+#ifdef MPPE
+/**********************************************************************
+* %FUNCTION: radius_setmppekeys
+* %ARGUMENTS:
+* vp -- value pair holding MS-CHAP-MPPE-KEYS attribute
+* req_info -- radius request information used for encryption
+* cstate -- chap_state structure for challenge info
+* %RETURNS:
+* >= 0 on success; -1 on failure
+* %DESCRIPTION:
+* Decrypt the "key" provided by the RADIUS server for MPPE encryption.
+* See RFC 2548.
+***********************************************************************/
+static int
+radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, chap_state *cstate)
+{
+ int i;
+ MD5_CTX Context;
+ u_char plain[32];
+ u_char buf[16];
+
+ if (vp->lvalue != 32) {
+ error("RADIUS: Incorrect attribute length (%d) for MS-CHAP-MPPE-Keys",
+ vp->lvalue);
+ return -1;
+ }
+
+ memcpy(plain, vp->strvalue, sizeof(plain));
+
+ MD5Init(&Context);
+ MD5Update(&Context, req_info->secret, strlen(req_info->secret));
+ MD5Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN);
+ MD5Final(buf, &Context);
+
+ for (i = 0; i < 16; i++)
+ plain[i] ^= buf[i];
+
+ MD5Init(&Context);
+ MD5Update(&Context, req_info->secret, strlen(req_info->secret));
+ MD5Update(&Context, vp->strvalue, 16);
+ MD5Final(buf, &Context);
+
+ for(i = 0; i < 16; i++)
+ plain[i + 16] ^= buf[i];
+
+ /*
+ * Annoying. The "key" returned is just the NTPasswordHashHash, which
+ * the NAS (us) doesn't need; we only need the start key. So we have
+ * to generate the start key, sigh. NB: We do not support the LM-Key.
+ */
+ mppe_set_keys(cstate->challenge, &plain[8]);
+
+ return 0;
+}
+
+/**********************************************************************
+* %FUNCTION: radius_setmppekeys2
+* %ARGUMENTS:
+* vp -- value pair holding MS-MPPE-SEND-KEY or MS-MPPE-RECV-KEY attribute
+* req_info -- radius request information used for encryption
+* %RETURNS:
+* >= 0 on success; -1 on failure
+* %DESCRIPTION:
+* Decrypt the key provided by the RADIUS server for MPPE encryption.
+* See RFC 2548.
+***********************************************************************/
+static int
+radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
+{
+ int i;
+ MD5_CTX Context;
+ u_char *salt = vp->strvalue;
+ u_char *crypt = vp->strvalue + 2;
+ u_char plain[32];
+ u_char buf[MD5_SIGNATURE_SIZE];
+ char *type = "Send";
+
+ if (vp->attribute == PW_MS_MPPE_RECV_KEY)
+ type = "Recv";
+
+ if (vp->lvalue != 34) {
+ error("RADIUS: Incorrect attribute length (%d) for MS-MPPE-%s-Key",
+ vp->lvalue, type);
+ return -1;
+ }
+
+ if ((salt[0] & 0x80) == 0) {
+ error("RADIUS: Illegal salt value for MS-MPPE-%s-Key attribute", type);
+ return -1;
+ }
+
+ memcpy(plain, crypt, 32);
+
+ MD5Init(&Context);
+ MD5Update(&Context, req_info->secret, strlen(req_info->secret));
+ MD5Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN);
+ MD5Update(&Context, salt, 2);
+ MD5Final(buf, &Context);
+
+ for (i = 0; i < 16; i++)
+ plain[i] ^= buf[i];
+
+ if (plain[0] != sizeof(mppe_send_key) /* 16 */) {
+ error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
+ (int) plain[0], type);
+ return -1;
+ }
+
+ MD5Init(&Context);
+ MD5Update(&Context, req_info->secret, strlen(req_info->secret));
+ MD5Update(&Context, crypt, 16);
+ MD5Final(buf, &Context);
+
+ plain[16] ^= buf[0]; /* only need the first byte */
+
+ if (vp->attribute == PW_MS_MPPE_SEND_KEY)
+ memcpy(mppe_send_key, plain + 1, 16);
+ else
+ memcpy(mppe_recv_key, plain + 1, 16);
+
+ return 0;
+}
+#endif /* MPPE */
+