1 /*
2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that: (1) source code
4 * distributions retain the above copyright notice and this paragraph
5 * in its entirety, and (2) distributions including binary code include
6 * the above copyright notice and this paragraph in its entirety in
7 * the documentation or other materials provided with the distribution.
8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE.
12 *
13 * Functions for signature and digest verification.
14 *
15 * Original code by Hannes Gredler (hannes@juniper.net)
16 */
17
18 #include <sys/cdefs.h>
19 #ifndef lint
20 __RCSID("$NetBSD: signature.c,v 1.5 2014/11/20 03:05:03 christos Exp $");
21 #endif
22
23 #define NETDISSECT_REWORKED
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27
28 #include <tcpdump-stdinc.h>
29
30 #include <string.h>
31
32 #include "interface.h"
33 #include "signature.h"
34
35 #ifdef HAVE_LIBCRYPTO
36 #include <openssl/md5.h>
37 #endif
38
39 const struct tok signature_check_values[] = {
40 { SIGNATURE_VALID, "valid"},
41 { SIGNATURE_INVALID, "invalid"},
42 { CANT_CHECK_SIGNATURE, "unchecked"},
43 { 0, NULL }
44 };
45
46
47 #ifdef HAVE_LIBCRYPTO
48 /*
49 * Compute a HMAC MD5 sum.
50 * Taken from rfc2104, Appendix.
51 */
52 USES_APPLE_DEPRECATED_API
53 static void
signature_compute_hmac_md5(const uint8_t * text,int text_len,unsigned char * key,unsigned int key_len,uint8_t * digest)54 signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key,
55 unsigned int key_len, uint8_t *digest)
56 {
57 MD5_CTX context;
58 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
59 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
60 unsigned char tk[16];
61 int i;
62
63 /* if key is longer than 64 bytes reset it to key=MD5(key) */
64 if (key_len > 64) {
65
66 MD5_CTX tctx;
67
68 MD5_Init(&tctx);
69 MD5_Update(&tctx, key, key_len);
70 MD5_Final(tk, &tctx);
71
72 key = tk;
73 key_len = 16;
74 }
75
76 /*
77 * the HMAC_MD5 transform looks like:
78 *
79 * MD5(K XOR opad, MD5(K XOR ipad, text))
80 *
81 * where K is an n byte key
82 * ipad is the byte 0x36 repeated 64 times
83 * opad is the byte 0x5c repeated 64 times
84 * and text is the data being protected
85 */
86
87 /* start out by storing key in pads */
88 memset(k_ipad, 0, sizeof k_ipad);
89 memset(k_opad, 0, sizeof k_opad);
90 memcpy(k_ipad, key, key_len);
91 memcpy(k_opad, key, key_len);
92
93 /* XOR key with ipad and opad values */
94 for (i=0; i<64; i++) {
95 k_ipad[i] ^= 0x36;
96 k_opad[i] ^= 0x5c;
97 }
98
99 /*
100 * perform inner MD5
101 */
102 MD5_Init(&context); /* init context for 1st pass */
103 MD5_Update(&context, k_ipad, 64); /* start with inner pad */
104 MD5_Update(&context, text, text_len); /* then text of datagram */
105 MD5_Final(digest, &context); /* finish up 1st pass */
106
107 /*
108 * perform outer MD5
109 */
110 MD5_Init(&context); /* init context for 2nd pass */
111 MD5_Update(&context, k_opad, 64); /* start with outer pad */
112 MD5_Update(&context, digest, 16); /* then results of 1st hash */
113 MD5_Final(digest, &context); /* finish up 2nd pass */
114 }
115 USES_APPLE_RST
116 #endif
117
118 #ifdef HAVE_LIBCRYPTO
119 /*
120 * Verify a cryptographic signature of the packet.
121 * Currently only MD5 is supported.
122 */
123 int
signature_verify(netdissect_options * ndo,const u_char * pptr,u_int plen,u_char * sig_ptr)124 signature_verify(netdissect_options *ndo,
125 const u_char *pptr, u_int plen, u_char *sig_ptr)
126 {
127 uint8_t rcvsig[16];
128 uint8_t sig[16];
129 unsigned int i;
130
131 /*
132 * Save the signature before clearing it.
133 */
134 memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
135 memset(sig_ptr, 0, sizeof(rcvsig));
136
137 if (!ndo->ndo_sigsecret) {
138 return (CANT_CHECK_SIGNATURE);
139 }
140
141 signature_compute_hmac_md5(pptr, plen, (unsigned char *)ndo->ndo_sigsecret,
142 strlen(ndo->ndo_sigsecret), sig);
143
144 if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
145 return (SIGNATURE_VALID);
146
147 } else {
148
149 for (i = 0; i < sizeof(sig); ++i) {
150 ND_PRINT((ndo, "%02x", sig[i]));
151 }
152
153 return (SIGNATURE_INVALID);
154 }
155 }
156 #endif
157
158 /*
159 * Local Variables:
160 * c-style: whitesmith
161 * c-basic-offset: 4
162 * End:
163 */
164