diff options
-rw-r--r-- | pjlib-util/include/pjlib-util/hmac_md5.h | 40 | ||||
-rw-r--r-- | pjlib-util/include/pjlib-util/hmac_sha1.h | 46 | ||||
-rw-r--r-- | pjlib-util/src/pjlib-util/hmac_md5.c | 63 | ||||
-rw-r--r-- | pjlib-util/src/pjlib-util/hmac_sha1.c | 58 | ||||
-rw-r--r-- | pjnath/src/pjnath/stun_auth.c | 14 | ||||
-rw-r--r-- | pjnath/src/pjnath/stun_msg.c | 16 |
6 files changed, 189 insertions, 48 deletions
diff --git a/pjlib-util/include/pjlib-util/hmac_md5.h b/pjlib-util/include/pjlib-util/hmac_md5.h index 5fefab51..f9bdca1a 100644 --- a/pjlib-util/include/pjlib-util/hmac_md5.h +++ b/pjlib-util/include/pjlib-util/hmac_md5.h @@ -29,6 +29,7 @@ */ #include <pj/types.h> +#include <pjlib-util/md5.h> PJ_BEGIN_DECL @@ -41,6 +42,15 @@ PJ_BEGIN_DECL * for Message Authentication, as described in RFC 2104 */ +/** + * The HMAC-MD5 context used in the incremental HMAC calculation. + */ +typedef struct pj_hmac_md5_context +{ + pj_md5_context context; /**< MD5 context */ + pj_uint8_t k_opad[64]; /**< opad xor-ed with key */ +} pj_hmac_md5_context; + /** * Calculate HMAC MD5 digest for the specified input and key. @@ -57,6 +67,36 @@ PJ_DECL(void) pj_hmac_md5(const pj_uint8_t *input, unsigned input_len, /** + * Initiate HMAC-MD5 context for incremental hashing. + * + * @param hctx HMAC-MD5 context. + * @param key Pointer to the authentication key. + * @param key_len Length of the authentication key. + */ +PJ_DECL(void) pj_hmac_md5_init(pj_hmac_md5_context *hctx, + const pj_uint8_t *key, unsigned key_len); + +/** + * Append string to the message. + * + * @param hctx HMAC-MD5 context. + * @param input Pointer to the input stream. + * @param input_len Length of input stream in bytes. + */ +PJ_DECL(void) pj_hmac_md5_update(pj_hmac_md5_context *hctx, + const pj_uint8_t *input, + unsigned input_len); + +/** + * Finish the message and return the digest. + * + * @param hctx HMAC-MD5 context. + * @param digest Buffer to be filled with HMAC MD5 digest. + */ +PJ_DECL(void) pj_hmac_md5_final(pj_hmac_md5_context *hctx, + pj_uint8_t digest[16]); + +/** * @} */ diff --git a/pjlib-util/include/pjlib-util/hmac_sha1.h b/pjlib-util/include/pjlib-util/hmac_sha1.h index 6fe4b6ad..70984c53 100644 --- a/pjlib-util/include/pjlib-util/hmac_sha1.h +++ b/pjlib-util/include/pjlib-util/hmac_sha1.h @@ -25,6 +25,7 @@ */ #include <pj/types.h> +#include <pjlib-util/sha1.h> PJ_BEGIN_DECL @@ -34,12 +35,22 @@ PJ_BEGIN_DECL * @{ * * This module contains the implementation of HMAC: Keyed-Hashing - * for Message Authentication, as described in RFC 2104 + * for Message Authentication, as described in RFC 2104. */ +/** + * The HMAC-SHA1 context used in the incremental HMAC calculation. + */ +typedef struct pj_hmac_sha1_context +{ + pj_sha1_context context; /**< SHA1 context */ + pj_uint8_t k_opad[64]; /**< opad xor-ed with key */ +} pj_hmac_sha1_context; + /** - * Calculate HMAC SHA1 digest for the specified input and key. + * Calculate HMAC-SHA1 digest for the specified input and key with this + * single function call. * * @param input Pointer to the input stream. * @param input_len Length of input stream in bytes. @@ -53,6 +64,37 @@ PJ_DECL(void) pj_hmac_sha1(const pj_uint8_t *input, unsigned input_len, /** + * Initiate HMAC-SHA1 context for incremental hashing. + * + * @param hctx HMAC-SHA1 context. + * @param key Pointer to the authentication key. + * @param key_len Length of the authentication key. + */ +PJ_DECL(void) pj_hmac_sha1_init(pj_hmac_sha1_context *hctx, + const pj_uint8_t *key, unsigned key_len); + +/** + * Append string to the message. + * + * @param hctx HMAC-SHA1 context. + * @param input Pointer to the input stream. + * @param input_len Length of input stream in bytes. + */ +PJ_DECL(void) pj_hmac_sha1_update(pj_hmac_sha1_context *hctx, + const pj_uint8_t *input, + unsigned input_len); + +/** + * Finish the message and return the digest. + * + * @param hctx HMAC-SHA1 context. + * @param digest Buffer to be filled with HMAC SHA1 digest. + */ +PJ_DECL(void) pj_hmac_sha1_final(pj_hmac_sha1_context *hctx, + pj_uint8_t digest[20]); + + +/** * @} */ diff --git a/pjlib-util/src/pjlib-util/hmac_md5.c b/pjlib-util/src/pjlib-util/hmac_md5.c index d9c4e466..5ce36c2c 100644 --- a/pjlib-util/src/pjlib-util/hmac_md5.c +++ b/pjlib-util/src/pjlib-util/hmac_md5.c @@ -16,20 +16,14 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include <pjlib-util/md5.h> +#include <pjlib-util/hmac_md5.h> #include <pj/string.h> -/* This code is taken from RFC 2104 */ - - -PJ_DEF(void) pj_hmac_md5( const pj_uint8_t *input, unsigned input_len, - const pj_uint8_t *key, unsigned key_len, - pj_uint8_t digest[16] ) +PJ_DEF(void) pj_hmac_md5_init(pj_hmac_md5_context *hctx, + const pj_uint8_t *key, unsigned key_len) { - pj_md5_context context; - pj_uint8_t k_ipad[65]; - pj_uint8_t k_opad[65]; + pj_uint8_t k_ipad[64]; pj_uint8_t tk[16]; int i; @@ -45,31 +39,58 @@ PJ_DEF(void) pj_hmac_md5( const pj_uint8_t *input, unsigned input_len, key_len = 16; } + /* + * HMAC = H(K XOR opad, H(K XOR ipad, text)) + */ + /* start out by storing key in pads */ pj_bzero( k_ipad, sizeof(k_ipad)); - pj_bzero( k_opad, sizeof(k_opad)); + pj_bzero( hctx->k_opad, sizeof(hctx->k_opad)); pj_memcpy( k_ipad, key, key_len); - pj_memcpy( k_opad, key, key_len); + pj_memcpy( hctx->k_opad, key, key_len); /* XOR key with ipad and opad values */ for (i=0; i<64; i++) { k_ipad[i] ^= 0x36; - k_opad[i] ^= 0x5c; + hctx->k_opad[i] ^= 0x5c; } /* * perform inner MD5 */ - pj_md5_init(&context); - pj_md5_update(&context, k_ipad, 64); - pj_md5_update(&context, input, input_len); - pj_md5_final(&context, digest); + pj_md5_init(&hctx->context); + pj_md5_update(&hctx->context, k_ipad, 64); + +} + +PJ_DEF(void) pj_hmac_md5_update(pj_hmac_md5_context *hctx, + const pj_uint8_t *input, + unsigned input_len) +{ + pj_md5_update(&hctx->context, input, input_len); +} + +PJ_DEF(void) pj_hmac_md5_final(pj_hmac_md5_context *hctx, + pj_uint8_t digest[16]) +{ + pj_md5_final(&hctx->context, digest); /* * perform outer MD5 */ - pj_md5_init(&context); - pj_md5_update(&context, k_opad, 64); - pj_md5_update(&context, digest, 16); - pj_md5_final(&context, digest); + pj_md5_init(&hctx->context); + pj_md5_update(&hctx->context, hctx->k_opad, 64); + pj_md5_update(&hctx->context, digest, 16); + pj_md5_final(&hctx->context, digest); +} + +PJ_DEF(void) pj_hmac_md5( const pj_uint8_t *input, unsigned input_len, + const pj_uint8_t *key, unsigned key_len, + pj_uint8_t digest[16] ) +{ + pj_hmac_md5_context ctx; + + pj_hmac_md5_init(&ctx, key, key_len); + pj_hmac_md5_update(&ctx, input, input_len); + pj_hmac_md5_final(&ctx, digest); } diff --git a/pjlib-util/src/pjlib-util/hmac_sha1.c b/pjlib-util/src/pjlib-util/hmac_sha1.c index 127434b7..b921febc 100644 --- a/pjlib-util/src/pjlib-util/hmac_sha1.c +++ b/pjlib-util/src/pjlib-util/hmac_sha1.c @@ -17,19 +17,15 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include <pjlib-util/hmac_sha1.h> -#include <pjlib-util/sha1.h> #include <pj/string.h> -PJ_DEF(void) pj_hmac_sha1(const pj_uint8_t *input, unsigned input_len, - const pj_uint8_t *key, unsigned key_len, - pj_uint8_t digest[20] ) +PJ_DEF(void) pj_hmac_sha1_init(pj_hmac_sha1_context *hctx, + const pj_uint8_t *key, unsigned key_len) { - pj_sha1_context context; - pj_uint8_t k_ipad[65]; - pj_uint8_t k_opad[65]; + pj_uint8_t k_ipad[64]; pj_uint8_t tk[20]; - int i; + unsigned i; /* if key is longer than 64 bytes reset it to key=SHA1(key) */ if (key_len > 64) { @@ -43,32 +39,56 @@ PJ_DEF(void) pj_hmac_sha1(const pj_uint8_t *input, unsigned input_len, key_len = 20; } + /* + * HMAC = H(K XOR opad, H(K XOR ipad, text)) + */ + /* start out by storing key in pads */ pj_bzero( k_ipad, sizeof(k_ipad)); - pj_bzero( k_opad, sizeof(k_opad)); + pj_bzero( hctx->k_opad, sizeof(hctx->k_opad)); pj_memcpy( k_ipad, key, key_len); - pj_memcpy( k_opad, key, key_len); + pj_memcpy( hctx->k_opad, key, key_len); /* XOR key with ipad and opad values */ for (i=0; i<64; i++) { k_ipad[i] ^= 0x36; - k_opad[i] ^= 0x5c; + hctx->k_opad[i] ^= 0x5c; } /* * perform inner SHA1 */ - pj_sha1_init(&context); - pj_sha1_update(&context, k_ipad, 64); - pj_sha1_update(&context, input, input_len); - pj_sha1_final(&context, digest); + pj_sha1_init(&hctx->context); + pj_sha1_update(&hctx->context, k_ipad, 64); +} + +PJ_DEF(void) pj_hmac_sha1_update(pj_hmac_sha1_context *hctx, + const pj_uint8_t *input, unsigned input_len) +{ + pj_sha1_update(&hctx->context, input, input_len); +} + +PJ_DEF(void) pj_hmac_sha1_final(pj_hmac_sha1_context *hctx, + pj_uint8_t digest[20]) +{ + pj_sha1_final(&hctx->context, digest); /* * perform outer SHA1 */ - pj_sha1_init(&context); - pj_sha1_update(&context, k_opad, 64); - pj_sha1_update(&context, digest, 20); - pj_sha1_final(&context, digest); + pj_sha1_init(&hctx->context); + pj_sha1_update(&hctx->context, hctx->k_opad, 64); + pj_sha1_update(&hctx->context, digest, 20); + pj_sha1_final(&hctx->context, digest); } +PJ_DEF(void) pj_hmac_sha1(const pj_uint8_t *input, unsigned input_len, + const pj_uint8_t *key, unsigned key_len, + pj_uint8_t digest[20] ) +{ + pj_hmac_sha1_context ctx; + + pj_hmac_sha1_init(&ctx, key, key_len); + pj_hmac_sha1_update(&ctx, input, input_len); + pj_hmac_sha1_final(&ctx, digest); +} diff --git a/pjnath/src/pjnath/stun_auth.c b/pjnath/src/pjnath/stun_auth.c index 3f5a77a5..d49b4fa2 100644 --- a/pjnath/src/pjnath/stun_auth.c +++ b/pjnath/src/pjnath/stun_auth.c @@ -119,6 +119,7 @@ PJ_DEF(pj_status_t) pj_stun_verify_credential( const pj_uint8_t *pkt, pj_bool_t username_ok; const pj_stun_realm_attr *arealm; const pj_stun_realm_attr *anonce; + pj_hmac_sha1_context ctx; pj_uint8_t digest[PJ_SHA1_DIGEST_SIZE]; pj_uint8_t md5_digest[16]; pj_str_t key; @@ -327,8 +328,17 @@ PJ_DEF(pj_status_t) pj_stun_verify_credential( const pj_uint8_t *pkt, key = password; } - /* Now calculate HMAC of the message */ - pj_hmac_sha1(pkt, amsgi_pos, (pj_uint8_t*)key.ptr, key.slen, digest); + /* Now calculate HMAC of the message, adding zero padding if necessary + * to make the input 64 bytes aligned. + */ + pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key.ptr, key.slen); + pj_hmac_sha1_update(&ctx, pkt, amsgi_pos); + if (amsgi_pos & 0x3F) { + pj_uint8_t zeroes[64]; + pj_bzero(zeroes, sizeof(zeroes)); + pj_hmac_sha1_update(&ctx, zeroes, 64-(amsgi_pos & 0x3F)); + } + pj_hmac_sha1_final(&ctx, digest); /* Compare HMACs */ if (pj_memcmp(amsgi->hmac, digest, 20)) { diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c index e0092f26..357a74b5 100644 --- a/pjnath/src/pjnath/stun_msg.c +++ b/pjnath/src/pjnath/stun_msg.c @@ -2139,6 +2139,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg, if (amsgint != NULL) { pj_uint8_t md5_key_buf[16]; + pj_hmac_sha1_context ctx; pj_str_t key; /* MESSAGE-INTEGRITY must be the last attribute in the message, or @@ -2181,10 +2182,17 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg, key.slen = 16; } - /* Calculate HMAC-SHA1 digest */ - pj_hmac_sha1((pj_uint8_t*)start, buf-start, - (pj_uint8_t*)key.ptr, key.slen, - amsgint->hmac); + /* Calculate HMAC-SHA1 digest, add zero padding to input + * if necessary to make the input 64 bytes aligned. + */ + pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key.ptr, key.slen); + pj_hmac_sha1_update(&ctx, (pj_uint8_t*)start, buf-start); + if ((buf-start) & 0x3F) { + pj_uint8_t zeroes[64]; + pj_bzero(zeroes, sizeof(zeroes)); + pj_hmac_sha1_update(&ctx, zeroes, 64-((buf-start) & 0x3F)); + } + pj_hmac_sha1_final(&ctx, amsgint->hmac); /* Put this attribute in the message */ status = encode_msgint_attr(amsgint, buf, buf_size, |