1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
/*
* This file is part of the Nice GLib ICE library.
*
* (C) 2007 Nokia Corporation. All rights reserved.
* Contact: Rémi Denis-Courmont
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Nice GLib ICE library.
*
* The Initial Developers of the Original Code are Collabora Ltd and Nokia
* Corporation. All Rights Reserved.
*
* Contributors:
* Rémi Denis-Courmont, Nokia
*
* Alternatively, the contents of this file may be used under the terms of the
* the GNU Lesser General Public License Version 2.1 (the "LGPL"), in which
* case the provisions of LGPL are applicable instead of those above. If you
* wish to allow use of your version of this file only under the terms of the
* LGPL and not to allow others to use your version of this file under the
* MPL, indicate your decision by deleting the provisions above and replace
* them with the notice and other provisions required by the LGPL. If you do
* not delete the provisions above, a recipient may use your version of this
* file under either the MPL or the LGPL.
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/rand.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <pthread.h>
#include "stunmessage.h"
#include "stunhmac.h"
#include <string.h>
#include <assert.h>
void stun_sha1 (const uint8_t *msg, size_t len, uint8_t *sha,
const void *restrict key, size_t keylen, int padding)
{
HMAC_CTX ctx;
uint16_t fakelen = htons (len - 20u);
assert (len >= 44u);
HMAC_CTX_init (&ctx);
HMAC_Init_ex (&ctx, key, keylen, EVP_sha1 (), NULL);
HMAC_Update (&ctx, msg, 2);
HMAC_Update (&ctx, (const uint8_t *)&fakelen, 2);
/* first 4 bytes done, last 24 bytes not summed */
HMAC_Update (&ctx, msg + 4, len - 28u);
/* RFC 3489 specifies that the message's size should be 64 bytes,
and \x00 padding should be done */
if (padding) {
uint16_t pad_size = 64 - ((len - 24) % 64);
int i;
uint8_t pad_char[1] = {0};
for (i = 0; i < pad_size; i++) {
HMAC_Update (&ctx, pad_char, 1);
}
}
HMAC_Final (&ctx, sha, NULL);
HMAC_CTX_cleanup (&ctx);
}
static const uint8_t *priv_trim_var (const uint8_t *var, size_t *var_len)
{
const uint8_t *ptr = var;
while (*ptr == '"') {
ptr++;
(*var_len)--;
}
while(ptr[*var_len-1] == '"' ||
ptr[*var_len-1] == 0) {
(*var_len)--;
}
return ptr;
}
void stun_hash_creds (const uint8_t *realm, size_t realm_len,
const uint8_t *username, size_t username_len,
const uint8_t *password, size_t password_len,
unsigned char md5[16])
{
EVP_MD_CTX ctx;
const uint8_t *username_trimmed = priv_trim_var (username, &username_len);
const uint8_t *password_trimmed = priv_trim_var (password, &password_len);;
const uint8_t *realm_trimmed = priv_trim_var (realm, &realm_len);;
EVP_MD_CTX_init (&ctx);
EVP_DigestInit_ex (&ctx, EVP_md5 (), NULL);
EVP_DigestUpdate (&ctx, username_trimmed, username_len);
EVP_DigestUpdate (&ctx, ":", 1);
EVP_DigestUpdate (&ctx, realm_trimmed, realm_len);
EVP_DigestUpdate (&ctx, ":", 1);
EVP_DigestUpdate (&ctx, password_trimmed, password_len);
EVP_DigestFinal (&ctx, md5, NULL);
}
void stun_make_transid (stun_transid_t id)
{
RAND_bytes (id, 16);
}
|
