2 * chap-md5.c - New CHAP/MD5 implementation.
4 * Copyright (c) 2003 Paul Mackerras. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. The name(s) of the authors of this software must not be used to
14 * endorse or promote products derived from this software without
15 * prior written permission.
17 * 3. Redistributions of any form whatsoever must retain the following
19 * "This product includes software developed by Paul Mackerras
20 * <paulus@samba.org>".
22 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
23 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
24 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
25 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
27 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
28 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
31 #define RCSID "$Id: chap-md5.c,v 1.4 2004/11/09 22:39:25 paulus Exp $"
43 #include "ppp-crypto.h"
45 #define MD5_HASH_SIZE 16
46 #define MD5_MIN_CHALLENGE 16
47 #define MD5_MAX_CHALLENGE 24
50 chap_md5_generate_challenge(unsigned char *cp)
54 clen = (int)(drand48() * (MD5_MAX_CHALLENGE - MD5_MIN_CHALLENGE))
57 random_bytes(cp, clen);
61 chap_md5_verify_response(int id, char *name,
62 unsigned char *secret, int secret_len,
63 unsigned char *challenge, unsigned char *response,
64 char *message, int message_space)
66 unsigned char idbyte = id;
67 unsigned char hash[MD5_HASH_SIZE];
68 unsigned int hash_len = MD5_HASH_SIZE;
69 int challenge_len, response_len;
72 challenge_len = *challenge++;
73 response_len = *response++;
74 if (response_len == MD5_HASH_SIZE) {
76 /* Generate hash of ID, secret, challenge */
77 PPP_MD_CTX* ctx = PPP_MD_CTX_new();
80 if (PPP_DigestInit(ctx, PPP_md5())) {
82 if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
84 if (PPP_DigestUpdate(ctx, secret, secret_len)) {
86 if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
88 if (PPP_DigestFinal(ctx, hash, &hash_len)) {
99 if (success && memcmp(hash, response, hash_len) == 0) {
100 slprintf(message, message_space, "Access granted");
103 slprintf(message, message_space, "Access denied");
108 chap_md5_make_response(unsigned char *response, int id, char *our_name,
109 unsigned char *challenge, char *secret, int secret_len,
110 unsigned char *private)
112 unsigned char idbyte = id;
113 int challenge_len = *challenge++;
114 int hash_len = MD5_HASH_SIZE;
116 PPP_MD_CTX* ctx = PPP_MD_CTX_new();
119 if (PPP_DigestInit(ctx, PPP_md5())) {
121 if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
123 if (PPP_DigestUpdate(ctx, secret, secret_len)) {
125 if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
127 if (PPP_DigestFinal(ctx, &response[1], &hash_len)) {
129 response[0] = hash_len;
135 PPP_MD_CTX_free(ctx);
139 static struct chap_digest_type md5_digest = {
141 chap_md5_generate_challenge,
142 chap_md5_verify_response,
143 chap_md5_make_response,
144 NULL, /* check_success */
145 NULL, /* handle_failure */
151 chap_register_digest(&md5_digest);