pppd/chap-md5.c

   1 /*
   2  * chap-md5.c - New CHAP/MD5 implementation.
   3  *
   4  * Copyright (c) 2003 Paul Mackerras. All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. The name(s) of the authors of this software must not be used to
  14  *    endorse or promote products derived from this software without
  15  *    prior written permission.
  16  *
  17  * 3. Redistributions of any form whatsoever must retain the following
  18  *    acknowledgment:
  19  *    "This product includes software developed by Paul Mackerras
  20  *     <paulus@ozlabs.org>".
  21  *
  22  * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
  23  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  24  * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
  25  * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  26  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
  27  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
  28  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  29  */
  30
  31 #define RCSID   "$Id: chap-md5.c,v 1.4 2004/11/09 22:39:25 paulus Exp $"
  32
  33 #ifdef HAVE_CONFIG_H
  34 #include "config.h"
  35 #endif
  36
  37 #include <stdlib.h>
  38 #include <string.h>
  39 #include "pppd-private.h"
  40 #include "chap.h"
  41 #include "chap-md5.h"
  42 #include "magic.h"
  43 #include "crypto.h"
  44
  45 #define MD5_MIN_CHALLENGE       16
  46 #define MD5_MAX_CHALLENGE       24
  47
  48 static void
  49 chap_md5_generate_challenge(unsigned char *cp)
  50 {
  51         int clen;
  52
  53         clen = (int)(drand48() * (MD5_MAX_CHALLENGE - MD5_MIN_CHALLENGE))
  54                 + MD5_MIN_CHALLENGE;
  55         *cp++ = clen;
  56         random_bytes(cp, clen);
  57 }
  58
  59 static int
  60 chap_md5_verify_response(int id, char *name,
  61                          unsigned char *secret, int secret_len,
  62                          unsigned char *challenge, unsigned char *response,
  63                          char *message, int message_space)
  64 {
  65         unsigned char idbyte = id;
  66         unsigned char hash[MD5_DIGEST_LENGTH];
  67         unsigned int  hash_len = MD5_DIGEST_LENGTH;
  68         int challenge_len, response_len;
  69         bool success = 0;
  70
  71         challenge_len = *challenge++;
  72         response_len = *response++;
  73         if (response_len == MD5_DIGEST_LENGTH) {
  74
  75                 /* Generate hash of ID, secret, challenge */
  76                 PPP_MD_CTX* ctx = PPP_MD_CTX_new();
  77                 if (ctx) {
  78
  79                         if (PPP_DigestInit(ctx, PPP_md5())) {
  80
  81                                 if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
  82
  83                                         if (PPP_DigestUpdate(ctx, secret, secret_len)) {
  84
  85                                                 if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
  86
  87                                                         if (PPP_DigestFinal(ctx, hash, &hash_len)) {
  88
  89                                                                 success = 1;
  90                                                         }
  91                                                 }
  92                                         }
  93                                 }
  94                         }
  95                         PPP_MD_CTX_free(ctx);
  96                 }
  97         }
  98         if (success && memcmp(hash, response, hash_len) == 0) {
  99                 slprintf(message, message_space, "Access granted");
 100                 return 1;
 101         }
 102         slprintf(message, message_space, "Access denied");
 103         return 0;
 104 }
 105
 106 static void
 107 chap_md5_make_response(unsigned char *response, int id, char *our_name,
 108                        unsigned char *challenge, char *secret, int secret_len,
 109                        unsigned char *private)
 110 {
 111         unsigned char idbyte = id;
 112         int challenge_len = *challenge++;
 113         int hash_len = MD5_DIGEST_LENGTH;
 114
 115         PPP_MD_CTX* ctx = PPP_MD_CTX_new();
 116         if (ctx) {
 117
 118                 if (PPP_DigestInit(ctx, PPP_md5())) {
 119
 120                         if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
 121
 122                                 if (PPP_DigestUpdate(ctx, secret, secret_len)) {
 123
 124                                         if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
 125
 126                                                 if (PPP_DigestFinal(ctx, &response[1], &hash_len)) {
 127
 128                                                         response[0] = hash_len;
 129                                                 }
 130                                         }
 131                                 }
 132                         }
 133                 }
 134                 PPP_MD_CTX_free(ctx);
 135         }
 136 }
 137
 138 static struct chap_digest_type md5_digest = {
 139         CHAP_MD5,               /* code */
 140         chap_md5_generate_challenge,
 141         chap_md5_verify_response,
 142         chap_md5_make_response,
 143         NULL,                   /* check_success */
 144         NULL,                   /* handle_failure */
 145 };
 146
 147 void
 148 chap_md5_init(void)
 149 {
 150         chap_register_digest(&md5_digest);
 151 }