#include "config.h"
#endif
-#ifdef CHAPMS
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>
+#if defined(SOL2)
+#include <net/ppp-comp.h>
+#else
+#include <linux/ppp-comp.h>
+#endif
-#include "pppd.h"
-#include "chap-new.h"
+#include "pppd-private.h"
+#include "options.h"
+#include "chap.h"
#include "chap_ms.h"
-#include "md4.h"
-#include "sha1.h"
-#include "pppcrypt.h"
#include "magic.h"
#include "mppe.h"
+#include "crypto.h"
+#include "crypto_ms.h"
#ifdef UNIT_TEST
-#undef MPPE
+#undef PPP_WITH_MPPE
#endif
static void ascii2unicode (char[], int, u_char[]);
-static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]);
-static void ChallengeResponse (u_char *, u_char *, u_char[24]);
+static void NTPasswordHash (u_char *, int, unsigned char *);
+static int ChallengeResponse (u_char *, u_char *, u_char*);
static void ChapMS_NT (u_char *, char *, int, u_char[24]);
static void ChapMS2_NT (u_char *, u_char[16], char *, char *, int,
u_char[24]);
static void GenerateAuthenticatorResponsePlain
(char*, int, u_char[24], u_char[16], u_char *,
char *, u_char[41]);
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
static void ChapMS_LANMan (u_char *, char *, int, u_char *);
#endif
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
bool ms_lanman = 0; /* Use LanMan password instead of NT */
/* Has meaning only with MS-CHAP challenges */
#endif
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
#ifdef DEBUGMPPEKEY
/* For MPPE debug */
/* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */
#include "fsm.h" /* Need to poke MPPE options */
#include "ccp.h"
-#include <net/ppp-comp.h>
#endif
/*
* Command-line options.
*/
-static option_t chapms_option_list[] = {
-#ifdef MSLANMAN
+static struct option chapms_option_list[] = {
+#ifdef PPP_WITH_MSLANMAN
{ "ms-lanman", o_bool, &ms_lanman,
"Use LanMan passwd when using MS-CHAP", 1 },
#endif
if (response_len != MS_CHAP_RESPONSE_LEN)
goto bad;
-#ifndef MSLANMAN
+#ifndef PPP_WITH_MSLANMAN
if (!response[MS_CHAP_USENT]) {
/* Should really propagate this into the error packet. */
notice("Peer request for LANMAN auth not supported");
/* Generate the expected response. */
ChapMS(challenge, (char *)secret, secret_len, md);
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
/* Determine which part of response to verify against */
if (!response[MS_CHAP_USENT])
diff = memcmp(&response[MS_CHAP_LANMANRESP],
free(msg);
}
-static void
+static int
ChallengeResponse(u_char *challenge,
- u_char PasswordHash[MD4_SIGNATURE_SIZE],
- u_char response[24])
+ u_char *PasswordHash,
+ u_char *response)
{
- u_char ZPasswordHash[21];
+ u_char ZPasswordHash[24];
+ PPP_CIPHER_CTX *ctx;
BZERO(ZPasswordHash, sizeof(ZPasswordHash));
- BCOPY(PasswordHash, ZPasswordHash, MD4_SIGNATURE_SIZE);
+ BCOPY(PasswordHash, ZPasswordHash, MD4_DIGEST_LENGTH);
#if 0
dbglog("ChallengeResponse - ZPasswordHash %.*B",
sizeof(ZPasswordHash), ZPasswordHash);
#endif
- (void) DesSetkey(ZPasswordHash + 0);
- DesEncrypt(challenge, response + 0);
- (void) DesSetkey(ZPasswordHash + 7);
- DesEncrypt(challenge, response + 8);
- (void) DesSetkey(ZPasswordHash + 14);
- DesEncrypt(challenge, response + 16);
+ if (DesEncrypt(challenge, ZPasswordHash + 0, response + 0) &&
+ DesEncrypt(challenge, ZPasswordHash + 7, response + 8) &&
+ DesEncrypt(challenge, ZPasswordHash + 14, response + 16))
+ return 1;
#if 0
dbglog("ChallengeResponse - response %.24B", response);
#endif
+ return 0;
}
void
char *username, u_char Challenge[8])
{
- SHA1_CTX sha1Context;
- u_char sha1Hash[SHA1_SIGNATURE_SIZE];
- char *user;
+ PPP_MD_CTX* ctx;
+ u_char hash[SHA_DIGEST_LENGTH];
+ int hash_len;
+ const char *user;
/* remove domain from "domain\username" */
if ((user = strrchr(username, '\\')) != NULL)
++user;
else
user = username;
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PeerChallenge, 16);
- SHA1_Update(&sha1Context, rchallenge, 16);
- SHA1_Update(&sha1Context, (unsigned char *)user, strlen(user));
- SHA1_Final(sha1Hash, &sha1Context);
+ if (PPP_DigestUpdate(ctx, PeerChallenge, 16)) {
- BCOPY(sha1Hash, Challenge, 8);
+ if (PPP_DigestUpdate(ctx, rchallenge, 16)) {
+
+ if (PPP_DigestUpdate(ctx, user, strlen(user))) {
+
+ hash_len = SHA_DIGEST_LENGTH;
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ BCOPY(hash, Challenge, 8);
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
}
/*
}
static void
-NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
+NTPasswordHash(u_char *secret, int secret_len, unsigned char* hash)
{
-#if defined(__NetBSD__) || !defined(USE_MD4)
- /* NetBSD uses the libc md4 routines which take bytes instead of bits */
- int mdlen = secret_len;
-#else
- int mdlen = secret_len * 8;
-#endif
- MD4_CTX md4Context;
-
- MD4Init(&md4Context);
-#if !defined(USE_MD4)
- /* Internal MD4Update can take at most 64 bytes at a time */
- while (mdlen > 512) {
- MD4Update(&md4Context, secret, 512);
- secret += 64;
- mdlen -= 512;
- }
-#endif
- MD4Update(&md4Context, secret, mdlen);
- MD4Final(hash, &md4Context);
+ PPP_MD_CTX* ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_md4())) {
+
+ if (PPP_DigestUpdate(ctx, secret, secret_len)) {
+ int hash_len = MD4_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, hash, &hash_len);
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
}
static void
u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
/* Hash the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
char *secret, int secret_len, u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
u_char Challenge[8];
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
ChallengeResponse(Challenge, PasswordHash, NTResponse);
}
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */
static void
{
int i;
u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
/* LANMan password is case insensitive */
BZERO(UcasePassword, sizeof(UcasePassword));
for (i = 0; i < secret_len; i++)
UcasePassword[i] = (u_char)toupper(secret[i]);
- (void) DesSetkey(UcasePassword + 0);
- DesEncrypt( StdText, PasswordHash + 0 );
- (void) DesSetkey(UcasePassword + 7);
- DesEncrypt( StdText, PasswordHash + 8 );
- ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
+
+ if (DesEncrypt(StdText, UcasePassword + 0, PasswordHash + 0) &&
+ DesEncrypt(StdText, UcasePassword + 7, PasswordHash + 8)) {
+
+ ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
+ }
}
#endif
void
-GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], u_char PeerChallenge[16],
- u_char *rchallenge, char *username,
- u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
+GenerateAuthenticatorResponse(unsigned char* PasswordHashHash,
+ unsigned char *NTResponse, unsigned char *PeerChallenge,
+ unsigned char *rchallenge, char *username,
+ unsigned char *authResponse)
{
/*
* "Magic" constants used in response generation, from RFC 2759.
0x6E };
int i;
- SHA1_CTX sha1Context;
- u_char Digest[SHA1_SIGNATURE_SIZE];
+ PPP_MD_CTX *ctx;
+ u_char Digest[SHA_DIGEST_LENGTH] = {};
+ int hash_len;
u_char Challenge[8];
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, NTResponse, 24);
- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
- SHA1_Final(Digest, &sha1Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
+
+ if (PPP_DigestUpdate(ctx, NTResponse, 24)) {
+
+ if (PPP_DigestUpdate(ctx, Magic1, sizeof(Magic1))) {
+
+ hash_len = sizeof(Digest);
+ PPP_DigestFinal(ctx, Digest, &hash_len);
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, Digest, sizeof(Digest));
- SHA1_Update(&sha1Context, Challenge, sizeof(Challenge));
- SHA1_Update(&sha1Context, Magic2, sizeof(Magic2));
- SHA1_Final(Digest, &sha1Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, Digest, sizeof(Digest))) {
+
+ if (PPP_DigestUpdate(ctx, Challenge, sizeof(Challenge))) {
+
+ if (PPP_DigestUpdate(ctx, Magic2, sizeof(Magic2))) {
+
+ hash_len = sizeof(Digest);
+ PPP_DigestFinal(ctx, Digest, &hash_len);
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
/* Convert to ASCII hex string. */
- for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++)
- sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]);
+ for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++) {
+ sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]);
+ }
}
u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
}
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/*
* Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079)
Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer);
}
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
void
ChapMS_NT(rchallenge, secret, secret_len, &response[MS_CHAP_NTRESP]);
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
ChapMS_LANMan(rchallenge, secret, secret_len,
&response[MS_CHAP_LANMANRESP]);
response[MS_CHAP_USENT] = 1;
#endif
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
Set_Start_Key(rchallenge, secret, secret_len);
#endif
}
* Authenticator Response.
*/
void
-ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
+ChapMS2(unsigned char *rchallenge, unsigned char *PeerChallenge,
char *user, char *secret, int secret_len, unsigned char *response,
u_char authResponse[], int authenticator)
{
&response[MS_CHAP2_PEER_CHALLENGE],
rchallenge, user, authResponse);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
SetMasterKeys(secret, secret_len,
&response[MS_CHAP2_NTRESP], authenticator);
#endif
{
chap_register_digest(&chapms_digest);
chap_register_digest(&chapms2_digest);
- add_options(chapms_option_list);
+ ppp_add_options(chapms_option_list);
}
#else
int test_chap_v1(void) {
- char *secret = "TestPassword";
+ char *secret = "MyPw";
unsigned char challenge[8] = {
- 0x6c, 0x8d, 0x4b, 0xa1, 0x2b, 0x5c, 0x13, 0xc3
+ 0x10, 0x2D, 0xB5, 0xDF, 0x08, 0x5D, 0x30, 0x41
};
unsigned char response[MS_CHAP_RESPONSE_LEN] = {
};
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x91, 0x09, 0x61, 0x5a, 0x0c, 0xac, 0xac, 0x55,
- 0x1f, 0x60, 0xe2, 0x9c, 0x00, 0xac, 0x24, 0xda,
- 0x6e, 0xa5, 0x7b, 0xdb, 0x1d, 0x6a, 0x17, 0xc5,
+ 0x4E, 0x9D, 0x3C, 0x8F, 0x9C, 0xFD, 0x38, 0x5D,
+ 0x5B, 0xF4, 0xD3, 0x24, 0x67, 0x91, 0x95, 0x6C,
+ 0xA4, 0xC3, 0x51, 0xAB, 0x40, 0x9A, 0x3D, 0x61,
+
0x01
};
}
int main(int argc, char *argv[]) {
+
+ PPP_crypto_init();
if (test_chap_v1()) {
printf("CHAPv1 failed\n");
return -1;
}
+ PPP_crypto_deinit();
+
printf("Success\n");
return 0;
}
#endif /* UNIT_TEST */
-
-#endif /* CHAPMS */