1845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/* 2845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759 3845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi> 4845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * 5845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * This program is free software; you can redistribute it and/or modify 6845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * it under the terms of the GNU General Public License version 2 as 7845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * published by the Free Software Foundation. 8845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * 9845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * Alternatively, this software may be distributed under the terms of BSD 10845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * license. 11845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * 12845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * See README and COPYING for more details. 13845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 14845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 15845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project#include "includes.h" 16845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 17845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project#include "common.h" 18845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project#include "sha1.h" 19845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project#include "ms_funcs.h" 20845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project#include "crypto.h" 21845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project#include "rc4.h" 22845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 23845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 24845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 25845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * challenge_hash - ChallengeHash() - RFC 2759, Sect. 8.2 26845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @peer_challenge: 16-octet PeerChallenge (IN) 27845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @auth_challenge: 16-octet AuthenticatorChallenge (IN) 28845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @username: 0-to-256-char UserName (IN) 29845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @username_len: Length of username 30845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @challenge: 8-octet Challenge (OUT) 31845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 32845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectstatic void challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge, 33845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *username, size_t username_len, 34845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 *challenge) 35845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 36845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 hash[SHA1_MAC_LEN]; 37845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const unsigned char *addr[3]; 38845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project size_t len[3]; 39845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 40845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[0] = peer_challenge; 41845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project len[0] = 16; 42845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[1] = auth_challenge; 43845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project len[1] = 16; 44845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[2] = username; 45845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project len[2] = username_len; 46845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 47845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project sha1_vector(3, addr, len, hash); 48845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project os_memcpy(challenge, hash, 8); 49845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 50845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 51845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 52845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 53845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * nt_password_hash - NtPasswordHash() - RFC 2759, Sect. 8.3 54845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password: 0-to-256-unicode-char Password (IN; ASCII) 55845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_len: Length of password 56845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_hash: 16-octet PasswordHash (OUT) 57845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 58845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid nt_password_hash(const u8 *password, size_t password_len, 59845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 *password_hash) 60845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 61845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 buf[512], *pos; 62845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project size_t i, len; 63845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 64845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project if (password_len > 256) 65845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project return; 66845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 67845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project /* Convert password into unicode */ 68845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project for (i = 0; i < password_len; i++) { 69845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project buf[2 * i] = password[i]; 70845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project buf[2 * i + 1] = 0; 71845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project } 72845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 73845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project len = password_len * 2; 74845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project pos = buf; 75845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project md4_vector(1, (const u8 **) &pos, &len, password_hash); 76845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 77845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 78845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 79845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 80845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * hash_nt_password_hash - HashNtPasswordHash() - RFC 2759, Sect. 8.4 81845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_hash: 16-octet PasswordHash (IN) 82845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_hash_hash: 16-octet PasswordHashHash (OUT) 83845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 84845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash) 85845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 86845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project size_t len = 16; 87845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project md4_vector(1, &password_hash, &len, password_hash_hash); 88845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 89845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 90845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 91845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 92845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * challenge_response - ChallengeResponse() - RFC 2759, Sect. 8.5 93845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @challenge: 8-octet Challenge (IN) 94845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_hash: 16-octet PasswordHash (IN) 95845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @response: 24-octet Response (OUT) 96845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 97845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid challenge_response(const u8 *challenge, const u8 *password_hash, 98845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 *response) 99845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 100845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 zpwd[7]; 101845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project des_encrypt(challenge, password_hash, response); 102845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project des_encrypt(challenge, password_hash + 7, response + 8); 103845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project zpwd[0] = password_hash[14]; 104845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project zpwd[1] = password_hash[15]; 105845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project os_memset(zpwd + 2, 0, 5); 106845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project des_encrypt(challenge, zpwd, response + 16); 107845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 108845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 109845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 110845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 111845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * generate_nt_response - GenerateNTResponse() - RFC 2759, Sect. 8.1 112845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @auth_challenge: 16-octet AuthenticatorChallenge (IN) 113845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @peer_hallenge: 16-octet PeerChallenge (IN) 114845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @username: 0-to-256-char UserName (IN) 115845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @username_len: Length of username 116845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password: 0-to-256-unicode-char Password (IN; ASCII) 117845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_len: Length of password 118845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @response: 24-octet Response (OUT) 119845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 120845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge, 121845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *username, size_t username_len, 122845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *password, size_t password_len, 123845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 *response) 124845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 125845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 challenge[8]; 126845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 password_hash[16]; 127845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 128845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project challenge_hash(peer_challenge, auth_challenge, username, username_len, 129845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project challenge); 130845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project nt_password_hash(password, password_len, password_hash); 131845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project challenge_response(challenge, password_hash, response); 132845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 133845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 134845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 135845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 136845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * generate_nt_response_pwhash - GenerateNTResponse() - RFC 2759, Sect. 8.1 137845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @auth_challenge: 16-octet AuthenticatorChallenge (IN) 138845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @peer_hallenge: 16-octet PeerChallenge (IN) 139845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @username: 0-to-256-char UserName (IN) 140845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @username_len: Length of username 141845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_hash: 16-octet PasswordHash (IN) 142845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @response: 24-octet Response (OUT) 143845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 144845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid generate_nt_response_pwhash(const u8 *auth_challenge, 145845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *peer_challenge, 146845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *username, size_t username_len, 147845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *password_hash, 148845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 *response) 149845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 150845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 challenge[8]; 151845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 152845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project challenge_hash(peer_challenge, auth_challenge, username, username_len, 153845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project challenge); 154845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project challenge_response(challenge, password_hash, response); 155845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 156845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 157845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 158845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 159845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * generate_authenticator_response_pwhash - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7 160845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_hash: 16-octet PasswordHash (IN) 161845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @nt_response: 24-octet NT-Response (IN) 162845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @peer_challenge: 16-octet PeerChallenge (IN) 163845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @auth_challenge: 16-octet AuthenticatorChallenge (IN) 164845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @username: 0-to-256-char UserName (IN) 165845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @username_len: Length of username 166845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually 167845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * encoded as a 42-octet ASCII string (S=<hexdump of response>) 168845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 169845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid generate_authenticator_response_pwhash( 170845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *password_hash, 171845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *peer_challenge, const u8 *auth_challenge, 172845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *username, size_t username_len, 173845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *nt_response, u8 *response) 174845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 175845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project static const u8 magic1[39] = { 176845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, 177845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, 178845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, 179845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 180845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project }; 181845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project static const u8 magic2[41] = { 182845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, 183845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, 184845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, 185845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, 186845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x6E 187845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project }; 188845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 189845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 password_hash_hash[16], challenge[8]; 190845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const unsigned char *addr1[3]; 191845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const size_t len1[3] = { 16, 24, sizeof(magic1) }; 192845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const unsigned char *addr2[3]; 193845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const size_t len2[3] = { SHA1_MAC_LEN, 8, sizeof(magic2) }; 194845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 195845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr1[0] = password_hash_hash; 196845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr1[1] = nt_response; 197845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr1[2] = magic1; 198845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 199845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr2[0] = response; 200845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr2[1] = challenge; 201845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr2[2] = magic2; 202845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 203845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project hash_nt_password_hash(password_hash, password_hash_hash); 204845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project sha1_vector(3, addr1, len1, response); 205845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 206845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project challenge_hash(peer_challenge, auth_challenge, username, username_len, 207845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project challenge); 208845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project sha1_vector(3, addr2, len2, response); 209845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 210845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 211845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 212845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 213845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * generate_authenticator_response - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7 214845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password: 0-to-256-unicode-char Password (IN; ASCII) 215845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_len: Length of password 216845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @nt_response: 24-octet NT-Response (IN) 217845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @peer_challenge: 16-octet PeerChallenge (IN) 218845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @auth_challenge: 16-octet AuthenticatorChallenge (IN) 219845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @username: 0-to-256-char UserName (IN) 220845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @username_len: Length of username 221845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually 222845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * encoded as a 42-octet ASCII string (S=<hexdump of response>) 223845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 224845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid generate_authenticator_response(const u8 *password, size_t password_len, 225845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *peer_challenge, 226845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *auth_challenge, 227845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *username, size_t username_len, 228845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *nt_response, u8 *response) 229845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 230845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 password_hash[16]; 231845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project nt_password_hash(password, password_len, password_hash); 232845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project generate_authenticator_response_pwhash(password_hash, 233845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project peer_challenge, auth_challenge, 234845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project username, username_len, 235845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project nt_response, response); 236845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 237845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 238845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 239845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 240845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * nt_challenge_response - NtChallengeResponse() - RFC 2433, Sect. A.5 241845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @challenge: 8-octet Challenge (IN) 242845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password: 0-to-256-unicode-char Password (IN; ASCII) 243845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_len: Length of password 244845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @response: 24-octet Response (OUT) 245845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 246845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid nt_challenge_response(const u8 *challenge, const u8 *password, 247845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project size_t password_len, u8 *response) 248845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 249845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 password_hash[16]; 250845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project nt_password_hash(password, password_len, password_hash); 251845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project challenge_response(challenge, password_hash, response); 252845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 253845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 254845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 255845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 256845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * get_master_key - GetMasterKey() - RFC 3079, Sect. 3.4 257845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_hash_hash: 16-octet PasswordHashHash (IN) 258845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @nt_response: 24-octet NTResponse (IN) 259845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @master_key: 16-octet MasterKey (OUT) 260845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 261845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid get_master_key(const u8 *password_hash_hash, const u8 *nt_response, 262845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 *master_key) 263845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 264845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project static const u8 magic1[27] = { 265845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 266845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, 267845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 268845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project }; 269845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const unsigned char *addr[3]; 270845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const size_t len[3] = { 16, 24, sizeof(magic1) }; 271845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 hash[SHA1_MAC_LEN]; 272845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 273845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[0] = password_hash_hash; 274845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[1] = nt_response; 275845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[2] = magic1; 276845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 277845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project sha1_vector(3, addr, len, hash); 278845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project os_memcpy(master_key, hash, 16); 279845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 280845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 281845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 282845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 283845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * get_asymetric_start_key - GetAsymetricStartKey() - RFC 3079, Sect. 3.4 284845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @master_key: 16-octet MasterKey (IN) 285845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @session_key: 8-to-16 octet SessionKey (OUT) 286845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @session_key_len: SessionKeyLength (Length of session_key) (IN) 287845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @is_send: IsSend (IN, BOOLEAN) 288845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @is_server: IsServer (IN, BOOLEAN) 289845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 290845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid get_asymetric_start_key(const u8 *master_key, u8 *session_key, 291845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project size_t session_key_len, int is_send, 292845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project int is_server) 293845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 294845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project static const u8 magic2[84] = { 295845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, 296845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 297845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 298845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, 299845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 300845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, 301845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 302845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, 303845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x6b, 0x65, 0x79, 0x2e 304845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project }; 305845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project static const u8 magic3[84] = { 306845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, 307845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 308845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 309845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, 310845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 311845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 312845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 313845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 314845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x6b, 0x65, 0x79, 0x2e 315845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project }; 316845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project static const u8 shs_pad1[40] = { 317845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 318845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 319845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 320845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 321845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project }; 322845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 323845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project static const u8 shs_pad2[40] = { 324845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 325845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 326845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 327845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 328845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project }; 329845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 digest[SHA1_MAC_LEN]; 330845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const unsigned char *addr[4]; 331845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const size_t len[4] = { 16, 40, 84, 40 }; 332845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 333845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[0] = master_key; 334845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[1] = shs_pad1; 335845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project if (is_send) { 336845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[2] = is_server ? magic3 : magic2; 337845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project } else { 338845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[2] = is_server ? magic2 : magic3; 339845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project } 340845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project addr[3] = shs_pad2; 341845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 342845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project sha1_vector(4, addr, len, digest); 343845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 344845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project if (session_key_len > SHA1_MAC_LEN) 345845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project session_key_len = SHA1_MAC_LEN; 346845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project os_memcpy(session_key, digest, session_key_len); 347845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 348845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 349845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 350845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project#define PWBLOCK_LEN 516 351845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 352845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 353845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * encrypt_pw_block_with_password_hash - EncryptPwBlockWithPasswordHash() - RFC 2759, Sect. 8.10 354845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password: 0-to-256-unicode-char Password (IN; ASCII) 355845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_len: Length of password 356845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_hash: 16-octet PasswordHash (IN) 357845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @pw_block: 516-byte PwBlock (OUT) 358845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 359845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectstatic void encrypt_pw_block_with_password_hash( 360845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *password, size_t password_len, 361845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *password_hash, u8 *pw_block) 362845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 363845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project size_t i, offset; 364845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 *pos; 365845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 366845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project if (password_len > 256) 367845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project return; 368845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 369845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project os_memset(pw_block, 0, PWBLOCK_LEN); 370845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project offset = (256 - password_len) * 2; 371845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project os_get_random(pw_block, offset); 372845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project for (i = 0; i < password_len; i++) 373845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project pw_block[offset + i * 2] = password[i]; 374845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project /* 375845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * PasswordLength is 4 octets, but since the maximum password length is 376845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * 256, only first two (in little endian byte order) can be non-zero. 377845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 378845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project pos = &pw_block[2 * 256]; 379845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project WPA_PUT_LE16(pos, password_len * 2); 380845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project rc4(pw_block, PWBLOCK_LEN, password_hash, 16); 381845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 382845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 383845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 384845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 385845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * new_password_encrypted_with_old_nt_password_hash - NewPasswordEncryptedWithOldNtPasswordHash() - RFC 2759, Sect. 8.9 386845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @new_password: 0-to-256-unicode-char NewPassword (IN; ASCII) 387845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @new_password_len: Length of new_password 388845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII) 389845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @old_password_len: Length of old_password 390845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @encrypted_pw_block: 516-octet EncryptedPwBlock (OUT) 391845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 392845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid new_password_encrypted_with_old_nt_password_hash( 393845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *new_password, size_t new_password_len, 394845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *old_password, size_t old_password_len, 395845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 *encrypted_pw_block) 396845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 397845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 password_hash[16]; 398845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 399845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project nt_password_hash(old_password, old_password_len, password_hash); 400845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project encrypt_pw_block_with_password_hash(new_password, new_password_len, 401845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project password_hash, encrypted_pw_block); 402845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 403845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 404845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 405845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 406845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * nt_password_hash_encrypted_with_block - NtPasswordHashEncryptedWithBlock() - RFC 2759, Sect 8.13 407845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @password_hash: 16-octer PasswordHash (IN) 408845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @block: 16-octet Block (IN) 409845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @cypher: 16-octer Cypher (OUT) 410845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 411845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectstatic void nt_password_hash_encrypted_with_block(const u8 *password_hash, 412845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *block, 413845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 *cypher) 414845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 415845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project des_encrypt(password_hash, block, cypher); 416845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project des_encrypt(password_hash + 8, block + 7, cypher + 8); 417845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 418845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 419845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 420845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project/** 421845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * old_nt_password_hash_encrypted_with_new_nt_password_hash - OldNtPasswordHashEncryptedWithNewNtPasswordHash() - RFC 2759, Sect. 8.12 422845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @new_password: 0-to-256-unicode-char NewPassword (IN; ASCII) 423845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @new_password_len: Length of new_password 424845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII) 425845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @old_password_len: Length of old_password 426845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project * @encrypted_password_ash: 16-octet EncryptedPasswordHash (OUT) 427845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project */ 428845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Projectvoid old_nt_password_hash_encrypted_with_new_nt_password_hash( 429845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *new_password, size_t new_password_len, 430845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project const u8 *old_password, size_t old_password_len, 431845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 *encrypted_password_hash) 432845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project{ 433845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project u8 old_password_hash[16], new_password_hash[16]; 434845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project 435845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project nt_password_hash(old_password, old_password_len, old_password_hash); 436845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project nt_password_hash(new_password, new_password_len, new_password_hash); 437845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project nt_password_hash_encrypted_with_block(old_password_hash, 438845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project new_password_hash, 439845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project encrypted_password_hash); 440845e0124d42b67ef926fbae32a7f61d2e5109ebdThe Android Open Source Project} 441