Verify CHAP/MSCHAPv2 return code
Check the return code in some (but not yet all) places where the functions from ms_funcs.c are used.
This commit is contained in:
Jouni Malinen
parent
ce78b289c4
commit
c5f6ad5766
5 changed files with 56 additions and 27 deletions
|
|
@ -43,7 +43,8 @@ int main(int argc, char *argv[])
|
|||
password = buf;
|
||||
}
|
||||
|
||||
nt_password_hash((u8 *) password, strlen(password), password_hash);
|
||||
if (nt_password_hash((u8 *) password, strlen(password), password_hash))
|
||||
return -1;
|
||||
for (i = 0; i < sizeof(password_hash); i++)
|
||||
printf("%02x", password_hash[i]);
|
||||
printf("\n");
|
||||
|
|
|
|||
|
|
@ -233,10 +233,16 @@ static struct wpabuf * eap_leap_process_response(struct eap_sm *sm, void *priv,
|
|||
os_memcpy(data->ap_response, pos, LEAP_RESPONSE_LEN);
|
||||
|
||||
if (pwhash) {
|
||||
hash_nt_password_hash(password, pw_hash_hash);
|
||||
if (hash_nt_password_hash(password, pw_hash_hash)) {
|
||||
ret->ignore = TRUE;
|
||||
return NULL;
|
||||
}
|
||||
} else {
|
||||
nt_password_hash(password, password_len, pw_hash);
|
||||
hash_nt_password_hash(pw_hash, pw_hash_hash);
|
||||
if (nt_password_hash(password, password_len, pw_hash) ||
|
||||
hash_nt_password_hash(pw_hash, pw_hash_hash)) {
|
||||
ret->ignore = TRUE;
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
challenge_response(data->ap_challenge, pw_hash_hash, expected);
|
||||
|
||||
|
|
@ -345,11 +351,17 @@ static u8 * eap_leap_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
|||
if (key == NULL)
|
||||
return NULL;
|
||||
|
||||
if (pwhash)
|
||||
hash_nt_password_hash(password, pw_hash_hash);
|
||||
else {
|
||||
nt_password_hash(password, password_len, pw_hash);
|
||||
hash_nt_password_hash(pw_hash, pw_hash_hash);
|
||||
if (pwhash) {
|
||||
if (hash_nt_password_hash(password, pw_hash_hash)) {
|
||||
os_free(key);
|
||||
return NULL;
|
||||
}
|
||||
} else {
|
||||
if (nt_password_hash(password, password_len, pw_hash) ||
|
||||
hash_nt_password_hash(pw_hash, pw_hash_hash)) {
|
||||
os_free(key);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-LEAP: pw_hash_hash",
|
||||
pw_hash_hash, 16);
|
||||
|
|
|
|||
|
|
@ -209,10 +209,15 @@ static struct wpabuf * eap_mschapv2_challenge_reply(
|
|||
"in Phase 1");
|
||||
auth_challenge = data->auth_challenge;
|
||||
}
|
||||
mschapv2_derive_response(identity, identity_len, password,
|
||||
password_len, pwhash, auth_challenge,
|
||||
peer_challenge, r->nt_response,
|
||||
data->auth_response, data->master_key);
|
||||
if (mschapv2_derive_response(identity, identity_len, password,
|
||||
password_len, pwhash, auth_challenge,
|
||||
peer_challenge, r->nt_response,
|
||||
data->auth_response, data->master_key)) {
|
||||
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to derive "
|
||||
"response");
|
||||
wpabuf_free(resp);
|
||||
return NULL;
|
||||
}
|
||||
data->auth_response_valid = 1;
|
||||
data->master_key_valid = 1;
|
||||
|
||||
|
|
|
|||
|
|
@ -691,10 +691,15 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
|
|||
pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN;
|
||||
os_memset(pos, 0, 8); /* Reserved, must be zero */
|
||||
pos += 8;
|
||||
mschapv2_derive_response(identity, identity_len, password,
|
||||
password_len, pwhash, challenge,
|
||||
peer_challenge, pos, data->auth_response,
|
||||
data->master_key);
|
||||
if (mschapv2_derive_response(identity, identity_len, password,
|
||||
password_len, pwhash, challenge,
|
||||
peer_challenge, pos, data->auth_response,
|
||||
data->master_key)) {
|
||||
wpabuf_free(msg);
|
||||
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
|
||||
"response");
|
||||
return -1;
|
||||
}
|
||||
data->auth_response_valid = 1;
|
||||
|
||||
eap_ttlsv1_permute_inner(sm, data);
|
||||
|
|
|
|||
|
|
@ -295,6 +295,7 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
|
|||
u8 expected[24];
|
||||
const u8 *username, *user;
|
||||
size_t username_len, user_len;
|
||||
int res;
|
||||
|
||||
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
|
||||
&len);
|
||||
|
|
@ -372,17 +373,22 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
|
|||
username, username_len);
|
||||
|
||||
if (sm->user->password_hash) {
|
||||
generate_nt_response_pwhash(data->auth_challenge,
|
||||
peer_challenge,
|
||||
username, username_len,
|
||||
sm->user->password,
|
||||
expected);
|
||||
res = generate_nt_response_pwhash(data->auth_challenge,
|
||||
peer_challenge,
|
||||
username, username_len,
|
||||
sm->user->password,
|
||||
expected);
|
||||
} else {
|
||||
generate_nt_response(data->auth_challenge, peer_challenge,
|
||||
username, username_len,
|
||||
sm->user->password,
|
||||
sm->user->password_len,
|
||||
expected);
|
||||
res = generate_nt_response(data->auth_challenge,
|
||||
peer_challenge,
|
||||
username, username_len,
|
||||
sm->user->password,
|
||||
sm->user->password_len,
|
||||
expected);
|
||||
}
|
||||
if (res) {
|
||||
data->state = FAILURE;
|
||||
return;
|
||||
}
|
||||
|
||||
if (os_memcmp(nt_response, expected, 24) == 0) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue