2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that: (1) source code
4 * distributions retain the above copyright notice and this paragraph
5 * in its entirety, and (2) distributions including binary code include
6 * the above copyright notice and this paragraph in its entirety in
7 * the documentation or other materials provided with the distribution.
8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE.
13 * Functions for signature and digest verification.
15 * Original code by Hannes Gredler (hannes@juniper.net)
18 #define NETDISSECT_REWORKED
23 #include <tcpdump-stdinc.h>
27 #include "interface.h"
28 #include "signature.h"
31 #include <openssl/md5.h>
34 const struct tok signature_check_values[] = {
35 { SIGNATURE_VALID, "valid"},
36 { SIGNATURE_INVALID, "invalid"},
37 { CANT_CHECK_SIGNATURE, "unchecked"},
44 * Compute a HMAC MD5 sum.
45 * Taken from rfc2104, Appendix.
47 USES_APPLE_DEPRECATED_API
49 signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key,
50 unsigned int key_len, uint8_t *digest)
53 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
54 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
58 /* if key is longer than 64 bytes reset it to key=MD5(key) */
64 MD5_Update(&tctx, key, key_len);
72 * the HMAC_MD5 transform looks like:
74 * MD5(K XOR opad, MD5(K XOR ipad, text))
76 * where K is an n byte key
77 * ipad is the byte 0x36 repeated 64 times
78 * opad is the byte 0x5c repeated 64 times
79 * and text is the data being protected
82 /* start out by storing key in pads */
83 memset(k_ipad, 0, sizeof k_ipad);
84 memset(k_opad, 0, sizeof k_opad);
85 memcpy(k_ipad, key, key_len);
86 memcpy(k_opad, key, key_len);
88 /* XOR key with ipad and opad values */
89 for (i=0; i<64; i++) {
97 MD5_Init(&context); /* init context for 1st pass */
98 MD5_Update(&context, k_ipad, 64); /* start with inner pad */
99 MD5_Update(&context, text, text_len); /* then text of datagram */
100 MD5_Final(digest, &context); /* finish up 1st pass */
105 MD5_Init(&context); /* init context for 2nd pass */
106 MD5_Update(&context, k_opad, 64); /* start with outer pad */
107 MD5_Update(&context, digest, 16); /* then results of 1st hash */
108 MD5_Final(digest, &context); /* finish up 2nd pass */
113 #ifdef HAVE_LIBCRYPTO
115 * Verify a cryptographic signature of the packet.
116 * Currently only MD5 is supported.
119 signature_verify(netdissect_options *ndo,
120 const u_char *pptr, u_int plen, u_char *sig_ptr)
127 * Save the signature before clearing it.
129 memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
130 memset(sig_ptr, 0, sizeof(rcvsig));
132 if (!ndo->ndo_sigsecret) {
133 return (CANT_CHECK_SIGNATURE);
136 signature_compute_hmac_md5(pptr, plen, (unsigned char *)ndo->ndo_sigsecret,
137 strlen(ndo->ndo_sigsecret), sig);
139 if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
140 return (SIGNATURE_VALID);
144 for (i = 0; i < sizeof(sig); ++i) {
145 ND_PRINT((ndo, "%02x", sig[i]));
148 return (SIGNATURE_INVALID);
155 * c-style: whitesmith