FR 3.0.21 on Debian Buster not setting EAP_TLS "More fragments" bit where needed?

Martin Pauly pauly at hrz.uni-marburg.de
Thu Aug 13 10:18:23 CEST 2020


Hi,

this is a followup to my previous posts, but I'd rather like to forget those.
Please accept my apologies for
- not reading RFC 2716 again before posting
- screwing up the EAP-TTLS/PAP tests, they fail, too (makes much more sense, btw)
- not translating an SSL flags octet of value 0x40 correctly to binary

At least the approach of compairing the working to failing situation seems to give a good starting point.
>  I suggest looking at the packet traces with wireshark. It does a good job of piecing the packets together.
yep, see attached pcaps from the respective server interfaces.

What ovbiously differs, is the SSL Flags octet in Byte 5 of Packet 12 in each .pcap recording
(which is consistent with the client side analysis of eapol_test output)
It is 0x04 in the working case and 0x00 in the fail case.
I.e. in the working case, the server sets the M or "More Fragments" bit because there are more fragments to deliver.

AFAIU, the negotiations goes like this:
In both cases, it we have the EAP Start in Packet 4. In the OK case, the server continues to
send (and announce by the M bit) EAP fragments up to Packet 16 which correctly lacks the M bit
because it contains the last fragment of this message.
In the fail case, the missing M bit in Packet 12 mistakenly informs the client that this is it.
IMO, any client bothering to verify the server cert will bail out here.

The pcaps file are small (26 and 14 Frames) and are available for download here:
https://hessenbox.uni-marburg.de/getlink/fi4uTVNtu63s93cTpxpNrt4U/radius-cert-ok.pcap
https://hessenbox.uni-marburg.de/getlink/fiDUMxNR3AuATuGTBMPzcbmq/radius-fail.pcap

For those who don't like the binary files, please find a text version of the detailed
wireshark EAP view of the (IMO) crucial frame 12 of each capture below
(could you get it this detailed with something like tcpdump -vvr <file.pcap>?)

Martin


::::::::::::::
Wireshark view of Frame 12 from radius-cert-ok.pcap
::::::::::::::
Frame 12: 1106 bytes on wire (8848 bits), 1106 bytes captured (8848 bits)
Ethernet II, Src: Vmware_9e:04:cc (00:50:56:9e:04:cc), Dst: Vmware_9e:9d:fd (00:50:56:9e:9d:fd)
Internet Protocol Version 4, Src: 172.25.1.26, Dst: 172.25.1.136
User Datagram Protocol, Src Port: 1812, Dst Port: 52334
RADIUS Protocol
     Code: Access-Challenge (11)
     Packet identifier: 0x5 (5)
     Length: 1064
     Authenticator: a2087c11d371aab961d06781244abb8f
     [This is a response to a request in frame 11]
     [Time from request: 0.000416000 seconds]
     Attribute Value Pairs
         AVP: t=EAP-Message(79) l=255 Segment[1]
             Type: 79
             Length: 255
             EAP fragment: 010603e819403040a03ea03c863a687474703a2f2f636470...
         AVP: t=EAP-Message(79) l=255 Segment[2]
             Type: 79
             Length: 255
             EAP fragment: 2d726f6f742d67322d63612f7075622f6361636572742f63...
         AVP: t=EAP-Message(79) l=255 Segment[3]
             Type: 79
             Length: 255
             EAP fragment: 5c84a829396c94fc1092067b9eeed846b41bb5030c38d9dc...
         AVP: t=EAP-Message(79) l=243 Last Segment[4]
             Type: 79
             Length: 243
             EAP fragment: 6d732054727573742043656e746572312530230603550403...
             Extensible Authentication Protocol
                 Code: Request (1)
                 Id: 6
                 Length: 1000
                 Type: Protected EAP (EAP-PEAP) (25)
                 EAP-TLS Flags: 0x40
                     0... .... = Length Included: False
                     .1.. .... = More Fragments: True
                     ..0. .... = Start: False
                     .... .000 = Version: 0
                 [6 EAP-TLS Fragments (5266 bytes): #6(994), #8(994), #10(994), #12(994), #14(994), #16(296)]
                 Secure Sockets Layer
                     TLSv1.2 Record Layer: Handshake Protocol: Server Hello
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 89
                         Handshake Protocol: Server Hello
                             Handshake Type: Server Hello (2)
                             Length: 85
                             Version: TLS 1.2 (0x0303)
                             Random: ececff1afc020cca949fef413b65d9bb9a81ccbb7318c8de...
                             Session ID Length: 32
                             Session ID: 3dc4544aae705e713864d2afb2a807dd999588e556a041e6...
                             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                             Compression Method: null (0)
                             Extensions Length: 13
                             Extension: renegotiation_info (len=1)
                             Extension: ec_point_formats (len=4)
                     TLSv1.2 Record Layer: Handshake Protocol: Certificate
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 4820
                         Handshake Protocol: Certificate
                             Handshake Type: Certificate (11)
                             Length: 4816
                             Certificates Length: 4813
                             Certificates (4813 bytes)
                                 Certificate Length: 2046
                                 Certificate: 308207fa308206e2a003020102020c22ff0567818198c001... (id-at-commonName=radius.staff.uni-marburg.de,id-at-organizationName=Philipps-Universitaet Marburg,id-at-localityName=Marburg,id-at-stateOrProvinceName=Hessen,id-at-countryNa
                                     signedCertificate
                                         version: v3 (2)
                                         serialNumber: 0x22ff0567818198c00178abea
                                         signature (sha256WithRSAEncryption)
                                         issuer: rdnSequence (0)
                                             rdnSequence: 4 items (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                                 RDNSequence item: 1 item (id-at-countryName=DE)
                                                     RelativeDistinguishedName item (id-at-countryName=DE)
                                                         Id: 2.5.4.6 (id-at-countryName)
                                                         CountryName: DE
                                                 RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
                                                     RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
                                                         Id: 2.5.4.10 (id-at-organizationName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
                                                 RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
                                                     RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
                                                         Id: 2.5.4.11 (id-at-organizationalUnitName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: DFN-PKI
                                                 RDNSequence item: 1 item (id-at-commonName=DFN-Verein Global Issuing CA)
                                                     RelativeDistinguishedName item (id-at-commonName=DFN-Verein Global Issuing CA)
                                                         Id: 2.5.4.3 (id-at-commonName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: DFN-Verein Global Issuing CA
                                         validity
                                         subject: rdnSequence (0)
                                         subjectPublicKeyInfo
                                         extensions: 10 items
                                     algorithmIdentifier (sha256WithRSAEncryption)
                                     Padding: 0
                                     encrypted: 64daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d3...
                                 Certificate Length: 1456
                                 Certificate: 308205ac30820494a00302010202071b63bad01e2c3d300d... (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                     signedCertificate
                                         version: v3 (2)
                                         serialNumber: 7709478377892925
                                         signature (sha256WithRSAEncryption)
                                         issuer: rdnSequence (0)
                                             rdnSequence: 4 items (id-at-commonName=DFN-Verein Certification Authority 2,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                                 RDNSequence item: 1 item (id-at-countryName=DE)
                                                     RelativeDistinguishedName item (id-at-countryName=DE)
                                                         Id: 2.5.4.6 (id-at-countryName)
                                                         CountryName: DE
                                                 RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
                                                     RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
                                                         Id: 2.5.4.10 (id-at-organizationName)
                                                         DirectoryString: printableString (1)
                                                             printableString: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
                                                 RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
                                                     RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
                                                         Id: 2.5.4.11 (id-at-organizationalUnitName)
                                                         DirectoryString: printableString (1)
                                                             printableString: DFN-PKI
                                                 RDNSequence item: 1 item (id-at-commonName=DFN-Verein Certification Authority 2)
                                                     RelativeDistinguishedName item (id-at-commonName=DFN-Verein Certification Authority 2)
                                                         Id: 2.5.4.3 (id-at-commonName)
                                                         DirectoryString: printableString (1)
                                                             printableString: DFN-Verein Certification Authority 2
                                         validity
                                         subject: rdnSequence (0)
                                         subjectPublicKeyInfo
                                         extensions: 7 items
                                     algorithmIdentifier (sha256WithRSAEncryption)
                                     Padding: 0
                                     encrypted: 817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3f...
                                 Certificate Length: 1302
                                 Certificate: 30820512308203faa003020102020900e30bd5f8af25d981... (id-at-commonName=DFN-Verein Certification Authority 2,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=
                                     signedCertificate
                                         version: v3 (2)
                                         serialNumber: 16360405335420557697
                                         signature (sha256WithRSAEncryption)
                                         issuer: rdnSequence (0)
                                             rdnSequence: 4 items (id-at-commonName=T-TeleSec GlobalRoot Class 2,id-at-organizationalUnitName=T-Systems Trust Center,id-at-organizationName=T-Systems Enterprise Services GmbH,id-at-countryName=DE)
                                                 RDNSequence item: 1 item (id-at-countryName=DE)
                                                     RelativeDistinguishedName item (id-at-countryName=DE)
                                                         Id: 2.5.4.6 (id-at-countryName)
                                                         CountryName: DE
                                                 RDNSequence item: 1 item (id-at-organizationName=T-Systems Enterprise Services GmbH)
                                                     RelativeDistinguishedName item (id-at-organizationName=T-Systems Enterprise Services GmbH)
                                                         Id: 2.5.4.10 (id-at-organizationName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: T-Systems Enterprise Services GmbH
                                                 RDNSequence item: 1 item (id-at-organizationalUnitName=T-Systems Trust Center)
                                                     RelativeDistinguishedName item (id-at-organizationalUnitName=T-Systems Trust Center)
                                                         Id: 2.5.4.11 (id-at-organizationalUnitName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: T-Systems Trust Center
                                                 RDNSequence item: 1 item (id-at-commonName=T-TeleSec GlobalRoot Class 2)
                                                     RelativeDistinguishedName item (id-at-commonName=T-TeleSec GlobalRoot Class 2)
                                                         Id: 2.5.4.3 (id-at-commonName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: T-TeleSec GlobalRoot Class 2
                                         validity
                                         subject: rdnSequence (0)
                                         subjectPublicKeyInfo
                                         extensions: 7 items
                                     algorithmIdentifier (sha256WithRSAEncryption)
                                     Padding: 0
                                     encrypted: 870bff3e029b65c8562dd63b9a988b714fdaba29aa21f946...
                     TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 333
                         Handshake Protocol: Server Key Exchange
                             Handshake Type: Server Key Exchange (12)
                             Length: 329
                             EC Diffie-Hellman Server Params
                     TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 4
                         Handshake Protocol: Server Hello Done
                             Handshake Type: Server Hello Done (14)
                             Length: 0
         AVP: t=Message-Authenticator(80) l=18 val=01c86e83e5d890a95b7f3e39608a666b
             Type: 80
             Length: 18
             Message-Authenticator: 01c86e83e5d890a95b7f3e39608a666b
         AVP: t=State(24) l=18 val=296438242c62210883478b4a45d527cf
             Type: 24
             Length: 18
             State: 296438242c62210883478b4a45d527cf



::::::::::::::
Wireshark view of Frame 12 from radius-fail.pcap
::::::::::::::
Frame 12: 1095 bytes on wire (8760 bits), 1095 bytes captured (8760 bits)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
User Datagram Protocol, Src Port: 1812, Dst Port: 59048
RADIUS Protocol
     Code: Access-Challenge (11)
     Packet identifier: 0x5 (5)
     Length: 1053
     Authenticator: 7977f9cc3d9ebeac79bfe4ffe441e590
     [This is a response to a request in frame 11]
     [Time from request: 0.004114000 seconds]
     Attribute Value Pairs
         AVP: t=EAP-Message(79) l=255 Segment[1]
             Type: 79
             Length: 255
             EAP fragment: 010603dd1900873081843040a03ea03c863a687474703a2f...
         AVP: t=EAP-Message(79) l=255 Segment[2]
             Type: 79
             Length: 255
             EAP fragment: 6f62616c2d726f6f742d67322d63612f7075622f63616365...
         AVP: t=EAP-Message(79) l=255 Segment[3]
             Type: 79
             Length: 255
             EAP fragment: 3e9604025c84a829396c94fc1092067b9eeed846b41bb503...
         AVP: t=EAP-Message(79) l=232 Last Segment[4]
             Type: 79
             Length: 232
             EAP fragment: 8a429cdf901457b8ffce6b85a19191978a4abcc6bd7185aa...
             Extensible Authentication Protocol
                 Code: Request (1)
                 Id: 6
                 Length: 989
                 Type: Protected EAP (EAP-PEAP) (25)
                 EAP-TLS Flags: 0x00
                     0... .... = Length Included: False
                     .0.. .... = More Fragments: False
                     ..0. .... = Start: False
                     .... .000 = Version: 0
                 [4 EAP-TLS Fragments (3965 bytes): #6(994), #8(994), #10(994), #12(983)]
                 Secure Sockets Layer
                     TLSv1.2 Record Layer: Handshake Protocol: Server Hello
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 93
                         Handshake Protocol: Server Hello
                             Handshake Type: Server Hello (2)
                             Length: 89
                             Version: TLS 1.2 (0x0303)
                             Random: e12ebb4fffc990695388c0b31c4bf08cc0816c3e9c7ca195...
                             Session ID Length: 32
                             Session ID: ccb87b0f29e0da7c4587a6fc24201b8731ad725258199b3b...
                             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                             Compression Method: null (0)
                             Extensions Length: 17
                             Extension: renegotiation_info (len=1)
                             Extension: ec_point_formats (len=4)
                             Extension: extended_master_secret (len=0)
                     TLSv1.2 Record Layer: Handshake Protocol: Certificate
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 3515
                         Handshake Protocol: Certificate
                             Handshake Type: Certificate (11)
                             Length: 3511
                             Certificates Length: 3508
                             Certificates (3508 bytes)
                                 Certificate Length: 2046
                                 Certificate: 308207fa308206e2a003020102020c22ff0567818198c001... (id-at-commonName=radius.staff.uni-marburg.de,id-at-organizationName=Philipps-Universitaet Marburg,id-at-localityName=Marburg,id-at-stateOrProvinceName=Hessen,id-at-countryNa
                                     signedCertificate
                                         version: v3 (2)
                                         serialNumber: 0x22ff0567818198c00178abea
                                         signature (sha256WithRSAEncryption)
                                         issuer: rdnSequence (0)
                                             rdnSequence: 4 items (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                                 RDNSequence item: 1 item (id-at-countryName=DE)
                                                     RelativeDistinguishedName item (id-at-countryName=DE)
                                                         Id: 2.5.4.6 (id-at-countryName)
                                                         CountryName: DE
                                                 RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
                                                     RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
                                                         Id: 2.5.4.10 (id-at-organizationName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
                                                 RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
                                                     RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
                                                         Id: 2.5.4.11 (id-at-organizationalUnitName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: DFN-PKI
                                                 RDNSequence item: 1 item (id-at-commonName=DFN-Verein Global Issuing CA)
                                                     RelativeDistinguishedName item (id-at-commonName=DFN-Verein Global Issuing CA)
                                                         Id: 2.5.4.3 (id-at-commonName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: DFN-Verein Global Issuing CA
                                         validity
                                         subject: rdnSequence (0)
                                         subjectPublicKeyInfo
                                         extensions: 10 items
                                     algorithmIdentifier (sha256WithRSAEncryption)
                                     Padding: 0
                                     encrypted: 64daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d3...
                                 Certificate Length: 1456
                                 Certificate: 308205ac30820494a00302010202071b63bad01e2c3d300d... (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                     signedCertificate
                                         version: v3 (2)
                                         serialNumber: 7709478377892925
                                         signature (sha256WithRSAEncryption)
                                         issuer: rdnSequence (0)
                                             rdnSequence: 4 items (id-at-commonName=DFN-Verein Certification Authority 2,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                                 RDNSequence item: 1 item (id-at-countryName=DE)
                                                     RelativeDistinguishedName item (id-at-countryName=DE)
                                                         Id: 2.5.4.6 (id-at-countryName)
                                                         CountryName: DE
                                                 RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
                                                     RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
                                                         Id: 2.5.4.10 (id-at-organizationName)
                                                         DirectoryString: printableString (1)
                                                             printableString: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
                                                 RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
                                                     RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
                                                         Id: 2.5.4.11 (id-at-organizationalUnitName)
                                                         DirectoryString: printableString (1)
                                                             printableString: DFN-PKI
                                                 RDNSequence item: 1 item (id-at-commonName=DFN-Verein Certification Authority 2)
                                                     RelativeDistinguishedName item (id-at-commonName=DFN-Verein Certification Authority 2)
                                                         Id: 2.5.4.3 (id-at-commonName)
                                                         DirectoryString: printableString (1)
                                                             printableString: DFN-Verein Certification Authority 2
                                         validity
                                         subject: rdnSequence (0)
                                         subjectPublicKeyInfo
                                         extensions: 7 items
                                     algorithmIdentifier (sha256WithRSAEncryption)
                                     Padding: 0
                                     encrypted: 817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3f...
                     TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 333
                         Handshake Protocol: Server Key Exchange
                             Handshake Type: Server Key Exchange (12)
                             Length: 329
                             EC Diffie-Hellman Server Params
                     TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 4
                         Handshake Protocol: Server Hello Done
                             Handshake Type: Server Hello Done (14)
                             Length: 0
         AVP: t=Message-Authenticator(80) l=18 val=b4518e69f9fe31bc2518285469c3315e
         AVP: t=State(24) l=18 val=fa37451fff315c8630ff81bc4e7a54b3




-- 
        Dr. Martin Pauly     Phone:  +49-6421-28-23527
        HRZ Univ. Marburg    Fax:    +49-6421-28-26994
        Hans-Meerwein-Str.   E-Mail: pauly at HRZ.Uni-Marburg.DE
        D-35032 Marburg





-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius-fail.pcap
Type: application/vnd.tcpdump.pcap
Size: 6608 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200813/2da0a2e8/attachment-0002.pcap>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius-cert-ok.pcap
Type: application/vnd.tcpdump.pcap
Size: 10441 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200813/2da0a2e8/attachment-0003.pcap>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5391 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200813/2da0a2e8/attachment-0001.bin>


More information about the Freeradius-Users mailing list