Add MPPE and MSChap v2 support (denied and disabled by default)

Submitted by: Ustimenko Semen <semen@iclub.nsu.ru>
author: brian <brian@FreeBSD.org> 2000-10-30 00:15:04 +0000
committer: brian <brian@FreeBSD.org> 2000-10-30 00:15:04 +0000
commit: 06792c58d5296e43c29af28744e2aa418b29c02c (patch)
tree: b3faf577f26b4b6238bf2ed28bb1cced590c6645 /usr.sbin/ppp/chap_ms.c
parent: c238c956a4e688205b311cfc63717fc84e6d43eb (diff)
download: FreeBSD-src-06792c58d5296e43c29af28744e2aa418b29c02c.zip
FreeBSD-src-06792c58d5296e43c29af28744e2aa418b29c02c.tar.gz
1 files changed, 233 insertions, 0 deletions
diff --git a/usr.sbin/ppp/chap_ms.c b/usr.sbin/ppp/chap_ms.c
index 4333aa1..c2892c4 100644
--- a/usr.sbin/ppp/chap_ms.c
+++ b/usr.sbin/ppp/chap_ms.c
@@ -31,10 +31,32 @@
 #else
 #include <des.h>
 #endif
+#include <sha.h>
+#include <md4.h>
 #include <string.h>
 
 #include "chap_ms.h"
 
+/*
+ * Documentation & specifications:
+ *
+ * MS-CHAP (CHAP80)	rfc2433
+ * MS-CHAP-V2 (CHAP81)	rfc2759
+ * MPPE key management	draft-ietf-pppext-mppe-keys-02.txt
+ */
+
+static char SHA1_Pad1[40] =
+  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+
+static char SHA1_Pad2[40] =
+  {0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2,
+   0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2,
+   0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2,
+   0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2};
+
 /* unused, for documentation only */
 /* only NTResp is filled in for FreeBSD */
 struct MS_ChapResponse {
@@ -95,6 +117,217 @@ ChallengeResponse(u_char *challenge, u_char *pwHash, u_char *response)
     DesEncrypt(challenge, ZPasswordHash + 14, response + 16);
 }
 
+void
+NtPasswordHash(char *key, int keylen, char *hash) { 
+  MD4_CTX MD4context;
+
+  MD4Init(&MD4context);
+  MD4Update(&MD4context, key, keylen);
+  MD4Final(hash, &MD4context);
+}
+
+void
+HashNtPasswordHash(char *hash, char *hashhash) { 
+  MD4_CTX MD4context;
+
+  MD4Init(&MD4context);
+  MD4Update(&MD4context, hash, 16);
+  MD4Final(hashhash, &MD4context);
+}
+
+void
+ChallengeHash(char *PeerChallenge, char *AuthenticatorChallenge, char *UserName, int UserNameLen, char *Challenge) {
+  SHA_CTX Context;
+  char Digest[SHA_DIGEST_LENGTH];
+  char *Name;
+
+  Name = strrchr(UserName, '\\');
+  if(NULL == Name) 
+    Name = UserName;
+  else
+    Name++;
+
+  SHA1_Init(&Context);
+
+  SHA1_Update(&Context, PeerChallenge, 16); 
+  SHA1_Update(&Context, AuthenticatorChallenge, 16);
+  SHA1_Update(&Context, UserName, UserNameLen);
+
+  SHA1_Final(Digest, &Context);
+  memcpy(Challenge, Digest, 8);
+}
+
+void
+GenerateNTResponse(char *AuthenticatorChallenge, char *PeerChallenge, char *UserName, int UserNameLen, char *Password, int PasswordLen, char *Response) {
+  char Challenge[8];
+  char PasswordHash[16];
+
+  ChallengeHash(PeerChallenge, AuthenticatorChallenge, UserName, UserNameLen,
+                Challenge);
+  NtPasswordHash(Password, PasswordLen, PasswordHash);
+  ChallengeResponse(Challenge, PasswordHash, Response);
+}
+
+void
+GenerateAuthenticatorResponse(char *Password, int PasswordLen, char *NTResponse, char *PeerChallenge, char *AuthenticatorChallenge, char *UserName, int UserNameLen, char *AuthenticatorResponse) {
+  SHA_CTX Context;
+  char PasswordHash[16];
+  char PasswordHashHash[16];
+  char Challenge[8];
+  u_char Digest[SHA_DIGEST_LENGTH];
+  int i;
+
+      /*
+       * "Magic" constants used in response generation
+       */
+  char Magic1[39] =
+         {0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
+          0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
+          0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
+          0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74};
+
+
+  char Magic2[41] =
+         {0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
+          0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
+          0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
+          0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
+          0x6E};
+      /*
+       * Hash the password with MD4
+       */
+  NtPasswordHash(Password, PasswordLen, PasswordHash);
+      /*
+       * Now hash the hash
+       */
+  HashNtPasswordHash(PasswordHash, PasswordHashHash);
+
+  SHA1_Init(&Context);
+  SHA1_Update(&Context, PasswordHashHash, 16);
+  SHA1_Update(&Context, NTResponse, 24);
+  SHA1_Update(&Context, Magic1, 39);
+  SHA1_Final(Digest, &Context);
+  ChallengeHash(PeerChallenge, AuthenticatorChallenge, UserName, UserNameLen, 
+                Challenge);
+  SHA1_Init(&Context);
+  SHA1_Update(&Context, Digest, 20);
+  SHA1_Update(&Context, Challenge, 8);
+  SHA1_Update(&Context, Magic2, 41);
+
+      /*
+       * Encode the value of 'Digest' as "S=" followed by
+       * 40 ASCII hexadecimal digits and return it in
+       * AuthenticatorResponse.
+       * For example,
+       *   "S=0123456789ABCDEF0123456789ABCDEF01234567"
+       */
+  AuthenticatorResponse[0] = 'S';
+  AuthenticatorResponse[1] = '=';
+  SHA1_End(&Context, AuthenticatorResponse + 2);
+  for (i=2; i<42; i++)
+    AuthenticatorResponse[i] = toupper(AuthenticatorResponse[i]);
+
+}
+ 
+void
+GetMasterKey(char *PasswordHashHash, char *NTResponse, char *MasterKey) {
+  char Digest[SHA_DIGEST_LENGTH];
+  SHA_CTX Context;
+  static char Magic1[27] =
+      {0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
+       0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
+       0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79};
+
+  SHA1_Init(&Context);
+  SHA1_Update(&Context, PasswordHashHash, 16);
+  SHA1_Update(&Context, NTResponse, 24);
+  SHA1_Update(&Context, Magic1, 27);
+  SHA1_Final(Digest, &Context);
+  memcpy(MasterKey, Digest, 16);
+}
+
+void
+GetAsymetricStartKey(char *MasterKey, char *SessionKey, int SessionKeyLength, int IsSend, int IsServer) {
+  char Digest[SHA_DIGEST_LENGTH];
+  SHA_CTX Context;
+  char *s;
+
+  static char Magic2[84] =
+      {0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
+       0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
+       0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+       0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+       0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
+       0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
+       0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+       0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+       0x6b, 0x65, 0x79, 0x2e};
+
+  static char Magic3[84] =
+      {0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
+       0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
+       0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+       0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+       0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
+       0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
+       0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
+       0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
+       0x6b, 0x65, 0x79, 0x2e};
+
+  if (IsSend) {
+     if (IsServer) {
+        s = Magic3;
+     } else {
+        s = Magic2;
+     }
+  } else {
+     if (IsServer) {
+        s = Magic2;
+     } else {
+        s = Magic3;
+     }
+  }
+
+  SHA1_Init(&Context);
+  SHA1_Update(&Context, MasterKey, 16);
+  SHA1_Update(&Context, SHA1_Pad1, 40);
+  SHA1_Update(&Context, s, 84);
+  SHA1_Update(&Context, SHA1_Pad2, 40);
+  SHA1_Final(Digest, &Context);
+
+  memcpy(SessionKey, Digest, SessionKeyLength);
+}
+
+void
+GetNewKeyFromSHA(char *StartKey, char *SessionKey, long SessionKeyLength, char *InterimKey) {
+  SHA_CTX Context;
+  char Digest[SHA_DIGEST_LENGTH];
+
+  SHA1_Init(&Context);
+  SHA1_Update(&Context, StartKey, SessionKeyLength);
+  SHA1_Update(&Context, SHA1_Pad1, 40);
+  SHA1_Update(&Context, SessionKey, SessionKeyLength);
+  SHA1_Update(&Context, SHA1_Pad2, 40);
+  SHA1_Final(Digest, &Context);
+
+  memcpy(InterimKey, Digest, SessionKeyLength);
+}
+
+void
+Get_Key(char *InitialSessionKey, char *CurrentSessionKey, int LengthOfDesiredKey) {
+  SHA_CTX Context;
+  char Digest[SHA_DIGEST_LENGTH];
+
+  SHA1_Init(&Context);
+  SHA1_Update(&Context, InitialSessionKey, LengthOfDesiredKey);
+  SHA1_Update(&Context, SHA1_Pad1, 40);
+  SHA1_Update(&Context, CurrentSessionKey, LengthOfDesiredKey);
+  SHA1_Update(&Context, SHA1_Pad2, 40);
+  SHA1_Final(Digest, &Context);
+
+  memcpy(CurrentSessionKey, Digest, LengthOfDesiredKey);
+}
+
 /* passwordHash 16-bytes MD4 hashed password
    challenge    8-bytes peer CHAP challenge
    since passwordHash is in a 24-byte buffer, response is written in there */
author	brian <brian@FreeBSD.org>	2000-10-30 00:15:04 +0000
committer	brian <brian@FreeBSD.org>	2000-10-30 00:15:04 +0000
commit	06792c58d5296e43c29af28744e2aa418b29c02c (patch)
tree	b3faf577f26b4b6238bf2ed28bb1cced590c6645 /usr.sbin/ppp/chap_ms.c
parent	c238c956a4e688205b311cfc63717fc84e6d43eb (diff)
download	FreeBSD-src-06792c58d5296e43c29af28744e2aa418b29c02c.zip FreeBSD-src-06792c58d5296e43c29af28744e2aa418b29c02c.tar.gz