domenico/openwrt-kernel5.4-nss-qsdk10.0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
domenico
2025-06-24 13:14:22 +02:00
commit 4002f145fc
9002 changed files with 1731834 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

199
package/network/services/dnsmasq/Makefile Normal file
View File

@@ -0,0 +1,199 @@
#
# Copyright (C) 2006-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.86
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
PKG_HASH:=28d52cfc9e2004ac4f85274f52b32e1647b4dbc9761b82e7de1e41c49907eb08
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:thekelleys:dnsmasq
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_UPSTREAM_VERSION)
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
PKG_ASLR_PIE_REGULAR:=1
PKG_CONFIG_DEPENDS:= CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcp \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_broken_rtc \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_tftp
include $(INCLUDE_DIR)/package.mk
define Package/dnsmasq/Default
SECTION:=net
CATEGORY:=Base system
TITLE:=DNS and DHCP server
URL:=http://www.thekelleys.org.uk/dnsmasq/
DEPENDS:=+libubus
USERID:=dnsmasq=453:dnsmasq=453
endef
define Package/dnsmasq
$(call Package/dnsmasq/Default)
VARIANT:=nodhcpv6
endef
define Package/dnsmasq-dhcpv6
$(call Package/dnsmasq/Default)
TITLE += (with DHCPv6 support)
DEPENDS+=@IPV6
VARIANT:=dhcpv6
PROVIDES:=dnsmasq
endef
define Package/dnsmasq-full
$(call Package/dnsmasq/Default)
TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, Conntrack, NO_ID enabled by default)
DEPENDS+=+PACKAGE_dnsmasq_full_dnssec:libnettle \
+PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset \
+PACKAGE_dnsmasq_full_conntrack:libnetfilter-conntrack
VARIANT:=full
PROVIDES:=dnsmasq
endef
define Package/dnsmasq/description
It is intended to provide coupled DNS and DHCP service to a LAN.
endef
define Package/dnsmasq-dhcpv6/description
$(call Package/dnsmasq/description)
This is a variant with DHCPv6 support
endef
define Package/dnsmasq-full/description
$(call Package/dnsmasq/description)
This is a fully configurable variant with DHCPv4, DHCPv6, DNSSEC, Authoritative DNS
and IPset, Conntrack support & NO_ID enabled by default.
endef
define Package/dnsmasq/conffiles
/etc/config/dhcp
/etc/dnsmasq.conf
/etc/dnsmasq.d/
endef
define Package/dnsmasq-full/config
if PACKAGE_dnsmasq-full
config PACKAGE_dnsmasq_full_dhcp
bool "Build with DHCP support."
default y
config PACKAGE_dnsmasq_full_dhcpv6
bool "Build with DHCPv6 support."
depends on IPV6 && PACKAGE_dnsmasq_full_dhcp
default y
config PACKAGE_dnsmasq_full_dnssec
bool "Build with DNSSEC support."
default y
config PACKAGE_dnsmasq_full_auth
bool "Build with the facility to act as an authoritative DNS server."
default y
config PACKAGE_dnsmasq_full_ipset
bool "Build with IPset support."
default y
config PACKAGE_dnsmasq_full_conntrack
bool "Build with Conntrack support."
default y
config PACKAGE_dnsmasq_full_noid
bool "Build with NO_ID. (hide *.bind pseudo domain)"
default y
config PACKAGE_dnsmasq_full_broken_rtc
bool "Build with HAVE_BROKEN_RTC."
default n
config PACKAGE_dnsmasq_full_tftp
bool "Build with TFTP server support."
default y
endif
endef
Package/dnsmasq-dhcpv6/conffiles = $(Package/dnsmasq/conffiles)
Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles)
TARGET_CFLAGS += -flto
TARGET_LDFLAGS += -flto=jobserver
COPTS = -DHAVE_UBUS -DHAVE_POLL_H \
$(if $(CONFIG_IPV6),,-DNO_IPV6)
ifeq ($(BUILD_VARIANT),nodhcpv6)
COPTS += -DNO_DHCP6
endif
ifeq ($(BUILD_VARIANT),full)
COPTS += $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcp),,-DNO_DHCP) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6),,-DNO_DHCP6) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack),-DHAVE_CONNTRACK,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid),-DNO_ID,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_broken_rtc),-DHAVE_BROKEN_RTC) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_tftp),,-DNO_TFTP)
COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,)
else
COPTS += -DNO_AUTH -DNO_IPSET -DNO_ID
endif
MAKE_FLAGS := \
$(TARGET_CONFIGURE_OPTS) \
CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)" \
LDFLAGS="$(TARGET_LDFLAGS)" \
COPTS="$(COPTS)" \
PREFIX="/usr"
define Package/dnsmasq/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnsmasq $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/dhcp.conf $(1)/etc/config/dhcp
$(INSTALL_CONF) ./files/dnsmasq.conf $(1)/etc/dnsmasq.conf
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/dnsmasq.init $(1)/etc/init.d/dnsmasq
$(INSTALL_DIR) $(1)/etc/hotplug.d/dhcp
$(INSTALL_DIR) $(1)/etc/hotplug.d/neigh
$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp
$(INSTALL_DIR) $(1)/etc/hotplug.d/tftp
$(INSTALL_DATA) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec
$(INSTALL_DIR) $(1)/usr/share/dnsmasq
$(INSTALL_CONF) ./files/dhcpbogushostname.conf $(1)/usr/share/dnsmasq/
$(INSTALL_CONF) ./files/rfc6761.conf $(1)/usr/share/dnsmasq/
$(INSTALL_DIR) $(1)/usr/lib/dnsmasq
$(INSTALL_BIN) ./files/dhcp-script.sh $(1)/usr/lib/dnsmasq/dhcp-script.sh
$(INSTALL_DIR) $(1)/usr/share/acl.d
$(INSTALL_DATA) ./files/dnsmasq_acl.json $(1)/usr/share/acl.d/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/50-dnsmasq-migrate-resolv-conf-auto.sh $(1)/etc/uci-defaults
endef
Package/dnsmasq-dhcpv6/install = $(Package/dnsmasq/install)
define Package/dnsmasq-full/install
$(call Package/dnsmasq/install,$(1))
ifneq ($(CONFIG_PACKAGE_dnsmasq_full_dnssec),)
$(INSTALL_DIR) $(1)/usr/share/dnsmasq
$(INSTALL_CONF) $(PKG_BUILD_DIR)/trust-anchors.conf $(1)/usr/share/dnsmasq
endif
endef
$(eval $(call BuildPackage,dnsmasq))
$(eval $(call BuildPackage,dnsmasq-dhcpv6))
$(eval $(call BuildPackage,dnsmasq-full))

8
package/network/services/dnsmasq/files/50-dnsmasq-migrate-resolv-conf-auto.sh Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
[ "$(uci get dhcp.@dnsmasq[0].resolvfile)" = "/tmp/resolv.conf.auto" ] && {
uci set dhcp.@dnsmasq[0].resolvfile="/tmp/resolv.conf.d/resolv.conf.auto"
uci commit dhcp
}
exit 0

53
package/network/services/dnsmasq/files/dhcp-script.sh Executable file
View File

@@ -0,0 +1,53 @@
#!/bin/sh
[ -f "$USER_DHCPSCRIPT" ] && . "$USER_DHCPSCRIPT" "$@"
. /usr/share/libubox/jshn.sh
json_init
json_add_array env
hotplugobj=""
case "$1" in
add | del | old | arp-add | arp-del)
json_add_string "" "MACADDR=$2"
json_add_string "" "IPADDR=$3"
;;
esac
case "$1" in
add)
json_add_string "" "ACTION=add"
json_add_string "" "HOSTNAME=$4"
hotplugobj="dhcp"
;;
del)
json_add_string "" "ACTION=remove"
json_add_string "" "HOSTNAME=$4"
hotplugobj="dhcp"
;;
old)
json_add_string "" "ACTION=update"
json_add_string "" "HOSTNAME=$4"
hotplugobj="dhcp"
;;
arp-add)
json_add_string "" "ACTION=add"
hotplugobj="neigh"
;;
arp-del)
json_add_string "" "ACTION=remove"
hotplugobj="neigh"
;;
tftp)
json_add_string "" "ACTION=add"
json_add_string "" "TFTP_SIZE=$2"
json_add_string "" "TFTP_ADDR=$3"
json_add_string "" "TFTP_PATH=$4"
hotplugobj="tftp"
;;
esac
json_close_array env
[ -n "$hotplugobj" ] && ubus call hotplug.${hotplugobj} call "$(json_dump)"

33
package/network/services/dnsmasq/files/dhcp.conf Normal file
View File

@@ -0,0 +1,33 @@
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k 0 # enable for dial on demand
option localise_queries 1
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
option rebind_localhost 1 # enable for RBL checking and similar services
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
option nonwildcard 1 # bind to & keep track of interfaces
#list interface br-lan
#list notinterface lo
#list bogusnxdomain '64.94.110.11'
option localservice 1 # disable to allow DNS requests from non-local subnets
option ednspacket_max 1232
config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 12h
config dhcp wan
option interface wan
option ignore 1

8
package/network/services/dnsmasq/files/dhcpbogushostname.conf Normal file
View File

@@ -0,0 +1,8 @@
# dhcpbogushostname.conf included configuration file for dnsmasq
#
# includes a list of hostnames that should not be associated with dhcp leases
# in response to CERT VU#598349
# file included by default, option dhcpbogushostname 0 to disable
dhcp-name-match=set:dhcp_bogus_hostname,localhost
dhcp-name-match=set:dhcp_bogus_hostname,wpad

37
package/network/services/dnsmasq/files/dnsmasq.conf Normal file
View File

@@ -0,0 +1,37 @@
# Change the following lines if you want dnsmasq to serve SRV
# records.
# You may add multiple srv-host lines.
# The fields are <name>,<target>,<port>,<priority>,<weight>
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 289
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
# Two SRV records for LDAP, each with different priorities
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
# The following line shows how to make dnsmasq serve an arbitrary PTR
# record. This is useful for DNS-SD.
# The fields are <name>,<target>
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
# Change the following lines to enable dnsmasq to serve TXT records.
# These are used for things like SPF and zeroconf.
# The fields are <name>,<text>,<text>...
#Example SPF.
#txt-record=example.com,"v=spf1 a -all"
#Example zeroconf
#txt-record=_http._tcp.example.com,name=value,paper=A4
# Provide an alias for a "local" DNS name. Note that this _only_ works
# for targets which are names from DHCP or /etc/hosts. Give host
# "bert" another name, bertrand
# The fields are <cname>,<target>
#cname=bertand,bert

1273
package/network/services/dnsmasq/files/dnsmasq.init Normal file
View File

File diff suppressed because it is too large Load Diff

12
package/network/services/dnsmasq/files/dnsmasq_acl.json Normal file
View File

@@ -0,0 +1,12 @@
{
"user": "dnsmasq",
"publish": [ "dnsmasq" ],
"access": {
"hotplug.dhcp": {
"methods": [ "call" ]
},
"hotplug.neigh": {
"methods": [ "call" ]
}
}
}

12
package/network/services/dnsmasq/files/dnsmasqsec.hotplug Normal file
View File

@@ -0,0 +1,12 @@
TIMEVALIDFILE="/var/state/dnsmasqsec"
[ "$ACTION" = "stratum" ] || exit 0
[ -f "$TIMEVALIDFILE" ] || {
echo "ntpd says time is valid" >$TIMEVALIDFILE
/etc/init.d/dnsmasq enabled && {
initscript=dnsmasq
. /lib/functions/procd.sh
procd_send_signal dnsmasq '*' INT
}
}

11
package/network/services/dnsmasq/files/rfc6761.conf Normal file
View File

@@ -0,0 +1,11 @@
# RFC6761 included configuration file for dnsmasq
#
# includes a list of domains that should not be forwarded to Internet name servers
# to reduce burden on them, asking questions that they won't know the answer to.
server=/bind/
server=/invalid/
server=/local/
server=/localhost/
server=/onion/
server=/test/

165
package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch Normal file
View File

@@ -0,0 +1,165 @@
From 02fbe60e1c7e74d2ba57109575e7bfc238b1b5d4 Mon Sep 17 00:00:00 2001
From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Date: Sun, 5 Apr 2020 17:18:23 +0100
Subject: [PATCH] drop runtime old kernel support
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/dnsmasq.c | 4 ----
src/dnsmasq.h | 5 +---
src/ipset.c | 64 ++++-----------------------------------------------
src/util.c | 19 ---------------
4 files changed, 5 insertions(+), 87 deletions(-)
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -95,10 +95,6 @@ int main (int argc, char **argv)
read_opts(argc, argv, compile_opts);
-#ifdef HAVE_LINUX_NETWORK
- daemon->kernel_version = kernel_version();
-#endif
-
if (daemon->edns_pktsz < PACKETSZ)
daemon->edns_pktsz = PACKETSZ;
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1201,7 +1201,7 @@ extern struct daemon {
int inotifyfd;
#endif
#if defined(HAVE_LINUX_NETWORK)
- int netlinkfd, kernel_version;
+ int netlinkfd;
#elif defined(HAVE_BSD_NETWORK)
int dhcp_raw_fd, dhcp_icmp_fd, routefd;
#endif
@@ -1388,9 +1388,6 @@ int read_write(int fd, unsigned char *pa
void close_fds(long max_fd, int spare1, int spare2, int spare3);
int wildcard_match(const char* wildcard, const char* match);
int wildcard_matchn(const char* wildcard, const char* match, int num);
-#ifdef HAVE_LINUX_NETWORK
-int kernel_version(void);
-#endif
/* log.c */
void die(char *message, char *arg1, int exit_code) ATTRIBUTE_NORETURN;
--- a/src/ipset.c
+++ b/src/ipset.c
@@ -70,7 +70,7 @@ struct my_nfgenmsg {
#define NL_ALIGN(len) (((len)+3) & ~(3))
static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK };
-static int ipset_sock, old_kernel;
+static int ipset_sock;
static char *buffer;
static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data)
@@ -85,12 +85,7 @@ static inline void add_attr(struct nlmsg
void ipset_init(void)
{
- old_kernel = (daemon->kernel_version < KERNEL_VERSION(2,6,32));
-
- if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1)
- return;
-
- if (!old_kernel &&
+ if (
(buffer = safe_malloc(BUFF_SZ)) &&
(ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 &&
(bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1))
@@ -147,65 +142,14 @@ static int new_add_to_ipset(const char *
return errno == 0 ? 0 : -1;
}
-
-static int old_add_to_ipset(const char *setname, const union all_addr *ipaddr, int remove)
-{
- socklen_t size;
- struct ip_set_req_adt_get {
- unsigned op;
- unsigned version;
- union {
- char name[IPSET_MAXNAMELEN];
- uint16_t index;
- } set;
- char typename[IPSET_MAXNAMELEN];
- } req_adt_get;
- struct ip_set_req_adt {
- unsigned op;
- uint16_t index;
- uint32_t ip;
- } req_adt;
-
- if (strlen(setname) >= sizeof(req_adt_get.set.name))
- {
- errno = ENAMETOOLONG;
- return -1;
- }
-
- req_adt_get.op = 0x10;
- req_adt_get.version = 3;
- strcpy(req_adt_get.set.name, setname);
- size = sizeof(req_adt_get);
- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0)
- return -1;
- req_adt.op = remove ? 0x102 : 0x101;
- req_adt.index = req_adt_get.set.index;
- req_adt.ip = ntohl(ipaddr->addr4.s_addr);
- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0)
- return -1;
-
- return 0;
-}
-
-
-
int add_to_ipset(const char *setname, const union all_addr *ipaddr, int flags, int remove)
{
int ret = 0, af = AF_INET;
if (flags & F_IPV6)
- {
af = AF_INET6;
- /* old method only supports IPv4 */
- if (old_kernel)
- {
- errno = EAFNOSUPPORT ;
- ret = -1;
- }
- }
-
- if (ret != -1)
- ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove);
+
+ ret = new_add_to_ipset(setname, ipaddr, af, remove);
if (ret == -1)
my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));
--- a/src/util.c
+++ b/src/util.c
@@ -796,22 +796,3 @@ int wildcard_matchn(const char* wildcard
return (!num) || (*wildcard == *match);
}
-
-#ifdef HAVE_LINUX_NETWORK
-int kernel_version(void)
-{
- struct utsname utsname;
- int version;
- char *split;
-
- if (uname(&utsname) < 0)
- die(_("failed to find kernel version: %s"), NULL, EC_MISC);
-
- split = strtok(utsname.release, ".");
- version = (split ? atoi(split) : 0);
- split = strtok(NULL, ".");
- version = version * 256 + (split ? atoi(split) : 0);
- split = strtok(NULL, ".");
- return version * 256 + (split ? atoi(split) : 0);
-}
-#endif

112
package/network/services/dropbear/Config.in Normal file
View File

@@ -0,0 +1,112 @@
menu "Configuration"
depends on PACKAGE_dropbear
config DROPBEAR_CURVE25519
bool "Curve25519 support"
default y
help
This enables the following key exchange algorithm:
curve25519-sha256@libssh.org
Increases binary size by about 4 kB (MIPS).
config DROPBEAR_ECC
bool "Elliptic curve cryptography (ECC)"
default n
help
Enables basic support for elliptic curve cryptography (ECC)
in key exchange and public key authentication.
Key exchange algorithms:
ecdh-sha2-nistp256
Public key algorithms:
ecdsa-sha2-nistp256
Increases binary size by about 24 kB (MIPS).
If full ECC support is required, also select DROPBEAR_ECC_FULL.
config DROPBEAR_ECC_FULL
bool "Elliptic curve cryptography (ECC), full support"
default n
depends on DROPBEAR_ECC
help
Enables full support for elliptic curve cryptography (ECC)
in key exchange and public key authentication.
Key exchange algorithms:
ecdh-sha2-nistp256 (*)
ecdh-sha2-nistp384
ecdh-sha2-nistp521
Public key algorithms:
ecdsa-sha2-nistp256 (*)
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
(*) - basic ECC support; provided by DROPBEAR_ECC.
Increases binary size by about 4 kB (MIPS).
config DROPBEAR_ED25519
bool "Ed25519 support"
default y if !SMALL_FLASH
help
This enables the following public key algorithm:
ssh-ed25519
Increases binary size by about 12 kB (MIPS).
config DROPBEAR_CHACHA20POLY1305
bool "Chacha20-Poly1305 support"
default y
help
This enables the following authenticated encryption cipher:
chacha20-poly1305@openssh.com
Increases binary size by about 4 kB (MIPS).
config DROPBEAR_ZLIB
bool "Enable compression"
default n
help
Enables compression using shared zlib library.
Increases binary size by about 0.1 kB (MIPS) and requires additional 62 kB (MIPS)
for a shared zlib library.
config DROPBEAR_UTMP
bool "Utmp support"
default n
depends on BUSYBOX_CONFIG_FEATURE_UTMP
help
This enables dropbear utmp support, the file /var/run/utmp is used to
track who is currently logged in.
config DROPBEAR_PUTUTLINE
bool "Pututline support"
default n
depends on DROPBEAR_UTMP
help
Dropbear will use pututline() to write the utmp structure into the utmp file.
config DROPBEAR_DBCLIENT
bool "Build dropbear with dbclient"
default y
config DROPBEAR_SCP
bool "Build dropbear with scp"
default y
config DROPBEAR_ASKPASS
bool "Enable askpass helper support"
default n
depends on DROPBEAR_DBCLIENT
help
This enables support for ssh-askpass helper in dropbear client
in order to authenticate on remote hosts.
Increases binary size by about 0.1 kB (MIPS).
endmenu

212
package/network/services/dropbear/Makefile Normal file
View File

@@ -0,0 +1,212 @@
#
# Copyright (C) 2006-2020 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
PKG_VERSION:=2020.81
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
http://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
PKG_HASH:=48235d10b37775dbda59341ac0c4b239b82ad6318c31568b985730c788aac53b
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
PKG_CPE_ID:=cpe:/a:matt_johnston:dropbear_ssh_server
PKG_BUILD_PARALLEL:=1
PKG_ASLR_PIE_REGULAR:=1
PKG_USE_MIPS16:=0
PKG_FIXUP:=autoreconf
PKG_FLAGS:=nonshared
PKG_CONFIG_DEPENDS:= \
CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_ECC_FULL \
CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \
CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS
include $(INCLUDE_DIR)/package.mk
ifneq ($(DUMP),1)
STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | $(MKHASH) md5)
endif
define Package/dropbear/Default
URL:=http://matt.ucc.asn.au/dropbear/
endef
define Package/dropbear/config
source "$(SOURCE)/Config.in"
endef
define Package/dropbear
$(call Package/dropbear/Default)
SECTION:=net
CATEGORY:=Base system
TITLE:=Small SSH2 client/server
DEPENDS:= +DROPBEAR_ZLIB:zlib
ALTERNATIVES:=
$(if $(CONFIG_DROPBEAR_SCP),ALTERNATIVES+= \
100:/usr/bin/scp:/usr/sbin/dropbear,)
$(if $(CONFIG_DROPBEAR_DBCLIENT),ALTERNATIVES+= \
100:/usr/bin/ssh:/usr/sbin/dropbear,)
endef
define Package/dropbear/description
A small SSH2 server/client designed for small memory environments.
endef
define Package/dropbear/conffiles
$(if $(CONFIG_DROPBEAR_ED25519),/etc/dropbear/dropbear_ed25519_host_key)
$(if $(CONFIG_DROPBEAR_ECC),/etc/dropbear/dropbear_ecdsa_host_key)
/etc/dropbear/dropbear_rsa_host_key
/etc/config/dropbear
endef
define Package/dropbearconvert
$(call Package/dropbear/Default)
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Utility for converting SSH keys
DEPENDS:= +DROPBEAR_ZLIB:zlib
endef
CONFIGURE_ARGS += \
--disable-pam \
--enable-openpty \
--enable-syslog \
--disable-lastlog \
--disable-utmpx \
$(if $(CONFIG_DROPBEAR_UTMP),,--disable-utmp) \
--disable-wtmp \
--disable-wtmpx \
--disable-loginfunc \
$(if $(CONFIG_DROPBEAR_PUTUTLINE),,--disable-pututline) \
--disable-pututxline \
$(if $(CONFIG_DROPBEAR_ZLIB),,--disable-zlib) \
--enable-bundled-libtom
##############################################################################
#
# option|value - add option to localoptions.h
# !!option|value - replace option in sysoptions.h
#
##############################################################################
# remove protocol idented software version number:
# - LOCAL_IDENT
# disable legacy/unsafe methods and unused functionality:
# - DROPBEAR_CLI_NETCAT
# - DROPBEAR_DSS
# - DO_MOTD
DB_OPT_COMMON = \
DEFAULT_PATH|"$(TARGET_INIT_PATH)" \
!!LOCAL_IDENT|"SSH-2.0-dropbear" \
DROPBEAR_CLI_NETCAT|0 \
DROPBEAR_DSS|0 \
DO_MOTD|0 \
##############################################################################
#
# option|config|enabled|disabled = add option to localoptions.h
# !!option|config|enabled|disabled = replace option in sysoptions.h
#
# option := (config) ? enabled : disabled
#
##############################################################################
DB_OPT_CONFIG = \
DROPBEAR_CURVE25519|CONFIG_DROPBEAR_CURVE25519|1|0 \
DROPBEAR_ED25519|CONFIG_DROPBEAR_ED25519|1|0 \
DROPBEAR_CHACHA20POLY1305|CONFIG_DROPBEAR_CHACHA20POLY1305|1|0 \
DROPBEAR_ECDSA|CONFIG_DROPBEAR_ECC|1|0 \
DROPBEAR_ECDH|CONFIG_DROPBEAR_ECC|1|0 \
!!DROPBEAR_ECC_384|CONFIG_DROPBEAR_ECC_FULL|1|0 \
!!DROPBEAR_ECC_521|CONFIG_DROPBEAR_ECC_FULL|1|0 \
DROPBEAR_CLI_ASKPASS_HELPER|CONFIG_DROPBEAR_ASKPASS|1|0 \
TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections -flto
TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver
db_opt_add =echo '\#define $(1) $(2)' >> $(PKG_BUILD_DIR)/localoptions.h
db_opt_replace =$(ESED) 's,^(\#define $(1)) .*$$$$,\1 $(2),g' $(PKG_BUILD_DIR)/sysoptions.h
define Build/Configure/dropbear_headers
$(strip $(foreach s,$(DB_OPT_COMMON), \
$(if $(filter !!%,$(word 1,$(subst |, ,$(s)))), \
$(call db_opt_replace,$(patsubst !!%,%,$(word 1,$(subst |, ,$(s)))),$(word 2,$(subst |, ,$(s)))), \
$(call db_opt_add,$(word 1,$(subst |, ,$(s))),$(word 2,$(subst |, ,$(s)))) \
) ; \
))
$(strip $(foreach s,$(DB_OPT_CONFIG), \
$(if $(filter !!%,$(word 1,$(subst |, ,$(s)))), \
$(call db_opt_replace,$(patsubst !!%,%,$(word 1,$(subst |, ,$(s)))),$(if $($(word 2,$(subst |, ,$(s)))),$(word 3,$(subst |, ,$(s))),$(word 4,$(subst |, ,$(s))))), \
$(call db_opt_add,$(word 1,$(subst |, ,$(s))),$(if $($(word 2,$(subst |, ,$(s)))),$(word 3,$(subst |, ,$(s))),$(word 4,$(subst |, ,$(s))))) \
) ; \
))
endef
define Build/Configure
: > $(PKG_BUILD_DIR)/localoptions.h
$(Build/Configure/Default)
$(Build/Configure/dropbear_headers)
# Enforce rebuild of svr-chansession.c
rm -f $(PKG_BUILD_DIR)/svr-chansession.o
# Rebuild them on config change
+$(MAKE) -C $(PKG_BUILD_DIR)/libtomcrypt clean
+$(MAKE) -C $(PKG_BUILD_DIR)/libtommath clean
endef
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
PROGRAMS="dropbear $(if $(CONFIG_DROPBEAR_DBCLIENT),dbclient,) dropbearkey $(if $(CONFIG_DROPBEAR_SCP),scp,)" \
MULTI=1 SCPPROGRESS=1
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
PROGRAMS="dropbearconvert"
endef
define Package/dropbear/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearmulti $(1)/usr/sbin/dropbear
$(INSTALL_DIR) $(1)/usr/bin
$(if $(CONFIG_DROPBEAR_DBCLIENT),$(LN) ../sbin/dropbear $(1)/usr/bin/dbclient,)
$(LN) ../sbin/dropbear $(1)/usr/bin/dropbearkey
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/dropbear.config $(1)/etc/config/dropbear
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/dropbear.init $(1)/etc/init.d/dropbear
$(INSTALL_DIR) $(1)/usr/lib/opkg/info
$(INSTALL_DIR) $(1)/etc/dropbear
$(INSTALL_DIR) $(1)/lib/preinit
$(INSTALL_DATA) ./files/dropbear.failsafe $(1)/lib/preinit/99_10_failsafe_dropbear
$(if $(CONFIG_DROPBEAR_ED25519),touch $(1)/etc/dropbear/dropbear_ed25519_host_key)
$(if $(CONFIG_DROPBEAR_ECC),touch $(1)/etc/dropbear/dropbear_ecdsa_host_key)
touch $(1)/etc/dropbear/dropbear_rsa_host_key
endef
define Package/dropbearconvert/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearconvert $(1)/usr/bin/dropbearconvert
endef
$(eval $(call BuildPackage,dropbear))
$(eval $(call BuildPackage,dropbearconvert))

5
package/network/services/dropbear/files/dropbear.config Normal file
View File

@@ -0,0 +1,5 @@
config dropbear
option PasswordAuth 'on'
option RootPasswordAuth 'on'
option Port '22'
# option BannerFile '/etc/banner'

8
package/network/services/dropbear/files/dropbear.failsafe Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
failsafe_dropbear () {
dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key
dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1
}
boot_hook_add failsafe failsafe_dropbear

282
package/network/services/dropbear/files/dropbear.init Executable file
View File

@@ -0,0 +1,282 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2010 OpenWrt.org
# Copyright (C) 2006 Carlos Sobrinho
START=19
STOP=50
USE_PROCD=1
PROG=/usr/sbin/dropbear
NAME=dropbear
PIDCOUNT=0
extra_command "killclients" "Kill ${NAME} processes except servers and yourself"
_dropbearkey()
{
/usr/bin/dropbearkey "$@" 0<&- 1>&- 2>&-
}
# $1 - host key file name
hk_verify()
{
[ -f "$1" ] || return 1
[ -s "$1" ] || return 2
_dropbearkey -y -f "$1" || return 3
return 0
}
# $1 - hk_verify() return code
hk_errmsg()
{
case "$1" in
0) ;;
1) echo "file does not exist" ;;
2) echo "file has zero length" ;;
3) echo "file is not valid host key or not supported" ;;
*) echo "unknown error" ;;
esac
}
# $1 - config option
# $2 - host key file name
hk_config()
{
local x m
hk_verify "$2"; x=$?
case "$x" in
0) procd_append_param command -r "$2"
;;
*) m=$(hk_errmsg "$x")
logger -t "${NAME}" -p daemon.warn \
"option '$1', value '$2': $m, skipping"
;;
esac
}
# $1 - host key file name
hk_config__keyfile()
{
hk_config 'keyfile' "$1"
}
hk_generate_as_needed()
{
local kdir kgen ktype tdir kcount tfile
kdir='/etc/dropbear'
kgen=''
for ktype in ed25519 ecdsa rsa; do
hk_verify "${kdir}/dropbear_${ktype}_host_key" && continue
kgen="${kgen} ${ktype}"
done
[ -z "${kgen}" ] && return
tdir=$(mktemp -d); chmod 0700 "${tdir}"
kcount=0
for ktype in ${kgen}; do
tfile="${tdir}/dropbear_${ktype}_host_key"
if ! _dropbearkey -t ${ktype} -f "${tfile}"; then
# unsupported key type
rm -f "${tfile}"
continue
fi
kcount=$((kcount+1))
done
if [ ${kcount} -ne 0 ]; then
mkdir -p "${kdir}"; chmod 0700 "${kdir}"; chown root "${kdir}"
mv -f "${tdir}/"* "${kdir}/"
fi
rm -rf "${tdir}"
}
append_ports()
{
local ipaddrs="$1"
local port="$2"
[ -z "$ipaddrs" ] && {
procd_append_param command -p "$port"
return
}
for addr in $ipaddrs; do
procd_append_param command -p "$addr:$port"
done
}
validate_section_dropbear()
{
uci_load_validate dropbear dropbear "$1" "$2" \
'PasswordAuth:bool:1' \
'enable:bool:1' \
'Interface:string' \
'GatewayPorts:bool:0' \
'RootPasswordAuth:bool:1' \
'RootLogin:bool:1' \
'rsakeyfile:file' \
'keyfile:list(file)' \
'BannerFile:file' \
'Port:port:22' \
'SSHKeepAlive:uinteger:300' \
'IdleTimeout:uinteger:0' \
'MaxAuthTries:uinteger:3' \
'RecvWindowSize:uinteger:0' \
'mdns:bool:1'
}
dropbear_instance()
{
local ipaddrs
[ "$2" = 0 ] || {
echo "validation failed"
return 1
}
[ -n "${Interface}" ] && {
[ -n "${BOOT}" ] && return 0
network_get_ipaddrs_all ipaddrs "${Interface}" || {
echo "interface ${Interface} has no physdev or physdev has no suitable ip"
return 1
}
}
[ "${enable}" = "0" ] && return 1
PIDCOUNT="$(( ${PIDCOUNT} + 1))"
local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
procd_open_instance
procd_set_param command "$PROG" -F -P "$pid_file"
[ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
[ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
[ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
[ "${RootLogin}" -eq 0 ] && procd_append_param command -w
if [ -n "${rsakeyfile}" ]; then
logger -t ${NAME} -p daemon.warn \
"option 'rsakeyfile' is considered to be deprecated and" \
"will be removed in future releases, use 'keyfile' instead"
hk_config 'rsakeyfile' "${rsakeyfile}"
fi
config_list_foreach "$1" "keyfile" hk_config__keyfile
[ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
append_ports "${ipaddrs}" "${Port}"
[ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
[ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
[ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}"
[ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \
procd_append_param command -W "${RecvWindowSize}"
[ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear"
procd_set_param respawn
procd_close_instance
}
load_interfaces()
{
config_get interface "$1" Interface
config_get enable "$1" enable 1
[ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}"
}
boot()
{
BOOT=1
start "$@"
}
start_service()
{
hk_generate_as_needed
. /lib/functions.sh
. /lib/functions/network.sh
config_load "${NAME}"
config_foreach validate_section_dropbear dropbear dropbear_instance
}
service_triggers()
{
local interfaces
procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload
config_load "${NAME}"
config_foreach load_interfaces dropbear
[ -n "${interfaces}" ] && {
for n in $interfaces ; do
procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload
done
}
procd_add_validation validate_section_dropbear
}
shutdown() {
# close all open connections
killall dropbear
}
killclients()
{
local ignore=''
local server
local pid
# if this script is run from inside a client session, then ignore that session
pid="$$"
while [ "${pid}" -ne 0 ]
do
# get parent process id
pid=$(cut -d ' ' -f 4 "/proc/${pid}/stat")
[ "${pid}" -eq 0 ] && break
# check if client connection
grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
append ignore "${pid}"
break
}
done
# get all server pids that should be ignored
for server in $(cat /var/run/${NAME}.*.pid)
do
append ignore "${server}"
done
# get all running pids and kill client connections
local skip
for pid in $(pidof "${NAME}")
do
# check if correct program, otherwise process next pid
grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
continue
}
# check if pid should be ignored (servers, ourself)
skip=0
for server in ${ignore}
do
if [ "${pid}" = "${server}" ]
then
skip=1
break
fi
done
[ "${skip}" -ne 0 ] && continue
# kill process
echo "${initscript}: Killing ${pid}..."
kill -KILL ${pid}
done
}

86
package/network/services/dropbear/patches/100-pubkey_path.patch Normal file
View File

@@ -0,0 +1,86 @@
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@@ -386,14 +386,19 @@ static int checkpubkey(const char* keyal
goto out;
}
- /* we don't need to check pw and pw_dir for validity, since
- * its been done in checkpubkeyperms. */
- len = strlen(ses.authstate.pw_dir);
- /* allocate max required pathname storage,
- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
- filename = m_malloc(len + 22);
- snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
- ses.authstate.pw_dir);
+ if (ses.authstate.pw_uid != 0) {
+ /* we don't need to check pw and pw_dir for validity, since
+ * its been done in checkpubkeyperms. */
+ len = strlen(ses.authstate.pw_dir);
+ /* allocate max required pathname storage,
+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+ filename = m_malloc(len + 22);
+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
+ ses.authstate.pw_dir);
+ } else {
+ filename = m_malloc(30);
+ strncpy(filename, "/etc/dropbear/authorized_keys", 30);
+ }
#if DROPBEAR_SVR_MULTIUSER
/* open the file as the authenticating user. */
@@ -474,27 +479,36 @@ static int checkpubkeyperms() {
goto out;
}
- /* allocate max required pathname storage,
- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
- len += 22;
- filename = m_malloc(len);
- strlcpy(filename, ses.authstate.pw_dir, len);
-
- /* check ~ */
- if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- goto out;
- }
+ if (ses.authstate.pw_uid == 0) {
+ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
+ goto out;
+ }
+ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
+ goto out;
+ }
+ } else {
+ /* allocate max required pathname storage,
+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+ len += 22;
+ filename = m_malloc(len);
+ strlcpy(filename, ses.authstate.pw_dir, len);
+
+ /* check ~ */
+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+ goto out;
+ }
- /* check ~/.ssh */
- strlcat(filename, "/.ssh", len);
- if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- goto out;
- }
+ /* check ~/.ssh */
+ strlcat(filename, "/.ssh", len);
+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+ goto out;
+ }
- /* now check ~/.ssh/authorized_keys */
- strlcat(filename, "/authorized_keys", len);
- if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- goto out;
+ /* now check ~/.ssh/authorized_keys */
+ strlcat(filename, "/authorized_keys", len);
+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+ goto out;
+ }
}
/* file looks ok, return success */

18
package/network/services/dropbear/patches/110-change_user.patch Normal file
View File

@@ -0,0 +1,18 @@
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -954,12 +954,12 @@ static void execchild(const void *user_d
/* We can only change uid/gid as root ... */
if (getuid() == 0) {
- if ((setgid(ses.authstate.pw_gid) < 0) ||
+ if ((ses.authstate.pw_gid != 0) && ((setgid(ses.authstate.pw_gid) < 0) ||
(initgroups(ses.authstate.pw_name,
- ses.authstate.pw_gid) < 0)) {
+ ses.authstate.pw_gid) < 0))) {
dropbear_exit("Error changing user group");
}
- if (setuid(ses.authstate.pw_uid) < 0) {
+ if ((ses.authstate.pw_uid != 0) && (setuid(ses.authstate.pw_uid) < 0)) {
dropbear_exit("Error changing user");
}
} else {

11
package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch Normal file
View File

@@ -0,0 +1,11 @@
--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -299,6 +299,8 @@ void cli_getopts(int argc, char ** argv)
debug_trace = 1;
break;
#endif
+ case 'x':
+ break;
case 'F':
case 'e':
#if !DROPBEAR_USER_ALGO_LIST

15
package/network/services/dropbear/patches/140-disable_assert.patch Normal file
View File

@@ -0,0 +1,15 @@
--- a/dbutil.h
+++ b/dbutil.h
@@ -75,7 +75,11 @@ int m_str_to_uint(const char* str, unsig
#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
/* Dropbear assertion */
-#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
+#ifndef DROPBEAR_ASSERT_ENABLED
+#define DROPBEAR_ASSERT_ENABLED 0
+#endif
+
+#define dropbear_assert(X) do { if (DROPBEAR_ASSERT_ENABLED && !(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
/* Returns 0 if a and b have the same contents */
int constant_time_memcmp(const void* a, const void *b, size_t n);

33
package/network/services/dropbear/patches/160-lto-jobserver.patch Normal file
View File

@@ -0,0 +1,33 @@
--- a/Makefile.in
+++ b/Makefile.in
@@ -198,17 +198,17 @@ dropbearkey: $(dropbearkeyobjs)
dropbearconvert: $(dropbearconvertobjs)
dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile
- $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(PLUGIN_LIBS)
+ +$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(PLUGIN_LIBS)
dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile
- $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
+ +$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
dropbearkey dropbearconvert: $(HEADERS) $(LIBTOM_DEPS) Makefile
- $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
+ +$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
# scp doesn't use the libs so is special.
scp: $(SCPOBJS) $(HEADERS) Makefile
- $(CC) $(LDFLAGS) -o $@$(EXEEXT) $(SCPOBJS)
+ +$(CC) $(LDFLAGS) -o $@$(EXEEXT) $(SCPOBJS)
# multi-binary compilation.
@@ -219,7 +219,7 @@ ifeq ($(MULTI),1)
endif
dropbearmulti$(EXEEXT): $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile
- $(CC) $(LDFLAGS) -o $@ $(MULTIOBJS) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@
+ +$(CC) $(LDFLAGS) -o $@ $(MULTIOBJS) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@
multibinary: dropbearmulti$(EXEEXT)

11
package/network/services/dropbear/patches/600-allow-blank-root-password.patch Normal file
View File

@@ -0,0 +1,11 @@
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -125,7 +125,7 @@ void recv_msg_userauth_request() {
AUTH_METHOD_NONE_LEN) == 0) {
TRACE(("recv_msg_userauth_request: 'none' request"))
if (valid_user
- && svr_opts.allowblankpass
+ && (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root"))
&& !svr_opts.noauthpass
&& !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
&& ses.authstate.pw_passwd[0] == '\0')

56
package/network/services/dropbear/patches/900-configure-hardening.patch Normal file
View File

@@ -0,0 +1,56 @@
--- a/configure.ac
+++ b/configure.ac
@@ -70,53 +70,6 @@ AC_ARG_ENABLE(harden,
if test "$hardenbuild" -eq 1; then
AC_MSG_NOTICE(Checking for available hardened build flags:)
- # relocation flags don't make sense for static builds
- if test "$STATIC" -ne 1; then
- # pie
- DB_TRYADDCFLAGS([-fPIE])
-
- OLDLDFLAGS="$LDFLAGS"
- TESTFLAGS="-Wl,-pie"
- LDFLAGS="$LDFLAGS $TESTFLAGS"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
- [AC_MSG_NOTICE([Setting $TESTFLAGS])],
- [
- LDFLAGS="$OLDLDFLAGS"
- TESTFLAGS="-pie"
- LDFLAGS="$LDFLAGS $TESTFLAGS"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
- [AC_MSG_NOTICE([Setting $TESTFLAGS])],
- [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
- )
- ]
- )
- # readonly elf relocation sections (relro)
- OLDLDFLAGS="$LDFLAGS"
- TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
- LDFLAGS="$LDFLAGS $TESTFLAGS"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
- [AC_MSG_NOTICE([Setting $TESTFLAGS])],
- [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
- )
- fi # non-static
- # stack protector. -strong is good but only in gcc 4.9 or later
- OLDCFLAGS="$CFLAGS"
- TESTFLAGS="-fstack-protector-strong"
- CFLAGS="$CFLAGS $TESTFLAGS"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
- [AC_MSG_NOTICE([Setting $TESTFLAGS])],
- [
- CFLAGS="$OLDCFLAGS"
- TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
- CFLAGS="$CFLAGS $TESTFLAGS"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
- [AC_MSG_NOTICE([Setting $TESTFLAGS])],
- [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
- )
- ]
- )
- # FORTIFY_SOURCE
- DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
# Spectre v2 mitigations
DB_TRYADDCFLAGS([-mfunction-return=thunk])

48
package/network/services/dropbear/patches/901-bundled-libs-cflags.patch Normal file
View File

@@ -0,0 +1,48 @@
--- a/libtomcrypt/makefile_include.mk
+++ b/libtomcrypt/makefile_include.mk
@@ -94,6 +94,13 @@ endif
LTC_CFLAGS += -Wno-type-limits
+ifdef OPENWRT_BUILD
+ ifeq (-Os,$(filter -Os,$(CFLAGS)))
+ LTC_CFLAGS += -DLTC_SMALL_CODE
+ endif
+else
+ ### ! OPENWRT_BUILD
+
ifdef LTC_DEBUG
$(info Debug build)
# compile for DEBUGGING (required for ccmalloc checking!!!)
@@ -121,6 +128,9 @@ endif
endif # COMPILE_SMALL
endif # COMPILE_DEBUG
+ ### ! OPENWRT_BUILD
+endif
+
ifneq ($(findstring clang,$(CC)),)
LTC_CFLAGS += -Wno-typedef-redefinition -Wno-tautological-compare -Wno-builtin-requires-header -Wno-missing-field-initializers
--- a/libtommath/makefile_include.mk
+++ b/libtommath/makefile_include.mk
@@ -70,6 +70,9 @@ else
LTM_CFLAGS += -Wsystem-headers
endif
+ifndef OPENWRT_BUILD
+ ### ! OPENWRT_BUILD
+
ifdef COMPILE_DEBUG
#debug
LTM_CFLAGS += -g3
@@ -90,6 +93,9 @@ endif
endif # COMPILE_SIZE
+ ### ! OPENWRT_BUILD
+endif
+
ifneq ($(findstring clang,$(CC)),)
LTM_CFLAGS += -Wno-typedef-redefinition -Wno-tautological-compare -Wno-builtin-requires-header
endif

38
package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch Normal file
View File

@@ -0,0 +1,38 @@
From 667d9b75df86ec9ee1205f9101beb8dbbe4a00ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C5=A0tetiar?= <ynezz@true.cz>
Date: Wed, 1 Jul 2020 11:38:33 +0200
Subject: [PATCH] signkey: fix use of rsa-sha2-256 pubkeys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit 972d723484d8 ("split signkey_type and signature_type for RSA sha1
vs sha256") has added strict checking of pubkey algorithms which made
keys with SHA-256 hashing algorithm unusable as they still reuse the
`ssh-rsa` public key format. So fix this by disabling the check for
rsa-sha2-256 pubkeys.
Ref: https://tools.ietf.org/html/rfc8332#section-3
Fixes: 972d723484d8 ("split signkey_type and signature_type for RSA sha1 vs sha256")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
---
signkey.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/signkey.c
+++ b/signkey.c
@@ -657,8 +657,12 @@ int buf_verify(buffer * buf, sign_key *k
sigtype = signature_type_from_name(type_name, type_name_len);
m_free(type_name);
- if (expect_sigtype != sigtype) {
- dropbear_exit("Non-matching signing type");
+ if (sigtype == DROPBEAR_SIGNATURE_NONE) {
+ dropbear_exit("No signature type");
+ }
+
+ if ((expect_sigtype != DROPBEAR_SIGNATURE_RSA_SHA256) && (expect_sigtype != sigtype)) {
+ dropbear_exit("Non-matching signing type");
}
keytype = signkey_type_from_signature(sigtype);

52
package/network/services/ead/Makefile Normal file
View File

@@ -0,0 +1,52 @@
#
# Copyright (C) 2006-2008 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=ead
PKG_RELEASE:=1
PKG_BUILD_DEPENDS:=libpcap
PKG_BUILD_DIR:=$(BUILD_DIR)/ead
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=GPL-2.0
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/kernel.mk
define Package/ead
SECTION:=net
CATEGORY:=Base system
TITLE:=Emergency Access Daemon
URL:=http://bridge.sourceforge.net/
endef
define Package/ead/description
Provides remote access to your device even if IP and firewall
configuration settings are defunct
endef
CONFIGURE_PATH = tinysrp
TARGET_CFLAGS += \
-I$(PKG_BUILD_DIR) \
-I$(PKG_BUILD_DIR)/tinysrp \
$(TARGET_CPPFLAGS)
MAKE_FLAGS += \
CONFIGURE_ARGS="$(CONFIGURE_ARGS)" \
LIBS_EADCLIENT="$(PKG_BUILD_DIR)/tinysrp/libtinysrp.a" \
LIBS_EAD="$(PKG_BUILD_DIR)/tinysrp/libtinysrp.a $(STAGING_DIR)/usr/lib/libpcap.a" \
CFLAGS="$(TARGET_CFLAGS)"
define Package/ead/install
$(INSTALL_DIR) $(1)/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ead $(1)/sbin/
endef
$(eval $(call BuildPackage,ead))

33
package/network/services/ead/src/Makefile Normal file
View File

@@ -0,0 +1,33 @@
CC = gcc
CPPFLAGS = -I. -Itinysrp
CFLAGS = -Os -Wall
LDFLAGS =
LIBS_EADCLIENT = tinysrp/libtinysrp.a
LIBS_EAD = tinysrp/libtinysrp.a -lpcap
CONFIGURE_ARGS =
all: ead ead-client
obj = ead-crypt.o libbridge_init.o
tinysrp/Makefile:
cd tinysrp; ./configure $(CONFIGURE_ARGS)
tinysrp/libtinysrp.a: tinysrp/Makefile
-$(MAKE) -C tinysrp CFLAGS="$(CFLAGS)"
%.o: %.c $(wildcard *.h) tinysrp/libtinysrp.a
$(CC) $(CPPFLAGS) $(CFLAGS) -c $< -o $@
ead.o: filter.c
ead-crypt.o: aes.c sha1.c
ead: ead.o $(obj) tinysrp/libtinysrp.a
$(CC) -o $@ $< $(obj) $(LDFLAGS) $(LIBS_EAD)
ead-client: ead-client.o $(obj)
$(CC) -o $@ $< $(obj) $(LDFLAGS) $(LIBS_EADCLIENT)
clean:
rm -f *.o ead ead-client
if [ -f tinysrp/Makefile ]; then $(MAKE) -C tinysrp distclean; fi

1061
package/network/services/ead/src/aes.c Normal file
View File

File diff suppressed because it is too large Load Diff

433
package/network/services/ead/src/ead-client.c Normal file
View File

@@ -0,0 +1,433 @@
/*
* Client for the Emergency Access Daemon
* Copyright (C) 2008 Felix Fietkau <nbd@nbd.name>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <t_pwd.h>
#include <t_read.h>
#include <t_sha.h>
#include <t_defines.h>
#include <t_client.h>
#include "ead.h"
#include "ead-crypt.h"
#include "pw_encrypt_md5.c"
#define EAD_TIMEOUT 400
#define EAD_TIMEOUT_LONG 2000
static char msgbuf[1500];
static struct ead_msg *msg = (struct ead_msg *) msgbuf;
static uint16_t nid = 0xffff;
struct sockaddr_in local, remote;
static int s = 0;
static int sockflags;
static struct in_addr serverip = {
.s_addr = 0x01010101 /* dummy */
};
static unsigned char *skey = NULL;
static unsigned char bbuf[MAXPARAMLEN];
static unsigned char saltbuf[MAXSALTLEN];
static char *username = NULL;
static char password[MAXPARAMLEN] = "";
static char pw_md5[MD5_OUT_BUFSIZE];
static char pw_salt[MAXSALTLEN];
static struct t_client *tc = NULL;
static struct t_num salt = { .data = saltbuf };
static struct t_num *A, B;
static struct t_preconf *tcp;
static int auth_type = EAD_AUTH_DEFAULT;
static int timeout = EAD_TIMEOUT;
static uint16_t sid = 0;
static void
set_nonblock(int enable)
{
if (enable == !!(sockflags & O_NONBLOCK))
return;
sockflags ^= O_NONBLOCK;
fcntl(s, F_SETFL, sockflags);
}
static int
send_packet(int type, bool (*handler)(void), unsigned int max)
{
struct timeval tv;
fd_set fds;
int nfds;
int len;
int res = 0;
type = htonl(type);
memcpy(&msg->ip, &serverip.s_addr, sizeof(msg->ip));
set_nonblock(0);
sendto(s, msgbuf, sizeof(struct ead_msg) + ntohl(msg->len), 0, (struct sockaddr *) &remote, sizeof(remote));
set_nonblock(1);
tv.tv_sec = timeout / 1000;
tv.tv_usec = (timeout % 1000) * 1000;
FD_ZERO(&fds);
do {
FD_SET(s, &fds);
nfds = select(s + 1, &fds, NULL, NULL, &tv);
if (nfds <= 0)
break;
if (!FD_ISSET(s, &fds))
break;
len = read(s, msgbuf, sizeof(msgbuf));
if (len < 0)
break;
if (len < sizeof(struct ead_msg))
continue;
if (len < sizeof(struct ead_msg) + ntohl(msg->len))
continue;
if (msg->magic != htonl(EAD_MAGIC))
continue;
if ((nid != 0xffff) && (ntohs(msg->nid) != nid))
continue;
if (msg->type != type)
continue;
if (handler())
res++;
if ((max > 0) && (res >= max))
break;
} while (1);
return res;
}
static void
prepare_password(void)
{
switch(auth_type) {
case EAD_AUTH_DEFAULT:
break;
case EAD_AUTH_MD5:
md5_crypt(pw_md5, (unsigned char *) password, (unsigned char *) pw_salt);
strncpy(password, pw_md5, sizeof(password));
break;
}
}
static bool
handle_pong(void)
{
struct ead_msg_pong *pong = EAD_DATA(msg, pong);
int len = ntohl(msg->len) - sizeof(struct ead_msg_pong);
if (len <= 0)
return false;
pong->name[len] = 0;
auth_type = ntohs(pong->auth_type);
if (nid == 0xffff)
printf("%04x: %s\n", ntohs(msg->nid), pong->name);
sid = msg->sid;
return true;
}
static bool
handle_prime(void)
{
struct ead_msg_salt *sb = EAD_DATA(msg, salt);
salt.len = sb->len;
memcpy(salt.data, sb->salt, salt.len);
if (auth_type == EAD_AUTH_MD5) {
memcpy(pw_salt, sb->ext_salt, MAXSALTLEN);
pw_salt[MAXSALTLEN - 1] = 0;
}
tcp = t_getpreparam(sb->prime);
tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &salt);
if (!tc) {
fprintf(stderr, "Client open failed\n");
return false;
}
return true;
}
static bool
handle_b(void)
{
struct ead_msg_number *num = EAD_DATA(msg, number);
int len = ntohl(msg->len) - sizeof(struct ead_msg_number);
B.data = bbuf;
B.len = len;
memcpy(bbuf, num->data, len);
return true;
}
static bool
handle_none(void)
{
return true;
}
static bool
handle_done_auth(void)
{
struct ead_msg_auth *auth = EAD_DATA(msg, auth);
if (t_clientverify(tc, auth->data) != 0) {
fprintf(stderr, "Client auth verify failed\n");
return false;
}
return true;
}
static bool
handle_cmd_data(void)
{
struct ead_msg_cmd_data *cmd = EAD_ENC_DATA(msg, cmd_data);
int datalen = ead_decrypt_message(msg) - sizeof(struct ead_msg_cmd_data);
if (datalen < 0)
return false;
if (datalen > 0) {
write(1, cmd->data, datalen);
}
return !!cmd->done;
}
static int
send_ping(void)
{
msg->type = htonl(EAD_TYPE_PING);
msg->len = 0;
return send_packet(EAD_TYPE_PONG, handle_pong, (nid == 0xffff ? 0 : 1));
}
static int
send_username(void)
{
msg->type = htonl(EAD_TYPE_SET_USERNAME);
msg->len = htonl(sizeof(struct ead_msg_user));
strcpy(EAD_DATA(msg, user)->username, username);
return send_packet(EAD_TYPE_ACK_USERNAME, handle_none, 1);
}
static int
get_prime(void)
{
msg->type = htonl(EAD_TYPE_GET_PRIME);
msg->len = 0;
return send_packet(EAD_TYPE_PRIME, handle_prime, 1);
}
static int
send_a(void)
{
struct ead_msg_number *num = EAD_DATA(msg, number);
A = t_clientgenexp(tc);
msg->type = htonl(EAD_TYPE_SEND_A);
msg->len = htonl(sizeof(struct ead_msg_number) + A->len);
memcpy(num->data, A->data, A->len);
return send_packet(EAD_TYPE_SEND_B, handle_b, 1);
}
static int
send_auth(void)
{
struct ead_msg_auth *auth = EAD_DATA(msg, auth);
prepare_password();
t_clientpasswd(tc, password);
skey = t_clientgetkey(tc, &B);
if (!skey)
return 0;
ead_set_key(skey);
msg->type = htonl(EAD_TYPE_SEND_AUTH);
msg->len = htonl(sizeof(struct ead_msg_auth));
memcpy(auth->data, t_clientresponse(tc), sizeof(auth->data));
return send_packet(EAD_TYPE_DONE_AUTH, handle_done_auth, 1);
}
static int
send_command(const char *command)
{
struct ead_msg_cmd *cmd = EAD_ENC_DATA(msg, cmd);
msg->type = htonl(EAD_TYPE_SEND_CMD);
cmd->type = htons(EAD_CMD_NORMAL);
cmd->timeout = htons(10);
strncpy((char *)cmd->data, command, 1024);
ead_encrypt_message(msg, sizeof(struct ead_msg_cmd) + strlen(command) + 1);
return send_packet(EAD_TYPE_RESULT_CMD, handle_cmd_data, 1);
}
static int
usage(const char *prog)
{
fprintf(stderr, "Usage: %s [-s <addr>] [-b <addr>] <node> <username>[:<password>] <command>\n"
"\n"
"\t-s <addr>: Set the server's source address to <addr>\n"
"\t-b <addr>: Set the broadcast address to <addr>\n"
"\t<node>: Node ID (4 digits hex)\n"
"\t<username>: Username to authenticate with\n"
"\n"
"\tPassing no arguments shows a list of active nodes on the network\n"
"\n", prog);
return -1;
}
int main(int argc, char **argv)
{
int val = 1;
char *st = NULL;
const char *command = NULL;
const char *prog = argv[0];
int ch;
msg->magic = htonl(EAD_MAGIC);
msg->sid = 0;
memset(&local, 0, sizeof(local));
memset(&remote, 0, sizeof(remote));
remote.sin_family = AF_INET;
remote.sin_addr.s_addr = 0xffffffff;
remote.sin_port = htons(EAD_PORT);
local.sin_family = AF_INET;
local.sin_addr.s_addr = INADDR_ANY;
local.sin_port = 0;
while ((ch = getopt(argc, argv, "b:s:h")) != -1) {
switch(ch) {
case 's':
inet_aton(optarg, &serverip);
break;
case 'b':
inet_aton(optarg, &remote.sin_addr);
break;
case 'h':
return usage(prog);
}
}
argv += optind;
argc -= optind;
switch(argc) {
case 3:
command = argv[2];
/* fall through */
case 2:
username = argv[1];
st = strchr(username, ':');
if (st) {
*st = 0;
st++;
strncpy(password, st, sizeof(password));
password[sizeof(password) - 1] = 0;
/* hide command line password */
memset(st, 0, strlen(st));
}
/* fall through */
case 1:
nid = strtoul(argv[0], &st, 16);
if (st && st[0] != 0)
return usage(prog);
/* fall through */
case 0:
break;
default:
return usage(prog);
}
msg->nid = htons(nid);
s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (s < 0) {
perror("socket");
return -1;
}
setsockopt(s, SOL_SOCKET, SO_BROADCAST, &val, sizeof(val));
if (bind(s, (struct sockaddr *)&local, sizeof(local)) < 0) {
perror("bind");
return -1;
}
sockflags = fcntl(s, F_GETFL);
if (!send_ping()) {
fprintf(stderr, "No devices found\n");
return 1;
}
if (nid == 0xffff)
return 0;
if (!username || !password[0])
return 0;
if (!send_username()) {
fprintf(stderr, "Device did not accept user name\n");
return 1;
}
timeout = EAD_TIMEOUT_LONG;
if (!get_prime()) {
fprintf(stderr, "Failed to get user password info\n");
return 1;
}
if (!send_a()) {
fprintf(stderr, "Failed to send local authentication data\n");
return 1;
}
if (!send_auth()) {
fprintf(stderr, "Authentication failed\n");
return 1;
}
if (!command) {
fprintf(stderr, "Authentication succesful\n");
return 0;
}
if (!send_command(command)) {
fprintf(stderr, "Command failed\n");
return 1;
}
return 0;
}

179
package/network/services/ead/src/ead-crypt.c Normal file
View File

@@ -0,0 +1,179 @@
/*
* Copyright (C) 2008 Felix Fietkau <nbd@nbd.name>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include <unistd.h>
#include <stdio.h>
#include "ead.h"
#include "sha1.c"
#include "aes.c"
#if EAD_DEBUGLEVEL >= 1
#define DEBUG(n, format, ...) do { \
if (EAD_DEBUGLEVEL >= n) \
fprintf(stderr, format, ##__VA_ARGS__); \
} while (0);
#else
#define DEBUG(n, format, ...) do {} while(0)
#endif
static uint32_t aes_enc_ctx[AES_PRIV_SIZE];
static uint32_t aes_dec_ctx[AES_PRIV_SIZE];
static uint32_t ead_rx_iv;
static uint32_t ead_tx_iv;
static uint32_t ivofs_vec;
static unsigned int ivofs_idx = 0;
static uint32_t W[80]; /* work space for sha1 */
#define EAD_ENC_PAD 64
void
ead_set_key(unsigned char *skey)
{
uint32_t *ivp = (uint32_t *)skey;
memset(aes_enc_ctx, 0, sizeof(aes_enc_ctx));
memset(aes_dec_ctx, 0, sizeof(aes_dec_ctx));
/* first 32 bytes of skey are used as aes key for
* encryption and decryption */
rijndaelKeySetupEnc(aes_enc_ctx, skey);
rijndaelKeySetupDec(aes_dec_ctx, skey);
/* the following bytes are used as initialization vector for messages
* (highest byte cleared to avoid overflow) */
ivp += 8;
ead_rx_iv = ntohl(*ivp) & 0x00ffffff;
ead_tx_iv = ead_rx_iv;
/* the last bytes are used to feed the random iv increment */
ivp++;
ivofs_vec = *ivp;
}
static bool
ead_check_rx_iv(uint32_t iv)
{
if (iv <= ead_rx_iv)
return false;
if (iv > ead_rx_iv + EAD_MAX_IV_INCR)
return false;
ead_rx_iv = iv;
return true;
}
static uint32_t
ead_get_tx_iv(void)
{
unsigned int ofs;
ofs = 1 + ((ivofs_vec >> 2 * ivofs_idx) & 0x3);
ivofs_idx = (ivofs_idx + 1) % 16;
ead_tx_iv += ofs;
return ead_tx_iv;
}
static void
ead_hash_message(struct ead_msg_encrypted *enc, uint32_t *hash, int len)
{
unsigned char *data = (unsigned char *) enc;
/* hash the packet with the stored hash part initialized to zero */
sha_init(hash);
memset(enc->hash, 0, sizeof(enc->hash));
while (len > 0) {
sha_transform(hash, data, W);
len -= 64;
data += 64;
}
}
void
ead_encrypt_message(struct ead_msg *msg, unsigned int len)
{
struct ead_msg_encrypted *enc = EAD_DATA(msg, enc);
unsigned char *data = (unsigned char *) enc;
uint32_t hash[5];
int enclen, i;
len += sizeof(struct ead_msg_encrypted);
enc->pad = (EAD_ENC_PAD - (len % EAD_ENC_PAD)) % EAD_ENC_PAD;
enclen = len + enc->pad;
msg->len = htonl(enclen);
enc->iv = htonl(ead_get_tx_iv());
ead_hash_message(enc, hash, enclen);
for (i = 0; i < 5; i++)
enc->hash[i] = htonl(hash[i]);
DEBUG(2, "SHA1 generate (0x%08x), len=%d\n", enc->hash[0], enclen);
while (enclen > 0) {
rijndaelEncrypt(aes_enc_ctx, data, data);
data += 16;
enclen -= 16;
}
}
int
ead_decrypt_message(struct ead_msg *msg)
{
struct ead_msg_encrypted *enc = EAD_DATA(msg, enc);
unsigned char *data = (unsigned char *) enc;
uint32_t hash_old[5], hash_new[5];
int len = ntohl(msg->len);
int i, enclen = len;
if (!len || (len % EAD_ENC_PAD > 0))
return 0;
while (len > 0) {
rijndaelDecrypt(aes_dec_ctx, data, data);
data += 16;
len -= 16;
}
data = (unsigned char *) enc;
if (enc->pad >= EAD_ENC_PAD) {
DEBUG(2, "Invalid padding length\n");
return 0;
}
if (!ead_check_rx_iv(ntohl(enc->iv))) {
DEBUG(2, "RX IV mismatch (0x%08x <> 0x%08x)\n", ead_rx_iv, ntohl(enc->iv));
return 0;
}
for (i = 0; i < 5; i++)
hash_old[i] = ntohl(enc->hash[i]);
ead_hash_message(enc, hash_new, enclen);
if (memcmp(hash_old, hash_new, sizeof(hash_old)) != 0) {
DEBUG(2, "SHA1 mismatch (0x%08x != 0x%08x), len=%d\n", hash_old[0], hash_new[0], enclen);
return 0;
}
enclen -= enc->pad + sizeof(struct ead_msg_encrypted);
return enclen;
}

21
package/network/services/ead/src/ead-crypt.h Normal file
View File

@@ -0,0 +1,21 @@
/*
* Copyright (C) 2008 Felix Fietkau <nbd@nbd.name>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef __EAD_CRYPT_H
#define __EAD_CRYPT_H
extern void ead_set_key(unsigned char *skey);
extern void ead_encrypt_message(struct ead_msg *msg, unsigned int len);
extern int ead_decrypt_message(struct ead_msg *msg);
#endif

71
package/network/services/ead/src/ead-pcap.h Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright (c) 2001-2003, Adam Dunkels.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* This file was part of the uIP TCP/IP stack.
*
*/
#ifndef __EAD_PCAP_H
#define __EAD_PCAP_H
#include <net/ethernet.h>
#include <stdint.h>
#include "ead.h"
typedef uint8_t u8_t;
typedef uint16_t u16_t;
/* The UDP and IP headers. */
struct ead_packet {
struct ether_header eh;
/* IP header. */
u8_t vhl,
tos,
len[2],
ipid[2],
ipoffset[2],
ttl,
proto;
u16_t ipchksum;
u16_t srcipaddr[2],
destipaddr[2];
/* UDP header. */
u16_t srcport,
destport;
u16_t udplen;
u16_t udpchksum;
struct ead_msg msg;
} __attribute__((packed));
#define UIP_PROTO_UDP 17
#define UIP_IPH_LEN 20 /* Size of IP header */
#define UIP_UDPH_LEN 8 /* Size of UDP header */
#define UIP_IPUDPH_LEN (UIP_UDPH_LEN + UIP_IPH_LEN)
#endif

974
package/network/services/ead/src/ead.c Normal file
View File

@@ -0,0 +1,974 @@
/*
* Emergency Access Daemon
* Copyright (C) 2008 Felix Fietkau <nbd@nbd.name>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <sys/types.h>
#include <sys/time.h>
#include <sys/select.h>
#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdbool.h>
#include <fcntl.h>
#include <signal.h>
#include <pcap.h>
#include <pcap-bpf.h>
#include <t_pwd.h>
#include <t_read.h>
#include <t_sha.h>
#include <t_defines.h>
#include <t_server.h>
#include <net/if.h>
#include "list.h"
#include "ead.h"
#include "ead-pcap.h"
#include "ead-crypt.h"
#include "libbridge.h"
#include "filter.c"
#ifdef linux
#include <linux/if_packet.h>
#endif
#define PASSWD_FILE "/etc/passwd"
#ifndef DEFAULT_IFNAME
#define DEFAULT_IFNAME "eth0"
#endif
#ifndef DEFAULT_DEVNAME
#define DEFAULT_DEVNAME "Unknown"
#endif
#define PCAP_MRU 1600
#define PCAP_TIMEOUT 200
#if EAD_DEBUGLEVEL >= 1
#define DEBUG(n, format, ...) do { \
if (EAD_DEBUGLEVEL >= n) \
fprintf(stderr, format, ##__VA_ARGS__); \
} while (0);
#else
#define DEBUG(n, format, ...) do {} while(0)
#endif
struct ead_instance {
struct list_head list;
char ifname[16];
int pid;
char id;
char bridge[16];
bool br_check;
};
static char ethmac[6] = "\x00\x13\x37\x00\x00\x00"; /* last 3 bytes will be randomized */
static pcap_t *pcap_fp = NULL;
static pcap_t *pcap_fp_rx = NULL;
static char pktbuf_b[PCAP_MRU];
static struct ead_packet *pktbuf = (struct ead_packet *)pktbuf_b;
static u16_t nid = 0xffff; /* node id */
static char username[32] = "";
static int state = EAD_TYPE_SET_USERNAME;
static const char *passwd_file = PASSWD_FILE;
static const char password[MAXPARAMLEN];
static bool child_pending = false;
static unsigned char abuf[MAXPARAMLEN + 1];
static unsigned char pwbuf[MAXPARAMLEN];
static unsigned char saltbuf[MAXSALTLEN];
static unsigned char pw_saltbuf[MAXSALTLEN];
static struct list_head instances;
static const char *dev_name = DEFAULT_DEVNAME;
static bool nonfork = false;
static struct ead_instance *instance = NULL;
static struct t_pwent tpe = {
.name = username,
.index = 1,
.password.data = pwbuf,
.password.len = 0,
.salt.data = saltbuf,
.salt.len = 0,
};
struct t_confent *tce = NULL;
static struct t_server *ts = NULL;
static struct t_num A, *B = NULL;
unsigned char *skey;
static void
set_recv_type(pcap_t *p, bool rx)
{
#ifdef PACKET_RECV_TYPE
struct sockaddr_ll sll;
struct ifreq ifr;
int mask;
int fd;
fd = pcap_get_selectable_fd(p);
if (fd < 0)
return;
if (rx)
mask = 1 << PACKET_BROADCAST;
else
mask = 0;
setsockopt(fd, SOL_PACKET, PACKET_RECV_TYPE, &mask, sizeof(mask));
#endif
}
static pcap_t *
ead_open_pcap(const char *ifname, char *errbuf, bool rx)
{
pcap_t *p;
p = pcap_create(ifname, errbuf);
if (p == NULL)
goto out;
pcap_set_snaplen(p, PCAP_MRU);
pcap_set_promisc(p, rx);
pcap_set_timeout(p, PCAP_TIMEOUT);
pcap_set_protocol_linux(p, (rx ? htons(ETH_P_IP) : 0));
pcap_set_buffer_size(p, (rx ? 10 : 1) * PCAP_MRU);
pcap_activate(p);
set_recv_type(p, rx);
out:
return p;
}
static void
get_random_bytes(void *ptr, int len)
{
int fd;
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0) {
perror("open");
exit(1);
}
read(fd, ptr, len);
close(fd);
}
static bool
prepare_password(void)
{
static char lbuf[1024];
unsigned char dig[SHA_DIGESTSIZE];
BigInteger x, v, n, g;
SHA1_CTX ctxt;
int ulen = strlen(username);
FILE *f;
lbuf[sizeof(lbuf) - 1] = 0;
f = fopen(passwd_file, "r");
if (!f)
return false;
while (fgets(lbuf, sizeof(lbuf) - 1, f) != NULL) {
char *str, *s2;
if (strncmp(lbuf, username, ulen) != 0)
continue;
if (lbuf[ulen] != ':')
continue;
str = &lbuf[ulen + 1];
if (strncmp(str, "$1$", 3) != 0)
continue;
s2 = strchr(str + 3, '$');
if (!s2)
continue;
if (s2 - str >= MAXSALTLEN)
continue;
strncpy((char *) pw_saltbuf, str, s2 - str);
pw_saltbuf[s2 - str] = 0;
s2 = strchr(s2, ':');
if (!s2)
continue;
*s2 = 0;
if (s2 - str >= MAXPARAMLEN)
continue;
strncpy((char *)password, str, MAXPARAMLEN);
fclose(f);
goto hash_password;
}
/* not found */
fclose(f);
return false;
hash_password:
tce = gettcid(tpe.index);
do {
t_random(tpe.password.data, SALTLEN);
} while (memcmp(saltbuf, (char *)dig, sizeof(saltbuf)) == 0);
if (saltbuf[0] == 0)
saltbuf[0] = 0xff;
n = BigIntegerFromBytes(tce->modulus.data, tce->modulus.len);
g = BigIntegerFromBytes(tce->generator.data, tce->generator.len);
v = BigIntegerFromInt(0);
SHA1Init(&ctxt);
SHA1Update(&ctxt, (unsigned char *) username, strlen(username));
SHA1Update(&ctxt, (unsigned char *) ":", 1);
SHA1Update(&ctxt, (unsigned char *) password, strlen(password));
SHA1Final(dig, &ctxt);
SHA1Init(&ctxt);
SHA1Update(&ctxt, saltbuf, tpe.salt.len);
SHA1Update(&ctxt, dig, sizeof(dig));
SHA1Final(dig, &ctxt);
/* x = H(s, H(u, ':', p)) */
x = BigIntegerFromBytes(dig, sizeof(dig));
BigIntegerModExp(v, g, x, n);
tpe.password.len = BigIntegerToBytes(v, (unsigned char *)pwbuf);
BigIntegerFree(v);
BigIntegerFree(x);
BigIntegerFree(g);
BigIntegerFree(n);
return true;
}
static u16_t
chksum(u16_t sum, const u8_t *data, u16_t len)
{
u16_t t;
const u8_t *dataptr;
const u8_t *last_byte;
dataptr = data;
last_byte = data + len - 1;
while(dataptr < last_byte) { /* At least two more bytes */
t = (dataptr[0] << 8) + dataptr[1];
sum += t;
if(sum < t) {
sum++; /* carry */
}
dataptr += 2;
}
if(dataptr == last_byte) {
t = (dataptr[0] << 8) + 0;
sum += t;
if(sum < t) {
sum++; /* carry */
}
}
/* Return sum in host byte order. */
return sum;
}
static void
ead_send_packet_clone(struct ead_packet *pkt)
{
u16_t len, sum;
memcpy(pktbuf, pkt, offsetof(struct ead_packet, msg));
memcpy(pktbuf->eh.ether_shost, ethmac, 6);
memcpy(pktbuf->eh.ether_dhost, pkt->eh.ether_shost, 6);
/* ip header */
len = sizeof(struct ead_packet) - sizeof(struct ether_header) + ntohl(pktbuf->msg.len);
pktbuf->len[0] = len >> 8;
pktbuf->len[1] = len & 0xff;
memcpy(pktbuf->srcipaddr, &pkt->msg.ip, 4);
memcpy(pktbuf->destipaddr, pkt->srcipaddr, 4);
/* ip checksum */
pktbuf->ipchksum = 0;
sum = chksum(0, (void *) &pktbuf->vhl, UIP_IPH_LEN);
if (sum == 0)
sum = 0xffff;
pktbuf->ipchksum = htons(~sum);
/* udp header */
pktbuf->srcport = pkt->destport;
pktbuf->destport = pkt->srcport;
/* udp checksum */
len -= UIP_IPH_LEN;
pktbuf->udplen = htons(len);
pktbuf->udpchksum = 0;
sum = len + UIP_PROTO_UDP;
sum = chksum(sum, (void *) &pktbuf->srcipaddr[0], 8); /* src, dest ip */
sum = chksum(sum, (void *) &pktbuf->srcport, len);
if (sum == 0)
sum = 0xffff;
pktbuf->udpchksum = htons(~sum);
pcap_sendpacket(pcap_fp, (void *) pktbuf, sizeof(struct ead_packet) + ntohl(pktbuf->msg.len));
}
static void
set_state(int nstate)
{
if (state == nstate)
return;
if (nstate < state) {
if ((nstate < EAD_TYPE_GET_PRIME) &&
(state >= EAD_TYPE_GET_PRIME)) {
t_serverclose(ts);
ts = NULL;
}
goto done;
}
switch(state) {
case EAD_TYPE_SET_USERNAME:
if (!prepare_password())
goto error;
ts = t_serveropenraw(&tpe, tce);
if (!ts)
goto error;
break;
case EAD_TYPE_GET_PRIME:
B = t_servergenexp(ts);
break;
case EAD_TYPE_SEND_A:
skey = t_servergetkey(ts, &A);
if (!skey)
goto error;
ead_set_key(skey);
break;
}
done:
state = nstate;
error:
return;
}
static bool
handle_ping(struct ead_packet *pkt, int len, int *nstate)
{
struct ead_msg *msg = &pktbuf->msg;
struct ead_msg_pong *pong = EAD_DATA(msg, pong);
int slen;
slen = strlen(dev_name);
if (slen > 1024)
slen = 1024;
msg->len = htonl(sizeof(struct ead_msg_pong) + slen);
strncpy(pong->name, dev_name, slen);
pong->name[slen] = 0;
pong->auth_type = htons(EAD_AUTH_MD5);
return true;
}
static bool
handle_set_username(struct ead_packet *pkt, int len, int *nstate)
{
struct ead_msg *msg = &pkt->msg;
struct ead_msg_user *user = EAD_DATA(msg, user);
set_state(EAD_TYPE_SET_USERNAME); /* clear old state */
strncpy(username, user->username, sizeof(username));
username[sizeof(username) - 1] = 0;
msg = &pktbuf->msg;
msg->len = 0;
*nstate = EAD_TYPE_GET_PRIME;
return true;
}
static bool
handle_get_prime(struct ead_packet *pkt, int len, int *nstate)
{
struct ead_msg *msg = &pktbuf->msg;
struct ead_msg_salt *salt = EAD_DATA(msg, salt);
msg->len = htonl(sizeof(struct ead_msg_salt));
salt->prime = tce->index - 1;
salt->len = ts->s.len;
memcpy(salt->salt, ts->s.data, ts->s.len);
memcpy(salt->ext_salt, pw_saltbuf, MAXSALTLEN);
*nstate = EAD_TYPE_SEND_A;
return true;
}
static bool
handle_send_a(struct ead_packet *pkt, int len, int *nstate)
{
struct ead_msg *msg = &pkt->msg;
struct ead_msg_number *number = EAD_DATA(msg, number);
len = ntohl(msg->len) - sizeof(struct ead_msg_number);
if (len > MAXPARAMLEN + 1)
return false;
A.len = len;
A.data = abuf;
memcpy(A.data, number->data, len);
msg = &pktbuf->msg;
number = EAD_DATA(msg, number);
msg->len = htonl(sizeof(struct ead_msg_number) + B->len);
memcpy(number->data, B->data, B->len);
*nstate = EAD_TYPE_SEND_AUTH;
return true;
}
static bool
handle_send_auth(struct ead_packet *pkt, int len, int *nstate)
{
struct ead_msg *msg = &pkt->msg;
struct ead_msg_auth *auth = EAD_DATA(msg, auth);
if (t_serververify(ts, auth->data) != 0) {
DEBUG(2, "Client authentication failed\n");
*nstate = EAD_TYPE_SET_USERNAME;
return false;
}
msg = &pktbuf->msg;
auth = EAD_DATA(msg, auth);
msg->len = htonl(sizeof(struct ead_msg_auth));
DEBUG(2, "Client authentication successful\n");
memcpy(auth->data, t_serverresponse(ts), sizeof(auth->data));
*nstate = EAD_TYPE_SEND_CMD;
return true;
}
static bool
handle_send_cmd(struct ead_packet *pkt, int len, int *nstate)
{
struct ead_msg *msg = &pkt->msg;
struct ead_msg_cmd *cmd = EAD_ENC_DATA(msg, cmd);
struct ead_msg_cmd_data *cmddata;
struct timeval tv, to, tn;
int pfd[2], fd;
fd_set fds;
pid_t pid;
bool stream = false;
int timeout;
int type;
int datalen;
datalen = ead_decrypt_message(msg) - sizeof(struct ead_msg_cmd);
if (datalen <= 0)
return false;
type = ntohs(cmd->type);
timeout = ntohs(cmd->timeout);
FD_ZERO(&fds);
cmd->data[datalen] = 0;
switch(type) {
case EAD_CMD_NORMAL:
if (pipe(pfd) < 0)
return false;
fcntl(pfd[0], F_SETFL, O_NONBLOCK | fcntl(pfd[0], F_GETFL));
child_pending = true;
pid = fork();
if (pid == 0) {
close(pfd[0]);
fd = open("/dev/null", O_RDWR);
if (fd > 0) {
dup2(fd, 0);
dup2(pfd[1], 1);
dup2(pfd[1], 2);
}
system((char *)cmd->data);
exit(0);
} else if (pid > 0) {
close(pfd[1]);
if (!timeout)
timeout = EAD_CMD_TIMEOUT;
stream = true;
break;
}
return false;
case EAD_CMD_BACKGROUND:
pid = fork();
if (pid == 0) {
/* close stdin, stdout, stderr, replace with fd to /dev/null */
fd = open("/dev/null", O_RDWR);
if (fd > 0) {
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
}
system((char *)cmd->data);
exit(0);
} else if (pid > 0) {
break;
}
return false;
default:
return false;
}
msg = &pktbuf->msg;
cmddata = EAD_ENC_DATA(msg, cmd_data);
if (stream) {
int nfds, bytes;
/* send keepalive packets every 200 ms so that the client doesn't timeout */
gettimeofday(&to, NULL);
memcpy(&tn, &to, sizeof(tn));
tv.tv_usec = PCAP_TIMEOUT * 1000;
tv.tv_sec = 0;
do {
cmddata->done = 0;
FD_SET(pfd[0], &fds);
nfds = select(pfd[0] + 1, &fds, NULL, NULL, &tv);
bytes = 0;
if (nfds > 0) {
bytes = read(pfd[0], cmddata->data, 1024);
if (bytes < 0)
bytes = 0;
}
if (!bytes && !child_pending)
break;
DEBUG(3, "Sending %d bytes of console data, type=%d, timeout=%d\n", bytes, ntohl(msg->type), timeout);
ead_encrypt_message(msg, sizeof(struct ead_msg_cmd_data) + bytes);
ead_send_packet_clone(pkt);
gettimeofday(&tn, NULL);
} while (tn.tv_sec < to.tv_sec + timeout);
if (child_pending) {
kill(pid, SIGKILL);
return false;
}
}
cmddata->done = 1;
ead_encrypt_message(msg, sizeof(struct ead_msg_cmd_data));
return true;
}
static void
parse_message(struct ead_packet *pkt, int len)
{
bool (*handler)(struct ead_packet *pkt, int len, int *nstate);
int min_len = sizeof(struct ead_packet);
int nstate = state;
int type = ntohl(pkt->msg.type);
if ((type >= EAD_TYPE_GET_PRIME) &&
(state != type))
return;
if ((type != EAD_TYPE_PING) &&
((ntohs(pkt->msg.sid) & EAD_INSTANCE_MASK) >>
EAD_INSTANCE_SHIFT) != instance->id)
return;
switch(type) {
case EAD_TYPE_PING:
handler = handle_ping;
break;
case EAD_TYPE_SET_USERNAME:
handler = handle_set_username;
min_len += sizeof(struct ead_msg_user);
break;
case EAD_TYPE_GET_PRIME:
handler = handle_get_prime;
break;
case EAD_TYPE_SEND_A:
handler = handle_send_a;
min_len += sizeof(struct ead_msg_number);
break;
case EAD_TYPE_SEND_AUTH:
handler = handle_send_auth;
min_len += sizeof(struct ead_msg_auth);
break;
case EAD_TYPE_SEND_CMD:
handler = handle_send_cmd;
min_len += sizeof(struct ead_msg_cmd) + sizeof(struct ead_msg_encrypted);
break;
default:
return;
}
if (len < min_len) {
DEBUG(2, "discarding packet: message too small\n");
return;
}
pktbuf->msg.magic = htonl(EAD_MAGIC);
pktbuf->msg.type = htonl(type + 1);
pktbuf->msg.nid = htons(nid);
pktbuf->msg.sid = pkt->msg.sid;
pktbuf->msg.len = 0;
if (handler(pkt, len, &nstate)) {
DEBUG(2, "sending response to packet type %d: %d\n", type + 1, ntohl(pktbuf->msg.len));
/* format response packet */
ead_send_packet_clone(pkt);
}
set_state(nstate);
}
static void
handle_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes)
{
struct ead_packet *pkt = (struct ead_packet *) bytes;
if (h->len < sizeof(struct ead_packet))
return;
if (pkt->eh.ether_type != htons(ETHERTYPE_IP))
return;
if (memcmp(pkt->eh.ether_dhost, "\xff\xff\xff\xff\xff\xff", 6) != 0)
return;
if (pkt->proto != UIP_PROTO_UDP)
return;
if (pkt->destport != htons(EAD_PORT))
return;
if (pkt->msg.magic != htonl(EAD_MAGIC))
return;
if (h->len < sizeof(struct ead_packet) + ntohl(pkt->msg.len))
return;
if ((pkt->msg.nid != 0xffff) &&
(pkt->msg.nid != htons(nid)))
return;
parse_message(pkt, h->len);
}
static void
ead_pcap_reopen(bool first)
{
static char errbuf[PCAP_ERRBUF_SIZE] = "";
if (pcap_fp_rx && (pcap_fp_rx != pcap_fp))
pcap_close(pcap_fp_rx);
if (pcap_fp)
pcap_close(pcap_fp);
pcap_fp_rx = NULL;
do {
if (instance->bridge[0]) {
pcap_fp_rx = ead_open_pcap(instance->bridge, errbuf, 1);
pcap_fp = ead_open_pcap(instance->ifname, errbuf, 0);
} else {
pcap_fp = ead_open_pcap(instance->ifname, errbuf, 1);
}
if (!pcap_fp_rx)
pcap_fp_rx = pcap_fp;
if (first && !pcap_fp) {
DEBUG(1, "WARNING: unable to open interface '%s'\n", instance->ifname);
first = false;
}
if (!pcap_fp)
sleep(1);
} while (!pcap_fp);
pcap_setfilter(pcap_fp_rx, &pktfilter);
}
static void
ead_pktloop(void)
{
while (1) {
if (pcap_dispatch(pcap_fp_rx, 1, handle_packet, NULL) < 0) {
ead_pcap_reopen(false);
continue;
}
}
}
static int
usage(const char *prog)
{
fprintf(stderr, "Usage: %s [<options>]\n"
"Options:\n"
"\t-B Run in background mode\n"
"\t-d <device> Set the device to listen on\n"
"\t-D <name> Set the name of the device visible to clients\n"
"\t-p <file> Set the password file for authenticating\n"
"\t-P <file> Write a pidfile\n"
"\n", prog);
return -1;
}
static void
server_handle_sigchld(int sig)
{
struct ead_instance *in;
struct list_head *p;
int pid = 0;
wait(&pid);
list_for_each(p, &instances) {
in = list_entry(p, struct ead_instance, list);
if (pid != in->pid)
continue;
in->pid = 0;
break;
}
}
static void
instance_handle_sigchld(int sig)
{
int pid = 0;
wait(&pid);
child_pending = false;
}
static void
start_server(struct ead_instance *i)
{
if (!nonfork) {
i->pid = fork();
if (i->pid != 0) {
if (i->pid < 0)
i->pid = 0;
return;
}
}
instance = i;
signal(SIGCHLD, instance_handle_sigchld);
ead_pcap_reopen(true);
ead_pktloop();
pcap_close(pcap_fp);
if (pcap_fp_rx != pcap_fp)
pcap_close(pcap_fp_rx);
exit(0);
}
static void
start_servers(bool restart)
{
struct ead_instance *in;
struct list_head *p;
list_for_each(p, &instances) {
in = list_entry(p, struct ead_instance, list);
if (in->pid > 0)
continue;
sleep(1);
start_server(in);
}
}
static void
stop_server(struct ead_instance *in, bool do_free)
{
if (in->pid > 0)
kill(in->pid, SIGKILL);
in->pid = 0;
if (do_free) {
list_del(&in->list);
free(in);
}
}
static void
server_handle_sigint(int sig)
{
struct ead_instance *in;
struct list_head *p, *tmp;
list_for_each_safe(p, tmp, &instances) {
in = list_entry(p, struct ead_instance, list);
stop_server(in, true);
}
exit(1);
}
static int
check_bridge_port(const char *br, const char *port, void *arg)
{
struct ead_instance *in;
struct list_head *p;
list_for_each(p, &instances) {
in = list_entry(p, struct ead_instance, list);
if (strcmp(in->ifname, port) != 0)
continue;
in->br_check = true;
if (strcmp(in->bridge, br) == 0)
break;
strncpy(in->bridge, br, sizeof(in->bridge));
DEBUG(2, "assigning port %s to bridge %s\n", in->ifname, in->bridge);
stop_server(in, false);
}
return 0;
}
static int
check_bridge(const char *name, void *arg)
{
br_foreach_port(name, check_bridge_port, arg);
return 0;
}
static void
check_all_interfaces(void)
{
struct ead_instance *in;
struct list_head *p;
br_foreach_bridge(check_bridge, NULL);
/* look for interfaces that are no longer part of a bridge */
list_for_each(p, &instances) {
in = list_entry(p, struct ead_instance, list);
if (in->br_check) {
in->br_check = false;
} else if (in->bridge[0]) {
DEBUG(2, "removing port %s from bridge %s\n", in->ifname, in->bridge);
in->bridge[0] = 0;
stop_server(in, false);
}
}
}
int main(int argc, char **argv)
{
struct ead_instance *in;
struct timeval tv;
const char *pidfile = NULL;
bool background = false;
int n_iface = 0;
int fd, ch;
if (argc == 1)
return usage(argv[0]);
INIT_LIST_HEAD(&instances);
while ((ch = getopt(argc, argv, "Bd:D:fhp:P:")) != -1) {
switch(ch) {
case 'B':
background = true;
break;
case 'f':
nonfork = true;
break;
case 'h':
return usage(argv[0]);
case 'd':
in = malloc(sizeof(struct ead_instance));
memset(in, 0, sizeof(struct ead_instance));
INIT_LIST_HEAD(&in->list);
strncpy(in->ifname, optarg, sizeof(in->ifname) - 1);
list_add(&in->list, &instances);
in->id = n_iface++;
break;
case 'D':
dev_name = optarg;
break;
case 'p':
passwd_file = optarg;
break;
case 'P':
pidfile = optarg;
break;
}
}
signal(SIGCHLD, server_handle_sigchld);
signal(SIGINT, server_handle_sigint);
signal(SIGTERM, server_handle_sigint);
signal(SIGKILL, server_handle_sigint);
if (!n_iface) {
fprintf(stderr, "Error: ead needs at least one interface\n");
return -1;
}
if (background) {
if (fork() > 0)
exit(0);
fd = open("/dev/null", O_RDWR);
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
}
if (pidfile) {
char pid[8];
int len;
unlink(pidfile);
fd = open(pidfile, O_CREAT|O_WRONLY|O_EXCL, 0644);
if (fd > 0) {
len = sprintf(pid, "%d\n", getpid());
write(fd, pid, len);
close(fd);
}
}
/* randomize the mac address */
get_random_bytes(ethmac + 3, 3);
nid = *(((u16_t *) ethmac) + 2);
start_servers(false);
br_init();
tv.tv_sec = 1;
tv.tv_usec = 0;
while (1) {
check_all_interfaces();
start_servers(true);
sleep(1);
}
br_shutdown();
return 0;
}

139
package/network/services/ead/src/ead.h Normal file
View File

@@ -0,0 +1,139 @@
/*
* Copyright (C) 2008 Felix Fietkau <nbd@nbd.name>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef __EAD_H
#define __EAD_H
#define EAD_DEBUGLEVEL 1
#include <stdint.h>
#include <stddef.h>
#ifndef MAXSALTLEN
#define MAXSALTLEN 32
#endif
#define EAD_PORT 56026UL
#define EAD_MAGIC 3671771902UL
#define EAD_CMD_TIMEOUT 10
#define EAD_MAX_IV_INCR 128
/* request/response types */
/* response id == request id + 1 */
enum ead_type {
EAD_TYPE_PING,
EAD_TYPE_PONG,
EAD_TYPE_SET_USERNAME,
EAD_TYPE_ACK_USERNAME,
EAD_TYPE_GET_PRIME,
EAD_TYPE_PRIME,
EAD_TYPE_SEND_A,
EAD_TYPE_SEND_B,
EAD_TYPE_SEND_AUTH,
EAD_TYPE_DONE_AUTH,
EAD_TYPE_SEND_CMD,
EAD_TYPE_RESULT_CMD,
EAD_TYPE_LAST
};
enum ead_auth_type {
EAD_AUTH_DEFAULT,
EAD_AUTH_MD5
};
enum ead_cmd_type {
EAD_CMD_NORMAL,
EAD_CMD_BACKGROUND,
EAD_CMD_LAST
};
struct ead_msg_pong {
uint16_t auth_type;
char name[];
} __attribute__((packed));
struct ead_msg_number {
uint8_t id;
unsigned char data[];
} __attribute__((packed));
struct ead_msg_salt {
uint8_t prime;
uint8_t len;
unsigned char salt[MAXSALTLEN];
unsigned char ext_salt[MAXSALTLEN];
} __attribute__((packed));
struct ead_msg_user {
char username[32];
} __attribute__((packed));
struct ead_msg_auth {
unsigned char data[20];
} __attribute__((packed));
struct ead_msg_cmd {
uint8_t type;
uint16_t timeout;
unsigned char data[];
} __attribute__((packed));
struct ead_msg_cmd_data {
uint8_t done;
unsigned char data[];
} __attribute__((packed));
struct ead_msg_encrypted {
uint32_t hash[5];
uint32_t iv;
uint8_t pad;
union {
struct ead_msg_cmd cmd;
struct ead_msg_cmd_data cmd_data;
} data[];
} __attribute__((packed));
#define EAD_DATA(_msg, _type) (&((_msg)->data[0]._type))
#define EAD_ENC_DATA(_msg, _type) (&((_msg)->data[0].enc.data[0]._type))
/* for ead_msg::sid */
#define EAD_INSTANCE_MASK 0xf000
#define EAD_INSTANCE_SHIFT 12
struct ead_msg {
uint32_t magic;
uint32_t len;
uint32_t type;
uint16_t nid; /* node id */
uint16_t sid; /* session id */
uint32_t ip; /* source ip for responses from the server */
union {
struct ead_msg_pong pong;
struct ead_msg_user user;
struct ead_msg_number number;
struct ead_msg_auth auth;
struct ead_msg_salt salt;
struct ead_msg_encrypted enc;
} data[];
} __attribute__((packed));
#endif

25
package/network/services/ead/src/filter.c Normal file
View File

@@ -0,0 +1,25 @@
/* precompiled expression: udp and dst port 56026 */
static struct bpf_insn pktfilter_insns[] = {
{ .code = 0x0028, .jt = 0x00, .jf = 0x00, .k = 0x0000000c },
{ .code = 0x0015, .jt = 0x00, .jf = 0x04, .k = 0x000086dd },
{ .code = 0x0030, .jt = 0x00, .jf = 0x00, .k = 0x00000014 },
{ .code = 0x0015, .jt = 0x00, .jf = 0x0b, .k = 0x00000011 },
{ .code = 0x0028, .jt = 0x00, .jf = 0x00, .k = 0x00000038 },
{ .code = 0x0015, .jt = 0x08, .jf = 0x09, .k = 0x0000dada },
{ .code = 0x0015, .jt = 0x00, .jf = 0x08, .k = 0x00000800 },
{ .code = 0x0030, .jt = 0x00, .jf = 0x00, .k = 0x00000017 },
{ .code = 0x0015, .jt = 0x00, .jf = 0x06, .k = 0x00000011 },
{ .code = 0x0028, .jt = 0x00, .jf = 0x00, .k = 0x00000014 },
{ .code = 0x0045, .jt = 0x04, .jf = 0x00, .k = 0x00001fff },
{ .code = 0x00b1, .jt = 0x00, .jf = 0x00, .k = 0x0000000e },
{ .code = 0x0048, .jt = 0x00, .jf = 0x00, .k = 0x00000010 },
{ .code = 0x0015, .jt = 0x00, .jf = 0x01, .k = 0x0000dada },
{ .code = 0x0006, .jt = 0x00, .jf = 0x00, .k = 0x000005dc },
{ .code = 0x0006, .jt = 0x00, .jf = 0x00, .k = 0x00000000 },
};
static struct bpf_program pktfilter = {
.bf_len = 16,
.bf_insns = pktfilter_insns,
};

60
package/network/services/ead/src/libbridge.h Normal file
View File

@@ -0,0 +1,60 @@
/*
* Copyright (C) 2000 Lennert Buytenhek
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifndef _LIBBRIDGE_H
#define _LIBBRIDGE_H
#ifdef linux
int br_init(void);
void br_shutdown(void);
int br_foreach_port(const char *brname,
int (*iterator)(const char *br, const char *port, void *arg),
void *arg);
int br_foreach_bridge(int (*iterator)(const char *, void *), void *arg);
#else
static inline int br_init(void)
{
return 0;
}
static inline void br_shutdown(void)
{
}
static inline int
br_foreach_port(const char *brname,
int (*iterator)(const char *br, const char *port, void *arg),
void *arg)
{
return 0;
}
static inline int
br_foreach_bridge(int (*iterator)(const char *, void *), void *arg)
{
return 0;
}
#endif
#endif

127
package/network/services/ead/src/libbridge_init.c Normal file
View File

@@ -0,0 +1,127 @@
/*
* Copyright (C) 2000 Lennert Buytenhek
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifdef linux
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <dirent.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <linux/if.h>
#include <linux/in6.h>
#include <linux/if_bridge.h>
#include "libbridge.h"
#include "libbridge_private.h"
static int br_socket_fd = -1;
int br_init(void)
{
if ((br_socket_fd = socket(AF_LOCAL, SOCK_STREAM, 0)) < 0)
return errno;
return 0;
}
void br_shutdown(void)
{
close(br_socket_fd);
br_socket_fd = -1;
}
/* If /sys/class/net/XXX/bridge exists then it must be a bridge */
static int isbridge(const struct dirent *entry)
{
char path[SYSFS_PATH_MAX];
struct stat st;
snprintf(path, SYSFS_PATH_MAX, SYSFS_CLASS_NET "%s/bridge", entry->d_name);
return stat(path, &st) == 0 && S_ISDIR(st.st_mode);
}
/*
* New interface uses sysfs to find bridges
*/
static int new_foreach_bridge(int (*iterator)(const char *name, void *),
void *arg)
{
struct dirent **namelist;
int i, count = 0;
count = scandir(SYSFS_CLASS_NET, &namelist, isbridge, alphasort);
if (count < 0)
return -1;
for (i = 0; i < count; i++) {
if (iterator(namelist[i]->d_name, arg))
break;
}
for (i = 0; i < count; i++)
free(namelist[i]);
free(namelist);
return count;
}
/*
* Go over all bridges and call iterator function.
* if iterator returns non-zero then stop.
*/
int br_foreach_bridge(int (*iterator)(const char *, void *), void *arg)
{
return new_foreach_bridge(iterator, arg);
}
/*
* Iterate over all ports in bridge (using sysfs).
*/
int br_foreach_port(const char *brname,
int (*iterator)(const char *br, const char *port, void *arg),
void *arg)
{
int i, count;
struct dirent **namelist;
char path[SYSFS_PATH_MAX];
snprintf(path, SYSFS_PATH_MAX, SYSFS_CLASS_NET "%s/brif", brname);
count = scandir(path, &namelist, 0, alphasort);
for (i = 0; i < count; i++) {
if (namelist[i]->d_name[0] == '.'
&& (namelist[i]->d_name[1] == '\0'
|| (namelist[i]->d_name[1] == '.'
&& namelist[i]->d_name[2] == '\0')))
continue;
if (iterator(brname, namelist[i]->d_name, arg))
break;
}
for (i = 0; i < count; i++)
free(namelist[i]);
free(namelist);
return count;
}
#endif

35
package/network/services/ead/src/libbridge_private.h Normal file
View File

@@ -0,0 +1,35 @@
/*
* Copyright (C) 2000 Lennert Buytenhek
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifndef _LIBBRIDGE_PRIVATE_H
#define _LIBBRIDGE_PRIVATE_H
#include <linux/sockios.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#include <linux/if_bridge.h>
#define MAX_BRIDGES 1024
#define MAX_PORTS 1024
#define SYSFS_CLASS_NET "/sys/class/net/"
#define SYSFS_PATH_MAX 256
#define dprintf(fmt,arg...)
#endif

602
package/network/services/ead/src/list.h Normal file
View File

@@ -0,0 +1,602 @@
/* GPL v2, adapted from the Linux kernel */
#ifndef _LINUX_LIST_H
#define _LINUX_LIST_H
#include <stddef.h>
/**
* container_of - cast a member of a structure out to the containing structure
* @ptr: the pointer to the member.
* @type: the type of the container struct this is embedded in.
* @member: the name of the member within the struct.
*
*/
#ifndef container_of
#define container_of(ptr, type, member) ( \
(type *)( (char *)ptr - offsetof(type,member) ))
#endif
/*
* Simple doubly linked list implementation.
*
* Some of the internal functions ("__xxx") are useful when
* manipulating whole lists rather than single entries, as
* sometimes we already know the next/prev entries and we can
* generate better code by using them directly rather than
* using the generic single-entry routines.
*/
struct list_head {
struct list_head *next, *prev;
};
#define LIST_HEAD_INIT(name) { &(name), &(name) }
#define LIST_HEAD(name) \
struct list_head name = LIST_HEAD_INIT(name)
static inline void INIT_LIST_HEAD(struct list_head *list)
{
list->next = list;
list->prev = list;
}
/*
* Insert a new entry between two known consecutive entries.
*
* This is only for internal list manipulation where we know
* the prev/next entries already!
*/
static inline void __list_add(struct list_head *new,
struct list_head *prev,
struct list_head *next)
{
next->prev = new;
new->next = next;
new->prev = prev;
prev->next = new;
}
/**
* list_add - add a new entry
* @new: new entry to be added
* @head: list head to add it after
*
* Insert a new entry after the specified head.
* This is good for implementing stacks.
*/
static inline void list_add(struct list_head *new, struct list_head *head)
{
__list_add(new, head, head->next);
}
/**
* list_add_tail - add a new entry
* @new: new entry to be added
* @head: list head to add it before
*
* Insert a new entry before the specified head.
* This is useful for implementing queues.
*/
static inline void list_add_tail(struct list_head *new, struct list_head *head)
{
__list_add(new, head->prev, head);
}
/*
* Delete a list entry by making the prev/next entries
* point to each other.
*
* This is only for internal list manipulation where we know
* the prev/next entries already!
*/
static inline void __list_del(struct list_head * prev, struct list_head * next)
{
next->prev = prev;
prev->next = next;
}
/**
* list_del - deletes entry from list.
* @entry: the element to delete from the list.
* Note: list_empty() on entry does not return true after this, the entry is
* in an undefined state.
*/
static inline void list_del(struct list_head *entry)
{
__list_del(entry->prev, entry->next);
entry->next = NULL;
entry->prev = NULL;
}
/**
* list_replace - replace old entry by new one
* @old : the element to be replaced
* @new : the new element to insert
*
* If @old was empty, it will be overwritten.
*/
static inline void list_replace(struct list_head *old,
struct list_head *new)
{
new->next = old->next;
new->next->prev = new;
new->prev = old->prev;
new->prev->next = new;
}
static inline void list_replace_init(struct list_head *old,
struct list_head *new)
{
list_replace(old, new);
INIT_LIST_HEAD(old);
}
/**
* list_del_init - deletes entry from list and reinitialize it.
* @entry: the element to delete from the list.
*/
static inline void list_del_init(struct list_head *entry)
{
__list_del(entry->prev, entry->next);
INIT_LIST_HEAD(entry);
}
/**
* list_move - delete from one list and add as another's head
* @list: the entry to move
* @head: the head that will precede our entry
*/
static inline void list_move(struct list_head *list, struct list_head *head)
{
__list_del(list->prev, list->next);
list_add(list, head);
}
/**
* list_move_tail - delete from one list and add as another's tail
* @list: the entry to move
* @head: the head that will follow our entry
*/
static inline void list_move_tail(struct list_head *list,
struct list_head *head)
{
__list_del(list->prev, list->next);
list_add_tail(list, head);
}
/**
* list_is_last - tests whether @list is the last entry in list @head
* @list: the entry to test
* @head: the head of the list
*/
static inline int list_is_last(const struct list_head *list,
const struct list_head *head)
{
return list->next == head;
}
/**
* list_empty - tests whether a list is empty
* @head: the list to test.
*/
static inline int list_empty(const struct list_head *head)
{
return head->next == head;
}
/**
* list_empty_careful - tests whether a list is empty and not being modified
* @head: the list to test
*
* Description:
* tests whether a list is empty _and_ checks that no other CPU might be
* in the process of modifying either member (next or prev)
*
* NOTE: using list_empty_careful() without synchronization
* can only be safe if the only activity that can happen
* to the list entry is list_del_init(). Eg. it cannot be used
* if another CPU could re-list_add() it.
*/
static inline int list_empty_careful(const struct list_head *head)
{
struct list_head *next = head->next;
return (next == head) && (next == head->prev);
}
static inline void __list_splice(struct list_head *list,
struct list_head *head)
{
struct list_head *first = list->next;
struct list_head *last = list->prev;
struct list_head *at = head->next;
first->prev = head;
head->next = first;
last->next = at;
at->prev = last;
}
/**
* list_splice - join two lists
* @list: the new list to add.
* @head: the place to add it in the first list.
*/
static inline void list_splice(struct list_head *list, struct list_head *head)
{
if (!list_empty(list))
__list_splice(list, head);
}
/**
* list_splice_init - join two lists and reinitialise the emptied list.
* @list: the new list to add.
* @head: the place to add it in the first list.
*
* The list at @list is reinitialised
*/
static inline void list_splice_init(struct list_head *list,
struct list_head *head)
{
if (!list_empty(list)) {
__list_splice(list, head);
INIT_LIST_HEAD(list);
}
}
/**
* list_entry - get the struct for this entry
* @ptr: the &struct list_head pointer.
* @type: the type of the struct this is embedded in.
* @member: the name of the list_struct within the struct.
*/
#define list_entry(ptr, type, member) \
container_of(ptr, type, member)
/**
* list_first_entry - get the first element from a list
* @ptr: the list head to take the element from.
* @type: the type of the struct this is embedded in.
* @member: the name of the list_struct within the struct.
*
* Note, that list is expected to be not empty.
*/
#define list_first_entry(ptr, type, member) \
list_entry((ptr)->next, type, member)
/**
* list_for_each - iterate over a list
* @pos: the &struct list_head to use as a loop cursor.
* @head: the head for your list.
*/
#define list_for_each(pos, head) \
for (pos = (head)->next; pos != (head); \
pos = pos->next)
/**
* __list_for_each - iterate over a list
* @pos: the &struct list_head to use as a loop cursor.
* @head: the head for your list.
*
* This variant differs from list_for_each() in that it's the
* simplest possible list iteration code, no prefetching is done.
* Use this for code that knows the list to be very short (empty
* or 1 entry) most of the time.
*/
#define __list_for_each(pos, head) \
for (pos = (head)->next; pos != (head); pos = pos->next)
/**
* list_for_each_prev - iterate over a list backwards
* @pos: the &struct list_head to use as a loop cursor.
* @head: the head for your list.
*/
#define list_for_each_prev(pos, head) \
for (pos = (head)->prev; pos != (head); \
pos = pos->prev)
/**
* list_for_each_safe - iterate over a list safe against removal of list entry
* @pos: the &struct list_head to use as a loop cursor.
* @n: another &struct list_head to use as temporary storage
* @head: the head for your list.
*/
#define list_for_each_safe(pos, n, head) \
for (pos = (head)->next, n = pos->next; pos != (head); \
pos = n, n = pos->next)
/**
* list_for_each_prev_safe - iterate over a list backwards safe against removal of list entry
* @pos: the &struct list_head to use as a loop cursor.
* @n: another &struct list_head to use as temporary storage
* @head: the head for your list.
*/
#define list_for_each_prev_safe(pos, n, head) \
for (pos = (head)->prev, n = pos->prev; \
pos != (head); \
pos = n, n = pos->prev)
/**
* list_for_each_entry - iterate over list of given type
* @pos: the type * to use as a loop cursor.
* @head: the head for your list.
* @member: the name of the list_struct within the struct.
*/
#define list_for_each_entry(pos, head, member) \
for (pos = list_entry((head)->next, typeof(*pos), member); \
&pos->member != (head); \
pos = list_entry(pos->member.next, typeof(*pos), member))
/**
* list_for_each_entry_reverse - iterate backwards over list of given type.
* @pos: the type * to use as a loop cursor.
* @head: the head for your list.
* @member: the name of the list_struct within the struct.
*/
#define list_for_each_entry_reverse(pos, head, member) \
for (pos = list_entry((head)->prev, typeof(*pos), member); \
&pos->member != (head); \
pos = list_entry(pos->member.prev, typeof(*pos), member))
/**
* list_prepare_entry - prepare a pos entry for use in list_for_each_entry_continue()
* @pos: the type * to use as a start point
* @head: the head of the list
* @member: the name of the list_struct within the struct.
*
* Prepares a pos entry for use as a start point in list_for_each_entry_continue().
*/
#define list_prepare_entry(pos, head, member) \
((pos) ? : list_entry(head, typeof(*pos), member))
/**
* list_for_each_entry_continue - continue iteration over list of given type
* @pos: the type * to use as a loop cursor.
* @head: the head for your list.
* @member: the name of the list_struct within the struct.
*
* Continue to iterate over list of given type, continuing after
* the current position.
*/
#define list_for_each_entry_continue(pos, head, member) \
for (pos = list_entry(pos->member.next, typeof(*pos), member); \
&pos->member != (head); \
pos = list_entry(pos->member.next, typeof(*pos), member))
/**
* list_for_each_entry_continue_reverse - iterate backwards from the given point
* @pos: the type * to use as a loop cursor.
* @head: the head for your list.
* @member: the name of the list_struct within the struct.
*
* Start to iterate over list of given type backwards, continuing after
* the current position.
*/
#define list_for_each_entry_continue_reverse(pos, head, member) \
for (pos = list_entry(pos->member.prev, typeof(*pos), member); \
&pos->member != (head); \
pos = list_entry(pos->member.prev, typeof(*pos), member))
/**
* list_for_each_entry_from - iterate over list of given type from the current point
* @pos: the type * to use as a loop cursor.
* @head: the head for your list.
* @member: the name of the list_struct within the struct.
*
* Iterate over list of given type, continuing from current position.
*/
#define list_for_each_entry_from(pos, head, member) \
for (; &pos->member != (head); \
pos = list_entry(pos->member.next, typeof(*pos), member))
/**
* list_for_each_entry_safe - iterate over list of given type safe against removal of list entry
* @pos: the type * to use as a loop cursor.
* @n: another type * to use as temporary storage
* @head: the head for your list.
* @member: the name of the list_struct within the struct.
*/
#define list_for_each_entry_safe(pos, n, head, member) \
for (pos = list_entry((head)->next, typeof(*pos), member), \
n = list_entry(pos->member.next, typeof(*pos), member); \
&pos->member != (head); \
pos = n, n = list_entry(n->member.next, typeof(*n), member))
/**
* list_for_each_entry_safe_continue
* @pos: the type * to use as a loop cursor.
* @n: another type * to use as temporary storage
* @head: the head for your list.
* @member: the name of the list_struct within the struct.
*
* Iterate over list of given type, continuing after current point,
* safe against removal of list entry.
*/
#define list_for_each_entry_safe_continue(pos, n, head, member) \
for (pos = list_entry(pos->member.next, typeof(*pos), member), \
n = list_entry(pos->member.next, typeof(*pos), member); \
&pos->member != (head); \
pos = n, n = list_entry(n->member.next, typeof(*n), member))
/**
* list_for_each_entry_safe_from
* @pos: the type * to use as a loop cursor.
* @n: another type * to use as temporary storage
* @head: the head for your list.
* @member: the name of the list_struct within the struct.
*
* Iterate over list of given type from current point, safe against
* removal of list entry.
*/
#define list_for_each_entry_safe_from(pos, n, head, member) \
for (n = list_entry(pos->member.next, typeof(*pos), member); \
&pos->member != (head); \
pos = n, n = list_entry(n->member.next, typeof(*n), member))
/**
* list_for_each_entry_safe_reverse
* @pos: the type * to use as a loop cursor.
* @n: another type * to use as temporary storage
* @head: the head for your list.
* @member: the name of the list_struct within the struct.
*
* Iterate backwards over list of given type, safe against removal
* of list entry.
*/
#define list_for_each_entry_safe_reverse(pos, n, head, member) \
for (pos = list_entry((head)->prev, typeof(*pos), member), \
n = list_entry(pos->member.prev, typeof(*pos), member); \
&pos->member != (head); \
pos = n, n = list_entry(n->member.prev, typeof(*n), member))
/*
* Double linked lists with a single pointer list head.
* Mostly useful for hash tables where the two pointer list head is
* too wasteful.
* You lose the ability to access the tail in O(1).
*/
struct hlist_head {
struct hlist_node *first;
};
struct hlist_node {
struct hlist_node *next, **pprev;
};
#define HLIST_HEAD_INIT { .first = NULL }
#define HLIST_HEAD(name) struct hlist_head name = { .first = NULL }
#define INIT_HLIST_HEAD(ptr) ((ptr)->first = NULL)
static inline void INIT_HLIST_NODE(struct hlist_node *h)
{
h->next = NULL;
h->pprev = NULL;
}
static inline int hlist_unhashed(const struct hlist_node *h)
{
return !h->pprev;
}
static inline int hlist_empty(const struct hlist_head *h)
{
return !h->first;
}
static inline void __hlist_del(struct hlist_node *n)
{
struct hlist_node *next = n->next;
struct hlist_node **pprev = n->pprev;
*pprev = next;
if (next)
next->pprev = pprev;
}
static inline void hlist_del(struct hlist_node *n)
{
__hlist_del(n);
n->next = NULL;
n->pprev = NULL;
}
static inline void hlist_del_init(struct hlist_node *n)
{
if (!hlist_unhashed(n)) {
__hlist_del(n);
INIT_HLIST_NODE(n);
}
}
static inline void hlist_add_head(struct hlist_node *n, struct hlist_head *h)
{
struct hlist_node *first = h->first;
n->next = first;
if (first)
first->pprev = &n->next;
h->first = n;
n->pprev = &h->first;
}
/* next must be != NULL */
static inline void hlist_add_before(struct hlist_node *n,
struct hlist_node *next)
{
n->pprev = next->pprev;
n->next = next;
next->pprev = &n->next;
*(n->pprev) = n;
}
static inline void hlist_add_after(struct hlist_node *n,
struct hlist_node *next)
{
next->next = n->next;
n->next = next;
next->pprev = &n->next;
if(next->next)
next->next->pprev = &next->next;
}
#define hlist_entry(ptr, type, member) container_of(ptr,type,member)
#define hlist_for_each(pos, head) \
for (pos = (head)->first; pos; pos = pos->next)
#define hlist_for_each_safe(pos, n, head) \
for (pos = (head)->first; pos; pos = n)
/**
* hlist_for_each_entry - iterate over list of given type
* @tpos: the type * to use as a loop cursor.
* @pos: the &struct hlist_node to use as a loop cursor.
* @head: the head for your list.
* @member: the name of the hlist_node within the struct.
*/
#define hlist_for_each_entry(tpos, pos, head, member) \
for (pos = (head)->first; pos && \
({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \
pos = pos->next)
/**
* hlist_for_each_entry_continue - iterate over a hlist continuing after current point
* @tpos: the type * to use as a loop cursor.
* @pos: the &struct hlist_node to use as a loop cursor.
* @member: the name of the hlist_node within the struct.
*/
#define hlist_for_each_entry_continue(tpos, pos, member) \
for (pos = (pos)->next; pos && \
({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \
pos = pos->next)
/**
* hlist_for_each_entry_from - iterate over a hlist continuing from current point
* @tpos: the type * to use as a loop cursor.
* @pos: the &struct hlist_node to use as a loop cursor.
* @member: the name of the hlist_node within the struct.
*/
#define hlist_for_each_entry_from(tpos, pos, member) \
for (; pos && \
({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \
pos = pos->next)
/**
* hlist_for_each_entry_safe - iterate over list of given type safe against removal of list entry
* @tpos: the type * to use as a loop cursor.
* @pos: the &struct hlist_node to use as a loop cursor.
* @n: another &struct hlist_node to use as temporary storage
* @head: the head for your list.
* @member: the name of the hlist_node within the struct.
*/
#define hlist_for_each_entry_safe(tpos, pos, n, head, member) \
for (pos = (head)->first; \
pos && ({ n = pos->next; 1; }) && \
({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \
pos = n)
#endif

3
package/network/services/ead/src/passwd Normal file
View File

@@ -0,0 +1,3 @@
root:$1$MCGAgYw.$Ip1GcyeUliId3wzVcKR/e/:0:0:root:/root:/bin/ash
nobody:*:65534:65534:nobody:/var:/bin/false
daemon:*:65534:65534:daemon:/var:/bin/false

54
package/network/services/ead/src/pfc.c Normal file
View File

@@ -0,0 +1,54 @@
/*
* Small pcap precompiler
* Copyright (C) 2008 Felix Fietkau <nbd@nbd.name>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <sys/types.h>
#include <sys/time.h>
#include <string.h>
#include <stdlib.h>
#include <pcap.h>
int main (int argc, char ** argv)
{
struct bpf_program filter;
pcap_t *pc;
int i;
if (argc != 2)
{
printf ("Usage: %s <expression>\n", argv[0]);
return 1;
}
pc = pcap_open_dead(DLT_EN10MB, 1500);
if (pcap_compile(pc, &filter, argv[1], 1, 0) != 0) {
printf("error in active-filter expression: %s\n", pcap_geterr(pc));
return 1;
}
printf("/* precompiled expression: %s */\n\n"
"static struct bpf_insn pktfilter_insns[] = {\n",
argv[1]);
for (i = 0; i < filter.bf_len; i++) {
struct bpf_insn *in = &filter.bf_insns[i];
printf("\t{ .code = 0x%04x, .jt = 0x%02x, .jf = 0x%02x, .k = 0x%08x },\n", in->code, in->jt, in->jf, in->k);
}
printf("};\n\n"
"static struct bpf_program pktfilter = {\n"
"\t.bf_len = %d,\n"
"\t.bf_insns = pktfilter_insns,\n"
"};\n", filter.bf_len);
return 0;
}

646
package/network/services/ead/src/pw_encrypt_md5.c Normal file
View File

@@ -0,0 +1,646 @@
/*
* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
*
* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
* rights reserved.
*
* License to copy and use this software is granted provided that it
* is identified as the "RSA Data Security, Inc. MD5 Message-Digest
* Algorithm" in all material mentioning or referencing this software
* or this function.
*
* License is also granted to make and use derivative works provided
* that such works are identified as "derived from the RSA Data
* Security, Inc. MD5 Message-Digest Algorithm" in all material
* mentioning or referencing the derived work.
*
* RSA Data Security, Inc. makes no representations concerning either
* the merchantability of this software or the suitability of this
* software for any particular purpose. It is provided "as is"
* without express or implied warranty of any kind.
*
* These notices must be retained in any copies of any part of this
* documentation and/or software.
*
* $FreeBSD: src/lib/libmd/md5c.c,v 1.9.2.1 1999/08/29 14:57:12 peter Exp $
*
* This code is the same as the code published by RSA Inc. It has been
* edited for clarity and style only.
*
* ----------------------------------------------------------------------------
* The md5_crypt() function was taken from freeBSD's libcrypt and contains
* this license:
* "THE BEER-WARE LICENSE" (Revision 42):
* <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you think
* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
*
* $FreeBSD: src/lib/libcrypt/crypt.c,v 1.7.2.1 1999/08/29 14:56:33 peter Exp $
*
* ----------------------------------------------------------------------------
* On April 19th, 2001 md5_crypt() was modified to make it reentrant
* by Erik Andersen <andersen@uclibc.org>
*
*
* June 28, 2001 Manuel Novoa III
*
* "Un-inlined" code using loops and static const tables in order to
* reduce generated code size (on i386 from approx 4k to approx 2.5k).
*
* June 29, 2001 Manuel Novoa III
*
* Completely removed static PADDING array.
*
* Reintroduced the loop unrolling in MD5_Transform and added the
* MD5_SIZE_OVER_SPEED option for configurability. Define below as:
* 0 fully unrolled loops
* 1 partially unrolled (4 ops per loop)
* 2 no unrolling -- introduces the need to swap 4 variables (slow)
* 3 no unrolling and all 4 loops merged into one with switch
* in each loop (glacial)
* On i386, sizes are roughly (-Os -fno-builtin):
* 0: 3k 1: 2.5k 2: 2.2k 3: 2k
*
*
* Since SuSv3 does not require crypt_r, modified again August 7, 2002
* by Erik Andersen to remove reentrance stuff...
*/
static const uint8_t ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
/*
* Valid values are 1 (fastest/largest) to 3 (smallest/slowest).
*/
#define MD5_SIZE_OVER_SPEED 3
/**********************************************************************/
/* MD5 context. */
struct MD5Context {
uint32_t state[4]; /* state (ABCD) */
uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */
unsigned char buffer[64]; /* input buffer */
};
static void __md5_Init(struct MD5Context *);
static void __md5_Update(struct MD5Context *, const unsigned char *, unsigned int);
static void __md5_Pad(struct MD5Context *);
static void __md5_Final(unsigned char [16], struct MD5Context *);
static void __md5_Transform(uint32_t [4], const unsigned char [64]);
#define MD5_MAGIC_STR "$1$"
#define MD5_MAGIC_LEN (sizeof(MD5_MAGIC_STR) - 1)
static const unsigned char __md5__magic[] = MD5_MAGIC_STR;
#ifdef i386
#define __md5_Encode memcpy
#define __md5_Decode memcpy
#else /* i386 */
/*
* __md5_Encodes input (uint32_t) into output (unsigned char). Assumes len is
* a multiple of 4.
*/
static void
__md5_Encode(unsigned char *output, uint32_t *input, unsigned int len)
{
unsigned int i, j;
for (i = 0, j = 0; j < len; i++, j += 4) {
output[j] = input[i];
output[j+1] = (input[i] >> 8);
output[j+2] = (input[i] >> 16);
output[j+3] = (input[i] >> 24);
}
}
/*
* __md5_Decodes input (unsigned char) into output (uint32_t). Assumes len is
* a multiple of 4.
*/
static void
__md5_Decode(uint32_t *output, const unsigned char *input, unsigned int len)
{
unsigned int i, j;
for (i = 0, j = 0; j < len; i++, j += 4)
output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
(((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
}
#endif /* i386 */
/* F, G, H and I are basic MD5 functions. */
#define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
#define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | ~(z)))
/* ROTATE_LEFT rotates x left n bits. */
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
/*
* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
* Rotation is separate from addition to prevent recomputation.
*/
#define FF(a, b, c, d, x, s, ac) { \
(a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) { \
(a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) { \
(a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) { \
(a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT((a), (s)); \
(a) += (b); \
}
/* MD5 initialization. Begins an MD5 operation, writing a new context. */
static void __md5_Init(struct MD5Context *context)
{
context->count[0] = context->count[1] = 0;
/* Load magic initialization constants. */
context->state[0] = 0x67452301;
context->state[1] = 0xefcdab89;
context->state[2] = 0x98badcfe;
context->state[3] = 0x10325476;
}
/*
* MD5 block update operation. Continues an MD5 message-digest
* operation, processing another message block, and updating the
* context.
*/
static void __md5_Update(struct MD5Context *context, const unsigned char *input, unsigned int inputLen)
{
unsigned int i, idx, partLen;
/* Compute number of bytes mod 64 */
idx = (context->count[0] >> 3) & 0x3F;
/* Update number of bits */
context->count[0] += (inputLen << 3);
if (context->count[0] < (inputLen << 3))
context->count[1]++;
context->count[1] += (inputLen >> 29);
partLen = 64 - idx;
/* Transform as many times as possible. */
if (inputLen >= partLen) {
memcpy(&context->buffer[idx], input, partLen);
__md5_Transform(context->state, context->buffer);
for (i = partLen; i + 63 < inputLen; i += 64)
__md5_Transform(context->state, &input[i]);
idx = 0;
} else
i = 0;
/* Buffer remaining input */
memcpy(&context->buffer[idx], &input[i], inputLen - i);
}
/*
* MD5 padding. Adds padding followed by original length.
*/
static void __md5_Pad(struct MD5Context *context)
{
unsigned char bits[8];
unsigned int idx, padLen;
unsigned char PADDING[64];
memset(PADDING, 0, sizeof(PADDING));
PADDING[0] = 0x80;
/* Save number of bits */
__md5_Encode(bits, context->count, 8);
/* Pad out to 56 mod 64. */
idx = (context->count[0] >> 3) & 0x3f;
padLen = (idx < 56) ? (56 - idx) : (120 - idx);
__md5_Update(context, PADDING, padLen);
/* Append length (before padding) */
__md5_Update(context, bits, 8);
}
/*
* MD5 finalization. Ends an MD5 message-digest operation, writing the
* the message digest and zeroizing the context.
*/
static void __md5_Final(unsigned char digest[16], struct MD5Context *context)
{
/* Do padding. */
__md5_Pad(context);
/* Store state in digest */
__md5_Encode(digest, context->state, 16);
/* Zeroize sensitive information. */
memset(context, 0, sizeof(*context));
}
/* MD5 basic transformation. Transforms state based on block. */
static void __md5_Transform(uint32_t state[4], const unsigned char block[64])
{
uint32_t a, b, c, d, x[16];
#if MD5_SIZE_OVER_SPEED > 1
uint32_t temp;
const unsigned char *ps;
static const unsigned char S[] = {
7, 12, 17, 22,
5, 9, 14, 20,
4, 11, 16, 23,
6, 10, 15, 21
};
#endif /* MD5_SIZE_OVER_SPEED > 1 */
#if MD5_SIZE_OVER_SPEED > 0
const uint32_t *pc;
const unsigned char *pp;
int i;
static const uint32_t C[] = {
/* round 1 */
0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
/* round 2 */
0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
/* round 3 */
0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
/* round 4 */
0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
};
static const unsigned char P[] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */
1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */
5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */
0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */
};
#endif /* MD5_SIZE_OVER_SPEED > 0 */
__md5_Decode(x, block, 64);
a = state[0]; b = state[1]; c = state[2]; d = state[3];
#if MD5_SIZE_OVER_SPEED > 2
pc = C; pp = P; ps = S - 4;
for (i = 0; i < 64; i++) {
if ((i & 0x0f) == 0) ps += 4;
temp = a;
switch (i>>4) {
case 0:
temp += F(b, c, d);
break;
case 1:
temp += G(b, c, d);
break;
case 2:
temp += H(b, c, d);
break;
case 3:
temp += I(b, c, d);
break;
}
temp += x[*pp++] + *pc++;
temp = ROTATE_LEFT(temp, ps[i & 3]);
temp += b;
a = d; d = c; c = b; b = temp;
}
#elif MD5_SIZE_OVER_SPEED > 1
pc = C; pp = P; ps = S;
/* Round 1 */
for (i = 0; i < 16; i++) {
FF(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++;
temp = d; d = c; c = b; b = a; a = temp;
}
/* Round 2 */
ps += 4;
for (; i < 32; i++) {
GG(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++;
temp = d; d = c; c = b; b = a; a = temp;
}
/* Round 3 */
ps += 4;
for (; i < 48; i++) {
HH(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++;
temp = d; d = c; c = b; b = a; a = temp;
}
/* Round 4 */
ps += 4;
for (; i < 64; i++) {
II(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++;
temp = d; d = c; c = b; b = a; a = temp;
}
#elif MD5_SIZE_OVER_SPEED > 0
pc = C; pp = P;
/* Round 1 */
for (i = 0; i < 4; i++) {
FF(a, b, c, d, x[*pp], 7, *pc); pp++; pc++;
FF(d, a, b, c, x[*pp], 12, *pc); pp++; pc++;
FF(c, d, a, b, x[*pp], 17, *pc); pp++; pc++;
FF(b, c, d, a, x[*pp], 22, *pc); pp++; pc++;
}
/* Round 2 */
for (i = 0; i < 4; i++) {
GG(a, b, c, d, x[*pp], 5, *pc); pp++; pc++;
GG(d, a, b, c, x[*pp], 9, *pc); pp++; pc++;
GG(c, d, a, b, x[*pp], 14, *pc); pp++; pc++;
GG(b, c, d, a, x[*pp], 20, *pc); pp++; pc++;
}
/* Round 3 */
for (i = 0; i < 4; i++) {
HH(a, b, c, d, x[*pp], 4, *pc); pp++; pc++;
HH(d, a, b, c, x[*pp], 11, *pc); pp++; pc++;
HH(c, d, a, b, x[*pp], 16, *pc); pp++; pc++;
HH(b, c, d, a, x[*pp], 23, *pc); pp++; pc++;
}
/* Round 4 */
for (i = 0; i < 4; i++) {
II(a, b, c, d, x[*pp], 6, *pc); pp++; pc++;
II(d, a, b, c, x[*pp], 10, *pc); pp++; pc++;
II(c, d, a, b, x[*pp], 15, *pc); pp++; pc++;
II(b, c, d, a, x[*pp], 21, *pc); pp++; pc++;
}
#else
/* Round 1 */
#define S11 7
#define S12 12
#define S13 17
#define S14 22
FF(a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
FF(d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
FF(c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
FF(b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
FF(a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
FF(d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
FF(c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
FF(b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
FF(a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
FF(d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
#define S21 5
#define S22 9
#define S23 14
#define S24 20
GG(a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
GG(d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG(b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
GG(a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG(b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
GG(a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG(c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
GG(b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG(d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
GG(c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
#define S31 4
#define S32 11
#define S33 16
#define S34 23
HH(a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
HH(d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH(a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
HH(d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
HH(c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH(d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
HH(c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
HH(b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
HH(a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH(b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
#define S41 6
#define S42 10
#define S43 15
#define S44 21
II(a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
II(d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II(b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II(d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II(b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
II(a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II(c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II(a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II(c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
II(b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
#endif
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
/* Zeroize sensitive information. */
memset(x, 0, sizeof(x));
}
static char*
__md5_to64(char *s, unsigned v, int n)
{
while (--n >= 0) {
*s++ = ascii64[v & 0x3f];
v >>= 6;
}
return s;
}
/*
* UNIX password
*
* Use MD5 for what it is best at...
*/
#define MD5_OUT_BUFSIZE 36
static char *
md5_crypt(char passwd[MD5_OUT_BUFSIZE], const unsigned char *pw, const unsigned char *salt)
{
const unsigned char *sp, *ep;
char *p;
unsigned char final[17]; /* final[16] exists only to aid in looping */
int sl, pl, i, pw_len;
struct MD5Context ctx, ctx1;
/* Refine the Salt first */
sp = salt;
sp += MD5_MAGIC_LEN;
/* It stops at the first '$', max 8 chars */
for (ep = sp; *ep && *ep != '$' && ep < (sp+8); ep++)
continue;
/* get the length of the true salt */
sl = ep - sp;
__md5_Init(&ctx);
/* The password first, since that is what is most unknown */
pw_len = strlen((char*)pw);
__md5_Update(&ctx, pw, pw_len);
/* Then our magic string */
__md5_Update(&ctx, __md5__magic, MD5_MAGIC_LEN);
/* Then the raw salt */
__md5_Update(&ctx, sp, sl);
/* Then just as many characters of the MD5(pw, salt, pw) */
__md5_Init(&ctx1);
__md5_Update(&ctx1, pw, pw_len);
__md5_Update(&ctx1, sp, sl);
__md5_Update(&ctx1, pw, pw_len);
__md5_Final(final, &ctx1);
for (pl = pw_len; pl > 0; pl -= 16)
__md5_Update(&ctx, final, pl > 16 ? 16 : pl);
/* Don't leave anything around in vm they could use. */
//TODO: the above comment seems to be wrong. final is used later.
memset(final, 0, sizeof(final));
/* Then something really weird... */
for (i = pw_len; i; i >>= 1) {
__md5_Update(&ctx, ((i & 1) ? final : (const unsigned char *) pw), 1);
}
/* Now make the output string */
passwd[0] = '$';
passwd[1] = '1';
passwd[2] = '$';
strncpy(passwd + 3, (char*)sp, sl);
passwd[sl + 3] = '$';
__md5_Final(final, &ctx);
/*
* and now, just to make sure things don't run too fast
* On a 60 Mhz Pentium this takes 34 msec, so you would
* need 30 seconds to build a 1000 entry dictionary...
*/
for (i = 0; i < 1000; i++) {
__md5_Init(&ctx1);
if (i & 1)
__md5_Update(&ctx1, pw, pw_len);
else
__md5_Update(&ctx1, final, 16);
if (i % 3)
__md5_Update(&ctx1, sp, sl);
if (i % 7)
__md5_Update(&ctx1, pw, pw_len);
if (i & 1)
__md5_Update(&ctx1, final, 16);
else
__md5_Update(&ctx1, pw, pw_len);
__md5_Final(final, &ctx1);
}
p = passwd + sl + 4; /* 12 bytes max (sl is up to 8 bytes) */
/* Add 5*4+2 = 22 bytes of hash, + NUL byte. */
final[16] = final[5];
for (i = 0; i < 5; i++) {
unsigned l = (final[i] << 16) | (final[i+6] << 8) | final[i+12];
p = __md5_to64(p, l, 4);
}
p = __md5_to64(p, final[11], 2);
*p = '\0';
/* Don't leave anything around in vm they could use. */
memset(final, 0, sizeof(final));
return passwd;
}
#undef MD5_SIZE_OVER_SPEED
#undef MD5_MAGIC_STR
#undef MD5_MAGIC_LEN
#undef __md5_Encode
#undef __md5_Decode
#undef F
#undef G
#undef H
#undef I
#undef ROTATE_LEFT
#undef FF
#undef GG
#undef HH
#undef II
#undef S11
#undef S12
#undef S13
#undef S14
#undef S21
#undef S22
#undef S23
#undef S24
#undef S31
#undef S32
#undef S33
#undef S34
#undef S41
#undef S42
#undef S43
#undef S44

104
package/network/services/ead/src/sha1.c Normal file
View File

@@ -0,0 +1,104 @@
/*
* SHA transform algorithm, originally taken from code written by
* Peter Gutmann, and placed in the public domain.
*/
static uint32_t
rol32(uint32_t word, int shift)
{
return (word << shift) | (word >> (32 - shift));
}
/* The SHA f()-functions. */
#define f1(x,y,z) (z ^ (x & (y ^ z))) /* x ? y : z */
#define f2(x,y,z) (x ^ y ^ z) /* XOR */
#define f3(x,y,z) ((x & y) + (z & (x ^ y))) /* majority */
/* The SHA Mysterious Constants */
#define K1 0x5A827999L /* Rounds 0-19: sqrt(2) * 2^30 */
#define K2 0x6ED9EBA1L /* Rounds 20-39: sqrt(3) * 2^30 */
#define K3 0x8F1BBCDCL /* Rounds 40-59: sqrt(5) * 2^30 */
#define K4 0xCA62C1D6L /* Rounds 60-79: sqrt(10) * 2^30 */
/**
* sha_transform - single block SHA1 transform
*
* @digest: 160 bit digest to update
* @data: 512 bits of data to hash
* @W: 80 words of workspace (see note)
*
* This function generates a SHA1 digest for a single 512-bit block.
* Be warned, it does not handle padding and message digest, do not
* confuse it with the full FIPS 180-1 digest algorithm for variable
* length messages.
*
* Note: If the hash is security sensitive, the caller should be sure
* to clear the workspace. This is left to the caller to avoid
* unnecessary clears between chained hashing operations.
*/
static void sha_transform(uint32_t *digest, const unsigned char *in, uint32_t *W)
{
uint32_t a, b, c, d, e, t, i;
for (i = 0; i < 16; i++) {
int ofs = 4 * i;
/* word load/store may be unaligned here, so use bytes instead */
W[i] =
(in[ofs+0] << 24) |
(in[ofs+1] << 16) |
(in[ofs+2] << 8) |
in[ofs+3];
}
for (i = 0; i < 64; i++)
W[i+16] = rol32(W[i+13] ^ W[i+8] ^ W[i+2] ^ W[i], 1);
a = digest[0];
b = digest[1];
c = digest[2];
d = digest[3];
e = digest[4];
for (i = 0; i < 20; i++) {
t = f1(b, c, d) + K1 + rol32(a, 5) + e + W[i];
e = d; d = c; c = rol32(b, 30); b = a; a = t;
}
for (; i < 40; i ++) {
t = f2(b, c, d) + K2 + rol32(a, 5) + e + W[i];
e = d; d = c; c = rol32(b, 30); b = a; a = t;
}
for (; i < 60; i ++) {
t = f3(b, c, d) + K3 + rol32(a, 5) + e + W[i];
e = d; d = c; c = rol32(b, 30); b = a; a = t;
}
for (; i < 80; i ++) {
t = f2(b, c, d) + K4 + rol32(a, 5) + e + W[i];
e = d; d = c; c = rol32(b, 30); b = a; a = t;
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
}
/**
* sha_init - initialize the vectors for a SHA1 digest
* @buf: vector to initialize
*/
static void sha_init(uint32_t *buf)
{
buf[0] = 0x67452301;
buf[1] = 0xefcdab89;
buf[2] = 0x98badcfe;
buf[3] = 0x10325476;
buf[4] = 0xc3d2e1f0;
}

28
package/network/services/ead/src/tinysrp/Makefile.am Normal file
View File

@@ -0,0 +1,28 @@
AUTOMAKE_OPTIONS = foreign no-dependencies
noinst_HEADERS = t_client.h t_pwd.h t_server.h t_sha.h \
bn.h bn_lcl.h bn_prime.h t_defines.h t_read.h
include_HEADERS = tinysrp.h
lib_LIBRARIES = libtinysrp.a
CFLAGS = -O2 @signed@
libtinysrp_a_SOURCES = \
tinysrp.c t_client.c t_getconf.c t_conv.c t_getpass.c t_sha.c t_math.c \
t_misc.c t_pw.c t_read.c t_server.c t_truerand.c \
bn_add.c bn_ctx.c bn_div.c bn_exp.c bn_mul.c bn_word.c bn_asm.c bn_lib.c \
bn_shift.c bn_sqr.c
noinst_PROGRAMS = srvtest clitest
srvtest_SOURCES = srvtest.c
clitest_SOURCES = clitest.c
bin_PROGRAMS = tconf tphrase
tconf_SOURCES = tconf.c t_conf.c
tphrase_SOURCES = tphrase.c
LDADD = libtinysrp.a
EXTRA_DIST = tpasswd Notes

477
package/network/services/ead/src/tinysrp/Makefile.in Normal file
View File

@@ -0,0 +1,477 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
DESTDIR =
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = .
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_FLAG =
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
CC = @CC@
LN_S = @LN_S@
MAKEINFO = @MAKEINFO@
PACKAGE = @PACKAGE@
RANLIB = @RANLIB@
VERSION = @VERSION@
signed = @signed@
AUTOMAKE_OPTIONS = foreign no-dependencies
noinst_HEADERS = t_client.h t_pwd.h t_server.h t_sha.h bn.h bn_lcl.h bn_prime.h t_defines.h t_read.h
include_HEADERS = tinysrp.h
lib_LIBRARIES = libtinysrp.a
CFLAGS = -O2 @signed@
libtinysrp_a_SOURCES = tinysrp.c t_client.c t_getconf.c t_conv.c t_getpass.c t_sha.c t_math.c t_misc.c t_pw.c t_read.c t_server.c t_truerand.c bn_add.c bn_ctx.c bn_div.c bn_exp.c bn_mul.c bn_word.c bn_asm.c bn_lib.c bn_shift.c bn_sqr.c
noinst_PROGRAMS = srvtest clitest
srvtest_SOURCES = srvtest.c
clitest_SOURCES = clitest.c
bin_PROGRAMS = tconf tphrase
tconf_SOURCES = tconf.c t_conf.c
tphrase_SOURCES = tphrase.c
LDADD = libtinysrp.a
EXTRA_DIST = tpasswd Notes
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
LIBRARIES = $(lib_LIBRARIES)
DEFS = @DEFS@ -I. -I$(srcdir) -I.
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
libtinysrp_a_LIBADD =
libtinysrp_a_OBJECTS = tinysrp.o t_client.o t_getconf.o t_conv.o \
t_getpass.o t_sha.o t_math.o t_misc.o t_pw.o t_read.o t_server.o \
t_truerand.o bn_add.o bn_ctx.o bn_div.o bn_exp.o bn_mul.o bn_word.o \
bn_asm.o bn_lib.o bn_shift.o bn_sqr.o
AR = ar
PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
tconf_OBJECTS = tconf.o t_conf.o
tconf_LDADD = $(LDADD)
tconf_DEPENDENCIES = libtinysrp.a
tconf_LDFLAGS =
tphrase_OBJECTS = tphrase.o
tphrase_LDADD = $(LDADD)
tphrase_DEPENDENCIES = libtinysrp.a
tphrase_LDFLAGS =
srvtest_OBJECTS = srvtest.o
srvtest_LDADD = $(LDADD)
srvtest_DEPENDENCIES = libtinysrp.a
srvtest_LDFLAGS =
clitest_OBJECTS = clitest.o
clitest_LDADD = $(LDADD)
clitest_DEPENDENCIES = libtinysrp.a
clitest_LDFLAGS =
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@
HEADERS = $(include_HEADERS) $(noinst_HEADERS)
DIST_COMMON = ./stamp-h.in Makefile.am Makefile.in acconfig.h \
acinclude.m4 aclocal.m4 config.h.in configure configure.in install-sh \
missing mkinstalldirs
DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
TAR = gtar
GZIP_ENV = --best
SOURCES = $(libtinysrp_a_SOURCES) $(tconf_SOURCES) $(tphrase_SOURCES) $(srvtest_SOURCES) $(clitest_SOURCES)
OBJECTS = $(libtinysrp_a_OBJECTS) $(tconf_OBJECTS) $(tphrase_OBJECTS) $(srvtest_OBJECTS) $(clitest_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .S .c .o .s
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status
$(ACLOCAL_M4): configure.in acinclude.m4
cd $(srcdir) && $(ACLOCAL)
$(srcdir)/configure: $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES)
cd $(srcdir) && $(AUTOCONF)
config.h: stamp-h
@if test ! -f $@; then \
rm -f stamp-h; \
$(MAKE) stamp-h; \
else :; fi
stamp-h: $(srcdir)/config.h.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES= CONFIG_HEADERS=config.h \
$(SHELL) ./config.status
@echo timestamp > stamp-h 2> /dev/null
$(srcdir)/config.h.in: $(srcdir)/stamp-h.in
@if test ! -f $@; then \
rm -f $(srcdir)/stamp-h.in; \
$(MAKE) $(srcdir)/stamp-h.in; \
else :; fi
$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) acconfig.h
cd $(top_srcdir) && $(AUTOHEADER)
@echo timestamp > $(srcdir)/stamp-h.in 2> /dev/null
mostlyclean-hdr:
clean-hdr:
distclean-hdr:
-rm -f config.h
maintainer-clean-hdr:
mostlyclean-libLIBRARIES:
clean-libLIBRARIES:
-test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES)
distclean-libLIBRARIES:
maintainer-clean-libLIBRARIES:
install-libLIBRARIES: $(lib_LIBRARIES)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(libdir)
@list='$(lib_LIBRARIES)'; for p in $$list; do \
if test -f $$p; then \
echo " $(INSTALL_DATA) $$p $(DESTDIR)$(libdir)/$$p"; \
$(INSTALL_DATA) $$p $(DESTDIR)$(libdir)/$$p; \
else :; fi; \
done
@$(POST_INSTALL)
@list='$(lib_LIBRARIES)'; for p in $$list; do \
if test -f $$p; then \
echo " $(RANLIB) $(DESTDIR)$(libdir)/$$p"; \
$(RANLIB) $(DESTDIR)$(libdir)/$$p; \
else :; fi; \
done
uninstall-libLIBRARIES:
@$(NORMAL_UNINSTALL)
list='$(lib_LIBRARIES)'; for p in $$list; do \
rm -f $(DESTDIR)$(libdir)/$$p; \
done
.c.o:
$(COMPILE) -c $<
.s.o:
$(COMPILE) -c $<
.S.o:
$(COMPILE) -c $<
mostlyclean-compile:
-rm -f *.o core *.core
clean-compile:
distclean-compile:
-rm -f *.tab.c
maintainer-clean-compile:
libtinysrp.a: $(libtinysrp_a_OBJECTS) $(libtinysrp_a_DEPENDENCIES)
-rm -f libtinysrp.a
$(AR) cru libtinysrp.a $(libtinysrp_a_OBJECTS) $(libtinysrp_a_LIBADD)
$(RANLIB) libtinysrp.a
mostlyclean-binPROGRAMS:
clean-binPROGRAMS:
-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
distclean-binPROGRAMS:
maintainer-clean-binPROGRAMS:
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(bindir)
@list='$(bin_PROGRAMS)'; for p in $$list; do \
if test -f $$p; then \
echo " $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \
$(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
else :; fi; \
done
uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
list='$(bin_PROGRAMS)'; for p in $$list; do \
rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
done
mostlyclean-noinstPROGRAMS:
clean-noinstPROGRAMS:
-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
distclean-noinstPROGRAMS:
maintainer-clean-noinstPROGRAMS:
tconf: $(tconf_OBJECTS) $(tconf_DEPENDENCIES)
@rm -f tconf
$(LINK) $(tconf_LDFLAGS) $(tconf_OBJECTS) $(tconf_LDADD) $(LIBS)
tphrase: $(tphrase_OBJECTS) $(tphrase_DEPENDENCIES)
@rm -f tphrase
$(LINK) $(tphrase_LDFLAGS) $(tphrase_OBJECTS) $(tphrase_LDADD) $(LIBS)
srvtest: $(srvtest_OBJECTS) $(srvtest_DEPENDENCIES)
@rm -f srvtest
$(LINK) $(srvtest_LDFLAGS) $(srvtest_OBJECTS) $(srvtest_LDADD) $(LIBS)
clitest: $(clitest_OBJECTS) $(clitest_DEPENDENCIES)
@rm -f clitest
$(LINK) $(clitest_LDFLAGS) $(clitest_OBJECTS) $(clitest_LDADD) $(LIBS)
install-includeHEADERS: $(include_HEADERS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(includedir)
@list='$(include_HEADERS)'; for p in $$list; do \
if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \
echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$p"; \
$(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$p; \
done
uninstall-includeHEADERS:
@$(NORMAL_UNINSTALL)
list='$(include_HEADERS)'; for p in $$list; do \
rm -f $(DESTDIR)$(includedir)/$$p; \
done
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP)
list='$(SOURCES) $(HEADERS)'; \
unique=`for i in $$list; do echo $$i; done | \
awk ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
here=`pwd` && cd $(srcdir) \
&& mkid -f$$here/ID $$unique $(LISP)
TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS)'; \
unique=`for i in $$list; do echo $$i; done | \
awk ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)config.h.in$$unique$(LISP)$$tags" \
|| (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags config.h.in $$unique $(LISP) -o $$here/TAGS)
mostlyclean-tags:
clean-tags:
distclean-tags:
-rm -f TAGS ID
maintainer-clean-tags:
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
# This target untars the dist file and tries a VPATH configuration. Then
# it guarantees that the distribution is self-contained by making another
# tarfile.
distcheck: dist
-rm -rf $(distdir)
GZIP=$(GZIP_ENV) $(TAR) zxf $(distdir).tar.gz
mkdir $(distdir)/=build
mkdir $(distdir)/=inst
dc_install_base=`cd $(distdir)/=inst && pwd`; \
cd $(distdir)/=build \
&& ../configure --srcdir=.. --prefix=$$dc_install_base \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
&& $(MAKE) $(AM_MAKEFLAGS) dist
-rm -rf $(distdir)
@banner="$(distdir).tar.gz is ready for distribution"; \
dashes=`echo "$$banner" | sed s/./=/g`; \
echo "$$dashes"; \
echo "$$banner"; \
echo "$$dashes"
dist: distdir
-chmod -R a+r $(distdir)
GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir)
-rm -rf $(distdir)
dist-all: distdir
-chmod -R a+r $(distdir)
GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir)
-rm -rf $(distdir)
distdir: $(DISTFILES)
-rm -rf $(distdir)
mkdir $(distdir)
-chmod 777 $(distdir)
@for file in $(DISTFILES); do \
d=$(srcdir); \
if test -d $$d/$$file; then \
cp -pr $$d/$$file $(distdir)/$$file; \
else \
test -f $(distdir)/$$file \
|| ln $$d/$$file $(distdir)/$$file 2> /dev/null \
|| cp -p $$d/$$file $(distdir)/$$file || :; \
fi; \
done
info-am:
info: info-am
dvi-am:
dvi: dvi-am
check-am: all-am
check: check-am
installcheck-am:
installcheck: installcheck-am
all-recursive-am: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive
install-exec-am: install-libLIBRARIES install-binPROGRAMS
install-exec: install-exec-am
install-data-am: install-includeHEADERS
install-data: install-data-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
install: install-am
uninstall-am: uninstall-libLIBRARIES uninstall-binPROGRAMS \
uninstall-includeHEADERS
uninstall: uninstall-am
all-am: Makefile $(LIBRARIES) $(PROGRAMS) $(HEADERS) config.h
all-redirect: all-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
installdirs:
$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) \
$(DESTDIR)$(includedir)
mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
mostlyclean-am: mostlyclean-hdr mostlyclean-libLIBRARIES \
mostlyclean-compile mostlyclean-binPROGRAMS \
mostlyclean-noinstPROGRAMS mostlyclean-tags \
mostlyclean-generic
mostlyclean: mostlyclean-am
clean-am: clean-hdr clean-libLIBRARIES clean-compile clean-binPROGRAMS \
clean-noinstPROGRAMS clean-tags clean-generic \
mostlyclean-am
clean: clean-am
distclean-am: distclean-hdr distclean-libLIBRARIES distclean-compile \
distclean-binPROGRAMS distclean-noinstPROGRAMS \
distclean-tags distclean-generic clean-am
distclean: distclean-am
-rm -f config.status
maintainer-clean-am: maintainer-clean-hdr maintainer-clean-libLIBRARIES \
maintainer-clean-compile maintainer-clean-binPROGRAMS \
maintainer-clean-noinstPROGRAMS maintainer-clean-tags \
maintainer-clean-generic distclean-am
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
maintainer-clean: maintainer-clean-am
-rm -f config.status
.PHONY: mostlyclean-hdr distclean-hdr clean-hdr maintainer-clean-hdr \
mostlyclean-libLIBRARIES distclean-libLIBRARIES clean-libLIBRARIES \
maintainer-clean-libLIBRARIES uninstall-libLIBRARIES \
install-libLIBRARIES mostlyclean-compile distclean-compile \
clean-compile maintainer-clean-compile mostlyclean-binPROGRAMS \
distclean-binPROGRAMS clean-binPROGRAMS maintainer-clean-binPROGRAMS \
uninstall-binPROGRAMS install-binPROGRAMS mostlyclean-noinstPROGRAMS \
distclean-noinstPROGRAMS clean-noinstPROGRAMS \
maintainer-clean-noinstPROGRAMS uninstall-includeHEADERS \
install-includeHEADERS tags mostlyclean-tags distclean-tags clean-tags \
maintainer-clean-tags distdir info-am info dvi-am dvi check check-am \
installcheck-am installcheck all-recursive-am install-exec-am \
install-exec install-data-am install-data install-am install \
uninstall-am uninstall all-redirect all-am all installdirs \
mostlyclean-generic distclean-generic clean-generic \
maintainer-clean-generic clean mostlyclean distclean maintainer-clean
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

110
package/network/services/ead/src/tinysrp/Notes Normal file
View File

@@ -0,0 +1,110 @@
t_* stuff is from the srp 1.7.1 dist
bn_* stuff is from openssl 0.9.6
(The 7 in libtinysrp's version number reflects the srp version.)
Licensing and copyright for srp and openssl are as indicated in the relevant
source files. Everything else here is GPL, including the tinysrp protocol.
Changelog since initial release:
0.7.4 more robust terminal modes in t_getpass
a potential buffer overflow in tinysrp
0.7.5 uninitialized pointer bug in tconf
Changes from the base srp and openssl distributions:
I've removed everything that's not needed for client/server operations, and
all the bn_* stuff that's only used for prime generation has been moved to
t_conf.c, which isn't part of the library anymore. Also, all the routines
used for passphrase file maintenance have been moved to tphrase.c.
The library has been optimized (a bit) for space instead of speed. Since
authentication is usually only done once, this isn't a big problem. Modern
CPUs are plenty fast for this task, and even 100 MHz CPUs are fine. If you
really need the speed, get the regular distributions.
Note that if the server sends the client a prime that the client doesn't
know about, the client MUST test for primality. Since this is pretty
expensive, and takes 30 seconds on a 100 MHz machine, and uses lots of code,
I've removed that ability from the client. So only KNOWN primes can be
used. You can still generate new ones with tconf, but you have to install
them in the table of known primes (pre_params) in t_getconf.c that's common
to the client and server, and recompile. The configuration file is gone.
The default prime (the last entry in the table) is 1024 bits; there are
others with more bits but they will be correspondingly slower.
The default tpasswd file (which is an ascii file that may be editted with a
regular text editor) contains two users: moo (passphrase "glub glub") and
"new user" (passphrase "this is a test"). Passphrases may be added or
changed with tphrase; you can also change the user's prime. To delete a
user, edit the tpasswd file and remove that line. The tpasswd file's
default name is DEFAULT_PASSWD in t_pwd.h. Note that you can't change a
user's username by editting the file: the username is encoded in the
verifier. If you change a username you must set a new passphrase with
tphrase.
Here is an example session, using the supplied srvtest and clitest. First,
start both programs in different windows, and enter the user names. Normally,
the client would send the username to the server. Server lines are marked
with S>, client lines with C>.
S> % srvtest
S> Enter username: moo
S> index (to client): 5
S> salt (to client): 19AI0Hc9jEkdFc
C> % clitest
C> Enter username: moo
C> Enter index (from server): 5
C> Enter salt (from server): 19AI0Hc9jEkdFc
The server reports the index and salt values used for that user. They
are sent over the network to the client. (Simulate this by cutting and
pasting from one window to the other.)
C> A (to server): 5wCDXRxLIv/zLazYfKupV/OY3BlhTZuJ71wVgI0HcL1kSJEpkMuWF.xEz/BV2wlJl7vk5Eoz9KMS1ccnaatsVP5D6CBm7UA.yVB59EQFN0dNBirvX29NAFdtdMsMppo5tHRy987XjJWrWSLpeibq6emr.gP8nYyX75GQqSiMY1j
C> Enter password:
S> Enter A (from client): 5wCDXRxLIv/zLazYfKupV/OY3BlhTZuJ71wVgI0HcL1kSJEpkMuWF.xEz/BV2wlJl7vk5Eoz9KMS1ccnaatsVP5D6CBm7UA.yVB59EQFN0dNBirvX29NAFdtdMsMppo5tHRy987XjJWrWSLpeibq6emr.gP8nYyX75GQqSiMY1j
Now the client calculates A and sends it to the server, and while the
server is munching on that, the client gets the password from the user.
S> B (to client): 9dcCpulxQAbaDXI0NHWY6B.QH6B9fsoXs/x/5SCNBNJm/6H6bYfbVrwNmdquhLZjYMvpcgGc2mBYqL77RNfw1kVQo17//GfsByECBIjRnrAn02ffX9Y/llJcfscAQiii0hyZhJf9PT5wE7pC7WUjIgSqckIZ0JLNDbSr7fJcrgw
S> Session key: ebbcf3a45c968defdcfff6e144ad8d4f5412167c9716e79cbf7cacfe18257947ad46fa5d6418a1fd
The server now calculates B and sends it to the client. The session key
is not sent -- it is a shared secret that can be used for encryption.
C> Enter B (from server): 9dcCpulxQAbaDXI0NHWY6B.QH6B9fsoXs/x/5SCNBNJm/6H6bYfbVrwNmdquhLZjYMvpcgGc2mBYqL77RNfw1kVQo17//GfsByECBIjRnrAn02ffX9Y/llJcfscAQiii0hyZhJf9PT5wE7pC7WUjIgSqckIZ0JLNDbSr7fJcrgw
C> Session key: ebbcf3a45c968defdcfff6e144ad8d4f5412167c9716e79cbf7cacfe18257947ad46fa5d6418a1fd
C> Response (to server): b9ea99094a176c4be28eb469982066cc7146d180
The client uses the B value to calculate its own copy of the shared secret
session key, and sends a response to the server proving that it does know
the correct key.
S> Enter response (from client): b9ea99094a176c4be28eb469982066cc7146d180
S> Authentication successful.
S> Response (to client): cd46c839ccad2d0c76f3ca1905ae8ceda8d1c1dc
The server authenticates the client. (You're in!)
C> Enter server response: cd46c839ccad2d0c76f3ca1905ae8ceda8d1c1dc
C> Server authentication successful.
The client authenticates the server (prevents server spoofing in the case
where the session key isn't used to encrypt the channel -- a spoofed server
might just respond with random values and _pretend_ to authenticate the
client; but the spoofed server won't know the session key and this check
catches that).
Final note:
Remember that many breaches of security involve buggy software, such as
servers susceptible to buffer overflow exploits that totally bypass any
passphrase, secure or not. If an attacker roots your client, or the server,
no form of authentication will work. Consider MAC-based schemes if this
worries you.

9
package/network/services/ead/src/tinysrp/acconfig.h Normal file
View File

@@ -0,0 +1,9 @@
#undef SHA1HANDSOFF
#undef POSIX_TERMIOS
#undef POSIX_SIGTYPE
#undef VERSION
#undef volatile

27
package/network/services/ead/src/tinysrp/acinclude.m4 Normal file
View File

@@ -0,0 +1,27 @@
dnl
dnl check for signal type
dnl
dnl AC_RETSIGTYPE isn't quite right, but almost.
dnl
define(TYPE_SIGNAL,[
AC_MSG_CHECKING([POSIX signal handlers])
AC_CACHE_VAL(cv_has_posix_signals,
[AC_TRY_COMPILE(
[#include <sys/types.h>
#include <signal.h>
#ifdef signal
#undef signal
#endif
extern void (*signal ()) ();], [],
cv_has_posix_signals=yes, cv_has_posix_signals=no)])
AC_MSG_RESULT($cv_has_posix_signals)
if test $cv_has_posix_signals = yes; then
AC_DEFINE(RETSIGTYPE, void, [Return type is void])
AC_DEFINE(POSIX_SIGTYPE, [], [Have POSIX signals])
else
if test $ac_cv_type_signal = void; then
AC_DEFINE(RETSIGTYPE, void, [Return type is void])
else
AC_DEFINE(RETSIGTYPE, int, [Return type is int])
fi
fi])dnl

157
package/network/services/ead/src/tinysrp/aclocal.m4 vendored Normal file
View File

@@ -0,0 +1,157 @@
dnl aclocal.m4 generated automatically by aclocal 1.4a
dnl Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl This program is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without
dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A
dnl PARTICULAR PURPOSE.
dnl
dnl check for signal type
dnl
dnl AC_RETSIGTYPE isn't quite right, but almost.
dnl
define(TYPE_SIGNAL,[
AC_MSG_CHECKING([POSIX signal handlers])
AC_CACHE_VAL(cv_has_posix_signals,
[AC_TRY_COMPILE(
[#include <sys/types.h>
#include <signal.h>
#ifdef signal
#undef signal
#endif
extern void (*signal ()) ();], [],
cv_has_posix_signals=yes, cv_has_posix_signals=no)])
AC_MSG_RESULT($cv_has_posix_signals)
if test $cv_has_posix_signals = yes; then
AC_DEFINE(RETSIGTYPE, void, [Return type is void])
AC_DEFINE(POSIX_SIGTYPE, [], [Have POSIX signals])
else
if test $ac_cv_type_signal = void; then
AC_DEFINE(RETSIGTYPE, void, [Return type is void])
else
AC_DEFINE(RETSIGTYPE, int, [Return type is int])
fi
fi])dnl
# Like AC_CONFIG_HEADER, but automatically create stamp file.
AC_DEFUN(AM_CONFIG_HEADER,
[AC_PREREQ([2.12])
AC_CONFIG_HEADER([$1])
dnl When config.status generates a header, we must update the stamp-h file.
dnl This file resides in the same directory as the config header
dnl that is generated. We must strip everything past the first ":",
dnl and everything past the last "/".
AC_OUTPUT_COMMANDS(changequote(<<,>>)dnl
ifelse(patsubst(<<$1>>, <<[^ ]>>, <<>>), <<>>,
<<test -z "<<$>>CONFIG_HEADERS" || echo timestamp > patsubst(<<$1>>, <<^\([^:]*/\)?.*>>, <<\1>>)stamp-h<<>>dnl>>,
<<am_indx=1
for am_file in <<$1>>; do
case " <<$>>CONFIG_HEADERS " in
*" <<$>>am_file "*<<)>>
echo timestamp > `echo <<$>>am_file | sed -e 's%:.*%%' -e 's%[^/]*$%%'`stamp-h$am_indx
;;
esac
am_indx=`expr "<<$>>am_indx" + 1`
done<<>>dnl>>)
changequote([,]))])
# Do all the work for Automake. This macro actually does too much --
# some checks are only needed if your package does certain things.
# But this isn't really a big deal.
# serial 1
dnl Usage:
dnl AM_INIT_AUTOMAKE(package,version, [no-define])
AC_DEFUN(AM_INIT_AUTOMAKE,
[AC_REQUIRE([AC_PROG_INSTALL])
dnl We require 2.13 because we rely on SHELL being computed by configure.
AC_PREREQ([2.13])
PACKAGE=[$1]
AC_SUBST(PACKAGE)
VERSION=[$2]
AC_SUBST(VERSION)
dnl test to see if srcdir already configured
if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then
AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
fi
ifelse([$3],,
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package]))
AC_REQUIRE([AM_SANITY_CHECK])
AC_REQUIRE([AC_ARG_PROGRAM])
dnl FIXME This is truly gross.
missing_dir=`cd $ac_aux_dir && pwd`
AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
AC_REQUIRE([AC_PROG_MAKE_SET])])
#
# Check to make sure that the build environment is sane.
#
AC_DEFUN(AM_SANITY_CHECK,
[AC_MSG_CHECKING([whether build environment is sane])
# Just in case
sleep 1
echo timestamp > conftestfile
# Do `set' in a subshell so we don't clobber the current shell's
# arguments. Must try -L first in case configure is actually a
# symlink; some systems play weird games with the mod time of symlinks
# (eg FreeBSD returns the mod time of the symlink's containing
# directory).
if (
set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null`
if test "[$]*" = "X"; then
# -L didn't work.
set X `ls -t $srcdir/configure conftestfile`
fi
if test "[$]*" != "X $srcdir/configure conftestfile" \
&& test "[$]*" != "X conftestfile $srcdir/configure"; then
# If neither matched, then we have a broken ls. This can happen
# if, for instance, CONFIG_SHELL is bash and it inherits a
# broken ls alias from the environment. This has actually
# happened. Such a system could not be considered "sane".
AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
alias in your environment])
fi
test "[$]2" = conftestfile
)
then
# Ok.
:
else
AC_MSG_ERROR([newly created file is older than distributed files!
Check your system clock])
fi
rm -f conftest*
AC_MSG_RESULT(yes)])
dnl AM_MISSING_PROG(NAME, PROGRAM, DIRECTORY)
dnl The program must properly implement --version.
AC_DEFUN(AM_MISSING_PROG,
[AC_MSG_CHECKING(for working $2)
# Run test in a subshell; some versions of sh will print an error if
# an executable is not found, even if stderr is redirected.
# Redirect stdin to placate older versions of autoconf. Sigh.
if ($2 --version) < /dev/null > /dev/null 2>&1; then
$1=$2
AC_MSG_RESULT(found)
else
$1="$3/missing $2"
AC_MSG_RESULT(missing)
fi
AC_SUBST($1)])

471
package/network/services/ead/src/tinysrp/bn.h Normal file
View File

@@ -0,0 +1,471 @@
/* crypto/bn/bn.h */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef HEADER_BN_H
#define HEADER_BN_H
#include <stdio.h> /* FILE */
#include "config.h"
#ifdef __cplusplus
extern "C" {
#endif
#ifdef VMS
#undef BN_LLONG /* experimental, so far... */
#endif
#undef BN_MUL_COMBA
#undef BN_SQR_COMBA
#undef BN_RECURSION
#undef RECP_MUL_MOD
#undef MONT_MUL_MOD
#if defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8
# if SIZEOF_LONG == 4
# define THIRTY_TWO_BIT
# else
# define SIXTY_FOUR_BIT_LONG
# endif
#else
# if SIZEOF_LONG == 4
# define THIRTY_TWO_BIT
# endif
#endif
#undef BN_LLONG
/* assuming long is 64bit - this is the DEC Alpha
* unsigned long long is only 64 bits :-(, don't define
* BN_LLONG for the DEC Alpha */
#ifdef SIXTY_FOUR_BIT_LONG
#define BN_ULLONG unsigned long long
#define BN_ULONG unsigned long
#define BN_LONG long
#define BN_BITS 128
#define BN_BYTES 8
#define BN_BITS2 64
#define BN_BITS4 32
#define BN_MASK (0xffffffffffffffffffffffffffffffffLL)
#define BN_MASK2 (0xffffffffffffffffL)
#define BN_MASK2l (0xffffffffL)
#define BN_MASK2h (0xffffffff00000000L)
#define BN_MASK2h1 (0xffffffff80000000L)
#define BN_TBIT (0x8000000000000000L)
#define BN_DEC_CONV (10000000000000000000UL)
#define BN_DEC_FMT1 "%lu"
#define BN_DEC_FMT2 "%019lu"
#define BN_DEC_NUM 19
#endif
/* This is where the long long data type is 64 bits, but long is 32.
* For machines where there are 64bit registers, this is the mode to use.
* IRIX, on R4000 and above should use this mode, along with the relevant
* assembler code :-). Do NOT define BN_LLONG.
*/
#ifdef SIXTY_FOUR_BIT
#undef BN_LLONG
#undef BN_ULLONG
#define BN_ULONG unsigned long long
#define BN_LONG long long
#define BN_BITS 128
#define BN_BYTES 8
#define BN_BITS2 64
#define BN_BITS4 32
#define BN_MASK2 (0xffffffffffffffffLL)
#define BN_MASK2l (0xffffffffL)
#define BN_MASK2h (0xffffffff00000000LL)
#define BN_MASK2h1 (0xffffffff80000000LL)
#define BN_TBIT (0x8000000000000000LL)
#define BN_DEC_CONV (10000000000000000000LL)
#define BN_DEC_FMT1 "%llu"
#define BN_DEC_FMT2 "%019llu"
#define BN_DEC_NUM 19
#endif
#ifdef THIRTY_TWO_BIT
#if defined(WIN32) && !defined(__GNUC__)
#define BN_ULLONG unsigned _int64
#else
#define BN_ULLONG unsigned long long
#endif
#define BN_ULONG unsigned long
#define BN_LONG long
#define BN_BITS 64
#define BN_BYTES 4
#define BN_BITS2 32
#define BN_BITS4 16
#ifdef WIN32
/* VC++ doesn't like the LL suffix */
#define BN_MASK (0xffffffffffffffffL)
#else
#define BN_MASK (0xffffffffffffffffLL)
#endif
#define BN_MASK2 (0xffffffffL)
#define BN_MASK2l (0xffff)
#define BN_MASK2h1 (0xffff8000L)
#define BN_MASK2h (0xffff0000L)
#define BN_TBIT (0x80000000L)
#define BN_DEC_CONV (1000000000L)
#define BN_DEC_FMT1 "%lu"
#define BN_DEC_FMT2 "%09lu"
#define BN_DEC_NUM 9
#endif
#ifdef SIXTEEN_BIT
#ifndef BN_DIV2W
#define BN_DIV2W
#endif
#define BN_ULLONG unsigned long
#define BN_ULONG unsigned short
#define BN_LONG short
#define BN_BITS 32
#define BN_BYTES 2
#define BN_BITS2 16
#define BN_BITS4 8
#define BN_MASK (0xffffffff)
#define BN_MASK2 (0xffff)
#define BN_MASK2l (0xff)
#define BN_MASK2h1 (0xff80)
#define BN_MASK2h (0xff00)
#define BN_TBIT (0x8000)
#define BN_DEC_CONV (100000)
#define BN_DEC_FMT1 "%u"
#define BN_DEC_FMT2 "%05u"
#define BN_DEC_NUM 5
#endif
#ifdef EIGHT_BIT
#ifndef BN_DIV2W
#define BN_DIV2W
#endif
#define BN_ULLONG unsigned short
#define BN_ULONG unsigned char
#define BN_LONG char
#define BN_BITS 16
#define BN_BYTES 1
#define BN_BITS2 8
#define BN_BITS4 4
#define BN_MASK (0xffff)
#define BN_MASK2 (0xff)
#define BN_MASK2l (0xf)
#define BN_MASK2h1 (0xf8)
#define BN_MASK2h (0xf0)
#define BN_TBIT (0x80)
#define BN_DEC_CONV (100)
#define BN_DEC_FMT1 "%u"
#define BN_DEC_FMT2 "%02u"
#define BN_DEC_NUM 2
#endif
#define BN_DEFAULT_BITS 1280
#ifdef BIGNUM
#undef BIGNUM
#endif
#define BN_FLG_MALLOCED 0x01
#define BN_FLG_STATIC_DATA 0x02
#define BN_FLG_FREE 0x8000 /* used for debuging */
#define BN_set_flags(b,n) ((b)->flags|=(n))
#define BN_get_flags(b,n) ((b)->flags&(n))
typedef struct bignum_st
{
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
int top; /* Index of last used d +1. */
/* The next are internal book keeping for bn_expand. */
int dmax; /* Size of the d array. */
int neg; /* one if the number is negative */
int flags;
} BIGNUM;
/* Used for temp variables */
#define BN_CTX_NUM 12
#define BN_CTX_NUM_POS 12
typedef struct bignum_ctx
{
int tos;
BIGNUM bn[BN_CTX_NUM];
int flags;
int depth;
int pos[BN_CTX_NUM_POS];
int too_many;
} BN_CTX;
/* Used for montgomery multiplication */
typedef struct bn_mont_ctx_st
{
int ri; /* number of bits in R */
BIGNUM RR; /* used to convert to montgomery form */
BIGNUM N; /* The modulus */
BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
* (Ni is only stored for bignum algorithm) */
BN_ULONG n0; /* least significant word of Ni */
int flags;
} BN_MONT_CTX;
/* Used for reciprocal division/mod functions
* It cannot be shared between threads
*/
typedef struct bn_recp_ctx_st
{
BIGNUM N; /* the divisor */
BIGNUM Nr; /* the reciprocal */
int num_bits;
int shift;
int flags;
} BN_RECP_CTX;
#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\
r,a,&((mont)->RR),(mont),ctx)
#define BN_prime_checks 0 /* default: select number of iterations
based on the size of the number */
/* number of Miller-Rabin iterations for an error rate of less than 2^-80
* for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
* of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
* original paper: Damgaard, Landrock, Pomerance: Average case error estimates
* for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \
(b) >= 850 ? 3 : \
(b) >= 650 ? 4 : \
(b) >= 550 ? 5 : \
(b) >= 450 ? 6 : \
(b) >= 400 ? 7 : \
(b) >= 350 ? 8 : \
(b) >= 300 ? 9 : \
(b) >= 250 ? 12 : \
(b) >= 200 ? 15 : \
(b) >= 150 ? 18 : \
/* b >= 100 */ 27)
#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
#define BN_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
#define BN_is_zero(a) (((a)->top == 0) || BN_is_word(a,0))
#define BN_is_one(a) (BN_is_word((a),1))
#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1))
#define BN_one(a) (BN_set_word((a),1))
#define BN_zero(a) (BN_set_word((a),0))
BIGNUM *BN_value_one(void);
char * BN_options(void);
BN_CTX *BN_CTX_new(void);
void BN_CTX_init(BN_CTX *c);
void BN_CTX_free(BN_CTX *c);
void BN_CTX_start(BN_CTX *ctx);
BIGNUM *BN_CTX_get(BN_CTX *ctx);
void BN_CTX_end(BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG);
BIGNUM *BN_new(void);
void BN_init(BIGNUM *);
void BN_clear_free(BIGNUM *a);
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
int BN_bn2bin(const BIGNUM *a, unsigned char *to);
int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
BN_CTX *ctx);
int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
int BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
int BN_mul_word(BIGNUM *a, BN_ULONG w);
int BN_add_word(BIGNUM *a, BN_ULONG w);
int BN_sub_word(BIGNUM *a, BN_ULONG w);
int BN_set_word(BIGNUM *a, BN_ULONG w);
BN_ULONG BN_get_word(BIGNUM *a);
int BN_cmp(const BIGNUM *a, const BIGNUM *b);
void BN_free(BIGNUM *a);
int BN_is_bit_set(const BIGNUM *a, int n);
int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
int BN_lshift1(BIGNUM *r, BIGNUM *a);
int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx);
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m,BN_CTX *ctx);
int BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m,BN_CTX *ctx);
int BN_mask_bits(BIGNUM *a,int n);
int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx);
int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
int BN_rshift1(BIGNUM *r, BIGNUM *a);
void BN_clear(BIGNUM *a);
BIGNUM *BN_dup(const BIGNUM *a);
int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
int BN_set_bit(BIGNUM *a, int n);
int BN_clear_bit(BIGNUM *a, int n);
int BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,BIGNUM *add,
BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg);
int BN_is_prime(const BIGNUM *p,int nchecks,
void (*callback)(int,int,void *),
BN_CTX *ctx,void *cb_arg);
int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
int do_trial_division);
BN_MONT_CTX *BN_MONT_CTX_new(void );
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
BN_CTX *ctx);
int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
void BN_set_params(int mul,int high,int low,int mont);
int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
void BN_RECP_CTX_init(BN_RECP_CTX *recp);
BN_RECP_CTX *BN_RECP_CTX_new(void);
void BN_RECP_CTX_free(BN_RECP_CTX *recp);
int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y,
BN_RECP_CTX *recp,BN_CTX *ctx);
int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
BN_RECP_CTX *recp, BN_CTX *ctx);
/* library internal functions */
#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
(a):bn_expand2((a),(bits)/BN_BITS2+1))
#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
BIGNUM *bn_expand2(BIGNUM *a, int words);
#define bn_fix_top(a) \
{ \
BN_ULONG *ftl; \
if ((a)->top > 0) \
{ \
for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
if (*(ftl--)) break; \
} \
}
BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
#ifdef BN_DEBUG
void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n);
# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
fprintf(stderr,"\n");}
# define bn_dump(a,n) bn_dump1(stderr,#a,a,n);
#else
# define bn_print(a)
# define bn_dump(a,b)
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
/* Error codes for the BN functions. */
/* Function codes. */
#define BN_F_BN_CTX_GET 116
#define BN_F_BN_CTX_NEW 106
#define BN_F_BN_DIV 107
#define BN_F_BN_EXPAND2 108
#define BN_F_BN_MOD_EXP2_MONT 118
#define BN_F_BN_MOD_EXP_MONT 109
#define BN_F_BN_MOD_EXP_MONT_WORD 117
#define BN_F_BN_MOD_INVERSE 110
#define BN_F_BN_MOD_MUL_RECIPROCAL 111
#define BN_F_BN_MPI2BN 112
#define BN_F_BN_NEW 113
#define BN_F_BN_RAND 114
#define BN_F_BN_USUB 115
/* Reason codes. */
#define BN_R_ARG2_LT_ARG3 100
#define BN_R_BAD_RECIPROCAL 101
#define BN_R_CALLED_WITH_EVEN_MODULUS 102
#define BN_R_DIV_BY_ZERO 103
#define BN_R_ENCODING_ERROR 104
#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
#define BN_R_INVALID_LENGTH 106
#define BN_R_NOT_INITIALIZED 107
#define BN_R_NO_INVERSE 108
#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
#ifdef __cplusplus
}
#endif
#endif

305
package/network/services/ead/src/tinysrp/bn_add.c Normal file
View File

@@ -0,0 +1,305 @@
/* crypto/bn/bn_add.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "bn_lcl.h"
/* r can == a or b */
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
{
const BIGNUM *tmp;
bn_check_top(a);
bn_check_top(b);
/* a + b a+b
* a + -b a-b
* -a + b b-a
* -a + -b -(a+b)
*/
if (a->neg ^ b->neg)
{
/* only one is negative */
if (a->neg)
{ tmp=a; a=b; b=tmp; }
/* we are now a - b */
if (BN_ucmp(a,b) < 0)
{
if (!BN_usub(r,b,a)) return(0);
r->neg=1;
}
else
{
if (!BN_usub(r,a,b)) return(0);
r->neg=0;
}
return(1);
}
if (a->neg) /* both are neg */
r->neg=1;
else
r->neg=0;
if (!BN_uadd(r,a,b)) return(0);
return(1);
}
/* unsigned add of b to a, r must be large enough */
int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
{
register int i;
int max,min;
BN_ULONG *ap,*bp,*rp,carry,t1;
const BIGNUM *tmp;
bn_check_top(a);
bn_check_top(b);
if (a->top < b->top)
{ tmp=a; a=b; b=tmp; }
max=a->top;
min=b->top;
if (bn_wexpand(r,max+1) == NULL)
return(0);
r->top=max;
ap=a->d;
bp=b->d;
rp=r->d;
carry=0;
carry=bn_add_words(rp,ap,bp,min);
rp+=min;
ap+=min;
bp+=min;
i=min;
if (carry)
{
while (i < max)
{
i++;
t1= *(ap++);
if ((*(rp++)=(t1+1)&BN_MASK2) >= t1)
{
carry=0;
break;
}
}
if ((i >= max) && carry)
{
*(rp++)=1;
r->top++;
}
}
if (rp != ap)
{
for (; i<max; i++)
*(rp++)= *(ap++);
}
/* memcpy(rp,ap,sizeof(*ap)*(max-i));*/
return(1);
}
/* unsigned subtraction of b from a, a must be larger than b. */
int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
{
int max,min;
register BN_ULONG t1,t2,*ap,*bp,*rp;
int i,carry;
#if defined(IRIX_CC_BUG) && !defined(LINT)
int dummy;
#endif
bn_check_top(a);
bn_check_top(b);
if (a->top < b->top) /* hmm... should not be happening */
{
return(0);
}
max=a->top;
min=b->top;
if (bn_wexpand(r,max) == NULL) return(0);
ap=a->d;
bp=b->d;
rp=r->d;
#if 1
carry=0;
for (i=0; i<min; i++)
{
t1= *(ap++);
t2= *(bp++);
if (carry)
{
carry=(t1 <= t2);
t1=(t1-t2-1)&BN_MASK2;
}
else
{
carry=(t1 < t2);
t1=(t1-t2)&BN_MASK2;
}
#if defined(IRIX_CC_BUG) && !defined(LINT)
dummy=t1;
#endif
*(rp++)=t1&BN_MASK2;
}
#else
carry=bn_sub_words(rp,ap,bp,min);
ap+=min;
bp+=min;
rp+=min;
i=min;
#endif
if (carry) /* subtracted */
{
while (i < max)
{
i++;
t1= *(ap++);
t2=(t1-1)&BN_MASK2;
*(rp++)=t2;
if (t1 > t2) break;
}
}
#if 0
memcpy(rp,ap,sizeof(*rp)*(max-i));
#else
if (rp != ap)
{
for (;;)
{
if (i++ >= max) break;
rp[0]=ap[0];
if (i++ >= max) break;
rp[1]=ap[1];
if (i++ >= max) break;
rp[2]=ap[2];
if (i++ >= max) break;
rp[3]=ap[3];
rp+=4;
ap+=4;
}
}
#endif
r->top=max;
bn_fix_top(r);
return(1);
}
int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
{
int max;
int add=0,neg=0;
const BIGNUM *tmp;
bn_check_top(a);
bn_check_top(b);
/* a - b a-b
* a - -b a+b
* -a - b -(a+b)
* -a - -b b-a
*/
if (a->neg)
{
if (b->neg)
{ tmp=a; a=b; b=tmp; }
else
{ add=1; neg=1; }
}
else
{
if (b->neg) { add=1; neg=0; }
}
if (add)
{
if (!BN_uadd(r,a,b)) return(0);
r->neg=neg;
return(1);
}
/* We are actually doing a - b :-) */
max=(a->top > b->top)?a->top:b->top;
if (bn_wexpand(r,max) == NULL) return(0);
if (BN_ucmp(a,b) < 0)
{
if (!BN_usub(r,b,a)) return(0);
r->neg=1;
}
else
{
if (!BN_usub(r,a,b)) return(0);
r->neg=0;
}
return(1);
}

382
package/network/services/ead/src/tinysrp/bn_asm.c Normal file
View File

@@ -0,0 +1,382 @@
/* crypto/bn/bn_asm.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef BN_DEBUG
# undef NDEBUG /* avoid conflicting definitions */
# define NDEBUG
#endif
#include <stdio.h>
#include <assert.h>
#include "bn_lcl.h"
#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
{
BN_ULONG c1=0;
assert(num >= 0);
if (num <= 0) return(c1);
while (num&~3)
{
mul_add(rp[0],ap[0],w,c1);
mul_add(rp[1],ap[1],w,c1);
mul_add(rp[2],ap[2],w,c1);
mul_add(rp[3],ap[3],w,c1);
ap+=4; rp+=4; num-=4;
}
if (num)
{
mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
mul_add(rp[2],ap[2],w,c1); return c1;
}
return(c1);
}
BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
{
BN_ULONG c1=0;
assert(num >= 0);
if (num <= 0) return(c1);
while (num&~3)
{
mul(rp[0],ap[0],w,c1);
mul(rp[1],ap[1],w,c1);
mul(rp[2],ap[2],w,c1);
mul(rp[3],ap[3],w,c1);
ap+=4; rp+=4; num-=4;
}
if (num)
{
mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
mul(rp[2],ap[2],w,c1);
}
return(c1);
}
void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
{
assert(n >= 0);
if (n <= 0) return;
while (n&~3)
{
sqr(r[0],r[1],a[0]);
sqr(r[2],r[3],a[1]);
sqr(r[4],r[5],a[2]);
sqr(r[6],r[7],a[3]);
a+=4; r+=8; n-=4;
}
if (n)
{
sqr(r[0],r[1],a[0]); if (--n == 0) return;
sqr(r[2],r[3],a[1]); if (--n == 0) return;
sqr(r[4],r[5],a[2]);
}
}
#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
{
BN_ULONG c=0;
BN_ULONG bl,bh;
assert(num >= 0);
if (num <= 0) return((BN_ULONG)0);
bl=LBITS(w);
bh=HBITS(w);
for (;;)
{
mul_add(rp[0],ap[0],bl,bh,c);
if (--num == 0) break;
mul_add(rp[1],ap[1],bl,bh,c);
if (--num == 0) break;
mul_add(rp[2],ap[2],bl,bh,c);
if (--num == 0) break;
mul_add(rp[3],ap[3],bl,bh,c);
if (--num == 0) break;
ap+=4;
rp+=4;
}
return(c);
}
BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
{
BN_ULONG carry=0;
BN_ULONG bl,bh;
assert(num >= 0);
if (num <= 0) return((BN_ULONG)0);
bl=LBITS(w);
bh=HBITS(w);
for (;;)
{
mul(rp[0],ap[0],bl,bh,carry);
if (--num == 0) break;
mul(rp[1],ap[1],bl,bh,carry);
if (--num == 0) break;
mul(rp[2],ap[2],bl,bh,carry);
if (--num == 0) break;
mul(rp[3],ap[3],bl,bh,carry);
if (--num == 0) break;
ap+=4;
rp+=4;
}
return(carry);
}
void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
{
assert(n >= 0);
if (n <= 0) return;
for (;;)
{
sqr64(r[0],r[1],a[0]);
if (--n == 0) break;
sqr64(r[2],r[3],a[1]);
if (--n == 0) break;
sqr64(r[4],r[5],a[2]);
if (--n == 0) break;
sqr64(r[6],r[7],a[3]);
if (--n == 0) break;
a+=4;
r+=8;
}
}
#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
#if defined(BN_LLONG) && defined(BN_DIV2W)
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
{
return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
}
#else
/* Divide h,l by d and return the result. */
/* I need to test this some more :-( */
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
{
BN_ULONG dh,dl,q,ret=0,th,tl,t;
int i,count=2;
if (d == 0) return(BN_MASK2);
i=BN_num_bits_word(d);
assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i));
i=BN_BITS2-i;
if (h >= d) h-=d;
if (i)
{
d<<=i;
h=(h<<i)|(l>>(BN_BITS2-i));
l<<=i;
}
dh=(d&BN_MASK2h)>>BN_BITS4;
dl=(d&BN_MASK2l);
for (;;)
{
if ((h>>BN_BITS4) == dh)
q=BN_MASK2l;
else
q=h/dh;
th=q*dh;
tl=dl*q;
for (;;)
{
t=h-th;
if ((t&BN_MASK2h) ||
((tl) <= (
(t<<BN_BITS4)|
((l&BN_MASK2h)>>BN_BITS4))))
break;
q--;
th-=dh;
tl-=dl;
}
t=(tl>>BN_BITS4);
tl=(tl<<BN_BITS4)&BN_MASK2h;
th+=t;
if (l < tl) th++;
l-=tl;
if (h < th)
{
h+=d;
q--;
}
h-=th;
if (--count == 0) break;
ret=q<<BN_BITS4;
h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
l=(l&BN_MASK2l)<<BN_BITS4;
}
ret|=q;
return(ret);
}
#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
#ifdef BN_LLONG
BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
{
BN_ULLONG ll=0;
assert(n >= 0);
if (n <= 0) return((BN_ULONG)0);
for (;;)
{
ll+=(BN_ULLONG)a[0]+b[0];
r[0]=(BN_ULONG)ll&BN_MASK2;
ll>>=BN_BITS2;
if (--n <= 0) break;
ll+=(BN_ULLONG)a[1]+b[1];
r[1]=(BN_ULONG)ll&BN_MASK2;
ll>>=BN_BITS2;
if (--n <= 0) break;
ll+=(BN_ULLONG)a[2]+b[2];
r[2]=(BN_ULONG)ll&BN_MASK2;
ll>>=BN_BITS2;
if (--n <= 0) break;
ll+=(BN_ULLONG)a[3]+b[3];
r[3]=(BN_ULONG)ll&BN_MASK2;
ll>>=BN_BITS2;
if (--n <= 0) break;
a+=4;
b+=4;
r+=4;
}
return((BN_ULONG)ll);
}
#else /* !BN_LLONG */
BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
{
BN_ULONG c,l,t;
assert(n >= 0);
if (n <= 0) return((BN_ULONG)0);
c=0;
for (;;)
{
t=a[0];
t=(t+c)&BN_MASK2;
c=(t < c);
l=(t+b[0])&BN_MASK2;
c+=(l < t);
r[0]=l;
if (--n <= 0) break;
t=a[1];
t=(t+c)&BN_MASK2;
c=(t < c);
l=(t+b[1])&BN_MASK2;
c+=(l < t);
r[1]=l;
if (--n <= 0) break;
t=a[2];
t=(t+c)&BN_MASK2;
c=(t < c);
l=(t+b[2])&BN_MASK2;
c+=(l < t);
r[2]=l;
if (--n <= 0) break;
t=a[3];
t=(t+c)&BN_MASK2;
c=(t < c);
l=(t+b[3])&BN_MASK2;
c+=(l < t);
r[3]=l;
if (--n <= 0) break;
a+=4;
b+=4;
r+=4;
}
return((BN_ULONG)c);
}
#endif /* !BN_LLONG */

142
package/network/services/ead/src/tinysrp/bn_ctx.c Normal file
View File

@@ -0,0 +1,142 @@
/* crypto/bn/bn_ctx.c */
/* Written by Ulf Moeller for the OpenSSL project. */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef BN_CTX_DEBUG
# undef NDEBUG /* avoid conflicting definitions */
# define NDEBUG
#endif
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <bn.h>
BN_CTX *BN_CTX_new(void)
{
BN_CTX *ret;
ret=(BN_CTX *)malloc(sizeof(BN_CTX));
if (ret == NULL)
{
return(NULL);
}
BN_CTX_init(ret);
ret->flags=BN_FLG_MALLOCED;
return(ret);
}
void BN_CTX_init(BN_CTX *ctx)
{
int i;
ctx->tos = 0;
ctx->flags = 0;
ctx->depth = 0;
ctx->too_many = 0;
for (i = 0; i < BN_CTX_NUM; i++)
BN_init(&(ctx->bn[i]));
}
void BN_CTX_free(BN_CTX *ctx)
{
int i;
if (ctx == NULL) return;
assert(ctx->depth == 0);
for (i=0; i < BN_CTX_NUM; i++)
BN_clear_free(&(ctx->bn[i]));
if (ctx->flags & BN_FLG_MALLOCED)
free(ctx);
}
void BN_CTX_start(BN_CTX *ctx)
{
if (ctx->depth < BN_CTX_NUM_POS)
ctx->pos[ctx->depth] = ctx->tos;
ctx->depth++;
}
BIGNUM *BN_CTX_get(BN_CTX *ctx)
{
if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM)
{
if (!ctx->too_many)
{
/* disable error code until BN_CTX_end is called: */
ctx->too_many = 1;
}
return NULL;
}
return (&(ctx->bn[ctx->tos++]));
}
void BN_CTX_end(BN_CTX *ctx)
{
if (ctx == NULL) return;
assert(ctx->depth > 0);
if (ctx->depth == 0)
/* should never happen, but we can tolerate it if not in
* debug mode (could be a 'goto err' in the calling function
* before BN_CTX_start was reached) */
BN_CTX_start(ctx);
ctx->too_many = 0;
ctx->depth--;
if (ctx->depth < BN_CTX_NUM_POS)
ctx->tos = ctx->pos[ctx->depth];
}

378
package/network/services/ead/src/tinysrp/bn_div.c Normal file
View File

@@ -0,0 +1,378 @@
/* crypto/bn/bn_div.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "bn_lcl.h"
#define NO_ASM
/* The old slow way */
#if 0
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
BN_CTX *ctx)
{
int i,nm,nd;
int ret = 0;
BIGNUM *D;
bn_check_top(m);
bn_check_top(d);
if (BN_is_zero(d))
{
return(0);
}
if (BN_ucmp(m,d) < 0)
{
if (rem != NULL)
{ if (BN_copy(rem,m) == NULL) return(0); }
if (dv != NULL) BN_zero(dv);
return(1);
}
BN_CTX_start(ctx);
D = BN_CTX_get(ctx);
if (dv == NULL) dv = BN_CTX_get(ctx);
if (rem == NULL) rem = BN_CTX_get(ctx);
if (D == NULL || dv == NULL || rem == NULL)
goto end;
nd=BN_num_bits(d);
nm=BN_num_bits(m);
if (BN_copy(D,d) == NULL) goto end;
if (BN_copy(rem,m) == NULL) goto end;
/* The next 2 are needed so we can do a dv->d[0]|=1 later
* since BN_lshift1 will only work once there is a value :-) */
BN_zero(dv);
bn_wexpand(dv,1);
dv->top=1;
if (!BN_lshift(D,D,nm-nd)) goto end;
for (i=nm-nd; i>=0; i--)
{
if (!BN_lshift1(dv,dv)) goto end;
if (BN_ucmp(rem,D) >= 0)
{
dv->d[0]|=1;
if (!BN_usub(rem,rem,D)) goto end;
}
/* CAN IMPROVE (and have now :=) */
if (!BN_rshift1(D,D)) goto end;
}
rem->neg=BN_is_zero(rem)?0:m->neg;
dv->neg=m->neg^d->neg;
ret = 1;
end:
BN_CTX_end(ctx);
return(ret);
}
#else
#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W)
# if defined(__GNUC__) && __GNUC__>=2
# if defined(__i386)
/*
* There were two reasons for implementing this template:
* - GNU C generates a call to a function (__udivdi3 to be exact)
* in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
* understand why...);
* - divl doesn't only calculate quotient, but also leaves
* remainder in %edx which we can definitely use here:-)
*
* <appro@fy.chalmers.se>
*/
# define bn_div_words(n0,n1,d0) \
({ asm volatile ( \
"divl %4" \
: "=a"(q), "=d"(rem) \
: "a"(n1), "d"(n0), "g"(d0) \
: "cc"); \
q; \
})
# define REMAINDER_IS_ALREADY_CALCULATED
# endif /* __<cpu> */
# endif /* __GNUC__ */
#endif /* NO_ASM */
int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
BN_CTX *ctx)
{
int norm_shift,i,j,loop;
BIGNUM *tmp,wnum,*snum,*sdiv,*res;
BN_ULONG *resp,*wnump;
BN_ULONG d0,d1;
int num_n,div_n;
bn_check_top(num);
bn_check_top(divisor);
if (BN_is_zero(divisor))
{
return(0);
}
if (BN_ucmp(num,divisor) < 0)
{
if (rm != NULL)
{ if (BN_copy(rm,num) == NULL) return(0); }
if (dv != NULL) BN_zero(dv);
return(1);
}
BN_CTX_start(ctx);
tmp=BN_CTX_get(ctx);
tmp->neg=0;
snum=BN_CTX_get(ctx);
sdiv=BN_CTX_get(ctx);
if (dv == NULL)
res=BN_CTX_get(ctx);
else res=dv;
if (res == NULL) goto err;
/* First we normalise the numbers */
norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
BN_lshift(sdiv,divisor,norm_shift);
sdiv->neg=0;
norm_shift+=BN_BITS2;
BN_lshift(snum,num,norm_shift);
snum->neg=0;
div_n=sdiv->top;
num_n=snum->top;
loop=num_n-div_n;
/* Lets setup a 'window' into snum
* This is the part that corresponds to the current
* 'area' being divided */
BN_init(&wnum);
wnum.d= &(snum->d[loop]);
wnum.top= div_n;
wnum.dmax= snum->dmax+1; /* a bit of a lie */
/* Get the top 2 words of sdiv */
/* i=sdiv->top; */
d0=sdiv->d[div_n-1];
d1=(div_n == 1)?0:sdiv->d[div_n-2];
/* pointer to the 'top' of snum */
wnump= &(snum->d[num_n-1]);
/* Setup to 'res' */
res->neg= (num->neg^divisor->neg);
if (!bn_wexpand(res,(loop+1))) goto err;
res->top=loop;
resp= &(res->d[loop-1]);
/* space for temp */
if (!bn_wexpand(tmp,(div_n+1))) goto err;
if (BN_ucmp(&wnum,sdiv) >= 0)
{
if (!BN_usub(&wnum,&wnum,sdiv)) goto err;
*resp=1;
res->d[res->top-1]=1;
}
else
res->top--;
resp--;
for (i=0; i<loop-1; i++)
{
BN_ULONG q,l0;
#ifdef BN_DIV3W
q=bn_div_3_words(wnump,d1,d0);
#else
BN_ULONG n0,n1,rem=0;
n0=wnump[0];
n1=wnump[-1];
if (n0 == d0)
q=BN_MASK2;
else /* n0 < d0 */
{
#ifdef BN_LLONG
BN_ULLONG t2;
#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
#else
q=bn_div_words(n0,n1,d0);
#endif
#ifndef REMAINDER_IS_ALREADY_CALCULATED
/*
* rem doesn't have to be BN_ULLONG. The least we
* know it's less that d0, isn't it?
*/
rem=(n1-q*d0)&BN_MASK2;
#endif
t2=(BN_ULLONG)d1*q;
for (;;)
{
if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
break;
q--;
rem += d0;
if (rem < d0) break; /* don't let rem overflow */
t2 -= d1;
}
#else /* !BN_LLONG */
BN_ULONG t2l,t2h,ql,qh;
q=bn_div_words(n0,n1,d0);
#ifndef REMAINDER_IS_ALREADY_CALCULATED
rem=(n1-q*d0)&BN_MASK2;
#endif
#ifdef BN_UMULT_HIGH
t2l = d1 * q;
t2h = BN_UMULT_HIGH(d1,q);
#else
t2l=LBITS(d1); t2h=HBITS(d1);
ql =LBITS(q); qh =HBITS(q);
mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
#endif
for (;;)
{
if ((t2h < rem) ||
((t2h == rem) && (t2l <= wnump[-2])))
break;
q--;
rem += d0;
if (rem < d0) break; /* don't let rem overflow */
if (t2l < d1) t2h--; t2l -= d1;
}
#endif /* !BN_LLONG */
}
#endif /* !BN_DIV3W */
l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
wnum.d--; wnum.top++;
tmp->d[div_n]=l0;
for (j=div_n+1; j>0; j--)
if (tmp->d[j-1]) break;
tmp->top=j;
j=wnum.top;
BN_sub(&wnum,&wnum,tmp);
snum->top=snum->top+wnum.top-j;
if (wnum.neg)
{
q--;
j=wnum.top;
BN_add(&wnum,&wnum,sdiv);
snum->top+=wnum.top-j;
}
*(resp--)=q;
wnump--;
}
if (rm != NULL)
{
BN_rshift(rm,snum,norm_shift);
rm->neg=num->neg;
}
BN_CTX_end(ctx);
return(1);
err:
BN_CTX_end(ctx);
return(0);
}
#endif
/* rem != m */
int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
{
#if 0 /* The old slow way */
int i,nm,nd;
BIGNUM *dv;
if (BN_ucmp(m,d) < 0)
return((BN_copy(rem,m) == NULL)?0:1);
BN_CTX_start(ctx);
dv=BN_CTX_get(ctx);
if (!BN_copy(rem,m)) goto err;
nm=BN_num_bits(rem);
nd=BN_num_bits(d);
if (!BN_lshift(dv,d,nm-nd)) goto err;
for (i=nm-nd; i>=0; i--)
{
if (BN_cmp(rem,dv) >= 0)
{
if (!BN_sub(rem,rem,dv)) goto err;
}
if (!BN_rshift1(dv,dv)) goto err;
}
BN_CTX_end(ctx);
return(1);
err:
BN_CTX_end(ctx);
return(0);
#else
return(BN_div(NULL,rem,m,d,ctx));
#endif
}

395
package/network/services/ead/src/tinysrp/bn_exp.c Normal file
View File

@@ -0,0 +1,395 @@
/* crypto/bn/bn_exp.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include "bn_lcl.h"
#define TABLE_SIZE 32
/* slow but works */
int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
{
BIGNUM *t;
int r=0;
bn_check_top(a);
bn_check_top(b);
bn_check_top(m);
BN_CTX_start(ctx);
if ((t = BN_CTX_get(ctx)) == NULL) goto err;
if (a == b)
{ if (!BN_sqr(t,a,ctx)) goto err; }
else
{ if (!BN_mul(t,a,b,ctx)) goto err; }
if (!BN_mod(ret,t,m,ctx)) goto err;
r=1;
err:
BN_CTX_end(ctx);
return(r);
}
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx)
{
int ret;
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
#ifdef MONT_MUL_MOD
/* I have finally been able to take out this pre-condition of
* the top bit being set. It was caused by an error in BN_div
* with negatives. There was also another problem when for a^b%m
* a >= m. eay 07-May-97 */
/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
if (BN_is_odd(m))
{
if (a->top == 1)
{
BN_ULONG A = a->d[0];
ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
}
else
ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
}
else
#endif
#ifdef RECP_MUL_MOD
{ ret=BN_mod_exp_recp(r,a,p,m,ctx); }
#else
{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
#endif
return(ret);
}
#ifdef RECP_MUL_MOD
int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
int i,j,bits,ret=0,wstart,wend,window,wvalue;
int start=1,ts=0;
BIGNUM *aa;
BIGNUM val[TABLE_SIZE];
BN_RECP_CTX recp;
bits=BN_num_bits(p);
if (bits == 0)
{
BN_one(r);
return(1);
}
BN_CTX_start(ctx);
if ((aa = BN_CTX_get(ctx)) == NULL) goto err;
BN_RECP_CTX_init(&recp);
if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
BN_init(&(val[0]));
ts=1;
if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */
window = BN_window_bits_for_exponent_size(bits);
if (window > 1)
{
if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
goto err; /* 2 */
j=1<<(window-1);
for (i=1; i<j; i++)
{
BN_init(&val[i]);
if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
goto err;
}
ts=i;
}
start=1; /* This is used to avoid multiplication etc
* when there is only the value '1' in the
* buffer. */
wvalue=0; /* The 'value' of the window */
wstart=bits-1; /* The top bit of the window */
wend=0; /* The bottom bit of the window */
if (!BN_one(r)) goto err;
for (;;)
{
if (BN_is_bit_set(p,wstart) == 0)
{
if (!start)
if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
goto err;
if (wstart == 0) break;
wstart--;
continue;
}
/* We now have wstart on a 'set' bit, we now need to work out
* how bit a window to do. To do this we need to scan
* forward until the last set bit before the end of the
* window */
j=wstart;
wvalue=1;
wend=0;
for (i=1; i<window; i++)
{
if (wstart-i < 0) break;
if (BN_is_bit_set(p,wstart-i))
{
wvalue<<=(i-wend);
wvalue|=1;
wend=i;
}
}
/* wend is the size of the current window */
j=wend+1;
/* add the 'bytes above' */
if (!start)
for (i=0; i<j; i++)
{
if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
goto err;
}
/* wvalue will be an odd number < 2^window */
if (!BN_mod_mul_reciprocal(r,r,&(val[wvalue>>1]),&recp,ctx))
goto err;
/* move the 'window' down further */
wstart-=wend+1;
wvalue=0;
start=0;
if (wstart < 0) break;
}
ret=1;
err:
BN_CTX_end(ctx);
for (i=0; i<ts; i++)
BN_clear_free(&(val[i]));
BN_RECP_CTX_free(&recp);
return(ret);
}
#else
/* The old fallback, simple version :-) */
int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
int start=1;
BIGNUM *d;
BIGNUM val[TABLE_SIZE];
bits=BN_num_bits(p);
if (bits == 0)
{
BN_one(r);
return(1);
}
BN_CTX_start(ctx);
if ((d = BN_CTX_get(ctx)) == NULL) goto err;
BN_init(&(val[0]));
ts=1;
if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */
window = BN_window_bits_for_exponent_size(bits);
if (window > 1)
{
if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
goto err; /* 2 */
j=1<<(window-1);
for (i=1; i<j; i++)
{
BN_init(&(val[i]));
if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
goto err;
}
ts=i;
}
start=1; /* This is used to avoid multiplication etc
* when there is only the value '1' in the
* buffer. */
wvalue=0; /* The 'value' of the window */
wstart=bits-1; /* The top bit of the window */
wend=0; /* The bottom bit of the window */
if (!BN_one(r)) goto err;
for (;;)
{
if (BN_is_bit_set(p,wstart) == 0)
{
if (!start)
if (!BN_mod_mul(r,r,r,m,ctx))
goto err;
if (wstart == 0) break;
wstart--;
continue;
}
/* We now have wstart on a 'set' bit, we now need to work out
* how bit a window to do. To do this we need to scan
* forward until the last set bit before the end of the
* window */
j=wstart;
wvalue=1;
wend=0;
for (i=1; i<window; i++)
{
if (wstart-i < 0) break;
if (BN_is_bit_set(p,wstart-i))
{
wvalue<<=(i-wend);
wvalue|=1;
wend=i;
}
}
/* wend is the size of the current window */
j=wend+1;
/* add the 'bytes above' */
if (!start)
for (i=0; i<j; i++)
{
if (!BN_mod_mul(r,r,r,m,ctx))
goto err;
}
/* wvalue will be an odd number < 2^window */
if (!BN_mod_mul(r,r,&(val[wvalue>>1]),m,ctx))
goto err;
/* move the 'window' down further */
wstart-=wend+1;
wvalue=0;
start=0;
if (wstart < 0) break;
}
ret=1;
err:
BN_CTX_end(ctx);
for (i=0; i<ts; i++)
BN_clear_free(&(val[i]));
return(ret);
}
#endif

419
package/network/services/ead/src/tinysrp/bn_lcl.h Normal file
View File

@@ -0,0 +1,419 @@
/* crypto/bn/bn_lcl.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_BN_LCL_H
#define HEADER_BN_LCL_H
#include <bn.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
*
*
* For window size 'w' (w >= 2) and a random 'b' bits exponent,
* the number of multiplications is a constant plus on average
*
* 2^(w-1) + (b-w)/(w+1);
*
* here 2^(w-1) is for precomputing the table (we actually need
* entries only for windows that have the lowest bit set), and
* (b-w)/(w+1) is an approximation for the expected number of
* w-bit windows, not counting the first one.
*
* Thus we should use
*
* w >= 6 if b > 671
* w = 5 if 671 > b > 239
* w = 4 if 239 > b > 79
* w = 3 if 79 > b > 23
* w <= 2 if 23 > b
*
* (with draws in between). Very small exponents are often selected
* with low Hamming weight, so we use w = 1 for b <= 23.
*/
#if 1
#define BN_window_bits_for_exponent_size(b) \
((b) > 671 ? 6 : \
(b) > 239 ? 5 : \
(b) > 79 ? 4 : \
(b) > 23 ? 3 : 1)
#else
/* Old SSLeay/OpenSSL table.
* Maximum window size was 5, so this table differs for b==1024;
* but it coincides for other interesting values (b==160, b==512).
*/
#define BN_window_bits_for_exponent_size(b) \
((b) > 255 ? 5 : \
(b) > 127 ? 4 : \
(b) > 17 ? 3 : 1)
#endif
/* Pentium pro 16,16,16,32,64 */
/* Alpha 16,16,16,16.64 */
#define BN_MULL_SIZE_NORMAL (16) /* 32 */
#define BN_MUL_RECURSIVE_SIZE_NORMAL (16) /* 32 less than */
#define BN_SQR_RECURSIVE_SIZE_NORMAL (16) /* 32 */
#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */
#define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */
#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC)
/*
* BN_UMULT_HIGH section.
*
* No, I'm not trying to overwhelm you when stating that the
* product of N-bit numbers is 2*N bits wide:-) No, I don't expect
* you to be impressed when I say that if the compiler doesn't
* support 2*N integer type, then you have to replace every N*N
* multiplication with 4 (N/2)*(N/2) accompanied by some shifts
* and additions which unavoidably results in severe performance
* penalties. Of course provided that the hardware is capable of
* producing 2*N result... That's when you normally start
* considering assembler implementation. However! It should be
* pointed out that some CPUs (most notably Alpha, PowerPC and
* upcoming IA-64 family:-) provide *separate* instruction
* calculating the upper half of the product placing the result
* into a general purpose register. Now *if* the compiler supports
* inline assembler, then it's not impossible to implement the
* "bignum" routines (and have the compiler optimize 'em)
* exhibiting "native" performance in C. That's what BN_UMULT_HIGH
* macro is about:-)
*
* <appro@fy.chalmers.se>
*/
# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
# if defined(__DECC)
# include <c_asm.h>
# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
# elif defined(__GNUC__)
# define BN_UMULT_HIGH(a,b) ({ \
register BN_ULONG ret; \
asm ("umulh %1,%2,%0" \
: "=r"(ret) \
: "r"(a), "r"(b)); \
ret; })
# endif /* compiler */
# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
# if defined(__GNUC__)
# define BN_UMULT_HIGH(a,b) ({ \
register BN_ULONG ret; \
asm ("mulhdu %0,%1,%2" \
: "=r"(ret) \
: "r"(a), "r"(b)); \
ret; })
# endif /* compiler */
# endif /* cpu */
#endif /* NO_ASM */
/*************************************************************
* Using the long long type
*/
#define Lw(t) (((BN_ULONG)(t))&BN_MASK2)
#define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
/* This is used for internal error checking and is not normally used */
#ifdef BN_DEBUG
# include <assert.h>
# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax);
#else
# define bn_check_top(a)
#endif
/* This macro is to add extra stuff for development checking */
#ifdef BN_DEBUG
#define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA))
#else
#define bn_set_max(r)
#endif
/* These macros are used to 'take' a section of a bignum for read only use */
#define bn_set_low(r,a,n) \
{ \
(r)->top=((a)->top > (n))?(n):(a)->top; \
(r)->d=(a)->d; \
(r)->neg=(a)->neg; \
(r)->flags|=BN_FLG_STATIC_DATA; \
bn_set_max(r); \
}
#define bn_set_high(r,a,n) \
{ \
if ((a)->top > (n)) \
{ \
(r)->top=(a)->top-n; \
(r)->d= &((a)->d[n]); \
} \
else \
(r)->top=0; \
(r)->neg=(a)->neg; \
(r)->flags|=BN_FLG_STATIC_DATA; \
bn_set_max(r); \
}
#ifdef BN_LLONG
#define mul_add(r,a,w,c) { \
BN_ULLONG t; \
t=(BN_ULLONG)w * (a) + (r) + (c); \
(r)= Lw(t); \
(c)= Hw(t); \
}
#define mul(r,a,w,c) { \
BN_ULLONG t; \
t=(BN_ULLONG)w * (a) + (c); \
(r)= Lw(t); \
(c)= Hw(t); \
}
#define sqr(r0,r1,a) { \
BN_ULLONG t; \
t=(BN_ULLONG)(a)*(a); \
(r0)=Lw(t); \
(r1)=Hw(t); \
}
#elif defined(BN_UMULT_HIGH)
#define mul_add(r,a,w,c) { \
BN_ULONG high,low,ret,tmp=(a); \
ret = (r); \
high= BN_UMULT_HIGH(w,tmp); \
ret += (c); \
low = (w) * tmp; \
(c) = (ret<(c))?1:0; \
(c) += high; \
ret += low; \
(c) += (ret<low)?1:0; \
(r) = ret; \
}
#define mul(r,a,w,c) { \
BN_ULONG high,low,ret,ta=(a); \
low = (w) * ta; \
high= BN_UMULT_HIGH(w,ta); \
ret = low + (c); \
(c) = high; \
(c) += (ret<low)?1:0; \
(r) = ret; \
}
#define sqr(r0,r1,a) { \
BN_ULONG tmp=(a); \
(r0) = tmp * tmp; \
(r1) = BN_UMULT_HIGH(tmp,tmp); \
}
#else
/*************************************************************
* No long long type
*/
#define LBITS(a) ((a)&BN_MASK2l)
#define HBITS(a) (((a)>>BN_BITS4)&BN_MASK2l)
#define L2HBITS(a) ((BN_ULONG)((a)&BN_MASK2l)<<BN_BITS4)
#define LLBITS(a) ((a)&BN_MASKl)
#define LHBITS(a) (((a)>>BN_BITS2)&BN_MASKl)
#define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
#define mul64(l,h,bl,bh) \
{ \
BN_ULONG m,m1,lt,ht; \
\
lt=l; \
ht=h; \
m =(bh)*(lt); \
lt=(bl)*(lt); \
m1=(bl)*(ht); \
ht =(bh)*(ht); \
m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS(1L); \
ht+=HBITS(m); \
m1=L2HBITS(m); \
lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
(l)=lt; \
(h)=ht; \
}
#define sqr64(lo,ho,in) \
{ \
BN_ULONG l,h,m; \
\
h=(in); \
l=LBITS(h); \
h=HBITS(h); \
m =(l)*(h); \
l*=l; \
h*=h; \
h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
m =(m&BN_MASK2l)<<(BN_BITS4+1); \
l=(l+m)&BN_MASK2; if (l < m) h++; \
(lo)=l; \
(ho)=h; \
}
#define mul_add(r,a,bl,bh,c) { \
BN_ULONG l,h; \
\
h= (a); \
l=LBITS(h); \
h=HBITS(h); \
mul64(l,h,(bl),(bh)); \
\
/* non-multiply part */ \
l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
(c)=(r); \
l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
(c)=h&BN_MASK2; \
(r)=l; \
}
#define mul(r,a,bl,bh,c) { \
BN_ULONG l,h; \
\
h= (a); \
l=LBITS(h); \
h=HBITS(h); \
mul64(l,h,(bl),(bh)); \
\
/* non-multiply part */ \
l+=(c); if ((l&BN_MASK2) < (c)) h++; \
(c)=h&BN_MASK2; \
(r)=l&BN_MASK2; \
}
#endif /* !BN_LLONG */
void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
void bn_sqr_comba8(BN_ULONG *r,BN_ULONG *a);
void bn_sqr_comba4(BN_ULONG *r,BN_ULONG *a);
int bn_cmp_words(BN_ULONG *a,BN_ULONG *b,int n);
void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,BN_ULONG *t);
void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
int tn, int n,BN_ULONG *t);
void bn_sqr_recursive(BN_ULONG *r,BN_ULONG *a, int n2, BN_ULONG *t);
void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
BN_ULONG *t);
void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
BN_ULONG *t);
#ifdef __cplusplus
}
#endif
#endif

576
package/network/services/ead/src/tinysrp/bn_lib.c Normal file
View File

@@ -0,0 +1,576 @@
/* crypto/bn/bn_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef BN_DEBUG
# undef NDEBUG /* avoid conflicting definitions */
# define NDEBUG
#endif
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "bn_lcl.h"
const char *BN_version="Big Number";
/* For a 32 bit machine
* 2 - 4 == 128
* 3 - 8 == 256
* 4 - 16 == 512
* 5 - 32 == 1024
* 6 - 64 == 2048
* 7 - 128 == 4096
* 8 - 256 == 8192
*/
static int bn_limit_bits=0;
static int bn_limit_num=8; /* (1<<bn_limit_bits) */
static int bn_limit_bits_low=0;
static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
static int bn_limit_bits_high=0;
static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
static int bn_limit_bits_mont=0;
static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
int BN_num_bits_word(BN_ULONG l)
{
static const char bits[256]={
0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
};
#if defined(SIXTY_FOUR_BIT_LONG)
if (l & 0xffffffff00000000L)
{
if (l & 0xffff000000000000L)
{
if (l & 0xff00000000000000L)
{
return(bits[(int)(l>>56)]+56);
}
else return(bits[(int)(l>>48)]+48);
}
else
{
if (l & 0x0000ff0000000000L)
{
return(bits[(int)(l>>40)]+40);
}
else return(bits[(int)(l>>32)]+32);
}
}
else
#else
#ifdef SIXTY_FOUR_BIT
if (l & 0xffffffff00000000LL)
{
if (l & 0xffff000000000000LL)
{
if (l & 0xff00000000000000LL)
{
return(bits[(int)(l>>56)]+56);
}
else return(bits[(int)(l>>48)]+48);
}
else
{
if (l & 0x0000ff0000000000LL)
{
return(bits[(int)(l>>40)]+40);
}
else return(bits[(int)(l>>32)]+32);
}
}
else
#endif
#endif
{
#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
if (l & 0xffff0000L)
{
if (l & 0xff000000L)
return(bits[(int)(l>>24L)]+24);
else return(bits[(int)(l>>16L)]+16);
}
else
#endif
{
#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
if (l & 0xff00L)
return(bits[(int)(l>>8)]+8);
else
#endif
return(bits[(int)(l )] );
}
}
}
int BN_num_bits(const BIGNUM *a)
{
BN_ULONG l;
int i;
bn_check_top(a);
if (a->top == 0) return(0);
l=a->d[a->top-1];
assert(l != 0);
i=(a->top-1)*BN_BITS2;
return(i+BN_num_bits_word(l));
}
void BN_clear_free(BIGNUM *a)
{
int i;
if (a == NULL) return;
if (a->d != NULL)
{
memset(a->d,0,a->dmax*sizeof(a->d[0]));
if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
free(a->d);
}
i=BN_get_flags(a,BN_FLG_MALLOCED);
memset(a,0,sizeof(BIGNUM));
if (i)
free(a);
}
void BN_free(BIGNUM *a)
{
if (a == NULL) return;
if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
free(a->d);
a->flags|=BN_FLG_FREE; /* REMOVE? */
if (a->flags & BN_FLG_MALLOCED)
free(a);
}
void BN_init(BIGNUM *a)
{
memset(a,0,sizeof(BIGNUM));
}
BIGNUM *BN_new(void)
{
BIGNUM *ret;
if ((ret=(BIGNUM *)malloc(sizeof(BIGNUM))) == NULL)
{
return(NULL);
}
ret->flags=BN_FLG_MALLOCED;
ret->top=0;
ret->neg=0;
ret->dmax=0;
ret->d=NULL;
return(ret);
}
/* This is an internal function that should not be used in applications.
* It ensures that 'b' has enough room for a 'words' word number number.
* It is mostly used by the various BIGNUM routines. If there is an error,
* NULL is returned. If not, 'b' is returned. */
BIGNUM *bn_expand2(BIGNUM *b, int words)
{
BN_ULONG *A,*a;
const BN_ULONG *B;
int i;
bn_check_top(b);
if (words > b->dmax)
{
bn_check_top(b);
if (BN_get_flags(b,BN_FLG_STATIC_DATA))
{
return(NULL);
}
a=A=(BN_ULONG *)malloc(sizeof(BN_ULONG)*(words+1));
if (A == NULL)
{
return(NULL);
}
#if 1
B=b->d;
/* Check if the previous number needs to be copied */
if (B != NULL)
{
#if 0
/* This lot is an unrolled loop to copy b->top
* BN_ULONGs from B to A
*/
/*
* I have nothing against unrolling but it's usually done for
* several reasons, namely:
* - minimize percentage of decision making code, i.e. branches;
* - avoid cache trashing;
* - make it possible to schedule loads earlier;
* Now let's examine the code below. The cornerstone of C is
* "programmer is always right" and that's what we love it for:-)
* For this very reason C compilers have to be paranoid when it
* comes to data aliasing and assume the worst. Yeah, but what
* does it mean in real life? This means that loop body below will
* be compiled to sequence of loads immediately followed by stores
* as compiler assumes the worst, something in A==B+1 style. As a
* result CPU pipeline is going to starve for incoming data. Secondly
* if A and B happen to share same cache line such code is going to
* cause severe cache trashing. Both factors have severe impact on
* performance of modern CPUs and this is the reason why this
* particular piece of code is #ifdefed away and replaced by more
* "friendly" version found in #else section below. This comment
* also applies to BN_copy function.
*
* <appro@fy.chalmers.se>
*/
for (i=b->top&(~7); i>0; i-=8)
{
A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
A+=8;
B+=8;
}
switch (b->top&7)
{
case 7:
A[6]=B[6];
case 6:
A[5]=B[5];
case 5:
A[4]=B[4];
case 4:
A[3]=B[3];
case 3:
A[2]=B[2];
case 2:
A[1]=B[1];
case 1:
A[0]=B[0];
case 0:
/* I need the 'case 0' entry for utrix cc.
* If the optimizer is turned on, it does the
* switch table by doing
* a=top&7
* a--;
* goto jump_table[a];
* If top is 0, this makes us jump to 0xffffffc
* which is rather bad :-(.
* eric 23-Apr-1998
*/
;
}
#else
for (i=b->top>>2; i>0; i--,A+=4,B+=4)
{
/*
* The fact that the loop is unrolled
* 4-wise is a tribute to Intel. It's
* the one that doesn't have enough
* registers to accomodate more data.
* I'd unroll it 8-wise otherwise:-)
*
* <appro@fy.chalmers.se>
*/
BN_ULONG a0,a1,a2,a3;
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
}
switch (b->top&3)
{
case 3: A[2]=B[2];
case 2: A[1]=B[1];
case 1: A[0]=B[0];
case 0: ; /* ultrix cc workaround, see above */
}
#endif
free(b->d);
}
b->d=a;
b->dmax=words;
/* Now need to zero any data between b->top and b->max */
A= &(b->d[b->top]);
for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
{
A[0]=0; A[1]=0; A[2]=0; A[3]=0;
A[4]=0; A[5]=0; A[6]=0; A[7]=0;
}
for (i=(b->dmax - b->top)&7; i>0; i--,A++)
A[0]=0;
#else
memset(A,0,sizeof(BN_ULONG)*(words+1));
memcpy(A,b->d,sizeof(b->d[0])*b->top);
b->d=a;
b->max=words;
#endif
/* memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */
/* { int i; for (i=b->max; i<words+1; i++) p[i]=i;} */
}
return(b);
}
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
{
int i;
BN_ULONG *A;
const BN_ULONG *B;
bn_check_top(b);
if (a == b) return(a);
if (bn_wexpand(a,b->top) == NULL) return(NULL);
#if 1
A=a->d;
B=b->d;
for (i=b->top>>2; i>0; i--,A+=4,B+=4)
{
BN_ULONG a0,a1,a2,a3;
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
}
switch (b->top&3)
{
case 3: A[2]=B[2];
case 2: A[1]=B[1];
case 1: A[0]=B[0];
case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */
}
#else
memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
#endif
/* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
a->top=b->top;
if ((a->top == 0) && (a->d != NULL))
a->d[0]=0;
a->neg=b->neg;
return(a);
}
int BN_set_word(BIGNUM *a, BN_ULONG w)
{
int i,n;
if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
n=sizeof(BN_ULONG)/BN_BYTES;
a->neg=0;
a->top=0;
a->d[0]=(BN_ULONG)w&BN_MASK2;
if (a->d[0] != 0) a->top=1;
for (i=1; i<n; i++)
{
/* the following is done instead of
* w>>=BN_BITS2 so compilers don't complain
* on builds where sizeof(long) == BN_TYPES */
#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
w>>=BN_BITS4;
w>>=BN_BITS4;
#else
w=0;
#endif
a->d[i]=(BN_ULONG)w&BN_MASK2;
if (a->d[i] != 0) a->top=i+1;
}
return(1);
}
/* ignore negative */
BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
{
unsigned int i,m;
unsigned int n;
BN_ULONG l;
if (ret == NULL) ret=BN_new();
if (ret == NULL) return(NULL);
l=0;
n=len;
if (n == 0)
{
ret->top=0;
return(ret);
}
if (bn_expand(ret,(int)(n+2)*8) == NULL)
return(NULL);
i=((n-1)/BN_BYTES)+1;
m=((n-1)%(BN_BYTES));
ret->top=i;
while (n-- > 0)
{
l=(l<<8L)| *(s++);
if (m-- == 0)
{
ret->d[--i]=l;
l=0;
m=BN_BYTES-1;
}
}
/* need to call this due to clear byte at top if avoiding
* having the top bit set (-ve number) */
bn_fix_top(ret);
return(ret);
}
/* ignore negative */
int BN_bn2bin(const BIGNUM *a, unsigned char *to)
{
int n,i;
BN_ULONG l;
n=i=BN_num_bytes(a);
while (i-- > 0)
{
l=a->d[i/BN_BYTES];
*(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
}
return(n);
}
int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
{
int i;
BN_ULONG t1,t2,*ap,*bp;
bn_check_top(a);
bn_check_top(b);
i=a->top-b->top;
if (i != 0) return(i);
ap=a->d;
bp=b->d;
for (i=a->top-1; i>=0; i--)
{
t1= ap[i];
t2= bp[i];
if (t1 != t2)
return(t1 > t2?1:-1);
}
return(0);
}
int BN_cmp(const BIGNUM *a, const BIGNUM *b)
{
int i;
int gt,lt;
BN_ULONG t1,t2;
if ((a == NULL) || (b == NULL))
{
if (a != NULL)
return(-1);
else if (b != NULL)
return(1);
else
return(0);
}
bn_check_top(a);
bn_check_top(b);
if (a->neg != b->neg)
{
if (a->neg)
return(-1);
else return(1);
}
if (a->neg == 0)
{ gt=1; lt= -1; }
else { gt= -1; lt=1; }
if (a->top > b->top) return(gt);
if (a->top < b->top) return(lt);
for (i=a->top-1; i>=0; i--)
{
t1=a->d[i];
t2=b->d[i];
if (t1 > t2) return(gt);
if (t1 < t2) return(lt);
}
return(0);
}
int BN_is_bit_set(const BIGNUM *a, int n)
{
int i,j;
if (n < 0) return(0);
i=n/BN_BITS2;
j=n%BN_BITS2;
if (a->top <= i) return(0);
return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
}

172
package/network/services/ead/src/tinysrp/bn_mul.c Normal file
View File

@@ -0,0 +1,172 @@
/* crypto/bn/bn_mul.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <string.h>
#include "bn_lcl.h"
int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
{
int top,al,bl;
BIGNUM *rr;
int ret = 0;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
int i;
#endif
#ifdef BN_COUNT
printf("BN_mul %d * %d\n",a->top,b->top);
#endif
bn_check_top(a);
bn_check_top(b);
bn_check_top(r);
al=a->top;
bl=b->top;
if ((al == 0) || (bl == 0))
{
BN_zero(r);
return(1);
}
top=al+bl;
BN_CTX_start(ctx);
if ((r == a) || (r == b))
{
if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
}
else
rr = r;
rr->neg=a->neg^b->neg;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
i = al-bl;
#endif
#ifdef BN_MUL_COMBA
if (i == 0)
{
# if 0
if (al == 4)
{
if (bn_wexpand(rr,8) == NULL) goto err;
rr->top=8;
bn_mul_comba4(rr->d,a->d,b->d);
goto end;
}
# endif
if (al == 8)
{
if (bn_wexpand(rr,16) == NULL) goto err;
rr->top=16;
bn_mul_comba8(rr->d,a->d,b->d);
goto end;
}
}
#endif /* BN_MUL_COMBA */
if (bn_wexpand(rr,top) == NULL) goto err;
rr->top=top;
bn_mul_normal(rr->d,a->d,al,b->d,bl);
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
end:
#endif
bn_fix_top(rr);
if (r != rr) BN_copy(r,rr);
ret=1;
err:
BN_CTX_end(ctx);
return(ret);
}
void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
{
BN_ULONG *rr;
#ifdef BN_COUNT
printf(" bn_mul_normal %d * %d\n",na,nb);
#endif
if (na < nb)
{
int itmp;
BN_ULONG *ltmp;
itmp=na; na=nb; nb=itmp;
ltmp=a; a=b; b=ltmp;
}
rr= &(r[na]);
rr[0]=bn_mul_words(r,a,na,b[0]);
for (;;)
{
if (--nb <= 0) return;
rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
if (--nb <= 0) return;
rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
if (--nb <= 0) return;
rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
if (--nb <= 0) return;
rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
rr+=4;
r+=4;
b+=4;
}
}

325
package/network/services/ead/src/tinysrp/bn_prime.h Normal file
View File

@@ -0,0 +1,325 @@
/* Auto generated by bn_prime.pl */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef EIGHT_BIT
#define NUMPRIMES 2048
#else
#define NUMPRIMES 54
#endif
static const unsigned int primes[NUMPRIMES]=
{
2, 3, 5, 7, 11, 13, 17, 19,
23, 29, 31, 37, 41, 43, 47, 53,
59, 61, 67, 71, 73, 79, 83, 89,
97, 101, 103, 107, 109, 113, 127, 131,
137, 139, 149, 151, 157, 163, 167, 173,
179, 181, 191, 193, 197, 199, 211, 223,
227, 229, 233, 239, 241, 251,
#ifndef EIGHT_BIT
257, 263,
269, 271, 277, 281, 283, 293, 307, 311,
313, 317, 331, 337, 347, 349, 353, 359,
367, 373, 379, 383, 389, 397, 401, 409,
419, 421, 431, 433, 439, 443, 449, 457,
461, 463, 467, 479, 487, 491, 499, 503,
509, 521, 523, 541, 547, 557, 563, 569,
571, 577, 587, 593, 599, 601, 607, 613,
617, 619, 631, 641, 643, 647, 653, 659,
661, 673, 677, 683, 691, 701, 709, 719,
727, 733, 739, 743, 751, 757, 761, 769,
773, 787, 797, 809, 811, 821, 823, 827,
829, 839, 853, 857, 859, 863, 877, 881,
883, 887, 907, 911, 919, 929, 937, 941,
947, 953, 967, 971, 977, 983, 991, 997,
1009,1013,1019,1021,1031,1033,1039,1049,
1051,1061,1063,1069,1087,1091,1093,1097,
1103,1109,1117,1123,1129,1151,1153,1163,
1171,1181,1187,1193,1201,1213,1217,1223,
1229,1231,1237,1249,1259,1277,1279,1283,
1289,1291,1297,1301,1303,1307,1319,1321,
1327,1361,1367,1373,1381,1399,1409,1423,
1427,1429,1433,1439,1447,1451,1453,1459,
1471,1481,1483,1487,1489,1493,1499,1511,
1523,1531,1543,1549,1553,1559,1567,1571,
1579,1583,1597,1601,1607,1609,1613,1619,
1621,1627,1637,1657,1663,1667,1669,1693,
1697,1699,1709,1721,1723,1733,1741,1747,
1753,1759,1777,1783,1787,1789,1801,1811,
1823,1831,1847,1861,1867,1871,1873,1877,
1879,1889,1901,1907,1913,1931,1933,1949,
1951,1973,1979,1987,1993,1997,1999,2003,
2011,2017,2027,2029,2039,2053,2063,2069,
2081,2083,2087,2089,2099,2111,2113,2129,
2131,2137,2141,2143,2153,2161,2179,2203,
2207,2213,2221,2237,2239,2243,2251,2267,
2269,2273,2281,2287,2293,2297,2309,2311,
2333,2339,2341,2347,2351,2357,2371,2377,
2381,2383,2389,2393,2399,2411,2417,2423,
2437,2441,2447,2459,2467,2473,2477,2503,
2521,2531,2539,2543,2549,2551,2557,2579,
2591,2593,2609,2617,2621,2633,2647,2657,
2659,2663,2671,2677,2683,2687,2689,2693,
2699,2707,2711,2713,2719,2729,2731,2741,
2749,2753,2767,2777,2789,2791,2797,2801,
2803,2819,2833,2837,2843,2851,2857,2861,
2879,2887,2897,2903,2909,2917,2927,2939,
2953,2957,2963,2969,2971,2999,3001,3011,
3019,3023,3037,3041,3049,3061,3067,3079,
3083,3089,3109,3119,3121,3137,3163,3167,
3169,3181,3187,3191,3203,3209,3217,3221,
3229,3251,3253,3257,3259,3271,3299,3301,
3307,3313,3319,3323,3329,3331,3343,3347,
3359,3361,3371,3373,3389,3391,3407,3413,
3433,3449,3457,3461,3463,3467,3469,3491,
3499,3511,3517,3527,3529,3533,3539,3541,
3547,3557,3559,3571,3581,3583,3593,3607,
3613,3617,3623,3631,3637,3643,3659,3671,
3673,3677,3691,3697,3701,3709,3719,3727,
3733,3739,3761,3767,3769,3779,3793,3797,
3803,3821,3823,3833,3847,3851,3853,3863,
3877,3881,3889,3907,3911,3917,3919,3923,
3929,3931,3943,3947,3967,3989,4001,4003,
4007,4013,4019,4021,4027,4049,4051,4057,
4073,4079,4091,4093,4099,4111,4127,4129,
4133,4139,4153,4157,4159,4177,4201,4211,
4217,4219,4229,4231,4241,4243,4253,4259,
4261,4271,4273,4283,4289,4297,4327,4337,
4339,4349,4357,4363,4373,4391,4397,4409,
4421,4423,4441,4447,4451,4457,4463,4481,
4483,4493,4507,4513,4517,4519,4523,4547,
4549,4561,4567,4583,4591,4597,4603,4621,
4637,4639,4643,4649,4651,4657,4663,4673,
4679,4691,4703,4721,4723,4729,4733,4751,
4759,4783,4787,4789,4793,4799,4801,4813,
4817,4831,4861,4871,4877,4889,4903,4909,
4919,4931,4933,4937,4943,4951,4957,4967,
4969,4973,4987,4993,4999,5003,5009,5011,
5021,5023,5039,5051,5059,5077,5081,5087,
5099,5101,5107,5113,5119,5147,5153,5167,
5171,5179,5189,5197,5209,5227,5231,5233,
5237,5261,5273,5279,5281,5297,5303,5309,
5323,5333,5347,5351,5381,5387,5393,5399,
5407,5413,5417,5419,5431,5437,5441,5443,
5449,5471,5477,5479,5483,5501,5503,5507,
5519,5521,5527,5531,5557,5563,5569,5573,
5581,5591,5623,5639,5641,5647,5651,5653,
5657,5659,5669,5683,5689,5693,5701,5711,
5717,5737,5741,5743,5749,5779,5783,5791,
5801,5807,5813,5821,5827,5839,5843,5849,
5851,5857,5861,5867,5869,5879,5881,5897,
5903,5923,5927,5939,5953,5981,5987,6007,
6011,6029,6037,6043,6047,6053,6067,6073,
6079,6089,6091,6101,6113,6121,6131,6133,
6143,6151,6163,6173,6197,6199,6203,6211,
6217,6221,6229,6247,6257,6263,6269,6271,
6277,6287,6299,6301,6311,6317,6323,6329,
6337,6343,6353,6359,6361,6367,6373,6379,
6389,6397,6421,6427,6449,6451,6469,6473,
6481,6491,6521,6529,6547,6551,6553,6563,
6569,6571,6577,6581,6599,6607,6619,6637,
6653,6659,6661,6673,6679,6689,6691,6701,
6703,6709,6719,6733,6737,6761,6763,6779,
6781,6791,6793,6803,6823,6827,6829,6833,
6841,6857,6863,6869,6871,6883,6899,6907,
6911,6917,6947,6949,6959,6961,6967,6971,
6977,6983,6991,6997,7001,7013,7019,7027,
7039,7043,7057,7069,7079,7103,7109,7121,
7127,7129,7151,7159,7177,7187,7193,7207,
7211,7213,7219,7229,7237,7243,7247,7253,
7283,7297,7307,7309,7321,7331,7333,7349,
7351,7369,7393,7411,7417,7433,7451,7457,
7459,7477,7481,7487,7489,7499,7507,7517,
7523,7529,7537,7541,7547,7549,7559,7561,
7573,7577,7583,7589,7591,7603,7607,7621,
7639,7643,7649,7669,7673,7681,7687,7691,
7699,7703,7717,7723,7727,7741,7753,7757,
7759,7789,7793,7817,7823,7829,7841,7853,
7867,7873,7877,7879,7883,7901,7907,7919,
7927,7933,7937,7949,7951,7963,7993,8009,
8011,8017,8039,8053,8059,8069,8081,8087,
8089,8093,8101,8111,8117,8123,8147,8161,
8167,8171,8179,8191,8209,8219,8221,8231,
8233,8237,8243,8263,8269,8273,8287,8291,
8293,8297,8311,8317,8329,8353,8363,8369,
8377,8387,8389,8419,8423,8429,8431,8443,
8447,8461,8467,8501,8513,8521,8527,8537,
8539,8543,8563,8573,8581,8597,8599,8609,
8623,8627,8629,8641,8647,8663,8669,8677,
8681,8689,8693,8699,8707,8713,8719,8731,
8737,8741,8747,8753,8761,8779,8783,8803,
8807,8819,8821,8831,8837,8839,8849,8861,
8863,8867,8887,8893,8923,8929,8933,8941,
8951,8963,8969,8971,8999,9001,9007,9011,
9013,9029,9041,9043,9049,9059,9067,9091,
9103,9109,9127,9133,9137,9151,9157,9161,
9173,9181,9187,9199,9203,9209,9221,9227,
9239,9241,9257,9277,9281,9283,9293,9311,
9319,9323,9337,9341,9343,9349,9371,9377,
9391,9397,9403,9413,9419,9421,9431,9433,
9437,9439,9461,9463,9467,9473,9479,9491,
9497,9511,9521,9533,9539,9547,9551,9587,
9601,9613,9619,9623,9629,9631,9643,9649,
9661,9677,9679,9689,9697,9719,9721,9733,
9739,9743,9749,9767,9769,9781,9787,9791,
9803,9811,9817,9829,9833,9839,9851,9857,
9859,9871,9883,9887,9901,9907,9923,9929,
9931,9941,9949,9967,9973,10007,10009,10037,
10039,10061,10067,10069,10079,10091,10093,10099,
10103,10111,10133,10139,10141,10151,10159,10163,
10169,10177,10181,10193,10211,10223,10243,10247,
10253,10259,10267,10271,10273,10289,10301,10303,
10313,10321,10331,10333,10337,10343,10357,10369,
10391,10399,10427,10429,10433,10453,10457,10459,
10463,10477,10487,10499,10501,10513,10529,10531,
10559,10567,10589,10597,10601,10607,10613,10627,
10631,10639,10651,10657,10663,10667,10687,10691,
10709,10711,10723,10729,10733,10739,10753,10771,
10781,10789,10799,10831,10837,10847,10853,10859,
10861,10867,10883,10889,10891,10903,10909,10937,
10939,10949,10957,10973,10979,10987,10993,11003,
11027,11047,11057,11059,11069,11071,11083,11087,
11093,11113,11117,11119,11131,11149,11159,11161,
11171,11173,11177,11197,11213,11239,11243,11251,
11257,11261,11273,11279,11287,11299,11311,11317,
11321,11329,11351,11353,11369,11383,11393,11399,
11411,11423,11437,11443,11447,11467,11471,11483,
11489,11491,11497,11503,11519,11527,11549,11551,
11579,11587,11593,11597,11617,11621,11633,11657,
11677,11681,11689,11699,11701,11717,11719,11731,
11743,11777,11779,11783,11789,11801,11807,11813,
11821,11827,11831,11833,11839,11863,11867,11887,
11897,11903,11909,11923,11927,11933,11939,11941,
11953,11959,11969,11971,11981,11987,12007,12011,
12037,12041,12043,12049,12071,12073,12097,12101,
12107,12109,12113,12119,12143,12149,12157,12161,
12163,12197,12203,12211,12227,12239,12241,12251,
12253,12263,12269,12277,12281,12289,12301,12323,
12329,12343,12347,12373,12377,12379,12391,12401,
12409,12413,12421,12433,12437,12451,12457,12473,
12479,12487,12491,12497,12503,12511,12517,12527,
12539,12541,12547,12553,12569,12577,12583,12589,
12601,12611,12613,12619,12637,12641,12647,12653,
12659,12671,12689,12697,12703,12713,12721,12739,
12743,12757,12763,12781,12791,12799,12809,12821,
12823,12829,12841,12853,12889,12893,12899,12907,
12911,12917,12919,12923,12941,12953,12959,12967,
12973,12979,12983,13001,13003,13007,13009,13033,
13037,13043,13049,13063,13093,13099,13103,13109,
13121,13127,13147,13151,13159,13163,13171,13177,
13183,13187,13217,13219,13229,13241,13249,13259,
13267,13291,13297,13309,13313,13327,13331,13337,
13339,13367,13381,13397,13399,13411,13417,13421,
13441,13451,13457,13463,13469,13477,13487,13499,
13513,13523,13537,13553,13567,13577,13591,13597,
13613,13619,13627,13633,13649,13669,13679,13681,
13687,13691,13693,13697,13709,13711,13721,13723,
13729,13751,13757,13759,13763,13781,13789,13799,
13807,13829,13831,13841,13859,13873,13877,13879,
13883,13901,13903,13907,13913,13921,13931,13933,
13963,13967,13997,13999,14009,14011,14029,14033,
14051,14057,14071,14081,14083,14087,14107,14143,
14149,14153,14159,14173,14177,14197,14207,14221,
14243,14249,14251,14281,14293,14303,14321,14323,
14327,14341,14347,14369,14387,14389,14401,14407,
14411,14419,14423,14431,14437,14447,14449,14461,
14479,14489,14503,14519,14533,14537,14543,14549,
14551,14557,14561,14563,14591,14593,14621,14627,
14629,14633,14639,14653,14657,14669,14683,14699,
14713,14717,14723,14731,14737,14741,14747,14753,
14759,14767,14771,14779,14783,14797,14813,14821,
14827,14831,14843,14851,14867,14869,14879,14887,
14891,14897,14923,14929,14939,14947,14951,14957,
14969,14983,15013,15017,15031,15053,15061,15073,
15077,15083,15091,15101,15107,15121,15131,15137,
15139,15149,15161,15173,15187,15193,15199,15217,
15227,15233,15241,15259,15263,15269,15271,15277,
15287,15289,15299,15307,15313,15319,15329,15331,
15349,15359,15361,15373,15377,15383,15391,15401,
15413,15427,15439,15443,15451,15461,15467,15473,
15493,15497,15511,15527,15541,15551,15559,15569,
15581,15583,15601,15607,15619,15629,15641,15643,
15647,15649,15661,15667,15671,15679,15683,15727,
15731,15733,15737,15739,15749,15761,15767,15773,
15787,15791,15797,15803,15809,15817,15823,15859,
15877,15881,15887,15889,15901,15907,15913,15919,
15923,15937,15959,15971,15973,15991,16001,16007,
16033,16057,16061,16063,16067,16069,16073,16087,
16091,16097,16103,16111,16127,16139,16141,16183,
16187,16189,16193,16217,16223,16229,16231,16249,
16253,16267,16273,16301,16319,16333,16339,16349,
16361,16363,16369,16381,16411,16417,16421,16427,
16433,16447,16451,16453,16477,16481,16487,16493,
16519,16529,16547,16553,16561,16567,16573,16603,
16607,16619,16631,16633,16649,16651,16657,16661,
16673,16691,16693,16699,16703,16729,16741,16747,
16759,16763,16787,16811,16823,16829,16831,16843,
16871,16879,16883,16889,16901,16903,16921,16927,
16931,16937,16943,16963,16979,16981,16987,16993,
17011,17021,17027,17029,17033,17041,17047,17053,
17077,17093,17099,17107,17117,17123,17137,17159,
17167,17183,17189,17191,17203,17207,17209,17231,
17239,17257,17291,17293,17299,17317,17321,17327,
17333,17341,17351,17359,17377,17383,17387,17389,
17393,17401,17417,17419,17431,17443,17449,17467,
17471,17477,17483,17489,17491,17497,17509,17519,
17539,17551,17569,17573,17579,17581,17597,17599,
17609,17623,17627,17657,17659,17669,17681,17683,
17707,17713,17729,17737,17747,17749,17761,17783,
17789,17791,17807,17827,17837,17839,17851,17863,
#endif
};

139
package/network/services/ead/src/tinysrp/bn_shift.c Normal file
View File

@@ -0,0 +1,139 @@
/* crypto/bn/bn_shift.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <string.h>
#include "bn_lcl.h"
int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
{
int i,nw,lb,rb;
BN_ULONG *t,*f;
BN_ULONG l;
r->neg=a->neg;
if (bn_wexpand(r,a->top+(n/BN_BITS2)+1) == NULL) return(0);
nw=n/BN_BITS2;
lb=n%BN_BITS2;
rb=BN_BITS2-lb;
f=a->d;
t=r->d;
t[a->top+nw]=0;
if (lb == 0)
for (i=a->top-1; i>=0; i--)
t[nw+i]=f[i];
else
for (i=a->top-1; i>=0; i--)
{
l=f[i];
t[nw+i+1]|=(l>>rb)&BN_MASK2;
t[nw+i]=(l<<lb)&BN_MASK2;
}
memset(t,0,nw*sizeof(t[0]));
/* for (i=0; i<nw; i++)
t[i]=0;*/
r->top=a->top+nw+1;
bn_fix_top(r);
return(1);
}
int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
{
int i,j,nw,lb,rb;
BN_ULONG *t,*f;
BN_ULONG l,tmp;
nw=n/BN_BITS2;
rb=n%BN_BITS2;
lb=BN_BITS2-rb;
if (nw > a->top || a->top == 0)
{
BN_zero(r);
return(1);
}
if (r != a)
{
r->neg=a->neg;
if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
}
f= &(a->d[nw]);
t=r->d;
j=a->top-nw;
r->top=j;
if (rb == 0)
{
for (i=j+1; i > 0; i--)
*(t++)= *(f++);
}
else
{
l= *(f++);
for (i=1; i<j; i++)
{
tmp =(l>>rb)&BN_MASK2;
l= *(f++);
*(t++) =(tmp|(l<<lb))&BN_MASK2;
}
*(t++) =(l>>rb)&BN_MASK2;
}
*t=0;
bn_fix_top(r);
return(1);
}

160
package/network/services/ead/src/tinysrp/bn_sqr.c Normal file
View File

@@ -0,0 +1,160 @@
/* crypto/bn/bn_sqr.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <string.h>
#include "bn_lcl.h"
/* r must not be a */
/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx)
{
int max,al;
int ret = 0;
BIGNUM *tmp,*rr;
#ifdef BN_COUNT
printf("BN_sqr %d * %d\n",a->top,a->top);
#endif
bn_check_top(a);
al=a->top;
if (al <= 0)
{
r->top=0;
return(1);
}
BN_CTX_start(ctx);
rr=(a != r) ? r : BN_CTX_get(ctx);
tmp=BN_CTX_get(ctx);
if (tmp == NULL) goto err;
max=(al+al);
if (bn_wexpand(rr,max+1) == NULL) goto err;
r->neg=0;
if (al == 4)
{
#ifndef BN_SQR_COMBA
BN_ULONG t[8];
bn_sqr_normal(rr->d,a->d,4,t);
#else
bn_sqr_comba4(rr->d,a->d);
#endif
}
else if (al == 8)
{
#ifndef BN_SQR_COMBA
BN_ULONG t[16];
bn_sqr_normal(rr->d,a->d,8,t);
#else
bn_sqr_comba8(rr->d,a->d);
#endif
}
else
{
if (bn_wexpand(tmp,max) == NULL) goto err;
bn_sqr_normal(rr->d,a->d,al,tmp->d);
}
rr->top=max;
if ((max > 0) && (rr->d[max-1] == 0)) rr->top--;
if (rr != r) BN_copy(r,rr);
ret = 1;
err:
BN_CTX_end(ctx);
return(ret);
}
/* tmp must have 2*n words */
void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
{
int i,j,max;
BN_ULONG *ap,*rp;
max=n*2;
ap=a;
rp=r;
rp[0]=rp[max-1]=0;
rp++;
j=n;
if (--j > 0)
{
ap++;
rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
rp+=2;
}
for (i=n-2; i>0; i--)
{
j--;
ap++;
rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
rp+=2;
}
bn_add_words(r,r,r,max);
/* There will not be a carry */
bn_sqr_words(tmp,a,n);
bn_add_words(r,r,tmp,max);
}

130
package/network/services/ead/src/tinysrp/bn_word.c Normal file
View File

@@ -0,0 +1,130 @@
/* crypto/bn/bn_word.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "bn_lcl.h"
int BN_add_word(BIGNUM *a, BN_ULONG w)
{
BN_ULONG l;
int i;
if (a->neg)
{
a->neg=0;
i=BN_sub_word(a,w);
if (!BN_is_zero(a))
a->neg=!(a->neg);
return(i);
}
w&=BN_MASK2;
if (bn_wexpand(a,a->top+1) == NULL) return(0);
i=0;
for (;;)
{
l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
a->d[i]=l;
if (w > l)
w=1;
else
break;
i++;
}
if (i >= a->top)
a->top++;
return(1);
}
int BN_sub_word(BIGNUM *a, BN_ULONG w)
{
int i;
if (BN_is_zero(a) || a->neg)
{
a->neg=0;
i=BN_add_word(a,w);
a->neg=1;
return(i);
}
w&=BN_MASK2;
if ((a->top == 1) && (a->d[0] < w))
{
a->d[0]=w-a->d[0];
a->neg=1;
return(1);
}
i=0;
for (;;)
{
if (a->d[i] >= w)
{
a->d[i]-=w;
break;
}
else
{
a->d[i]=(a->d[i]-w)&BN_MASK2;
i++;
w=1;
}
}
if ((a->d[i] == 0) && (i == (a->top-1)))
a->top--;
return(1);
}

110
package/network/services/ead/src/tinysrp/clitest.c Normal file
View File

@@ -0,0 +1,110 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#include <stdio.h>
#include "t_defines.h"
#include "t_pwd.h"
#include "t_client.h"
int
main()
{
int index;
struct t_client * tc;
struct t_preconf *tcp;
struct t_num s;
struct t_num B;
char username[MAXUSERLEN];
char hexbuf[MAXHEXPARAMLEN];
char buf1[MAXPARAMLEN], buf2[MAXPARAMLEN], buf3[MAXSALTLEN];
unsigned char cbuf[20];
struct t_num * A;
unsigned char * skey;
char pass[128];
printf("Enter username: ");
fgets(username, sizeof(username), stdin);
username[strlen(username) - 1] = '\0';
printf("Enter index (from server): ");
fgets(hexbuf, sizeof(hexbuf), stdin);
index = atoi(hexbuf);
tcp = t_getpreparam(index - 1);
printf("Enter salt (from server): ");
fgets(hexbuf, sizeof(hexbuf), stdin);
s.data = buf3;
s.len = t_fromb64(s.data, hexbuf);
tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &s);
if (tc == 0) {
printf("invalid n, g\n");
exit(1);
}
A = t_clientgenexp(tc);
printf("A (to server): %s\n", t_tob64(hexbuf, A->data, A->len));
t_getpass(pass, 128, "Enter password:");
t_clientpasswd(tc, pass);
printf("Enter B (from server): ");
fgets(hexbuf, sizeof(hexbuf), stdin);
B.data = buf1;
B.len = t_fromb64(B.data, hexbuf);
skey = t_clientgetkey(tc, &B);
printf("Session key: %s\n", t_tohex(hexbuf, skey, 40));
printf("Response (to server): %s\n",
t_tohex(hexbuf, t_clientresponse(tc), RESPONSE_LEN));
printf("Enter server response: ");
fgets(hexbuf, sizeof(hexbuf), stdin);
hexbuf[strlen(hexbuf) - 1] = '\0';
t_fromhex(cbuf, hexbuf);
if (t_clientverify(tc, cbuf) == 0)
printf("Server authentication successful.\n");
else
printf("Server authentication failed.\n");
t_clientclose(tc);
return 0;
}

79
package/network/services/ead/src/tinysrp/config.h.in Normal file
View File

@@ -0,0 +1,79 @@
/* config.h.in. Generated automatically from configure.in by autoheader. */
/* Define if type char is unsigned and you are not using gcc. */
#ifndef __CHAR_UNSIGNED__
#undef __CHAR_UNSIGNED__
#endif
/* Define to empty if the keyword does not work. */
#undef const
/* Define as __inline if that's what the C compiler calls it. */
#undef inline
/* Define as the return type of signal handlers (int or void). */
#undef RETSIGTYPE
/* Define if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Define if your processor stores words with the most significant
byte first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
#undef SHA1HANDSOFF
#undef POSIX_TERMIOS
#undef POSIX_SIGTYPE
#undef volatile
/* The number of bytes in a int. */
#undef SIZEOF_INT
/* The number of bytes in a long. */
#undef SIZEOF_LONG
/* The number of bytes in a long long. */
#undef SIZEOF_LONG_LONG
/* The number of bytes in a short. */
#undef SIZEOF_SHORT
/* Define if you have the memcpy function. */
#undef HAVE_MEMCPY
/* Define if you have the sigaction function. */
#undef HAVE_SIGACTION
/* Define if you have the strchr function. */
#undef HAVE_STRCHR
/* Define if you have the <sgtty.h> header file. */
#undef HAVE_SGTTY_H
/* Define if you have the <sys/ioctl.h> header file. */
#undef HAVE_SYS_IOCTL_H
/* Define if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
/* Define if you have the <termio.h> header file. */
#undef HAVE_TERMIO_H
/* Define if you have the <termios.h> header file. */
#undef HAVE_TERMIOS_H
/* Define if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Name of package */
#undef PACKAGE
/* Version number of package */
#undef VERSION

2421
package/network/services/ead/src/tinysrp/configure vendored Executable file
View File

File diff suppressed because it is too large Load Diff

52
package/network/services/ead/src/tinysrp/configure.in Normal file
View File

@@ -0,0 +1,52 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT(t_pwd.h)
AM_CONFIG_HEADER(config.h)
AM_INIT_AUTOMAKE(libtinysrp, 0.7.5)
test "$CFLAGS" = "" && CFLAGS="-O2"
dnl Checks for programs.
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_RANLIB
AC_ARG_PROGRAM
dnl Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS(sgtty.h sys/ioctl.h sys/time.h termio.h termios.h unistd.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_C_INLINE
AC_HEADER_TIME
AC_C_BIGENDIAN
AC_CHECK_SIZEOF(short)
AC_CHECK_SIZEOF(int)
AC_CHECK_SIZEOF(long)
AC_CHECK_SIZEOF(long long)
AC_TRY_COMPILE(, [volatile int i;], , AC_DEFINE(volatile, ))
AC_C_CHAR_UNSIGNED
AC_SUBST(signed)dnl
if test "$ac_cv_c_char_unsigned" = "yes"; then
signed=-signed
fi
dnl Checks for library functions.
AC_CHECK_FUNCS(sigaction strchr memcpy)
TYPE_SIGNAL
AC_HEADER_CHECK(termios.h,AC_FUNC_CHECK(cfsetispeed,AC_DEFINE(POSIX_TERMIOS)))
dnl User options
dnl Some defines for now.
AC_DEFINE(SHA1HANDSOFF)
AC_OUTPUT(Makefile)

250
package/network/services/ead/src/tinysrp/install-sh Executable file
View File

@@ -0,0 +1,250 @@
#!/bin/sh
#
# install - install a program, script, or datafile
# This comes from X11R5 (mit/util/scripts/install.sh).
#
# Copyright 1991 by the Massachusetts Institute of Technology
#
# Permission to use, copy, modify, distribute, and sell this software and its
# documentation for any purpose is hereby granted without fee, provided that
# the above copyright notice appear in all copies and that both that
# copyright notice and this permission notice appear in supporting
# documentation, and that the name of M.I.T. not be used in advertising or
# publicity pertaining to distribution of the software without specific,
# written prior permission. M.I.T. makes no representations about the
# suitability of this software for any purpose. It is provided "as is"
# without express or implied warranty.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch. It can only install one file at a time, a restriction
# shared with many OS's install programs.
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit="${DOITPROG-}"
# put in absolute paths if you don't have them in your path; or use env. vars.
mvprog="${MVPROG-mv}"
cpprog="${CPPROG-cp}"
chmodprog="${CHMODPROG-chmod}"
chownprog="${CHOWNPROG-chown}"
chgrpprog="${CHGRPPROG-chgrp}"
stripprog="${STRIPPROG-strip}"
rmprog="${RMPROG-rm}"
mkdirprog="${MKDIRPROG-mkdir}"
transformbasename=""
transform_arg=""
instcmd="$mvprog"
chmodcmd="$chmodprog 0755"
chowncmd=""
chgrpcmd=""
stripcmd=""
rmcmd="$rmprog -f"
mvcmd="$mvprog"
src=""
dst=""
dir_arg=""
while [ x"$1" != x ]; do
case $1 in
-c) instcmd="$cpprog"
shift
continue;;
-d) dir_arg=true
shift
continue;;
-m) chmodcmd="$chmodprog $2"
shift
shift
continue;;
-o) chowncmd="$chownprog $2"
shift
shift
continue;;
-g) chgrpcmd="$chgrpprog $2"
shift
shift
continue;;
-s) stripcmd="$stripprog"
shift
continue;;
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
shift
continue;;
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
shift
continue;;
*) if [ x"$src" = x ]
then
src=$1
else
# this colon is to work around a 386BSD /bin/sh bug
:
dst=$1
fi
shift
continue;;
esac
done
if [ x"$src" = x ]
then
echo "install: no input file specified"
exit 1
else
true
fi
if [ x"$dir_arg" != x ]; then
dst=$src
src=""
if [ -d $dst ]; then
instcmd=:
else
instcmd=mkdir
fi
else
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if [ -f $src -o -d $src ]
then
true
else
echo "install: $src does not exist"
exit 1
fi
if [ x"$dst" = x ]
then
echo "install: no destination specified"
exit 1
else
true
fi
# If destination is a directory, append the input filename; if your system
# does not like double slashes in filenames, you may need to add some logic
if [ -d $dst ]
then
dst="$dst"/`basename $src`
else
true
fi
fi
## this sed command emulates the dirname command
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
# Make sure that the destination directory exists.
# this part is taken from Noah Friedman's mkinstalldirs script
# Skip lots of stat calls in the usual case.
if [ ! -d "$dstdir" ]; then
defaultIFS='
'
IFS="${IFS-${defaultIFS}}"
oIFS="${IFS}"
# Some sh's can't handle IFS=/ for some reason.
IFS='%'
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
IFS="${oIFS}"
pathcomp=''
while [ $# -ne 0 ] ; do
pathcomp="${pathcomp}${1}"
shift
if [ ! -d "${pathcomp}" ] ;
then
$mkdirprog "${pathcomp}"
else
true
fi
pathcomp="${pathcomp}/"
done
fi
if [ x"$dir_arg" != x ]
then
$doit $instcmd $dst &&
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
else
# If we're going to rename the final executable, determine the name now.
if [ x"$transformarg" = x ]
then
dstfile=`basename $dst`
else
dstfile=`basename $dst $transformbasename |
sed $transformarg`$transformbasename
fi
# don't allow the sed command to completely eliminate the filename
if [ x"$dstfile" = x ]
then
dstfile=`basename $dst`
else
true
fi
# Make a temp file name in the proper directory.
dsttmp=$dstdir/#inst.$$#
# Move or copy the file name to the temp name
$doit $instcmd $src $dsttmp &&
trap "rm -f ${dsttmp}" 0 &&
# and set any options; do chmod last to preserve setuid bits
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $instcmd $src $dsttmp" command.
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
# Now rename the file to the real destination.
$doit $rmcmd -f $dstdir/$dstfile &&
$doit $mvcmd $dsttmp $dstdir/$dstfile
fi &&
exit 0

134
package/network/services/ead/src/tinysrp/missing Executable file
View File

@@ -0,0 +1,134 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
# Copyright (C) 1996, 1997 Free Software Foundation, Inc.
# Franc,ois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
# 02111-1307, USA.
if test $# -eq 0; then
echo 1>&2 "Try \`$0 --help' for more information"
exit 1
fi
case "$1" in
-h|--h|--he|--hel|--help)
echo "\
$0 [OPTION]... PROGRAM [ARGUMENT]...
Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
error status if there is no known handling for PROGRAM.
Options:
-h, --help display this help and exit
-v, --version output version information and exit
Supported PROGRAM values:
aclocal touch file \`aclocal.m4'
autoconf touch file \`configure'
autoheader touch file \`config.h.in'
automake touch all \`Makefile.in' files
bison touch file \`y.tab.c'
makeinfo touch the output file
yacc touch file \`y.tab.c'"
;;
-v|--v|--ve|--ver|--vers|--versi|--versio|--version)
echo "missing - GNU libit 0.0"
;;
-*)
echo 1>&2 "$0: Unknown \`$1' option"
echo 1>&2 "Try \`$0 --help' for more information"
exit 1
;;
aclocal)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`acinclude.m4' or \`configure.in'. You might want
to install the \`Automake' and \`Perl' packages. Grab them from
any GNU archive site."
touch aclocal.m4
;;
autoconf)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`configure.in'. You might want to install the
\`Autoconf' and \`GNU m4' packages. Grab them from any GNU
archive site."
touch configure
;;
autoheader)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`acconfig.h' or \`configure.in'. You might want
to install the \`Autoconf' and \`GNU m4' packages. Grab them
from any GNU archive site."
touch config.h.in
;;
automake)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`Makefile.am', \`acinclude.m4' or \`configure.in'.
You might want to install the \`Automake' and \`Perl' packages.
Grab them from any GNU archive site."
find . -type f -name Makefile.am -print \
| sed 's/^\(.*\).am$/touch \1.in/' \
| sh
;;
bison|yacc)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified a \`.y' file. You may need the \`Bison' package
in order for those modifications to take effect. You can get
\`Bison' from any GNU archive site."
touch y.tab.c
;;
makeinfo)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified a \`.texi' or \`.texinfo' file, or any other file
indirectly affecting the aspect of the manual. The spurious
call might also be the consequence of using a buggy \`make' (AIX,
DU, IRIX). You might want to install the \`Texinfo' package or
the \`GNU make' package. Grab either from any GNU archive site."
file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
if test -z "$file"; then
file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
fi
touch $file
;;
*)
echo 1>&2 "\
WARNING: \`$1' is needed, and you do not seem to have it handy on your
system. You might have modified some files without having the
proper tools for further handling them. Check the \`README' file,
it often tells you about the needed prerequirements for installing
this package. You may also peek at any GNU archive site, in case
some other package would contain this missing \`$1' program."
exit 1
;;
esac
exit 0

39
package/network/services/ead/src/tinysrp/mkinstalldirs Executable file
View File

@@ -0,0 +1,39 @@
#! /bin/sh
# mkinstalldirs --- make directory hierarchy
# Author: Noah Friedman <friedman@prep.ai.mit.edu>
# Created: 1993-05-16
# Public domain
errstatus=0
for file
do
set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
shift
pathcomp=
for d
do
pathcomp="$pathcomp$d"
case "$pathcomp" in
-* ) pathcomp=./$pathcomp ;;
esac
if test ! -d "$pathcomp"; then
echo "mkdir $pathcomp" 1>&2
mkdir "$pathcomp" || lasterr=$?
if test ! -d "$pathcomp"; then
errstatus=$lasterr
fi
fi
pathcomp="$pathcomp/"
done
done
exit $errstatus
# mkinstalldirs ends here

111
package/network/services/ead/src/tinysrp/srvtest.c Normal file
View File

@@ -0,0 +1,111 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#include <stdio.h>
#include "t_defines.h"
#include "t_pwd.h"
#include "t_server.h"
int
main(argc, argv)
int argc;
char * argv[];
{
struct t_server * ts;
struct t_pw * tpw;
struct t_conf * tcnf;
struct t_num * B;
char username[MAXUSERLEN];
char hexbuf[MAXHEXPARAMLEN];
char buf[MAXPARAMLEN];
struct t_num A;
unsigned char * skey;
unsigned char cbuf[20];
FILE * fp;
FILE * fp2;
char confname[256];
printf("Enter username: ");
fgets(username, sizeof(username), stdin);
username[strlen(username) - 1] = '\0';
ts = t_serveropen(username);
if(ts == NULL) {
fprintf(stderr, "User %s not found\n", username);
exit(1);
}
#if 0
printf("n: %s\n", t_tob64(hexbuf, ts->n.data, ts->n.len));
printf("g: %s\n", t_tob64(hexbuf, ts->g.data, ts->g.len));
#endif
printf("index (to client): %d\n", ts->index);
printf("salt (to client): %s\n", t_tob64(hexbuf, ts->s.data, ts->s.len));
B = t_servergenexp(ts);
printf("Enter A (from client): ");
fgets(hexbuf, sizeof(hexbuf), stdin);
A.data = buf;
A.len = t_fromb64(A.data, hexbuf);
printf("B (to client): %s\n", t_tob64(hexbuf, B->data, B->len));
skey = t_servergetkey(ts, &A);
printf("Session key: %s\n", t_tohex(hexbuf, skey, 40));
/* printf("[Expected response: %s]\n", t_tohex(hexbuf, cbuf, 16)); */
printf("Enter response (from client): ");
fgets(hexbuf, sizeof(hexbuf), stdin);
hexbuf[strlen(hexbuf) - 1] = '\0';
t_fromhex(cbuf, hexbuf);
if(t_serververify(ts, cbuf) == 0) {
printf("Authentication successful.\n");
printf("Response (to client): %s\n",
t_tohex(hexbuf, t_serverresponse(ts), RESPONSE_LEN));
} else
printf("Authentication failed.\n");
t_serverclose(ts);
return 0;
}

1
package/network/services/ead/src/tinysrp/stamp-h.in Normal file
View File

@@ -0,0 +1 @@
timestamp

285
package/network/services/ead/src/tinysrp/t_client.c Normal file
View File

@@ -0,0 +1,285 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#include <stdio.h>
#include "t_defines.h"
#include "t_pwd.h"
#include "t_client.h"
#include "t_sha.h"
_TYPE( struct t_client * )
t_clientopen(u, n, g, s)
const char * u;
struct t_num * n;
struct t_num * g;
struct t_num * s;
{
struct t_client * tc;
unsigned char buf1[SHA_DIGESTSIZE], buf2[SHA_DIGESTSIZE];
SHA1_CTX ctxt;
int i, validated;
struct t_preconf * tpc;
validated = 0;
if(n->len < MIN_MOD_BYTES)
return 0;
for(i = 0; i < t_getprecount(); ++i) {
tpc = t_getpreparam(i);
if(tpc->modulus.len == n->len && tpc->generator.len == g->len &&
memcmp(tpc->modulus.data, n->data, n->len) == 0 &&
memcmp(tpc->generator.data, g->data, g->len) == 0) {
validated = 1; /* Match found, done */
break;
}
}
if(validated == 0)
return 0;
if((tc = malloc(sizeof(struct t_client))) == 0)
return 0;
strncpy(tc->username, u, MAXUSERLEN);
SHA1Init(&tc->hash);
tc->n.len = n->len;
tc->n.data = tc->nbuf;
memcpy(tc->n.data, n->data, tc->n.len);
SHA1Init(&ctxt);
SHA1Update(&ctxt, tc->n.data, tc->n.len);
SHA1Final(buf1, &ctxt);
tc->g.len = g->len;
tc->g.data = tc->gbuf;
memcpy(tc->g.data, g->data, tc->g.len);
SHA1Init(&ctxt);
SHA1Update(&ctxt, tc->g.data, tc->g.len);
SHA1Final(buf2, &ctxt);
for(i = 0; i < sizeof(buf1); ++i)
buf1[i] ^= buf2[i];
SHA1Update(&tc->hash, buf1, sizeof(buf1));
SHA1Init(&ctxt);
SHA1Update(&ctxt, tc->username, strlen(tc->username));
SHA1Final(buf1, &ctxt);
SHA1Update(&tc->hash, buf1, sizeof(buf1));
tc->s.len = s->len;
tc->s.data = tc->sbuf;
memcpy(tc->s.data, s->data, tc->s.len);
SHA1Update(&tc->hash, tc->s.data, tc->s.len);
tc->a.data = tc->abuf;
tc->A.data = tc->Abuf;
tc->p.data = tc->pbuf;
tc->v.data = tc->vbuf;
SHA1Init(&tc->ckhash);
return tc;
}
_TYPE( struct t_num * )
t_clientgenexp(tc)
struct t_client * tc;
{
BigInteger a, A, n, g;
if(tc->n.len < ALEN)
tc->a.len = tc->n.len;
else
tc->a.len = ALEN;
t_random(tc->a.data, tc->a.len);
a = BigIntegerFromBytes(tc->a.data, tc->a.len);
n = BigIntegerFromBytes(tc->n.data, tc->n.len);
g = BigIntegerFromBytes(tc->g.data, tc->g.len);
A = BigIntegerFromInt(0);
BigIntegerModExp(A, g, a, n);
tc->A.len = BigIntegerToBytes(A, tc->A.data);
BigIntegerFree(A);
BigIntegerFree(a);
BigIntegerFree(g);
BigIntegerFree(n);
SHA1Update(&tc->hash, tc->A.data, tc->A.len);
SHA1Update(&tc->ckhash, tc->A.data, tc->A.len);
return &tc->A;
}
_TYPE( void )
t_clientpasswd(tc, password)
struct t_client * tc;
char * password;
{
BigInteger n, g, p, v;
SHA1_CTX ctxt;
unsigned char dig[SHA_DIGESTSIZE];
n = BigIntegerFromBytes(tc->n.data, tc->n.len);
g = BigIntegerFromBytes(tc->g.data, tc->g.len);
SHA1Init(&ctxt);
SHA1Update(&ctxt, tc->username, strlen(tc->username));
SHA1Update(&ctxt, ":", 1);
SHA1Update(&ctxt, password, strlen(password));
SHA1Final(dig, &ctxt);
SHA1Init(&ctxt);
SHA1Update(&ctxt, tc->s.data, tc->s.len);
SHA1Update(&ctxt, dig, sizeof(dig));
SHA1Final(dig, &ctxt);
p = BigIntegerFromBytes(dig, sizeof(dig));
v = BigIntegerFromInt(0);
BigIntegerModExp(v, g, p, n);
tc->p.len = BigIntegerToBytes(p, tc->p.data);
BigIntegerFree(p);
tc->v.len = BigIntegerToBytes(v, tc->v.data);
BigIntegerFree(v);
}
_TYPE( unsigned char * )
t_clientgetkey(tc, serverval)
struct t_client * tc;
struct t_num * serverval;
{
BigInteger n, B, v, p, a, sum, S;
unsigned char sbuf[MAXPARAMLEN];
unsigned char dig[SHA_DIGESTSIZE];
unsigned slen;
unsigned int u;
SHA1_CTX ctxt;
SHA1Init(&ctxt);
SHA1Update(&ctxt, serverval->data, serverval->len);
SHA1Final(dig, &ctxt);
u = (dig[0] << 24) | (dig[1] << 16) | (dig[2] << 8) | dig[3];
if(u == 0)
return NULL;
SHA1Update(&tc->hash, serverval->data, serverval->len);
B = BigIntegerFromBytes(serverval->data, serverval->len);
n = BigIntegerFromBytes(tc->n.data, tc->n.len);
if(BigIntegerCmp(B, n) >= 0 || BigIntegerCmpInt(B, 0) == 0) {
BigIntegerFree(B);
BigIntegerFree(n);
return NULL;
}
v = BigIntegerFromBytes(tc->v.data, tc->v.len);
if(BigIntegerCmp(B, v) < 0)
BigIntegerAdd(B, B, n);
BigIntegerSub(B, B, v);
BigIntegerFree(v);
a = BigIntegerFromBytes(tc->a.data, tc->a.len);
p = BigIntegerFromBytes(tc->p.data, tc->p.len);
sum = BigIntegerFromInt(0);
BigIntegerMulInt(sum, p, u);
BigIntegerAdd(sum, sum, a);
BigIntegerFree(p);
BigIntegerFree(a);
S = BigIntegerFromInt(0);
BigIntegerModExp(S, B, sum, n);
slen = BigIntegerToBytes(S, sbuf);
BigIntegerFree(S);
BigIntegerFree(sum);
BigIntegerFree(B);
BigIntegerFree(n);
t_sessionkey(tc->session_key, sbuf, slen);
memset(sbuf, 0, slen);
SHA1Update(&tc->hash, tc->session_key, sizeof(tc->session_key));
SHA1Final(tc->session_response, &tc->hash);
SHA1Update(&tc->ckhash, tc->session_response, sizeof(tc->session_response));
SHA1Update(&tc->ckhash, tc->session_key, sizeof(tc->session_key));
return tc->session_key;
}
_TYPE( int )
t_clientverify(tc, resp)
struct t_client * tc;
unsigned char * resp;
{
unsigned char expected[SHA_DIGESTSIZE];
SHA1Final(expected, &tc->ckhash);
return memcmp(expected, resp, sizeof(expected));
}
_TYPE( unsigned char * )
t_clientresponse(tc)
struct t_client * tc;
{
return tc->session_response;
}
_TYPE( void )
t_clientclose(tc)
struct t_client * tc;
{
memset(tc->abuf, 0, sizeof(tc->abuf));
memset(tc->pbuf, 0, sizeof(tc->pbuf));
memset(tc->vbuf, 0, sizeof(tc->vbuf));
memset(tc->session_key, 0, sizeof(tc->session_key));
free(tc);
}

148
package/network/services/ead/src/tinysrp/t_client.h Normal file
View File

@@ -0,0 +1,148 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#ifndef T_CLIENT_H
#define T_CLIENT_H
#include "t_sha.h"
#if !defined(P)
#ifdef __STDC__
#define P(x) x
#else
#define P(x) ()
#endif
#endif
/* For building dynamic link libraries under windows, windows NT
* using MSVC1.5 or MSVC2.0
*/
#ifndef _DLLDECL
#define _DLLDECL
#ifdef MSVC15 /* MSVC1.5 support for 16 bit apps */
#define _MSVC15EXPORT _export
#define _MSVC20EXPORT
#define _DLLAPI _export _pascal
#define _TYPE(a) a _MSVC15EXPORT
#define DLLEXPORT 1
#elif MSVC20
#define _MSVC15EXPORT
#define _MSVC20EXPORT _declspec(dllexport)
#define _DLLAPI
#define _TYPE(a) _MSVC20EXPORT a
#define DLLEXPORT 1
#else /* Default, non-dll. Use this for Unix or DOS */
#define _MSVC15DEXPORT
#define _MSVC20EXPORT
#define _DLLAPI
#define _TYPE(a) a
#endif
#endif
#define ALEN 32
#define MIN_MOD_BYTES 64 /* 512 bits */
struct t_client {
struct t_num n;
struct t_num g;
struct t_num s;
struct t_num a;
struct t_num A;
struct t_num p;
struct t_num v;
SHA1_CTX hash, ckhash;
char username[MAXUSERLEN];
unsigned char session_key[SESSION_KEY_LEN];
unsigned char session_response[RESPONSE_LEN];
unsigned char nbuf[MAXPARAMLEN], gbuf[MAXPARAMLEN], sbuf[MAXSALTLEN];
unsigned char pbuf[MAXPARAMLEN], vbuf[MAXPARAMLEN];
unsigned char abuf[ALEN], Abuf[MAXPARAMLEN];
};
/*
* SRP client-side negotiation
*
* This code negotiates the client side of an SRP exchange.
* "t_clientopen" accepts a username, and N, g, and s parameters,
* which are usually sent by the server in the first round.
* The client should then call...
* "t_clientgenexp" will generate a random 256-bit exponent and
* raise g to that power, returning the result. This result
* should be sent to the server as w(p).
* "t_clientpasswd" accepts the user's password, which should be
* entered locally and updates the client's state.
* "t_clientgetkey" accepts the exponential y(p), which should
* be sent by the server in the next round and computes the
* 256-bit session key. This data should be saved before the
* session is closed.
* "t_clientresponse" computes the session key proof as SHA(y(p), K).
* "t_clientclose" closes the session and frees its memory.
*
* Note that authentication is not performed per se; it is up
* to either/both sides of the protocol to now verify securely
* that their session keys agree in order to establish authenticity.
* One possible way is through "oracle hashing"; one side sends
* r, the other replies with H(r,K), where H() is a hash function.
*
* t_clientresponse and t_clientverify now implement a version of
* the session-key verification described above.
*/
_TYPE( struct t_client * )
t_clientopen P((const char *, struct t_num *, struct t_num *,
struct t_num *));
_TYPE( struct t_num * ) t_clientgenexp P((struct t_client *));
_TYPE( void ) t_clientpasswd P((struct t_client *, char *));
_TYPE( unsigned char * )
t_clientgetkey P((struct t_client *, struct t_num *));
_TYPE( int ) t_clientverify P((struct t_client *, unsigned char *));
_TYPE( unsigned char * ) t_clientresponse P((struct t_client *));
_TYPE( void ) t_clientclose P((struct t_client *));
#endif

1080
package/network/services/ead/src/tinysrp/t_conf.c Normal file
View File

File diff suppressed because it is too large Load Diff

226
package/network/services/ead/src/tinysrp/t_conv.c Normal file
View File

@@ -0,0 +1,226 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
/*#define _POSIX_SOURCE*/
#include <stdio.h>
#include "t_defines.h"
static int
hexDigitToInt(c)
char c;
{
if(c >= '0' && c <= '9')
return c - '0';
else if(c >= 'a' && c <= 'f')
return c - 'a' + 10;
else if(c >= 'A' && c <= 'F')
return c - 'A' + 10;
else
return 0;
}
/*
* Convert a hex string to a string of bytes; return size of dst
*/
_TYPE( int )
t_fromhex(dst, src)
register char *dst, *src;
{
register char *chp = dst;
register unsigned size = strlen(src);
/* FIXME: handle whitespace and non-hex digits by setting size and src
appropriately. */
if(size % 2 == 1) {
*chp++ = hexDigitToInt(*src++);
--size;
}
while(size > 0) {
*chp++ = (hexDigitToInt(*src) << 4) | hexDigitToInt(*(src + 1));
src += 2;
size -= 2;
}
return chp - dst;
}
/*
* Convert a string of bytes to their hex representation
*/
_TYPE( char * )
t_tohex(dst, src, size)
register char *dst, *src;
register unsigned size;
{
int notleading = 0;
register char *chp = dst;
if (size != 0) do {
if(notleading || *src != '\0') {
notleading = 1;
sprintf(chp, "%.2x", * (unsigned char *) src);
chp += 2;
}
++src;
} while (--size != 0);
return dst;
}
static char b64table[] =
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
/*
* Convert a base64 string into raw byte array representation.
*/
_TYPE( int )
t_fromb64(dst, src)
register char *dst, *src;
{
unsigned char *a;
char *loc;
int i, j;
unsigned int size;
while(*src && (*src == ' ' || *src == '\t' || *src == '\n'))
++src;
size = strlen(src);
a = malloc((size + 1) * sizeof(unsigned char));
if(a == (unsigned char *) 0)
return -1;
i = 0;
while(i < size) {
loc = strchr(b64table, src[i]);
if(loc == (char *) 0)
break;
else
a[i] = loc - b64table;
++i;
}
size = i;
i = size - 1;
j = size;
while(1) {
a[j] = a[i];
if(--i < 0)
break;
a[j] |= (a[i] & 3) << 6;
--j;
a[j] = (unsigned char) ((a[i] & 0x3c) >> 2);
if(--i < 0)
break;
a[j] |= (a[i] & 0xf) << 4;
--j;
a[j] = (unsigned char) ((a[i] & 0x30) >> 4);
if(--i < 0)
break;
a[j] |= (a[i] << 2);
a[--j] = 0;
if(--i < 0)
break;
}
while(j <= size && a[j] == 0)
++j;
memcpy(dst, a + j, size - j + 1);
free(a);
return size - j + 1;
}
/*
* Convert a raw byte string into a null-terminated base64 ASCII string.
*/
_TYPE( char * )
t_tob64(dst, src, size)
register char *dst, *src;
register unsigned size;
{
int c, pos = size % 3;
unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
char *olddst = dst;
switch(pos) {
case 1:
b2 = src[0];
break;
case 2:
b1 = src[0];
b2 = src[1];
break;
}
while(1) {
c = (b0 & 0xfc) >> 2;
if(notleading || c != 0) {
*dst++ = b64table[c];
notleading = 1;
}
c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
if(notleading || c != 0) {
*dst++ = b64table[c];
notleading = 1;
}
c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
if(notleading || c != 0) {
*dst++ = b64table[c];
notleading = 1;
}
c = b2 & 0x3f;
if(notleading || c != 0) {
*dst++ = b64table[c];
notleading = 1;
}
if(pos >= size)
break;
else {
b0 = src[pos++];
b1 = src[pos++];
b2 = src[pos++];
}
}
*dst++ = '\0';
return olddst;
}

169
package/network/services/ead/src/tinysrp/t_defines.h Normal file
View File

@@ -0,0 +1,169 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#ifndef T_DEFINES_H
#define T_DEFINES_H
#ifndef P
#if defined(__STDC__) || defined(__cplusplus)
#define P(x) x
#else
#define P(x) ()
#endif
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif /* HAVE_CONFIG_H */
#ifndef _DLLDECL
#define _DLLDECL
#ifdef MSVC15 /* MSVC1.5 support for 16 bit apps */
#define _MSVC15EXPORT _export
#define _MSVC20EXPORT
#define _DLLAPI _export _pascal
#define _TYPE(a) a _MSVC15EXPORT
#define DLLEXPORT 1
#elif MSVC20
#define _MSVC15EXPORT
#define _MSVC20EXPORT _declspec(dllexport)
#define _DLLAPI
#define _TYPE(a) _MSVC20EXPORT a
#define DLLEXPORT 1
#else /* Default, non-dll. Use this for Unix or DOS */
#define _MSVC15DEXPORT
#define _MSVC20EXPORT
#define _DLLAPI
#define _TYPE(a) a
#endif
#endif
#if STDC_HEADERS
#include <stdlib.h>
#include <string.h>
#else /* not STDC_HEADERS */
#ifndef HAVE_STRCHR
#define strchr index
#define strrchr rindex
#endif
char *strchr(), *strrchr(), *strtok();
#ifndef HAVE_MEMCPY
#define memcpy(d, s, n) bcopy((s), (d), (n))
#endif
#endif /* not STDC_HEADERS */
#include <sys/types.h>
#if TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
#else /* not TIME_WITH_SYS_TIME */
#if HAVE_SYS_TIME_H
#include <sys/time.h>
#else
#include <time.h>
#endif
#endif /* not TIME_WITH_SYS_TIME */
#if HAVE_TERMIOS_H
#include <termios.h>
#define STTY(fd, termio) tcsetattr(fd, TCSANOW, termio)
#define GTTY(fd, termio) tcgetattr(fd, termio)
#define TERMIO struct termios
#define USE_TERMIOS
#elif HAVE_TERMIO_H
#include <sys/ioctl.h>
#include <termio.h>
#define STTY(fd, termio) ioctl(fd, TCSETA, termio)
#define GTTY(fd, termio) ioctl(fd, TCGETA, termio)
#define TEMRIO struct termio
#define USE_TERMIO
#elif HAVE_SGTTY_H
#include <sgtty.h>
#define STTY(fd, termio) stty(fd, termio)
#define GTTY(fd, termio) gtty(fd, termio)
#define TERMIO struct sgttyb
#define USE_SGTTY
#endif
#ifdef USE_FTIME
#include <sys/timeb.h>
#endif
#ifndef MATH_PRIV
typedef void * BigInteger;
#endif
_TYPE( BigInteger ) BigIntegerFromInt P((unsigned int number));
_TYPE( BigInteger ) BigIntegerFromBytes P((unsigned char * bytes, int length));
_TYPE( int ) BigIntegerToBytes P((BigInteger src, unsigned char * dest));
_TYPE( int ) BigIntegerBitLen P((BigInteger b));
_TYPE( int ) BigIntegerCmp P((BigInteger c1, BigInteger c2));
_TYPE( int ) BigIntegerCmpInt P((BigInteger c1, unsigned int c2));
_TYPE( void ) BigIntegerLShift P((BigInteger result, BigInteger x,
unsigned int bits));
_TYPE( void ) BigIntegerAdd P((BigInteger result, BigInteger a1, BigInteger a2));
_TYPE( void ) BigIntegerAddInt P((BigInteger result,
BigInteger a1, unsigned int a2));
_TYPE( void ) BigIntegerSub P((BigInteger result, BigInteger s1, BigInteger s2));
_TYPE( void ) BigIntegerSubInt P((BigInteger result,
BigInteger s1, unsigned int s2));
/* For BigIntegerMul{,Int}: result != m1, m2 */
_TYPE( void ) BigIntegerMul P((BigInteger result, BigInteger m1, BigInteger m2));
_TYPE( void ) BigIntegerMulInt P((BigInteger result,
BigInteger m1, unsigned int m2));
_TYPE( void ) BigIntegerDivInt P((BigInteger result,
BigInteger d, unsigned int m));
_TYPE( void ) BigIntegerMod P((BigInteger result, BigInteger d, BigInteger m));
_TYPE( unsigned int ) BigIntegerModInt P((BigInteger d, unsigned int m));
_TYPE( void ) BigIntegerModMul P((BigInteger result,
BigInteger m1, BigInteger m2, BigInteger m));
_TYPE( void ) BigIntegerModExp P((BigInteger result, BigInteger base,
BigInteger expt, BigInteger modulus));
_TYPE( void ) BigIntegerModExpInt P((BigInteger result, BigInteger base,
unsigned int expt, BigInteger modulus));
_TYPE( int ) BigIntegerCheckPrime P((BigInteger n));
_TYPE( void ) BigIntegerFree P((BigInteger b));
#endif

118
package/network/services/ead/src/tinysrp/t_getconf.c Normal file
View File

@@ -0,0 +1,118 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#include <stdio.h>
#include "t_defines.h"
#include "t_pwd.h"
#include "t_read.h"
/* Master builtin parameter storage object. The default that tphrase
uses is the last one. */
static struct pre_struct {
struct t_preconf preconf;
int state; /* 0 == uninitialized/first time */
unsigned char modbuf[MAXPARAMLEN];
unsigned char genbuf[MAXPARAMLEN];
} pre_params[] = {
{ { "2iQzj1CagQc/5ctbuJYLWlhtAsPHc7xWVyCPAKFRLWKADpASkqe9djWPFWTNTdeJtL8nAhImCn3Sr/IAdQ1FrGw0WvQUstPx3FO9KNcXOwisOQ1VlL.gheAHYfbYyBaxXL.NcJx9TUwgWDT0hRzFzqSrdGGTN3FgSTA1v4QnHtEygNj3eZ.u0MThqWUaDiP87nqha7XnT66bkTCkQ8.7T8L4KZjIImrNrUftedTTBi.WCi.zlrBxDuOM0da0JbUkQlXqvp0yvJAPpC11nxmmZOAbQOywZGmu9nhZNuwTlxjfIro0FOdthaDTuZRL9VL7MRPUDo/DQEyW.d4H.UIlzp",
"2",
NULL }, 0 },
{ { "dUyyhxav9tgnyIg65wHxkzkb7VIPh4o0lkwfOKiPp4rVJrzLRYVBtb76gKlaO7ef5LYGEw3G.4E0jbMxcYBetDy2YdpiP/3GWJInoBbvYHIRO9uBuxgsFKTKWu7RnR7yTau/IrFTdQ4LY/q.AvoCzMxV0PKvD9Odso/LFIItn8PbTov3VMn/ZEH2SqhtpBUkWtmcIkEflhX/YY/fkBKfBbe27/zUaKUUZEUYZ2H2nlCL60.JIPeZJSzsu/xHDVcx",
"2",
NULL }, 0 },
{ { "3NUKQ2Re4P5BEK0TLg2dX3gETNNNECPoe92h4OVMaDn3Xo/0QdjgG/EvM.hiVV1BdIGklSI14HA38Mpe5k04juR5/EXMU0r1WtsLhNXwKBlf2zEfoOh0zVmDvqInpU695f29Iy7sNW3U5RIogcs740oUp2Kdv5wuITwnIx84cnO.e467/IV1lPnvMCr0pd1dgS0a.RV5eBJr03Q65Xy61R",
"2",
NULL }, 0 },
{ { "F//////////oG/QeY5emZJ4ncABWDmSqIa2JWYAPynq0Wk.fZiJco9HIWXvZZG4tU.L6RFDEaCRC2iARV9V53TFuJLjRL72HUI5jNPYNdx6z4n2wQOtxMiB/rosz0QtxUuuQ/jQYP.bhfya4NnB7.P9A6PHxEPJWV//////////",
"5",
"oakley prime 2" }, 0 },
{ { "Ewl2hcjiutMd3Fu2lgFnUXWSc67TVyy2vwYCKoS9MLsrdJVT9RgWTCuEqWJrfB6uE3LsE9GkOlaZabS7M29sj5TnzUqOLJMjiwEzArfiLr9WbMRANlF68N5AVLcPWvNx6Zjl3m5Scp0BzJBz9TkgfhzKJZ.WtP3Mv/67I/0wmRZ",
"2",
NULL }, 0 },
};
_TYPE( int )
t_getprecount()
{
return (sizeof(pre_params) / sizeof(struct pre_struct));
}
static struct t_confent sysconf;
/* id is index origin 1 */
_TYPE( struct t_confent * )
gettcid
(id)
int id;
{
struct t_preconf *tcp;
if (id <= 0 || id > t_getprecount()) {
return NULL;
}
tcp = t_getpreparam(id - 1);
sysconf.index = id;
sysconf.modulus = tcp->modulus;
sysconf.generator = tcp->generator;
return &sysconf;
}
_TYPE( struct t_preconf * )
t_getpreparam(idx)
int idx;
{
if(pre_params[idx].state == 0) {
/* Wire up storage */
pre_params[idx].preconf.modulus.data = pre_params[idx].modbuf;
pre_params[idx].preconf.generator.data = pre_params[idx].genbuf;
/* Convert from b64 to t_num */
pre_params[idx].preconf.modulus.len = t_fromb64(pre_params[idx].preconf.modulus.data, pre_params[idx].preconf.mod_b64);
pre_params[idx].preconf.generator.len = t_fromb64(pre_params[idx].preconf.generator.data, pre_params[idx].preconf.gen_b64);
pre_params[idx].state = 1;
}
return &(pre_params[idx].preconf);
}

191
package/network/services/ead/src/tinysrp/t_getpass.c Normal file
View File

@@ -0,0 +1,191 @@
/*
* Copyright 1990 - 1995, Julianne Frances Haugh
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Julianne F. Haugh nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "t_defines.h"
#ifdef _WIN32
#include <windows.h>
#include <io.h>
#endif /* _WIN32 */
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <signal.h>
#include <stdio.h>
static int sig_caught;
#ifdef HAVE_SIGACTION
static struct sigaction sigact;
#endif
/*ARGSUSED*/
static RETSIGTYPE
sig_catch (sig)
int sig;
{
sig_caught = 1;
}
_TYPE( int )
t_getpass (buf, maxlen, prompt)
char *buf;
unsigned maxlen;
const char *prompt;
{
char *cp;
#ifdef _WIN32
HANDLE handle = (HANDLE) _get_osfhandle(_fileno(stdin));
DWORD mode;
GetConsoleMode( handle, &mode );
SetConsoleMode( handle, mode & ~ENABLE_ECHO_INPUT );
if(fputs(prompt, stdout) == EOF ||
fgets(buf, maxlen, stdin) == NULL) {
SetConsoleMode(handle,mode);
return -1;
}
cp = buf + strlen(buf) - 1;
if ( *cp == 0x0a )
*cp = '\0';
printf("\n");
SetConsoleMode(handle,mode);
#else
FILE *fp;
int tty_opened = 0;
#ifdef HAVE_SIGACTION
struct sigaction old_sigact;
#else
RETSIGTYPE (*old_signal)();
#endif
TERMIO new_modes;
TERMIO old_modes;
/*
* set a flag so the SIGINT signal can be re-sent if it
* is caught
*/
sig_caught = 0;
/*
* if /dev/tty can't be opened, getpass() needs to read
* from stdin instead.
*/
if ((fp = fopen ("/dev/tty", "r")) == 0) {
fp = stdin;
setbuf (fp, (char *) 0);
} else {
tty_opened = 1;
}
/*
* the current tty modes must be saved so they can be
* restored later on. echo will be turned off, except
* for the newline character (BSD has to punt on this)
*/
if (GTTY (fileno (fp), &new_modes))
return -1;
old_modes = new_modes;
#ifdef HAVE_SIGACTION
sigact.sa_handler = sig_catch;
(void) sigaction (SIGINT, &sigact, &old_sigact);
#else
old_signal = signal (SIGINT, sig_catch);
#endif
#ifdef USE_SGTTY
new_modes.sg_flags &= ~ECHO;
#else
new_modes.c_iflag &= ~IGNCR;
new_modes.c_iflag |= ICRNL;
new_modes.c_oflag |= OPOST|ONLCR;
new_modes.c_lflag &= ~(ECHO|ECHOE|ECHOK);
new_modes.c_lflag |= ICANON|ECHONL;
#endif
if (STTY (fileno (fp), &new_modes))
goto out;
/*
* the prompt is output, and the response read without
* echoing. the trailing newline must be removed. if
* the fgets() returns an error, a NULL pointer is
* returned.
*/
if (fputs (prompt, stdout) == EOF)
goto out;
(void) fflush (stdout);
if (fgets (buf, maxlen, fp) == buf) {
if ((cp = strchr (buf, '\n')))
*cp = '\0';
else
buf[maxlen - 1] = '\0';
#ifdef USE_SGTTY
putc ('\n', stdout);
#endif
}
else buf[0] = '\0';
out:
/*
* the old SIGINT handler is restored after the tty
* modes. then /dev/tty is closed if it was opened in
* the beginning. finally, if a signal was caught it
* is sent to this process for normal processing.
*/
if (STTY (fileno (fp), &old_modes))
{ memset (buf, 0, maxlen); return -1; }
#ifdef HAVE_SIGACTION
(void) sigaction (SIGINT, &old_sigact, NULL);
#else
(void) signal (SIGINT, old_signal);
#endif
if (tty_opened)
(void) fclose (fp);
if (sig_caught) {
kill (getpid (), SIGINT);
memset (buf, 0, maxlen);
return -1;
}
#endif
return 0;
}

177
package/network/services/ead/src/tinysrp/t_math.c Normal file
View File

@@ -0,0 +1,177 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#include <stdio.h>
#include <sys/types.h>
#include "config.h"
#include "bn.h"
typedef BIGNUM * BigInteger;
#define MATH_PRIV
#include "t_defines.h"
#include "t_pwd.h"
/* Math library interface stubs */
BigInteger
BigIntegerFromInt(n)
unsigned int n;
{
BIGNUM * a = BN_new();
BN_set_word(a, n);
return a;
}
BigInteger
BigIntegerFromBytes(bytes, length)
unsigned char * bytes;
int length;
{
BIGNUM * a = BN_new();
BN_bin2bn(bytes, length, a);
return a;
}
int
BigIntegerToBytes(src, dest)
BigInteger src;
unsigned char * dest;
{
return BN_bn2bin(src, dest);
}
int
BigIntegerCmp(c1, c2)
BigInteger c1, c2;
{
return BN_cmp(c1, c2);
}
int
BigIntegerCmpInt(c1, c2)
BigInteger c1;
unsigned int c2;
{
BIGNUM * a = BN_new();
int rv;
BN_set_word(a, c2);
rv = BN_cmp(c1, a);
BN_free(a);
return rv;
}
void
BigIntegerAdd(result, a1, a2)
BigInteger result, a1, a2;
{
BN_add(result, a1, a2);
}
void
BigIntegerAddInt(result, a1, a2)
BigInteger result, a1;
unsigned int a2;
{
BIGNUM * a = BN_new();
BN_set_word(a, a2);
BN_add(result, a1, a);
BN_free(a);
}
void
BigIntegerSub(result, s1, s2)
BigInteger result, s1, s2;
{
BN_sub(result, s1, s2);
}
void
BigIntegerMulInt(result, m1, m2)
BigInteger result, m1;
unsigned int m2;
{
BN_CTX * ctx = BN_CTX_new();
BIGNUM * m = BN_new();
BN_set_word(m, m2);
BN_mul(result, m1, m, ctx);
BN_CTX_free(ctx);
}
void
BigIntegerModMul(r, m1, m2, modulus)
BigInteger r, m1, m2, modulus;
{
BN_CTX * ctx = BN_CTX_new();
BN_mod_mul(r, m1, m2, modulus, ctx);
BN_CTX_free(ctx);
}
void
BigIntegerModExp(r, b, e, m)
BigInteger r, b, e, m;
{
BN_CTX * ctx = BN_CTX_new();
BN_mod_exp(r, b, e, m, ctx);
BN_CTX_free(ctx);
}
void
BigIntegerModExpInt(r, b, e, m)
BigInteger r, b;
unsigned int e;
BigInteger m;
{
BN_CTX * ctx = BN_CTX_new();
BIGNUM * p = BN_new();
BN_set_word(p, e);
BN_mod_exp(r, b, p, m, ctx);
BN_free(p);
BN_CTX_free(ctx);
}
void
BigIntegerFree(b)
BigInteger b;
{
BN_free(b);
}

338
package/network/services/ead/src/tinysrp/t_misc.c Normal file
View File

@@ -0,0 +1,338 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#include "t_defines.h"
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include "t_sha.h"
#ifndef NULL
#define NULL 0
#endif
static unsigned char randpool[SHA_DIGESTSIZE], randout[SHA_DIGESTSIZE];
static unsigned long randcnt = 0;
static unsigned int outpos = 0;
SHA1_CTX randctxt;
/*
* t_envhash - Generate a 160-bit SHA hash of the environment
*
* This routine performs an SHA hash of all the "name=value" pairs
* in the environment concatenated together and dumps them in the
* output. While it is true that anyone on the system can see
* your environment, someone not on the system will have a very
* difficult time guessing it, especially since some systems play
* tricks with variable ordering and sometimes define quirky
* environment variables like $WINDOWID or $_.
*/
extern char ** environ;
static void
t_envhash(out)
unsigned char * out;
{
char ** ptr;
char ebuf[256];
SHA1_CTX ctxt;
SHA1Init(&ctxt);
for(ptr = environ; *ptr; ++ptr) {
strncpy(ebuf, *ptr, 255);
ebuf[255] = '\0';
SHA1Update(&ctxt, ebuf, strlen(ebuf));
}
SHA1Final(out, &ctxt);
}
/*
* t_fshash - Generate a 160-bit SHA hash from the file system
*
* This routine climbs up the directory tree from the current
* directory, running stat() on each directory until it hits the
* root directory. This information is sensitive to the last
* access/modification times of all the directories above you,
* so someone who lists one of those directories injects some
* entropy into the system. Obviously, this hash is very sensitive
* to your current directory when the program is run.
*
* For good measure, it also performs an fstat on the standard input,
* usually your tty, throws that into the buffer, creates a file in
* /tmp (the inode is unpredictable on a busy system), and runs stat()
* on that before deleting it.
*
* The entire buffer is run once through SHA to obtain the final result.
*/
static void
t_fshash(out)
unsigned char * out;
{
char dotpath[128];
struct stat st;
SHA1_CTX ctxt;
int i, pinode;
dev_t pdev;
SHA1Init(&ctxt);
if(stat(".", &st) >= 0) {
SHA1Update(&ctxt, (unsigned char *) &st, sizeof(st));
pinode = st.st_ino;
pdev = st.st_dev;
strcpy(dotpath, "..");
for(i = 0; i < 40; ++i) {
if(stat(dotpath, &st) < 0)
break;
if(st.st_ino == pinode && st.st_dev == pdev)
break;
SHA1Update(&ctxt, (unsigned char *) &st, sizeof(st));
pinode = st.st_ino;
pdev = st.st_dev;
strcat(dotpath, "/..");
}
}
if(fstat(0, &st) >= 0)
SHA1Update(&ctxt, (unsigned char *) &st, sizeof(st));
sprintf(dotpath, "/tmp/rnd.%d", getpid());
if(creat(dotpath, 0600) >= 0 && stat(dotpath, &st) >= 0)
SHA1Update(&ctxt, (unsigned char *) &st, sizeof(st));
unlink(dotpath);
SHA1Final(out, &ctxt);
}
/*
* Generate a high-entropy seed for the strong random number generator.
* This uses a wide variety of quickly gathered and somewhat unpredictable
* system information. The 'preseed' structure is assembled from:
*
* The system time in seconds
* The system time in microseconds
* The current process ID
* The parent process ID
* A hash of the user's environment
* A hash gathered from the file system
* Input from a random device, if available
* Timings of system interrupts
*
* The entire structure (60 bytes on most systems) is fed to SHA to produce
* a 160-bit seed for the strong random number generator. It is believed
* that in the worst case (on a quiet system with no random device versus
* an attacker who has access to the system already), the seed contains at
* least about 80 bits of entropy. Versus an attacker who does not have
* access to the system, the entropy should be slightly over 128 bits.
*/
static char initialized = 0;
static struct {
unsigned int trand1;
time_t sec;
time_t usec;
short pid;
short ppid;
unsigned char envh[SHA_DIGESTSIZE];
unsigned char fsh[SHA_DIGESTSIZE];
unsigned char devrand[20];
unsigned int trand2;
} preseed;
unsigned long raw_truerand();
void
t_initrand()
{
SHA1_CTX ctxt;
#ifdef USE_FTIME
struct timeb t;
#else
struct timeval t;
#endif
int i, r=0;
if(initialized)
return;
initialized = 1;
i = open("/dev/urandom", O_RDONLY);
if(i > 0) {
r += read(i, preseed.devrand, sizeof(preseed.devrand));
close(i);
}
/* Resort to truerand only if desperate for some Real entropy */
if(r == 0)
preseed.trand1 = raw_truerand();
#ifdef USE_FTIME
ftime(&t);
#else
gettimeofday(&t, NULL);
#endif
#ifdef USE_FTIME
preseed.sec = t.time;
preseed.usec = t.millitm;
#else
preseed.sec = t.tv_sec;
preseed.usec = t.tv_usec;
#endif
preseed.pid = getpid();
preseed.ppid = getppid();
t_envhash(preseed.envh);
t_fshash(preseed.fsh);
if(r == 0)
preseed.trand2 = raw_truerand();
SHA1Init(&ctxt);
SHA1Update(&ctxt, (unsigned char *) &preseed, sizeof(preseed));
SHA1Final(randpool, &ctxt);
outpos = 0;
memset((unsigned char *) &preseed, 0, sizeof(preseed));
memset((unsigned char *) &ctxt, 0, sizeof(ctxt));
}
#define NUM_RANDOMS 12
/*
* The strong random number generator. This uses a 160-bit seed
* and uses SHA-1 in a feedback configuration to generate successive
* outputs. If S[0] is set to the initial seed, then:
*
* S[i+1] = SHA-1(i || S[i])
* A[i] = SHA-1(S[i])
*
* where the A[i] are the output blocks starting with i=0.
* Each cycle generates 20 bytes of new output.
*/
_TYPE( void )
t_random(data, size)
unsigned char * data;
unsigned size;
{
if(!initialized)
t_initrand();
if(size <= 0) /* t_random(NULL, 0) forces seed initialization */
return;
while(size > outpos) {
if(outpos > 0) {
memcpy(data, randout + (sizeof(randout) - outpos), outpos);
data += outpos;
size -= outpos;
}
/* Recycle */
SHA1Init(&randctxt);
SHA1Update(&randctxt, randpool, sizeof(randpool));
SHA1Final(randout, &randctxt);
SHA1Init(&randctxt);
SHA1Update(&randctxt, (unsigned char *) &randcnt, sizeof(randcnt));
SHA1Update(&randctxt, randpool, sizeof(randpool));
SHA1Final(randpool, &randctxt);
++randcnt;
outpos = sizeof(randout);
}
if(size > 0) {
memcpy(data, randout + (sizeof(randout) - outpos), size);
outpos -= size;
}
}
/*
* The interleaved session-key hash. This separates the even and the odd
* bytes of the input (ignoring the first byte if the input length is odd),
* hashes them separately, and re-interleaves the two outputs to form a
* single 320-bit value.
*/
_TYPE( unsigned char * )
t_sessionkey(key, sk, sklen)
unsigned char * key;
unsigned char * sk;
unsigned sklen;
{
unsigned i, klen;
unsigned char * hbuf;
unsigned char hout[SHA_DIGESTSIZE];
SHA1_CTX ctxt;
while(sklen > 0 && *sk == 0) { /* Skip leading 0's */
--sklen;
++sk;
}
klen = sklen / 2;
if((hbuf = malloc(klen * sizeof(char))) == 0)
return 0;
for(i = 0; i < klen; ++i)
hbuf[i] = sk[sklen - 2 * i - 1];
SHA1Init(&ctxt);
SHA1Update(&ctxt, hbuf, klen);
SHA1Final(hout, &ctxt);
for(i = 0; i < sizeof(hout); ++i)
key[2 * i] = hout[i];
for(i = 0; i < klen; ++i)
hbuf[i] = sk[sklen - 2 * i - 2];
SHA1Init(&ctxt);
SHA1Update(&ctxt, hbuf, klen);
SHA1Final(hout, &ctxt);
for(i = 0; i < sizeof(hout); ++i)
key[2 * i + 1] = hout[i];
memset(hout, 0, sizeof(hout));
memset(hbuf, 0, klen);
free(hbuf);
return key;
}

264
package/network/services/ead/src/tinysrp/t_pw.c Normal file
View File

@@ -0,0 +1,264 @@
/*
* Copyright (c) 1997-2000 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#include "t_defines.h"
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#ifdef USE_HOMEDIR
#include <pwd.h>
#endif
#ifdef WIN32
#include <io.h>
#endif
#include "t_pwd.h"
#include "t_read.h"
#include "t_sha.h"
#include "t_server.h"
static struct t_pw * syspw = NULL;
static struct t_passwd tpass;
_TYPE( struct t_server * )
t_serveropen(username)
const char * username;
{
struct t_passwd * p;
p = gettpnam(username);
if(p == NULL) {
return NULL;
} else {
return t_serveropenraw(&p->tp, &p->tc);
}
}
/* t_openpw(NULL) is deprecated - use settpent()/gettpnam() instead */
_TYPE( struct t_pw * )
t_openpw(fp)
FILE * fp;
{
struct t_pw * tpw;
char close_flag = 0;
if(fp == NULL) { /* Deprecated */
if((fp = fopen(DEFAULT_PASSWD, "r")) == NULL)
return NULL;
close_flag = 1;
}
else
close_flag = 0;
if((tpw = malloc(sizeof(struct t_pw))) == NULL) {
fclose(fp);
return NULL;
}
tpw->instream = fp;
tpw->close_on_exit = close_flag;
tpw->state = FILE_ONLY;
return tpw;
}
_TYPE( struct t_pw * )
t_openpwbyname(pwname)
const char * pwname;
{
FILE * fp;
struct t_pw * t;
if(pwname == NULL) /* Deprecated */
return t_openpw(NULL);
if((fp = fopen(pwname, "r")) == NULL)
return NULL;
t = t_openpw(fp);
t->close_on_exit = 1;
return t;
}
_TYPE( void )
t_closepw(tpw)
struct t_pw * tpw;
{
if(tpw->close_on_exit)
fclose(tpw->instream);
free(tpw);
}
_TYPE( void )
t_rewindpw(tpw)
struct t_pw * tpw;
{
#ifdef ENABLE_YP
if(tpw->state == IN_NIS)
tpw->state = FILE_NIS;
#endif
rewind(tpw->instream);
}
#ifdef ENABLE_YP
static void
savepwent(tpw, pwent)
struct t_pw * tpw;
struct t_pwent *pwent;
{
tpw->pebuf.name = tpw->userbuf;
tpw->pebuf.password.data = tpw->pwbuf;
tpw->pebuf.salt.data = tpw->saltbuf;
strcpy(tpw->pebuf.name, pwent->name);
tpw->pebuf.password.len = pwent->password.len;
memcpy(tpw->pebuf.password.data, pwent->password.data, pwent->password.len);
tpw->pebuf.salt.len = pwent->salt.len;
memcpy(tpw->pebuf.salt.data, pwent->salt.data, pwent->salt.len);
tpw->pebuf.index = pwent->index;
}
#endif /* ENABLE_YP */
_TYPE( struct t_pwent * )
t_getpwbyname(tpw, user)
struct t_pw * tpw;
const char * user;
{
char indexbuf[16];
char passbuf[MAXB64PARAMLEN];
char saltstr[MAXB64SALTLEN];
char username[MAXUSERLEN];
#ifdef ENABLE_YP
struct t_passwd * nisent;
#endif
t_rewindpw(tpw);
while(t_nextfield(tpw->instream, username, MAXUSERLEN) > 0) {
#ifdef ENABLE_YP
if(tpw->state == FILE_NIS && *username == '+') {
if(strlen(username) == 1 || strcmp(user, username+1) == 0) {
nisent = _yp_gettpnam(user); /* Entry is +username or + */
if(nisent != NULL) {
savepwent(tpw, &nisent->tp);
return &tpw->pebuf;
}
}
}
#endif
if(strcmp(user, username) == 0)
if(t_nextfield(tpw->instream, passbuf, MAXB64PARAMLEN) > 0 &&
(tpw->pebuf.password.len = t_fromb64(tpw->pwbuf, passbuf)) > 0 &&
t_nextfield(tpw->instream, saltstr, MAXB64SALTLEN) > 0 &&
(tpw->pebuf.salt.len = t_fromb64(tpw->saltbuf, saltstr)) > 0 &&
t_nextfield(tpw->instream, indexbuf, 16) > 0 &&
(tpw->pebuf.index = atoi(indexbuf)) > 0) {
strcpy(tpw->userbuf, username);
tpw->pebuf.name = tpw->userbuf;
tpw->pebuf.password.data = tpw->pwbuf;
tpw->pebuf.salt.data = tpw->saltbuf;
t_nextline(tpw->instream);
return &tpw->pebuf;
}
if(t_nextline(tpw->instream) < 0)
return NULL;
}
return NULL;
}
/* System password file accessors */
static int
pwinit()
{
if(syspw == NULL) {
if((syspw = t_openpwbyname(DEFAULT_PASSWD)) == NULL)
return -1;
syspw->state = FILE_NIS;
}
return 0;
}
static void
pwsetup(out, tpwd, tcnf)
struct t_passwd * out;
struct t_pwent * tpwd;
struct t_confent * tcnf;
{
out->tp.name = tpwd->name;
out->tp.password.len = tpwd->password.len;
out->tp.password.data = tpwd->password.data;
out->tp.salt.len = tpwd->salt.len;
out->tp.salt.data = tpwd->salt.data;
out->tp.index = tpwd->index;
out->tc.index = tcnf->index;
out->tc.modulus.len = tcnf->modulus.len;
out->tc.modulus.data = tcnf->modulus.data;
out->tc.generator.len = tcnf->generator.len;
out->tc.generator.data = tcnf->generator.data;
}
_TYPE( struct t_passwd * )
gettpnam
(user)
const char * user;
{
struct t_pwent * tpptr;
struct t_confent * tcptr;
if(pwinit() < 0)
return NULL;
tpptr = t_getpwbyname(syspw, user);
if(tpptr == NULL)
return NULL;
tcptr =
gettcid
(tpptr->index);
if(tcptr == NULL)
return NULL;
pwsetup(&tpass, tpptr, tcptr);
return &tpass;
}

310
package/network/services/ead/src/tinysrp/t_pwd.h Normal file
View File

@@ -0,0 +1,310 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#ifndef T_PWD_H
#define T_PWD_H
#ifndef P
#if defined (__STDC__) || defined (__cplusplus)
#define P(x) x
#else
#define P(x) ()
#endif
#endif
/* For building dynamic link libraries under windows, windows NT
* using MSVC1.5 or MSVC2.0
*/
#ifndef _DLLDECL
#define _DLLDECL
#ifdef MSVC15 /* MSVC1.5 support for 16 bit apps */
#define _MSVC15EXPORT _export
#define _MSVC20EXPORT
#define _DLLAPI _export _pascal
#define _TYPE(a) a _MSVC15EXPORT
#define DLLEXPORT 1
#elif MSVC20
#define _MSVC15EXPORT
#define _MSVC20EXPORT _declspec(dllexport)
#define _DLLAPI
#define _TYPE(a) _MSVC20EXPORT a
#define DLLEXPORT 1
#else /* Default, non-dll. Use this for Unix or DOS */
#define _MSVC15DEXPORT
#define _MSVC20EXPORT
#define _DLLAPI
#define _TYPE(a) a
#endif
#endif
#define MAXPARAMBITS 2048
#define MAXPARAMLEN ((MAXPARAMBITS + 7) / 8)
#define MAXB64PARAMLEN ((MAXPARAMBITS + 5) / 6 + 1)
#define MAXHEXPARAMLEN ((MAXPARAMBITS + 3) / 4 + 1)
#define MAXOCTPARAMLEN ((MAXPARAMBITS + 2) / 3 + 1)
#define MAXUSERLEN 32
#define MAXSALTLEN 32
#define MAXB64SALTLEN 44 /* 256 bits in b64 + null */
#define SALTLEN 10 /* Normally 80 bits */
#define RESPONSE_LEN 20 /* 160-bit proof hashes */
#define SESSION_KEY_LEN (2 * RESPONSE_LEN) /* 320-bit session key */
#define DEFAULT_PASSWD "tpasswd"
struct t_num { /* Standard byte-oriented integer representation */
int len;
unsigned char * data;
};
struct t_preconf { /* Structure returned by t_getpreparam() */
char * mod_b64;
char * gen_b64;
char * comment;
struct t_num modulus;
struct t_num generator;
};
/*
* The built-in (known good) parameters access routines
*
* "t_getprecount" returns the number of precompiled parameter sets.
* "t_getpreparam" returns the indicated parameter set.
* Memory is statically allocated - callers need not perform any memory mgmt.
*/
_TYPE( int ) t_getprecount();
_TYPE( struct t_preconf * ) t_getpreparam P((int));
struct t_confent { /* One configuration file entry (index, N, g) */
int index;
struct t_num modulus;
struct t_num generator;
};
struct t_conf { /* An open configuration file */
FILE * instream;
char close_on_exit;
unsigned char modbuf[MAXPARAMLEN];
unsigned char genbuf[MAXPARAMLEN];
struct t_confent tcbuf;
};
/*
* The configuration file routines are designed along the lines of the
* "getpw" functions in the standard C library.
*
* "t_openconf" accepts a stdio stream and interprets it as a config file.
* "t_openconfbyname" accepts a filename and does the same thing.
* "t_closeconf" closes the config file.
* "t_getconfent" fetches the next sequential configuration entry.
* "t_getconfbyindex" fetches the configuration entry whose index
* matches the one supplied, or NULL if one can't be found.
* "t_getconflast" fetches the last configuration entry in the file.
* "t_makeconfent" generates a set of configuration entry parameters
* randomly.
* "t_newconfent" returns an empty configuration entry.
* "t_cmpconfent" compares two configuration entries a la strcmp.
* "t_checkconfent" verifies that a set of configuration parameters
* are suitable. N must be prime and should be a safe prime.
* "t_putconfent" writes a configuration entry to a stream.
*/
_TYPE( struct t_conf * ) t_openconf P((FILE *));
_TYPE( struct t_conf * ) t_openconfbyname P((const char *));
_TYPE( void ) t_closeconf P((struct t_conf *));
_TYPE( void ) t_rewindconf P((struct t_conf *));
_TYPE( struct t_confent * ) t_getconfent P((struct t_conf *));
_TYPE( struct t_confent * ) t_getconfbyindex P((struct t_conf *, int));
_TYPE( struct t_confent * ) t_getconflast P((struct t_conf *));
_TYPE( struct t_confent * ) t_makeconfent P((struct t_conf *, int));
_TYPE( struct t_confent * ) t_makeconfent_c P((struct t_conf *, int));
_TYPE( struct t_confent * ) t_newconfent P((struct t_conf *));
_TYPE( int ) t_cmpconfent P((const struct t_confent *, const struct t_confent *));
_TYPE( int ) t_checkconfent P((const struct t_confent *));
_TYPE( void ) t_putconfent P((const struct t_confent *, FILE *));
/* libc-style system conf file access */
_TYPE( struct t_confent *) gettcent();
_TYPE( struct t_confent *) gettcid P((int));
_TYPE( void ) settcent();
_TYPE( void ) endtcent();
#ifdef ENABLE_NSW
extern struct t_confent * _gettcent();
extern struct t_confent * _gettcid P((int));
extern void _settcent();
extern void _endtcent();
#endif
/* A hack to support '+'-style entries in the passwd file */
typedef enum fstate {
FILE_ONLY, /* Ordinary file, don't consult NIS ever */
FILE_NIS, /* Currently accessing file, use NIS if encountered */
IN_NIS, /* Currently in a '+' entry; use NIS for getXXent */
} FILE_STATE;
struct t_pwent { /* A single password file entry */
char * name;
struct t_num password;
struct t_num salt;
int index;
};
struct t_pw { /* An open password file */
FILE * instream;
char close_on_exit;
FILE_STATE state;
char userbuf[MAXUSERLEN];
unsigned char pwbuf[MAXPARAMLEN];
unsigned char saltbuf[SALTLEN];
struct t_pwent pebuf;
};
/*
* The password manipulation routines are patterned after the getpw*
* standard C library function calls.
*
* "t_openpw" reads a stream as if it were a password file.
* "t_openpwbyname" opens the named file as a password file.
* "t_closepw" closes an open password file.
* "t_rewindpw" starts the internal file pointer from the beginning
* of the password file.
* "t_getpwent" retrieves the next sequential password entry.
* "t_getpwbyname" looks up the password entry corresponding to the
* specified user.
* "t_makepwent" constructs a password entry from a username, password,
* numeric salt, and configuration entry.
* "t_putpwent" writes a password entry to a stream.
*/
_TYPE( struct t_pw * ) t_openpw P((FILE *));
_TYPE( struct t_pw * ) t_openpwbyname P((const char *));
_TYPE( void ) t_closepw P((struct t_pw *));
_TYPE( void ) t_rewindpw P((struct t_pw *));
_TYPE( struct t_pwent * ) t_getpwent P((struct t_pw *));
_TYPE( struct t_pwent * ) t_getpwbyname P((struct t_pw *, const char *));
_TYPE( struct t_pwent * ) t_makepwent P((struct t_pw *, const char *,
const char *, const struct t_num *,
const struct t_confent *));
_TYPE( void ) t_putpwent P((const struct t_pwent *, FILE *));
struct t_passwd {
struct t_pwent tp;
struct t_confent tc;
};
/* libc-style system password file access */
_TYPE( struct t_passwd * ) gettpent();
_TYPE( struct t_passwd * ) gettpnam P((const char *));
_TYPE( void ) settpent();
_TYPE( void ) endtpent();
#ifdef ENABLE_NSW
extern struct t_passwd * _gettpent();
extern struct t_passwd * _gettpnam P((const char *));
extern void _settpent();
extern void _endtpent();
#endif
/*
* Utility functions
*
* "t_verifypw" accepts a username and password, and checks against the
* system password file to see if the password for that user is correct.
* Returns > 0 if it is correct, 0 if not, and -1 if some error occurred
* (i.e. the user doesn't exist on the system). This is intended ONLY
* for local authentication; for remote authentication, look at the
* t_client and t_server source. (That's the whole point of SRP!)
* "t_changepw" modifies the specified file, substituting the given password
* entry for the one already in the file. If no matching entry is found,
* the new entry is simply appended to the file.
* "t_deletepw" removes the specified user from the specified file.
*/
_TYPE( int ) t_verifypw P((const char *, const char *));
_TYPE( int ) t_changepw P((const char *, const struct t_pwent *));
_TYPE( int ) t_deletepw P((const char *, const char *));
/* Conversion utilities */
/*
* All these calls accept output as the first parameter. In the case of
* t_tohex and t_tob64, the last argument is the length of the byte-string
* input.
*/
_TYPE( char * t_tohex ) P((char *, char *, unsigned));
_TYPE( int ) t_fromhex P((char *, char *));
_TYPE( char * ) t_tob64 P((char *, char *, unsigned));
_TYPE( int ) t_fromb64 P((char *, char *));
/* Miscellaneous utilities */
/*
* "t_random" is a cryptographic random number generator, which is seeded
* from various high-entropy sources and uses a one-way hash function
* in a feedback configuration.
* "t_sessionkey" is the interleaved hash used to generate session keys
* from a large integer.
* "t_getpass" reads a password from the terminal without echoing.
*/
_TYPE( void ) t_random P((unsigned char *, unsigned));
_TYPE( void ) t_stronginitrand();
_TYPE( unsigned char * )
t_sessionkey P((unsigned char *, unsigned char *, unsigned));
_TYPE( int ) t_getpass P((char *, unsigned, const char *));
/*
* Return value of t_checkprime:
* < 0 : not prime
* = 0 : prime, but not safe
* > 0 : safe
*/
#define NUM_NOTPRIME -1
#define NUM_NOTSAFE 0
#define NUM_SAFE 1
_TYPE( int ) t_checkprime P((const struct t_num *));
#endif

81
package/network/services/ead/src/tinysrp/t_read.c Normal file
View File

@@ -0,0 +1,81 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#include <stdio.h>
#include "config.h"
#define FSEPARATOR ':'
int
t_nextfield(fp, s, max)
FILE * fp;
char * s;
unsigned max;
{
int c, count = 0;
while((c = getc(fp)) != EOF) {
if(c == '\n') {
ungetc(c, fp);
break;
}
else if(c == FSEPARATOR)
break;
if(count < max - 1) {
*s++ = c;
++count;
}
}
*s++ = '\0';
return count;
}
int
t_nextline(fp)
FILE * fp;
{
int c;
while((c = getc(fp)) != '\n')
if(c == EOF)
return -1;
return 0;
}

55
package/network/services/ead/src/tinysrp/t_read.h Normal file
View File

@@ -0,0 +1,55 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#ifndef _T_READ_H_
#define _T_READ_H_
#if !defined(P)
#ifdef __STDC__
#define P(x) x
#else
#define P(x) ()
#endif
#endif
extern int t_nextfield P((FILE *, char *, unsigned));
extern int t_nextline P((FILE *));
#endif

259
package/network/services/ead/src/tinysrp/t_server.c Normal file
View File

@@ -0,0 +1,259 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#include <stdio.h>
#include "t_defines.h"
#include "t_pwd.h"
#include "t_server.h"
_TYPE( struct t_server * )
t_serveropenraw(ent, tce)
struct t_pwent * ent;
struct t_confent * tce;
{
struct t_server * ts;
unsigned char buf1[SHA_DIGESTSIZE], buf2[SHA_DIGESTSIZE];
SHA1_CTX ctxt;
int i;
if((ts = malloc(sizeof(struct t_server))) == 0)
return 0;
SHA1Init(&ts->ckhash);
ts->index = ent->index;
ts->n.len = tce->modulus.len;
ts->n.data = ts->nbuf;
memcpy(ts->n.data, tce->modulus.data, ts->n.len);
SHA1Init(&ctxt);
SHA1Update(&ctxt, ts->n.data, ts->n.len);
SHA1Final(buf1, &ctxt);
ts->g.len = tce->generator.len;
ts->g.data = ts->gbuf;
memcpy(ts->g.data, tce->generator.data, ts->g.len);
SHA1Init(&ctxt);
SHA1Update(&ctxt, ts->g.data, ts->g.len);
SHA1Final(buf2, &ctxt);
for(i = 0; i < sizeof(buf1); ++i)
buf1[i] ^= buf2[i];
SHA1Update(&ts->ckhash, buf1, sizeof(buf1));
SHA1Init(&ctxt);
SHA1Update(&ctxt, ent->name, strlen(ent->name));
SHA1Final(buf1, &ctxt);
SHA1Update(&ts->ckhash, buf1, sizeof(buf1));
ts->v.len = ent->password.len;
ts->v.data = ts->vbuf;
memcpy(ts->v.data, ent->password.data, ts->v.len);
ts->s.len = ent->salt.len;
ts->s.data = ts->saltbuf;
memcpy(ts->s.data, ent->salt.data, ts->s.len);
SHA1Update(&ts->ckhash, ts->s.data, ts->s.len);
ts->b.data = ts->bbuf;
ts->B.data = ts->Bbuf;
SHA1Init(&ts->hash);
SHA1Init(&ts->oldhash);
SHA1Init(&ts->oldckhash);
return ts;
}
_TYPE( struct t_num * )
t_servergenexp(ts)
struct t_server * ts;
{
BigInteger b, B, v, n, g;
if(ts->n.len < BLEN)
ts->b.len = ts->n.len;
else
ts->b.len = BLEN;
t_random(ts->b.data, ts->b.len);
b = BigIntegerFromBytes(ts->b.data, ts->b.len);
n = BigIntegerFromBytes(ts->n.data, ts->n.len);
g = BigIntegerFromBytes(ts->g.data, ts->g.len);
B = BigIntegerFromInt(0);
BigIntegerModExp(B, g, b, n);
v = BigIntegerFromBytes(ts->v.data, ts->v.len);
BigIntegerAdd(B, B, v);
if(BigIntegerCmp(B, n) > 0)
BigIntegerSub(B, B, n);
ts->B.len = BigIntegerToBytes(B, ts->B.data);
BigIntegerFree(v);
BigIntegerFree(B);
BigIntegerFree(b);
BigIntegerFree(g);
BigIntegerFree(n);
SHA1Update(&ts->oldckhash, ts->B.data, ts->B.len);
return &ts->B;
}
_TYPE( unsigned char * )
t_servergetkey(ts, clientval)
struct t_server * ts;
struct t_num * clientval;
{
BigInteger n, v, A, b, prod, res, S;
SHA1_CTX ctxt;
unsigned char sbuf[MAXPARAMLEN];
unsigned char dig[SHA_DIGESTSIZE];
unsigned slen;
unsigned int u;
SHA1Update(&ts->ckhash, clientval->data, clientval->len);
SHA1Update(&ts->ckhash, ts->B.data, ts->B.len);
SHA1Init(&ctxt);
SHA1Update(&ctxt, ts->B.data, ts->B.len);
SHA1Final(dig, &ctxt);
u = (dig[0] << 24) | (dig[1] << 16) | (dig[2] << 8) | dig[3];
SHA1Update(&ts->oldhash, clientval->data, clientval->len);
SHA1Update(&ts->hash, clientval->data, clientval->len);
n = BigIntegerFromBytes(ts->n.data, ts->n.len);
b = BigIntegerFromBytes(ts->b.data, ts->b.len);
v = BigIntegerFromBytes(ts->v.data, ts->v.len);
A = BigIntegerFromBytes(clientval->data, clientval->len);
prod = BigIntegerFromInt(0);
BigIntegerModExpInt(prod, v, u, n);
res = BigIntegerFromInt(0);
BigIntegerModMul(res, prod, A, n);
BigIntegerFree(A);
BigIntegerFree(v);
BigIntegerFree(prod);
if(BigIntegerCmpInt(res, 1) <= 0) { /* Check for Av^u == 1 (mod n) */
BigIntegerFree(res);
BigIntegerFree(b);
BigIntegerFree(n);
return NULL;
}
S = BigIntegerFromInt(0);
BigIntegerAddInt(S, res, 1);
if(BigIntegerCmp(S, n) == 0) { /* Check for Av^u == -1 (mod n) */
BigIntegerFree(res);
BigIntegerFree(b);
BigIntegerFree(n);
BigIntegerFree(S);
return NULL;
}
BigIntegerModExp(S, res, b, n);
slen = BigIntegerToBytes(S, sbuf);
BigIntegerFree(S);
BigIntegerFree(res);
BigIntegerFree(b);
BigIntegerFree(n);
t_sessionkey(ts->session_key, sbuf, slen);
memset(sbuf, 0, slen);
SHA1Update(&ts->oldhash, ts->session_key, sizeof(ts->session_key));
SHA1Update(&ts->oldckhash, ts->session_key, sizeof(ts->session_key));
SHA1Update(&ts->ckhash, ts->session_key, sizeof(ts->session_key));
return ts->session_key;
}
_TYPE( int )
t_serververify(ts, resp)
struct t_server * ts;
unsigned char * resp;
{
unsigned char expected[SHA_DIGESTSIZE];
int i;
SHA1Final(expected, &ts->oldckhash);
i = memcmp(expected, resp, sizeof(expected));
if(i == 0) {
SHA1Final(ts->session_response, &ts->oldhash);
return 0;
}
SHA1Final(expected, &ts->ckhash);
i = memcmp(expected, resp, sizeof(expected));
if(i == 0) {
SHA1Update(&ts->hash, expected, sizeof(expected));
SHA1Update(&ts->hash, ts->session_key, sizeof(ts->session_key));
SHA1Final(ts->session_response, &ts->hash);
}
return i;
}
_TYPE( unsigned char * )
t_serverresponse(ts)
struct t_server * ts;
{
return ts->session_response;
}
_TYPE( void )
t_serverclose(ts)
struct t_server * ts;
{
memset(ts->bbuf, 0, sizeof(ts->bbuf));
memset(ts->vbuf, 0, sizeof(ts->vbuf));
memset(ts->saltbuf, 0, sizeof(ts->saltbuf));
memset(ts->session_key, 0, sizeof(ts->session_key));
free(ts);
}

138
package/network/services/ead/src/tinysrp/t_server.h Normal file
View File

@@ -0,0 +1,138 @@
/*
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#ifndef T_SERVER_H
#define T_SERVER_H
#include "t_sha.h"
#if !defined(P)
#ifdef __STDC__
#define P(x) x
#else
#define P(x) ()
#endif
#endif
#ifndef _DLLDECL
#define _DLLDECL
#ifdef MSVC15 /* MSVC1.5 support for 16 bit apps */
#define _MSVC15EXPORT _export
#define _MSVC20EXPORT
#define _DLLAPI _export _pascal
#define _TYPE(a) a _MSVC15EXPORT
#define DLLEXPORT 1
#elif MSVC20
#define _MSVC15EXPORT
#define _MSVC20EXPORT _declspec(dllexport)
#define _DLLAPI
#define _TYPE(a) _MSVC20EXPORT a
#define DLLEXPORT 1
#else /* Default, non-dll. Use this for Unix or DOS */
#define _MSVC15DEXPORT
#define _MSVC20EXPORT
#define _DLLAPI
#define _TYPE(a) a
#endif
#endif
#define BLEN 32
struct t_server {
int index;
struct t_num n;
struct t_num g;
struct t_num v;
struct t_num s;
struct t_num b;
struct t_num B;
SHA1_CTX oldhash, hash, oldckhash, ckhash;
unsigned char session_key[SESSION_KEY_LEN];
unsigned char session_response[RESPONSE_LEN];
unsigned char nbuf[MAXPARAMLEN], gbuf[MAXPARAMLEN], vbuf[MAXPARAMLEN];
unsigned char saltbuf[MAXSALTLEN], bbuf[BLEN], Bbuf[MAXPARAMLEN];
};
/*
* SRP server-side negotiation
*
* This code negotiates the server side of an SRP exchange.
* "t_serveropen" accepts a username (sent by the client), a pointer
* to an open password file, and a pointer to an open configuration
* file. The server should then call...
* "t_servergenexp" will generate a random 256-bit exponent and
* raise g (from the configuration file) to that power, returning
* the result. This result should be sent to the client as y(p).
* "t_servergetkey" accepts the exponential w(p), which should be
* sent by the client, and computes the 256-bit session key.
* This data should be saved before the session is closed.
* "t_serverresponse" computes the session key proof as SHA(w(p), K).
* "t_serverclose" closes the session and frees its memory.
*
* Note that authentication is not performed per se; it is up
* to either/both sides of the protocol to now verify securely
* that their session keys agree in order to establish authenticity.
* One possible way is through "oracle hashing"; one side sends
* r, the other replies with H(r,K), where H() is a hash function.
*
* t_serverresponse and t_serververify now implement a version of
* the session-key verification described above.
*/
_TYPE( struct t_server * )
t_serveropen P((const char *));
_TYPE( struct t_server * )
t_serveropenfromfiles P((const char *, struct t_pw *, struct t_conf *));
_TYPE( struct t_server * )
t_serveropenraw P((struct t_pwent *, struct t_confent *));
_TYPE( struct t_num * ) t_servergenexp P((struct t_server *));
_TYPE( unsigned char * ) t_servergetkey P((struct t_server *, struct t_num *));
_TYPE( int ) t_serververify P((struct t_server *, unsigned char *));
_TYPE( unsigned char * ) t_serverresponse P((struct t_server *));
_TYPE( void ) t_serverclose P((struct t_server *));
#endif

166
package/network/services/ead/src/tinysrp/t_sha.c Normal file
View File

@@ -0,0 +1,166 @@
#include "t_defines.h"
#include "t_sha.h"
/*
SHA-1 in C
By Steve Reid <steve@edmweb.com>
100% Public Domain
Test Vectors (from FIPS PUB 180-1)
"abc"
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
A million repetitions of "a"
34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
*/
/* #define WORDS_BIGENDIAN * This should be #define'd if true. */
/* #define SHA1HANDSOFF * Copies data before messing with it. */
#include <stdio.h>
#include <string.h>
static void SHA1Transform(uint32 state[5], const unsigned char buffer[64]);
#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
/* blk0() and blk() perform the initial expand. */
/* I got the idea of expanding during the round function from SSLeay */
#ifndef WORDS_BIGENDIAN
#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
|(rol(block->l[i],8)&0x00FF00FF))
#else
#define blk0(i) block->l[i]
#endif
#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
^block->l[(i+2)&15]^block->l[i&15],1))
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
/* Hash a single 512-bit block. This is the core of the algorithm. */
static void SHA1Transform(uint32 state[5], const unsigned char buffer[64])
{
uint32 a, b, c, d, e;
typedef union {
unsigned char c[64];
uint32 l[16];
} CHAR64LONG16;
CHAR64LONG16* block;
#ifdef SHA1HANDSOFF
static unsigned char workspace[64];
block = (CHAR64LONG16*)workspace;
memcpy(block, buffer, 64);
#else
block = (CHAR64LONG16*)buffer;
#endif
/* Copy context->state[] to working vars */
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
/* 4 rounds of 20 operations each. Loop unrolled. */
R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
/* Add the working vars back into context.state[] */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
state[4] += e;
/* Wipe variables */
a = b = c = d = e = 0;
}
/* SHA1Init - Initialize new context */
void SHA1Init(SHA1_CTX* context)
{
/* SHA1 initialization constants */
context->state[0] = 0x67452301;
context->state[1] = 0xEFCDAB89;
context->state[2] = 0x98BADCFE;
context->state[3] = 0x10325476;
context->state[4] = 0xC3D2E1F0;
context->count[0] = context->count[1] = 0;
}
/* Run your data through this. */
void SHA1Update(SHA1_CTX* context, const unsigned char* data, unsigned int len)
{
unsigned int i, j;
j = (context->count[0] >> 3) & 63;
if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
context->count[1] += (len >> 29);
if ((j + len) > 63) {
memcpy(&context->buffer[j], data, (i = 64-j));
SHA1Transform(context->state, context->buffer);
for ( ; i + 63 < len; i += 64) {
SHA1Transform(context->state, &data[i]);
}
j = 0;
}
else i = 0;
memcpy(&context->buffer[j], &data[i], len - i);
}
/* Add padding and return the message digest. */
void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
{
uint32 i, j;
unsigned char finalcount[8];
for (i = 0; i < 8; i++) {
finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
>> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
}
SHA1Update(context, (unsigned char *)"\200", 1);
while ((context->count[0] & 504) != 448) {
SHA1Update(context, (unsigned char *)"\0", 1);
}
SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
for (i = 0; i < 20; i++) {
digest[i] = (unsigned char)
((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
}
/* Wipe variables */
i = j = 0;
memset(context->buffer, 0, 64);
memset(context->state, 0, 20);
memset(context->count, 0, 8);
memset(&finalcount, 0, 8);
#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */
SHA1Transform(context->state, context->buffer);
#endif
}

26
package/network/services/ead/src/tinysrp/t_sha.h Normal file
View File

@@ -0,0 +1,26 @@
#ifndef T_SHA_H
#define T_SHA_H
#if !defined(P)
#ifdef __STDC__
#define P(x) x
#else
#define P(x) ()
#endif
#endif
#define SHA_DIGESTSIZE 20
typedef unsigned int uint32;
typedef struct {
uint32 state[5];
uint32 count[2];
unsigned char buffer[64];
} SHA1_CTX;
void SHA1Init P((SHA1_CTX* context));
void SHA1Update P((SHA1_CTX* context, const unsigned char* data, unsigned int len));
void SHA1Final P((unsigned char digest[20], SHA1_CTX* context));
#endif /* T_SHA_H */

151
package/network/services/ead/src/tinysrp/t_truerand.c Normal file
View File

@@ -0,0 +1,151 @@
/*
* Physically random numbers (very nearly uniform)
* D. P. Mitchell
* Modified by Matt Blaze 7/95
*/
/*
* The authors of this software are Don Mitchell and Matt Blaze.
* Copyright (c) 1995 by AT&T.
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
* all copies of any software which is or includes a copy or
* modification of this software and in all copies of the supporting
* documentation for such software.
*
* This software may be subject to United States export controls.
*
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTY. IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
* OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
*/
/*
* WARNING: depending on the particular platform, raw_truerand()
* output may be biased or correlated. In general, you can expect
* about 16 bits of "pseudo-entropy" out of each 32 bit word returned
* by truerand(), but it may not be uniformly diffused. You should
* raw_therefore run the output through some post-whitening function
* (like MD5 or DES or whatever) before using it to generate key
* material. (RSAREF's random package does this for you when you feed
* raw_truerand() bits to the seed input function.)
*
* The application interface, for 8, 16, and 32 bit properly "whitened"
* random numbers, can be found in trand8(), trand16(), and trand32().
* Use those instead of calling raw_truerand() directly.
*
* The basic idea here is that between clock "skew" and various
* hard-to-predict OS event arrivals, counting a tight loop will yield
* a little (maybe a third of a bit or so) of "good" randomness per
* interval clock tick. This seems to work well even on unloaded
* machines. If there is a human operator at the machine, you should
* augment truerand with other measure, like keyboard event timing.
* On server machines (e.g., when you need to generate a
* Diffie-Hellman secret) truerand alone may be good enough.
*
* Test these assumptions on your own platform before fielding a
* system based on this software or these techniques.
*
* This software seems to work well (at 10 or so bits per
* raw_truerand() call) on a Sun Sparc-20 under SunOS 4.1.3 and on a
* P100 under BSDI 2.0. You're on your own elsewhere.
*
*/
#include "t_defines.h"
#include <signal.h>
#include <setjmp.h>
#include <sys/time.h>
#include <math.h>
#include <stdio.h>
#ifdef OLD_TRUERAND
static jmp_buf env;
#endif
static unsigned volatile count
#ifndef OLD_TRUERAND
, done = 0
#endif
;
static unsigned ocount;
static unsigned buffer;
static void
tick()
{
struct itimerval it, oit;
it.it_interval.tv_sec = 0;
it.it_interval.tv_usec = 0;
it.it_value.tv_sec = 0;
it.it_value.tv_usec = 16665;
if (setitimer(ITIMER_REAL, &it, &oit) < 0)
perror("tick");
}
static void
interrupt()
{
if (count) {
#ifdef OLD_TRUERAND
longjmp(env, 1);
#else
++done;
return;
#endif
}
(void) signal(SIGALRM, interrupt);
tick();
}
static unsigned long
roulette()
{
#ifdef OLD_TRUERAND
if (setjmp(env)) {
count ^= (count>>3) ^ (count>>6) ^ ocount;
count &= 0x7;
ocount=count;
buffer = (buffer<<3) ^ count;
return buffer;
}
#else
done = 0;
#endif
(void) signal(SIGALRM, interrupt);
count = 0;
tick();
#ifdef OLD_TRUERAND
for (;;)
#else
while(done == 0)
#endif
count++; /* about 1 MHz on VAX 11/780 */
#ifndef OLD_TRUERAND
count ^= (count>>3) ^ (count>>6) ^ ocount;
count &= 0x7;
ocount=count;
buffer = (buffer<<3) ^ count;
return buffer;
#endif
}
unsigned long
raw_truerand()
{
count=0;
(void) roulette();
(void) roulette();
(void) roulette();
(void) roulette();
(void) roulette();
(void) roulette();
(void) roulette();
(void) roulette();
(void) roulette();
(void) roulette();
return roulette();
}

157
package/network/services/ead/src/tinysrp/tconf.c Normal file
View File

@@ -0,0 +1,157 @@
/*
* Copyright (c) 1997-2000 The Stanford SRP Authentication Project
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following conditions apply:
*
* 1. Any software that incorporates the SRP authentication technology
* must display the following acknowlegment:
* "This product uses the 'Secure Remote Password' cryptographic
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
*
* 2. Any software that incorporates all or part of the SRP distribution
* itself must also display the following acknowledgment:
* "This product includes software developed by Tom Wu and Eugene
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
*
* 3. Redistributions in source or binary form must retain an intact copy
* of this copyright notice and list of conditions.
*/
#include <unistd.h> /* close getlogin */
#include <stdlib.h> /* atexit exit */
#include <stdio.h>
#include <string.h>
#include "t_pwd.h"
#define MIN_BASIS_BITS 512
#define BASIS_BITS 2048
extern int optind;
extern char *optarg;
extern int errno;
char *progName;
int debug = 0;
int verbose = 0;
int composite = 0;
int main(argc, argv)
int argc;
char *argv[];
{
char *chp;
char *configFile = NULL;
char cbuf[256];
char b64buf[MAXB64PARAMLEN];
int c, ch, i, lastidx, keylen, yesno, fsize, status, nparams;
FILE *efp;
struct t_preconf * tpc;
struct t_conf tcs;
struct t_conf * tc = &tcs;
struct t_confent * tcent;
progName = *argv;
if ((chp = strrchr(progName, '/')) != (char *) 0) progName = chp + 1;
while ((ch = getopt(argc, argv, "dv2c:")) != EOF)
switch(ch) {
case 'c':
configFile = optarg;
break;
case 'v':
verbose++;
break;
case 'd':
debug++;
break;
case '2':
composite++;
break;
default:
fprintf(stderr, "usage: %s [-dv2] [-c configfile]\n", progName);
exit(1);
}
argc -= optind;
argv += optind;
lastidx = 0;
keylen = 0;
tcent = t_newconfent(tc);
printf("\nThis program will generate a set of parameters for the EPS\n");
printf("password file. The size of these parameters, measured in bits,\n");
printf("determines the level of security offered by SRP, and is related\n");
printf("to the security of similarly-sized RSA or Diffie-Hellman keys.\n");
printf("Choosing a predefined field is generally preferable to generating\n");
printf("a new field because clients can avoid costly parameter verification.\n");
printf("Either way, the values generated by this program are public and\n");
printf("can even shared between systems.\n");
printf("\nEnter the new field size, in bits. Suggested sizes:\n\n");
printf(" 512 (fast, minimally secure)\n");
printf(" 768 (moderate security)\n");
printf("1024 (most popular default)\n");
printf("1536 (additional security, possibly slow)\n");
printf("2048 (maximum supported security level)\n");
printf("\nField size (%d to %d): ", MIN_BASIS_BITS, BASIS_BITS);
fgets(cbuf, sizeof(cbuf), stdin);
fsize = atoi(cbuf);
if(fsize < MIN_BASIS_BITS || fsize > BASIS_BITS) {
fprintf(stderr, "%s: field size must be between %d and %d\n",
progName, MIN_BASIS_BITS, BASIS_BITS);
exit(1);
}
if(fsize <= keylen)
fprintf(stderr, "Warning: new field size is not larger than old field size\n");
printf("\nInitializing random number generator...");
fflush(stdout);
t_initrand();
if(composite)
printf("done.\n\nGenerating a %d-bit composite with safe prime factors. This may take a while.\n", fsize);
else
printf("done.\n\nGenerating a %d-bit safe prime. This may take a while.\n", fsize);
while((tcent = (composite ? t_makeconfent_c(tc, fsize) :
t_makeconfent(tc, fsize))) == NULL)
printf("Parameter generation failed, retrying...\n");
tcent->index = lastidx + 1;
printf("\nParameters successfully generated.\n");
printf("N = [%s]\n", t_tob64(b64buf,
tcent->modulus.data, tcent->modulus.len));
printf("g = [%s]\n", t_tob64(b64buf,
tcent->generator.data, tcent->generator.len));
printf("\nYou must update the pre_params array in t_getconf.c\n");
}

235
package/network/services/ead/src/tinysrp/tinysrp.c Normal file
View File

@@ -0,0 +1,235 @@
/* This bit implements a simple API for using the SRP library over sockets. */
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include "t_defines.h"
#include "t_pwd.h"
#include "t_server.h"
#include "t_client.h"
#include "tinysrp.h"
#ifndef MSG_WAITALL
#ifdef linux
#define MSG_WAITALL 0x100 /* somehow not defined on my box */
#endif
#endif
/* This is called by the client with a connected socket, username, and
passphrase. pass can be NULL in which case the user is queried. */
int tsrp_client_authenticate(int s, char *user, char *pass, TSRP_SESSION *tsrp)
{
int i, index;
unsigned char username[MAXUSERLEN + 1], sbuf[MAXSALTLEN];
unsigned char msgbuf[MAXPARAMLEN + 1], bbuf[MAXPARAMLEN];
unsigned char passbuf[128], *skey;
struct t_client *tc;
struct t_preconf *tcp; /* @@@ should go away */
struct t_num salt, *A, B;
/* Send the username. */
i = strlen(user);
if (i > MAXUSERLEN) {
i = MAXUSERLEN;
}
msgbuf[0] = i;
memcpy(msgbuf + 1, user, i);
if (send(s, msgbuf, i + 1, 0) < 0) {
return 0;
}
memcpy(username, user, i);
username[i] = '\0';
/* Get the prime index and salt. */
i = recv(s, msgbuf, 2, MSG_WAITALL);
if (i <= 0) {
return 0;
}
index = msgbuf[0];
if (index <= 0 || index > t_getprecount()) {
return 0;
}
tcp = t_getpreparam(index - 1);
salt.len = msgbuf[1];
if (salt.len > MAXSALTLEN) {
return 0;
}
salt.data = sbuf;
i = recv(s, sbuf, salt.len, MSG_WAITALL);
if (i <= 0) {
return 0;
}
/* @@@ t_clientopen() needs a variant that takes the index */
tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &salt);
if (tc == NULL) {
return 0;
}
/* Calculate A and send it to the server. */
A = t_clientgenexp(tc);
msgbuf[0] = A->len - 1; /* len is max 256 */
memcpy(msgbuf + 1, A->data, A->len);
if (send(s, msgbuf, A->len + 1, 0) < 0) {
return 0;
}
/* Ask the user for the passphrase. */
if (pass == NULL) {
t_getpass(passbuf, sizeof(passbuf), "Enter password:");
pass = passbuf;
}
t_clientpasswd(tc, pass);
/* Get B from the server. */
i = recv(s, msgbuf, 1, 0);
if (i <= 0) {
return 0;
}
B.len = msgbuf[0] + 1;
B.data = bbuf;
i = recv(s, bbuf, B.len, MSG_WAITALL);
if (i <= 0) {
return 0;
}
/* Compute the session key. */
skey = t_clientgetkey(tc, &B);
if (skey == NULL) {
return 0;
}
/* Send the response. */
if (send(s, t_clientresponse(tc), RESPONSE_LEN, 0) < 0) {
return 0;
}
/* Get the server's response. */
i = recv(s, msgbuf, RESPONSE_LEN, MSG_WAITALL);
if (i <= 0) {
return 0;
}
if (t_clientverify(tc, msgbuf) != 0) {
return 0;
}
/* All done. Now copy the key and clean up. */
if (tsrp) {
memcpy(tsrp->username, username, strlen(username) + 1);
memcpy(tsrp->key, skey, SESSION_KEY_LEN);
}
t_clientclose(tc);
return 1;
}
/* This is called by the server with a connected socket. */
int tsrp_server_authenticate(int s, TSRP_SESSION *tsrp)
{
int i, j;
unsigned char username[MAXUSERLEN], *skey;
unsigned char msgbuf[MAXPARAMLEN + 1], abuf[MAXPARAMLEN];
struct t_server *ts;
struct t_num A, *B;
/* Get the username. */
i = recv(s, msgbuf, 1, 0);
if (i <= 0) {
return 0;
}
j = msgbuf[0];
i = recv(s, username, j, MSG_WAITALL);
if (i <= 0) {
return 0;
}
username[j] = '\0';
ts = t_serveropen(username);
if (ts == NULL) {
return 0;
}
/* Send the prime index and the salt. */
msgbuf[0] = ts->index; /* max 256 primes... */
i = ts->s.len;
msgbuf[1] = i;
memcpy(msgbuf + 2, ts->s.data, i);
if (send(s, msgbuf, i + 2, 0) < 0) {
return 0;
}
/* Calculate B while we're waiting. */
B = t_servergenexp(ts);
/* Get A from the client. */
i = recv(s, msgbuf, 1, 0);
if (i <= 0) {
return 0;
}
A.len = msgbuf[0] + 1;
A.data = abuf;
i = recv(s, abuf, A.len, MSG_WAITALL);
if (i <= 0) {
return 0;
}
/* Now send B. */
msgbuf[0] = B->len - 1;
memcpy(msgbuf + 1, B->data, B->len);
if (send(s, msgbuf, B->len + 1, 0) < 0) {
return 0;
}
/* Calculate the session key while we're waiting. */
skey = t_servergetkey(ts, &A);
if (skey == NULL) {
return 0;
}
/* Get the response from the client. */
i = recv(s, msgbuf, RESPONSE_LEN, MSG_WAITALL);
if (i <= 0) {
return 0;
}
if (t_serververify(ts, msgbuf) != 0) {
return 0;
}
/* Client authenticated. Now authenticate ourselves to the client. */
if (send(s, t_serverresponse(ts), RESPONSE_LEN, 0) < 0) {
return 0;
}
/* Copy the key and clean up. */
if (tsrp) {
memcpy(tsrp->username, username, strlen(username) + 1);
memcpy(tsrp->key, skey, SESSION_KEY_LEN);
}
t_serverclose(ts);
return 1;
}

18
package/network/services/ead/src/tinysrp/tinysrp.h Normal file
View File

@@ -0,0 +1,18 @@
/* Simple API for the tinysrp library. */
#ifndef T_PWD_H
#define MAXUSERLEN 32
#define SESSION_KEY_LEN 40 /* 320-bit session key */
#endif
typedef struct {
char username[MAXUSERLEN + 1];
unsigned char key[SESSION_KEY_LEN];
} TSRP_SESSION;
/* These functions are passed a connected socket, and return true for a
successful authentication. If tsrp is not NULL, the username and key
fields are filled in. */
extern int tsrp_server_authenticate(int s, TSRP_SESSION *tsrp);
extern int tsrp_client_authenticate(int s, char *user, char *pass, TSRP_SESSION *tsrp);

2
package/network/services/ead/src/tinysrp/tpasswd Normal file
View File

@@ -0,0 +1,2 @@
moo:A9lHvOGAMJvw1m3vcDsQRUFovh6/QUmLDKqwhv.drKQzbE9nS7HrOZLUPx2MmS6ewwybN8RHqpWqnUJRCMFT14FMbYXR7kYNUUQNx43A7F.xrVOU7tlFq5NjoK9sfFtp6PMdbIOP5wzWmipiNFlCOu4sjlSZb.o7C1chLzTKU.0:19AI0Hc9jEkdFc:5
new user:1FsanML2fbTOEsa072bLjyRD1LEqoRD2GwElfN0VmHeR.FAg5A.2.G5bTjIHmMmHL60kgoAHJZhRrgopalYmujlyAuQoKiHJb98SHm1oJaQ9nl/DrZCvfyw5LpVMqg.CupdiWz6OtmOz8fwC96ItExFnNDt6SmsVDIOn4HqXG6C0lLaqEvcqlN3gFDlJXyP2yldM.LJ1TkHTHmA3DjRkmWEUL3mWEgzkEHyPcRB3Jd5ncDT7jaNbJTTLRoOtgRsaqE7OXuPADoK8MGBcUquYBRrGwyU4Y/wW4gLc3QmV793zxkk.P3.dxkLSjro/Kk94D7kC6fx3K9tadLJyzd94rr:3v/KRlxT0.oYF1:1

354
package/network/services/ead/src/tinysrp/tphrase.c Normal file
View File

@@ -0,0 +1,354 @@
/* Add passphrases to the tpasswd file. Use the last entry in the config
file by default or a particular one specified by index. */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "config.h"
#include "t_pwd.h"
#include "t_read.h"
#include "t_sha.h"
#include "t_defines.h"
char *Progname;
char Usage[] = "usage: %s [-n configindex] [-p passfile] user\n";
#define USAGE() fprintf(stderr, Usage, Progname)
void doit(char *);
int Configindex = -1;
char *Passfile = DEFAULT_PASSWD;
int main(int argc, char **argv)
{
int c;
Progname = *argv;
/* Parse option arguments. */
while ((c = getopt(argc, argv, "n:p:")) != EOF) {
switch (c) {
case 'n':
Configindex = atoi(optarg);
break;
case 'p':
Passfile = optarg;
break;
default:
USAGE();
exit(1);
}
}
argc -= optind;
argv += optind;
if (argc != 1) {
USAGE();
exit(1);
}
doit(argv[0]);
return 0;
}
void doit(char *name)
{
char passphrase[128], passphrase1[128];
FILE *f;
struct t_confent *tcent;
struct t_pw eps_passwd;
/* Get the config entry. */
if (Configindex <= 0) {
Configindex = t_getprecount();
}
tcent = gettcid(Configindex);
if (tcent == NULL) {
fprintf(stderr, "Invalid configuration file entry.\n");
exit(1);
}
/* Ask for the passphrase twice. */
printf("Setting passphrase for %s\n", name);
if (t_getpass(passphrase, sizeof(passphrase), "Enter passphrase: ") < 0) {
exit(1);
}
if (t_getpass(passphrase1, sizeof(passphrase1), "Verify: ") < 0) {
exit(1);
}
if (strcmp(passphrase, passphrase1) != 0) {
fprintf(stderr, "mismatch\n");
exit(1);
}
/* Create the passphrase verifier. */
t_makepwent(&eps_passwd, name, passphrase, NULL, tcent);
/* Don't need these anymore. */
memset(passphrase, 0, sizeof(passphrase));
memset(passphrase1, 0, sizeof(passphrase1));
/* See if the passphrase file is there; create it if not. */
if ((f = fopen(Passfile, "r+")) == NULL) {
creat(Passfile, 0400);
} else {
fclose(f);
}
/* Change the passphrase. */
if (t_changepw(Passfile, &eps_passwd.pebuf) < 0) {
fprintf(stderr, "Error changing passphrase\n");
exit(1);
}
}
/* TODO: Implement a more general method to handle delete/change */
_TYPE( int )
t_changepw(pwname, diff)
const char * pwname;
const struct t_pwent * diff;
{
char * bakfile;
char * bakfile2;
struct stat st;
FILE * passfp;
FILE * bakfp;
if(pwname == NULL)
pwname = DEFAULT_PASSWD;
if((passfp = fopen(pwname, "rb")) == NULL || fstat(fileno(passfp), &st) < 0)
return -1;
if((bakfile = malloc(strlen(pwname) + 5)) == NULL) {
fclose(passfp);
return -1;
}
else if((bakfile2 = malloc(strlen(pwname) + 5)) == NULL) {
fclose(passfp);
free(bakfile);
return -1;
}
sprintf(bakfile, "%s.bak", pwname);
sprintf(bakfile2, "%s.sav", pwname);
if((bakfp = fopen(bakfile2, "wb")) == NULL &&
(unlink(bakfile2) < 0 || (bakfp = fopen(bakfile2, "wb")) == NULL)) {
fclose(passfp);
free(bakfile);
free(bakfile2);
return -1;
}
#ifdef NO_FCHMOD
chmod(bakfile2, st.st_mode & 0777);
#else
fchmod(fileno(bakfp), st.st_mode & 0777);
#endif
t_pwcopy(bakfp, passfp, diff);
fclose(bakfp);
fclose(passfp);
#ifdef USE_RENAME
unlink(bakfile);
if(rename(pwname, bakfile) < 0) {
free(bakfile);
free(bakfile2);
return -1;
}
if(rename(bakfile2, pwname) < 0) {
free(bakfile);
free(bakfile2);
return -1;
}
#else
unlink(bakfile);
link(pwname, bakfile);
unlink(pwname);
link(bakfile2, pwname);
unlink(bakfile2);
#endif
free(bakfile);
free(bakfile2);
return 0;
}
_TYPE( struct t_pwent * )
t_makepwent(tpw, user, pass, salt, confent)
struct t_pw * tpw;
const char * user;
const char * pass;
const struct t_num * salt;
const struct t_confent * confent;
{
BigInteger x, v, n, g;
unsigned char dig[SHA_DIGESTSIZE];
SHA1_CTX ctxt;
tpw->pebuf.name = tpw->userbuf;
tpw->pebuf.password.data = tpw->pwbuf;
tpw->pebuf.salt.data = tpw->saltbuf;
strncpy(tpw->pebuf.name, user, MAXUSERLEN);
tpw->pebuf.index = confent->index;
if(salt) {
tpw->pebuf.salt.len = salt->len;
memcpy(tpw->pebuf.salt.data, salt->data, salt->len);
}
else {
memset(dig, 0, SALTLEN); /* salt is 80 bits */
tpw->pebuf.salt.len = SALTLEN;
do {
t_random(tpw->pebuf.salt.data, SALTLEN);
} while(memcmp(tpw->pebuf.salt.data, dig, SALTLEN) == 0);
if(tpw->pebuf.salt.data[0] == 0)
tpw->pebuf.salt.data[0] = 0xff;
}
n = BigIntegerFromBytes(confent->modulus.data, confent->modulus.len);
g = BigIntegerFromBytes(confent->generator.data, confent->generator.len);
v = BigIntegerFromInt(0);
SHA1Init(&ctxt);
SHA1Update(&ctxt, user, strlen(user));
SHA1Update(&ctxt, ":", 1);
SHA1Update(&ctxt, pass, strlen(pass));
SHA1Final(dig, &ctxt);
SHA1Init(&ctxt);
SHA1Update(&ctxt, tpw->pebuf.salt.data, tpw->pebuf.salt.len);
SHA1Update(&ctxt, dig, sizeof(dig));
SHA1Final(dig, &ctxt);
/* x = H(s, H(u, ':', p)) */
x = BigIntegerFromBytes(dig, sizeof(dig));
BigIntegerModExp(v, g, x, n);
tpw->pebuf.password.len = BigIntegerToBytes(v, tpw->pebuf.password.data);
BigIntegerFree(v);
BigIntegerFree(x);
BigIntegerFree(g);
BigIntegerFree(n);
return &tpw->pebuf;
}
int
t_pwcopy(pwdest, pwsrc, diff)
FILE * pwdest;
FILE * pwsrc;
struct t_pwent * diff;
{
struct t_pw * src;
struct t_pwent * ent;
if((src = t_openpw(pwsrc)) == NULL)
return -1;
while((ent = t_getpwent(src)) != NULL)
if(diff && strcmp(diff->name, ent->name) == 0) {
t_putpwent(diff, pwdest);
diff = NULL;
}
else
t_putpwent(ent, pwdest);
if(diff)
t_putpwent(diff, pwdest);
return 0;
}
_TYPE( struct t_pwent * )
t_getpwent(tpw)
struct t_pw * tpw;
{
char indexbuf[16];
char passbuf[MAXB64PARAMLEN];
char saltstr[MAXB64SALTLEN];
#ifdef ENABLE_YP
struct t_passwd * nisent;
/* FIXME: should tell caller to get conf entry from NIS also */
if(tpw->state == IN_NIS) {
nisent = _yp_gettpent();
if(nisent != NULL) {
savepwent(tpw, &nisent->tp);
return &tpw->pebuf;
}
tpw->state = FILE_NIS;
}
#endif
while(1) {
if(t_nextfield(tpw->instream, tpw->userbuf, MAXUSERLEN) > 0) {
#ifdef ENABLE_YP
if(tpw->state == FILE_NIS && *tpw->userbuf == '+') {
t_nextline(tpw->instream);
if(strlen(tpw->userbuf) > 1) { /* +name:... */
nisent = _yp_gettpnam(tpw->userbuf + 1);
if(nisent != NULL) {
savepwent(tpw, nisent);
return &tpw->pebuf;
}
}
else { /* +:... */
tpw->state = IN_NIS;
_yp_settpent();
return t_getpwent(tpw);
}
}
#endif
if(t_nextfield(tpw->instream, passbuf, MAXB64PARAMLEN) > 0 &&
(tpw->pebuf.password.len = t_fromb64(tpw->pwbuf, passbuf)) > 0 &&
t_nextfield(tpw->instream, saltstr, MAXB64SALTLEN) > 0 &&
(tpw->pebuf.salt.len = t_fromb64(tpw->saltbuf, saltstr)) > 0 &&
t_nextfield(tpw->instream, indexbuf, 16) > 0 &&
(tpw->pebuf.index = atoi(indexbuf)) > 0) {
tpw->pebuf.name = tpw->userbuf;
tpw->pebuf.password.data = tpw->pwbuf;
tpw->pebuf.salt.data = tpw->saltbuf;
t_nextline(tpw->instream);
return &tpw->pebuf;
}
}
if(t_nextline(tpw->instream) < 0)
return NULL;
}
}
_TYPE( void )
t_putpwent(ent, fp)
const struct t_pwent * ent;
FILE * fp;
{
char strbuf[MAXB64PARAMLEN];
char saltbuf[MAXB64SALTLEN];
fprintf(fp, "%s:%s:%s:%d\n", ent->name,
t_tob64(strbuf, ent->password.data, ent->password.len),
t_tob64(saltbuf, ent->salt.data, ent->salt.len), ent->index);
}

89
package/network/services/hostapd/Config.in Normal file
View File

@@ -0,0 +1,89 @@
# wpa_supplicant config
config WPA_RFKILL_SUPPORT
bool "Add rfkill support"
depends on PACKAGE_wpa-supplicant || \
PACKAGE_wpa-supplicant-openssl || \
PACKAGE_wpa-supplicant-wolfssl || \
PACKAGE_wpa-supplicant-mesh-openssl || \
PACKAGE_wpa-supplicant-mesh-wolfssl || \
PACKAGE_wpa-supplicant-basic || \
PACKAGE_wpa-supplicant-mini || \
PACKAGE_wpa-supplicant-p2p || \
PACKAGE_wpad || \
PACKAGE_wpad-openssl || \
PACKAGE_wpad-wolfssl || \
PACKAGE_wpad-basic || \
PACKAGE_wpad-basic-openssl || \
PACKAGE_wpad-basic-wolfssl || \
PACKAGE_wpad-mini || \
PACKAGE_wpad-mesh-openssl || \
PACKAGE_wpad-mesh-wolfssl
default n
config WPA_MSG_MIN_PRIORITY
int "Minimum debug message priority"
depends on PACKAGE_wpa-supplicant || \
PACKAGE_wpa-supplicant-openssl || \
PACKAGE_wpa-supplicant-wolfssl || \
PACKAGE_wpa-supplicant-mesh-openssl || \
PACKAGE_wpa-supplicant-mesh-wolfssl || \
PACKAGE_wpa-supplicant-basic || \
PACKAGE_wpa-supplicant-mini || \
PACKAGE_wpa-supplicant-p2p || \
PACKAGE_wpad || \
PACKAGE_wpad-openssl || \
PACKAGE_wpad-wolfssl || \
PACKAGE_wpad-basic || \
PACKAGE_wpad-basic-openssl || \
PACKAGE_wpad-basic-wolfssl || \
PACKAGE_wpad-mini || \
PACKAGE_wpad-mesh-openssl || \
PACKAGE_wpad-mesh-wolfssl
default 3
help
Useful values are:
0 = all messages
1 = raw message dumps
2 = most debugging messages
3 = info messages
4 = warnings
5 = errors
config WPA_WOLFSSL
bool
default PACKAGE_wpa-supplicant-wolfssl ||\
PACKAGE_wpad-wolfssl ||\
PACKAGE_wpad-basic-wolfssl || \
PACKAGE_wpad-mesh-wolfssl ||\
PACKAGE_eapol-test-wolfssl
select WOLFSSL_HAS_AES_CCM
select WOLFSSL_HAS_ARC4
select WOLFSSL_HAS_DH
select WOLFSSL_HAS_OCSP
select WOLFSSL_HAS_SESSION_TICKET
select WOLFSSL_HAS_WPAS
config DRIVER_WEXT_SUPPORT
bool
default n
config DRIVER_11N_SUPPORT
bool
default n
config DRIVER_11AC_SUPPORT
bool
default n
config DRIVER_11AX_SUPPORT
bool
default n
config WPA_ENABLE_WEP
bool "Enable support for unsecure and obsolete WEP"
help
Wired equivalent privacy (WEP) is an obsolete cryptographic data
confidentiality algorithm that is not considered secure. It should not be used
for anything anymore. The functionality needed to use WEP is available in the
current hostapd release under this optional build parameter and completely
removed in a future release.

709
package/network/services/hostapd/Makefile Normal file
View File

@@ -0,0 +1,709 @@
# SPDX-License-Identifier: GPL-2.0-only
#
# Copyright (C) 2006-2021 OpenWrt.org
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_DATE:=2021-05-22
PKG_SOURCE_VERSION:=b102f19bcc53c7f7db3951424d4d46709b4f1986
PKG_MIRROR_HASH:=cb3cb968883042fc582752be1607586696c18e6ecf9808c9a8ac50e204584367
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-3-Clause
PKG_CPE_ID:=cpe:/a:w1.fi:hostapd
PKG_BUILD_PARALLEL:=1
PKG_ASLR_PIE_REGULAR:=1
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_kmod-ath9k \
CONFIG_PACKAGE_kmod-cfg80211 \
CONFIG_PACKAGE_hostapd \
CONFIG_PACKAGE_hostapd-basic \
CONFIG_PACKAGE_hostapd-mini \
CONFIG_WPA_RFKILL_SUPPORT \
CONFIG_DRIVER_WEXT_SUPPORT \
CONFIG_DRIVER_11N_SUPPORT \
CONFIG_DRIVER_11AC_SUPPORT \
CONFIG_DRIVER_11AX_SUPPORT \
CONFIG_WPA_ENABLE_WEP
EAPOL_TEST_PROVIDERS:=eapol-test eapol-test-openssl eapol-test-wolfssl
SUPPLICANT_PROVIDERS:=
HOSTAPD_PROVIDERS:=
LOCAL_TYPE=$(strip \
$(if $(findstring wpad,$(BUILD_VARIANT)),wpad, \
$(if $(findstring supplicant,$(BUILD_VARIANT)),supplicant, \
hostapd \
)))
LOCAL_AND_LIB_VARIANT=$(patsubst hostapd-%,%,\
$(patsubst wpad-%,%,\
$(patsubst supplicant-%,%,\
$(BUILD_VARIANT)\
)))
LOCAL_VARIANT=$(patsubst %-internal,%,\
$(patsubst %-openssl,%,\
$(patsubst %-wolfssl,%,\
$(LOCAL_AND_LIB_VARIANT)\
)))
SSL_VARIANT=$(strip \
$(if $(findstring openssl,$(LOCAL_AND_LIB_VARIANT)),openssl,\
$(if $(findstring wolfssl,$(LOCAL_AND_LIB_VARIANT)),wolfssl,\
internal\
)))
CONFIG_VARIANT:=$(LOCAL_VARIANT)
ifeq ($(LOCAL_VARIANT),mesh)
CONFIG_VARIANT:=full
endif
include $(INCLUDE_DIR)/package.mk
STAMP_CONFIGURED:=$(STAMP_CONFIGURED)_$(CONFIG_WPA_MSG_MIN_PRIORITY)
ifneq ($(CONFIG_DRIVER_11N_SUPPORT),)
HOSTAPD_IEEE80211N:=y
endif
ifneq ($(CONFIG_DRIVER_11AC_SUPPORT),)
HOSTAPD_IEEE80211AC:=y
endif
ifneq ($(CONFIG_DRIVER_11AX_SUPPORT),)
HOSTAPD_IEEE80211AX:=y
endif
DRIVER_MAKEOPTS= \
CONFIG_ACS=$(CONFIG_PACKAGE_kmod-cfg80211) \
CONFIG_DRIVER_NL80211=$(CONFIG_PACKAGE_kmod-cfg80211) \
CONFIG_IEEE80211N=$(HOSTAPD_IEEE80211N) \
CONFIG_IEEE80211AC=$(HOSTAPD_IEEE80211AC) \
CONFIG_IEEE80211AX=$(HOSTAPD_IEEE80211AX) \
CONFIG_DRIVER_WEXT=$(CONFIG_DRIVER_WEXT_SUPPORT) \
ifeq ($(SSL_VARIANT),openssl)
DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y
TARGET_LDFLAGS += -lcrypto -lssl
ifeq ($(LOCAL_VARIANT),basic)
DRIVER_MAKEOPTS += CONFIG_OWE=y
endif
ifeq ($(LOCAL_VARIANT),mesh)
DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y
endif
ifeq ($(LOCAL_VARIANT),full)
DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y
endif
endif
ifeq ($(SSL_VARIANT),wolfssl)
DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_SAE=y
TARGET_LDFLAGS += -lwolfssl
ifeq ($(LOCAL_VARIANT),basic)
DRIVER_MAKEOPTS += CONFIG_OWE=y
endif
ifeq ($(LOCAL_VARIANT),mesh)
DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
endif
ifeq ($(LOCAL_VARIANT),full)
DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
endif
endif
ifneq ($(LOCAL_TYPE),hostapd)
ifdef CONFIG_WPA_RFKILL_SUPPORT
DRIVER_MAKEOPTS += NEED_RFKILL=y
endif
endif
ifdef CONFIG_USE_GLIBC
TARGET_LDFLAGS += -lrt
TARGET_LDFLAGS_C += -lrt
endif
DRV_DEPENDS:=+PACKAGE_kmod-cfg80211:libnl-tiny
define Package/hostapd/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
TITLE:=IEEE 802.1x Authenticator
URL:=http://hostap.epitest.fi/
DEPENDS:=$(DRV_DEPENDS) +hostapd-common +libubus
USERID:=network=101:network=101
PROVIDES:=hostapd
CONFLICTS:=$(HOSTAPD_PROVIDERS)
HOSTAPD_PROVIDERS+=$(1)
endef
define Package/hostapd
$(call Package/hostapd/Default,$(1))
TITLE+= (built-in full)
VARIANT:=full-internal
endef
define Package/hostapd/description
This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
Authenticator.
endef
define Package/hostapd-openssl
$(call Package/hostapd/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=full-openssl
DEPENDS+=+libopenssl
endef
Package/hostapd-openssl/description = $(Package/hostapd/description)
define Package/hostapd-wolfssl
$(call Package/hostapd/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=full-wolfssl
DEPENDS+=+libwolfssl
endef
Package/hostapd-wolfssl/description = $(Package/hostapd/description)
define Package/hostapd-basic
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK, 11r, 11w)
VARIANT:=basic
endef
define Package/hostapd-basic/description
This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/hostapd-basic-openssl
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK, 11r and 11w)
VARIANT:=basic-openssl
DEPENDS+=+libopenssl
endef
define Package/hostapd-basic-openssl/description
This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/hostapd-basic-wolfssl
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK, 11r and 11w)
VARIANT:=basic-wolfssl
DEPENDS+=+libwolfssl
endef
define Package/hostapd-basic-wolfssl/description
This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/hostapd-mini
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK only)
VARIANT:=mini
endef
define Package/hostapd-mini/description
This package contains a minimal IEEE 802.1x/WPA Authenticator (WPA-PSK only).
endef
define Package/wpad/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
TITLE:=IEEE 802.1x Auth/Supplicant
DEPENDS:=$(DRV_DEPENDS) +hostapd-common +libubus
USERID:=network=101:network=101
URL:=http://hostap.epitest.fi/
PROVIDES:=hostapd wpa-supplicant
CONFLICTS:=$(HOSTAPD_PROVIDERS) $(SUPPLICANT_PROVIDERS)
HOSTAPD_PROVIDERS+=$(1)
SUPPLICANT_PROVIDERS+=$(1)
endef
define Package/wpad
$(call Package/wpad/Default,$(1))
TITLE+= (built-in full)
VARIANT:=wpad-full-internal
endef
define Package/wpad/description
This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
Authenticator and Supplicant
endef
define Package/wpad-openssl
$(call Package/wpad/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=wpad-full-openssl
DEPENDS+=+libopenssl
endef
Package/wpad-openssl/description = $(Package/wpad/description)
define Package/wpad-wolfssl
$(call Package/wpad/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=wpad-full-wolfssl
DEPENDS+=+libwolfssl
endef
Package/wpad-wolfssl/description = $(Package/wpad/description)
define Package/wpad-basic
$(call Package/wpad/Default,$(1))
TITLE+= (WPA-PSK, 11r, 11w)
VARIANT:=wpad-basic
endef
define Package/wpad-basic/description
This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/wpad-basic-openssl
$(call Package/wpad/Default,$(1))
TITLE+= (OpenSSL, 11r, 11w)
VARIANT:=wpad-basic-openssl
DEPENDS+=+libopenssl
endef
define Package/wpad-basic-openssl/description
This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
endef
define Package/wpad-basic-wolfssl
$(call Package/wpad/Default,$(1))
TITLE+= (wolfSSL, 11r, 11w)
VARIANT:=wpad-basic-wolfssl
DEPENDS+=+libwolfssl
endef
define Package/wpad-basic-wolfssl/description
This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
endef
define Package/wpad-mini
$(call Package/wpad/Default,$(1))
TITLE+= (WPA-PSK only)
VARIANT:=wpad-mini
endef
define Package/wpad-mini/description
This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (WPA-PSK only).
endef
define Package/wpad-mesh
$(call Package/wpad/Default,$(1))
DEPENDS+=@PACKAGE_kmod-cfg80211 @(!TARGET_uml||BROKEN)
PROVIDES+=wpa-supplicant-mesh wpad-mesh
endef
define Package/wpad-mesh/description
This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
endef
define Package/wpad-mesh-openssl
$(call Package/wpad-mesh,$(1))
TITLE+= (OpenSSL, 11s, SAE)
DEPENDS+=+libopenssl
VARIANT:=wpad-mesh-openssl
endef
Package/wpad-mesh-openssl/description = $(Package/wpad-mesh/description)
define Package/wpad-mesh-wolfssl
$(call Package/wpad-mesh,$(1))
TITLE+= (wolfSSL, 11s, SAE)
DEPENDS+=+libwolfssl
VARIANT:=wpad-mesh-wolfssl
endef
Package/wpad-mesh-wolfssl/description = $(Package/wpad-mesh/description)
define Package/wpa-supplicant/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
TITLE:=WPA Supplicant
URL:=http://hostap.epitest.fi/wpa_supplicant/
DEPENDS:=$(DRV_DEPENDS) +hostapd-common +libubus
USERID:=network=101:network=101
PROVIDES:=wpa-supplicant
CONFLICTS:=$(SUPPLICANT_PROVIDERS)
SUPPLICANT_PROVIDERS+=$(1)
endef
define Package/wpa-supplicant
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (built-in full)
VARIANT:=supplicant-full-internal
endef
define Package/wpa-supplicant-openssl
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=supplicant-full-openssl
DEPENDS+=+libopenssl
endef
define Package/wpa-supplicant-wolfssl
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=supplicant-full-wolfssl
DEPENDS+=+libwolfssl
endef
define Package/wpa-supplicant/config
source "$(SOURCE)/Config.in"
endef
define Package/wpa-supplicant-p2p
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (Wi-Fi P2P support)
DEPENDS+=@PACKAGE_kmod-cfg80211
VARIANT:=supplicant-p2p-internal
endef
define Package/wpa-supplicant-mesh/Default
$(call Package/wpa-supplicant/Default,$(1))
DEPENDS+=@PACKAGE_kmod-cfg80211 @(!TARGET_uml||BROKEN)
PROVIDES+=wpa-supplicant-mesh
endef
define Package/wpa-supplicant-mesh-openssl
$(call Package/wpa-supplicant-mesh/Default,$(1))
TITLE+= (OpenSSL, 11s, SAE)
VARIANT:=supplicant-mesh-openssl
DEPENDS+=+libopenssl
endef
define Package/wpa-supplicant-mesh-wolfssl
$(call Package/wpa-supplicant-mesh/Default,$(1))
TITLE+= (wolfSSL, 11s, SAE)
VARIANT:=supplicant-mesh-wolfssl
DEPENDS+=+libwolfssl
endef
define Package/wpa-supplicant-basic
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (11r, 11w)
VARIANT:=supplicant-basic
endef
define Package/wpa-supplicant-mini
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (minimal)
VARIANT:=supplicant-mini
endef
define Package/hostapd-common
TITLE:=hostapd/wpa_supplicant common support files
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
endef
define Package/hostapd-utils
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
TITLE:=IEEE 802.1x Authenticator (utils)
URL:=http://hostap.epitest.fi/
DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(HOSTAPD_PROVIDERS),PACKAGE_$(pkg)))
endef
define Package/hostapd-utils/description
This package contains a command line utility to control the
IEEE 802.1x/WPA/EAP/RADIUS Authenticator.
endef
define Package/wpa-cli
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(SUPPLICANT_PROVIDERS),PACKAGE_$(pkg)))
TITLE:=WPA Supplicant command line control utility
endef
define Package/eapol-test/Default
TITLE:=802.1x auth test utility
SECTION:=net
SUBMENU:=WirelessAPD
CATEGORY:=Network
DEPENDS:=$(DRV_DEPENDS) +libubus
endef
define Package/eapol-test
$(call Package/eapol-test/Default,$(1))
TITLE+= (built-in full)
VARIANT:=supplicant-full-internal
endef
define Package/eapol-test-openssl
$(call Package/eapol-test/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=supplicant-full-openssl
CONFLICTS:=$(filter-out eapol-test-openssl ,$(EAPOL_TEST_PROVIDERS))
DEPENDS+=+libopenssl
PROVIDES:=eapol-test
endef
define Package/eapol-test-wolfssl
$(call Package/eapol-test/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=supplicant-full-wolfssl
CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-wolfssl ,$(EAPOL_TEST_PROVIDERS)))
DEPENDS+=+libwolfssl
PROVIDES:=eapol-test
endef
ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
define Build/Configure/rebuild
$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.a | $(XARGS) rm -f
rm -f $(PKG_BUILD_DIR)/hostapd/hostapd
rm -f $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant
rm -f $(PKG_BUILD_DIR)/.config_*
touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
endef
endif
define Build/Configure
$(Build/Configure/rebuild)
$(if $(wildcard ./files/hostapd-$(CONFIG_VARIANT).config), \
$(CP) ./files/hostapd-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \
)
$(if $(wildcard ./files/wpa_supplicant-$(CONFIG_VARIANT).config), \
$(CP) ./files/wpa_supplicant-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config
)
endef
TARGET_CPPFLAGS := \
-I$(STAGING_DIR)/usr/include/libnl-tiny \
-I$(PKG_BUILD_DIR)/src/crypto \
$(TARGET_CPPFLAGS) \
-DCONFIG_LIBNL20 \
-D_GNU_SOURCE \
$(if $(CONFIG_WPA_MSG_MIN_PRIORITY),-DCONFIG_MSG_MIN_PRIORITY=$(CONFIG_WPA_MSG_MIN_PRIORITY))
TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver -fuse-linker-plugin -lubox -lubus
ifdef CONFIG_PACKAGE_kmod-cfg80211
TARGET_LDFLAGS += -lm -lnl-tiny
endif
ifdef CONFIG_WPA_ENABLE_WEP
DRIVER_MAKEOPTS += CONFIG_WEP=y
endif
define Build/RunMake
CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(1) \
$(TARGET_CONFIGURE_OPTS) \
$(DRIVER_MAKEOPTS) \
LIBS="$(TARGET_LDFLAGS)" \
LIBS_c="$(TARGET_LDFLAGS_C)" \
AR="$(TARGET_CROSS)gcc-ar" \
BCHECK= \
$(if $(findstring s,$(OPENWRT_VERBOSE)),V=1) \
$(2)
endef
define Build/Compile/wpad
echo ` \
$(call Build/RunMake,hostapd,-s MULTICALL=1 dump_cflags); \
$(call Build/RunMake,wpa_supplicant,-s MULTICALL=1 dump_cflags) | \
sed -e 's,-n ,,g' -e 's^$(TARGET_CFLAGS)^^' \
` > $(PKG_BUILD_DIR)/.cflags
sed -i 's/"/\\"/g' $(PKG_BUILD_DIR)/.cflags
+$(call Build/RunMake,hostapd, \
CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
MULTICALL=1 \
hostapd_cli hostapd_multi.a \
)
+$(call Build/RunMake,wpa_supplicant, \
CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
MULTICALL=1 \
wpa_cli wpa_supplicant_multi.a \
)
+export MAKEFLAGS="$(MAKE_JOBSERVER)"; $(TARGET_CC) -o $(PKG_BUILD_DIR)/wpad \
$(TARGET_CFLAGS) \
./files/multicall.c \
$(PKG_BUILD_DIR)/hostapd/hostapd_multi.a \
$(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant_multi.a \
$(TARGET_LDFLAGS)
endef
define Build/Compile/hostapd
+$(call Build/RunMake,hostapd, \
hostapd hostapd_cli \
)
endef
define Build/Compile/supplicant
+$(call Build/RunMake,wpa_supplicant, \
wpa_cli wpa_supplicant \
)
endef
define Build/Compile/supplicant-full-internal
+$(call Build/RunMake,wpa_supplicant, \
eapol_test \
)
endef
define Build/Compile/supplicant-full-openssl
+$(call Build/RunMake,wpa_supplicant, \
eapol_test \
)
endef
define Build/Compile/supplicant-full-wolfssl
+$(call Build/RunMake,wpa_supplicant, \
eapol_test \
)
endef
define Build/Compile
$(Build/Compile/$(LOCAL_TYPE))
$(Build/Compile/$(BUILD_VARIANT))
endef
define Install/hostapd
$(INSTALL_DIR) $(1)/usr/sbin
endef
define Install/supplicant
$(INSTALL_DIR) $(1)/usr/sbin
endef
define Package/hostapd-common/install
$(INSTALL_DIR) $(1)/etc/capabilities $(1)/etc/rc.button $(1)/etc/hotplug.d/ieee80211 $(1)/etc/init.d $(1)/lib/netifd $(1)/usr/share/acl.d
$(INSTALL_DATA) ./files/hostapd.sh $(1)/lib/netifd/hostapd.sh
$(INSTALL_BIN) ./files/wpad.init $(1)/etc/init.d/wpad
$(INSTALL_BIN) ./files/wps-hotplug.sh $(1)/etc/rc.button/wps
$(INSTALL_DATA) ./files/wpad_acl.json $(1)/usr/share/acl.d
$(INSTALL_DATA) ./files/wpad.json $(1)/etc/capabilities
endef
define Package/hostapd/install
$(call Install/hostapd,$(1))
$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd $(1)/usr/sbin/
endef
Package/hostapd-basic/install = $(Package/hostapd/install)
Package/hostapd-basic-openssl/install = $(Package/hostapd/install)
Package/hostapd-basic-wolfssl/install = $(Package/hostapd/install)
Package/hostapd-mini/install = $(Package/hostapd/install)
Package/hostapd-openssl/install = $(Package/hostapd/install)
Package/hostapd-wolfssl/install = $(Package/hostapd/install)
ifneq ($(LOCAL_TYPE),supplicant)
define Package/hostapd-utils/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd_cli $(1)/usr/sbin/
endef
endif
define Package/wpad/install
$(call Install/hostapd,$(1))
$(call Install/supplicant,$(1))
$(INSTALL_BIN) $(PKG_BUILD_DIR)/wpad $(1)/usr/sbin/
$(LN) wpad $(1)/usr/sbin/hostapd
$(LN) wpad $(1)/usr/sbin/wpa_supplicant
endef
Package/wpad-basic/install = $(Package/wpad/install)
Package/wpad-basic-openssl/install = $(Package/wpad/install)
Package/wpad-basic-wolfssl/install = $(Package/wpad/install)
Package/wpad-mini/install = $(Package/wpad/install)
Package/wpad-openssl/install = $(Package/wpad/install)
Package/wpad-wolfssl/install = $(Package/wpad/install)
Package/wpad-mesh-openssl/install = $(Package/wpad/install)
Package/wpad-mesh-wolfssl/install = $(Package/wpad/install)
define Package/wpa-supplicant/install
$(call Install/supplicant,$(1))
$(INSTALL_BIN) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant $(1)/usr/sbin/
endef
Package/wpa-supplicant-basic/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mini/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-p2p/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-openssl/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-wolfssl/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mesh-openssl/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mesh-wolfssl/install = $(Package/wpa-supplicant/install)
ifneq ($(LOCAL_TYPE),hostapd)
define Package/wpa-cli/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_cli $(1)/usr/sbin/
endef
endif
ifeq ($(BUILD_VARIANT),supplicant-full-internal)
define Package/eapol-test/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
endef
endif
ifeq ($(BUILD_VARIANT),supplicant-full-openssl)
define Package/eapol-test-openssl/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
endef
endif
ifeq ($(BUILD_VARIANT),supplicant-full-wolfssl)
define Package/eapol-test-wolfssl/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
endef
endif
$(eval $(call BuildPackage,hostapd))
$(eval $(call BuildPackage,hostapd-basic))
$(eval $(call BuildPackage,hostapd-basic-openssl))
$(eval $(call BuildPackage,hostapd-basic-wolfssl))
$(eval $(call BuildPackage,hostapd-mini))
$(eval $(call BuildPackage,hostapd-openssl))
$(eval $(call BuildPackage,hostapd-wolfssl))
$(eval $(call BuildPackage,wpad))
$(eval $(call BuildPackage,wpad-mesh-openssl))
$(eval $(call BuildPackage,wpad-mesh-wolfssl))
$(eval $(call BuildPackage,wpad-basic))
$(eval $(call BuildPackage,wpad-basic-openssl))
$(eval $(call BuildPackage,wpad-basic-wolfssl))
$(eval $(call BuildPackage,wpad-mini))
$(eval $(call BuildPackage,wpad-openssl))
$(eval $(call BuildPackage,wpad-wolfssl))
$(eval $(call BuildPackage,wpa-supplicant))
$(eval $(call BuildPackage,wpa-supplicant-mesh-openssl))
$(eval $(call BuildPackage,wpa-supplicant-mesh-wolfssl))
$(eval $(call BuildPackage,wpa-supplicant-basic))
$(eval $(call BuildPackage,wpa-supplicant-mini))
$(eval $(call BuildPackage,wpa-supplicant-p2p))
$(eval $(call BuildPackage,wpa-supplicant-openssl))
$(eval $(call BuildPackage,wpa-supplicant-wolfssl))
$(eval $(call BuildPackage,wpa-cli))
$(eval $(call BuildPackage,hostapd-utils))
$(eval $(call BuildPackage,hostapd-common))
$(eval $(call BuildPackage,eapol-test))
$(eval $(call BuildPackage,eapol-test-openssl))
$(eval $(call BuildPackage,eapol-test-wolfssl))

404
package/network/services/hostapd/files/hostapd-basic.config Normal file
View File

@@ -0,0 +1,404 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
#CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
#CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
#CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
#CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
#CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
#CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
#CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
#CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
#CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
#CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
CONFIG_AIRTIME_POLICY=y
# Proxy ARP support
#CONFIG_PROXYARP=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
#CONFIG_CTRL_IFACE_MIB=y

404
package/network/services/hostapd/files/hostapd-full.config Normal file
View File

@@ -0,0 +1,404 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
#CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
#CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
#CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
CONFIG_AIRTIME_POLICY=y
# Proxy ARP support
CONFIG_PROXYARP=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
CONFIG_CTRL_IFACE_MIB=y

404
package/network/services/hostapd/files/hostapd-mini.config Normal file
View File

@@ -0,0 +1,404 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
#CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
#CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
#CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
#CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
#CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
#CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
#CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
#CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
#CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
#CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
#CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
#CONFIG_AIRTIME_POLICY=y
# Proxy ARP support
#CONFIG_PROXYARP=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
#CONFIG_CTRL_IFACE_MIB=y

1517
package/network/services/hostapd/files/hostapd.sh Normal file
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More