The Tcpdump Group git mirrors - tcpdump/blob - signature.c

   1 /*
   2  * Redistribution and use in source and binary forms, with or without
   3  * modification, are permitted provided that: (1) source code
   4  * distributions retain the above copyright notice and this paragraph
   5  * in its entirety, and (2) distributions including binary code include
   6  * the above copyright notice and this paragraph in its entirety in
   7  * the documentation or other materials provided with the distribution.
   8  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
   9  * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
  10  * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  11  * FOR A PARTICULAR PURPOSE.
  12  *
  13  * Functions for signature and digest verification.
  14  *
  15  * Original code by Hannes Gredler (hannes@juniper.net)
  16  */
  17
  18 #ifdef HAVE_CONFIG_H
  19 #include "config.h"
  20 #endif
  21
  22 #include <tcpdump-stdinc.h>
  23
  24 #include <string.h>
  25
  26 #include "interface.h"
  27 #include "signature.h"
  28
  29 #ifdef HAVE_LIBCRYPTO
  30 #include <openssl/md5.h>
  31 #endif
  32
  33 const struct tok signature_check_values[] = {
  34     { SIGNATURE_VALID, "valid"},
  35     { SIGNATURE_INVALID, "invalid"},
  36     { CANT_CHECK_SIGNATURE, "unchecked"},
  37     { 0, NULL }
  38 };
  39
  40
  41 #ifdef HAVE_LIBCRYPTO
  42 /*
  43  * Compute a HMAC MD5 sum.
  44  * Taken from rfc2104, Appendix.
  45  */
  46 USES_APPLE_DEPRECATED_API
  47 static void
  48 signature_compute_hmac_md5(const u_int8_t *text, int text_len, unsigned char *key,
  49                            unsigned int key_len, u_int8_t *digest)
  50 {
  51     MD5_CTX context;
  52     unsigned char k_ipad[65];    /* inner padding - key XORd with ipad */
  53     unsigned char k_opad[65];    /* outer padding - key XORd with opad */
  54     unsigned char tk[16];
  55     int i;
  56
  57     /* if key is longer than 64 bytes reset it to key=MD5(key) */
  58     if (key_len > 64) {
  59
  60         MD5_CTX tctx;
  61
  62         MD5_Init(&tctx);
  63         MD5_Update(&tctx, key, key_len);
  64         MD5_Final(tk, &tctx);
  65
  66         key = tk;
  67         key_len = 16;
  68     }
  69
  70     /*
  71      * the HMAC_MD5 transform looks like:
  72      *
  73      * MD5(K XOR opad, MD5(K XOR ipad, text))
  74      *
  75      * where K is an n byte key
  76      * ipad is the byte 0x36 repeated 64 times
  77      * opad is the byte 0x5c repeated 64 times
  78      * and text is the data being protected
  79      */
  80
  81     /* start out by storing key in pads */
  82     memset(k_ipad, 0, sizeof k_ipad);
  83     memset(k_opad, 0, sizeof k_opad);
  84     memcpy(k_ipad, key, key_len);
  85     memcpy(k_opad, key, key_len);
  86
  87     /* XOR key with ipad and opad values */
  88     for (i=0; i<64; i++) {
  89         k_ipad[i] ^= 0x36;
  90         k_opad[i] ^= 0x5c;
  91     }
  92
  93     /*
  94      * perform inner MD5
  95      */
  96     MD5_Init(&context);                   /* init context for 1st pass */
  97     MD5_Update(&context, k_ipad, 64);     /* start with inner pad */
  98     MD5_Update(&context, text, text_len); /* then text of datagram */
  99     MD5_Final(digest, &context);          /* finish up 1st pass */
 100
 101     /*
 102      * perform outer MD5
 103      */
 104     MD5_Init(&context);                   /* init context for 2nd pass */
 105     MD5_Update(&context, k_opad, 64);     /* start with outer pad */
 106     MD5_Update(&context, digest, 16);     /* then results of 1st hash */
 107     MD5_Final(digest, &context);          /* finish up 2nd pass */
 108 }
 109 USES_APPLE_RST
 110 #endif
 111
 112 #ifdef HAVE_LIBCRYPTO
 113 /*
 114  * Verify a cryptographic signature of the packet.
 115  * Currently only MD5 is supported.
 116  */
 117 int
 118 signature_verify(netdissect_options *ndo,
 119                  const u_char *pptr, u_int plen, u_char *sig_ptr)
 120 {
 121     u_int8_t rcvsig[16];
 122     u_int8_t sig[16];
 123     unsigned int i;
 124
 125     /*
 126      * Save the signature before clearing it.
 127      */
 128     memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
 129     memset(sig_ptr, 0, sizeof(rcvsig));
 130
 131     if (!sigsecret) {
 132         return (CANT_CHECK_SIGNATURE);
 133     }
 134
 135     signature_compute_hmac_md5(pptr, plen, (unsigned char *)sigsecret,
 136                                strlen(sigsecret), sig);
 137
 138     if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
 139         return (SIGNATURE_VALID);
 140
 141     } else {
 142
 143         for (i = 0; i < sizeof(sig); ++i) {
 144             ND_PRINT((ndo, "%02x", sig[i]));
 145         }
 146
 147         return (SIGNATURE_INVALID);
 148     }
 149 }
 150 #endif
 151
 152 /*
 153  * Local Variables:
 154  * c-style: whitesmith
 155  * c-basic-offset: 4
 156  * End:
 157  */