1/*	$NetBSD: chap-new.h,v 1.5 2021/01/09 16:39:28 christos Exp $	*/
2
3/*
4 * chap-new.c - New CHAP implementation.
5 *
6 * Copyright (c) 2003 Paul Mackerras. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 *
15 * 2. The name(s) of the authors of this software must not be used to
16 *    endorse or promote products derived from this software without
17 *    prior written permission.
18 *
19 * 3. Redistributions of any form whatsoever must retain the following
20 *    acknowledgment:
21 *    "This product includes software developed by Paul Mackerras
22 *     <paulus@samba.org>".
23 *
24 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
25 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
26 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
27 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
28 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
29 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
30 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
31 */
32
33/*
34 * CHAP packets begin with a standard header with code, id, len (2 bytes).
35 */
36#define CHAP_HDRLEN	4
37
38/*
39 * Values for the code field.
40 */
41#define CHAP_CHALLENGE	1
42#define CHAP_RESPONSE	2
43#define CHAP_SUCCESS	3
44#define CHAP_FAILURE	4
45
46/*
47 * CHAP digest codes.
48 */
49#define CHAP_MD5		5
50#define CHAP_MICROSOFT		0x80
51#define CHAP_MICROSOFT_V2	0x81
52
53/*
54 * Semi-arbitrary limits on challenge and response fields.
55 */
56#define MAX_CHALLENGE_LEN	64
57#define MAX_RESPONSE_LEN	64
58
59/* bitmask of supported algorithms */
60#define MDTYPE_MICROSOFT_V2	0x1
61#define MDTYPE_MICROSOFT	0x2
62#define MDTYPE_MD5		0x4
63#define MDTYPE_NONE		0
64
65/* hashes supported by this instance of pppd */
66extern int chap_mdtype_all;
67
68/* Return the digest alg. ID for the most preferred digest type. */
69#define CHAP_DIGEST(mdtype) \
70    ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
71    ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
72    ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
73    0
74
75/* Return the bit flag (lsb set) for our most preferred digest type. */
76#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
77
78/* Return the bit flag for a given digest algorithm ID. */
79#define CHAP_MDTYPE_D(digest) \
80    ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
81    ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
82    ((digest) == CHAP_MD5)? MDTYPE_MD5: \
83    0
84
85/* Can we do the requested digest? */
86#define CHAP_CANDIGEST(mdtype, digest) \
87    ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
88    ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
89    ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
90    0
91
92/*
93 * The code for each digest type has to supply one of these.
94 */
95struct chap_digest_type {
96	int code;
97
98	/*
99	 * Note: challenge and response arguments below are formatted as
100	 * a length byte followed by the actual challenge/response data.
101	 */
102	void (*generate_challenge)(unsigned char *challenge);
103	int (*verify_response)(int id, char *name,
104		unsigned char *secret, int secret_len,
105		unsigned char *challenge, unsigned char *response,
106		char *message, int message_space);
107	void (*make_response)(unsigned char *response, int id, char *our_name,
108		unsigned char *challenge, char *secret, int secret_len,
109		unsigned char *priv);
110	int (*check_success)(int id, unsigned char *pkt, int len);
111	void (*handle_failure)(unsigned char *pkt, int len);
112
113	struct chap_digest_type *next;
114};
115
116/* Hook for a plugin to validate CHAP challenge */
117extern int (*chap_verify_hook)(char *name, char *ourname, int id,
118			struct chap_digest_type *digest,
119			unsigned char *challenge, unsigned char *response,
120			char *message, int message_space);
121
122/* Called by digest code to register a digest type */
123extern void chap_register_digest(struct chap_digest_type *);
124
125/* Lookup a digest handler by type */
126extern struct chap_digest_type *chap_find_digest(int digest_code);
127
128/* Called by authentication code to start authenticating the peer. */
129extern void chap_auth_peer(int unit, char *our_name, int digest_code);
130
131/* Called by auth. code to start authenticating us to the peer. */
132extern void chap_auth_with_peer(int unit, char *our_name, int digest_code);
133
134/* Represents the CHAP protocol to the main pppd code */
135extern struct protent chap_protent;
136