📄 mschapv2.c
字号:
/******************************************************************* * EAPMSCHAPv2 Function implementations * * Licensed under a dual GPL/BSD license. (See LICENSE file for more info.) * * File: mschapv2.c * * Authors: Chris.Hessing@utah.edu * * $Id: mschapv2.c,v 1.16 2006/06/01 22:49:50 galimorerpg Exp $ * $Date: 2006/06/01 22:49:50 $ * $Log: mschapv2.c,v $ * Revision 1.16 2006/06/01 22:49:50 galimorerpg * Converted all instances of u_char to uint8_t * Fixed a bad #include in the generic frame handler. * * Revision 1.15 2006/05/29 04:17:58 chessing * Fixes for some memory leaks. * * Revision 1.14 2006/04/25 01:17:43 chessing * LOTS of code cleanups, new error checking/debugging code added, and other misc. fixes/changes. * * Revision 1.13 2006/01/03 04:02:35 chessing * Added the ability to store the PEAP password in a hashed format. (Basically, an MS-CHAPv1 hash.) Also added an 'ntpwdhash' program to the tools directory that will convert a cleartext password in to a hash that can be copied to the configuration file. * * Revision 1.12 2005/10/14 02:26:18 shaftoe * - cleanup gcc 4 warnings * - (re)add support for a pid in the form of /var/run/xsupplicant.<iface>.pid * * -- Eric Evans <eevans@sym-link.com> * * Revision 1.11 2005/08/09 01:39:16 chessing * Cleaned out old commit notes from the released version. Added a few small features including the ability to disable the friendly warnings that are spit out. (Such as the warning that is displayed when keys aren't rotated after 10 minutes.) We should also be able to start when the interface is down. Last, but not least, we can handle empty network configs. (This may be useful for situations where there isn't a good reason to have a default network defined.) * * *******************************************************************/// This code was taken from the pseudo code in RFC 2759.#include <openssl/ssl.h>#include <openssl/des.h>#include <string.h>#include <strings.h>#include <ctype.h>#include <stdint.h>#include "../../xsup_debug.h"#include "../../xsup_err.h"#include "../../profile.h"#ifdef USE_EFENCE#include <efence.h>#endifvoid ChallengeHash(char *PeerChallenge, char *AuthenticatorChallenge, char *UserName, char *Challenge){ EVP_MD_CTX cntx; char Digest[30]; int retLen; if (!xsup_assert((PeerChallenge != NULL), "PeerChallenge != NULL", FALSE)) return; if (!xsup_assert((AuthenticatorChallenge != NULL), "AuthenticatorChallenge != NULL", FALSE)) return; if (!xsup_assert((UserName != NULL), "UserName != NULL", FALSE)) return; if (!xsup_assert((Challenge != NULL), "Challenge != NULL", FALSE)) return; bzero(Digest, 30); EVP_DigestInit(&cntx, EVP_sha1()); EVP_DigestUpdate(&cntx, PeerChallenge, 16); EVP_DigestUpdate(&cntx, AuthenticatorChallenge, 16); EVP_DigestUpdate(&cntx, UserName, strlen(UserName)); EVP_DigestFinal(&cntx, (uint8_t *)&Digest, (u_int *) &retLen); memcpy(Challenge, Digest, 8);}char *to_unicode(char *non_uni){ char *retUni; int i; if (!xsup_assert((non_uni != NULL), "non_uni != NULL", FALSE)) return NULL; retUni = (char *)malloc((strlen(non_uni)+1)*2); if (retUni == NULL) { debug_printf(DEBUG_NORMAL, "Error with MALLOC in to_unicode()!\n"); return NULL; } bzero(retUni, ((strlen(non_uni)+1)*2)); for (i=0; i<strlen(non_uni); i++) { retUni[(2*i)] = non_uni[i]; } return retUni;}void NtPasswordHash(char *Password, char *PasswordHash){ EVP_MD_CTX cntx; char retVal[20]; int i, len; char *uniPassword; if (!xsup_assert((Password != NULL), "Password != NULL", FALSE)) return; if (!xsup_assert((PasswordHash != NULL), "PasswordHash != NULL", FALSE)) return; bzero(retVal, 20); uniPassword = to_unicode(Password); len = (strlen(Password))*2; EVP_DigestInit(&cntx, EVP_md4()); EVP_DigestUpdate(&cntx, uniPassword, len); EVP_DigestFinal(&cntx, (uint8_t *)&retVal, (u_int *)&i); memcpy(PasswordHash, &retVal, 16); free(uniPassword);}void HashNtPasswordHash(char *PasswordHash, char *PasswordHashHash){ EVP_MD_CTX cntx; int i; if (!xsup_assert((PasswordHash != NULL), "PasswordHash != NULL", FALSE)) return; if (!xsup_assert((PasswordHashHash != NULL), "PasswordHashHash != NULL", FALSE)) return; EVP_DigestInit(&cntx, EVP_md4()); EVP_DigestUpdate(&cntx, PasswordHash, 16); EVP_DigestFinal(&cntx, (uint8_t *) PasswordHashHash, (u_int *) &i);}// Shamelessly take from the hostap code written by Jouni Malinenvoid des_encrypt(uint8_t *clear, uint8_t *key, uint8_t *cypher){ uint8_t pkey[8], next, tmp; int i; DES_key_schedule ks; if (!xsup_assert((clear != NULL), "clear != NULL", FALSE)) return; if (!xsup_assert((key != NULL), "key != NULL", FALSE)) return; if (!xsup_assert((cypher != NULL), "cypher != NULL", FALSE)) return; /* Add parity bits to key */ next = 0; for (i=0; i<7; i++) { tmp = key[i]; pkey[i] = (tmp >> i) | next | 1; next = tmp << (7-i); } pkey[i] = next | 1; DES_set_key(&pkey, &ks); DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks, DES_ENCRYPT);}char ctonibble(char cnib){ char retVal=0x00; char testval=0x00; if ((cnib>='0') && (cnib<='9')) { retVal = cnib - '0'; } else { testval = toupper(cnib); if ((testval>='A') && (testval<='F')) { retVal = ((testval - 'A') +10); } else { debug_printf(DEBUG_NORMAL, "Error in conversion! (Check ctonibble()) -- %02x\n",testval); } } return retVal;}// Convert an ASCII string to a binary version of it.void process_hex(char *instr, int size, char *outstr){ int i; if (!xsup_assert((instr != NULL), "instr != NULL", FALSE)) return; if (!xsup_assert((outstr != NULL), "outstr != NULL", FALSE)) return; // Make sure we don't try to convert something that isn't byte aligned. if ((size % 2) != 0) { debug_printf(DEBUG_NORMAL, "Hex string isn't an even number of chars!!!" "\n"); return; } for (i=0;i<(size/2);i++) { if (instr[i*2] != 0x00) { outstr[i] = (ctonibble(instr[i*2]) << 4) + ctonibble(instr[(i*2)+1]); } }}void GenerateAuthenticatorResponse(char *Password, char *NTResponse, char *PeerChallenge, char *AuthenticatorChallenge, char *UserName, char *AuthenticatorResponse, int nthash){ char PasswordHash[16]; char PasswordHashHash[16]; EVP_MD_CTX context; int Digest_len; char Digest[20]; char Challenge[8]; char Magic1[39] = {0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74}; char Magic2[41] = {0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E}; if (!xsup_assert((Password != NULL), "Password != NULL", FALSE)) return; if (!xsup_assert((NTResponse != NULL), "NTResponse != NULL", FALSE)) return; if (!xsup_assert((PeerChallenge != NULL), "PeerChallenge != NULL", FALSE)) return; if (!xsup_assert((AuthenticatorChallenge != NULL), "AuthenticatorChallenge != NULL", FALSE)) return; if (!xsup_assert((UserName != NULL), "UserName != NULL", FALSE)) return; if (!xsup_assert((AuthenticatorResponse != NULL), "AuthenticatorResponse != NULL", FALSE)) return; if (nthash == 0) { NtPasswordHash(Password, (char *)&PasswordHash); } else { process_hex(Password, strlen(Password), (char *)&PasswordHash); } HashNtPasswordHash((char *)&PasswordHash, (char *)&PasswordHashHash); EVP_DigestInit(&context, EVP_sha1()); EVP_DigestUpdate(&context, &PasswordHashHash, 16); EVP_DigestUpdate(&context, NTResponse, 24); EVP_DigestUpdate(&context, Magic1, 39); EVP_DigestFinal(&context, (uint8_t *)&Digest, (u_int *) &Digest_len); ChallengeHash(PeerChallenge, AuthenticatorChallenge, UserName, Challenge); EVP_DigestInit(&context, EVP_sha1()); EVP_DigestUpdate(&context, &Digest, 20); EVP_DigestUpdate(&context, &Challenge, 8);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -