mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-12-05 05:38:32 -05:00
a6eae3f7a1
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
125 lines
3.6 KiB
C
125 lines
3.6 KiB
C
/*
|
|
* MSCHAPV2 (RFC 2759)
|
|
* Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
|
|
*
|
|
* This software may be distributed under the terms of the BSD license.
|
|
* See README for more details.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#include "common.h"
|
|
#include "crypto/ms_funcs.h"
|
|
#include "mschapv2.h"
|
|
|
|
const u8 * mschapv2_remove_domain(const u8 *username, size_t *len)
|
|
{
|
|
size_t i;
|
|
|
|
/*
|
|
* MSCHAPv2 does not include optional domain name in the
|
|
* challenge-response calculation, so remove domain prefix
|
|
* (if present).
|
|
*/
|
|
|
|
for (i = 0; i < *len; i++) {
|
|
if (username[i] == '\\') {
|
|
*len -= i + 1;
|
|
return username + i + 1;
|
|
}
|
|
}
|
|
|
|
return username;
|
|
}
|
|
|
|
|
|
int mschapv2_derive_response(const u8 *identity, size_t identity_len,
|
|
const u8 *password, size_t password_len,
|
|
int pwhash,
|
|
const u8 *auth_challenge,
|
|
const u8 *peer_challenge,
|
|
u8 *nt_response, u8 *auth_response,
|
|
u8 *master_key)
|
|
{
|
|
const u8 *username;
|
|
size_t username_len;
|
|
u8 password_hash[16], password_hash_hash[16];
|
|
|
|
wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Identity",
|
|
identity, identity_len);
|
|
username_len = identity_len;
|
|
username = mschapv2_remove_domain(identity, &username_len);
|
|
wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Username",
|
|
username, username_len);
|
|
|
|
wpa_hexdump(MSG_DEBUG, "MSCHAPV2: auth_challenge",
|
|
auth_challenge, MSCHAPV2_CHAL_LEN);
|
|
wpa_hexdump(MSG_DEBUG, "MSCHAPV2: peer_challenge",
|
|
peer_challenge, MSCHAPV2_CHAL_LEN);
|
|
wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: username",
|
|
username, username_len);
|
|
/* Authenticator response is not really needed yet, but calculate it
|
|
* here so that challenges need not be saved. */
|
|
if (pwhash) {
|
|
wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: password hash",
|
|
password, password_len);
|
|
if (generate_nt_response_pwhash(auth_challenge, peer_challenge,
|
|
username, username_len,
|
|
password, nt_response) ||
|
|
generate_authenticator_response_pwhash(
|
|
password, peer_challenge, auth_challenge,
|
|
username, username_len, nt_response,
|
|
auth_response))
|
|
return -1;
|
|
} else {
|
|
wpa_hexdump_ascii_key(MSG_DEBUG, "MSCHAPV2: password",
|
|
password, password_len);
|
|
if (generate_nt_response(auth_challenge, peer_challenge,
|
|
username, username_len,
|
|
password, password_len,
|
|
nt_response) ||
|
|
generate_authenticator_response(password, password_len,
|
|
peer_challenge,
|
|
auth_challenge,
|
|
username, username_len,
|
|
nt_response,
|
|
auth_response))
|
|
return -1;
|
|
}
|
|
wpa_hexdump(MSG_DEBUG, "MSCHAPV2: NT Response",
|
|
nt_response, MSCHAPV2_NT_RESPONSE_LEN);
|
|
wpa_hexdump(MSG_DEBUG, "MSCHAPV2: Auth Response",
|
|
auth_response, MSCHAPV2_AUTH_RESPONSE_LEN);
|
|
|
|
/* Generate master_key here since we have the needed data available. */
|
|
if (pwhash) {
|
|
if (hash_nt_password_hash(password, password_hash_hash))
|
|
return -1;
|
|
} else {
|
|
if (nt_password_hash(password, password_len, password_hash) ||
|
|
hash_nt_password_hash(password_hash, password_hash_hash))
|
|
return -1;
|
|
}
|
|
if (get_master_key(password_hash_hash, nt_response, master_key))
|
|
return -1;
|
|
wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: Master Key",
|
|
master_key, MSCHAPV2_MASTER_KEY_LEN);
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
int mschapv2_verify_auth_response(const u8 *auth_response,
|
|
const u8 *buf, size_t buf_len)
|
|
{
|
|
u8 recv_response[MSCHAPV2_AUTH_RESPONSE_LEN];
|
|
if (buf_len < 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN ||
|
|
buf[0] != 'S' || buf[1] != '=' ||
|
|
hexstr2bin((char *) (buf + 2), recv_response,
|
|
MSCHAPV2_AUTH_RESPONSE_LEN) ||
|
|
os_memcmp_const(auth_response, recv_response,
|
|
MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
|
|
return -1;
|
|
return 0;
|
|
}
|