implemented MS_MPPE encryption
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 13 Mar 2012 22:26:15 +0000 (23:26 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 13 Mar 2012 22:26:15 +0000 (23:26 +0100)
src/libcharon/plugins/tnc_pdp/tnc_pdp.c
src/libradius/Makefile.am
src/libradius/radius_mppe.h [new file with mode: 0644]
src/libradius/radius_socket.c

index 1beeb8d..3aa2c88 100644 (file)
 #include <unistd.h>
 
 #include <radius_message.h>
+#include <radius_mppe.h>
 
 #include <daemon.h>
 #include <debug.h>
+#include <pen/pen.h>
 #include <threading/thread.h>
 #include <processing/jobs/callback_job.h>
 #include <sa/authenticators/eap/eap_method.h>
@@ -85,6 +87,11 @@ struct private_tnc_pdp_t {
        signer_t *signer;
 
        /**
+        * Random number generator for MS-MPPE salt values
+        */
+       rng_t *rng;
+
+       /**
         * List of registered TNC-PDP connections
         */
        tnc_pdp_connections_t *connections;
@@ -177,15 +184,72 @@ static void send_message(private_tnc_pdp_t *this, radius_message_t *message,
 }
 
 /**
+ * Encrypt a MS-MPPE-Send/Recv-Key
+ */
+static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, u_int8_t type,
+                                                               chunk_t key, radius_message_t *request)
+{
+       chunk_t a, r, seed, data;
+       u_char b[HASH_SIZE_MD5], *c;
+       mppe_key_t *mppe_key;
+
+       /**
+        * From RFC2548 (encryption):
+        * b(1) = MD5(S + R + A)    c(1) = p(1) xor b(1)   C = c(1)
+        * b(2) = MD5(S + c(1))     c(2) = p(2) xor b(2)   C = C + c(2)
+        *      . . .
+        * b(i) = MD5(S + c(i-1))   c(i) = p(i) xor b(i)   C = C + c(i)
+        */
+
+       data = chunk_alloc(sizeof(mppe_key_t) +
+                                          HASH_SIZE_MD5 * (1 + key.len / HASH_SIZE_MD5));
+       memset(data.ptr, 0x00, data.len);
+
+       mppe_key = (mppe_key_t*)data.ptr;
+       mppe_key->id = htonl(PEN_MICROSOFT);
+       mppe_key->type = type;
+       mppe_key->length = data.len - sizeof(mppe_key->id);
+       mppe_key->key[0] = key.len;
+
+       memcpy(&mppe_key->key[1], key.ptr, key.len);
+
+       /* generate a 16 bit random salt value */
+       a = chunk_create((u_char*)&(mppe_key->salt), sizeof(mppe_key->salt));
+       this->rng->get_bytes(this->rng, a.len, a.ptr);
+
+       /* the MSB of the salt MUST be set to 1 */
+       *a.ptr |= 0x80;
+
+       r = chunk_create(request->get_authenticator(request), HASH_SIZE_MD5);
+       seed = chunk_cata("cc", r, a);
+       c = mppe_key->key;
+
+       while (c < data.ptr + data.len)
+       {
+               /* b(i) = MD5(S + c(i-1)) */
+               this->hasher->get_hash(this->hasher, this->secret, NULL);
+               this->hasher->get_hash(this->hasher, seed, b);
+
+               /* c(i) = b(i) xor p(1) */
+               memxor(c, b, HASH_SIZE_MD5);
+
+               /* prepare next round */
+               seed = chunk_create(c, HASH_SIZE_MD5);
+               c += HASH_SIZE_MD5;
+       }
+
+       return data;
+}
+
+/**
  * Send a RADIUS response for a request
  */
-static void send_response(private_tnc_pdp_t *this,
-                                                 radius_message_t *request, radius_message_code_t code,
-                                                 eap_payload_t *eap, identification_t *group,
-                                                 host_t *client)
+static void send_response(private_tnc_pdp_t *this, radius_message_t *request,
+                                                 radius_message_code_t code, eap_payload_t *eap,
+                                                 identification_t *group, chunk_t msk, host_t *client)
 {
        radius_message_t *response;
-       chunk_t data;
+       chunk_t data, recv, send;
        u_int32_t tunnel_type;
 
        response = radius_message_create(code);
@@ -211,6 +275,18 @@ static void send_response(private_tnc_pdp_t *this,
                response->add(response, RAT_TUNNEL_TYPE, data);
                response->add(response, RAT_FILTER_ID, group->get_encoding(group));
        }
+       if (msk.len)
+       {
+               recv = chunk_create(msk.ptr, msk.len / 2);
+               data = encrypt_mppe_key(this, MS_MPPE_RECV_KEY, recv, request);
+               response->add(response, RAT_VENDOR_SPECIFIC, data);
+               chunk_free(&data);
+               
+               send = chunk_create(msk.ptr + recv.len, msk.len - recv.len);
+               data = encrypt_mppe_key(this, MS_MPPE_SEND_KEY, send, request);
+               response->add(response, RAT_VENDOR_SPECIFIC, data);
+               chunk_free(&data);
+       }
        response->set_identifier(response, request->get_identifier(request));
        response->sign(response, request->get_authenticator(request),
                                   this->secret, this->hasher, this->signer, NULL, TRUE);
@@ -232,7 +308,7 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request,
        eap_method_t *method;
        eap_type_t eap_type;
        u_int32_t eap_vendor;
-       chunk_t data, message = chunk_empty;
+       chunk_t data, message = chunk_empty, msk = chunk_empty;
        chunk_t user_name = chunk_empty, nas_id = chunk_empty;
        identification_t *group = NULL;
        radius_message_code_t code = RMC_ACCESS_CHALLENGE;
@@ -315,7 +391,7 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request,
                                        break;
                                case SUCCESS:
                                        code = RMC_ACCESS_ACCEPT;
-
+                                       method->get_msk(method, &msk);
                                        auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
                                        e = auth->create_enumerator(auth);
                                        while (e->enumerate(e, &type, &data))
@@ -342,7 +418,7 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request,
                        charon->bus->set_sa(charon->bus, NULL);
                }
 
-               send_response(this, request, code, out, group, source);
+               send_response(this, request, code, out, group, msk, source);
                out->destroy(out);
 
                if (code == RMC_ACCESS_ACCEPT || code == RMC_ACCESS_REJECT)
@@ -475,6 +551,7 @@ METHOD(tnc_pdp_t, destroy, void,
        DESTROY_IF(this->server);
        DESTROY_IF(this->signer);
        DESTROY_IF(this->hasher);
+       DESTROY_IF(this->rng);
        DESTROY_IF(this->connections);
        free(this);
 }
@@ -495,12 +572,19 @@ tnc_pdp_t *tnc_pdp_create(u_int16_t port)
                .ipv6 = open_socket(this, AF_INET6, port),
                .hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5),
                .signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128),
+               .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
                .connections = tnc_pdp_connections_create(),
        );
 
+       if (!this->hasher || !this->signer || !this->rng)
+       {
+               DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/RNG required");
+               destroy(this);
+               return NULL;
+       }
        if (!this->ipv4 && !this->ipv6)
        {
-               DBG1(DBG_NET, "couldd not create any RADIUS sockets");
+               DBG1(DBG_NET, "could not create any RADIUS sockets");
                destroy(this);
                return NULL;
        }
@@ -512,11 +596,6 @@ tnc_pdp_t *tnc_pdp_create(u_int16_t port)
        {
                DBG1(DBG_NET, "could not open IPv6 RADIUS socket, IPv6 disabled");
        }
-       if (!this->hasher || !this->signer)
-       {
-               destroy(this);
-               return NULL;
-       }
 
        server = lib->settings->get_str(lib->settings,
                                                "charon.plugins.tnc-pdp.server", NULL);
index f891e01..5672f7b 100644 (file)
@@ -6,5 +6,6 @@ libradius_la_SOURCES = \
        radius_message.h radius_message.c \
        radius_socket.h radius_socket.c \
        radius_client.h radius_client.c \
-       radius_config.h radius_config.c
+       radius_config.h radius_config.c \
+       radius_mppe.h
 
diff --git a/src/libradius/radius_mppe.h b/src/libradius/radius_mppe.h
new file mode 100644 (file)
index 0000000..0c4aae7
--- /dev/null
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup libradius libradius
+ *
+ * @addtogroup libradius
+ * RADIUS protocol support library.
+ *
+ * @defgroup radius_msse radius_msse
+ * @{ @ingroup libradius
+ */
+
+#ifndef RADIUS_MSSE_H_
+#define RADIUS_MSSE_H_
+
+/**
+ * Microsoft specific vendor attributes
+ */
+#define MS_MPPE_SEND_KEY 16
+#define MS_MPPE_RECV_KEY 17
+
+typedef struct mppe_key_t mppe_key_t;
+
+struct mppe_key_t {
+       u_int32_t id;
+       u_int8_t type;
+       u_int8_t length;
+       u_int16_t salt;
+       u_int8_t key[];
+} __attribute__((packed));
+
+#endif /** RADIUS_MSSE_H_ @}*/
index 6313595..048c881 100644 (file)
@@ -14,6 +14,7 @@
  */
 
 #include "radius_socket.h"
+#include "radius_mppe.h"
 
 #include <errno.h>
 #include <unistd.h>
 #include <pen/pen.h>
 #include <debug.h>
 
-/**
- * Microsoft specific vendor attributes
- */
-#define MS_MPPE_SEND_KEY 16
-#define MS_MPPE_RECV_KEY 17
-
 typedef struct private_radius_socket_t private_radius_socket_t;
 
 /**
@@ -286,13 +281,7 @@ METHOD(radius_socket_t, decrypt_msk, chunk_t,
        private_radius_socket_t *this, radius_message_t *request,
        radius_message_t *response)
 {
-       struct {
-               u_int32_t id;
-               u_int8_t type;
-               u_int8_t length;
-               u_int16_t salt;
-               u_int8_t key[];
-       } __attribute__((packed)) *mppe_key;
+       mppe_key_t *mppe_key;
        enumerator_t *enumerator;
        chunk_t data, send = chunk_empty, recv = chunk_empty;
        int type;
@@ -300,14 +289,13 @@ METHOD(radius_socket_t, decrypt_msk, chunk_t,
        enumerator = response->create_enumerator(response);
        while (enumerator->enumerate(enumerator, &type, &data))
        {
-               if (type == RAT_VENDOR_SPECIFIC &&
-                       data.len > sizeof(*mppe_key))
+               if (type == RAT_VENDOR_SPECIFIC && data.len > sizeof(mppe_key_t))
                {
-                       mppe_key = (void*)data.ptr;
+                       mppe_key = (mppe_key_t*)data.ptr;
                        if (ntohl(mppe_key->id) == PEN_MICROSOFT &&
                                mppe_key->length == data.len - sizeof(mppe_key->id))
                        {
-                               data = chunk_create(mppe_key->key, data.len - sizeof(*mppe_key));
+                               data = chunk_create(mppe_key->key, data.len - sizeof(mppe_key_t));
                                if (mppe_key->type == MS_MPPE_SEND_KEY)
                                {
                                        send = decrypt_mppe_key(this, mppe_key->salt, data, request);
@@ -365,11 +353,11 @@ radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port,
                .auth_fd = -1,
                .acct_port = acct_port,
                .acct_fd = -1,
+               .hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5),
+               .signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128),
+               .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
        );
 
-       this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
-       this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128);
-       this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
        if (!this->hasher || !this->signer || !this->rng)
        {
                DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/RNG required");