2 * chap-md5.c - New CHAP/MD5 implementation.
4 * Copyright (c) 2003 Paul Mackerras. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. The name(s) of the authors of this software must not be used to
14 * endorse or promote products derived from this software without
15 * prior written permission.
17 * 3. Redistributions of any form whatsoever must retain the following
19 * "This product includes software developed by Paul Mackerras
20 * <paulus@samba.org>".
22 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
23 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
24 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
25 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
27 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
28 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
31 #define RCSID "$Id: chap-md5.c,v 1.4 2004/11/09 22:39:25 paulus Exp $"
39 #include "pppd-private.h"
45 #define MD5_MIN_CHALLENGE 16
46 #define MD5_MAX_CHALLENGE 24
49 chap_md5_generate_challenge(unsigned char *cp)
53 clen = (int)(drand48() * (MD5_MAX_CHALLENGE - MD5_MIN_CHALLENGE))
56 random_bytes(cp, clen);
60 chap_md5_verify_response(int id, char *name,
61 unsigned char *secret, int secret_len,
62 unsigned char *challenge, unsigned char *response,
63 char *message, int message_space)
65 unsigned char idbyte = id;
66 unsigned char hash[MD5_DIGEST_LENGTH];
67 unsigned int hash_len = MD5_DIGEST_LENGTH;
68 int challenge_len, response_len;
71 challenge_len = *challenge++;
72 response_len = *response++;
73 if (response_len == MD5_DIGEST_LENGTH) {
75 /* Generate hash of ID, secret, challenge */
76 PPP_MD_CTX* ctx = PPP_MD_CTX_new();
79 if (PPP_DigestInit(ctx, PPP_md5())) {
81 if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
83 if (PPP_DigestUpdate(ctx, secret, secret_len)) {
85 if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
87 if (PPP_DigestFinal(ctx, hash, &hash_len)) {
98 if (success && memcmp(hash, response, hash_len) == 0) {
99 slprintf(message, message_space, "Access granted");
102 slprintf(message, message_space, "Access denied");
107 chap_md5_make_response(unsigned char *response, int id, char *our_name,
108 unsigned char *challenge, char *secret, int secret_len,
109 unsigned char *private)
111 unsigned char idbyte = id;
112 int challenge_len = *challenge++;
113 int hash_len = MD5_DIGEST_LENGTH;
115 PPP_MD_CTX* ctx = PPP_MD_CTX_new();
118 if (PPP_DigestInit(ctx, PPP_md5())) {
120 if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
122 if (PPP_DigestUpdate(ctx, secret, secret_len)) {
124 if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
126 if (PPP_DigestFinal(ctx, &response[1], &hash_len)) {
128 response[0] = hash_len;
134 PPP_MD_CTX_free(ctx);
138 static struct chap_digest_type md5_digest = {
140 chap_md5_generate_challenge,
141 chap_md5_verify_response,
142 chap_md5_make_response,
143 NULL, /* check_success */
144 NULL, /* handle_failure */
150 chap_register_digest(&md5_digest);