← Back to branch summary

~ubuntu-branches/ubuntu/saucy/wpasupplicant/saucy

« back to all changes in this revision

Viewing changes to src/crypto/ms_funcs.c

  • Committer: Bazaar Package Importer
  • Author(s): Mathieu Trudel-Lapierre
  • Date: 2010-11-22 09:43:43 UTC
  • mfrom: (1.1.16 upstream)
  • Revision ID: james.westby@ubuntu.com-20101122094343-qgsxaojvmswfri77
Tags: 0.7.3-0ubuntu1
* Get wpasupplicant 0.7.3 from Debian's SVN. Leaving 0.7.3-1 as unreleased
  for now.
* Build-Depend on debhelper 8, since the packaging from Debian uses compat 8.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/crypto/ms_funcs.c
1
1
/*
2
2
 * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759
3
 
 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
 
3
 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
4
4
 *
5
5
 * This program is free software; you can redistribute it and/or modify
6
6
 * it under the terms of the GNU General Public License version 2 as
18
18
#include "sha1.h"
19
19
#include "ms_funcs.h"
20
20
#include "crypto.h"
21
 
#include "rc4.h"
22
21
 
23
22
 
24
23
/**
28
27
 * @username: 0-to-256-char UserName (IN)
29
28
 * @username_len: Length of username
30
29
 * @challenge: 8-octet Challenge (OUT)
 
30
 * Returns: 0 on success, -1 on failure
31
31
 */
32
 
static void challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
33
 
                           const u8 *username, size_t username_len,
34
 
                           u8 *challenge)
 
32
static int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
 
33
                          const u8 *username, size_t username_len,
 
34
                          u8 *challenge)
35
35
{
36
36
        u8 hash[SHA1_MAC_LEN];
37
37
        const unsigned char *addr[3];
44
44
        addr[2] = username;
45
45
        len[2] = username_len;
46
46
 
47
 
        sha1_vector(3, addr, len, hash);
 
47
        if (sha1_vector(3, addr, len, hash))
 
48
                return -1;
48
49
        os_memcpy(challenge, hash, 8);
 
50
        return 0;
49
51
}
50
52
 
51
53
 
54
56
 * @password: 0-to-256-unicode-char Password (IN; ASCII)
55
57
 * @password_len: Length of password
56
58
 * @password_hash: 16-octet PasswordHash (OUT)
 
59
 * Returns: 0 on success, -1 on failure
57
60
 */
58
 
void nt_password_hash(const u8 *password, size_t password_len,
 
61
int nt_password_hash(const u8 *password, size_t password_len,
59
62
                      u8 *password_hash)
60
63
{
61
64
        u8 buf[512], *pos;
72
75
 
73
76
        len = password_len * 2;
74
77
        pos = buf;
75
 
        md4_vector(1, (const u8 **) &pos, &len, password_hash);
 
78
        return md4_vector(1, (const u8 **) &pos, &len, password_hash);
76
79
}
77
80
 
78
81
 
80
83
 * hash_nt_password_hash - HashNtPasswordHash() - RFC 2759, Sect. 8.4
81
84
 * @password_hash: 16-octet PasswordHash (IN)
82
85
 * @password_hash_hash: 16-octet PasswordHashHash (OUT)
 
86
 * Returns: 0 on success, -1 on failure
83
87
 */
84
 
void hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash)
 
88
int hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash)
85
89
{
86
90
        size_t len = 16;
87
 
        md4_vector(1, &password_hash, &len, password_hash_hash);
 
91
        return md4_vector(1, &password_hash, &len, password_hash_hash);
88
92
}
89
93
 
90
94
 
116
120
 * @password: 0-to-256-unicode-char Password (IN; ASCII)
117
121
 * @password_len: Length of password
118
122
 * @response: 24-octet Response (OUT)
 
123
 * Returns: 0 on success, -1 on failure
119
124
 */
120
 
void generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge,
121
 
                          const u8 *username, size_t username_len,
122
 
                          const u8 *password, size_t password_len,
123
 
                          u8 *response)
 
125
int generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge,
 
126
                         const u8 *username, size_t username_len,
 
127
                         const u8 *password, size_t password_len,
 
128
                         u8 *response)
124
129
{
125
130
        u8 challenge[8];
126
131
        u8 password_hash[16];
127
132
 
128
133
        challenge_hash(peer_challenge, auth_challenge, username, username_len,
129
134
                       challenge);
130
 
        nt_password_hash(password, password_len, password_hash);
 
135
        if (nt_password_hash(password, password_len, password_hash))
 
136
                return -1;
131
137
        challenge_response(challenge, password_hash, response);
 
138
        return 0;
132
139
}
133
140
 
134
141
 
140
147
 * @username_len: Length of username
141
148
 * @password_hash: 16-octet PasswordHash (IN)
142
149
 * @response: 24-octet Response (OUT)
 
150
 * Returns: 0 on success, -1 on failure
143
151
 */
144
 
void generate_nt_response_pwhash(const u8 *auth_challenge,
145
 
                                 const u8 *peer_challenge,
146
 
                                 const u8 *username, size_t username_len,
147
 
                                 const u8 *password_hash,
148
 
                                 u8 *response)
 
152
int generate_nt_response_pwhash(const u8 *auth_challenge,
 
153
                                const u8 *peer_challenge,
 
154
                                const u8 *username, size_t username_len,
 
155
                                const u8 *password_hash,
 
156
                                u8 *response)
149
157
{
150
158
        u8 challenge[8];
151
159
 
152
 
        challenge_hash(peer_challenge, auth_challenge, username, username_len,
153
 
                       challenge);
 
160
        if (challenge_hash(peer_challenge, auth_challenge,
 
161
                           username, username_len,
 
162
                           challenge))
 
163
                return -1;
154
164
        challenge_response(challenge, password_hash, response);
 
165
        return 0;
155
166
}
156
167
 
157
168
 
165
176
 * @username_len: Length of username
166
177
 * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually
167
178
 * encoded as a 42-octet ASCII string (S=hexdump_of_response)
 
179
 * Returns: 0 on success, -1 on failure
168
180
 */
169
 
void generate_authenticator_response_pwhash(
 
181
int generate_authenticator_response_pwhash(
170
182
        const u8 *password_hash,
171
183
        const u8 *peer_challenge, const u8 *auth_challenge,
172
184
        const u8 *username, size_t username_len,
200
212
        addr2[1] = challenge;
201
213
        addr2[2] = magic2;
202
214
 
203
 
        hash_nt_password_hash(password_hash, password_hash_hash);
204
 
        sha1_vector(3, addr1, len1, response);
 
215
        if (hash_nt_password_hash(password_hash, password_hash_hash))
 
216
                return -1;
 
217
        if (sha1_vector(3, addr1, len1, response))
 
218
                return -1;
205
219
 
206
220
        challenge_hash(peer_challenge, auth_challenge, username, username_len,
207
221
                       challenge);
208
 
        sha1_vector(3, addr2, len2, response);
 
222
        return sha1_vector(3, addr2, len2, response);
209
223
}
210
224
 
211
225
 
220
234
 * @username_len: Length of username
221
235
 * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually
222
236
 * encoded as a 42-octet ASCII string (S=hexdump_of_response)
 
237
 * Returns: 0 on success, -1 on failure
223
238
 */
224
 
void generate_authenticator_response(const u8 *password, size_t password_len,
225
 
                                     const u8 *peer_challenge,
226
 
                                     const u8 *auth_challenge,
227
 
                                     const u8 *username, size_t username_len,
228
 
                                     const u8 *nt_response, u8 *response)
 
239
int generate_authenticator_response(const u8 *password, size_t password_len,
 
240
                                    const u8 *peer_challenge,
 
241
                                    const u8 *auth_challenge,
 
242
                                    const u8 *username, size_t username_len,
 
243
                                    const u8 *nt_response, u8 *response)
229
244
{
230
245
        u8 password_hash[16];
231
 
        nt_password_hash(password, password_len, password_hash);
232
 
        generate_authenticator_response_pwhash(password_hash,
233
 
                                               peer_challenge, auth_challenge,
234
 
                                               username, username_len,
235
 
                                               nt_response, response);
 
246
        if (nt_password_hash(password, password_len, password_hash))
 
247
                return -1;
 
248
        return generate_authenticator_response_pwhash(
 
249
                password_hash, peer_challenge, auth_challenge,
 
250
                username, username_len, nt_response, response);
236
251
}
237
252
 
238
253
 
242
257
 * @password: 0-to-256-unicode-char Password (IN; ASCII)
243
258
 * @password_len: Length of password
244
259
 * @response: 24-octet Response (OUT)
 
260
 * Returns: 0 on success, -1 on failure
245
261
 */
246
 
void nt_challenge_response(const u8 *challenge, const u8 *password,
247
 
                           size_t password_len, u8 *response)
 
262
int nt_challenge_response(const u8 *challenge, const u8 *password,
 
263
                          size_t password_len, u8 *response)
248
264
{
249
265
        u8 password_hash[16];
250
 
        nt_password_hash(password, password_len, password_hash);
 
266
        if (nt_password_hash(password, password_len, password_hash))
 
267
                return -1;
251
268
        challenge_response(challenge, password_hash, response);
 
269
        return 0;
252
270
}
253
271
 
254
272
 
257
275
 * @password_hash_hash: 16-octet PasswordHashHash (IN)
258
276
 * @nt_response: 24-octet NTResponse (IN)
259
277
 * @master_key: 16-octet MasterKey (OUT)
 
278
 * Returns: 0 on success, -1 on failure
260
279
 */
261
 
void get_master_key(const u8 *password_hash_hash, const u8 *nt_response,
262
 
                    u8 *master_key)
 
280
int get_master_key(const u8 *password_hash_hash, const u8 *nt_response,
 
281
                   u8 *master_key)
263
282
{
264
283
        static const u8 magic1[27] = {
265
284
                0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
274
293
        addr[1] = nt_response;
275
294
        addr[2] = magic1;
276
295
 
277
 
        sha1_vector(3, addr, len, hash);
 
296
        if (sha1_vector(3, addr, len, hash))
 
297
                return -1;
278
298
        os_memcpy(master_key, hash, 16);
 
299
        return 0;
279
300
}
280
301
 
281
302
 
286
307
 * @session_key_len: SessionKeyLength (Length of session_key) (IN)
287
308
 * @is_send: IsSend (IN, BOOLEAN)
288
309
 * @is_server: IsServer (IN, BOOLEAN)
 
310
 * Returns: 0 on success, -1 on failure
289
311
 */
290
 
void get_asymetric_start_key(const u8 *master_key, u8 *session_key,
291
 
                             size_t session_key_len, int is_send,
292
 
                             int is_server)
 
312
int get_asymetric_start_key(const u8 *master_key, u8 *session_key,
 
313
                            size_t session_key_len, int is_send,
 
314
                            int is_server)
293
315
{
294
316
        static const u8 magic2[84] = {
295
317
                0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
339
361
        }
340
362
        addr[3] = shs_pad2;
341
363
 
342
 
        sha1_vector(4, addr, len, digest);
 
364
        if (sha1_vector(4, addr, len, digest))
 
365
                return -1;
343
366
 
344
367
        if (session_key_len > SHA1_MAC_LEN)
345
368
                session_key_len = SHA1_MAC_LEN;
346
369
        os_memcpy(session_key, digest, session_key_len);
 
370
        return 0;
347
371
}
348
372
 
349
373
 
400
424
{
401
425
        u8 password_hash[16];
402
426
 
403
 
        nt_password_hash(old_password, old_password_len, password_hash);
 
427
        if (nt_password_hash(old_password, old_password_len, password_hash))
 
428
                return -1;
404
429
        if (encrypt_pw_block_with_password_hash(new_password, new_password_len,
405
430
                                                password_hash,
406
431
                                                encrypted_pw_block))
430
455
 * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII)
431
456
 * @old_password_len: Length of old_password
432
457
 * @encrypted_password_hash: 16-octet EncryptedPasswordHash (OUT)
 
458
 * Returns: 0 on success, -1 on failure
433
459
 */
434
 
void old_nt_password_hash_encrypted_with_new_nt_password_hash(
 
460
int old_nt_password_hash_encrypted_with_new_nt_password_hash(
435
461
        const u8 *new_password, size_t new_password_len,
436
462
        const u8 *old_password, size_t old_password_len,
437
463
        u8 *encrypted_password_hash)
438
464
{
439
465
        u8 old_password_hash[16], new_password_hash[16];
440
466
 
441
 
        nt_password_hash(old_password, old_password_len, old_password_hash);
442
 
        nt_password_hash(new_password, new_password_len, new_password_hash);
 
467
        if (nt_password_hash(old_password, old_password_len,
 
468
                             old_password_hash) ||
 
469
            nt_password_hash(new_password, new_password_len,
 
470
                             new_password_hash))
 
471
                return -1;
443
472
        nt_password_hash_encrypted_with_block(old_password_hash,
444
473
                                              new_password_hash,
445
474
                                              encrypted_password_hash);
 
475
        return 0;
446
476
}