oneechanhax/phunix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
phunix/external/bsd/tcpdump/dist/signature.c
David van Moolenbroek b636d99d91 Import NetBSD tcpdump(8) 
For now, printing of Sun RPC requests is disabled because we do not
yet have the RPC header files.  This should affect basically noone,
as we do not have any RPC-based programs yet, for the same reason.

Change-Id: Ie7818faaaacdc104d8b2c37a68866b4ce18247d6
2017-03-21 22:00:21 +00:00

164 lines
4.2 KiB
C
Raw Permalink Blame History

/*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code
* distributions retain the above copyright notice and this paragraph
* in its entirety, and (2) distributions including binary code include
* the above copyright notice and this paragraph in its entirety in
* the documentation or other materials provided with the distribution.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND
* WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
* LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE.
*
* Functions for signature and digest verification.
*
* Original code by Hannes Gredler (hannes@juniper.net)
*/
#include <sys/cdefs.h>
#ifndef lint
__RCSID("$NetBSD: signature.c,v 1.5 2014/11/20 03:05:03 christos Exp $");
#endif
#define NETDISSECT_REWORKED
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <tcpdump-stdinc.h>
#include <string.h>
#include "interface.h"
#include "signature.h"
#ifdef HAVE_LIBCRYPTO
#include <openssl/md5.h>
#endif
const struct tok signature_check_values[] = {
{ SIGNATURE_VALID, "valid"},
{ SIGNATURE_INVALID, "invalid"},
{ CANT_CHECK_SIGNATURE, "unchecked"},
{ 0, NULL }
};
#ifdef HAVE_LIBCRYPTO
/*
* Compute a HMAC MD5 sum.
* Taken from rfc2104, Appendix.
*/
USES_APPLE_DEPRECATED_API
static void
signature_compute_hmac_md5(const uint8_t *text, int text_len, unsigned char *key,
unsigned int key_len, uint8_t *digest)
{
MD5_CTX context;
unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
unsigned char k_opad[65]; /* outer padding - key XORd with opad */
unsigned char tk[16];
int i;
/* if key is longer than 64 bytes reset it to key=MD5(key) */
if (key_len > 64) {
MD5_CTX tctx;
MD5_Init(&tctx);
MD5_Update(&tctx, key, key_len);
MD5_Final(tk, &tctx);
key = tk;
key_len = 16;
}
/*
* the HMAC_MD5 transform looks like:
*
* MD5(K XOR opad, MD5(K XOR ipad, text))
*
* where K is an n byte key
* ipad is the byte 0x36 repeated 64 times
* opad is the byte 0x5c repeated 64 times
* and text is the data being protected
*/
/* start out by storing key in pads */
memset(k_ipad, 0, sizeof k_ipad);
memset(k_opad, 0, sizeof k_opad);
memcpy(k_ipad, key, key_len);
memcpy(k_opad, key, key_len);
/* XOR key with ipad and opad values */
for (i=0; i<64; i++) {
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
/*
* perform inner MD5
*/
MD5_Init(&context); /* init context for 1st pass */
MD5_Update(&context, k_ipad, 64); /* start with inner pad */
MD5_Update(&context, text, text_len); /* then text of datagram */
MD5_Final(digest, &context); /* finish up 1st pass */
/*
* perform outer MD5
*/
MD5_Init(&context); /* init context for 2nd pass */
MD5_Update(&context, k_opad, 64); /* start with outer pad */
MD5_Update(&context, digest, 16); /* then results of 1st hash */
MD5_Final(digest, &context); /* finish up 2nd pass */
}
USES_APPLE_RST
#endif
#ifdef HAVE_LIBCRYPTO
/*
* Verify a cryptographic signature of the packet.
* Currently only MD5 is supported.
*/
int
signature_verify(netdissect_options *ndo,
const u_char *pptr, u_int plen, u_char *sig_ptr)
{
uint8_t rcvsig[16];
uint8_t sig[16];
unsigned int i;
/*
* Save the signature before clearing it.
*/
memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
memset(sig_ptr, 0, sizeof(rcvsig));
if (!ndo->ndo_sigsecret) {
return (CANT_CHECK_SIGNATURE);
}
signature_compute_hmac_md5(pptr, plen, (unsigned char *)ndo->ndo_sigsecret,
strlen(ndo->ndo_sigsecret), sig);
if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
return (SIGNATURE_VALID);
} else {
for (i = 0; i < sizeof(sig); ++i) {
ND_PRINT((ndo, "%02x", sig[i]));
}
return (SIGNATURE_INVALID);
}
}
#endif
/*
* Local Variables:
* c-style: whitesmith
* c-basic-offset: 4
* End:
*/
Reference in New Issue View Git Blame Copy Permalink