diff options
Diffstat (limited to 'doc/mmrfc5424addhmac.html')
| -rw-r--r-- | doc/mmrfc5424addhmac.html | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/doc/mmrfc5424addhmac.html b/doc/mmrfc5424addhmac.html index 16065a1f..9b68da80 100644 --- a/doc/mmrfc5424addhmac.html +++ b/doc/mmrfc5424addhmac.html @@ -67,9 +67,35 @@ part is always zero-filled and replacementChar is of no use. If it is specified, an error message is emitted and the parameter ignored. </ul> +<p><b>Verification method</b> +<p>rsyslog does not contain any tools to verify a log file (this was not +part of the custom project). So you need to write your own verifier. +<p>When writing the verifier, keep in mind that the log file contains messages +with the hash SD-ID included. For obvious reasons, this SD-ID was not present when +the hash was created. So before the actual verification is done, this SD-ID must be +removed, and the remaining (original) message be verified. Also, it is important to +note that the output template must write the exact same message format that was +received. Otherwise, a verification failure will obviously occur - and must +so, because the message content actually was altered. +<p>So in a more formal description, verification of a message m can be done as follows: +<ol> +<li>let m' be m with the configured SD-ID removed (everything between []). Otherwise, +m' must be an exact duplicate of m. +<li>call openssl's HMAC function as follows:<br> +<code>HMAC(hashfunction, key, len(key), m', len(m'), hash, &hashlen);</code></br> +Where hashfunction and key are the configured values and hash is an output +buffer for the hash. +<li>let h be the extracted hash value obtained from m within the relevant SD-ID. Be sure to convert the hex string back to the actual byte values. +<li>now compare hash and h under consideration of the sizes. If these values match +the verification succeeds, otherwise the message was modified. +</ol> +<p>If you neeed help implementing a verifier function or want to sponsor development +of a verification tool, please simply email +<a href="sales@adiscon.com">sales@adiscon.com</a> for a quote. + <p><b>Caveats/Known Bugs:</b> <ul> -<li><b>only IPv4</b> is supported +<li>none </ul> <p><b>Samples:</b></p> |