コード例 #1
0
ファイル: chap_ms.c プロジェクト: SylvestreG/bitrig
void
mschap_msk(u_int8_t *password, int passwordlen,
    u_int8_t *ntresponse, u_int8_t *msk)
{
	u_int8_t	 password_hash[MSCHAP_HASH_SZ];
	u_int8_t	 password_hash2[MSCHAP_HASH_SZ];
	u_int8_t	 masterkey[MSCHAP_MASTERKEY_SZ];
	u_int8_t	 sendkey[MSCHAP_MASTERKEY_SZ];
	u_int8_t	 recvkey[MSCHAP_MASTERKEY_SZ];

	mschap_ntpassword_hash(password, passwordlen, password_hash);
	mschap_ntpassword_hash(password_hash, MSCHAP_HASH_SZ, password_hash2);

	mschap_masterkey(password_hash2, ntresponse, masterkey);
	mschap_asymetric_startkey(masterkey, recvkey, sizeof(recvkey), 0, 1);
	mschap_asymetric_startkey(masterkey, sendkey, sizeof(sendkey), 1, 1);

	/* 16 bytes receive key + 16 bytes send key + 32 bytes 0 padding */
	bzero(msk, MSCHAP_MSK_SZ);
	memcpy(msk, &recvkey, sizeof(recvkey));
	memcpy(msk + sizeof(recvkey), &sendkey, sizeof(sendkey));
}
コード例 #2
0
ファイル: chap.c プロジェクト: darksoul42/bitrig
static void
mschapv2_authenticate(chap *_this, int id, char *username, u_char *challenge,
    int lchallenge, u_char *response)
{
	int i, rval, passlen, lpkt;
	u_char *pkt;
	char password[MAX_PASSWORD_LENGTH * 2], ntresponse[24];
#ifdef	USE_NPPPD_MPPE
	char pwdhash[16], pwdhashhash[16];
#endif

	CHAP_DBG((_this, LOG_DEBUG, "%s()", __func__));
	pkt = ppp_packetbuf(_this->ppp, PPP_PROTO_CHAP) + HEADERLEN;
	lpkt = _this->ppp->mru - HEADERLEN;

	passlen = sizeof(password) / 2;
	rval = npppd_get_user_password(_this->ppp->pppd, _this->ppp, username,
	    password, &passlen);

	if (rval != 0) {
		switch (rval) {
		case 1:
			chap_log(_this, LOG_INFO,
			    "username=\"%s\" user unknown", username);
			break;
		default:
			chap_log(_this, LOG_ERR,
			    "username=\"%s\" generic error", username);
			break;
		}
		goto auth_failed;
	}

	/* Convert the string charset from ASCII to UTF16-LE */
	passlen = strlen(password);
	for (i = passlen - 1; i >= 0; i--) {
		password[i*2] = password[i];
		password[i*2+1] = 0;
	}

	mschap_nt_response(challenge, response, username, strlen(username),
		    password, passlen * 2, ntresponse);

	if (memcmp(ntresponse, response + 24, 24) != 0) {
		chap_log(_this, LOG_INFO,
		    "username=\"%s\" password mismatch.", username);
		goto auth_failed;
	}

    /*
     * Authentication succeed
     */
	CHAP_DBG((_this, LOG_DEBUG, "%s() OK", __func__));

	mschap_auth_response(password, passlen * 2, ntresponse,
	    challenge, response, username, strlen(username), pkt);
	lpkt = 42;
#ifdef	USE_NPPPD_MPPE
	if (_this->ppp->mppe.enabled != 0) {
		mschap_ntpassword_hash(password, passlen * 2, pwdhash);
		mschap_ntpassword_hash(pwdhash, sizeof(pwdhash), pwdhashhash);

		mschap_masterkey(pwdhashhash, ntresponse,
		    _this->ppp->mppe.master_key);
		mschap_asymetric_startkey(_this->ppp->mppe.master_key,
		    _this->ppp->mppe.recv.master_key, MPPE_KEYLEN, 0, 1);
		mschap_asymetric_startkey(_this->ppp->mppe.master_key,
		    _this->ppp->mppe.send.master_key, MPPE_KEYLEN, 1, 1);
	}
#endif
	chap_response(_this, 1, pkt, lpkt);

	return;
auth_failed:
	/* No extra information */
	mschapv2_send_error(_this, ERROR_AUTHENTICATION_FAILURE, 0);

	return;
}