![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to a_md5encrypt.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ntp / libntp|
Return to a_md5encrypt.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ntp / libntp |
1.1 misho 1: /*
2: * digest support for NTP, MD5 and with OpenSSL more
3: */
4: #ifdef HAVE_CONFIG_H
5: #include <config.h>
6: #endif
7:
8: #include "ntp_fp.h"
9: #include "ntp_string.h"
10: #include "ntp_stdlib.h"
11: #include "ntp.h"
12: #ifdef OPENSSL
13: # include "openssl/evp.h"
14: #else
15: # include "ntp_md5.h" /* provides clone of OpenSSL MD5 API */
16: #endif
17:
18: /*
19: * MD5authencrypt - generate message digest
20: *
21: * Returns length of MAC including key ID and digest.
22: */
23: int
24: MD5authencrypt(
25: int type, /* hash algorithm */
26: u_char *key, /* key pointer */
27: u_int32 *pkt, /* packet pointer */
28: int length /* packet length */
29: )
30: {
31: u_char digest[EVP_MAX_MD_SIZE];
32: u_int len;
33: EVP_MD_CTX ctx;
34:
35: /*
36: * Compute digest of key concatenated with packet. Note: the
37: * key type and digest type have been verified when the key
38: * was creaded.
39: */
40: INIT_SSL();
41: EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
42: EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen);
43: EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);
44: EVP_DigestFinal(&ctx, digest, &len);
45: memmove((u_char *)pkt + length + 4, digest, len);
46: return (len + 4);
47: }
48:
49:
50: /*
51: * MD5authdecrypt - verify MD5 message authenticator
52: *
53: * Returns one if digest valid, zero if invalid.
54: */
55: int
56: MD5authdecrypt(
57: int type, /* hash algorithm */
58: u_char *key, /* key pointer */
59: u_int32 *pkt, /* packet pointer */
60: int length, /* packet length */
61: int size /* MAC size */
62: )
63: {
64: u_char digest[EVP_MAX_MD_SIZE];
65: u_int len;
66: EVP_MD_CTX ctx;
67:
68: /*
69: * Compute digest of key concatenated with packet. Note: the
70: * key type and digest type have been verified when the key
71: * was created.
72: */
73: INIT_SSL();
74: EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
75: EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen);
76: EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);
77: EVP_DigestFinal(&ctx, digest, &len);
78: if ((u_int)size != len + 4) {
79: msyslog(LOG_ERR,
80: "MAC decrypt: MAC length error");
81: return (0);
82: }
83: return (!memcmp(digest, (char *)pkt + length + 4, len));
84: }
85:
86: /*
87: * Calculate the reference id from the address. If it is an IPv4
88: * address, use it as is. If it is an IPv6 address, do a md5 on
89: * it and use the bottom 4 bytes.
90: * The result is in network byte order.
91: */
92: u_int32
93: addr2refid(sockaddr_u *addr)
94: {
95: u_char digest[20];
96: u_int32 addr_refid;
97: EVP_MD_CTX ctx;
98: u_int len;
99:
100: if (IS_IPV4(addr))
101: return (NSRCADR(addr));
102:
103: INIT_SSL();
104: EVP_DigestInit(&ctx, EVP_get_digestbynid(NID_md5));
105: EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr),
106: sizeof(struct in6_addr));
107: EVP_DigestFinal(&ctx, digest, &len);
108: memcpy(&addr_refid, digest, 4);
109: return (addr_refid);
110: }