mschapv2.c

Linux上的802.1x 的supplicant的实现。很多supplicant程序都是基于它开发的

  EVP_DigestUpdate(&context, Magic2, 41);
  EVP_DigestFinal(&context, (uint8_t *)&Digest, (u_int *) &Digest_len);

  memcpy(AuthenticatorResponse, &Digest, Digest_len);
}



void CheckAuthenticatorResponse(char *Password, char *NtResponse,
				char *PeerChallenge, 
				char *AuthenticatorChallenge, char *UserName,
				char *ReceivedResponse, int *ResponseOK,
				int nthash)
{
  char MyResponse[20], procResp[20];

  if (!xsup_assert((Password != NULL), "Password != NULL", FALSE))
    return;

  if (!xsup_assert((NtResponse != NULL), "NtResponse != NULL", FALSE))
    return;

  if (!xsup_assert((PeerChallenge != NULL), "PeerChallenge != NULL", FALSE))
    return;

  if (!xsup_assert((AuthenticatorChallenge != NULL), 
		   "AuthenticatorChallenge != NULL", FALSE))
    return;

  if (!xsup_assert((UserName != NULL), "UserName != NULL", FALSE))
    return;

  if (!xsup_assert((ReceivedResponse != NULL), "ReceivedResponse != NULL",
		   FALSE)) return;

  if (!xsup_assert((ResponseOK != NULL), "ResponseOK != NULL", FALSE))
    return;

  GenerateAuthenticatorResponse(Password, NtResponse, PeerChallenge,
				AuthenticatorChallenge, UserName, 
				(char *)&MyResponse, nthash);

  process_hex(ReceivedResponse, strlen(ReceivedResponse), (char *)&procResp);

  if (memcmp((char *)&MyResponse, (char *)&procResp, 20) == 0)
    {
      *ResponseOK = 1;
    } else {
      *ResponseOK = 0;
    }
}

// Take from hostap code by Jouni Malinen, and modified to work with
// XSupplicant.
void ChallengeResponse(char *Challenge, char *PasswordHash, char *Response)
{
  uint8_t zpwd[7];

  if (!xsup_assert((Challenge != NULL), "Challenge != NULL", FALSE))
    return;

  if (!xsup_assert((PasswordHash != NULL), "PasswordHash != NULL", FALSE))
    return;

  if (!xsup_assert((Response != NULL), "Response != NULL", FALSE))
    return;

  des_encrypt((uint8_t *) Challenge, (uint8_t *) PasswordHash, (uint8_t *) Response);
  des_encrypt((uint8_t *) Challenge, (uint8_t *) PasswordHash + 7, (uint8_t *) Response+8);
  zpwd[0] = PasswordHash[14];
  zpwd[1] = PasswordHash[15];
  memset(zpwd + 2, 0, 5);
  des_encrypt((uint8_t *) Challenge, zpwd, (uint8_t *) Response+16);
}

void NtChallengeResponse(char *Challenge, char *Password, char *Response, 
			 int nthash)
{
  char password_hash[16];

  if (!xsup_assert((Challenge != NULL), "Challenge != NULL", FALSE))
    return;

  if (!xsup_assert((Password != NULL), "Password != NULL", FALSE))
    return;

  if (!xsup_assert((Response != NULL), "Response != NULL", FALSE))
    return;

  if (nthash == 0)
    {
      NtPasswordHash(Password, (char *)&password_hash);
    } else {
      process_hex(Password, strlen(Password), (char *)&password_hash);
    }
  ChallengeResponse(Challenge, (char *)&password_hash, Response);
}

void GenerateNTResponse(char *AuthenticatorChallenge, char *PeerChallenge,
			char *UserName, char *Password, char *Response, 
			int nthash)
{
  char Challenge[8], PasswordHash[16];

  if (!xsup_assert((AuthenticatorChallenge != NULL),
		   "AuthenticatorChallenge != NULL", FALSE))
    return;

  if (!xsup_assert((PeerChallenge != NULL), "PeerChallenge != NULL", FALSE))
    return;

  if (!xsup_assert((UserName != NULL), "UserName != NULL", FALSE))
    return;

  if (!xsup_assert((Password != NULL), "Password != NULL", FALSE))
    return;

  if (!xsup_assert((Response != NULL), "Response != NULL", FALSE))
    return;
  
  ChallengeHash(PeerChallenge, AuthenticatorChallenge, UserName, (char *)&Challenge);
  debug_printf(DEBUG_AUTHTYPES, "PeerChallenge : ");
  debug_hex_printf(DEBUG_AUTHTYPES, (uint8_t *) PeerChallenge, 8);
  debug_printf(DEBUG_AUTHTYPES, "AuthenticatorChallenge : ");
  debug_hex_printf(DEBUG_AUTHTYPES, (uint8_t *) AuthenticatorChallenge, 8);
  debug_printf(DEBUG_AUTHTYPES, "Username : %s\n",UserName);
  debug_printf(DEBUG_AUTHTYPES, "Challenge : ");
  debug_hex_printf(DEBUG_AUTHTYPES, (uint8_t *) Challenge, 8);

  if (nthash == 0)
    {
      NtPasswordHash(Password, (char *)&PasswordHash);
    } else {
      process_hex(Password, strlen(Password), (char *)&PasswordHash);
    }

  debug_printf(DEBUG_AUTHTYPES, "PasswordHash : ");
  debug_hex_printf(DEBUG_AUTHTYPES, (uint8_t *) PasswordHash, 16);
  ChallengeResponse(Challenge, (char *)&PasswordHash, Response);
  debug_printf(DEBUG_AUTHTYPES, "Response : ");
  debug_hex_printf(DEBUG_AUTHTYPES, (uint8_t *) Response, 24);
}

void GetMasterKey(char *PasswordHashHash, char *NTResponse, char *MasterKey)
{
  EVP_MD_CTX cntx;
  char Digest[20];
  int retLen;

  char Magic1[27] =
    {0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
     0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
     0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79};

  if (!xsup_assert((PasswordHashHash != NULL), "PasswordHashHash != NULL",
		   FALSE))
    return;

  if (!xsup_assert((NTResponse != NULL), "NTResponse != NULL", FALSE))
    return;

  if (!xsup_assert((MasterKey != NULL), "MasterKey != NULL", FALSE))
    return;
  
  bzero(&Digest, 20);

  EVP_DigestInit(&cntx, EVP_sha1());
  EVP_DigestUpdate(&cntx, PasswordHashHash, 16);
  EVP_DigestUpdate(&cntx, NTResponse, 24);
  EVP_DigestUpdate(&cntx, (char *)&Magic1, 27);
  EVP_DigestFinal(&cntx, (uint8_t *)&Digest, (u_int *) &retLen);

  memcpy(MasterKey, &Digest, 16);
}

void GetMasterLEAPKey(char *PasswordHashHash, char *APC, char *APR, char *PC, char *PR, char *MasterKey)
{
  EVP_MD_CTX cntx;
  char Digest[20];
  int retLen;

  if (!xsup_assert((PasswordHashHash != NULL), "PasswordHashHash != NULL",
		   FALSE))
    return;

  if (!xsup_assert((APC != NULL), "APC != NULL", FALSE))
    return;
  
  if (!xsup_assert((APR != NULL), "APR != NULL", FALSE))
    return;

  if (!xsup_assert((PC != NULL), "PC != NULL", FALSE))
    return;

  if (!xsup_assert((PR != NULL), "PR != NULL", FALSE))
    return;

  if (!xsup_assert((MasterKey != NULL), "MasterKey != NULL", FALSE))
    return;

  bzero(&Digest, 20);

  EVP_DigestInit(&cntx, EVP_md5());
  EVP_DigestUpdate(&cntx, PasswordHashHash, 16);
  EVP_DigestUpdate(&cntx, APC, 8);
  EVP_DigestUpdate(&cntx, APR, 24);
  EVP_DigestUpdate(&cntx, PC, 8);
  EVP_DigestUpdate(&cntx, PR, 24); 
  EVP_DigestFinal(&cntx, (uint8_t *)&Digest, (u_int *) &retLen);
  
  memcpy(MasterKey, &Digest, 16);
  
}

void GetAsymetricStartKey(char *MasterKey, char *SessionKey, 
			  int SessionKeyLength, int IsSend, int IsServer)
{
  EVP_MD_CTX cntx;
  char Digest[20];
  char Magic[84];
  int retLen;

  char Magic2[84] =
    {0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
     0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
     0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
     0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
     0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
     0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
     0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
     0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
     0x6b, 0x65, 0x79, 0x2e};

  char Magic3[84] =
    {0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
     0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
     0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
     0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
     0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
     0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
     0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
     0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
     0x6b, 0x65, 0x79, 0x2e};

  char SHSpad1[40] =
    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

  char SHSpad2[40] =
    {0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
     0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
     0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
     0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2};

  if (!xsup_assert((MasterKey != NULL), "MasterKey != NULL", FALSE))
    return;

  if (!xsup_assert((SessionKey != NULL), "SessionKey != NULL", FALSE))
    return;

  bzero(&Digest, 20);

  if (IsSend) {
    if (IsServer) {
      memcpy(&Magic, &Magic3, 84);
    } else {
      memcpy(&Magic, &Magic2, 84);
    }
  } else {
    if (IsServer) {
      memcpy(&Magic, &Magic2, 84);
    } else {
      memcpy(&Magic, &Magic3, 84);
    }
  }

  EVP_DigestInit(&cntx, EVP_sha1());
  EVP_DigestUpdate(&cntx, MasterKey, 16);
  EVP_DigestUpdate(&cntx, SHSpad1, 40);
  EVP_DigestUpdate(&cntx, (char *)&Magic, 84);
  EVP_DigestUpdate(&cntx, SHSpad2, 40);
  EVP_DigestFinal(&cntx, (uint8_t *)&Digest, (u_int *)&retLen);

  memcpy(SessionKey, &Digest, SessionKeyLength);
}