int id, i, plen, clen, toffs, keylen;
u_char vals[2];
struct b64state bs;
int id, i, plen, clen, toffs, keylen;
u_char vals[2];
struct b64state bs;
-
- cctx = PPP_CIPHER_CTX_new();
- if (!cctx) {
- dbglog("no DES here; cannot decode "
- "pseudonym");
- break;
- }
-
- if (!PPP_CipherInit(cctx, PPP_des_ecb(), NULL, NULL, 0)) {
- dbglog("no DES here; cannot decode "
- "pseudonym");
- break;
- }
-
for (i = 0; i < 5; i++) {
pncrypt_getkey(toffs, key, keylen);
toffs -= 86400;
for (i = 0; i < 5; i++) {
pncrypt_getkey(toffs, key, keylen);
toffs -= 86400;
- PPP_CIPHER_CTX_set_cipher_data(cctx, key);
-
- if (!PPP_CipherUpdate(cctx, clear, &clen, secbuf, 8)) {
+ if (!DesDecrypt(secbuf, key, clear)) {
esp->es_server.ea_peer[
esp->es_server.ea_peerlen] = '\0';
dbglog("decoded pseudonym to \"%.*q\"",
esp->es_server.ea_peer[
esp->es_server.ea_peerlen] = '\0';
dbglog("decoded pseudonym to \"%.*q\"",
- u_char clear[8], cipher[8], dig[SHA_DIGESTSIZE], *optr, *cp, key[SHA_DIGEST_LENGTH];
+ u_char clear[8], cipher[8], dig[SHA_DIGEST_LENGTH], *optr, *cp, key[SHA_DIGEST_LENGTH];
int i, j, diglen, clen, keylen = sizeof(key);
struct b64state b64;
PPP_MD_CTX *ctxt;
int i, j, diglen, clen, keylen = sizeof(key);
struct b64state b64;
PPP_MD_CTX *ctxt;
- }
- PPP_CipherInit(cctx, PPP_des_ecb(), key, NULL, 1);
-
- PPP_CipherUpdate(cctx, cipher, &clen, clear, sizeof(clear));
BZERO(&b64, sizeof (b64));
outp++; /* space for pseudonym length */
outp += b64enc(&b64, cipher, 8, outp);
while (i >= 8) {
BZERO(&b64, sizeof (b64));
outp++; /* space for pseudonym length */
outp += b64enc(&b64, cipher, 8, outp);
while (i >= 8) {
outp += b64enc(&b64, cipher, 8, outp);
}
outp += b64flush(&b64, outp);
outp += b64enc(&b64, cipher, 8, outp);
}
outp += b64flush(&b64, outp);
- ctxt = PPP_MD_CTX_new();
- if (ctxt) {
-
- PPP_DigestInit(ctxt, PPP_sha1());
- PPP_DigestUpdate(ctxt, &esp->es_server.ea_id, 1);
- PPP_DigestUpdate(ctxt, &esp->es_server.ea_skey,
- SESSION_KEY_LEN);
- PPP_DigestUpdate(ctxt, esp->es_server.ea_peer,
- esp->es_server.ea_peerlen);
-
- while (optr < outp) {
- diglen = SHA_DIGEST_LENGTH;
- PPP_DigestFinal(ctxt, dig, &diglen);
- cp = dig;
- while (cp < dig + SHA_DIGEST_LENGTH)
- *optr++ ^= *cp++;
-
- PPP_DigestInit(ctxt, PPP_sha1());
- PPP_DigestUpdate(ctxt, &esp->es_server.ea_id, 1);
- PPP_DigestUpdate(ctxt, esp->es_server.ea_skey,
- SESSION_KEY_LEN);
- PPP_DigestUpdate(ctxt, optr - SHA_DIGEST_LENGTH,
- SHA_DIGEST_LENGTH);
- }
-
- PPP_MD_CTX_free(ctxt);
- }
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &esp->es_server.ea_id, 1);
+ PPP_DigestUpdate(ctxt, &esp->es_server.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_peer,
+ esp->es_server.ea_peerlen);
+ while (optr < outp) {
+ diglen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctxt, dig, &diglen);
+ cp = dig;
+ while (cp < dig + SHA_DIGEST_LENGTH)
+ *optr++ ^= *cp++;
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &esp->es_server.ea_id, 1);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, optr - SHA_DIGEST_LENGTH,
+ SHA_DIGEST_LENGTH);
+ }
+
+ PPP_MD_CTX_free(ctxt);
+ }
- ctxt = PPP_MD_CTX_new();
- if (ctxt) {
-
- PPP_DigestInit(ctxt, PPP_sha1());
- PPP_DigestUpdate(ctxt, &val, 1);
- PPP_DigestUpdate(ctxt, esp->es_client.ea_skey,
- SESSION_KEY_LEN);
- if (len > 0) {
- PPP_DigestUpdate(ctxt, datp, SHA_DIGESTSIZE);
- } else {
- PPP_DigestUpdate(ctxt, esp->es_client.ea_name,
- esp->es_client.ea_namelen);
- }
- PPP_DigestFinal(ctxt, dig, &diglen);
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
- for (digp = dig; digp < dig + SHA_DIGEST_LENGTH; digp++)
- *datp++ ^= *digp;
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &val, 1);
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_skey,
+ SESSION_KEY_LEN);
+ if (len > 0) {
+ PPP_DigestUpdate(ctxt, datp, SHA_DIGEST_LENGTH);
+ } else {
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_name,
+ esp->es_client.ea_namelen);
+ }
+ PPP_DigestFinal(ctxt, dig, &diglen);
+
+ for (digp = dig; digp < dig + SHA_DIGEST_LENGTH; digp++)
+ *datp++ ^= *digp;
struct t_num sval, gval, Nval, *Ap, Bval;
u_char vals[2];
PPP_MD_CTX *ctxt;
struct t_num sval, gval, Nval, *Ap, Bval;
u_char vals[2];
PPP_MD_CTX *ctxt;
- mdctx = PPP_MD_CTX_new();
- if (mdctx != NULL) {
- if (PPP_DigestInit(mdctx, PPP_md5())) {
- typenum = id;
- if (PPP_DigestUpdate(mdctx, &typenum, 1)) {
- if (PPP_DigestUpdate(mdctx, secret, secret_len)) {
- BZERO(secret, sizeof(secret));
- if (PPP_DigestUpdate(mdctx, inp, vallen)) {
- if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
- eap_chap_response(esp, id, hash, esp->es_client.ea_name,
- esp->es_client.ea_namelen);
- PPP_MD_CTX_free(mdctx);
- break;
- }
- }
- }
- }
- }
- PPP_MD_CTX_free(mdctx);
- }
- dbglog("EAP: Invalid MD5 checksum");
+ mdctx = PPP_MD_CTX_new();
+ if (mdctx != NULL) {
+ if (PPP_DigestInit(mdctx, PPP_md5())) {
+ typenum = id;
+ if (PPP_DigestUpdate(mdctx, &typenum, 1)) {
+ if (PPP_DigestUpdate(mdctx, secret, secret_len)) {
+ BZERO(secret, sizeof(secret));
+ if (PPP_DigestUpdate(mdctx, inp, vallen)) {
+ if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
+ eap_chap_response(esp, id, hash, esp->es_client.ea_name,
+ esp->es_client.ea_namelen);
+ PPP_MD_CTX_free(mdctx);
+ break;
+ }
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(mdctx);
+ }
+ dbglog("EAP: Invalid MD5 checksum");
if (len < 0 || t_clientverify(tc, inp +
sizeof (u_int32_t)) != 0) {
error("EAP: SRP server verification "
if (len < 0 || t_clientverify(tc, inp +
sizeof (u_int32_t)) != 0) {
error("EAP: SRP server verification "
GETLONG(esp->es_client.ea_keyflags, inp);
/* Save pseudonym if user wants it. */
if (len > 0 && esp->es_usepseudo) {
GETLONG(esp->es_client.ea_keyflags, inp);
/* Save pseudonym if user wants it. */
if (len > 0 && esp->es_usepseudo) {
- if (ctxt) {
-
- vals[0] = id;
- PPP_DigestInit(ctxt, PPP_sha1());
- PPP_DigestUpdate(ctxt, vals, 1);
- PPP_DigestUpdate(ctxt, esp->es_client.ea_skey,
- SESSION_KEY_LEN);
- PPP_DigestUpdate(ctxt, inp, len);
- PPP_DigestUpdate(ctxt, esp->es_client.ea_name,
- esp->es_client.ea_namelen);
- PPP_DigestFinal(ctxt, dig, &diglen);
-
- PPP_MD_CTX_free(ctxt);
-
- eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig,
- SHA_DIGESTSIZE);
+ if (ctxt) {
+
+ vals[0] = id;
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, vals, 1);
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, inp, len);
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_name,
+ esp->es_client.ea_namelen);
+ PPP_DigestFinal(ctxt, dig, &diglen);
+
+ PPP_MD_CTX_free(ctxt);
+
+ eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig,
+ SHA_DIGEST_LENGTH);
- BZERO(secret, sizeof(secret));
- if (PPP_DigestUpdate(mdctx, esp->es_challenge, esp->es_challen)) {
+ if (PPP_DigestUpdate(mdctx, &secret, secret_len)) {
- if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
+ BZERO(secret, sizeof(secret));
+ if (PPP_DigestUpdate(mdctx, esp->es_challenge, esp->es_challen)) {
- esp->es_server.ea_type = EAPT_MD5CHAP;
- eap_send_success(esp);
- eap_figure_next_state(esp, 0);
+ if (BCMP(hash, inp, MD5_DIGEST_LENGTH) == 0) {
+ esp->es_server.ea_type = EAPT_MD5CHAP;
+ eap_send_success(esp);
+ eap_figure_next_state(esp, 0);
- if (esp->es_rechallenge != 0) {
- TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge);
- }
- PPP_MD_CTX_free(mdctx);
- break;
- }
- }
- }
- }
- }
- }
+ if (esp->es_rechallenge != 0) {
+ TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge);
+ }
+ PPP_MD_CTX_free(mdctx);
+ break;
+ }
+ }
+ }
+ }
+ }
+ }
- ctxt = PPP_MD_CTX_new();
- if (ctxt) {
- vallen = id;
-
- PPP_DigestInit(ctxt, PPP_sha1());
- PPP_DigestUpdate(ctxt, &vallen, 1);
- PPP_DigestUpdate(ctxt, esp->es_server.ea_skey,
- SESSION_KEY_LEN);
- PPP_DigestUpdate(ctxt, esp->es_challenge, esp->es_challen);
- PPP_DigestUpdate(ctxt, esp->es_server.ea_peer,
- esp->es_server.ea_peerlen);
- PPP_DigestFinal(ctxt, dig, &diglen);
-
- PPP_MD_CTX_free(ctxt);
-
- if (BCMP(dig, inp, SHA_DIGEST_LENGTH) != 0) {
- error("EAP: failed Lightweight rechallenge");
- eap_send_failure(esp);
- break;
- }
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+ vallen = id;
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &vallen, 1);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, esp->es_challenge, esp->es_challen);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_peer,
+ esp->es_server.ea_peerlen);
+ PPP_DigestFinal(ctxt, dig, &diglen);
+
+ PPP_MD_CTX_free(ctxt);
+
+ if (BCMP(dig, inp, SHA_DIGEST_LENGTH) != 0) {
+ error("EAP: failed Lightweight rechallenge");
+ eap_send_failure(esp);
+ break;
+ }
- esp->es_server.ea_state = eapOpen;
- if (esp->es_lwrechallenge != 0)
- TIMEOUT(srp_lwrechallenge, esp,
- esp->es_lwrechallenge);
- }
+ esp->es_server.ea_state = eapOpen;
+ if (esp->es_lwrechallenge != 0)
+ TIMEOUT(srp_lwrechallenge, esp,
+ esp->es_lwrechallenge);
+ }
printer(arg, " <M2%.*B%s>", len, inp,
printer(arg, " <M2%.*B%s>", len, inp,
printer(arg, " f<%X>", uval);
}
printer(arg, " <M1%.*B%s>", len, inp,
printer(arg, " f<%X>", uval);
}
printer(arg, " <M1%.*B%s>", len, inp,
case EAPSRP_LWRECHALLENGE:
printer(arg, " <Response%.*B%s>", len, inp,
case EAPSRP_LWRECHALLENGE:
printer(arg, " <Response%.*B%s>", len, inp,
- len == SHA_DIGESTSIZE ? "" : "?");
- if ((vallen = len) > SHA_DIGESTSIZE)
- vallen = SHA_DIGESTSIZE;
+ len == SHA_DIGEST_LENGTH ? "" : "?");
+ if ((vallen = len) > SHA_DIGEST_LENGTH)
+ vallen = SHA_DIGEST_LENGTH;