1/*
2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that: (1) source code
4 * distributions retain the above copyright notice and this paragraph
5 * in its entirety, and (2) distributions including binary code include
6 * the above copyright notice and this paragraph in its entirety in
7 * the documentation or other materials provided with the distribution.
8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE.
12 *
13 * Functions for signature and digest verification.
14 *
15 * Original code by Hannes Gredler (hannes@juniper.net)
16 */
17
18#include <sys/cdefs.h>
19#ifndef lint
20#if 0
21static const char rcsid[] _U_ =
22    "@(#) Header: /tcpdump/master/tcpdump/signature.c,v 1.2 2008-09-22 20:22:10 guy Exp (LBL)";
23#else
24__RCSID("$NetBSD$");
25#endif
26#endif
27
28#ifdef HAVE_CONFIG_H
29#include "config.h"
30#endif
31
32#include <tcpdump-stdinc.h>
33
34#include <string.h>
35
36#include "interface.h"
37#include "signature.h"
38
39#ifdef HAVE_LIBCRYPTO
40#include <openssl/md5.h>
41#endif
42
43const struct tok signature_check_values[] = {
44    { SIGNATURE_VALID, "valid"},
45    { SIGNATURE_INVALID, "invalid"},
46    { CANT_CHECK_SIGNATURE, "unchecked"},
47    { 0, NULL }
48};
49
50
51#ifdef HAVE_LIBCRYPTO
52/*
53 * Compute a HMAC MD5 sum.
54 * Taken from rfc2104, Appendix.
55 */
56static void
57signature_compute_hmac_md5(const u_int8_t *text, int text_len, unsigned char *key,
58                           unsigned int key_len, u_int8_t *digest)
59{
60    MD5_CTX context;
61    unsigned char k_ipad[65];    /* inner padding - key XORd with ipad */
62    unsigned char k_opad[65];    /* outer padding - key XORd with opad */
63    unsigned char tk[16];
64    int i;
65
66    /* if key is longer than 64 bytes reset it to key=MD5(key) */
67    if (key_len > 64) {
68
69        MD5_CTX tctx;
70
71        MD5_Init(&tctx);
72        MD5_Update(&tctx, key, key_len);
73        MD5_Final(tk, &tctx);
74
75        key = tk;
76        key_len = 16;
77    }
78
79    /*
80     * the HMAC_MD5 transform looks like:
81     *
82     * MD5(K XOR opad, MD5(K XOR ipad, text))
83     *
84     * where K is an n byte key
85     * ipad is the byte 0x36 repeated 64 times
86     * opad is the byte 0x5c repeated 64 times
87     * and text is the data being protected
88     */
89
90    /* start out by storing key in pads */
91    memset(k_ipad, 0, sizeof k_ipad);
92    memset(k_opad, 0, sizeof k_opad);
93    memcpy(k_ipad, key, key_len);
94    memcpy(k_opad, key, key_len);
95
96    /* XOR key with ipad and opad values */
97    for (i=0; i<64; i++) {
98        k_ipad[i] ^= 0x36;
99        k_opad[i] ^= 0x5c;
100    }
101
102    /*
103     * perform inner MD5
104     */
105    MD5_Init(&context);                   /* init context for 1st pass */
106    MD5_Update(&context, k_ipad, 64);     /* start with inner pad */
107    MD5_Update(&context, text, text_len); /* then text of datagram */
108    MD5_Final(digest, &context);          /* finish up 1st pass */
109
110    /*
111     * perform outer MD5
112     */
113    MD5_Init(&context);                   /* init context for 2nd pass */
114    MD5_Update(&context, k_opad, 64);     /* start with outer pad */
115    MD5_Update(&context, digest, 16);     /* then results of 1st hash */
116    MD5_Final(digest, &context);          /* finish up 2nd pass */
117}
118#endif
119
120#ifdef HAVE_LIBCRYPTO
121/*
122 * Verify a cryptographic signature of the packet.
123 * Currently only MD5 is supported.
124 */
125int
126signature_verify (const u_char *pptr, u_int plen, u_char *sig_ptr)
127{
128    u_int8_t rcvsig[16];
129    u_int8_t sig[16];
130    unsigned int i;
131
132    /*
133     * Save the signature before clearing it.
134     */
135    memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
136    memset(sig_ptr, 0, sizeof(rcvsig));
137
138    if (!sigsecret) {
139        return (CANT_CHECK_SIGNATURE);
140    }
141
142    signature_compute_hmac_md5(pptr, plen, (unsigned char *)sigsecret,
143                               strlen(sigsecret), sig);
144
145    if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
146        return (SIGNATURE_VALID);
147
148    } else {
149
150        for (i = 0; i < sizeof(sig); ++i) {
151            (void)printf("%02x", sig[i]);
152        }
153
154        return (SIGNATURE_INVALID);
155    }
156}
157#endif
158
159/*
160 * Local Variables:
161 * c-style: whitesmith
162 * c-basic-offset: 4
163 * End:
164 */
165