Merge ~eivnaes/ubuntu/+source/ppp:ubuntu/impish into ubuntu/+source/ppp:ubuntu/devel
- Git
- lp:~eivnaes/ubuntu/+source/ppp
- ubuntu/impish
- Merge into ubuntu/devel
Status: | Needs review | ||||
---|---|---|---|---|---|
Proposed branch: | ~eivnaes/ubuntu/+source/ppp:ubuntu/impish | ||||
Merge into: | ubuntu/+source/ppp:ubuntu/devel | ||||
Diff against target: |
945 lines (+889/-5) 4 files modified
debian/patches/eap-mschap-v2-namelen.patch (+13/-0) debian/patches/expose-mppe-keys-via-api.patch (+864/-0) debian/patches/series (+2/-0) debian/ppp.symbols (+10/-5) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Simon Quigley (community) | Needs Resubmitting | ||
git-ubuntu import | Pending | ||
Review via email: mp+415397@code.launchpad.net |
Commit message
Fix EAP-MSCHAPv2 and export 32-byte MPPE keys
Backported commit-id: d706c95906d9965
Author: Eivind Næss <email address hidden>
Date: Sat Apr 24 03:00:34 2021 -0700
The lengthy part of this fix is to refactor the handling of MPPE keys
by moving it into mppe.c and thus reducing the clutter in chap_ms.c.
It does so by renaming the mppe_set_keys/2 to the corresponding
mppe_set_
functions.
Having done so, it conveniently allows the name "mppe_set_keys" to be
re-used for this new purpose which will copy the key material up to
its size and then clear the input parameters (avoids leaving the MPPE
keys on the stack).
Additional functiions added to the MPPE code allow plugins et al. to
access the MPPE keys, clear the keys, and check if they are set. All
plugin and CCP code has been updated to use this API.
This fixes GitHub Issue #258
Signed-off-by: Eivind Naess <email address hidden>
Backported commit-id: d7e62a8499c4032
Author: Eivind Næss <email address hidden>
Date: Thu Feb 3 14:28:22 2022 -0800
pppd/eap: Fix bug causing incorrect response length (#334)
Need to update the esp->ea_
name of the user, and the variable is passed onto the eap_chap2_response generating
the wrong response length.
Signed-off-by: Eivind Næss <email address hidden>
Description of the change
I am the maintainer of sstp-client/
This merge request fixes both of those issues. Both fixes are in pppd-project (master branch).
Eivind Naess (eivnaes) wrote : | # |
@schopin
Thank you for the review. I did email ubuntu-server mailing list requesting a review. However, they've subscribed ~ubuntu-sponsorship to the issue. Do you know if there is someone that could help with that and to expedite the process somehow?
People are upgrading to Ubuntu 21.10 and finding out that sstp-client is broken for them. It makes it really hard for me to support them, and telling non-developers to go rebuild multiple packages is a bit hard.
Robie Basak (racb) wrote : | # |
I had assumed you wanted this in the upcoming Ubuntu LTS release (codenamed Jammy) expected to be 22.04. It will supersede 21.10 and 21.10 will go end-of-life in July 2022, so five months away. After it is released, I doubt that anyone new will be installing 21.10 any more. 22.04 will have standard support for at least five years - so until at least April 2027.
If you still want 21.10 updated then we can consider that. The process is more involved and is documented at https:/
Another requirement of that process though is that the Ubuntu development release (ie. Jammy) must be fixed first, and so maybe we can focus on this first if this is what you want? It seems to me that it'd be great to have good support in this area in the LTS release and you've done great work in this area already, so with your help we could get that into Jammy.
Feature freeze for Jammy is today, so if we want this change, it has to go in today. It sounds like we're all generally in favour. I have yet to review in detail, and I will do that next, but I know of no issues with that side right now.
However, in pulling in a patch to Ubuntu ahead of an upstream release, we will be going out on a limb here. Can you commit to helping us maintain this patch in Jammy - helping us with testing and with any issues we might encounter with it in the future - both during development and after release? Note that changing things after release is much harder because of the care we owe to our users to ensure stability - see the link above.
Eivind Naess (eivnaes) wrote : | # |
Hi Robie,
If you want things fixed today, I maybe able to spare a few minutes just let me know what exactly you need. You can also email me back at eivnaes [at] yahoo [dot] com as I receive notifications on my phone w.r.t. email.
I can generally help with testing on Jimmy. Right now the EAP-MSCHAP fix is definitely busted, and also EAP-TLS doesn't work with the MS-SSTP protocol. The former is definitely hitting people as EAP is the default option for Microsoft Windows. I've committed multiple fixes upstream to pppd project, and unfortunately I don't see an release coming up on a short timeline (unless Paul changes his mind).
It is still unclear what you need me to do, so please hit me up and be specific as the time window is very narrow.
Does this patch apply cleanly to Jimmy? I haven't tried
Eivind Naess (eivnaes) wrote : | # |
Also noted, the EAP-TLS with MS-SSTP is a hot-button issue for a lot of people trying to connect to Microsoft Azure cloud environment.
Robie Basak (racb) wrote : | # |
Thanks!
The patch does apply cleanly to Jammy - there are no changes to the
package apart from metadata. So I think we should be safe from that
perspective.
I'm struggling to find a match between this patch and the one upstream.
I found 789e867 that I thought was related, but that doesn't match.
Ideally I'd like to see that the patch is identical to the one upstream,
or if it's not, understand why it's different. Could you help me
understand how this patch is constructed from the upstream ones, please?
For example, is there a commit or a set of commits upstream that, if
squashed together, makes up this one? If so, a link to the upstream
commits would be helpful.
Eivind Naess (eivnaes) wrote : | # |
Robie
Thanks for taking a look at this. The patch is slightly different, as a previous patch to debian pppd replaced all internal crypto calls with calls to use openssl crypto functions. I had to manually re-do the upstream patch with that in mind as the MPPE specific functions was moved into mppe.c (see replace-
(A little error on the unused Makefile.sol2 here, it adds the sha1.o object, but that isn't even been used here -- solaris2 only).
Eivind Naess (eivnaes) wrote : | # |
You mean: 789e867 - Improve the PEAP contribution by Rustam Kovhaev?
That's a completely new authentication mechanism, PEAP is EAP but wrapped inside a TLS tunnel.
Eivind Naess (eivnaes) wrote : | # |
Robie,
While I have your attention here, there's been another annoying feature that breaks network-
https:/
`
nm-pptp-
`
It should probably say: nm-*-service-* instead of
`
nm-*-service-
`
At least it would permit any clone(s) of the network manager <protocol> plugin to bypass this replacement of resolv.conf.
I filed a bug against this
https:/
it's just that I've not been able to reach anyone to help with getting the issue resolved.
Robie Basak (racb) wrote : | # |
Ah, thanks. I found the upstream commit d706c959 and this matches this MP except for the OpenSSL related changes you mentioned.
Robie Basak (racb) wrote : | # |
Oh, and that was in your commit message. Sorry!
Eivind Naess (eivnaes) wrote : | # |
Did you get this merged?
What about https:/
Eivind Naess (eivnaes) wrote : | # |
Robie,
I have Jammy Jellyfish setup and am ready to test this. Let me know what you need me to do.
Robie Basak (racb) wrote : | # |
I've uploaded this to Jammy. Thank you for your contribution!
I didn't know about that bug. The usual process it to subscribe ~ubuntu-sponsors to the bug, then it appears in the sponsorship queue. But the queue is quite big and not very well managed unfortunately, so it does help to ask in #ubuntu-devel and be available there.
I can look into that bug for you too, but not today - I'm busy with a few other tasks for feature freeze, and that fix is a bug fix so won't be blocked by the freeze.
Once the package is built in Jammy and migrated, please could you test to make sure that it works as expected?
There are also some reverse dependencies that could do with testing too, just to make sure that nothing is broken. Or if you know ppp well and understand better how to make sure nothing is adversely affected, that works too :)
connman
network-manager
network-
network-
network-
pptpd
rp-pppoe
Eivind Naess (eivnaes) wrote : | # |
Will do
When can I expect the package to be available via apt-get, tomorrow?
Robie Basak (racb) wrote : | # |
It's available now, assuming any local mirrors you're using are caught up.
Eivind Naess (eivnaes) wrote : | # |
Robie,
I was able to get the new ppp package 2.4.9-1ubuntu3 yesterday. The network-manager-* packages, and likely the pptpd, rp-pppoe and connman packages will require a re-build. I haven't seen those being available on my local mirrors yet.
You able to kick off a build (at least for the network-manager* packages)?
Eivind Naess (eivnaes) wrote : | # |
The patches was merged into Jammy Jellyfish (22.04) by Robie Basak. Not sure if it makes sense to back-port them to into impish. In fact the entire issse/comment thread can probably be closed by now.
Unmerged commits
- 99eebc7... by Eivind Naess
-
Fix EAP-MSCHAPv2 and export 32-byte MPPE keys
Backported commit-id: d706c95906d9965
34f13632a747af5 dc617f306e
Backported commit-id: d7e62a8499c4032d79e05afbd8fd3e fd51c5b148 From ppp-project/ppp on Github
Signed-off-by: Eivind Næss <email address hidden>
- 5e01a99... by Simon Chopin
-
2.4.9-1+1ubuntu1 (patches unapplied)
Imported using git-ubuntu import.
Preview Diff
1 | diff --git a/debian/patches/eap-mschap-v2-namelen.patch b/debian/patches/eap-mschap-v2-namelen.patch |
2 | new file mode 100644 |
3 | index 0000000..f5cf55a |
4 | --- /dev/null |
5 | +++ b/debian/patches/eap-mschap-v2-namelen.patch |
6 | @@ -0,0 +1,13 @@ |
7 | +This fixes the length of the username when responding to an EAP MSCHAPv2 challenge. |
8 | +Index: ppp-2.4.9/pppd/eap.c |
9 | +=================================================================== |
10 | +--- ppp-2.4.9.orig/pppd/eap.c |
11 | ++++ ppp-2.4.9/pppd/eap.c |
12 | +@@ -2261,6 +2261,7 @@ eap_request(eap_state *esp, u_char *inp, |
13 | + eap_send_nak(esp, id, EAPT_SRP); |
14 | + break; |
15 | + } |
16 | ++ esp->es_client.ea_namelen = strlen(esp->es_client.ea_name); |
17 | + |
18 | + /* Create the MSCHAPv2 response (and add to cache) */ |
19 | + unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE |
20 | diff --git a/debian/patches/expose-mppe-keys-via-api.patch b/debian/patches/expose-mppe-keys-via-api.patch |
21 | new file mode 100644 |
22 | index 0000000..df12a58 |
23 | --- /dev/null |
24 | +++ b/debian/patches/expose-mppe-keys-via-api.patch |
25 | @@ -0,0 +1,864 @@ |
26 | +Index: ppp-2.4.9/pppd/Makefile.sol2 |
27 | +=================================================================== |
28 | +--- ppp-2.4.9.orig/pppd/Makefile.sol2 |
29 | ++++ ppp-2.4.9/pppd/Makefile.sol2 |
30 | +@@ -37,7 +37,7 @@ OBJS += ipv6cp.o eui64.o |
31 | + |
32 | + # Uncomment to enable MS-CHAP |
33 | + CFLAGS += -DUSE_CRYPT -DCHAPMS -DMSLANMAN -DHAVE_CRYPT_H |
34 | +-OBJS += chap_ms.o pppcrypt.o md4.o sha1.o |
35 | ++OBJS += chap_ms.o pppcrypt.o md4.o sha1.o mppe.o |
36 | + |
37 | + # Uncomment to enable MPPE (in both CHAP and EAP-TLS) |
38 | + CFLAGS += -DMPPE |
39 | +Index: ppp-2.4.9/pppd/ccp.c |
40 | +=================================================================== |
41 | +--- ppp-2.4.9.orig/pppd/ccp.c |
42 | ++++ ppp-2.4.9/pppd/ccp.c |
43 | +@@ -38,10 +38,9 @@ |
44 | + #include "ccp.h" |
45 | + #include <net/ppp-comp.h> |
46 | + |
47 | +-#ifdef MPPE |
48 | +-#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */ |
49 | ++#include "chap_ms.h" |
50 | ++#include "mppe.h" |
51 | + #include "lcp.h" /* lcp_close(), lcp_fsm */ |
52 | +-#endif |
53 | + |
54 | + |
55 | + /* |
56 | +@@ -574,7 +573,7 @@ ccp_resetci(fsm *f) |
57 | + } |
58 | + |
59 | + /* A plugin (eg radius) may not have obtained key material. */ |
60 | +- if (!mppe_keys_set) { |
61 | ++ if (!mppe_keys_isset()) { |
62 | + error("MPPE required, but keys are not available. " |
63 | + "Possible plugin problem?"); |
64 | + lcp_close(f->unit, "MPPE required but not available"); |
65 | +@@ -705,7 +704,7 @@ static void |
66 | + p[1] = opt_buf[1] = CILEN_MPPE; |
67 | + MPPE_OPTS_TO_CI(go->mppe, &p[2]); |
68 | + MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); |
69 | +- BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); |
70 | ++ mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); |
71 | + res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0); |
72 | + if (res > 0) |
73 | + p += CILEN_MPPE; |
74 | +@@ -1156,8 +1155,7 @@ ccp_reqci(fsm *f, u_char *p, int *lenp, |
75 | + int mtu; |
76 | + |
77 | + BCOPY(p, opt_buf, CILEN_MPPE); |
78 | +- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], |
79 | +- MPPE_MAX_KEY_LEN); |
80 | ++ mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); |
81 | + if (ccp_test(f->unit, opt_buf, |
82 | + CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) { |
83 | + /* This shouldn't happen, we've already tested it! */ |
84 | +@@ -1426,8 +1424,7 @@ ccp_up(fsm *f) |
85 | + notice("%s transmit compression enabled", method_name(ho, NULL)); |
86 | + #ifdef MPPE |
87 | + if (go->mppe) { |
88 | +- BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN); |
89 | +- BZERO(mppe_send_key, MPPE_MAX_KEY_LEN); |
90 | ++ mppe_clear_keys(); |
91 | + continue_networks(f->unit); /* Bring up IP et al */ |
92 | + } |
93 | + #endif |
94 | +Index: ppp-2.4.9/pppd/chap_ms.c |
95 | +=================================================================== |
96 | +--- ppp-2.4.9.orig/pppd/chap_ms.c |
97 | ++++ ppp-2.4.9/pppd/chap_ms.c |
98 | +@@ -93,7 +93,7 @@ |
99 | + #include <openssl/sha.h> |
100 | + #include "pppcrypt.h" |
101 | + #include "magic.h" |
102 | +- |
103 | ++#include "mppe.h" |
104 | + |
105 | + |
106 | + static void ascii2unicode (char[], int, u_char[]); |
107 | +@@ -109,10 +109,6 @@ static void GenerateAuthenticatorRespons |
108 | + static void ChapMS_LANMan (u_char *, char *, int, u_char *); |
109 | + #endif |
110 | + |
111 | +-#ifdef MPPE |
112 | +-static void Set_Start_Key (u_char *, char *, int); |
113 | +-static void SetMasterKeys (char *, int, u_char[24], int); |
114 | +-#endif |
115 | + |
116 | + #ifdef MSLANMAN |
117 | + bool ms_lanman = 0; /* Use LanMan password instead of NT */ |
118 | +@@ -120,10 +116,6 @@ bool ms_lanman = 0; /* Use LanMan pa |
119 | + #endif |
120 | + |
121 | + #ifdef MPPE |
122 | +-u_char mppe_send_key[MPPE_MAX_KEY_LEN]; |
123 | +-u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; |
124 | +-int mppe_keys_set = 0; /* Have the MPPE keys been set? */ |
125 | +- |
126 | + #ifdef DEBUGMPPEKEY |
127 | + /* For MPPE debug */ |
128 | + /* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */ |
129 | +@@ -705,32 +697,8 @@ GenerateAuthenticatorResponsePlain |
130 | + rchallenge, username, authResponse); |
131 | + } |
132 | + |
133 | +- |
134 | + #ifdef MPPE |
135 | + /* |
136 | +- * Set mppe_xxxx_key from the NTPasswordHashHash. |
137 | +- * RFC 2548 (RADIUS support) requires us to export this function (ugh). |
138 | +- */ |
139 | +-void |
140 | +-mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) |
141 | +-{ |
142 | +- SHA_CTX sha1Context; |
143 | +- u_char Digest[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */ |
144 | +- |
145 | +- SHA1_Init(&sha1Context); |
146 | +- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); |
147 | +- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); |
148 | +- SHA1_Update(&sha1Context, rchallenge, 8); |
149 | +- SHA1_Final(Digest, &sha1Context); |
150 | +- |
151 | +- /* Same key in both directions. */ |
152 | +- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key)); |
153 | +- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key)); |
154 | +- |
155 | +- mppe_keys_set = 1; |
156 | +-} |
157 | +- |
158 | +-/* |
159 | + * Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079) |
160 | + */ |
161 | + static void |
162 | +@@ -744,105 +712,7 @@ Set_Start_Key(u_char *rchallenge, char * |
163 | + ascii2unicode(secret, secret_len, unicodePassword); |
164 | + NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); |
165 | + NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); |
166 | +- |
167 | +- mppe_set_keys(rchallenge, PasswordHashHash); |
168 | +-} |
169 | +- |
170 | +-/* |
171 | +- * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079) |
172 | +- * |
173 | +- * This helper function used in the Winbind module, which gets the |
174 | +- * NTHashHash from the server. |
175 | +- */ |
176 | +-void |
177 | +-mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], |
178 | +- u_char NTResponse[24], int IsServer) |
179 | +-{ |
180 | +- SHA_CTX sha1Context; |
181 | +- u_char MasterKey[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */ |
182 | +- u_char Digest[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */ |
183 | +- |
184 | +- u_char SHApad1[40] = |
185 | +- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
186 | +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
187 | +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
188 | +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; |
189 | +- u_char SHApad2[40] = |
190 | +- { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, |
191 | +- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, |
192 | +- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, |
193 | +- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; |
194 | +- |
195 | +- /* "This is the MPPE Master Key" */ |
196 | +- u_char Magic1[27] = |
197 | +- { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, |
198 | +- 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, |
199 | +- 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; |
200 | +- /* "On the client side, this is the send key; " |
201 | +- "on the server side, it is the receive key." */ |
202 | +- u_char Magic2[84] = |
203 | +- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, |
204 | +- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, |
205 | +- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, |
206 | +- 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, |
207 | +- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, |
208 | +- 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, |
209 | +- 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, |
210 | +- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, |
211 | +- 0x6b, 0x65, 0x79, 0x2e }; |
212 | +- /* "On the client side, this is the receive key; " |
213 | +- "on the server side, it is the send key." */ |
214 | +- u_char Magic3[84] = |
215 | +- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, |
216 | +- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, |
217 | +- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, |
218 | +- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, |
219 | +- 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, |
220 | +- 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, |
221 | +- 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, |
222 | +- 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, |
223 | +- 0x6b, 0x65, 0x79, 0x2e }; |
224 | +- u_char *s; |
225 | +- |
226 | +- SHA1_Init(&sha1Context); |
227 | +- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); |
228 | +- SHA1_Update(&sha1Context, NTResponse, 24); |
229 | +- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); |
230 | +- SHA1_Final(MasterKey, &sha1Context); |
231 | +- |
232 | +- /* |
233 | +- * generate send key |
234 | +- */ |
235 | +- if (IsServer) |
236 | +- s = Magic3; |
237 | +- else |
238 | +- s = Magic2; |
239 | +- SHA1_Init(&sha1Context); |
240 | +- SHA1_Update(&sha1Context, MasterKey, 16); |
241 | +- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); |
242 | +- SHA1_Update(&sha1Context, s, 84); |
243 | +- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); |
244 | +- SHA1_Final(Digest, &sha1Context); |
245 | +- |
246 | +- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key)); |
247 | +- |
248 | +- /* |
249 | +- * generate recv key |
250 | +- */ |
251 | +- if (IsServer) |
252 | +- s = Magic2; |
253 | +- else |
254 | +- s = Magic3; |
255 | +- SHA1_Init(&sha1Context); |
256 | +- SHA1_Update(&sha1Context, MasterKey, 16); |
257 | +- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); |
258 | +- SHA1_Update(&sha1Context, s, 84); |
259 | +- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); |
260 | +- SHA1_Final(Digest, &sha1Context); |
261 | +- |
262 | +- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key)); |
263 | +- |
264 | +- mppe_keys_set = 1; |
265 | ++ mppe_set_chapv1(rchallenge, PasswordHashHash); |
266 | + } |
267 | + |
268 | + /* |
269 | +@@ -858,12 +728,11 @@ SetMasterKeys(char *secret, int secret_l |
270 | + ascii2unicode(secret, secret_len, unicodePassword); |
271 | + NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); |
272 | + NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); |
273 | +- mppe_set_keys2(PasswordHashHash, NTResponse, IsServer); |
274 | ++ mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer); |
275 | + } |
276 | + |
277 | + #endif /* MPPE */ |
278 | + |
279 | +- |
280 | + void |
281 | + ChapMS(u_char *rchallenge, char *secret, int secret_len, |
282 | + unsigned char *response) |
283 | +@@ -933,39 +802,6 @@ ChapMS2(u_char *rchallenge, u_char *Peer |
284 | + #endif |
285 | + } |
286 | + |
287 | +-#ifdef MPPE |
288 | +-/* |
289 | +- * Set MPPE options from plugins. |
290 | +- */ |
291 | +-void |
292 | +-set_mppe_enc_types(int policy, int types) |
293 | +-{ |
294 | +- /* Early exit for unknown policies. */ |
295 | +- if (policy != MPPE_ENC_POL_ENC_ALLOWED || |
296 | +- policy != MPPE_ENC_POL_ENC_REQUIRED) |
297 | +- return; |
298 | +- |
299 | +- /* Don't modify MPPE if it's optional and wasn't already configured. */ |
300 | +- if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe) |
301 | +- return; |
302 | +- |
303 | +- /* |
304 | +- * Disable undesirable encryption types. Note that we don't ENABLE |
305 | +- * any encryption types, to avoid overriding manual configuration. |
306 | +- */ |
307 | +- switch(types) { |
308 | +- case MPPE_ENC_TYPES_RC4_40: |
309 | +- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */ |
310 | +- break; |
311 | +- case MPPE_ENC_TYPES_RC4_128: |
312 | +- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */ |
313 | +- break; |
314 | +- default: |
315 | +- break; |
316 | +- } |
317 | +-} |
318 | +-#endif /* MPPE */ |
319 | +- |
320 | + static struct chap_digest_type chapms_digest = { |
321 | + CHAP_MICROSOFT, /* code */ |
322 | + chapms_generate_challenge, |
323 | +Index: ppp-2.4.9/pppd/chap_ms.h |
324 | +=================================================================== |
325 | +--- ppp-2.4.9.orig/pppd/chap_ms.h |
326 | ++++ ppp-2.4.9/pppd/chap_ms.h |
327 | +@@ -38,6 +38,7 @@ |
328 | + #define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */ |
329 | + #define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */ |
330 | + #define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */ |
331 | ++#define MS_AUTH_NTRESP_LEN 24 /* Length of NT-response field */ |
332 | + /* as ASCII */ |
333 | + |
334 | + /* E=eeeeeeeeee error codes for MS-CHAP failure messages. */ |
335 | +@@ -67,22 +68,6 @@ |
336 | + #define MS_CHAP2_NTRESP_LEN 24 |
337 | + #define MS_CHAP2_FLAGS 48 |
338 | + |
339 | +-#ifdef MPPE |
340 | +-#include "mppe.h" /* MPPE_MAX_KEY_LEN */ |
341 | +-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]; |
342 | +-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; |
343 | +-extern int mppe_keys_set; |
344 | +- |
345 | +-/* These values are the RADIUS attribute values--see RFC 2548. */ |
346 | +-#define MPPE_ENC_POL_ENC_ALLOWED 1 |
347 | +-#define MPPE_ENC_POL_ENC_REQUIRED 2 |
348 | +-#define MPPE_ENC_TYPES_RC4_40 2 |
349 | +-#define MPPE_ENC_TYPES_RC4_128 4 |
350 | +- |
351 | +-/* used by plugins (using above values) */ |
352 | +-extern void set_mppe_enc_types(int, int); |
353 | +-#endif |
354 | +- |
355 | + /* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */ |
356 | + #define MS_CHAP2_AUTHENTICATEE 0 |
357 | + #define MS_CHAP2_AUTHENTICATOR 1 |
358 | +@@ -90,12 +75,6 @@ extern void set_mppe_enc_types(int, int) |
359 | + void ChapMS (u_char *, char *, int, u_char *); |
360 | + void ChapMS2 (u_char *, u_char *, char *, char *, int, |
361 | + u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int); |
362 | +-#ifdef MPPE |
363 | +-void mppe_set_keys (u_char *, u_char[MD4_SIGNATURE_SIZE]); |
364 | +-void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], |
365 | +- u_char NTResponse[24], int IsServer); |
366 | +-#endif |
367 | +- |
368 | + void ChallengeHash (u_char[16], u_char *, char *, u_char[8]); |
369 | + |
370 | + void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], |
371 | +Index: ppp-2.4.9/pppd/eap-tls.c |
372 | +=================================================================== |
373 | +--- ppp-2.4.9.orig/pppd/eap-tls.c |
374 | ++++ ppp-2.4.9/pppd/eap-tls.c |
375 | +@@ -48,6 +48,8 @@ |
376 | + #include "eap-tls.h" |
377 | + #include "fsm.h" |
378 | + #include "lcp.h" |
379 | ++#include "chap_ms.h" |
380 | ++#include "mppe.h" |
381 | + #include "pathnames.h" |
382 | + |
383 | + typedef struct pw_cb_data |
384 | +@@ -72,10 +74,6 @@ int ssl_new_session_cb(SSL *s, SSL_SESSI |
385 | + X509 *get_X509_from_file(char *filename); |
386 | + int ssl_cmp_certs(char *filename, X509 * a); |
387 | + |
388 | +-#ifdef MPPE |
389 | +- |
390 | +-#define EAPTLS_MPPE_KEY_LEN 32 |
391 | +- |
392 | + /* |
393 | + * OpenSSL 1.1+ introduced a generic TLS_method() |
394 | + * For older releases we substitute the appropriate method |
395 | +@@ -118,6 +116,10 @@ static inline int SSL_CTX_set_max_proto_ |
396 | + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
397 | + |
398 | + |
399 | ++#ifdef MPPE |
400 | ++ |
401 | ++#define EAPTLS_MPPE_KEY_LEN 32 |
402 | ++ |
403 | + /* |
404 | + * Generate keys according to RFC 2716 and add to reply |
405 | + */ |
406 | +@@ -159,20 +161,12 @@ void eaptls_gen_mppe_keys(struct eaptls_ |
407 | + */ |
408 | + if (client) |
409 | + { |
410 | +- p = out; |
411 | +- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) ); |
412 | +- p += EAPTLS_MPPE_KEY_LEN; |
413 | +- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); |
414 | ++ mppe_set_keys(out, out + EAPTLS_MPPE_KEY_LEN, EAPTLS_MPPE_KEY_LEN); |
415 | + } |
416 | + else |
417 | + { |
418 | +- p = out; |
419 | +- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); |
420 | +- p += EAPTLS_MPPE_KEY_LEN; |
421 | +- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) ); |
422 | ++ mppe_set_keys(out + EAPTLS_MPPE_KEY_LEN, out, EAPTLS_MPPE_KEY_LEN); |
423 | + } |
424 | +- |
425 | +- mppe_keys_set = 1; |
426 | + } |
427 | + |
428 | + #endif /* MPPE */ |
429 | +Index: ppp-2.4.9/pppd/eap-tls.h |
430 | +=================================================================== |
431 | +--- ppp-2.4.9.orig/pppd/eap-tls.h |
432 | ++++ ppp-2.4.9/pppd/eap-tls.h |
433 | +@@ -85,11 +85,6 @@ int get_eaptls_secret(int unit, char *cl |
434 | + char *capath, char *pkfile, int am_server); |
435 | + |
436 | + #ifdef MPPE |
437 | +-#include "mppe.h" /* MPPE_MAX_KEY_LEN */ |
438 | +-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]; |
439 | +-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; |
440 | +-extern int mppe_keys_set; |
441 | +- |
442 | + void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client); |
443 | + #endif |
444 | + |
445 | +Index: ppp-2.4.9/pppd/mppe.c |
446 | +=================================================================== |
447 | +--- /dev/null |
448 | ++++ ppp-2.4.9/pppd/mppe.c |
449 | +@@ -0,0 +1,248 @@ |
450 | ++/* * mppe.c - MPPE key implementation |
451 | ++ * |
452 | ++ * Copyright (c) 2020 Eivind Naess. All rights reserved. |
453 | ++ * Copyright (c) 2008 Paul Mackerras. All rights reserved. |
454 | ++ * |
455 | ++ * Redistribution and use in source and binary forms, with or without |
456 | ++ * modification, are permitted provided that the following conditions |
457 | ++ * are met: |
458 | ++ * |
459 | ++ * 1. Redistributions of source code must retain the above copyright |
460 | ++ * notice, this list of conditions and the following disclaimer. |
461 | ++ * |
462 | ++ * 2. Redistributions in binary form must reproduce the above copyright |
463 | ++ * notice, this list of conditions and the following disclaimer in |
464 | ++ * the documentation and/or other materials provided with the |
465 | ++ * distribution. |
466 | ++ * |
467 | ++ * 3. The name(s) of the authors of this software must not be used to |
468 | ++ * endorse or promote products derived from this software without |
469 | ++ * prior written permission. |
470 | ++ * |
471 | ++ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO |
472 | ++ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY |
473 | ++ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY |
474 | ++ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
475 | ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN |
476 | ++ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
477 | ++ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
478 | ++ * |
479 | ++ */ |
480 | ++ |
481 | ++#include <string.h> |
482 | ++ |
483 | ++#include "pppd.h" |
484 | ++#include "fsm.h" |
485 | ++#include "ccp.h" |
486 | ++#include "chap_ms.h" |
487 | ++#include "mppe.h" |
488 | ++#include <openssl/sha.h> |
489 | ++#include <openssl/md4.h> |
490 | ++ |
491 | ++u_char mppe_send_key[MPPE_MAX_KEY_SIZE]; |
492 | ++u_char mppe_recv_key[MPPE_MAX_KEY_SIZE]; |
493 | ++int mppe_keys_set = 0; |
494 | ++ |
495 | ++void |
496 | ++mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen) |
497 | ++{ |
498 | ++ int length = keylen; |
499 | ++ if (length > MPPE_MAX_KEY_SIZE) |
500 | ++ length = MPPE_MAX_KEY_SIZE; |
501 | ++ |
502 | ++ if (send_key) { |
503 | ++ BCOPY(send_key, mppe_send_key, length); |
504 | ++ BZERO(send_key, keylen); |
505 | ++ } |
506 | ++ |
507 | ++ if (recv_key) { |
508 | ++ BCOPY(recv_key, mppe_recv_key, length); |
509 | ++ BZERO(recv_key, keylen); |
510 | ++ } |
511 | ++ |
512 | ++ mppe_keys_set = length; |
513 | ++} |
514 | ++ |
515 | ++bool |
516 | ++mppe_keys_isset() |
517 | ++{ |
518 | ++ return !!mppe_keys_set; |
519 | ++} |
520 | ++ |
521 | ++int |
522 | ++mppe_get_recv_key(u_char *recv_key, int length) |
523 | ++{ |
524 | ++ if (mppe_keys_isset()) { |
525 | ++ if (length > mppe_keys_set) |
526 | ++ length = mppe_keys_set; |
527 | ++ BCOPY(mppe_recv_key, recv_key, length); |
528 | ++ return length; |
529 | ++ } |
530 | ++ return 0; |
531 | ++} |
532 | ++ |
533 | ++int |
534 | ++mppe_get_send_key(u_char *send_key, int length) |
535 | ++{ |
536 | ++ if (mppe_keys_isset()) { |
537 | ++ if (length > mppe_keys_set) |
538 | ++ length = mppe_keys_set; |
539 | ++ BCOPY(mppe_send_key, send_key, length); |
540 | ++ return length; |
541 | ++ } |
542 | ++ return 0; |
543 | ++} |
544 | ++ |
545 | ++void |
546 | ++mppe_clear_keys(void) |
547 | ++{ |
548 | ++ mppe_keys_set = 0; |
549 | ++ BZERO(mppe_send_key, sizeof(mppe_send_key)); |
550 | ++ BZERO(mppe_recv_key, sizeof(mppe_recv_key)); |
551 | ++} |
552 | ++ |
553 | ++/* |
554 | ++ * Set mppe_xxxx_key from the NTPasswordHashHash. |
555 | ++ * RFC 2548 (RADIUS support) requires us to export this function (ugh). |
556 | ++ */ |
557 | ++void |
558 | ++mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) |
559 | ++{ |
560 | ++ SHA_CTX sha1Context; |
561 | ++ u_char Digest[SHA_DIGEST_LENGTH]; |
562 | ++ |
563 | ++ SHA1_Init(&sha1Context); |
564 | ++ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); |
565 | ++ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); |
566 | ++ SHA1_Update(&sha1Context, rchallenge, 8); |
567 | ++ SHA1_Final(Digest, &sha1Context); |
568 | ++ |
569 | ++ /* Same key in both directions. */ |
570 | ++ mppe_set_keys(Digest, Digest, sizeof(Digest)); |
571 | ++} |
572 | ++ |
573 | ++/* |
574 | ++ * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079) |
575 | ++ * |
576 | ++ * This helper function used in the Winbind module, which gets the |
577 | ++ * NTHashHash from the server. |
578 | ++ */ |
579 | ++void |
580 | ++mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], |
581 | ++ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer) |
582 | ++{ |
583 | ++ SHA_CTX sha1Context; |
584 | ++ u_char MasterKey[SHA_DIGEST_LENGTH]; |
585 | ++ u_char SendKey[SHA_DIGEST_LENGTH]; |
586 | ++ u_char RecvKey[SHA_DIGEST_LENGTH]; |
587 | ++ |
588 | ++ u_char SHApad1[40] = |
589 | ++ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
590 | ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
591 | ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
592 | ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; |
593 | ++ u_char SHApad2[40] = |
594 | ++ { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, |
595 | ++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, |
596 | ++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, |
597 | ++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; |
598 | ++ |
599 | ++ /* "This is the MPPE Master Key" */ |
600 | ++ u_char Magic1[27] = |
601 | ++ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, |
602 | ++ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, |
603 | ++ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; |
604 | ++ /* "On the client side, this is the send key; " |
605 | ++ "on the server side, it is the receive key." */ |
606 | ++ u_char Magic2[84] = |
607 | ++ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, |
608 | ++ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, |
609 | ++ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, |
610 | ++ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, |
611 | ++ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, |
612 | ++ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, |
613 | ++ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, |
614 | ++ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, |
615 | ++ 0x6b, 0x65, 0x79, 0x2e }; |
616 | ++ /* "On the client side, this is the receive key; " |
617 | ++ "on the server side, it is the send key." */ |
618 | ++ u_char Magic3[84] = |
619 | ++ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, |
620 | ++ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, |
621 | ++ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, |
622 | ++ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, |
623 | ++ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, |
624 | ++ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, |
625 | ++ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, |
626 | ++ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, |
627 | ++ 0x6b, 0x65, 0x79, 0x2e }; |
628 | ++ u_char *s; |
629 | ++ |
630 | ++ SHA1_Init(&sha1Context); |
631 | ++ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); |
632 | ++ SHA1_Update(&sha1Context, NTResponse, 24); |
633 | ++ SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); |
634 | ++ SHA1_Final(MasterKey, &sha1Context); |
635 | ++ |
636 | ++ /* |
637 | ++ * generate send key |
638 | ++ */ |
639 | ++ if (IsServer) |
640 | ++ s = Magic3; |
641 | ++ else |
642 | ++ s = Magic2; |
643 | ++ SHA1_Init(&sha1Context); |
644 | ++ SHA1_Update(&sha1Context, MasterKey, 16); |
645 | ++ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); |
646 | ++ SHA1_Update(&sha1Context, s, 84); |
647 | ++ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); |
648 | ++ SHA1_Final(SendKey, &sha1Context); |
649 | ++ |
650 | ++ /* |
651 | ++ * generate recv key |
652 | ++ */ |
653 | ++ if (IsServer) |
654 | ++ s = Magic2; |
655 | ++ else |
656 | ++ s = Magic3; |
657 | ++ SHA1_Init(&sha1Context); |
658 | ++ SHA1_Update(&sha1Context, MasterKey, 16); |
659 | ++ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); |
660 | ++ SHA1_Update(&sha1Context, s, 84); |
661 | ++ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); |
662 | ++ SHA1_Final(RecvKey, &sha1Context); |
663 | ++ |
664 | ++ mppe_set_keys(SendKey, RecvKey, SHA_DIGEST_LENGTH); |
665 | ++} |
666 | ++ |
667 | ++/* |
668 | ++ * Set MPPE options from plugins. |
669 | ++ */ |
670 | ++void |
671 | ++mppe_set_enc_types(int policy, int types) |
672 | ++{ |
673 | ++ /* Early exit for unknown policies. */ |
674 | ++ if (policy != MPPE_ENC_POL_ENC_ALLOWED && |
675 | ++ policy != MPPE_ENC_POL_ENC_REQUIRED) |
676 | ++ return; |
677 | ++ |
678 | ++ /* Don't modify MPPE if it's optional and wasn't already configured. */ |
679 | ++ if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe) |
680 | ++ return; |
681 | ++ |
682 | ++ /* |
683 | ++ * Disable undesirable encryption types. Note that we don't ENABLE |
684 | ++ * any encryption types, to avoid overriding manual configuration. |
685 | ++ */ |
686 | ++ switch(types) { |
687 | ++ case MPPE_ENC_TYPES_RC4_40: |
688 | ++ ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */ |
689 | ++ break; |
690 | ++ case MPPE_ENC_TYPES_RC4_128: |
691 | ++ ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */ |
692 | ++ break; |
693 | ++ default: |
694 | ++ break; |
695 | ++ } |
696 | ++} |
697 | ++ |
698 | +Index: ppp-2.4.9/pppd/mppe.h |
699 | +=================================================================== |
700 | +--- ppp-2.4.9.orig/pppd/mppe.h |
701 | ++++ ppp-2.4.9/pppd/mppe.h |
702 | +@@ -32,9 +32,12 @@ |
703 | + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
704 | + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
705 | + */ |
706 | ++#ifndef __MPPE_H__ |
707 | ++#define __MPPE_H__ |
708 | + |
709 | + #define MPPE_PAD 4 /* MPPE growth per frame */ |
710 | +-#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */ |
711 | ++#define MPPE_MAX_KEY_SIZE 32 /* Largest key length */ |
712 | ++#define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */ |
713 | + |
714 | + /* option bits for ccp_options.mppe */ |
715 | + #define MPPE_OPT_40 0x01 /* 40 bit */ |
716 | +@@ -119,3 +122,68 @@ |
717 | + if (ptr[3] & ~MPPE_ALL_BITS) \ |
718 | + opts |= MPPE_OPT_UNKNOWN; \ |
719 | + } while (/* CONSTCOND */ 0) |
720 | ++ |
721 | ++ |
722 | ++#if MPPE |
723 | ++ |
724 | ++/* |
725 | ++ * NOTE: |
726 | ++ * Access to these variables directly is discuraged. Please |
727 | ++ * change your code to use below accessor functions. |
728 | ++ */ |
729 | ++ |
730 | ++/* The key material generated which is used for MPPE send key */ |
731 | ++extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE]; |
732 | ++/* The key material generated which is used for MPPE recv key */ |
733 | ++extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE]; |
734 | ++/* Keys are set if value is non-zero */ |
735 | ++extern int mppe_keys_set; |
736 | ++ |
737 | ++/* These values are the RADIUS attribute values--see RFC 2548. */ |
738 | ++#define MPPE_ENC_POL_ENC_ALLOWED 1 |
739 | ++#define MPPE_ENC_POL_ENC_REQUIRED 2 |
740 | ++#define MPPE_ENC_TYPES_RC4_40 2 |
741 | ++#define MPPE_ENC_TYPES_RC4_128 4 |
742 | ++ |
743 | ++/* used by plugins (using above values) */ |
744 | ++void mppe_set_enc_types (int policy, int types); |
745 | ++ |
746 | ++/* |
747 | ++ * Set the MPPE send and recv keys. NULL values for keys are ignored |
748 | ++ * and input values are cleared to avoid leaving them on the stack |
749 | ++ */ |
750 | ++void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen); |
751 | ++ |
752 | ++/* |
753 | ++ * Get the MPPE recv key |
754 | ++ */ |
755 | ++int mppe_get_recv_key(u_char *recv_key, int length); |
756 | ++ |
757 | ++/* |
758 | ++ * Get the MPPE send key |
759 | ++ */ |
760 | ++int mppe_get_send_key(u_char *send_key, int length); |
761 | ++ |
762 | ++/* |
763 | ++ * Clear the MPPE keys |
764 | ++ */ |
765 | ++void mppe_clear_keys(void); |
766 | ++ |
767 | ++/* |
768 | ++ * Check if the MPPE keys are set |
769 | ++ */ |
770 | ++bool mppe_keys_isset(void); |
771 | ++ |
772 | ++/* |
773 | ++ * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079 |
774 | ++ */ |
775 | ++void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]); |
776 | ++ |
777 | ++/* |
778 | ++ * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079 |
779 | ++ */ |
780 | ++void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], |
781 | ++ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer); |
782 | ++ |
783 | ++#endif // #ifdef MPPE |
784 | ++#endif // #ifdef __MPPE_H__ |
785 | +Index: ppp-2.4.9/pppd/plugins/radius/radius.c |
786 | +=================================================================== |
787 | +--- ppp-2.4.9.orig/pppd/plugins/radius/radius.c |
788 | ++++ ppp-2.4.9/pppd/plugins/radius/radius.c |
789 | +@@ -31,6 +31,7 @@ static char const RCSID[] = |
790 | + #ifdef CHAPMS |
791 | + #include "chap_ms.h" |
792 | + #ifdef MPPE |
793 | ++#include "mppe.h" |
794 | + #include <openssl/md5.h> |
795 | + #endif |
796 | + #endif |
797 | +@@ -743,11 +744,12 @@ radius_setparams(VALUE_PAIR *vp, char *m |
798 | + * Note that if the policy value was '0' we don't set the key! |
799 | + */ |
800 | + if (mppe_enc_policy && mppe_enc_keys) { |
801 | +- mppe_keys_set = 1; |
802 | + /* Set/modify allowed encryption types. */ |
803 | + if (mppe_enc_types) |
804 | +- set_mppe_enc_types(mppe_enc_policy, mppe_enc_types); |
805 | ++ mppe_set_enc_types(mppe_enc_policy, mppe_enc_types); |
806 | ++ return 0; |
807 | + } |
808 | ++ mppe_clear_keys(); |
809 | + #endif |
810 | + |
811 | + return 0; |
812 | +@@ -803,7 +805,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUE |
813 | + * the NAS (us) doesn't need; we only need the start key. So we have |
814 | + * to generate the start key, sigh. NB: We do not support the LM-Key. |
815 | + */ |
816 | +- mppe_set_keys(challenge, &plain[8]); |
817 | ++ mppe_set_chapv1(challenge, &plain[8]); |
818 | + |
819 | + return 0; |
820 | + } |
821 | +@@ -855,7 +857,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQU |
822 | + for (i = 0; i < 16; i++) |
823 | + plain[i] ^= buf[i]; |
824 | + |
825 | +- if (plain[0] != sizeof(mppe_send_key) /* 16 */) { |
826 | ++ if (plain[0] != 16) { |
827 | + error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute", |
828 | + (int) plain[0], type); |
829 | + return -1; |
830 | +@@ -869,9 +871,9 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQU |
831 | + plain[16] ^= buf[0]; /* only need the first byte */ |
832 | + |
833 | + if (vp->attribute == PW_MS_MPPE_SEND_KEY) |
834 | +- memcpy(mppe_send_key, plain + 1, 16); |
835 | ++ mppe_set_keys(plain + 1, NULL, 16); |
836 | + else |
837 | +- memcpy(mppe_recv_key, plain + 1, 16); |
838 | ++ mppe_set_keys(NULL, plain + 1, 16); |
839 | + |
840 | + return 0; |
841 | + } |
842 | +Index: ppp-2.4.9/pppd/plugins/winbind.c |
843 | +=================================================================== |
844 | +--- ppp-2.4.9.orig/pppd/plugins/winbind.c |
845 | ++++ ppp-2.4.9/pppd/plugins/winbind.c |
846 | +@@ -37,11 +37,9 @@ |
847 | + #include "pppd.h" |
848 | + #include "chap-new.h" |
849 | + #include "chap_ms.h" |
850 | +-#ifdef MPPE |
851 | +-#include <openssl/md5.h> |
852 | +-#endif |
853 | + #include "fsm.h" |
854 | + #include "ipcp.h" |
855 | ++#include "mppe.h" |
856 | + #include <syslog.h> |
857 | + #include <sys/types.h> |
858 | + #include <sys/stat.h> |
859 | +@@ -583,7 +581,7 @@ winbind_chap_verify(char *user, char *ou |
860 | + nt_response, nt_response_size, |
861 | + session_key, |
862 | + &error_string) == AUTHENTICATED) { |
863 | +- mppe_set_keys(challenge, session_key); |
864 | ++ mppe_set_chapv1(challenge, session_key); |
865 | + slprintf(message, message_space, "Access granted"); |
866 | + return AUTHENTICATED; |
867 | + |
868 | +@@ -628,7 +626,7 @@ winbind_chap_verify(char *user, char *ou |
869 | + &response[MS_CHAP2_NTRESP], |
870 | + &response[MS_CHAP2_PEER_CHALLENGE], |
871 | + challenge, user, saresponse); |
872 | +- mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP], |
873 | ++ mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP], |
874 | + MS_CHAP2_AUTHENTICATOR); |
875 | + if (response[MS_CHAP2_FLAGS]) { |
876 | + slprintf(message, message_space, "S=%s", saresponse); |
877 | +Index: ppp-2.4.9/pppd/Makefile.linux |
878 | +=================================================================== |
879 | +--- ppp-2.4.9.orig/pppd/Makefile.linux |
880 | ++++ ppp-2.4.9/pppd/Makefile.linux |
881 | +@@ -105,6 +105,8 @@ CFLAGS += -DMSLANMAN=1 |
882 | + endif |
883 | + ifdef MPPE |
884 | + CFLAGS += -DMPPE=1 |
885 | ++PPPDOBJS += mppe.o |
886 | ++PPPDSRC += mppe.c |
887 | + HEADERS += mppe.h |
888 | + endif |
889 | + endif |
890 | diff --git a/debian/patches/series b/debian/patches/series |
891 | index 21f90f7..1d308c2 100644 |
892 | --- a/debian/patches/series |
893 | +++ b/debian/patches/series |
894 | @@ -15,3 +15,5 @@ resolv.conf_no_log |
895 | zzz_config |
896 | pppd-soname-hack.patch |
897 | replace-vendored-hash-functions.patch |
898 | +eap-mschap-v2-namelen.patch |
899 | +expose-mppe-keys-via-api.patch |
900 | diff --git a/debian/ppp.symbols b/debian/ppp.symbols |
901 | index cc04633..05e1085 100644 |
902 | --- a/debian/ppp.symbols |
903 | +++ b/debian/ppp.symbols |
904 | @@ -1,11 +1,11 @@ |
905 | pppd.so.2.4.9 ppp #MINVER# |
906 | * Build-Depends-Package: ppp-dev |
907 | # Ignore all symbols that start with an underscore in the Base module |
908 | - (regex|optional)"^_.*@Base$" 2.4.7-1+2~ |
909 | + (regex|optional)"^_.*@Base$" 2.4.9-1+1~ |
910 | # Ignore $global$ which seems to appear on hppa only |
911 | - (optional)$global$@Base 2.4.7-1+2~ |
912 | + (optional)$global$@Base 2.4.9-1+1~ |
913 | # Ignore everything that claims it's part of glibc |
914 | - (regex|optional)"@GLIBC_" 2.4.7-1+2~ |
915 | + (regex|optional)"@GLIBC_" 2.4.9-1+1~ |
916 | # All others should be pppd symbols |
917 | ChallengeHash@Base 2.4.7-1+2~ |
918 | ChapMS2@Base 2.4.7-1+2~ |
919 | @@ -302,11 +302,17 @@ pppd.so.2.4.9 ppp #MINVER# |
920 | mp_check_options@Base 2.4.7-1+2~ |
921 | mp_exit_bundle@Base 2.4.7-1+2~ |
922 | mp_join_bundle@Base 2.4.7-1+2~ |
923 | + mppe_clear_keys@Base 2.4.9-1+1~ |
924 | + mppe_get_recv_key@Base 2.4.9-1+1~ |
925 | + mppe_get_send_key@Base 2.4.9-1+1~ |
926 | + mppe_keys_isset@Base 2.4.9-1+1~ |
927 | mppe_keys_set@Base 2.4.7-1+2~ |
928 | mppe_recv_key@Base 2.4.7-1+2~ |
929 | mppe_send_key@Base 2.4.7-1+2~ |
930 | - mppe_set_keys2@Base 2.4.7-1+2~ |
931 | mppe_set_keys@Base 2.4.7-1+2~ |
932 | + mppe_set_chapv1@Base 2.4.9-1+1~ |
933 | + mppe_set_chapv2@Base 2.4.9-1+1~ |
934 | + mppe_set_enc_types@Base 2.4.9-1+1~ |
935 | multilink@Base 2.4.7-1+2~ |
936 | multilink_join_hook@Base 2.4.7-1+2~ |
937 | multilink_master@Base 2.4.7-1+2~ |
938 | @@ -419,7 +425,6 @@ pppd.so.2.4.9 ppp #MINVER# |
939 | session_start@Base 2.4.7-1+2~ |
940 | set_filters@Base 2.4.7-1+2~ |
941 | set_ifunit@Base 2.4.7-1+2~ |
942 | - set_mppe_enc_types@Base 2.4.7-1+2~ |
943 | set_up_tty@Base 2.4.7-1+2~ |
944 | setdtr@Base 2.4.7-1+2~ |
945 | setipaddr@Base 2.4.7-1+2~ |
While the patch itself is substantial, the request seems reasonable.
I've reviewed it as much as I could (I'm not familiar with this area of the ppp code) and I didn't see any obvious problems with it. The comments in https:/ /github. com/ppp- project/ ppp/issues/ 258 where particularly helpful in understanding the ins and outs of the patch.
This is a +1 from me, assuming proper testing afterwards from OP.