freebsd-dev/signature.c

/* 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that: (1) source code
 * distributions retain the above copyright notice and this paragraph
 * in its entirety, and (2) distributions including binary code include
 * the above copyright notice and this paragraph in its entirety in
 * the documentation or other materials provided with the distribution.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE.
 *
 * Functions for signature and digest verification.
 * 
 * Original code by Hannes Gredler (hannes@juniper.net)
 */

#ifndef lint
static const char rcsid[] _U_ =
    "@(#) $Header: /tcpdump/master/tcpdump/signature.c,v 1.2 2008-09-22 20:22:10 guy Exp $ (LBL)";
#endif

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <tcpdump-stdinc.h>

#include <string.h>

#include "interface.h"
#include "signature.h"

#ifdef HAVE_LIBCRYPTO
#include <openssl/md5.h>
#endif

const struct tok signature_check_values[] = {
    { SIGNATURE_VALID, "valid"},
    { SIGNATURE_INVALID, "invalid"},
    { CANT_CHECK_SIGNATURE, "unchecked"},
    { 0, NULL }
};


#ifdef HAVE_LIBCRYPTO
/*
 * Compute a HMAC MD5 sum.
 * Taken from rfc2104, Appendix.
 */
static void
signature_compute_hmac_md5(const u_int8_t *text, int text_len, unsigned char *key,
                           unsigned int key_len, u_int8_t *digest)
{
    MD5_CTX context;
    unsigned char k_ipad[65];    /* inner padding - key XORd with ipad */
    unsigned char k_opad[65];    /* outer padding - key XORd with opad */
    unsigned char tk[16];
    int i;

    /* if key is longer than 64 bytes reset it to key=MD5(key) */
    if (key_len > 64) {

        MD5_CTX tctx;

        MD5_Init(&tctx);
        MD5_Update(&tctx, key, key_len);
        MD5_Final(tk, &tctx);

        key = tk;
        key_len = 16;
    }

    /*
     * the HMAC_MD5 transform looks like:
     *
     * MD5(K XOR opad, MD5(K XOR ipad, text))
     *
     * where K is an n byte key
     * ipad is the byte 0x36 repeated 64 times
     * opad is the byte 0x5c repeated 64 times
     * and text is the data being protected
     */

    /* start out by storing key in pads */
    memset(k_ipad, 0, sizeof k_ipad);
    memset(k_opad, 0, sizeof k_opad);
    memcpy(k_ipad, key, key_len);
    memcpy(k_opad, key, key_len);

    /* XOR key with ipad and opad values */
    for (i=0; i<64; i++) {
        k_ipad[i] ^= 0x36;
        k_opad[i] ^= 0x5c;
    }

    /*
     * perform inner MD5
     */
    MD5_Init(&context);                   /* init context for 1st pass */
    MD5_Update(&context, k_ipad, 64);     /* start with inner pad */
    MD5_Update(&context, text, text_len); /* then text of datagram */
    MD5_Final(digest, &context);          /* finish up 1st pass */

    /*
     * perform outer MD5
     */
    MD5_Init(&context);                   /* init context for 2nd pass */
    MD5_Update(&context, k_opad, 64);     /* start with outer pad */
    MD5_Update(&context, digest, 16);     /* then results of 1st hash */
    MD5_Final(digest, &context);          /* finish up 2nd pass */
}
#endif

#ifdef HAVE_LIBCRYPTO
/*
 * Verify a cryptographic signature of the packet.
 * Currently only MD5 is supported.
 */
int
signature_verify (const u_char *pptr, u_int plen, u_char *sig_ptr)
{
    u_int8_t rcvsig[16];
    u_int8_t sig[16];
    unsigned int i;

    /*
     * Save the signature before clearing it.
     */
    memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
    memset(sig_ptr, 0, sizeof(rcvsig));

    if (!sigsecret) {
        return (CANT_CHECK_SIGNATURE);
    }

    signature_compute_hmac_md5(pptr, plen, (unsigned char *)sigsecret,
                               strlen(sigsecret), sig);

    if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
        return (SIGNATURE_VALID);

    } else {

        for (i = 0; i < sizeof(sig); ++i) {
            (void)printf("%02x", sig[i]);
        }

        return (SIGNATURE_INVALID);
    }
}
#endif

/*
 * Local Variables:
 * c-style: whitesmith
 * c-basic-offset: 4
 * End:
 */
Update tcpdump to 4.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release Fix printing of MAC addresses for VLAN frames with a length field Add some additional bounds checks and use the EXTRACT_ macros more Add a -b flag to print the AS number in BGP packets in ASDOT notation rather than ASPLAIN notation Add ICMPv6 RFC 5006 support Decode the access flags in NFS access requests Handle the new DLT_ for memory-mapped USB captures on Linux Make the default snapshot (-s) the maximum Print name of device (when -L is used) Support for OpenSolaris (and SXCE build 125 and later) Print new TCP flags Add support for RPL DIO Add support for TCP User Timeout (UTO) Add support for non-standard Ethertypes used by 3com PPPoE gear Add support for 802.11n and 802.11s Add support for Transparent Ethernet Bridge ethertype in GRE Add 4 byte AS support for BGP printer Add support for the MDT SAFI 66 BG printer Add basic IPv6 support to print-olsr Add USB printer Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too Lots of code clean ups Autoconf clean ups Update testcases to make output changes Fix compiling with/out smi (--with{,out}-smi) Fix compiling without IPv6 support (--disable-ipv6) 2010-10-28 16:23:25 +00:00			`/*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that: (1) source code`
			`* distributions retain the above copyright notice and this paragraph`
			`* in its entirety, and (2) distributions including binary code include`
			`* the above copyright notice and this paragraph in its entirety in`
			`* the documentation or other materials provided with the distribution.`
			* THIS SOFTWARE IS PROVIDED ``AS IS'' AND
			`* WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT`
			`* LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS`
			`* FOR A PARTICULAR PURPOSE.`
			`*`
			`* Functions for signature and digest verification.`
			`*`
			`* Original code by Hannes Gredler (hannes@juniper.net)`
			`*/`

			`#ifndef lint`
			`static const char rcsid[] _U_ =`
			`"@(#) $Header: /tcpdump/master/tcpdump/signature.c,v 1.2 2008-09-22 20:22:10 guy Exp $ (LBL)";`
			`#endif`

			`#ifdef HAVE_CONFIG_H`
			`#include "config.h"`
			`#endif`

			`#include <tcpdump-stdinc.h>`

			`#include <string.h>`

			`#include "interface.h"`
			`#include "signature.h"`

			`#ifdef HAVE_LIBCRYPTO`
			`#include <openssl/md5.h>`
			`#endif`

			`const struct tok signature_check_values[] = {`
			`{ SIGNATURE_VALID, "valid"},`
			`{ SIGNATURE_INVALID, "invalid"},`
			`{ CANT_CHECK_SIGNATURE, "unchecked"},`
			`{ 0, NULL }`
			`};`


			`#ifdef HAVE_LIBCRYPTO`
			`/*`
			`* Compute a HMAC MD5 sum.`
			`* Taken from rfc2104, Appendix.`
			`*/`
			`static void`
			`signature_compute_hmac_md5(const u_int8_t text, int text_len, unsigned char key,`
			`unsigned int key_len, u_int8_t *digest)`
			`{`
			`MD5_CTX context;`
			`unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */`
			`unsigned char k_opad[65]; /* outer padding - key XORd with opad */`
			`unsigned char tk[16];`
			`int i;`

			`/* if key is longer than 64 bytes reset it to key=MD5(key) */`
			`if (key_len > 64) {`

			`MD5_CTX tctx;`

			`MD5_Init(&tctx);`
			`MD5_Update(&tctx, key, key_len);`
			`MD5_Final(tk, &tctx);`

			`key = tk;`
			`key_len = 16;`
			`}`

			`/*`
			`* the HMAC_MD5 transform looks like:`
			`*`
			`* MD5(K XOR opad, MD5(K XOR ipad, text))`
			`*`
			`* where K is an n byte key`
			`* ipad is the byte 0x36 repeated 64 times`
			`* opad is the byte 0x5c repeated 64 times`
			`* and text is the data being protected`
			`*/`

			`/* start out by storing key in pads */`
			`memset(k_ipad, 0, sizeof k_ipad);`
			`memset(k_opad, 0, sizeof k_opad);`
			`memcpy(k_ipad, key, key_len);`
			`memcpy(k_opad, key, key_len);`

			`/* XOR key with ipad and opad values */`
			`for (i=0; i<64; i++) {`
			`k_ipad[i] ^= 0x36;`
			`k_opad[i] ^= 0x5c;`
			`}`

			`/*`
			`* perform inner MD5`
			`*/`
			`MD5_Init(&context); /* init context for 1st pass */`
			`MD5_Update(&context, k_ipad, 64); /* start with inner pad */`
			`MD5_Update(&context, text, text_len); /* then text of datagram */`
			`MD5_Final(digest, &context); /* finish up 1st pass */`

			`/*`
			`* perform outer MD5`
			`*/`
			`MD5_Init(&context); /* init context for 2nd pass */`
			`MD5_Update(&context, k_opad, 64); /* start with outer pad */`
			`MD5_Update(&context, digest, 16); /* then results of 1st hash */`
			`MD5_Final(digest, &context); /* finish up 2nd pass */`
			`}`
			`#endif`

			`#ifdef HAVE_LIBCRYPTO`
			`/*`
			`* Verify a cryptographic signature of the packet.`
			`* Currently only MD5 is supported.`
			`*/`
			`int`
			`signature_verify (const u_char pptr, u_int plen, u_char sig_ptr)`
			`{`
			`u_int8_t rcvsig[16];`
			`u_int8_t sig[16];`
			`unsigned int i;`

			`/*`
			`* Save the signature before clearing it.`
			`*/`
			`memcpy(rcvsig, sig_ptr, sizeof(rcvsig));`
			`memset(sig_ptr, 0, sizeof(rcvsig));`

			`if (!sigsecret) {`
			`return (CANT_CHECK_SIGNATURE);`
			`}`

			`signature_compute_hmac_md5(pptr, plen, (unsigned char *)sigsecret,`
			`strlen(sigsecret), sig);`

			`if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {`
			`return (SIGNATURE_VALID);`

			`} else {`

			`for (i = 0; i < sizeof(sig); ++i) {`
			`(void)printf("%02x", sig[i]);`
			`}`

			`return (SIGNATURE_INVALID);`
			`}`
			`}`
			`#endif`

			`/*`
			`* Local Variables:`
			`* c-style: whitesmith`
			`* c-basic-offset: 4`
			`* End:`
			`*/`