xref: /freebsd/contrib/wpa/src/eap_peer/mschapv2.c (revision 5b9c547c) 
139beb93cSSam Leffler /*
239beb93cSSam Leffler  * MSCHAPV2 (RFC 2759)
339beb93cSSam Leffler  * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
439beb93cSSam Leffler  *
5f05cddf9SRui Paulo  * This software may be distributed under the terms of the BSD license.
6f05cddf9SRui Paulo  * See README for more details.
739beb93cSSam Leffler  */
839beb93cSSam Leffler 
939beb93cSSam Leffler #include "includes.h"
1039beb93cSSam Leffler 
1139beb93cSSam Leffler #include "common.h"
12e28a4053SRui Paulo #include "crypto/ms_funcs.h"
1339beb93cSSam Leffler #include "mschapv2.h"
1439beb93cSSam Leffler 
mschapv2_remove_domain(const u8 * username,size_t * len)1539beb93cSSam Leffler const u8 * mschapv2_remove_domain(const u8 *username, size_t *len)
1639beb93cSSam Leffler {
1739beb93cSSam Leffler 	size_t i;
1839beb93cSSam Leffler 
1939beb93cSSam Leffler 	/*
2039beb93cSSam Leffler 	 * MSCHAPv2 does not include optional domain name in the
2139beb93cSSam Leffler 	 * challenge-response calculation, so remove domain prefix
2239beb93cSSam Leffler 	 * (if present).
2339beb93cSSam Leffler 	 */
2439beb93cSSam Leffler 
2539beb93cSSam Leffler 	for (i = 0; i < *len; i++) {
2639beb93cSSam Leffler 		if (username[i] == '\\') {
2739beb93cSSam Leffler 			*len -= i + 1;
2839beb93cSSam Leffler 			return username + i + 1;
2939beb93cSSam Leffler 		}
3039beb93cSSam Leffler 	}
3139beb93cSSam Leffler 
3239beb93cSSam Leffler 	return username;
3339beb93cSSam Leffler }
3439beb93cSSam Leffler 
3539beb93cSSam Leffler 
mschapv2_derive_response(const u8 * identity,size_t identity_len,const u8 * password,size_t password_len,int pwhash,const u8 * auth_challenge,const u8 * peer_challenge,u8 * nt_response,u8 * auth_response,u8 * master_key)36e28a4053SRui Paulo int mschapv2_derive_response(const u8 *identity, size_t identity_len,
3739beb93cSSam Leffler 			     const u8 *password, size_t password_len,
3839beb93cSSam Leffler 			     int pwhash,
3939beb93cSSam Leffler 			     const u8 *auth_challenge,
4039beb93cSSam Leffler 			     const u8 *peer_challenge,
4139beb93cSSam Leffler 			     u8 *nt_response, u8 *auth_response,
4239beb93cSSam Leffler 			     u8 *master_key)
4339beb93cSSam Leffler {
4439beb93cSSam Leffler 	const u8 *username;
4539beb93cSSam Leffler 	size_t username_len;
4639beb93cSSam Leffler 	u8 password_hash[16], password_hash_hash[16];
4739beb93cSSam Leffler 
4839beb93cSSam Leffler 	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Identity",
4939beb93cSSam Leffler 			  identity, identity_len);
5039beb93cSSam Leffler 	username_len = identity_len;
5139beb93cSSam Leffler 	username = mschapv2_remove_domain(identity, &username_len);
5239beb93cSSam Leffler 	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Username",
5339beb93cSSam Leffler 			  username, username_len);
5439beb93cSSam Leffler 
5539beb93cSSam Leffler 	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: auth_challenge",
5639beb93cSSam Leffler 		    auth_challenge, MSCHAPV2_CHAL_LEN);
5739beb93cSSam Leffler 	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: peer_challenge",
5839beb93cSSam Leffler 		    peer_challenge, MSCHAPV2_CHAL_LEN);
5939beb93cSSam Leffler 	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: username",
6039beb93cSSam Leffler 			  username, username_len);
6139beb93cSSam Leffler 	/* Authenticator response is not really needed yet, but calculate it
6239beb93cSSam Leffler 	 * here so that challenges need not be saved. */
6339beb93cSSam Leffler 	if (pwhash) {
6439beb93cSSam Leffler 		wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: password hash",
6539beb93cSSam Leffler 				password, password_len);
66f05cddf9SRui Paulo 		if (generate_nt_response_pwhash(auth_challenge, peer_challenge,
6739beb93cSSam Leffler 						username, username_len,
68f05cddf9SRui Paulo 						password, nt_response) ||
6939beb93cSSam Leffler 		    generate_authenticator_response_pwhash(
7039beb93cSSam Leffler 			    password, peer_challenge, auth_challenge,
71f05cddf9SRui Paulo 			    username, username_len, nt_response,
72f05cddf9SRui Paulo 			    auth_response))
73f05cddf9SRui Paulo 			return -1;
7439beb93cSSam Leffler 	} else {
7539beb93cSSam Leffler 		wpa_hexdump_ascii_key(MSG_DEBUG, "MSCHAPV2: password",
7639beb93cSSam Leffler 				      password, password_len);
77f05cddf9SRui Paulo 		if (generate_nt_response(auth_challenge, peer_challenge,
7839beb93cSSam Leffler 					 username, username_len,
79f05cddf9SRui Paulo 					 password, password_len,
80f05cddf9SRui Paulo 					 nt_response) ||
8139beb93cSSam Leffler 		    generate_authenticator_response(password, password_len,
82f05cddf9SRui Paulo 						    peer_challenge,
83f05cddf9SRui Paulo 						    auth_challenge,
8439beb93cSSam Leffler 						    username, username_len,
85f05cddf9SRui Paulo 						    nt_response,
86f05cddf9SRui Paulo 						    auth_response))
87f05cddf9SRui Paulo 			return -1;
8839beb93cSSam Leffler 	}
8939beb93cSSam Leffler 	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: NT Response",
9039beb93cSSam Leffler 		    nt_response, MSCHAPV2_NT_RESPONSE_LEN);
9139beb93cSSam Leffler 	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: Auth Response",
9239beb93cSSam Leffler 		    auth_response, MSCHAPV2_AUTH_RESPONSE_LEN);
9339beb93cSSam Leffler 
9439beb93cSSam Leffler 	/* Generate master_key here since we have the needed data available. */
9539beb93cSSam Leffler 	if (pwhash) {
96e28a4053SRui Paulo 		if (hash_nt_password_hash(password, password_hash_hash))
97e28a4053SRui Paulo 			return -1;
9839beb93cSSam Leffler 	} else {
99e28a4053SRui Paulo 		if (nt_password_hash(password, password_len, password_hash) ||
100e28a4053SRui Paulo 		    hash_nt_password_hash(password_hash, password_hash_hash))
101e28a4053SRui Paulo 			return -1;
10239beb93cSSam Leffler 	}
103f05cddf9SRui Paulo 	if (get_master_key(password_hash_hash, nt_response, master_key))
104f05cddf9SRui Paulo 		return -1;
10539beb93cSSam Leffler 	wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: Master Key",
10639beb93cSSam Leffler 			master_key, MSCHAPV2_MASTER_KEY_LEN);
107e28a4053SRui Paulo 
108e28a4053SRui Paulo 	return 0;
10939beb93cSSam Leffler }
11039beb93cSSam Leffler 
11139beb93cSSam Leffler 
mschapv2_verify_auth_response(const u8 * auth_response,const u8 * buf,size_t buf_len)11239beb93cSSam Leffler int mschapv2_verify_auth_response(const u8 *auth_response,
11339beb93cSSam Leffler 				  const u8 *buf, size_t buf_len)
11439beb93cSSam Leffler {
11539beb93cSSam Leffler 	u8 recv_response[MSCHAPV2_AUTH_RESPONSE_LEN];
11639beb93cSSam Leffler 	if (buf_len < 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN ||
11739beb93cSSam Leffler 	    buf[0] != 'S' || buf[1] != '=' ||
11839beb93cSSam Leffler 	    hexstr2bin((char *) (buf + 2), recv_response,
11939beb93cSSam Leffler 		       MSCHAPV2_AUTH_RESPONSE_LEN) ||
120*5b9c547cSRui Paulo 	    os_memcmp_const(auth_response, recv_response,
12139beb93cSSam Leffler 			    MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
12239beb93cSSam Leffler 		return -1;
12339beb93cSSam Leffler 	return 0;
12439beb93cSSam Leffler }
125