From 6fd612913ea5d4b46a4bf53688300a90e126965e Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Tue, 13 Mar 2012 23:26:15 +0100 Subject: [PATCH] implemented MS_MPPE encryption --- src/libcharon/plugins/tnc_pdp/tnc_pdp.c | 107 +++++++++++++++++++++++++++----- src/libradius/Makefile.am | 3 +- src/libradius/radius_mppe.h | 45 ++++++++++++++ src/libradius/radius_socket.c | 28 +++------ 4 files changed, 148 insertions(+), 35 deletions(-) create mode 100644 src/libradius/radius_mppe.h diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c index 1beeb8d..3aa2c88 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c @@ -20,9 +20,11 @@ #include #include +#include #include #include +#include #include #include #include @@ -85,6 +87,11 @@ struct private_tnc_pdp_t { signer_t *signer; /** + * Random number generator for MS-MPPE salt values + */ + rng_t *rng; + + /** * List of registered TNC-PDP connections */ tnc_pdp_connections_t *connections; @@ -177,15 +184,72 @@ static void send_message(private_tnc_pdp_t *this, radius_message_t *message, } /** + * Encrypt a MS-MPPE-Send/Recv-Key + */ +static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, u_int8_t type, + chunk_t key, radius_message_t *request) +{ + chunk_t a, r, seed, data; + u_char b[HASH_SIZE_MD5], *c; + mppe_key_t *mppe_key; + + /** + * From RFC2548 (encryption): + * b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1) + * b(2) = MD5(S + c(1)) c(2) = p(2) xor b(2) C = C + c(2) + * . . . + * b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i) + */ + + data = chunk_alloc(sizeof(mppe_key_t) + + HASH_SIZE_MD5 * (1 + key.len / HASH_SIZE_MD5)); + memset(data.ptr, 0x00, data.len); + + mppe_key = (mppe_key_t*)data.ptr; + mppe_key->id = htonl(PEN_MICROSOFT); + mppe_key->type = type; + mppe_key->length = data.len - sizeof(mppe_key->id); + mppe_key->key[0] = key.len; + + memcpy(&mppe_key->key[1], key.ptr, key.len); + + /* generate a 16 bit random salt value */ + a = chunk_create((u_char*)&(mppe_key->salt), sizeof(mppe_key->salt)); + this->rng->get_bytes(this->rng, a.len, a.ptr); + + /* the MSB of the salt MUST be set to 1 */ + *a.ptr |= 0x80; + + r = chunk_create(request->get_authenticator(request), HASH_SIZE_MD5); + seed = chunk_cata("cc", r, a); + c = mppe_key->key; + + while (c < data.ptr + data.len) + { + /* b(i) = MD5(S + c(i-1)) */ + this->hasher->get_hash(this->hasher, this->secret, NULL); + this->hasher->get_hash(this->hasher, seed, b); + + /* c(i) = b(i) xor p(1) */ + memxor(c, b, HASH_SIZE_MD5); + + /* prepare next round */ + seed = chunk_create(c, HASH_SIZE_MD5); + c += HASH_SIZE_MD5; + } + + return data; +} + +/** * Send a RADIUS response for a request */ -static void send_response(private_tnc_pdp_t *this, - radius_message_t *request, radius_message_code_t code, - eap_payload_t *eap, identification_t *group, - host_t *client) +static void send_response(private_tnc_pdp_t *this, radius_message_t *request, + radius_message_code_t code, eap_payload_t *eap, + identification_t *group, chunk_t msk, host_t *client) { radius_message_t *response; - chunk_t data; + chunk_t data, recv, send; u_int32_t tunnel_type; response = radius_message_create(code); @@ -211,6 +275,18 @@ static void send_response(private_tnc_pdp_t *this, response->add(response, RAT_TUNNEL_TYPE, data); response->add(response, RAT_FILTER_ID, group->get_encoding(group)); } + if (msk.len) + { + recv = chunk_create(msk.ptr, msk.len / 2); + data = encrypt_mppe_key(this, MS_MPPE_RECV_KEY, recv, request); + response->add(response, RAT_VENDOR_SPECIFIC, data); + chunk_free(&data); + + send = chunk_create(msk.ptr + recv.len, msk.len - recv.len); + data = encrypt_mppe_key(this, MS_MPPE_SEND_KEY, send, request); + response->add(response, RAT_VENDOR_SPECIFIC, data); + chunk_free(&data); + } response->set_identifier(response, request->get_identifier(request)); response->sign(response, request->get_authenticator(request), this->secret, this->hasher, this->signer, NULL, TRUE); @@ -232,7 +308,7 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request, eap_method_t *method; eap_type_t eap_type; u_int32_t eap_vendor; - chunk_t data, message = chunk_empty; + chunk_t data, message = chunk_empty, msk = chunk_empty; chunk_t user_name = chunk_empty, nas_id = chunk_empty; identification_t *group = NULL; radius_message_code_t code = RMC_ACCESS_CHALLENGE; @@ -315,7 +391,7 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request, break; case SUCCESS: code = RMC_ACCESS_ACCEPT; - + method->get_msk(method, &msk); auth = ike_sa->get_auth_cfg(ike_sa, FALSE); e = auth->create_enumerator(auth); while (e->enumerate(e, &type, &data)) @@ -342,7 +418,7 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request, charon->bus->set_sa(charon->bus, NULL); } - send_response(this, request, code, out, group, source); + send_response(this, request, code, out, group, msk, source); out->destroy(out); if (code == RMC_ACCESS_ACCEPT || code == RMC_ACCESS_REJECT) @@ -475,6 +551,7 @@ METHOD(tnc_pdp_t, destroy, void, DESTROY_IF(this->server); DESTROY_IF(this->signer); DESTROY_IF(this->hasher); + DESTROY_IF(this->rng); DESTROY_IF(this->connections); free(this); } @@ -495,12 +572,19 @@ tnc_pdp_t *tnc_pdp_create(u_int16_t port) .ipv6 = open_socket(this, AF_INET6, port), .hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5), .signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128), + .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), .connections = tnc_pdp_connections_create(), ); + if (!this->hasher || !this->signer || !this->rng) + { + DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/RNG required"); + destroy(this); + return NULL; + } if (!this->ipv4 && !this->ipv6) { - DBG1(DBG_NET, "couldd not create any RADIUS sockets"); + DBG1(DBG_NET, "could not create any RADIUS sockets"); destroy(this); return NULL; } @@ -512,11 +596,6 @@ tnc_pdp_t *tnc_pdp_create(u_int16_t port) { DBG1(DBG_NET, "could not open IPv6 RADIUS socket, IPv6 disabled"); } - if (!this->hasher || !this->signer) - { - destroy(this); - return NULL; - } server = lib->settings->get_str(lib->settings, "charon.plugins.tnc-pdp.server", NULL); diff --git a/src/libradius/Makefile.am b/src/libradius/Makefile.am index f891e01..5672f7b 100644 --- a/src/libradius/Makefile.am +++ b/src/libradius/Makefile.am @@ -6,5 +6,6 @@ libradius_la_SOURCES = \ radius_message.h radius_message.c \ radius_socket.h radius_socket.c \ radius_client.h radius_client.c \ - radius_config.h radius_config.c + radius_config.h radius_config.c \ + radius_mppe.h diff --git a/src/libradius/radius_mppe.h b/src/libradius/radius_mppe.h new file mode 100644 index 0000000..0c4aae7 --- /dev/null +++ b/src/libradius/radius_mppe.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2012 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup libradius libradius + * + * @addtogroup libradius + * RADIUS protocol support library. + * + * @defgroup radius_msse radius_msse + * @{ @ingroup libradius + */ + +#ifndef RADIUS_MSSE_H_ +#define RADIUS_MSSE_H_ + +/** + * Microsoft specific vendor attributes + */ +#define MS_MPPE_SEND_KEY 16 +#define MS_MPPE_RECV_KEY 17 + +typedef struct mppe_key_t mppe_key_t; + +struct mppe_key_t { + u_int32_t id; + u_int8_t type; + u_int8_t length; + u_int16_t salt; + u_int8_t key[]; +} __attribute__((packed)); + +#endif /** RADIUS_MSSE_H_ @}*/ diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c index 6313595..048c881 100644 --- a/src/libradius/radius_socket.c +++ b/src/libradius/radius_socket.c @@ -14,6 +14,7 @@ */ #include "radius_socket.h" +#include "radius_mppe.h" #include #include @@ -21,12 +22,6 @@ #include #include -/** - * Microsoft specific vendor attributes - */ -#define MS_MPPE_SEND_KEY 16 -#define MS_MPPE_RECV_KEY 17 - typedef struct private_radius_socket_t private_radius_socket_t; /** @@ -286,13 +281,7 @@ METHOD(radius_socket_t, decrypt_msk, chunk_t, private_radius_socket_t *this, radius_message_t *request, radius_message_t *response) { - struct { - u_int32_t id; - u_int8_t type; - u_int8_t length; - u_int16_t salt; - u_int8_t key[]; - } __attribute__((packed)) *mppe_key; + mppe_key_t *mppe_key; enumerator_t *enumerator; chunk_t data, send = chunk_empty, recv = chunk_empty; int type; @@ -300,14 +289,13 @@ METHOD(radius_socket_t, decrypt_msk, chunk_t, enumerator = response->create_enumerator(response); while (enumerator->enumerate(enumerator, &type, &data)) { - if (type == RAT_VENDOR_SPECIFIC && - data.len > sizeof(*mppe_key)) + if (type == RAT_VENDOR_SPECIFIC && data.len > sizeof(mppe_key_t)) { - mppe_key = (void*)data.ptr; + mppe_key = (mppe_key_t*)data.ptr; if (ntohl(mppe_key->id) == PEN_MICROSOFT && mppe_key->length == data.len - sizeof(mppe_key->id)) { - data = chunk_create(mppe_key->key, data.len - sizeof(*mppe_key)); + data = chunk_create(mppe_key->key, data.len - sizeof(mppe_key_t)); if (mppe_key->type == MS_MPPE_SEND_KEY) { send = decrypt_mppe_key(this, mppe_key->salt, data, request); @@ -365,11 +353,11 @@ radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port, .auth_fd = -1, .acct_port = acct_port, .acct_fd = -1, + .hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5), + .signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128), + .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), ); - this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128); - this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!this->hasher || !this->signer || !this->rng) { DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/RNG required"); -- 2.7.4