1 #[cfg(test)]
2 mod integrity_test;
3
4 use crate::attributes::*;
5 use crate::checks::*;
6 use crate::error::*;
7 use crate::message::*;
8
9 use md5::{Digest, Md5};
10 use ring::hmac;
11 use std::fmt;
12
13 // separator for credentials.
14 pub(crate) const CREDENTIALS_SEP: &str = ":";
15
16 // MessageIntegrity represents MESSAGE-INTEGRITY attribute.
17 //
18 // add_to and Check methods are using zero-allocation version of hmac, see
19 // newHMAC function and internal/hmac/pool.go.
20 //
21 // RFC 5389 Section 15.4
22 #[derive(Default, Clone)]
23 pub struct MessageIntegrity(pub Vec<u8>);
24
new_hmac(key: &[u8], message: &[u8]) -> Vec<u8>25 fn new_hmac(key: &[u8], message: &[u8]) -> Vec<u8> {
26 let mac = hmac::Key::new(hmac::HMAC_SHA1_FOR_LEGACY_USE_ONLY, key);
27 hmac::sign(&mac, message).as_ref().to_vec()
28 }
29
30 impl fmt::Display for MessageIntegrity {
fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result31 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
32 write!(f, "KEY: 0x{:x?}", self.0)
33 }
34 }
35
36 impl Setter for MessageIntegrity {
37 // add_to adds MESSAGE-INTEGRITY attribute to message.
38 //
39 // CPU costly, see BenchmarkMessageIntegrity_AddTo.
add_to(&self, m: &mut Message) -> Result<()>40 fn add_to(&self, m: &mut Message) -> Result<()> {
41 for a in &m.attributes.0 {
42 // Message should not contain FINGERPRINT attribute
43 // before MESSAGE-INTEGRITY.
44 if a.typ == ATTR_FINGERPRINT {
45 return Err(Error::ErrFingerprintBeforeIntegrity);
46 }
47 }
48 // The text used as input to HMAC is the STUN message,
49 // including the header, up to and including the attribute preceding the
50 // MESSAGE-INTEGRITY attribute.
51 let length = m.length;
52 // Adjusting m.Length to contain MESSAGE-INTEGRITY TLV.
53 m.length += (MESSAGE_INTEGRITY_SIZE + ATTRIBUTE_HEADER_SIZE) as u32;
54 m.write_length(); // writing length to m.Raw
55 let v = new_hmac(&self.0, &m.raw); // calculating HMAC for adjusted m.Raw
56 m.length = length; // changing m.Length back
57
58 m.add(ATTR_MESSAGE_INTEGRITY, &v);
59
60 Ok(())
61 }
62 }
63
64 pub(crate) const MESSAGE_INTEGRITY_SIZE: usize = 20;
65
66 impl MessageIntegrity {
67 // new_long_term_integrity returns new MessageIntegrity with key for long-term
68 // credentials. Password, username, and realm must be SASL-prepared.
new_long_term_integrity(username: String, realm: String, password: String) -> Self69 pub fn new_long_term_integrity(username: String, realm: String, password: String) -> Self {
70 let s = vec![username, realm, password].join(CREDENTIALS_SEP);
71
72 let mut h = Md5::new();
73 h.update(s.as_bytes());
74
75 MessageIntegrity(h.finalize().as_slice().to_vec())
76 }
77
78 // new_short_term_integrity returns new MessageIntegrity with key for short-term
79 // credentials. Password must be SASL-prepared.
new_short_term_integrity(password: String) -> Self80 pub fn new_short_term_integrity(password: String) -> Self {
81 MessageIntegrity(password.as_bytes().to_vec())
82 }
83
84 // Check checks MESSAGE-INTEGRITY attribute.
85 //
86 // CPU costly, see BenchmarkMessageIntegrity_Check.
check(&self, m: &mut Message) -> Result<()>87 pub fn check(&self, m: &mut Message) -> Result<()> {
88 let v = m.get(ATTR_MESSAGE_INTEGRITY)?;
89
90 // Adjusting length in header to match m.Raw that was
91 // used when computing HMAC.
92
93 let length = m.length as usize;
94 let mut after_integrity = false;
95 let mut size_reduced = 0;
96
97 for a in &m.attributes.0 {
98 if after_integrity {
99 size_reduced += nearest_padded_value_length(a.length as usize);
100 size_reduced += ATTRIBUTE_HEADER_SIZE;
101 }
102 if a.typ == ATTR_MESSAGE_INTEGRITY {
103 after_integrity = true;
104 }
105 }
106 m.length -= size_reduced as u32;
107 m.write_length();
108 // start_of_hmac should be first byte of integrity attribute.
109 let start_of_hmac = MESSAGE_HEADER_SIZE + m.length as usize
110 - (ATTRIBUTE_HEADER_SIZE + MESSAGE_INTEGRITY_SIZE);
111 let b = &m.raw[..start_of_hmac]; // data before integrity attribute
112 let expected = new_hmac(&self.0, b);
113 m.length = length as u32;
114 m.write_length(); // writing length back
115 check_hmac(&v, &expected)
116 }
117 }
118