void HTTPDigestCredentials::createAuthParams(const HTTPRequest& request, const HTTPAuthenticationParams& responseAuthParams) { // Not implemented: "domain" auth parameter and integrity protection. if (!responseAuthParams.has(NONCE_PARAM) || !responseAuthParams.has(REALM_PARAM)) throw InvalidArgumentException("Invalid HTTP authentication parameters"); const std::string& algorithm = responseAuthParams.get(ALGORITHM_PARAM, DEFAULT_ALGORITHM); if (icompare(algorithm, DEFAULT_ALGORITHM) != 0) throw NotImplementedException("Unsupported digest algorithm", algorithm); const std::string& nonce = responseAuthParams.get(NONCE_PARAM); const std::string& qop = responseAuthParams.get(QOP_PARAM, DEFAULT_QOP); const std::string& realm = responseAuthParams.getRealm(); _requestAuthParams.clear(); _requestAuthParams.set(USERNAME_PARAM, _username); _requestAuthParams.set(NONCE_PARAM, nonce); _requestAuthParams.setRealm(realm); if (responseAuthParams.has(OPAQUE_PARAM)) { _requestAuthParams.set(OPAQUE_PARAM, responseAuthParams.get(OPAQUE_PARAM)); } if (qop.empty()) { updateAuthParams(request); } else { Poco::StringTokenizer tok(qop, ",", Poco::StringTokenizer::TOK_TRIM); bool qopSupported = false; for (Poco::StringTokenizer::Iterator it = tok.begin(); it != tok.end(); ++it) { if (icompare(*it, AUTH_PARAM) == 0) { qopSupported = true; _requestAuthParams.set(CNONCE_PARAM, createNonce()); _requestAuthParams.set(QOP_PARAM, *it); updateAuthParams(request); break; } } if (!qopSupported) throw NotImplementedException("Unsupported QoP requested", qop); } }
int main(int argc, char* argv[]){ if(argc > 1){ printf("Arg detected\n"); } char* hostIP = getIPAddress(INTERFACE); printf("Host Interface (%s) Address: [%s]\n", INTERFACE, hostIP); //Part of this is Recycled/Modified Code from cs4516 printf("Elevation Handler Started.\n"); int packet_socket = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)); printf("FD: [%d]\n", packet_socket); if(packet_socket == -1){ printf("Error [%s]\n", strerror(errno)); exit(1); } struct sockaddr_ll saddr; unsigned int interface = if_nametoindex(INTERFACE); printf("IF: [%u]\n", interface); if(interface == 0){ printf("Interface not found./n"); exit(1); } saddr.sll_protocol = htons(ETH_P_ALL); saddr.sll_ifindex = interface; saddr.sll_family = AF_PACKET; int bindInt = bind(packet_socket, (struct sockaddr*) &saddr, sizeof(saddr)); printf("BIND: [%d]\n", bindInt); if(bindInt == -1){ printf("Error [%s]\n", strerror(errno)); exit(1); } char buffer[2000]; AttackList* attackList = NULL; while(1){ int count = recv(packet_socket, buffer, 1500, 0); buffer[count] = '\n'; buffer[count + 1] = '\0'; char srcIP[33]; inet_ntop(AF_INET, buffer+12, srcIP, INET_ADDRSTRLEN); srcIP[32] = '\0'; char destIP[33]; inet_ntop(AF_INET, buffer+16, destIP, INET_ADDRSTRLEN); destIP[32] = '\0'; int protocol = (int) buffer[9]; if(protocol == 17 && strcmp(hostIP, destIP) == 0){ AttackList** entry = (AttackList**) calloc(sizeof(AttackList*), 1); attackList = updateAttackCount(attackList, srcIP, entry); printf("UDP Packet Size: [%d]\n", count); printf("UDP Packet Src: [%s]\n", srcIP); printf("UDP Packet Dest: [%s]\n", destIP); printf("Attack Count: [%d]\n\n", (*entry)->count); if((*entry)->count > ATTACK_COUNT_THRESHOLD){ printf("Attack Threshold Met for [%s] - Reporting and resetting!\n\n", srcIP); //Complain to Victim Gateway Here //Create Flow struct based on received Route Record first //TODO below: temporary implementation RouteRecord* tempRR = readRouteRecord(buffer + 20); struct in_addr* victimAddr = getInAddr(destIP); struct in_addr* attackerAddr = getInAddr(srcIP); Flow* flow = createFlowStruct(victimAddr, attackerAddr, tempRR, createNonce(victimAddr, attackerAddr), 0, AITF_BLOCKING_REQUEST); sendFlow(VICTIM_GATEWAY_IP, TCP_SENDING_PORT, flow); //Wait T-temp here waitMilliseconds(T_TEMP); (*entry)->count = 0; } } } }
AuthenticateResult SCRAMAuthenticator::authenticate(const Credentials& creds, Poco::UInt32 conversationID) { if (conversationID == 0) { conversationID = newConversationID(); Conversation::Ptr pConv = new Conversation; pConv->username = creds.getAttribute(Credentials::ATTR_USERNAME); pConv->clientNonce = creds.getAttribute(Credentials::ATTR_NONCE); pConv->serverNonce = createNonce(); pConv->salt = saltForUser(pConv->username, pConv->iterations); if (!pConv->salt.empty()) { Credentials serverCreds; serverCreds.setAttribute(Credentials::ATTR_NONCE, pConv->serverNonce); serverCreds.setAttribute(Credentials::ATTR_SALT, pConv->salt); serverCreds.setAttribute(Credentials::ATTR_ITERATIONS, Poco::NumberFormatter::format(pConv->iterations)); _conversations.add(conversationID, pConv); pConv->state = STATE_START; return AuthenticateResult(AuthenticateResult::AUTH_CONTINUE, serverCreds, conversationID); } } else { Conversation::Ptr pConv = _conversations.get(conversationID); if (pConv) { if (pConv->state == STATE_START) { const std::string receivedServerNonce = creds.getAttribute(Credentials::ATTR_NONCE); const std::string receivedClientProof = creds.getAttribute(Credentials::ATTR_PASSWORD); const std::string saltedPassword = hashForUser(pConv->username); std::string clientAuthMessage; const std::string computedClientProof = computeClientProof(pConv->username, pConv->clientNonce, pConv->salt, pConv->iterations, saltedPassword, pConv->serverNonce, clientAuthMessage); if (computedClientProof == receivedClientProof && pConv->serverNonce == receivedServerNonce) { std::string serverSignature = computeServerSignature(saltedPassword, clientAuthMessage); Credentials serverCreds; serverCreds.setAttribute(Credentials::ATTR_SIGNATURE, serverSignature); pConv->state = STATE_CLIENT_AUTH; return AuthenticateResult(AuthenticateResult::AUTH_CONTINUE, serverCreds, conversationID); } else { _conversations.remove(conversationID); } } else if (pConv->state == STATE_CLIENT_AUTH) { _conversations.remove(conversationID); Credentials serverCreds; serverCreds.setAttribute(Credentials::ATTR_USERNAME, pConv->username); return AuthenticateResult(AuthenticateResult::AUTH_DONE, serverCreds, conversationID); } } } return AuthenticateResult(); }