xref: /openbmc/ipmitool/src/plugins/lan/auth.c (revision c18ec02f) 
1*c18ec02fSPetter Reinholdtsen /*
2*c18ec02fSPetter Reinholdtsen  * Copyright (c) 2003 Sun Microsystems, Inc.  All Rights Reserved.
3*c18ec02fSPetter Reinholdtsen  *
4*c18ec02fSPetter Reinholdtsen  * Redistribution and use in source and binary forms, with or without
5*c18ec02fSPetter Reinholdtsen  * modification, are permitted provided that the following conditions
6*c18ec02fSPetter Reinholdtsen  * are met:
7*c18ec02fSPetter Reinholdtsen  *
8*c18ec02fSPetter Reinholdtsen  * Redistribution of source code must retain the above copyright
9*c18ec02fSPetter Reinholdtsen  * notice, this list of conditions and the following disclaimer.
10*c18ec02fSPetter Reinholdtsen  *
11*c18ec02fSPetter Reinholdtsen  * Redistribution in binary form must reproduce the above copyright
12*c18ec02fSPetter Reinholdtsen  * notice, this list of conditions and the following disclaimer in the
13*c18ec02fSPetter Reinholdtsen  * documentation and/or other materials provided with the distribution.
14*c18ec02fSPetter Reinholdtsen  *
15*c18ec02fSPetter Reinholdtsen  * Neither the name of Sun Microsystems, Inc. or the names of
16*c18ec02fSPetter Reinholdtsen  * contributors may be used to endorse or promote products derived
17*c18ec02fSPetter Reinholdtsen  * from this software without specific prior written permission.
18*c18ec02fSPetter Reinholdtsen  *
19*c18ec02fSPetter Reinholdtsen  * This software is provided "AS IS," without a warranty of any kind.
20*c18ec02fSPetter Reinholdtsen  * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
21*c18ec02fSPetter Reinholdtsen  * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
22*c18ec02fSPetter Reinholdtsen  * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
23*c18ec02fSPetter Reinholdtsen  * SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE
24*c18ec02fSPetter Reinholdtsen  * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
25*c18ec02fSPetter Reinholdtsen  * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.  IN NO EVENT WILL
26*c18ec02fSPetter Reinholdtsen  * SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA,
27*c18ec02fSPetter Reinholdtsen  * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
28*c18ec02fSPetter Reinholdtsen  * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
29*c18ec02fSPetter Reinholdtsen  * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
30*c18ec02fSPetter Reinholdtsen  * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
31*c18ec02fSPetter Reinholdtsen  */
32*c18ec02fSPetter Reinholdtsen 
33*c18ec02fSPetter Reinholdtsen #include <stdlib.h>
34*c18ec02fSPetter Reinholdtsen #include <stdio.h>
35*c18ec02fSPetter Reinholdtsen #include <inttypes.h>
36*c18ec02fSPetter Reinholdtsen #include <string.h>
37*c18ec02fSPetter Reinholdtsen #include <sys/types.h>
38*c18ec02fSPetter Reinholdtsen #include <unistd.h>
39*c18ec02fSPetter Reinholdtsen 
40*c18ec02fSPetter Reinholdtsen #include <ipmitool/helper.h>
41*c18ec02fSPetter Reinholdtsen #include <ipmitool/bswap.h>
42*c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi.h>
43*c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_intf.h>
44*c18ec02fSPetter Reinholdtsen 
45*c18ec02fSPetter Reinholdtsen #if HAVE_CONFIG_H
46*c18ec02fSPetter Reinholdtsen # include <config.h>
47*c18ec02fSPetter Reinholdtsen #endif
48*c18ec02fSPetter Reinholdtsen 
49*c18ec02fSPetter Reinholdtsen #ifdef HAVE_CRYPTO_MD2
50*c18ec02fSPetter Reinholdtsen # include <openssl/md2.h>
51*c18ec02fSPetter Reinholdtsen #endif
52*c18ec02fSPetter Reinholdtsen 
53*c18ec02fSPetter Reinholdtsen #ifdef HAVE_CRYPTO_MD5
54*c18ec02fSPetter Reinholdtsen # include <openssl/md5.h>
55*c18ec02fSPetter Reinholdtsen #else
56*c18ec02fSPetter Reinholdtsen # include "md5.h"
57*c18ec02fSPetter Reinholdtsen #endif
58*c18ec02fSPetter Reinholdtsen 
59*c18ec02fSPetter Reinholdtsen /*
60*c18ec02fSPetter Reinholdtsen  * multi-session authcode generation for MD5
61*c18ec02fSPetter Reinholdtsen  * H(password + session_id + msg + session_seq + password)
62*c18ec02fSPetter Reinholdtsen  *
63*c18ec02fSPetter Reinholdtsen  * Use OpenSSL implementation of MD5 algorithm if found
64*c18ec02fSPetter Reinholdtsen  */
ipmi_auth_md5(struct ipmi_session * s,uint8_t * data,int data_len)65*c18ec02fSPetter Reinholdtsen uint8_t * ipmi_auth_md5(struct ipmi_session * s, uint8_t * data, int data_len)
66*c18ec02fSPetter Reinholdtsen {
67*c18ec02fSPetter Reinholdtsen #ifdef HAVE_CRYPTO_MD5
68*c18ec02fSPetter Reinholdtsen 	MD5_CTX ctx;
69*c18ec02fSPetter Reinholdtsen 	static uint8_t md[16];
70*c18ec02fSPetter Reinholdtsen 	uint32_t temp;
71*c18ec02fSPetter Reinholdtsen 
72*c18ec02fSPetter Reinholdtsen #if WORDS_BIGENDIAN
73*c18ec02fSPetter Reinholdtsen 	temp = BSWAP_32(s->in_seq);
74*c18ec02fSPetter Reinholdtsen #else
75*c18ec02fSPetter Reinholdtsen 	temp = s->in_seq;
76*c18ec02fSPetter Reinholdtsen #endif
77*c18ec02fSPetter Reinholdtsen 	memset(md, 0, 16);
78*c18ec02fSPetter Reinholdtsen 	memset(&ctx, 0, sizeof(MD5_CTX));
79*c18ec02fSPetter Reinholdtsen 
80*c18ec02fSPetter Reinholdtsen 	MD5_Init(&ctx);
81*c18ec02fSPetter Reinholdtsen 	MD5_Update(&ctx, (const uint8_t *)s->authcode, 16);
82*c18ec02fSPetter Reinholdtsen 	MD5_Update(&ctx, (const uint8_t *)&s->session_id, 4);
83*c18ec02fSPetter Reinholdtsen 	MD5_Update(&ctx, (const uint8_t *)data, data_len);
84*c18ec02fSPetter Reinholdtsen 	MD5_Update(&ctx, (const uint8_t *)&temp, sizeof(uint32_t));
85*c18ec02fSPetter Reinholdtsen 	MD5_Update(&ctx, (const uint8_t *)s->authcode, 16);
86*c18ec02fSPetter Reinholdtsen 	MD5_Final(md, &ctx);
87*c18ec02fSPetter Reinholdtsen 
88*c18ec02fSPetter Reinholdtsen 	if (verbose > 3)
89*c18ec02fSPetter Reinholdtsen 		printf("  MD5 AuthCode    : %s\n", buf2str(md, 16));
90*c18ec02fSPetter Reinholdtsen 
91*c18ec02fSPetter Reinholdtsen 	return md;
92*c18ec02fSPetter Reinholdtsen #else /*HAVE_CRYPTO_MD5*/
93*c18ec02fSPetter Reinholdtsen 	md5_state_t state;
94*c18ec02fSPetter Reinholdtsen 	static md5_byte_t digest[16];
95*c18ec02fSPetter Reinholdtsen 	uint32_t temp;
96*c18ec02fSPetter Reinholdtsen 
97*c18ec02fSPetter Reinholdtsen 	memset(digest, 0, 16);
98*c18ec02fSPetter Reinholdtsen 	memset(&state, 0, sizeof(md5_state_t));
99*c18ec02fSPetter Reinholdtsen 
100*c18ec02fSPetter Reinholdtsen 	md5_init(&state);
101*c18ec02fSPetter Reinholdtsen 
102*c18ec02fSPetter Reinholdtsen 	md5_append(&state, (const md5_byte_t *)s->authcode, 16);
103*c18ec02fSPetter Reinholdtsen 	md5_append(&state, (const md5_byte_t *)&s->session_id, 4);
104*c18ec02fSPetter Reinholdtsen 	md5_append(&state, (const md5_byte_t *)data, data_len);
105*c18ec02fSPetter Reinholdtsen 
106*c18ec02fSPetter Reinholdtsen #if WORDS_BIGENDIAN
107*c18ec02fSPetter Reinholdtsen 	temp = BSWAP_32(s->in_seq);
108*c18ec02fSPetter Reinholdtsen #else
109*c18ec02fSPetter Reinholdtsen 	temp = s->in_seq;
110*c18ec02fSPetter Reinholdtsen #endif
111*c18ec02fSPetter Reinholdtsen 	md5_append(&state, (const md5_byte_t *)&temp, 4);
112*c18ec02fSPetter Reinholdtsen 	md5_append(&state, (const md5_byte_t *)s->authcode, 16);
113*c18ec02fSPetter Reinholdtsen 
114*c18ec02fSPetter Reinholdtsen 	md5_finish(&state, digest);
115*c18ec02fSPetter Reinholdtsen 
116*c18ec02fSPetter Reinholdtsen 	if (verbose > 3)
117*c18ec02fSPetter Reinholdtsen 		printf("  MD5 AuthCode    : %s\n", buf2str(digest, 16));
118*c18ec02fSPetter Reinholdtsen 	return digest;
119*c18ec02fSPetter Reinholdtsen #endif /*HAVE_CRYPTO_MD5*/
120*c18ec02fSPetter Reinholdtsen }
121*c18ec02fSPetter Reinholdtsen 
122*c18ec02fSPetter Reinholdtsen /*
123*c18ec02fSPetter Reinholdtsen  * multi-session authcode generation for MD2
124*c18ec02fSPetter Reinholdtsen  * H(password + session_id + msg + session_seq + password)
125*c18ec02fSPetter Reinholdtsen  *
126*c18ec02fSPetter Reinholdtsen  * Use OpenSSL implementation of MD2 algorithm if found.
127*c18ec02fSPetter Reinholdtsen  * This function is analogous to ipmi_auth_md5
128*c18ec02fSPetter Reinholdtsen  */
ipmi_auth_md2(struct ipmi_session * s,uint8_t * data,int data_len)129*c18ec02fSPetter Reinholdtsen uint8_t * ipmi_auth_md2(struct ipmi_session * s, uint8_t * data, int data_len)
130*c18ec02fSPetter Reinholdtsen {
131*c18ec02fSPetter Reinholdtsen #ifdef HAVE_CRYPTO_MD2
132*c18ec02fSPetter Reinholdtsen 	MD2_CTX ctx;
133*c18ec02fSPetter Reinholdtsen 	static uint8_t md[16];
134*c18ec02fSPetter Reinholdtsen 	uint32_t temp;
135*c18ec02fSPetter Reinholdtsen 
136*c18ec02fSPetter Reinholdtsen #if WORDS_BIGENDIAN
137*c18ec02fSPetter Reinholdtsen 	temp = BSWAP_32(s->in_seq);
138*c18ec02fSPetter Reinholdtsen #else
139*c18ec02fSPetter Reinholdtsen 	temp = s->in_seq;
140*c18ec02fSPetter Reinholdtsen #endif
141*c18ec02fSPetter Reinholdtsen 	memset(md, 0, 16);
142*c18ec02fSPetter Reinholdtsen 	memset(&ctx, 0, sizeof(MD2_CTX));
143*c18ec02fSPetter Reinholdtsen 
144*c18ec02fSPetter Reinholdtsen 	MD2_Init(&ctx);
145*c18ec02fSPetter Reinholdtsen 	MD2_Update(&ctx, (const uint8_t *)s->authcode, 16);
146*c18ec02fSPetter Reinholdtsen 	MD2_Update(&ctx, (const uint8_t *)&s->session_id, 4);
147*c18ec02fSPetter Reinholdtsen 	MD2_Update(&ctx, (const uint8_t *)data, data_len);
148*c18ec02fSPetter Reinholdtsen 	MD2_Update(&ctx, (const uint8_t *)&temp, sizeof(uint32_t));
149*c18ec02fSPetter Reinholdtsen 	MD2_Update(&ctx, (const uint8_t *)s->authcode, 16);
150*c18ec02fSPetter Reinholdtsen 	MD2_Final(md, &ctx);
151*c18ec02fSPetter Reinholdtsen 
152*c18ec02fSPetter Reinholdtsen 	if (verbose > 3)
153*c18ec02fSPetter Reinholdtsen 		printf("  MD2 AuthCode    : %s\n", buf2str(md, 16));
154*c18ec02fSPetter Reinholdtsen 
155*c18ec02fSPetter Reinholdtsen 	return md;
156*c18ec02fSPetter Reinholdtsen #else /*HAVE_CRYPTO_MD2*/
157*c18ec02fSPetter Reinholdtsen 	static uint8_t md[16];
158*c18ec02fSPetter Reinholdtsen 	memset(md, 0, 16);
159*c18ec02fSPetter Reinholdtsen 	printf("WARNING: No internal support for MD2!  "
160*c18ec02fSPetter Reinholdtsen 	       "Please re-compile with OpenSSL.\n");
161*c18ec02fSPetter Reinholdtsen 	return md;
162*c18ec02fSPetter Reinholdtsen #endif /*HAVE_CRYPTO_MD2*/
163*c18ec02fSPetter Reinholdtsen }
164*c18ec02fSPetter Reinholdtsen 
165*c18ec02fSPetter Reinholdtsen /* special authentication method */
ipmi_auth_special(struct ipmi_session * s)166*c18ec02fSPetter Reinholdtsen uint8_t * ipmi_auth_special(struct ipmi_session * s)
167*c18ec02fSPetter Reinholdtsen {
168*c18ec02fSPetter Reinholdtsen #ifdef HAVE_CRYPTO_MD5
169*c18ec02fSPetter Reinholdtsen 	MD5_CTX ctx;
170*c18ec02fSPetter Reinholdtsen 	static uint8_t md[16];
171*c18ec02fSPetter Reinholdtsen 	uint8_t challenge[16];
172*c18ec02fSPetter Reinholdtsen 	int i;
173*c18ec02fSPetter Reinholdtsen 
174*c18ec02fSPetter Reinholdtsen 	memset(challenge, 0, 16);
175*c18ec02fSPetter Reinholdtsen 	memset(md, 0, 16);
176*c18ec02fSPetter Reinholdtsen 	memset(&ctx, 0, sizeof(MD5_CTX));
177*c18ec02fSPetter Reinholdtsen 
178*c18ec02fSPetter Reinholdtsen 	MD5_Init(&ctx);
179*c18ec02fSPetter Reinholdtsen 	MD5_Update(&ctx, (const uint8_t *)s->authcode, strlen((const char *)s->authcode));
180*c18ec02fSPetter Reinholdtsen 	MD5_Final(md, &ctx);
181*c18ec02fSPetter Reinholdtsen 
182*c18ec02fSPetter Reinholdtsen 	for (i=0; i<16; i++)
183*c18ec02fSPetter Reinholdtsen 		challenge[i] = s->challenge[i] ^ md[i];
184*c18ec02fSPetter Reinholdtsen 
185*c18ec02fSPetter Reinholdtsen 	memset(md, 0, 16);
186*c18ec02fSPetter Reinholdtsen 	memset(&ctx, 0, sizeof(MD5_CTX));
187*c18ec02fSPetter Reinholdtsen 
188*c18ec02fSPetter Reinholdtsen 	MD5_Init(&ctx);
189*c18ec02fSPetter Reinholdtsen 	MD5_Update(&ctx, (const uint8_t *)challenge, 16);
190*c18ec02fSPetter Reinholdtsen 	MD5_Final(md, &ctx);
191*c18ec02fSPetter Reinholdtsen 
192*c18ec02fSPetter Reinholdtsen 	return md;
193*c18ec02fSPetter Reinholdtsen #else  /*HAVE_CRYPTO_MD5*/
194*c18ec02fSPetter Reinholdtsen 	int i;
195*c18ec02fSPetter Reinholdtsen 	md5_state_t state;
196*c18ec02fSPetter Reinholdtsen 	static md5_byte_t digest[16];
197*c18ec02fSPetter Reinholdtsen 	uint8_t challenge[16];
198*c18ec02fSPetter Reinholdtsen 
199*c18ec02fSPetter Reinholdtsen 	memset(challenge, 0, 16);
200*c18ec02fSPetter Reinholdtsen 	memset(digest, 0, 16);
201*c18ec02fSPetter Reinholdtsen 	memset(&state, 0, sizeof(md5_state_t));
202*c18ec02fSPetter Reinholdtsen 
203*c18ec02fSPetter Reinholdtsen 	md5_init(&state);
204*c18ec02fSPetter Reinholdtsen 	md5_append(&state, (const md5_byte_t *)s->authcode, strlen(s->authcode));
205*c18ec02fSPetter Reinholdtsen 	md5_finish(&state, digest);
206*c18ec02fSPetter Reinholdtsen 
207*c18ec02fSPetter Reinholdtsen 	for (i=0; i<16; i++)
208*c18ec02fSPetter Reinholdtsen 		challenge[i] = s->challenge[i] ^ digest[i];
209*c18ec02fSPetter Reinholdtsen 
210*c18ec02fSPetter Reinholdtsen 	memset(digest, 0, 16);
211*c18ec02fSPetter Reinholdtsen 	memset(&state, 0, sizeof(md5_state_t));
212*c18ec02fSPetter Reinholdtsen 
213*c18ec02fSPetter Reinholdtsen 	md5_init(&state);
214*c18ec02fSPetter Reinholdtsen 	md5_append(&state, (const md5_byte_t *)challenge, 16);
215*c18ec02fSPetter Reinholdtsen 	md5_finish(&state, digest);
216*c18ec02fSPetter Reinholdtsen 
217*c18ec02fSPetter Reinholdtsen 	return digest;
218*c18ec02fSPetter Reinholdtsen #endif /*HAVE_CRYPTO_MD5*/
219*c18ec02fSPetter Reinholdtsen }
220*c18ec02fSPetter Reinholdtsen 
221