1 /*
2  * Redistribution and use in source and binary forms, with or without
3  * modification, are permitted provided that: (1) source code
4  * distributions retain the above copyright notice and this paragraph
5  * in its entirety, and (2) distributions including binary code include
6  * the above copyright notice and this paragraph in its entirety in
7  * the documentation or other materials provided with the distribution.
8  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9  * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10  * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11  * FOR A PARTICULAR PURPOSE.
12  *
13  * Functions for signature and digest verification.
14  *
15  * Original code by Hannes Gredler (hannes@juniper.net)
16  */
17 
18 #define NETDISSECT_REWORKED
19 #ifdef HAVE_CONFIG_H
20 #include "config.h"
21 #endif
22 
23 #include <tcpdump-stdinc.h>
24 
25 #include <string.h>
26 
27 #include "interface.h"
28 #include "signature.h"
29 
30 #ifdef HAVE_LIBCRYPTO
31 #include <openssl/md5.h>
32 #endif
33 
34 const struct tok signature_check_values[] = {
35     { SIGNATURE_VALID, "valid"},
36     { SIGNATURE_INVALID, "invalid"},
37     { CANT_CHECK_SIGNATURE, "unchecked"},
38     { 0, NULL }
39 };
40 
41 
42 #ifdef HAVE_LIBCRYPTO
43 /*
44  * Compute a HMAC MD5 sum.
45  * Taken from rfc2104, Appendix.
46  */
47 USES_APPLE_DEPRECATED_API
48 static void
signature_compute_hmac_md5(const uint8_t * text,int text_len,unsigned char * key,unsigned int key_len,uint8_t * digest)49 signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key,
50                            unsigned int key_len, uint8_t *digest)
51 {
52     MD5_CTX context;
53     unsigned char k_ipad[65];    /* inner padding - key XORd with ipad */
54     unsigned char k_opad[65];    /* outer padding - key XORd with opad */
55     unsigned char tk[16];
56     int i;
57 
58     /* if key is longer than 64 bytes reset it to key=MD5(key) */
59     if (key_len > 64) {
60 
61         MD5_CTX tctx;
62 
63         MD5_Init(&tctx);
64         MD5_Update(&tctx, key, key_len);
65         MD5_Final(tk, &tctx);
66 
67         key = tk;
68         key_len = 16;
69     }
70 
71     /*
72      * the HMAC_MD5 transform looks like:
73      *
74      * MD5(K XOR opad, MD5(K XOR ipad, text))
75      *
76      * where K is an n byte key
77      * ipad is the byte 0x36 repeated 64 times
78      * opad is the byte 0x5c repeated 64 times
79      * and text is the data being protected
80      */
81 
82     /* start out by storing key in pads */
83     memset(k_ipad, 0, sizeof k_ipad);
84     memset(k_opad, 0, sizeof k_opad);
85     memcpy(k_ipad, key, key_len);
86     memcpy(k_opad, key, key_len);
87 
88     /* XOR key with ipad and opad values */
89     for (i=0; i<64; i++) {
90         k_ipad[i] ^= 0x36;
91         k_opad[i] ^= 0x5c;
92     }
93 
94     /*
95      * perform inner MD5
96      */
97     MD5_Init(&context);                   /* init context for 1st pass */
98     MD5_Update(&context, k_ipad, 64);     /* start with inner pad */
99     MD5_Update(&context, text, text_len); /* then text of datagram */
100     MD5_Final(digest, &context);          /* finish up 1st pass */
101 
102     /*
103      * perform outer MD5
104      */
105     MD5_Init(&context);                   /* init context for 2nd pass */
106     MD5_Update(&context, k_opad, 64);     /* start with outer pad */
107     MD5_Update(&context, digest, 16);     /* then results of 1st hash */
108     MD5_Final(digest, &context);          /* finish up 2nd pass */
109 }
110 USES_APPLE_RST
111 #endif
112 
113 #ifdef HAVE_LIBCRYPTO
114 /*
115  * Verify a cryptographic signature of the packet.
116  * Currently only MD5 is supported.
117  */
118 int
signature_verify(netdissect_options * ndo,const u_char * pptr,u_int plen,u_char * sig_ptr)119 signature_verify(netdissect_options *ndo,
120                  const u_char *pptr, u_int plen, u_char *sig_ptr)
121 {
122     uint8_t rcvsig[16];
123     uint8_t sig[16];
124     unsigned int i;
125 
126     /*
127      * Save the signature before clearing it.
128      */
129     memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
130     memset(sig_ptr, 0, sizeof(rcvsig));
131 
132     if (!ndo->ndo_sigsecret) {
133         return (CANT_CHECK_SIGNATURE);
134     }
135 
136     signature_compute_hmac_md5(pptr, plen, (unsigned char *)ndo->ndo_sigsecret,
137                                strlen(ndo->ndo_sigsecret), sig);
138 
139     if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
140         return (SIGNATURE_VALID);
141 
142     } else {
143 
144         for (i = 0; i < sizeof(sig); ++i) {
145             ND_PRINT((ndo, "%02x", sig[i]));
146         }
147 
148         return (SIGNATURE_INVALID);
149     }
150 }
151 #endif
152 
153 /*
154  * Local Variables:
155  * c-style: whitesmith
156  * c-basic-offset: 4
157  * End:
158  */
159