1 /* $OpenBSD: chap.h,v 1.8 2002/09/13 00:12:10 deraadt Exp $ */ 2 3 /* 4 * chap.h - Challenge Handshake Authentication Protocol definitions. 5 * 6 * Copyright (c) 1989-2002 Paul Mackerras. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. The name(s) of the authors of this software must not be used to 21 * endorse or promote products derived from this software without 22 * prior written permission. 23 * 24 * 4. Redistributions of any form whatsoever must retain the following 25 * acknowledgment: 26 * "This product includes software developed by Paul Mackerras 27 * <paulus@samba.org>". 28 * 29 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO 30 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 31 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY 32 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 33 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 34 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 35 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 36 * 37 * Copyright (c) 1991 Gregory M. Christy 38 * All rights reserved. 39 * 40 * Redistribution and use in source and binary forms are permitted 41 * provided that the above copyright notice and this paragraph are 42 * duplicated in all such forms and that any documentation, 43 * advertising materials, and other materials related to such 44 * distribution and use acknowledge that the software was developed 45 * by the author. 46 * 47 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 48 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 49 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 50 */ 51 52 #ifndef __CHAP_INCLUDE__ 53 54 /* Code + ID + length */ 55 #define CHAP_HEADERLEN 4 56 57 /* 58 * CHAP codes. 59 */ 60 61 #define CHAP_DIGEST_MD5 5 /* use MD5 algorithm */ 62 #define MD5_SIGNATURE_SIZE 16 /* 16 bytes in a MD5 message digest */ 63 #define CHAP_MICROSOFT 0x80 /* use Microsoft-compatible alg. */ 64 #define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */ 65 66 #define CHAP_CHALLENGE 1 67 #define CHAP_RESPONSE 2 68 #define CHAP_SUCCESS 3 69 #define CHAP_FAILURE 4 70 71 /* 72 * Challenge lengths (for challenges we send) and other limits. 73 */ 74 #define MIN_CHALLENGE_LENGTH 32 75 #define MAX_CHALLENGE_LENGTH 64 76 #define MAX_RESPONSE_LENGTH 64 /* sufficient for MD5 or MS-CHAP */ 77 78 /* 79 * Each interface is described by a chap structure. 80 */ 81 82 typedef struct chap_state { 83 int unit; /* Interface unit number */ 84 int clientstate; /* Client state */ 85 int serverstate; /* Server state */ 86 u_char challenge[MAX_CHALLENGE_LENGTH]; /* last challenge string sent */ 87 u_char chal_len; /* challenge length */ 88 u_char chal_id; /* ID of last challenge */ 89 u_char chal_type; /* hash algorithm for challenges */ 90 u_char id; /* Current id */ 91 char *chal_name; /* Our name to use with challenge */ 92 int chal_interval; /* Time until we challenge peer again */ 93 int timeouttime; /* Timeout time in seconds */ 94 int max_transmits; /* Maximum # of challenge transmissions */ 95 int chal_transmits; /* Number of transmissions of challenge */ 96 int resp_transmits; /* Number of transmissions of response */ 97 u_char response[MAX_RESPONSE_LENGTH]; /* Response to send */ 98 u_char resp_length; /* length of response */ 99 u_char resp_id; /* ID for response messages */ 100 u_char resp_type; /* hash algorithm for responses */ 101 char *resp_name; /* Our name to send with response */ 102 } chap_state; 103 104 105 /* 106 * Client (peer) states. 107 */ 108 #define CHAPCS_INITIAL 0 /* Lower layer down, not opened */ 109 #define CHAPCS_CLOSED 1 /* Lower layer up, not opened */ 110 #define CHAPCS_PENDING 2 /* Auth us to peer when lower up */ 111 #define CHAPCS_LISTEN 3 /* Listening for a challenge */ 112 #define CHAPCS_RESPONSE 4 /* Sent response, waiting for status */ 113 #define CHAPCS_OPEN 5 /* We've received Success */ 114 115 /* 116 * Server (authenticator) states. 117 */ 118 #define CHAPSS_INITIAL 0 /* Lower layer down, not opened */ 119 #define CHAPSS_CLOSED 1 /* Lower layer up, not opened */ 120 #define CHAPSS_PENDING 2 /* Auth peer when lower up */ 121 #define CHAPSS_INITIAL_CHAL 3 /* We've sent the first challenge */ 122 #define CHAPSS_OPEN 4 /* We've sent a Success msg */ 123 #define CHAPSS_RECHALLENGE 5 /* We've sent another challenge */ 124 #define CHAPSS_BADAUTH 6 /* We've sent a Failure msg */ 125 126 /* 127 * Timeouts. 128 */ 129 #define CHAP_DEFTIMEOUT 3 /* Timeout time in seconds */ 130 #define CHAP_DEFTRANSMITS 10 /* max # times to send challenge */ 131 132 extern chap_state chap[]; 133 134 void ChapAuthWithPeer(int, char *, int); 135 void ChapAuthPeer(int, char *, int); 136 137 extern struct protent chap_protent; 138 139 #define __CHAP_INCLUDE__ 140 #endif /* __CHAP_INCLUDE__ */ 141