1 /* $OpenBSD: radius_msgauth.c,v 1.5 2024/08/14 04:50:31 yasuoka Exp $ */
2
3 /*-
4 * Copyright (c) 2009 Internet Initiative Japan Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE"AUTHOR" AND CONTRIBUTORS AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <sys/types.h>
30 #include <sys/socket.h>
31 #include <netinet/in.h>
32
33 #include <stdbool.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37
38 #include <openssl/hmac.h>
39
40 #include "radius.h"
41
42 #include "radius_local.h"
43
44 static int
radius_calc_message_authenticator(RADIUS_PACKET * packet,const char * secret,void * ma)45 radius_calc_message_authenticator(RADIUS_PACKET * packet, const char *secret,
46 void *ma)
47 {
48 const RADIUS_ATTRIBUTE *attr;
49 const RADIUS_ATTRIBUTE *end;
50 u_char zero16[16];
51 HMAC_CTX *ctx;
52 int mdlen;
53 int ret = -1;
54
55 memset(zero16, 0, sizeof(zero16));
56
57 if ((ctx = HMAC_CTX_new()) == NULL)
58 goto err;
59
60 if (!HMAC_Init_ex(ctx, secret, strlen(secret), EVP_md5(), NULL))
61 goto err;
62
63 /*
64 * Traverse the radius packet.
65 */
66 if (packet->request != NULL) {
67 if (!HMAC_Update(ctx, (const u_char *)packet->pdata, 4))
68 goto err;
69 if (!HMAC_Update(ctx, (unsigned char *)packet->request->pdata
70 ->authenticator, 16))
71 goto err;
72 } else {
73 if (!HMAC_Update(ctx, (const u_char *)packet->pdata,
74 sizeof(RADIUS_PACKET_DATA)))
75 goto err;
76 }
77
78 attr = ATTRS_BEGIN(packet->pdata);
79 end = ATTRS_END(packet->pdata);
80
81 for (; attr < end; ATTRS_ADVANCE(attr)) {
82 if (attr->type == RADIUS_TYPE_MESSAGE_AUTHENTICATOR) {
83 if (!HMAC_Update(ctx, (u_char *)attr, 2))
84 goto err;
85 if (!HMAC_Update(ctx, (u_char *)zero16, sizeof(zero16)))
86 goto err;
87 } else {
88 if (!HMAC_Update(ctx, (u_char *)attr,
89 (int)attr->length))
90 goto err;
91 }
92 }
93
94 if (!HMAC_Final(ctx, (u_char *)ma, &mdlen))
95 goto err;
96
97 ret = 0;
98
99 err:
100 HMAC_CTX_free(ctx);
101
102 return (ret);
103 }
104
105 int
radius_put_message_authenticator(RADIUS_PACKET * packet,const char * secret)106 radius_put_message_authenticator(RADIUS_PACKET * packet, const char *secret)
107 {
108 u_char ma[16];
109
110 /*
111 * It is not required to initialize ma
112 * because content of Message-Authenticator attribute is assumed zero
113 * during calculation.
114 */
115 if (radius_unshift_raw_attr(packet, RADIUS_TYPE_MESSAGE_AUTHENTICATOR,
116 ma, sizeof(ma)) != 0)
117 return (-1);
118
119 return (radius_set_message_authenticator(packet, secret));
120 }
121
122 int
radius_set_message_authenticator(RADIUS_PACKET * packet,const char * secret)123 radius_set_message_authenticator(RADIUS_PACKET * packet, const char *secret)
124 {
125 u_char ma[16];
126
127 if (radius_calc_message_authenticator(packet, secret, ma) != 0)
128 return (-1);
129
130 return (radius_set_raw_attr(packet, RADIUS_TYPE_MESSAGE_AUTHENTICATOR,
131 ma, sizeof(ma)));
132 }
133
134 int
radius_check_message_authenticator(RADIUS_PACKET * packet,const char * secret)135 radius_check_message_authenticator(RADIUS_PACKET * packet, const char *secret)
136 {
137 int rval;
138 size_t len;
139 u_char ma0[16], ma1[16];
140
141 if (radius_calc_message_authenticator(packet, secret, ma0) != 0)
142 return (-1);
143
144 len = sizeof(ma1);
145 if ((rval = radius_get_raw_attr(packet,
146 RADIUS_TYPE_MESSAGE_AUTHENTICATOR, ma1, &len)) != 0)
147 return (rval);
148
149 if (len != sizeof(ma1))
150 return (-1);
151
152 return (timingsafe_bcmp(ma0, ma1, sizeof(ma1)));
153 }
154