Home | History | Annotate | Download | only in tcpdump
      1 /*
      2  * Redistribution and use in source and binary forms, with or without
      3  * modification, are permitted provided that: (1) source code
      4  * distributions retain the above copyright notice and this paragraph
      5  * in its entirety, and (2) distributions including binary code include
      6  * the above copyright notice and this paragraph in its entirety in
      7  * the documentation or other materials provided with the distribution.
      8  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
      9  * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
     10  * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
     11  * FOR A PARTICULAR PURPOSE.
     12  *
     13  * Functions for signature and digest verification.
     14  *
     15  * Original code by Hannes Gredler (hannes (at) juniper.net)
     16  */
     17 
     18 #define NETDISSECT_REWORKED
     19 #ifdef HAVE_CONFIG_H
     20 #include "config.h"
     21 #endif
     22 
     23 #include <tcpdump-stdinc.h>
     24 
     25 #include <string.h>
     26 
     27 #include "interface.h"
     28 #include "signature.h"
     29 
     30 #ifdef HAVE_LIBCRYPTO
     31 #include <openssl/md5.h>
     32 #endif
     33 
     34 const struct tok signature_check_values[] = {
     35     { SIGNATURE_VALID, "valid"},
     36     { SIGNATURE_INVALID, "invalid"},
     37     { CANT_CHECK_SIGNATURE, "unchecked"},
     38     { 0, NULL }
     39 };
     40 
     41 
     42 #ifdef HAVE_LIBCRYPTO
     43 /*
     44  * Compute a HMAC MD5 sum.
     45  * Taken from rfc2104, Appendix.
     46  */
     47 USES_APPLE_DEPRECATED_API
     48 static void
     49 signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key,
     50                            unsigned int key_len, uint8_t *digest)
     51 {
     52     MD5_CTX context;
     53     unsigned char k_ipad[65];    /* inner padding - key XORd with ipad */
     54     unsigned char k_opad[65];    /* outer padding - key XORd with opad */
     55     unsigned char tk[16];
     56     int i;
     57 
     58     /* if key is longer than 64 bytes reset it to key=MD5(key) */
     59     if (key_len > 64) {
     60 
     61         MD5_CTX tctx;
     62 
     63         MD5_Init(&tctx);
     64         MD5_Update(&tctx, key, key_len);
     65         MD5_Final(tk, &tctx);
     66 
     67         key = tk;
     68         key_len = 16;
     69     }
     70 
     71     /*
     72      * the HMAC_MD5 transform looks like:
     73      *
     74      * MD5(K XOR opad, MD5(K XOR ipad, text))
     75      *
     76      * where K is an n byte key
     77      * ipad is the byte 0x36 repeated 64 times
     78      * opad is the byte 0x5c repeated 64 times
     79      * and text is the data being protected
     80      */
     81 
     82     /* start out by storing key in pads */
     83     memset(k_ipad, 0, sizeof k_ipad);
     84     memset(k_opad, 0, sizeof k_opad);
     85     memcpy(k_ipad, key, key_len);
     86     memcpy(k_opad, key, key_len);
     87 
     88     /* XOR key with ipad and opad values */
     89     for (i=0; i<64; i++) {
     90         k_ipad[i] ^= 0x36;
     91         k_opad[i] ^= 0x5c;
     92     }
     93 
     94     /*
     95      * perform inner MD5
     96      */
     97     MD5_Init(&context);                   /* init context for 1st pass */
     98     MD5_Update(&context, k_ipad, 64);     /* start with inner pad */
     99     MD5_Update(&context, text, text_len); /* then text of datagram */
    100     MD5_Final(digest, &context);          /* finish up 1st pass */
    101 
    102     /*
    103      * perform outer MD5
    104      */
    105     MD5_Init(&context);                   /* init context for 2nd pass */
    106     MD5_Update(&context, k_opad, 64);     /* start with outer pad */
    107     MD5_Update(&context, digest, 16);     /* then results of 1st hash */
    108     MD5_Final(digest, &context);          /* finish up 2nd pass */
    109 }
    110 USES_APPLE_RST
    111 #endif
    112 
    113 #ifdef HAVE_LIBCRYPTO
    114 /*
    115  * Verify a cryptographic signature of the packet.
    116  * Currently only MD5 is supported.
    117  */
    118 int
    119 signature_verify(netdissect_options *ndo,
    120                  const u_char *pptr, u_int plen, u_char *sig_ptr)
    121 {
    122     uint8_t rcvsig[16];
    123     uint8_t sig[16];
    124     unsigned int i;
    125 
    126     /*
    127      * Save the signature before clearing it.
    128      */
    129     memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
    130     memset(sig_ptr, 0, sizeof(rcvsig));
    131 
    132     if (!ndo->ndo_sigsecret) {
    133         return (CANT_CHECK_SIGNATURE);
    134     }
    135 
    136     signature_compute_hmac_md5(pptr, plen, (unsigned char *)ndo->ndo_sigsecret,
    137                                strlen(ndo->ndo_sigsecret), sig);
    138 
    139     if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
    140         return (SIGNATURE_VALID);
    141 
    142     } else {
    143 
    144         for (i = 0; i < sizeof(sig); ++i) {
    145             ND_PRINT((ndo, "%02x", sig[i]));
    146         }
    147 
    148         return (SIGNATURE_INVALID);
    149     }
    150 }
    151 #endif
    152 
    153 /*
    154  * Local Variables:
    155  * c-style: whitesmith
    156  * c-basic-offset: 4
    157  * End:
    158  */
    159