-static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]);
-static void ChallengeResponse (u_char *, u_char *, u_char[24]);
+static void NTPasswordHash (u_char *, int, unsigned char *);
+static int ChallengeResponse (u_char *, u_char *, u_char*);
static void ChapMS_NT (u_char *, char *, int, u_char[24]);
static void ChapMS2_NT (u_char *, u_char[16], char *, char *, int,
u_char[24]);
static void ChapMS_NT (u_char *, char *, int, u_char[24]);
static void ChapMS2_NT (u_char *, u_char[16], char *, char *, int,
u_char[24]);
#ifdef PPP_WITH_MSLANMAN
{ "ms-lanman", o_bool, &ms_lanman,
"Use LanMan passwd when using MS-CHAP", 1 },
#ifdef PPP_WITH_MSLANMAN
{ "ms-lanman", o_bool, &ms_lanman,
"Use LanMan passwd when using MS-CHAP", 1 },
#if 0
dbglog("ChallengeResponse - ZPasswordHash %.*B",
sizeof(ZPasswordHash), ZPasswordHash);
#endif
#if 0
dbglog("ChallengeResponse - ZPasswordHash %.*B",
sizeof(ZPasswordHash), ZPasswordHash);
#endif
- (void) DesSetkey(ZPasswordHash + 0);
- DesEncrypt(challenge, response + 0);
- (void) DesSetkey(ZPasswordHash + 7);
- DesEncrypt(challenge, response + 8);
- (void) DesSetkey(ZPasswordHash + 14);
- DesEncrypt(challenge, response + 16);
+ if (DesEncrypt(challenge, ZPasswordHash + 0, response + 0) &&
+ DesEncrypt(challenge, ZPasswordHash + 7, response + 8) &&
+ DesEncrypt(challenge, ZPasswordHash + 14, response + 16))
+ return 1;
/* remove domain from "domain\username" */
if ((user = strrchr(username, '\\')) != NULL)
++user;
else
user = username;
/* remove domain from "domain\username" */
if ((user = strrchr(username, '\\')) != NULL)
++user;
else
user = username;
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, PeerChallenge, 16)) {
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PeerChallenge, 16);
- SHA1_Update(&sha1Context, rchallenge, 16);
- SHA1_Update(&sha1Context, (unsigned char *)user, strlen(user));
- SHA1_Final(sha1Hash, &sha1Context);
+ if (PPP_DigestUpdate(ctx, rchallenge, 16)) {
- BCOPY(sha1Hash, Challenge, 8);
+ if (PPP_DigestUpdate(ctx, user, strlen(user))) {
+
+ hash_len = SHA_DIGEST_LENGTH;
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ BCOPY(hash, Challenge, 8);
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
-#if defined(__NetBSD__) || !defined(USE_MD4)
- /* NetBSD uses the libc md4 routines which take bytes instead of bits */
- int mdlen = secret_len;
-#else
- int mdlen = secret_len * 8;
-#endif
- MD4_CTX md4Context;
-
- MD4Init(&md4Context);
-#if !defined(USE_MD4)
- /* Internal MD4Update can take at most 64 bytes at a time */
- while (mdlen > 512) {
- MD4Update(&md4Context, secret, 512);
- secret += 64;
- mdlen -= 512;
- }
-#endif
- MD4Update(&md4Context, secret, mdlen);
- MD4Final(hash, &md4Context);
+ PPP_MD_CTX* ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_md4())) {
+
+ if (PPP_DigestUpdate(ctx, secret, secret_len)) {
/* Hash the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
/* Hash the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
char *secret, int secret_len, u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
char *secret, int secret_len, u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
u_char Challenge[8];
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
u_char Challenge[8];
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
/* LANMan password is case insensitive */
BZERO(UcasePassword, sizeof(UcasePassword));
for (i = 0; i < secret_len; i++)
UcasePassword[i] = (u_char)toupper(secret[i]);
/* LANMan password is case insensitive */
BZERO(UcasePassword, sizeof(UcasePassword));
for (i = 0; i < secret_len; i++)
UcasePassword[i] = (u_char)toupper(secret[i]);
- (void) DesSetkey(UcasePassword + 0);
- DesEncrypt( StdText, PasswordHash + 0 );
- (void) DesSetkey(UcasePassword + 7);
- DesEncrypt( StdText, PasswordHash + 8 );
- ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
+
+ if (DesEncrypt(StdText, UcasePassword + 0, PasswordHash + 0) &&
+ DesEncrypt(StdText, UcasePassword + 7, PasswordHash + 8)) {
+
+ ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
+ }
-GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], u_char PeerChallenge[16],
- u_char *rchallenge, char *username,
- u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
+GenerateAuthenticatorResponse(unsigned char* PasswordHashHash,
+ unsigned char *NTResponse, unsigned char *PeerChallenge,
+ unsigned char *rchallenge, char *username,
+ unsigned char *authResponse)
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, NTResponse, 24);
- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
- SHA1_Final(Digest, &sha1Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
+
+ if (PPP_DigestUpdate(ctx, NTResponse, 24)) {
+
+ if (PPP_DigestUpdate(ctx, Magic1, sizeof(Magic1))) {
+
+ hash_len = sizeof(Digest);
+ PPP_DigestFinal(ctx, Digest, &hash_len);
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, Digest, sizeof(Digest));
- SHA1_Update(&sha1Context, Challenge, sizeof(Challenge));
- SHA1_Update(&sha1Context, Magic2, sizeof(Magic2));
- SHA1_Final(Digest, &sha1Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, Digest, sizeof(Digest))) {
+
+ if (PPP_DigestUpdate(ctx, Challenge, sizeof(Challenge))) {
+
+ if (PPP_DigestUpdate(ctx, Magic2, sizeof(Magic2))) {
+
+ hash_len = sizeof(Digest);
+ PPP_DigestFinal(ctx, Digest, &hash_len);
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
- for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++)
- sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]);
+ for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++) {
+ sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]);
+ }
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
char *user, char *secret, int secret_len, unsigned char *response,
u_char authResponse[], int authenticator)
{
char *user, char *secret, int secret_len, unsigned char *response,
u_char authResponse[], int authenticator)
{
- 0x6c, 0x8d, 0x4b, 0xa1, 0x2b, 0x5c, 0x13, 0xc3
+ 0x10, 0x2D, 0xB5, 0xDF, 0x08, 0x5D, 0x30, 0x41
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x91, 0x09, 0x61, 0x5a, 0x0c, 0xac, 0xac, 0x55,
- 0x1f, 0x60, 0xe2, 0x9c, 0x00, 0xac, 0x24, 0xda,
- 0x6e, 0xa5, 0x7b, 0xdb, 0x1d, 0x6a, 0x17, 0xc5,
+ 0x4E, 0x9D, 0x3C, 0x8F, 0x9C, 0xFD, 0x38, 0x5D,
+ 0x5B, 0xF4, 0xD3, 0x24, 0x67, 0x91, 0x95, 0x6C,
+ 0xA4, 0xC3, 0x51, 0xAB, 0x40, 0x9A, 0x3D, 0x61,
+