1994-09-29 23:04:24 +00:00
|
|
|
/*
|
1993-12-21 18:36:48 +00:00
|
|
|
* md5crypt - MD5 based authentication routines
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "ntp_types.h"
|
|
|
|
#include "ntp_string.h"
|
|
|
|
#include "md5.h"
|
|
|
|
#include "ntp_stdlib.h"
|
|
|
|
|
1994-09-29 23:04:24 +00:00
|
|
|
extern u_long cache_keyid;
|
1993-12-21 18:36:48 +00:00
|
|
|
extern char *cache_key;
|
|
|
|
extern int cache_keylen;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Stat counters, imported from data base module
|
|
|
|
*/
|
|
|
|
extern U_LONG authencryptions;
|
|
|
|
extern U_LONG authdecryptions;
|
|
|
|
extern U_LONG authkeyuncached;
|
|
|
|
extern U_LONG authnokey;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* For our purposes an NTP packet looks like:
|
|
|
|
*
|
|
|
|
* a variable amount of encrypted data, multiple of 8 bytes, followed by:
|
|
|
|
* NOCRYPT_OCTETS worth of unencrypted data, followed by:
|
|
|
|
* BLOCK_OCTETS worth of ciphered checksum.
|
1995-05-30 03:57:47 +00:00
|
|
|
*/
|
1993-12-21 18:36:48 +00:00
|
|
|
#define NOCRYPT_OCTETS 4
|
|
|
|
#define BLOCK_OCTETS 16
|
|
|
|
|
|
|
|
#define NOCRYPT_LONGS ((NOCRYPT_OCTETS)/sizeof(U_LONG))
|
|
|
|
#define BLOCK_LONGS ((BLOCK_OCTETS)/sizeof(U_LONG))
|
|
|
|
|
|
|
|
static MD5_CTX ctx;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Do first stage of a two stage authenticator generation.
|
|
|
|
*/
|
|
|
|
|
|
|
|
void
|
|
|
|
MD5auth1crypt(keyno, pkt, length)
|
1994-09-29 23:04:24 +00:00
|
|
|
u_long keyno;
|
1993-12-21 18:36:48 +00:00
|
|
|
U_LONG *pkt;
|
|
|
|
int length; /* length of all encrypted data */
|
|
|
|
{
|
|
|
|
|
|
|
|
authencryptions++;
|
|
|
|
|
|
|
|
if (keyno != cache_keyid) {
|
|
|
|
authkeyuncached++;
|
|
|
|
if (!authhavekey(keyno)) {
|
|
|
|
authnokey++;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
MD5Init(&ctx);
|
|
|
|
MD5Update(&ctx, cache_key, cache_keylen);
|
|
|
|
MD5Update(&ctx, (char *)pkt, length - 8);
|
|
|
|
/* just leave the partially computed value in the static MD5_CTX */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Do second state of a two stage authenticator generation.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
MD5auth2crypt(keyno, pkt, length)
|
1994-09-29 23:04:24 +00:00
|
|
|
u_long keyno;
|
1993-12-21 18:36:48 +00:00
|
|
|
U_LONG *pkt;
|
|
|
|
int length; /* total length of encrypted area */
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Don't bother checking the keys. The first stage would have
|
|
|
|
* handled that. Finish up the generation by also including the
|
|
|
|
* last 8 bytes of the data area.
|
|
|
|
*/
|
|
|
|
|
|
|
|
MD5Update(&ctx, (char *)(pkt) + length - 8, 8);
|
|
|
|
MD5Final(&ctx);
|
|
|
|
|
1994-02-03 22:09:07 +00:00
|
|
|
memmove((char *) &pkt[NOCRYPT_LONGS + length/sizeof(U_LONG)],
|
1995-05-30 03:57:47 +00:00
|
|
|
(char *) ctx.digest,
|
1994-02-03 22:09:07 +00:00
|
|
|
BLOCK_OCTETS);
|
|
|
|
return (4 + BLOCK_OCTETS);
|
1993-12-21 18:36:48 +00:00
|
|
|
}
|