From 579f12dfa2dab3e2b7a3c02ee32ac624de644f58 Mon Sep 17 00:00:00 2001 From: Chris Leech Date: Thu, 13 Jun 2019 16:07:07 -0700 Subject: [PATCH] CHAP SHA-1, SHA-256, SHA3-256 via OpenSSL's libcrypto Extended CHAP authentication modes using newer hash digest functions than MD5. SHA-256 and SHA3-256 should be usable in FIPS-140 environments for some time. These CHAP algorithms have been registered with IANA for this purpose. https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9 Makes OpenSSL libcrypto use a requirement, replacing the in tree MD5 implementation as well (and removing the unused SHA1 code). Signed-off-by: Chris Leech (cherry picked from commit 48a4e5b475836bcb952fb53a8bde45bdf68fe38f) --- usr/Makefile | 6 +- usr/auth.c | 157 ++++++++++++++++++++++++---------- usr/auth.h | 11 ++- usr/md5.c | 236 --------------------------------------------------- usr/md5.h | 60 ------------- usr/sha1.c | 167 ------------------------------------ usr/sha1.h | 27 ------ 7 files changed, 126 insertions(+), 538 deletions(-) delete mode 100644 usr/md5.c delete mode 100644 usr/md5.h delete mode 100644 usr/sha1.c delete mode 100644 usr/sha1.h diff --git a/usr/Makefile b/usr/Makefile index 742a0fb..db40c3a 100644 --- a/usr/Makefile +++ b/usr/Makefile @@ -45,8 +45,8 @@ PROGRAMS = iscsid iscsiadm iscsistart # libc compat files SYSDEPS_SRCS = $(sort $(wildcard ../utils/sysdeps/*.o)) # sources shared between iscsid, iscsiadm and iscsistart -ISCSI_LIB_SRCS = iscsi_util.o io.o auth.o iscsi_timer.o login.o log.o md5.o \ - sha1.o iface.o idbm.o sysfs.o host.o session_info.o iscsi_sysfs.o \ +ISCSI_LIB_SRCS = iscsi_util.o io.o auth.o iscsi_timer.o login.o log.o \ + iface.o idbm.o sysfs.o host.o session_info.o iscsi_sysfs.o \ iscsi_net_util.o iscsid_req.o transport.o iser.o cxgbi.o be2iscsi.o \ initiator_common.o iscsi_err.o flashnode.o uip_mgmt_ipc.o \ $(IPC_OBJ) $(SYSDEPS_SRCS) @@ -70,7 +70,7 @@ iscsiadm: $(ISCSI_LIB_SRCS) $(DISCOVERY_SRCS) iscsiadm.o session_mgmt.o mntcheck iscsistart: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(FW_BOOT_SRCS) \ iscsistart.o statics.o - $(CC) $(CFLAGS) $^ -o $@ -lrt $(LDFLAGS) + $(CC) $(CFLAGS) $^ -o $@ -lcrypto -lrt $(LDFLAGS) clean: rm -f *.o $(PROGRAMS) .depend $(LIBSYS) diff --git a/usr/auth.c b/usr/auth.c index e44a279..afb4ea3 100644 --- a/usr/auth.c +++ b/usr/auth.c @@ -34,7 +34,6 @@ #include "sysdeps.h" #include "auth.h" #include "initiator.h" -#include "md5.h" #include "log.h" static const char acl_hexstring[] = "0123456789abcdefABCDEF"; @@ -43,9 +42,11 @@ static const char acl_base64_string[] = static const char acl_authmethod_set_chap_alg_list[] = "CHAP"; static const char acl_reject_option_name[] = "Reject"; -void auth_md5_init(struct MD5Context *); -void auth_md5_update(struct MD5Context *, unsigned char *, unsigned int); -void auth_md5_final(unsigned char *, struct MD5Context *); +#include +static int auth_hash_init(EVP_MD_CTX **context, int chap_alg); +static void auth_hash_update(EVP_MD_CTX *context, unsigned char *md, unsigned int); +static unsigned int auth_hash_final(unsigned char *, EVP_MD_CTX *context); + void get_random_bytes(unsigned char *data, unsigned int length); size_t strlcpy(char *, const char *, size_t); size_t strlcat(char *, const char *, size_t); @@ -57,18 +58,19 @@ acl_chap_compute_rsp(struct iscsi_acl *client, int rmt_auth, unsigned int id, unsigned char *response_data) { unsigned char id_data[1]; - struct MD5Context context; + EVP_MD_CTX *context = NULL; unsigned char out_data[AUTH_STR_MAX_LEN]; unsigned int out_length = AUTH_STR_MAX_LEN; if (!client->passwd_present) return AUTH_DBG_STATUS_LOCAL_PASSWD_NOT_SET; - auth_md5_init(&context); + if (auth_hash_init(&context, client->negotiated_chap_alg) != 0) + return AUTH_DBG_STATUS_AUTH_FAIL; /* id byte */ id_data[0] = id; - auth_md5_update(&context, id_data, 1); + auth_hash_update(context, id_data, 1); /* decrypt password */ if (acl_data(out_data, &out_length, client->passwd_data, @@ -79,15 +81,15 @@ acl_chap_compute_rsp(struct iscsi_acl *client, int rmt_auth, unsigned int id, return AUTH_DBG_STATUS_PASSWD_TOO_SHORT_WITH_NO_IPSEC; /* shared secret */ - auth_md5_update(&context, out_data, out_length); + auth_hash_update(context, out_data, out_length); /* clear decrypted password */ memset(out_data, 0, AUTH_STR_MAX_LEN); /* challenge value */ - auth_md5_update(&context, challenge_data, challenge_length); + auth_hash_update(context, challenge_data, challenge_length); - auth_md5_final(response_data, &context); + auth_hash_final(response_data, context); return AUTH_DBG_STATUS_NOT_SET; /* no error */ } @@ -103,8 +105,8 @@ acl_chap_auth_request(struct iscsi_acl *client, char *username, unsigned int id, unsigned int rsp_length) { iscsi_session_t *session = client->session_handle; - struct MD5Context context; - unsigned char verify_data[16]; + EVP_MD_CTX *context = NULL; + unsigned char verify_data[client->chap_challenge_len]; /* the expected credentials are in the session */ if (session->username_in == NULL) { @@ -137,21 +139,22 @@ acl_chap_auth_request(struct iscsi_acl *client, char *username, unsigned int id, return AUTH_STATUS_FAIL; } - auth_md5_init(&context); + if (auth_hash_init(&context, client->negotiated_chap_alg) != 0) + return AUTH_STATUS_FAIL; /* id byte */ verify_data[0] = id; - auth_md5_update(&context, verify_data, 1); + auth_hash_update(context, verify_data, 1); /* shared secret */ - auth_md5_update(&context, (unsigned char *)session->password_in, + auth_hash_update(context, (unsigned char *)session->password_in, session->password_in_length); /* challenge value */ - auth_md5_update(&context, (unsigned char *)challenge_data, + auth_hash_update(context, (unsigned char *)challenge_data, challenge_length); - auth_md5_final(verify_data, &context); + auth_hash_final(verify_data, context); if (memcmp(response_data, verify_data, sizeof(verify_data)) == 0) { log_debug(1, "initiator authenticated target %s", @@ -164,23 +167,54 @@ acl_chap_auth_request(struct iscsi_acl *client, char *username, unsigned int id, return AUTH_STATUS_FAIL; } -void -auth_md5_init(struct MD5Context *context) -{ - MD5Init(context); +static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) { + const EVP_MD *digest = NULL; + *context = EVP_MD_CTX_new(); + int rc; + + switch (chap_alg) { + case AUTH_CHAP_ALG_MD5: + digest = EVP_md5(); + break; + case AUTH_CHAP_ALG_SHA1: + digest = EVP_sha1(); + break; + case AUTH_CHAP_ALG_SHA256: + digest = EVP_sha256(); + break; + case AUTH_CHAP_ALG_SHA3_256: + digest = EVP_sha3_256(); + break; + } + + if (*context == NULL) + goto fail_context; + if (digest == NULL) + goto fail_digest; + rc = EVP_DigestInit_ex(*context, digest, NULL); + if (!rc) + goto fail_init; + + return 0; + +fail_init: +fail_digest: + EVP_MD_CTX_free(*context); + *context = NULL; +fail_context: + return -1; } -void -auth_md5_update(struct MD5Context *context, unsigned char *data, - unsigned int length) -{ - MD5Update(context, data, length); +static void auth_hash_update(EVP_MD_CTX *context, unsigned char *data, unsigned int length) { + EVP_DigestUpdate(context, data, length); } -void -auth_md5_final(unsigned char *hash, struct MD5Context *context) -{ - MD5Final(hash, context); +static unsigned int auth_hash_final(unsigned char *hash, EVP_MD_CTX *context) { + unsigned int md_len; + EVP_DigestFinal_ex(context, hash, &md_len); + EVP_MD_CTX_free(context); + context = NULL; + return md_len; } void @@ -301,6 +335,9 @@ static int acl_chk_chap_alg_optn(int chap_algorithm) { if (chap_algorithm == AUTH_OPTION_NONE || + chap_algorithm == AUTH_CHAP_ALG_SHA3_256 || + chap_algorithm == AUTH_CHAP_ALG_SHA256 || + chap_algorithm == AUTH_CHAP_ALG_SHA1 || chap_algorithm == AUTH_CHAP_ALG_MD5) return 0; @@ -701,6 +738,20 @@ acl_chk_chap_alg_key(struct iscsi_acl *client) if (number == (unsigned long)client->chap_alg_list[i]) { client->negotiated_chap_alg = number; + switch (number) { + case AUTH_CHAP_ALG_MD5: + client->chap_challenge_len = AUTH_CHAP_MD5_RSP_LEN; + break; + case AUTH_CHAP_ALG_SHA1: + client->chap_challenge_len = AUTH_CHAP_SHA1_RSP_LEN; + break; + case AUTH_CHAP_ALG_SHA256: + client->chap_challenge_len = AUTH_CHAP_SHA256_RSP_LEN; + break; + case AUTH_CHAP_ALG_SHA3_256: + client->chap_challenge_len = AUTH_CHAP_SHA3_256_RSP_LEN; + break; + } return; } } @@ -816,7 +867,7 @@ static void acl_local_auth(struct iscsi_acl *client) { unsigned int chap_identifier; - unsigned char response_data[AUTH_CHAP_RSP_LEN]; + unsigned char response_data[AUTH_CHAP_RSP_MAX]; unsigned long number; int status; enum auth_dbg_status dbg_status; @@ -848,7 +899,10 @@ acl_local_auth(struct iscsi_acl *client) client->local_state = AUTH_LOCAL_STATE_ERROR; client->dbg_status = AUTH_DBG_STATUS_CHAP_ALG_REJECT; break; - } else if (client->negotiated_chap_alg != AUTH_CHAP_ALG_MD5) { + } else if ((client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA3_256) && + (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA256) && + (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA1) && + (client->negotiated_chap_alg != AUTH_CHAP_ALG_MD5)) { client->local_state = AUTH_LOCAL_STATE_ERROR; client->dbg_status = AUTH_DBG_STATUS_CHAP_ALG_BAD; break; @@ -923,8 +977,8 @@ acl_local_auth(struct iscsi_acl *client) break; } - acl_data_to_text(response_data, - AUTH_CHAP_RSP_LEN, client->scratch_key_value, + acl_data_to_text(response_data, client->chap_challenge_len, + client->scratch_key_value, AUTH_STR_MAX_LEN); acl_set_key_value(&client->send_key_block, AUTH_KEY_TYPE_CHAP_RSP, @@ -949,7 +1003,7 @@ acl_rmt_auth(struct iscsi_acl *client) unsigned char id_data[1]; unsigned char response_data[AUTH_STR_MAX_LEN]; unsigned int rsp_len = AUTH_STR_MAX_LEN; - unsigned char my_rsp_data[AUTH_CHAP_RSP_LEN]; + unsigned char my_rsp_data[AUTH_CHAP_RSP_MAX]; int status; enum auth_dbg_status dbg_status; const char *chap_rsp_key_val; @@ -1012,7 +1066,7 @@ acl_rmt_auth(struct iscsi_acl *client) break; } - if (rsp_len == AUTH_CHAP_RSP_LEN) { + if (rsp_len == client->chap_challenge_len) { dbg_status = acl_chap_compute_rsp(client, 1, client->send_chap_identifier, client->send_chap_challenge.large_binary, @@ -1021,7 +1075,7 @@ acl_rmt_auth(struct iscsi_acl *client) if (dbg_status == AUTH_DBG_STATUS_NOT_SET && memcmp(my_rsp_data, response_data, - AUTH_CHAP_RSP_LEN) == 0) { + client->chap_challenge_len) == 0) { client->rmt_state = AUTH_RMT_STATE_ERROR; client->dbg_status = AUTH_DBG_STATUS_PASSWD_IDENTICAL; break; @@ -1764,6 +1818,26 @@ acl_set_chap_alg_list(struct iscsi_acl *client, unsigned int option_count, acl_chk_chap_alg_list); } +int +acl_init_chap_digests(int *value_list) { + EVP_MD_CTX *context = EVP_MD_CTX_new(); + int i = 0; + + if (EVP_DigestInit_ex(context, EVP_sha3_256(), NULL)) { + value_list[i++] = AUTH_CHAP_ALG_SHA3_256; + } + if (EVP_DigestInit_ex(context, EVP_sha256(), NULL)) { + value_list[i++] = AUTH_CHAP_ALG_SHA256; + } + if (EVP_DigestInit_ex(context, EVP_sha1(), NULL)) { + value_list[i++] = AUTH_CHAP_ALG_SHA1; + } + if (EVP_DigestInit_ex(context, EVP_md5(), NULL)) { + value_list[i++] = AUTH_CHAP_ALG_MD5; + } + return i; +} + int acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) { @@ -1772,7 +1846,7 @@ acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) struct auth_str_block *send_str_blk; struct auth_large_binary *recv_chap_challenge; struct auth_large_binary *send_chap_challenge; - int value_list[2]; + int value_list[3]; if (buf_desc_count != 5 || !buff_desc) return AUTH_STATUS_ERROR; @@ -1825,7 +1899,6 @@ acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) client->node_type = (enum auth_node_type) node_type; client->auth_rmt = 1; client->passwd_present = 0; - client->chap_challenge_len = AUTH_CHAP_RSP_LEN; client->ip_sec = 0; client->phase = AUTH_PHASE_CONFIGURE; @@ -1851,10 +1924,8 @@ acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) return AUTH_STATUS_ERROR; } - value_list[0] = AUTH_CHAP_ALG_MD5; - - if (acl_set_chap_alg_list(client, 1, value_list) != - AUTH_STATUS_NO_ERROR) { + if (acl_set_chap_alg_list(client, acl_init_chap_digests(value_list), + value_list) != AUTH_STATUS_NO_ERROR) { client->phase = AUTH_PHASE_ERROR; return AUTH_STATUS_ERROR; } diff --git a/usr/auth.h b/usr/auth.h index 2cc3489..f6dbbe4 100644 --- a/usr/auth.h +++ b/usr/auth.h @@ -29,7 +29,11 @@ enum { AUTH_LARGE_BINARY_MAX_LEN = 1024, AUTH_RECV_END_MAX_COUNT = 10, ACL_SIGNATURE = 0x5984B2E3, - AUTH_CHAP_RSP_LEN = 16, + AUTH_CHAP_MD5_RSP_LEN = 16, + AUTH_CHAP_SHA1_RSP_LEN = 20, + AUTH_CHAP_SHA256_RSP_LEN = 32, + AUTH_CHAP_SHA3_256_RSP_LEN = 32, + AUTH_CHAP_RSP_MAX = 32, }; /* @@ -61,7 +65,10 @@ enum { AUTH_METHOD_MAX_COUNT = 2, AUTH_CHAP_ALG_MD5 = 5, - AUTH_CHAP_ALG_MAX_COUNT = 2 + AUTH_CHAP_ALG_SHA1 = 6, + AUTH_CHAP_ALG_SHA256 = 7, + AUTH_CHAP_ALG_SHA3_256 = 8, + AUTH_CHAP_ALG_MAX_COUNT = 5 }; enum auth_neg_role { diff --git a/usr/md5.c b/usr/md5.c deleted file mode 100644 index ba6c86d..0000000 --- a/usr/md5.c +++ /dev/null @@ -1,236 +0,0 @@ -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. - * - * Changed so as no longer to depend on Colin Plumb's `usual.h' header - * definitions; now uses stuff from dpkg's config.h. - * - Ian Jackson . - * Still in the public domain. - */ - -#include "md5.h" - -#ifdef WORDS_BIGENDIAN -void -byteSwap(UWORD32 *buf, unsigned words) -{ - md5byte *p = (md5byte *)buf; - - do { - *buf++ = (UWORD32)((unsigned)p[3] << 8 | p[2]) << 16 | - ((unsigned)p[1] << 8 | p[0]); - p += 4; - } while (--words); -} -#else -#define byteSwap(buf,words) -#endif - -/* - * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious - * initialization constants. - */ -void -MD5Init(struct MD5Context *ctx) -{ - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; - - ctx->bytes[0] = 0; - ctx->bytes[1] = 0; -} - -/* - * Update context to reflect the concatenation of another buffer full - * of bytes. - */ -void -MD5Update(struct MD5Context *ctx, md5byte const *buf, unsigned len) -{ - UWORD32 t; - - /* Update byte count */ - - t = ctx->bytes[0]; - if ((ctx->bytes[0] = t + len) < t) - ctx->bytes[1]++; /* Carry from low to high */ - - t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */ - if (t > len) { - memcpy((md5byte *)ctx->in + 64 - t, buf, len); - return; - } - /* First chunk is an odd size */ - memcpy((md5byte *)ctx->in + 64 - t, buf, t); - byteSwap(ctx->in, 16); - MD5Transform(ctx->buf, ctx->in); - buf += t; - len -= t; - - /* Process data in 64-byte chunks */ - while (len >= 64) { - memcpy(ctx->in, buf, 64); - byteSwap(ctx->in, 16); - MD5Transform(ctx->buf, ctx->in); - buf += 64; - len -= 64; - } - - /* Handle any remaining bytes of data. */ - memcpy(ctx->in, buf, len); -} - -/* - * Final wrapup - pad to 64-byte boundary with the bit pattern - * 1 0* (64-bit count of bits processed, MSB-first) - */ -void -MD5Final(md5byte digest[16], struct MD5Context *ctx) -{ - int count = ctx->bytes[0] & 0x3f; /* Number of bytes in ctx->in */ - md5byte *p = (md5byte *)ctx->in + count; - - /* Set the first char of padding to 0x80. There is always room. */ - *p++ = 0x80; - - /* Bytes of padding needed to make 56 bytes (-8..55) */ - count = 56 - 1 - count; - - if (count < 0) { /* Padding forces an extra block */ - memset(p, 0, count + 8); - byteSwap(ctx->in, 16); - MD5Transform(ctx->buf, ctx->in); - p = (md5byte *)ctx->in; - count = 56; - } - memset(p, 0, count); - byteSwap(ctx->in, 14); - - /* Append length in bits and transform */ - ctx->in[14] = ctx->bytes[0] << 3; - ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29; - MD5Transform(ctx->buf, ctx->in); - - byteSwap(ctx->buf, 4); - memcpy(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ -} - -#ifndef ASM_MD5 - -/* The four core functions - F1 is optimized somewhat */ - -/* #define F1(x, y, z) (x & y | ~x & z) */ -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) - -/* This is the central step in the MD5 algorithm. */ -#define MD5STEP(f,w,x,y,z,in,s) \ - (w += f(x,y,z) + in, w = (w<>(32-s)) + x) - -/* - * The core of the MD5 algorithm, this alters an existing MD5 hash to - * reflect the addition of 16 longwords of new data. MD5Update blocks - * the data and converts bytes into longwords for this routine. - */ -void -MD5Transform(UWORD32 buf[4], UWORD32 const in[16]) -{ - register UWORD32 a, b, c, d; - - a = buf[0]; - b = buf[1]; - c = buf[2]; - d = buf[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} - -#endif diff --git a/usr/md5.h b/usr/md5.h deleted file mode 100644 index 100eecc..0000000 --- a/usr/md5.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * This is the header file for the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. - * - * Changed so as no longer to depend on Colin Plumb's `usual.h' - * header definitions; now uses stuff from dpkg's config.h - * - Ian Jackson . - * Still in the public domain. - */ - -#ifndef MD5_H -#define MD5_H - -#include -#include -#include -#include -#if (__BYTE_ORDER == __BIG_ENDIAN) -# define WORDS_BIGENDIAN 1 -#endif - -typedef uint32_t UWORD32; - - -#ifdef __cplusplus -extern "C" { -#endif - - -#define md5byte unsigned char - -struct MD5Context { - UWORD32 buf[4]; - UWORD32 bytes[2]; - UWORD32 in[16]; -}; - -void MD5Init(struct MD5Context *context); -void MD5Update(struct MD5Context *context, md5byte const *buf, unsigned len); -void MD5Final(unsigned char digest[16], struct MD5Context *context); -void MD5Transform(UWORD32 buf[4], UWORD32 const in[16]); - - -#ifdef __cplusplus -} -#endif - -#endif /* !MD5_H */ diff --git a/usr/sha1.c b/usr/sha1.c deleted file mode 100644 index 8285a5e..0000000 --- a/usr/sha1.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Cryptographic API. - * - * SHA1 Secure Hash Algorithm. - * - * Derived from cryptoapi implementation, adapted for in-place - * scatterlist interface. Originally based on the public domain - * implementation written by Steve Reid. - * - * Copyright (c) Alan Smithee. - * Copyright (c) Andrew McDonald - * Copyright (c) Jean-Francois Dive - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - */ -#include "sha1.h" - -#define SHA1_DIGEST_SIZE 20 -#define SHA1_HMAC_BLOCK_SIZE 64 - -static inline uint32_t rol(uint32_t value, uint32_t bits) -{ - return (((value) << (bits)) | ((value) >> (32 - (bits)))); -} - -/* blk0() and blk() perform the initial expand. */ -/* I got the idea of expanding during the round function from SSLeay */ -# define blk0(i) block32[i] - -#define blk(i) (block32[i&15] = rol(block32[(i+13)&15]^block32[(i+8)&15] \ - ^block32[(i+2)&15]^block32[i&15],1)) - -/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ -#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5); \ - w=rol(w,30); -#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5); \ - w=rol(w,30); -#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); -#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5); \ - w=rol(w,30); -#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); - -/* Hash a single 512-bit block. This is the core of the algorithm. */ -static void sha1_transform(uint32_t *state, const uint8_t *in) -{ - uint32_t a, b, c, d, e; - uint32_t block32[16]; - - /* convert/copy data to workspace */ - for (a = 0; a < sizeof(block32)/sizeof(uint32_t); a++) - block32[a] = ntohl (((const uint32_t *)in)[a]); - - /* Copy context->state[] to working vars */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - /* Wipe variables */ - a = b = c = d = e = 0; - memset (block32, 0x00, sizeof block32); -} - -void sha1_init(void *ctx) -{ - struct sha1_ctx *sctx = ctx; - static const struct sha1_ctx initstate = { - 0, - { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 }, - { 0, } - }; - - *sctx = initstate; -} - -void sha1_update(void *ctx, const uint8_t *data, unsigned int len) -{ - struct sha1_ctx *sctx = ctx; - unsigned int i, j; - - j = (sctx->count >> 3) & 0x3f; - sctx->count += len << 3; - - if ((j + len) > 63) { - memcpy(&sctx->buffer[j], data, (i = 64-j)); - sha1_transform(sctx->state, sctx->buffer); - for ( ; i + 63 < len; i += 64) { - sha1_transform(sctx->state, &data[i]); - } - j = 0; - } - else i = 0; - memcpy(&sctx->buffer[j], &data[i], len - i); -} - - -/* Add padding and return the message digest. */ -void sha1_final(void* ctx, uint8_t *out) -{ - struct sha1_ctx *sctx = ctx; - uint32_t i, j, index, padlen; - uint64_t t; - uint8_t bits[8] = { 0, }; - static const uint8_t padding[64] = { 0x80, }; - - t = sctx->count; - bits[7] = 0xff & t; t>>=8; - bits[6] = 0xff & t; t>>=8; - bits[5] = 0xff & t; t>>=8; - bits[4] = 0xff & t; t>>=8; - bits[3] = 0xff & t; t>>=8; - bits[2] = 0xff & t; t>>=8; - bits[1] = 0xff & t; t>>=8; - bits[0] = 0xff & t; - - /* Pad out to 56 mod 64 */ - index = (sctx->count >> 3) & 0x3f; - padlen = (index < 56) ? (56 - index) : ((64+56) - index); - sha1_update(sctx, padding, padlen); - - /* Append length */ - sha1_update(sctx, bits, sizeof bits); - - /* Store state in digest */ - for (i = j = 0; i < 5; i++, j += 4) { - uint32_t t2 = sctx->state[i]; - out[j+3] = t2 & 0xff; t2>>=8; - out[j+2] = t2 & 0xff; t2>>=8; - out[j+1] = t2 & 0xff; t2>>=8; - out[j ] = t2 & 0xff; - } - - /* Wipe context */ - memset(sctx, 0, sizeof *sctx); -} diff --git a/usr/sha1.h b/usr/sha1.h deleted file mode 100644 index af436b3..0000000 --- a/usr/sha1.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * sha1.h - SHA1 Secure Hash Algorithm used for CHAP authentication. - * copied from the Linux kernel's Cryptographic API and slightly adjusted to - * fit IET's needs - * - * This file is (c) 2004 Xiranet Communications GmbH - * and licensed under the GPL. - */ - -#ifndef SHA1_H -#define SHA1_H - -#include -#include -#include "types.h" - -struct sha1_ctx { - uint64_t count; - uint32_t state[5]; - uint8_t buffer[64]; -}; - -void sha1_init(void *ctx); -void sha1_update(void *ctx, const uint8_t *data, unsigned int len); -void sha1_final(void* ctx, uint8_t *out); - -#endif -- 2.21.3