Annotation of embedaddon/libpdel/ppp/ppp_msoft.c, revision 1.1
1.1 ! misho 1:
! 2: /*
! 3: * Copyright (c) 2001-2002 Packet Design, LLC.
! 4: * All rights reserved.
! 5: *
! 6: * Subject to the following obligations and disclaimer of warranty,
! 7: * use and redistribution of this software, in source or object code
! 8: * forms, with or without modifications are expressly permitted by
! 9: * Packet Design; provided, however, that:
! 10: *
! 11: * (i) Any and all reproductions of the source or object code
! 12: * must include the copyright notice above and the following
! 13: * disclaimer of warranties; and
! 14: * (ii) No rights are granted, in any manner or form, to use
! 15: * Packet Design trademarks, including the mark "PACKET DESIGN"
! 16: * on advertising, endorsements, or otherwise except as such
! 17: * appears in the above copyright notice or in the software.
! 18: *
! 19: * THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
! 20: * TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
! 21: * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
! 22: * THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
! 23: * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
! 24: * OR NON-INFRINGEMENT. PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
! 25: * OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
! 26: * OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
! 27: * RELIABILITY OR OTHERWISE. IN NO EVENT SHALL PACKET DESIGN BE
! 28: * LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
! 29: * OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
! 30: * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
! 31: * DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
! 32: * USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
! 33: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
! 34: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
! 35: * THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
! 36: * THE POSSIBILITY OF SUCH DAMAGE.
! 37: *
! 38: * Author: Archie Cobbs <archie@freebsd.org>
! 39: */
! 40:
! 41: #include "ppp/ppp_defs.h"
! 42: #include "ppp/ppp_msoft.h"
! 43:
! 44: #include <openssl/md4.h>
! 45: #include <openssl/des.h>
! 46: #include <openssl/sha.h>
! 47:
! 48: /* Magic constants */
! 49: #define MS_MAGIC_1 "This is the MPPE Master Key"
! 50: #define MS_MAGIC_2 "On the client side, this is the send key;" \
! 51: " on the server side, it is the receive key."
! 52: #define MS_MAGIC_3 "On the client side, this is the receive key;" \
! 53: " on the server side, it is the send key."
! 54: #define MS_AR_MAGIC_1 "Magic server to client signing constant"
! 55: #define MS_AR_MAGIC_2 "Pad to make it do more than one iteration"
! 56:
! 57: /* Internal functions */
! 58: static void ppp_msoft_challenge_response(const u_char *chal,
! 59: const char *pwHash, u_char *hash);
! 60: static void ppp_msoft_des_encrypt(const u_char *clear,
! 61: u_char *key0, u_char *cypher);
! 62: static void ppp_msoft_challenge_hash(const u_char *peerchal,
! 63: const u_char *authchal, const char *username,
! 64: u_char *hash);
! 65:
! 66: /*
! 67: * ppp_msoft_lm_password_hash()
! 68: *
! 69: * password ASCII password
! 70: * hash 16 byte output LanManager hash
! 71: */
! 72: void
! 73: ppp_msoft_lm_password_hash(const char *password, u_char *hash)
! 74: {
! 75: const char *const clear = "KGS!@#$%%";
! 76: u_char up[14];
! 77: int k;
! 78:
! 79: memset(&up, 0, sizeof(up));
! 80: for (k = 0; k < sizeof(up) && password[k]; k++)
! 81: up[k] = toupper(password[k]);
! 82:
! 83: ppp_msoft_des_encrypt(clear, &up[0], &hash[0]);
! 84: ppp_msoft_des_encrypt(clear, &up[7], &hash[8]);
! 85: }
! 86:
! 87: /*
! 88: * ppp_msoft_nt_password_hash()
! 89: *
! 90: * password ASCII (NOT Unicode) password
! 91: * hash 16 byte output NT hash
! 92: */
! 93: void
! 94: ppp_msoft_nt_password_hash(const char *password, u_char *hash)
! 95: {
! 96: u_int16_t unipw[128];
! 97: const char *s;
! 98: int unipwLen;
! 99: MD4_CTX ctx;
! 100:
! 101: /* Convert password to Unicode */
! 102: for (unipwLen = 0, s = password;
! 103: unipwLen < sizeof(unipw) / 2 && *s; s++)
! 104: unipw[unipwLen++] = htons(*s << 8);
! 105:
! 106: /* Compute MD4 of Unicode password */
! 107: MD4_Init(&ctx);
! 108: MD4_Update(&ctx, (u_char *)unipw, unipwLen * sizeof(*unipw));
! 109: MD4_Final(hash, &ctx);
! 110: }
! 111:
! 112: /*
! 113: * ppp_msoft_nt_challenge_response()
! 114: *
! 115: * chal 8 byte challenge
! 116: * password ASCII (NOT Unicode) password
! 117: * hash 24 byte response
! 118: */
! 119: void
! 120: ppp_msoft_nt_challenge_response(const u_char *chal,
! 121: const char *password, u_char *hash)
! 122: {
! 123: u_char pwHash[16];
! 124:
! 125: ppp_msoft_nt_password_hash(password, pwHash);
! 126: ppp_msoft_challenge_response(chal, pwHash, hash);
! 127: }
! 128:
! 129: /*
! 130: * ppp_msoft_challenge_response()
! 131: *
! 132: * chal 8 byte challenge
! 133: * pwHash 16 byte password hash
! 134: * hash 24 byte response
! 135: */
! 136: static void
! 137: ppp_msoft_challenge_response(const u_char *chal,
! 138: const char *pwHash, u_char *hash)
! 139: {
! 140: u_char buf[21];
! 141: int i;
! 142:
! 143: /* Initialize buffer */
! 144: memset(&buf, 0, sizeof(buf));
! 145: memcpy(buf, pwHash, 16);
! 146:
! 147: /* Use DES to hash the hash */
! 148: for (i = 0; i < 3; i++) {
! 149: u_char *const key = &buf[i * 7];
! 150: u_char *const output = &hash[i * 8];
! 151:
! 152: ppp_msoft_des_encrypt(chal, key, output);
! 153: }
! 154: }
! 155:
! 156: /*
! 157: * ppp_msoft_des_encrypt()
! 158: *
! 159: * clear 8 byte cleartext
! 160: * key 7 byte key
! 161: * cypher 8 byte cyphertext
! 162: */
! 163: static void
! 164: ppp_msoft_des_encrypt(const u_char *clear, u_char *key0, u_char *cypher)
! 165: {
! 166: des_key_schedule ks;
! 167: u_char key[8];
! 168:
! 169: /*
! 170: * Create DES key
! 171: *
! 172: * Note: we don't bother setting the parity bit because
! 173: * the des_set_key() algorithm does that for us. A different
! 174: * algorithm may care though.
! 175: */
! 176: key[0] = key0[0] & 0xfe;
! 177: key[1] = (key0[0] << 7) | (key0[1] >> 1);
! 178: key[2] = (key0[1] << 6) | (key0[2] >> 2);
! 179: key[3] = (key0[2] << 5) | (key0[3] >> 3);
! 180: key[4] = (key0[3] << 4) | (key0[4] >> 4);
! 181: key[5] = (key0[4] << 3) | (key0[5] >> 5);
! 182: key[6] = (key0[5] << 2) | (key0[6] >> 6);
! 183: key[7] = key0[6] << 1;
! 184: des_set_key((des_cblock *)key, ks);
! 185:
! 186: /* Encrypt using key */
! 187: des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cypher, ks, 1);
! 188: }
! 189:
! 190: /*
! 191: * ppp_msoft_get_start_key()
! 192: */
! 193: void
! 194: ppp_msoft_get_start_key(const u_char *chal, u_char *hash)
! 195: {
! 196: u_char sha1[SHA_DIGEST_LENGTH];
! 197: SHA_CTX ctx;
! 198:
! 199: SHA1_Init(&ctx);
! 200: SHA1_Update(&ctx, hash, 16);
! 201: SHA1_Update(&ctx, hash, 16);
! 202: SHA1_Update(&ctx, chal, 8);
! 203: SHA1_Final(sha1, &ctx);
! 204: memcpy(hash, sha1, 16);
! 205: }
! 206:
! 207: /*
! 208: * ppp_msoft_generate_nt_response()
! 209: *
! 210: * authchal 16 byte authenticator challenge
! 211: * peerchal 16 byte peer challenge
! 212: * username ASCII username
! 213: * password ASCII (NOT Unicode) password
! 214: * hash 24 byte response
! 215: */
! 216: void
! 217: ppp_msoft_generate_nt_response(const u_char *authchal, const u_char *peerchal,
! 218: const char *username, const char *password, u_char *hash)
! 219: {
! 220: u_char chal[8];
! 221: u_char pwHash[16];
! 222:
! 223: ppp_msoft_challenge_hash(peerchal, authchal, username, chal);
! 224: ppp_msoft_nt_password_hash(password, pwHash);
! 225: ppp_msoft_challenge_response(chal, pwHash, hash);
! 226: }
! 227:
! 228: /*
! 229: * ppp_msoft_challenge_hash()
! 230: *
! 231: * peerchal 16 byte peer challenge
! 232: * authchal 16 byte authenticator challenge
! 233: * username ASCII username
! 234: * hash 8 byte response
! 235: */
! 236: static void
! 237: ppp_msoft_challenge_hash(const u_char *peerchal, const u_char *authchal,
! 238: const char *username, u_char *hash)
! 239: {
! 240: u_char sha1[SHA_DIGEST_LENGTH];
! 241: SHA_CTX ctx;
! 242: const char *slash;
! 243:
! 244: /* Strip off NT domain (if any) */
! 245: if ((slash = strrchr(username, '\\')) != NULL)
! 246: username = slash + 1;
! 247: SHA1_Init(&ctx);
! 248: SHA1_Update(&ctx, peerchal, 16);
! 249: SHA1_Update(&ctx, authchal, 16);
! 250: SHA1_Update(&ctx, username, strlen(username));
! 251: SHA1_Final(sha1, &ctx);
! 252: memcpy(hash, sha1, 8);
! 253: }
! 254:
! 255: /*
! 256: * Compute master key for MPPE
! 257: */
! 258: void
! 259: ppp_msoft_get_master_key(const u_char *resp, u_char *hash)
! 260: {
! 261: u_char sha1[SHA_DIGEST_LENGTH];
! 262: SHA_CTX ctx;
! 263:
! 264: SHA1_Init(&ctx);
! 265: SHA1_Update(&ctx, hash, 16);
! 266: SHA1_Update(&ctx, resp, 24);
! 267: SHA1_Update(&ctx, MS_MAGIC_1, 27);
! 268: SHA1_Final(sha1, &ctx);
! 269: memcpy(hash, sha1, 16);
! 270: }
! 271:
! 272: /*
! 273: * Compute asymmetric start key for MPPE (MS-CHAPv2 authentication)
! 274: *
! 275: * which Zero for server xmit/client recv, 1 for server recv/client xmit
! 276: */
! 277: void
! 278: ppp_msoft_get_asymetric_start_key(int which, const u_char *master, u_char *key)
! 279: {
! 280: u_char sha1[SHA_DIGEST_LENGTH];
! 281: u_char sha_pad[2][40];
! 282: SHA_CTX ctx;
! 283:
! 284: /* Generate start key */
! 285: memset(&sha_pad[0], 0x00, sizeof(sha_pad[0]));
! 286: memset(&sha_pad[1], 0xf2, sizeof(sha_pad[1]));
! 287: SHA1_Init(&ctx);
! 288: SHA1_Update(&ctx, master, 16);
! 289: SHA1_Update(&ctx, sha_pad[0], 40);
! 290: SHA1_Update(&ctx, which ? MS_MAGIC_2 : MS_MAGIC_3, 84);
! 291: SHA1_Update(&ctx, sha_pad[1], 40);
! 292: SHA1_Final(sha1, &ctx);
! 293: memcpy(key, sha1, 16);
! 294: }
! 295:
! 296: /*
! 297: * Initialize MPPE key based on MS-CHAPv1 credentials.
! 298: *
! 299: * e128 Non-zero for 128 bit key, zero for 64 bit key.
! 300: * pass Originating side's password
! 301: * chal Answering side's challenge
! 302: * key 16 byte output buffer
! 303: */
! 304: void
! 305: ppp_msoft_init_key_v1(int e128,
! 306: const char *pass, const u_char *chal, u_char *key)
! 307: {
! 308: if (e128) { /* 128 bit key */
! 309: u_char hash[16];
! 310: MD4_CTX ctx;
! 311:
! 312: ppp_msoft_nt_password_hash(pass, hash);
! 313: MD4_Init(&ctx);
! 314: MD4_Update(&ctx, hash, 16);
! 315: MD4_Final(hash, &ctx);
! 316: ppp_msoft_get_start_key(chal, hash);
! 317: memcpy(key, hash, 16);
! 318: } else /* 40 or 56 bit key */
! 319: ppp_msoft_lm_password_hash(pass, key);
! 320: }
! 321:
! 322: /*
! 323: * Initialize MPPE key based on MS-CHAPv2 credentials.
! 324: *
! 325: * which Zero for server xmit/client recv, 1 for server recv/client xmit
! 326: * pass Originating side's password
! 327: * resp Answering side's challenge response hash
! 328: * key 16 byte output buffer
! 329: */
! 330: void
! 331: ppp_msoft_init_key_v2(int which,
! 332: const char *pass, const u_char *resp, u_char *key)
! 333: {
! 334: u_char hash[16];
! 335: MD4_CTX ctx;
! 336:
! 337: ppp_msoft_nt_password_hash(pass, hash);
! 338: MD4_Init(&ctx);
! 339: MD4_Update(&ctx, hash, 16);
! 340: MD4_Final(hash, &ctx);
! 341: ppp_msoft_get_master_key(resp, hash);
! 342: ppp_msoft_get_asymetric_start_key(which, hash, key);
! 343: }
! 344:
! 345: /*
! 346: * Generate response to MS-CHAPv2 piggy-backed challenge.
! 347: *
! 348: * "authresp" must point to a 20 byte buffer.
! 349: */
! 350: void
! 351: ppp_msoft_generate_authenticator_response(const char *password,
! 352: const u_char *ntresp, const u_char *peerchal,
! 353: const u_char *authchal, const char *username, u_char *authresp)
! 354: {
! 355: u_char hash[16];
! 356: u_char digest[SHA_DIGEST_LENGTH];
! 357: u_char chal[8];
! 358: MD4_CTX md4ctx;
! 359: SHA_CTX shactx;
! 360:
! 361: ppp_msoft_nt_password_hash(password, hash);
! 362:
! 363: MD4_Init(&md4ctx);
! 364: MD4_Update(&md4ctx, hash, 16);
! 365: MD4_Final(hash, &md4ctx);
! 366:
! 367: SHA1_Init(&shactx);
! 368: SHA1_Update(&shactx, hash, 16);
! 369: SHA1_Update(&shactx, ntresp, 24);
! 370: SHA1_Update(&shactx, MS_AR_MAGIC_1, 39);
! 371: SHA1_Final(digest, &shactx);
! 372:
! 373: ppp_msoft_challenge_hash(peerchal, authchal, username, chal);
! 374:
! 375: SHA1_Init(&shactx);
! 376: SHA1_Update(&shactx, digest, sizeof(digest));
! 377: SHA1_Update(&shactx, chal, 8);
! 378: SHA1_Update(&shactx, MS_AR_MAGIC_2, 41);
! 379: SHA1_Final(authresp, &shactx);
! 380: }
! 381:
! 382: /*
! 383: * Verify server's piggy-backed response.
! 384: *
! 385: * Returns 1 if OK, otherwise zero.
! 386: */
! 387: int
! 388: ppp_msoft_check_authenticator_response(const char *password,
! 389: const u_char *ntresp, const u_char *peerchal, const u_char *authchal,
! 390: const char *username, const char *rechash)
! 391: {
! 392: char authresp[43];
! 393:
! 394: ppp_msoft_generate_authenticator_response(password, ntresp,
! 395: peerchal, authchal, username, authresp);
! 396: return (strcmp(rechash, authresp) == 0);
! 397: }
! 398:
! 399:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ppp_msoft.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libpdel / ppp