2 * HMS: we need to test:
3 * - OpenSSL versions, if we are building with them
6 * We may need to test with(out) OPENSSL separately.
12 #include "isc/string.h"
15 /* HMS: We may not have OpenSSL, but we have our own AES-128-CMAC */
16 #define CMAC "AES128CMAC"
18 # include "openssl/cmac.h"
19 # define AES_128_KEY_SIZE 16
22 #ifndef EVP_MAX_MD_SIZE
23 # define EVP_MAX_MD_SIZE 32
29 typedef struct key Key_T;
33 u_char digest[EVP_MAX_MD_SIZE],
35 void const * pkt_data,
37 void const * key_data,
46 key_type = keytype_from_text(macname, NULL);
49 /* Check if CMAC key type specific code required */
50 if (key_type == NID_cmac) {
51 CMAC_CTX * ctx = NULL;
52 u_char keybuf[AES_128_KEY_SIZE];
54 /* adjust key size (zero padded buffer) if necessary */
55 if (AES_128_KEY_SIZE > key_size) {
56 memcpy(keybuf, key_data, key_size);
57 memset((keybuf + key_size), 0,
58 (AES_128_KEY_SIZE - key_size));
62 if (!(ctx = CMAC_CTX_new())) {
63 msyslog(LOG_ERR, "make_mac: CMAC %s CTX new failed.", CMAC);
65 else if (!CMAC_Init(ctx, key_data, AES_128_KEY_SIZE,
66 EVP_aes_128_cbc(), NULL)) {
67 msyslog(LOG_ERR, "make_mac: CMAC %s Init failed.", CMAC);
69 else if (!CMAC_Update(ctx, pkt_data, (size_t)pkt_size)) {
70 msyslog(LOG_ERR, "make_mac: CMAC %s Update failed.", CMAC);
72 else if (!CMAC_Final(ctx, digest, &slen)) {
73 msyslog(LOG_ERR, "make_mac: CMAC %s Final failed.", CMAC);
78 CMAC_CTX_cleanup(ctx);
79 /* Test our AES-128-CMAC implementation */
81 } else /* MD5 MAC handling */
86 if (!(ctx = EVP_MD_CTX_new())) {
87 msyslog(LOG_ERR, "make_mac: MAC %s Digest CTX new failed.",
91 #ifdef OPENSSL /* OpenSSL 1 supports return codes 0 fail, 1 okay */
92 # ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
93 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
95 /* [Bug 3457] DON'T use plain EVP_DigestInit! It would
97 if (!EVP_DigestInit_ex(ctx, EVP_get_digestbynid(key_type), NULL)) {
98 msyslog(LOG_ERR, "make_mac: MAC %s Digest Init failed.",
102 if (!EVP_DigestUpdate(ctx, key_data, key_size)) {
103 msyslog(LOG_ERR, "make_mac: MAC %s Digest Update key failed.",
107 if (!EVP_DigestUpdate(ctx, pkt_data, pkt_size)) {
108 msyslog(LOG_ERR, "make_mac: MAC %s Digest Update data failed.",
112 if (!EVP_DigestFinal(ctx, digest, &len)) {
113 msyslog(LOG_ERR, "make_mac: MAC %s Digest Final failed.",
118 EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
119 EVP_DigestUpdate(ctx, key_data, key_size);
120 EVP_DigestUpdate(ctx, pkt_data, pkt_size);
121 EVP_DigestFinal(ctx, digest, &len);
124 EVP_MD_CTX_free(ctx);
132 const void * pkt_data,
135 Key_T const * cmp_key,
140 u_char dbuf[EVP_MAX_MD_SIZE];
142 if (cmp_key->key_len > 64 || mac_size <= 0)
144 if (pkt_size % 4 != 0)
147 len = compute_mac(dbuf, cmp_key->typen,
148 pkt_data, (u_int)pkt_size,
149 cmp_key->key_seq, (u_int)cmp_key->key_len);
153 if (len > (u_int)mac_size)
154 len = (u_int)mac_size;
155 memcpy(digest, dbuf, len);
161 /* Generates a md5 digest of the key specified in keyid concatenated with the
162 * ntp packet (exluding the MAC) and compares this digest to the digest in
163 * the packet's MAC. If they're equal this function returns 1 (packet is
164 * authentic) or else 0 (not authentic).
168 void const * pkt_data,
171 Key_T const * cmp_key
175 u_char const * pkt_ptr = pkt_data;
176 u_char dbuf[EVP_MAX_MD_SIZE];
178 if (mac_size <= 0 || (size_t)mac_size > sizeof(dbuf))
181 len = compute_mac(dbuf, cmp_key->typen,
182 pkt_ptr, (u_int)pkt_size,
183 cmp_key->key_seq, (u_int)cmp_key->key_len);
185 pkt_ptr += pkt_size + 4;
186 if (len > (u_int)mac_size)
187 len = (u_int)mac_size;
189 /* isc_tsmemcmp will be better when its easy to link with. sntp
190 * is a 1-shot program, so snooping for timing attacks is
193 return ((u_int)mac_size == len) && !memcmp(dbuf, pkt_ptr, len);
203 if ('0' <= x && x <= '9')
205 else if ('a' <= x && x <= 'f')
207 else if ('A' <= x && x <= 'F')
215 /* Load keys from the specified keyfile into the key structures.
216 * Returns -1 if the reading failed, otherwise it returns the
217 * number of keys it read
225 FILE *keyf = fopen(keyfile, "r");
226 struct key *prev = NULL;
227 int scan_cnt, line_cnt = 1;
231 /* HMS: Is it OK to do this later, after we know we have a key file? */
236 printf("sntp auth_init: Couldn't open key file %s for reading!\n", keyfile);
241 printf("sntp auth_init: Key file %s is empty!\n", keyfile);
246 while (!feof(keyf)) {
251 if (NULL == fgets(kbuf, sizeof(kbuf), keyf))
254 kbuf[sizeof(kbuf) - 1] = '\0';
255 octothorpe = strchr(kbuf, '#');
258 act = emalloc(sizeof(*act));
259 /* keep width 15 = sizeof struct key.typen - 1 synced */
260 scan_cnt = sscanf(kbuf, "%d %15s %128s",
261 &act->key_id, act->typen, keystring);
263 int len = strlen(keystring);
264 goodline = 1; /* assume best for now */
267 memcpy(act->key_seq, keystring, len + 1);
268 } else if ((len & 1) != 0) {
269 goodline = 0; /* it's bad */
272 act->key_len = len >> 1;
273 for (j = 0; j < len; j+=2) {
275 val = (hex_val(keystring[j]) << 4) |
276 hex_val(keystring[j+1]);
278 goodline = 0; /* it's bad */
281 act->key_seq[j>>1] = (char)val;
284 act->typei = keytype_from_text(act->typen, NULL);
285 if (0 == act->typei) {
286 printf("%s: line %d: key %d, %s not supported - ignoring\n",
288 act->key_id, act->typen);
289 goodline = 0; /* it's bad */
302 printf("auth_init: scanf %d items, skipping line %d.",
315 /* Looks for the key with keyid key_id and sets the d_key pointer to the
316 * address of the key. If no matching key is found the pointer is not touched.
328 for (itr_key = key_ptr; itr_key; itr_key = itr_key->next) {
329 if (itr_key->key_id == key_id) {