mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-07-16 17:57:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

PPP: use mbed TLS sanitize functions if available

Browse Source 
mbed TLS offers sanitize functions to zero-ise memory containing
cryptographic keys, use them if built with external mbed TLS library.
This commit is contained in:
Sylvain Rochet 2016-05-08 21:58:56 +02:00
parent 5df4f70a96
commit 33fc20cca2
7 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/include/netif/ppp/pppcrypt.h
View File

@ -51,31 +51,41 @@
#include "netif/ppp/polarssl/md4.h"
#define lwip_md4_context md4_context
#define lwip_md4_init(context)
#define lwip_md4_starts md4_starts
#define lwip_md4_update md4_update
#define lwip_md4_finish md4_finish
#define lwip_md4_free(context)
#include "netif/ppp/polarssl/md5.h"
#define lwip_md5_context md5_context
#define lwip_md5_init(context)
#define lwip_md5_starts md5_starts
#define lwip_md5_update md5_update
#define lwip_md5_finish md5_finish
#define lwip_md5_free(context)
#include "netif/ppp/polarssl/sha1.h"
#define lwip_sha1_context sha1_context
#define lwip_sha1_init(context)
#define lwip_sha1_starts sha1_starts
#define lwip_sha1_update sha1_update
#define lwip_sha1_finish sha1_finish
#define lwip_sha1_free(context)
#include "netif/ppp/polarssl/des.h"
#define lwip_des_context des_context
#define lwip_des_init(context)
#define lwip_des_setkey_enc des_setkey_enc
#define lwip_des_crypt_ecb des_crypt_ecb
#define lwip_des_free(context)
#include "netif/ppp/polarssl/arc4.h"
#define lwip_arc4_context arc4_context
#define lwip_arc4_init(context)
#define lwip_arc4_setup arc4_setup
#define lwip_arc4_crypt arc4_crypt
#define lwip_arc4_free(context)
#endif /* !LWIP_USE_EXTERNAL_MBEDTLS */
@ -85,27 +95,37 @@
#if LWIP_USE_EXTERNAL_MBEDTLS
#define lwip_md4_context mbedtls_md4_context
#define lwip_md4_init mbedtls_md4_init
#define lwip_md4_starts mbedtls_md4_starts
#define lwip_md4_update mbedtls_md4_update
#define lwip_md4_finish mbedtls_md4_finish
#define lwip_md4_free mbedtls_md4_free
#define lwip_md5_context mbedtls_md5_context
#define lwip_md5_init mbedtls_md5_init
#define lwip_md5_starts mbedtls_md5_starts
#define lwip_md5_update mbedtls_md5_update
#define lwip_md5_finish mbedtls_md5_finish
#define lwip_md5_free mbedtls_md5_free
#define lwip_sha1_context mbedtls_sha1_context
#define lwip_sha1_init mbedtls_sha1_init
#define lwip_sha1_starts mbedtls_sha1_starts
#define lwip_sha1_update mbedtls_sha1_update
#define lwip_sha1_finish mbedtls_sha1_finish
#define lwip_sha1_free mbedtls_sha1_free
#define lwip_des_context mbedtls_des_context
#define lwip_des_init mbedtls_des_init
#define lwip_des_setkey_enc mbedtls_des_setkey_enc
#define lwip_des_crypt_ecb mbedtls_des_crypt_ecb
#define lwip_des_free mbedtls_des_free
#define lwip_arc4_context mbedtls_arc4_context
#define lwip_arc4_init mbedtls_arc4_init
#define lwip_arc4_setup mbedtls_arc4_setup
#define lwip_arc4_crypt(context, buffer, length) mbedtls_arc4_crypt(context, length, buffer, buffer)
#define lwip_arc4_free mbedtls_arc4_free
#endif /* LWIP_USE_EXTERNAL_MBEDTLS */

4
src/netif/ppp/chap-md5.c
View File

@ -73,11 +73,13 @@ static int chap_md5_verify_response(ppp_pcb *pcb, int id, const char *name,
response_len = *response++;
if (response_len == MD5_HASH_SIZE) {
/* Generate hash of ID, secret, challenge */
lwip_md5_init(&ctx);
lwip_md5_starts(&ctx);
lwip_md5_update(&ctx, &idbyte, 1);
lwip_md5_update(&ctx, secret, secret_len);
lwip_md5_update(&ctx, challenge, challenge_len);
lwip_md5_finish(&ctx, hash);
lwip_md5_free(&ctx);
/* Test if our hash matches the peer's response */
if (memcmp(hash, response, MD5_HASH_SIZE) == 0) {
@ -100,11 +102,13 @@ static void chap_md5_make_response(ppp_pcb *pcb, unsigned char *response, int id
LWIP_UNUSED_ARG(private_);
LWIP_UNUSED_ARG(pcb);
lwip_md5_init(&ctx);
lwip_md5_starts(&ctx);
lwip_md5_update(&ctx, &idbyte, 1);
lwip_md5_update(&ctx, (const u_char *)secret, secret_len);
lwip_md5_update(&ctx, challenge, challenge_len);
lwip_md5_finish(&ctx, &response[1]);
lwip_md5_free(&ctx);
response[0] = MD5_HASH_SIZE;
}

26
src/netif/ppp/chap_ms.c
View File

@ -509,16 +509,22 @@ static void ChallengeResponse(const u_char *challenge,
#endif
pppcrypt_56_to_64_bit_key(ZPasswordHash + 0, des_key);
lwip_des_init(&des);
lwip_des_setkey_enc(&des, des_key);
lwip_des_crypt_ecb(&des, challenge, response +0);
lwip_des_free(&des);
pppcrypt_56_to_64_bit_key(ZPasswordHash + 7, des_key);
lwip_des_init(&des);
lwip_des_setkey_enc(&des, des_key);
lwip_des_crypt_ecb(&des, challenge, response +8);
lwip_des_free(&des);
pppcrypt_56_to_64_bit_key(ZPasswordHash + 14, des_key);
lwip_des_init(&des);
lwip_des_setkey_enc(&des, des_key);
lwip_des_crypt_ecb(&des, challenge, response +16);
lwip_des_free(&des);
#if 0
dbglog("ChallengeResponse - response %.24B", response);
@ -537,11 +543,13 @@ static void ChallengeHash(const u_char PeerChallenge[16], const u_char *rchallen
else
user = username;
lwip_sha1_init(&sha1Context);
lwip_sha1_starts(&sha1Context);
lwip_sha1_update(&sha1Context, PeerChallenge, 16);
lwip_sha1_update(&sha1Context, rchallenge, 16);
lwip_sha1_update(&sha1Context, (const unsigned char*)user, strlen(user));
lwip_sha1_finish(&sha1Context, sha1Hash);
lwip_sha1_free(&sha1Context);
MEMCPY(Challenge, sha1Hash, 8);
}
@ -564,9 +572,11 @@ static void ascii2unicode(const char ascii[], int ascii_len, u_char unicode[]) {
static void NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) {
lwip_md4_context md4Context;
lwip_md4_init(&md4Context);
lwip_md4_starts(&md4Context);
lwip_md4_update(&md4Context, secret, secret_len);
lwip_md4_finish(&md4Context, hash);
lwip_md4_free(&md4Context);
}
static void ChapMS_NT(const u_char *rchallenge, const char *secret, int secret_len,
@ -613,12 +623,16 @@ static void ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len,
UcasePassword[i] = (u_char)toupper(secret[i]);
pppcrypt_56_to_64_bit_key(UcasePassword +0, des_key);
lwip_des_init(&des);
lwip_des_setkey_enc(&des, des_key);
lwip_des_crypt_ecb(&des, StdText, PasswordHash +0);
lwip_des_free(&des);
pppcrypt_56_to_64_bit_key(UcasePassword +7, des_key);
lwip_des_init(&des);
lwip_des_setkey_enc(&des, des_key);
lwip_des_crypt_ecb(&des, StdText, PasswordHash +8);
lwip_des_free(&des);
ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
}
@ -649,19 +663,23 @@ static void GenerateAuthenticatorResponse(const u_char PasswordHashHash[MD4_SIGN
u_char Digest[SHA1_SIGNATURE_SIZE];
u_char Challenge[8];
lwip_sha1_init(&sha1Context);
lwip_sha1_starts(&sha1Context);
lwip_sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
lwip_sha1_update(&sha1Context, NTResponse, 24);
lwip_sha1_update(&sha1Context, Magic1, sizeof(Magic1));
lwip_sha1_finish(&sha1Context, Digest);
lwip_sha1_free(&sha1Context);
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
lwip_sha1_init(&sha1Context);
lwip_sha1_starts(&sha1Context);
lwip_sha1_update(&sha1Context, Digest, sizeof(Digest));
lwip_sha1_update(&sha1Context, Challenge, sizeof(Challenge));
lwip_sha1_update(&sha1Context, Magic2, sizeof(Magic2));
lwip_sha1_finish(&sha1Context, Digest);
lwip_sha1_free(&sha1Context);
/* Convert to ASCII hex string. */
for (i = 0; i < LWIP_MAX((MS_AUTH_RESPONSE_LENGTH / 2), (int)sizeof(Digest)); i++)
@ -705,11 +723,13 @@ static void Set_Start_Key(ppp_pcb *pcb, const u_char *rchallenge, const char *se
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
lwip_sha1_init(&sha1Context);
lwip_sha1_starts(&sha1Context);
lwip_sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
lwip_sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
lwip_sha1_update(&sha1Context, rchallenge, 8);
lwip_sha1_finish(&sha1Context, Digest);
lwip_sha1_free(&sha1Context);
/* Same key in both directions. */
mppe_set_key(pcb, &pcb->mppe_comp, Digest);
@ -765,11 +785,13 @@ static void SetMasterKeys(ppp_pcb *pcb, const char *secret, int secret_len, u_ch
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
lwip_sha1_init(&sha1Context);
lwip_sha1_starts(&sha1Context);
lwip_sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
lwip_sha1_update(&sha1Context, NTResponse, 24);
lwip_sha1_update(&sha1Context, Magic1, sizeof(Magic1));
lwip_sha1_finish(&sha1Context, MasterKey);
lwip_sha1_free(&sha1Context);
/*
* generate send key
@ -778,12 +800,14 @@ static void SetMasterKeys(ppp_pcb *pcb, const char *secret, int secret_len, u_ch
s = Magic3;
else
s = Magic2;
lwip_sha1_init(&sha1Context);
lwip_sha1_starts(&sha1Context);
lwip_sha1_update(&sha1Context, MasterKey, 16);
lwip_sha1_update(&sha1Context, mppe_sha1_pad1, SHA1_PAD_SIZE);
lwip_sha1_update(&sha1Context, s, 84);
lwip_sha1_update(&sha1Context, mppe_sha1_pad2, SHA1_PAD_SIZE);
lwip_sha1_finish(&sha1Context, Digest);
lwip_sha1_free(&sha1Context);
mppe_set_key(pcb, &pcb->mppe_comp, Digest);
@ -794,12 +818,14 @@ static void SetMasterKeys(ppp_pcb *pcb, const char *secret, int secret_len, u_ch
s = Magic2;
else
s = Magic3;
lwip_sha1_init(&sha1Context);
lwip_sha1_starts(&sha1Context);
lwip_sha1_update(&sha1Context, MasterKey, 16);
lwip_sha1_update(&sha1Context, mppe_sha1_pad1, SHA1_PAD_SIZE);
lwip_sha1_update(&sha1Context, s, 84);
lwip_sha1_update(&sha1Context, mppe_sha1_pad2, SHA1_PAD_SIZE);
lwip_sha1_finish(&sha1Context, Digest);
lwip_sha1_free(&sha1Context);
mppe_set_key(pcb, &pcb->mppe_decomp, Digest);

4
src/netif/ppp/eap.c
View File

@ -1443,6 +1443,7 @@ static void eap_request(ppp_pcb *pcb, u_char *inp, int id, int len) {
eap_send_nak(pcb, id, EAPT_SRP);
break;
}
lwip_md5_init(&mdContext);
lwip_md5_starts(&mdContext);
typenum = id;
lwip_md5_update(&mdContext, &typenum, 1);
@ -1450,6 +1451,7 @@ static void eap_request(ppp_pcb *pcb, u_char *inp, int id, int len) {
BZERO(secret, sizeof (secret));
lwip_md5_update(&mdContext, inp, vallen);
lwip_md5_finish(&mdContext, hash);
lwip_md5_free(&mdContext);
eap_chap_response(pcb, id, hash, pcb->eap.es_client.ea_name,
pcb->eap.es_client.ea_namelen);
break;
@ -1869,12 +1871,14 @@ static void eap_response(ppp_pcb *pcb, u_char *inp, int id, int len) {
eap_send_failure(pcb);
break;
}
lwip_md5_init(&mdContext);
lwip_md5_starts(&mdContext);
lwip_md5_update(&mdContext, &pcb->eap.es_server.ea_id, 1);
lwip_md5_update(&mdContext, (u_char *)secret, secret_len);
BZERO(secret, sizeof (secret));
lwip_md5_update(&mdContext, pcb->eap.es_challenge, pcb->eap.es_challen);
lwip_md5_finish(&mdContext, hash);
lwip_md5_free(&mdContext);
if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) {
eap_send_failure(pcb);
break;

4
src/netif/ppp/magic.c
View File

@ -101,6 +101,7 @@ static void magic_churnrand(char *rand_data, u32_t rand_len) {
lwip_md5_context md5_ctx;
/* LWIP_DEBUGF(LOG_INFO, ("magic_churnrand: %u@%P\n", rand_len, rand_data)); */
lwip_md5_init(&md5_ctx);
lwip_md5_starts(&md5_ctx);
lwip_md5_update(&md5_ctx, (u_char *)magic_randpool, sizeof(magic_randpool));
if (rand_data) {
@ -122,6 +123,7 @@ static void magic_churnrand(char *rand_data, u32_t rand_len) {
lwip_md5_update(&md5_ctx, (u_char *)&sys_data, sizeof(sys_data));
}
lwip_md5_finish(&md5_ctx, (u_char *)magic_randpool);
lwip_md5_free(&md5_ctx);
/* LWIP_DEBUGF(LOG_INFO, ("magic_churnrand: -> 0\n")); */
}
@ -163,10 +165,12 @@ void magic_random_bytes(unsigned char *buf, u32_t buf_len) {
u32_t n;
while (buf_len > 0) {
lwip_md5_init(&md5_ctx);
lwip_md5_starts(&md5_ctx);
lwip_md5_update(&md5_ctx, (u_char *)magic_randpool, sizeof(magic_randpool));
lwip_md5_update(&md5_ctx, (u_char *)&magic_randcount, sizeof(magic_randcount));
lwip_md5_finish(&md5_ctx, tmp);
lwip_md5_free(&md5_ctx);
magic_randcount++;
n = LWIP_MIN(buf_len, MD5_HASH_SIZE);
MEMCPY(buf, tmp, n);

5
src/netif/ppp/mppe.c
View File

@ -67,17 +67,21 @@ static void mppe_rekey(ppp_mppe_state * state, int initial_key)
* Key Derivation, from RFC 3078, RFC 3079.
* Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
*/
lwip_sha1_init(&sha1_ctx);
lwip_sha1_starts(&sha1_ctx);
lwip_sha1_update(&sha1_ctx, state->master_key, state->keylen);
lwip_sha1_update(&sha1_ctx, mppe_sha1_pad1, SHA1_PAD_SIZE);
lwip_sha1_update(&sha1_ctx, state->session_key, state->keylen);
lwip_sha1_update(&sha1_ctx, mppe_sha1_pad2, SHA1_PAD_SIZE);
lwip_sha1_finish(&sha1_ctx, sha1_digest);
lwip_sha1_free(&sha1_ctx);
MEMCPY(state->session_key, sha1_digest, state->keylen);
if (!initial_key) {
lwip_arc4_init(&state->arc4);
lwip_arc4_setup(&state->arc4, sha1_digest, state->keylen);
lwip_arc4_crypt(&state->arc4, state->session_key, state->keylen);
lwip_arc4_free(&state->arc4);
}
if (state->keylen == 8) {
/* See RFC 3078 */
@ -85,6 +89,7 @@ static void mppe_rekey(ppp_mppe_state * state, int initial_key)
state->session_key[1] = 0x26;
state->session_key[2] = 0x9e;
}
lwip_arc4_init(&state->arc4);
lwip_arc4_setup(&state->arc4, state->session_key, state->keylen);
}

4
src/netif/ppp/pppol2tp.c
View File

@ -592,12 +592,14 @@ static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, str
return;
}
/* Generate hash of ID, secret, challenge */
lwip_md5_init(&md5_ctx);
lwip_md5_starts(&md5_ctx);
challenge_id = PPPOL2TP_MESSAGETYPE_SCCCN;
lwip_md5_update(&md5_ctx, &challenge_id, 1);
lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len);
lwip_md5_update(&md5_ctx, inp, avplen);
lwip_md5_finish(&md5_ctx, l2tp->challenge_hash);
lwip_md5_free(&md5_ctx);
l2tp->send_challenge = 1;
goto skipavp;
case PPPOL2TP_AVPTYPE_CHALLENGERESPONSE:
@ -606,12 +608,14 @@ static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, str
return;
}
/* Generate hash of ID, secret, challenge */
lwip_md5_init(&md5_ctx);
lwip_md5_starts(&md5_ctx);
challenge_id = PPPOL2TP_MESSAGETYPE_SCCRP;
lwip_md5_update(&md5_ctx, &challenge_id, 1);
lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len);
lwip_md5_update(&md5_ctx, l2tp->secret_rv, sizeof(l2tp->secret_rv));
lwip_md5_finish(&md5_ctx, md5_hash);
lwip_md5_free(&md5_ctx);
if ( memcmp(inp, md5_hash, sizeof(md5_hash)) ) {
PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge response from peer and secret key do not match\n"));
pppol2tp_abort_connect(l2tp);