Line data Source code
1 : /*
2 : * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759
3 : * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : */
8 :
9 : #include "includes.h"
10 :
11 : #include "common.h"
12 : #include "sha1.h"
13 : #include "ms_funcs.h"
14 : #include "crypto.h"
15 :
16 : /**
17 : * utf8_to_ucs2 - Convert UTF-8 string to UCS-2 encoding
18 : * @utf8_string: UTF-8 string (IN)
19 : * @utf8_string_len: Length of utf8_string (IN)
20 : * @ucs2_buffer: UCS-2 buffer (OUT)
21 : * @ucs2_buffer_size: Length of UCS-2 buffer (IN)
22 : * @ucs2_string_size: Number of 2-byte words in the resulting UCS-2 string
23 : * Returns: 0 on success, -1 on failure
24 : */
25 672 : static int utf8_to_ucs2(const u8 *utf8_string, size_t utf8_string_len,
26 : u8 *ucs2_buffer, size_t ucs2_buffer_size,
27 : size_t *ucs2_string_size)
28 : {
29 : size_t i, j;
30 :
31 6107 : for (i = 0, j = 0; i < utf8_string_len; i++) {
32 5435 : u8 c = utf8_string[i];
33 5435 : if (j >= ucs2_buffer_size) {
34 : /* input too long */
35 0 : return -1;
36 : }
37 5435 : if (c <= 0x7F) {
38 5415 : WPA_PUT_LE16(ucs2_buffer + j, c);
39 5415 : j += 2;
40 40 : } else if (i == utf8_string_len - 1 ||
41 20 : j >= ucs2_buffer_size - 1) {
42 : /* incomplete surrogate */
43 0 : return -1;
44 : } else {
45 20 : u8 c2 = utf8_string[++i];
46 20 : if ((c & 0xE0) == 0xC0) {
47 : /* two-byte encoding */
48 15 : WPA_PUT_LE16(ucs2_buffer + j,
49 15 : ((c & 0x1F) << 6) | (c2 & 0x3F));
50 15 : j += 2;
51 10 : } else if (i == utf8_string_len ||
52 5 : j >= ucs2_buffer_size - 1) {
53 : /* incomplete surrogate */
54 0 : return -1;
55 : } else {
56 : /* three-byte encoding */
57 5 : u8 c3 = utf8_string[++i];
58 10 : WPA_PUT_LE16(ucs2_buffer + j,
59 5 : ((c & 0xF) << 12) |
60 5 : ((c2 & 0x3F) << 6) | (c3 & 0x3F));
61 5 : j += 2;
62 : }
63 : }
64 : }
65 :
66 672 : if (ucs2_string_size)
67 672 : *ucs2_string_size = j / 2;
68 672 : return 0;
69 : }
70 :
71 :
72 : /**
73 : * challenge_hash - ChallengeHash() - RFC 2759, Sect. 8.2
74 : * @peer_challenge: 16-octet PeerChallenge (IN)
75 : * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
76 : * @username: 0-to-256-char UserName (IN)
77 : * @username_len: Length of username
78 : * @challenge: 8-octet Challenge (OUT)
79 : * Returns: 0 on success, -1 on failure
80 : */
81 541 : static int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
82 : const u8 *username, size_t username_len,
83 : u8 *challenge)
84 : {
85 : u8 hash[SHA1_MAC_LEN];
86 : const unsigned char *addr[3];
87 : size_t len[3];
88 :
89 541 : addr[0] = peer_challenge;
90 541 : len[0] = 16;
91 541 : addr[1] = auth_challenge;
92 541 : len[1] = 16;
93 541 : addr[2] = username;
94 541 : len[2] = username_len;
95 :
96 541 : if (sha1_vector(3, addr, len, hash))
97 0 : return -1;
98 541 : os_memcpy(challenge, hash, 8);
99 541 : return 0;
100 : }
101 :
102 :
103 : /**
104 : * nt_password_hash - NtPasswordHash() - RFC 2759, Sect. 8.3
105 : * @password: 0-to-256-unicode-char Password (IN; UTF-8)
106 : * @password_len: Length of password
107 : * @password_hash: 16-octet PasswordHash (OUT)
108 : * Returns: 0 on success, -1 on failure
109 : */
110 672 : int nt_password_hash(const u8 *password, size_t password_len,
111 : u8 *password_hash)
112 : {
113 : u8 buf[512], *pos;
114 : size_t len, max_len;
115 :
116 672 : max_len = sizeof(buf);
117 672 : if (utf8_to_ucs2(password, password_len, buf, max_len, &len) < 0)
118 0 : return -1;
119 :
120 672 : len *= 2;
121 672 : pos = buf;
122 672 : return md4_vector(1, (const u8 **) &pos, &len, password_hash);
123 : }
124 :
125 :
126 : /**
127 : * hash_nt_password_hash - HashNtPasswordHash() - RFC 2759, Sect. 8.4
128 : * @password_hash: 16-octet PasswordHash (IN)
129 : * @password_hash_hash: 16-octet PasswordHashHash (OUT)
130 : * Returns: 0 on success, -1 on failure
131 : */
132 457 : int hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash)
133 : {
134 457 : size_t len = 16;
135 457 : return md4_vector(1, &password_hash, &len, password_hash_hash);
136 : }
137 :
138 :
139 : /**
140 : * challenge_response - ChallengeResponse() - RFC 2759, Sect. 8.5
141 : * @challenge: 8-octet Challenge (IN)
142 : * @password_hash: 16-octet PasswordHash (IN)
143 : * @response: 24-octet Response (OUT)
144 : */
145 303 : void challenge_response(const u8 *challenge, const u8 *password_hash,
146 : u8 *response)
147 : {
148 : u8 zpwd[7];
149 303 : des_encrypt(challenge, password_hash, response);
150 303 : des_encrypt(challenge, password_hash + 7, response + 8);
151 303 : zpwd[0] = password_hash[14];
152 303 : zpwd[1] = password_hash[15];
153 303 : os_memset(zpwd + 2, 0, 5);
154 303 : des_encrypt(challenge, zpwd, response + 16);
155 303 : }
156 :
157 :
158 : /**
159 : * generate_nt_response - GenerateNTResponse() - RFC 2759, Sect. 8.1
160 : * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
161 : * @peer_challenge: 16-octet PeerChallenge (IN)
162 : * @username: 0-to-256-char UserName (IN)
163 : * @username_len: Length of username
164 : * @password: 0-to-256-unicode-char Password (IN; UTF-8)
165 : * @password_len: Length of password
166 : * @response: 24-octet Response (OUT)
167 : * Returns: 0 on success, -1 on failure
168 : */
169 255 : int generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge,
170 : const u8 *username, size_t username_len,
171 : const u8 *password, size_t password_len,
172 : u8 *response)
173 : {
174 : u8 challenge[8];
175 : u8 password_hash[16];
176 :
177 255 : if (challenge_hash(peer_challenge, auth_challenge, username,
178 : username_len, challenge))
179 0 : return -1;
180 255 : if (nt_password_hash(password, password_len, password_hash))
181 0 : return -1;
182 255 : challenge_response(challenge, password_hash, response);
183 255 : return 0;
184 : }
185 :
186 :
187 : /**
188 : * generate_nt_response_pwhash - GenerateNTResponse() - RFC 2759, Sect. 8.1
189 : * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
190 : * @peer_challenge: 16-octet PeerChallenge (IN)
191 : * @username: 0-to-256-char UserName (IN)
192 : * @username_len: Length of username
193 : * @password_hash: 16-octet PasswordHash (IN)
194 : * @response: 24-octet Response (OUT)
195 : * Returns: 0 on success, -1 on failure
196 : */
197 18 : int generate_nt_response_pwhash(const u8 *auth_challenge,
198 : const u8 *peer_challenge,
199 : const u8 *username, size_t username_len,
200 : const u8 *password_hash,
201 : u8 *response)
202 : {
203 : u8 challenge[8];
204 :
205 18 : if (challenge_hash(peer_challenge, auth_challenge,
206 : username, username_len,
207 : challenge))
208 0 : return -1;
209 18 : challenge_response(challenge, password_hash, response);
210 18 : return 0;
211 : }
212 :
213 :
214 : /**
215 : * generate_authenticator_response_pwhash - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7
216 : * @password_hash: 16-octet PasswordHash (IN)
217 : * @nt_response: 24-octet NT-Response (IN)
218 : * @peer_challenge: 16-octet PeerChallenge (IN)
219 : * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
220 : * @username: 0-to-256-char UserName (IN)
221 : * @username_len: Length of username
222 : * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually
223 : * encoded as a 42-octet ASCII string (S=hexdump_of_response)
224 : * Returns: 0 on success, -1 on failure
225 : */
226 268 : int generate_authenticator_response_pwhash(
227 : const u8 *password_hash,
228 : const u8 *peer_challenge, const u8 *auth_challenge,
229 : const u8 *username, size_t username_len,
230 : const u8 *nt_response, u8 *response)
231 : {
232 : static const u8 magic1[39] = {
233 : 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
234 : 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
235 : 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
236 : 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74
237 : };
238 : static const u8 magic2[41] = {
239 : 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
240 : 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
241 : 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
242 : 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
243 : 0x6E
244 : };
245 :
246 : u8 password_hash_hash[16], challenge[8];
247 : const unsigned char *addr1[3];
248 268 : const size_t len1[3] = { 16, 24, sizeof(magic1) };
249 : const unsigned char *addr2[3];
250 268 : const size_t len2[3] = { SHA1_MAC_LEN, 8, sizeof(magic2) };
251 :
252 268 : addr1[0] = password_hash_hash;
253 268 : addr1[1] = nt_response;
254 268 : addr1[2] = magic1;
255 :
256 268 : addr2[0] = response;
257 268 : addr2[1] = challenge;
258 268 : addr2[2] = magic2;
259 :
260 268 : if (hash_nt_password_hash(password_hash, password_hash_hash))
261 0 : return -1;
262 268 : if (sha1_vector(3, addr1, len1, response))
263 0 : return -1;
264 :
265 268 : if (challenge_hash(peer_challenge, auth_challenge, username,
266 : username_len, challenge))
267 0 : return -1;
268 268 : return sha1_vector(3, addr2, len2, response);
269 : }
270 :
271 :
272 : /**
273 : * generate_authenticator_response - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7
274 : * @password: 0-to-256-unicode-char Password (IN; UTF-8)
275 : * @password_len: Length of password
276 : * @nt_response: 24-octet NT-Response (IN)
277 : * @peer_challenge: 16-octet PeerChallenge (IN)
278 : * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
279 : * @username: 0-to-256-char UserName (IN)
280 : * @username_len: Length of username
281 : * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually
282 : * encoded as a 42-octet ASCII string (S=hexdump_of_response)
283 : * Returns: 0 on success, -1 on failure
284 : */
285 203 : int generate_authenticator_response(const u8 *password, size_t password_len,
286 : const u8 *peer_challenge,
287 : const u8 *auth_challenge,
288 : const u8 *username, size_t username_len,
289 : const u8 *nt_response, u8 *response)
290 : {
291 : u8 password_hash[16];
292 203 : if (nt_password_hash(password, password_len, password_hash))
293 0 : return -1;
294 203 : return generate_authenticator_response_pwhash(
295 : password_hash, peer_challenge, auth_challenge,
296 : username, username_len, nt_response, response);
297 : }
298 :
299 :
300 : /**
301 : * nt_challenge_response - NtChallengeResponse() - RFC 2433, Sect. A.5
302 : * @challenge: 8-octet Challenge (IN)
303 : * @password: 0-to-256-unicode-char Password (IN; UTF-8)
304 : * @password_len: Length of password
305 : * @response: 24-octet Response (OUT)
306 : * Returns: 0 on success, -1 on failure
307 : */
308 28 : int nt_challenge_response(const u8 *challenge, const u8 *password,
309 : size_t password_len, u8 *response)
310 : {
311 : u8 password_hash[16];
312 28 : if (nt_password_hash(password, password_len, password_hash))
313 0 : return -1;
314 28 : challenge_response(challenge, password_hash, response);
315 28 : return 0;
316 : }
317 :
318 :
319 : /**
320 : * get_master_key - GetMasterKey() - RFC 3079, Sect. 3.4
321 : * @password_hash_hash: 16-octet PasswordHashHash (IN)
322 : * @nt_response: 24-octet NTResponse (IN)
323 : * @master_key: 16-octet MasterKey (OUT)
324 : * Returns: 0 on success, -1 on failure
325 : */
326 186 : int get_master_key(const u8 *password_hash_hash, const u8 *nt_response,
327 : u8 *master_key)
328 : {
329 : static const u8 magic1[27] = {
330 : 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
331 : 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
332 : 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79
333 : };
334 : const unsigned char *addr[3];
335 186 : const size_t len[3] = { 16, 24, sizeof(magic1) };
336 : u8 hash[SHA1_MAC_LEN];
337 :
338 186 : addr[0] = password_hash_hash;
339 186 : addr[1] = nt_response;
340 186 : addr[2] = magic1;
341 :
342 186 : if (sha1_vector(3, addr, len, hash))
343 0 : return -1;
344 186 : os_memcpy(master_key, hash, 16);
345 186 : return 0;
346 : }
347 :
348 :
349 : /**
350 : * get_asymetric_start_key - GetAsymetricStartKey() - RFC 3079, Sect. 3.4
351 : * @master_key: 16-octet MasterKey (IN)
352 : * @session_key: 8-to-16 octet SessionKey (OUT)
353 : * @session_key_len: SessionKeyLength (Length of session_key) (IN)
354 : * @is_send: IsSend (IN, BOOLEAN)
355 : * @is_server: IsServer (IN, BOOLEAN)
356 : * Returns: 0 on success, -1 on failure
357 : */
358 121 : int get_asymetric_start_key(const u8 *master_key, u8 *session_key,
359 : size_t session_key_len, int is_send,
360 : int is_server)
361 : {
362 : static const u8 magic2[84] = {
363 : 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
364 : 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
365 : 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
366 : 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
367 : 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
368 : 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
369 : 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
370 : 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
371 : 0x6b, 0x65, 0x79, 0x2e
372 : };
373 : static const u8 magic3[84] = {
374 : 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
375 : 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
376 : 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
377 : 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
378 : 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
379 : 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
380 : 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
381 : 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
382 : 0x6b, 0x65, 0x79, 0x2e
383 : };
384 : static const u8 shs_pad1[40] = {
385 : 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
386 : 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
387 : 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
388 : 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
389 : };
390 :
391 : static const u8 shs_pad2[40] = {
392 : 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
393 : 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
394 : 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
395 : 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2
396 : };
397 : u8 digest[SHA1_MAC_LEN];
398 : const unsigned char *addr[4];
399 121 : const size_t len[4] = { 16, 40, 84, 40 };
400 :
401 121 : addr[0] = master_key;
402 121 : addr[1] = shs_pad1;
403 121 : if (is_send) {
404 61 : addr[2] = is_server ? magic3 : magic2;
405 : } else {
406 60 : addr[2] = is_server ? magic2 : magic3;
407 : }
408 121 : addr[3] = shs_pad2;
409 :
410 121 : if (sha1_vector(4, addr, len, digest))
411 0 : return -1;
412 :
413 121 : if (session_key_len > SHA1_MAC_LEN)
414 0 : session_key_len = SHA1_MAC_LEN;
415 121 : os_memcpy(session_key, digest, session_key_len);
416 121 : return 0;
417 : }
418 :
419 :
420 : #define PWBLOCK_LEN 516
421 :
422 : /**
423 : * encrypt_pw_block_with_password_hash - EncryptPwBlockWithPasswordHash() - RFC 2759, Sect. 8.10
424 : * @password: 0-to-256-unicode-char Password (IN; UTF-8)
425 : * @password_len: Length of password
426 : * @password_hash: 16-octet PasswordHash (IN)
427 : * @pw_block: 516-byte PwBlock (OUT)
428 : * Returns: 0 on success, -1 on failure
429 : */
430 0 : int encrypt_pw_block_with_password_hash(
431 : const u8 *password, size_t password_len,
432 : const u8 *password_hash, u8 *pw_block)
433 : {
434 : size_t ucs2_len, offset;
435 : u8 *pos;
436 :
437 0 : os_memset(pw_block, 0, PWBLOCK_LEN);
438 :
439 0 : if (utf8_to_ucs2(password, password_len, pw_block, 512, &ucs2_len) < 0)
440 0 : return -1;
441 :
442 0 : if (ucs2_len > 256)
443 0 : return -1;
444 :
445 0 : offset = (256 - ucs2_len) * 2;
446 0 : if (offset != 0) {
447 0 : os_memmove(pw_block + offset, pw_block, ucs2_len * 2);
448 0 : if (os_get_random(pw_block, offset) < 0)
449 0 : return -1;
450 : }
451 : /*
452 : * PasswordLength is 4 octets, but since the maximum password length is
453 : * 256, only first two (in little endian byte order) can be non-zero.
454 : */
455 0 : pos = &pw_block[2 * 256];
456 0 : WPA_PUT_LE16(pos, password_len * 2);
457 0 : rc4_skip(password_hash, 16, 0, pw_block, PWBLOCK_LEN);
458 0 : return 0;
459 : }
460 :
461 :
462 : /**
463 : * new_password_encrypted_with_old_nt_password_hash - NewPasswordEncryptedWithOldNtPasswordHash() - RFC 2759, Sect. 8.9
464 : * @new_password: 0-to-256-unicode-char NewPassword (IN; UTF-8)
465 : * @new_password_len: Length of new_password
466 : * @old_password: 0-to-256-unicode-char OldPassword (IN; UTF-8)
467 : * @old_password_len: Length of old_password
468 : * @encrypted_pw_block: 516-octet EncryptedPwBlock (OUT)
469 : * Returns: 0 on success, -1 on failure
470 : */
471 0 : int new_password_encrypted_with_old_nt_password_hash(
472 : const u8 *new_password, size_t new_password_len,
473 : const u8 *old_password, size_t old_password_len,
474 : u8 *encrypted_pw_block)
475 : {
476 : u8 password_hash[16];
477 :
478 0 : if (nt_password_hash(old_password, old_password_len, password_hash))
479 0 : return -1;
480 0 : if (encrypt_pw_block_with_password_hash(new_password, new_password_len,
481 : password_hash,
482 : encrypted_pw_block))
483 0 : return -1;
484 0 : return 0;
485 : }
486 :
487 :
488 : /**
489 : * nt_password_hash_encrypted_with_block - NtPasswordHashEncryptedWithBlock() - RFC 2759, Sect 8.13
490 : * @password_hash: 16-octer PasswordHash (IN)
491 : * @block: 16-octet Block (IN)
492 : * @cypher: 16-octer Cypher (OUT)
493 : */
494 0 : void nt_password_hash_encrypted_with_block(const u8 *password_hash,
495 : const u8 *block, u8 *cypher)
496 : {
497 0 : des_encrypt(password_hash, block, cypher);
498 0 : des_encrypt(password_hash + 8, block + 7, cypher + 8);
499 0 : }
500 :
501 :
502 : /**
503 : * old_nt_password_hash_encrypted_with_new_nt_password_hash - OldNtPasswordHashEncryptedWithNewNtPasswordHash() - RFC 2759, Sect. 8.12
504 : * @new_password: 0-to-256-unicode-char NewPassword (IN; UTF-8)
505 : * @new_password_len: Length of new_password
506 : * @old_password: 0-to-256-unicode-char OldPassword (IN; UTF-8)
507 : * @old_password_len: Length of old_password
508 : * @encrypted_password_hash: 16-octet EncryptedPasswordHash (OUT)
509 : * Returns: 0 on success, -1 on failure
510 : */
511 0 : int old_nt_password_hash_encrypted_with_new_nt_password_hash(
512 : const u8 *new_password, size_t new_password_len,
513 : const u8 *old_password, size_t old_password_len,
514 : u8 *encrypted_password_hash)
515 : {
516 : u8 old_password_hash[16], new_password_hash[16];
517 :
518 0 : if (nt_password_hash(old_password, old_password_len,
519 0 : old_password_hash) ||
520 0 : nt_password_hash(new_password, new_password_len,
521 : new_password_hash))
522 0 : return -1;
523 0 : nt_password_hash_encrypted_with_block(old_password_hash,
524 : new_password_hash,
525 : encrypted_password_hash);
526 0 : return 0;
527 : }
|
