1/*- 2 * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 */ 27 28/* 29 | $Id: auth_subr.c,v 2.2 2007/06/01 08:09:37 danny Exp $ 30 */ 31 32#include <sys/cdefs.h> 33__FBSDID("$FreeBSD: releng/10.2/sbin/iscontrol/auth_subr.c 254657 2013-08-22 14:02:34Z trasz $"); 34 35#include <sys/param.h> 36#include <sys/types.h> 37#include <sys/socket.h> 38#include <sys/sysctl.h> 39 40#include <netinet/in.h> 41#include <netinet/tcp.h> 42#include <arpa/inet.h> 43#include <unistd.h> 44#include <stdlib.h> 45#include <stdio.h> 46#include <string.h> 47#include <fcntl.h> 48 49#include <md5.h> 50#include <sha.h> 51 52#include <dev/iscsi_initiator/iscsi.h> 53#include "iscontrol.h" 54 55static int 56chapMD5(char id, char *cp, char *chapSecret, unsigned char *digest) 57{ 58 MD5_CTX ctx; 59 char *tmp; 60 int len; 61 62 debug_called(3); 63 64 MD5Init(&ctx); 65 66 MD5Update(&ctx, &id, 1); 67 68 if((len = str2bin(chapSecret, &tmp)) == 0) { 69 // print error 70 return -1; 71 } 72 MD5Update(&ctx, tmp, len); 73 free(tmp); 74 75 if((len = str2bin(cp, &tmp)) == 0) { 76 // print error 77 return -1; 78 } 79 MD5Update(&ctx, tmp, len); 80 free(tmp); 81 82 MD5Final(digest, &ctx); 83 84 85 return 0; 86} 87 88static int 89chapSHA1(char id, char *cp, char *chapSecret, unsigned char *digest) 90{ 91 SHA1_CTX ctx; 92 char *tmp; 93 int len; 94 95 debug_called(3); 96 97 SHA1_Init(&ctx); 98 99 SHA1_Update(&ctx, &id, 1); 100 101 if((len = str2bin(chapSecret, &tmp)) == 0) { 102 // print error 103 return -1; 104 } 105 SHA1_Update(&ctx, tmp, len); 106 free(tmp); 107 108 if((len = str2bin(cp, &tmp)) == 0) { 109 // print error 110 return -1; 111 } 112 SHA1_Update(&ctx, tmp, len); 113 free(tmp); 114 115 SHA1_Final(digest, &ctx); 116 117 return 0; 118 119} 120/* 121 | the input text format can be anything that the rfc3270 defines 122 | (see section 5.1 and str2bin) 123 | digest length for md5 is 128bits, and for sha1 is 160bits. 124 | digest is an ASCII string which represents the bits in 125 | hexadecimal or base64 according to the challenge(cp) format 126 */ 127char * 128chapDigest(char *ap, char id, char *cp, char *chapSecret) 129{ 130 int len; 131 unsigned char digest[20]; 132 char encoding[3]; 133 134 debug_called(3); 135 136 len = 0; 137 if(strcmp(ap, "5") == 0 && chapMD5(id, cp, chapSecret, digest) == 0) 138 len = 16; 139 else 140 if(strcmp(ap, "7") == 0 && chapSHA1(id, cp, chapSecret, digest) == 0) 141 len = 20; 142 143 if(len) { 144 sprintf(encoding, "%.2s", cp); 145 return bin2str(encoding, digest, len); 146 } 147 148 return NULL; 149} 150 151char * 152genChapChallenge(char *encoding, uint len) 153{ 154 int fd; 155 unsigned char tmp[1024]; 156 157 if(len > sizeof(tmp)) 158 return NULL; 159 160 if((fd = open("/dev/random", O_RDONLY)) != -1) { 161 read(fd, tmp, len); 162 close(fd); 163 return bin2str(encoding, tmp, len); 164 } 165 perror("/dev/random"); 166 // make up something ... 167 return NULL; 168} 169 170#ifdef TEST_AUTH 171static void 172puke(char *str, unsigned char *dg, int len) 173{ 174 printf("%3d] %s\n 0x", len, str); 175 while(len-- > 0) 176 printf("%02x", *dg++); 177 printf("\n"); 178} 179 180main(int cc, char **vv) 181{ 182 char *p, *ap, *ip, *cp, *chapSecret, *digest; 183 int len; 184 185#if 0 186 ap = "5"; 187 chapSecret = "0xa5aff013dd839b1edd31ee73a1df0b1b"; 188// chapSecret = "abcdefghijklmnop"; 189 len = str2bin(chapSecret, &cp); 190 puke(chapSecret, cp, len); 191 192 ip = "238"; 193 cp = "0xbd456029"; 194 195 196 if((digest = chapDigest(ap, ip, cp, chapSecret)) != NULL) { 197 len = str2bin(digest, &cp); 198 puke(digest, cp, len); 199 } 200#else 201 printf("%d] %s\n", 24, genChallenge("0X", 24)); 202#endif 203} 204#endif 205