chap.c revision 26516 
1/*
2 *			PPP CHAP Module
3 *
4 *	    Written by Toshiharu OHNO (tony-o@iij.ad.jp)
5 *
6 *   Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd.
7 *
8 * Redistribution and use in source and binary forms are permitted
9 * provided that the above copyright notice and this paragraph are
10 * duplicated in all such forms and that any documentation,
11 * advertising materials, and other materials related to such
12 * distribution and use acknowledge that the software was developed
13 * by the Internet Initiative Japan, Inc.  The name of the
14 * IIJ may not be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19 *
20 * $Id: chap.c,v 1.17 1997/05/26 00:43:56 brian Exp $
21 *
22 *	TODO:
23 */
24#include <sys/types.h>
25#include <time.h>
26#include "fsm.h"
27#include "chap.h"
28#include "lcpproto.h"
29#include "lcp.h"
30#include "hdlc.h"
31#include "phase.h"
32#include "loadalias.h"
33#include "vars.h"
34#include "auth.h"
35
36static char *chapcodes[] = {
37  "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE"
38};
39
40struct authinfo AuthChapInfo  = {
41  SendChapChallenge,
42};
43
44extern char *AuthGetSecret();
45extern int randinit;
46
47void
48ChapOutput(code, id, ptr, count)
49u_int code, id;
50u_char *ptr;
51int count;
52{
53  int plen;
54  struct fsmheader lh;
55  struct mbuf *bp;
56
57  plen =  sizeof(struct fsmheader) + count;
58  lh.code = code;
59  lh.id = id;
60  lh.length = htons(plen);
61  bp = mballoc(plen, MB_FSM);
62  bcopy(&lh, MBUF_CTOP(bp), sizeof(struct fsmheader));
63  if (count)
64    bcopy(ptr, MBUF_CTOP(bp) + sizeof(struct fsmheader), count);
65  LogDumpBp(LogDEBUG, "ChapOutput", bp);
66  LogPrintf(LogLCP, "ChapOutput: %s\n", chapcodes[code]);
67  HdlcOutput(PRI_LINK, PROTO_CHAP, bp);
68}
69
70
71static char challenge_data[80];
72static int  challenge_len;
73
74void
75SendChapChallenge(chapid)
76int chapid;
77{
78  int len, i;
79  char *cp;
80
81  if (!randinit) {
82    randinit = 1;
83    if (srandomdev() < 0)
84      srandom((unsigned long)(time(NULL) ^ getpid()));
85  }
86
87  cp = challenge_data;
88  *cp++ = challenge_len = random() % 32 + 16;
89  for (i = 0; i < challenge_len; i++)
90    *cp++ = random() & 0xff;
91  len = strlen(VarAuthName);
92  bcopy(VarAuthName, cp, len);
93  cp += len;
94  ChapOutput(CHAP_CHALLENGE, chapid, challenge_data, cp - challenge_data);
95}
96
97void
98RecvChapTalk(chp, bp)
99struct fsmheader *chp;
100struct mbuf *bp;
101{
102  int valsize, len;
103  int arglen, keylen, namelen;
104  char *cp, *argp, *ap, *name, *digest;
105  char *keyp;
106  MD5_CTX context;                            /* context */
107  char answer[100];
108  char cdigest[16];
109
110  len = ntohs(chp->length);
111  LogPrintf(LogDEBUG, "RecvChapTalk: length: %d\n", len);
112  arglen = len - sizeof(struct fsmheader);
113  cp = (char *)MBUF_CTOP(bp);
114  valsize = *cp++ & 255;
115  name = cp + valsize;
116  namelen = arglen - valsize - 1;
117  name[namelen] = 0;
118  LogPrintf(LogPHASE, " Valsize = %d, Name = %s\n", valsize, name);
119
120  /*
121   * Get a secret key corresponds to the peer
122   */
123  keyp = AuthGetSecret(SECRETFILE, name, namelen, chp->code == CHAP_RESPONSE);
124
125  switch (chp->code) {
126  case CHAP_CHALLENGE:
127    if (keyp) {
128      keylen = strlen(keyp);
129    } else {
130      keylen = strlen(VarAuthKey);
131      keyp = VarAuthKey;
132    }
133    name = VarAuthName;
134    namelen = strlen(VarAuthName);
135    argp = malloc(1 + valsize + namelen + 16);
136    if (argp == NULL) {
137      ChapOutput(CHAP_FAILURE, chp->id, "Out of memory!", 14);
138      return;
139    }
140    digest = argp;
141    *digest++ = 16;		/* value size */
142    ap = answer;
143    *ap++ = chp->id;
144    bcopy(keyp, ap, keylen);
145    ap += keylen;
146    bcopy(cp, ap, valsize);
147    LogDumpBuff(LogDEBUG, "recv", ap, valsize);
148    ap += valsize;
149    MD5Init(&context);
150    MD5Update(&context, answer, ap - answer);
151    MD5Final(digest, &context);
152    LogDumpBuff(LogDEBUG, "answer", digest, 16);
153    bcopy(name, digest + 16, namelen);
154    ap += namelen;
155    /* Send answer to the peer */
156    ChapOutput(CHAP_RESPONSE, chp->id, argp, namelen + 17);
157    free(argp);
158    break;
159  case CHAP_RESPONSE:
160    if (keyp) {
161      /*
162       * Compute correct digest value
163       */
164      keylen = strlen(keyp);
165      ap = answer;
166      *ap++ = chp->id;
167      bcopy(keyp, ap, keylen);
168      ap += keylen;
169      MD5Init(&context);
170      MD5Update(&context, answer, ap - answer);
171      MD5Update(&context, challenge_data+1, challenge_len);
172      MD5Final(cdigest, &context);
173      LogDumpBuff(LogDEBUG, "got", cp, 16);
174      LogDumpBuff(LogDEBUG, "expect", cdigest, 16);
175      /*
176       * Compare with the response
177       */
178      if (bcmp(cp, cdigest, 16) == 0) {
179	ChapOutput(CHAP_SUCCESS, chp->id, "Wellcome!!", 10);
180	NewPhase(PHASE_NETWORK);
181	break;
182      }
183    }
184    /*
185     * Peer is not registerd, or response digest is wrong.
186     */
187    ChapOutput(CHAP_FAILURE, chp->id, "Invalid!!", 9);
188    reconnect(RECON_FALSE);
189    LcpClose();
190    break;
191  }
192}
193
194void
195RecvChapResult(chp, bp)
196struct fsmheader *chp;
197struct mbuf *bp;
198{
199  int len;
200  struct lcpstate *lcp = &LcpInfo;
201
202  len = ntohs(chp->length);
203  LogPrintf(LogDEBUG, "RecvChapResult: length: %d\n", len);
204  if (chp->code == CHAP_SUCCESS) {
205    if (lcp->auth_iwait == PROTO_CHAP) {
206      lcp->auth_iwait = 0;
207      if (lcp->auth_ineed == 0)
208	NewPhase(PHASE_NETWORK);
209    }
210  } else {
211    /*
212     * Maybe, we shoud close LCP. Of cause, peer may take close action, too.
213     */
214    ;
215  }
216}
217
218void
219ChapInput(struct mbuf *bp)
220{
221  int len = plength(bp);
222  struct fsmheader *chp;
223
224  if (len >= sizeof(struct fsmheader)) {
225    chp = (struct fsmheader *)MBUF_CTOP(bp);
226    if (len >= ntohs(chp->length)) {
227      if (chp->code < 1 || chp->code > 4)
228	chp->code = 0;
229      LogPrintf(LogLCP, "ChapInput: %s\n", chapcodes[chp->code]);
230
231      bp->offset += sizeof(struct fsmheader);
232      bp->cnt -= sizeof(struct fsmheader);
233
234      switch (chp->code) {
235      case CHAP_RESPONSE:
236	StopAuthTimer(&AuthChapInfo);
237	/* Fall into.. */
238      case CHAP_CHALLENGE:
239	RecvChapTalk(chp, bp);
240	break;
241      case CHAP_SUCCESS:
242      case CHAP_FAILURE:
243	RecvChapResult(chp, bp);
244	break;
245      }
246    }
247  }
248  pfree(bp);
249}
250