Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fixed interoperability issue with PEAPv0 cryptobinding and NPS

Windows Server 2008 NPS gets very confused if the TLS Message Length is
not included in the Phase 1 messages even if fragmentation is not used.
If the TLS Message Length field is not included in ClientHello message,
NPS seems to decide to use the ClientHello data (excluding first six
octets, i.e., EAP header, type, Flags) as the OuterTLVs data in
Cryptobinding Compound_MAC calculation (per PEAPv2; not MS-PEAP)..

Lets add the TLS Message Length to PEAPv0 Phase 1 messages to get rid of
this issue. This seems to fix Cryptobinding issues with NPS and PEAPv0
is now using optional Cryptobinding by default (again) since there are
no known interop issues with it anymore.
Jouni Malinen 16 years ago
parent
000a1de72b
commit
f4f2774a96
3 changed files with 14 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/eap_peer/eap_peap.c
  2. 11 0
      src/eap_peer/eap_tls_common.c
  3. 2 0
      wpa_supplicant/ChangeLog

+ 1 - 1
src/eap_peer/eap_peap.c
View File 

@@ -147,7 +147,7 @@ static void * eap_peap_init(struct eap_sm *sm)
 
 	data->peap_version = EAP_PEAP_VERSION;
 
 	data->force_peap_version = -1;
 
 	data->peap_outer_success = 2;
 
-	data->crypto_binding = NO_BINDING;
 
+	data->crypto_binding = OPTIONAL_BINDING;
 
 
 	if (config && config->phase1 &&
 
 	    eap_peap_parse_phase1(data, config->phase1) < 0) {

+ 11 - 0
src/eap_peer/eap_tls_common.c
View File 

@@ -501,6 +501,17 @@ static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
 
 	length_included = data->tls_out_pos == 0 &&
 
 		(data->tls_out_len > data->tls_out_limit ||
 
 		 data->include_tls_length);
 
+	if (!length_included &&
 
+	    eap_type == EAP_TYPE_PEAP && peap_version == 0 &&
 
+	    !tls_connection_established(data->eap->ssl_ctx, data->conn)) {
 
+		/*
 
+		 * Windows Server 2008 NPS really wants to have the TLS Message
 
+		 * length included in phase 0 even for unfragmented frames or
 
+		 * it will get very confused with Compound MAC calculation and
 
+		 * Outer TLVs.
 
+		 */
 
+		length_included = 1;
 
+	}
 
 
 	*out_data = eap_msg_alloc(EAP_VENDOR_IETF, eap_type,
 
 				  1 + length_included * 4 + len,

+ 2 - 0
wpa_supplicant/ChangeLog
View File 

@@ -12,6 +12,8 @@ ChangeLog for wpa_supplicant
 
 	  manage WPS negotiation; see README-WPS for more details
 
 	* added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
 
 	* added support for using driver_test over UDP socket
 
+	* fixed PEAPv0 Cryptobinding interoperability issue with Windows Server
 
+	  2008 NPS; optional cryptobinding is now enabled (again) by default
 
 
 2008-11-23 - v0.6.6
 
 	* added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA