diff options
author | Benny Prijono <bennylp@teluu.com> | 2007-10-05 15:53:56 +0000 |
---|---|---|
committer | Benny Prijono <bennylp@teluu.com> | 2007-10-05 15:53:56 +0000 |
commit | bbf99023bb3c06518bb36779c32ab5a438dba68e (patch) | |
tree | 1039f454516774b5f0ccc0b40913d159afeed4aa /pjnath | |
parent | fccccf59ca44aa301c44e6c1a2a79acc4237fdf8 (diff) |
Ticket #392: Added configuration to enable old, rfc3489bis-06 and older, style of MESSAGE-INTEGRITY and FINGERPRINT calculation
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@1479 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjnath')
-rw-r--r-- | pjnath/include/pjnath/config.h | 12 | ||||
-rw-r--r-- | pjnath/src/pjnath/stun_auth.c | 34 | ||||
-rw-r--r-- | pjnath/src/pjnath/stun_msg.c | 35 | ||||
-rw-r--r-- | pjnath/src/pjnath/stun_session.c | 2 |
4 files changed, 66 insertions, 17 deletions
diff --git a/pjnath/include/pjnath/config.h b/pjnath/include/pjnath/config.h index 9ae03d22..bc381d78 100644 --- a/pjnath/include/pjnath/config.h +++ b/pjnath/include/pjnath/config.h @@ -111,7 +111,7 @@ * Maximum size of STUN message. */ #ifndef PJ_STUN_MAX_PKT_LEN -# define PJ_STUN_MAX_PKT_LEN 512 +# define PJ_STUN_MAX_PKT_LEN 800 #endif @@ -131,6 +131,16 @@ #endif +/** + * Enable pre-RFC3489bis-07 style of STUN MESSAGE-INTEGRITY and FINGERPRINT + * calculation. By default this should be disabled since the calculation is + * not backward compatible with current STUN specification. + */ +#ifndef PJ_STUN_OLD_STYLE_MI_FINGERPRINT +# define PJ_STUN_OLD_STYLE_MI_FINGERPRINT 0 +#endif + + /* ************************************************************************** * ICE CONFIGURATION */ diff --git a/pjnath/src/pjnath/stun_auth.c b/pjnath/src/pjnath/stun_auth.c index bc1ef421..b809c072 100644 --- a/pjnath/src/pjnath/stun_auth.c +++ b/pjnath/src/pjnath/stun_auth.c @@ -342,6 +342,10 @@ PJ_DEF(pj_status_t) pj_stun_authenticate_request(const pj_uint8_t *pkt, /* Now calculate HMAC of the message. */ pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key.ptr, key.slen); +#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT + /* Pre rfc3489bis-06 style of calculation */ + pj_hmac_sha1_update(&ctx, pkt, 20); +#else /* First calculate HMAC for the header. * The calculation is different depending on whether FINGERPRINT attribute * is present in the message. @@ -354,15 +358,18 @@ PJ_DEF(pj_status_t) pj_stun_authenticate_request(const pj_uint8_t *pkt, } else { pj_hmac_sha1_update(&ctx, pkt, 20); } +#endif /* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */ /* Now update with the message body */ pj_hmac_sha1_update(&ctx, pkt+20, amsgi_pos); +#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT // This is no longer necessary as per rfc3489bis-08 - //if (amsgi_pos & 0x3F) { - // pj_uint8_t zeroes[64]; - // pj_bzero(zeroes, sizeof(zeroes)); - // pj_hmac_sha1_update(&ctx, zeroes, 64-(amsgi_pos & 0x3F)); - //} + if ((amsgi_pos+20) & 0x3F) { + pj_uint8_t zeroes[64]; + pj_bzero(zeroes, sizeof(zeroes)); + pj_hmac_sha1_update(&ctx, zeroes, 64-((amsgi_pos+20) & 0x3F)); + } +#endif pj_hmac_sha1_final(&ctx, digest); @@ -474,6 +481,10 @@ PJ_DEF(pj_status_t) pj_stun_authenticate_response(const pj_uint8_t *pkt, /* Now calculate HMAC of the message. */ pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key->ptr, key->slen); +#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT + /* Pre rfc3489bis-06 style of calculation */ + pj_hmac_sha1_update(&ctx, pkt, 20); +#else /* First calculate HMAC for the header. * The calculation is different depending on whether FINGERPRINT attribute * is present in the message. @@ -486,15 +497,18 @@ PJ_DEF(pj_status_t) pj_stun_authenticate_response(const pj_uint8_t *pkt, } else { pj_hmac_sha1_update(&ctx, pkt, 20); } +#endif /* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */ /* Now update with the message body */ pj_hmac_sha1_update(&ctx, pkt+20, amsgi_pos); +#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT // This is no longer necessary as per rfc3489bis-08 - //if (amsgi_pos & 0x3F) { - // pj_uint8_t zeroes[64]; - // pj_bzero(zeroes, sizeof(zeroes)); - // pj_hmac_sha1_update(&ctx, zeroes, 64-(amsgi_pos & 0x3F)); - //} + if ((amsgi_pos+20) & 0x3F) { + pj_uint8_t zeroes[64]; + pj_bzero(zeroes, sizeof(zeroes)); + pj_hmac_sha1_update(&ctx, zeroes, 64-((amsgi_pos+20) & 0x3F)); + } +#endif pj_hmac_sha1_final(&ctx, digest); /* Compare HMACs */ diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c index 83983924..125b3bda 100644 --- a/pjnath/src/pjnath/stun_msg.c +++ b/pjnath/src/pjnath/stun_msg.c @@ -2145,6 +2145,25 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg, } } +#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT + /* + * This is the old style MESSAGE-INTEGRITY and FINGERPRINT + * calculation, used in rfc3489bis-06 and older. + */ + /* We MUST update the message length in the header NOW before + * calculating MESSAGE-INTEGRITY and FINGERPRINT. + * Note that length is not including the 20 bytes header. + */ + if (amsgint && afingerprint) { + body_len = (pj_uint16_t)((buf - start) - 20 + 24 + 8); + } else if (amsgint) { + body_len = (pj_uint16_t)((buf - start) - 20 + 24); + } else if (afingerprint) { + body_len = (pj_uint16_t)((buf - start) - 20 + 8); + } else { + body_len = (pj_uint16_t)((buf - start) - 20); + } +#else /* If MESSAGE-INTEGRITY is present, include the M-I attribute * in message length before calculating M-I */ @@ -2153,6 +2172,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg, } else { body_len = (pj_uint16_t)((buf - start) - 20); } +#endif /* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */ /* hdr->length = pj_htons(length); */ PUTVAL16H(start, 2, (pj_uint16_t)body_len); @@ -2187,12 +2207,14 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg, */ pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key->ptr, key->slen); pj_hmac_sha1_update(&ctx, (pj_uint8_t*)start, buf-start); +#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT // These are obsoleted in rfc3489bis-08 - //if ((buf-start) & 0x3F) { - // pj_uint8_t zeroes[64]; - // pj_bzero(zeroes, sizeof(zeroes)); - // pj_hmac_sha1_update(&ctx, zeroes, 64-((buf-start) & 0x3F)); - //} + if ((buf-start) & 0x3F) { + pj_uint8_t zeroes[64]; + pj_bzero(zeroes, sizeof(zeroes)); + pj_hmac_sha1_update(&ctx, zeroes, 64-((buf-start) & 0x3F)); + } +#endif /* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */ pj_hmac_sha1_final(&ctx, amsgint->hmac); /* Put this attribute in the message */ @@ -2207,9 +2229,12 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg, /* Calculate FINGERPRINT if present */ if (afingerprint != NULL) { + +#if !PJ_STUN_OLD_STYLE_MI_FINGERPRINT /* Update message length */ PUTVAL16H(start, 2, (pj_uint16_t)(GETVAL16H(start, 2)+8)); +#endif afingerprint->value = pj_crc32_calc(start, buf-start); afingerprint->value ^= STUN_XOR_FINGERPRINT; diff --git a/pjnath/src/pjnath/stun_session.c b/pjnath/src/pjnath/stun_session.c index 1c62a33c..929f114d 100644 --- a/pjnath/src/pjnath/stun_session.c +++ b/pjnath/src/pjnath/stun_session.c @@ -560,7 +560,7 @@ static void dump_tx_msg(pj_stun_session *sess, const pj_stun_msg *msg, const char *dst_name; int dst_port; const pj_sockaddr *dst = (const pj_sockaddr*)addr; - char buf[512]; + char buf[800]; if (dst->addr.sa_family == pj_AF_INET()) { dst_name = pj_inet_ntoa(dst->ipv4.sin_addr); |