Ticket #392: Added configuration to enable old, rfc3489bis-06 and older, style of MESSAGE-INTEGRITY and FINGERPRINT calculation

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@1479 74dad513-b988-da41-8d7b-12977e46ad98
author: Benny Prijono <bennylp@teluu.com> 2007-10-05 15:53:56 +0000
committer: Benny Prijono <bennylp@teluu.com> 2007-10-05 15:53:56 +0000
commit: bbf99023bb3c06518bb36779c32ab5a438dba68e (patch)
tree: 1039f454516774b5f0ccc0b40913d159afeed4aa /pjnath
parent: fccccf59ca44aa301c44e6c1a2a79acc4237fdf8 (diff)
4 files changed, 66 insertions, 17 deletions
diff --git a/pjnath/include/pjnath/config.h b/pjnath/include/pjnath/config.h
index 9ae03d22..bc381d78 100644
--- a/pjnath/include/pjnath/config.h
+++ b/pjnath/include/pjnath/config.h
@@ -111,7 +111,7 @@
  * Maximum size of STUN message.
  */
 #ifndef PJ_STUN_MAX_PKT_LEN
-#   define PJ_STUN_MAX_PKT_LEN			    512
+#   define PJ_STUN_MAX_PKT_LEN			    800
 #endif
 
 
@@ -131,6 +131,16 @@
 #endif
 
 
+/**
+ * Enable pre-RFC3489bis-07 style of STUN MESSAGE-INTEGRITY and FINGERPRINT
+ * calculation. By default this should be disabled since the calculation is
+ * not backward compatible with current STUN specification.
+ */
+#ifndef PJ_STUN_OLD_STYLE_MI_FINGERPRINT
+#   define PJ_STUN_OLD_STYLE_MI_FINGERPRINT	    0
+#endif
+
+
 /* **************************************************************************
  * ICE CONFIGURATION
  */
diff --git a/pjnath/src/pjnath/stun_auth.c b/pjnath/src/pjnath/stun_auth.c
index bc1ef421..b809c072 100644
--- a/pjnath/src/pjnath/stun_auth.c
+++ b/pjnath/src/pjnath/stun_auth.c
@@ -342,6 +342,10 @@ PJ_DEF(pj_status_t) pj_stun_authenticate_request(const pj_uint8_t *pkt,
     /* Now calculate HMAC of the message. */
     pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key.ptr, key.slen);
 
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
+    /* Pre rfc3489bis-06 style of calculation */
+    pj_hmac_sha1_update(&ctx, pkt, 20);
+#else
     /* First calculate HMAC for the header.
      * The calculation is different depending on whether FINGERPRINT attribute
      * is present in the message.
@@ -354,15 +358,18 @@ PJ_DEF(pj_status_t) pj_stun_authenticate_request(const pj_uint8_t *pkt,
     } else {
 	pj_hmac_sha1_update(&ctx, pkt, 20);
     }
+#endif	/* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */
 
     /* Now update with the message body */
     pj_hmac_sha1_update(&ctx, pkt+20, amsgi_pos);
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
     // This is no longer necessary as per rfc3489bis-08
-    //if (amsgi_pos & 0x3F) {
-    //	pj_uint8_t zeroes[64];
-    //	pj_bzero(zeroes, sizeof(zeroes));
-    //	pj_hmac_sha1_update(&ctx, zeroes, 64-(amsgi_pos & 0x3F));
-    //}
+    if ((amsgi_pos+20) & 0x3F) {
+    	pj_uint8_t zeroes[64];
+    	pj_bzero(zeroes, sizeof(zeroes));
+    	pj_hmac_sha1_update(&ctx, zeroes, 64-((amsgi_pos+20) & 0x3F));
+    }
+#endif
     pj_hmac_sha1_final(&ctx, digest);
 
 
@@ -474,6 +481,10 @@ PJ_DEF(pj_status_t) pj_stun_authenticate_response(const pj_uint8_t *pkt,
     /* Now calculate HMAC of the message. */
     pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key->ptr, key->slen);
 
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
+    /* Pre rfc3489bis-06 style of calculation */
+    pj_hmac_sha1_update(&ctx, pkt, 20);
+#else
     /* First calculate HMAC for the header.
      * The calculation is different depending on whether FINGERPRINT attribute
      * is present in the message.
@@ -486,15 +497,18 @@ PJ_DEF(pj_status_t) pj_stun_authenticate_response(const pj_uint8_t *pkt,
     } else {
 	pj_hmac_sha1_update(&ctx, pkt, 20);
     }
+#endif	/* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */
 
     /* Now update with the message body */
     pj_hmac_sha1_update(&ctx, pkt+20, amsgi_pos);
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
     // This is no longer necessary as per rfc3489bis-08
-    //if (amsgi_pos & 0x3F) {
-    //	pj_uint8_t zeroes[64];
-    //	pj_bzero(zeroes, sizeof(zeroes));
-    //	pj_hmac_sha1_update(&ctx, zeroes, 64-(amsgi_pos & 0x3F));
-    //}
+    if ((amsgi_pos+20) & 0x3F) {
+    	pj_uint8_t zeroes[64];
+    	pj_bzero(zeroes, sizeof(zeroes));
+    	pj_hmac_sha1_update(&ctx, zeroes, 64-((amsgi_pos+20) & 0x3F));
+    }
+#endif
     pj_hmac_sha1_final(&ctx, digest);
 
     /* Compare HMACs */
diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c
index 83983924..125b3bda 100644
--- a/pjnath/src/pjnath/stun_msg.c
+++ b/pjnath/src/pjnath/stun_msg.c
@@ -2145,6 +2145,25 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg,
 	}
     }
 
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
+    /*
+     * This is the old style MESSAGE-INTEGRITY and FINGERPRINT
+     * calculation, used in rfc3489bis-06 and older.
+     */
+    /* We MUST update the message length in the header NOW before
+     * calculating MESSAGE-INTEGRITY and FINGERPRINT. 
+     * Note that length is not including the 20 bytes header.
+      */
+    if (amsgint && afingerprint) {
+	body_len = (pj_uint16_t)((buf - start) - 20 + 24 + 8);
+    } else if (amsgint) {
+	body_len = (pj_uint16_t)((buf - start) - 20 + 24);
+    } else if (afingerprint) {
+	body_len = (pj_uint16_t)((buf - start) - 20 + 8);
+    } else {
+	body_len = (pj_uint16_t)((buf - start) - 20);
+    }
+#else
     /* If MESSAGE-INTEGRITY is present, include the M-I attribute
      * in message length before calculating M-I
      */
@@ -2153,6 +2172,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg,
     } else {
 	body_len = (pj_uint16_t)((buf - start) - 20);
     }
+#endif	/* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */
 
     /* hdr->length = pj_htons(length); */
     PUTVAL16H(start, 2, (pj_uint16_t)body_len);
@@ -2187,12 +2207,14 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg,
 	 */
 	pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key->ptr, key->slen);
 	pj_hmac_sha1_update(&ctx, (pj_uint8_t*)start, buf-start);
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
 	// These are obsoleted in rfc3489bis-08
-	//if ((buf-start) & 0x3F) {
-	//    pj_uint8_t zeroes[64];
-	//    pj_bzero(zeroes, sizeof(zeroes));
-	//    pj_hmac_sha1_update(&ctx, zeroes, 64-((buf-start) & 0x3F));
-	//}
+	if ((buf-start) & 0x3F) {
+	    pj_uint8_t zeroes[64];
+	    pj_bzero(zeroes, sizeof(zeroes));
+	    pj_hmac_sha1_update(&ctx, zeroes, 64-((buf-start) & 0x3F));
+	}
+#endif	/* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */
 	pj_hmac_sha1_final(&ctx, amsgint->hmac);
 
 	/* Put this attribute in the message */
@@ -2207,9 +2229,12 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg,
 
     /* Calculate FINGERPRINT if present */
     if (afingerprint != NULL) {
+
+#if !PJ_STUN_OLD_STYLE_MI_FINGERPRINT
 	/* Update message length */
 	PUTVAL16H(start, 2, 
 		 (pj_uint16_t)(GETVAL16H(start, 2)+8));
+#endif
 
 	afingerprint->value = pj_crc32_calc(start, buf-start);
 	afingerprint->value ^= STUN_XOR_FINGERPRINT;
diff --git a/pjnath/src/pjnath/stun_session.c b/pjnath/src/pjnath/stun_session.c
index 1c62a33c..929f114d 100644
--- a/pjnath/src/pjnath/stun_session.c
+++ b/pjnath/src/pjnath/stun_session.c
@@ -560,7 +560,7 @@ static void dump_tx_msg(pj_stun_session *sess, const pj_stun_msg *msg,
     const char *dst_name;
     int dst_port;
     const pj_sockaddr *dst = (const pj_sockaddr*)addr;
-    char buf[512];
+    char buf[800];
     
     if (dst->addr.sa_family == pj_AF_INET()) {
 	dst_name = pj_inet_ntoa(dst->ipv4.sin_addr);
author	Benny Prijono <bennylp@teluu.com>	2007-10-05 15:53:56 +0000
committer	Benny Prijono <bennylp@teluu.com>	2007-10-05 15:53:56 +0000
commit	bbf99023bb3c06518bb36779c32ab5a438dba68e (patch)
tree	1039f454516774b5f0ccc0b40913d159afeed4aa /pjnath
parent	fccccf59ca44aa301c44e6c1a2a79acc4237fdf8 (diff)