-/*
- * ntpwdhash converts Unicode password to 16-byte NT hash
- * with MD4
- */
-static void ntpwdhash (char *szHash, const char *szPassword)
-{
- char szUnicodePass[513];
- int nPasswordLen;
- int i;
-
- /*
- * NT passwords are unicode. Convert plain text password
- * to unicode by inserting a zero every other byte
- */
- nPasswordLen = strlen(szPassword);
- for (i = 0; i < nPasswordLen; i++) {
- szUnicodePass[i << 1] = szPassword[i];
- szUnicodePass[(i << 1) + 1] = 0;
- }
-
- /* Encrypt Unicode password to a 16-byte MD4 hash */
- md4_calc(szHash, szUnicodePass, (nPasswordLen<<1) );
-}
-
-
-/*
- * challenge_hash() is used by mschap2() and auth_response()
- * implements RFC2759 ChallengeHash()
- * generates 64 bit challenge
- */
-static void challenge_hash( const char *peer_challenge,
- const char *auth_challenge,
- const char *user_name, char *challenge )
-{
- SHA1_CTX Context;
- char hash[20];
-
- SHA1Init(&Context);
- SHA1Update(&Context, peer_challenge, 16);
- SHA1Update(&Context, auth_challenge, 16);
- SHA1Update(&Context, user_name, strlen(user_name));
- SHA1Final(hash, &Context);
- memcpy(challenge, hash, 8);
-}
-
-/*
- * auth_response() generates MS-CHAP v2 SUCCESS response
- * according to RFC 2759 GenerateAuthenticatorResponse()
- * returns 42-octet response string
- */
-static void auth_response(const char *username,
- const char *nt_hash_hash,
- char *ntresponse,
- char *peer_challenge, char *auth_challenge,
- char *response)
-{
- SHA1_CTX Context;
- const char magic1[39] =
- {0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
- 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
- 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
- 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74};
-
- const char magic2[41] =
- {0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
- 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
- 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
- 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
- 0x6E};
-
- char challenge[8];
- char digest[20];
-
- SHA1Init(&Context);
- SHA1Update(&Context, nt_hash_hash, 16);
- SHA1Update(&Context, ntresponse, 24);
- SHA1Update(&Context, magic1, 39);
- SHA1Final(digest, &Context);
- challenge_hash(peer_challenge, auth_challenge, username, challenge);
- SHA1Init(&Context);
- SHA1Update(&Context, digest, 20);
- SHA1Update(&Context, challenge, 8);
- SHA1Update(&Context, magic2, 41);
- SHA1Final(digest, &Context);
-
- /*
- * Encode the value of 'Digest' as "S=" followed by
- * 40 ASCII hexadecimal digits and return it in
- * AuthenticatorResponse.
- * For example,
- * "S=0123456789ABCDEF0123456789ABCDEF01234567"
- */
- response[0] = 'S';
- response[1] = '=';
- bin2hex(digest, response + 2, 20);
-}
-
-