mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2025-01-05 04:32:34 +01:00
mschaputil: Memzero copies of secrets
This commit is contained in:
parent
7031045dfb
commit
14572c0f1a
@ -51,6 +51,8 @@ static bool mschap_des_encrypt(const uint8_t challenge[static 8],
|
|||||||
pkey[i] = next | 1;
|
pkey[i] = next | 1;
|
||||||
|
|
||||||
cipher = l_cipher_new(L_CIPHER_DES, pkey, 8);
|
cipher = l_cipher_new(L_CIPHER_DES, pkey, 8);
|
||||||
|
explicit_bzero(pkey, 8);
|
||||||
|
|
||||||
if (!cipher)
|
if (!cipher)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
@ -64,20 +66,17 @@ bool mschap_challenge_response(const uint8_t *challenge,
|
|||||||
const uint8_t *password_hash, uint8_t *response)
|
const uint8_t *password_hash, uint8_t *response)
|
||||||
{
|
{
|
||||||
uint8_t buf[21];
|
uint8_t buf[21];
|
||||||
|
bool r;
|
||||||
|
|
||||||
memset(buf, 0, sizeof(buf));
|
memset(buf, 0, sizeof(buf));
|
||||||
memcpy(buf, password_hash, 16);
|
memcpy(buf, password_hash, 16);
|
||||||
|
|
||||||
if (!mschap_des_encrypt(challenge, buf + 0, response + 0))
|
r = mschap_des_encrypt(challenge, buf + 0, response + 0) &&
|
||||||
return false;
|
mschap_des_encrypt(challenge, buf + 7, response + 8) &&
|
||||||
|
mschap_des_encrypt(challenge, buf + 14, response + 16);
|
||||||
|
|
||||||
if (!mschap_des_encrypt(challenge, buf + 7, response + 8))
|
explicit_bzero(buf, sizeof(buf));
|
||||||
return false;
|
return r;
|
||||||
|
|
||||||
if (!mschap_des_encrypt(challenge, buf + 14, response + 16))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -95,6 +94,7 @@ bool mschap_nt_password_hash(const char *password, uint8_t *password_hash)
|
|||||||
uint16_t buffer[size];
|
uint16_t buffer[size];
|
||||||
unsigned int i, pos;
|
unsigned int i, pos;
|
||||||
struct l_checksum *check;
|
struct l_checksum *check;
|
||||||
|
bool r = false;
|
||||||
|
|
||||||
for (i = 0, pos = 0; i < size; ++i) {
|
for (i = 0, pos = 0; i < size; ++i) {
|
||||||
wchar_t val;
|
wchar_t val;
|
||||||
@ -104,7 +104,7 @@ bool mschap_nt_password_hash(const char *password, uint8_t *password_hash)
|
|||||||
if (val > 0xFFFF) {
|
if (val > 0xFFFF) {
|
||||||
l_error("Encountered password with value not valid in "
|
l_error("Encountered password with value not valid in "
|
||||||
"ucs-2");
|
"ucs-2");
|
||||||
return false;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
buffer[i] = L_CPU_TO_LE16(val);
|
buffer[i] = L_CPU_TO_LE16(val);
|
||||||
@ -112,13 +112,16 @@ bool mschap_nt_password_hash(const char *password, uint8_t *password_hash)
|
|||||||
|
|
||||||
check = l_checksum_new(L_CHECKSUM_MD4);
|
check = l_checksum_new(L_CHECKSUM_MD4);
|
||||||
if (!check)
|
if (!check)
|
||||||
return false;
|
goto cleanup;
|
||||||
|
|
||||||
l_checksum_update(check, (uint8_t *) buffer, size * 2);
|
l_checksum_update(check, (uint8_t *) buffer, size * 2);
|
||||||
l_checksum_get_digest(check, password_hash, 16);
|
l_checksum_get_digest(check, password_hash, 16);
|
||||||
l_checksum_free(check);
|
l_checksum_free(check);
|
||||||
|
r = true;
|
||||||
|
|
||||||
return true;
|
cleanup:
|
||||||
|
explicit_bzero(buffer, size * 2);
|
||||||
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const char *mschapv2_exlude_domain_name(const char *username)
|
static const char *mschapv2_exlude_domain_name(const char *username)
|
||||||
@ -189,6 +192,7 @@ bool mschapv2_generate_nt_response(const uint8_t password_hash[static 16],
|
|||||||
{
|
{
|
||||||
uint8_t challenge[8];
|
uint8_t challenge[8];
|
||||||
uint8_t buffer[21];
|
uint8_t buffer[21];
|
||||||
|
bool r;
|
||||||
|
|
||||||
if (!mschapv2_challenge_hash(peer_challenge, server_challenge, user,
|
if (!mschapv2_challenge_hash(peer_challenge, server_challenge, user,
|
||||||
challenge))
|
challenge))
|
||||||
@ -197,16 +201,12 @@ bool mschapv2_generate_nt_response(const uint8_t password_hash[static 16],
|
|||||||
memset(buffer, 0, sizeof(buffer));
|
memset(buffer, 0, sizeof(buffer));
|
||||||
memcpy(buffer, password_hash, 16);
|
memcpy(buffer, password_hash, 16);
|
||||||
|
|
||||||
if (!mschap_des_encrypt(challenge, buffer + 0, response + 0))
|
r = mschap_des_encrypt(challenge, buffer + 0, response + 0) &&
|
||||||
return false;
|
mschap_des_encrypt(challenge, buffer + 7, response + 8) &&
|
||||||
|
mschap_des_encrypt(challenge, buffer + 14, response + 16);
|
||||||
|
|
||||||
if (!mschap_des_encrypt(challenge, buffer + 7, response + 8))
|
explicit_bzero(buffer, sizeof(buffer));
|
||||||
return false;
|
return r;
|
||||||
|
|
||||||
if (!mschap_des_encrypt(challenge, buffer + 14, response + 16))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user