1 /*
2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that: (1) source code
4 * distributions retain the above copyright notice and this paragraph
5 * in its entirety, and (2) distributions including binary code include
6 * the above copyright notice and this paragraph in its entirety in
7 * the documentation or other materials provided with the distribution.
8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE.
12 *
13 * Functions for signature and digest verification.
14 *
15 * Original code by Hannes Gredler (hannes@gredler.at)
16 */
17
18 #ifdef HAVE_CONFIG_H
19 #include <config.h>
20 #endif
21
22 #include "netdissect-stdinc.h"
23
24 #include <string.h>
25 #include <stdlib.h>
26
27 #include "netdissect.h"
28 #include "signature.h"
29 #include "diag-control.h"
30
31 #ifdef HAVE_LIBCRYPTO
32 #include <openssl/md5.h>
33 #endif
34
35 const struct tok signature_check_values[] = {
36 { SIGNATURE_VALID, "valid"},
37 { SIGNATURE_INVALID, "invalid"},
38 { CANT_ALLOCATE_COPY, "can't allocate memory"},
39 { CANT_CHECK_SIGNATURE, "unchecked"},
40 { 0, NULL }
41 };
42
43
44 #ifdef HAVE_LIBCRYPTO
45 /*
46 * Compute a HMAC MD5 sum.
47 * Taken from rfc2104, Appendix.
48 */
49 DIAG_OFF_DEPRECATION
50 static void
signature_compute_hmac_md5(const uint8_t * text,int text_len,unsigned char * key,unsigned int key_len,uint8_t * digest)51 signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key,
52 unsigned int key_len, uint8_t *digest)
53 {
54 MD5_CTX context;
55 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
56 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
57 unsigned char tk[16];
58 int i;
59
60 /* if key is longer than 64 bytes reset it to key=MD5(key) */
61 if (key_len > 64) {
62
63 MD5_CTX tctx;
64
65 MD5_Init(&tctx);
66 MD5_Update(&tctx, key, key_len);
67 MD5_Final(tk, &tctx);
68
69 key = tk;
70 key_len = 16;
71 }
72
73 /*
74 * the HMAC_MD5 transform looks like:
75 *
76 * MD5(K XOR opad, MD5(K XOR ipad, text))
77 *
78 * where K is an n byte key
79 * ipad is the byte 0x36 repeated 64 times
80 * opad is the byte 0x5c repeated 64 times
81 * and text is the data being protected
82 */
83
84 /* start out by storing key in pads */
85 memset(k_ipad, 0, sizeof(k_ipad));
86 memset(k_opad, 0, sizeof(k_opad));
87 memcpy(k_ipad, key, key_len);
88 memcpy(k_opad, key, key_len);
89
90 /* XOR key with ipad and opad values */
91 for (i=0; i<64; i++) {
92 k_ipad[i] ^= 0x36;
93 k_opad[i] ^= 0x5c;
94 }
95
96 /*
97 * perform inner MD5
98 */
99 MD5_Init(&context); /* init context for 1st pass */
100 MD5_Update(&context, k_ipad, 64); /* start with inner pad */
101 MD5_Update(&context, text, text_len); /* then text of datagram */
102 MD5_Final(digest, &context); /* finish up 1st pass */
103
104 /*
105 * perform outer MD5
106 */
107 MD5_Init(&context); /* init context for 2nd pass */
108 MD5_Update(&context, k_opad, 64); /* start with outer pad */
109 MD5_Update(&context, digest, 16); /* then results of 1st hash */
110 MD5_Final(digest, &context); /* finish up 2nd pass */
111 }
112 DIAG_ON_DEPRECATION
113
114 /*
115 * Verify a cryptographic signature of the packet.
116 * Currently only MD5 is supported.
117 */
118 int
signature_verify(netdissect_options * ndo,const u_char * pptr,u_int plen,const u_char * sig_ptr,void (* clear_rtn)(void *),const void * clear_arg)119 signature_verify(netdissect_options *ndo, const u_char *pptr, u_int plen,
120 const u_char *sig_ptr, void (*clear_rtn)(void *),
121 const void *clear_arg)
122 {
123 uint8_t *packet_copy, *sig_copy;
124 uint8_t sig[16];
125 unsigned int i;
126
127 if (!ndo->ndo_sigsecret) {
128 return (CANT_CHECK_SIGNATURE);
129 }
130
131 /*
132 * Do we have all the packet data to be checked?
133 */
134 if (!ND_TTEST_LEN(pptr, plen)) {
135 /* No. */
136 return (CANT_CHECK_SIGNATURE);
137 }
138
139 /*
140 * Do we have the entire signature to check?
141 */
142 if (!ND_TTEST_LEN(sig_ptr, sizeof(sig))) {
143 /* No. */
144 return (CANT_CHECK_SIGNATURE);
145 }
146 if (sig_ptr + sizeof(sig) > pptr + plen) {
147 /* No. */
148 return (CANT_CHECK_SIGNATURE);
149 }
150
151 /*
152 * Make a copy of the packet, so we don't overwrite the original.
153 */
154 packet_copy = malloc(plen);
155 if (packet_copy == NULL) {
156 return (CANT_ALLOCATE_COPY);
157 }
158
159 memcpy(packet_copy, pptr, plen);
160
161 /*
162 * Clear the signature in the copy.
163 */
164 sig_copy = packet_copy + (sig_ptr - pptr);
165 memset(sig_copy, 0, sizeof(sig));
166
167 /*
168 * Clear anything else that needs to be cleared in the copy.
169 * Our caller is assumed to have vetted the clear_arg pointer.
170 */
171 (*clear_rtn)((void *)(packet_copy + ((const uint8_t *)clear_arg - pptr)));
172
173 /*
174 * Compute the signature.
175 */
176 signature_compute_hmac_md5(packet_copy, plen,
177 (unsigned char *)ndo->ndo_sigsecret,
178 strlen(ndo->ndo_sigsecret), sig);
179
180 /*
181 * Free the copy.
182 */
183 free(packet_copy);
184
185 /*
186 * Does the computed signature match the signature in the packet?
187 */
188 if (memcmp(sig_ptr, sig, sizeof(sig)) == 0) {
189 /* Yes. */
190 return (SIGNATURE_VALID);
191 } else {
192 /* No - print the computed signature. */
193 for (i = 0; i < sizeof(sig); ++i) {
194 ND_PRINT("%02x", sig[i]);
195 }
196
197 return (SIGNATURE_INVALID);
198 }
199 }
200 #else
201 int
signature_verify(netdissect_options * ndo _U_,const u_char * pptr _U_,u_int plen _U_,const u_char * sig_ptr _U_,void (* clear_rtn)(void *)_U_,const void * clear_arg _U_)202 signature_verify(netdissect_options *ndo _U_, const u_char *pptr _U_,
203 u_int plen _U_, const u_char *sig_ptr _U_,
204 void (*clear_rtn)(void *) _U_, const void *clear_arg _U_)
205 {
206 return (CANT_CHECK_SIGNATURE);
207 }
208 #endif
209