2 * chap_ms.h - Challenge Handshake Authentication Protocol definitions.
4 * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
18 * 3. The name(s) of the authors of this software must not be used to
19 * endorse or promote products derived from this software without
20 * prior written permission.
22 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
23 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
24 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
25 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
27 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
28 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
30 * $Id: chap_ms.h,v 1.11 2004/11/04 12:00:07 paulus Exp $
33 #ifndef __CHAPMS_INCLUDE__
35 #define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */
36 #define MAX_NT_PASSWORD 256 /* Max (Unicode) chars in an NT pass */
38 #define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
39 #define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */
40 #define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
43 /* E=eeeeeeeeee error codes for MS-CHAP failure messages. */
44 #define MS_CHAP_ERROR_RESTRICTED_LOGON_HOURS 646
45 #define MS_CHAP_ERROR_ACCT_DISABLED 647
46 #define MS_CHAP_ERROR_PASSWD_EXPIRED 648
47 #define MS_CHAP_ERROR_NO_DIALIN_PERMISSION 649
48 #define MS_CHAP_ERROR_AUTHENTICATION_FAILURE 691
49 #define MS_CHAP_ERROR_CHANGING_PASSWORD 709
52 * Use MS_CHAP_RESPONSE_LEN, rather than sizeof(MS_ChapResponse),
53 * in case this struct gets padded.
56 u_char LANManResp[24];
58 u_char UseNT[1]; /* If 1, ignore the LANMan response field */
62 * Use MS_CHAP2_RESPONSE_LEN, rather than sizeof(MS_Chap2Response),
63 * in case this struct gets padded.
66 u_char PeerChallenge[16];
67 u_char Reserved[8]; /* Must be zero */
69 u_char Flags[1]; /* Must be zero */
73 #include <net/ppp-comp.h> /* MPPE_MAX_KEY_LEN */
74 extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
75 extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
76 extern int mppe_keys_set;
78 /* These values are the RADIUS attribute values--see RFC 2548. */
79 #define MPPE_ENC_POL_ENC_ALLOWED 1
80 #define MPPE_ENC_POL_ENC_REQUIRED 2
81 #define MPPE_ENC_TYPES_RC4_40 2
82 #define MPPE_ENC_TYPES_RC4_128 4
84 /* used by plugins (using above values) */
85 extern void set_mppe_enc_types(int, int);
88 /* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */
89 #define MS_CHAP2_AUTHENTICATEE 0
90 #define MS_CHAP2_AUTHENTICATOR 1
92 void ChapMS __P((u_char *, char *, int, MS_ChapResponse *));
93 void ChapMS2 __P((u_char *, u_char *, char *, char *, int,
94 MS_Chap2Response *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int));
96 void mppe_set_keys __P((u_char *, u_char[MD4_SIGNATURE_SIZE]));
97 void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
98 u_char NTResponse[24], int IsServer);
101 void ChallengeHash __P((u_char[16], u_char *, char *, u_char[8]));
103 void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
104 u_char NTResponse[24], u_char PeerChallenge[16],
105 u_char *rchallenge, char *username,
106 u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]);
108 void chapms_init(void);
110 #define __CHAPMS_INCLUDE__
111 #endif /* __CHAPMS_INCLUDE__ */