* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: chap.h,v 1.6 1996/07/01 01:12:21 paulus Exp $
+ * $Id: chap.h,v 1.13 2002/05/21 17:26:49 dfs Exp $
*/
#ifndef __CHAP_INCLUDE__
#define CHAP_DIGEST_MD5 5 /* use MD5 algorithm */
#define MD5_SIGNATURE_SIZE 16 /* 16 bytes in a MD5 message digest */
#define CHAP_MICROSOFT 0x80 /* use Microsoft-compatible alg. */
-#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
+#define CHAP_MICROSOFT_V2 0x81 /* use Microsoft-compatible alg. */
+
+/*
+ * Digest type and selection.
+ */
+
+/* bitmask of supported algorithms */
+#define MDTYPE_MICROSOFT_V2 0x1
+#define MDTYPE_MICROSOFT 0x2
+#define MDTYPE_MD5 0x4
+
+#ifdef CHAPMS
+#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT |MDTYPE_MD5)
+#else
+#define MDTYPE_ALL (MDTYPE_MD5)
+#endif
+#define MDTYPE_NONE 0
+
+/* Return the digest alg. ID for the most preferred digest type. */
+#define CHAP_DIGEST(mdtype) \
+ ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
+ ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
+ ((mdtype) & MDTYPE_MD5)? CHAP_DIGEST_MD5: \
+ 0
+
+/* Return the bit flag (lsb set) for our most preferred digest type. */
+#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
+
+/* Return the bit flag for a given digest algorithm ID. */
+#define CHAP_MDTYPE_D(digest) \
+ ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
+ ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_DIGEST_MD5)? MDTYPE_MD5: \
+ 0
+
+/* Can we do the requested digest? */
+#define CHAP_CANDIGEST(mdtype, digest) \
+ ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
+ ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_DIGEST_MD5)? (mdtype) & MDTYPE_MD5: \
+ 0
#define CHAP_CHALLENGE 1
#define CHAP_RESPONSE 2
/*
* Challenge lengths (for challenges we send) and other limits.
*/
-#define MIN_CHALLENGE_LENGTH 32
-#define MAX_CHALLENGE_LENGTH 64
-#define MAX_RESPONSE_LENGTH 16 /* sufficient for MD5 */
+#define MIN_CHALLENGE_LENGTH 16
+#define MAX_CHALLENGE_LENGTH 24 /* sufficient for MS-CHAP Peer Chal. */
+#define MAX_RESPONSE_LENGTH 64 /* sufficient for MD5 or MS-CHAP */
+#define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
+ /* as ASCII */
/*
* Each interface is described by a chap structure.
int chal_transmits; /* Number of transmissions of challenge */
int resp_transmits; /* Number of transmissions of response */
u_char response[MAX_RESPONSE_LENGTH]; /* Response to send */
+ char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; /* Auth response to send */
+ char earesponse[MS_AUTH_RESPONSE_LENGTH+1]; /* Auth response expected */
+ /* +1 for null terminator */
+ u_char resp_flags; /* flags from MS-CHAPv2 auth response */
u_char resp_length; /* length of response */
u_char resp_id; /* ID for response messages */
u_char resp_type; /* hash algorithm for responses */
char *resp_name; /* Our name to send with response */
} chap_state;
+/* We need the declaration of chap_state to use this prototype */
+extern int (*chap_auth_hook) __P((char *user, u_char *remmd,
+ int remmd_len, chap_state *cstate));
/*
* Client (peer) states.