1 /* 2 * chap_ms.c - Microsoft MS-CHAP (NT only) compatible implementation. 3 * 4 * Copyright (c) 1995 Eric Rosenquist, Strata Software Limited. 5 * http://www.strataware.com/ 6 * 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms are permitted 10 * provided that the above copyright notice and this paragraph are 11 * duplicated in all such forms and that any documentation, 12 * advertising materials, and other materials related to such 13 * distribution and use acknowledge that the software was developed 14 * by Eric Rosenquist. The name of the author may not be used to 15 * endorse or promote products derived from this software without 16 * specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 20 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 * $FreeBSD$ 23 * 24 */ 25 26 #include <sys/types.h> 27 28 #include <ctype.h> 29 #include <des.h> 30 #include <string.h> 31 32 #include "chap_ms.h" 33 34 /* unused, for documentation only */ 35 /* only NTResp is filled in for FreeBSD */ 36 struct MS_ChapResponse { 37 u_char LANManResp[24]; 38 u_char NTResp[24]; 39 u_char UseNT; /* If 1, ignore the LANMan response field */ 40 }; 41 42 static u_char Get7Bits(u_char *input, int startBit) 43 { 44 register unsigned int word; 45 46 word = (unsigned)input[startBit / 8] << 8; 47 word |= (unsigned)input[startBit / 8 + 1]; 48 49 word >>= 15 - (startBit % 8 + 7); 50 51 return word & 0xFE; 52 } 53 54 /* IN 56 bit DES key missing parity bits 55 OUT 64 bit DES key with parity bits added */ 56 static void MakeKey(u_char *key, u_char *des_key) 57 { 58 des_key[0] = Get7Bits(key, 0); 59 des_key[1] = Get7Bits(key, 7); 60 des_key[2] = Get7Bits(key, 14); 61 des_key[3] = Get7Bits(key, 21); 62 des_key[4] = Get7Bits(key, 28); 63 des_key[5] = Get7Bits(key, 35); 64 des_key[6] = Get7Bits(key, 42); 65 des_key[7] = Get7Bits(key, 49); 66 67 des_set_odd_parity((des_cblock *)des_key); 68 } 69 70 static void /* IN 8 octets IN 7 octest OUT 8 octets */ 71 DesEncrypt(u_char *clear, u_char *key, u_char *cipher) 72 { 73 des_cblock des_key; 74 des_key_schedule key_schedule; 75 76 MakeKey(key, des_key); 77 des_set_key(&des_key, key_schedule); 78 des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1); 79 } 80 81 static void /* IN 8 octets IN 16 octets OUT 24 octets */ 82 ChallengeResponse(u_char *challenge, u_char *pwHash, u_char *response) 83 { 84 char ZPasswordHash[21]; 85 86 memset(ZPasswordHash, '\0', sizeof ZPasswordHash); 87 memcpy(ZPasswordHash, pwHash, 16); 88 89 DesEncrypt(challenge, ZPasswordHash + 0, response + 0); 90 DesEncrypt(challenge, ZPasswordHash + 7, response + 8); 91 DesEncrypt(challenge, ZPasswordHash + 14, response + 16); 92 } 93 94 /* passwordHash 16-bytes MD4 hashed password 95 challenge 8-bytes peer CHAP challenge 96 since passwordHash is in a 24-byte buffer, response is written in there */ 97 void 98 mschap_NT(char *passwordHash, char *challenge) 99 { 100 u_char response[24]; 101 102 ChallengeResponse(challenge, passwordHash, response); 103 memcpy(passwordHash, response, 24); 104 passwordHash[24] = 1; /* NT-style response */ 105 } 106 107 void 108 mschap_LANMan(char *digest, char *challenge, char *secret) 109 { 110 static u_char salt[] = "KGS!@#$%"; /* RASAPI32.dll */ 111 char SECRET[14], *ptr, *end; 112 u_char hash[16]; 113 114 end = SECRET + sizeof SECRET; 115 for (ptr = SECRET; *secret && ptr < end; ptr++, secret++) 116 *ptr = toupper(*secret); 117 if (ptr < end) 118 memset(ptr, '\0', end - ptr); 119 120 DesEncrypt(salt, SECRET, hash); 121 DesEncrypt(salt, SECRET + 7, hash + 8); 122 123 ChallengeResponse(challenge, hash, digest); 124 } 125