18ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 28ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * chap_ms.c - Microsoft MS-CHAP compatible implementation. 38ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 48ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Copyright (c) 1995 Eric Rosenquist. All rights reserved. 58ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 68ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Redistribution and use in source and binary forms, with or without 78ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * modification, are permitted provided that the following conditions 88ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * are met: 98ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 1. Redistributions of source code must retain the above copyright 118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * notice, this list of conditions and the following disclaimer. 128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * notice, this list of conditions and the following disclaimer in 158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * the documentation and/or other materials provided with the 168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * distribution. 178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 3. The name(s) of the authors of this software must not be used to 198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * endorse or promote products derived from this software without 208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * prior written permission. 218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO 238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY 258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Modifications by Lauri Pesonen / lpesonen@clinet.fi, april 1997 338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Implemented LANManager type password response to MS-CHAP challenges. 358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Now pppd provides both NT style and LANMan style blocks, and the 368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * prefered is set by option "ms-lanman". Default is to use NT. 378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * The hash text (StdText) was taken from Win95 RASAPI32.DLL. 388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * You should also use DOMAIN\\USERNAME as described in README.MSCHAP80 408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Modifications by Frank Cusack, frank@google.com, March 2002. 448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Implemented MS-CHAPv2 functionality, heavily based on sample 468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * implementation in RFC 2759. Implemented MPPE functionality, 478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * heavily based on sample implementation in RFC 3079. 488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Copyright (c) 2002 The Android Open Source Project 508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Redistribution and use in source and binary forms, with or without 528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * modification, are permitted provided that the following conditions 538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * are met: 548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 1. Redistributions of source code must retain the above copyright 568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * notice, this list of conditions and the following disclaimer. 578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * notice, this list of conditions and the following disclaimer in 608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * the documentation and/or other materials provided with the 618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * distribution. 628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 3. The name(s) of the authors of this software must not be used to 648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * endorse or promote products derived from this software without 658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * prior written permission. 668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO 688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY 708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#define RCSID "$Id: chap_ms.c,v 1.33 2004/11/12 09:57:43 paulus Exp $" 788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef CHAPMS 808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <stdio.h> 828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <stdlib.h> 838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <string.h> 848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <ctype.h> 858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <sys/types.h> 868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <sys/time.h> 878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <unistd.h> 888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "pppd.h" 908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "chap-new.h" 918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "chap_ms.h" 92e7f221f12403dcb4081d08e28c54d3b2a1ab05eeChung-yih Wang#ifdef ANDROID_CHANGES 93e7f221f12403dcb4081d08e28c54d3b2a1ab05eeChung-yih Wang#include "openssl-hash.h" 94e7f221f12403dcb4081d08e28c54d3b2a1ab05eeChung-yih Wang#else 958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "md4.h" 968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "sha1.h" 97e7f221f12403dcb4081d08e28c54d3b2a1ab05eeChung-yih Wang#endif 988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "pppcrypt.h" 998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "magic.h" 1008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic const char rcsid[] = RCSID; 1028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void ascii2unicode __P((char[], int, u_char[])); 1058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void NTPasswordHash __P((char *, int, u_char[MD4_SIGNATURE_SIZE])); 1068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void ChallengeResponse __P((u_char *, u_char *, u_char[24])); 1078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void ChapMS_NT __P((u_char *, char *, int, u_char[24])); 1088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void ChapMS2_NT __P((char *, u_char[16], char *, char *, int, 1098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char[24])); 1108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void GenerateAuthenticatorResponsePlain 1118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project __P((char*, int, u_char[24], u_char[16], u_char *, 1128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *, u_char[41])); 1138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MSLANMAN 1148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void ChapMS_LANMan __P((u_char *, char *, int, MS_ChapResponse *)); 1158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 1168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MPPE 1188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void Set_Start_Key __P((u_char *, char *, int)); 1198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void SetMasterKeys __P((char *, int, u_char[24], int)); 1208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 1218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MSLANMAN 1238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectbool ms_lanman = 0; /* Use LanMan password instead of NT */ 1248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Has meaning only with MS-CHAP challenges */ 1258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 1268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MPPE 1288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectu_char mppe_send_key[MPPE_MAX_KEY_LEN]; 1298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectu_char mppe_recv_key[MPPE_MAX_KEY_LEN]; 1308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectint mppe_keys_set = 0; /* Have the MPPE keys been set? */ 1318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef DEBUGMPPEKEY 1338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* For MPPE debug */ 1348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */ 1358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic char *mschap_challenge = NULL; 1368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* Use "!@\#$%^&*()_+:3|~" (sans quotes, backslash is to escape #) for ... */ 1378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic char *mschap2_peer_challenge = NULL; 1388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 1398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "fsm.h" /* Need to poke MPPE options */ 1418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "ccp.h" 1428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <net/ppp-comp.h> 1438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 1448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 1468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Command-line options. 1478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 1488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic option_t chapms_option_list[] = { 1498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MSLANMAN 1508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { "ms-lanman", o_bool, &ms_lanman, 1518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project "Use LanMan passwd when using MS-CHAP", 1 }, 1528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 1538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef DEBUGMPPEKEY 1548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { "mschap-challenge", o_string, &mschap_challenge, 1558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project "specify CHAP challenge" }, 1568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { "mschap2-peer-challenge", o_string, &mschap2_peer_challenge, 1578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project "specify CHAP peer challenge" }, 1588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 1598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { NULL } 1608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project}; 1618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 1638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * chapms_generate_challenge - generate a challenge for MS-CHAP. 1648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * For MS-CHAP the challenge length is fixed at 8 bytes. 1658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * The length goes in challenge[0] and the actual challenge starts 1668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * at challenge[1]. 1678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 1688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 1698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchapms_generate_challenge(unsigned char *challenge) 1708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 1718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project *challenge++ = 8; 1728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef DEBUGMPPEKEY 1738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (mschap_challenge && strlen(mschap_challenge) == 8) 1748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project memcpy(challenge, mschap_challenge, 8); 1758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project else 1768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 1778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project random_bytes(challenge, 8); 1788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 1798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 1818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchapms2_generate_challenge(unsigned char *challenge) 1828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 1838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project *challenge++ = 16; 1848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef DEBUGMPPEKEY 1858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (mschap_challenge && strlen(mschap_challenge) == 16) 1868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project memcpy(challenge, mschap_challenge, 16); 1878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project else 1888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 1898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project random_bytes(challenge, 16); 1908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 1918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int 1938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchapms_verify_response(int id, char *name, 1948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *secret, int secret_len, 1958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *challenge, unsigned char *response, 1968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *message, int message_space) 1978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 1988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MS_ChapResponse *rmd; 1998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MS_ChapResponse md; 2008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int diff; 2018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int challenge_len, response_len; 2028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge_len = *challenge++; /* skip length, is 8 */ 2048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project response_len = *response++; 2058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (response_len != MS_CHAP_RESPONSE_LEN) 2068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project goto bad; 2078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project rmd = (MS_ChapResponse *) response; 2098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifndef MSLANMAN 2118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (!rmd->UseNT[0]) { 2128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Should really propagate this into the error packet. */ 2138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice("Peer request for LANMAN auth not supported"); 2148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project goto bad; 2158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 2168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 2178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Generate the expected response. */ 2198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChapMS(challenge, (char *)secret, secret_len, &md); 2208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MSLANMAN 2228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Determine which part of response to verify against */ 2238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (!rmd->UseNT[0]) 2248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project diff = memcmp(&rmd->LANManResp, &md.LANManResp, 2258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project sizeof(md.LANManResp)); 2268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project else 2278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 2288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project diff = memcmp(&rmd->NTResp, &md.NTResp, sizeof(md.NTResp)); 2298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (diff == 0) { 2318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "Access granted"); 2328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 1; 2338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 2348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project bad: 2368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* See comments below for MS-CHAP V2 */ 2378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0", 2388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge_len, challenge); 2398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 0; 2408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 2418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int 2438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchapms2_verify_response(int id, char *name, 2448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *secret, int secret_len, 2458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *challenge, unsigned char *response, 2468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *message, int message_space) 2478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 2488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MS_Chap2Response *rmd; 2498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MS_Chap2Response md; 2508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; 2518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int challenge_len, response_len; 2528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge_len = *challenge++; /* skip length, is 16 */ 2548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project response_len = *response++; 2558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (response_len != MS_CHAP2_RESPONSE_LEN) 2568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project goto bad; /* not even the right length */ 2578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project rmd = (MS_Chap2Response *) response; 2598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Generate the expected response and our mutual auth. */ 2618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChapMS2(challenge, rmd->PeerChallenge, name, 2628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project (char *)secret, secret_len, &md, 2638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project (unsigned char *)saresponse, MS_CHAP2_AUTHENTICATOR); 2648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* compare MDs and send the appropriate status */ 2668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* 2678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Per RFC 2759, success message must be formatted as 2688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * "S=<auth_string> M=<message>" 2698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * where 2708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * <auth_string> is the Authenticator Response (mutual auth) 2718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * <message> is a text message 2728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 2738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * However, some versions of Windows (win98 tested) do not know 2748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * about the M=<message> part (required per RFC 2759) and flag 2758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * it as an error (reported incorrectly as an encryption error 2768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * to the user). Since the RFC requires it, and it can be 2778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * useful information, we supply it if the peer is a conforming 2788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * system. Luckily (?), win98 sets the Flags field to 0x04 2798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * (contrary to RFC requirements) so we can use that to 2808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * distinguish between conforming and non-conforming systems. 2818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 2828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Special thanks to Alex Swiridov <say@real.kharkov.ua> for 2838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * help debugging this. 2848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 2858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (memcmp(md.NTResp, rmd->NTResp, sizeof(md.NTResp)) == 0) { 2868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (rmd->Flags[0]) 2878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "S=%s", saresponse); 2888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project else 2898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "S=%s M=%s", 2908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project saresponse, "Access granted"); 2918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 1; 2928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 2938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project bad: 2958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* 2968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Failure message must be formatted as 2978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * "E=e R=r C=c V=v M=m" 2988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * where 2998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * e = error code (we use 691, ERROR_AUTHENTICATION_FAILURE) 3008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * r = retry (we use 1, ok to retry) 3018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * c = challenge to use for next response, we reuse previous 3028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * v = Change Password version supported, we use 0 3038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * m = text message 3048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 3058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * The M=m part is only for MS-CHAPv2. Neither win2k nor 3068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * win98 (others untested) display the message to the user anyway. 3078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * They also both ignore the E=e code. 3088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 3098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Note that it's safe to reuse the same challenge as we don't 3108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * actually accept another response based on the error message 3118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * (and no clients try to resend a response anyway). 3128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 3138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Basically, this whole bit is useless code, even the small 3148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * implementation here is only because of overspecification. 3158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 3168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0 M=%s", 3178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge_len, challenge, "Access denied"); 3188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 0; 3198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 3208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 3228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchapms_make_response(unsigned char *response, int id, char *our_name, 3238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *challenge, char *secret, int secret_len, 3248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *private) 3258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 3268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge++; /* skip length, should be 8 */ 3278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project *response++ = MS_CHAP_RESPONSE_LEN; 3288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChapMS(challenge, secret, secret_len, (MS_ChapResponse *) response); 3298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 3308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 3328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchapms2_make_response(unsigned char *response, int id, char *our_name, 3338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *challenge, char *secret, int secret_len, 3348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *private) 3358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 3368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge++; /* skip length, should be 16 */ 3378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project *response++ = MS_CHAP2_RESPONSE_LEN; 3388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChapMS2(challenge, 3398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef DEBUGMPPEKEY 3408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project mschap2_peer_challenge, 3418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#else 3428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NULL, 3438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 3448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project our_name, secret, secret_len, 3458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project (MS_Chap2Response *) response, private, 3468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MS_CHAP2_AUTHENTICATEE); 3478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 3488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int 3508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchapms2_check_success(unsigned char *msg, int len, unsigned char *private) 3518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 3528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if ((len < MS_AUTH_RESPONSE_LENGTH + 2) || 3538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project strncmp((char *)msg, "S=", 2) != 0) { 3548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Packet does not start with "S=" */ 3558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project error("MS-CHAPv2 Success packet is badly formed."); 3568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 0; 3578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project msg += 2; 3598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project len -= 2; 3608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (len < MS_AUTH_RESPONSE_LENGTH 3618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project || memcmp(msg, private, MS_AUTH_RESPONSE_LENGTH)) { 3628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Authenticator Response did not match expected. */ 3638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project error("MS-CHAPv2 mutual authentication failed."); 3648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 0; 3658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Authenticator Response matches. */ 3678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project msg += MS_AUTH_RESPONSE_LENGTH; /* Eat it */ 3688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project len -= MS_AUTH_RESPONSE_LENGTH; 3698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if ((len >= 3) && !strncmp((char *)msg, " M=", 3)) { 3708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project msg += 3; /* Eat the delimiter */ 3718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else if (len) { 3728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Packet has extra text which does not begin " M=" */ 3738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project error("MS-CHAPv2 Success packet is badly formed."); 3748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 0; 3758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 1; 3778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 3788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 3808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchapms_handle_failure(unsigned char *inp, int len) 3818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 3828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int err; 3838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *p, *msg; 3848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* We want a null-terminated string for strxxx(). */ 3868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project msg = malloc(len + 1); 3878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (!msg) { 3888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice("Out of memory in chapms_handle_failure"); 3898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return; 3908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BCOPY(inp, msg, len); 3928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project msg[len] = 0; 3938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p = msg; 3948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* 3968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Deal with MS-CHAP formatted failure messages; just print the 3978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * M=<message> part (if any). For MS-CHAP we're not really supposed 3988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * to use M=<message>, but it shouldn't hurt. See 3998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * chapms[2]_verify_response. 4008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 4018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (!strncmp(p, "E=", 2)) 4028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project err = strtol(p, NULL, 10); /* Remember the error code. */ 4038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project else 4048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project goto print_msg; /* Message is badly formatted. */ 4058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (len && ((p = strstr(p, " M=")) != NULL)) { 4078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* M=<message> field found. */ 4088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p += 3; 4098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 4108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* No M=<message>; use the error code. */ 4118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project switch (err) { 4128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project case MS_CHAP_ERROR_RESTRICTED_LOGON_HOURS: 4138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p = "E=646 Restricted logon hours"; 4148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 4158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project case MS_CHAP_ERROR_ACCT_DISABLED: 4178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p = "E=647 Account disabled"; 4188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 4198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project case MS_CHAP_ERROR_PASSWD_EXPIRED: 4218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p = "E=648 Password expired"; 4228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 4238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project case MS_CHAP_ERROR_NO_DIALIN_PERMISSION: 4258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p = "E=649 No dialin permission"; 4268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 4278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project case MS_CHAP_ERROR_AUTHENTICATION_FAILURE: 4298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p = "E=691 Authentication failure"; 4308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 4318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project case MS_CHAP_ERROR_CHANGING_PASSWORD: 4338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Should never see this, we don't support Change Password. */ 4348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p = "E=709 Error changing password"; 4358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 4368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project default: 4388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(msg); 4398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project error("Unknown MS-CHAP authentication failure: %.*v", 4408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project len, inp); 4418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return; 4428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectprint_msg: 4458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (p != NULL) 4468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project error("MS-CHAP authentication failed: %v", p); 4478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(msg); 4488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 4498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 4518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectChallengeResponse(u_char *challenge, 4528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char PasswordHash[MD4_SIGNATURE_SIZE], 4538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char response[24]) 4548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 4558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char ZPasswordHash[21]; 4568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BZERO(ZPasswordHash, sizeof(ZPasswordHash)); 4588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BCOPY(PasswordHash, ZPasswordHash, MD4_SIGNATURE_SIZE); 4598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#if 0 4618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project dbglog("ChallengeResponse - ZPasswordHash %.*B", 4628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project sizeof(ZPasswordHash), ZPasswordHash); 4638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 4648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project (void) DesSetkey(ZPasswordHash + 0); 4668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project DesEncrypt(challenge, response + 0); 4678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project (void) DesSetkey(ZPasswordHash + 7); 4688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project DesEncrypt(challenge, response + 8); 4698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project (void) DesSetkey(ZPasswordHash + 14); 4708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project DesEncrypt(challenge, response + 16); 4718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#if 0 4738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project dbglog("ChallengeResponse - response %.24B", response); 4748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 4758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 4768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectvoid 4788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectChallengeHash(u_char PeerChallenge[16], u_char *rchallenge, 4798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *username, u_char Challenge[8]) 4808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 4828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_CTX sha1Context; 4838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char sha1Hash[SHA1_SIGNATURE_SIZE]; 4848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *user; 4858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* remove domain from "domain\username" */ 4878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if ((user = strrchr(username, '\\')) != NULL) 4888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ++user; 4898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project else 4908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project user = username; 4918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Init(&sha1Context); 4938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, PeerChallenge, 16); 4948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, rchallenge, 16); 4958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, (unsigned char *)user, strlen(user)); 4968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Final(sha1Hash, &sha1Context); 4978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BCOPY(sha1Hash, Challenge, 8); 4998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 5008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 5028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Convert the ASCII version of the password to Unicode. 5038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * This implicitly supports 8-bit ISO8859/1 characters. 5048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * This gives us the little-endian representation, which 5058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * is assumed by all M$ CHAP RFCs. (Unicode byte ordering 5068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * is machine-dependent.) 5078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 5088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 5098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectascii2unicode(char ascii[], int ascii_len, u_char unicode[]) 5108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 5118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int i; 5128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BZERO(unicode, ascii_len * 2); 5148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project for (i = 0; i < ascii_len; i++) 5158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unicode[i * 2] = (u_char) ascii[i]; 5168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 5178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 5198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectNTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) 5208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 521e7f221f12403dcb4081d08e28c54d3b2a1ab05eeChung-yih Wang#ifdef ANDROID_CHANGES 522e7f221f12403dcb4081d08e28c54d3b2a1ab05eeChung-yih Wang /* We link with MD4 routines in openssl, we have to take bytes instead */ 523e7f221f12403dcb4081d08e28c54d3b2a1ab05eeChung-yih Wang int mdlen = secret_len; 524e7f221f12403dcb4081d08e28c54d3b2a1ab05eeChung-yih Wang#else 5258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef __NetBSD__ 5268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* NetBSD uses the libc md4 routines which take bytes instead of bits */ 5278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int mdlen = secret_len; 5288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#else 5298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int mdlen = secret_len * 8; 5308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 531e7f221f12403dcb4081d08e28c54d3b2a1ab05eeChung-yih Wang#endif 5328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MD4_CTX md4Context; 5338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MD4Init(&md4Context); 5358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MD4Update(&md4Context, (unsigned char *)secret, mdlen); 5368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MD4Final(hash, &md4Context); 5378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 5398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 5418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectChapMS_NT(u_char *rchallenge, char *secret, int secret_len, 5428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char NTResponse[24]) 5438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 5448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char unicodePassword[MAX_NT_PASSWORD * 2]; 5458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char PasswordHash[MD4_SIGNATURE_SIZE]; 5468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Hash the Unicode version of the secret (== password). */ 5488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ascii2unicode(secret, secret_len, unicodePassword); 5498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); 5508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChallengeResponse(rchallenge, PasswordHash, NTResponse); 5528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 5538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 5558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectChapMS2_NT(char *rchallenge, u_char PeerChallenge[16], char *username, 5568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *secret, int secret_len, u_char NTResponse[24]) 5578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 5588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char unicodePassword[MAX_NT_PASSWORD * 2]; 5598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char PasswordHash[MD4_SIGNATURE_SIZE]; 5608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Challenge[8]; 5618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChallengeHash(PeerChallenge, (unsigned char *)rchallenge, username, 5638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project Challenge); 5648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Hash the Unicode version of the secret (== password). */ 5668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ascii2unicode(secret, secret_len, unicodePassword); 5678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); 5688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChallengeResponse(Challenge, PasswordHash, NTResponse); 5708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 5718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MSLANMAN 5738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */ 5748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 5768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len, 5778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MS_ChapResponse *response) 5788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 5798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int i; 5808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */ 5818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char PasswordHash[MD4_SIGNATURE_SIZE]; 5828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* LANMan password is case insensitive */ 5848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BZERO(UcasePassword, sizeof(UcasePassword)); 5858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project for (i = 0; i < secret_len; i++) 5868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project UcasePassword[i] = (u_char)toupper(secret[i]); 5878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project (void) DesSetkey(UcasePassword + 0); 5888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project DesEncrypt( StdText, PasswordHash + 0 ); 5898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project (void) DesSetkey(UcasePassword + 7); 5908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project DesEncrypt( StdText, PasswordHash + 8 ); 5918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChallengeResponse(rchallenge, PasswordHash, response->LANManResp); 5928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 5938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 5948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectvoid 5978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectGenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], 5988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char NTResponse[24], u_char PeerChallenge[16], 5998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char *rchallenge, char *username, 6008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]) 6018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 6028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* 6038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * "Magic" constants used in response generation, from RFC 2759. 6048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 6058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Magic1[39] = /* "Magic server to client signing constant" */ 6068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, 6078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, 6088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, 6098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 }; 6108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Magic2[41] = /* "Pad to make it do more than one iteration" */ 6118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, 6128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, 6138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, 6148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, 6158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x6E }; 6168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int i; 6188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_CTX sha1Context; 6198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Digest[SHA1_SIGNATURE_SIZE]; 6208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Challenge[8]; 6218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Init(&sha1Context); 6238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); 6248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, NTResponse, 24); 6258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); 6268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Final(Digest, &sha1Context); 6278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChallengeHash(PeerChallenge, rchallenge, username, Challenge); 6298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Init(&sha1Context); 6318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, Digest, sizeof(Digest)); 6328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, Challenge, sizeof(Challenge)); 6338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, Magic2, sizeof(Magic2)); 6348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Final(Digest, &sha1Context); 6358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Convert to ASCII hex string. */ 6378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++) 6388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]); 6398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 6408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 6438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectGenerateAuthenticatorResponsePlain 6448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project (char *secret, int secret_len, 6458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char NTResponse[24], u_char PeerChallenge[16], 6468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char *rchallenge, char *username, 6478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]) 6488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 6498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char unicodePassword[MAX_NT_PASSWORD * 2]; 6508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char PasswordHash[MD4_SIGNATURE_SIZE]; 6518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; 6528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Hash (x2) the Unicode version of the secret (== password). */ 6548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ascii2unicode(secret, secret_len, unicodePassword); 6558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); 6568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NTPasswordHash((char *)PasswordHash, sizeof(PasswordHash), 6578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project PasswordHashHash); 6588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project GenerateAuthenticatorResponse(PasswordHashHash, NTResponse, PeerChallenge, 6608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project rchallenge, username, authResponse); 6618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 6628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MPPE 6658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 6668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Set mppe_xxxx_key from the NTPasswordHashHash. 6678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * RFC 2548 (RADIUS support) requires us to export this function (ugh). 6688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 6698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectvoid 6708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectmppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) 6718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 6728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_CTX sha1Context; 6738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ 6748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Init(&sha1Context); 6768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); 6778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); 6788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, rchallenge, 8); 6798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Final(Digest, &sha1Context); 6808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Same key in both directions. */ 6828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key)); 6838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key)); 6848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project mppe_keys_set = 1; 6868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 6878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 6898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079) 6908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 6918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 6928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectSet_Start_Key(u_char *rchallenge, char *secret, int secret_len) 6938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 6948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char unicodePassword[MAX_NT_PASSWORD * 2]; 6958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char PasswordHash[MD4_SIGNATURE_SIZE]; 6968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; 6978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Hash (x2) the Unicode version of the secret (== password). */ 6998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ascii2unicode(secret, secret_len, unicodePassword); 7008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); 7018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); 7028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 7038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project mppe_set_keys(rchallenge, PasswordHashHash); 7048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 7058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 7068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 7078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079) 7088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 7098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * This helper function used in the Winbind module, which gets the 7108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * NTHashHash from the server. 7118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 7128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectvoid 7138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectmppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], 7148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char NTResponse[24], int IsServer) 7158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 7168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_CTX sha1Context; 7178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char MasterKey[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ 7188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ 7198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 7208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char SHApad1[40] = 7218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 7228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 7238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 7248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 7258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char SHApad2[40] = 7268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 7278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 7288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 7298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; 7308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 7318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* "This is the MPPE Master Key" */ 7328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Magic1[27] = 7338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 7348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, 7358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; 7368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* "On the client side, this is the send key; " 7378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project "on the server side, it is the receive key." */ 7388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Magic2[84] = 7398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, 7408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 7418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 7428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, 7438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 7448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, 7458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 7468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, 7478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x6b, 0x65, 0x79, 0x2e }; 7488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* "On the client side, this is the receive key; " 7498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project "on the server side, it is the send key." */ 7508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Magic3[84] = 7518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, 7528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 7538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 7548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, 7558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 7568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 7578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 7588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 7598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0x6b, 0x65, 0x79, 0x2e }; 7608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char *s; 7618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 7628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Init(&sha1Context); 7638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); 7648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, NTResponse, 24); 7658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); 7668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Final(MasterKey, &sha1Context); 7678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 7688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* 7698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * generate send key 7708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 7718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (IsServer) 7728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project s = Magic3; 7738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project else 7748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project s = Magic2; 7758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Init(&sha1Context); 7768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, MasterKey, 16); 7778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); 7788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, s, 84); 7798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); 7808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Final(Digest, &sha1Context); 7818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 7828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key)); 7838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 7848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* 7858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * generate recv key 7868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 7878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (IsServer) 7888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project s = Magic2; 7898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project else 7908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project s = Magic3; 7918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Init(&sha1Context); 7928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, MasterKey, 16); 7938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); 7948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, s, 84); 7958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); 7968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SHA1_Final(Digest, &sha1Context); 7978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 7988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key)); 7998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project mppe_keys_set = 1; 8018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 8028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 8048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079) 8058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 8068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic void 8078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectSetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer) 8088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 8098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char unicodePassword[MAX_NT_PASSWORD * 2]; 8108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char PasswordHash[MD4_SIGNATURE_SIZE]; 8118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; 8128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Hash (x2) the Unicode version of the secret (== password). */ 8138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ascii2unicode(secret, secret_len, unicodePassword); 8148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); 8158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); 8168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project mppe_set_keys2(PasswordHashHash, NTResponse, IsServer); 8178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 8188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif /* MPPE */ 8208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectvoid 8238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectChapMS(u_char *rchallenge, char *secret, int secret_len, 8248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MS_ChapResponse *response) 8258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 8268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BZERO(response, sizeof(*response)); 8278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChapMS_NT(rchallenge, secret, secret_len, response->NTResp); 8298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MSLANMAN 8318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChapMS_LANMan(rchallenge, secret, secret_len, response); 8328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* preferred method is set by option */ 8348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project response->UseNT[0] = !ms_lanman; 8358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#else 8368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project response->UseNT[0] = 1; 8378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 8388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MPPE 8408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project Set_Start_Key(rchallenge, secret, secret_len); 8418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 8428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 8438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 8468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * If PeerChallenge is NULL, one is generated and response->PeerChallenge 8478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * is filled in. Call this way when generating a response. 8488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * If PeerChallenge is supplied, it is copied into response->PeerChallenge. 8498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Call this way when verifying a response (or debugging). 8508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Do not call with PeerChallenge = response->PeerChallenge. 8518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 8528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * response->PeerChallenge is then used for calculation of the 8538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Authenticator Response. 8548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 8558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectvoid 8568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source ProjectChapMS2(u_char *rchallenge, u_char *PeerChallenge, 8578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *user, char *secret, int secret_len, MS_Chap2Response *response, 8588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char authResponse[], int authenticator) 8598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 8608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* ARGSUSED */ 8618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char *p = response->PeerChallenge; 8628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int i; 8638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BZERO(response, sizeof(*response)); 8658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Generate the Peer-Challenge if requested, or copy it if supplied. */ 8678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (!PeerChallenge) 8688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project for (i = 0; i < sizeof(response->PeerChallenge); i++) 8698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project *p++ = (u_char) (drand48() * 0xff); 8708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project else 8718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project BCOPY(PeerChallenge, response->PeerChallenge, 8728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project sizeof(response->PeerChallenge)); 8738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Generate the NT-Response */ 8758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChapMS2_NT((char *)rchallenge, response->PeerChallenge, user, 8768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project secret, secret_len, response->NTResp); 8778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Generate the Authenticator Response. */ 8798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project GenerateAuthenticatorResponsePlain(secret, secret_len, response->NTResp, 8808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project response->PeerChallenge, rchallenge, 8818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project user, authResponse); 8828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MPPE 8848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project SetMasterKeys(secret, secret_len, response->NTResp, authenticator); 8858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 8868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 8878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MPPE 8898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 8908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Set MPPE options from plugins. 8918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 8928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectvoid 8938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectset_mppe_enc_types(int policy, int types) 8948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 8958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Early exit for unknown policies. */ 8968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (policy != MPPE_ENC_POL_ENC_ALLOWED || 8978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project policy != MPPE_ENC_POL_ENC_REQUIRED) 8988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return; 8998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 9008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Don't modify MPPE if it's optional and wasn't already configured. */ 9018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe) 9028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return; 9038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 9048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* 9058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Disable undesirable encryption types. Note that we don't ENABLE 9068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * any encryption types, to avoid overriding manual configuration. 9078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project */ 9088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project switch(types) { 9098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project case MPPE_ENC_TYPES_RC4_40: 9108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */ 9118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 9128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project case MPPE_ENC_TYPES_RC4_128: 9138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */ 9148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 9158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project default: 9168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 9178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 9188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 9198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif /* MPPE */ 9208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 9218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic struct chap_digest_type chapms_digest = { 9228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project CHAP_MICROSOFT, /* code */ 9238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chapms_generate_challenge, 9248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chapms_verify_response, 9258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chapms_make_response, 9268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NULL, /* check_success */ 9278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chapms_handle_failure, 9288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project}; 9298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 9308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic struct chap_digest_type chapms2_digest = { 9318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project CHAP_MICROSOFT_V2, /* code */ 9328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chapms2_generate_challenge, 9338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chapms2_verify_response, 9348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chapms2_make_response, 9358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chapms2_check_success, 9368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chapms_handle_failure, 9378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project}; 9388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 9398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectvoid 9408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchapms_init(void) 9418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 9428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chap_register_digest(&chapms_digest); 9438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chap_register_digest(&chapms2_digest); 9448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project add_options(chapms_option_list); 9458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 9468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 9478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif /* CHAPMS */ 948