The Tor Browser: media/mtransport/third_party/nICEr/src/stun/stun

media/mtransport/third_party/nICEr/src/stun/stun_build.c@6474c204b198 (annotated)

media/mtransport/third_party/nICEr/src/stun/stun_build.c

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 /*
 Copyright (c) 2007, Adobe Systems, Incorporated
 All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
 met:
 * Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
 * Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.
 * Neither the name of Adobe Systems, Network Resonance nor the names of its
   contributors may be used to endorse or promote products derived from
   this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 static char *RCSSTRING __UNUSED__="$Id: stun_build.c,v 1.2 2008/04/28 18:21:30 ekr Exp $";
 #include <csi_platform.h>
 #include <assert.h>
 #include <errno.h>
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
 #include "nr_api.h"
 #include "stun.h"
 #include "registry.h"
 #include "stun_reg.h"
 #include "nr_crypto.h"
 /* draft-ietf-behave-rfc3489bis-10.txt S 7.1 */
 /* draft-ietf-behave-rfc3489bis-10.txt S 10.1.1 */
 /* note that S 10.1.1 states the message MUST include MESSAGE-INTEGRITY
  * and USERNAME, but that's not correct -- for instance ICE keepalive
  * messages don't include these (See draft-ietf-mmusic-ice-18.txt S 10:
  * "If STUN is being used for keepalives, a STUN Binding Indication is
  * used.  The Indication MUST NOT utilize any authentication mechanism")
  */
 int
 nr_stun_form_request_or_indication(int mode, int msg_type, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *req = 0;
    assert(NR_STUN_GET_TYPE_CLASS(msg_type) == NR_CLASS_REQUEST
        || NR_STUN_GET_TYPE_CLASS(msg_type) == NR_CLASS_INDICATION);
    *msg = 0;
    if ((r=nr_stun_message_create(&req)))
        ABORT(r);
    req->header.type = msg_type;
    nr_crypto_random_bytes((UCHAR*)&req->header.id,sizeof(req->header.id));
    switch (mode) {
    default:
        req->header.magic_cookie = NR_STUN_MAGIC_COOKIE;
        if ((r=nr_stun_message_add_fingerprint_attribute(req)))
            ABORT(r);
        break;
 #ifdef USE_STUND_0_96
    case NR_STUN_MODE_STUND_0_96:
        req->header.magic_cookie = NR_STUN_MAGIC_COOKIE2;
        /* actually, stund 0.96 just ignores the fingerprint
         * attribute, but don't bother to send it */
        break;
 #endif /* USE_STUND_0_96 */
    }
    *msg = req;
    _status=0;
  abort:
    if (_status) RFREE(req);
    return _status;
 }
 int
 nr_stun_build_req_lt_auth(nr_stun_client_stun_binding_request_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *req = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_REQUEST, &req)))
        ABORT(r);
    if ((r=nr_stun_message_add_username_attribute(req, params->username)))
        ABORT(r);
    if (params->realm && params->nonce) {
        if ((r=nr_stun_message_add_realm_attribute(req, params->realm)))
            ABORT(r);
        if ((r=nr_stun_message_add_nonce_attribute(req, params->nonce)))
            ABORT(r);
        if ((r=nr_stun_message_add_message_integrity_attribute(req, params->password)))
            ABORT(r);
    }
    *msg = req;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&req);
    return _status;
 }
 int
 nr_stun_build_req_st_auth(nr_stun_client_stun_binding_request_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *req = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_REQUEST, &req)))
        ABORT(r);
    if ((r=nr_stun_message_add_username_attribute(req, params->username)))
        ABORT(r);
    if (params->password) {
        if ((r=nr_stun_message_add_message_integrity_attribute(req, params->password)))
            ABORT(r);
    }
    *msg = req;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&req);
    return _status;
 }
 int
 nr_stun_build_req_no_auth(nr_stun_client_stun_binding_request_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *req = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_REQUEST, &req)))
        ABORT(r);
    *msg = req;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&req);
    return _status;
 }
 int
 nr_stun_build_keepalive(nr_stun_client_stun_keepalive_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *ind = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_INDICATION, &ind)))
        ABORT(r);
    *msg = ind;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&ind);
    return _status;
 }
 #ifdef USE_STUND_0_96
 int
 nr_stun_build_req_stund_0_96(nr_stun_client_stun_binding_request_stund_0_96_params *params, nr_stun_message **msg)
 {
     int r,_status;
     nr_stun_message *req = 0;
     if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUND_0_96, NR_STUN_MSG_BINDING_REQUEST, &req)))
         ABORT(r);
     if ((r=nr_stun_message_add_change_request_attribute(req, 0)))
         ABORT(r);
     assert(! nr_stun_message_has_attribute(req, NR_STUN_ATTR_USERNAME, 0));
     assert(! nr_stun_message_has_attribute(req, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0));
     *msg = req;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&req);
    return _status;
 }
 #endif /* USE_STUND_0_96 */
 #ifdef USE_ICE
 int
 nr_stun_build_use_candidate(nr_stun_client_ice_use_candidate_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *req = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_REQUEST, &req)))
        ABORT(r);
    if ((r=nr_stun_message_add_username_attribute(req, params->username)))
        ABORT(r);
    if ((r=nr_stun_message_add_message_integrity_attribute(req, &params->password)))
        ABORT(r);
    if ((r=nr_stun_message_add_use_candidate_attribute(req)))
        ABORT(r);
    if ((r=nr_stun_message_add_priority_attribute(req, params->priority)))
        ABORT(r);
    if ((r=nr_stun_message_add_ice_controlling_attribute(req, params->tiebreaker)))
      ABORT(r);
    *msg = req;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&req);
    return _status;
 }
 int
 nr_stun_build_req_ice(nr_stun_client_ice_binding_request_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *req = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_REQUEST, &req)))
        ABORT(r);
    if ((r=nr_stun_message_add_username_attribute(req, params->username)))
        ABORT(r);
    if ((r=nr_stun_message_add_message_integrity_attribute(req, &params->password)))
        ABORT(r);
    if ((r=nr_stun_message_add_priority_attribute(req, params->priority)))
        ABORT(r);
    switch (params->control) {
    case NR_ICE_CONTROLLING:
        if ((r=nr_stun_message_add_ice_controlling_attribute(req, params->tiebreaker)))
            ABORT(r);
        break;
    case NR_ICE_CONTROLLED:
        if ((r=nr_stun_message_add_ice_controlled_attribute(req, params->tiebreaker)))
            ABORT(r);
        break;
    default:
        assert(0);
        ABORT(R_INTERNAL);
    }
    *msg = req;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&req);
    return _status;
 }
 #endif /* USE_ICE */
 #ifdef USE_TURN
 #ifndef __isascii
 #define __isascii(c) (((c) & ~0x7F) == 0)
 #endif
 /* Long-term passwords are computed over the key:
             key = MD5(username ":" realm ":" SASLprep(password))
    Per RFC 5389 S 15.4
 */
 int
 nr_stun_compute_lt_message_integrity_password(const char *username, const char *realm,
                                               Data *password, Data *hmac_key)
 {
   char digest_input[1000];
   int i;
   int r, _status;
   size_t len;
   /* First check that the password is ASCII. We are supposed to
      SASLprep but we don't support this yet
      TODO(ekr@rtfm.com): Add SASLprep for password.
  */
   for (i=0; i<password->len; i++) {
     if (!__isascii(password->data[i]))
       ABORT(R_BAD_DATA);
   }
   if (hmac_key->len < 16)
     ABORT(R_BAD_ARGS);
   snprintf(digest_input, sizeof(digest_input), "%s:%s:", username, realm);
   if ((sizeof(digest_input) - strlen(digest_input)) < password->len)
     ABORT(R_BAD_DATA);
   len = strlen(digest_input);
   memcpy(digest_input + len, password->data, password->len);
   if (r=nr_crypto_md5((UCHAR *)digest_input, len + password->len, hmac_key->data))
     ABORT(r);
   hmac_key->len=16;
   _status=0;
 abort:
   return(_status);
 }
 static int
 nr_stun_build_auth_params(nr_stun_client_auth_params *auth, nr_stun_message *req)
 {
   int r, _status;
   UCHAR hmac_key_d[16];
   Data hmac_key;
   ATTACH_DATA(hmac_key, hmac_key_d);
   if (!auth->authenticate)
     goto done;
   assert(auth->username);
   assert(auth->password.len);
   assert(auth->realm);
   assert(auth->nonce);
   if (r=nr_stun_compute_lt_message_integrity_password(auth->username,
                                                       auth->realm,
                                                       &auth->password,
                                                       &hmac_key))
     ABORT(r);
   if (!auth->username) {
     r_log(NR_LOG_STUN, LOG_WARNING, "STUN authentication requested but no username provided");
     ABORT(R_INTERNAL);
   }
   if (!auth->password.len) {
     r_log(NR_LOG_STUN, LOG_WARNING, "STUN authentication requested but no password provided");
     ABORT(R_INTERNAL);
   }
   if (!auth->realm) {
     r_log(NR_LOG_STUN, LOG_WARNING, "STUN authentication requested but no realm provided");
     ABORT(R_INTERNAL);
   }
   if (!auth->nonce) {
     r_log(NR_LOG_STUN, LOG_WARNING, "STUN authentication requested but no nonce provided");
     ABORT(R_INTERNAL);
   }
   if ((r=nr_stun_message_add_username_attribute(req, auth->username)))
     ABORT(r);
   if ((r=nr_stun_message_add_realm_attribute(req, auth->realm)))
     ABORT(r);
   if ((r=nr_stun_message_add_nonce_attribute(req, auth->nonce)))
     ABORT(r);
   if ((r=nr_stun_message_add_message_integrity_attribute(req, &hmac_key)))
     ABORT(r);
 done:
   _status=0;
 abort:
   return(_status);
 }
 int
 nr_stun_build_allocate_request(nr_stun_client_auth_params *auth, nr_stun_client_allocate_request_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *req = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_ALLOCATE_REQUEST, &req)))
        ABORT(r);
    if ((r=nr_stun_message_add_requested_transport_attribute(req, NR_STUN_ATTR_REQUESTED_TRANSPORT_UDP)))
        ABORT(r);
   if ((r=nr_stun_message_add_lifetime_attribute(req, params->lifetime_secs)))
        ABORT(r);
   /* TODO(ekr@rtfm.com): Add the SOFTWARE attribute (Firefox bug 857666) */
   if ((r=nr_stun_build_auth_params(auth, req)))
        ABORT(r);
    *msg = req;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&req);
    return _status;
 }
 int nr_stun_build_refresh_request(nr_stun_client_auth_params *auth, nr_stun_client_refresh_request_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *req = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_REFRESH_REQUEST, &req)))
        ABORT(r);
   if ((r=nr_stun_message_add_lifetime_attribute(req, params->lifetime_secs)))
        ABORT(r);
   /* TODO(ekr@rtfm.com): Add the SOFTWARE attribute (Firefox bug 857666) */
   if ((r=nr_stun_build_auth_params(auth, req)))
        ABORT(r);
   *msg = req;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&req);
    return _status;
 }
 int nr_stun_build_permission_request(nr_stun_client_auth_params *auth, nr_stun_client_permission_request_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *req = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_PERMISSION_REQUEST, &req)))
        ABORT(r);
    if ((r=nr_stun_message_add_xor_peer_address_attribute(req, &params->remote_addr)))
        ABORT(r);
    if ((r=nr_stun_build_auth_params(auth, req)))
        ABORT(r);
    *msg = req;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&req);
    return _status;
 }
 int
 nr_stun_build_send_indication(nr_stun_client_send_indication_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *ind = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_SEND_INDICATION, &ind)))
        ABORT(r);
    if ((r=nr_stun_message_add_xor_peer_address_attribute(ind, &params->remote_addr)))
        ABORT(r);
    if ((r=nr_stun_message_add_data_attribute(ind, params->data.data, params->data.len)))
        ABORT(r);
    *msg = ind;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&ind);
    return _status;
 }
 int
 nr_stun_build_data_indication(nr_stun_client_data_indication_params *params, nr_stun_message **msg)
 {
    int r,_status;
    nr_stun_message *ind = 0;
    if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_DATA_INDICATION, &ind)))
        ABORT(r);
    if ((r=nr_stun_message_add_xor_peer_address_attribute(ind, &params->remote_addr)))
        ABORT(r);
    if ((r=nr_stun_message_add_data_attribute(ind, params->data.data, params->data.len)))
        ABORT(r);
    *msg = ind;
    _status=0;
  abort:
    if (_status) nr_stun_message_destroy(&ind);
    return _status;
 }
 #endif /* USE_TURN */
 /* draft-ietf-behave-rfc3489bis-10.txt S 7.3.1.1 */
 int
 nr_stun_form_success_response(nr_stun_message *req, nr_transport_addr *from, Data *password, nr_stun_message *res)
 {
     int r,_status;
     int request_method;
     char server_name[NR_STUN_MAX_SERVER_BYTES+1]; /* +1 for \0 */
     /* set up information for default response */
     request_method = NR_STUN_GET_TYPE_METHOD(req->header.type);
     res->header.type = NR_STUN_TYPE(request_method, NR_CLASS_RESPONSE);
     res->header.magic_cookie = req->header.magic_cookie;
     memcpy(&res->header.id, &req->header.id, sizeof(res->header.id));
     r_log(NR_LOG_STUN, LOG_DEBUG, "Mapped Address = %s", from->as_string);
     if ((r=nr_stun_message_add_xor_mapped_address_attribute(res, from)))
         ABORT(r);
     if (!NR_reg_get_string(NR_STUN_REG_PREF_SERVER_NAME, server_name, sizeof(server_name))) {
         if ((r=nr_stun_message_add_server_attribute(res, server_name)))
             ABORT(r);
     }
     if (res->header.magic_cookie == NR_STUN_MAGIC_COOKIE) {
         if (password != 0) {
             if ((r=nr_stun_message_add_message_integrity_attribute(res, password)))
                 ABORT(r);
         }
         if ((r=nr_stun_message_add_fingerprint_attribute(res)))
             ABORT(r);
     }
     _status=0;
  abort:
     return _status;
 }
 /* draft-ietf-behave-rfc3489bis-10.txt S 7.3.1.1 */
 void
 nr_stun_form_error_response(nr_stun_message *req, nr_stun_message* res, int number, char* msg)
 {
     char *str;
     int request_method;
     char server_name[NR_STUN_MAX_SERVER_BYTES+1]; /* +1 for \0 */
     if (number < 300 || number > 699)
         number = 500;
     r_log(NR_LOG_STUN, LOG_INFO, "Responding with error %d: %s", number, msg);
     request_method = NR_STUN_GET_TYPE_METHOD(req->header.type);
     res->header.type = NR_STUN_TYPE(request_method, NR_CLASS_ERROR_RESPONSE);
     res->header.magic_cookie = req->header.magic_cookie;
     memcpy(&res->header.id, &req->header.id, sizeof(res->header.id));
     /* during development we should never see 500s (hopefully not in deployment either) */
     str = 0;
     switch (number) {
     case 300:  str = "Try Alternate";       break;
     case 400:  str = "Bad Request";         break;
     case 401:  str = "Unauthorized";        break;
     case 420:  str = "Unknown Attribute";   break;
     case 438:  str = "Stale Nonce";         break;
 #ifdef USE_ICE
     case 487:  str = "Role Conflict";       break;
 #endif
     case 500:  str = "Server Error";        break;
     }
     if (str == 0) {
         str = "Unknown";
     }
     if (nr_stun_message_add_error_code_attribute(res, number, str)) {
          assert(0);  /* should never happen */
     }
     if (!NR_reg_get_string(NR_STUN_REG_PREF_SERVER_NAME, server_name, sizeof(server_name))) {
         nr_stun_message_add_server_attribute(res, server_name);
     }
 }

The Tor Browser / annotate

media/mtransport/third_party/nICEr/src/stun/stun_build.c@6474c204b198 (annotated)

media/mtransport/third_party/nICEr/src/stun/stun_build.c