/*
* chap.h - Challenge Handshake Authentication Protocol definitions.
*
- * Copyright (c) 1993 The Australian National University.
- * All rights reserved.
+ * Copyright (c) 1993-2002 Paul Mackerras. All rights reserved.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the Australian National University. The name of the University
- * may not be used to endorse or promote products derived from this
- * software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 4. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@samba.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Copyright (c) 1991 Gregory M. Christy
* All rights reserved.
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: chap.h,v 1.10 2002/03/01 14:39:18 dfs Exp $
+ * $Id: chap.h,v 1.15 2002/12/04 23:03:32 paulus Exp $
*/
#ifndef __CHAP_INCLUDE__
#define CHAP_DIGEST_MD5 5 /* use MD5 algorithm */
#define MD5_SIGNATURE_SIZE 16 /* 16 bytes in a MD5 message digest */
#define CHAP_MICROSOFT 0x80 /* use Microsoft-compatible alg. */
+#define CHAP_MICROSOFT_V2 0x81 /* use Microsoft-compatible alg. */
/*
* Digest type and selection.
*/
/* bitmask of supported algorithms */
-#define MDTYPE_MD5 0x1
+#define MDTYPE_MICROSOFT_V2 0x1
#define MDTYPE_MICROSOFT 0x2
+#define MDTYPE_MD5 0x4
#ifdef CHAPMS
-#define MDTYPE_ALL (MDTYPE_MD5 | MDTYPE_MICROSOFT)
+#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
#else
#define MDTYPE_ALL (MDTYPE_MD5)
#endif
/* Return the digest alg. ID for the most preferred digest type. */
#define CHAP_DIGEST(mdtype) \
- ((mdtype) & MDTYPE_MD5)? CHAP_DIGEST_MD5: \
+ ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
+ ((mdtype) & MDTYPE_MD5)? CHAP_DIGEST_MD5: \
0
/* Return the bit flag (lsb set) for our most preferred digest type. */
/* Return the bit flag for a given digest algorithm ID. */
#define CHAP_MDTYPE_D(digest) \
- ((digest) == CHAP_DIGEST_MD5)? MDTYPE_MD5: \
+ ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_DIGEST_MD5)? MDTYPE_MD5: \
0
/* Can we do the requested digest? */
#define CHAP_CANDIGEST(mdtype, digest) \
- ((digest) == CHAP_DIGEST_MD5)? (mdtype) & MDTYPE_MD5: \
+ ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_DIGEST_MD5)? (mdtype) & MDTYPE_MD5: \
0
#define CHAP_CHALLENGE 1
* Challenge lengths (for challenges we send) and other limits.
*/
#define MIN_CHALLENGE_LENGTH 16
-#define MAX_CHALLENGE_LENGTH 24
+#define MAX_CHALLENGE_LENGTH 24 /* sufficient for MS-CHAP Peer Chal. */
#define MAX_RESPONSE_LENGTH 64 /* sufficient for MD5 or MS-CHAP */
+#define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
+ /* as ASCII */
/*
* Each interface is described by a chap structure.
int chal_transmits; /* Number of transmissions of challenge */
int resp_transmits; /* Number of transmissions of response */
u_char response[MAX_RESPONSE_LENGTH]; /* Response to send */
+ char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; /* Auth response to send */
+ char earesponse[MS_AUTH_RESPONSE_LENGTH+1]; /* Auth response expected */
+ /* +1 for null terminator */
+ u_char resp_flags; /* flags from MS-CHAPv2 auth response */
u_char resp_length; /* length of response */
u_char resp_id; /* ID for response messages */
u_char resp_type; /* hash algorithm for responses */