/// @brief verifies TSIG of received response
///
/// Make sure that message_buff is trimmed down to not include TSIG
/// record, as it must be passed in message_tsig.
///
/// @param check_tsig TSIG RR from the original message
/// @param message_tsig TSIR RR from the response message that we are validating
/// @param key the key used for signing
/// @param message received message (without TSIG record)
void verify_signature (DnsRR *check_tsig, DnsRR *message_tsig,
stl_string key, message_buff message) {
if (!message_tsig)
throw PException (true, "Unsigned answer to a signed message (key %s)", check_tsig->NAME.tocstr ());
unsigned char *errorptr = rr_getdata (check_tsig->RDATA, DNS_TYPE_TSIG, 5);
domainname alg_name = rr_getdomain (check_tsig->RDATA, DNS_TYPE_TSIG),
rr_alg_name = rr_getdomain (message_tsig->RDATA, DNS_TYPE_TSIG);
if (rr_alg_name != alg_name || check_tsig->NAME != message_tsig->NAME) {
memcpy (errorptr, uint16_buff (RCODE_BADKEY), 2);
throw PException (true, "Key name/algorithm does not match: question signed with %s, answer "
"signed with %s", check_tsig->NAME.tocstr(), message_tsig->NAME.tocstr());
}
unsigned char *rr_macpos = rr_getdata (message_tsig->RDATA, DNS_TYPE_TSIG, 3),
*macpos = rr_getdata (check_tsig->RDATA, DNS_TYPE_TSIG, 3);
uint16_t rr_maclen = uint16_value (rr_macpos),
maclen = uint16_value (macpos);
if ((message.msg[3] & 15) == RCODE_NOTAUTH) {
/* error! */
uint16_t err = rr_getshort (message_tsig->RDATA, DNS_TYPE_TSIG, 5);
if (err == RCODE_BADSIG)
throw PException (true, "Question signed with %s had bad signature", check_tsig->NAME.tocstr());
else if (err == RCODE_BADKEY)
throw PException (true, "Question was signed with bad key (%s)", check_tsig->NAME.tocstr());
else if (err == RCODE_BADTIME)
throw PException (true, "Question sign time invalid (query time %d, answer time %d)",
uint48_value (rr_getdata (check_tsig->RDATA, DNS_TYPE_TSIG, 1)),
uint48_value (rr_getdata (message_tsig->RDATA, DNS_TYPE_TSIG, 1)));
else throw PException (true, "Unknown sign error: %d", err);
}
time_t clienttime = time (NULL);
u_int48 servertime = uint48_value (rr_getdata (check_tsig->RDATA, DNS_TYPE_TSIG, 1));
uint16_t fudge = rr_getshort (check_tsig->RDATA, DNS_TYPE_TSIG, 2);
if ( (clienttime > servertime && clienttime - servertime > fudge) ||
(servertime > clienttime && servertime - clienttime > fudge) ) {
throw PException (true, "Answer sign time invalid (answer time %d, real time %d)",
uint48_value (rr_getdata (message_tsig->RDATA, DNS_TYPE_TSIG, 1)),
clienttime);
// TODO: set TSIG error of check_tsig for servers
}
if (rr_maclen != MD5_DIGEST_SIZE) {
memcpy (errorptr, uint16_buff (RCODE_BADSIG), 2);
throw PException (true, "Incorrect MAC size: %d", rr_maclen);
}
/* calculate MAC */
message_buff ext; /* TODO: document: if this is from a message, it actually
means that the message was unsigned, but we should still
include the two length */
if (maclen)
ext = message_buff (macpos, maclen + 2);
stl_string mac = calc_mac (*message_tsig, message, key, &ext);
if (memcmp (mac.c_str(), rr_macpos + 2, MD5_DIGEST_SIZE) != 0) {
memcpy (errorptr, uint16_buff (RCODE_BADSIG), 2);
throw PException (true, "Message signed with key %s has bad signature",
message_tsig->NAME.tocstr ());
}
}
int
main(int argc, char **argv)
{
uint8_t *mkey = NULL; /** Master key. */
uint8_t *snum = NULL; /** Serial number */
char *key_path = NULL;
estream_state_t *key_stream ; /** The input stream. */
epkt_state_t *epkt; /* The packet handler attached to the framer. */
int opt;
int res;
uint8_t data[128];
uint8_t nonce[12];
uint8_t *mac;
EKeySkein rekeying_state;
uint8_t session_key[32];
int retries;
char *keyring_filename;
bool nokeyring = false;
keyring_filename = strdup(KEYRINGFILE);
while ((opt = getopt(argc, argv, "vhnf:s:m:")) != -1) {
switch (opt) {
case 's': /* set serial number */
snum = malloc(12);
res = pem64_decode_bytes(optarg, 16, snum);
if (res != 12) {
fprintf(stderr, "The serial number given is not the correct length. (%d/12)\n", res);
return EXIT_CODE_CMDLINE;
}
break;
case 'm': /* set master key */
mkey = extract_master_key(optarg, strlen(optarg));
if (mkey == NULL)
return EXIT_CODE_CMDLINE;
break;
case 'f': /* set keyring filename */
free(keyring_filename);
keyring_filename = strdup(optarg);
break;
case 'n': /* do not update the keyring */
nokeyring = true;
break;
case 'v': /* print version number */
printf("%s: Version 1.1\n", argv[0]);
return 0;
case 'h':
default:
fprintf(stderr, usage, argv[0]);
return EXIT_CODE_CMDLINE;
}
}
if (optind >= argc) {
if (snum == NULL) {
fprintf(stderr, "A device path must be given.\n");
fprintf(stderr, usage, argv[0]);
return EXIT_CODE_CMDLINE;
} else {
key_path = calloc(1, 17 + strlen(DEVEKEY));
memcpy(key_path, DEVEKEY, 1 + strlen(DEVEKEY));
pem64_encode_bytes(snum, 12, key_path + 16);
}
} else {
key_path = strdup(argv[optind]);
}
/* load keyring */
if (nokeyring == false) {
if (get_keyring(keyring_filename) < 0) {
free(key_path);
return EXIT_CODE_LOADKEYRING;
}
}
/* ensure master key */
if (mkey == NULL) {
char s[55];
int sidx;
int sodx;
int slen;
if (isatty(STDIN) == 0) {
fprintf(stderr, "A master key must be given.\n");
free(key_path);
return EXIT_CODE_MASTERKEY;
}
printf("Please enter a master key: ");
if (fgets(s, sizeof(s), stdin) == NULL) {
perror("fgets");
}
/* we must allow for the user entering spaces in the input */
slen = strlen(s);
sidx = sodx = 0;
while ((sidx < slen) && (s[sidx] != 0)) {
s[sodx] = s[sidx];
if (s[sidx] != ' ') {
sodx++;
}
sidx++;
}
s[sodx] = 0;
mkey = extract_master_key(s, sodx);
if (mkey == NULL) {
free(key_path);
return EXIT_CODE_MASTERKEY;
}
}
/* open entropy key device */
key_stream = estream_open(key_path);
if (key_stream == NULL) {
perror("Error");
fprintf(stderr, "Unable to open %s as the entropy key device.\n", key_path);
free(key_path);
return EXIT_CODE_EKEYERR;
}
free(key_path);
epkt = epkt_open(eframe_open(key_stream));
/* reset key */
estream_write(key_stream, reset, 1);
epkt_setsessionkey(epkt, NULL, default_session_key);
/* wait for serial packet */
retries = 20;
do {
res = epkt_read(epkt, data, 128);
if (res <= 0) {
if (errno == EWOULDBLOCK)
continue;
perror("Unexpected error");
return 2;
} else if (epkt->pkt_type == PKTTYPE_SNUM) {
break;
}
/* reset key */
estream_write(key_stream, reset, 1);
epkt_setsessionkey(epkt, NULL, default_session_key);
retries--;
} while (retries > 0);
if (retries == 0) {
fprintf(stderr, "Timeout obtaining serial number from key.\n");
return 3;
}
if (res != 12) {
fprintf(stderr, "Bad serial number from key.\n");
return 4;
}
if (snum == NULL) {
/* no serial number */
snum = malloc(res);
memcpy(snum, data, res);
} else {
/* ensure serial number matches */
if (memcmp(snum, data, 12) != 0) {
fprintf(stderr, "Serial number did not match the one specified.\n");
return 4;
}
}
/* Initialise the MAC checksum using the serial number and the default
* shared key
*/
epkt_setsessionkey(epkt, snum, default_session_key);
/* Prepare a nonce */
if (fill_nonce(nonce, 12) != true) {
fprintf(stderr, "Unable to generate nonce.\n");
return 1;
}
close_nonce();
/* send nonce MAC */
mac = calc_mac(snum, mkey, nonce, 12);
data[0] = 'M';
pem64_encode_bytes(mac, 6, (char *)data + 1);
estream_write(key_stream, data, 9);
/* wait for MAC ack packet */
retries = 20;
do {
res = epkt_read(epkt, data, 128);
if (res <= 0) {
if (errno == EWOULDBLOCK)
continue;
perror("Unexpected error");
return 2;
}
if (epkt->pkt_type == PKTTYPE_LTREKEYMAC)
break;
retries--;
} while (retries > 0);
if (retries == 0) {
fprintf(stderr, "Timeout obtaining MAC acknowledgement packet.\n");
return 3;
}
data[0] = 'L';
data[17] = '.';
pem64_encode_bytes(nonce, 12, (char *)data + 1);
estream_write(key_stream, data, 18);
/* wait for rekey ack packet */
do {
res = epkt_read(epkt, data, 128);
if (res <= 0) {
if (errno == EWOULDBLOCK)
continue;
if (errno == EPROTO) {
fprintf(stderr, "Provided master key does not match the device's.\n");
return 2;
}
perror("Unexpected error");
return 2;
}
} while (epkt->pkt_type != PKTTYPE_LTREKEY);
/* calculate new longterm key */
PrepareSkein(&rekeying_state, snum, &(mkey[0]), EKEY_SKEIN_PERSONALISATION_LRS);
Skein_256_Update(&rekeying_state, &(data[0]), 32);
Skein_256_Update(&rekeying_state, nonce, 12);
Skein_256_Final(&rekeying_state, session_key);
if (nokeyring == false) {
add_ltkey(snum, session_key);
if (put_keyring(keyring_filename) < 0)
return EXIT_CODE_WRITEKEYRING;
} else {
/* just display new key */
output_key(stdout, snum, session_key);
}
return 0;
}
int main()
{
int i,j,k;
clock_t start,stop;
double tot_time;
int times_for_one_mac=100000000;
int index_of_macs=0;
srand(time(NULL));
for (i=0;i<number_of_different_macs;i++)
memset(stuff_for_mac[i],0,4096);
memset(mac_output,0,50);
init_crypto_stuctures(0,0);
for (i=0;i<number_of_different_macs;i++)
{
for (j=0;j<4096;j++)
{
stuff_for_mac[i][j]=rand()%256; //get a random bytestream to mac
}
}
if (set_as_given_that_everything_maced_will_be_fixed_and_multiple_of_16==0)
{
for (i=1;i<800;i++) //for mac sizes 1...800
{
start=clock();
for (j=0;j<times_for_one_mac;j++) //calulate the mac several thousand times (10 mil default)
{
//printf("i=%d,j=%d\n",i,j);
#if squeeze_keys_when_macing==0
calc_mac(stuff_for_mac[index_of_macs],i,i>32?i-32:i,mac_output);
#else
calc_mac(stuff_for_mac[index_of_macs],i,i>16?i-16:i,mac_output);
#endif
index_of_macs=(index_of_macs+1)%number_of_different_macs;
}
stop=clock();
tot_time=((double) (stop - start)) / CLOCKS_PER_SEC;
printf("Mac size:%d, loops:%d, time:%lf\n",i,times_for_one_mac,tot_time);
}
}
else //if we are sure that the only possible macs would have a length of a muptiple of 16
{
for (k=(mac_algorithm==5?3:1);k<15;k++) //from 16 to 15*16 (=240)
{
i=k*16;
start=clock();
for (j=0;j<times_for_one_mac;j++) //calc the mac
{
//printf("i=%d,j=%d\n",i,j);
#if squeeze_keys_when_macing==0 || mac_algorithm==5
calc_mac(stuff_for_mac[index_of_macs],i,i>32?i-32:i,mac_output);
#else
calc_mac(stuff_for_mac[index_of_macs],i,i>16?i-16:i,mac_output);
#endif
index_of_macs=(index_of_macs+1)%number_of_different_macs;
}
stop=clock();
tot_time=((double) (stop - start)) / CLOCKS_PER_SEC;
printf("Mac size:%d, loops:%d, time:%lf\n",i,times_for_one_mac,tot_time);
}
}
clear_crypto_structures();
return 0;
}
