[164] | 1 | /*** WARNING - THIS CODE HAS NOT BEEN FINISHED! ***/
|
---|
| 2 | /*** The original PPPD code is written in a way to require either the UNIX DES
|
---|
| 3 | encryption functions encrypt(3) and setkey(3) or the DES library libdes.
|
---|
| 4 | Since both is not included in lwIP, MSCHAP currently does not work! */
|
---|
| 5 | /*****************************************************************************
|
---|
| 6 | * chpms.c - Network MicroSoft Challenge Handshake Authentication Protocol program file.
|
---|
| 7 | *
|
---|
| 8 | * Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
|
---|
| 9 | * Copyright (c) 1997 by Global Election Systems Inc. All rights reserved.
|
---|
| 10 | *
|
---|
| 11 | * The authors hereby grant permission to use, copy, modify, distribute,
|
---|
| 12 | * and license this software and its documentation for any purpose, provided
|
---|
| 13 | * that existing copyright notices are retained in all copies and that this
|
---|
| 14 | * notice and the following disclaimer are included verbatim in any
|
---|
| 15 | * distributions. No written agreement, license, or royalty fee is required
|
---|
| 16 | * for any of the authorized uses.
|
---|
| 17 | *
|
---|
| 18 | * THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
|
---|
| 19 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
---|
| 20 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
---|
| 21 | * IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
---|
| 22 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
---|
| 23 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
---|
| 24 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
---|
| 25 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
---|
| 26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
---|
| 27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
---|
| 28 | *
|
---|
| 29 | ******************************************************************************
|
---|
| 30 | * REVISION HISTORY
|
---|
| 31 | *
|
---|
| 32 | * 03-01-01 Marc Boucher <marc@mbsi.ca>
|
---|
| 33 | * Ported to lwIP.
|
---|
| 34 | * 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
|
---|
| 35 | * Original based on BSD chap_ms.c.
|
---|
| 36 | *****************************************************************************/
|
---|
| 37 | /*
|
---|
| 38 | * chap_ms.c - Microsoft MS-CHAP compatible implementation.
|
---|
| 39 | *
|
---|
| 40 | * Copyright (c) 1995 Eric Rosenquist, Strata Software Limited.
|
---|
| 41 | * http://www.strataware.com/
|
---|
| 42 | *
|
---|
| 43 | * All rights reserved.
|
---|
| 44 | *
|
---|
| 45 | * Redistribution and use in source and binary forms are permitted
|
---|
| 46 | * provided that the above copyright notice and this paragraph are
|
---|
| 47 | * duplicated in all such forms and that any documentation,
|
---|
| 48 | * advertising materials, and other materials related to such
|
---|
| 49 | * distribution and use acknowledge that the software was developed
|
---|
| 50 | * by Eric Rosenquist. The name of the author may not be used to
|
---|
| 51 | * endorse or promote products derived from this software without
|
---|
| 52 | * specific prior written permission.
|
---|
| 53 | *
|
---|
| 54 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
|
---|
| 55 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
---|
| 56 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
---|
| 57 | */
|
---|
| 58 |
|
---|
| 59 | /*
|
---|
| 60 | * Modifications by Lauri Pesonen / lpesonen@clinet.fi, april 1997
|
---|
| 61 | *
|
---|
| 62 | * Implemented LANManager type password response to MS-CHAP challenges.
|
---|
| 63 | * Now pppd provides both NT style and LANMan style blocks, and the
|
---|
| 64 | * prefered is set by option "ms-lanman". Default is to use NT.
|
---|
| 65 | * The hash text (StdText) was taken from Win95 RASAPI32.DLL.
|
---|
| 66 | *
|
---|
| 67 | * You should also use DOMAIN\\USERNAME as described in README.MSCHAP80
|
---|
| 68 | */
|
---|
| 69 |
|
---|
| 70 | #define USE_CRYPT
|
---|
| 71 |
|
---|
| 72 | #include "lwip/opt.h"
|
---|
| 73 |
|
---|
| 74 | #if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
|
---|
| 75 |
|
---|
| 76 | #if MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
|
---|
| 77 |
|
---|
| 78 | #include "ppp_impl.h"
|
---|
| 79 | #include "pppdebug.h"
|
---|
| 80 |
|
---|
| 81 | #include "md4.h"
|
---|
| 82 | #ifndef USE_CRYPT
|
---|
| 83 | #include "des.h"
|
---|
| 84 | #endif
|
---|
| 85 | #include "chap.h"
|
---|
| 86 | #include "chpms.h"
|
---|
| 87 |
|
---|
| 88 | #include <string.h>
|
---|
| 89 |
|
---|
| 90 |
|
---|
| 91 | /*************************/
|
---|
| 92 | /*** LOCAL DEFINITIONS ***/
|
---|
| 93 | /*************************/
|
---|
| 94 |
|
---|
| 95 |
|
---|
| 96 | /************************/
|
---|
| 97 | /*** LOCAL DATA TYPES ***/
|
---|
| 98 | /************************/
|
---|
| 99 | typedef struct {
|
---|
| 100 | u_char LANManResp[24];
|
---|
| 101 | u_char NTResp[24];
|
---|
| 102 | u_char UseNT; /* If 1, ignore the LANMan response field */
|
---|
| 103 | } MS_ChapResponse;
|
---|
| 104 | /* We use MS_CHAP_RESPONSE_LEN, rather than sizeof(MS_ChapResponse),
|
---|
| 105 | in case this struct gets padded. */
|
---|
| 106 |
|
---|
| 107 |
|
---|
| 108 |
|
---|
| 109 | /***********************************/
|
---|
| 110 | /*** LOCAL FUNCTION DECLARATIONS ***/
|
---|
| 111 | /***********************************/
|
---|
| 112 |
|
---|
| 113 | /* XXX Don't know what to do with these. */
|
---|
| 114 | extern void setkey(const char *);
|
---|
| 115 | extern void encrypt(char *, int);
|
---|
| 116 |
|
---|
| 117 | static void DesEncrypt (u_char *, u_char *, u_char *);
|
---|
| 118 | static void MakeKey (u_char *, u_char *);
|
---|
| 119 |
|
---|
| 120 | #ifdef USE_CRYPT
|
---|
| 121 | static void Expand (u_char *, u_char *);
|
---|
| 122 | static void Collapse (u_char *, u_char *);
|
---|
| 123 | #endif
|
---|
| 124 |
|
---|
| 125 | static void ChallengeResponse(
|
---|
| 126 | u_char *challenge, /* IN 8 octets */
|
---|
| 127 | u_char *pwHash, /* IN 16 octets */
|
---|
| 128 | u_char *response /* OUT 24 octets */
|
---|
| 129 | );
|
---|
| 130 | static void ChapMS_NT(
|
---|
| 131 | char *rchallenge,
|
---|
| 132 | int rchallenge_len,
|
---|
| 133 | char *secret,
|
---|
| 134 | int secret_len,
|
---|
| 135 | MS_ChapResponse *response
|
---|
| 136 | );
|
---|
| 137 | static u_char Get7Bits(
|
---|
| 138 | u_char *input,
|
---|
| 139 | int startBit
|
---|
| 140 | );
|
---|
| 141 |
|
---|
| 142 | static void
|
---|
| 143 | ChallengeResponse( u_char *challenge, /* IN 8 octets */
|
---|
| 144 | u_char *pwHash, /* IN 16 octets */
|
---|
| 145 | u_char *response /* OUT 24 octets */)
|
---|
| 146 | {
|
---|
| 147 | u_char ZPasswordHash[21];
|
---|
| 148 |
|
---|
| 149 | BZERO(ZPasswordHash, sizeof(ZPasswordHash));
|
---|
| 150 | BCOPY(pwHash, ZPasswordHash, 16);
|
---|
| 151 |
|
---|
| 152 | #if 0
|
---|
| 153 | log_packet(ZPasswordHash, sizeof(ZPasswordHash), "ChallengeResponse - ZPasswordHash", LOG_DEBUG);
|
---|
| 154 | #endif
|
---|
| 155 |
|
---|
| 156 | DesEncrypt(challenge, ZPasswordHash + 0, response + 0);
|
---|
| 157 | DesEncrypt(challenge, ZPasswordHash + 7, response + 8);
|
---|
| 158 | DesEncrypt(challenge, ZPasswordHash + 14, response + 16);
|
---|
| 159 |
|
---|
| 160 | #if 0
|
---|
| 161 | log_packet(response, 24, "ChallengeResponse - response", LOG_DEBUG);
|
---|
| 162 | #endif
|
---|
| 163 | }
|
---|
| 164 |
|
---|
| 165 |
|
---|
| 166 | #ifdef USE_CRYPT
|
---|
| 167 | static void
|
---|
| 168 | DesEncrypt( u_char *clear, /* IN 8 octets */
|
---|
| 169 | u_char *key, /* IN 7 octets */
|
---|
| 170 | u_char *cipher /* OUT 8 octets */)
|
---|
| 171 | {
|
---|
| 172 | u_char des_key[8];
|
---|
| 173 | u_char crypt_key[66];
|
---|
| 174 | u_char des_input[66];
|
---|
| 175 |
|
---|
| 176 | MakeKey(key, des_key);
|
---|
| 177 |
|
---|
| 178 | Expand(des_key, crypt_key);
|
---|
| 179 | setkey((char*)crypt_key);
|
---|
| 180 |
|
---|
| 181 | #if 0
|
---|
| 182 | CHAPDEBUG(LOG_INFO, ("DesEncrypt: 8 octet input : %02X%02X%02X%02X%02X%02X%02X%02X\n",
|
---|
| 183 | clear[0], clear[1], clear[2], clear[3], clear[4], clear[5], clear[6], clear[7]));
|
---|
| 184 | #endif
|
---|
| 185 |
|
---|
| 186 | Expand(clear, des_input);
|
---|
| 187 | encrypt((char*)des_input, 0);
|
---|
| 188 | Collapse(des_input, cipher);
|
---|
| 189 |
|
---|
| 190 | #if 0
|
---|
| 191 | CHAPDEBUG(LOG_INFO, ("DesEncrypt: 8 octet output: %02X%02X%02X%02X%02X%02X%02X%02X\n",
|
---|
| 192 | cipher[0], cipher[1], cipher[2], cipher[3], cipher[4], cipher[5], cipher[6], cipher[7]));
|
---|
| 193 | #endif
|
---|
| 194 | }
|
---|
| 195 |
|
---|
| 196 | #else /* USE_CRYPT */
|
---|
| 197 |
|
---|
| 198 | static void
|
---|
| 199 | DesEncrypt( u_char *clear, /* IN 8 octets */
|
---|
| 200 | u_char *key, /* IN 7 octets */
|
---|
| 201 | u_char *cipher /* OUT 8 octets */)
|
---|
| 202 | {
|
---|
| 203 | des_cblock des_key;
|
---|
| 204 | des_key_schedule key_schedule;
|
---|
| 205 |
|
---|
| 206 | MakeKey(key, des_key);
|
---|
| 207 |
|
---|
| 208 | des_set_key(&des_key, key_schedule);
|
---|
| 209 |
|
---|
| 210 | #if 0
|
---|
| 211 | CHAPDEBUG(LOG_INFO, ("DesEncrypt: 8 octet input : %02X%02X%02X%02X%02X%02X%02X%02X\n",
|
---|
| 212 | clear[0], clear[1], clear[2], clear[3], clear[4], clear[5], clear[6], clear[7]));
|
---|
| 213 | #endif
|
---|
| 214 |
|
---|
| 215 | des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1);
|
---|
| 216 |
|
---|
| 217 | #if 0
|
---|
| 218 | CHAPDEBUG(LOG_INFO, ("DesEncrypt: 8 octet output: %02X%02X%02X%02X%02X%02X%02X%02X\n",
|
---|
| 219 | cipher[0], cipher[1], cipher[2], cipher[3], cipher[4], cipher[5], cipher[6], cipher[7]));
|
---|
| 220 | #endif
|
---|
| 221 | }
|
---|
| 222 |
|
---|
| 223 | #endif /* USE_CRYPT */
|
---|
| 224 |
|
---|
| 225 |
|
---|
| 226 | static u_char
|
---|
| 227 | Get7Bits( u_char *input, int startBit)
|
---|
| 228 | {
|
---|
| 229 | register unsigned int word;
|
---|
| 230 |
|
---|
| 231 | word = (unsigned)input[startBit / 8] << 8;
|
---|
| 232 | word |= (unsigned)input[startBit / 8 + 1];
|
---|
| 233 |
|
---|
| 234 | word >>= 15 - (startBit % 8 + 7);
|
---|
| 235 |
|
---|
| 236 | return word & 0xFE;
|
---|
| 237 | }
|
---|
| 238 |
|
---|
| 239 | #ifdef USE_CRYPT
|
---|
| 240 |
|
---|
| 241 | /* in == 8-byte string (expanded version of the 56-bit key)
|
---|
| 242 | * out == 64-byte string where each byte is either 1 or 0
|
---|
| 243 | * Note that the low-order "bit" is always ignored by by setkey()
|
---|
| 244 | */
|
---|
| 245 | static void
|
---|
| 246 | Expand(u_char *in, u_char *out)
|
---|
| 247 | {
|
---|
| 248 | int j, c;
|
---|
| 249 | int i;
|
---|
| 250 |
|
---|
| 251 | for(i = 0; i < 64; in++){
|
---|
| 252 | c = *in;
|
---|
| 253 | for(j = 7; j >= 0; j--) {
|
---|
| 254 | *out++ = (c >> j) & 01;
|
---|
| 255 | }
|
---|
| 256 | i += 8;
|
---|
| 257 | }
|
---|
| 258 | }
|
---|
| 259 |
|
---|
| 260 | /* The inverse of Expand
|
---|
| 261 | */
|
---|
| 262 | static void
|
---|
| 263 | Collapse(u_char *in, u_char *out)
|
---|
| 264 | {
|
---|
| 265 | int j;
|
---|
| 266 | int i;
|
---|
| 267 | unsigned int c;
|
---|
| 268 |
|
---|
| 269 | for (i = 0; i < 64; i += 8, out++) {
|
---|
| 270 | c = 0;
|
---|
| 271 | for (j = 7; j >= 0; j--, in++) {
|
---|
| 272 | c |= *in << j;
|
---|
| 273 | }
|
---|
| 274 | *out = c & 0xff;
|
---|
| 275 | }
|
---|
| 276 | }
|
---|
| 277 | #endif
|
---|
| 278 |
|
---|
| 279 | static void
|
---|
| 280 | MakeKey( u_char *key, /* IN 56 bit DES key missing parity bits */
|
---|
| 281 | u_char *des_key /* OUT 64 bit DES key with parity bits added */)
|
---|
| 282 | {
|
---|
| 283 | des_key[0] = Get7Bits(key, 0);
|
---|
| 284 | des_key[1] = Get7Bits(key, 7);
|
---|
| 285 | des_key[2] = Get7Bits(key, 14);
|
---|
| 286 | des_key[3] = Get7Bits(key, 21);
|
---|
| 287 | des_key[4] = Get7Bits(key, 28);
|
---|
| 288 | des_key[5] = Get7Bits(key, 35);
|
---|
| 289 | des_key[6] = Get7Bits(key, 42);
|
---|
| 290 | des_key[7] = Get7Bits(key, 49);
|
---|
| 291 |
|
---|
| 292 | #ifndef USE_CRYPT
|
---|
| 293 | des_set_odd_parity((des_cblock *)des_key);
|
---|
| 294 | #endif
|
---|
| 295 |
|
---|
| 296 | #if 0
|
---|
| 297 | CHAPDEBUG(LOG_INFO, ("MakeKey: 56-bit input : %02X%02X%02X%02X%02X%02X%02X\n",
|
---|
| 298 | key[0], key[1], key[2], key[3], key[4], key[5], key[6]));
|
---|
| 299 | CHAPDEBUG(LOG_INFO, ("MakeKey: 64-bit output: %02X%02X%02X%02X%02X%02X%02X%02X\n",
|
---|
| 300 | des_key[0], des_key[1], des_key[2], des_key[3], des_key[4], des_key[5], des_key[6], des_key[7]));
|
---|
| 301 | #endif
|
---|
| 302 | }
|
---|
| 303 |
|
---|
| 304 | static void
|
---|
| 305 | ChapMS_NT( char *rchallenge,
|
---|
| 306 | int rchallenge_len,
|
---|
| 307 | char *secret,
|
---|
| 308 | int secret_len,
|
---|
| 309 | MS_ChapResponse *response)
|
---|
| 310 | {
|
---|
| 311 | int i;
|
---|
| 312 | MDstruct md4Context;
|
---|
| 313 | u_char unicodePassword[MAX_NT_PASSWORD * 2];
|
---|
| 314 | static int low_byte_first = -1;
|
---|
| 315 |
|
---|
| 316 | LWIP_UNUSED_ARG(rchallenge_len);
|
---|
| 317 |
|
---|
| 318 | /* Initialize the Unicode version of the secret (== password). */
|
---|
| 319 | /* This implicitly supports 8-bit ISO8859/1 characters. */
|
---|
| 320 | BZERO(unicodePassword, sizeof(unicodePassword));
|
---|
| 321 | for (i = 0; i < secret_len; i++) {
|
---|
| 322 | unicodePassword[i * 2] = (u_char)secret[i];
|
---|
| 323 | }
|
---|
| 324 | MDbegin(&md4Context);
|
---|
| 325 | MDupdate(&md4Context, unicodePassword, secret_len * 2 * 8); /* Unicode is 2 bytes/char, *8 for bit count */
|
---|
| 326 |
|
---|
| 327 | if (low_byte_first == -1) {
|
---|
| 328 | low_byte_first = (PP_HTONS((unsigned short int)1) != 1);
|
---|
| 329 | }
|
---|
| 330 | if (low_byte_first == 0) {
|
---|
| 331 | /* @todo: arg type - u_long* or u_int* ? */
|
---|
| 332 | MDreverse((unsigned int*)&md4Context); /* sfb 961105 */
|
---|
| 333 | }
|
---|
| 334 |
|
---|
| 335 | MDupdate(&md4Context, NULL, 0); /* Tell MD4 we're done */
|
---|
| 336 |
|
---|
| 337 | ChallengeResponse((u_char*)rchallenge, (u_char*)md4Context.buffer, response->NTResp);
|
---|
| 338 | }
|
---|
| 339 |
|
---|
| 340 | #ifdef MSLANMAN
|
---|
| 341 | static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */
|
---|
| 342 |
|
---|
| 343 | static void
|
---|
| 344 | ChapMS_LANMan( char *rchallenge,
|
---|
| 345 | int rchallenge_len,
|
---|
| 346 | char *secret,
|
---|
| 347 | int secret_len,
|
---|
| 348 | MS_ChapResponse *response)
|
---|
| 349 | {
|
---|
| 350 | int i;
|
---|
| 351 | u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
|
---|
| 352 | u_char PasswordHash[16];
|
---|
| 353 |
|
---|
| 354 | /* LANMan password is case insensitive */
|
---|
| 355 | BZERO(UcasePassword, sizeof(UcasePassword));
|
---|
| 356 | for (i = 0; i < secret_len; i++) {
|
---|
| 357 | UcasePassword[i] = (u_char)toupper(secret[i]);
|
---|
| 358 | }
|
---|
| 359 | DesEncrypt( StdText, UcasePassword + 0, PasswordHash + 0 );
|
---|
| 360 | DesEncrypt( StdText, UcasePassword + 7, PasswordHash + 8 );
|
---|
| 361 | ChallengeResponse(rchallenge, PasswordHash, response->LANManResp);
|
---|
| 362 | }
|
---|
| 363 | #endif
|
---|
| 364 |
|
---|
| 365 | void
|
---|
| 366 | ChapMS( chap_state *cstate, char *rchallenge, int rchallenge_len, char *secret, int secret_len)
|
---|
| 367 | {
|
---|
| 368 | MS_ChapResponse response;
|
---|
| 369 | #ifdef MSLANMAN
|
---|
| 370 | extern int ms_lanman;
|
---|
| 371 | #endif
|
---|
| 372 |
|
---|
| 373 | #if 0
|
---|
| 374 | CHAPDEBUG(LOG_INFO, ("ChapMS: secret is '%.*s'\n", secret_len, secret));
|
---|
| 375 | #endif
|
---|
| 376 | BZERO(&response, sizeof(response));
|
---|
| 377 |
|
---|
| 378 | /* Calculate both always */
|
---|
| 379 | ChapMS_NT(rchallenge, rchallenge_len, secret, secret_len, &response);
|
---|
| 380 |
|
---|
| 381 | #ifdef MSLANMAN
|
---|
| 382 | ChapMS_LANMan(rchallenge, rchallenge_len, secret, secret_len, &response);
|
---|
| 383 |
|
---|
| 384 | /* prefered method is set by option */
|
---|
| 385 | response.UseNT = !ms_lanman;
|
---|
| 386 | #else
|
---|
| 387 | response.UseNT = 1;
|
---|
| 388 | #endif
|
---|
| 389 |
|
---|
| 390 | BCOPY(&response, cstate->response, MS_CHAP_RESPONSE_LEN);
|
---|
| 391 | cstate->resp_length = MS_CHAP_RESPONSE_LEN;
|
---|
| 392 | }
|
---|
| 393 |
|
---|
| 394 | #endif /* MSCHAP_SUPPORT */
|
---|
| 395 |
|
---|
| 396 | #endif /* PPP_SUPPORT */
|
---|