summaryrefslogtreecommitdiffstats
path: root/src/include/ipxe/mschapv2.h
diff options
context:
space:
mode:
authorMichael Brown2024-02-21 17:45:50 +0100
committerMichael Brown2024-02-22 01:08:27 +0100
commit075292cc2dcde1ad2580d37ac019f29a0eaa01ef (patch)
treee3dce344e445df223aa2c9ba83b57db65272b1a5 /src/include/ipxe/mschapv2.h
parent[crypto] Allow for multiple cross-signed certificate download attempts (diff)
downloadipxe-075292cc2dcde1ad2580d37ac019f29a0eaa01ef.tar.gz
ipxe-075292cc2dcde1ad2580d37ac019f29a0eaa01ef.tar.xz
ipxe-075292cc2dcde1ad2580d37ac019f29a0eaa01ef.zip
[crypto] Add implementation of MS-CHAPv2 authentication
Add an implementation of the authentication portions of the MS-CHAPv2 algorithm as defined in RFC 2759, along with the single test vector provided therein. Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe/mschapv2.h')
-rw-r--r--src/include/ipxe/mschapv2.h59
1 files changed, 59 insertions, 0 deletions
diff --git a/src/include/ipxe/mschapv2.h b/src/include/ipxe/mschapv2.h
new file mode 100644
index 00000000..59cf37ee
--- /dev/null
+++ b/src/include/ipxe/mschapv2.h
@@ -0,0 +1,59 @@
+#ifndef _IPXE_MSCHAPV2_H
+#define _IPXE_MSCHAPV2_H
+
+/** @file
+ *
+ * MS-CHAPv2 authentication
+ *
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <stdint.h>
+
+/** An MS-CHAPv2 challenge */
+struct mschapv2_challenge {
+ /** Raw bytes */
+ uint8_t byte[16];
+} __attribute__ (( packed ));
+
+/** An MS-CHAPv2 NT response */
+struct mschapv2_nt_response {
+ /** DES-encrypted blocks */
+ uint8_t block[3][8];
+} __attribute__ (( packed ));
+
+/** An MS-CHAPv2 challenge response */
+struct mschapv2_response {
+ /** Peer challenge */
+ struct mschapv2_challenge peer;
+ /** Reserved, must be zero */
+ uint8_t reserved[8];
+ /** NT response */
+ struct mschapv2_nt_response nt;
+ /** Flags, must be zero */
+ uint8_t flags;
+} __attribute__ (( packed ));
+
+/** An MS-CHAPv2 authenticator response */
+struct mschapv2_auth {
+ /** Authenticator response string
+ *
+ * This is an unterminated 42-byte string of the form
+ * "S=<auth_string>" where <auth_string> is the upper-cased
+ * hexadecimal encoding of the actual authenticator response
+ * value. Joy.
+ */
+ char wtf[42];
+} __attribute__ (( packed ));
+
+extern void mschapv2_response ( const char *username, const char *password,
+ const struct mschapv2_challenge *challenge,
+ const struct mschapv2_challenge *peer,
+ struct mschapv2_response *response );
+extern void mschapv2_auth ( const char *username, const char *password,
+ const struct mschapv2_challenge *challenge,
+ const struct mschapv2_response *response,
+ struct mschapv2_auth *auth );
+
+#endif /* _IPXE_MSCHAPV2_H */