-at-organizationalUnitName=T-Systems Trust Center,id-at-organizationName=T-Systems Enterprise Services GmbH,id-at-countryName=DE)
RDNSequence item: 1 item (id-at-countryName=DE)
RelativeDistinguishedName item (id-at-countryName=DE)
Id: 2.5.4.6 (id-at-countryName)
CountryName: DE
RDNSequence item: 1 item (id-at-organizationName=T-Systems Enterprise Services GmbH)
RelativeDistinguishedName item (id-at-organizationName=T-Systems Enterprise Services GmbH)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: T-Systems Enterprise Services GmbH
RDNSequence item: 1 item (id-at-organizationalUnitName=T-Systems Trust Center)
RelativeDistinguishedName item (id-at-organizationalUnitName=T-Systems Trust Center)
Id: 2.5.4.11 (id-at-organizationalUnitName)
DirectoryString: uTF8String (4)
uTF8String: T-Systems Trust Center
RDNSequence item: 1 item (id-at-commonName=T-TeleSec GlobalRoot Class 2)
RelativeDistinguishedName item (id-at-commonName=T-TeleSec GlobalRoot Class 2)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: T-TeleSec GlobalRoot Class 2
validity
subject: rdnSequence (0)
subjectPublicKeyInfo
extensions: 7 items
algorithmIdentifier (sha256WithRSAEncryption)
Padding: 0
encrypted: 870bff3e029b65c8562dd63b9a988b714fdaba29aa21f946...
TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 333
Handshake Protocol: Server Key Exchange
Handshake Type: Server Key Exchange (12)
Length: 329
EC Diffie-Hellman Server Params
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
AVP: t=Message-Authenticator(80) l=18 val=01c86e83e5d890a95b7f3e39608a666b
Type: 80
Length: 18
Message-Authenticator: 01c86e83e5d890a95b7f3e39608a666b
AVP: t=State(24) l=18 val=296438242c62210883478b4a45d527cf
Type: 24
Length: 18
State: 296438242c62210883478b4a45d527cf
::::::::::::::
Wireshark view of Frame 12 from radius-fail.pcap
::::::::::::::
Frame 12: 1095 bytes on wire (8760 bits), 1095 bytes captured (8760 bits)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
User Datagram Protocol, Src Port: 1812, Dst Port: 59048
RADIUS Protocol
Code: Access-Challenge (11)
Packet identifier: 0x5 (5)
Length: 1053
Authenticator: 7977f9cc3d9ebeac79bfe4ffe441e590
[This is a response to a request in frame 11]
[Time from request: 0.004114000 seconds]
Attribute Value Pairs
AVP: t=EAP-Message(79) l=255 Segment[1]
Type: 79
Length: 255
EAP fragment: 010603dd1900873081843040a03ea03c863a687474703a2f...
AVP: t=EAP-Message(79) l=255 Segment[2]
Type: 79
Length: 255
EAP fragment: 6f62616c2d726f6f742d67322d63612f7075622f63616365...
AVP: t=EAP-Message(79) l=255 Segment[3]
Type: 79
Length: 255
EAP fragment: 3e9604025c84a829396c94fc1092067b9eeed846b41bb503...
AVP: t=EAP-Message(79) l=232 Last Segment[4]
Type: 79
Length: 232
EAP fragment: 8a429cdf901457b8ffce6b85a19191978a4abcc6bd7185aa...
Extensible Authentication Protocol
Code: Request (1)
Id: 6
Length: 989
Type: Protected EAP (EAP-PEAP) (25)
EAP-TLS Flags: 0x00
0... .... = Length Included: False
.0.. .... = More Fragments: False
..0. .... = Start: False
.... .000 = Version: 0
[4 EAP-TLS Fragments (3965 bytes): #6(994), #8(994), #10(994), #12(983)]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 93
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 89
Version: TLS 1.2 (0x0303)
Random: e12ebb4fffc990695388c0b31c4bf08cc0816c3e9c7ca195...
Session ID Length: 32
Session ID: ccb87b0f29e0da7c4587a6fc24201b8731ad725258199b3b...
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Compression Method: null (0)
Extensions Length: 17
Extension: renegotiation_info (len=1)
Extension: ec_point_formats (len=4)
Extension: extended_master_secret (len=0)
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 3515
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 3511
Certificates Length: 3508
Certificates (3508 bytes)
Certificate Length: 2046
Certificate: 308207fa308206e2a003020102020c22ff0567818198c001... (id-at-commonName=radius.staff.uni-marburg.de,id-at-organizationName=Philipps-Universitaet Marburg,id-at-localityName=Marburg,id-at-stateOrProvinceName=Hessen,id-at-countryNa
signedCertificate
version: v3 (2)
serialNumber: 0x22ff0567818198c00178abea
signature (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 4 items (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
RDNSequence item: 1 item (id-at-countryName=DE)
RelativeDistinguishedName item (id-at-countryName=DE)
Id: 2.5.4.6 (id-at-countryName)
CountryName: DE
RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
Id: 2.5.4.11 (id-at-organizationalUnitName)
DirectoryString: uTF8String (4)
uTF8String: DFN-PKI
RDNSequence item: 1 item (id-at-commonName=DFN-Verein Global Issuing CA)
RelativeDistinguishedName item (id-at-commonName=DFN-Verein Global Issuing CA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: DFN-Verein Global Issuing CA
validity
subject: rdnSequence (0)
subjectPublicKeyInfo
extensions: 10 items
algorithmIdentifier (sha256WithRSAEncryption)
Padding: 0
encrypted: 64daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d3...
Certificate Length: 1456
Certificate: 308205ac30820494a00302010202071b63bad01e2c3d300d... (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
signedCertificate
version: v3 (2)
serialNumber: 7709478377892925
signature (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 4 items (id-at-commonName=DFN-Verein Certification Authority 2,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
RDNSequence item: 1 item (id-at-countryName=DE)
RelativeDistinguishedName item (id-at-countryName=DE)
Id: 2.5.4.6 (id-at-countryName)
CountryName: DE
RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: printableString (1)
printableString: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
Id: 2.5.4.11 (id-at-organizationalUnitName)
DirectoryString: printableString (1)
printableString: DFN-PKI
RDNSequence item: 1 item (id-at-commonName=DFN-Verein Certification Authority 2)
RelativeDistinguishedName item (id-at-commonName=DFN-Verein Certification Authority 2)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: printableString (1)
printableString: DFN-Verein Certification Authority 2
validity
subject: rdnSequence (0)
subjectPublicKeyInfo
extensions: 7 items
algorithmIdentifier (sha256WithRSAEncryption)
Padding: 0
encrypted: 817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3f...
TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 333
Handshake Protocol: Server Key Exchange
Handshake Type: Server Key Exchange (12)
Length: 329
EC Diffie-Hellman Server Params
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
AVP: t=Message-Authenticator(80) l=18 val=b4518e69f9fe31bc2518285469c3315e
AVP: t=State(24) l=18 val=fa37451fff315c8630ff81bc4e7a54b3
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius-fail.pcap
Type: application/vnd.tcpdump.pcap
Size: 6608 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200813/2da0a2e8/attachment-0002.pcap>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius-cert-ok.pcap
Type: application/vnd.tcpdump.pcap
Size: 10441 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200813/2da0a2e8/attachment-0003.pcap>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5391 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200813/2da0a2e8/attachment-0001.bin>
More information about the Freeradius-Users
mailing list