1/*
2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that: (1) source code
4 * distributions retain the above copyright notice and this paragraph
5 * in its entirety, and (2) distributions including binary code include
6 * the above copyright notice and this paragraph in its entirety in
7 * the documentation or other materials provided with the distribution.
8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE.
12 *
13 * Functions for signature and digest verification.
14 *
15 * Original code by Hannes Gredler (hannes@juniper.net)
16 */
17
18#ifndef lint
19static const char rcsid[] _U_ =
20    "@(#) $Header: /tcpdump/master/tcpdump/signature.c,v 1.2 2008-09-22 20:22:10 guy Exp $ (LBL)";
21#endif
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include <tcpdump-stdinc.h>
28
29#include <string.h>
30
31#include "interface.h"
32#include "signature.h"
33
34#ifdef HAVE_LIBCRYPTO
35#include <CommonCrypto/CommonDigest.h>
36#endif
37
38const struct tok signature_check_values[] = {
39    { SIGNATURE_VALID, "valid"},
40    { SIGNATURE_INVALID, "invalid"},
41    { CANT_CHECK_SIGNATURE, "unchecked"},
42    { 0, NULL }
43};
44
45
46#ifdef HAVE_LIBCRYPTO
47/*
48 * Compute a HMAC MD5 sum.
49 * Taken from rfc2104, Appendix.
50 */
51static void
52signature_compute_hmac_md5(const u_int8_t *text, int text_len, unsigned char *key,
53                           unsigned int key_len, u_int8_t *digest)
54{
55    CC_MD5_CTX context;
56    unsigned char k_ipad[65];    /* inner padding - key XORd with ipad */
57    unsigned char k_opad[65];    /* outer padding - key XORd with opad */
58    unsigned char tk[16];
59    int i;
60
61    /* if key is longer than 64 bytes reset it to key=MD5(key) */
62    if (key_len > 64) {
63
64        CC_MD5_CTX tctx;
65
66        CC_MD5_Init(&tctx);
67        CC_MD5_Update(&tctx, key, key_len);
68        CC_MD5_Final(tk, &tctx);
69
70        key = tk;
71        key_len = 16;
72    }
73
74    /*
75     * the HMAC_MD5 transform looks like:
76     *
77     * MD5(K XOR opad, MD5(K XOR ipad, text))
78     *
79     * where K is an n byte key
80     * ipad is the byte 0x36 repeated 64 times
81     * opad is the byte 0x5c repeated 64 times
82     * and text is the data being protected
83     */
84
85    /* start out by storing key in pads */
86    memset(k_ipad, 0, sizeof k_ipad);
87    memset(k_opad, 0, sizeof k_opad);
88    memcpy(k_ipad, key, key_len);
89    memcpy(k_opad, key, key_len);
90
91    /* XOR key with ipad and opad values */
92    for (i=0; i<64; i++) {
93        k_ipad[i] ^= 0x36;
94        k_opad[i] ^= 0x5c;
95    }
96
97    /*
98     * perform inner MD5
99     */
100    CC_MD5_Init(&context);                   /* init context for 1st pass */
101    CC_MD5_Update(&context, k_ipad, 64);     /* start with inner pad */
102    CC_MD5_Update(&context, text, text_len); /* then text of datagram */
103    CC_MD5_Final(digest, &context);          /* finish up 1st pass */
104
105    /*
106     * perform outer MD5
107     */
108    CC_MD5_Init(&context);                   /* init context for 2nd pass */
109    CC_MD5_Update(&context, k_opad, 64);     /* start with outer pad */
110    CC_MD5_Update(&context, digest, 16);     /* then results of 1st hash */
111    CC_MD5_Final(digest, &context);          /* finish up 2nd pass */
112}
113#endif
114
115#ifdef HAVE_LIBCRYPTO
116/*
117 * Verify a cryptographic signature of the packet.
118 * Currently only MD5 is supported.
119 */
120int
121signature_verify (const u_char *pptr, u_int plen, u_char *sig_ptr)
122{
123    u_int8_t rcvsig[16];
124    u_int8_t sig[16];
125    unsigned int i;
126
127    /*
128     * Save the signature before clearing it.
129     */
130    memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
131    memset(sig_ptr, 0, sizeof(rcvsig));
132
133    if (!sigsecret) {
134        return (CANT_CHECK_SIGNATURE);
135    }
136
137    signature_compute_hmac_md5(pptr, plen, (unsigned char *)sigsecret,
138                               strlen(sigsecret), sig);
139
140    if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
141        return (SIGNATURE_VALID);
142
143    } else {
144
145        for (i = 0; i < sizeof(sig); ++i) {
146            (void)printf("%02x", sig[i]);
147        }
148
149        return (SIGNATURE_INVALID);
150    }
151}
152#endif
153
154/*
155 * Local Variables:
156 * c-style: whitesmith
157 * c-basic-offset: 4
158 * End:
159 */
160