16d49e1aeSJan Lentfer /*
26d49e1aeSJan Lentfer * MSCHAPV2 (RFC 2759)
36d49e1aeSJan Lentfer * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
46d49e1aeSJan Lentfer *
53ff40c12SJohn Marino * This software may be distributed under the terms of the BSD license.
63ff40c12SJohn Marino * See README for more details.
76d49e1aeSJan Lentfer */
86d49e1aeSJan Lentfer
96d49e1aeSJan Lentfer #include "includes.h"
106d49e1aeSJan Lentfer
116d49e1aeSJan Lentfer #include "common.h"
123ff40c12SJohn Marino #include "crypto/ms_funcs.h"
136d49e1aeSJan Lentfer #include "mschapv2.h"
146d49e1aeSJan Lentfer
mschapv2_remove_domain(const u8 * username,size_t * len)156d49e1aeSJan Lentfer const u8 * mschapv2_remove_domain(const u8 *username, size_t *len)
166d49e1aeSJan Lentfer {
176d49e1aeSJan Lentfer size_t i;
186d49e1aeSJan Lentfer
196d49e1aeSJan Lentfer /*
206d49e1aeSJan Lentfer * MSCHAPv2 does not include optional domain name in the
216d49e1aeSJan Lentfer * challenge-response calculation, so remove domain prefix
226d49e1aeSJan Lentfer * (if present).
236d49e1aeSJan Lentfer */
246d49e1aeSJan Lentfer
256d49e1aeSJan Lentfer for (i = 0; i < *len; i++) {
266d49e1aeSJan Lentfer if (username[i] == '\\') {
276d49e1aeSJan Lentfer *len -= i + 1;
286d49e1aeSJan Lentfer return username + i + 1;
296d49e1aeSJan Lentfer }
306d49e1aeSJan Lentfer }
316d49e1aeSJan Lentfer
326d49e1aeSJan Lentfer return username;
336d49e1aeSJan Lentfer }
346d49e1aeSJan Lentfer
356d49e1aeSJan Lentfer
mschapv2_derive_response(const u8 * identity,size_t identity_len,const u8 * password,size_t password_len,int pwhash,const u8 * auth_challenge,const u8 * peer_challenge,u8 * nt_response,u8 * auth_response,u8 * master_key)363ff40c12SJohn Marino int mschapv2_derive_response(const u8 *identity, size_t identity_len,
376d49e1aeSJan Lentfer const u8 *password, size_t password_len,
386d49e1aeSJan Lentfer int pwhash,
396d49e1aeSJan Lentfer const u8 *auth_challenge,
406d49e1aeSJan Lentfer const u8 *peer_challenge,
416d49e1aeSJan Lentfer u8 *nt_response, u8 *auth_response,
426d49e1aeSJan Lentfer u8 *master_key)
436d49e1aeSJan Lentfer {
446d49e1aeSJan Lentfer const u8 *username;
456d49e1aeSJan Lentfer size_t username_len;
466d49e1aeSJan Lentfer u8 password_hash[16], password_hash_hash[16];
476d49e1aeSJan Lentfer
486d49e1aeSJan Lentfer wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Identity",
496d49e1aeSJan Lentfer identity, identity_len);
506d49e1aeSJan Lentfer username_len = identity_len;
516d49e1aeSJan Lentfer username = mschapv2_remove_domain(identity, &username_len);
526d49e1aeSJan Lentfer wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Username",
536d49e1aeSJan Lentfer username, username_len);
546d49e1aeSJan Lentfer
556d49e1aeSJan Lentfer wpa_hexdump(MSG_DEBUG, "MSCHAPV2: auth_challenge",
566d49e1aeSJan Lentfer auth_challenge, MSCHAPV2_CHAL_LEN);
576d49e1aeSJan Lentfer wpa_hexdump(MSG_DEBUG, "MSCHAPV2: peer_challenge",
586d49e1aeSJan Lentfer peer_challenge, MSCHAPV2_CHAL_LEN);
596d49e1aeSJan Lentfer wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: username",
606d49e1aeSJan Lentfer username, username_len);
616d49e1aeSJan Lentfer /* Authenticator response is not really needed yet, but calculate it
626d49e1aeSJan Lentfer * here so that challenges need not be saved. */
636d49e1aeSJan Lentfer if (pwhash) {
646d49e1aeSJan Lentfer wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: password hash",
656d49e1aeSJan Lentfer password, password_len);
663ff40c12SJohn Marino if (generate_nt_response_pwhash(auth_challenge, peer_challenge,
676d49e1aeSJan Lentfer username, username_len,
683ff40c12SJohn Marino password, nt_response) ||
696d49e1aeSJan Lentfer generate_authenticator_response_pwhash(
706d49e1aeSJan Lentfer password, peer_challenge, auth_challenge,
713ff40c12SJohn Marino username, username_len, nt_response,
723ff40c12SJohn Marino auth_response))
733ff40c12SJohn Marino return -1;
746d49e1aeSJan Lentfer } else {
756d49e1aeSJan Lentfer wpa_hexdump_ascii_key(MSG_DEBUG, "MSCHAPV2: password",
766d49e1aeSJan Lentfer password, password_len);
773ff40c12SJohn Marino if (generate_nt_response(auth_challenge, peer_challenge,
786d49e1aeSJan Lentfer username, username_len,
793ff40c12SJohn Marino password, password_len,
803ff40c12SJohn Marino nt_response) ||
816d49e1aeSJan Lentfer generate_authenticator_response(password, password_len,
823ff40c12SJohn Marino peer_challenge,
833ff40c12SJohn Marino auth_challenge,
846d49e1aeSJan Lentfer username, username_len,
853ff40c12SJohn Marino nt_response,
863ff40c12SJohn Marino auth_response))
873ff40c12SJohn Marino return -1;
886d49e1aeSJan Lentfer }
896d49e1aeSJan Lentfer wpa_hexdump(MSG_DEBUG, "MSCHAPV2: NT Response",
906d49e1aeSJan Lentfer nt_response, MSCHAPV2_NT_RESPONSE_LEN);
916d49e1aeSJan Lentfer wpa_hexdump(MSG_DEBUG, "MSCHAPV2: Auth Response",
926d49e1aeSJan Lentfer auth_response, MSCHAPV2_AUTH_RESPONSE_LEN);
936d49e1aeSJan Lentfer
946d49e1aeSJan Lentfer /* Generate master_key here since we have the needed data available. */
956d49e1aeSJan Lentfer if (pwhash) {
963ff40c12SJohn Marino if (hash_nt_password_hash(password, password_hash_hash))
973ff40c12SJohn Marino return -1;
986d49e1aeSJan Lentfer } else {
993ff40c12SJohn Marino if (nt_password_hash(password, password_len, password_hash) ||
1003ff40c12SJohn Marino hash_nt_password_hash(password_hash, password_hash_hash))
1013ff40c12SJohn Marino return -1;
1026d49e1aeSJan Lentfer }
1033ff40c12SJohn Marino if (get_master_key(password_hash_hash, nt_response, master_key))
1043ff40c12SJohn Marino return -1;
1056d49e1aeSJan Lentfer wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: Master Key",
1066d49e1aeSJan Lentfer master_key, MSCHAPV2_MASTER_KEY_LEN);
1073ff40c12SJohn Marino
1083ff40c12SJohn Marino return 0;
1096d49e1aeSJan Lentfer }
1106d49e1aeSJan Lentfer
1116d49e1aeSJan Lentfer
mschapv2_verify_auth_response(const u8 * auth_response,const u8 * buf,size_t buf_len)1126d49e1aeSJan Lentfer int mschapv2_verify_auth_response(const u8 *auth_response,
1136d49e1aeSJan Lentfer const u8 *buf, size_t buf_len)
1146d49e1aeSJan Lentfer {
1156d49e1aeSJan Lentfer u8 recv_response[MSCHAPV2_AUTH_RESPONSE_LEN];
1166d49e1aeSJan Lentfer if (buf_len < 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN ||
1176d49e1aeSJan Lentfer buf[0] != 'S' || buf[1] != '=' ||
1186d49e1aeSJan Lentfer hexstr2bin((char *) (buf + 2), recv_response,
1196d49e1aeSJan Lentfer MSCHAPV2_AUTH_RESPONSE_LEN) ||
120*a1157835SDaniel Fojt os_memcmp_const(auth_response, recv_response,
1216d49e1aeSJan Lentfer MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
1226d49e1aeSJan Lentfer return -1;
1236d49e1aeSJan Lentfer return 0;
1246d49e1aeSJan Lentfer }
125