From db2f23d4f6cdb293fd34c8528b96ed43eafa0e16 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 16 Oct 2013 10:14:36 +0200
Subject: doc: describe mmrfc5424addhmac log verification method

---
 doc/mmrfc5424addhmac.html | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/doc/mmrfc5424addhmac.html b/doc/mmrfc5424addhmac.html
index 16065a1f..9b68da80 100644
--- a/doc/mmrfc5424addhmac.html
+++ b/doc/mmrfc5424addhmac.html
@@ -67,9 +67,35 @@ part is always zero-filled and replacementChar is of no use. If it is
 specified, an error message is emitted and the parameter ignored.
 </ul>
 
+<p><b>Verification method</b>
+<p>rsyslog does not contain any tools to verify a log file (this was not
+part of the custom project). So you need to write your own verifier.
+<p>When writing the verifier, keep in mind that the log file contains messages
+with the hash SD-ID included. For obvious reasons, this SD-ID was not present when
+the hash was created. So before the actual verification is done, this SD-ID must be
+removed, and the remaining (original) message be verified. Also, it is important to
+note that the output template must write the exact same message format that was
+received. Otherwise, a verification failure will obviously occur - and must
+so, because the message content actually was altered.
+<p>So in a more formal description, verification of a message m can be done as follows:
+<ol>
+<li>let m' be m with the configured SD-ID removed (everything between []). Otherwise,
+m' must be an exact duplicate of m.
+<li>call openssl's HMAC function as follows:<br>
+<code>HMAC(hashfunction, key, len(key), m', len(m'), hash, &amp;hashlen);</code></br>
+Where hashfunction and key are the configured values and hash is an output
+buffer for the hash.
+<li>let h be the extracted hash value obtained from m within the relevant SD-ID. Be sure to convert the hex string back to the actual byte values.
+<li>now compare hash and h under consideration of the sizes. If these values match
+the verification succeeds, otherwise the message was modified.
+</ol>
+<p>If you neeed help implementing a verifier function or want to sponsor development
+of a verification tool, please simply email
+<a href="sales@adiscon.com">sales@adiscon.com</a> for a quote.
+
 <p><b>Caveats/Known Bugs:</b>
 <ul>
-<li><b>only IPv4</b> is supported
+<li>none
 </ul>
 
 <p><b>Samples:</b></p>
-- 
cgit v1.2.3