From: aland Date: Thu, 26 Jul 2001 19:10:19 +0000 (+0000) Subject: Preliminary EAP patch from Raghu , step 1 X-Git-Tag: release_0_2_0~14 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=511ec49203f7e190692f95eb36bc73031b21d724;p=freeradius.git Preliminary EAP patch from Raghu , step 1 --- diff --git a/src/include/libradius.h b/src/include/libradius.h index 0ec646c..a0c5b92 100644 --- a/src/include/libradius.h +++ b/src/include/libradius.h @@ -53,6 +53,8 @@ #endif #endif +#define EAP_START 2 + #define AUTH_VECTOR_LEN 16 #define CHAP_VALUE_LENGTH 16 #define MAX_STRING_LEN 254 /* RFC2138: string 0-253 octets */ @@ -169,6 +171,12 @@ int dict_vendorname(const char *name); void librad_md5_calc(u_char *, u_char *, u_int); +/* hmac.c */ + +void lrad_hmac_md5(unsigned char *text, int text_len, + unsigned char *key, int key_len, + unsigned char *digest); + /* radius.c */ int rad_send(RADIUS_PACKET *, const char *secret); RADIUS_PACKET *rad_recv(int fd); diff --git a/src/include/radius.h b/src/include/radius.h index dcc9287..06c31e8 100644 --- a/src/include/radius.h +++ b/src/include/radius.h @@ -76,6 +76,9 @@ #define PW_PORT_LIMIT 62 #define PW_CONNECT_INFO 77 +#define PW_EAP_MESSAGE 79 +#define PW_MESSAGE_AUTHENTICATOR 80 + #define PW_FALL_THROUGH 500 #define PW_ADD_PORT_TO_IP_ADDRESS 501 #define PW_EXEC_PROGRAM 502 @@ -157,6 +160,7 @@ #define PW_AUTHTYPE_SECURID 2 #define PW_AUTHTYPE_CRYPT 3 #define PW_AUTHTYPE_REJECT 4 +#define PW_AUTHTYPE_EAP 252 #define PW_AUTHTYPE_PAM 253 #define PW_AUTHTYPE_ACCEPT 254 diff --git a/src/lib/Makefile b/src/lib/Makefile index a2b365a..9622e3c 100644 --- a/src/lib/Makefile +++ b/src/lib/Makefile @@ -2,7 +2,7 @@ include ../../Make.inc OBJS = dict.o print.o radius.o valuepair.o token.o misc.o \ - log.o filters.o missing.o md5.o snprintf.o + log.o filters.o missing.o md5.o hmac.o snprintf.o INCLUDES = ../include/radius.h ../include/libradius.h \ ../include/missing.h ../include/autoconf.h @@ -47,6 +47,9 @@ missing.o: missing.c $(INCLUDES) md5.o: md5.c ../include/md5.h $(CC) $(CFLAGS) -c md5.c +hmac.o: hmac.c $(INCLUDES) + $(CC) $(CFLAGS) -c hmac.c + snprntf.o: snprintf.c $(INCLUDES) $(CC) $(CFLAGS) -c snprintf.c diff --git a/src/lib/hmac.c b/src/lib/hmac.c new file mode 100644 index 0000000..8f6bc96 --- /dev/null +++ b/src/lib/hmac.c @@ -0,0 +1,115 @@ +/* + For the sake of illustration we provide the following sample code for + the implementation of HMAC-MD5 as well as some corresponding test + vectors (the code is based on MD5 code as described in [MD5]). +*/ + +/* +** Function: hmac_md5 +*/ + +#include +#include "../include/md5.h" + +/* +unsigned char* text; pointer to data stream +int text_len; length of data stream +unsigned char* key; pointer to authentication key +int key_len; length of authentication key +unsigned char* digest; caller digest to be filled in +*/ + +void +lrad_hmac_md5(unsigned char *text, int text_len, + unsigned char *key, int key_len, + unsigned char *digest) +{ + MD5_CTX context; + unsigned char k_ipad[65]; /* inner padding - + * key XORd with ipad + */ + unsigned char k_opad[65]; /* outer padding - + * key XORd with opad + */ + unsigned char tk[16]; + int i; + /* if key is longer than 64 bytes reset it to key=MD5(key) */ + if (key_len > 64) { + + MD5_CTX tctx; + + MD5Init(&tctx); + MD5Update(&tctx, key, key_len); + MD5Final(tk, &tctx); + + key = tk; + key_len = 16; + } + + /* + * the HMAC_MD5 transform looks like: + * + * MD5(K XOR opad, MD5(K XOR ipad, text)) + * + * where K is an n byte key + * ipad is the byte 0x36 repeated 64 times + + * opad is the byte 0x5c repeated 64 times + * and text is the data being protected + */ + + /* start out by storing key in pads */ + memset( k_ipad, 0, sizeof(k_ipad)); + memset( k_opad, 0, sizeof(k_opad)); + memset( k_ipad, key, key_len); + memset( k_opad, key, key_len); + + /* XOR key with ipad and opad values */ + for (i = 0; i < 64; i++) { + k_ipad[i] ^= 0x36; + k_opad[i] ^= 0x5c; + } + /* + * perform inner MD5 + */ + MD5Init(&context); /* init context for 1st + * pass */ + MD5Update(&context, k_ipad, 64); /* start with inner pad */ + MD5Update(&context, text, text_len); /* then text of datagram */ + MD5Final(digest, &context); /* finish up 1st pass */ + /* + * perform outer MD5 + */ + MD5Init(&context); /* init context for 2nd + * pass */ + MD5Update(&context, k_opad, 64); /* start with outer pad */ + MD5Update(&context, digest, 16); /* then results of 1st + * hash */ + MD5Final(digest, &context); /* finish up 2nd pass */ +} + +/* +Test Vectors (Trailing '\0' of a character string not included in test): + + key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b + key_len = 16 bytes + data = "Hi There" + data_len = 8 bytes + digest = 0x9294727a3638bb1c13f48ef8158bfc9d + + key = "Jefe" + data = "what do ya want for nothing?" + data_len = 28 bytes + digest = 0x750c783e6ab0b503eaa86e310a5db738 + + key = 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + + key_len 16 bytes + data = 0xDDDDDDDDDDDDDDDDDDDD... + ..DDDDDDDDDDDDDDDDDDDD... + ..DDDDDDDDDDDDDDDDDDDD... + ..DDDDDDDDDDDDDDDDDDDD... + ..DDDDDDDDDDDDDDDDDDDD + data_len = 50 bytes + digest = 0x56be34521d144c88dbb8c733f0e8b3f6 +*/