nexmon – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | /* |
| 2 | * Redistribution and use in source and binary forms, with or without |
||
| 3 | * modification, are permitted provided that: (1) source code |
||
| 4 | * distributions retain the above copyright notice and this paragraph |
||
| 5 | * in its entirety, and (2) distributions including binary code include |
||
| 6 | * the above copyright notice and this paragraph in its entirety in |
||
| 7 | * the documentation or other materials provided with the distribution. |
||
| 8 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND |
||
| 9 | * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT |
||
| 10 | * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
||
| 11 | * FOR A PARTICULAR PURPOSE. |
||
| 12 | * |
||
| 13 | * Functions for signature and digest verification. |
||
| 14 | * |
||
| 15 | * Original code by Hannes Gredler (hannes@juniper.net) |
||
| 16 | */ |
||
| 17 | |||
| 18 | #define NETDISSECT_REWORKED |
||
| 19 | #ifdef HAVE_CONFIG_H |
||
| 20 | #include "config.h" |
||
| 21 | #endif |
||
| 22 | |||
| 23 | #include <tcpdump-stdinc.h> |
||
| 24 | |||
| 25 | #include <string.h> |
||
| 26 | |||
| 27 | #include "interface.h" |
||
| 28 | #include "signature.h" |
||
| 29 | |||
| 30 | #ifdef HAVE_LIBCRYPTO |
||
| 31 | #include <openssl/md5.h> |
||
| 32 | #endif |
||
| 33 | |||
| 34 | const struct tok signature_check_values[] = { |
||
| 35 | { SIGNATURE_VALID, "valid"}, |
||
| 36 | { SIGNATURE_INVALID, "invalid"}, |
||
| 37 | { CANT_CHECK_SIGNATURE, "unchecked"}, |
||
| 38 | { 0, NULL } |
||
| 39 | }; |
||
| 40 | |||
| 41 | |||
| 42 | #ifdef HAVE_LIBCRYPTO |
||
| 43 | /* |
||
| 44 | * Compute a HMAC MD5 sum. |
||
| 45 | * Taken from rfc2104, Appendix. |
||
| 46 | */ |
||
| 47 | USES_APPLE_DEPRECATED_API |
||
| 48 | static void |
||
| 49 | signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key, |
||
| 50 | unsigned int key_len, uint8_t *digest) |
||
| 51 | { |
||
| 52 | MD5_CTX context; |
||
| 53 | unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */ |
||
| 54 | unsigned char k_opad[65]; /* outer padding - key XORd with opad */ |
||
| 55 | unsigned char tk[16]; |
||
| 56 | int i; |
||
| 57 | |||
| 58 | /* if key is longer than 64 bytes reset it to key=MD5(key) */ |
||
| 59 | if (key_len > 64) { |
||
| 60 | |||
| 61 | MD5_CTX tctx; |
||
| 62 | |||
| 63 | MD5_Init(&tctx); |
||
| 64 | MD5_Update(&tctx, key, key_len); |
||
| 65 | MD5_Final(tk, &tctx); |
||
| 66 | |||
| 67 | key = tk; |
||
| 68 | key_len = 16; |
||
| 69 | } |
||
| 70 | |||
| 71 | /* |
||
| 72 | * the HMAC_MD5 transform looks like: |
||
| 73 | * |
||
| 74 | * MD5(K XOR opad, MD5(K XOR ipad, text)) |
||
| 75 | * |
||
| 76 | * where K is an n byte key |
||
| 77 | * ipad is the byte 0x36 repeated 64 times |
||
| 78 | * opad is the byte 0x5c repeated 64 times |
||
| 79 | * and text is the data being protected |
||
| 80 | */ |
||
| 81 | |||
| 82 | /* start out by storing key in pads */ |
||
| 83 | memset(k_ipad, 0, sizeof k_ipad); |
||
| 84 | memset(k_opad, 0, sizeof k_opad); |
||
| 85 | memcpy(k_ipad, key, key_len); |
||
| 86 | memcpy(k_opad, key, key_len); |
||
| 87 | |||
| 88 | /* XOR key with ipad and opad values */ |
||
| 89 | for (i=0; i<64; i++) { |
||
| 90 | k_ipad[i] ^= 0x36; |
||
| 91 | k_opad[i] ^= 0x5c; |
||
| 92 | } |
||
| 93 | |||
| 94 | /* |
||
| 95 | * perform inner MD5 |
||
| 96 | */ |
||
| 97 | MD5_Init(&context); /* init context for 1st pass */ |
||
| 98 | MD5_Update(&context, k_ipad, 64); /* start with inner pad */ |
||
| 99 | MD5_Update(&context, text, text_len); /* then text of datagram */ |
||
| 100 | MD5_Final(digest, &context); /* finish up 1st pass */ |
||
| 101 | |||
| 102 | /* |
||
| 103 | * perform outer MD5 |
||
| 104 | */ |
||
| 105 | MD5_Init(&context); /* init context for 2nd pass */ |
||
| 106 | MD5_Update(&context, k_opad, 64); /* start with outer pad */ |
||
| 107 | MD5_Update(&context, digest, 16); /* then results of 1st hash */ |
||
| 108 | MD5_Final(digest, &context); /* finish up 2nd pass */ |
||
| 109 | } |
||
| 110 | USES_APPLE_RST |
||
| 111 | #endif |
||
| 112 | |||
| 113 | #ifdef HAVE_LIBCRYPTO |
||
| 114 | /* |
||
| 115 | * Verify a cryptographic signature of the packet. |
||
| 116 | * Currently only MD5 is supported. |
||
| 117 | */ |
||
| 118 | int |
||
| 119 | signature_verify(netdissect_options *ndo, |
||
| 120 | const u_char *pptr, u_int plen, u_char *sig_ptr) |
||
| 121 | { |
||
| 122 | uint8_t rcvsig[16]; |
||
| 123 | uint8_t sig[16]; |
||
| 124 | unsigned int i; |
||
| 125 | |||
| 126 | /* |
||
| 127 | * Save the signature before clearing it. |
||
| 128 | */ |
||
| 129 | memcpy(rcvsig, sig_ptr, sizeof(rcvsig)); |
||
| 130 | memset(sig_ptr, 0, sizeof(rcvsig)); |
||
| 131 | |||
| 132 | if (!ndo->ndo_sigsecret) { |
||
| 133 | return (CANT_CHECK_SIGNATURE); |
||
| 134 | } |
||
| 135 | |||
| 136 | signature_compute_hmac_md5(pptr, plen, (unsigned char *)ndo->ndo_sigsecret, |
||
| 137 | strlen(ndo->ndo_sigsecret), sig); |
||
| 138 | |||
| 139 | if (memcmp(rcvsig, sig, sizeof(sig)) == 0) { |
||
| 140 | return (SIGNATURE_VALID); |
||
| 141 | |||
| 142 | } else { |
||
| 143 | |||
| 144 | for (i = 0; i < sizeof(sig); ++i) { |
||
| 145 | ND_PRINT((ndo, "%02x", sig[i])); |
||
| 146 | } |
||
| 147 | |||
| 148 | return (SIGNATURE_INVALID); |
||
| 149 | } |
||
| 150 | } |
||
| 151 | #endif |
||
| 152 | |||
| 153 | /* |
||
| 154 | * Local Variables: |
||
| 155 | * c-style: whitesmith |
||
| 156 | * c-basic-offset: 4 |
||
| 157 | * End: |
||
| 158 | */ |