1171568Sscottl/*- 2330449Seadler * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3330449Seadler * 4211095Sdes * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il> 5171568Sscottl * All rights reserved. 6171568Sscottl * 7171568Sscottl * Redistribution and use in source and binary forms, with or without 8171568Sscottl * modification, are permitted provided that the following conditions 9171568Sscottl * are met: 10171568Sscottl * 1. Redistributions of source code must retain the above copyright 11171568Sscottl * notice, this list of conditions and the following disclaimer. 12171568Sscottl * 2. Redistributions in binary form must reproduce the above copyright 13171568Sscottl * notice, this list of conditions and the following disclaimer in the 14171568Sscottl * documentation and/or other materials provided with the distribution. 15171568Sscottl * 16171568Sscottl * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17171568Sscottl * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18171568Sscottl * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19171568Sscottl * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20171568Sscottl * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21171568Sscottl * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22171568Sscottl * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23171568Sscottl * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24171568Sscottl * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25171568Sscottl * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26171568Sscottl * SUCH DAMAGE. 27171568Sscottl * 28171568Sscottl */ 29171568Sscottl 30171568Sscottl/* 31171568Sscottl | $Id: auth_subr.c,v 2.2 2007/06/01 08:09:37 danny Exp $ 32171568Sscottl */ 33171568Sscottl 34171568Sscottl#include <sys/cdefs.h> 35171568Sscottl__FBSDID("$FreeBSD: stable/11/sbin/iscontrol/auth_subr.c 330449 2018-03-05 07:26:05Z eadler $"); 36171568Sscottl 37171568Sscottl#include <sys/param.h> 38171568Sscottl#include <sys/types.h> 39171568Sscottl#include <sys/socket.h> 40171568Sscottl#include <sys/sysctl.h> 41171568Sscottl 42171568Sscottl#include <netinet/in.h> 43171568Sscottl#include <netinet/tcp.h> 44171568Sscottl#include <arpa/inet.h> 45171568Sscottl#include <unistd.h> 46171568Sscottl#include <stdlib.h> 47171568Sscottl#include <stdio.h> 48171568Sscottl#include <string.h> 49171568Sscottl#include <fcntl.h> 50171568Sscottl 51171568Sscottl#include <md5.h> 52171568Sscottl#include <sha.h> 53171568Sscottl 54254657Strasz#include <dev/iscsi_initiator/iscsi.h> 55171568Sscottl#include "iscontrol.h" 56171568Sscottl 57171568Sscottlstatic int 58171568SscottlchapMD5(char id, char *cp, char *chapSecret, unsigned char *digest) 59171568Sscottl{ 60171568Sscottl MD5_CTX ctx; 61171568Sscottl char *tmp; 62171568Sscottl int len; 63171568Sscottl 64171568Sscottl debug_called(3); 65171568Sscottl 66171568Sscottl MD5Init(&ctx); 67171568Sscottl 68171568Sscottl MD5Update(&ctx, &id, 1); 69171568Sscottl 70171568Sscottl if((len = str2bin(chapSecret, &tmp)) == 0) { 71171568Sscottl // print error 72171568Sscottl return -1; 73171568Sscottl } 74171568Sscottl MD5Update(&ctx, tmp, len); 75171568Sscottl free(tmp); 76171568Sscottl 77171568Sscottl if((len = str2bin(cp, &tmp)) == 0) { 78171568Sscottl // print error 79171568Sscottl return -1; 80171568Sscottl } 81171568Sscottl MD5Update(&ctx, tmp, len); 82171568Sscottl free(tmp); 83171568Sscottl 84171568Sscottl MD5Final(digest, &ctx); 85171568Sscottl 86171568Sscottl 87171568Sscottl return 0; 88171568Sscottl} 89171568Sscottl 90171568Sscottlstatic int 91171568SscottlchapSHA1(char id, char *cp, char *chapSecret, unsigned char *digest) 92171568Sscottl{ 93171568Sscottl SHA1_CTX ctx; 94171568Sscottl char *tmp; 95171568Sscottl int len; 96171568Sscottl 97171568Sscottl debug_called(3); 98171568Sscottl 99171568Sscottl SHA1_Init(&ctx); 100171568Sscottl 101171568Sscottl SHA1_Update(&ctx, &id, 1); 102171568Sscottl 103171568Sscottl if((len = str2bin(chapSecret, &tmp)) == 0) { 104171568Sscottl // print error 105171568Sscottl return -1; 106171568Sscottl } 107171568Sscottl SHA1_Update(&ctx, tmp, len); 108171568Sscottl free(tmp); 109171568Sscottl 110171568Sscottl if((len = str2bin(cp, &tmp)) == 0) { 111171568Sscottl // print error 112171568Sscottl return -1; 113171568Sscottl } 114171568Sscottl SHA1_Update(&ctx, tmp, len); 115171568Sscottl free(tmp); 116171568Sscottl 117171568Sscottl SHA1_Final(digest, &ctx); 118171568Sscottl 119171568Sscottl return 0; 120171568Sscottl 121171568Sscottl} 122171568Sscottl/* 123171568Sscottl | the input text format can be anything that the rfc3270 defines 124171568Sscottl | (see section 5.1 and str2bin) 125171568Sscottl | digest length for md5 is 128bits, and for sha1 is 160bits. 126171568Sscottl | digest is an ASCII string which represents the bits in 127171568Sscottl | hexadecimal or base64 according to the challenge(cp) format 128171568Sscottl */ 129171568Sscottlchar * 130171568SscottlchapDigest(char *ap, char id, char *cp, char *chapSecret) 131171568Sscottl{ 132171568Sscottl int len; 133171568Sscottl unsigned char digest[20]; 134171568Sscottl char encoding[3]; 135171568Sscottl 136171568Sscottl debug_called(3); 137171568Sscottl 138171568Sscottl len = 0; 139171568Sscottl if(strcmp(ap, "5") == 0 && chapMD5(id, cp, chapSecret, digest) == 0) 140171568Sscottl len = 16; 141171568Sscottl else 142171568Sscottl if(strcmp(ap, "7") == 0 && chapSHA1(id, cp, chapSecret, digest) == 0) 143171568Sscottl len = 20; 144171568Sscottl 145171568Sscottl if(len) { 146171568Sscottl sprintf(encoding, "%.2s", cp); 147171568Sscottl return bin2str(encoding, digest, len); 148171568Sscottl } 149171568Sscottl 150171568Sscottl return NULL; 151171568Sscottl} 152171568Sscottl 153171568Sscottlchar * 154211095SdesgenChapChallenge(char *encoding, uint len) 155171568Sscottl{ 156171568Sscottl int fd; 157171568Sscottl unsigned char tmp[1024]; 158171568Sscottl 159171568Sscottl if(len > sizeof(tmp)) 160171568Sscottl return NULL; 161171568Sscottl 162171568Sscottl if((fd = open("/dev/random", O_RDONLY)) != -1) { 163171568Sscottl read(fd, tmp, len); 164171568Sscottl close(fd); 165171568Sscottl return bin2str(encoding, tmp, len); 166171568Sscottl } 167171568Sscottl perror("/dev/random"); 168171568Sscottl // make up something ... 169171568Sscottl return NULL; 170171568Sscottl} 171171568Sscottl 172171568Sscottl#ifdef TEST_AUTH 173171568Sscottlstatic void 174171568Sscottlpuke(char *str, unsigned char *dg, int len) 175171568Sscottl{ 176171568Sscottl printf("%3d] %s\n 0x", len, str); 177171568Sscottl while(len-- > 0) 178171568Sscottl printf("%02x", *dg++); 179171568Sscottl printf("\n"); 180171568Sscottl} 181171568Sscottl 182171568Sscottlmain(int cc, char **vv) 183171568Sscottl{ 184171568Sscottl char *p, *ap, *ip, *cp, *chapSecret, *digest; 185171568Sscottl int len; 186171568Sscottl 187171568Sscottl#if 0 188171568Sscottl ap = "5"; 189171568Sscottl chapSecret = "0xa5aff013dd839b1edd31ee73a1df0b1b"; 190171568Sscottl// chapSecret = "abcdefghijklmnop"; 191171568Sscottl len = str2bin(chapSecret, &cp); 192171568Sscottl puke(chapSecret, cp, len); 193171568Sscottl 194171568Sscottl ip = "238"; 195171568Sscottl cp = "0xbd456029"; 196171568Sscottl 197171568Sscottl 198171568Sscottl if((digest = chapDigest(ap, ip, cp, chapSecret)) != NULL) { 199171568Sscottl len = str2bin(digest, &cp); 200171568Sscottl puke(digest, cp, len); 201171568Sscottl } 202171568Sscottl#else 203171568Sscottl printf("%d] %s\n", 24, genChallenge("0X", 24)); 204171568Sscottl#endif 205171568Sscottl} 206171568Sscottl#endif 207