MS-CHAPv2 authentication. More...

#include <stdint.h>

Data Structures
struct	mschapv2_challenge
	An MS-CHAPv2 challenge. More...

struct	mschapv2_nt_response
	An MS-CHAPv2 NT response. More...

struct	mschapv2_response
	An MS-CHAPv2 challenge response. More...

struct	mschapv2_auth
	An MS-CHAPv2 authenticator response. More...

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)

struct mschapv2_challenge	__attribute__ ((packed))

void	mschapv2_response (const char username, const char password, const struct mschapv2_challenge challenge, const struct mschapv2_challenge peer, struct mschapv2_response *response)
	Calculate MS-CHAPv2 challenge response. More...

void	mschapv2_auth (const char username, const char password, const struct mschapv2_challenge challenge, const struct mschapv2_response response, struct mschapv2_auth *auth)
	Calculate MS-CHAPv2 authenticator response. More...

Variables
uint8_t	byte [16]
	Raw bytes. More...

uint8_t	block [3][8]
	DES-encrypted blocks. More...

struct mschapv2_challenge	peer
	Peer challenge. More...

uint8_t	reserved [8]
	Reserved, must be zero. More...

struct mschapv2_nt_response	nt
	NT response. More...

uint8_t	flags
	Flags, must be zero. More...

char	wtf [42]
	Authenticator response string. More...

Detailed Description

MS-CHAPv2 authentication.

Definition in file mschapv2.h.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ attribute()

struct mschapv2_challenge __attribute__ ( (packed) )

◆ mschapv2_response()

void mschapv2_response	(	const char *	username,
		const char *	password,
		const struct mschapv2_challenge *	challenge,
		const struct mschapv2_challenge *	peer,
		struct mschapv2_response *	response
	)

Calculate MS-CHAPv2 challenge response.

Parameters

username	User name (or NULL to use empty string)
password	Password (or NULL to use empty string)
challenge	Authenticator challenge
peer	Peer challenge
response	Challenge response to fill in

This is essentially the GenerateNTResponse() function as documented in RFC 2759 section 8.1.

Definition at line 269 of file mschapv2.c.

                                                               {
         union mschapv2_context ctx;
         union mschapv2_challenge_hash chash;
         union mschapv2_password_hash phash;
 
         /* Zero reserved fields */
         memset ( response, 0, sizeof ( *response ) );
 
         /* Copy peer challenge to response */
         memcpy ( &response->peer, peer, sizeof ( response->peer ) );
 
         /* Construct challenge hash */
         mschapv2_challenge_hash ( &ctx, challenge, peer, username, &chash );
 
         /* Construct expanded password hash */
         mschapv2_password_hash ( &ctx, password, &phash );
         mschapv2_expand_hash ( &ctx, &phash );
 
         /* Construct NT response */
         mschapv2_challenge_response ( &ctx, &chash, &phash, &response->nt );
         DBGC ( &ctx, "MSCHAPv2 challenge response:\n" );
         DBGC_HDA ( &ctx, 0, response, sizeof ( *response ) );
 }

References ctx, DBGC, DBGC_HDA, memcpy(), memset(), mschapv2_challenge_hash(), mschapv2_challenge_response(), mschapv2_expand_hash(), mschapv2_password_hash(), mschapv2_response::nt, mschapv2_response::peer, and peer.

Referenced by eap_rx_mschapv2_request(), and mschapv2_okx().

◆ mschapv2_auth()

void mschapv2_auth	(	const char *	username,
		const char *	password,
		const struct mschapv2_challenge *	challenge,
		const struct mschapv2_response *	response,
		struct mschapv2_auth *	auth
	)

Calculate MS-CHAPv2 authenticator response.

Parameters

username	User name (or NULL to use empty string)
password	Password (or NULL to use empty string)
challenge	Authenticator challenge
response	Challenge response
auth	Authenticator response to fill in

This is essentially the GenerateAuthenticatorResponse() function as documented in RFC 2759 section 8.7.

Definition at line 308 of file mschapv2.c.

                                                   {
         struct digest_algorithm *sha1 = &sha1_algorithm;
         union mschapv2_context ctx;
         union mschapv2_challenge_hash chash;
         union mschapv2_password_hash phash;
         char tmp[3];
         char *wtf;
         unsigned int i;
 
         /* Construct hash of password hash */
         mschapv2_password_hash ( &ctx, password, &phash );
         mschapv2_hash_hash ( &ctx, &phash );
 
         /* Construct unnamed intermediate hash */
         digest_init ( sha1, ctx.sha1 );
         digest_update ( sha1, ctx.sha1, phash.md4, sizeof ( phash.md4 ) );
         digest_update ( sha1, ctx.sha1, &response->nt,
                         sizeof ( response->nt ) );
         digest_update ( sha1, ctx.sha1, mschapv2_magic1,
                         sizeof ( mschapv2_magic1 ) );
         digest_final ( sha1, ctx.sha1, phash.sha1 );
         DBGC ( &ctx, "MSCHAPv2 NT response:\n" );
         DBGC_HDA ( &ctx, 0, &response->nt, sizeof ( response->nt ) );
         DBGC ( &ctx, "MSCHAPv2 unnamed intermediate hash:\n" );
         DBGC_HDA ( &ctx, 0, phash.sha1, sizeof ( phash.sha1 ) );
 
         /* Construct challenge hash */
         mschapv2_challenge_hash ( &ctx, challenge, &response->peer,
                                   username, &chash );
 
         /* Construct authenticator response hash */
         digest_init ( sha1, ctx.sha1 );
         digest_update ( sha1, ctx.sha1, phash.sha1, sizeof ( phash.sha1 ) );
         digest_update ( sha1, ctx.sha1, chash.des, sizeof ( chash.des ) );
         digest_update ( sha1, ctx.sha1, mschapv2_magic2,
                         sizeof ( mschapv2_magic2 ) );
         digest_final ( sha1, ctx.sha1, phash.sha1 );
         DBGC ( &ctx, "MSCHAPv2 authenticator response hash:\n" );
         DBGC_HDA ( &ctx, 0, phash.sha1, sizeof ( phash.sha1 ) );
 
         /* Encode authenticator response hash */
         wtf = auth->wtf;
         *(wtf++) = 'S';
         *(wtf++) = '=';
         DBGC ( &ctx, "MSCHAPv2 authenticator response: S=" );
         for ( i = 0 ; i < sizeof ( phash.sha1 ) ; i++ ) {
                 snprintf ( tmp, sizeof ( tmp ), "%02X", phash.sha1[i] );
                 *(wtf++) = tmp[0];
                 *(wtf++) = tmp[1];
                 DBGC ( &ctx, "%s", tmp );
         }
         DBGC ( &ctx, "\n" );
 }

References auth, ctx, DBGC, DBGC_HDA, mschapv2_challenge_hash::des, mschapv2_password_hash::md4, mschapv2_challenge_hash(), mschapv2_hash_hash(), mschapv2_magic1, mschapv2_magic2, mschapv2_password_hash(), mschapv2_response::nt, mschapv2_response::peer, mschapv2_password_hash::sha1, sha1_algorithm, snprintf(), tmp, and wtf.

Referenced by mschapv2_okx().

Variable Documentation

◆ byte

uint8_t byte[16]

Raw bytes.

Definition at line 12 of file mschapv2.h.

◆ block

uint16_t block

DES-encrypted blocks.

Definition at line 12 of file mschapv2.h.

Referenced by alloc_memblock(), ar9300_uncompress_block(), ata_open(), atadev_command(), atadev_read(), atadev_read_capacity(), atadev_write(), block_translate(), check_blocks(), cms_digest(), des_round(), efi_block_boot(), efi_block_hook(), efi_block_io_flush(), efi_block_io_read(), efi_block_io_reset(), efi_block_io_write(), efi_block_local(), efi_block_rw(), efi_block_unhook(), efi_nullify_block(), free_memblock(), gcm_process(), ib_srp_open(), mlx_memory_set(), mlx_memory_set_priv(), pbkdf2_sha1_f(), peerblk_open(), peerdist_info_block(), peerdist_info_block_okx(), peerdist_info_test_exec(), peerdist_info_v1_block(), peerdist_info_v2_block(), peermux_step(), phantom_crb_access_2m(), scsi_open(), scsidev_command(), scsidev_read(), scsidev_read_capacity(), scsidev_test_unit_ready(), scsidev_write(), srp_open(), tftp_rx_data(), tftp_send_ack(), valgrind_make_blocks_defined(), valgrind_make_blocks_noaccess(), and vxge_hw_ring_replenish().

◆ peer

struct mschapv2_challenge peer

Peer challenge.

Definition at line 12 of file mschapv2.h.

Referenced by dhcp_deliver(), dhcp_discovery_rx(), dhcp_discovery_tx(), dhcp_proxy_rx(), dhcp_proxy_tx(), dhcp_pxebs_rx(), dhcp_pxebs_tx(), dhcp_request_rx(), dhcp_request_tx(), dhcp_tx(), eap_rx_mschapv2_request(), eoib_create_peer(), eoib_discard(), eoib_find_peer(), eoib_flush_peers(), eoib_rx_av(), eoib_tx_av(), fc_els_logo_logout(), fc_els_plogi_rx(), fc_ns_query(), fc_peer_close(), fc_peer_create(), fc_peer_decrement(), fc_peer_examine(), fc_peer_get(), fc_peer_get_port_id(), fc_peer_get_wwn(), fc_peer_increment(), fc_peer_login(), fc_peer_logout(), fc_peer_plogi(), fc_peer_plogi_done(), fc_peer_put(), fc_port_login(), fc_port_logout(), fc_ulp_create(), fc_ulp_get_port_id_type(), fc_ulp_get_type(), fc_ulp_get_wwn_type(), fcpeerstat(), fcstat_exec(), ipoib_discard_remac(), ipoib_find_remac(), ipoib_flush_remac(), ipoib_map_remac(), iscsi_vredirect(), mschapv2_challenge_hash(), mschapv2_response(), nfs_connect(), peerblk_done(), peerdisc_discovered(), peerdisc_free(), peerdisc_stat(), peermux_block_stat(), ping_callback(), ping_open(), tcp_open(), tcp_open_uri(), udp_open(), udp_open_common(), udp_open_uri(), xfer_open_named_socket(), xfer_open_socket(), and xfer_vopen().

◆ reserved

uint8_t reserved[8]

Reserved, must be zero.

Definition at line 14 of file mschapv2.h.

◆ nt

struct mschapv2_nt_response nt

NT response.

Definition at line 16 of file mschapv2.h.

Referenced by mschapv2_challenge_response(), ntlm_authenticate(), ntlm_authenticate_okx(), and ntlm_response().

◆ flags

uint8_t flags

Flags, must be zero.

Definition at line 18 of file mschapv2.h.

◆ wtf

char wtf[42]

Authenticator response string.

This is an unterminated 42-byte string of the form "S=<auth_string>" where <auth_string> is the upper-cased hexadecimal encoding of the actual authenticator response value. Joy.

Definition at line 18 of file mschapv2.h.

Referenced by efi_console_init(), efi_driver_name(), efi_driver_name2(), efi_veto_find(), and mschapv2_auth().

Data Structures

Functions

Variables

Detailed Description

Function Documentation

◆ FILE_LICENCE()

◆ __attribute__()

◆ mschapv2_response()

◆ mschapv2_auth()

Variable Documentation

◆ byte

◆ block

◆ peer

◆ reserved

◆ nt

◆ flags

◆ wtf

◆ attribute()