On Fri, Mar 10, 2023 at 05:00:36PM -0500, A Tammy wrote:
>
> On 3/10/23 15:42, J Doe wrote:
> > On 2023-03-05 17:19, A Tammy wrote:
> >
> >>
> >> On 3/5/23 16:49, J Doe wrote:
> >>> Hello,
> >>>
> >>> I was wondering if there is a limit to the number of characters that
> >>> the username and/or password can be when using EAP MSCHAP-V2 in
> >>> OpenIKED.
> >>>
> >>> In particular, I was wondering if either OpenIKED enforced a limit or
> >>> whether MSCHAP-V2 has a limit based on the underlying authentication
> >>> scheme ?
> >>>
> >>> Thanks,
> >>>
> >>> - J
> >>>
> >> A quick 30s look into the source code shows -
> >> https://github.com/openbsd/src/blob/master/sbin/iked/chap_ms.h#LL30C2-L30C32
> >>
> >>
> >>> #define MSCHAP_MAXNTPASSWORD_SZ 255 /* unicode chars */
> >>
> >> a good point for you to start looking :)
> >>
> >> Cheers,
> >> Aisha
> >
> > Hi,
> >
> > Thanks for your response ... Ordinarily, I would assume that the
> > maximum password size would then be 255 ASCII characters, but is the
> > size different because the comment notes it's for Unicode characters ?
> >
> > Thanks,
> >
> > - J
> >
> I don't know :)
>
> You should try to read the source code, that's not the only variable in
> that file, maybe the other ones are the actual password/username size.
>
>
IKED_PASSWORD_SIZE from types.h seems to be the actually enforced limit.
The relevant code snippet is config.c:471:
memcpy(old->usr_pass, new->usr_pass, IKED_PASSWORD_SIZE);
