#include "magic.h"
#include "ppp-crypto.h"
-#define MD5_HASH_SIZE 16
#define MD5_MIN_CHALLENGE 16
#define MD5_MAX_CHALLENGE 24
char *message, int message_space)
{
unsigned char idbyte = id;
- unsigned char hash[MD5_HASH_SIZE];
- unsigned int hash_len = MD5_HASH_SIZE;
+ unsigned char hash[MD5_DIGEST_LENGTH];
+ unsigned int hash_len = MD5_DIGEST_LENGTH;
int challenge_len, response_len;
- bool success = 0;
+ bool success = 0;
challenge_len = *challenge++;
response_len = *response++;
- if (response_len == MD5_HASH_SIZE) {
+ if (response_len == MD5_DIGEST_LENGTH) {
/* Generate hash of ID, secret, challenge */
- PPP_MD_CTX* ctx = PPP_MD_CTX_new();
- if (ctx) {
+ PPP_MD_CTX* ctx = PPP_MD_CTX_new();
+ if (ctx) {
- if (PPP_DigestInit(ctx, PPP_md5())) {
+ if (PPP_DigestInit(ctx, PPP_md5())) {
- if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
+ if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
- if (PPP_DigestUpdate(ctx, secret, secret_len)) {
+ if (PPP_DigestUpdate(ctx, secret, secret_len)) {
- if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
+ if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
- if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
- success = 1;
- }
- }
- }
- }
- }
- PPP_MD_CTX_free(ctx);
- }
+ success = 1;
+ }
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+ }
+ if (success && memcmp(hash, response, hash_len) == 0) {
+ slprintf(message, message_space, "Access granted");
+ return 1;
}
- if (success && memcmp(hash, response, hash_len) == 0) {
- slprintf(message, message_space, "Access granted");
- return 1;
- }
slprintf(message, message_space, "Access denied");
return 0;
}
{
unsigned char idbyte = id;
int challenge_len = *challenge++;
- int hash_len = MD5_HASH_SIZE;
+ int hash_len = MD5_DIGEST_LENGTH;
- PPP_MD_CTX* ctx = PPP_MD_CTX_new();
- if (ctx) {
+ PPP_MD_CTX* ctx = PPP_MD_CTX_new();
+ if (ctx) {
- if (PPP_DigestInit(ctx, PPP_md5())) {
+ if (PPP_DigestInit(ctx, PPP_md5())) {
- if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
+ if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
- if (PPP_DigestUpdate(ctx, secret, secret_len)) {
+ if (PPP_DigestUpdate(ctx, secret, secret_len)) {
- if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
+ if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
- if (PPP_DigestFinal(ctx, &response[1], &hash_len)) {
+ if (PPP_DigestFinal(ctx, &response[1], &hash_len)) {
- response[0] = hash_len;
- }
- }
- }
- }
- }
- PPP_MD_CTX_free(ctx);
- }
+ response[0] = hash_len;
+ }
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
}
static struct chap_digest_type md5_digest = {
#endif
static void ascii2unicode (char[], int, u_char[]);
-static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]);
-static int ChallengeResponse (u_char *, u_char *, u_char[24]);
+static void NTPasswordHash (u_char *, int, unsigned char *);
+static int ChallengeResponse (u_char *, u_char *, u_char*);
static void ChapMS_NT (u_char *, char *, int, u_char[24]);
static void ChapMS2_NT (u_char *, u_char[16], char *, char *, int,
u_char[24]);
free(msg);
}
-// TODO: Move this definition somewhere
-#define NT_RESPONSE_LEN 24
-
static int
ChallengeResponse(u_char *challenge,
- u_char PasswordHash[MD4_SIGNATURE_SIZE],
- u_char response[NT_RESPONSE_LEN])
+ u_char *PasswordHash,
+ u_char *response)
{
u_char ZPasswordHash[21];
PPP_CIPHER_CTX *ctx;
- int outlen = NT_RESPONSE_LEN;
+ int outlen = 0;
int offset = 0;
int retval = 0;
BZERO(ZPasswordHash, sizeof(ZPasswordHash));
- BCOPY(PasswordHash, ZPasswordHash, MD4_SIGNATURE_SIZE);
+ BCOPY(PasswordHash, ZPasswordHash, MD4_DIGEST_LENGTH);
#if 0
dbglog("ChallengeResponse - ZPasswordHash %.*B",
{
PPP_MD_CTX* ctx;
- u_char hash[SHA1_SIGNATURE_SIZE];
+ u_char hash[SHA_DIGEST_LENGTH];
int hash_len;
char *user;
if (PPP_DigestUpdate(ctx, user, strlen(user))) {
- hash_len = SHA1_SIGNATURE_SIZE;
+ hash_len = SHA_DIGEST_LENGTH;
if (PPP_DigestFinal(ctx, hash, &hash_len)) {
BCOPY(hash, Challenge, 8);
}
static void
-NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
+NTPasswordHash(u_char *secret, int secret_len, unsigned char* hash)
{
PPP_MD_CTX* ctx = PPP_MD_CTX_new();
if (ctx != NULL) {
if (PPP_DigestUpdate(ctx, secret, secret_len)) {
- int hash_len = MD4_SIGNATURE_SIZE;
+ int hash_len = MD4_DIGEST_LENGTH;
PPP_DigestFinal(ctx, hash, &hash_len);
}
}
u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
/* Hash the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
char *secret, int secret_len, u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
u_char Challenge[8];
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
{
int i;
u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
/* LANMan password is case insensitive */
BZERO(UcasePassword, sizeof(UcasePassword));
void
-GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], u_char PeerChallenge[16],
- u_char *rchallenge, char *username,
- u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
+GenerateAuthenticatorResponse(unsigned char* PasswordHashHash,
+ unsigned char *NTResponse, unsigned char *PeerChallenge,
+ unsigned char *rchallenge, char *username,
+ unsigned char *authResponse)
{
/*
* "Magic" constants used in response generation, from RFC 2759.
int i;
PPP_MD_CTX *ctx;
- u_char Digest[SHA1_SIGNATURE_SIZE];
+ u_char Digest[SHA_DIGEST_LENGTH];
int hash_len;
u_char Challenge[8];
if (PPP_DigestInit(ctx, PPP_sha1())) {
- if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_SIGNATURE_SIZE)) {
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
if (PPP_DigestUpdate(ctx, NTResponse, 24)) {
u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
#include "pppdconf.h"
-#define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */
#define MAX_NT_PASSWORD 256 /* Max (Unicode) chars in an NT pass */
#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
-void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], u_char PeerChallenge[16],
- u_char *rchallenge, char *username,
- u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]);
+
+/**
+ * PasswordHashHash - 16 bytes representing the NT Password Hash Hash
+ * NTResponse - 24 bytes represending the NTResponse parameter
+ * PeerChallenge - 16 bytes challange for peer
+ * rchallenge - 16 bytes challenge provided by peer
+ * authResponse - 24 + 1 byte to store the authenticator response
+ */
+void GenerateAuthenticatorResponse(unsigned char *PasswordHashHash,
+ unsigned char *NTResponse, unsigned char *PeerChallenge,
+ unsigned char *rchallenge, char *username,
+ unsigned char *authResponse);
void chapms_init(void);
* RFC 2548 (RADIUS support) requires us to export this function (ugh).
*/
void
-mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
+mppe_set_chapv1(unsigned char *rchallenge, unsigned char *PasswordHashHash)
{
PPP_MD_CTX *ctx;
- u_char Digest[SHA1_SIGNATURE_SIZE];
+ u_char Digest[SHA_DIGEST_LENGTH];
int DigestLen;
ctx = PPP_MD_CTX_new();
if (PPP_DigestInit(ctx, PPP_sha1())) {
- if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_SIGNATURE_SIZE)) {
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
- if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_SIGNATURE_SIZE)) {
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
if (PPP_DigestUpdate(ctx, rchallenge, 8)) {
- DigestLen = SHA1_SIGNATURE_SIZE;
+ DigestLen = SHA_DIGEST_LENGTH;
PPP_DigestFinal(ctx, Digest, &DigestLen);
}
}
* NTHashHash from the server.
*/
void
-mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer)
+mppe_set_chapv2(unsigned char *PasswordHashHash, unsigned char *NTResponse,
+ int IsServer)
{
PPP_MD_CTX *ctx;
- u_char MasterKey[SHA1_SIGNATURE_SIZE];
- u_char SendKey[SHA1_SIGNATURE_SIZE];
- u_char RecvKey[SHA1_SIGNATURE_SIZE];
+ u_char MasterKey[SHA_DIGEST_LENGTH];
+ u_char SendKey[SHA_DIGEST_LENGTH];
+ u_char RecvKey[SHA_DIGEST_LENGTH];
int KeyLen;
u_char SHApad1[40] =
if (PPP_DigestInit(ctx, PPP_sha1())) {
- if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_SIGNATURE_SIZE)) {
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
if (PPP_DigestUpdate(ctx, NTResponse, 24)) {
if (PPP_DigestUpdate(ctx, Magic1, sizeof(Magic1))) {
- KeyLen = SHA1_SIGNATURE_SIZE;
+ KeyLen = SHA_DIGEST_LENGTH;
PPP_DigestFinal(ctx, MasterKey, &KeyLen);
}
}
if (PPP_DigestUpdate(ctx, SHApad2, sizeof(SHApad2))) {
- KeyLen = SHA1_SIGNATURE_SIZE;
+ KeyLen = SHA_DIGEST_LENGTH;
PPP_DigestFinal(ctx, SendKey, &KeyLen);
}
}
if (PPP_DigestUpdate(ctx, SHApad2, sizeof(SHApad2))) {
- KeyLen = SHA1_SIGNATURE_SIZE;
+ KeyLen = SHA_DIGEST_LENGTH;
PPP_DigestFinal(ctx, RecvKey, &KeyLen);
}
}
PPP_MD_CTX_free(ctx);
}
- mppe_set_keys(SendKey, RecvKey, SHA1_SIGNATURE_SIZE);
+ mppe_set_keys(SendKey, RecvKey, SHA_DIGEST_LENGTH);
}
#ifndef UNIT_TEST
/*
* Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079
*/
-void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]);
+void mppe_set_chapv1(unsigned char *rchallenge, unsigned char *PasswordHashHash);
/*
* Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079
*/
-void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer);
+void mppe_set_chapv2(unsigned char *PasswordHashHash,
+ unsigned char *NTResponse, int IsServer);
#endif // #ifdef PPP_WITH_MPPE
#endif // #ifdef PPP_MPPE_H
radius_la_LDFLAGS = $(RADIUS_LDFLAGS)
radius_la_SOURCES = radius.c
radius_la_LIBADD = libradiusclient.la
-if WITH_OPENSSL
-radius_la_LIBADD += $(OPENSSL_LIBS)
-endif
radattr_la_CPPFLAGS = $(RADIUS_CPPFLAGS)
radattr_la_LDFLAGS = $(RADIUS_LDFLAGS)
libradiusclient_la_SOURCES = \
avpair.c buildreq.c config.c dict.c ip_util.c \
- clientid.c sendserver.c lock.c util.c
+ clientid.c sendserver.c lock.c util.c md5.c
libradiusclient_la_CPPFLAGS = $(RADIUS_CPPFLAGS) -DSYSCONFDIR=\"${sysconfdir}\"
-if !WITH_OPENSSL
-libradiusclient_la_SOURCES += md5.c
-else
-if OPENSSL_HAVE_MD5
-libradiusclient_la_SOURCES += md5.c
-else
-libradiusclient_la_CPPFLAGS += $(OPENSSL_INCLUDES)
-endif
-endif
-
EXTRA_DIST = \
$(EXTRA_FILES) \
$(EXTRA_ETC)
/*
* $Id: md5.c,v 1.1 2004/11/14 07:26:26 paulus Exp $
*/
-#include <pppd/md5.h>
+#include <stddef.h>
-void rc_md5_calc (unsigned char *output, unsigned char *input, unsigned int inlen)
+#include <pppd/ppp-crypto.h>
+
+int rc_md5_calc(unsigned char *out, const unsigned char *in, unsigned int inl)
{
- MD5_CTX context;
+ int retval = 0;
+ int outl = MD5_DIGEST_LENGTH;
+
+ PPP_MD_CTX *ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, in, inl)) {
+
+ if (PPP_DigestFinal(ctx, out, &outl)) {
+
+ retval = 1;
+ }
+ }
+ }
- MD5_Init (&context);
- MD5_Update (&context, input, inlen);
- MD5_Final (output, &context);
+ PPP_MD_CTX_free(ctx);
+ }
+ return retval;
}
#include <pppd/chap_ms.h>
#ifdef PPP_WITH_MPPE
#include <pppd/mppe.h>
-#include <pppd/md5.h>
+#include <pppd/ppp-crypto.h>
#endif
#endif
#include <pppd/fsm.h>
#define BUF_LEN 1024
-#define MD5_HASH_SIZE 16
-
#define MSDNS 1
static char *config_file = NULL;
switch (digest->code) {
case CHAP_MD5:
/* CHAP-Challenge and CHAP-Password */
- if (response_len != MD5_HASH_SIZE)
+ if (response_len != MD5_DIGEST_LENGTH)
return 0;
cpassword[0] = id;
- memcpy(&cpassword[1], response, MD5_HASH_SIZE);
+ memcpy(&cpassword[1], response, MD5_DIGEST_LENGTH);
rc_avpair_add(&send, PW_CHAP_CHALLENGE,
challenge, challenge_len, VENDOR_NONE);
rc_avpair_add(&send, PW_CHAP_PASSWORD,
- cpassword, MD5_HASH_SIZE + 1, VENDOR_NONE);
+ cpassword, MD5_DIGEST_LENGTH + 1, VENDOR_NONE);
break;
#ifdef PPP_WITH_CHAPMS
unsigned char *challenge)
{
int i;
- MD5_CTX Context;
- u_char plain[32];
- u_char buf[16];
+ int status = 0;
+ PPP_MD_CTX *ctx;
+ unsigned char plain[32];
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ unsigned int buflen;
+
if (vp->lvalue != 32) {
error("RADIUS: Incorrect attribute length (%d) for MS-CHAP-MPPE-Keys",
memcpy(plain, vp->strvalue, sizeof(plain));
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN);
- MD5_Final(buf, &Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
- for (i = 0; i < 16; i++)
- plain[i] ^= buf[i];
+ if (PPP_DigestInit(ctx, PPP_md5())) {
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, vp->strvalue, 16);
- MD5_Final(buf, &Context);
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
- for(i = 0; i < 16; i++)
- plain[i + 16] ^= buf[i];
+ if (PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) {
- /*
- * Annoying. The "key" returned is just the NTPasswordHashHash, which
- * the NAS (us) doesn't need; we only need the start key. So we have
- * to generate the start key, sigh. NB: We do not support the LM-Key.
- */
- mppe_set_chapv1(challenge, &plain[8]);
+ buflen = sizeof(buf);
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
+ plain[i] ^= buf[i];
+ }
+
+ status = 0;
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
- return 0;
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+
+ if (PPP_DigestUpdate(ctx, vp->strvalue, 16)) {
+
+ buflen = MD5_DIGEST_LENGTH;
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ for(i = 0; i < MD5_DIGEST_LENGTH; i++) {
+ plain[i + 16] ^= buf[i];
+ }
+
+ /*
+ * Annoying. The "key" returned is just the NTPasswordHashHash, which
+ * the NAS (us) doesn't need; we only need the start key. So we have
+ * to generate the start key, sigh. NB: We do not support the LM-Key.
+ */
+ mppe_set_chapv1(challenge, &plain[8]);
+ return 0;
+ }
+ }
+
+ return -1;
}
/**********************************************************************
radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
{
int i;
- MD5_CTX Context;
- u_char *salt = vp->strvalue;
- u_char *crypt = vp->strvalue + 2;
- u_char plain[32];
- u_char buf[MD5_HASH_SIZE];
+ int status = 0;
+ PPP_MD_CTX *ctx;
+ unsigned char *salt = vp->strvalue;
+ unsigned char *crypt = vp->strvalue + 2;
+ unsigned char plain[32];
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ unsigned int buflen;
char *type = "Send";
if (vp->attribute == PW_MS_MPPE_RECV_KEY)
memcpy(plain, crypt, 32);
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN);
- MD5_Update(&Context, salt, 2);
- MD5_Final(buf, &Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
- for (i = 0; i < 16; i++)
- plain[i] ^= buf[i];
+ if (PPP_DigestInit(ctx, PPP_md5())) {
- if (plain[0] != 16) {
- error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
- (int) plain[0], type);
- return -1;
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+
+ if (PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) {
+
+ if (PPP_DigestUpdate(ctx, salt, 2)) {
+
+ buflen = sizeof(buf);
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
}
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, crypt, 16);
- MD5_Final(buf, &Context);
+ if (status) {
- plain[16] ^= buf[0]; /* only need the first byte */
+ for (i = 0; i < 16; i++) {
+ plain[i] ^= buf[i];
+ }
- if (vp->attribute == PW_MS_MPPE_SEND_KEY)
- mppe_set_keys(plain + 1, NULL, 16);
- else
- mppe_set_keys(NULL, plain + 1, 16);
+ if (plain[0] != 16) {
+ error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
+ (int) plain[0], type);
+ return -1;
+ }
- return 0;
+ status = 0;
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+
+ if (PPP_DigestUpdate(ctx, crypt, 16)) {
+
+ if (PPP_DigestUpdate(ctx, salt, 2)) {
+
+ buflen = sizeof(buf);
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ plain[16] ^= buf[0]; /* only need the first byte */
+
+ if (vp->attribute == PW_MS_MPPE_SEND_KEY) {
+ mppe_set_keys(plain + 1, NULL, 16);
+ } else {
+ mppe_set_keys(NULL, plain + 1, 16);
+ }
+ return 0;
+ }
+ }
+
+ return -1;
}
#endif /* PPP_WITH_MPPE */
/* md5.c */
-void rc_md5_calc(unsigned char *, unsigned char *, unsigned int);
+int rc_md5_calc(unsigned char *out, const unsigned char *in, unsigned int inl);
#endif /* RADIUSCLIENT_H */
#include <pppd/fsm.h>
#include <pppd/ipcp.h>
#include <pppd/mppe.h>
+#include <pppd/ppp-crypto.h>
#define BUF_LEN 1024
u_char *lm_response = NULL;
int nt_response_size = 0;
int lm_response_size = 0;
- u_char session_key[16];
+ u_char session_key[MD4_DIGEST_LENGTH];
if (response_len != MS_CHAP_RESPONSE_LEN)
break; /* not even the right length */
case CHAP_MICROSOFT_V2:
{
u_char Challenge[8];
- u_char session_key[MD4_SIGNATURE_SIZE];
+ u_char session_key[MD4_DIGEST_LENGTH];
char *error_string = NULL;
if (response_len != MS_CHAP2_RESPONSE_LEN)
failure++;
}
- /* Bug in DES EVP decryption, TODO: file an issue
if (!test_des_decrypt()) {
printf("DES decryption test failed\n");
failure++;
}
- */
if (!PPP_crypto_deinit()) {
printf("Couldn't deinitialize crypto test\n");
#ifndef PPP_CRYPTO_H
#define PPP_CRYPTO_H
-
-#ifndef SHA1_SIGNATURE_SIZE
-#ifdef SHA_DIGESTSIZE
-#define SHA1_SIGNATURE_SIZE SHA_DIGESTSIZE
-#else
-#define SHA1_SIGNATURE_SIZE 20
+#ifndef MD5_DIGEST_LENGTH
+#define MD5_DIGEST_LENGTH 16
#endif
+
+#ifndef MD4_DIGEST_LENGTH
+#define MD4_DIGEST_LENGTH 16
#endif
+#ifndef SHA_DIGEST_LENGTH
+#define SHA_DIGEST_LENGTH 20
+#endif
struct _PPP_MD_CTX;
struct _PPP_MD;
MakeKey(key, ctx->key);
}
if (EVP_CipherInit(cc, EVP_des_ecb(), ctx->key, ctx->iv, ctx->is_encr)) {
- ctx->priv = cc;
- return 1;
+
+ if (EVP_CIPHER_CTX_set_padding(cc, 0)) {
+ ctx->priv = cc;
+ return 1;
+ }
}
EVP_CIPHER_CTX_free(cc);
}
projects / ppp.git / commitdiff