1 /*- 2 * Copyright (c) 2005-2008 Daniel Braniss <danny@cs.huji.ac.il> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 */ 27 28 /* 29 | $Id: auth_subr.c,v 2.2 2007/06/01 08:09:37 danny Exp $ 30 */ 31 32 #include <sys/param.h> 33 #include <sys/types.h> 34 #include <sys/socket.h> 35 #include <sys/sysctl.h> 36 37 #include <netinet/in.h> 38 #include <netinet/tcp.h> 39 #include <arpa/inet.h> 40 #include <unistd.h> 41 #include <stdlib.h> 42 #include <stdio.h> 43 #include <string.h> 44 #include <fcntl.h> 45 46 #include <md5.h> 47 #include <sha.h> 48 49 #include "iscsi.h" 50 #include "iscontrol.h" 51 52 static int 53 chapMD5(char id, char *cp, char *chapSecret, unsigned char *digest) 54 { 55 MD5_CTX ctx; 56 char *tmp; 57 int len; 58 59 debug_called(3); 60 61 MD5Init(&ctx); 62 63 MD5Update(&ctx, &id, 1); 64 65 if((len = str2bin(chapSecret, &tmp)) == 0) { 66 // print error 67 return -1; 68 } 69 MD5Update(&ctx, tmp, len); 70 free(tmp); 71 72 if((len = str2bin(cp, &tmp)) == 0) { 73 // print error 74 return -1; 75 } 76 MD5Update(&ctx, tmp, len); 77 free(tmp); 78 79 MD5Final(digest, &ctx); 80 81 82 return 0; 83 } 84 85 static int 86 chapSHA1(char id, char *cp, char *chapSecret, unsigned char *digest) 87 { 88 SHA1_CTX ctx; 89 char *tmp; 90 int len; 91 92 debug_called(3); 93 94 SHA1_Init(&ctx); 95 96 SHA1_Update(&ctx, &id, 1); 97 98 if((len = str2bin(chapSecret, &tmp)) == 0) { 99 // print error 100 return -1; 101 } 102 SHA1_Update(&ctx, tmp, len); 103 free(tmp); 104 105 if((len = str2bin(cp, &tmp)) == 0) { 106 // print error 107 return -1; 108 } 109 SHA1_Update(&ctx, tmp, len); 110 free(tmp); 111 112 SHA1_Final(digest, &ctx); 113 114 return 0; 115 116 } 117 /* 118 | the input text format can be anything that the rfc3270 defines 119 | (see section 5.1 and str2bin) 120 | digest length for md5 is 128bits, and for sha1 is 160bits. 121 | digest is an ASCII string which represents the bits in 122 | hexadecimal or base64 according to the challenge(cp) format 123 */ 124 char * 125 chapDigest(char *ap, char id, char *cp, char *chapSecret) 126 { 127 int len; 128 unsigned char digest[20]; 129 char encoding[3]; 130 131 debug_called(3); 132 133 len = 0; 134 if(strcmp(ap, "5") == 0 && chapMD5(id, cp, chapSecret, digest) == 0) 135 len = 16; 136 else 137 if(strcmp(ap, "7") == 0 && chapSHA1(id, cp, chapSecret, digest) == 0) 138 len = 20; 139 140 if(len) { 141 sprintf(encoding, "%.2s", cp); 142 return bin2str(encoding, digest, len); 143 } 144 145 return NULL; 146 } 147 148 char * 149 genChapChallenge(char *encoding, size_t len) 150 { 151 int fd; 152 unsigned char tmp[1024]; 153 154 if(len > sizeof(tmp)) 155 return NULL; 156 157 if((fd = open("/dev/random", O_RDONLY)) != -1) { 158 read(fd, tmp, len); 159 close(fd); 160 return bin2str(encoding, tmp, len); 161 } 162 perror("/dev/random"); 163 // make up something ... 164 return NULL; 165 } 166 167 #ifdef TEST_AUTH 168 static void 169 puke(char *str, unsigned char *dg, int len) 170 { 171 printf("%3d] %s\n 0x", len, str); 172 while(len-- > 0) 173 printf("%02x", *dg++); 174 printf("\n"); 175 } 176 177 main(int cc, char **vv) 178 { 179 char *p, *ap, *ip, *cp, *chapSecret, *digest; 180 int len; 181 182 #if 0 183 ap = "5"; 184 chapSecret = "0xa5aff013dd839b1edd31ee73a1df0b1b"; 185 // chapSecret = "abcdefghijklmnop"; 186 len = str2bin(chapSecret, &cp); 187 puke(chapSecret, cp, len); 188 189 ip = "238"; 190 cp = "0xbd456029"; 191 192 193 if((digest = chapDigest(ap, ip, cp, chapSecret)) != NULL) { 194 len = str2bin(digest, &cp); 195 puke(digest, cp, len); 196 } 197 #else 198 printf("%d] %s\n", 24, genChallenge("0X", 24)); 199 #endif 200 } 201 #endif 202