Changeset 1479

Timestamp:

Oct 5, 2007 3:53:56 PM (17 years ago)

Author:

bennylp

Message:

Ticket #392: Added configuration to enable old, rfc3489bis-06 and older, style of MESSAGE-INTEGRITY and FINGERPRINT calculation

Location:

pjproject/trunk/pjnath

Files:

• include/pjnath/config.h (modified) (2 diffs)
• src/pjnath/stun_auth.c (modified) (4 diffs)
• src/pjnath/stun_msg.c (modified) (4 diffs)
• src/pjnath/stun_session.c (modified) (1 diff)

pjproject/trunk/pjnath/include/pjnath/config.h

@@ -112 +112 @@
  */
 #ifndef PJ_STUN_MAX_PKT_LEN
-#   define PJ_STUN_MAX_PKT_LEN                      512
+#   define PJ_STUN_MAX_PKT_LEN                      800
 #endif
 
@@ -129 +129 @@
 #ifndef PJ_STUN_STRING_ATTR_PAD_CHR
 #   define PJ_STUN_STRING_ATTR_PAD_CHR              0
+#endif
+
+
+/**
+ * Enable pre-RFC3489bis-07 style of STUN MESSAGE-INTEGRITY and FINGERPRINT
+ * calculation. By default this should be disabled since the calculation is
+ * not backward compatible with current STUN specification.
+ */
+#ifndef PJ_STUN_OLD_STYLE_MI_FINGERPRINT
+#   define PJ_STUN_OLD_STYLE_MI_FINGERPRINT         0
 #endif
 

pjproject/trunk/pjnath/src/pjnath/stun_auth.c

@@ -343 +343 @@
     pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key.ptr, key.slen);
 
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
+    /* Pre rfc3489bis-06 style of calculation */
+    pj_hmac_sha1_update(&ctx, pkt, 20);
+#else
     /* First calculate HMAC for the header.
      * The calculation is different depending on whether FINGERPRINT attribute
@@ -355 +359 @@
         pj_hmac_sha1_update(&ctx, pkt, 20);
     }
+#endif  /* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */
 
     /* Now update with the message body */
     pj_hmac_sha1_update(&ctx, pkt+20, amsgi_pos);
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
     // This is no longer necessary as per rfc3489bis-08
-    //if (amsgi_pos & 0x3F) {
-    //  pj_uint8_t zeroes[64];
-    //  pj_bzero(zeroes, sizeof(zeroes));
-    //  pj_hmac_sha1_update(&ctx, zeroes, 64-(amsgi_pos & 0x3F));
-    //}
+    if ((amsgi_pos+20) & 0x3F) {
+        pj_uint8_t zeroes[64];
+        pj_bzero(zeroes, sizeof(zeroes));
+        pj_hmac_sha1_update(&ctx, zeroes, 64-((amsgi_pos+20) & 0x3F));
+    }
+#endif
     pj_hmac_sha1_final(&ctx, digest);
 
@@ -475 +482 @@
     pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key->ptr, key->slen);
 
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
+    /* Pre rfc3489bis-06 style of calculation */
+    pj_hmac_sha1_update(&ctx, pkt, 20);
+#else
     /* First calculate HMAC for the header.
      * The calculation is different depending on whether FINGERPRINT attribute
@@ -487 +498 @@
         pj_hmac_sha1_update(&ctx, pkt, 20);
     }
+#endif  /* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */
 
     /* Now update with the message body */
     pj_hmac_sha1_update(&ctx, pkt+20, amsgi_pos);
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
     // This is no longer necessary as per rfc3489bis-08
-    //if (amsgi_pos & 0x3F) {
-    //  pj_uint8_t zeroes[64];
-    //  pj_bzero(zeroes, sizeof(zeroes));
-    //  pj_hmac_sha1_update(&ctx, zeroes, 64-(amsgi_pos & 0x3F));
-    //}
+    if ((amsgi_pos+20) & 0x3F) {
+        pj_uint8_t zeroes[64];
+        pj_bzero(zeroes, sizeof(zeroes));
+        pj_hmac_sha1_update(&ctx, zeroes, 64-((amsgi_pos+20) & 0x3F));
+    }
+#endif
     pj_hmac_sha1_final(&ctx, digest);
 

pjproject/trunk/pjnath/src/pjnath/stun_msg.c

@@ -2146 +2146 @@
     }
 
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
+    /*
+     * This is the old style MESSAGE-INTEGRITY and FINGERPRINT
+     * calculation, used in rfc3489bis-06 and older.
+     */
+    /* We MUST update the message length in the header NOW before
+     * calculating MESSAGE-INTEGRITY and FINGERPRINT. 
+     * Note that length is not including the 20 bytes header.
+      */
+    if (amsgint && afingerprint) {
+        body_len = (pj_uint16_t)((buf - start) - 20 + 24 + 8);
+    } else if (amsgint) {
+        body_len = (pj_uint16_t)((buf - start) - 20 + 24);
+    } else if (afingerprint) {
+        body_len = (pj_uint16_t)((buf - start) - 20 + 8);
+    } else {
+        body_len = (pj_uint16_t)((buf - start) - 20);
+    }
+#else
     /* If MESSAGE-INTEGRITY is present, include the M-I attribute
      * in message length before calculating M-I
@@ -2154 +2173 @@
         body_len = (pj_uint16_t)((buf - start) - 20);
     }
+#endif  /* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */
 
     /* hdr->length = pj_htons(length); */
@@ -2188 +2208 @@
         pj_hmac_sha1_init(&ctx, (pj_uint8_t*)key->ptr, key->slen);
         pj_hmac_sha1_update(&ctx, (pj_uint8_t*)start, buf-start);
+#if PJ_STUN_OLD_STYLE_MI_FINGERPRINT
         // These are obsoleted in rfc3489bis-08
-        //if ((buf-start) & 0x3F) {
-        //    pj_uint8_t zeroes[64];
-        //    pj_bzero(zeroes, sizeof(zeroes));
-        //    pj_hmac_sha1_update(&ctx, zeroes, 64-((buf-start) & 0x3F));
-        //}
+        if ((buf-start) & 0x3F) {
+            pj_uint8_t zeroes[64];
+            pj_bzero(zeroes, sizeof(zeroes));
+            pj_hmac_sha1_update(&ctx, zeroes, 64-((buf-start) & 0x3F));
+        }
+#endif  /* PJ_STUN_OLD_STYLE_MI_FINGERPRINT */
         pj_hmac_sha1_final(&ctx, amsgint->hmac);
 
@@ -2208 +2230 @@
     /* Calculate FINGERPRINT if present */
     if (afingerprint != NULL) {
+
+#if !PJ_STUN_OLD_STYLE_MI_FINGERPRINT
         /* Update message length */
         PUTVAL16H(start, 2, 
                  (pj_uint16_t)(GETVAL16H(start, 2)+8));
+#endif
 
         afingerprint->value = pj_crc32_calc(start, buf-start);

pjproject/trunk/pjnath/src/pjnath/stun_session.c

@@ -561 +561 @@
     int dst_port;
     const pj_sockaddr *dst = (const pj_sockaddr*)addr;
-    char buf[512];
+    char buf[800];
     
     if (dst->addr.sa_family == pj_AF_INET()) {