static unsigned
stun_agent_find_unknowns (StunAgent *agent, const StunMessage * msg,
uint16_t *list, unsigned max)
{
unsigned count = 0;
uint16_t len = stun_message_length (msg);
size_t offset = 0;
offset = STUN_MESSAGE_ATTRIBUTES_POS;
while ((offset < len) && (count < max))
{
size_t alen = stun_getw (msg->buffer + offset + STUN_ATTRIBUTE_TYPE_LEN);
uint16_t atype = stun_getw (msg->buffer + offset);
offset += STUN_ATTRIBUTE_VALUE_POS + stun_align (alen);
if (!stun_optional (atype) && stun_agent_is_unknown (agent, atype))
{
stun_debug ("STUN unknown: attribute 0x%04x(%u bytes)\n",
(unsigned)atype, (unsigned)alen);
list[count++] = htons (atype);
}
}
stun_debug ("STUN unknown: %u mandatory attribute(s)!\n", count);
return count;
}
StunValidationStatus stun_agent_validate (StunAgent *agent, StunMessage *msg,
const uint8_t *buffer, size_t buffer_len,
StunMessageIntegrityValidate validater, void * validater_data)
{
StunTransactionId msg_id;
uint32_t fpr;
uint32_t crc32;
int len;
uint8_t *username = NULL;
uint16_t username_len;
uint8_t *key = NULL;
size_t key_len;
uint8_t *hash;
uint8_t sha[20];
uint16_t hlen;
int sent_id_idx = -1;
uint16_t unknown;
int error_code;
int ignore_credentials = 0;
uint8_t long_term_key[16];
bool long_term_key_valid = FALSE;
len = stun_message_validate_buffer_length (buffer, buffer_len);
if (len == STUN_MESSAGE_BUFFER_INVALID) {
return STUN_VALIDATION_NOT_STUN;
} else if (len == STUN_MESSAGE_BUFFER_INCOMPLETE) {
return STUN_VALIDATION_INCOMPLETE_STUN;
} else if (len != (int) buffer_len) {
return STUN_VALIDATION_NOT_STUN;
}
msg->buffer = (uint8_t *) buffer;
msg->buffer_len = buffer_len;
msg->agent = agent;
msg->key = NULL;
msg->key_len = 0;
msg->long_term_valid = FALSE;
/* TODO: reject it or not ? */
if ((agent->compatibility == STUN_COMPATIBILITY_RFC5389 ||
agent->compatibility == STUN_COMPATIBILITY_WLM2009) &&
!stun_message_has_cookie (msg)) {
stun_debug ("STUN demux error: no cookie!\n");
return STUN_VALIDATION_BAD_REQUEST;
}
if ((agent->compatibility == STUN_COMPATIBILITY_RFC5389 ||
agent->compatibility == STUN_COMPATIBILITY_WLM2009) &&
agent->usage_flags & STUN_AGENT_USAGE_USE_FINGERPRINT) {
/* Looks for FINGERPRINT */
if (stun_message_find32 (msg, STUN_ATTRIBUTE_FINGERPRINT, &fpr) !=
STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug ("STUN demux error: no FINGERPRINT attribute!\n");
return STUN_VALIDATION_BAD_REQUEST;
}
/* Checks FINGERPRINT */
crc32 = stun_fingerprint (msg->buffer, stun_message_length (msg),
agent->compatibility == STUN_COMPATIBILITY_WLM2009);
fpr = ntohl (fpr);
if (fpr != crc32) {
stun_debug ("STUN demux error: bad fingerprint: 0x%08x,"
" expected: 0x%08x!\n", fpr, crc32);
return STUN_VALIDATION_BAD_REQUEST;
}
stun_debug ("STUN demux: OK!\n");
}
if (stun_message_get_class (msg) == STUN_RESPONSE ||
stun_message_get_class (msg) == STUN_ERROR) {
stun_message_id (msg, msg_id);
for (sent_id_idx = 0; sent_id_idx < STUN_AGENT_MAX_SAVED_IDS; sent_id_idx++) {
if (agent->sent_ids[sent_id_idx].valid == TRUE &&
agent->sent_ids[sent_id_idx].method == stun_message_get_method (msg) &&
memcmp (msg_id, agent->sent_ids[sent_id_idx].id,
sizeof(StunTransactionId)) == 0) {
key = agent->sent_ids[sent_id_idx].key;
key_len = agent->sent_ids[sent_id_idx].key_len;
memcpy (long_term_key, agent->sent_ids[sent_id_idx].long_term_key,
sizeof(long_term_key));
long_term_key_valid = agent->sent_ids[sent_id_idx].long_term_valid;
break;
}
}
if (sent_id_idx == STUN_AGENT_MAX_SAVED_IDS) {
return STUN_VALIDATION_UNMATCHED_RESPONSE;
}
}
ignore_credentials =
(agent->usage_flags & STUN_AGENT_USAGE_IGNORE_CREDENTIALS) ||
(stun_message_get_class (msg) == STUN_ERROR &&
stun_message_find_error (msg, &error_code) ==
STUN_MESSAGE_RETURN_SUCCESS &&
(error_code == 400 || error_code == 401)) ||
(stun_message_get_class (msg) == STUN_INDICATION &&
(agent->usage_flags & STUN_AGENT_USAGE_NO_INDICATION_AUTH));
if (key == NULL &&
ignore_credentials == 0 &&
(stun_message_get_class (msg) == STUN_REQUEST ||
stun_message_get_class (msg) == STUN_INDICATION) &&
(((agent->usage_flags & STUN_AGENT_USAGE_SHORT_TERM_CREDENTIALS) &&
(!stun_message_has_attribute (msg, STUN_ATTRIBUTE_USERNAME) ||
!stun_message_has_attribute (msg, STUN_ATTRIBUTE_MESSAGE_INTEGRITY))) ||
((agent->usage_flags & STUN_AGENT_USAGE_LONG_TERM_CREDENTIALS) &&
stun_message_get_class (msg) == STUN_REQUEST &&
(!stun_message_has_attribute (msg, STUN_ATTRIBUTE_USERNAME) ||
!stun_message_has_attribute (msg, STUN_ATTRIBUTE_MESSAGE_INTEGRITY) ||
!stun_message_has_attribute (msg, STUN_ATTRIBUTE_NONCE) ||
!stun_message_has_attribute (msg, STUN_ATTRIBUTE_REALM))) ||
((agent->usage_flags & STUN_AGENT_USAGE_IGNORE_CREDENTIALS) == 0 &&
stun_message_has_attribute (msg, STUN_ATTRIBUTE_USERNAME) &&
!stun_message_has_attribute (msg, STUN_ATTRIBUTE_MESSAGE_INTEGRITY)))) {
return STUN_VALIDATION_UNAUTHORIZED_BAD_REQUEST;
}
if (stun_message_has_attribute (msg, STUN_ATTRIBUTE_MESSAGE_INTEGRITY) &&
((key == NULL && ignore_credentials == 0) ||
(agent->usage_flags & STUN_AGENT_USAGE_FORCE_VALIDATER))) {
username_len = 0;
username = (uint8_t *) stun_message_find (msg, STUN_ATTRIBUTE_USERNAME,
&username_len);
if (validater == NULL ||
validater (agent, msg, username, username_len,
&key, &key_len, validater_data) == FALSE) {
return STUN_VALIDATION_UNAUTHORIZED;
}
}
if (ignore_credentials == 0 && key != NULL && key_len > 0) {
hash = (uint8_t *) stun_message_find (msg,
STUN_ATTRIBUTE_MESSAGE_INTEGRITY, &hlen);
if (hash) {
/* We must give the size from start to the end of the attribute
because you might have a FINGERPRINT attribute after it... */
if (agent->usage_flags & STUN_AGENT_USAGE_LONG_TERM_CREDENTIALS) {
uint8_t *realm = NULL;
uint8_t *username = NULL;
uint16_t realm_len;
uint16_t username_len;
uint8_t md5[16];
if (long_term_key_valid) {
memcpy (md5, long_term_key, sizeof (md5));
} else {
realm = (uint8_t *) stun_message_find (msg, STUN_ATTRIBUTE_REALM, &realm_len);
username = (uint8_t *) stun_message_find (msg,
STUN_ATTRIBUTE_USERNAME, &username_len);
if (username == NULL || realm == NULL) {
return STUN_VALIDATION_UNAUTHORIZED;
}
stun_hash_creds (realm, realm_len,
username, username_len,
key, key_len, md5);
}
memcpy (msg->long_term_key, md5, sizeof(md5));
msg->long_term_valid = TRUE;
if (agent->compatibility == STUN_COMPATIBILITY_RFC3489) {
stun_sha1 (msg->buffer, hash + 20 - msg->buffer, hash - msg->buffer,
sha, md5, sizeof(md5), TRUE);
} else if (agent->compatibility == STUN_COMPATIBILITY_WLM2009) {
stun_sha1 (msg->buffer, hash + 20 - msg->buffer,
stun_message_length (msg) - 20, sha, md5, sizeof(md5), TRUE);
} else {
stun_sha1 (msg->buffer, hash + 20 - msg->buffer,
hash - msg->buffer, sha, md5, sizeof(md5), FALSE);
}
} else {
if (agent->compatibility == STUN_COMPATIBILITY_RFC3489) {
stun_sha1 (msg->buffer, hash + 20 - msg->buffer, hash - msg->buffer,
sha, key, key_len, TRUE);
} else if (agent->compatibility == STUN_COMPATIBILITY_WLM2009) {
stun_sha1 (msg->buffer, hash + 20 - msg->buffer,
stun_message_length (msg) - 20, sha, key, key_len, TRUE);
} else {
stun_sha1 (msg->buffer, hash + 20 - msg->buffer,
hash - msg->buffer, sha, key, key_len, FALSE);
}
}
stun_debug (" Message HMAC-SHA1 fingerprint:");
stun_debug ("\nkey : ");
stun_debug_bytes (key, key_len);
stun_debug ("\n expected: ");
stun_debug_bytes (sha, sizeof (sha));
stun_debug ("\n received: ");
stun_debug_bytes (hash, sizeof (sha));
stun_debug ("\n");
if (memcmp (sha, hash, sizeof (sha))) {
stun_debug ("STUN auth error: SHA1 fingerprint mismatch!\n");
return STUN_VALIDATION_UNAUTHORIZED;
}
stun_debug ("STUN auth: OK!\n");
msg->key = key;
msg->key_len = key_len;
} else if (!(stun_message_get_class (msg) == STUN_ERROR &&
stun_message_find_error (msg, &error_code) ==
STUN_MESSAGE_RETURN_SUCCESS &&
(error_code == 400 || error_code == 401))) {
stun_debug ("STUN auth error: No message integrity attribute!\n");
return STUN_VALIDATION_UNAUTHORIZED;
}
}
if (sent_id_idx != -1 && sent_id_idx < STUN_AGENT_MAX_SAVED_IDS) {
agent->sent_ids[sent_id_idx].valid = FALSE;
}
if (stun_agent_find_unknowns (agent, msg, &unknown, 1) > 0) {
if (stun_message_get_class (msg) == STUN_REQUEST)
return STUN_VALIDATION_UNKNOWN_REQUEST_ATTRIBUTE;
else
return STUN_VALIDATION_UNKNOWN_ATTRIBUTE;
}
return STUN_VALIDATION_SUCCESS;
}
StunUsageTurnReturn stun_usage_turn_process (StunMessage *msg,
struct sockaddr *relay_addr, socklen_t *relay_addrlen,
struct sockaddr *addr, socklen_t *addrlen,
struct sockaddr *alternate_server, socklen_t *alternate_server_len,
uint32_t *bandwidth, uint32_t *lifetime,
StunUsageTurnCompatibility compatibility)
{
int val, code = -1;
StunUsageTurnReturn ret = STUN_USAGE_TURN_RETURN_RELAY_SUCCESS;
if (stun_message_get_method (msg) != STUN_ALLOCATE)
return STUN_USAGE_TURN_RETURN_INVALID;
switch (stun_message_get_class (msg))
{
case STUN_REQUEST:
case STUN_INDICATION:
return STUN_USAGE_TURN_RETURN_INVALID;
case STUN_RESPONSE:
break;
case STUN_ERROR:
if (stun_message_find_error (msg, &code) != STUN_MESSAGE_RETURN_SUCCESS) {
/* missing ERROR-CODE: ignore message */
return STUN_USAGE_TURN_RETURN_INVALID;
}
/* NOTE: currently we ignore unauthenticated messages if the context
* is authenticated, for security reasons. */
stun_debug (" STUN error message received (code: %d)\n", code);
/* ALTERNATE-SERVER mechanism */
if ((code / 100) == 3) {
if (alternate_server && alternate_server_len) {
if (stun_message_find_addr (msg, STUN_ATTRIBUTE_ALTERNATE_SERVER,
alternate_server, alternate_server_len) !=
STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug (" Unexpectedly missing ALTERNATE-SERVER attribute\n");
return STUN_USAGE_TURN_RETURN_ERROR;
}
} else {
if (!stun_message_has_attribute (msg,
STUN_ATTRIBUTE_ALTERNATE_SERVER)) {
stun_debug (" Unexpectedly missing ALTERNATE-SERVER attribute\n");
return STUN_USAGE_TURN_RETURN_ERROR;
}
}
stun_debug ("Found alternate server\n");
return STUN_USAGE_TURN_RETURN_ALTERNATE_SERVER;
}
return STUN_USAGE_TURN_RETURN_ERROR;
}
stun_debug ("Received %u-bytes STUN message\n", stun_message_length (msg));
if (compatibility == STUN_USAGE_TURN_COMPATIBILITY_DRAFT9) {
val = stun_message_find_xor_addr (msg,
STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS, addr, addrlen);
if (val == STUN_MESSAGE_RETURN_SUCCESS)
ret = STUN_USAGE_TURN_RETURN_MAPPED_SUCCESS;
val = stun_message_find_xor_addr (msg,
STUN_ATTRIBUTE_RELAY_ADDRESS, relay_addr, relay_addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug (" No RELAYED-ADDRESS: %d\n", val);
return STUN_USAGE_TURN_RETURN_ERROR;
}
} else if (compatibility == STUN_USAGE_TURN_COMPATIBILITY_GOOGLE) {
val = stun_message_find_addr (msg,
STUN_ATTRIBUTE_MAPPED_ADDRESS, relay_addr, relay_addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug (" No MAPPED-ADDRESS: %d\n", val);
return STUN_USAGE_TURN_RETURN_ERROR;
}
} else if (compatibility == STUN_USAGE_TURN_COMPATIBILITY_MSN) {
val = stun_message_find_addr (msg,
STUN_ATTRIBUTE_MSN_MAPPED_ADDRESS, addr, addrlen);
if (val == STUN_MESSAGE_RETURN_SUCCESS)
ret = STUN_USAGE_TURN_RETURN_MAPPED_SUCCESS;
val = stun_message_find_addr (msg,
STUN_ATTRIBUTE_MAPPED_ADDRESS, relay_addr, relay_addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug (" No MAPPED-ADDRESS: %d\n", val);
return STUN_USAGE_TURN_RETURN_ERROR;
}
}
stun_message_find32 (msg, STUN_ATTRIBUTE_LIFETIME, lifetime);
stun_message_find32 (msg, STUN_ATTRIBUTE_BANDWIDTH, bandwidth);
stun_debug (" Mapped address found!\n");
return ret;
}
size_t stun_agent_finish_message (StunAgent *agent, StunMessage *msg,
const uint8_t *key, size_t key_len)
{
uint8_t *ptr;
uint32_t fpr;
int saved_id_idx = 0;
uint8_t md5[16];
if (stun_message_get_class (msg) == STUN_REQUEST) {
for (saved_id_idx = 0; saved_id_idx < STUN_AGENT_MAX_SAVED_IDS; saved_id_idx++) {
if (agent->sent_ids[saved_id_idx].valid == FALSE) {
break;
}
}
}
if (saved_id_idx == STUN_AGENT_MAX_SAVED_IDS) {
stun_debug ("Saved ids full");
return 0;
}
if (msg->key != NULL) {
key = msg->key;
key_len = msg->key_len;
}
if (key != NULL) {
bool skip = FALSE;
if (msg->long_term_valid) {
memcpy (md5, msg->long_term_key, sizeof(msg->long_term_key));
} else if (agent->usage_flags & STUN_AGENT_USAGE_LONG_TERM_CREDENTIALS) {
uint8_t *realm = NULL;
uint8_t *username = NULL;
uint16_t realm_len;
uint16_t username_len;
realm = (uint8_t *) stun_message_find (msg,
STUN_ATTRIBUTE_REALM, &realm_len);
username = (uint8_t *) stun_message_find (msg,
STUN_ATTRIBUTE_USERNAME, &username_len);
if (username == NULL || realm == NULL) {
skip = TRUE;
} else {
stun_hash_creds (realm, realm_len,
username, username_len,
key, key_len, md5);
}
memcpy (msg->long_term_key, md5, sizeof(msg->long_term_key));
msg->long_term_valid = TRUE;
}
/* If no realm/username and long term credentials,
then don't send the message integrity */
if (skip == FALSE) {
ptr = stun_message_append (msg, STUN_ATTRIBUTE_MESSAGE_INTEGRITY, 20);
if (ptr == NULL) {
return 0;
}
if (agent->usage_flags & STUN_AGENT_USAGE_LONG_TERM_CREDENTIALS) {
if (agent->compatibility == STUN_COMPATIBILITY_RFC3489) {
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - 20, ptr, md5, sizeof(md5), TRUE);
} else if (agent->compatibility == STUN_COMPATIBILITY_WLM2009) {
size_t minus = 20;
if (agent->usage_flags & STUN_AGENT_USAGE_USE_FINGERPRINT)
minus -= 8;
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - minus, ptr, md5, sizeof(md5), TRUE);
} else {
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - 20, ptr, md5, sizeof(md5), FALSE);
}
} else {
if (agent->compatibility == STUN_COMPATIBILITY_RFC3489) {
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - 20, ptr, key, key_len, TRUE);
} else if (agent->compatibility == STUN_COMPATIBILITY_WLM2009) {
size_t minus = 20;
if (agent->usage_flags & STUN_AGENT_USAGE_USE_FINGERPRINT)
minus -= 8;
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - minus, ptr, key, key_len, TRUE);
} else {
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - 20, ptr, key, key_len, FALSE);
}
}
stun_debug (" Message HMAC-SHA1 message integrity:"
"\n key : ");
stun_debug_bytes (key, key_len);
stun_debug ("\n sent : ");
stun_debug_bytes (ptr, 20);
stun_debug ("\n");
}
}
if ((agent->compatibility == STUN_COMPATIBILITY_RFC5389 ||
agent->compatibility == STUN_COMPATIBILITY_WLM2009) &&
agent->usage_flags & STUN_AGENT_USAGE_USE_FINGERPRINT) {
ptr = stun_message_append (msg, STUN_ATTRIBUTE_FINGERPRINT, 4);
if (ptr == NULL) {
return 0;
}
fpr = stun_fingerprint (msg->buffer, stun_message_length (msg),
agent->compatibility == STUN_COMPATIBILITY_WLM2009);
memcpy (ptr, &fpr, sizeof (fpr));
stun_debug (" Message HMAC-SHA1 fingerprint: ");
stun_debug_bytes (ptr, 4);
stun_debug ("\n");
}
if (stun_message_get_class (msg) == STUN_REQUEST) {
stun_message_id (msg, agent->sent_ids[saved_id_idx].id);
agent->sent_ids[saved_id_idx].method = stun_message_get_method (msg);
agent->sent_ids[saved_id_idx].key = (uint8_t *) key;
agent->sent_ids[saved_id_idx].key_len = key_len;
memcpy (agent->sent_ids[saved_id_idx].long_term_key, msg->long_term_key,
sizeof(msg->long_term_key));
agent->sent_ids[saved_id_idx].long_term_valid = msg->long_term_valid;
agent->sent_ids[saved_id_idx].valid = TRUE;
}
msg->key = (uint8_t *) key;
msg->key_len = key_len;
return stun_message_length (msg);
}
size_t stun_agent_finish_message (StunAgent *agent, StunMessage *msg,
const uint8_t *key, size_t key_len)
{
uint8_t *ptr;
uint32_t fpr;
int saved_id_idx = 0;
uint8_t md5[16];
bool remember_transaction;
remember_transaction = (stun_message_get_class (msg) == STUN_REQUEST);
if (agent->compatibility == STUN_COMPATIBILITY_OC2007 &&
stun_message_get_method (msg) == STUN_SEND) {
/* As per [MS-TURN] Section 2.2.1, the TURN server doesn't send responses to
* STUN_SEND requests, so don't bother waiting for them. More details at
* https://msdn.microsoft.com/en-us/library/dd946797%28v=office.12%29.aspx.
*/
remember_transaction = FALSE;
}
if (remember_transaction) {
for (saved_id_idx = 0; saved_id_idx < STUN_AGENT_MAX_SAVED_IDS; saved_id_idx++) {
if (agent->sent_ids[saved_id_idx].valid == FALSE) {
break;
}
}
}
if (saved_id_idx == STUN_AGENT_MAX_SAVED_IDS) {
stun_debug ("WARNING: Saved IDs full. STUN message dropped.");
return 0;
}
if (msg->key != NULL) {
key = msg->key;
key_len = msg->key_len;
}
if (key != NULL) {
bool skip = FALSE;
if (msg->long_term_valid) {
memcpy (md5, msg->long_term_key, sizeof(msg->long_term_key));
} else if (agent->usage_flags & STUN_AGENT_USAGE_LONG_TERM_CREDENTIALS) {
uint8_t *realm = NULL;
uint8_t *username = NULL;
uint16_t realm_len;
uint16_t username_len;
realm = (uint8_t *) stun_message_find (msg,
STUN_ATTRIBUTE_REALM, &realm_len);
username = (uint8_t *) stun_message_find (msg,
STUN_ATTRIBUTE_USERNAME, &username_len);
if (username == NULL || realm == NULL) {
skip = TRUE;
} else {
stun_hash_creds (realm, realm_len,
username, username_len,
key, key_len, md5);
memcpy (msg->long_term_key, md5, sizeof(msg->long_term_key));
msg->long_term_valid = TRUE;
}
}
/* If no realm/username and long term credentials,
then don't send the message integrity */
if (skip == FALSE) {
ptr = stun_message_append (msg, STUN_ATTRIBUTE_MESSAGE_INTEGRITY, 20);
if (ptr == NULL) {
return 0;
}
if (agent->usage_flags & STUN_AGENT_USAGE_LONG_TERM_CREDENTIALS) {
if (agent->compatibility == STUN_COMPATIBILITY_RFC3489 ||
agent->compatibility == STUN_COMPATIBILITY_OC2007) {
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - 20, ptr, md5, sizeof(md5), TRUE);
} else if (agent->compatibility == STUN_COMPATIBILITY_WLM2009) {
size_t minus = 20;
if (agent->usage_flags & STUN_AGENT_USAGE_USE_FINGERPRINT)
minus -= 8;
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - minus, ptr, md5, sizeof(md5), TRUE);
} else {
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - 20, ptr, md5, sizeof(md5), FALSE);
}
} else {
if (agent->compatibility == STUN_COMPATIBILITY_RFC3489 ||
agent->compatibility == STUN_COMPATIBILITY_OC2007) {
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - 20, ptr, key, key_len, TRUE);
} else if (agent->compatibility == STUN_COMPATIBILITY_WLM2009) {
size_t minus = 20;
if (agent->usage_flags & STUN_AGENT_USAGE_USE_FINGERPRINT)
minus -= 8;
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - minus, ptr, key, key_len, TRUE);
} else {
stun_sha1 (msg->buffer, stun_message_length (msg),
stun_message_length (msg) - 20, ptr, key, key_len, FALSE);
}
}
stun_debug (" Message HMAC-SHA1 message integrity:");
stun_debug_bytes (" key : ", key, key_len);
stun_debug_bytes (" sent : ", ptr, 20);
}
}
if ((agent->compatibility == STUN_COMPATIBILITY_RFC5389 ||
agent->compatibility == STUN_COMPATIBILITY_WLM2009) &&
agent->usage_flags & STUN_AGENT_USAGE_USE_FINGERPRINT) {
ptr = stun_message_append (msg, STUN_ATTRIBUTE_FINGERPRINT, 4);
if (ptr == NULL) {
return 0;
}
fpr = stun_fingerprint (msg->buffer, stun_message_length (msg),
agent->compatibility == STUN_COMPATIBILITY_WLM2009);
memcpy (ptr, &fpr, sizeof (fpr));
stun_debug_bytes (" Message HMAC-SHA1 fingerprint: ", ptr, 4);
}
if (remember_transaction) {
stun_message_id (msg, agent->sent_ids[saved_id_idx].id);
agent->sent_ids[saved_id_idx].method = stun_message_get_method (msg);
agent->sent_ids[saved_id_idx].key = (uint8_t *) key;
agent->sent_ids[saved_id_idx].key_len = key_len;
memcpy (agent->sent_ids[saved_id_idx].long_term_key, msg->long_term_key,
sizeof(msg->long_term_key));
agent->sent_ids[saved_id_idx].long_term_valid = msg->long_term_valid;
agent->sent_ids[saved_id_idx].valid = TRUE;
}
msg->key = (uint8_t *) key;
msg->key_len = key_len;
return stun_message_length (msg);
}
StunUsageIceReturn stun_usage_ice_conncheck_process (StunMessage *msg,
struct sockaddr *addr, socklen_t *addrlen,
StunUsageIceCompatibility compatibility)
{
int code = -1;
StunMessageReturn val;
if (stun_message_get_method (msg) != STUN_BINDING)
return STUN_USAGE_ICE_RETURN_INVALID;
switch (stun_message_get_class (msg))
{
case STUN_REQUEST:
case STUN_INDICATION:
return STUN_USAGE_ICE_RETURN_INVALID;
case STUN_RESPONSE:
break;
case STUN_ERROR:
if (stun_message_find_error (msg, &code) != STUN_MESSAGE_RETURN_SUCCESS) {
/* missing ERROR-CODE: ignore message */
return STUN_USAGE_ICE_RETURN_INVALID;
}
if (code == STUN_ERROR_ROLE_CONFLICT)
return STUN_USAGE_ICE_RETURN_ROLE_CONFLICT;
/* NOTE: currently we ignore unauthenticated messages if the context
* is authenticated, for security reasons. */
stun_debug (" STUN error message received (code: %d)\n", code);
return STUN_USAGE_ICE_RETURN_ERROR;
}
stun_debug ("Received %u-bytes STUN message\n", stun_message_length (msg));
if (compatibility == STUN_USAGE_ICE_COMPATIBILITY_MSN) {
StunTransactionId transid;
uint32_t magic_cookie;
stun_message_id (msg, transid);
magic_cookie = *((uint32_t *) transid);
val = stun_message_find_xor_addr_full (msg,
STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS, addr, addrlen, htonl (magic_cookie));
} else {
val = stun_message_find_xor_addr (msg,
STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS, addr, addrlen);
}
if (val != STUN_MESSAGE_RETURN_SUCCESS)
{
stun_debug (" No XOR-MAPPED-ADDRESS: %d\n", val);
val = stun_message_find_addr (msg,
STUN_ATTRIBUTE_MAPPED_ADDRESS, addr, addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS)
{
stun_debug (" No MAPPED-ADDRESS: %d\n", val);
return STUN_USAGE_ICE_RETURN_NO_MAPPED_ADDRESS;
}
}
stun_debug ("Mapped address found!\n");
return STUN_USAGE_ICE_RETURN_SUCCESS;
}
StunUsageBindReturn stun_usage_bind_process (StunMessage *msg,
struct sockaddr *addr, socklen_t *addrlen,
struct sockaddr *alternate_server, socklen_t *alternate_server_len)
{
int code = -1;
StunMessageReturn val;
if (stun_message_get_method (msg) != STUN_BINDING)
return STUN_USAGE_BIND_RETURN_INVALID;
switch (stun_message_get_class (msg))
{
case STUN_REQUEST:
case STUN_INDICATION:
return STUN_USAGE_BIND_RETURN_INVALID;
case STUN_RESPONSE:
break;
case STUN_ERROR:
if (stun_message_find_error (msg, &code) != STUN_MESSAGE_RETURN_SUCCESS) {
/* missing ERROR-CODE: ignore message */
return STUN_USAGE_BIND_RETURN_INVALID;
}
/* NOTE: currently we ignore unauthenticated messages if the context
* is authenticated, for security reasons. */
stun_debug (" STUN error message received (code: %d)", code);
/* ALTERNATE-SERVER mechanism */
if ((code / 100) == 3) {
if (alternate_server && alternate_server_len) {
if (stun_message_find_addr (msg, STUN_ATTRIBUTE_ALTERNATE_SERVER,
(struct sockaddr_storage *) alternate_server,
alternate_server_len) != STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug (" Unexpectedly missing ALTERNATE-SERVER attribute");
return STUN_USAGE_BIND_RETURN_ERROR;
}
} else {
if (!stun_message_has_attribute (msg, STUN_ATTRIBUTE_ALTERNATE_SERVER)) {
stun_debug (" Unexpectedly missing ALTERNATE-SERVER attribute");
return STUN_USAGE_BIND_RETURN_ERROR;
}
}
stun_debug ("Found alternate server");
return STUN_USAGE_BIND_RETURN_ALTERNATE_SERVER;
}
return STUN_USAGE_BIND_RETURN_ERROR;
default:
/* Fall through. */
break;
}
stun_debug ("Received %u-bytes STUN message", stun_message_length (msg));
val = stun_message_find_xor_addr (msg,
STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS, (struct sockaddr_storage *)addr,
addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS)
{
stun_debug (" No XOR-MAPPED-ADDRESS: %d", val);
val = stun_message_find_addr (msg,
STUN_ATTRIBUTE_MAPPED_ADDRESS, (struct sockaddr_storage *)addr,
addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS)
{
stun_debug (" No MAPPED-ADDRESS: %d", val);
return STUN_USAGE_BIND_RETURN_ERROR;
}
}
stun_debug (" Mapped address found!");
return STUN_USAGE_BIND_RETURN_SUCCESS;
}
/*
* Timer callback that handles scheduling new candidate discovery
* processes (paced by the Ta timer), and handles running of the
* existing discovery processes.
*
* This function is designed for the g_timeout_add() interface.
*
* @return will return FALSE when no more pending timers.
*/
static gboolean priv_discovery_tick_unlocked (gpointer pointer)
{
CandidateDiscovery *cand;
NiceAgent *agent = pointer;
GSList *i;
int not_done = 0; /* note: track whether to continue timer */
size_t buffer_len = 0;
{
static int tick_counter = 0;
if (tick_counter++ % 50 == 0)
nice_debug ("Agent %p : discovery tick #%d with list %p (1)", agent, tick_counter, agent->discovery_list);
}
for (i = agent->discovery_list; i ; i = i->next) {
cand = i->data;
if (cand->pending != TRUE) {
cand->pending = TRUE;
if (agent->discovery_unsched_items)
--agent->discovery_unsched_items;
if (nice_debug_is_enabled ()) {
gchar tmpbuf[INET6_ADDRSTRLEN];
nice_address_to_string (&cand->server, tmpbuf);
nice_debug ("Agent %p : discovery - scheduling cand type %u addr %s.",
agent, cand->type, tmpbuf);
}
if (nice_address_is_valid (&cand->server) &&
(cand->type == NICE_CANDIDATE_TYPE_SERVER_REFLEXIVE ||
cand->type == NICE_CANDIDATE_TYPE_RELAYED)) {
if (cand->component->state == NICE_COMPONENT_STATE_DISCONNECTED ||
cand->component->state == NICE_COMPONENT_STATE_FAILED)
agent_signal_component_state_change (agent,
cand->stream->id,
cand->component->id,
NICE_COMPONENT_STATE_GATHERING);
if (cand->type == NICE_CANDIDATE_TYPE_SERVER_REFLEXIVE) {
buffer_len = stun_usage_bind_create (&cand->stun_agent,
&cand->stun_message, cand->stun_buffer, sizeof(cand->stun_buffer));
} else if (cand->type == NICE_CANDIDATE_TYPE_RELAYED) {
uint8_t *username = (uint8_t *)cand->turn->username;
gsize username_len = strlen (cand->turn->username);
uint8_t *password = (uint8_t *)cand->turn->password;
gsize password_len = strlen (cand->turn->password);
StunUsageTurnCompatibility turn_compat =
agent_to_turn_compatibility (agent);
if (turn_compat == STUN_USAGE_TURN_COMPATIBILITY_MSN ||
turn_compat == STUN_USAGE_TURN_COMPATIBILITY_OC2007) {
username = g_base64_decode ((gchar *)username, &username_len);
password = g_base64_decode ((gchar *)password, &password_len);
}
buffer_len = stun_usage_turn_create (&cand->stun_agent,
&cand->stun_message, cand->stun_buffer, sizeof(cand->stun_buffer),
cand->stun_resp_msg.buffer == NULL ? NULL : &cand->stun_resp_msg,
STUN_USAGE_TURN_REQUEST_PORT_NORMAL,
-1, -1,
username, username_len,
password, password_len,
turn_compat);
if (turn_compat == STUN_USAGE_TURN_COMPATIBILITY_MSN ||
turn_compat == STUN_USAGE_TURN_COMPATIBILITY_OC2007) {
g_free (username);
g_free (password);
}
}
if (buffer_len > 0) {
if (nice_socket_is_reliable (cand->nicesock)) {
stun_timer_start_reliable (&cand->timer, agent->stun_reliable_timeout);
} else {
stun_timer_start (&cand->timer,
agent->stun_initial_timeout,
agent->stun_max_retransmissions);
}
/* send the conncheck */
agent_socket_send (cand->nicesock, &cand->server,
buffer_len, (gchar *)cand->stun_buffer);
/* case: success, start waiting for the result */
g_get_current_time (&cand->next_tick);
} else {
/* case: error in starting discovery, start the next discovery */
cand->done = TRUE;
cand->stun_message.buffer = NULL;
cand->stun_message.buffer_len = 0;
continue;
}
}
else
/* allocate relayed candidates */
g_assert_not_reached ();
++not_done; /* note: new discovery scheduled */
}
if (cand->done != TRUE) {
GTimeVal now;
g_get_current_time (&now);
if (cand->stun_message.buffer == NULL) {
nice_debug ("Agent %p : STUN discovery was cancelled, marking discovery done.", agent);
cand->done = TRUE;
}
else if (priv_timer_expired (&cand->next_tick, &now)) {
switch (stun_timer_refresh (&cand->timer)) {
case STUN_USAGE_TIMER_RETURN_TIMEOUT:
{
/* Time out */
/* case: error, abort processing */
StunTransactionId id;
stun_message_id (&cand->stun_message, id);
stun_agent_forget_transaction (&cand->stun_agent, id);
cand->done = TRUE;
cand->stun_message.buffer = NULL;
cand->stun_message.buffer_len = 0;
nice_debug ("Agent %p : bind discovery timed out, aborting discovery item.", agent);
break;
}
case STUN_USAGE_TIMER_RETURN_RETRANSMIT:
{
/* case: not ready complete, so schedule next timeout */
unsigned int timeout = stun_timer_remainder (&cand->timer);
stun_debug ("STUN transaction retransmitted (timeout %dms).",
timeout);
/* retransmit */
agent_socket_send (cand->nicesock, &cand->server,
stun_message_length (&cand->stun_message),
(gchar *)cand->stun_buffer);
/* note: convert from milli to microseconds for g_time_val_add() */
cand->next_tick = now;
g_time_val_add (&cand->next_tick, timeout * 1000);
++not_done; /* note: retry later */
break;
}
case STUN_USAGE_TIMER_RETURN_SUCCESS:
{
unsigned int timeout = stun_timer_remainder (&cand->timer);
cand->next_tick = now;
g_time_val_add (&cand->next_tick, timeout * 1000);
++not_done; /* note: retry later */
break;
}
default:
/* Nothing to do. */
break;
}
} else {
++not_done; /* note: discovery not expired yet */
}
}
}
if (not_done == 0) {
nice_debug ("Agent %p : Candidate gathering FINISHED, stopping discovery timer.", agent);
discovery_free (agent);
agent_gathering_done (agent);
/* note: no pending timers, return FALSE to stop timer */
return FALSE;
}
return TRUE;
}
static void test_vectors (void)
{
/* Request message */
static unsigned char req[] =
{0x00, 0x01, 0x00, 0x44,
0x21, 0x12, 0xa4, 0x42,
0xb7, 0xe7, 0xa7, 0x01,
0xbc, 0x34, 0xd6, 0x86,
0xfa, 0x87, 0xdf, 0xae,
0x00, 0x24, 0x00, 0x04, // PRIORITY
0x6e, 0x00, 0x01, 0xff,
0x80, 0x29, 0x00, 0x08, // ICE_CONTROLLED
0x93, 0x2f, 0xf9, 0xb1,
0x51, 0x26, 0x3b, 0x36,
0x00, 0x06, 0x00, 0x09, // USERNAME
0x65, 0x76, 0x74, 0x6a,
0x3a, 0x68, 0x36, 0x76,
0x59, 0x20, 0x20, 0x20,
0x00, 0x08, 0x00, 0x14, // MESSAGE_INTEGRITY
0x62, 0x4e, 0xeb, 0xdc,
0x3c, 0xc9, 0x2d, 0xd8,
0x4b, 0x74, 0xbf, 0x85,
0xd1, 0xc0, 0xf5, 0xde,
0x36, 0x87, 0xbd, 0x33,
0x80, 0x28, 0x00, 0x04, // FINGERPRINT
0xad, 0x8a, 0x85, 0xff};
static const unsigned char req2[] =
{0x00, 0x01, 0x00, 0x44,
0x21, 0x12, 0xa4, 0x42,
0xb7, 0xe7, 0xa7, 0x01,
0xbc, 0x34, 0xd6, 0x86,
0xfa, 0x87, 0xdf, 0xae,
0x00, 0x24, 0x00, 0x04, // PRIORITY
0x6e, 0x00, 0x01, 0xff,
0x80, 0x29, 0x00, 0x08, // ICE_CONTROLLED
0x93, 0x2f, 0xf9, 0xb1,
0x51, 0x26, 0x3b, 0x36,
0x00, 0x06, 0x00, 0x09, // USERNAME
0x65, 0x76, 0x74, 0x6a,
0x3a, 0x68, 0x36, 0x76,
0x59, 0x20, 0x20, 0x20,
0x00, 0x08, 0x00, 0x14, // MESSAGE_INTEGRITY
0x62, 0x4e, 0xeb, 0xdc,
0x3c, 0xc9, 0x2d, 0xd8,
0x4b, 0x74, 0xbf, 0x85,
0xd1, 0xc0, 0xf5, 0xde,
0x36, 0x87, 0xbd, 0x33,
0x80, 0x28, 0x00, 0x04, // FINGERPRINT
0xad, 0x8a, 0x85, 0xff};
/* Response message */
static const unsigned char respv4[] =
{0x01, 0x01, 0x00, 0x4c,
0x21, 0x12, 0xa4, 0x42,
0xb7, 0xe7, 0xa7, 0x01,
0xbc, 0x34, 0xd6, 0x86,
0xfa, 0x87, 0xdf, 0xae,
0x80, 0x22, 0x00, 0x0b, // SERVER
0x74, 0x65, 0x73, 0x74,
0x20, 0x76, 0x65, 0x63,
0x74, 0x6f, 0x72, 0x20,
0x00, 0x20, 0x00, 0x08, // XOR_MAPPED_ADDRESS
0x00, 0x01, 0xa1, 0x47,
0xe1, 0x12, 0xa6, 0x43,
0x00, 0x06, 0x00, 0x09, // USERNAME
0x65, 0x76, 0x74, 0x6a,
0x3a, 0x68, 0x36, 0x76,
0x59, 0x20, 0x20, 0x20,
0x00, 0x08, 0x00, 0x14, // MESSAGE_INTEGRITY
0x7d, 0xb7, 0xfc, 0x52,
0x70, 0xc6, 0xdb, 0x1f,
0xc3, 0x26, 0x34, 0xbb,
0x4c, 0x64, 0x6e, 0xe7,
0x1d, 0xb3, 0x78, 0x4a,
0x80, 0x28, 0x00, 0x04, // FINGERPRINT
0xf0, 0x60, 0x66, 0xa9};
static const unsigned char respv6[] =
{0x01, 0x01, 0x00, 0x58,
0x21, 0x12, 0xa4, 0x42,
0xb7, 0xe7, 0xa7, 0x01,
0xbc, 0x34, 0xd6, 0x86,
0xfa, 0x87, 0xdf, 0xae,
0x80, 0x22, 0x00, 0x0b, // SERVER
0x74, 0x65, 0x73, 0x74,
0x20, 0x76, 0x65, 0x63,
0x74, 0x6f, 0x72, 0x20,
0x00, 0x20, 0x00, 0x14, // XOR_MAPPED_ADDRESS
0x00, 0x02, 0xa1, 0x47,
0x01, 0x13, 0xa9, 0xfa,
0xa5, 0xd3, 0xf1, 0x79,
0xbc, 0x25, 0xf4, 0xb5,
0xbe, 0xd2, 0xb9, 0xd9,
0x00, 0x06, 0x00, 0x09, // USERNAME
0x65, 0x76, 0x74, 0x6a,
0x3a, 0x68, 0x36, 0x76,
0x59, 0x20, 0x20, 0x20,
0x00, 0x08, 0x00, 0x14, // MESSAGE_INTEGRITY
0x21, 0xcb, 0xbd, 0x25,
0x1a, 0x8c, 0x4c, 0x38,
0x8c, 0xc5, 0xcd, 0xb3,
0x27, 0x6a, 0xf5, 0x61,
0xb2, 0x21, 0xc8, 0x2b,
0x80, 0x28, 0x00, 0x04, // FINGERPRINT
0xec, 0x27, 0xae, 0xb7};
struct sockaddr_in ip4;
struct sockaddr_in6 ip6;
socklen_t addrlen;
StunAgent agent;
StunMessage msg;
StunMessage msg2;
uint16_t known_attributes[] = {
STUN_ATTRIBUTE_MESSAGE_INTEGRITY,
STUN_ATTRIBUTE_USERNAME,
STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS,
STUN_ATTRIBUTE_PRIORITY, 0};
stun_agent_init (&agent, known_attributes,
STUN_COMPATIBILITY_RFC5389,
STUN_AGENT_USAGE_SHORT_TERM_CREDENTIALS |
STUN_AGENT_USAGE_USE_FINGERPRINT);
memset (&ip4, 0, sizeof (ip4));
memset (&ip6, 0, sizeof (ip6));
puts ("Checking test vectors...");
if (stun_agent_validate (&agent, &msg2, req2, sizeof(req2),
test_vector_validater, (void *) 1) != STUN_VALIDATION_SUCCESS)
fatal ("Request test vector authentication failed");
if (stun_agent_validate (&agent, &msg, req, sizeof(req),
test_vector_validater, (void *) 1) != STUN_VALIDATION_SUCCESS)
fatal ("Request test vector authentication failed");
/* Remove the message-integrity and fingerprint attributes */
req[3] = 0x24;
if (stun_message_length (&msg) != sizeof(req) - 32)
fatal ("vector test: removing attributes failed");
stun_agent_finish_message (&agent, &msg, vector_password, strlen (vector_password));
if (stun_message_length (&msg) != stun_message_length (&msg2) ||
memcmp (req, req2, sizeof(req)) != 0)
fatal ("vector test : req and req2 are different");
if (stun_agent_validate (&agent, &msg, respv4, sizeof(respv4),
test_vector_validater, (void *) 0) != STUN_VALIDATION_SUCCESS)
fatal ("Response ipv4 test vector authentication failed");
if (stun_agent_validate (&agent, &msg, respv4, sizeof(respv4),
test_vector_validater, (void *) 0) != STUN_VALIDATION_UNMATCHED_RESPONSE)
fatal ("Response ipv4 test vector authentication failed");
addrlen = sizeof (ip4);
if (stun_message_find_xor_addr (&msg, STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS,
(struct sockaddr *)&ip4, &addrlen) != STUN_MESSAGE_RETURN_SUCCESS)
fatal ("Response test vector IPv4 extraction failed");
if (ip4.sin_family != AF_INET)
fatal ("Response test vector IPv4 family failed");
if (ntohl (ip4.sin_addr.s_addr) != 0xC0000201)
fatal ("Response test vector IPv4 address failed");
if (ntohs (ip4.sin_port) != 32853)
fatal ("Response test vector IPv6 port failed");
if (stun_agent_validate (&agent, &msg, req, sizeof(req),
test_vector_validater, (void *) 1) != STUN_VALIDATION_SUCCESS)
fatal ("Request test vector second authentication failed");
/* Remove the fingerprint attributes */
msg.key = NULL;
msg.key_len = 0;
req[3] = 0x3C;
if (stun_message_length (&msg) != sizeof(req) - 8)
fatal ("vector test: removing attributes failed");
stun_agent_finish_message (&agent, &msg, NULL, 0);
if (stun_message_length (&msg) != stun_message_length (&msg2) ||
memcmp (req, req2, sizeof(req)) != 0)
fatal ("vector test : req and req2 are different");
if (stun_agent_validate (&agent, &msg, respv6, sizeof(respv6),
test_vector_validater, (void *) 1) != STUN_VALIDATION_SUCCESS)
fatal ("Response ipv6 test vector authentication failed");
addrlen = sizeof (ip6);
if (stun_message_find_xor_addr (&msg, STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS,
(struct sockaddr *)&ip6, &addrlen) != STUN_MESSAGE_RETURN_SUCCESS)
fatal ("Response test vector IPv6 extraction failed");
if (ip6.sin6_family != AF_INET6)
fatal ("Response test vector IPv6 family failed");
if (memcmp (ip6.sin6_addr.s6_addr, "\x20\x01\x0d\xb8\x12\x34\x56\x78"
"\x00\x11\x22\x33\x44\x55\x66\x77", 16) != 0)
fatal ("Response test vector IPv6 address failed");
if (ntohs (ip6.sin6_port) != 32853)
fatal ("Response test vector IPv6 port failed");
puts ("Done.");
}
