status-go/vendor/github.com/pion/stun/integrity.go

127 lines
3.8 KiB
Go
Raw Normal View History

2024-05-15 23:15:00 +00:00
// SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
// SPDX-License-Identifier: MIT
2022-03-10 09:44:48 +00:00
package stun
2024-05-15 23:15:00 +00:00
import ( //nolint:gci
"crypto/md5" //nolint:gosec
"crypto/sha1" //nolint:gosec
2022-03-10 09:44:48 +00:00
"errors"
"fmt"
"strings"
"github.com/pion/stun/internal/hmac"
)
// separator for credentials.
const credentialsSep = ":"
// NewLongTermIntegrity returns new MessageIntegrity with key for long-term
// credentials. Password, username, and realm must be SASL-prepared.
func NewLongTermIntegrity(username, realm, password string) MessageIntegrity {
k := strings.Join([]string{username, realm, password}, credentialsSep)
2024-05-15 23:15:00 +00:00
h := md5.New() //nolint:gosec
2022-03-10 09:44:48 +00:00
fmt.Fprint(h, k)
return MessageIntegrity(h.Sum(nil))
}
// NewShortTermIntegrity returns new MessageIntegrity with key for short-term
// credentials. Password must be SASL-prepared.
func NewShortTermIntegrity(password string) MessageIntegrity {
return MessageIntegrity(password)
}
// MessageIntegrity represents MESSAGE-INTEGRITY attribute.
//
// AddTo and Check methods are using zero-allocation version of hmac, see
// newHMAC function and internal/hmac/pool.go.
//
// RFC 5389 Section 15.4
type MessageIntegrity []byte
func newHMAC(key, message, buf []byte) []byte {
mac := hmac.AcquireSHA1(key)
writeOrPanic(mac, message)
defer hmac.PutSHA1(mac)
return mac.Sum(buf)
}
func (i MessageIntegrity) String() string {
return fmt.Sprintf("KEY: 0x%x", []byte(i))
}
const messageIntegritySize = 20
// ErrFingerprintBeforeIntegrity means that FINGERPRINT attribute is already in
// message, so MESSAGE-INTEGRITY attribute cannot be added.
var ErrFingerprintBeforeIntegrity = errors.New("FINGERPRINT before MESSAGE-INTEGRITY attribute")
// AddTo adds MESSAGE-INTEGRITY attribute to message.
//
// CPU costly, see BenchmarkMessageIntegrity_AddTo.
func (i MessageIntegrity) AddTo(m *Message) error {
for _, a := range m.Attributes {
// Message should not contain FINGERPRINT attribute
// before MESSAGE-INTEGRITY.
if a.Type == AttrFingerprint {
return ErrFingerprintBeforeIntegrity
}
}
// The text used as input to HMAC is the STUN message,
// including the header, up to and including the attribute preceding the
// MESSAGE-INTEGRITY attribute.
length := m.Length
// Adjusting m.Length to contain MESSAGE-INTEGRITY TLV.
m.Length += messageIntegritySize + attributeHeaderSize
m.WriteLength() // writing length to m.Raw
v := newHMAC(i, m.Raw, m.Raw[len(m.Raw):]) // calculating HMAC for adjusted m.Raw
m.Length = length // changing m.Length back
// Copy hmac value to temporary variable to protect it from resetting
// while processing m.Add call.
vBuf := make([]byte, sha1.Size)
copy(vBuf, v)
m.Add(AttrMessageIntegrity, vBuf)
return nil
}
// ErrIntegrityMismatch means that computed HMAC differs from expected.
var ErrIntegrityMismatch = errors.New("integrity check failed")
// Check checks MESSAGE-INTEGRITY attribute.
//
// CPU costly, see BenchmarkMessageIntegrity_Check.
func (i MessageIntegrity) Check(m *Message) error {
v, err := m.Get(AttrMessageIntegrity)
if err != nil {
return err
}
// Adjusting length in header to match m.Raw that was
// used when computing HMAC.
var (
length = m.Length
afterIntegrity = false
sizeReduced int
)
for _, a := range m.Attributes {
if afterIntegrity {
sizeReduced += nearestPaddedValueLength(int(a.Length))
sizeReduced += attributeHeaderSize
}
if a.Type == AttrMessageIntegrity {
afterIntegrity = true
}
}
m.Length -= uint32(sizeReduced)
m.WriteLength()
// startOfHMAC should be first byte of integrity attribute.
startOfHMAC := messageHeaderSize + m.Length - (attributeHeaderSize + messageIntegritySize)
b := m.Raw[:startOfHMAC] // data before integrity attribute
expected := newHMAC(i, b, m.Raw[len(m.Raw):])
m.Length = length
m.WriteLength() // writing length back
return checkHMAC(v, expected)
}