[pkg-wpa-devel] r1642 - in /wpasupplicant/trunk/debian: changelog config/kfreebsd config/linux patches/for-MS-CHAP-convert-the-password-from-UTF-8-to-UCS-2.patch patches/series wpasupplicant.links
slh-guest at users.alioth.debian.org
slh-guest at users.alioth.debian.org
Mon Dec 19 19:42:53 UTC 2011
Author: slh-guest
Date: Mon Dec 19 19:42:52 2011
New Revision: 1642
URL: http://svn.debian.org/wsvn/pkg-wpa/?sc=1&rev=1642
Log:
* symlink /usr/share/doc/wpasupplicant/ to /usr/share/doc/wpa_supplicant,
which is referred to from upstream documentation (Closes: #537375,
#616120).
* enable BGSCAN_SIMPLE (Closes: #650834).
* add "For MS-CHAP, convert the password from UTF-8 to UCS-2" from
Evan Broder <ebroder at mokafive.com>, accepted upstream into hostap-1.git
(Closes: #649202).
Added:
wpasupplicant/trunk/debian/patches/for-MS-CHAP-convert-the-password-from-UTF-8-to-UCS-2.patch
Modified:
wpasupplicant/trunk/debian/changelog
wpasupplicant/trunk/debian/config/kfreebsd
wpasupplicant/trunk/debian/config/linux
wpasupplicant/trunk/debian/patches/series
wpasupplicant/trunk/debian/wpasupplicant.links
Modified: wpasupplicant/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/changelog?rev=1642&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/changelog (original)
+++ wpasupplicant/trunk/debian/changelog Mon Dec 19 19:42:52 2011
@@ -10,8 +10,15 @@
libnl-genl-3-200-udeb and expect it in /lib/.
* switch build dependency from libnl3-dev to libnl-3-dev && libnl-genl-3-dev
accordingly.
-
- -- Stefan Lippers-Hollmann <s.l-h at gmx.de> Mon, 19 Dec 2011 19:15:10 +0100
+ * symlink /usr/share/doc/wpasupplicant/ to /usr/share/doc/wpa_supplicant,
+ which is referred to from upstream documentation (Closes: #537375,
+ #616120).
+ * enable BGSCAN_SIMPLE (Closes: #650834).
+ * add "For MS-CHAP, convert the password from UTF-8 to UCS-2" from
+ Evan Broder <ebroder at mokafive.com>, accepted upstream into hostap-1.git
+ (Closes: #649202).
+
+ -- Stefan Lippers-Hollmann <s.l-h at gmx.de> Mon, 19 Dec 2011 20:25:50 +0100
wpasupplicant (0.7.3-5) unstable; urgency=low
Modified: wpasupplicant/trunk/debian/config/kfreebsd
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/config/kfreebsd?rev=1642&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/config/kfreebsd (original)
+++ wpasupplicant/trunk/debian/config/kfreebsd Mon Dec 19 19:42:52 2011
@@ -37,3 +37,4 @@
CONFIG_DEBUG_SYSLOG=y
#CONFIG_PRIVSEP=y
CONFIG_DELAYED_MIC_ERROR_REPORT=y
+CONFIG_BGSCAN_SIMPLE=y
Modified: wpasupplicant/trunk/debian/config/linux
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/config/linux?rev=1642&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/config/linux (original)
+++ wpasupplicant/trunk/debian/config/linux Mon Dec 19 19:42:52 2011
@@ -41,3 +41,4 @@
CONFIG_DEBUG_SYSLOG=y
#CONFIG_PRIVSEP=y
CONFIG_DELAYED_MIC_ERROR_REPORT=y
+CONFIG_BGSCAN_SIMPLE=y
Added: wpasupplicant/trunk/debian/patches/for-MS-CHAP-convert-the-password-from-UTF-8-to-UCS-2.patch
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/patches/for-MS-CHAP-convert-the-password-from-UTF-8-to-UCS-2.patch?rev=1642&op=file
==============================================================================
--- wpasupplicant/trunk/debian/patches/for-MS-CHAP-convert-the-password-from-UTF-8-to-UCS-2.patch (added)
+++ wpasupplicant/trunk/debian/patches/for-MS-CHAP-convert-the-password-from-UTF-8-to-UCS-2.patch Mon Dec 19 19:42:52 2011
@@ -1,0 +1,206 @@
+>From c48183fca2d32cd45763fdbf45144aac856bea93 Mon Sep 17 00:00:00 2001
+From: Evan Broder <ebroder at mokafive.com>
+Date: Sat, 29 Oct 2011 00:23:54 +0300
+Subject: [PATCH] For MS-CHAP, convert the password from UTF-8 to UCS-2
+
+The MS-CHAPv1 and MS-CHAPv2 RFCs specify that the password is a string
+of "Unicode characters", which for Windows means UCS-2; thus the
+password could be any even-length string of up to 512 bytes.
+
+Instead of making the incompatible change of requiring the incoming
+password to be UCS-2 encoded, assume the password is UTF-8 encoded and
+convert it before using it in NtPasswordHash and
+EncryptPwBlockWithPasswordHash.
+
+Signed-off-by: Evan Broder <ebroder at mokafive.com>
+---
+ src/crypto/ms_funcs.c | 106 +++++++++++++++++++++++++++++++++++++------------
+ 1 files changed, 80 insertions(+), 26 deletions(-)
+
+--- a/src/crypto/ms_funcs.c
++++ b/src/crypto/ms_funcs.c
+@@ -19,6 +19,60 @@
+ #include "ms_funcs.h"
+ #include "crypto.h"
+
++/**
++ * utf8_to_ucs2 - Convert UTF-8 string to UCS-2 encoding
++ * @utf8_string: UTF-8 string (IN)
++ * @utf8_string_len: Length of utf8_string (IN)
++ * @ucs2_buffer: UCS-2 buffer (OUT)
++ * @ucs2_buffer_size: Length of UCS-2 buffer (IN)
++ * @ucs2_string_size: Number of 2-byte words in the resulting UCS-2 string
++ * Returns: 0 on success, -1 on failure
++ */
++static int utf8_to_ucs2(const u8 *utf8_string, size_t utf8_string_len,
++ u8 *ucs2_buffer, size_t ucs2_buffer_size,
++ size_t *ucs2_string_size)
++{
++ size_t i, j;
++
++ for (i = 0, j = 0; i < utf8_string_len; i++) {
++ u8 c = utf8_string[i];
++ if (j >= ucs2_buffer_size) {
++ /* input too long */
++ return -1;
++ }
++ if (c <= 0x7F) {
++ WPA_PUT_LE16(ucs2_buffer + j, c);
++ j += 2;
++ } else if (i == utf8_string_len - 1 ||
++ j >= ucs2_buffer_size - 1) {
++ /* incomplete surrogate */
++ return -1;
++ } else {
++ u8 c2 = utf8_string[++i];
++ if ((c & 0xE0) == 0xC0) {
++ /* two-byte encoding */
++ WPA_PUT_LE16(ucs2_buffer + j,
++ ((c & 0x1F) << 6) | (c2 & 0x3F));
++ j += 2;
++ } else if (i == utf8_string_len ||
++ j >= ucs2_buffer_size - 1) {
++ /* incomplete surrogate */
++ return -1;
++ } else {
++ /* three-byte encoding */
++ u8 c3 = utf8_string[++i];
++ WPA_PUT_LE16(ucs2_buffer + j,
++ ((c & 0xF) << 12) |
++ ((c2 & 0x3F) << 6) | (c3 & 0x3F));
++ }
++ }
++ }
++
++ if (ucs2_string_size)
++ *ucs2_string_size = j / 2;
++ return 0;
++}
++
+
+ /**
+ * challenge_hash - ChallengeHash() - RFC 2759, Sect. 8.2
+@@ -53,7 +107,7 @@ static int challenge_hash(const u8 *peer
+
+ /**
+ * nt_password_hash - NtPasswordHash() - RFC 2759, Sect. 8.3
+- * @password: 0-to-256-unicode-char Password (IN; ASCII)
++ * @password: 0-to-256-unicode-char Password (IN; UTF-8)
+ * @password_len: Length of password
+ * @password_hash: 16-octet PasswordHash (OUT)
+ * Returns: 0 on success, -1 on failure
+@@ -62,18 +116,13 @@ int nt_password_hash(const u8 *password,
+ u8 *password_hash)
+ {
+ u8 buf[512], *pos;
+- size_t i, len;
+-
+- if (password_len > 256)
+- password_len = 256;
++ size_t len, max_len;
+
+- /* Convert password into unicode */
+- for (i = 0; i < password_len; i++) {
+- buf[2 * i] = password[i];
+- buf[2 * i + 1] = 0;
+- }
++ max_len = sizeof(buf);
++ if (utf8_to_ucs2(password, password_len, buf, max_len, &len) < 0)
++ return -1;
+
+- len = password_len * 2;
++ len *= 2;
+ pos = buf;
+ return md4_vector(1, (const u8 **) &pos, &len, password_hash);
+ }
+@@ -117,7 +166,7 @@ void challenge_response(const u8 *challe
+ * @peer_challenge: 16-octet PeerChallenge (IN)
+ * @username: 0-to-256-char UserName (IN)
+ * @username_len: Length of username
+- * @password: 0-to-256-unicode-char Password (IN; ASCII)
++ * @password: 0-to-256-unicode-char Password (IN; UTF-8)
+ * @password_len: Length of password
+ * @response: 24-octet Response (OUT)
+ * Returns: 0 on success, -1 on failure
+@@ -225,7 +274,7 @@ int generate_authenticator_response_pwha
+
+ /**
+ * generate_authenticator_response - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7
+- * @password: 0-to-256-unicode-char Password (IN; ASCII)
++ * @password: 0-to-256-unicode-char Password (IN; UTF-8)
+ * @password_len: Length of password
+ * @nt_response: 24-octet NT-Response (IN)
+ * @peer_challenge: 16-octet PeerChallenge (IN)
+@@ -254,7 +303,7 @@ int generate_authenticator_response(cons
+ /**
+ * nt_challenge_response - NtChallengeResponse() - RFC 2433, Sect. A.5
+ * @challenge: 8-octet Challenge (IN)
+- * @password: 0-to-256-unicode-char Password (IN; ASCII)
++ * @password: 0-to-256-unicode-char Password (IN; UTF-8)
+ * @password_len: Length of password
+ * @response: 24-octet Response (OUT)
+ * Returns: 0 on success, -1 on failure
+@@ -375,7 +424,7 @@ int get_asymetric_start_key(const u8 *ma
+
+ /**
+ * encrypt_pw_block_with_password_hash - EncryptPwBlockWithPasswordHash() - RFC 2759, Sect. 8.10
+- * @password: 0-to-256-unicode-char Password (IN; ASCII)
++ * @password: 0-to-256-unicode-char Password (IN; UTF-8)
+ * @password_len: Length of password
+ * @password_hash: 16-octet PasswordHash (IN)
+ * @pw_block: 516-byte PwBlock (OUT)
+@@ -385,18 +434,23 @@ int encrypt_pw_block_with_password_hash(
+ const u8 *password, size_t password_len,
+ const u8 *password_hash, u8 *pw_block)
+ {
+- size_t i, offset;
++ size_t ucs2_len, offset;
+ u8 *pos;
+
+- if (password_len > 256)
++ os_memset(pw_block, 0, PWBLOCK_LEN);
++
++ if (utf8_to_ucs2(password, password_len, pw_block, 512, &ucs2_len) < 0)
+ return -1;
+
+- os_memset(pw_block, 0, PWBLOCK_LEN);
+- offset = (256 - password_len) * 2;
+- if (os_get_random(pw_block, offset) < 0)
++ if (ucs2_len > 256)
+ return -1;
+- for (i = 0; i < password_len; i++)
+- pw_block[offset + i * 2] = password[i];
++
++ offset = (256 - ucs2_len) * 2;
++ if (offset != 0) {
++ os_memmove(pw_block + offset, pw_block, ucs2_len * 2);
++ if (os_get_random(pw_block, offset) < 0)
++ return -1;
++ }
+ /*
+ * PasswordLength is 4 octets, but since the maximum password length is
+ * 256, only first two (in little endian byte order) can be non-zero.
+@@ -410,9 +464,9 @@ int encrypt_pw_block_with_password_hash(
+
+ /**
+ * new_password_encrypted_with_old_nt_password_hash - NewPasswordEncryptedWithOldNtPasswordHash() - RFC 2759, Sect. 8.9
+- * @new_password: 0-to-256-unicode-char NewPassword (IN; ASCII)
++ * @new_password: 0-to-256-unicode-char NewPassword (IN; UTF-8)
+ * @new_password_len: Length of new_password
+- * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII)
++ * @old_password: 0-to-256-unicode-char OldPassword (IN; UTF-8)
+ * @old_password_len: Length of old_password
+ * @encrypted_pw_block: 516-octet EncryptedPwBlock (OUT)
+ * Returns: 0 on success, -1 on failure
+@@ -450,9 +504,9 @@ void nt_password_hash_encrypted_with_blo
+
+ /**
+ * old_nt_password_hash_encrypted_with_new_nt_password_hash - OldNtPasswordHashEncryptedWithNewNtPasswordHash() - RFC 2759, Sect. 8.12
+- * @new_password: 0-to-256-unicode-char NewPassword (IN; ASCII)
++ * @new_password: 0-to-256-unicode-char NewPassword (IN; UTF-8)
+ * @new_password_len: Length of new_password
+- * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII)
++ * @old_password: 0-to-256-unicode-char OldPassword (IN; UTF-8)
+ * @old_password_len: Length of old_password
+ * @encrypted_password_hash: 16-octet EncryptedPasswordHash (OUT)
+ * Returns: 0 on success, -1 on failure
Modified: wpasupplicant/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/patches/series?rev=1642&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/patches/series (original)
+++ wpasupplicant/trunk/debian/patches/series Mon Dec 19 19:42:52 2011
@@ -6,3 +6,4 @@
12_wpa_gui_knotify_support.patch
13_human_readable_signal.patch
hostap_allow-linking-with-libnl-3.2.patch
+for-MS-CHAP-convert-the-password-from-UTF-8-to-UCS-2.patch
Modified: wpasupplicant/trunk/debian/wpasupplicant.links
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/wpasupplicant.links?rev=1642&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/wpasupplicant.links (original)
+++ wpasupplicant/trunk/debian/wpasupplicant.links Mon Dec 19 19:42:52 2011
@@ -3,4 +3,5 @@
etc/wpa_supplicant/ifupdown.sh etc/network/if-down.d/wpasupplicant
etc/wpa_supplicant/ifupdown.sh etc/network/if-post-down.d/wpasupplicant
etc/wpa_supplicant/action_wpa.sh etc/ifplugd/action.d/action_wpa
+usr/share/doc/wpasupplicant usr/share/doc/wpa_supplicant
usr/share/doc/wpasupplicant/README.Debian usr/share/doc/wpasupplicant/README.modes
More information about the Pkg-wpa-devel
mailing list