[PATCH] For MS-CHAP, convert the password from UTF-8 to UCS-2.
Jouni Malinen
j
Tue Oct 25 16:13:19 PDT 2011
On Sat, Oct 22, 2011 at 11:21:51AM -0700, Evan Broder wrote:
> The MS-CHAPv1 and MS-CHAPv2 RFCs specify that the password is a string
> of "Unicode characters", which for Windows means UCS-2; thus the
> password could be any even-length string of up to 512 bytes.
>
> Instead of making the incompatible change of requiring the incoming
> password to be UCS-2 encoded, assume the password is UTF-8 encoded and
> convert it before using it in NtPasswordHash and
> EncryptPwBlockWithPasswordHash
Thanks!
Is the utf8_to_ucs2() new implementation or is that based on existing
implementation? Could you please confirm that this is licensed under
the same license that is used in rest of hostapd/wpa_supplicant (GPLv2 +
BSD at users choice)?
> +static int utf8_to_ucs2(const u8 *utf8_string, size_t utf8_string_len,
> + u16 *ucs2_buffer, size_t ucs2_buffer_size,
> + size_t *ucs2_string_size)
> + ucs2_buffer[j++] = host_to_le16(c);
This could in theory result in misaligned writes unless the caller is
careful.. I think that the current use cases are suitably aligned, but
especially encrypt_pw_block_with_password_hash() could use buffer with
unknown alignment, so the requirement to accept only 16-bit aligned
buffers for it (or well, more importantly, for
nt_password_hash_encrypted_with_block) should be documented or this code
should be made safe with either alignment (WPA_PUT_LE16(ptr, c) rather
than using u16 array).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list