Support CHAP using MD4

Suggested by: jordan
author: brian <brian@FreeBSD.org> 1997-09-17 23:17:57 +0000
committer: brian <brian@FreeBSD.org> 1997-09-17 23:17:57 +0000
commit: af684d25950567ee4267a2074d25148ffd8b29fc (patch)
tree: 7b208536a445cb12331446387977c970033f28ca /usr.sbin/ppp
parent: 3f01bad7d72fc302d847dd427b69ad3a98601985 (diff)
download: FreeBSD-src-af684d25950567ee4267a2074d25148ffd8b29fc.zip
FreeBSD-src-af684d25950567ee4267a2074d25148ffd8b29fc.tar.gz
6 files changed, 63 insertions, 15 deletions
diff --git a/usr.sbin/ppp/chap.c b/usr.sbin/ppp/chap.c
index 862d711..9effb34 100644
--- a/usr.sbin/ppp/chap.c
+++ b/usr.sbin/ppp/chap.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: chap.c,v 1.19 1997/06/14 00:21:23 ache Exp $
+ * $Id: chap.c,v 1.20 1997/08/25 00:29:06 brian Exp $
  *
  *	TODO:
  */
@@ -95,7 +95,8 @@ RecvChapTalk(struct fsmheader * chp, struct mbuf * bp)
   int arglen, keylen, namelen;
   char *cp, *argp, *ap, *name, *digest;
   char *keyp;
-  MD5_CTX context;		/* context */
+  MD4_CTX MD4context;		/* context for MD4 */
+  MD5_CTX MD5context;		/* context for MD5 */
   char answer[100];
   char cdigest[16];
 
@@ -138,9 +139,15 @@ RecvChapTalk(struct fsmheader * chp, struct mbuf * bp)
     bcopy(cp, ap, valsize);
     LogDumpBuff(LogDEBUG, "recv", ap, valsize);
     ap += valsize;
-    MD5Init(&context);
-    MD5Update(&context, answer, ap - answer);
-    MD5Final(digest, &context);
+    if (VarEncMD4) {
+      MD4Init(&MD4context);
+      MD4Update(&MD4context, answer, ap - answer);
+      MD4Final(digest, &MD4context);
+    } else {
+      MD5Init(&MD5context);
+      MD5Update(&MD5context, answer, ap - answer);
+      MD5Final(digest, &MD5context);
+    }
     LogDumpBuff(LogDEBUG, "answer", digest, 16);
     bcopy(name, digest + 16, namelen);
     ap += namelen;
@@ -159,10 +166,17 @@ RecvChapTalk(struct fsmheader * chp, struct mbuf * bp)
       *ap++ = chp->id;
       bcopy(keyp, ap, keylen);
       ap += keylen;
-      MD5Init(&context);
-      MD5Update(&context, answer, ap - answer);
-      MD5Update(&context, challenge_data + 1, challenge_len);
-      MD5Final(cdigest, &context);
+      if (VarEncMD4) {
+        MD4Init(&MD4context);
+        MD4Update(&MD4context, answer, ap - answer);
+        MD4Update(&MD4context, challenge_data + 1, challenge_len);
+        MD4Final(cdigest, &MD4context);
+      } else {
+        MD5Init(&MD5context);
+        MD5Update(&MD5context, answer, ap - answer);
+        MD5Update(&MD5context, challenge_data + 1, challenge_len);
+        MD5Final(cdigest, &MD5context);
+      }
       LogDumpBuff(LogDEBUG, "got", cp, 16);
       LogDumpBuff(LogDEBUG, "expect", cdigest, 16);
 
diff --git a/usr.sbin/ppp/chap.h b/usr.sbin/ppp/chap.h
index acb5585..4a83c23 100644
--- a/usr.sbin/ppp/chap.h
+++ b/usr.sbin/ppp/chap.h
@@ -15,13 +15,14 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: chap.h,v 1.5 1997/02/22 16:10:06 peter Exp $
+ * $Id: chap.h,v 1.6 1997/06/09 03:27:15 brian Exp $
  *
  *	TODO:
  */
 
 #ifndef _CHAP_H_
 #define	_CHAP_H_
+#include <md4.h>
 #include <md5.h>
 #include "global.h"
 
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index e606505..5562888 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: command.c,v 1.80 1997/09/09 23:56:29 brian Exp $
+ * $Id: command.c,v 1.81 1997/09/16 23:15:11 brian Exp $
  *
  */
 #include <sys/types.h>
@@ -467,6 +467,7 @@ ShowAuthKey()
     return 0;
   fprintf(VarTerm, "AuthName = %s\n", VarAuthName);
   fprintf(VarTerm, "AuthKey  = %s\n", VarAuthKey);
+  fprintf(VarTerm, "Encrypt  = %s\n", VarEncMD4 ? "MD4" : "MD5" );
   return 1;
 }
 
@@ -564,7 +565,7 @@ struct cmdtab const ShowCommands[] = {
   {"afilter", NULL, ShowAfilter, LOCAL_AUTH,
   "Show keep Alive filters", "show afilter option .."},
   {"auth", NULL, ShowAuthKey, LOCAL_AUTH,
-  "Show auth name/key", "show auth"},
+  "Show auth name, key and algorithm", "show auth"},
   {"ccp", NULL, ReportCcpStatus, LOCAL_AUTH,
   "Show CCP status", "show cpp"},
   {"compress", NULL, ReportCompress, LOCAL_AUTH,
@@ -1199,6 +1200,7 @@ SetNBNS(struct cmdtab const * list, int argc, char **argv)
 #define	VAR_ACCMAP	5
 #define	VAR_PHONE	6
 #define	VAR_HANGUP	7
+#define	VAR_ENC		8
 
 static int
 SetVariable(struct cmdtab const * list, int argc, char **argv, int param)
@@ -1249,6 +1251,9 @@ SetVariable(struct cmdtab const * list, int argc, char **argv, int param)
     strncpy(VarHangupScript, arg, sizeof(VarHangupScript) - 1);
     VarHangupScript[sizeof(VarHangupScript) - 1] = '\0';
     break;
+  case VAR_ENC:
+    VarEncMD4 = !strcasecmp(arg, "md4");
+    break;
   }
   return 0;
 }
@@ -1303,6 +1308,8 @@ struct cmdtab const SetCommands[] = {
   "Set demand filter", "set dfilter ..."},
   {"dial", NULL, SetVariable, LOCAL_AUTH,
   "Set dialing script", "set dial chat-script", (void *) VAR_DIAL},
+  {"encrypt", NULL, SetVariable, LOCAL_AUTH,
+  "Set CHAP encryption algorithm", "set encrypt MD4|MD5", (void *) VAR_ENC},
   {"escape", NULL, SetEscape, LOCAL_AUTH,
   "Set escape characters", "set escape hex-digit ..."},
   {"hangup", NULL, SetVariable, LOCAL_AUTH,
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index 19a9fd2..0f4ba71 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.63 1997/09/09 21:01:53 brian Exp $
+.\" $Id: ppp.8,v 1.64 1997/09/10 02:20:35 brian Exp $
 .Dd 20 September 1995
 .Os FreeBSD
 .Dt PPP 8
@@ -1438,6 +1438,11 @@ in
 .Pa ppp.conf .
 CHAP is accepted by default.
 
+Some ppp implementations use MD4 rather than MD5 when encrypting the
+challenge.  Refer to the description of the
+.Dq set encrypt
+command for further details.
+
 .It pap
 Default: Disabled and Accepted.  PAP stands for Password Authentication
 Protocol.  Only one of PAP and CHAP (above) may be negotiated.  With
@@ -1672,6 +1677,13 @@ This specifies the chat script that will be used to reset the modem
 before it is closed.  It should not normally be necessary, but can
 be used for devices that fail to reset themselves properly on close.
 
+.It set encrypt MD4|MD5
+This specifies the encryption algorithm to use when encrypting the
+CHAP challenge string and defaults to MD5.
+Normally, CHAP authentication is done using MD5, but some ppp
+implementations (notably the RAS on Windows NT 3 & 4) use MD4
+instead.
+
 .It set escape value...
 This option is similar to the
 .Dq set accmap
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4
index 19a9fd2..0f4ba71 100644
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.63 1997/09/09 21:01:53 brian Exp $
+.\" $Id: ppp.8,v 1.64 1997/09/10 02:20:35 brian Exp $
 .Dd 20 September 1995
 .Os FreeBSD
 .Dt PPP 8
@@ -1438,6 +1438,11 @@ in
 .Pa ppp.conf .
 CHAP is accepted by default.
 
+Some ppp implementations use MD4 rather than MD5 when encrypting the
+challenge.  Refer to the description of the
+.Dq set encrypt
+command for further details.
+
 .It pap
 Default: Disabled and Accepted.  PAP stands for Password Authentication
 Protocol.  Only one of PAP and CHAP (above) may be negotiated.  With
@@ -1672,6 +1677,13 @@ This specifies the chat script that will be used to reset the modem
 before it is closed.  It should not normally be necessary, but can
 be used for devices that fail to reset themselves properly on close.
 
+.It set encrypt MD4|MD5
+This specifies the encryption algorithm to use when encrypting the
+CHAP challenge string and defaults to MD5.
+Normally, CHAP authentication is done using MD5, but some ppp
+implementations (notably the RAS on Windows NT 3 & 4) use MD4
+instead.
+
 .It set escape value...
 This option is similar to the
 .Dq set accmap
diff --git a/usr.sbin/ppp/vars.h b/usr.sbin/ppp/vars.h
index 9ee7870..9584177 100644
--- a/usr.sbin/ppp/vars.h
+++ b/usr.sbin/ppp/vars.h
@@ -15,7 +15,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: vars.h,v 1.25 1997/08/25 00:29:31 brian Exp $
+ * $Id: vars.h,v 1.26 1997/09/04 00:38:22 brian Exp $
  *
  *	TODO:
  */
@@ -83,6 +83,7 @@ struct pppvars {
   char login_script[200];	/* Login script */
   char auth_key[50];		/* PAP/CHAP key */
   char auth_name[50];		/* PAP/CHAP system name */
+  int enc_MD4;			/* Use MD4 for CHAP encryption */
   char phone_numbers[200];	/* Telephone Numbers */
   char phone_copy[200];		/* copy for strsep() */
   char *next_phone;		/* Next phone from the list */
@@ -110,6 +111,7 @@ struct pppvars {
 #define	VarRetryTimeout	pppVars.retry_timeout
 #define	VarAuthKey	pppVars.auth_key
 #define	VarAuthName	pppVars.auth_name
+#define	VarEncMD4	pppVars.enc_MD4
 #define VarPhoneList    pppVars.phone_numbers
 #define VarPhoneCopy    pppVars.phone_copy
 #define VarNextPhone    pppVars.next_phone
author	brian <brian@FreeBSD.org>	1997-09-17 23:17:57 +0000
committer	brian <brian@FreeBSD.org>	1997-09-17 23:17:57 +0000
commit	af684d25950567ee4267a2074d25148ffd8b29fc (patch)
tree	7b208536a445cb12331446387977c970033f28ca /usr.sbin/ppp
parent	3f01bad7d72fc302d847dd427b69ad3a98601985 (diff)
download	FreeBSD-src-af684d25950567ee4267a2074d25148ffd8b29fc.zip FreeBSD-src-af684d25950567ee4267a2074d25148ffd8b29fc.tar.gz