153f17a9db278d33517d9888dd77848f554522a38JP Abgrall/* 253f17a9db278d33517d9888dd77848f554522a38JP Abgrall * Redistribution and use in source and binary forms, with or without 353f17a9db278d33517d9888dd77848f554522a38JP Abgrall * modification, are permitted provided that: (1) source code 453f17a9db278d33517d9888dd77848f554522a38JP Abgrall * distributions retain the above copyright notice and this paragraph 553f17a9db278d33517d9888dd77848f554522a38JP Abgrall * in its entirety, and (2) distributions including binary code include 653f17a9db278d33517d9888dd77848f554522a38JP Abgrall * the above copyright notice and this paragraph in its entirety in 753f17a9db278d33517d9888dd77848f554522a38JP Abgrall * the documentation or other materials provided with the distribution. 853f17a9db278d33517d9888dd77848f554522a38JP Abgrall * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 953f17a9db278d33517d9888dd77848f554522a38JP Abgrall * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 1053f17a9db278d33517d9888dd77848f554522a38JP Abgrall * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 1153f17a9db278d33517d9888dd77848f554522a38JP Abgrall * FOR A PARTICULAR PURPOSE. 1253f17a9db278d33517d9888dd77848f554522a38JP Abgrall * 1353f17a9db278d33517d9888dd77848f554522a38JP Abgrall * Functions for signature and digest verification. 1453f17a9db278d33517d9888dd77848f554522a38JP Abgrall * 1553f17a9db278d33517d9888dd77848f554522a38JP Abgrall * Original code by Hannes Gredler (hannes@juniper.net) 1653f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 1753f17a9db278d33517d9888dd77848f554522a38JP Abgrall 1853f17a9db278d33517d9888dd77848f554522a38JP Abgrall#ifndef lint 1953f17a9db278d33517d9888dd77848f554522a38JP Abgrallstatic const char rcsid[] _U_ = 2053f17a9db278d33517d9888dd77848f554522a38JP Abgrall "@(#) $Header: /tcpdump/master/tcpdump/signature.c,v 1.2 2008-09-22 20:22:10 guy Exp $ (LBL)"; 2153f17a9db278d33517d9888dd77848f554522a38JP Abgrall#endif 2253f17a9db278d33517d9888dd77848f554522a38JP Abgrall 2353f17a9db278d33517d9888dd77848f554522a38JP Abgrall#ifdef HAVE_CONFIG_H 2453f17a9db278d33517d9888dd77848f554522a38JP Abgrall#include "config.h" 2553f17a9db278d33517d9888dd77848f554522a38JP Abgrall#endif 2653f17a9db278d33517d9888dd77848f554522a38JP Abgrall 2753f17a9db278d33517d9888dd77848f554522a38JP Abgrall#include <tcpdump-stdinc.h> 2853f17a9db278d33517d9888dd77848f554522a38JP Abgrall 2953f17a9db278d33517d9888dd77848f554522a38JP Abgrall#include <string.h> 3053f17a9db278d33517d9888dd77848f554522a38JP Abgrall 3153f17a9db278d33517d9888dd77848f554522a38JP Abgrall#include "interface.h" 3253f17a9db278d33517d9888dd77848f554522a38JP Abgrall#include "signature.h" 3353f17a9db278d33517d9888dd77848f554522a38JP Abgrall 3453f17a9db278d33517d9888dd77848f554522a38JP Abgrall#ifdef HAVE_LIBCRYPTO 3553f17a9db278d33517d9888dd77848f554522a38JP Abgrall#include <openssl/md5.h> 3653f17a9db278d33517d9888dd77848f554522a38JP Abgrall#endif 3753f17a9db278d33517d9888dd77848f554522a38JP Abgrall 3853f17a9db278d33517d9888dd77848f554522a38JP Abgrallconst struct tok signature_check_values[] = { 3953f17a9db278d33517d9888dd77848f554522a38JP Abgrall { SIGNATURE_VALID, "valid"}, 4053f17a9db278d33517d9888dd77848f554522a38JP Abgrall { SIGNATURE_INVALID, "invalid"}, 4153f17a9db278d33517d9888dd77848f554522a38JP Abgrall { CANT_CHECK_SIGNATURE, "unchecked"}, 4253f17a9db278d33517d9888dd77848f554522a38JP Abgrall { 0, NULL } 4353f17a9db278d33517d9888dd77848f554522a38JP Abgrall}; 4453f17a9db278d33517d9888dd77848f554522a38JP Abgrall 4553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 4653f17a9db278d33517d9888dd77848f554522a38JP Abgrall#ifdef HAVE_LIBCRYPTO 4753f17a9db278d33517d9888dd77848f554522a38JP Abgrall/* 4853f17a9db278d33517d9888dd77848f554522a38JP Abgrall * Compute a HMAC MD5 sum. 4953f17a9db278d33517d9888dd77848f554522a38JP Abgrall * Taken from rfc2104, Appendix. 5053f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 5153f17a9db278d33517d9888dd77848f554522a38JP AbgrallUSES_APPLE_DEPRECATED_API 5253f17a9db278d33517d9888dd77848f554522a38JP Abgrallstatic void 5353f17a9db278d33517d9888dd77848f554522a38JP Abgrallsignature_compute_hmac_md5(const u_int8_t *text, int text_len, unsigned char *key, 5453f17a9db278d33517d9888dd77848f554522a38JP Abgrall unsigned int key_len, u_int8_t *digest) 5553f17a9db278d33517d9888dd77848f554522a38JP Abgrall{ 5653f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_CTX context; 5753f17a9db278d33517d9888dd77848f554522a38JP Abgrall unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */ 5853f17a9db278d33517d9888dd77848f554522a38JP Abgrall unsigned char k_opad[65]; /* outer padding - key XORd with opad */ 5953f17a9db278d33517d9888dd77848f554522a38JP Abgrall unsigned char tk[16]; 6053f17a9db278d33517d9888dd77848f554522a38JP Abgrall int i; 6153f17a9db278d33517d9888dd77848f554522a38JP Abgrall 6253f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* if key is longer than 64 bytes reset it to key=MD5(key) */ 6353f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (key_len > 64) { 6453f17a9db278d33517d9888dd77848f554522a38JP Abgrall 6553f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_CTX tctx; 6653f17a9db278d33517d9888dd77848f554522a38JP Abgrall 6753f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Init(&tctx); 6853f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Update(&tctx, key, key_len); 6953f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Final(tk, &tctx); 7053f17a9db278d33517d9888dd77848f554522a38JP Abgrall 7153f17a9db278d33517d9888dd77848f554522a38JP Abgrall key = tk; 7253f17a9db278d33517d9888dd77848f554522a38JP Abgrall key_len = 16; 7353f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 7453f17a9db278d33517d9888dd77848f554522a38JP Abgrall 7553f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* 7653f17a9db278d33517d9888dd77848f554522a38JP Abgrall * the HMAC_MD5 transform looks like: 7753f17a9db278d33517d9888dd77848f554522a38JP Abgrall * 7853f17a9db278d33517d9888dd77848f554522a38JP Abgrall * MD5(K XOR opad, MD5(K XOR ipad, text)) 7953f17a9db278d33517d9888dd77848f554522a38JP Abgrall * 8053f17a9db278d33517d9888dd77848f554522a38JP Abgrall * where K is an n byte key 8153f17a9db278d33517d9888dd77848f554522a38JP Abgrall * ipad is the byte 0x36 repeated 64 times 8253f17a9db278d33517d9888dd77848f554522a38JP Abgrall * opad is the byte 0x5c repeated 64 times 8353f17a9db278d33517d9888dd77848f554522a38JP Abgrall * and text is the data being protected 8453f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 8553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 8653f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* start out by storing key in pads */ 8753f17a9db278d33517d9888dd77848f554522a38JP Abgrall memset(k_ipad, 0, sizeof k_ipad); 8853f17a9db278d33517d9888dd77848f554522a38JP Abgrall memset(k_opad, 0, sizeof k_opad); 8953f17a9db278d33517d9888dd77848f554522a38JP Abgrall memcpy(k_ipad, key, key_len); 9053f17a9db278d33517d9888dd77848f554522a38JP Abgrall memcpy(k_opad, key, key_len); 9153f17a9db278d33517d9888dd77848f554522a38JP Abgrall 9253f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* XOR key with ipad and opad values */ 9353f17a9db278d33517d9888dd77848f554522a38JP Abgrall for (i=0; i<64; i++) { 9453f17a9db278d33517d9888dd77848f554522a38JP Abgrall k_ipad[i] ^= 0x36; 9553f17a9db278d33517d9888dd77848f554522a38JP Abgrall k_opad[i] ^= 0x5c; 9653f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 9753f17a9db278d33517d9888dd77848f554522a38JP Abgrall 9853f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* 9953f17a9db278d33517d9888dd77848f554522a38JP Abgrall * perform inner MD5 10053f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 10153f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Init(&context); /* init context for 1st pass */ 10253f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Update(&context, k_ipad, 64); /* start with inner pad */ 10353f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Update(&context, text, text_len); /* then text of datagram */ 10453f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Final(digest, &context); /* finish up 1st pass */ 10553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 10653f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* 10753f17a9db278d33517d9888dd77848f554522a38JP Abgrall * perform outer MD5 10853f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 10953f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Init(&context); /* init context for 2nd pass */ 11053f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Update(&context, k_opad, 64); /* start with outer pad */ 11153f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Update(&context, digest, 16); /* then results of 1st hash */ 11253f17a9db278d33517d9888dd77848f554522a38JP Abgrall MD5_Final(digest, &context); /* finish up 2nd pass */ 11353f17a9db278d33517d9888dd77848f554522a38JP Abgrall} 11453f17a9db278d33517d9888dd77848f554522a38JP AbgrallUSES_APPLE_RST 11553f17a9db278d33517d9888dd77848f554522a38JP Abgrall#endif 11653f17a9db278d33517d9888dd77848f554522a38JP Abgrall 11753f17a9db278d33517d9888dd77848f554522a38JP Abgrall#ifdef HAVE_LIBCRYPTO 11853f17a9db278d33517d9888dd77848f554522a38JP Abgrall/* 11953f17a9db278d33517d9888dd77848f554522a38JP Abgrall * Verify a cryptographic signature of the packet. 12053f17a9db278d33517d9888dd77848f554522a38JP Abgrall * Currently only MD5 is supported. 12153f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 12253f17a9db278d33517d9888dd77848f554522a38JP Abgrallint 12353f17a9db278d33517d9888dd77848f554522a38JP Abgrallsignature_verify (const u_char *pptr, u_int plen, u_char *sig_ptr) 12453f17a9db278d33517d9888dd77848f554522a38JP Abgrall{ 12553f17a9db278d33517d9888dd77848f554522a38JP Abgrall u_int8_t rcvsig[16]; 12653f17a9db278d33517d9888dd77848f554522a38JP Abgrall u_int8_t sig[16]; 12753f17a9db278d33517d9888dd77848f554522a38JP Abgrall unsigned int i; 12853f17a9db278d33517d9888dd77848f554522a38JP Abgrall 12953f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* 13053f17a9db278d33517d9888dd77848f554522a38JP Abgrall * Save the signature before clearing it. 13153f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 13253f17a9db278d33517d9888dd77848f554522a38JP Abgrall memcpy(rcvsig, sig_ptr, sizeof(rcvsig)); 13353f17a9db278d33517d9888dd77848f554522a38JP Abgrall memset(sig_ptr, 0, sizeof(rcvsig)); 13453f17a9db278d33517d9888dd77848f554522a38JP Abgrall 13553f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (!sigsecret) { 13653f17a9db278d33517d9888dd77848f554522a38JP Abgrall return (CANT_CHECK_SIGNATURE); 13753f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 13853f17a9db278d33517d9888dd77848f554522a38JP Abgrall 13953f17a9db278d33517d9888dd77848f554522a38JP Abgrall signature_compute_hmac_md5(pptr, plen, (unsigned char *)sigsecret, 14053f17a9db278d33517d9888dd77848f554522a38JP Abgrall strlen(sigsecret), sig); 14153f17a9db278d33517d9888dd77848f554522a38JP Abgrall 14253f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (memcmp(rcvsig, sig, sizeof(sig)) == 0) { 14353f17a9db278d33517d9888dd77848f554522a38JP Abgrall return (SIGNATURE_VALID); 14453f17a9db278d33517d9888dd77848f554522a38JP Abgrall 14553f17a9db278d33517d9888dd77848f554522a38JP Abgrall } else { 14653f17a9db278d33517d9888dd77848f554522a38JP Abgrall 14753f17a9db278d33517d9888dd77848f554522a38JP Abgrall for (i = 0; i < sizeof(sig); ++i) { 14853f17a9db278d33517d9888dd77848f554522a38JP Abgrall (void)printf("%02x", sig[i]); 14953f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 15053f17a9db278d33517d9888dd77848f554522a38JP Abgrall 15153f17a9db278d33517d9888dd77848f554522a38JP Abgrall return (SIGNATURE_INVALID); 15253f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 15353f17a9db278d33517d9888dd77848f554522a38JP Abgrall} 15453f17a9db278d33517d9888dd77848f554522a38JP Abgrall#endif 15553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 15653f17a9db278d33517d9888dd77848f554522a38JP Abgrall/* 15753f17a9db278d33517d9888dd77848f554522a38JP Abgrall * Local Variables: 15853f17a9db278d33517d9888dd77848f554522a38JP Abgrall * c-style: whitesmith 15953f17a9db278d33517d9888dd77848f554522a38JP Abgrall * c-basic-offset: 4 16053f17a9db278d33517d9888dd77848f554522a38JP Abgrall * End: 16153f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 162