xref: /minix/external/bsd/tcpdump/dist/signature.c (revision fb9c64b2) 
1 /*
2  * Redistribution and use in source and binary forms, with or without
3  * modification, are permitted provided that: (1) source code
4  * distributions retain the above copyright notice and this paragraph
5  * in its entirety, and (2) distributions including binary code include
6  * the above copyright notice and this paragraph in its entirety in
7  * the documentation or other materials provided with the distribution.
8  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9  * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10  * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11  * FOR A PARTICULAR PURPOSE.
12  *
13  * Functions for signature and digest verification.
14  *
15  * Original code by Hannes Gredler (hannes@juniper.net)
16  */
17 
18 #include <sys/cdefs.h>
19 #ifndef lint
20 __RCSID("$NetBSD: signature.c,v 1.5 2014/11/20 03:05:03 christos Exp $");
21 #endif
22 
23 #define NETDISSECT_REWORKED
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include <tcpdump-stdinc.h>
29 
30 #include <string.h>
31 
32 #include "interface.h"
33 #include "signature.h"
34 
35 #ifdef HAVE_LIBCRYPTO
36 #include <openssl/md5.h>
37 #endif
38 
39 const struct tok signature_check_values[] = {
40     { SIGNATURE_VALID, "valid"},
41     { SIGNATURE_INVALID, "invalid"},
42     { CANT_CHECK_SIGNATURE, "unchecked"},
43     { 0, NULL }
44 };
45 
46 
47 #ifdef HAVE_LIBCRYPTO
48 /*
49  * Compute a HMAC MD5 sum.
50  * Taken from rfc2104, Appendix.
51  */
52 USES_APPLE_DEPRECATED_API
53 static void
54 signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key,
55                            unsigned int key_len, uint8_t *digest)
56 {
57     MD5_CTX context;
58     unsigned char k_ipad[65];    /* inner padding - key XORd with ipad */
59     unsigned char k_opad[65];    /* outer padding - key XORd with opad */
60     unsigned char tk[16];
61     int i;
62 
63     /* if key is longer than 64 bytes reset it to key=MD5(key) */
64     if (key_len > 64) {
65 
66         MD5_CTX tctx;
67 
68         MD5_Init(&tctx);
69         MD5_Update(&tctx, key, key_len);
70         MD5_Final(tk, &tctx);
71 
72         key = tk;
73         key_len = 16;
74     }
75 
76     /*
77      * the HMAC_MD5 transform looks like:
78      *
79      * MD5(K XOR opad, MD5(K XOR ipad, text))
80      *
81      * where K is an n byte key
82      * ipad is the byte 0x36 repeated 64 times
83      * opad is the byte 0x5c repeated 64 times
84      * and text is the data being protected
85      */
86 
87     /* start out by storing key in pads */
88     memset(k_ipad, 0, sizeof k_ipad);
89     memset(k_opad, 0, sizeof k_opad);
90     memcpy(k_ipad, key, key_len);
91     memcpy(k_opad, key, key_len);
92 
93     /* XOR key with ipad and opad values */
94     for (i=0; i<64; i++) {
95         k_ipad[i] ^= 0x36;
96         k_opad[i] ^= 0x5c;
97     }
98 
99     /*
100      * perform inner MD5
101      */
102     MD5_Init(&context);                   /* init context for 1st pass */
103     MD5_Update(&context, k_ipad, 64);     /* start with inner pad */
104     MD5_Update(&context, text, text_len); /* then text of datagram */
105     MD5_Final(digest, &context);          /* finish up 1st pass */
106 
107     /*
108      * perform outer MD5
109      */
110     MD5_Init(&context);                   /* init context for 2nd pass */
111     MD5_Update(&context, k_opad, 64);     /* start with outer pad */
112     MD5_Update(&context, digest, 16);     /* then results of 1st hash */
113     MD5_Final(digest, &context);          /* finish up 2nd pass */
114 }
115 USES_APPLE_RST
116 #endif
117 
118 #ifdef HAVE_LIBCRYPTO
119 /*
120  * Verify a cryptographic signature of the packet.
121  * Currently only MD5 is supported.
122  */
123 int
124 signature_verify(netdissect_options *ndo,
125                  const u_char *pptr, u_int plen, u_char *sig_ptr)
126 {
127     uint8_t rcvsig[16];
128     uint8_t sig[16];
129     unsigned int i;
130 
131     /*
132      * Save the signature before clearing it.
133      */
134     memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
135     memset(sig_ptr, 0, sizeof(rcvsig));
136 
137     if (!ndo->ndo_sigsecret) {
138         return (CANT_CHECK_SIGNATURE);
139     }
140 
141     signature_compute_hmac_md5(pptr, plen, (unsigned char *)ndo->ndo_sigsecret,
142                                strlen(ndo->ndo_sigsecret), sig);
143 
144     if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
145         return (SIGNATURE_VALID);
146 
147     } else {
148 
149         for (i = 0; i < sizeof(sig); ++i) {
150             ND_PRINT((ndo, "%02x", sig[i]));
151         }
152 
153         return (SIGNATURE_INVALID);
154     }
155 }
156 #endif
157 
158 /*
159  * Local Variables:
160  * c-style: whitesmith
161  * c-basic-offset: 4
162  * End:
163  */
164