iked includes a few mschap functions that it doesn't use. smaller,
cleaner, better without them.
Another copy of this code lives in npppd, though the required
functions there are slightly different. (The chap_ms.c file in pppd is
entirely different.)
Index: chap_ms.c
===================================================================
RCS file: /cvs/src/sbin/iked/chap_ms.c,v
retrieving revision 1.7
diff -u -p -r1.7 chap_ms.c
--- chap_ms.c 16 Apr 2014 04:59:56 -0000 1.7
+++ chap_ms.c 19 Nov 2014 03:32:13 -0000
@@ -331,79 +331,3 @@ mschap_msk(u_int8_t *password, int passw
memcpy(msk, &recvkey, sizeof(recvkey));
memcpy(msk + sizeof(recvkey), &sendkey, sizeof(sendkey));
}
-
-void
-mschap_newkey(u_int8_t *startkey, u_int8_t *sessionkey,
- long sessionkeylen, u_int8_t *key)
-{
- EVP_MD_CTX ctx;
- u_int8_t md[SHA_DIGEST_LENGTH];
- u_int mdlen;
-
- EVP_DigestInit(&ctx, EVP_sha1());
- EVP_DigestUpdate(&ctx, startkey, sessionkeylen);
- EVP_DigestUpdate(&ctx, sha1_pad1, sizeof(sha1_pad1));
- EVP_DigestUpdate(&ctx, sessionkey, sessionkeylen);
- EVP_DigestUpdate(&ctx, sha1_pad2, sizeof(sha1_pad2));
- EVP_DigestFinal(&ctx, md, &mdlen);
-
- memcpy(key, md, sessionkeylen);
-}
-
-void
-mschap_nt(u_int8_t *password_hash, u_int8_t *challenge)
-{
- u_int8_t response[24];
-
- mschap_challenge_response(challenge, password_hash, response);
- memcpy(password_hash, response, sizeof(response));
- password_hash[24] = 1; /* NT-style response */
-}
-
-void
-mschap_lanman(u_int8_t *digest, u_int8_t *challenge, u_int8_t *secret)
-{
- static u_int8_t salt[] = "KGS!@#$%"; /* RASAPI32.dll */
- u_int8_t SECRET[14 + 1], *ptr, *end;
- u_int8_t hash[MSCHAP_HASH_SZ];
-
- bzero(&SECRET, sizeof(SECRET));
- end = SECRET + (sizeof(SECRET) - 1);
- for (ptr = SECRET; *secret && ptr < end; ptr++, secret++)
- *ptr = toupper(*secret);
-
- mschap_des_encrypt(salt, SECRET, hash);
- mschap_des_encrypt(salt, SECRET + 7, hash + 8);
-
- mschap_challenge_response(challenge, hash, digest);
-}
-
-void
-mschap_radiuskey(u_int8_t *plain, const u_int8_t *crypted,
- const u_int8_t *authenticator, const u_int8_t *secret)
-{
- EVP_MD_CTX ctx;
- u_int8_t b[MD5_DIGEST_LENGTH], p[32];
- u_int i, mdlen;
-
- EVP_DigestInit(&ctx, EVP_md5());
- EVP_DigestUpdate(&ctx, secret, strlen(secret));
- EVP_DigestUpdate(&ctx, authenticator, 16);
- EVP_DigestUpdate(&ctx, crypted, 2);
- EVP_DigestFinal(&ctx, b, &mdlen);
-
- for (i = 0; i < mdlen; i++) {
- p[i] = b[i] ^ crypted[i+2];
- }
-
- EVP_DigestInit(&ctx, EVP_md5());
- EVP_DigestUpdate(&ctx, secret, strlen(secret));
- EVP_DigestUpdate(&ctx, crypted + 2, mdlen);
- EVP_DigestFinal(&ctx, b, &mdlen);
-
- for (i = 0; i < mdlen; i++) {
- p[i+16] = b[i] ^ crypted[i+18];
- }
-
- memcpy(plain, p+1, 16);
-}
Index: chap_ms.h
===================================================================
RCS file: /cvs/src/sbin/iked/chap_ms.h,v
retrieving revision 1.3
diff -u -p -r1.3 chap_ms.h
--- chap_ms.h 8 Jan 2013 10:38:19 -0000 1.3
+++ chap_ms.h 19 Nov 2014 03:32:35 -0000
@@ -34,18 +34,12 @@ void mschap_nt_response(u_int8_t *, u_i
void mschap_auth_response(u_int8_t *, int, u_int8_t *, u_int8_t *,
u_int8_t *, u_int8_t *, int, u_int8_t *);
-void mschap_nt(u_int8_t *, u_int8_t *);
-void mschap_lanman(u_int8_t *, u_int8_t *, u_int8_t *);
-
void mschap_ntpassword_hash(u_int8_t *, int, u_int8_t *);
void mschap_challenge_hash(u_int8_t *, u_int8_t *, u_int8_t *,
int, u_int8_t *);
void mschap_asymetric_startkey(u_int8_t *, u_int8_t *, int, int, int);
void mschap_masterkey(u_int8_t *, u_int8_t *, u_int8_t *);
-void mschap_newkey(u_int8_t *, u_int8_t *, long, u_int8_t *);
-void mschap_radiuskey(u_int8_t *, const u_int8_t *, const u_int8_t *,
- const u_int8_t *);
void mschap_msk(u_int8_t *, int, u_int8_t *, u_int8_t *);
#endif /* _CHAP_MS_H */
