[PATCH 1/4] eap-tls-common: Address PEAPv0 interoperability with Windows

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tim Kourt <tim.a.kourt@linux.intel.com>
To: iwd@lists.01.org
Subject: [PATCH 1/4] eap-tls-common: Address PEAPv0 interoperability with Windows
Date: Fri, 31 Jan 2020 14:25:14 -0800	[thread overview]
Message-ID: <20200131222517.8182-1-tim.a.kourt@linux.intel.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 3515 bytes --]

Windows Server 2008 - Network Policy Server (NPS) generates an invalid
Compound MAC for Cryptobinding TLV when is used within PEAPv0 due to
incorrect parsing of the message containing TLS Client Hello.
Setting L bit and including TLS Message Length field, even for the
packets that do not require fragmentation, corrects the issue. The
redundant TLS Message Length field in unfragmented packets doesn't
seem to effect the other server implementations.
---
 src/eap-tls-common.c | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/src/eap-tls-common.c b/src/eap-tls-common.c
index 080e4f27..d62d7ca5 100644
--- a/src/eap-tls-common.c
+++ b/src/eap-tls-common.c
@@ -112,6 +112,7 @@ struct eap_tls_state {
 	size_t tx_frag_last_len;
 
 	bool expecting_frag_ack:1;
+	bool tunnel_ready:1;
 
 	struct l_queue *ca_cert;
 	struct l_certchain *client_cert;
@@ -128,6 +129,7 @@ static void __eap_tls_common_state_reset(struct eap_tls_state *eap_tls)
 	eap_tls->method_completed = false;
 	eap_tls->phase2_failed = false;
 	eap_tls->expecting_frag_ack = false;
+	eap_tls->tunnel_ready = false;
 
 	if (eap_tls->tunnel) {
 		l_tls_free(eap_tls->tunnel);
@@ -244,6 +246,8 @@ static void eap_tls_tunnel_ready(const char *peer_identity, void *user_data)
 	 */
 	eap_start_complete_timeout(eap);
 
+	eap_tls->tunnel_ready = true;
+
 	if (!eap_tls->variant_ops->tunnel_ready)
 		return;
 
@@ -261,6 +265,7 @@ static void eap_tls_tunnel_disconnected(enum l_tls_alert_desc reason,
 			eap_get_method_name(eap), l_tls_alert_to_str(reason));
 
 	eap_tls->method_completed = true;
+	eap_tls->tunnel_ready = false;
 }
 
 static bool eap_tls_validate_version(struct eap_state *eap,
@@ -325,11 +330,32 @@ static void eap_tls_send_fragment(struct eap_state *eap)
 	eap_tls->tx_frag_last_len = len;
 }
 
+static bool needs_workaround(struct eap_state *eap)
+{
+	struct eap_tls_state *eap_tls = eap_get_data(eap);
+
+	/*
+	 * Windows Server 2008 - Network Policy Server (NPS) generates an
+	 * invalid Compound MAC for Cryptobinding TLV when is used within PEAPv0
+	 * due to incorrect parsing of the message containing TLS Client Hello.
+	 * Setting L bit and including TLS Message Length field, even for the
+	 * packets that do not require fragmentation, corrects the issue. The
+	 * redundant TLS Message Length field in unfragmented packets doesn't
+	 * seem to effect the other server implementations.
+	 */
+	return eap_get_method_type(eap) == EAP_TYPE_PEAP &&
+			eap_tls->version_negotiated == EAP_TLS_VERSION_0 &&
+			!eap_tls->tunnel_ready;
+}
+
 static void eap_tls_send_response(struct eap_state *eap,
 					const uint8_t *pdu, size_t pdu_len)
 {
 	struct eap_tls_state *eap_tls = eap_get_data(eap);
 	size_t msg_len = EAP_TLS_HEADER_LEN + pdu_len;
+	bool set_tls_msg_len = needs_workaround(eap);
+
+	msg_len += set_tls_msg_len ? 4 : 0;
 
 	if (msg_len <= eap_get_mtu(eap)) {
 		uint8_t *buf;
@@ -345,6 +371,15 @@ static void eap_tls_send_response(struct eap_state *eap,
 		buf[EAP_TLS_HEADER_OCTET_FLAGS + extra] =
 						eap_tls->version_negotiated;
 
+		if (set_tls_msg_len) {
+			buf[extra + EAP_TLS_HEADER_OCTET_FLAGS] |=
+								EAP_TLS_FLAG_L;
+			l_put_be32(pdu_len,
+				   &buf[extra + EAP_TLS_HEADER_OCTET_FRAG_LEN]);
+
+			extra += 4;
+		}
+
 		memcpy(buf + EAP_TLS_HEADER_LEN + extra, pdu, pdu_len);
 
 		eap_send_response(eap, eap_get_method_type(eap), buf, msg_len);
-- 
2.13.6

next             reply	other threads:[~2020-01-31 22:25 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-31 22:25 Tim Kourt [this message]
2020-01-31 22:25 ` [PATCH 2/4] peap: Add inner EAP key material into imsk calculation Tim Kourt
2020-01-31 22:25 ` [PATCH 3/4] auto-t: Test PEAPv0 cryptobinding Tim Kourt
2020-01-31 22:25 ` [PATCH 4/4] peap: Fail auth. if invalid compound MAC is received Tim Kourt
2020-02-06 21:18   ` Denis Kenzior
2020-02-03 17:35 ` [PATCH 1/4] eap-tls-common: Address PEAPv0 interoperability with Windows Denis Kenzior

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:080e4f2 dfblob:d62d7ca )
 OR (
bs:"[PATCH 1/4] eap-tls-common: Address PEAPv0 interoperability with Windows" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200131222517.8182-1-tim.a.kourt@linux.intel.com \
    --to=tim.a.kourt@linux.intel.com \
    --cc=iwd@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.