2 * chap_ms.h - Challenge Handshake Authentication Protocol definitions.
4 * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
18 * 3. The name(s) of the authors of this software must not be used to
19 * endorse or promote products derived from this software without
20 * prior written permission.
22 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
23 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
24 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
25 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
27 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
28 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
30 * $Id: chap_ms.h,v 1.13 2004/11/15 22:13:26 paulus Exp $
38 #define MAX_NT_PASSWORD 256 /* Max (Unicode) chars in an NT pass */
40 #define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
41 #define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */
42 #define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
43 #define MS_AUTH_NTRESP_LEN 24 /* Length of NT-response field */
46 /* E=eeeeeeeeee error codes for MS-CHAP failure messages. */
47 #define MS_CHAP_ERROR_RESTRICTED_LOGON_HOURS 646
48 #define MS_CHAP_ERROR_ACCT_DISABLED 647
49 #define MS_CHAP_ERROR_PASSWD_EXPIRED 648
50 #define MS_CHAP_ERROR_NO_DIALIN_PERMISSION 649
51 #define MS_CHAP_ERROR_AUTHENTICATION_FAILURE 691
52 #define MS_CHAP_ERROR_CHANGING_PASSWORD 709
55 * Offsets within the response field for MS-CHAP
57 #define MS_CHAP_LANMANRESP 0
58 #define MS_CHAP_LANMANRESP_LEN 24
59 #define MS_CHAP_NTRESP 24
60 #define MS_CHAP_NTRESP_LEN 24
61 #define MS_CHAP_USENT 48
64 * Offsets within the response field for MS-CHAP2
66 #define MS_CHAP2_PEER_CHALLENGE 0
67 #define MS_CHAP2_PEER_CHAL_LEN 16
68 #define MS_CHAP2_RESERVED_LEN 8
69 #define MS_CHAP2_NTRESP 24
70 #define MS_CHAP2_NTRESP_LEN 24
71 #define MS_CHAP2_FLAGS 48
73 /* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */
74 #define MS_CHAP2_AUTHENTICATEE 0
75 #define MS_CHAP2_AUTHENTICATOR 1
77 void ChapMS (u_char *, char *, int, u_char *);
78 void ChapMS2 (u_char *, u_char *, char *, char *, int,
79 u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
81 void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
85 * PasswordHashHash - 16 bytes representing the NT Password Hash Hash
86 * NTResponse - 24 bytes represending the NTResponse parameter
87 * PeerChallenge - 16 bytes challange for peer
88 * rchallenge - 16 bytes challenge provided by peer
89 * authResponse - 24 + 1 byte to store the authenticator response
91 void GenerateAuthenticatorResponse(unsigned char *PasswordHashHash,
92 unsigned char *NTResponse, unsigned char *PeerChallenge,
93 unsigned char *rchallenge, char *username,
94 unsigned char *authResponse);
96 void chapms_init(void);
98 #endif /* PPP_CHAPMS_H */