Fixed missing padding when calculating MESSAGE-INTEGRITY in STUN
git-svn-id: https://svn.pjsip.org/repos/pjproject/trunk@1265 74dad513-b988-da41-8d7b-12977e46ad98
This commit is contained in:
parent
427af7d94a
commit
a266868de3
|
@ -29,6 +29,7 @@
|
|||
*/
|
||||
|
||||
#include <pj/types.h>
|
||||
#include <pjlib-util/md5.h>
|
||||
|
||||
PJ_BEGIN_DECL
|
||||
|
||||
|
@ -41,6 +42,15 @@ PJ_BEGIN_DECL
|
|||
* for Message Authentication, as described in RFC 2104
|
||||
*/
|
||||
|
||||
/**
|
||||
* The HMAC-MD5 context used in the incremental HMAC calculation.
|
||||
*/
|
||||
typedef struct pj_hmac_md5_context
|
||||
{
|
||||
pj_md5_context context; /**< MD5 context */
|
||||
pj_uint8_t k_opad[64]; /**< opad xor-ed with key */
|
||||
} pj_hmac_md5_context;
|
||||
|
||||
|
||||
/**
|
||||
* Calculate HMAC MD5 digest for the specified input and key.
|
||||
|
@ -56,6 +66,36 @@ PJ_DECL(void) pj_hmac_md5(const pj_uint8_t *input, unsigned input_len,
|
|||
pj_uint8_t digest[16]);
|
||||
|
||||
|
||||
/**
|
||||
* Initiate HMAC-MD5 context for incremental hashing.
|
||||
*
|
||||
* @param hctx HMAC-MD5 context.
|
||||
* @param key Pointer to the authentication key.
|
||||
* @param key_len Length of the authentication key.
|
||||
*/
|
||||
PJ_DECL(void) pj_hmac_md5_init(pj_hmac_md5_context *hctx,
|
||||
const pj_uint8_t *key, unsigned key_len);
|
||||
|
||||
/**
|
||||
* Append string to the message.
|
||||
*
|
||||
* @param hctx HMAC-MD5 context.
|
||||
* @param input Pointer to the input stream.
|
||||
* @param input_len Length of input stream in bytes.
|
||||
*/
|
||||
PJ_DECL(void) pj_hmac_md5_update(pj_hmac_md5_context *hctx,
|
||||
const pj_uint8_t *input,
|
||||
unsigned input_len);
|
||||
|
||||
/**
|
||||
* Finish the message and return the digest.
|
||||
*
|
||||
* @param hctx HMAC-MD5 context.
|
||||
* @param digest Buffer to be filled with HMAC MD5 digest.
|
||||
*/
|
||||
PJ_DECL(void) pj_hmac_md5_final(pj_hmac_md5_context *hctx,
|
||||
pj_uint8_t digest[16]);
|
||||
|
||||
/**
|
||||
* @}
|
||||
*/
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
*/
|
||||
|
||||
#include <pj/types.h>
|
||||
#include <pjlib-util/sha1.h>
|
||||
|
||||
PJ_BEGIN_DECL
|
||||
|
||||
|
@ -34,12 +35,22 @@ PJ_BEGIN_DECL
|
|||
* @{
|
||||
*
|
||||
* This module contains the implementation of HMAC: Keyed-Hashing
|
||||
* for Message Authentication, as described in RFC 2104
|
||||
* for Message Authentication, as described in RFC 2104.
|
||||
*/
|
||||
|
||||
/**
|
||||
* The HMAC-SHA1 context used in the incremental HMAC calculation.
|
||||
*/
|
||||
typedef struct pj_hmac_sha1_context
|
||||
{
|
||||
pj_sha1_context context; /**< SHA1 context */
|
||||
pj_uint8_t k_opad[64]; /**< opad xor-ed with key */
|
||||
} pj_hmac_sha1_context;
|
||||
|
||||
|
||||
/**
|
||||
* Calculate HMAC SHA1 digest for the specified input and key.
|
||||
* Calculate HMAC-SHA1 digest for the specified input and key with this
|
||||
* single function call.
|
||||
*
|
||||
* @param input Pointer to the input stream.
|
||||
* @param input_len Length of input stream in bytes.
|
||||
|
@ -52,6 +63,37 @@ PJ_DECL(void) pj_hmac_sha1(const pj_uint8_t *input, unsigned input_len,
|
|||
pj_uint8_t digest[20]);
|
||||
|
||||
|
||||
/**
|
||||
* Initiate HMAC-SHA1 context for incremental hashing.
|
||||
*
|
||||
* @param hctx HMAC-SHA1 context.
|
||||
* @param key Pointer to the authentication key.
|
||||
* @param key_len Length of the authentication key.
|
||||
*/
|
||||
PJ_DECL(void) pj_hmac_sha1_init(pj_hmac_sha1_context *hctx,
|
||||
const pj_uint8_t *key, unsigned key_len);
|
||||
|
||||
/**
|
||||
* Append string to the message.
|
||||
*
|
||||
* @param hctx HMAC-SHA1 context.
|
||||
* @param input Pointer to the input stream.
|
||||
* @param input_len Length of input stream in bytes.
|
||||
*/
|
||||
PJ_DECL(void) pj_hmac_sha1_update(pj_hmac_sha1_context *hctx,
|
||||
const pj_uint8_t *input,
|
||||
unsigned input_len);
|
||||
|
||||
/**
|
||||
* Finish the message and return the digest.
|
||||
*
|
||||
* @param hctx HMAC-SHA1 context.
|
||||
* @param digest Buffer to be filled with HMAC SHA1 digest.
|
||||
*/
|
||||
PJ_DECL(void) pj_hmac_sha1_final(pj_hmac_sha1_context *hctx,
|
||||
pj_uint8_t digest[20]);
|
||||
|
||||
|
||||
/**
|
||||
* @}
|
||||
*/
|
||||
|
|
|
@ -16,20 +16,14 @@
|
|||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
#include <pjlib-util/md5.h>
|
||||
#include <pjlib-util/hmac_md5.h>
|
||||
#include <pj/string.h>
|
||||
|
||||
|
||||
/* This code is taken from RFC 2104 */
|
||||
|
||||
|
||||
PJ_DEF(void) pj_hmac_md5( const pj_uint8_t *input, unsigned input_len,
|
||||
const pj_uint8_t *key, unsigned key_len,
|
||||
pj_uint8_t digest[16] )
|
||||
PJ_DEF(void) pj_hmac_md5_init(pj_hmac_md5_context *hctx,
|
||||
const pj_uint8_t *key, unsigned key_len)
|
||||
{
|
||||
pj_md5_context context;
|
||||
pj_uint8_t k_ipad[65];
|
||||
pj_uint8_t k_opad[65];
|
||||
pj_uint8_t k_ipad[64];
|
||||
pj_uint8_t tk[16];
|
||||
int i;
|
||||
|
||||
|
@ -45,31 +39,58 @@ PJ_DEF(void) pj_hmac_md5( const pj_uint8_t *input, unsigned input_len,
|
|||
key_len = 16;
|
||||
}
|
||||
|
||||
/*
|
||||
* HMAC = H(K XOR opad, H(K XOR ipad, text))
|
||||
*/
|
||||
|
||||
/* start out by storing key in pads */
|
||||
pj_bzero( k_ipad, sizeof(k_ipad));
|
||||
pj_bzero( k_opad, sizeof(k_opad));
|
||||
pj_bzero( hctx->k_opad, sizeof(hctx->k_opad));
|
||||
pj_memcpy( k_ipad, key, key_len);
|
||||
pj_memcpy( k_opad, key, key_len);
|
||||
pj_memcpy( hctx->k_opad, key, key_len);
|
||||
|
||||
/* XOR key with ipad and opad values */
|
||||
for (i=0; i<64; i++) {
|
||||
k_ipad[i] ^= 0x36;
|
||||
k_opad[i] ^= 0x5c;
|
||||
hctx->k_opad[i] ^= 0x5c;
|
||||
}
|
||||
/*
|
||||
* perform inner MD5
|
||||
*/
|
||||
pj_md5_init(&context);
|
||||
pj_md5_update(&context, k_ipad, 64);
|
||||
pj_md5_update(&context, input, input_len);
|
||||
pj_md5_final(&context, digest);
|
||||
pj_md5_init(&hctx->context);
|
||||
pj_md5_update(&hctx->context, k_ipad, 64);
|
||||
|
||||
}
|
||||
|
||||
PJ_DEF(void) pj_hmac_md5_update(pj_hmac_md5_context *hctx,
|
||||
const pj_uint8_t *input,
|
||||
unsigned input_len)
|
||||
{
|
||||
pj_md5_update(&hctx->context, input, input_len);
|
||||
}
|
||||
|
||||
PJ_DEF(void) pj_hmac_md5_final(pj_hmac_md5_context *hctx,
|
||||
pj_uint8_t digest[16])
|
||||
{
|
||||
pj_md5_final(&hctx->context, digest);
|
||||
|
||||
/*
|
||||
* perform outer MD5
|
||||
*/
|
||||
pj_md5_init(&context);
|
||||
pj_md5_update(&context, k_opad, 64);
|
||||
pj_md5_update(&context, digest, 16);
|
||||
pj_md5_final(&context, digest);
|
||||
pj_md5_init(&hctx->context);
|
||||
pj_md5_update(&hctx->context, hctx->k_opad, 64);
|
||||
pj_md5_update(&hctx->context, digest, 16);
|
||||
pj_md5_final(&hctx->context, digest);
|
||||
}
|
||||
|
||||
PJ_DEF(void) pj_hmac_md5( const pj_uint8_t *input, unsigned input_len,
|
||||
const pj_uint8_t *key, unsigned key_len,
|
||||
pj_uint8_t digest[16] )
|
||||
{
|
||||
pj_hmac_md5_context ctx;
|
||||
|
||||
pj_hmac_md5_init(&ctx, key, key_len);
|
||||
pj_hmac_md5_update(&ctx, input, input_len);
|
||||
pj_hmac_md5_final(&ctx, digest);
|
||||
}
|
||||
|
||||
|
|
|
@ -17,19 +17,15 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
#include <pjlib-util/hmac_sha1.h>
|
||||
#include <pjlib-util/sha1.h>
|
||||
#include <pj/string.h>
|
||||
|
||||
|
||||
PJ_DEF(void) pj_hmac_sha1(const pj_uint8_t *input, unsigned input_len,
|
||||
const pj_uint8_t *key, unsigned key_len,
|
||||
pj_uint8_t digest[20] )
|
||||
PJ_DEF(void) pj_hmac_sha1_init(pj_hmac_sha1_context *hctx,
|
||||
const pj_uint8_t *key, unsigned key_len)
|
||||
{
|
||||
pj_sha1_context context;
|
||||
pj_uint8_t k_ipad[65];
|
||||
pj_uint8_t k_opad[65];
|
||||
pj_uint8_t k_ipad[64];
|
||||
pj_uint8_t tk[20];
|
||||
int i;
|
||||
unsigned i;
|
||||
|
||||
/* if key is longer than 64 bytes reset it to key=SHA1(key) */
|
||||
if (key_len > 64) {
|
||||
|
@ -43,32 +39,56 @@ PJ_DEF(void) pj_hmac_sha1(const pj_uint8_t *input, unsigned input_len,
|
|||
key_len = 20;
|
||||
}
|
||||
|
||||
/*
|
||||
* HMAC = H(K XOR opad, H(K XOR ipad, text))
|
||||
*/
|
||||
|
||||
/* start out by storing key in pads */
|
||||
pj_bzero( k_ipad, sizeof(k_ipad));
|
||||
pj_bzero( k_opad, sizeof(k_opad));
|
||||
pj_bzero( hctx->k_opad, sizeof(hctx->k_opad));
|
||||
pj_memcpy( k_ipad, key, key_len);
|
||||
pj_memcpy( k_opad, key, key_len);
|
||||
pj_memcpy( hctx->k_opad, key, key_len);
|
||||
|
||||
/* XOR key with ipad and opad values */
|
||||
for (i=0; i<64; i++) {
|
||||
k_ipad[i] ^= 0x36;
|
||||
k_opad[i] ^= 0x5c;
|
||||
hctx->k_opad[i] ^= 0x5c;
|
||||
}
|
||||
/*
|
||||
* perform inner SHA1
|
||||
*/
|
||||
pj_sha1_init(&context);
|
||||
pj_sha1_update(&context, k_ipad, 64);
|
||||
pj_sha1_update(&context, input, input_len);
|
||||
pj_sha1_final(&context, digest);
|
||||
pj_sha1_init(&hctx->context);
|
||||
pj_sha1_update(&hctx->context, k_ipad, 64);
|
||||
}
|
||||
|
||||
PJ_DEF(void) pj_hmac_sha1_update(pj_hmac_sha1_context *hctx,
|
||||
const pj_uint8_t *input, unsigned input_len)
|
||||
{
|
||||
pj_sha1_update(&hctx->context, input, input_len);
|
||||
}
|
||||
|
||||
PJ_DEF(void) pj_hmac_sha1_final(pj_hmac_sha1_context *hctx,
|
||||
pj_uint8_t digest[20])
|
||||
{
|
||||
pj_sha1_final(&hctx->context, digest);
|
||||
|
||||
/*
|
||||
* perform outer SHA1
|
||||
*/
|
||||
pj_sha1_init(&context);
|
||||
pj_sha1_update(&context, k_opad, 64);
|
||||
pj_sha1_update(&context, digest, 20);
|
||||
pj_sha1_final(&context, digest);
|
||||
pj_sha1_init(&hctx->context);
|
||||
pj_sha1_update(&hctx->context, hctx->k_opad, 64);
|
||||
pj_sha1_update(&hctx->context, digest, 20);
|
||||
pj_sha1_final(&hctx->context, digest);
|
||||
}
|
||||
|
||||
PJ_DEF(void) pj_hmac_sha1(const pj_uint8_t *input, unsigned input_len,
|
||||
const pj_uint8_t *key, unsigned key_len,
|
||||
pj_uint8_t digest[20] )
|
||||
{
|
||||
pj_hmac_sha1_context ctx;
|
||||
|
||||
pj_hmac_sha1_init(&ctx, key, key_len);
|
||||
pj_hmac_sha1_update(&ctx, input, input_len);
|
||||
pj_hmac_sha1_final(&ctx, digest);
|
||||
}
|
||||
|
||||
|
|
|
@ -119,6 +119,7 @@ PJ_DEF(pj_status_t) pj_stun_verify_credential( const pj_uint8_t *pkt,
|
|||
pj_bool_t username_ok;
|
||||
const pj_stun_realm_attr *arealm;
|
||||
const pj_stun_realm_attr *anonce;
|
||||
pj_hmac_sha1_context ctx;
|
||||
pj_uint8_t digest[PJ_SHA1_DIGEST_SIZE];
|
||||
pj_uint8_t md5_digest[16];
|
||||
pj_str_t key;
|
||||
|
@ -327,8 +328,17 @@ PJ_DEF(pj_status_t) pj_stun_verify_credential( const pj_uint8_t *pkt,
|
|||
key = password;
|
||||
}
|
||||
|
||||
/* Now calculate HMAC of the message */
|
||||
pj_hmac_sha1(pkt, amsgi_pos, (pj_uint8_t*)key.ptr, key.slen, digest);
|
||||
/* Now calculate HMAC of the message, adding zero padding if necessary
|
||||
* to make the input 64 bytes aligned.
|
||||
*/
|
||||
pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key.ptr, key.slen);
|
||||
pj_hmac_sha1_update(&ctx, pkt, amsgi_pos);
|
||||
if (amsgi_pos & 0x3F) {
|
||||
pj_uint8_t zeroes[64];
|
||||
pj_bzero(zeroes, sizeof(zeroes));
|
||||
pj_hmac_sha1_update(&ctx, zeroes, 64-(amsgi_pos & 0x3F));
|
||||
}
|
||||
pj_hmac_sha1_final(&ctx, digest);
|
||||
|
||||
/* Compare HMACs */
|
||||
if (pj_memcmp(amsgi->hmac, digest, 20)) {
|
||||
|
|
|
@ -2139,6 +2139,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg,
|
|||
if (amsgint != NULL) {
|
||||
|
||||
pj_uint8_t md5_key_buf[16];
|
||||
pj_hmac_sha1_context ctx;
|
||||
pj_str_t key;
|
||||
|
||||
/* MESSAGE-INTEGRITY must be the last attribute in the message, or
|
||||
|
@ -2181,10 +2182,17 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg,
|
|||
key.slen = 16;
|
||||
}
|
||||
|
||||
/* Calculate HMAC-SHA1 digest */
|
||||
pj_hmac_sha1((pj_uint8_t*)start, buf-start,
|
||||
(pj_uint8_t*)key.ptr, key.slen,
|
||||
amsgint->hmac);
|
||||
/* Calculate HMAC-SHA1 digest, add zero padding to input
|
||||
* if necessary to make the input 64 bytes aligned.
|
||||
*/
|
||||
pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key.ptr, key.slen);
|
||||
pj_hmac_sha1_update(&ctx, (pj_uint8_t*)start, buf-start);
|
||||
if ((buf-start) & 0x3F) {
|
||||
pj_uint8_t zeroes[64];
|
||||
pj_bzero(zeroes, sizeof(zeroes));
|
||||
pj_hmac_sha1_update(&ctx, zeroes, 64-((buf-start) & 0x3F));
|
||||
}
|
||||
pj_hmac_sha1_final(&ctx, amsgint->hmac);
|
||||
|
||||
/* Put this attribute in the message */
|
||||
status = encode_msgint_attr(amsgint, buf, buf_size,
|
||||
|
|
Loading…
Reference in New Issue