From 34d0ad4986a2d93f4c82f3a76e6f76f284c9e7a4 Mon Sep 17 00:00:00 2001 From: brian Date: Tue, 7 Nov 2000 23:19:11 +0000 Subject: Introduce another global (MPPE_IsServer) so that we initiate the MPPE session keys correctly. I'm a bit dubious about this code. It seems that the session keys are initialised differently based on whether you're the client or the server. One side is the server if it issues the first challenge, but of course you can issue a challenge from both sides.... at the same time. Sounds like another wonderful M$ assumption... Ppp can now talk to itself correctly using encryption. Problem solved by: Ustimenko Semen Hair torn out by: me --- usr.sbin/ppp/chap.c | 13 ++++++++----- usr.sbin/ppp/mppe.c | 7 +++++-- usr.sbin/ppp/mppe.h | 1 + 3 files changed, 14 insertions(+), 7 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/ppp/chap.c b/usr.sbin/ppp/chap.c index be41362..437fbc1 100644 --- a/usr.sbin/ppp/chap.c +++ b/usr.sbin/ppp/chap.c @@ -203,7 +203,7 @@ chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, u_char type expkey, klen * 2, ntresponse); /* Generate MPPE MASTERKEY */ - GetMasterKey(pwdhashhash, ntresponse, MPPE_MasterKey); + GetMasterKey(pwdhashhash, ntresponse, MPPE_MasterKey); /* XXX Global ! */ /* Generate AUTHRESPONSE to verify on auth success */ GenerateAuthenticatorResponse(expkey, klen * 2, ntresponse, @@ -371,6 +371,7 @@ chap_Respond(struct chap *chap, char *name, char *key, u_char type ans, *ans + 1 + strlen(name), name); #ifdef HAVE_DES chap->NTRespSent = !lm; + MPPE_IsServer = 0; /* XXX Global ! */ #endif free(ans); } else @@ -536,7 +537,7 @@ chap_Success(struct authinfo *authp) #ifdef HAVE_DES if (authp->physical->link.lcp.want_authtype == 0x81) { msg = auth2chap(authp)->authresponse; - MPPE_MasterKeyValid = 1; + MPPE_MasterKeyValid = 1; /* XXX Global ! */ } else #endif msg = "Welcome!!"; @@ -857,9 +858,11 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) p->link.lcp.want_authtype #ifdef HAVE_DES , chap->challenge.peer, - chap->authresponse, lanman -#endif + chap->authresponse, lanman); + MPPE_IsServer = 1; /* XXX Global ! */ +#else ); +#endif if (myans == NULL) key = NULL; else { @@ -896,7 +899,7 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) } else { /* Successful login */ - MPPE_MasterKeyValid = 1; + MPPE_MasterKeyValid = 1; /* XXX Global ! */ datalink_AuthOk(p->dl); } } else diff --git a/usr.sbin/ppp/mppe.c b/usr.sbin/ppp/mppe.c index 253bb56..d843ecb 100644 --- a/usr.sbin/ppp/mppe.c +++ b/usr.sbin/ppp/mppe.c @@ -67,6 +67,7 @@ struct mppe_state { }; int MPPE_MasterKeyValid = 0; +int MPPE_IsServer = 0; char MPPE_MasterKey[MPPE_KEY_LEN]; static void @@ -340,7 +341,8 @@ MPPEInitInput(struct lcp_opt *o) log_Printf(LogDEBUG, "MPPE: InitInput: %d-bits\n", mip->keybits); - GetAsymetricStartKey(MPPE_MasterKey, mip->mastkey, mip->keylen, 0, 0); + GetAsymetricStartKey(MPPE_MasterKey, mip->mastkey, mip->keylen, 0, + MPPE_IsServer); GetNewKeyFromSHA(mip->mastkey, mip->mastkey, mip->keylen, mip->sesskey); MPPEReduceSessionKey(mip); @@ -381,7 +383,8 @@ MPPEInitOutput(struct lcp_opt *o) log_Printf(LogDEBUG, "MPPE: InitOutput: %d-bits\n", mop->keybits); - GetAsymetricStartKey(MPPE_MasterKey, mop->mastkey, mop->keylen, 1, 0); + GetAsymetricStartKey(MPPE_MasterKey, mop->mastkey, mop->keylen, 1, + MPPE_IsServer); GetNewKeyFromSHA(mop->mastkey, mop->mastkey, mop->keylen, mop->sesskey); MPPEReduceSessionKey(mop); diff --git a/usr.sbin/ppp/mppe.h b/usr.sbin/ppp/mppe.h index ee54cdb..c70a609 100644 --- a/usr.sbin/ppp/mppe.h +++ b/usr.sbin/ppp/mppe.h @@ -29,4 +29,5 @@ #define MPPE_KEY_LEN 16 extern const struct ccp_algorithm MPPEAlgorithm; extern int MPPE_MasterKeyValid; +extern int MPPE_IsServer; extern char MPPE_MasterKey[]; -- cgit v1.1