auth_subr.c revision 330449
1/*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 */ 29 30/* 31 | $Id: auth_subr.c,v 2.2 2007/06/01 08:09:37 danny Exp $ 32 */ 33 34#include <sys/cdefs.h> 35__FBSDID("$FreeBSD: stable/11/sbin/iscontrol/auth_subr.c 330449 2018-03-05 07:26:05Z eadler $"); 36 37#include <sys/param.h> 38#include <sys/types.h> 39#include <sys/socket.h> 40#include <sys/sysctl.h> 41 42#include <netinet/in.h> 43#include <netinet/tcp.h> 44#include <arpa/inet.h> 45#include <unistd.h> 46#include <stdlib.h> 47#include <stdio.h> 48#include <string.h> 49#include <fcntl.h> 50 51#include <md5.h> 52#include <sha.h> 53 54#include <dev/iscsi_initiator/iscsi.h> 55#include "iscontrol.h" 56 57static int 58chapMD5(char id, char *cp, char *chapSecret, unsigned char *digest) 59{ 60 MD5_CTX ctx; 61 char *tmp; 62 int len; 63 64 debug_called(3); 65 66 MD5Init(&ctx); 67 68 MD5Update(&ctx, &id, 1); 69 70 if((len = str2bin(chapSecret, &tmp)) == 0) { 71 // print error 72 return -1; 73 } 74 MD5Update(&ctx, tmp, len); 75 free(tmp); 76 77 if((len = str2bin(cp, &tmp)) == 0) { 78 // print error 79 return -1; 80 } 81 MD5Update(&ctx, tmp, len); 82 free(tmp); 83 84 MD5Final(digest, &ctx); 85 86 87 return 0; 88} 89 90static int 91chapSHA1(char id, char *cp, char *chapSecret, unsigned char *digest) 92{ 93 SHA1_CTX ctx; 94 char *tmp; 95 int len; 96 97 debug_called(3); 98 99 SHA1_Init(&ctx); 100 101 SHA1_Update(&ctx, &id, 1); 102 103 if((len = str2bin(chapSecret, &tmp)) == 0) { 104 // print error 105 return -1; 106 } 107 SHA1_Update(&ctx, tmp, len); 108 free(tmp); 109 110 if((len = str2bin(cp, &tmp)) == 0) { 111 // print error 112 return -1; 113 } 114 SHA1_Update(&ctx, tmp, len); 115 free(tmp); 116 117 SHA1_Final(digest, &ctx); 118 119 return 0; 120 121} 122/* 123 | the input text format can be anything that the rfc3270 defines 124 | (see section 5.1 and str2bin) 125 | digest length for md5 is 128bits, and for sha1 is 160bits. 126 | digest is an ASCII string which represents the bits in 127 | hexadecimal or base64 according to the challenge(cp) format 128 */ 129char * 130chapDigest(char *ap, char id, char *cp, char *chapSecret) 131{ 132 int len; 133 unsigned char digest[20]; 134 char encoding[3]; 135 136 debug_called(3); 137 138 len = 0; 139 if(strcmp(ap, "5") == 0 && chapMD5(id, cp, chapSecret, digest) == 0) 140 len = 16; 141 else 142 if(strcmp(ap, "7") == 0 && chapSHA1(id, cp, chapSecret, digest) == 0) 143 len = 20; 144 145 if(len) { 146 sprintf(encoding, "%.2s", cp); 147 return bin2str(encoding, digest, len); 148 } 149 150 return NULL; 151} 152 153char * 154genChapChallenge(char *encoding, uint len) 155{ 156 int fd; 157 unsigned char tmp[1024]; 158 159 if(len > sizeof(tmp)) 160 return NULL; 161 162 if((fd = open("/dev/random", O_RDONLY)) != -1) { 163 read(fd, tmp, len); 164 close(fd); 165 return bin2str(encoding, tmp, len); 166 } 167 perror("/dev/random"); 168 // make up something ... 169 return NULL; 170} 171 172#ifdef TEST_AUTH 173static void 174puke(char *str, unsigned char *dg, int len) 175{ 176 printf("%3d] %s\n 0x", len, str); 177 while(len-- > 0) 178 printf("%02x", *dg++); 179 printf("\n"); 180} 181 182main(int cc, char **vv) 183{ 184 char *p, *ap, *ip, *cp, *chapSecret, *digest; 185 int len; 186 187#if 0 188 ap = "5"; 189 chapSecret = "0xa5aff013dd839b1edd31ee73a1df0b1b"; 190// chapSecret = "abcdefghijklmnop"; 191 len = str2bin(chapSecret, &cp); 192 puke(chapSecret, cp, len); 193 194 ip = "238"; 195 cp = "0xbd456029"; 196 197 198 if((digest = chapDigest(ap, ip, cp, chapSecret)) != NULL) { 199 len = str2bin(digest, &cp); 200 puke(digest, cp, len); 201 } 202#else 203 printf("%d] %s\n", 24, genChallenge("0X", 24)); 204#endif 205} 206#endif 207