1 /*
2 * Copyright (c) 2003 Sun Microsystems, Inc. All Rights Reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * Redistribution of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * Redistribution in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * Neither the name of Sun Microsystems, Inc. or the names of
16 * contributors may be used to endorse or promote products derived
17 * from this software without specific prior written permission.
18 *
19 * This software is provided "AS IS," without a warranty of any kind.
20 * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
21 * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
22 * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
23 * SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE
24 * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
25 * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL
26 * SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA,
27 * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
28 * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
29 * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
30 * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
31 */
32
33 #include <stdlib.h>
34 #include <stdio.h>
35 #include <inttypes.h>
36 #include <string.h>
37 #include <sys/types.h>
38 #include <unistd.h>
39
40 #include <ipmitool/helper.h>
41 #include <ipmitool/bswap.h>
42 #include <ipmitool/ipmi.h>
43 #include <ipmitool/ipmi_intf.h>
44
45 #if HAVE_CONFIG_H
46 # include <config.h>
47 #endif
48
49 #ifdef HAVE_CRYPTO_MD2
50 # include <openssl/md2.h>
51 #endif
52
53 #ifdef HAVE_CRYPTO_MD5
54 # include <openssl/md5.h>
55 #else
56 # include "md5.h"
57 #endif
58
59 /*
60 * multi-session authcode generation for MD5
61 * H(password + session_id + msg + session_seq + password)
62 *
63 * Use OpenSSL implementation of MD5 algorithm if found
64 */
ipmi_auth_md5(struct ipmi_session * s,uint8_t * data,int data_len)65 uint8_t * ipmi_auth_md5(struct ipmi_session * s, uint8_t * data, int data_len)
66 {
67 #ifdef HAVE_CRYPTO_MD5
68 MD5_CTX ctx;
69 static uint8_t md[16];
70 uint32_t temp;
71
72 #if WORDS_BIGENDIAN
73 temp = BSWAP_32(s->in_seq);
74 #else
75 temp = s->in_seq;
76 #endif
77 memset(md, 0, 16);
78 memset(&ctx, 0, sizeof(MD5_CTX));
79
80 MD5_Init(&ctx);
81 MD5_Update(&ctx, (const uint8_t *)s->authcode, 16);
82 MD5_Update(&ctx, (const uint8_t *)&s->session_id, 4);
83 MD5_Update(&ctx, (const uint8_t *)data, data_len);
84 MD5_Update(&ctx, (const uint8_t *)&temp, sizeof(uint32_t));
85 MD5_Update(&ctx, (const uint8_t *)s->authcode, 16);
86 MD5_Final(md, &ctx);
87
88 if (verbose > 3)
89 printf(" MD5 AuthCode : %s\n", buf2str(md, 16));
90
91 return md;
92 #else /*HAVE_CRYPTO_MD5*/
93 md5_state_t state;
94 static md5_byte_t digest[16];
95 uint32_t temp;
96
97 memset(digest, 0, 16);
98 memset(&state, 0, sizeof(md5_state_t));
99
100 md5_init(&state);
101
102 md5_append(&state, (const md5_byte_t *)s->authcode, 16);
103 md5_append(&state, (const md5_byte_t *)&s->session_id, 4);
104 md5_append(&state, (const md5_byte_t *)data, data_len);
105
106 #if WORDS_BIGENDIAN
107 temp = BSWAP_32(s->in_seq);
108 #else
109 temp = s->in_seq;
110 #endif
111 md5_append(&state, (const md5_byte_t *)&temp, 4);
112 md5_append(&state, (const md5_byte_t *)s->authcode, 16);
113
114 md5_finish(&state, digest);
115
116 if (verbose > 3)
117 printf(" MD5 AuthCode : %s\n", buf2str(digest, 16));
118 return digest;
119 #endif /*HAVE_CRYPTO_MD5*/
120 }
121
122 /*
123 * multi-session authcode generation for MD2
124 * H(password + session_id + msg + session_seq + password)
125 *
126 * Use OpenSSL implementation of MD2 algorithm if found.
127 * This function is analogous to ipmi_auth_md5
128 */
ipmi_auth_md2(struct ipmi_session * s,uint8_t * data,int data_len)129 uint8_t * ipmi_auth_md2(struct ipmi_session * s, uint8_t * data, int data_len)
130 {
131 #ifdef HAVE_CRYPTO_MD2
132 MD2_CTX ctx;
133 static uint8_t md[16];
134 uint32_t temp;
135
136 #if WORDS_BIGENDIAN
137 temp = BSWAP_32(s->in_seq);
138 #else
139 temp = s->in_seq;
140 #endif
141 memset(md, 0, 16);
142 memset(&ctx, 0, sizeof(MD2_CTX));
143
144 MD2_Init(&ctx);
145 MD2_Update(&ctx, (const uint8_t *)s->authcode, 16);
146 MD2_Update(&ctx, (const uint8_t *)&s->session_id, 4);
147 MD2_Update(&ctx, (const uint8_t *)data, data_len);
148 MD2_Update(&ctx, (const uint8_t *)&temp, sizeof(uint32_t));
149 MD2_Update(&ctx, (const uint8_t *)s->authcode, 16);
150 MD2_Final(md, &ctx);
151
152 if (verbose > 3)
153 printf(" MD2 AuthCode : %s\n", buf2str(md, 16));
154
155 return md;
156 #else /*HAVE_CRYPTO_MD2*/
157 static uint8_t md[16];
158 memset(md, 0, 16);
159 printf("WARNING: No internal support for MD2! "
160 "Please re-compile with OpenSSL.\n");
161 return md;
162 #endif /*HAVE_CRYPTO_MD2*/
163 }
164
165 /* special authentication method */
ipmi_auth_special(struct ipmi_session * s)166 uint8_t * ipmi_auth_special(struct ipmi_session * s)
167 {
168 #ifdef HAVE_CRYPTO_MD5
169 MD5_CTX ctx;
170 static uint8_t md[16];
171 uint8_t challenge[16];
172 int i;
173
174 memset(challenge, 0, 16);
175 memset(md, 0, 16);
176 memset(&ctx, 0, sizeof(MD5_CTX));
177
178 MD5_Init(&ctx);
179 MD5_Update(&ctx, (const uint8_t *)s->authcode, strlen((const char *)s->authcode));
180 MD5_Final(md, &ctx);
181
182 for (i=0; i<16; i++)
183 challenge[i] = s->challenge[i] ^ md[i];
184
185 memset(md, 0, 16);
186 memset(&ctx, 0, sizeof(MD5_CTX));
187
188 MD5_Init(&ctx);
189 MD5_Update(&ctx, (const uint8_t *)challenge, 16);
190 MD5_Final(md, &ctx);
191
192 return md;
193 #else /*HAVE_CRYPTO_MD5*/
194 int i;
195 md5_state_t state;
196 static md5_byte_t digest[16];
197 uint8_t challenge[16];
198
199 memset(challenge, 0, 16);
200 memset(digest, 0, 16);
201 memset(&state, 0, sizeof(md5_state_t));
202
203 md5_init(&state);
204 md5_append(&state, (const md5_byte_t *)s->authcode, strlen(s->authcode));
205 md5_finish(&state, digest);
206
207 for (i=0; i<16; i++)
208 challenge[i] = s->challenge[i] ^ digest[i];
209
210 memset(digest, 0, 16);
211 memset(&state, 0, sizeof(md5_state_t));
212
213 md5_init(&state);
214 md5_append(&state, (const md5_byte_t *)challenge, 16);
215 md5_finish(&state, digest);
216
217 return digest;
218 #endif /*HAVE_CRYPTO_MD5*/
219 }
220
221