Home | History | Annotate | Download | only in tcpdump 
      1 /*
      2  * Redistribution and use in source and binary forms, with or without
      3  * modification, are permitted provided that: (1) source code
      4  * distributions retain the above copyright notice and this paragraph
      5  * in its entirety, and (2) distributions including binary code include
      6  * the above copyright notice and this paragraph in its entirety in
      7  * the documentation or other materials provided with the distribution.
      8  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
      9  * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
     10  * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
     11  * FOR A PARTICULAR PURPOSE.
     12  *
     13  * Functions for signature and digest verification.
     14  *
     15  * Original code by Hannes Gredler (hannes (at) juniper.net)
     16  */
     17 
     18 #ifndef lint
     19 static const char rcsid[] _U_ =
     20     "@(#) $Header: /tcpdump/master/tcpdump/signature.c,v 1.2 2008-09-22 20:22:10 guy Exp $ (LBL)";
     21 #endif
     22 
     23 #ifdef HAVE_CONFIG_H
     24 #include "config.h"
     25 #endif
     26 
     27 #include <tcpdump-stdinc.h>
     28 
     29 #include <string.h>
     30 
     31 #include "interface.h"
     32 #include "signature.h"
     33 
     34 #ifdef HAVE_LIBCRYPTO
     35 #include <openssl/md5.h>
     36 #endif
     37 
     38 const struct tok signature_check_values[] = {
     39     { SIGNATURE_VALID, "valid"},
     40     { SIGNATURE_INVALID, "invalid"},
     41     { CANT_CHECK_SIGNATURE, "unchecked"},
     42     { 0, NULL }
     43 };
     44 
     45 
     46 #ifdef HAVE_LIBCRYPTO
     47 /*
     48  * Compute a HMAC MD5 sum.
     49  * Taken from rfc2104, Appendix.
     50  */
     51 USES_APPLE_DEPRECATED_API
     52 static void
     53 signature_compute_hmac_md5(const u_int8_t *text, int text_len, unsigned char *key,
     54                            unsigned int key_len, u_int8_t *digest)
     55 {
     56     MD5_CTX context;
     57     unsigned char k_ipad[65];    /* inner padding - key XORd with ipad */
     58     unsigned char k_opad[65];    /* outer padding - key XORd with opad */
     59     unsigned char tk[16];
     60     int i;
     61 
     62     /* if key is longer than 64 bytes reset it to key=MD5(key) */
     63     if (key_len > 64) {
     64 
     65         MD5_CTX tctx;
     66 
     67         MD5_Init(&tctx);
     68         MD5_Update(&tctx, key, key_len);
     69         MD5_Final(tk, &tctx);
     70 
     71         key = tk;
     72         key_len = 16;
     73     }
     74 
     75     /*
     76      * the HMAC_MD5 transform looks like:
     77      *
     78      * MD5(K XOR opad, MD5(K XOR ipad, text))
     79      *
     80      * where K is an n byte key
     81      * ipad is the byte 0x36 repeated 64 times
     82      * opad is the byte 0x5c repeated 64 times
     83      * and text is the data being protected
     84      */
     85 
     86     /* start out by storing key in pads */
     87     memset(k_ipad, 0, sizeof k_ipad);
     88     memset(k_opad, 0, sizeof k_opad);
     89     memcpy(k_ipad, key, key_len);
     90     memcpy(k_opad, key, key_len);
     91 
     92     /* XOR key with ipad and opad values */
     93     for (i=0; i<64; i++) {
     94         k_ipad[i] ^= 0x36;
     95         k_opad[i] ^= 0x5c;
     96     }
     97 
     98     /*
     99      * perform inner MD5
    100      */
    101     MD5_Init(&context);                   /* init context for 1st pass */
    102     MD5_Update(&context, k_ipad, 64);     /* start with inner pad */
    103     MD5_Update(&context, text, text_len); /* then text of datagram */
    104     MD5_Final(digest, &context);          /* finish up 1st pass */
    105 
    106     /*
    107      * perform outer MD5
    108      */
    109     MD5_Init(&context);                   /* init context for 2nd pass */
    110     MD5_Update(&context, k_opad, 64);     /* start with outer pad */
    111     MD5_Update(&context, digest, 16);     /* then results of 1st hash */
    112     MD5_Final(digest, &context);          /* finish up 2nd pass */
    113 }
    114 USES_APPLE_RST
    115 #endif
    116 
    117 #ifdef HAVE_LIBCRYPTO
    118 /*
    119  * Verify a cryptographic signature of the packet.
    120  * Currently only MD5 is supported.
    121  */
    122 int
    123 signature_verify (const u_char *pptr, u_int plen, u_char *sig_ptr)
    124 {
    125     u_int8_t rcvsig[16];
    126     u_int8_t sig[16];
    127     unsigned int i;
    128 
    129     /*
    130      * Save the signature before clearing it.
    131      */
    132     memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
    133     memset(sig_ptr, 0, sizeof(rcvsig));
    134 
    135     if (!sigsecret) {
    136         return (CANT_CHECK_SIGNATURE);
    137     }
    138 
    139     signature_compute_hmac_md5(pptr, plen, (unsigned char *)sigsecret,
    140                                strlen(sigsecret), sig);
    141 
    142     if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
    143         return (SIGNATURE_VALID);
    144 
    145     } else {
    146 
    147         for (i = 0; i < sizeof(sig); ++i) {
    148             (void)printf("%02x", sig[i]);
    149         }
    150 
    151         return (SIGNATURE_INVALID);
    152     }
    153 }
    154 #endif
    155 
    156 /*
    157  * Local Variables:
    158  * c-style: whitesmith
    159  * c-basic-offset: 4
    160  * End:
    161  */
    162