1 /* 2 * Redistribution and use in source and binary forms, with or without 3 * modification, are permitted provided that: (1) source code 4 * distributions retain the above copyright notice and this paragraph 5 * in its entirety, and (2) distributions including binary code include 6 * the above copyright notice and this paragraph in its entirety in 7 * the documentation or other materials provided with the distribution. 8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 11 * FOR A PARTICULAR PURPOSE. 12 * 13 * Functions for signature and digest verification. 14 * 15 * Original code by Hannes Gredler (hannes@gredler.at) 16 */ 17 18 #ifdef HAVE_CONFIG_H 19 #include <config.h> 20 #endif 21 22 #include "netdissect-stdinc.h" 23 24 #include <string.h> 25 #include <stdlib.h> 26 27 #include "netdissect.h" 28 #include "signature.h" 29 #include "diag-control.h" 30 31 #ifdef HAVE_LIBCRYPTO 32 #include <openssl/md5.h> 33 #endif 34 35 const struct tok signature_check_values[] = { 36 { SIGNATURE_VALID, "valid"}, 37 { SIGNATURE_INVALID, "invalid"}, 38 { CANT_ALLOCATE_COPY, "can't allocate memory"}, 39 { CANT_CHECK_SIGNATURE, "unchecked"}, 40 { 0, NULL } 41 }; 42 43 44 #ifdef HAVE_LIBCRYPTO 45 /* 46 * Compute a HMAC MD5 sum. 47 * Taken from rfc2104, Appendix. 48 */ 49 DIAG_OFF_DEPRECATION 50 static void 51 signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key, 52 unsigned int key_len, uint8_t *digest) 53 { 54 MD5_CTX context; 55 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */ 56 unsigned char k_opad[65]; /* outer padding - key XORd with opad */ 57 unsigned char tk[16]; 58 int i; 59 60 /* if key is longer than 64 bytes reset it to key=MD5(key) */ 61 if (key_len > 64) { 62 63 MD5_CTX tctx; 64 65 MD5_Init(&tctx); 66 MD5_Update(&tctx, key, key_len); 67 MD5_Final(tk, &tctx); 68 69 key = tk; 70 key_len = 16; 71 } 72 73 /* 74 * the HMAC_MD5 transform looks like: 75 * 76 * MD5(K XOR opad, MD5(K XOR ipad, text)) 77 * 78 * where K is an n byte key 79 * ipad is the byte 0x36 repeated 64 times 80 * opad is the byte 0x5c repeated 64 times 81 * and text is the data being protected 82 */ 83 84 /* start out by storing key in pads */ 85 memset(k_ipad, 0, sizeof(k_ipad)); 86 memset(k_opad, 0, sizeof(k_opad)); 87 memcpy(k_ipad, key, key_len); 88 memcpy(k_opad, key, key_len); 89 90 /* XOR key with ipad and opad values */ 91 for (i=0; i<64; i++) { 92 k_ipad[i] ^= 0x36; 93 k_opad[i] ^= 0x5c; 94 } 95 96 /* 97 * perform inner MD5 98 */ 99 MD5_Init(&context); /* init context for 1st pass */ 100 MD5_Update(&context, k_ipad, 64); /* start with inner pad */ 101 MD5_Update(&context, text, text_len); /* then text of datagram */ 102 MD5_Final(digest, &context); /* finish up 1st pass */ 103 104 /* 105 * perform outer MD5 106 */ 107 MD5_Init(&context); /* init context for 2nd pass */ 108 MD5_Update(&context, k_opad, 64); /* start with outer pad */ 109 MD5_Update(&context, digest, 16); /* then results of 1st hash */ 110 MD5_Final(digest, &context); /* finish up 2nd pass */ 111 } 112 DIAG_ON_DEPRECATION 113 114 /* 115 * Verify a cryptographic signature of the packet. 116 * Currently only MD5 is supported. 117 */ 118 int 119 signature_verify(netdissect_options *ndo, const u_char *pptr, u_int plen, 120 const u_char *sig_ptr, void (*clear_rtn)(void *), 121 const void *clear_arg) 122 { 123 uint8_t *packet_copy, *sig_copy; 124 uint8_t sig[16]; 125 unsigned int i; 126 127 if (!ndo->ndo_sigsecret) { 128 return (CANT_CHECK_SIGNATURE); 129 } 130 131 /* 132 * Do we have all the packet data to be checked? 133 */ 134 if (!ND_TTEST_LEN(pptr, plen)) { 135 /* No. */ 136 return (CANT_CHECK_SIGNATURE); 137 } 138 139 /* 140 * Do we have the entire signature to check? 141 */ 142 if (!ND_TTEST_LEN(sig_ptr, sizeof(sig))) { 143 /* No. */ 144 return (CANT_CHECK_SIGNATURE); 145 } 146 if (sig_ptr + sizeof(sig) > pptr + plen) { 147 /* No. */ 148 return (CANT_CHECK_SIGNATURE); 149 } 150 151 /* 152 * Make a copy of the packet, so we don't overwrite the original. 153 */ 154 packet_copy = malloc(plen); 155 if (packet_copy == NULL) { 156 return (CANT_ALLOCATE_COPY); 157 } 158 159 memcpy(packet_copy, pptr, plen); 160 161 /* 162 * Clear the signature in the copy. 163 */ 164 sig_copy = packet_copy + (sig_ptr - pptr); 165 memset(sig_copy, 0, sizeof(sig)); 166 167 /* 168 * Clear anything else that needs to be cleared in the copy. 169 * Our caller is assumed to have vetted the clear_arg pointer. 170 */ 171 (*clear_rtn)((void *)(packet_copy + ((const uint8_t *)clear_arg - pptr))); 172 173 /* 174 * Compute the signature. 175 */ 176 signature_compute_hmac_md5(packet_copy, plen, 177 (unsigned char *)ndo->ndo_sigsecret, 178 strlen(ndo->ndo_sigsecret), sig); 179 180 /* 181 * Free the copy. 182 */ 183 free(packet_copy); 184 185 /* 186 * Does the computed signature match the signature in the packet? 187 */ 188 if (memcmp(sig_ptr, sig, sizeof(sig)) == 0) { 189 /* Yes. */ 190 return (SIGNATURE_VALID); 191 } else { 192 /* No - print the computed signature. */ 193 for (i = 0; i < sizeof(sig); ++i) { 194 ND_PRINT("%02x", sig[i]); 195 } 196 197 return (SIGNATURE_INVALID); 198 } 199 } 200 #else 201 int 202 signature_verify(netdissect_options *ndo _U_, const u_char *pptr _U_, 203 u_int plen _U_, const u_char *sig_ptr _U_, 204 void (*clear_rtn)(void *) _U_, const void *clear_arg _U_) 205 { 206 return (CANT_CHECK_SIGNATURE); 207 } 208 #endif 209