Hi All,
I raised the issue below in the MBED-TLS github, as per suggestion from the moderator asking it in the mailing-list. Below are the details. https://github.com/Mbed-TLS/mbedtls/issues/6864
I am running Mbed TLS as a core security library(2.24.0), on an embedded platform. I am using the FreeRADIUS server for AAA authentication. I am able to get the PMK values correctly at the supplicant side, however while decrypting the MPPE key at the gateway side I see that the values are incorrect specially in the API(radius_client_sec_prot_ms_mppe_recv_key_pmk_decrypt)
Below are my setup details: FreeRADIUS server setup on Ubuntu(3.2.1) openssl :1.1.1f Ubuntu version : 20.04.04LTS
System information Client side setup Platform : Micro controller based platform OS : FreeRTOS
Compiler gcc-arm-none-eabi-8-2019-q3-update
Sample example
MPPE KEY in clear at RADIUS Server Fri Dec 30 23:50:13 2022 : Debug: (209) MS-MPPE-Recv-Key = 0x2f6c3e7e748eb49a598c208af3ef520454f5aa6873bc72f7f32be1053914a566 Fri Dec 30 23:50:13 2022 : Debug: (209) MS-MPPE-Send-Key = 0xa04539819a272e94782af1818b05878bb0e420d08a51accd6c3cb75baaecbd75
PMK Key values at Supplicant(which is same as MPPE-RECV-KEY) PMK Key values at Supplicant(which is same as MPPE-RECV-KEY) 2022-12-30 23:50:07.313 #1 0000000000000000 <log> 0:28:21.215 [debug] [ tlsp] {Wi-SUN Ev}: >>>> PRINT THE KEY PMK >>>> 2022-12-30 23:50:07.313 #1 0000000000000000 <log> 0:28:21.224 [debug] [ tlsp] {Wi-SUN Ev}: EAP-TLS key material 2f:6c:3e:7e:74:8e:b4:9a:59:8c:20:8a:f3:ef:52:04:54:f5:aa:68:73:bc:72:f7:f3:2b:e1:05:39:14:a5:66 which is same as the value that we see at the RADIUS Server.
Decrypted key Value at Authenticator(using the API radius_client_sec_prot_ms_mppe_recv_key_pmk_decrypt) 2022-12-30 23:51:34.763 #1 0000000000000000 <log> 3:09:17.919 [debug] [ hmac] {Wi-SUN Ev}: hmac_md key a9:69:02:e9:3a:1d:cd:05:31:b3:77:cd:d6:d7:c2:c7:2d:52:4b:0a:5b:b1:aa:81:20:67:dd:b8:1c:04:ef:63
Mbed TLS version (number or commit id): 2.24.0 Operating system and version: Configuration (if not default, please attach mbedtls_config.h): Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information:
Expected behavior The key should be decrypted with the correct value.
Actual behavior The key is not getting the correct value.
Steps to reproduce Additional information Kindly let me know what is missing here ? Thanks in advance.
With regards, Ajay. Brentwood, UK.
Hello All,
Anyone has experienced or seen this issue, I require help in debugging this. Please can someone suggest of might be wrong here.
Thank you !
With regards, Ajay.
mbed-tls@lists.trustedfirmware.org
-
Ajay Mishra