def add_mppe(
reply: AuthPacket,
send_key: bytes,
recv_key: bytes,
secret: bytes,
authenticator: bytes,
) -> None:
"""
Add MPPE (Microsoft Point to Point Encryption) Send and Recv keys to the provided packet
Args:
reply: the reply to add the send key and recv key to
send_key: The plaintext MS-MPPE-Send-Key to encrypt and add to the reply
recv_key: The plaintext MS-MPPE-Recv-Key to encrypt and add to the reply
secret: the RADIUS secret
authenticator: RADIUS authenticator. Should be 16 bytes.
"""
sodiumchloride = _generator.randint(32768,
65535) # Leftmost bit must be set
potassiumnitrate = _generator.randint(32768,
65535) # Leftmost bit must be set
send_key_salt = struct.pack(">H", sodiumchloride)
recv_key_salt = struct.pack(">H", potassiumnitrate)
encrypted_send_key = encrypt_mppe(send_key, secret, authenticator,
send_key_salt)
encrypted_recv_key = encrypt_mppe(recv_key, secret, authenticator,
recv_key_salt)
reply.AddAttribute((MICROSOFT_VENDOR_ID, MS_MPPE_SEND_KEY_TYPE),
send_key_salt + encrypted_send_key)
reply.AddAttribute((MICROSOFT_VENDOR_ID, MS_MPPE_RECV_KEY_TYPE),
recv_key_salt + encrypted_recv_key)
def add_mppe(reply: AuthPacket, keys: List[bytes], secret: bytes,
auth: bytes) -> None:
"""
Add MPPE (Microsoft Point to Point Encryption) attributes to the reply packet
Args:
reply (AuthPacket): the reply that will be sent
keys [bytes, bytes]: two-element list of bytes that are the MPPE keys
secret (bytes): the RADIUS secret
auth (bytes): RADIUS authenticator
"""
sodiumchloride = _generator.randint(32768,
65535) # Leftmost bit must be set
potassiumnitrate = _generator.randint(32768,
65535) # Leftmost bit must be set
salt = struct.pack('>H', sodiumchloride)
salt2 = struct.pack('>H', potassiumnitrate)
encrypted_keys = [
encrypt_mppe(keys[0], secret, auth, salt),
encrypt_mppe(keys[1], secret, auth, salt2)
]
reply.AddAttribute(26, ms_attr(17, salt + encrypted_keys[0])) # Recv-key
reply.AddAttribute(26, ms_attr(16, salt2 + encrypted_keys[1])) # Send-Key
