2018-02-28 06:23:12 +00:00
|
|
|
/*
|
|
|
|
* HMS: we need to test:
|
|
|
|
* - OpenSSL versions, if we are building with them
|
|
|
|
* - our versions
|
|
|
|
*
|
|
|
|
* We may need to test with(out) OPENSSL separately.
|
|
|
|
*/
|
|
|
|
|
2013-12-04 21:33:17 +00:00
|
|
|
#include <config.h>
|
|
|
|
#include "crypto.h"
|
|
|
|
#include <ctype.h>
|
2016-04-27 05:37:54 +00:00
|
|
|
#include "isc/string.h"
|
2017-03-23 05:19:00 +00:00
|
|
|
#include "ntp_md5.h"
|
2013-12-04 21:33:17 +00:00
|
|
|
|
2018-02-28 06:23:12 +00:00
|
|
|
/* HMS: We may not have OpenSSL, but we have our own AES-128-CMAC */
|
|
|
|
#define CMAC "AES128CMAC"
|
|
|
|
#ifdef OPENSSL
|
|
|
|
# include "openssl/cmac.h"
|
|
|
|
# define AES_128_KEY_SIZE 16
|
|
|
|
#endif /* OPENSSL */
|
|
|
|
|
|
|
|
#ifndef EVP_MAX_MD_SIZE
|
|
|
|
# define EVP_MAX_MD_SIZE 32
|
|
|
|
#endif
|
|
|
|
|
2013-12-04 21:33:17 +00:00
|
|
|
struct key *key_ptr;
|
2015-02-05 20:53:33 +00:00
|
|
|
size_t key_cnt = 0;
|
2013-12-04 21:33:17 +00:00
|
|
|
|
2018-02-28 06:23:12 +00:00
|
|
|
typedef struct key Key_T;
|
|
|
|
|
|
|
|
static u_int
|
|
|
|
compute_mac(
|
|
|
|
u_char digest[EVP_MAX_MD_SIZE],
|
|
|
|
char const * macname,
|
|
|
|
void const * pkt_data,
|
|
|
|
u_int pkt_size,
|
|
|
|
void const * key_data,
|
|
|
|
u_int key_size
|
|
|
|
)
|
|
|
|
{
|
|
|
|
u_int len = 0;
|
|
|
|
size_t slen = 0;
|
|
|
|
int key_type;
|
|
|
|
|
|
|
|
INIT_SSL();
|
|
|
|
key_type = keytype_from_text(macname, NULL);
|
|
|
|
|
|
|
|
#ifdef OPENSSL
|
|
|
|
/* Check if CMAC key type specific code required */
|
|
|
|
if (key_type == NID_cmac) {
|
|
|
|
CMAC_CTX * ctx = NULL;
|
|
|
|
u_char keybuf[AES_128_KEY_SIZE];
|
|
|
|
|
|
|
|
/* adjust key size (zero padded buffer) if necessary */
|
|
|
|
if (AES_128_KEY_SIZE > key_size) {
|
|
|
|
memcpy(keybuf, key_data, key_size);
|
|
|
|
memset((keybuf + key_size), 0,
|
|
|
|
(AES_128_KEY_SIZE - key_size));
|
|
|
|
key_data = keybuf;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(ctx = CMAC_CTX_new())) {
|
|
|
|
msyslog(LOG_ERR, "make_mac: CMAC %s CTX new failed.", CMAC);
|
|
|
|
}
|
|
|
|
else if (!CMAC_Init(ctx, key_data, AES_128_KEY_SIZE,
|
|
|
|
EVP_aes_128_cbc(), NULL)) {
|
|
|
|
msyslog(LOG_ERR, "make_mac: CMAC %s Init failed.", CMAC);
|
|
|
|
}
|
|
|
|
else if (!CMAC_Update(ctx, pkt_data, (size_t)pkt_size)) {
|
|
|
|
msyslog(LOG_ERR, "make_mac: CMAC %s Update failed.", CMAC);
|
|
|
|
}
|
|
|
|
else if (!CMAC_Final(ctx, digest, &slen)) {
|
|
|
|
msyslog(LOG_ERR, "make_mac: CMAC %s Final failed.", CMAC);
|
|
|
|
slen = 0;
|
|
|
|
}
|
|
|
|
len = (u_int)slen;
|
|
|
|
|
|
|
|
CMAC_CTX_cleanup(ctx);
|
|
|
|
/* Test our AES-128-CMAC implementation */
|
|
|
|
|
|
|
|
} else /* MD5 MAC handling */
|
|
|
|
#endif
|
|
|
|
{
|
|
|
|
EVP_MD_CTX * ctx;
|
|
|
|
|
|
|
|
if (!(ctx = EVP_MD_CTX_new())) {
|
|
|
|
msyslog(LOG_ERR, "make_mac: MAC %s Digest CTX new failed.",
|
|
|
|
macname);
|
|
|
|
goto mac_fail;
|
|
|
|
}
|
|
|
|
#ifdef OPENSSL /* OpenSSL 1 supports return codes 0 fail, 1 okay */
|
|
|
|
# ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
|
|
|
|
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
|
|
|
# endif
|
|
|
|
/* [Bug 3457] DON'T use plain EVP_DigestInit! It would
|
|
|
|
* kill the flags! */
|
|
|
|
if (!EVP_DigestInit_ex(ctx, EVP_get_digestbynid(key_type), NULL)) {
|
|
|
|
msyslog(LOG_ERR, "make_mac: MAC %s Digest Init failed.",
|
|
|
|
macname);
|
|
|
|
goto mac_fail;
|
|
|
|
}
|
|
|
|
if (!EVP_DigestUpdate(ctx, key_data, key_size)) {
|
|
|
|
msyslog(LOG_ERR, "make_mac: MAC %s Digest Update key failed.",
|
|
|
|
macname);
|
|
|
|
goto mac_fail;
|
|
|
|
}
|
|
|
|
if (!EVP_DigestUpdate(ctx, pkt_data, pkt_size)) {
|
|
|
|
msyslog(LOG_ERR, "make_mac: MAC %s Digest Update data failed.",
|
|
|
|
macname);
|
|
|
|
goto mac_fail;
|
|
|
|
}
|
|
|
|
if (!EVP_DigestFinal(ctx, digest, &len)) {
|
|
|
|
msyslog(LOG_ERR, "make_mac: MAC %s Digest Final failed.",
|
|
|
|
macname);
|
|
|
|
len = 0;
|
|
|
|
}
|
|
|
|
#else /* !OPENSSL */
|
|
|
|
EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
|
|
|
|
EVP_DigestUpdate(ctx, key_data, key_size);
|
|
|
|
EVP_DigestUpdate(ctx, pkt_data, pkt_size);
|
|
|
|
EVP_DigestFinal(ctx, digest, &len);
|
|
|
|
#endif
|
|
|
|
mac_fail:
|
|
|
|
EVP_MD_CTX_free(ctx);
|
|
|
|
}
|
|
|
|
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
2013-12-04 21:33:17 +00:00
|
|
|
int
|
|
|
|
make_mac(
|
2018-02-28 06:23:12 +00:00
|
|
|
const void * pkt_data,
|
|
|
|
int pkt_size,
|
|
|
|
int mac_size,
|
|
|
|
Key_T const * cmp_key,
|
|
|
|
void * digest
|
2013-12-04 21:33:17 +00:00
|
|
|
)
|
|
|
|
{
|
2018-02-28 06:23:12 +00:00
|
|
|
u_int len;
|
|
|
|
u_char dbuf[EVP_MAX_MD_SIZE];
|
2013-12-04 21:33:17 +00:00
|
|
|
|
2018-02-28 06:23:12 +00:00
|
|
|
if (cmp_key->key_len > 64 || mac_size <= 0)
|
2013-12-04 21:33:17 +00:00
|
|
|
return 0;
|
|
|
|
if (pkt_size % 4 != 0)
|
|
|
|
return 0;
|
|
|
|
|
2018-02-28 06:23:12 +00:00
|
|
|
len = compute_mac(dbuf, cmp_key->typen,
|
|
|
|
pkt_data, (u_int)pkt_size,
|
|
|
|
cmp_key->key_seq, (u_int)cmp_key->key_len);
|
|
|
|
|
|
|
|
|
|
|
|
if (len) {
|
|
|
|
if (len > (u_int)mac_size)
|
|
|
|
len = (u_int)mac_size;
|
|
|
|
memcpy(digest, dbuf, len);
|
|
|
|
}
|
2013-12-04 21:33:17 +00:00
|
|
|
return (int)len;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-02-28 06:23:12 +00:00
|
|
|
/* Generates a md5 digest of the key specified in keyid concatenated with the
|
2013-12-04 21:33:17 +00:00
|
|
|
* ntp packet (exluding the MAC) and compares this digest to the digest in
|
2018-02-28 06:23:12 +00:00
|
|
|
* the packet's MAC. If they're equal this function returns 1 (packet is
|
2013-12-04 21:33:17 +00:00
|
|
|
* authentic) or else 0 (not authentic).
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
auth_md5(
|
2018-02-28 06:23:12 +00:00
|
|
|
void const * pkt_data,
|
|
|
|
int pkt_size,
|
|
|
|
int mac_size,
|
|
|
|
Key_T const * cmp_key
|
2013-12-04 21:33:17 +00:00
|
|
|
)
|
|
|
|
{
|
2018-02-28 06:23:12 +00:00
|
|
|
u_int len = 0;
|
|
|
|
u_char const * pkt_ptr = pkt_data;
|
|
|
|
u_char dbuf[EVP_MAX_MD_SIZE];
|
|
|
|
|
|
|
|
if (mac_size <= 0 || (size_t)mac_size > sizeof(dbuf))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
len = compute_mac(dbuf, cmp_key->typen,
|
|
|
|
pkt_ptr, (u_int)pkt_size,
|
|
|
|
cmp_key->key_seq, (u_int)cmp_key->key_len);
|
|
|
|
|
|
|
|
pkt_ptr += pkt_size + 4;
|
|
|
|
if (len > (u_int)mac_size)
|
|
|
|
len = (u_int)mac_size;
|
|
|
|
|
|
|
|
/* isc_tsmemcmp will be better when its easy to link with. sntp
|
|
|
|
* is a 1-shot program, so snooping for timing attacks is
|
|
|
|
* Harder.
|
|
|
|
*/
|
|
|
|
return ((u_int)mac_size == len) && !memcmp(dbuf, pkt_ptr, len);
|
2013-12-04 21:33:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
hex_val(
|
|
|
|
unsigned char x
|
|
|
|
)
|
|
|
|
{
|
|
|
|
int val;
|
|
|
|
|
|
|
|
if ('0' <= x && x <= '9')
|
|
|
|
val = x - '0';
|
|
|
|
else if ('a' <= x && x <= 'f')
|
|
|
|
val = x - 'a' + 0xa;
|
|
|
|
else if ('A' <= x && x <= 'F')
|
|
|
|
val = x - 'A' + 0xA;
|
|
|
|
else
|
|
|
|
val = -1;
|
|
|
|
|
|
|
|
return val;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Load keys from the specified keyfile into the key structures.
|
2018-02-28 06:23:12 +00:00
|
|
|
* Returns -1 if the reading failed, otherwise it returns the
|
2013-12-04 21:33:17 +00:00
|
|
|
* number of keys it read
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
auth_init(
|
|
|
|
const char *keyfile,
|
|
|
|
struct key **keys
|
|
|
|
)
|
|
|
|
{
|
2018-02-28 06:23:12 +00:00
|
|
|
FILE *keyf = fopen(keyfile, "r");
|
2013-12-04 21:33:17 +00:00
|
|
|
struct key *prev = NULL;
|
2018-02-28 06:23:12 +00:00
|
|
|
int scan_cnt, line_cnt = 1;
|
2013-12-04 21:33:17 +00:00
|
|
|
char kbuf[200];
|
|
|
|
char keystring[129];
|
|
|
|
|
2018-02-28 06:23:12 +00:00
|
|
|
/* HMS: Is it OK to do this later, after we know we have a key file? */
|
|
|
|
INIT_SSL();
|
|
|
|
|
2013-12-04 21:33:17 +00:00
|
|
|
if (keyf == NULL) {
|
2014-12-20 22:52:39 +00:00
|
|
|
if (debug)
|
2013-12-04 21:33:17 +00:00
|
|
|
printf("sntp auth_init: Couldn't open key file %s for reading!\n", keyfile);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (feof(keyf)) {
|
2014-12-20 22:52:39 +00:00
|
|
|
if (debug)
|
2013-12-04 21:33:17 +00:00
|
|
|
printf("sntp auth_init: Key file %s is empty!\n", keyfile);
|
|
|
|
fclose(keyf);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
key_cnt = 0;
|
|
|
|
while (!feof(keyf)) {
|
|
|
|
char * octothorpe;
|
2014-12-20 22:52:39 +00:00
|
|
|
struct key *act;
|
2013-12-04 21:33:17 +00:00
|
|
|
int goodline = 0;
|
|
|
|
|
|
|
|
if (NULL == fgets(kbuf, sizeof(kbuf), keyf))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
kbuf[sizeof(kbuf) - 1] = '\0';
|
|
|
|
octothorpe = strchr(kbuf, '#');
|
|
|
|
if (octothorpe)
|
|
|
|
*octothorpe = '\0';
|
2014-12-20 22:52:39 +00:00
|
|
|
act = emalloc(sizeof(*act));
|
2018-02-28 06:23:12 +00:00
|
|
|
/* keep width 15 = sizeof struct key.typen - 1 synced */
|
|
|
|
scan_cnt = sscanf(kbuf, "%d %15s %128s",
|
|
|
|
&act->key_id, act->typen, keystring);
|
2013-12-04 21:33:17 +00:00
|
|
|
if (scan_cnt == 3) {
|
|
|
|
int len = strlen(keystring);
|
2018-02-28 06:23:12 +00:00
|
|
|
goodline = 1; /* assume best for now */
|
2013-12-04 21:33:17 +00:00
|
|
|
if (len <= 20) {
|
|
|
|
act->key_len = len;
|
|
|
|
memcpy(act->key_seq, keystring, len + 1);
|
|
|
|
} else if ((len & 1) != 0) {
|
|
|
|
goodline = 0; /* it's bad */
|
|
|
|
} else {
|
|
|
|
int j;
|
|
|
|
act->key_len = len >> 1;
|
|
|
|
for (j = 0; j < len; j+=2) {
|
|
|
|
int val;
|
|
|
|
val = (hex_val(keystring[j]) << 4) |
|
|
|
|
hex_val(keystring[j+1]);
|
|
|
|
if (val < 0) {
|
|
|
|
goodline = 0; /* it's bad */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
act->key_seq[j>>1] = (char)val;
|
|
|
|
}
|
|
|
|
}
|
2018-02-28 06:23:12 +00:00
|
|
|
act->typei = keytype_from_text(act->typen, NULL);
|
|
|
|
if (0 == act->typei) {
|
|
|
|
printf("%s: line %d: key %d, %s not supported - ignoring\n",
|
|
|
|
keyfile, line_cnt,
|
|
|
|
act->key_id, act->typen);
|
|
|
|
goodline = 0; /* it's bad */
|
|
|
|
}
|
2013-12-04 21:33:17 +00:00
|
|
|
}
|
|
|
|
if (goodline) {
|
|
|
|
act->next = NULL;
|
|
|
|
if (NULL == prev)
|
|
|
|
*keys = act;
|
|
|
|
else
|
|
|
|
prev->next = act;
|
|
|
|
prev = act;
|
|
|
|
key_cnt++;
|
|
|
|
} else {
|
2018-02-28 06:23:12 +00:00
|
|
|
if (debug) {
|
|
|
|
printf("auth_init: scanf %d items, skipping line %d.",
|
|
|
|
scan_cnt, line_cnt);
|
|
|
|
}
|
2013-12-04 21:33:17 +00:00
|
|
|
free(act);
|
|
|
|
}
|
|
|
|
line_cnt++;
|
|
|
|
}
|
|
|
|
fclose(keyf);
|
2018-02-28 06:23:12 +00:00
|
|
|
|
2013-12-04 21:33:17 +00:00
|
|
|
key_ptr = *keys;
|
|
|
|
return key_cnt;
|
|
|
|
}
|
|
|
|
|
2018-02-28 06:23:12 +00:00
|
|
|
/* Looks for the key with keyid key_id and sets the d_key pointer to the
|
2013-12-04 21:33:17 +00:00
|
|
|
* address of the key. If no matching key is found the pointer is not touched.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
get_key(
|
|
|
|
int key_id,
|
|
|
|
struct key **d_key
|
|
|
|
)
|
|
|
|
{
|
|
|
|
struct key *itr_key;
|
|
|
|
|
|
|
|
if (key_cnt == 0)
|
|
|
|
return;
|
|
|
|
for (itr_key = key_ptr; itr_key; itr_key = itr_key->next) {
|
|
|
|
if (itr_key->key_id == key_id) {
|
|
|
|
*d_key = itr_key;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|