sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-09 00:00:53 -04:00
Code Issues Projects Releases Wiki Activity

Support signing of RADIUS accounting messages

Browse Source
This commit is contained in:
Martin Willi 2012-01-30 19:13:20 +01:00
parent 370de553f8
commit a69aff5f17
3 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/libcharon/plugins/eap_radius/radius_message.c
View File

@ -272,19 +272,32 @@ METHOD(radius_message_t, add, void,
} }
METHOD(radius_message_t, sign, void, METHOD(radius_message_t, sign, void,
private_radius_message_t *this, rng_t *rng, signer_t *signer) private_radius_message_t *this, rng_t *rng, signer_t *signer,
hasher_t *hasher, chunk_t secret)
{ {
char buf[HASH_SIZE_MD5]; if (this->msg->code == RMC_ACCOUNTING_REQUEST)
{
chunk_t msg;
/* build Request-Authenticator */ memset(this->msg->authenticator, 0, sizeof(this->msg->authenticator));
rng->get_bytes(rng, HASH_SIZE_MD5, this->msg->authenticator); msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length));
hasher->get_hash(hasher, msg, NULL);
hasher->get_hash(hasher, secret, this->msg->authenticator);
}
else
{
char buf[HASH_SIZE_MD5];
/* build Message-Authenticator attribute, using 16 null bytes */ /* build Request-Authenticator */
memset(buf, 0, sizeof(buf)); rng->get_bytes(rng, HASH_SIZE_MD5, this->msg->authenticator);
add(this, RAT_MESSAGE_AUTHENTICATOR, chunk_create(buf, sizeof(buf)));
signer->get_signature(signer, /* build Message-Authenticator attribute, using 16 null bytes */
memset(buf, 0, sizeof(buf));
add(this, RAT_MESSAGE_AUTHENTICATOR, chunk_create(buf, sizeof(buf)));
signer->get_signature(signer,
chunk_create((u_char*)this->msg, ntohs(this->msg->length)), chunk_create((u_char*)this->msg, ntohs(this->msg->length)),
((u_char*)this->msg) + ntohs(this->msg->length) - HASH_SIZE_MD5); ((u_char*)this->msg) + ntohs(this->msg->length) - HASH_SIZE_MD5);
}
} }
METHOD(radius_message_t, verify, bool, METHOD(radius_message_t, verify, bool,

5
src/libcharon/plugins/eap_radius/radius_message.h
View File

@ -238,8 +238,11 @@ struct radius_message_t {
* *
* @param rng RNG to create Request-Authenticator * @param rng RNG to create Request-Authenticator
* @param signer HMAC-MD5 signer with secret set * @param signer HMAC-MD5 signer with secret set
* @param hasher MD5 hasher
* @param secret shared RADIUS secret
*/ */
void (*sign)(radius_message_t *this, rng_t *rng, signer_t *signer); void (*sign)(radius_message_t *this, rng_t *rng, signer_t *signer,
hasher_t *hasher, chunk_t secret);
/** /**
* Verify the integrity of a received RADIUS response. * Verify the integrity of a received RADIUS response.

2
src/libcharon/plugins/eap_radius/radius_socket.c
View File

@ -132,7 +132,7 @@ METHOD(radius_socket_t, request, radius_message_t*,
/* set Message Identifier */ /* set Message Identifier */
request->set_identifier(request, this->identifier++); request->set_identifier(request, this->identifier++);
/* sign the request */ /* sign the request */
request->sign(request, this->rng, this->signer); request->sign(request, this->rng, this->signer, this->hasher, this->secret);
if (!check_connection(this)) if (!check_connection(this))
{ {