mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-23 15:49:28 +01:00
b768e26f1d
This reverts commit 1e337259ce
.
Using util_get_username was wrong in this context. MSCHAPv2 expects us
to only strip the domain name from identities of the form
domain\identity. util_get_username would also strip identities of the
form username@domain.com.
314 lines
8.4 KiB
C
314 lines
8.4 KiB
C
/*
|
|
*
|
|
* Wireless daemon for Linux
|
|
*
|
|
* Copyright (C) 2018 Intel Corporation. All rights reserved.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include <ell/ell.h>
|
|
|
|
#include "src/missing.h"
|
|
#include "src/mschaputil.h"
|
|
|
|
/**
|
|
* Internal function for generate_nt_response.
|
|
* The DES keys specified for generate_nt_response are 56bit, while the api we
|
|
* use takes 64bit keys, so we have to generate the parity bits.
|
|
**/
|
|
static bool mschap_des_encrypt(const uint8_t challenge[static 8],
|
|
const uint8_t key[static 7],
|
|
uint8_t cipher_text[static 8])
|
|
{
|
|
uint8_t pkey[8], tmp;
|
|
int i;
|
|
struct l_cipher *cipher;
|
|
uint8_t next;
|
|
|
|
for (i = 0, next = 0; i < 7; ++i) {
|
|
tmp = key[i];
|
|
pkey[i] = (tmp >> i) | next | 1;
|
|
next = tmp << (7 - i);
|
|
}
|
|
|
|
pkey[i] = next | 1;
|
|
|
|
cipher = l_cipher_new(L_CIPHER_DES, pkey, 8);
|
|
explicit_bzero(pkey, 8);
|
|
|
|
if (!cipher)
|
|
return false;
|
|
|
|
l_cipher_encrypt(cipher, challenge, cipher_text, 8);
|
|
l_cipher_free(cipher);
|
|
|
|
return true;
|
|
}
|
|
|
|
bool mschap_challenge_response(const uint8_t *challenge,
|
|
const uint8_t *password_hash, uint8_t *response)
|
|
{
|
|
uint8_t buf[21];
|
|
bool r;
|
|
|
|
memset(buf, 0, sizeof(buf));
|
|
memcpy(buf, password_hash, 16);
|
|
|
|
r = mschap_des_encrypt(challenge, buf + 0, response + 0) &&
|
|
mschap_des_encrypt(challenge, buf + 7, response + 8) &&
|
|
mschap_des_encrypt(challenge, buf + 14, response + 16);
|
|
|
|
explicit_bzero(buf, sizeof(buf));
|
|
return r;
|
|
}
|
|
|
|
/**
|
|
* Hash the utf8 encoded nt password.
|
|
* It is asumed, that the password is valid utf8!
|
|
* The rfc says "unicode-char", but never specifies which encoding.
|
|
* This function converts the password to ucs-2.
|
|
* The example in the code uses LE for the unicode chars, so it is forced here.
|
|
* https://tools.ietf.org/html/draft-ietf-pppext-mschap-00#ref-8
|
|
*/
|
|
bool mschap_nt_password_hash(const char *password, uint8_t *password_hash)
|
|
{
|
|
size_t size = l_utf8_strlen(password);
|
|
size_t bsize = strlen(password);
|
|
uint16_t buffer[size];
|
|
unsigned int i, pos;
|
|
struct l_checksum *check;
|
|
bool r = false;
|
|
|
|
for (i = 0, pos = 0; i < size; ++i) {
|
|
wchar_t val;
|
|
|
|
pos += l_utf8_get_codepoint(password + pos, bsize - pos, &val);
|
|
|
|
if (val > 0xFFFF) {
|
|
l_error("Encountered password with value not valid in "
|
|
"ucs-2");
|
|
goto cleanup;
|
|
}
|
|
|
|
buffer[i] = L_CPU_TO_LE16(val);
|
|
}
|
|
|
|
check = l_checksum_new(L_CHECKSUM_MD4);
|
|
if (!check)
|
|
goto cleanup;
|
|
|
|
l_checksum_update(check, (uint8_t *) buffer, size * 2);
|
|
l_checksum_get_digest(check, password_hash, 16);
|
|
l_checksum_free(check);
|
|
r = true;
|
|
|
|
cleanup:
|
|
explicit_bzero(buffer, size * 2);
|
|
return r;
|
|
}
|
|
|
|
static const char *mschapv2_exlude_domain_name(const char *username)
|
|
{
|
|
const char *c;
|
|
|
|
for (c = username; *c; c++) {
|
|
if (*c != '\\')
|
|
continue;
|
|
|
|
return c + 1;
|
|
}
|
|
|
|
return username;
|
|
}
|
|
|
|
/**
|
|
* Internal function to generate the challenge used in nt_response
|
|
* https://tools.ietf.org/html/rfc2759
|
|
*
|
|
* @peer_challenge: The challenge generated by the peer (us)
|
|
* @server_challenge: The challenge generated by the authenticator
|
|
* @user: The username utf8 encoded
|
|
* @challenge: The destination
|
|
*
|
|
* Returns: true on success, false if hash/encrypt couldn't be done
|
|
**/
|
|
static bool mschapv2_challenge_hash(const uint8_t *peer_challenge,
|
|
const uint8_t *server_challenge,
|
|
const char *username,
|
|
uint8_t challenge[static 8])
|
|
{
|
|
struct l_checksum *check;
|
|
|
|
check = l_checksum_new(L_CHECKSUM_SHA1);
|
|
if (!check)
|
|
return false;
|
|
|
|
username = mschapv2_exlude_domain_name(username);
|
|
|
|
l_checksum_update(check, peer_challenge, 16);
|
|
l_checksum_update(check, server_challenge, 16);
|
|
l_checksum_update(check, username, strlen(username));
|
|
|
|
l_checksum_get_digest(check, challenge, 8);
|
|
l_checksum_free(check);
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Generate the nt_response for mschapv2.
|
|
* This function is specified in:
|
|
* https://tools.ietf.org/html/rfc2759
|
|
*
|
|
* @password_hash: The MD4 hash of the ucs2 encoded user password
|
|
* @peer_challenge: the challenge generated by the peer (us)
|
|
* @server_challenge: the challenge generated by the authenticator
|
|
* @user: The username, utf8 encoded
|
|
* @nt_response: The destination
|
|
*
|
|
* Returns: true on success, false if hash/encrypt couldn't be done
|
|
**/
|
|
bool mschapv2_generate_nt_response(const uint8_t password_hash[static 16],
|
|
const uint8_t peer_challenge[static 16],
|
|
const uint8_t server_challenge[static 16],
|
|
const char *user, uint8_t response[static 24])
|
|
{
|
|
uint8_t challenge[8];
|
|
uint8_t buffer[21];
|
|
bool r;
|
|
|
|
if (!mschapv2_challenge_hash(peer_challenge, server_challenge, user,
|
|
challenge))
|
|
return false;
|
|
|
|
memset(buffer, 0, sizeof(buffer));
|
|
memcpy(buffer, password_hash, 16);
|
|
|
|
r = mschap_des_encrypt(challenge, buffer + 0, response + 0) &&
|
|
mschap_des_encrypt(challenge, buffer + 7, response + 8) &&
|
|
mschap_des_encrypt(challenge, buffer + 14, response + 16);
|
|
|
|
explicit_bzero(buffer, sizeof(buffer));
|
|
return r;
|
|
}
|
|
|
|
/**
|
|
* Generate the hash of the password hash
|
|
*
|
|
* @password_hash: The hash of the password
|
|
* @password_hash_hash: The MD4 hash of the password hash
|
|
*
|
|
* Returns: true on success, false if hash/encrypt couldn't be done
|
|
**/
|
|
bool mschapv2_hash_nt_password_hash(const uint8_t password_hash[static 16],
|
|
uint8_t password_hash_hash[static 16])
|
|
{
|
|
struct l_checksum *check;
|
|
|
|
check = l_checksum_new(L_CHECKSUM_MD4);
|
|
if (!check)
|
|
return false;
|
|
|
|
l_checksum_update(check, password_hash, 16);
|
|
l_checksum_get_digest(check, password_hash_hash, 16);
|
|
l_checksum_free(check);
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Generate the mschapv2 authenticator response for verifying authenticator
|
|
* This function is specified in:
|
|
* https://tools.ietf.org/html/rfc2759
|
|
*
|
|
* @password_hash_hash: The MD4 hash of the password hash
|
|
* @nt_response: The nt_response generated for this exchange
|
|
* @peer_challenge: The challenge generated by the peer (us)
|
|
* @server_challenge: The challenge generated by the authenticator
|
|
* @user: The username utf8 encoded
|
|
* @response: The destination
|
|
*
|
|
* Returns: true on success, false if hash/encrypt couldn't be done
|
|
**/
|
|
bool mschapv2_generate_authenticator_response(
|
|
const uint8_t pw_hash_hash[static 16],
|
|
const uint8_t nt_response[static 24],
|
|
const uint8_t peer_challenge[static 16],
|
|
const uint8_t server_challenge[static 16],
|
|
const char *user, char response[static 42])
|
|
{
|
|
static const uint8_t magic1[] = {
|
|
0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
|
|
0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
|
|
0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
|
|
0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74
|
|
};
|
|
|
|
static const uint8_t magic2[] = {
|
|
0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
|
|
0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
|
|
0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
|
|
0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
|
|
0x6E
|
|
};
|
|
|
|
uint8_t digest[20];
|
|
uint8_t challenge[8];
|
|
char *ascii;
|
|
struct l_checksum *check;
|
|
|
|
check = l_checksum_new(L_CHECKSUM_SHA1);
|
|
if (!check)
|
|
return false;
|
|
|
|
l_checksum_update(check, pw_hash_hash, 16);
|
|
l_checksum_update(check, nt_response, 24);
|
|
l_checksum_update(check, magic1, sizeof(magic1));
|
|
l_checksum_get_digest(check, digest, sizeof(digest));
|
|
l_checksum_free(check);
|
|
|
|
if (!mschapv2_challenge_hash(peer_challenge, server_challenge, user,
|
|
challenge))
|
|
return false;
|
|
|
|
check = l_checksum_new(L_CHECKSUM_SHA1);
|
|
if (!check)
|
|
return false;
|
|
|
|
l_checksum_update(check, digest, sizeof(digest));
|
|
l_checksum_update(check, challenge, sizeof(challenge));
|
|
l_checksum_update(check, magic2, sizeof(magic2));
|
|
l_checksum_get_digest(check, digest, sizeof(digest));
|
|
l_checksum_free(check);
|
|
|
|
response[0] = 'S';
|
|
response[1] = '=';
|
|
|
|
ascii = l_util_hexstring_upper(digest, sizeof(digest));
|
|
if (!ascii)
|
|
return false;
|
|
|
|
memcpy(response + 2, ascii, 40);
|
|
l_free(ascii);
|
|
|
|
return true;
|
|
}
|