-
-
Save Sam-Hall/2de75dcfc6423d55173778743efd38aa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
80 { | |
set MESSAGE_AUTHENTICATOR $QAVP_VAL | |
set UNSIGNED_REQUEST [string replace [UDP::payload] [expr {$record_offset + 20}] [expr {$record_offset + $QAVP_LEN + 20}] [binary format ccH32 $QAVP_TYPE $QAVP_LEN "00000000000000000000000000000000"]] | |
# CRYPTO behaves unreliably until after reading from UNSIGNED_REQUEST (possible tcl bug?) | |
binary scan $UNSIGNED_REQUEST a* temp_hack | |
} | |
... | |
#EVALUATE REQUEST MESSAGE-AUTHENTICATOR | |
if {$MESSAGE_AUTHENTICATOR eq "" && $static::MESSAGE_AUTHENTICATOR_REQUIRED} { | |
UDP::drop | |
return | |
} elseif {$MESSAGE_AUTHENTICATOR ne "" && not([CRYPTO::verify -alg hmac-md5 -key $secret -signature $MESSAGE_AUTHENTICATOR $UNSIGNED_REQUEST])} { | |
# RFC 2869 : A RADIUS Server receiving an Access-Request with a Message-Authenticator Attribute present MUST calculate the correct value | |
# of the Message-Authenticator and silently discard the packet if it does not match the value sent. | |
UDP::drop | |
return | |
} | |
... | |
#CALCULATE RESPONSE MESSAGE-AUTHENTICATOR | |
if {$MESSAGE_AUTHENTICATOR ne ""} { | |
set UNSIGNED_RespAVP $RespAVP[binary format ccH32 80 18 "00000000000000000000000000000000"] | |
set RespLength [expr {18 + $RespLength}] | |
append RespAVP [binary format cc 80 18][CRYPTO::sign -alg hmac-md5 -key $secret [binary format cH2Sa16a* $ResponseCode $RID $RespLength $Q_AUTHENTICATOR $UNSIGNED_RespAVP]] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment