source: rtems/cpukit/pppd/chap_ms.c @ 58ce601

4.104.114.84.9
Last change on this file since 58ce601 was 2f1b930, checked in by Joel Sherrill <joel.sherrill@…>, on Aug 16, 2001 at 8:42:09 PM

2001-08-16 Mike Siers <mikes@…>

  • Update of PPPD to 2.3.11 from 2.3.5 and addition of an example application. Mike's notes on the modifications:
    • renamed error() function because of namespace problems
    • removed calls to the exit() funciton
    • removed extra files from the pppd source directory
    • defined pppd task constant values in rtemspppd.h
    • modifyied example code to get actual tick per second value
    • placed the pppd 2.3.11 man page file (pppd.8) into the pppd directory
  • pppd/cbcp.c, pppd/cbcp.h, pppd/main.c, pppd/ppp_tty.c, pppd/pppmain.c, pppd/rtems-ppp.c, pppd/rtems-ppp.c: Deleted.
  • pppd/pppd.8, pppd/rtemsmain.c, pppd/rtemspppd.c, pppd/rtemspppd.h, pppd/sys-rtems.c, pppd/utils.c, pppd/example/Makefile, pppd/example/README, pppd/example/init.c, pppd/example/netconfig.h, pppd/example/ppp.conf, pppd/example/pppdapp.c, pppd/example/system.h: New files.
  • modem/ppp_tty.c, net/if_ppp.h, pppd/Makefile.am, pppd/README, pppd/STATUS, pppd/auth.c, pppd/ccp.c, pppd/ccp.h, pppd/chap.c, pppd/chap.h, pppd/chap_ms.c, pppd/chap_ms.h, pppd/chat.c, pppd/demand.c, pppd/fsm.c, pppd/fsm.h, pppd/ipcp.c, pppd/ipcp.h, pppd/ipxcp.c, pppd/ipxcp.h, pppd/lcp.c, pppd/lcp.h, pppd/magic.c, pppd/magic.h, pppd/options.c, pppd/patchlevel.h, pppd/pathnames.h, pppd/pppd.h, pppd/upap.c, pppd/upap.h: Modified.
  • Property mode set to 100644
File size: 8.6 KB
Line 
1/*
2 * chap_ms.c - Microsoft MS-CHAP compatible implementation.
3 *
4 * Copyright (c) 1995 Eric Rosenquist, Strata Software Limited.
5 * http://www.strataware.com/
6 *
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms are permitted
10 * provided that the above copyright notice and this paragraph are
11 * duplicated in all such forms and that any documentation,
12 * advertising materials, and other materials related to such
13 * distribution and use acknowledge that the software was developed
14 * by Eric Rosenquist.  The name of the author may not be used to
15 * endorse or promote products derived from this software without
16 * specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
20 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22
23/*
24 * Modifications by Lauri Pesonen / lpesonen@clinet.fi, april 1997
25 *
26 *   Implemented LANManager type password response to MS-CHAP challenges.
27 *   Now pppd provides both NT style and LANMan style blocks, and the
28 *   prefered is set by option "ms-lanman". Default is to use NT.
29 *   The hash text (StdText) was taken from Win95 RASAPI32.DLL.
30 *
31 *   You should also use DOMAIN\\USERNAME as described in README.MSCHAP80
32 */
33
34#define RCSID   "$Id$"
35
36#ifdef CHAPMS
37
38#include <stdio.h>
39#include <stdlib.h>
40#include <string.h>
41#include <ctype.h>
42#include <sys/types.h>
43#include <sys/time.h>
44#include <unistd.h>
45#ifdef HAVE_CRYPT_H
46#include <crypt.h>
47#endif
48
49#include "pppd.h"
50#include "chap.h"
51#include "chap_ms.h"
52#include "md4.h"
53
54#ifndef USE_CRYPT
55#include <des.h>
56#endif
57
58static const char rcsid[] = RCSID;
59
60typedef struct {
61    u_char LANManResp[24];
62    u_char NTResp[24];
63    u_char UseNT;               /* If 1, ignore the LANMan response field */
64} MS_ChapResponse;
65/* We use MS_CHAP_RESPONSE_LEN, rather than sizeof(MS_ChapResponse),
66   in case this struct gets padded. */
67
68
69static void     ChallengeResponse __P((u_char *, u_char *, u_char *));
70static void     DesEncrypt __P((u_char *, u_char *, u_char *));
71static void     MakeKey __P((u_char *, u_char *));
72static u_char   Get7Bits __P((u_char *, int));
73static void     ChapMS_NT __P((char *, int, char *, int, MS_ChapResponse *));
74#ifdef MSLANMAN
75static void     ChapMS_LANMan __P((char *, int, char *, int, MS_ChapResponse *));
76#endif
77
78#ifdef USE_CRYPT
79static void     Expand __P((u_char *, u_char *));
80static void     Collapse __P((u_char *, u_char *));
81#endif
82
83#ifdef MSLANMAN
84bool    ms_lanman = 0;          /* Use LanMan password instead of NT */
85                                /* Has meaning only with MS-CHAP challenges */
86#endif
87
88static void
89ChallengeResponse(challenge, pwHash, response)
90    u_char *challenge;  /* IN   8 octets */
91    u_char *pwHash;     /* IN  16 octets */
92    u_char *response;   /* OUT 24 octets */
93{
94    char    ZPasswordHash[21];
95
96    BZERO(ZPasswordHash, sizeof(ZPasswordHash));
97    BCOPY(pwHash, ZPasswordHash, MD4_SIGNATURE_SIZE);
98
99#if 0
100    dbglog("ChallengeResponse - ZPasswordHash %.*B",
101           sizeof(ZPasswordHash), ZPasswordHash);
102#endif
103
104    DesEncrypt(challenge, ZPasswordHash +  0, response + 0);
105    DesEncrypt(challenge, ZPasswordHash +  7, response + 8);
106    DesEncrypt(challenge, ZPasswordHash + 14, response + 16);
107
108#if 0
109    dbglog("ChallengeResponse - response %.24B", response);
110#endif
111}
112
113
114#ifdef USE_CRYPT
115static void
116DesEncrypt(clear, key, cipher)
117    u_char *clear;      /* IN  8 octets */
118    u_char *key;        /* IN  7 octets */
119    u_char *cipher;     /* OUT 8 octets */
120{
121    u_char des_key[8];
122    u_char crypt_key[66];
123    u_char des_input[66];
124
125    MakeKey(key, des_key);
126
127    Expand(des_key, crypt_key);
128    setkey(crypt_key);
129
130#if 0
131    CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet input : %.8B", clear));
132#endif
133
134    Expand(clear, des_input);
135    encrypt(des_input, 0);
136    Collapse(des_input, cipher);
137
138#if 0
139    CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet output: %.8B", cipher));
140#endif
141}
142
143#else /* USE_CRYPT */
144
145static void
146DesEncrypt(clear, key, cipher)
147    u_char *clear;      /* IN  8 octets */
148    u_char *key;        /* IN  7 octets */
149    u_char *cipher;     /* OUT 8 octets */
150{
151    des_cblock          des_key;
152    des_key_schedule    key_schedule;
153
154    MakeKey(key, des_key);
155
156    des_set_key(&des_key, key_schedule);
157
158#if 0
159    CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet input : %.8B", clear));
160#endif
161
162    des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1);
163
164#if 0
165    CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet output: %.8B", cipher));
166#endif
167}
168
169#endif /* USE_CRYPT */
170
171
172static u_char Get7Bits(input, startBit)
173    u_char *input;
174    int startBit;
175{
176    register unsigned int       word;
177
178    word  = (unsigned)input[startBit / 8] << 8;
179    word |= (unsigned)input[startBit / 8 + 1];
180
181    word >>= 15 - (startBit % 8 + 7);
182
183    return word & 0xFE;
184}
185
186#ifdef USE_CRYPT
187
188/* in == 8-byte string (expanded version of the 56-bit key)
189 * out == 64-byte string where each byte is either 1 or 0
190 * Note that the low-order "bit" is always ignored by by setkey()
191 */
192static void Expand(in, out)
193    u_char *in;
194    u_char *out;
195{
196        int j, c;
197        int i;
198
199        for(i = 0; i < 64; in++){
200                c = *in;
201                for(j = 7; j >= 0; j--)
202                        *out++ = (c >> j) & 01;
203                i += 8;
204        }
205}
206
207/* The inverse of Expand
208 */
209static void Collapse(in, out)
210    u_char *in;
211    u_char *out;
212{
213        int j;
214        int i;
215        unsigned int c;
216
217        for (i = 0; i < 64; i += 8, out++) {
218            c = 0;
219            for (j = 7; j >= 0; j--, in++)
220                c |= *in << j;
221            *out = c & 0xff;
222        }
223}
224#endif
225
226static void MakeKey(key, des_key)
227    u_char *key;        /* IN  56 bit DES key missing parity bits */
228    u_char *des_key;    /* OUT 64 bit DES key with parity bits added */
229{
230    des_key[0] = Get7Bits(key,  0);
231    des_key[1] = Get7Bits(key,  7);
232    des_key[2] = Get7Bits(key, 14);
233    des_key[3] = Get7Bits(key, 21);
234    des_key[4] = Get7Bits(key, 28);
235    des_key[5] = Get7Bits(key, 35);
236    des_key[6] = Get7Bits(key, 42);
237    des_key[7] = Get7Bits(key, 49);
238
239#ifndef USE_CRYPT
240    des_set_odd_parity((des_cblock *)des_key);
241#endif
242
243#if 0
244    CHAPDEBUG((LOG_INFO, "MakeKey: 56-bit input : %.7B", key));
245    CHAPDEBUG((LOG_INFO, "MakeKey: 64-bit output: %.8B", des_key));
246#endif
247}
248
249static void
250ChapMS_NT(rchallenge, rchallenge_len, secret, secret_len, response)
251    char *rchallenge;
252    int rchallenge_len;
253    char *secret;
254    int secret_len;
255    MS_ChapResponse    *response;
256{
257    int                 i;
258#ifdef __NetBSD__
259    /* NetBSD uses the libc md4 routines which take bytes instead of bits */
260    int                 mdlen = secret_len * 2;
261#else
262    int                 mdlen = secret_len * 2 * 8;
263#endif
264    MD4_CTX             md4Context;
265    u_char              hash[MD4_SIGNATURE_SIZE];
266    u_char              unicodePassword[MAX_NT_PASSWORD * 2];
267
268    /* Initialize the Unicode version of the secret (== password). */
269    /* This implicitly supports 8-bit ISO8859/1 characters. */
270    BZERO(unicodePassword, sizeof(unicodePassword));
271    for (i = 0; i < secret_len; i++)
272        unicodePassword[i * 2] = (u_char)secret[i];
273
274    MD4Init(&md4Context);
275    MD4Update(&md4Context, unicodePassword, mdlen);
276
277    MD4Final(hash, &md4Context);        /* Tell MD4 we're done */
278
279    ChallengeResponse(rchallenge, hash, response->NTResp);
280}
281
282#ifdef MSLANMAN
283static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */
284
285static void
286ChapMS_LANMan(rchallenge, rchallenge_len, secret, secret_len, response)
287    char *rchallenge;
288    int rchallenge_len;
289    char *secret;
290    int secret_len;
291    MS_ChapResponse     *response;
292{
293    int                 i;
294    u_char              UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
295    u_char              PasswordHash[MD4_SIGNATURE_SIZE];
296
297    /* LANMan password is case insensitive */
298    BZERO(UcasePassword, sizeof(UcasePassword));
299    for (i = 0; i < secret_len; i++)
300       UcasePassword[i] = (u_char)toupper(secret[i]);
301    DesEncrypt( StdText, UcasePassword + 0, PasswordHash + 0 );
302    DesEncrypt( StdText, UcasePassword + 7, PasswordHash + 8 );
303    ChallengeResponse(rchallenge, PasswordHash, response->LANManResp);
304}
305#endif
306
307void
308ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len)
309    chap_state *cstate;
310    char *rchallenge;
311    int rchallenge_len;
312    char *secret;
313    int secret_len;
314{
315    MS_ChapResponse     response;
316
317#if 0
318    CHAPDEBUG((LOG_INFO, "ChapMS: secret is '%.*s'", secret_len, secret));
319#endif
320    BZERO(&response, sizeof(response));
321
322    /* Calculate both always */
323    ChapMS_NT(rchallenge, rchallenge_len, secret, secret_len, &response);
324
325#ifdef MSLANMAN
326    ChapMS_LANMan(rchallenge, rchallenge_len, secret, secret_len, &response);
327
328    /* prefered method is set by option  */
329    response.UseNT = !ms_lanman;
330#else
331    response.UseNT = 1;
332#endif
333
334    BCOPY(&response, cstate->response, MS_CHAP_RESPONSE_LEN);
335    cstate->resp_length = MS_CHAP_RESPONSE_LEN;
336}
337
338#endif /* CHAPMS */
Note: See TracBrowser for help on using the repository browser.