Skip to content

Commit

Permalink
Added CHAP encryption
Browse files Browse the repository at this point in the history 
Signed-off-by: Sandeep Poddar <[email protected]>
Author Info:   Software Engineer @ AimValley
  • Loading branch information
@spoddar1
spoddar1 authored and sandeep poddar committed Apr 8, 2020
1 parent ccdff6b commit 1ea3da2
Showing 1 changed file with 102 additions and 7 deletions.
109 changes: 102 additions & 7 deletions lib/sendserver.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,72 @@
static void rc_random_vector (unsigned char *);
static int rc_check_reply (AUTH_HDR *, int, char const *, unsigned char const *, unsigned char);

/** Encodes CHAP password and stores it in an output buffer
*
* @param vp a pointer to a #VALUE_PAIR.
* @param auth a pointer to #AUTH_HDR.
* @param id a chap identifier to use for encryption.
* @param output a buffer to store encrypted chap password string
* @return value 0 on success
*/
static int rc_chap_encode(VALUE_PAIR *vp, AUTH_HDR *auth, int id, uint8_t *output)
{
/* variables */
uint8_t *ptr;
uint8_t str_val[(AUTH_STRING_LEN + 1) * 2 + 1];
int str_len;
VALUE_PAIR *password;
VALUE_PAIR *challenge;
VALUE_PAIR *vp_ptr = vp;

/* sanity check */
if (vp_ptr == NULL || output == NULL) {
rc_log(LOG_ERR, "rc_chap_encode: unintialized pointer");
return -1;
}

str_len = 0;
ptr = str_val;

/* Add chap identifier */
*ptr++ = id;
str_len++;

/* Retrieve unencrypted CHAP-password */
vp_ptr = vp;
password = rc_avpair_get(vp_ptr, PW_CHAP_PASSWORD, 0);
if (password) {
memcpy(ptr, password->strvalue, password->lvalue);
ptr += password->lvalue;
str_len += password->lvalue;
} else {
rc_log(LOG_ERR, "rc_chap_encode: cannot retrieve chap password attribute");
return -1;
}

/* Use CHAP-challenge pair, otherwise use request-auhenticator */
vp_ptr = vp;
challenge = rc_avpair_get(vp_ptr, PW_CHAP_CHALLENGE, 0);
if (challenge) {
memcpy(ptr, challenge->strvalue, challenge->lvalue);
str_len += challenge->lvalue;
} else {
if(auth) {
memcpy(ptr, auth->vector, AUTH_VECTOR_LEN);
str_len += AUTH_VECTOR_LEN;
} else {
rc_log(LOG_ERR, "rc_chap_encode: authorization vector uinitialized");
return -1;
}
}

rc_md5_calc(output, str_val, str_len);

return 0;
}



/** Packs an attribute value pair list into a buffer
*
* @param vp a pointer to a #VALUE_PAIR.
Expand All @@ -36,13 +102,15 @@ static int rc_check_reply (AUTH_HDR *, int, char const *, unsigned char const *,
*/
static int rc_pack_list (VALUE_PAIR *vp, char *secret, AUTH_HDR *auth)
{
int length, i, pc, padded_length;
int total_length = 0;
size_t secretlen;
uint32_t lvalue, vendor;
unsigned char passbuf[MAX(AUTH_PASS_LEN, CHAP_VALUE_LENGTH)];
unsigned char md5buf[256];
unsigned char *buf, *vector, *vsa_length_ptr;
int length, i, pc, padded_length, chap_id;
int total_length = 0;
size_t secretlen;
uint32_t lvalue, vendor;
unsigned char passbuf[MAX(AUTH_PASS_LEN, CHAP_VALUE_LENGTH)];
unsigned char md5buf[256];
unsigned char *buf, *vector, *vsa_length_ptr;
VALUE_PAIR *vp_start = vp; /* preserve the start of vp pointer */
uint8_t chap_pass_encode[CHAP_VALUE_LENGTH];

buf = auth->data;

Expand Down Expand Up @@ -105,6 +173,33 @@ static int rc_pack_list (VALUE_PAIR *vp, char *secret, AUTH_HDR *auth)
total_length += padded_length + 2;

break;
case PW_CHAP_PASSWORD:

/* Encrypt the password */

/* Record the attribute length
* Type(1) + Length(1) + Chap-ident(1) + Chap-string(16)
* */
*buf++ = CHAP_VALUE_LENGTH + 3;

/* Get random chap identifier */
chap_id = random() & 0xff;

/* Record chap identifier */
*buf++ = chap_id;

/* Encode cap password string */
rc_chap_encode(vp_start, auth, chap_id, chap_pass_encode);

/* Record encoded chap password */
memcpy(buf, chap_pass_encode, sizeof(chap_pass_encode));

/* Update buf pointer */
buf += CHAP_VALUE_LENGTH;

total_length += CHAP_VALUE_LENGTH + 3;

break;
default:
switch (vp->type)
{
Expand Down

0 comments on commit 1ea3da2

Please sign in to comment.