/* * * Wireless daemon for Linux * * Copyright (C) 2016 Markus Ongyerth. All rights reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include "src/eap-mschapv2.h" #include "src/mschaputil.h" /* The test values here are taken from the RFCs the functions are defined in */ /* https://tools.ietf.org/html/rfc2759 */ const char *user = "User"; const char *nt_password = "clientPass"; const uint8_t password_hash[] = { 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE }; const uint8_t server_challenge[] = { 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E, 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28 }; const uint8_t peer_challenge[] = { 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E }; const uint8_t nt_response[] = { 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF }; const uint8_t password_hash_hash[] = { 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C, 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F }; const char *authenticator_response = "S=407A5589115FD0D6209F510FE9C04566932CDA56"; /* https://tools.ietf.org/html/draft-ietf-pppext-mschapv2-keys-02 */ const uint8_t master_key[] = { 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C, 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31 }; const uint8_t m_session_key[] = { 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B, 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB }; static void test_nt_password_hash(const void *data) { uint8_t hash[16]; assert(mschap_nt_password_hash(nt_password, hash)); assert(!memcmp(hash, password_hash, sizeof(password_hash))); } static void test_generate_nt_response(const void *data) { uint8_t nt_resp[24]; assert(mschapv2_generate_nt_response(password_hash, peer_challenge, server_challenge, user, nt_resp)); assert(!memcmp(nt_resp, nt_response, sizeof(nt_response))); } static void test_authenticator_response(const void *data) { char buf[43]; buf[42] = '\0'; assert(mschapv2_generate_authenticator_response(password_hash_hash, nt_response, peer_challenge, server_challenge, user, buf)); assert(!strcmp(buf, authenticator_response)); } static void test_get_master_key(const void *data) { uint8_t m_key[16]; assert(mschapv2_get_master_key(password_hash_hash, nt_response, m_key)); assert(!memcmp(m_key, master_key, sizeof(master_key))); } static void test_get_asym_key(const void *data) { uint8_t msk[20]; assert(mschapv2_get_asymmetric_start_key(master_key, msk, sizeof(msk), true, true)); assert(!memcmp(msk, m_session_key, sizeof(m_session_key))); } int main(int argc, char *argv[]) { l_test_init(&argc, &argv); if (!l_checksum_is_supported(L_CHECKSUM_MD4, false)) { printf("MD4 support missing, skipping...\n"); goto done; } l_test_add("MSHAPv2 nt_password-hash", test_nt_password_hash, NULL); l_test_add("MSHAPv2 generate_nt_response", test_generate_nt_response, NULL); l_test_add("MSHAPv2 get_master_key", test_get_master_key, NULL); l_test_add("MSHAPv2 get_asym_state_key", test_get_asym_key, NULL); l_test_add("MSHAPv2 authenticator_response", test_authenticator_response, NULL); done: return l_test_run(); }