Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

MSCHAPv2: Set keying material the proper way

Browse Source 
Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman 2020-01-22 11:14:21 +01:00
parent f4e8ba88ae
commit d8cc9636b5
3 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/MSCHAPv2/include/Method.h
View File

@ -185,7 +185,15 @@ namespace eap
/// @} /// @}
friend class method_ttls; // Setting of initial challenge derived from TLS PRF ///
/// Called by EAP-TTLS to provide keying material.
///
/// \param[in] challenge_server MSCHAP server challenge
/// \param[in] ident Ident
///
void set_challenge_data(
_In_bytecount_c_(sizeof(challenge_mschapv2)) const unsigned char *challenge_server,
_In_ unsigned char ident);
protected: protected:
/// ///

10
lib/MSCHAPv2/src/Method.cpp
View File

@ -356,6 +356,16 @@ EapPeerMethodResponseAction eap::method_mschapv2_diameter::process_request_packe
} }
void eap::method_mschapv2_diameter::set_challenge_data(
_In_bytecount_c_(sizeof(challenge_mschapv2)) const unsigned char *challenge_server,
_In_ unsigned char ident)
{
assert(challenge_server);
m_challenge_server.assign(challenge_server, challenge_server + sizeof(challenge_mschapv2));
m_ident = ident;
}
void eap::method_mschapv2_diameter::process_packet(_In_bytecount_(size_pck) const void *_pck, _In_ size_t size_pck) void eap::method_mschapv2_diameter::process_packet(_In_bytecount_(size_pck) const void *_pck, _In_ size_t size_pck)
{ {
for (const unsigned char *pck = reinterpret_cast<const unsigned char*>(_pck), *pck_end = pck + size_pck; pck < pck_end; ) { for (const unsigned char *pck = reinterpret_cast<const unsigned char*>(_pck), *pck_end = pck + size_pck; pck < pck_end; ) {

11
lib/TTLS/src/Method.cpp
View File

@ -551,18 +551,17 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
method_mschapv2_diameter *inner_mschapv2 = dynamic_cast<method_mschapv2_diameter*>(m_inner.get()); method_mschapv2_diameter *inner_mschapv2 = dynamic_cast<method_mschapv2_diameter*>(m_inner.get());
if (inner_mschapv2) { if (inner_mschapv2) {
// Push keying material to inner MSCHAPv2 method. // Push EAP-TTLS keying material to inner MSCHAPv2 method.
static const DWORD s_key_id = 0x02; // EAP-TTLSv0 Challenge Data static const DWORD key_id = 0x02; // EAP-TTLSv0 Challenge Data
static const SecPkgContext_EapPrfInfo s_prf_info = { 0, sizeof(s_key_id), (PBYTE)&s_key_id }; static const SecPkgContext_EapPrfInfo prf_info = { 0, sizeof(key_id), (PBYTE)&key_id };
if (FAILED(status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info)))) if (FAILED(status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&prf_info, sizeof(prf_info))))
throw sec_runtime_error(status, __FUNCTION__ " Error setting TTLS PRF in Schannel."); throw sec_runtime_error(status, __FUNCTION__ " Error setting TTLS PRF in Schannel.");
SecPkgContext_EapKeyBlock key_block; SecPkgContext_EapKeyBlock key_block;
if (FAILED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_KEY_BLOCK, &key_block))) if (FAILED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_KEY_BLOCK, &key_block)))
throw sec_runtime_error(status, __FUNCTION__ " Error generating PRF in Schannel."); throw sec_runtime_error(status, __FUNCTION__ " Error generating PRF in Schannel.");
inner_mschapv2->m_challenge_server.assign(key_block.rgbKeys, key_block.rgbKeys + sizeof(challenge_mschapv2)); inner_mschapv2->set_challenge_data(key_block.rgbKeys, key_block.rgbKeys[sizeof(challenge_mschapv2)]);
inner_mschapv2->m_ident = key_block.rgbKeys[sizeof(challenge_mschapv2) + 0];
SecureZeroMemory(&key_block, sizeof(key_block)); SecureZeroMemory(&key_block, sizeof(key_block));
} }