The Tcpdump Group git mirrors - tcpdump/blob - signature.c

   1 /*
   2  * Redistribution and use in source and binary forms, with or without
   3  * modification, are permitted provided that: (1) source code
   4  * distributions retain the above copyright notice and this paragraph
   5  * in its entirety, and (2) distributions including binary code include
   6  * the above copyright notice and this paragraph in its entirety in
   7  * the documentation or other materials provided with the distribution.
   8  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
   9  * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
  10  * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  11  * FOR A PARTICULAR PURPOSE.
  12  *
  13  * Functions for signature and digest verification.
  14  *
  15  * Original code by Hannes Gredler (hannes@juniper.net)
  16  */
  17
  18 #define NETDISSECT_REWORKED
  19 #ifdef HAVE_CONFIG_H
  20 #include "config.h"
  21 #endif
  22
  23 #include <tcpdump-stdinc.h>
  24
  25 #include <string.h>
  26
  27 #include "interface.h"
  28 #include "signature.h"
  29
  30 #ifdef HAVE_LIBCRYPTO
  31 #include <openssl/md5.h>
  32 #endif
  33
  34 const struct tok signature_check_values[] = {
  35     { SIGNATURE_VALID, "valid"},
  36     { SIGNATURE_INVALID, "invalid"},
  37     { CANT_CHECK_SIGNATURE, "unchecked"},
  38     { 0, NULL }
  39 };
  40
  41
  42 #ifdef HAVE_LIBCRYPTO
  43 /*
  44  * Compute a HMAC MD5 sum.
  45  * Taken from rfc2104, Appendix.
  46  */
  47 USES_APPLE_DEPRECATED_API
  48 static void
  49 signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key,
  50                            unsigned int key_len, uint8_t *digest)
  51 {
  52     MD5_CTX context;
  53     unsigned char k_ipad[65];    /* inner padding - key XORd with ipad */
  54     unsigned char k_opad[65];    /* outer padding - key XORd with opad */
  55     unsigned char tk[16];
  56     int i;
  57
  58     /* if key is longer than 64 bytes reset it to key=MD5(key) */
  59     if (key_len > 64) {
  60
  61         MD5_CTX tctx;
  62
  63         MD5_Init(&tctx);
  64         MD5_Update(&tctx, key, key_len);
  65         MD5_Final(tk, &tctx);
  66
  67         key = tk;
  68         key_len = 16;
  69     }
  70
  71     /*
  72      * the HMAC_MD5 transform looks like:
  73      *
  74      * MD5(K XOR opad, MD5(K XOR ipad, text))
  75      *
  76      * where K is an n byte key
  77      * ipad is the byte 0x36 repeated 64 times
  78      * opad is the byte 0x5c repeated 64 times
  79      * and text is the data being protected
  80      */
  81
  82     /* start out by storing key in pads */
  83     memset(k_ipad, 0, sizeof k_ipad);
  84     memset(k_opad, 0, sizeof k_opad);
  85     memcpy(k_ipad, key, key_len);
  86     memcpy(k_opad, key, key_len);
  87
  88     /* XOR key with ipad and opad values */
  89     for (i=0; i<64; i++) {
  90         k_ipad[i] ^= 0x36;
  91         k_opad[i] ^= 0x5c;
  92     }
  93
  94     /*
  95      * perform inner MD5
  96      */
  97     MD5_Init(&context);                   /* init context for 1st pass */
  98     MD5_Update(&context, k_ipad, 64);     /* start with inner pad */
  99     MD5_Update(&context, text, text_len); /* then text of datagram */
 100     MD5_Final(digest, &context);          /* finish up 1st pass */
 101
 102     /*
 103      * perform outer MD5
 104      */
 105     MD5_Init(&context);                   /* init context for 2nd pass */
 106     MD5_Update(&context, k_opad, 64);     /* start with outer pad */
 107     MD5_Update(&context, digest, 16);     /* then results of 1st hash */
 108     MD5_Final(digest, &context);          /* finish up 2nd pass */
 109 }
 110 USES_APPLE_RST
 111 #endif
 112
 113 #ifdef HAVE_LIBCRYPTO
 114 /*
 115  * Verify a cryptographic signature of the packet.
 116  * Currently only MD5 is supported.
 117  */
 118 int
 119 signature_verify(netdissect_options *ndo,
 120                  const u_char *pptr, u_int plen, u_char *sig_ptr)
 121 {
 122     uint8_t rcvsig[16];
 123     uint8_t sig[16];
 124     unsigned int i;
 125
 126     /*
 127      * Save the signature before clearing it.
 128      */
 129     memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
 130     memset(sig_ptr, 0, sizeof(rcvsig));
 131
 132     if (!ndo->ndo_sigsecret) {
 133         return (CANT_CHECK_SIGNATURE);
 134     }
 135
 136     signature_compute_hmac_md5(pptr, plen, (unsigned char *)ndo->ndo_sigsecret,
 137                                strlen(ndo->ndo_sigsecret), sig);
 138
 139     if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
 140         return (SIGNATURE_VALID);
 141
 142     } else {
 143
 144         for (i = 0; i < sizeof(sig); ++i) {
 145             ND_PRINT((ndo, "%02x", sig[i]));
 146         }
 147
 148         return (SIGNATURE_INVALID);
 149     }
 150 }
 151 #endif
 152
 153 /*
 154  * Local Variables:
 155  * c-style: whitesmith
 156  * c-basic-offset: 4
 157  * End:
 158  */