From c5428303e4d71856daf61fc27ae19aeca09cc834 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Tue, 21 Nov 2006 13:26:59 +0000 Subject: [PATCH] Added generic CHAP layer, independent of iSCSI --- src/crypto/chap.c | 108 ++++++++++++++++++++++++++++++++++++++++ src/crypto/md5.c | 29 +++++++---- src/include/gpxe/chap.h | 51 +++++++++++++++++++ src/include/gpxe/md5.h | 21 +------- 4 files changed, 180 insertions(+), 29 deletions(-) create mode 100644 src/crypto/chap.c create mode 100644 src/include/gpxe/chap.h diff --git a/src/crypto/chap.c b/src/crypto/chap.c new file mode 100644 index 00000000..997f5391 --- /dev/null +++ b/src/crypto/chap.c @@ -0,0 +1,108 @@ +/* + * Copyright (C) 2006 Michael Brown . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include +#include +#include +#include +#include +#include + +/** @file + * + * CHAP protocol + * + */ + +/** + * Initialise CHAP challenge/response + * + * @v chap CHAP challenge/response + * @v digest Digest algorithm to use + * @ret rc Return status code + * + * Initialises a CHAP challenge/response structure. This routine + * allocates memory, and so may fail. The allocated memory must + * eventually be freed by a call to chap_finish(). + */ +int chap_init ( struct chap_challenge *chap, + struct digest_algorithm *digest ) { + assert ( chap->digest == NULL ); + assert ( chap->digest_context == NULL ); + assert ( chap->response == NULL ); + + chap->digest = digest; + chap->digest_context = malloc ( digest->context_len ); + if ( ! chap->digest_context ) + goto err; + chap->response = malloc ( digest->digest_len ); + if ( ! chap->response ) + goto err; + chap->response_len = digest->digest_len; + chap->digest->init ( chap->digest_context ); + return 0; + + err: + chap_finish ( chap ); + return -ENOMEM; +} + +/** + * Add data to the CHAP challenge + * + * @v chap CHAP challenge/response + * @v data Data to add + * @v len Length of data to add + */ +void chap_update ( struct chap_challenge *chap, const void *data, + size_t len ) { + assert ( chap->digest != NULL ); + assert ( chap->digest_context != NULL ); + + chap->digest->update ( chap->digest_context, data, len ); +} + +/** + * Respond to the CHAP challenge + * + * @v chap CHAP challenge/response + * + * Calculates the final CHAP response value, and places it in @c + * chap->response, with a length of @c chap->response_len. + */ +void chap_respond ( struct chap_challenge *chap ) { + assert ( chap->digest != NULL ); + assert ( chap->digest_context != NULL ); + assert ( chap->response != NULL ); + + chap->digest->finish ( chap->digest_context, chap->response ); +} + +/** + * Free resources used by a CHAP challenge/response + * + * @v chap CHAP challenge/response + */ +void chap_finish ( struct chap_challenge *chap ) { + free ( chap->digest_context ); + chap->digest_context = NULL; + free ( chap->response ); + chap->response = NULL; + chap->digest = NULL; +} diff --git a/src/crypto/md5.c b/src/crypto/md5.c index ed062054..2aa21020 100644 --- a/src/crypto/md5.c +++ b/src/crypto/md5.c @@ -26,6 +26,16 @@ #include #include +#define MD5_DIGEST_SIZE 16 +#define MD5_BLOCK_WORDS 16 +#define MD5_HASH_WORDS 4 + +struct md5_ctx { + u32 hash[MD5_HASH_WORDS]; + u32 block[MD5_BLOCK_WORDS]; + u64 byte_count; +}; + #define __md5step __attribute__ (( regparm ( 3 ) )) struct md5_step { @@ -150,15 +160,16 @@ static inline void cpu_to_le32_array(u32 *buf, unsigned int words) } } -static inline void md5_transform_helper(struct md5_context *ctx) +static inline void md5_transform_helper(struct md5_ctx *ctx) { le32_to_cpu_array(ctx->block, sizeof(ctx->block) / sizeof(u32)); md5_transform(ctx->hash, ctx->block); } -void md5_init ( struct md5_context *context ) +static void md5_init(void *context) { - struct md5_context *mctx = context; + struct md5_ctx *mctx = context; + mctx->hash[0] = 0x67452301; mctx->hash[1] = 0xefcdab89; mctx->hash[2] = 0x98badcfe; @@ -166,9 +177,9 @@ void md5_init ( struct md5_context *context ) mctx->byte_count = 0; } -void md5_update ( struct md5_context *context, const void *data, size_t len ) +static void md5_update(void *context, const void *data, size_t len) { - struct md5_context *mctx = context; + struct md5_ctx *mctx = context; const u32 avail = sizeof(mctx->block) - (mctx->byte_count & 0x3f); mctx->byte_count += len; @@ -196,9 +207,9 @@ void md5_update ( struct md5_context *context, const void *data, size_t len ) memcpy(mctx->block, data, len); } -void md5_finish ( struct md5_context *context, struct md5_hash *out ) +static void md5_finish(void *context, void *out) { - struct md5_context *mctx = context; + struct md5_ctx *mctx = context; const unsigned int offset = mctx->byte_count & 0x3f; char *p = (char *)mctx->block + offset; int padding = 56 - (offset + 1); @@ -222,12 +233,10 @@ void md5_finish ( struct md5_context *context, struct md5_hash *out ) memset(mctx, 0, sizeof(*mctx)); } -/* struct digest_algorithm md5_algorithm = { - .context_len = sizeof ( struct md5_context ), + .context_len = sizeof ( struct md5_ctx ), .digest_len = MD5_DIGEST_SIZE, .init = md5_init, .update = md5_update, .finish = md5_finish, }; -*/ diff --git a/src/include/gpxe/chap.h b/src/include/gpxe/chap.h new file mode 100644 index 00000000..c85d92f8 --- /dev/null +++ b/src/include/gpxe/chap.h @@ -0,0 +1,51 @@ +#ifndef _GPXE_CHAP_H +#define _GPXE_CHAP_H + +/** @file + * + * CHAP protocol + * + */ + +#include +#include + +struct digest_algorithm; + +/** A CHAP challenge/response */ +struct chap_challenge { + /** Digest algorithm used for the response */ + struct digest_algorithm *digest; + /** Context used by the digest algorithm */ + uint8_t *digest_context; + /** CHAP response */ + uint8_t *response; + /** Length of CHAP response */ + size_t response_len; +}; + +extern int chap_init ( struct chap_challenge *chap, + struct digest_algorithm *digest ); +extern void chap_update ( struct chap_challenge *chap, const void *data, + size_t len ); +extern void chap_respond ( struct chap_challenge *chap ); +extern void chap_finish ( struct chap_challenge *chap ); + +/** + * Add identifier data to the CHAP challenge + * + * @v chap CHAP challenge/response + * @v identifier CHAP identifier + * + * The CHAP identifier is the first byte of the CHAP challenge. This + * function is a notational convenience for calling chap_update() for + * the identifier byte. + */ +static inline void chap_set_identifier ( struct chap_challenge *chap, + unsigned int identifier ) { + uint8_t ident_byte = identifier; + + chap_update ( chap, &ident_byte, sizeof ( ident_byte ) ); +} + +#endif /* _GPXE_CHAP_H */ diff --git a/src/include/gpxe/md5.h b/src/include/gpxe/md5.h index 5ae370fe..56120ca1 100644 --- a/src/include/gpxe/md5.h +++ b/src/include/gpxe/md5.h @@ -1,25 +1,8 @@ #ifndef _GPXE_MD5_H #define _GPXE_MD5_H -#include +struct digest_algorithm; -#define MD5_DIGEST_SIZE 16 -#define MD5_BLOCK_WORDS 16 -#define MD5_HASH_WORDS 4 - -struct md5_context { - u32 hash[MD5_HASH_WORDS]; - u32 block[MD5_BLOCK_WORDS]; - u64 byte_count; -}; - -struct md5_hash { - u8 hash[MD5_DIGEST_SIZE]; -}; - -extern void md5_init ( struct md5_context *context ); -extern void md5_update ( struct md5_context *context, const void *data, - size_t len ); -extern void md5_finish ( struct md5_context *context, struct md5_hash *hash ); +extern struct digest_algorithm md5_algorithm; #endif /* _GPXE_MD5_H */