1 /* 2 * Redistribution and use in source and binary forms, with or without 3 * modification, are permitted provided that: (1) source code 4 * distributions retain the above copyright notice and this paragraph 5 * in its entirety, and (2) distributions including binary code include 6 * the above copyright notice and this paragraph in its entirety in 7 * the documentation or other materials provided with the distribution. 8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 11 * FOR A PARTICULAR PURPOSE. 12 * 13 * Functions for signature and digest verification. 14 * 15 * Original code by Hannes Gredler (hannes@gredler.at) 16 */ 17 18 #ifdef HAVE_CONFIG_H 19 #include "config.h" 20 #endif 21 22 #include <netdissect-stdinc.h> 23 24 #include <string.h> 25 #include <stdlib.h> 26 27 #include "netdissect.h" 28 #include "signature.h" 29 30 #ifdef HAVE_LIBCRYPTO 31 #include <openssl/md5.h> 32 #endif 33 34 const struct tok signature_check_values[] = { 35 { SIGNATURE_VALID, "valid"}, 36 { SIGNATURE_INVALID, "invalid"}, 37 { CANT_ALLOCATE_COPY, "can't allocate memory"}, 38 { CANT_CHECK_SIGNATURE, "unchecked"}, 39 { 0, NULL } 40 }; 41 42 43 #ifdef HAVE_LIBCRYPTO 44 /* 45 * Compute a HMAC MD5 sum. 46 * Taken from rfc2104, Appendix. 47 */ 48 USES_APPLE_DEPRECATED_API 49 static void 50 signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key, 51 unsigned int key_len, uint8_t *digest) 52 { 53 MD5_CTX context; 54 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */ 55 unsigned char k_opad[65]; /* outer padding - key XORd with opad */ 56 unsigned char tk[16]; 57 int i; 58 59 /* if key is longer than 64 bytes reset it to key=MD5(key) */ 60 if (key_len > 64) { 61 62 MD5_CTX tctx; 63 64 MD5_Init(&tctx); 65 MD5_Update(&tctx, key, key_len); 66 MD5_Final(tk, &tctx); 67 68 key = tk; 69 key_len = 16; 70 } 71 72 /* 73 * the HMAC_MD5 transform looks like: 74 * 75 * MD5(K XOR opad, MD5(K XOR ipad, text)) 76 * 77 * where K is an n byte key 78 * ipad is the byte 0x36 repeated 64 times 79 * opad is the byte 0x5c repeated 64 times 80 * and text is the data being protected 81 */ 82 83 /* start out by storing key in pads */ 84 memset(k_ipad, 0, sizeof k_ipad); 85 memset(k_opad, 0, sizeof k_opad); 86 memcpy(k_ipad, key, key_len); 87 memcpy(k_opad, key, key_len); 88 89 /* XOR key with ipad and opad values */ 90 for (i=0; i<64; i++) { 91 k_ipad[i] ^= 0x36; 92 k_opad[i] ^= 0x5c; 93 } 94 95 /* 96 * perform inner MD5 97 */ 98 MD5_Init(&context); /* init context for 1st pass */ 99 MD5_Update(&context, k_ipad, 64); /* start with inner pad */ 100 MD5_Update(&context, text, text_len); /* then text of datagram */ 101 MD5_Final(digest, &context); /* finish up 1st pass */ 102 103 /* 104 * perform outer MD5 105 */ 106 MD5_Init(&context); /* init context for 2nd pass */ 107 MD5_Update(&context, k_opad, 64); /* start with outer pad */ 108 MD5_Update(&context, digest, 16); /* then results of 1st hash */ 109 MD5_Final(digest, &context); /* finish up 2nd pass */ 110 } 111 USES_APPLE_RST 112 113 /* 114 * Verify a cryptographic signature of the packet. 115 * Currently only MD5 is supported. 116 */ 117 int 118 signature_verify(netdissect_options *ndo, const u_char *pptr, u_int plen, 119 const u_char *sig_ptr, void (*clear_rtn)(void *), 120 const void *clear_arg) 121 { 122 uint8_t *packet_copy, *sig_copy; 123 uint8_t sig[16]; 124 unsigned int i; 125 126 if (!ndo->ndo_sigsecret) { 127 return (CANT_CHECK_SIGNATURE); 128 } 129 130 /* 131 * Do we have all the packet data to be checked? 132 */ 133 if (!ND_TTEST2(*pptr, plen)) { 134 /* No. */ 135 return (CANT_CHECK_SIGNATURE); 136 } 137 138 /* 139 * Do we have the entire signature to check? 140 */ 141 if (!ND_TTEST2(*sig_ptr, sizeof(sig))) { 142 /* No. */ 143 return (CANT_CHECK_SIGNATURE); 144 } 145 if (sig_ptr + sizeof(sig) > pptr + plen) { 146 /* No. */ 147 return (CANT_CHECK_SIGNATURE); 148 } 149 150 /* 151 * Make a copy of the packet, so we don't overwrite the original. 152 */ 153 packet_copy = malloc(plen); 154 if (packet_copy == NULL) { 155 return (CANT_ALLOCATE_COPY); 156 } 157 158 memcpy(packet_copy, pptr, plen); 159 160 /* 161 * Clear the signature in the copy. 162 */ 163 sig_copy = packet_copy + (sig_ptr - pptr); 164 memset(sig_copy, 0, sizeof(sig)); 165 166 /* 167 * Clear anything else that needs to be cleared in the copy. 168 * Our caller is assumed to have vetted the clear_arg pointer. 169 */ 170 (*clear_rtn)((void *)(packet_copy + ((const uint8_t *)clear_arg - pptr))); 171 172 /* 173 * Compute the signature. 174 */ 175 signature_compute_hmac_md5(packet_copy, plen, 176 (unsigned char *)ndo->ndo_sigsecret, 177 strlen(ndo->ndo_sigsecret), sig); 178 179 /* 180 * Free the copy. 181 */ 182 free(packet_copy); 183 184 /* 185 * Does the computed signature match the signature in the packet? 186 */ 187 if (memcmp(sig_ptr, sig, sizeof(sig)) == 0) { 188 /* Yes. */ 189 return (SIGNATURE_VALID); 190 } else { 191 /* No - print the computed signature. */ 192 for (i = 0; i < sizeof(sig); ++i) { 193 ND_PRINT((ndo, "%02x", sig[i])); 194 } 195 196 return (SIGNATURE_INVALID); 197 } 198 } 199 #else 200 int 201 signature_verify(netdissect_options *ndo _U_, const u_char *pptr _U_, 202 u_int plen _U_, const u_char *sig_ptr _U_, 203 void (*clear_rtn)(void *) _U_, const void *clear_arg _U_) 204 { 205 return (CANT_CHECK_SIGNATURE); 206 } 207 #endif 208 209 /* 210 * Local Variables: 211 * c-style: whitesmith 212 * c-basic-offset: 4 213 * End: 214 */ 215