1e5b75505Sopenharmony_ci/* 2e5b75505Sopenharmony_ci * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759 3e5b75505Sopenharmony_ci * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi> 4e5b75505Sopenharmony_ci * 5e5b75505Sopenharmony_ci * This software may be distributed under the terms of the BSD license. 6e5b75505Sopenharmony_ci * See README for more details. 7e5b75505Sopenharmony_ci */ 8e5b75505Sopenharmony_ci 9e5b75505Sopenharmony_ci#include "includes.h" 10e5b75505Sopenharmony_ci 11e5b75505Sopenharmony_ci#include "common.h" 12e5b75505Sopenharmony_ci#include "sha1.h" 13e5b75505Sopenharmony_ci#include "ms_funcs.h" 14e5b75505Sopenharmony_ci#include "crypto.h" 15e5b75505Sopenharmony_ci 16e5b75505Sopenharmony_ci/** 17e5b75505Sopenharmony_ci * utf8_to_ucs2 - Convert UTF-8 string to UCS-2 encoding 18e5b75505Sopenharmony_ci * @utf8_string: UTF-8 string (IN) 19e5b75505Sopenharmony_ci * @utf8_string_len: Length of utf8_string (IN) 20e5b75505Sopenharmony_ci * @ucs2_buffer: UCS-2 buffer (OUT) 21e5b75505Sopenharmony_ci * @ucs2_buffer_size: Length of UCS-2 buffer (IN) 22e5b75505Sopenharmony_ci * @ucs2_string_size: Number of 2-byte words in the resulting UCS-2 string 23e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 24e5b75505Sopenharmony_ci */ 25e5b75505Sopenharmony_cistatic int utf8_to_ucs2(const u8 *utf8_string, size_t utf8_string_len, 26e5b75505Sopenharmony_ci u8 *ucs2_buffer, size_t ucs2_buffer_size, 27e5b75505Sopenharmony_ci size_t *ucs2_string_size) 28e5b75505Sopenharmony_ci{ 29e5b75505Sopenharmony_ci size_t i, j; 30e5b75505Sopenharmony_ci 31e5b75505Sopenharmony_ci for (i = 0, j = 0; i < utf8_string_len; i++) { 32e5b75505Sopenharmony_ci u8 c = utf8_string[i]; 33e5b75505Sopenharmony_ci if (j >= ucs2_buffer_size) { 34e5b75505Sopenharmony_ci /* input too long */ 35e5b75505Sopenharmony_ci return -1; 36e5b75505Sopenharmony_ci } 37e5b75505Sopenharmony_ci if (c <= 0x7F) { 38e5b75505Sopenharmony_ci WPA_PUT_LE16(ucs2_buffer + j, c); 39e5b75505Sopenharmony_ci j += 2; 40e5b75505Sopenharmony_ci } else if (i == utf8_string_len - 1 || 41e5b75505Sopenharmony_ci j >= ucs2_buffer_size - 1) { 42e5b75505Sopenharmony_ci /* incomplete surrogate */ 43e5b75505Sopenharmony_ci return -1; 44e5b75505Sopenharmony_ci } else { 45e5b75505Sopenharmony_ci u8 c2 = utf8_string[++i]; 46e5b75505Sopenharmony_ci if ((c & 0xE0) == 0xC0) { 47e5b75505Sopenharmony_ci /* two-byte encoding */ 48e5b75505Sopenharmony_ci WPA_PUT_LE16(ucs2_buffer + j, 49e5b75505Sopenharmony_ci ((c & 0x1F) << 6) | (c2 & 0x3F)); 50e5b75505Sopenharmony_ci j += 2; 51e5b75505Sopenharmony_ci } else if (i == utf8_string_len - 1 || 52e5b75505Sopenharmony_ci j >= ucs2_buffer_size - 1) { 53e5b75505Sopenharmony_ci /* incomplete surrogate */ 54e5b75505Sopenharmony_ci return -1; 55e5b75505Sopenharmony_ci } else { 56e5b75505Sopenharmony_ci /* three-byte encoding */ 57e5b75505Sopenharmony_ci u8 c3 = utf8_string[++i]; 58e5b75505Sopenharmony_ci WPA_PUT_LE16(ucs2_buffer + j, 59e5b75505Sopenharmony_ci ((c & 0xF) << 12) | 60e5b75505Sopenharmony_ci ((c2 & 0x3F) << 6) | (c3 & 0x3F)); 61e5b75505Sopenharmony_ci j += 2; 62e5b75505Sopenharmony_ci } 63e5b75505Sopenharmony_ci } 64e5b75505Sopenharmony_ci } 65e5b75505Sopenharmony_ci 66e5b75505Sopenharmony_ci if (ucs2_string_size) 67e5b75505Sopenharmony_ci *ucs2_string_size = j / 2; 68e5b75505Sopenharmony_ci return 0; 69e5b75505Sopenharmony_ci} 70e5b75505Sopenharmony_ci 71e5b75505Sopenharmony_ci 72e5b75505Sopenharmony_ci/** 73e5b75505Sopenharmony_ci * challenge_hash - ChallengeHash() - RFC 2759, Sect. 8.2 74e5b75505Sopenharmony_ci * @peer_challenge: 16-octet PeerChallenge (IN) 75e5b75505Sopenharmony_ci * @auth_challenge: 16-octet AuthenticatorChallenge (IN) 76e5b75505Sopenharmony_ci * @username: 0-to-256-char UserName (IN) 77e5b75505Sopenharmony_ci * @username_len: Length of username 78e5b75505Sopenharmony_ci * @challenge: 8-octet Challenge (OUT) 79e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 80e5b75505Sopenharmony_ci */ 81e5b75505Sopenharmony_ciint challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge, 82e5b75505Sopenharmony_ci const u8 *username, size_t username_len, u8 *challenge) 83e5b75505Sopenharmony_ci{ 84e5b75505Sopenharmony_ci u8 hash[SHA1_MAC_LEN]; 85e5b75505Sopenharmony_ci const unsigned char *addr[3]; 86e5b75505Sopenharmony_ci size_t len[3]; 87e5b75505Sopenharmony_ci 88e5b75505Sopenharmony_ci addr[0] = peer_challenge; 89e5b75505Sopenharmony_ci len[0] = 16; 90e5b75505Sopenharmony_ci addr[1] = auth_challenge; 91e5b75505Sopenharmony_ci len[1] = 16; 92e5b75505Sopenharmony_ci addr[2] = username; 93e5b75505Sopenharmony_ci len[2] = username_len; 94e5b75505Sopenharmony_ci 95e5b75505Sopenharmony_ci if (sha1_vector(3, addr, len, hash)) 96e5b75505Sopenharmony_ci return -1; 97e5b75505Sopenharmony_ci os_memcpy(challenge, hash, 8); 98e5b75505Sopenharmony_ci return 0; 99e5b75505Sopenharmony_ci} 100e5b75505Sopenharmony_ci 101e5b75505Sopenharmony_ci 102e5b75505Sopenharmony_ci/** 103e5b75505Sopenharmony_ci * nt_password_hash - NtPasswordHash() - RFC 2759, Sect. 8.3 104e5b75505Sopenharmony_ci * @password: 0-to-256-unicode-char Password (IN; UTF-8) 105e5b75505Sopenharmony_ci * @password_len: Length of password 106e5b75505Sopenharmony_ci * @password_hash: 16-octet PasswordHash (OUT) 107e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 108e5b75505Sopenharmony_ci */ 109e5b75505Sopenharmony_ciint nt_password_hash(const u8 *password, size_t password_len, 110e5b75505Sopenharmony_ci u8 *password_hash) 111e5b75505Sopenharmony_ci{ 112e5b75505Sopenharmony_ci u8 buf[512], *pos; 113e5b75505Sopenharmony_ci size_t len, max_len; 114e5b75505Sopenharmony_ci 115e5b75505Sopenharmony_ci max_len = sizeof(buf); 116e5b75505Sopenharmony_ci if (utf8_to_ucs2(password, password_len, buf, max_len, &len) < 0) 117e5b75505Sopenharmony_ci return -1; 118e5b75505Sopenharmony_ci 119e5b75505Sopenharmony_ci len *= 2; 120e5b75505Sopenharmony_ci pos = buf; 121e5b75505Sopenharmony_ci return md4_vector(1, (const u8 **) &pos, &len, password_hash); 122e5b75505Sopenharmony_ci} 123e5b75505Sopenharmony_ci 124e5b75505Sopenharmony_ci 125e5b75505Sopenharmony_ci/** 126e5b75505Sopenharmony_ci * hash_nt_password_hash - HashNtPasswordHash() - RFC 2759, Sect. 8.4 127e5b75505Sopenharmony_ci * @password_hash: 16-octet PasswordHash (IN) 128e5b75505Sopenharmony_ci * @password_hash_hash: 16-octet PasswordHashHash (OUT) 129e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 130e5b75505Sopenharmony_ci */ 131e5b75505Sopenharmony_ciint hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash) 132e5b75505Sopenharmony_ci{ 133e5b75505Sopenharmony_ci size_t len = 16; 134e5b75505Sopenharmony_ci return md4_vector(1, &password_hash, &len, password_hash_hash); 135e5b75505Sopenharmony_ci} 136e5b75505Sopenharmony_ci 137e5b75505Sopenharmony_ci 138e5b75505Sopenharmony_ci/** 139e5b75505Sopenharmony_ci * challenge_response - ChallengeResponse() - RFC 2759, Sect. 8.5 140e5b75505Sopenharmony_ci * @challenge: 8-octet Challenge (IN) 141e5b75505Sopenharmony_ci * @password_hash: 16-octet PasswordHash (IN) 142e5b75505Sopenharmony_ci * @response: 24-octet Response (OUT) 143e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 144e5b75505Sopenharmony_ci */ 145e5b75505Sopenharmony_ciint challenge_response(const u8 *challenge, const u8 *password_hash, 146e5b75505Sopenharmony_ci u8 *response) 147e5b75505Sopenharmony_ci{ 148e5b75505Sopenharmony_ci u8 zpwd[7]; 149e5b75505Sopenharmony_ci 150e5b75505Sopenharmony_ci if (des_encrypt(challenge, password_hash, response) < 0 || 151e5b75505Sopenharmony_ci des_encrypt(challenge, password_hash + 7, response + 8) < 0) 152e5b75505Sopenharmony_ci return -1; 153e5b75505Sopenharmony_ci zpwd[0] = password_hash[14]; 154e5b75505Sopenharmony_ci zpwd[1] = password_hash[15]; 155e5b75505Sopenharmony_ci os_memset(zpwd + 2, 0, 5); 156e5b75505Sopenharmony_ci return des_encrypt(challenge, zpwd, response + 16); 157e5b75505Sopenharmony_ci} 158e5b75505Sopenharmony_ci 159e5b75505Sopenharmony_ci 160e5b75505Sopenharmony_ci/** 161e5b75505Sopenharmony_ci * generate_nt_response - GenerateNTResponse() - RFC 2759, Sect. 8.1 162e5b75505Sopenharmony_ci * @auth_challenge: 16-octet AuthenticatorChallenge (IN) 163e5b75505Sopenharmony_ci * @peer_challenge: 16-octet PeerChallenge (IN) 164e5b75505Sopenharmony_ci * @username: 0-to-256-char UserName (IN) 165e5b75505Sopenharmony_ci * @username_len: Length of username 166e5b75505Sopenharmony_ci * @password: 0-to-256-unicode-char Password (IN; UTF-8) 167e5b75505Sopenharmony_ci * @password_len: Length of password 168e5b75505Sopenharmony_ci * @response: 24-octet Response (OUT) 169e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 170e5b75505Sopenharmony_ci */ 171e5b75505Sopenharmony_ciint generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge, 172e5b75505Sopenharmony_ci const u8 *username, size_t username_len, 173e5b75505Sopenharmony_ci const u8 *password, size_t password_len, 174e5b75505Sopenharmony_ci u8 *response) 175e5b75505Sopenharmony_ci{ 176e5b75505Sopenharmony_ci u8 challenge[8]; 177e5b75505Sopenharmony_ci u8 password_hash[16]; 178e5b75505Sopenharmony_ci 179e5b75505Sopenharmony_ci if (challenge_hash(peer_challenge, auth_challenge, username, 180e5b75505Sopenharmony_ci username_len, challenge) || 181e5b75505Sopenharmony_ci nt_password_hash(password, password_len, password_hash) || 182e5b75505Sopenharmony_ci challenge_response(challenge, password_hash, response)) 183e5b75505Sopenharmony_ci return -1; 184e5b75505Sopenharmony_ci return 0; 185e5b75505Sopenharmony_ci} 186e5b75505Sopenharmony_ci 187e5b75505Sopenharmony_ci 188e5b75505Sopenharmony_ci/** 189e5b75505Sopenharmony_ci * generate_nt_response_pwhash - GenerateNTResponse() - RFC 2759, Sect. 8.1 190e5b75505Sopenharmony_ci * @auth_challenge: 16-octet AuthenticatorChallenge (IN) 191e5b75505Sopenharmony_ci * @peer_challenge: 16-octet PeerChallenge (IN) 192e5b75505Sopenharmony_ci * @username: 0-to-256-char UserName (IN) 193e5b75505Sopenharmony_ci * @username_len: Length of username 194e5b75505Sopenharmony_ci * @password_hash: 16-octet PasswordHash (IN) 195e5b75505Sopenharmony_ci * @response: 24-octet Response (OUT) 196e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 197e5b75505Sopenharmony_ci */ 198e5b75505Sopenharmony_ciint generate_nt_response_pwhash(const u8 *auth_challenge, 199e5b75505Sopenharmony_ci const u8 *peer_challenge, 200e5b75505Sopenharmony_ci const u8 *username, size_t username_len, 201e5b75505Sopenharmony_ci const u8 *password_hash, 202e5b75505Sopenharmony_ci u8 *response) 203e5b75505Sopenharmony_ci{ 204e5b75505Sopenharmony_ci u8 challenge[8]; 205e5b75505Sopenharmony_ci 206e5b75505Sopenharmony_ci if (challenge_hash(peer_challenge, auth_challenge, 207e5b75505Sopenharmony_ci username, username_len, 208e5b75505Sopenharmony_ci challenge) || 209e5b75505Sopenharmony_ci challenge_response(challenge, password_hash, response)) 210e5b75505Sopenharmony_ci return -1; 211e5b75505Sopenharmony_ci return 0; 212e5b75505Sopenharmony_ci} 213e5b75505Sopenharmony_ci 214e5b75505Sopenharmony_ci 215e5b75505Sopenharmony_ci/** 216e5b75505Sopenharmony_ci * generate_authenticator_response_pwhash - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7 217e5b75505Sopenharmony_ci * @password_hash: 16-octet PasswordHash (IN) 218e5b75505Sopenharmony_ci * @nt_response: 24-octet NT-Response (IN) 219e5b75505Sopenharmony_ci * @peer_challenge: 16-octet PeerChallenge (IN) 220e5b75505Sopenharmony_ci * @auth_challenge: 16-octet AuthenticatorChallenge (IN) 221e5b75505Sopenharmony_ci * @username: 0-to-256-char UserName (IN) 222e5b75505Sopenharmony_ci * @username_len: Length of username 223e5b75505Sopenharmony_ci * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually 224e5b75505Sopenharmony_ci * encoded as a 42-octet ASCII string (S=hexdump_of_response) 225e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 226e5b75505Sopenharmony_ci */ 227e5b75505Sopenharmony_ciint generate_authenticator_response_pwhash( 228e5b75505Sopenharmony_ci const u8 *password_hash, 229e5b75505Sopenharmony_ci const u8 *peer_challenge, const u8 *auth_challenge, 230e5b75505Sopenharmony_ci const u8 *username, size_t username_len, 231e5b75505Sopenharmony_ci const u8 *nt_response, u8 *response) 232e5b75505Sopenharmony_ci{ 233e5b75505Sopenharmony_ci static const u8 magic1[39] = { 234e5b75505Sopenharmony_ci 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, 235e5b75505Sopenharmony_ci 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, 236e5b75505Sopenharmony_ci 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, 237e5b75505Sopenharmony_ci 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 238e5b75505Sopenharmony_ci }; 239e5b75505Sopenharmony_ci static const u8 magic2[41] = { 240e5b75505Sopenharmony_ci 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, 241e5b75505Sopenharmony_ci 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, 242e5b75505Sopenharmony_ci 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, 243e5b75505Sopenharmony_ci 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, 244e5b75505Sopenharmony_ci 0x6E 245e5b75505Sopenharmony_ci }; 246e5b75505Sopenharmony_ci 247e5b75505Sopenharmony_ci u8 password_hash_hash[16], challenge[8]; 248e5b75505Sopenharmony_ci const unsigned char *addr1[3]; 249e5b75505Sopenharmony_ci const size_t len1[3] = { 16, 24, sizeof(magic1) }; 250e5b75505Sopenharmony_ci const unsigned char *addr2[3]; 251e5b75505Sopenharmony_ci const size_t len2[3] = { SHA1_MAC_LEN, 8, sizeof(magic2) }; 252e5b75505Sopenharmony_ci 253e5b75505Sopenharmony_ci addr1[0] = password_hash_hash; 254e5b75505Sopenharmony_ci addr1[1] = nt_response; 255e5b75505Sopenharmony_ci addr1[2] = magic1; 256e5b75505Sopenharmony_ci 257e5b75505Sopenharmony_ci addr2[0] = response; 258e5b75505Sopenharmony_ci addr2[1] = challenge; 259e5b75505Sopenharmony_ci addr2[2] = magic2; 260e5b75505Sopenharmony_ci 261e5b75505Sopenharmony_ci if (hash_nt_password_hash(password_hash, password_hash_hash) || 262e5b75505Sopenharmony_ci sha1_vector(3, addr1, len1, response) || 263e5b75505Sopenharmony_ci challenge_hash(peer_challenge, auth_challenge, username, 264e5b75505Sopenharmony_ci username_len, challenge)) 265e5b75505Sopenharmony_ci return -1; 266e5b75505Sopenharmony_ci return sha1_vector(3, addr2, len2, response); 267e5b75505Sopenharmony_ci} 268e5b75505Sopenharmony_ci 269e5b75505Sopenharmony_ci 270e5b75505Sopenharmony_ci/** 271e5b75505Sopenharmony_ci * generate_authenticator_response - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7 272e5b75505Sopenharmony_ci * @password: 0-to-256-unicode-char Password (IN; UTF-8) 273e5b75505Sopenharmony_ci * @password_len: Length of password 274e5b75505Sopenharmony_ci * @nt_response: 24-octet NT-Response (IN) 275e5b75505Sopenharmony_ci * @peer_challenge: 16-octet PeerChallenge (IN) 276e5b75505Sopenharmony_ci * @auth_challenge: 16-octet AuthenticatorChallenge (IN) 277e5b75505Sopenharmony_ci * @username: 0-to-256-char UserName (IN) 278e5b75505Sopenharmony_ci * @username_len: Length of username 279e5b75505Sopenharmony_ci * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually 280e5b75505Sopenharmony_ci * encoded as a 42-octet ASCII string (S=hexdump_of_response) 281e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 282e5b75505Sopenharmony_ci */ 283e5b75505Sopenharmony_ciint generate_authenticator_response(const u8 *password, size_t password_len, 284e5b75505Sopenharmony_ci const u8 *peer_challenge, 285e5b75505Sopenharmony_ci const u8 *auth_challenge, 286e5b75505Sopenharmony_ci const u8 *username, size_t username_len, 287e5b75505Sopenharmony_ci const u8 *nt_response, u8 *response) 288e5b75505Sopenharmony_ci{ 289e5b75505Sopenharmony_ci u8 password_hash[16]; 290e5b75505Sopenharmony_ci if (nt_password_hash(password, password_len, password_hash)) 291e5b75505Sopenharmony_ci return -1; 292e5b75505Sopenharmony_ci return generate_authenticator_response_pwhash( 293e5b75505Sopenharmony_ci password_hash, peer_challenge, auth_challenge, 294e5b75505Sopenharmony_ci username, username_len, nt_response, response); 295e5b75505Sopenharmony_ci} 296e5b75505Sopenharmony_ci 297e5b75505Sopenharmony_ci 298e5b75505Sopenharmony_ci/** 299e5b75505Sopenharmony_ci * nt_challenge_response - NtChallengeResponse() - RFC 2433, Sect. A.5 300e5b75505Sopenharmony_ci * @challenge: 8-octet Challenge (IN) 301e5b75505Sopenharmony_ci * @password: 0-to-256-unicode-char Password (IN; UTF-8) 302e5b75505Sopenharmony_ci * @password_len: Length of password 303e5b75505Sopenharmony_ci * @response: 24-octet Response (OUT) 304e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 305e5b75505Sopenharmony_ci */ 306e5b75505Sopenharmony_ciint nt_challenge_response(const u8 *challenge, const u8 *password, 307e5b75505Sopenharmony_ci size_t password_len, u8 *response) 308e5b75505Sopenharmony_ci{ 309e5b75505Sopenharmony_ci u8 password_hash[16]; 310e5b75505Sopenharmony_ci 311e5b75505Sopenharmony_ci if (nt_password_hash(password, password_len, password_hash) || 312e5b75505Sopenharmony_ci challenge_response(challenge, password_hash, response)) 313e5b75505Sopenharmony_ci return -1; 314e5b75505Sopenharmony_ci return 0; 315e5b75505Sopenharmony_ci} 316e5b75505Sopenharmony_ci 317e5b75505Sopenharmony_ci 318e5b75505Sopenharmony_ci/** 319e5b75505Sopenharmony_ci * get_master_key - GetMasterKey() - RFC 3079, Sect. 3.4 320e5b75505Sopenharmony_ci * @password_hash_hash: 16-octet PasswordHashHash (IN) 321e5b75505Sopenharmony_ci * @nt_response: 24-octet NTResponse (IN) 322e5b75505Sopenharmony_ci * @master_key: 16-octet MasterKey (OUT) 323e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 324e5b75505Sopenharmony_ci */ 325e5b75505Sopenharmony_ciint get_master_key(const u8 *password_hash_hash, const u8 *nt_response, 326e5b75505Sopenharmony_ci u8 *master_key) 327e5b75505Sopenharmony_ci{ 328e5b75505Sopenharmony_ci static const u8 magic1[27] = { 329e5b75505Sopenharmony_ci 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 330e5b75505Sopenharmony_ci 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, 331e5b75505Sopenharmony_ci 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 332e5b75505Sopenharmony_ci }; 333e5b75505Sopenharmony_ci const unsigned char *addr[3]; 334e5b75505Sopenharmony_ci const size_t len[3] = { 16, 24, sizeof(magic1) }; 335e5b75505Sopenharmony_ci u8 hash[SHA1_MAC_LEN]; 336e5b75505Sopenharmony_ci 337e5b75505Sopenharmony_ci addr[0] = password_hash_hash; 338e5b75505Sopenharmony_ci addr[1] = nt_response; 339e5b75505Sopenharmony_ci addr[2] = magic1; 340e5b75505Sopenharmony_ci 341e5b75505Sopenharmony_ci if (sha1_vector(3, addr, len, hash)) 342e5b75505Sopenharmony_ci return -1; 343e5b75505Sopenharmony_ci os_memcpy(master_key, hash, 16); 344e5b75505Sopenharmony_ci return 0; 345e5b75505Sopenharmony_ci} 346e5b75505Sopenharmony_ci 347e5b75505Sopenharmony_ci 348e5b75505Sopenharmony_ci/** 349e5b75505Sopenharmony_ci * get_asymetric_start_key - GetAsymetricStartKey() - RFC 3079, Sect. 3.4 350e5b75505Sopenharmony_ci * @master_key: 16-octet MasterKey (IN) 351e5b75505Sopenharmony_ci * @session_key: 8-to-16 octet SessionKey (OUT) 352e5b75505Sopenharmony_ci * @session_key_len: SessionKeyLength (Length of session_key) (IN) 353e5b75505Sopenharmony_ci * @is_send: IsSend (IN, BOOLEAN) 354e5b75505Sopenharmony_ci * @is_server: IsServer (IN, BOOLEAN) 355e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 356e5b75505Sopenharmony_ci */ 357e5b75505Sopenharmony_ciint get_asymetric_start_key(const u8 *master_key, u8 *session_key, 358e5b75505Sopenharmony_ci size_t session_key_len, int is_send, 359e5b75505Sopenharmony_ci int is_server) 360e5b75505Sopenharmony_ci{ 361e5b75505Sopenharmony_ci static const u8 magic2[84] = { 362e5b75505Sopenharmony_ci 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, 363e5b75505Sopenharmony_ci 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 364e5b75505Sopenharmony_ci 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 365e5b75505Sopenharmony_ci 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, 366e5b75505Sopenharmony_ci 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 367e5b75505Sopenharmony_ci 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, 368e5b75505Sopenharmony_ci 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 369e5b75505Sopenharmony_ci 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, 370e5b75505Sopenharmony_ci 0x6b, 0x65, 0x79, 0x2e 371e5b75505Sopenharmony_ci }; 372e5b75505Sopenharmony_ci static const u8 magic3[84] = { 373e5b75505Sopenharmony_ci 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, 374e5b75505Sopenharmony_ci 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 375e5b75505Sopenharmony_ci 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 376e5b75505Sopenharmony_ci 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, 377e5b75505Sopenharmony_ci 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 378e5b75505Sopenharmony_ci 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 379e5b75505Sopenharmony_ci 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 380e5b75505Sopenharmony_ci 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 381e5b75505Sopenharmony_ci 0x6b, 0x65, 0x79, 0x2e 382e5b75505Sopenharmony_ci }; 383e5b75505Sopenharmony_ci static const u8 shs_pad1[40] = { 384e5b75505Sopenharmony_ci 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 385e5b75505Sopenharmony_ci 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 386e5b75505Sopenharmony_ci 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 387e5b75505Sopenharmony_ci 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 388e5b75505Sopenharmony_ci }; 389e5b75505Sopenharmony_ci 390e5b75505Sopenharmony_ci static const u8 shs_pad2[40] = { 391e5b75505Sopenharmony_ci 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 392e5b75505Sopenharmony_ci 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 393e5b75505Sopenharmony_ci 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 394e5b75505Sopenharmony_ci 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 395e5b75505Sopenharmony_ci }; 396e5b75505Sopenharmony_ci u8 digest[SHA1_MAC_LEN]; 397e5b75505Sopenharmony_ci const unsigned char *addr[4]; 398e5b75505Sopenharmony_ci const size_t len[4] = { 16, 40, 84, 40 }; 399e5b75505Sopenharmony_ci 400e5b75505Sopenharmony_ci addr[0] = master_key; 401e5b75505Sopenharmony_ci addr[1] = shs_pad1; 402e5b75505Sopenharmony_ci if (is_send) { 403e5b75505Sopenharmony_ci addr[2] = is_server ? magic3 : magic2; 404e5b75505Sopenharmony_ci } else { 405e5b75505Sopenharmony_ci addr[2] = is_server ? magic2 : magic3; 406e5b75505Sopenharmony_ci } 407e5b75505Sopenharmony_ci addr[3] = shs_pad2; 408e5b75505Sopenharmony_ci 409e5b75505Sopenharmony_ci if (sha1_vector(4, addr, len, digest)) 410e5b75505Sopenharmony_ci return -1; 411e5b75505Sopenharmony_ci 412e5b75505Sopenharmony_ci if (session_key_len > SHA1_MAC_LEN) 413e5b75505Sopenharmony_ci session_key_len = SHA1_MAC_LEN; 414e5b75505Sopenharmony_ci os_memcpy(session_key, digest, session_key_len); 415e5b75505Sopenharmony_ci return 0; 416e5b75505Sopenharmony_ci} 417e5b75505Sopenharmony_ci 418e5b75505Sopenharmony_ci 419e5b75505Sopenharmony_ci#ifndef CONFIG_NO_RC4 420e5b75505Sopenharmony_ci 421e5b75505Sopenharmony_ci#define PWBLOCK_LEN 516 422e5b75505Sopenharmony_ci 423e5b75505Sopenharmony_ci/** 424e5b75505Sopenharmony_ci * encrypt_pw_block_with_password_hash - EncryptPwBlockWithPasswordHash() - RFC 2759, Sect. 8.10 425e5b75505Sopenharmony_ci * @password: 0-to-256-unicode-char Password (IN; UTF-8) 426e5b75505Sopenharmony_ci * @password_len: Length of password 427e5b75505Sopenharmony_ci * @password_hash: 16-octet PasswordHash (IN) 428e5b75505Sopenharmony_ci * @pw_block: 516-byte PwBlock (OUT) 429e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 430e5b75505Sopenharmony_ci */ 431e5b75505Sopenharmony_ciint encrypt_pw_block_with_password_hash( 432e5b75505Sopenharmony_ci const u8 *password, size_t password_len, 433e5b75505Sopenharmony_ci const u8 *password_hash, u8 *pw_block) 434e5b75505Sopenharmony_ci{ 435e5b75505Sopenharmony_ci size_t ucs2_len, offset; 436e5b75505Sopenharmony_ci u8 *pos; 437e5b75505Sopenharmony_ci 438e5b75505Sopenharmony_ci os_memset(pw_block, 0, PWBLOCK_LEN); 439e5b75505Sopenharmony_ci 440e5b75505Sopenharmony_ci if (utf8_to_ucs2(password, password_len, pw_block, 512, &ucs2_len) < 0 441e5b75505Sopenharmony_ci || ucs2_len > 256) 442e5b75505Sopenharmony_ci return -1; 443e5b75505Sopenharmony_ci 444e5b75505Sopenharmony_ci offset = (256 - ucs2_len) * 2; 445e5b75505Sopenharmony_ci if (offset != 0) { 446e5b75505Sopenharmony_ci os_memmove(pw_block + offset, pw_block, ucs2_len * 2); 447e5b75505Sopenharmony_ci if (os_get_random(pw_block, offset) < 0) 448e5b75505Sopenharmony_ci return -1; 449e5b75505Sopenharmony_ci } 450e5b75505Sopenharmony_ci /* 451e5b75505Sopenharmony_ci * PasswordLength is 4 octets, but since the maximum password length is 452e5b75505Sopenharmony_ci * 256, only first two (in little endian byte order) can be non-zero. 453e5b75505Sopenharmony_ci */ 454e5b75505Sopenharmony_ci pos = &pw_block[2 * 256]; 455e5b75505Sopenharmony_ci WPA_PUT_LE16(pos, password_len * 2); 456e5b75505Sopenharmony_ci rc4_skip(password_hash, 16, 0, pw_block, PWBLOCK_LEN); 457e5b75505Sopenharmony_ci return 0; 458e5b75505Sopenharmony_ci} 459e5b75505Sopenharmony_ci 460e5b75505Sopenharmony_ci 461e5b75505Sopenharmony_ci/** 462e5b75505Sopenharmony_ci * new_password_encrypted_with_old_nt_password_hash - NewPasswordEncryptedWithOldNtPasswordHash() - RFC 2759, Sect. 8.9 463e5b75505Sopenharmony_ci * @new_password: 0-to-256-unicode-char NewPassword (IN; UTF-8) 464e5b75505Sopenharmony_ci * @new_password_len: Length of new_password 465e5b75505Sopenharmony_ci * @old_password: 0-to-256-unicode-char OldPassword (IN; UTF-8) 466e5b75505Sopenharmony_ci * @old_password_len: Length of old_password 467e5b75505Sopenharmony_ci * @encrypted_pw_block: 516-octet EncryptedPwBlock (OUT) 468e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 469e5b75505Sopenharmony_ci */ 470e5b75505Sopenharmony_ciint new_password_encrypted_with_old_nt_password_hash( 471e5b75505Sopenharmony_ci const u8 *new_password, size_t new_password_len, 472e5b75505Sopenharmony_ci const u8 *old_password, size_t old_password_len, 473e5b75505Sopenharmony_ci u8 *encrypted_pw_block) 474e5b75505Sopenharmony_ci{ 475e5b75505Sopenharmony_ci u8 password_hash[16]; 476e5b75505Sopenharmony_ci 477e5b75505Sopenharmony_ci if (nt_password_hash(old_password, old_password_len, password_hash)) 478e5b75505Sopenharmony_ci return -1; 479e5b75505Sopenharmony_ci if (encrypt_pw_block_with_password_hash(new_password, new_password_len, 480e5b75505Sopenharmony_ci password_hash, 481e5b75505Sopenharmony_ci encrypted_pw_block)) 482e5b75505Sopenharmony_ci return -1; 483e5b75505Sopenharmony_ci return 0; 484e5b75505Sopenharmony_ci} 485e5b75505Sopenharmony_ci 486e5b75505Sopenharmony_ci#endif /* CONFIG_NO_RC4 */ 487e5b75505Sopenharmony_ci 488e5b75505Sopenharmony_ci 489e5b75505Sopenharmony_ci/** 490e5b75505Sopenharmony_ci * nt_password_hash_encrypted_with_block - NtPasswordHashEncryptedWithBlock() - RFC 2759, Sect 8.13 491e5b75505Sopenharmony_ci * @password_hash: 16-octer PasswordHash (IN) 492e5b75505Sopenharmony_ci * @block: 16-octet Block (IN) 493e5b75505Sopenharmony_ci * @cypher: 16-octer Cypher (OUT) 494e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 495e5b75505Sopenharmony_ci */ 496e5b75505Sopenharmony_ciint nt_password_hash_encrypted_with_block(const u8 *password_hash, 497e5b75505Sopenharmony_ci const u8 *block, u8 *cypher) 498e5b75505Sopenharmony_ci{ 499e5b75505Sopenharmony_ci if (des_encrypt(password_hash, block, cypher) < 0 || 500e5b75505Sopenharmony_ci des_encrypt(password_hash + 8, block + 7, cypher + 8) < 0) 501e5b75505Sopenharmony_ci return -1; 502e5b75505Sopenharmony_ci return 0; 503e5b75505Sopenharmony_ci} 504e5b75505Sopenharmony_ci 505e5b75505Sopenharmony_ci 506e5b75505Sopenharmony_ci/** 507e5b75505Sopenharmony_ci * old_nt_password_hash_encrypted_with_new_nt_password_hash - OldNtPasswordHashEncryptedWithNewNtPasswordHash() - RFC 2759, Sect. 8.12 508e5b75505Sopenharmony_ci * @new_password: 0-to-256-unicode-char NewPassword (IN; UTF-8) 509e5b75505Sopenharmony_ci * @new_password_len: Length of new_password 510e5b75505Sopenharmony_ci * @old_password: 0-to-256-unicode-char OldPassword (IN; UTF-8) 511e5b75505Sopenharmony_ci * @old_password_len: Length of old_password 512e5b75505Sopenharmony_ci * @encrypted_password_hash: 16-octet EncryptedPasswordHash (OUT) 513e5b75505Sopenharmony_ci * Returns: 0 on success, -1 on failure 514e5b75505Sopenharmony_ci */ 515e5b75505Sopenharmony_ciint old_nt_password_hash_encrypted_with_new_nt_password_hash( 516e5b75505Sopenharmony_ci const u8 *new_password, size_t new_password_len, 517e5b75505Sopenharmony_ci const u8 *old_password, size_t old_password_len, 518e5b75505Sopenharmony_ci u8 *encrypted_password_hash) 519e5b75505Sopenharmony_ci{ 520e5b75505Sopenharmony_ci u8 old_password_hash[16], new_password_hash[16]; 521e5b75505Sopenharmony_ci 522e5b75505Sopenharmony_ci if (nt_password_hash(old_password, old_password_len, 523e5b75505Sopenharmony_ci old_password_hash) || 524e5b75505Sopenharmony_ci nt_password_hash(new_password, new_password_len, 525e5b75505Sopenharmony_ci new_password_hash) || 526e5b75505Sopenharmony_ci nt_password_hash_encrypted_with_block(old_password_hash, 527e5b75505Sopenharmony_ci new_password_hash, 528e5b75505Sopenharmony_ci encrypted_password_hash)) 529e5b75505Sopenharmony_ci return -1; 530e5b75505Sopenharmony_ci return 0; 531e5b75505Sopenharmony_ci} 532