+#ifdef PPP_WITH_MPPE
+/**********************************************************************
+* %FUNCTION: radius_setmppekeys
+* %ARGUMENTS:
+* vp -- value pair holding MS-CHAP-MPPE-KEYS attribute
+* req_info -- radius request information used for encryption
+* %RETURNS:
+* >= 0 on success; -1 on failure
+* %DESCRIPTION:
+* Decrypt the "key" provided by the RADIUS server for MPPE encryption.
+* See RFC 2548.
+***********************************************************************/
+static int
+radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info,
+ unsigned char *challenge)
+{
+ int i;
+ int status = 0;
+ PPP_MD_CTX *ctx;
+ unsigned char plain[32];
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ unsigned int buflen;
+
+
+ if (vp->lvalue != 32) {
+ error("RADIUS: Incorrect attribute length (%d) for MS-CHAP-MPPE-Keys",
+ vp->lvalue);
+ return -1;
+ }
+
+ memcpy(plain, vp->strvalue, sizeof(plain));
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+
+ if (PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) {
+
+ buflen = sizeof(buf);
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
+ plain[i] ^= buf[i];
+ }
+
+ status = 0;
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+
+ if (PPP_DigestUpdate(ctx, vp->strvalue, 16)) {
+
+ buflen = MD5_DIGEST_LENGTH;
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ for(i = 0; i < MD5_DIGEST_LENGTH; i++) {
+ plain[i + 16] ^= buf[i];
+ }
+
+ /*
+ * Annoying. The "key" returned is just the NTPasswordHashHash, which
+ * the NAS (us) doesn't need; we only need the start key. So we have
+ * to generate the start key, sigh. NB: We do not support the LM-Key.
+ */
+ mppe_set_chapv1(challenge, &plain[8]);
+ return 0;
+ }
+ }
+
+ return -1;
+}
+
+/**********************************************************************
+* %FUNCTION: radius_setmppekeys2
+* %ARGUMENTS:
+* vp -- value pair holding MS-MPPE-SEND-KEY or MS-MPPE-RECV-KEY attribute
+* req_info -- radius request information used for encryption
+* %RETURNS:
+* >= 0 on success; -1 on failure
+* %DESCRIPTION:
+* Decrypt the key provided by the RADIUS server for MPPE encryption.
+* See RFC 2548.
+***********************************************************************/
+static int
+radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
+{
+ int i;
+ int status = 0;
+ PPP_MD_CTX *ctx;
+ unsigned char *salt = vp->strvalue;
+ unsigned char *crypt = vp->strvalue + 2;
+ unsigned char plain[32];
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ unsigned int buflen;
+ char *type = "Send";
+
+ if (vp->attribute == PW_MS_MPPE_RECV_KEY)
+ type = "Recv";
+
+ if (vp->lvalue != 34) {
+ error("RADIUS: Incorrect attribute length (%d) for MS-MPPE-%s-Key",
+ vp->lvalue, type);
+ return -1;
+ }
+
+ if ((salt[0] & 0x80) == 0) {
+ error("RADIUS: Illegal salt value for MS-MPPE-%s-Key attribute", type);
+ return -1;
+ }
+
+ memcpy(plain, crypt, 32);
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+
+ if (PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) {
+
+ if (PPP_DigestUpdate(ctx, salt, 2)) {
+
+ buflen = sizeof(buf);
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ for (i = 0; i < 16; i++) {
+ plain[i] ^= buf[i];
+ }
+
+ if (plain[0] != 16) {
+ error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
+ (int) plain[0], type);
+ return -1;
+ }
+
+ status = 0;
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+
+ if (PPP_DigestUpdate(ctx, crypt, 16)) {
+
+ if (PPP_DigestUpdate(ctx, salt, 2)) {
+
+ buflen = sizeof(buf);
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ plain[16] ^= buf[0]; /* only need the first byte */
+
+ if (vp->attribute == PW_MS_MPPE_SEND_KEY) {
+ mppe_set_keys(plain + 1, NULL, 16);
+ } else {
+ mppe_set_keys(NULL, plain + 1, 16);
+ }
+ return 0;
+ }
+ }
+
+ return -1;
+}
+#endif /* PPP_WITH_MPPE */
+