LCOV - code coverage report
Current view: top level - src/eap_peer - mschapv2.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1401264779 Lines: 39 45 86.7 %
Date: 2014-05-28 Functions: 3 3 100.0 %

          Line data    Source code
       1             : /*
       2             :  * MSCHAPV2 (RFC 2759)
       3             :  * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "includes.h"
      10             : 
      11             : #include "common.h"
      12             : #include "crypto/ms_funcs.h"
      13             : #include "mschapv2.h"
      14             : 
      15         113 : const u8 * mschapv2_remove_domain(const u8 *username, size_t *len)
      16             : {
      17             :         size_t i;
      18             : 
      19             :         /*
      20             :          * MSCHAPv2 does not include optional domain name in the
      21             :          * challenge-response calculation, so remove domain prefix
      22             :          * (if present).
      23             :          */
      24             : 
      25         908 :         for (i = 0; i < *len; i++) {
      26         804 :                 if (username[i] == '\\') {
      27           9 :                         *len -= i + 1;
      28           9 :                         return username + i + 1;
      29             :                 }
      30             :         }
      31             : 
      32         104 :         return username;
      33             : }
      34             : 
      35             : 
      36         113 : int mschapv2_derive_response(const u8 *identity, size_t identity_len,
      37             :                              const u8 *password, size_t password_len,
      38             :                              int pwhash,
      39             :                              const u8 *auth_challenge,
      40             :                              const u8 *peer_challenge,
      41             :                              u8 *nt_response, u8 *auth_response,
      42             :                              u8 *master_key)
      43             : {
      44             :         const u8 *username;
      45             :         size_t username_len;
      46             :         u8 password_hash[16], password_hash_hash[16];
      47             : 
      48         113 :         wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Identity",
      49             :                           identity, identity_len);
      50         113 :         username_len = identity_len;
      51         113 :         username = mschapv2_remove_domain(identity, &username_len);
      52         113 :         wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Username",
      53             :                           username, username_len);
      54             : 
      55         113 :         wpa_hexdump(MSG_DEBUG, "MSCHAPV2: auth_challenge",
      56             :                     auth_challenge, MSCHAPV2_CHAL_LEN);
      57         113 :         wpa_hexdump(MSG_DEBUG, "MSCHAPV2: peer_challenge",
      58             :                     peer_challenge, MSCHAPV2_CHAL_LEN);
      59         113 :         wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: username",
      60             :                           username, username_len);
      61             :         /* Authenticator response is not really needed yet, but calculate it
      62             :          * here so that challenges need not be saved. */
      63         113 :         if (pwhash) {
      64           3 :                 wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: password hash",
      65             :                                 password, password_len);
      66           3 :                 if (generate_nt_response_pwhash(auth_challenge, peer_challenge,
      67             :                                                 username, username_len,
      68           3 :                                                 password, nt_response) ||
      69           3 :                     generate_authenticator_response_pwhash(
      70             :                             password, peer_challenge, auth_challenge,
      71             :                             username, username_len, nt_response,
      72             :                             auth_response))
      73           0 :                         return -1;
      74             :         } else {
      75         110 :                 wpa_hexdump_ascii_key(MSG_DEBUG, "MSCHAPV2: password",
      76             :                                       password, password_len);
      77         110 :                 if (generate_nt_response(auth_challenge, peer_challenge,
      78             :                                          username, username_len,
      79             :                                          password, password_len,
      80         110 :                                          nt_response) ||
      81         110 :                     generate_authenticator_response(password, password_len,
      82             :                                                     peer_challenge,
      83             :                                                     auth_challenge,
      84             :                                                     username, username_len,
      85             :                                                     nt_response,
      86             :                                                     auth_response))
      87           0 :                         return -1;
      88             :         }
      89         113 :         wpa_hexdump(MSG_DEBUG, "MSCHAPV2: NT Response",
      90             :                     nt_response, MSCHAPV2_NT_RESPONSE_LEN);
      91         113 :         wpa_hexdump(MSG_DEBUG, "MSCHAPV2: Auth Response",
      92             :                     auth_response, MSCHAPV2_AUTH_RESPONSE_LEN);
      93             : 
      94             :         /* Generate master_key here since we have the needed data available. */
      95         113 :         if (pwhash) {
      96           3 :                 if (hash_nt_password_hash(password, password_hash_hash))
      97           0 :                         return -1;
      98             :         } else {
      99         220 :                 if (nt_password_hash(password, password_len, password_hash) ||
     100         110 :                     hash_nt_password_hash(password_hash, password_hash_hash))
     101           0 :                         return -1;
     102             :         }
     103         113 :         if (get_master_key(password_hash_hash, nt_response, master_key))
     104           0 :                 return -1;
     105         113 :         wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: Master Key",
     106             :                         master_key, MSCHAPV2_MASTER_KEY_LEN);
     107             : 
     108         113 :         return 0;
     109             : }
     110             : 
     111             : 
     112         109 : int mschapv2_verify_auth_response(const u8 *auth_response,
     113             :                                   const u8 *buf, size_t buf_len)
     114             : {
     115             :         u8 recv_response[MSCHAPV2_AUTH_RESPONSE_LEN];
     116         218 :         if (buf_len < 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN ||
     117         327 :             buf[0] != 'S' || buf[1] != '=' ||
     118         109 :             hexstr2bin((char *) (buf + 2), recv_response,
     119         109 :                        MSCHAPV2_AUTH_RESPONSE_LEN) ||
     120         109 :             os_memcmp(auth_response, recv_response,
     121             :                       MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
     122           0 :                 return -1;
     123         109 :         return 0;
     124             : }

Generated by: LCOV version 1.10