iked includes a few mschap functions that it doesn't use. smaller, cleaner, better without them.
Another copy of this code lives in npppd, though the required functions there are slightly different. (The chap_ms.c file in pppd is entirely different.) Index: chap_ms.c =================================================================== RCS file: /cvs/src/sbin/iked/chap_ms.c,v retrieving revision 1.7 diff -u -p -r1.7 chap_ms.c --- chap_ms.c 16 Apr 2014 04:59:56 -0000 1.7 +++ chap_ms.c 19 Nov 2014 03:32:13 -0000 @@ -331,79 +331,3 @@ mschap_msk(u_int8_t *password, int passw memcpy(msk, &recvkey, sizeof(recvkey)); memcpy(msk + sizeof(recvkey), &sendkey, sizeof(sendkey)); } - -void -mschap_newkey(u_int8_t *startkey, u_int8_t *sessionkey, - long sessionkeylen, u_int8_t *key) -{ - EVP_MD_CTX ctx; - u_int8_t md[SHA_DIGEST_LENGTH]; - u_int mdlen; - - EVP_DigestInit(&ctx, EVP_sha1()); - EVP_DigestUpdate(&ctx, startkey, sessionkeylen); - EVP_DigestUpdate(&ctx, sha1_pad1, sizeof(sha1_pad1)); - EVP_DigestUpdate(&ctx, sessionkey, sessionkeylen); - EVP_DigestUpdate(&ctx, sha1_pad2, sizeof(sha1_pad2)); - EVP_DigestFinal(&ctx, md, &mdlen); - - memcpy(key, md, sessionkeylen); -} - -void -mschap_nt(u_int8_t *password_hash, u_int8_t *challenge) -{ - u_int8_t response[24]; - - mschap_challenge_response(challenge, password_hash, response); - memcpy(password_hash, response, sizeof(response)); - password_hash[24] = 1; /* NT-style response */ -} - -void -mschap_lanman(u_int8_t *digest, u_int8_t *challenge, u_int8_t *secret) -{ - static u_int8_t salt[] = "KGS!@#$%"; /* RASAPI32.dll */ - u_int8_t SECRET[14 + 1], *ptr, *end; - u_int8_t hash[MSCHAP_HASH_SZ]; - - bzero(&SECRET, sizeof(SECRET)); - end = SECRET + (sizeof(SECRET) - 1); - for (ptr = SECRET; *secret && ptr < end; ptr++, secret++) - *ptr = toupper(*secret); - - mschap_des_encrypt(salt, SECRET, hash); - mschap_des_encrypt(salt, SECRET + 7, hash + 8); - - mschap_challenge_response(challenge, hash, digest); -} - -void -mschap_radiuskey(u_int8_t *plain, const u_int8_t *crypted, - const u_int8_t *authenticator, const u_int8_t *secret) -{ - EVP_MD_CTX ctx; - u_int8_t b[MD5_DIGEST_LENGTH], p[32]; - u_int i, mdlen; - - EVP_DigestInit(&ctx, EVP_md5()); - EVP_DigestUpdate(&ctx, secret, strlen(secret)); - EVP_DigestUpdate(&ctx, authenticator, 16); - EVP_DigestUpdate(&ctx, crypted, 2); - EVP_DigestFinal(&ctx, b, &mdlen); - - for (i = 0; i < mdlen; i++) { - p[i] = b[i] ^ crypted[i+2]; - } - - EVP_DigestInit(&ctx, EVP_md5()); - EVP_DigestUpdate(&ctx, secret, strlen(secret)); - EVP_DigestUpdate(&ctx, crypted + 2, mdlen); - EVP_DigestFinal(&ctx, b, &mdlen); - - for (i = 0; i < mdlen; i++) { - p[i+16] = b[i] ^ crypted[i+18]; - } - - memcpy(plain, p+1, 16); -} Index: chap_ms.h =================================================================== RCS file: /cvs/src/sbin/iked/chap_ms.h,v retrieving revision 1.3 diff -u -p -r1.3 chap_ms.h --- chap_ms.h 8 Jan 2013 10:38:19 -0000 1.3 +++ chap_ms.h 19 Nov 2014 03:32:35 -0000 @@ -34,18 +34,12 @@ void mschap_nt_response(u_int8_t *, u_i void mschap_auth_response(u_int8_t *, int, u_int8_t *, u_int8_t *, u_int8_t *, u_int8_t *, int, u_int8_t *); -void mschap_nt(u_int8_t *, u_int8_t *); -void mschap_lanman(u_int8_t *, u_int8_t *, u_int8_t *); - void mschap_ntpassword_hash(u_int8_t *, int, u_int8_t *); void mschap_challenge_hash(u_int8_t *, u_int8_t *, u_int8_t *, int, u_int8_t *); void mschap_asymetric_startkey(u_int8_t *, u_int8_t *, int, int, int); void mschap_masterkey(u_int8_t *, u_int8_t *, u_int8_t *); -void mschap_newkey(u_int8_t *, u_int8_t *, long, u_int8_t *); -void mschap_radiuskey(u_int8_t *, const u_int8_t *, const u_int8_t *, - const u_int8_t *); void mschap_msk(u_int8_t *, int, u_int8_t *, u_int8_t *); #endif /* _CHAP_MS_H */