kernel: Replace the remaining __amd64__ with __x86_64__ for consistency.
[dragonfly.git] / contrib / tcpdump / signature.c
blobc55645fe2bdf9687239f499cc59420b4fcadf347
1 /*
2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that: (1) source code
4 * distributions retain the above copyright notice and this paragraph
5 * in its entirety, and (2) distributions including binary code include
6 * the above copyright notice and this paragraph in its entirety in
7 * the documentation or other materials provided with the distribution.
8 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
9 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
10 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE.
13 * Functions for signature and digest verification.
15 * Original code by Hannes Gredler (hannes@juniper.net)
18 #ifndef lint
19 static const char rcsid[] _U_ =
20 "@(#) $Header: /tcpdump/master/tcpdump/signature.c,v 1.2 2008-09-22 20:22:10 guy Exp $ (LBL)";
21 #endif
23 #ifdef HAVE_CONFIG_H
24 #include "config.h"
25 #endif
27 #include <tcpdump-stdinc.h>
29 #include <string.h>
31 #include "interface.h"
32 #include "signature.h"
34 #ifdef HAVE_LIBCRYPTO
35 #include <openssl/md5.h>
36 #endif
38 const struct tok signature_check_values[] = {
39 { SIGNATURE_VALID, "valid"},
40 { SIGNATURE_INVALID, "invalid"},
41 { CANT_CHECK_SIGNATURE, "unchecked"},
42 { 0, NULL }
46 #ifdef HAVE_LIBCRYPTO
48 * Compute a HMAC MD5 sum.
49 * Taken from rfc2104, Appendix.
51 static void
52 signature_compute_hmac_md5(const u_int8_t *text, int text_len, unsigned char *key,
53 unsigned int key_len, u_int8_t *digest)
55 MD5_CTX context;
56 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
57 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
58 unsigned char tk[16];
59 int i;
61 /* if key is longer than 64 bytes reset it to key=MD5(key) */
62 if (key_len > 64) {
64 MD5_CTX tctx;
66 MD5_Init(&tctx);
67 MD5_Update(&tctx, key, key_len);
68 MD5_Final(tk, &tctx);
70 key = tk;
71 key_len = 16;
75 * the HMAC_MD5 transform looks like:
77 * MD5(K XOR opad, MD5(K XOR ipad, text))
79 * where K is an n byte key
80 * ipad is the byte 0x36 repeated 64 times
81 * opad is the byte 0x5c repeated 64 times
82 * and text is the data being protected
85 /* start out by storing key in pads */
86 memset(k_ipad, 0, sizeof k_ipad);
87 memset(k_opad, 0, sizeof k_opad);
88 memcpy(k_ipad, key, key_len);
89 memcpy(k_opad, key, key_len);
91 /* XOR key with ipad and opad values */
92 for (i=0; i<64; i++) {
93 k_ipad[i] ^= 0x36;
94 k_opad[i] ^= 0x5c;
98 * perform inner MD5
100 MD5_Init(&context); /* init context for 1st pass */
101 MD5_Update(&context, k_ipad, 64); /* start with inner pad */
102 MD5_Update(&context, text, text_len); /* then text of datagram */
103 MD5_Final(digest, &context); /* finish up 1st pass */
106 * perform outer MD5
108 MD5_Init(&context); /* init context for 2nd pass */
109 MD5_Update(&context, k_opad, 64); /* start with outer pad */
110 MD5_Update(&context, digest, 16); /* then results of 1st hash */
111 MD5_Final(digest, &context); /* finish up 2nd pass */
113 #endif
115 #ifdef HAVE_LIBCRYPTO
117 * Verify a cryptographic signature of the packet.
118 * Currently only MD5 is supported.
121 signature_verify (const u_char *pptr, u_int plen, u_char *sig_ptr)
123 u_int8_t rcvsig[16];
124 u_int8_t sig[16];
125 unsigned int i;
128 * Save the signature before clearing it.
130 memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
131 memset(sig_ptr, 0, sizeof(rcvsig));
133 if (!sigsecret) {
134 return (CANT_CHECK_SIGNATURE);
137 signature_compute_hmac_md5(pptr, plen, (unsigned char *)sigsecret,
138 strlen(sigsecret), sig);
140 if (memcmp(rcvsig, sig, sizeof(sig)) == 0) {
141 return (SIGNATURE_VALID);
143 } else {
145 for (i = 0; i < sizeof(sig); ++i) {
146 (void)printf("%02x", sig[i]);
149 return (SIGNATURE_INVALID);
152 #endif
155 * Local Variables:
156 * c-style: whitesmith
157 * c-basic-offset: 4
158 * End: