LCOV - code coverage report
Current view: top level - src/crypto - ms_funcs.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1422976643 Lines: 100 148 67.6 %
Date: 2015-02-03 Functions: 12 16 75.0 %

          Line data    Source code
       1             : /*
       2             :  * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759
       3             :  * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "includes.h"
      10             : 
      11             : #include "common.h"
      12             : #include "sha1.h"
      13             : #include "ms_funcs.h"
      14             : #include "crypto.h"
      15             : 
      16             : /**
      17             :  * utf8_to_ucs2 - Convert UTF-8 string to UCS-2 encoding
      18             :  * @utf8_string: UTF-8 string (IN)
      19             :  * @utf8_string_len: Length of utf8_string (IN)
      20             :  * @ucs2_buffer: UCS-2 buffer (OUT)
      21             :  * @ucs2_buffer_size: Length of UCS-2 buffer (IN)
      22             :  * @ucs2_string_size: Number of 2-byte words in the resulting UCS-2 string
      23             :  * Returns: 0 on success, -1 on failure
      24             :  */
      25         672 : static int utf8_to_ucs2(const u8 *utf8_string, size_t utf8_string_len,
      26             :                         u8 *ucs2_buffer, size_t ucs2_buffer_size,
      27             :                         size_t *ucs2_string_size)
      28             : {
      29             :         size_t i, j;
      30             : 
      31        6107 :         for (i = 0, j = 0; i < utf8_string_len; i++) {
      32        5435 :                 u8 c = utf8_string[i];
      33        5435 :                 if (j >= ucs2_buffer_size) {
      34             :                         /* input too long */
      35           0 :                         return -1;
      36             :                 }
      37        5435 :                 if (c <= 0x7F) {
      38        5415 :                         WPA_PUT_LE16(ucs2_buffer + j, c);
      39        5415 :                         j += 2;
      40          40 :                 } else if (i == utf8_string_len - 1 ||
      41          20 :                            j >= ucs2_buffer_size - 1) {
      42             :                         /* incomplete surrogate */
      43           0 :                         return -1;
      44             :                 } else {
      45          20 :                         u8 c2 = utf8_string[++i];
      46          20 :                         if ((c & 0xE0) == 0xC0) {
      47             :                                 /* two-byte encoding */
      48          15 :                                 WPA_PUT_LE16(ucs2_buffer + j,
      49          15 :                                              ((c & 0x1F) << 6) | (c2 & 0x3F));
      50          15 :                                 j += 2;
      51          10 :                         } else if (i == utf8_string_len ||
      52           5 :                                    j >= ucs2_buffer_size - 1) {
      53             :                                 /* incomplete surrogate */
      54           0 :                                 return -1;
      55             :                         } else {
      56             :                                 /* three-byte encoding */
      57           5 :                                 u8 c3 = utf8_string[++i];
      58          10 :                                 WPA_PUT_LE16(ucs2_buffer + j,
      59           5 :                                              ((c & 0xF) << 12) |
      60           5 :                                              ((c2 & 0x3F) << 6) | (c3 & 0x3F));
      61           5 :                                 j += 2;
      62             :                         }
      63             :                 }
      64             :         }
      65             : 
      66         672 :         if (ucs2_string_size)
      67         672 :                 *ucs2_string_size = j / 2;
      68         672 :         return 0;
      69             : }
      70             : 
      71             : 
      72             : /**
      73             :  * challenge_hash - ChallengeHash() - RFC 2759, Sect. 8.2
      74             :  * @peer_challenge: 16-octet PeerChallenge (IN)
      75             :  * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
      76             :  * @username: 0-to-256-char UserName (IN)
      77             :  * @username_len: Length of username
      78             :  * @challenge: 8-octet Challenge (OUT)
      79             :  * Returns: 0 on success, -1 on failure
      80             :  */
      81         541 : static int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
      82             :                           const u8 *username, size_t username_len,
      83             :                           u8 *challenge)
      84             : {
      85             :         u8 hash[SHA1_MAC_LEN];
      86             :         const unsigned char *addr[3];
      87             :         size_t len[3];
      88             : 
      89         541 :         addr[0] = peer_challenge;
      90         541 :         len[0] = 16;
      91         541 :         addr[1] = auth_challenge;
      92         541 :         len[1] = 16;
      93         541 :         addr[2] = username;
      94         541 :         len[2] = username_len;
      95             : 
      96         541 :         if (sha1_vector(3, addr, len, hash))
      97           0 :                 return -1;
      98         541 :         os_memcpy(challenge, hash, 8);
      99         541 :         return 0;
     100             : }
     101             : 
     102             : 
     103             : /**
     104             :  * nt_password_hash - NtPasswordHash() - RFC 2759, Sect. 8.3
     105             :  * @password: 0-to-256-unicode-char Password (IN; UTF-8)
     106             :  * @password_len: Length of password
     107             :  * @password_hash: 16-octet PasswordHash (OUT)
     108             :  * Returns: 0 on success, -1 on failure
     109             :  */
     110         672 : int nt_password_hash(const u8 *password, size_t password_len,
     111             :                       u8 *password_hash)
     112             : {
     113             :         u8 buf[512], *pos;
     114             :         size_t len, max_len;
     115             : 
     116         672 :         max_len = sizeof(buf);
     117         672 :         if (utf8_to_ucs2(password, password_len, buf, max_len, &len) < 0)
     118           0 :                 return -1;
     119             : 
     120         672 :         len *= 2;
     121         672 :         pos = buf;
     122         672 :         return md4_vector(1, (const u8 **) &pos, &len, password_hash);
     123             : }
     124             : 
     125             : 
     126             : /**
     127             :  * hash_nt_password_hash - HashNtPasswordHash() - RFC 2759, Sect. 8.4
     128             :  * @password_hash: 16-octet PasswordHash (IN)
     129             :  * @password_hash_hash: 16-octet PasswordHashHash (OUT)
     130             :  * Returns: 0 on success, -1 on failure
     131             :  */
     132         457 : int hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash)
     133             : {
     134         457 :         size_t len = 16;
     135         457 :         return md4_vector(1, &password_hash, &len, password_hash_hash);
     136             : }
     137             : 
     138             : 
     139             : /**
     140             :  * challenge_response - ChallengeResponse() - RFC 2759, Sect. 8.5
     141             :  * @challenge: 8-octet Challenge (IN)
     142             :  * @password_hash: 16-octet PasswordHash (IN)
     143             :  * @response: 24-octet Response (OUT)
     144             :  */
     145         303 : void challenge_response(const u8 *challenge, const u8 *password_hash,
     146             :                         u8 *response)
     147             : {
     148             :         u8 zpwd[7];
     149         303 :         des_encrypt(challenge, password_hash, response);
     150         303 :         des_encrypt(challenge, password_hash + 7, response + 8);
     151         303 :         zpwd[0] = password_hash[14];
     152         303 :         zpwd[1] = password_hash[15];
     153         303 :         os_memset(zpwd + 2, 0, 5);
     154         303 :         des_encrypt(challenge, zpwd, response + 16);
     155         303 : }
     156             : 
     157             : 
     158             : /**
     159             :  * generate_nt_response - GenerateNTResponse() - RFC 2759, Sect. 8.1
     160             :  * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
     161             :  * @peer_challenge: 16-octet PeerChallenge (IN)
     162             :  * @username: 0-to-256-char UserName (IN)
     163             :  * @username_len: Length of username
     164             :  * @password: 0-to-256-unicode-char Password (IN; UTF-8)
     165             :  * @password_len: Length of password
     166             :  * @response: 24-octet Response (OUT)
     167             :  * Returns: 0 on success, -1 on failure
     168             :  */
     169         255 : int generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge,
     170             :                          const u8 *username, size_t username_len,
     171             :                          const u8 *password, size_t password_len,
     172             :                          u8 *response)
     173             : {
     174             :         u8 challenge[8];
     175             :         u8 password_hash[16];
     176             : 
     177         255 :         if (challenge_hash(peer_challenge, auth_challenge, username,
     178             :                            username_len, challenge))
     179           0 :                 return -1;
     180         255 :         if (nt_password_hash(password, password_len, password_hash))
     181           0 :                 return -1;
     182         255 :         challenge_response(challenge, password_hash, response);
     183         255 :         return 0;
     184             : }
     185             : 
     186             : 
     187             : /**
     188             :  * generate_nt_response_pwhash - GenerateNTResponse() - RFC 2759, Sect. 8.1
     189             :  * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
     190             :  * @peer_challenge: 16-octet PeerChallenge (IN)
     191             :  * @username: 0-to-256-char UserName (IN)
     192             :  * @username_len: Length of username
     193             :  * @password_hash: 16-octet PasswordHash (IN)
     194             :  * @response: 24-octet Response (OUT)
     195             :  * Returns: 0 on success, -1 on failure
     196             :  */
     197          18 : int generate_nt_response_pwhash(const u8 *auth_challenge,
     198             :                                 const u8 *peer_challenge,
     199             :                                 const u8 *username, size_t username_len,
     200             :                                 const u8 *password_hash,
     201             :                                 u8 *response)
     202             : {
     203             :         u8 challenge[8];
     204             : 
     205          18 :         if (challenge_hash(peer_challenge, auth_challenge,
     206             :                            username, username_len,
     207             :                            challenge))
     208           0 :                 return -1;
     209          18 :         challenge_response(challenge, password_hash, response);
     210          18 :         return 0;
     211             : }
     212             : 
     213             : 
     214             : /**
     215             :  * generate_authenticator_response_pwhash - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7
     216             :  * @password_hash: 16-octet PasswordHash (IN)
     217             :  * @nt_response: 24-octet NT-Response (IN)
     218             :  * @peer_challenge: 16-octet PeerChallenge (IN)
     219             :  * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
     220             :  * @username: 0-to-256-char UserName (IN)
     221             :  * @username_len: Length of username
     222             :  * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually
     223             :  * encoded as a 42-octet ASCII string (S=hexdump_of_response)
     224             :  * Returns: 0 on success, -1 on failure
     225             :  */
     226         268 : int generate_authenticator_response_pwhash(
     227             :         const u8 *password_hash,
     228             :         const u8 *peer_challenge, const u8 *auth_challenge,
     229             :         const u8 *username, size_t username_len,
     230             :         const u8 *nt_response, u8 *response)
     231             : {
     232             :         static const u8 magic1[39] = {
     233             :                 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
     234             :                 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
     235             :                 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
     236             :                 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74
     237             :         };
     238             :         static const u8 magic2[41] = {
     239             :                 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
     240             :                 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
     241             :                 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
     242             :                 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
     243             :                 0x6E
     244             :         };
     245             : 
     246             :         u8 password_hash_hash[16], challenge[8];
     247             :         const unsigned char *addr1[3];
     248         268 :         const size_t len1[3] = { 16, 24, sizeof(magic1) };
     249             :         const unsigned char *addr2[3];
     250         268 :         const size_t len2[3] = { SHA1_MAC_LEN, 8, sizeof(magic2) };
     251             : 
     252         268 :         addr1[0] = password_hash_hash;
     253         268 :         addr1[1] = nt_response;
     254         268 :         addr1[2] = magic1;
     255             : 
     256         268 :         addr2[0] = response;
     257         268 :         addr2[1] = challenge;
     258         268 :         addr2[2] = magic2;
     259             : 
     260         268 :         if (hash_nt_password_hash(password_hash, password_hash_hash))
     261           0 :                 return -1;
     262         268 :         if (sha1_vector(3, addr1, len1, response))
     263           0 :                 return -1;
     264             : 
     265         268 :         if (challenge_hash(peer_challenge, auth_challenge, username,
     266             :                            username_len, challenge))
     267           0 :                 return -1;
     268         268 :         return sha1_vector(3, addr2, len2, response);
     269             : }
     270             : 
     271             : 
     272             : /**
     273             :  * generate_authenticator_response - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7
     274             :  * @password: 0-to-256-unicode-char Password (IN; UTF-8)
     275             :  * @password_len: Length of password
     276             :  * @nt_response: 24-octet NT-Response (IN)
     277             :  * @peer_challenge: 16-octet PeerChallenge (IN)
     278             :  * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
     279             :  * @username: 0-to-256-char UserName (IN)
     280             :  * @username_len: Length of username
     281             :  * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually
     282             :  * encoded as a 42-octet ASCII string (S=hexdump_of_response)
     283             :  * Returns: 0 on success, -1 on failure
     284             :  */
     285         203 : int generate_authenticator_response(const u8 *password, size_t password_len,
     286             :                                     const u8 *peer_challenge,
     287             :                                     const u8 *auth_challenge,
     288             :                                     const u8 *username, size_t username_len,
     289             :                                     const u8 *nt_response, u8 *response)
     290             : {
     291             :         u8 password_hash[16];
     292         203 :         if (nt_password_hash(password, password_len, password_hash))
     293           0 :                 return -1;
     294         203 :         return generate_authenticator_response_pwhash(
     295             :                 password_hash, peer_challenge, auth_challenge,
     296             :                 username, username_len, nt_response, response);
     297             : }
     298             : 
     299             : 
     300             : /**
     301             :  * nt_challenge_response - NtChallengeResponse() - RFC 2433, Sect. A.5
     302             :  * @challenge: 8-octet Challenge (IN)
     303             :  * @password: 0-to-256-unicode-char Password (IN; UTF-8)
     304             :  * @password_len: Length of password
     305             :  * @response: 24-octet Response (OUT)
     306             :  * Returns: 0 on success, -1 on failure
     307             :  */
     308          28 : int nt_challenge_response(const u8 *challenge, const u8 *password,
     309             :                           size_t password_len, u8 *response)
     310             : {
     311             :         u8 password_hash[16];
     312          28 :         if (nt_password_hash(password, password_len, password_hash))
     313           0 :                 return -1;
     314          28 :         challenge_response(challenge, password_hash, response);
     315          28 :         return 0;
     316             : }
     317             : 
     318             : 
     319             : /**
     320             :  * get_master_key - GetMasterKey() - RFC 3079, Sect. 3.4
     321             :  * @password_hash_hash: 16-octet PasswordHashHash (IN)
     322             :  * @nt_response: 24-octet NTResponse (IN)
     323             :  * @master_key: 16-octet MasterKey (OUT)
     324             :  * Returns: 0 on success, -1 on failure
     325             :  */
     326         186 : int get_master_key(const u8 *password_hash_hash, const u8 *nt_response,
     327             :                    u8 *master_key)
     328             : {
     329             :         static const u8 magic1[27] = {
     330             :                 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
     331             :                 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
     332             :                 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79
     333             :         };
     334             :         const unsigned char *addr[3];
     335         186 :         const size_t len[3] = { 16, 24, sizeof(magic1) };
     336             :         u8 hash[SHA1_MAC_LEN];
     337             : 
     338         186 :         addr[0] = password_hash_hash;
     339         186 :         addr[1] = nt_response;
     340         186 :         addr[2] = magic1;
     341             : 
     342         186 :         if (sha1_vector(3, addr, len, hash))
     343           0 :                 return -1;
     344         186 :         os_memcpy(master_key, hash, 16);
     345         186 :         return 0;
     346             : }
     347             : 
     348             : 
     349             : /**
     350             :  * get_asymetric_start_key - GetAsymetricStartKey() - RFC 3079, Sect. 3.4
     351             :  * @master_key: 16-octet MasterKey (IN)
     352             :  * @session_key: 8-to-16 octet SessionKey (OUT)
     353             :  * @session_key_len: SessionKeyLength (Length of session_key) (IN)
     354             :  * @is_send: IsSend (IN, BOOLEAN)
     355             :  * @is_server: IsServer (IN, BOOLEAN)
     356             :  * Returns: 0 on success, -1 on failure
     357             :  */
     358         121 : int get_asymetric_start_key(const u8 *master_key, u8 *session_key,
     359             :                             size_t session_key_len, int is_send,
     360             :                             int is_server)
     361             : {
     362             :         static const u8 magic2[84] = {
     363             :                 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
     364             :                 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
     365             :                 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
     366             :                 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
     367             :                 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
     368             :                 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
     369             :                 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
     370             :                 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
     371             :                 0x6b, 0x65, 0x79, 0x2e
     372             :         };
     373             :         static const u8 magic3[84] = {
     374             :                 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
     375             :                 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
     376             :                 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
     377             :                 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
     378             :                 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
     379             :                 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
     380             :                 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
     381             :                 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
     382             :                 0x6b, 0x65, 0x79, 0x2e
     383             :         };
     384             :         static const u8 shs_pad1[40] = {
     385             :                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     386             :                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     387             :                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     388             :                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
     389             :         };
     390             : 
     391             :         static const u8 shs_pad2[40] = {
     392             :                 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
     393             :                 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
     394             :                 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
     395             :                 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2
     396             :         };
     397             :         u8 digest[SHA1_MAC_LEN];
     398             :         const unsigned char *addr[4];
     399         121 :         const size_t len[4] = { 16, 40, 84, 40 };
     400             : 
     401         121 :         addr[0] = master_key;
     402         121 :         addr[1] = shs_pad1;
     403         121 :         if (is_send) {
     404          61 :                 addr[2] = is_server ? magic3 : magic2;
     405             :         } else {
     406          60 :                 addr[2] = is_server ? magic2 : magic3;
     407             :         }
     408         121 :         addr[3] = shs_pad2;
     409             : 
     410         121 :         if (sha1_vector(4, addr, len, digest))
     411           0 :                 return -1;
     412             : 
     413         121 :         if (session_key_len > SHA1_MAC_LEN)
     414           0 :                 session_key_len = SHA1_MAC_LEN;
     415         121 :         os_memcpy(session_key, digest, session_key_len);
     416         121 :         return 0;
     417             : }
     418             : 
     419             : 
     420             : #define PWBLOCK_LEN 516
     421             : 
     422             : /**
     423             :  * encrypt_pw_block_with_password_hash - EncryptPwBlockWithPasswordHash() - RFC 2759, Sect. 8.10
     424             :  * @password: 0-to-256-unicode-char Password (IN; UTF-8)
     425             :  * @password_len: Length of password
     426             :  * @password_hash: 16-octet PasswordHash (IN)
     427             :  * @pw_block: 516-byte PwBlock (OUT)
     428             :  * Returns: 0 on success, -1 on failure
     429             :  */
     430           0 : int encrypt_pw_block_with_password_hash(
     431             :         const u8 *password, size_t password_len,
     432             :         const u8 *password_hash, u8 *pw_block)
     433             : {
     434             :         size_t ucs2_len, offset;
     435             :         u8 *pos;
     436             : 
     437           0 :         os_memset(pw_block, 0, PWBLOCK_LEN);
     438             : 
     439           0 :         if (utf8_to_ucs2(password, password_len, pw_block, 512, &ucs2_len) < 0)
     440           0 :                 return -1;
     441             : 
     442           0 :         if (ucs2_len > 256)
     443           0 :                 return -1;
     444             : 
     445           0 :         offset = (256 - ucs2_len) * 2;
     446           0 :         if (offset != 0) {
     447           0 :                 os_memmove(pw_block + offset, pw_block, ucs2_len * 2);
     448           0 :                 if (os_get_random(pw_block, offset) < 0)
     449           0 :                         return -1;
     450             :         }
     451             :         /*
     452             :          * PasswordLength is 4 octets, but since the maximum password length is
     453             :          * 256, only first two (in little endian byte order) can be non-zero.
     454             :          */
     455           0 :         pos = &pw_block[2 * 256];
     456           0 :         WPA_PUT_LE16(pos, password_len * 2);
     457           0 :         rc4_skip(password_hash, 16, 0, pw_block, PWBLOCK_LEN);
     458           0 :         return 0;
     459             : }
     460             : 
     461             : 
     462             : /**
     463             :  * new_password_encrypted_with_old_nt_password_hash - NewPasswordEncryptedWithOldNtPasswordHash() - RFC 2759, Sect. 8.9
     464             :  * @new_password: 0-to-256-unicode-char NewPassword (IN; UTF-8)
     465             :  * @new_password_len: Length of new_password
     466             :  * @old_password: 0-to-256-unicode-char OldPassword (IN; UTF-8)
     467             :  * @old_password_len: Length of old_password
     468             :  * @encrypted_pw_block: 516-octet EncryptedPwBlock (OUT)
     469             :  * Returns: 0 on success, -1 on failure
     470             :  */
     471           0 : int new_password_encrypted_with_old_nt_password_hash(
     472             :         const u8 *new_password, size_t new_password_len,
     473             :         const u8 *old_password, size_t old_password_len,
     474             :         u8 *encrypted_pw_block)
     475             : {
     476             :         u8 password_hash[16];
     477             : 
     478           0 :         if (nt_password_hash(old_password, old_password_len, password_hash))
     479           0 :                 return -1;
     480           0 :         if (encrypt_pw_block_with_password_hash(new_password, new_password_len,
     481             :                                                 password_hash,
     482             :                                                 encrypted_pw_block))
     483           0 :                 return -1;
     484           0 :         return 0;
     485             : }
     486             : 
     487             : 
     488             : /**
     489             :  * nt_password_hash_encrypted_with_block - NtPasswordHashEncryptedWithBlock() - RFC 2759, Sect 8.13
     490             :  * @password_hash: 16-octer PasswordHash (IN)
     491             :  * @block: 16-octet Block (IN)
     492             :  * @cypher: 16-octer Cypher (OUT)
     493             :  */
     494           0 : void nt_password_hash_encrypted_with_block(const u8 *password_hash,
     495             :                                            const u8 *block, u8 *cypher)
     496             : {
     497           0 :         des_encrypt(password_hash, block, cypher);
     498           0 :         des_encrypt(password_hash + 8, block + 7, cypher + 8);
     499           0 : }
     500             : 
     501             : 
     502             : /**
     503             :  * old_nt_password_hash_encrypted_with_new_nt_password_hash - OldNtPasswordHashEncryptedWithNewNtPasswordHash() - RFC 2759, Sect. 8.12
     504             :  * @new_password: 0-to-256-unicode-char NewPassword (IN; UTF-8)
     505             :  * @new_password_len: Length of new_password
     506             :  * @old_password: 0-to-256-unicode-char OldPassword (IN; UTF-8)
     507             :  * @old_password_len: Length of old_password
     508             :  * @encrypted_password_hash: 16-octet EncryptedPasswordHash (OUT)
     509             :  * Returns: 0 on success, -1 on failure
     510             :  */
     511           0 : int old_nt_password_hash_encrypted_with_new_nt_password_hash(
     512             :         const u8 *new_password, size_t new_password_len,
     513             :         const u8 *old_password, size_t old_password_len,
     514             :         u8 *encrypted_password_hash)
     515             : {
     516             :         u8 old_password_hash[16], new_password_hash[16];
     517             : 
     518           0 :         if (nt_password_hash(old_password, old_password_len,
     519           0 :                              old_password_hash) ||
     520           0 :             nt_password_hash(new_password, new_password_len,
     521             :                              new_password_hash))
     522           0 :                 return -1;
     523           0 :         nt_password_hash_encrypted_with_block(old_password_hash,
     524             :                                               new_password_hash,
     525             :                                               encrypted_password_hash);
     526           0 :         return 0;
     527             : }

Generated by: LCOV version 1.10