xref: /freebsd/contrib/tcpdump/signature.c (revision ae477ca7da55f76d28859e1bd01cd1051e36f28f)
1 /*
2  * Redistribution and use in source and binary forms, with or without
3  * modification, are permitted provided that: (1) source code
4  * distributions retain the above copyright notice and this paragraph
5  * in its entirety, and (2) distributions including binary code include
6  * the above copyright notice and this paragraph in its entirety in
7  * the documentation or other materials provided with the distribution.
8  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9  * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10  * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11  * FOR A PARTICULAR PURPOSE.
12  *
13  * Functions for signature and digest verification.
14  *
15  * Original code by Hannes Gredler (hannes@gredler.at)
16  */
17 
18 #ifdef HAVE_CONFIG_H
19 #include <config.h>
20 #endif
21 
22 #include "netdissect-stdinc.h"
23 
24 #include <string.h>
25 #include <stdlib.h>
26 
27 #include "netdissect.h"
28 #include "signature.h"
29 #include "diag-control.h"
30 
31 #ifdef HAVE_LIBCRYPTO
32 #include <openssl/md5.h>
33 #endif
34 
35 const struct tok signature_check_values[] = {
36     { SIGNATURE_VALID, "valid"},
37     { SIGNATURE_INVALID, "invalid"},
38     { CANT_ALLOCATE_COPY, "can't allocate memory"},
39     { CANT_CHECK_SIGNATURE, "unchecked"},
40     { 0, NULL }
41 };
42 
43 
44 #ifdef HAVE_LIBCRYPTO
45 /*
46  * Compute a HMAC MD5 sum.
47  * Taken from rfc2104, Appendix.
48  */
49 DIAG_OFF_DEPRECATION
50 static void
51 signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key,
52                            unsigned int key_len, uint8_t *digest)
53 {
54     MD5_CTX context;
55     unsigned char k_ipad[65];    /* inner padding - key XORd with ipad */
56     unsigned char k_opad[65];    /* outer padding - key XORd with opad */
57     unsigned char tk[16];
58     int i;
59 
60     /* if key is longer than 64 bytes reset it to key=MD5(key) */
61     if (key_len > 64) {
62 
63         MD5_CTX tctx;
64 
65         MD5_Init(&tctx);
66         MD5_Update(&tctx, key, key_len);
67         MD5_Final(tk, &tctx);
68 
69         key = tk;
70         key_len = 16;
71     }
72 
73     /*
74      * the HMAC_MD5 transform looks like:
75      *
76      * MD5(K XOR opad, MD5(K XOR ipad, text))
77      *
78      * where K is an n byte key
79      * ipad is the byte 0x36 repeated 64 times
80      * opad is the byte 0x5c repeated 64 times
81      * and text is the data being protected
82      */
83 
84     /* start out by storing key in pads */
85     memset(k_ipad, 0, sizeof(k_ipad));
86     memset(k_opad, 0, sizeof(k_opad));
87     memcpy(k_ipad, key, key_len);
88     memcpy(k_opad, key, key_len);
89 
90     /* XOR key with ipad and opad values */
91     for (i=0; i<64; i++) {
92         k_ipad[i] ^= 0x36;
93         k_opad[i] ^= 0x5c;
94     }
95 
96     /*
97      * perform inner MD5
98      */
99     MD5_Init(&context);                   /* init context for 1st pass */
100     MD5_Update(&context, k_ipad, 64);     /* start with inner pad */
101     MD5_Update(&context, text, text_len); /* then text of datagram */
102     MD5_Final(digest, &context);          /* finish up 1st pass */
103 
104     /*
105      * perform outer MD5
106      */
107     MD5_Init(&context);                   /* init context for 2nd pass */
108     MD5_Update(&context, k_opad, 64);     /* start with outer pad */
109     MD5_Update(&context, digest, 16);     /* then results of 1st hash */
110     MD5_Final(digest, &context);          /* finish up 2nd pass */
111 }
112 DIAG_ON_DEPRECATION
113 
114 /*
115  * Verify a cryptographic signature of the packet.
116  * Currently only MD5 is supported.
117  */
118 int
119 signature_verify(netdissect_options *ndo, const u_char *pptr, u_int plen,
120                  const u_char *sig_ptr, void (*clear_rtn)(void *),
121                  const void *clear_arg)
122 {
123     uint8_t *packet_copy, *sig_copy;
124     uint8_t sig[16];
125     unsigned int i;
126 
127     if (!ndo->ndo_sigsecret) {
128         return (CANT_CHECK_SIGNATURE);
129     }
130 
131     /*
132      * Do we have all the packet data to be checked?
133      */
134     if (!ND_TTEST_LEN(pptr, plen)) {
135         /* No. */
136         return (CANT_CHECK_SIGNATURE);
137     }
138 
139     /*
140      * Do we have the entire signature to check?
141      */
142     if (!ND_TTEST_LEN(sig_ptr, sizeof(sig))) {
143         /* No. */
144         return (CANT_CHECK_SIGNATURE);
145     }
146     if (sig_ptr + sizeof(sig) > pptr + plen) {
147         /* No. */
148         return (CANT_CHECK_SIGNATURE);
149     }
150 
151     /*
152      * Make a copy of the packet, so we don't overwrite the original.
153      */
154     packet_copy = malloc(plen);
155     if (packet_copy == NULL) {
156         return (CANT_ALLOCATE_COPY);
157     }
158 
159     memcpy(packet_copy, pptr, plen);
160 
161     /*
162      * Clear the signature in the copy.
163      */
164     sig_copy = packet_copy + (sig_ptr - pptr);
165     memset(sig_copy, 0, sizeof(sig));
166 
167     /*
168      * Clear anything else that needs to be cleared in the copy.
169      * Our caller is assumed to have vetted the clear_arg pointer.
170      */
171     (*clear_rtn)((void *)(packet_copy + ((const uint8_t *)clear_arg - pptr)));
172 
173     /*
174      * Compute the signature.
175      */
176     signature_compute_hmac_md5(packet_copy, plen,
177                                (unsigned char *)ndo->ndo_sigsecret,
178                                strlen(ndo->ndo_sigsecret), sig);
179 
180     /*
181      * Free the copy.
182      */
183     free(packet_copy);
184 
185     /*
186      * Does the computed signature match the signature in the packet?
187      */
188     if (memcmp(sig_ptr, sig, sizeof(sig)) == 0) {
189         /* Yes. */
190         return (SIGNATURE_VALID);
191     } else {
192         /* No - print the computed signature. */
193         for (i = 0; i < sizeof(sig); ++i) {
194             ND_PRINT("%02x", sig[i]);
195         }
196 
197         return (SIGNATURE_INVALID);
198     }
199 }
200 #else
201 int
202 signature_verify(netdissect_options *ndo _U_, const u_char *pptr _U_,
203                  u_int plen _U_, const u_char *sig_ptr _U_,
204                  void (*clear_rtn)(void *) _U_, const void *clear_arg _U_)
205 {
206     return (CANT_CHECK_SIGNATURE);
207 }
208 #endif
209