1/*
2 * MSCHAPV2 (RFC 2759)
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10
11#include "common.h"
12#include "crypto/ms_funcs.h"
13#include "mschapv2.h"
14
15const u8 * mschapv2_remove_domain(const u8 *username, size_t *len)
16{
17	size_t i;
18
19	/*
20	 * MSCHAPv2 does not include optional domain name in the
21	 * challenge-response calculation, so remove domain prefix
22	 * (if present).
23	 */
24
25	for (i = 0; i < *len; i++) {
26		if (username[i] == '\\') {
27			*len -= i + 1;
28			return username + i + 1;
29		}
30	}
31
32	return username;
33}
34
35
36int mschapv2_derive_response(const u8 *identity, size_t identity_len,
37			     const u8 *password, size_t password_len,
38			     int pwhash,
39			     const u8 *auth_challenge,
40			     const u8 *peer_challenge,
41			     u8 *nt_response, u8 *auth_response,
42			     u8 *master_key)
43{
44	const u8 *username;
45	size_t username_len;
46	u8 password_hash[16], password_hash_hash[16];
47
48	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Identity",
49			  identity, identity_len);
50	username_len = identity_len;
51	username = mschapv2_remove_domain(identity, &username_len);
52	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Username",
53			  username, username_len);
54
55	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: auth_challenge",
56		    auth_challenge, MSCHAPV2_CHAL_LEN);
57	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: peer_challenge",
58		    peer_challenge, MSCHAPV2_CHAL_LEN);
59	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: username",
60			  username, username_len);
61	/* Authenticator response is not really needed yet, but calculate it
62	 * here so that challenges need not be saved. */
63	if (pwhash) {
64		wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: password hash",
65				password, password_len);
66		if (generate_nt_response_pwhash(auth_challenge, peer_challenge,
67						username, username_len,
68						password, nt_response) ||
69		    generate_authenticator_response_pwhash(
70			    password, peer_challenge, auth_challenge,
71			    username, username_len, nt_response,
72			    auth_response))
73			return -1;
74	} else {
75		wpa_hexdump_ascii_key(MSG_DEBUG, "MSCHAPV2: password",
76				      password, password_len);
77		if (generate_nt_response(auth_challenge, peer_challenge,
78					 username, username_len,
79					 password, password_len,
80					 nt_response) ||
81		    generate_authenticator_response(password, password_len,
82						    peer_challenge,
83						    auth_challenge,
84						    username, username_len,
85						    nt_response,
86						    auth_response))
87			return -1;
88	}
89	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: NT Response",
90		    nt_response, MSCHAPV2_NT_RESPONSE_LEN);
91	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: Auth Response",
92		    auth_response, MSCHAPV2_AUTH_RESPONSE_LEN);
93
94	/* Generate master_key here since we have the needed data available. */
95	if (pwhash) {
96		if (hash_nt_password_hash(password, password_hash_hash))
97			return -1;
98	} else {
99		if (nt_password_hash(password, password_len, password_hash) ||
100		    hash_nt_password_hash(password_hash, password_hash_hash))
101			return -1;
102	}
103	if (get_master_key(password_hash_hash, nt_response, master_key))
104		return -1;
105	wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: Master Key",
106			master_key, MSCHAPV2_MASTER_KEY_LEN);
107
108	return 0;
109}
110
111
112int mschapv2_verify_auth_response(const u8 *auth_response,
113				  const u8 *buf, size_t buf_len)
114{
115	u8 recv_response[MSCHAPV2_AUTH_RESPONSE_LEN];
116	if (buf_len < 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN ||
117	    buf[0] != 'S' || buf[1] != '=' ||
118	    hexstr2bin((char *) (buf + 2), recv_response,
119		       MSCHAPV2_AUTH_RESPONSE_LEN) ||
120	    os_memcmp_const(auth_response, recv_response,
121			    MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
122		return -1;
123	return 0;
124}
125