OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [freertos-6.1.1/] [Demo/] [Common/] [ethernet/] [lwIP_132/] [src/] [netif/] [ppp/] [chpms.c] - Blame information for rev 709

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 606 jeremybenn
/*** WARNING - THIS CODE HAS NOT BEEN FINISHED! ***/
2
/*** The original PPPD code is written in a way to require either the UNIX DES
3
     encryption functions encrypt(3) and setkey(3) or the DES library libdes.
4
     Since both is not included in lwIP, MSCHAP currently does not work! */
5
/*****************************************************************************
6
* chpms.c - Network MicroSoft Challenge Handshake Authentication Protocol program file.
7
*
8
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
9
* Copyright (c) 1997 by Global Election Systems Inc.  All rights reserved.
10
*
11
* The authors hereby grant permission to use, copy, modify, distribute,
12
* and license this software and its documentation for any purpose, provided
13
* that existing copyright notices are retained in all copies and that this
14
* notice and the following disclaimer are included verbatim in any
15
* distributions. No written agreement, license, or royalty fee is required
16
* for any of the authorized uses.
17
*
18
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
19
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
*
29
******************************************************************************
30
* REVISION HISTORY
31
*
32
* 03-01-01 Marc Boucher <marc@mbsi.ca>
33
*   Ported to lwIP.
34
* 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
35
*   Original based on BSD chap_ms.c.
36
*****************************************************************************/
37
/*
38
 * chap_ms.c - Microsoft MS-CHAP compatible implementation.
39
 *
40
 * Copyright (c) 1995 Eric Rosenquist, Strata Software Limited.
41
 * http://www.strataware.com/
42
 *
43
 * All rights reserved.
44
 *
45
 * Redistribution and use in source and binary forms are permitted
46
 * provided that the above copyright notice and this paragraph are
47
 * duplicated in all such forms and that any documentation,
48
 * advertising materials, and other materials related to such
49
 * distribution and use acknowledge that the software was developed
50
 * by Eric Rosenquist.  The name of the author may not be used to
51
 * endorse or promote products derived from this software without
52
 * specific prior written permission.
53
 *
54
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
55
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
56
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
57
 */
58
 
59
/*
60
 * Modifications by Lauri Pesonen / lpesonen@clinet.fi, april 1997
61
 *
62
 *   Implemented LANManager type password response to MS-CHAP challenges.
63
 *   Now pppd provides both NT style and LANMan style blocks, and the
64
 *   prefered is set by option "ms-lanman". Default is to use NT.
65
 *   The hash text (StdText) was taken from Win95 RASAPI32.DLL.
66
 *
67
 *   You should also use DOMAIN\\USERNAME as described in README.MSCHAP80
68
 */
69
 
70
#define USE_CRYPT
71
 
72
#include "lwip/opt.h"
73
 
74
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
75
 
76
#if MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
77
 
78
#include "ppp.h"
79
#include "pppdebug.h"
80
 
81
#include "md4.h"
82
#ifndef USE_CRYPT
83
#include "des.h"
84
#endif
85
#include "chap.h"
86
#include "chpms.h"
87
 
88
 
89
/*************************/
90
/*** LOCAL DEFINITIONS ***/
91
/*************************/
92
 
93
 
94
/************************/
95
/*** LOCAL DATA TYPES ***/
96
/************************/
97
typedef struct {
98
    u_char LANManResp[24];
99
    u_char NTResp[24];
100
    u_char UseNT; /* If 1, ignore the LANMan response field */
101
} MS_ChapResponse;
102
/* We use MS_CHAP_RESPONSE_LEN, rather than sizeof(MS_ChapResponse),
103
   in case this struct gets padded. */
104
 
105
 
106
 
107
/***********************************/
108
/*** LOCAL FUNCTION DECLARATIONS ***/
109
/***********************************/
110
 
111
/* XXX Don't know what to do with these. */
112
extern void setkey(const char *);
113
extern void encrypt(char *, int);
114
 
115
static void DesEncrypt (u_char *, u_char *, u_char *);
116
static void MakeKey (u_char *, u_char *);
117
 
118
#ifdef USE_CRYPT
119
static void Expand (u_char *, u_char *);
120
static void Collapse (u_char *, u_char *);
121
#endif
122
 
123
static void ChallengeResponse(
124
  u_char *challenge, /* IN   8 octets */
125
  u_char *pwHash,    /* IN  16 octets */
126
  u_char *response   /* OUT 24 octets */
127
);
128
static void ChapMS_NT(
129
  char *rchallenge,
130
  int rchallenge_len,
131
  char *secret,
132
  int secret_len,
133
  MS_ChapResponse *response
134
);
135
static u_char Get7Bits(
136
  u_char *input,
137
  int startBit
138
);
139
 
140
 
141
/***********************************/
142
/*** PUBLIC FUNCTION DEFINITIONS ***/
143
/***********************************/
144
void
145
ChapMS( chap_state *cstate, char *rchallenge, int rchallenge_len, char *secret, int secret_len)
146
{
147
  MS_ChapResponse response;
148
#ifdef MSLANMAN
149
  extern int ms_lanman;
150
#endif
151
 
152
#if 0
153
  CHAPDEBUG((LOG_INFO, "ChapMS: secret is '%.*s'\n", secret_len, secret));
154
#endif
155
  BZERO(&response, sizeof(response));
156
 
157
  /* Calculate both always */
158
  ChapMS_NT(rchallenge, rchallenge_len, secret, secret_len, &response);
159
 
160
#ifdef MSLANMAN
161
  ChapMS_LANMan(rchallenge, rchallenge_len, secret, secret_len, &response);
162
 
163
  /* prefered method is set by option  */
164
  response.UseNT = !ms_lanman;
165
#else
166
  response.UseNT = 1;
167
#endif
168
 
169
  BCOPY(&response, cstate->response, MS_CHAP_RESPONSE_LEN);
170
  cstate->resp_length = MS_CHAP_RESPONSE_LEN;
171
}
172
 
173
 
174
/**********************************/
175
/*** LOCAL FUNCTION DEFINITIONS ***/
176
/**********************************/
177
static void
178
ChallengeResponse( u_char *challenge, /* IN   8 octets */
179
                   u_char *pwHash,    /* IN  16 octets */
180
                   u_char *response   /* OUT 24 octets */)
181
{
182
  char    ZPasswordHash[21];
183
 
184
  BZERO(ZPasswordHash, sizeof(ZPasswordHash));
185
  BCOPY(pwHash, ZPasswordHash, 16);
186
 
187
#if 0
188
  log_packet(ZPasswordHash, sizeof(ZPasswordHash), "ChallengeResponse - ZPasswordHash", LOG_DEBUG);
189
#endif
190
 
191
  DesEncrypt(challenge, ZPasswordHash +  0, response + 0);
192
  DesEncrypt(challenge, ZPasswordHash +  7, response + 8);
193
  DesEncrypt(challenge, ZPasswordHash + 14, response + 16);
194
 
195
#if 0
196
  log_packet(response, 24, "ChallengeResponse - response", LOG_DEBUG);
197
#endif
198
}
199
 
200
 
201
#ifdef USE_CRYPT
202
static void
203
DesEncrypt( u_char *clear, /* IN  8 octets */
204
            u_char *key,   /* IN  7 octets */
205
            u_char *cipher /* OUT 8 octets */)
206
{
207
  u_char des_key[8];
208
  u_char crypt_key[66];
209
  u_char des_input[66];
210
 
211
  MakeKey(key, des_key);
212
 
213
  Expand(des_key, crypt_key);
214
  setkey(crypt_key);
215
 
216
#if 0
217
  CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet input : %02X%02X%02X%02X%02X%02X%02X%02X\n",
218
             clear[0], clear[1], clear[2], clear[3], clear[4], clear[5], clear[6], clear[7]));
219
#endif
220
 
221
  Expand(clear, des_input);
222
  encrypt(des_input, 0);
223
  Collapse(des_input, cipher);
224
 
225
#if 0
226
  CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet output: %02X%02X%02X%02X%02X%02X%02X%02X\n",
227
             cipher[0], cipher[1], cipher[2], cipher[3], cipher[4], cipher[5], cipher[6], cipher[7]));
228
#endif
229
}
230
 
231
#else /* USE_CRYPT */
232
 
233
static void
234
DesEncrypt( u_char *clear, /* IN  8 octets */
235
            u_char *key,   /* IN  7 octets */
236
            u_char *cipher /* OUT 8 octets */)
237
{
238
  des_cblock    des_key;
239
  des_key_schedule  key_schedule;
240
 
241
  MakeKey(key, des_key);
242
 
243
  des_set_key(&des_key, key_schedule);
244
 
245
#if 0
246
  CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet input : %02X%02X%02X%02X%02X%02X%02X%02X\n",
247
             clear[0], clear[1], clear[2], clear[3], clear[4], clear[5], clear[6], clear[7]));
248
#endif
249
 
250
  des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1);
251
 
252
#if 0
253
  CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet output: %02X%02X%02X%02X%02X%02X%02X%02X\n",
254
             cipher[0], cipher[1], cipher[2], cipher[3], cipher[4], cipher[5], cipher[6], cipher[7]));
255
#endif
256
}
257
 
258
#endif /* USE_CRYPT */
259
 
260
 
261
static u_char
262
Get7Bits( u_char *input, int startBit)
263
{
264
  register unsigned int  word;
265
 
266
  word  = (unsigned)input[startBit / 8] << 8;
267
  word |= (unsigned)input[startBit / 8 + 1];
268
 
269
  word >>= 15 - (startBit % 8 + 7);
270
 
271
  return word & 0xFE;
272
}
273
 
274
#ifdef USE_CRYPT
275
 
276
/* in == 8-byte string (expanded version of the 56-bit key)
277
 * out == 64-byte string where each byte is either 1 or 0
278
 * Note that the low-order "bit" is always ignored by by setkey()
279
 */
280
static void
281
Expand(u_char *in, u_char *out)
282
{
283
  int j, c;
284
  int i;
285
 
286
  for(i = 0; i < 64; in++){
287
    c = *in;
288
    for(j = 7; j >= 0; j--) {
289
      *out++ = (c >> j) & 01;
290
    }
291
    i += 8;
292
  }
293
}
294
 
295
/* The inverse of Expand
296
 */
297
static void
298
Collapse(u_char *in, u_char *out)
299
{
300
  int j;
301
  int i;
302
  unsigned int c;
303
 
304
  for (i = 0; i < 64; i += 8, out++) {
305
    c = 0;
306
    for (j = 7; j >= 0; j--, in++) {
307
      c |= *in << j;
308
    }
309
    *out = c & 0xff;
310
  }
311
}
312
#endif
313
 
314
static void
315
MakeKey( u_char *key,    /* IN  56 bit DES key missing parity bits */
316
         u_char *des_key /* OUT 64 bit DES key with parity bits added */)
317
{
318
  des_key[0] = Get7Bits(key,  0);
319
  des_key[1] = Get7Bits(key,  7);
320
  des_key[2] = Get7Bits(key, 14);
321
  des_key[3] = Get7Bits(key, 21);
322
  des_key[4] = Get7Bits(key, 28);
323
  des_key[5] = Get7Bits(key, 35);
324
  des_key[6] = Get7Bits(key, 42);
325
  des_key[7] = Get7Bits(key, 49);
326
 
327
#ifndef USE_CRYPT
328
  des_set_odd_parity((des_cblock *)des_key);
329
#endif
330
 
331
#if 0
332
  CHAPDEBUG((LOG_INFO, "MakeKey: 56-bit input : %02X%02X%02X%02X%02X%02X%02X\n",
333
             key[0], key[1], key[2], key[3], key[4], key[5], key[6]));
334
  CHAPDEBUG((LOG_INFO, "MakeKey: 64-bit output: %02X%02X%02X%02X%02X%02X%02X%02X\n",
335
             des_key[0], des_key[1], des_key[2], des_key[3], des_key[4], des_key[5], des_key[6], des_key[7]));
336
#endif
337
}
338
 
339
static void
340
ChapMS_NT( char *rchallenge,
341
           int rchallenge_len,
342
           char *secret,
343
           int secret_len,
344
           MS_ChapResponse *response)
345
{
346
  int      i;
347
  MDstruct  md4Context;
348
  u_char    unicodePassword[MAX_NT_PASSWORD * 2];
349
  static int  low_byte_first = -1;
350
 
351
  /* Initialize the Unicode version of the secret (== password). */
352
  /* This implicitly supports 8-bit ISO8859/1 characters. */
353
  BZERO(unicodePassword, sizeof(unicodePassword));
354
  for (i = 0; i < secret_len; i++) {
355
    unicodePassword[i * 2] = (u_char)secret[i];
356
  }
357
  MDbegin(&md4Context);
358
  MDupdate(&md4Context, unicodePassword, secret_len * 2 * 8);  /* Unicode is 2 bytes/char, *8 for bit count */
359
 
360
  if (low_byte_first == -1) {
361
    low_byte_first = (htons((unsigned short int)1) != 1);
362
  }
363
  if (low_byte_first == 0) {
364
    MDreverse((u_long *)&md4Context);  /*  sfb 961105 */
365
  }
366
 
367
  MDupdate(&md4Context, NULL, 0);  /* Tell MD4 we're done */
368
 
369
  ChallengeResponse(rchallenge, (char *)md4Context.buffer, response->NTResp);
370
}
371
 
372
#ifdef MSLANMAN
373
static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */
374
 
375
static void
376
ChapMS_LANMan( char *rchallenge,
377
               int rchallenge_len,
378
               char *secret,
379
               int secret_len,
380
               MS_ChapResponse  *response)
381
{
382
  int      i;
383
  u_char    UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
384
  u_char    PasswordHash[16];
385
 
386
  /* LANMan password is case insensitive */
387
  BZERO(UcasePassword, sizeof(UcasePassword));
388
  for (i = 0; i < secret_len; i++) {
389
    UcasePassword[i] = (u_char)toupper(secret[i]);
390
  }
391
  DesEncrypt( StdText, UcasePassword + 0, PasswordHash + 0 );
392
  DesEncrypt( StdText, UcasePassword + 7, PasswordHash + 8 );
393
  ChallengeResponse(rchallenge, PasswordHash, response->LANManResp);
394
}
395
#endif
396
 
397
#endif /* MSCHAP_SUPPORT */
398
 
399
#endif /* PPP_SUPPORT */

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.