EAP-TLS and TLS record protocol

2013-05-24 Thread Pieter Hulshoff 
Hello all,

I'm new to the list, relatively new to authentication, and I'm trying to figure 
out some details regarding the RFCs. I was hoping some of you might be able 
and willing to help me out here.

As I understand it, using TLS you can authenticate the server and optionally 
the client, negotiate the encryption/signing algorithm(s) for the TLS record 
protocol, and exchange the key information before switching to the selected 
encryption/signing algorithm(s) for secure data transport. EAP-TLS however 
seems focused on authorization and exchanging the key information, leaving the 
actual data encryption to be determine by other means (e.g. IEEE 802.1X MKA 
i.c.w. MACsec).

My questions:
1. Is this understanding correct?
2. Does this imply that the negotiated encryption/signing algorithm(s) are 
only used for the EAP-TLS Finished messages?

Any and all insights would be most welcome. :)

Kind regards,

Pieter Hulshoff

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

AES-GCM

2013-05-24 Thread Pieter Hulshoff 
Hello all,

Does FreeRADIUS support AES-GCM in EAP-TLS? I couldn't find the term in the 
documentation, the wiki or the mailinglist archives, but perhaps I'm looking 
in the wrong place?

Kind regards,

Pieter Hulshoff

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: AES-GCM

2013-05-24 Thread Pieter Hulshoff 
On Friday, May 24, 2013 12:21:47 PM Phil Mayers wrote:
 On 24/05/13 11:44, Pieter Hulshoff wrote:
  Hello all,
  
  Does FreeRADIUS support AES-GCM in EAP-TLS? I couldn't find the term in
  the
  documentation, the wiki or the mailinglist archives, but perhaps I'm
  looking in the wrong place?
 
 Typically this is down the TLS libraries; it's not usually the case that
 the application needs to do anything.

It seems I have a lot to learn yet about what is and is not a part of 
FreeRADIUS. My apologies for pushing (slightly) OT subjects onto the 
mailinglist.

 That said, EAP-TLS is typically TLS 1.0. AIUI, AEAD ciphers require TLS
 1.2 - see section 4 of RFC 5288. But again, FreeRADIUS doesn't involve
 itself in this level of detail - that's an aspect of the TLS library
 (OpenSSL) we use, and whatever the EAP-TLS client is using.

I guess that if we want to use AEAD cyphers we'll need to find another TLS 
library or adapt/contribute to OpenSSL?

 Note also that EAP-TLS (unlike other TLS-based EAP methods, such as PEAP
 or TTLS) never actually sends any data over the TLS session;
 essentially, it consists solely of the handshake. In TLS terms, EAP-TLS
 never sends any TLS records of type=23 (application data). So, the
 negotiated cipher is not used for very much.

The EAP-TLS Finished (type=20) are secured/signed with this negotiated cipher 
though, correct?

 Slightly OT, there seems to be some degree of uncertainty about GCM in
 general, and whether it's a sensible cipher mode - for example, see
 http://www.imperialviolet.org/2013/01/13/rwc03.html

Interesting article nontheless. I guess I've been working as a hardware 
engineer for too long; I haven't been bothered by timing side-channel attacks 
too much. :) It's something to take into consideration though.

Kind regards,

Pieter Hulshoff

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: AES-GCM

2013-05-24 Thread Pieter Hulshoff 
On Friday, May 24, 2013 01:47:36 PM Pieter Hulshoff wrote:
 I guess that if we want to use AEAD cyphers we'll need to find another TLS
 library or adapt/contribute to OpenSSL?

It seems some people are way ahead of me:
http://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations#Encryption_Algorithms
Support for AES-GCM was added in v1.0.1

Kind regards,

Pieter Hulshoff

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html