xref: /freebsd/contrib/wpa/src/eap_peer/mschapv2.c (revision 416ba5c74546f32a993436a99516d35008e9f384)
1 /*
2  * MSCHAPV2 (RFC 2759)
3  * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto/ms_funcs.h"
13 #include "mschapv2.h"
14 
mschapv2_remove_domain(const u8 * username,size_t * len)15 const u8 * mschapv2_remove_domain(const u8 *username, size_t *len)
16 {
17 	size_t i;
18 
19 	/*
20 	 * MSCHAPv2 does not include optional domain name in the
21 	 * challenge-response calculation, so remove domain prefix
22 	 * (if present).
23 	 */
24 
25 	for (i = 0; i < *len; i++) {
26 		if (username[i] == '\\') {
27 			*len -= i + 1;
28 			return username + i + 1;
29 		}
30 	}
31 
32 	return username;
33 }
34 
35 
mschapv2_derive_response(const u8 * identity,size_t identity_len,const u8 * password,size_t password_len,int pwhash,const u8 * auth_challenge,const u8 * peer_challenge,u8 * nt_response,u8 * auth_response,u8 * master_key)36 int mschapv2_derive_response(const u8 *identity, size_t identity_len,
37 			     const u8 *password, size_t password_len,
38 			     int pwhash,
39 			     const u8 *auth_challenge,
40 			     const u8 *peer_challenge,
41 			     u8 *nt_response, u8 *auth_response,
42 			     u8 *master_key)
43 {
44 	const u8 *username;
45 	size_t username_len;
46 	u8 password_hash[16], password_hash_hash[16];
47 
48 	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Identity",
49 			  identity, identity_len);
50 	username_len = identity_len;
51 	username = mschapv2_remove_domain(identity, &username_len);
52 	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Username",
53 			  username, username_len);
54 
55 	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: auth_challenge",
56 		    auth_challenge, MSCHAPV2_CHAL_LEN);
57 	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: peer_challenge",
58 		    peer_challenge, MSCHAPV2_CHAL_LEN);
59 	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: username",
60 			  username, username_len);
61 	/* Authenticator response is not really needed yet, but calculate it
62 	 * here so that challenges need not be saved. */
63 	if (pwhash) {
64 		wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: password hash",
65 				password, password_len);
66 		if (generate_nt_response_pwhash(auth_challenge, peer_challenge,
67 						username, username_len,
68 						password, nt_response) ||
69 		    generate_authenticator_response_pwhash(
70 			    password, peer_challenge, auth_challenge,
71 			    username, username_len, nt_response,
72 			    auth_response))
73 			return -1;
74 	} else {
75 		wpa_hexdump_ascii_key(MSG_DEBUG, "MSCHAPV2: password",
76 				      password, password_len);
77 		if (generate_nt_response(auth_challenge, peer_challenge,
78 					 username, username_len,
79 					 password, password_len,
80 					 nt_response) ||
81 		    generate_authenticator_response(password, password_len,
82 						    peer_challenge,
83 						    auth_challenge,
84 						    username, username_len,
85 						    nt_response,
86 						    auth_response))
87 			return -1;
88 	}
89 	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: NT Response",
90 		    nt_response, MSCHAPV2_NT_RESPONSE_LEN);
91 	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: Auth Response",
92 		    auth_response, MSCHAPV2_AUTH_RESPONSE_LEN);
93 
94 	/* Generate master_key here since we have the needed data available. */
95 	if (pwhash) {
96 		if (hash_nt_password_hash(password, password_hash_hash))
97 			return -1;
98 	} else {
99 		if (nt_password_hash(password, password_len, password_hash) ||
100 		    hash_nt_password_hash(password_hash, password_hash_hash))
101 			return -1;
102 	}
103 	if (get_master_key(password_hash_hash, nt_response, master_key))
104 		return -1;
105 	wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: Master Key",
106 			master_key, MSCHAPV2_MASTER_KEY_LEN);
107 
108 	return 0;
109 }
110 
111 
mschapv2_verify_auth_response(const u8 * auth_response,const u8 * buf,size_t buf_len)112 int mschapv2_verify_auth_response(const u8 *auth_response,
113 				  const u8 *buf, size_t buf_len)
114 {
115 	u8 recv_response[MSCHAPV2_AUTH_RESPONSE_LEN];
116 	if (buf_len < 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN ||
117 	    buf[0] != 'S' || buf[1] != '=' ||
118 	    hexstr2bin((char *) (buf + 2), recv_response,
119 		       MSCHAPV2_AUTH_RESPONSE_LEN) ||
120 	    os_memcmp_const(auth_response, recv_response,
121 			    MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
122 		return -1;
123 	return 0;
124 }
125