auth_subr.c revision 171568
1/*- 2 * Copyright (c) 2005-2007 Daniel Braniss <danny@cs.huji.ac.il> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 */ 27 28/* 29 | $Id: auth_subr.c,v 2.2 2007/06/01 08:09:37 danny Exp $ 30 */ 31 32#include <sys/cdefs.h> 33__FBSDID("$FreeBSD: head/sbin/iscontrol/auth_subr.c 171568 2007-07-24 15:35:02Z scottl $"); 34 35#include <sys/param.h> 36#include <sys/types.h> 37#include <sys/socket.h> 38#include <sys/sysctl.h> 39 40#include <netinet/in.h> 41#include <netinet/tcp.h> 42#include <arpa/inet.h> 43#if __FreeBSD_version < 500000 44#include <sys/time.h> 45#endif 46#include <unistd.h> 47#include <stdlib.h> 48#include <stdio.h> 49#include <string.h> 50#include <fcntl.h> 51 52#include <md5.h> 53#include <sha.h> 54 55#include "iscsi.h" 56#include "iscontrol.h" 57#include "pdu.h" 58 59static int 60chapMD5(char id, char *cp, char *chapSecret, unsigned char *digest) 61{ 62 MD5_CTX ctx; 63 char *tmp; 64 int len; 65 66 debug_called(3); 67 68 MD5Init(&ctx); 69 70 MD5Update(&ctx, &id, 1); 71 72 if((len = str2bin(chapSecret, &tmp)) == 0) { 73 // print error 74 return -1; 75 } 76 MD5Update(&ctx, tmp, len); 77 free(tmp); 78 79 if((len = str2bin(cp, &tmp)) == 0) { 80 // print error 81 return -1; 82 } 83 MD5Update(&ctx, tmp, len); 84 free(tmp); 85 86 MD5Final(digest, &ctx); 87 88 89 return 0; 90} 91 92static int 93chapSHA1(char id, char *cp, char *chapSecret, unsigned char *digest) 94{ 95 SHA1_CTX ctx; 96 char *tmp; 97 int len; 98 99 debug_called(3); 100 101 SHA1_Init(&ctx); 102 103 SHA1_Update(&ctx, &id, 1); 104 105 if((len = str2bin(chapSecret, &tmp)) == 0) { 106 // print error 107 return -1; 108 } 109 SHA1_Update(&ctx, tmp, len); 110 free(tmp); 111 112 if((len = str2bin(cp, &tmp)) == 0) { 113 // print error 114 return -1; 115 } 116 SHA1_Update(&ctx, tmp, len); 117 free(tmp); 118 119 SHA1_Final(digest, &ctx); 120 121 return 0; 122 123} 124/* 125 | the input text format can be anything that the rfc3270 defines 126 | (see section 5.1 and str2bin) 127 | digest length for md5 is 128bits, and for sha1 is 160bits. 128 | digest is an ASCII string which represents the bits in 129 | hexadecimal or base64 according to the challenge(cp) format 130 */ 131char * 132chapDigest(char *ap, char id, char *cp, char *chapSecret) 133{ 134 int len; 135 unsigned char digest[20]; 136 char encoding[3]; 137 138 debug_called(3); 139 140 len = 0; 141 if(strcmp(ap, "5") == 0 && chapMD5(id, cp, chapSecret, digest) == 0) 142 len = 16; 143 else 144 if(strcmp(ap, "7") == 0 && chapSHA1(id, cp, chapSecret, digest) == 0) 145 len = 20; 146 147 if(len) { 148 sprintf(encoding, "%.2s", cp); 149 return bin2str(encoding, digest, len); 150 } 151 152 return NULL; 153} 154 155char * 156genChapChallenge(char *encoding, int len) 157{ 158 int fd; 159 unsigned char tmp[1024]; 160 161 if(len > sizeof(tmp)) 162 return NULL; 163 164 if((fd = open("/dev/random", O_RDONLY)) != -1) { 165 read(fd, tmp, len); 166 close(fd); 167 return bin2str(encoding, tmp, len); 168 } 169 perror("/dev/random"); 170 // make up something ... 171 return NULL; 172} 173 174#ifdef TEST_AUTH 175static void 176puke(char *str, unsigned char *dg, int len) 177{ 178 printf("%3d] %s\n 0x", len, str); 179 while(len-- > 0) 180 printf("%02x", *dg++); 181 printf("\n"); 182} 183 184main(int cc, char **vv) 185{ 186 char *p, *ap, *ip, *cp, *chapSecret, *digest; 187 int len; 188 189#if 0 190 ap = "5"; 191 chapSecret = "0xa5aff013dd839b1edd31ee73a1df0b1b"; 192// chapSecret = "abcdefghijklmnop"; 193 len = str2bin(chapSecret, &cp); 194 puke(chapSecret, cp, len); 195 196 ip = "238"; 197 cp = "0xbd456029"; 198 199 200 if((digest = chapDigest(ap, ip, cp, chapSecret)) != NULL) { 201 len = str2bin(digest, &cp); 202 puke(digest, cp, len); 203 } 204#else 205 printf("%d] %s\n", 24, genChallenge("0X", 24)); 206#endif 207} 208#endif 209