Re: [Emu] More TEAP issues
Alexander Clouter <alex+ietf@coremem.com> Wed, 30 November 2022 15:01 UTC
Return-Path: <alex+ietf@coremem.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC104C1522BF for <emu@ietfa.amsl.com>; Wed, 30 Nov 2022 07:01:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=coremem.com header.b=jD6M/w1r; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Bdz5jBSv
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G2dNuUDCKoLr for <emu@ietfa.amsl.com>; Wed, 30 Nov 2022 07:01:30 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F06B1C14F74D for <emu@ietf.org>; Wed, 30 Nov 2022 07:01:29 -0800 (PST)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id DC5755C00D3 for <emu@ietf.org>; Wed, 30 Nov 2022 10:01:28 -0500 (EST)
Received: from imap46 ([10.202.2.96]) by compute5.internal (MEProxy); Wed, 30 Nov 2022 10:01:28 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coremem.com; h= cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm3; t=1669820488; x=1669906888; bh=7CKkH1mgtU jOUgb8WtRoATst4MsApXq1Wmv4ts4G8nY=; b=jD6M/w1rSs+w1AjqZLSto9UO2k oYKv1rpIQlX3X9xOyVmXXgX3eEGZ3Hw10DnaxWuekt14c9m/mDjpG+9g9NUxdnKt XVUYWqLti0Y0ajVz2dvfLYMH3wqt3UPrTGl7uebnMBIL3W8+zuS6t2/3+4P19nYP SkLxuabVuqRo1AzzElEIhU+BZ7ngS9lGXTt1F84Bv3mh78zpPR3r+1kGCDbO/rEw gdve3rJoKANsIe0UU7cLaRlpNIpz+ACe6YZMG1ZXM52QUebP/yTFZA/HIQEM5HAE 95pd7tZTFsEknNn0OiNVogIfKpBNkqqm8bsgwEAoC2MDdqDfSUjP9AiTicDw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1669820488; x=1669906888; bh=7CKkH1mgtUjOUgb8WtRoATst4MsA pXq1Wmv4ts4G8nY=; b=Bdz5jBSvdYSMwhZk1rauL4O71T4K3kqCKcIkMYPRzADu 3wly7Ej515FjDzUAnZruoFF2AD8urRz3j9EkSeEs2O9fMla53Qw1sWmczc5YSxxQ d8DbgnH5K33TXguVStkyrS6fXzZv+/2X7PRxtg4198yCItb93XXb+oO0I3/ombFF s6aJL77T69IE8yoxofDFAgP3tP3VNdHApYuT+/k8IZQ6nXm/5xTuNFc2DW2CktnX HvLPuxsZHtKrMe6GtDmPndXKYMzaKzSZ3b2NbaWG7n4VkByMG+sRq0avHc1EwcHW 0QXN5F/IVQTbwL4lJBEoDLc1b1bxC3YH8OzcK/gpIg==
X-ME-Sender: <xms:SHCHY2zR8-JeXQzNUA90AGZvTgWM6ApfXr8H0h63vfEv8IKcFiuvkw> <xme:SHCHYyRPfa9oUNHFGtOAn5CKwaNOxBSVKiy8fLaDL3q2NdlVNd_YuxTVIkaRc311Z v4Gj37hNqNkRLa-Eg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrtdefgdeilecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdetlhgvgigrnhguvghrucevlhhouhhtvghrfdcuoegrlhgv gidoihgvthhfsegtohhrvghmvghmrdgtohhmqeenucggtffrrghtthgvrhhnpeeghfejtd eikeefgfejgeejfeejvefftdejjedvjeekueetvddtlefhvddttdeujeenucffohhmrghi nhepihhnfhhrrgguvggrugdrohhrghdprhhftgdqvgguihhtohhrrdhorhhgnecuvehluh hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprghlvgigodhivght fhestghorhgvmhgvmhdrtghomh
X-ME-Proxy: <xmx:SHCHY4ViBXI3I14Qp7cBSwdq9On1I8yEOs9K9bRbJ3GgqyQh1z0Cyw> <xmx:SHCHY8jcTdBdkfLZVpZv2wPmv8Vur4m-kszukH3Mo85Minpuz92VcQ> <xmx:SHCHY4B1JtoensLunYgziwL77pwUNvnwFDchyCZjDlpkcyqk7P0Tkw> <xmx:SHCHY7N9bJWjtpk5t3f5P_zdbcY_PWmHE84Fo0riDNy9L_tEcYN-uA>
Feedback-ID: ie3614602:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 78E802A20085; Wed, 30 Nov 2022 10:01:28 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-1115-g8b801eadce-fm-20221102.001-g8b801ead
Mime-Version: 1.0
Message-Id: <b6b1d0d3-18ea-4d2c-9935-5fec335b191b@app.fastmail.com>
In-Reply-To: <449FBD6E-34F7-49A2-A9A1-72BD716E1DDA@deployingradius.com>
References: <449FBD6E-34F7-49A2-A9A1-72BD716E1DDA@deployingradius.com>
Date: Wed, 30 Nov 2022 15:01:08 +0000
From: Alexander Clouter <alex+ietf@coremem.com>
To: EMU WG <emu@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/LOyc6IKRGtRE85dK8eidw3VPnFk>
Subject: Re: [Emu] More TEAP issues
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2022 15:01:34 -0000
Hello, On Tue, 29 Nov 2022, at 22:34, Alan DeKok wrote: > Based on interoperability testing, it looks like implementations > followed EAP-FAST for derivation of the MS-MPPE keys, and not RFC 7170: > > http://lists.infradead.org/pipermail/hostap/2022-July/040639.html > > http://lists.infradead.org/pipermail/hostap/2022-November/041060.html EAP-FAST almost does not document this until you look at a latter RFC covering the provisioning component: https://www.rfc-editor.org/rfc/rfc5422#section-3.2.3 Really easy to miss for an implementer, especially as when you start implementing FAST (or TEAP) you begin with authentication and think you can ignore the PAC component at first. I suspect Microsoft and Cisco just cut'n'pasted from their FAST implementation and used it whilst implementing TEAP and never looked back. It worked as they may have both done this. The other biggy is that it is easy to miss that for each EAP method in a sequence, you need to include an EAP Identity response along with the Identity-Type TLV to the peer. Windows 10/11 wonderfully from their UI configure (as labelled) 'first' and 'second' method, but after completing the first if the server does not ask for the identity of the second, Windows will return a zero length identity and then refuse to go any further; well I was unable to persuade it. Once you figure this out, it sort of makes sense (thinking of how a peer may have chosen to implement its state machine and that as a server you may want to proxy a given method) but EAP sequences themselves are not really well defined. EAP (https://www.rfc-editor.org/rfc/rfc3748#section-2.1) only covers that outside a tunnel this is not supported. FAST (https://www.rfc-editor.org/rfc/rfc4851#section-3.3.1) and TEAP (https://www.rfc-editor.org/rfc/rfc7170.html#section-3.3.1) states why they are allowed to use sequences and only because of Intermediate-Result/Crypto-Binding TLVs. I have not yet found anything that provides guidance on how to actually do an EAP sequence. FAST (https://www.rfc-editor.org/rfc/rfc4851#appendix-A.6) does not state you need to send a EAP Identity at the start of each method other than for the first one. I do not know if this is accurate as we never implemented for FreeRADIUS sequences for FAST. TEAP (https://www.rfc-editor.org/rfc/rfc7170.html#appendix-C.6) also does not, but I know from the FreeRADIUS implementation it was needed to get sequences to work. It took this implementer quite a while to realise that each EAP method in a sequence stands alone to the others and needs to be initiated with an EAP-Identity response. > 3) declare 7170 irretrievably broken, and write 7170bis which > documents how TEAP version 1 operates in practice. This is my preference too. Whilst this is all in my head, having just done the FreeRADIUS/hostapd/Win10/Win11 interop work, I willing to kick off process by updating the existing RFC. Fortunately during my work I also submitted fixes to Wireshark so since 4.0 you get TEAP decoding and inner EAP-TLS decryption so this allows us to share PCAPs of this in the wild. Hopefully with that people here can use it to fix up my notes to remove any further ambiguity if that sounds useful to others? Thanks Alex
- [Emu] More TEAP issues Alan DeKok
- Re: [Emu] More TEAP issues Joseph Salowey
- Re: [Emu] More TEAP issues Eliot Lear
- Re: [Emu] More TEAP issues Alan DeKok
- Re: [Emu] More TEAP issues Alexander Clouter
- Re: [Emu] More TEAP issues Jouni Malinen
- Re: [Emu] [EXTERNAL] Re: More TEAP issues Bruno Pereira Vidal
- Re: [Emu] [EXTERNAL] Re: More TEAP issues Joseph Salowey
- Re: [Emu] [EXTERNAL] Re: More TEAP issues Eliot Lear
- Re: [Emu] [EXTERNAL] Re: More TEAP issues Alan DeKok
- Re: [Emu] [EXTERNAL] Re: More TEAP issues Alexander Clouter
- Re: [Emu] [EXTERNAL] Re: More TEAP issues Peter Yee
- Re: [Emu] More TEAP issues Owen Friel (ofriel)
- Re: [Emu] More TEAP issues Alan DeKok