How to enable Freeradius to support a smart card with AES encryption algorithm?
Hi!
I have a smart card emluator which suports AES, not MD5 encryption algorithm. Is it possible to enable Freeradius to support my smart card emlulator?
I have an idea as follow:
First,amending client agent (NAS) daemon program to make it send chap-password which is produced with AES, not MD5. The usual md5 chap-password is produced as MD5( user-packet-ID+user-secret+16 bytes authenticator), while the aes chap-password is produced as AES(16 bytes authenticator) using user-secret as
key.The usual md5 chap-passwor attribute in an Access Request packet is as follow:
__________________________________________________
| code = 3 | Length = 19 | user-packet-ID | 16 bytes value|
__________________________________________________
While the aes chap-password replaced the 16 bytes value ( MD5( user-packet-ID+user-secret+16 bytes authenticator)) with AES(16 bytes authenticator).
Second ,amending rlm-chap.c to alter it to use AES to analyze the request packet.
Is it practical? Appreciate any suggestions.
regards
Guoxian
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.