projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
implemented MS_MPPE encryption
[strongswan.git] / src / libradius / radius_socket.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "radius_socket.h"
17 #include "radius_mppe.h"
18
19 #include <errno.h>
20 #include <unistd.h>
21
22 #include <pen/pen.h>
23 #include <debug.h>
24
25 typedef struct private_radius_socket_t private_radius_socket_t;
26
27 /**
28 * Private data of an radius_socket_t object.
29 */
30 struct private_radius_socket_t {
31
32 /**
33 * Public radius_socket_t interface.
34 */
35 radius_socket_t public;
36
37 /**
38 * Server port for authentication
39 */
40 u_int16_t auth_port;
41
42 /**
43 * socket file descriptor for authentication
44 */
45 int auth_fd;
46
47 /**
48 * Server port for accounting
49 */
50 u_int16_t acct_port;
51
52 /**
53 * socket file descriptor for accounting
54 */
55 int acct_fd;
56
57 /**
58 * Server address
59 */
60 char *address;
61
62 /**
63 * current RADIUS identifier
64 */
65 u_int8_t identifier;
66
67 /**
68 * hasher to use for response verification
69 */
70 hasher_t *hasher;
71
72 /**
73 * HMAC-MD5 signer to build Message-Authenticator attribute
74 */
75 signer_t *signer;
76
77 /**
78 * random number generator for RADIUS request authenticator
79 */
80 rng_t *rng;
81
82 /**
83 * RADIUS secret
84 */
85 chunk_t secret;
86 };
87
88 /**
89 * Check or establish RADIUS connection
90 */
91 static bool check_connection(private_radius_socket_t *this,
92 int *fd, u_int16_t port)
93 {
94 if (*fd == -1)
95 {
96 host_t *server;
97
98 server = host_create_from_dns(this->address, AF_UNSPEC, port);
99 if (!server)
100 {
101 DBG1(DBG_CFG, "resolving RADIUS server address '%s' failed",
102 this->address);
103 return FALSE;
104 }
105 *fd = socket(server->get_family(server), SOCK_DGRAM, IPPROTO_UDP);
106 if (*fd == -1)
107 {
108 DBG1(DBG_CFG, "opening RADIUS socket for %#H failed: %s",
109 server, strerror(errno));
110 server->destroy(server);
111 return FALSE;
112 }
113 if (connect(*fd, server->get_sockaddr(server),
114 *server->get_sockaddr_len(server)) < 0)
115 {
116 DBG1(DBG_CFG, "connecting RADIUS socket to %#H failed: %s",
117 server, strerror(errno));
118 server->destroy(server);
119 close(*fd);
120 *fd = -1;
121 return FALSE;
122 }
123 server->destroy(server);
124 }
125 return TRUE;
126 }
127
128 METHOD(radius_socket_t, request, radius_message_t*,
129 private_radius_socket_t *this, radius_message_t *request)
130 {
131 chunk_t data;
132 int i, *fd;
133 u_int16_t port;
134 rng_t *rng = NULL;
135
136 if (request->get_code(request) == RMC_ACCOUNTING_REQUEST)
137 {
138 fd = &this->acct_fd;
139 port = this->acct_port;
140 }
141 else
142 {
143 fd = &this->auth_fd;
144 port = this->auth_port;
145 rng = this->rng;
146 }
147
148 /* set Message Identifier */
149 request->set_identifier(request, this->identifier++);
150 /* sign the request */
151 request->sign(request, NULL, this->secret, this->hasher, this->signer,
152 rng, rng != NULL);
153
154 if (!check_connection(this, fd, port))
155 {
156 return NULL;
157 }
158
159 data = request->get_encoding(request);
160 DBG3(DBG_CFG, "%B", &data);
161
162 /* timeout after 2, 3, 4, 5 seconds */
163 for (i = 2; i <= 5; i++)
164 {
165 radius_message_t *response;
166 bool retransmit = FALSE;
167 struct timeval tv;
168 char buf[4096];
169 fd_set fds;
170 int res;
171
172 if (send(*fd, data.ptr, data.len, 0) != data.len)
173 {
174 DBG1(DBG_CFG, "sending RADIUS message failed: %s", strerror(errno));
175 return NULL;
176 }
177 tv.tv_sec = i;
178 tv.tv_usec = 0;
179
180 while (TRUE)
181 {
182 FD_ZERO(&fds);
183 FD_SET(*fd, &fds);
184 res = select((*fd) + 1, &fds, NULL, NULL, &tv);
185 /* TODO: updated tv to time not waited. Linux does this for us. */
186 if (res < 0)
187 { /* failed */
188 DBG1(DBG_CFG, "waiting for RADIUS message failed: %s",
189 strerror(errno));
190 break;
191 }
192 if (res == 0)
193 { /* timeout */
194 DBG1(DBG_CFG, "retransmitting RADIUS message");
195 retransmit = TRUE;
196 break;
197 }
198 res = recv(*fd, buf, sizeof(buf), MSG_DONTWAIT);
199 if (res <= 0)
200 {
201 DBG1(DBG_CFG, "receiving RADIUS message failed: %s",
202 strerror(errno));
203 break;
204 }
205 response = radius_message_parse(chunk_create(buf, res));
206 if (response)
207 {
208 if (response->verify(response,
209 request->get_authenticator(request), this->secret,
210 this->hasher, this->signer))
211 {
212 return response;
213 }
214 response->destroy(response);
215 }
216 DBG1(DBG_CFG, "received invalid RADIUS message, ignored");
217 }
218 if (!retransmit)
219 {
220 break;
221 }
222 }
223 DBG1(DBG_CFG, "RADIUS server is not responding");
224 return NULL;
225 }
226
227 /**
228 * Decrypt a MS-MPPE-Send/Recv-Key
229 */
230 static chunk_t decrypt_mppe_key(private_radius_socket_t *this, u_int16_t salt,
231 chunk_t C, radius_message_t *request)
232 {
233 chunk_t A, R, P, seed;
234 u_char *c, *p;
235
236 /**
237 * From RFC2548 (encryption):
238 * b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1)
239 * b(2) = MD5(S + c(1)) c(2) = p(2) xor b(2) C = C + c(2)
240 * . . .
241 * b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i)
242 */
243
244 if (C.len % HASH_SIZE_MD5 || C.len < HASH_SIZE_MD5)
245 {
246 return chunk_empty;
247 }
248
249 A = chunk_create((u_char*)&salt, sizeof(salt));
250 R = chunk_create(request->get_authenticator(request), HASH_SIZE_MD5);
251 P = chunk_alloca(C.len);
252 p = P.ptr;
253 c = C.ptr;
254
255 seed = chunk_cata("cc", R, A);
256
257 while (c < C.ptr + C.len)
258 {
259 /* b(i) = MD5(S + c(i-1)) */
260 this->hasher->get_hash(this->hasher, this->secret, NULL);
261 this->hasher->get_hash(this->hasher, seed, p);
262
263 /* p(i) = b(i) xor c(1) */
264 memxor(p, c, HASH_SIZE_MD5);
265
266 /* prepare next round */
267 seed = chunk_create(c, HASH_SIZE_MD5);
268 c += HASH_SIZE_MD5;
269 p += HASH_SIZE_MD5;
270 }
271
272 /* remove truncation, first byte is key length */
273 if (*P.ptr >= P.len)
274 { /* decryption failed? */
275 return chunk_empty;
276 }
277 return chunk_clone(chunk_create(P.ptr + 1, *P.ptr));
278 }
279
280 METHOD(radius_socket_t, decrypt_msk, chunk_t,
281 private_radius_socket_t *this, radius_message_t *request,
282 radius_message_t *response)
283 {
284 mppe_key_t *mppe_key;
285 enumerator_t *enumerator;
286 chunk_t data, send = chunk_empty, recv = chunk_empty;
287 int type;
288
289 enumerator = response->create_enumerator(response);
290 while (enumerator->enumerate(enumerator, &type, &data))
291 {
292 if (type == RAT_VENDOR_SPECIFIC && data.len > sizeof(mppe_key_t))
293 {
294 mppe_key = (mppe_key_t*)data.ptr;
295 if (ntohl(mppe_key->id) == PEN_MICROSOFT &&
296 mppe_key->length == data.len - sizeof(mppe_key->id))
297 {
298 data = chunk_create(mppe_key->key, data.len - sizeof(mppe_key_t));
299 if (mppe_key->type == MS_MPPE_SEND_KEY)
300 {
301 send = decrypt_mppe_key(this, mppe_key->salt, data, request);
302 }
303 if (mppe_key->type == MS_MPPE_RECV_KEY)
304 {
305 recv = decrypt_mppe_key(this, mppe_key->salt, data, request);
306 }
307 }
308 }
309 }
310 enumerator->destroy(enumerator);
311 if (send.ptr && recv.ptr)
312 {
313 return chunk_cat("mm", recv, send);
314 }
315 chunk_clear(&send);
316 chunk_clear(&recv);
317 return chunk_empty;
318 }
319
320 METHOD(radius_socket_t, destroy, void,
321 private_radius_socket_t *this)
322 {
323 DESTROY_IF(this->hasher);
324 DESTROY_IF(this->signer);
325 DESTROY_IF(this->rng);
326 if (this->auth_fd != -1)
327 {
328 close(this->auth_fd);
329 };
330 if (this->acct_fd != -1)
331 {
332 close(this->acct_fd);
333 }
334 free(this);
335 }
336
337 /**
338 * See header
339 */
340 radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port,
341 u_int16_t acct_port, chunk_t secret)
342 {
343 private_radius_socket_t *this;
344
345 INIT(this,
346 .public = {
347 .request = _request,
348 .decrypt_msk = _decrypt_msk,
349 .destroy = _destroy,
350 },
351 .address = address,
352 .auth_port = auth_port,
353 .auth_fd = -1,
354 .acct_port = acct_port,
355 .acct_fd = -1,
356 .hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5),
357 .signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128),
358 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
359 );
360
361 if (!this->hasher || !this->signer || !this->rng)
362 {
363 DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/RNG required");
364 destroy(this);
365 return NULL;
366 }
367 this->secret = secret;
368 this->signer->set_key(this->signer, secret);
369 /* we use a random identifier, helps if we restart often */
370 this->identifier = random();
371
372 return &this->public;
373 }
strongSwan - IPsec VPN