stunhmac.c 6.01 KB
Newer Older
1 2 3
/*
 * This file is part of the Nice GLib ICE library.
 *
4 5 6
 * (C) 2008-2009 Collabora Ltd.
 *  Contact: Youness Alaoui
 * (C) 2007-2009 Nokia Corporation. All rights reserved.
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 *  Contact: Rémi Denis-Courmont
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * The Original Code is the Nice GLib ICE library.
 *
 * The Initial Developers of the Original Code are Collabora Ltd and Nokia
 * Corporation. All Rights Reserved.
 *
 * Contributors:
25
 *   Youness Alaoui, Collabora Ltd.
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
 *   Rémi Denis-Courmont, Nokia
 *
 * Alternatively, the contents of this file may be used under the terms of the
 * the GNU Lesser General Public License Version 2.1 (the "LGPL"), in which
 * case the provisions of LGPL are applicable instead of those above. If you
 * wish to allow use of your version of this file only under the terms of the
 * LGPL and not to allow others to use your version of this file under the
 * MPL, indicate your decision by deleting the provisions above and replace
 * them with the notice and other provisions required by the LGPL. If you do
 * not delete the provisions above, a recipient may use your version of this
 * file under either the MPL or the LGPL.
 */

#ifdef HAVE_CONFIG_H
# include <config.h>
#endif

43
#include "rand.h"
44

45
#include "stunmessage.h"
46
#include "stunhmac.h"
47

48
#include <string.h>
49
#include <assert.h>
50 51 52 53 54

#ifdef HAVE_OPENSSL
#include <openssl/hmac.h>
#include <openssl/sha.h>
#else
55 56
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
57
#endif
58

59
void stun_sha1 (const uint8_t *msg, size_t len, size_t msg_len, uint8_t *sha,
60
    const void *key, size_t keylen, int padding)
61
{
62
  uint16_t fakelen = htons (msg_len);
63
  uint8_t pad_char[64] = {0};
64 65 66 67 68 69 70 71 72 73 74 75 76 77

  assert (len >= 44u);

#ifdef HAVE_OPENSSL
{
#ifdef NDEBUG
#define TRY(x) x;
#else
  int ret;
#define TRY(x)                                  \
  ret = x;                                      \
  assert (ret == 1);
#endif

78 79
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
  HMAC_CTX stackctx;
  HMAC_CTX *ctx = &stackctx;
  HMAC_CTX_init (ctx);
#else
  HMAC_CTX *ctx = HMAC_CTX_new ();
#endif /* OPENSSL_VERSION_NUMBER */

  assert (SHA_DIGEST_LENGTH == 20);

  TRY (HMAC_Init_ex (ctx, key, keylen, EVP_sha1(), NULL));

  TRY (HMAC_Update (ctx, msg, 2));
  TRY (HMAC_Update (ctx, (unsigned char *)&fakelen, 2));
  TRY (HMAC_Update (ctx, msg + 4, len - 28));

  /* RFC 3489 specifies that the message's size should be 64 bytes,
     and \x00 padding should be done */
  if (padding && ((len - 24) % 64) > 0) {
    uint16_t pad_size = 64 - ((len - 24) % 64);

    TRY (HMAC_Update (ctx, pad_char, pad_size));
  }

  TRY (HMAC_Final (ctx, sha, NULL));

105 106
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
107 108 109 110 111 112 113
  HMAC_CTX_cleanup (ctx);
#else
  HMAC_CTX_free (ctx);
#endif /* OPENSSL_VERSION_NUMBER */
}
#else
{
114
  gnutls_hmac_hd_t handle;
115 116 117 118

#ifdef NDEBUG
#define TRY(x) x;
#else
119
  int ret;
120 121 122 123
#define TRY(x)                                  \
  ret = x;                                      \
  assert (ret >= 0);
#endif
124

125
  assert (gnutls_hmac_get_len (GNUTLS_MAC_SHA1) == 20);
126
  TRY (gnutls_hmac_init (&handle, GNUTLS_MAC_SHA1, key, keylen));
127

128 129 130
  TRY (gnutls_hmac (handle, msg, 2));
  TRY (gnutls_hmac (handle, &fakelen, 2));
  TRY (gnutls_hmac (handle, msg + 4, len - 28));
131 132 133

  /* RFC 3489 specifies that the message's size should be 64 bytes,
     and \x00 padding should be done */
134
  if (padding && ((len - 24) % 64) > 0) {
135 136
    uint16_t pad_size = 64 - ((len - 24) % 64);

137
    TRY (gnutls_hmac (handle, pad_char, pad_size));
138
  }
139

140
  gnutls_hmac_deinit (handle, sha);
141 142

#undef TRY
143
}
144 145
#endif /* HAVE_OPENSSL */
}
146

147 148 149 150 151 152 153 154
static const uint8_t *priv_trim_var (const uint8_t *var, size_t *var_len)
{
  const uint8_t *ptr = var;

  while (*ptr == '"') {
    ptr++;
    (*var_len)--;
  }
155 156
  while(ptr[*var_len-1] == '"' ||
      ptr[*var_len-1] == 0) {
157 158
    (*var_len)--;
  }
159

160 161 162 163 164 165 166 167
  return ptr;
}


void stun_hash_creds (const uint8_t *realm, size_t realm_len,
    const uint8_t *username, size_t username_len,
    const uint8_t *password, size_t password_len,
    unsigned char md5[16])
168
{
169
  const uint8_t *username_trimmed = priv_trim_var (username, &username_len);
170 171
  const uint8_t *password_trimmed = priv_trim_var (password, &password_len);
  const uint8_t *realm_trimmed = priv_trim_var (realm, &realm_len);
172
  const uint8_t *colon = (uint8_t *)":";
173 174 175 176

#ifdef HAVE_OPENSSL
  EVP_MD_CTX *ctx;

177 178
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
179 180 181 182 183 184 185 186 187 188 189 190 191
  ctx = EVP_MD_CTX_create ();
#else
  ctx = EVP_MD_CTX_new ();
#endif /* OPENSSL_VERSION_NUMBER */

  EVP_DigestInit_ex (ctx, EVP_md5(), NULL);
  EVP_DigestUpdate (ctx, username_trimmed, username_len);
  EVP_DigestUpdate (ctx, colon, 1);
  EVP_DigestUpdate (ctx, realm_trimmed, realm_len);
  EVP_DigestUpdate (ctx, colon, 1);
  EVP_DigestUpdate (ctx, password_trimmed, password_len);
  EVP_DigestFinal_ex (ctx, md5, NULL);

192 193
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
194 195 196 197 198 199
  EVP_MD_CTX_destroy (ctx);
#else
  EVP_MD_CTX_free (ctx);
#endif /* OPENSSL_VERSION_NUMBER */

#else
200 201 202 203 204 205 206 207
  gnutls_hash_hd_t handle;

  gnutls_hash_init (&handle, GNUTLS_DIG_MD5);
  gnutls_hash (handle, username_trimmed, username_len);
  gnutls_hash (handle, colon, 1);
  gnutls_hash (handle, realm_trimmed, realm_len);
  gnutls_hash (handle, colon, 1);
  gnutls_hash (handle, password_trimmed, password_len);
208

209
  gnutls_hash_deinit (handle, md5);
210
#endif /* HAVE_OPENSSL */
211
}
212 213


214
void stun_make_transid (StunTransactionId id)
215
{
216
  nice_RAND_nonce (id, 16);
217
}