mppe__keys_8c_source.html

 /*

  * mppe_keys.c

  *

  * Version:     $Id: 684e9d178e020282f1caf6907143369ef3a96dec $

  *

  *   This program is free software; you can redistribute it and/or modify

  *   it under the terms of the GNU General Public License as published by

  *   the Free Software Foundation; either version 2 of the License, or

  *   (at your option) any later version.

  *

  *   This program is distributed in the hope that it will be useful,

  *   but WITHOUT ANY WARRANTY; without even the implied warranty of

  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  *   GNU General Public License for more details.

  *

  *   You should have received a copy of the GNU General Public License

  *   along with this program; if not, write to the Free Software

  *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA

  *

  * Copyright 2002  Axis Communications AB

  * Copyright 2006  The FreeRADIUS server project

  * Authors: Henrik Eriksson <henriken@axis.com> & Lars Viklund <larsv@axis.com>

  */


 RCSID("$Id: 684e9d178e020282f1caf6907143369ef3a96dec $")

 USES_APPLE_DEPRECATED_API       /* OpenSSL API has been deprecated by Apple */


 #include "eap_tls.h"

 #include <openssl/hmac.h>


 #if OPENSSL_VERSION_NUMBER < 0x10001000L

 /*

  * TLS PRF from RFC 2246

  */

 static void P_hash(EVP_MD const *evp_md,

                    unsigned char const *secret, unsigned int secret_len,

                    unsigned char const *seed,   unsigned int seed_len,

                    unsigned char *out, unsigned int out_len)

 {

         HMAC_CTX ctx_a, ctx_out;

         unsigned char a[HMAC_MAX_MD_CBLOCK];

         unsigned int size;


         HMAC_CTX_init(&ctx_a);

         HMAC_CTX_init(&ctx_out);

         HMAC_Init_ex(&ctx_a, secret, secret_len, evp_md, NULL);

         HMAC_Init_ex(&ctx_out, secret, secret_len, evp_md, NULL);


         size = HMAC_size(&ctx_out);


         /* Calculate A(1) */

         HMAC_Update(&ctx_a, seed, seed_len);

         HMAC_Final(&ctx_a, a, NULL);


         while (1) {

                 /* Calculate next part of output */

                 HMAC_Update(&ctx_out, a, size);

                 HMAC_Update(&ctx_out, seed, seed_len);


                 /* Check if last part */

                 if (out_len < size) {

                         HMAC_Final(&ctx_out, a, NULL);

                         memcpy(out, a, out_len);

                         break;

                 }


                 /* Place digest in output buffer */

                 HMAC_Final(&ctx_out, out, NULL);

                 HMAC_Init_ex(&ctx_out, NULL, 0, NULL, NULL);

                 out += size;

                 out_len -= size;


                 /* Calculate next A(i) */

                 HMAC_Init_ex(&ctx_a, NULL, 0, NULL, NULL);

                 HMAC_Update(&ctx_a, a, size);

                 HMAC_Final(&ctx_a, a, NULL);

         }


         HMAC_CTX_cleanup(&ctx_a);

         HMAC_CTX_cleanup(&ctx_out);

         memset(a, 0, sizeof(a));

 }


 static void PRF(unsigned char const *secret, unsigned int secret_len,

                 unsigned char const *seed,   unsigned int seed_len,

                 unsigned char *out, unsigned char *buf, unsigned int out_len)

 {

         unsigned int i;

         unsigned int len = (secret_len + 1) / 2;

         uint8_t const *s1 = secret;

         uint8_t const *s2 = secret + (secret_len - len);


         P_hash(EVP_md5(),  s1, len, seed, seed_len, out, out_len);

         P_hash(EVP_sha1(), s2, len, seed, seed_len, buf, out_len);


         for (i=0; i < out_len; i++) {

                 out[i] ^= buf[i];

         }

 }

 #endif


 #define EAPTLS_MPPE_KEY_LEN     32


 /** Generate keys according to RFC 2716 and add to the reply

  *

  */

 void eap_tls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label)

 {

         uint8_t out[4 * EAPTLS_MPPE_KEY_LEN];

         uint8_t *p;

         size_t prf_size;


         prf_size = strlen(prf_label);


 #if OPENSSL_VERSION_NUMBER >= 0x10001000L

         if (SSL_export_keying_material(s, out, sizeof(out), prf_label, prf_size, NULL, 0, 0) != 1) {

                 ERROR("Failed generating keying material");

                 return;

         }

 #else

         {

                 uint8_t seed[64 + (2 * SSL3_RANDOM_SIZE)];

                 uint8_t buf[4 * EAPTLS_MPPE_KEY_LEN];


                 p = seed;


                 memcpy(p, prf_label, prf_size);

                 p += prf_size;


                 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);

                 p += SSL3_RANDOM_SIZE;

                 prf_size += SSL3_RANDOM_SIZE;


                 memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);

                 prf_size += SSL3_RANDOM_SIZE;


                 PRF(s->session->master_key, s->session->master_key_length,

                     seed, prf_size, out, buf, sizeof(out));

         }

 #endif


         p = out;

         eap_add_reply(request, "MS-MPPE-Recv-Key", p, EAPTLS_MPPE_KEY_LEN);

         p += EAPTLS_MPPE_KEY_LEN;

         eap_add_reply(request, "MS-MPPE-Send-Key", p, EAPTLS_MPPE_KEY_LEN);


         eap_add_reply(request, "EAP-MSK", out, 64);

         eap_add_reply(request, "EAP-EMSK", out + 64, 64);

 }


 #define FR_TLS_PRF_CHALLENGE    "ttls challenge"


 /*

  *      Generate the TTLS challenge

  *

  *      It's in the TLS module simply because it's only a few lines

  *      of code, and it needs access to the TLS PRF functions.

  */

 void eap_ttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size)

 {

 #if OPENSSL_VERSION_NUMBER >= 0x10001000L

         SSL_export_keying_material(s, buffer, size, FR_TLS_PRF_CHALLENGE,

                                    sizeof(FR_TLS_PRF_CHALLENGE) - 1, NULL, 0, 0);


 #else

         uint8_t out[32], buf[32];

         uint8_t seed[sizeof(FR_TLS_PRF_CHALLENGE)-1 + 2*SSL3_RANDOM_SIZE];

         uint8_t *p = seed;


         memcpy(p, FR_TLS_PRF_CHALLENGE, sizeof(FR_TLS_PRF_CHALLENGE)-1);

         p += sizeof(FR_TLS_PRF_CHALLENGE)-1;

         memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);

         p += SSL3_RANDOM_SIZE;

         memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);


         PRF(s->session->master_key, s->session->master_key_length,

             seed, sizeof(seed), out, buf, sizeof(out));

         memcpy(buffer, out, size);

 #endif

 }


 /*

  *      Actually generates EAP-Session-Id, which is an internal server

  *      attribute.  Not all systems want to send EAP-Key-Name

  */

 void eap_tls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header)

 {

         VALUE_PAIR *vp;

         uint8_t *p;


         vp = fr_pair_afrom_num(packet, 0, PW_EAP_SESSION_ID);

         if (!vp) return;


         p = talloc_array(vp, uint8_t, 1 + 2 * SSL3_RANDOM_SIZE);

         p[0] = header & 0xff;


 #ifdef HAVE_SSL_GET_CLIENT_RANDOM

         SSL_get_client_random(s, p + 1, SSL3_RANDOM_SIZE);

         SSL_get_server_random(s, p + 1 + SSL3_RANDOM_SIZE, SSL3_RANDOM_SIZE);

 #else

         memcpy(p + 1, s->s3->client_random, SSL3_RANDOM_SIZE);

         memcpy(p + 1 + SSL3_RANDOM_SIZE,

                s->s3->server_random, SSL3_RANDOM_SIZE);

 #endif

         fr_pair_value_memsteal(vp, p);

         fr_pair_add(&packet->vps, vp);

 }

fr_pair_afrom_num
VALUE_PAIR * fr_pair_afrom_num(TALLOC_CTX *ctx, unsigned int vendor, unsigned int attr)
Create a new valuepair.
Definition: pair.c:106

P_hash
static USES_APPLE_DEPRECATED_API void P_hash(EVP_MD const *evp_md, unsigned char const *secret, unsigned int secret_len, unsigned char const *seed, unsigned int seed_len, unsigned char *out, unsigned int out_len)
Definition: mppe_keys.c:36

radius_packet::vps
VALUE_PAIR * vps
Result of decoding the packet into VALUE_PAIRs.
Definition: libradius.h:162

eap_tls_gen_eap_key
void eap_tls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header)
Definition: mppe_keys.c:188

EAPTLS_MPPE_KEY_LEN
#define EAPTLS_MPPE_KEY_LEN
Definition: mppe_keys.c:103

PRF
static void PRF(unsigned char const *secret, unsigned int secret_len, unsigned char const *seed, unsigned int seed_len, unsigned char *out, unsigned char *buf, unsigned int out_len)
Definition: mppe_keys.c:85

fr_pair_add
void fr_pair_add(VALUE_PAIR **head, VALUE_PAIR *vp)
Add a VP to the end of the list.
Definition: pair.c:659

value_pair
Stores an attribute, a value and various bits of other data.
Definition: pair.h:112

eap_ttls_gen_challenge
void eap_ttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size)
Definition: mppe_keys.c:161

eap_tls_gen_mppe_keys
void eap_tls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label)
Generate keys according to RFC 2716 and add to the reply.
Definition: mppe_keys.c:108

fr_pair_value_memsteal
void fr_pair_value_memsteal(VALUE_PAIR *vp, uint8_t const *src)
Reparent an allocated octet buffer to a VALUE_PAIR.
Definition: pair.c:1933

radius_packet
Definition: libradius.h:146

FR_TLS_PRF_CHALLENGE
#define FR_TLS_PRF_CHALLENGE
Definition: mppe_keys.c:153

secret
static char const * secret
Definition: radclient.c:44

rad_request
Definition: radiusd.h:208

RCSID
#define RCSID(id)
Definition: build.h:135

ERROR
#define ERROR(fmt,...)
Definition: log.h:145

eap_add_reply
void eap_add_reply(REQUEST *request, char const *name, uint8_t const *value, int len)
Definition: eapcommon.c:388

USES_APPLE_DEPRECATED_API
#define USES_APPLE_DEPRECATED_API
Definition: build.h:122