zishuo/stun-1
1
0
Fork 0
mirror of https://github.com/gortc/stun.git synced 2025-09-27 04:45:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

all: report detailed integrity mismatch only in debug mode

Browse Source
This commit is contained in:
Aleksandr Razumov
2018-08-01 23:17:40 +03:00
parent 6a26d7295e
commit a9e45ac0ea
8 changed files with 52 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api/stun1.txt
View File

@@ -134,7 +134,6 @@ pkg github.com/gortc/stun, method (*Client) Do(*Message, time.Time, func(Event))
pkg github.com/gortc/stun, method (*Client) Indicate(*Message) error pkg github.com/gortc/stun, method (*Client) Indicate(*Message) error
pkg github.com/gortc/stun, method (*Client) Start(*Message, time.Time, Handler) error pkg github.com/gortc/stun, method (*Client) Start(*Message, time.Time, Handler) error
pkg github.com/gortc/stun, method (*ErrorCodeAttribute) GetFrom(*Message) error pkg github.com/gortc/stun, method (*ErrorCodeAttribute) GetFrom(*Message) error
pkg github.com/gortc/stun, method (*IntegrityErr) Error() string
pkg github.com/gortc/stun, method (*MappedAddress) AddTo(*Message) error pkg github.com/gortc/stun, method (*MappedAddress) AddTo(*Message) error
pkg github.com/gortc/stun, method (*MappedAddress) GetFrom(*Message) error pkg github.com/gortc/stun, method (*MappedAddress) GetFrom(*Message) error
pkg github.com/gortc/stun, method (*Message) Add(AttrType, []uint8) pkg github.com/gortc/stun, method (*Message) Add(AttrType, []uint8)
@@ -274,9 +273,6 @@ pkg github.com/gortc/stun, type Getter interface, GetFrom(*Message) error
pkg github.com/gortc/stun, type Handler interface { HandleEvent } pkg github.com/gortc/stun, type Handler interface { HandleEvent }
pkg github.com/gortc/stun, type Handler interface, HandleEvent(Event) pkg github.com/gortc/stun, type Handler interface, HandleEvent(Event)
pkg github.com/gortc/stun, type HandlerFunc func(Event) pkg github.com/gortc/stun, type HandlerFunc func(Event)
pkg github.com/gortc/stun, type IntegrityErr struct
pkg github.com/gortc/stun, type IntegrityErr struct, Actual []uint8
pkg github.com/gortc/stun, type IntegrityErr struct, Expected []uint8
pkg github.com/gortc/stun, type MappedAddress struct pkg github.com/gortc/stun, type MappedAddress struct
pkg github.com/gortc/stun, type MappedAddress struct, IP net.IP pkg github.com/gortc/stun, type MappedAddress struct, IP net.IP
pkg github.com/gortc/stun, type MappedAddress struct, Port int pkg github.com/gortc/stun, type MappedAddress struct, Port int
@@ -322,6 +318,7 @@ pkg github.com/gortc/stun, var ErrClientClosed error
pkg github.com/gortc/stun, var ErrClientNotInitialized error pkg github.com/gortc/stun, var ErrClientNotInitialized error
pkg github.com/gortc/stun, var ErrDecodeToNil error pkg github.com/gortc/stun, var ErrDecodeToNil error
pkg github.com/gortc/stun, var ErrFingerprintBeforeIntegrity error pkg github.com/gortc/stun, var ErrFingerprintBeforeIntegrity error
pkg github.com/gortc/stun, var ErrIntegrityMismatch error
pkg github.com/gortc/stun, var ErrNoConnection error pkg github.com/gortc/stun, var ErrNoConnection error
pkg github.com/gortc/stun, var ErrNoDefaultReason error pkg github.com/gortc/stun, var ErrNoDefaultReason error
pkg github.com/gortc/stun, var ErrTransactionExists error pkg github.com/gortc/stun, var ErrTransactionExists error

9
checksize.go → checks.go
View File

@@ -2,6 +2,8 @@
package stun package stun
import "github.com/gortc/stun/internal/hmac"
// CheckSize returns ErrAttrSizeInvalid if got is not equal to expected. // CheckSize returns ErrAttrSizeInvalid if got is not equal to expected.
func CheckSize(_ AttrType, got, expected int) error { func CheckSize(_ AttrType, got, expected int) error {
if got == expected { if got == expected {
@@ -9,3 +11,10 @@ func CheckSize(_ AttrType, got, expected int) error {
} }
return ErrAttrSizeInvalid return ErrAttrSizeInvalid
} }
func checkHMAC(got, expected []byte) error {
if hmac.Equal(got, expected) {
return nil
}
return ErrIntegrityMismatch
}

12
checksize_debug.go → checks_debug.go
View File

@@ -2,6 +2,8 @@
package stun package stun
import "github.com/gortc/stun/internal/hmac"
// CheckSize returns *AttrLengthError if got is not equal to expected. // CheckSize returns *AttrLengthError if got is not equal to expected.
func CheckSize(a AttrType, got, expected int) error { func CheckSize(a AttrType, got, expected int) error {
if got == expected { if got == expected {
@@ -13,3 +15,13 @@ func CheckSize(a AttrType, got, expected int) error {
Attr: a, Attr: a,
} }
} }
func checkHMAC(got, expected []byte) error {
if hmac.Equal(got, expected) {
return nil
}
return &IntegrityErr{
Expected: expected,
Actual: got,
}
}

3
go.test.sh
View File

@@ -9,6 +9,9 @@ go test -tags gofuzz -run TestFuzz -v .
# quick-test without -race # quick-test without -race
go test ./... go test ./...
# test with "debug" tag
go test -tags debug ./...
for d in $(go list ./... | grep -v vendor); do for d in $(go list ./... | grep -v vendor); do
go test -race -coverprofile=profile.out -covermode=atomic "$d" go test -race -coverprofile=profile.out -covermode=atomic "$d"
if [ -f profile.out ]; then if [ -f profile.out ]; then

21
integrity.go
View File

@@ -85,18 +85,8 @@ func (i MessageIntegrity) AddTo(m *Message) error {
return nil return nil
} }
// IntegrityErr occurs when computed HMAC differs from expected. // ErrIntegrityMismatch means that computed HMAC differs from expected.
type IntegrityErr struct { var ErrIntegrityMismatch = errors.New("integrity check failed")
Expected []byte
Actual []byte
}
func (i *IntegrityErr) Error() string {
return fmt.Sprintf(
"Integrity check failed: 0x%x (expected) !- 0x%x (actual)",
i.Expected, i.Actual,
)
}
func newHMAC(key, message, buf []byte) []byte { func newHMAC(key, message, buf []byte) []byte {
mac := hmac.AcquireSHA1(key) mac := hmac.AcquireSHA1(key)
@@ -137,11 +127,8 @@ func (i MessageIntegrity) Check(m *Message) error {
expected := newHMAC(i, b, m.Raw[len(m.Raw):]) expected := newHMAC(i, b, m.Raw[len(m.Raw):])
m.Length = length m.Length = length
m.WriteLength() // writing length back m.WriteLength() // writing length back
if !hmac.Equal(v, expected) { if err = checkHMAC(v, expected); err != nil {
return &IntegrityErr{ return err
Expected: expected,
Actual: v,
}
} }
return nil return nil
} }

18
integrity_debug.go Normal file
View File

@@ -0,0 +1,18 @@
// +build debug
package stun
import "fmt"
// IntegrityErr occurs when computed HMAC differs from expected.
type IntegrityErr struct {
Expected []byte
Actual []byte
}
func (i *IntegrityErr) Error() string {
return fmt.Sprintf(
"Integrity check failed: 0x%x (expected) !- 0x%x (actual)",
i.Expected, i.Actual,
)
}

18
integrity_test.go
View File

@@ -3,7 +3,6 @@ package stun
import ( import (
"bytes" "bytes"
"encoding/hex" "encoding/hex"
"fmt"
"testing" "testing"
) )
@@ -14,10 +13,7 @@ func TestMessageIntegrity_AddTo_Simple(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
if !bytes.Equal(expected, i) { if !bytes.Equal(expected, i) {
t.Error(&IntegrityErr{ t.Error(ErrIntegrityMismatch)
Expected: expected,
Actual: i,
})
} }
t.Run("Check", func(t *testing.T) { t.Run("Check", func(t *testing.T) {
m := new(Message) m := new(Message)
@@ -36,8 +32,8 @@ func TestMessageIntegrity_AddTo_Simple(t *testing.T) {
t.Error(err) t.Error(err)
} }
dM.Raw[24] += 12 // HMAC now invalid dM.Raw[24] += 12 // HMAC now invalid
if err, ok := i.Check(dM).(*IntegrityErr); !ok { if i.Check(dM) == nil {
t.Error(err, "should be *IntegrityErr") t.Error("should be invalid")
} }
}) })
} }
@@ -64,12 +60,8 @@ func TestMessageIntegrityWithFingerprint(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
m.Raw[24] = 33 m.Raw[24] = 33
errStr := fmt.Sprintf("Integrity check failed: 0x%s (expected) !- 0x%s (actual)", if err := i.Check(m); err == nil {
"19985afb819c098acfe1c2771881227f14c70eaf", t.Fatal("mismatch expected")
"ef9da0e0caf0b0e4ff321e7b56f1e114c802cb7e",
)
if err := i.Check(m); err.Error() != errStr {
t.Fatal(err, "!=", errStr)
} }
} }

11
message_test.go
View File

@@ -707,14 +707,6 @@ func ExampleMessage() {
fmt.Println("for corrupted message:") fmt.Println("for corrupted message:")
decoded.Raw[22] = 33 decoded.Raw[22] = 33
fmt.Println("fingerprint:", Fingerprint.Check(decoded)) fmt.Println("fingerprint:", Fingerprint.Check(decoded))
iErr, ok := i.Check(decoded).(*IntegrityErr)
if ok {
fmt.Println("integrity check failed")
fmt.Printf("got: %x\n", iErr.Actual)
fmt.Printf("want: %x\n", iErr.Expected)
} else {
fmt.Println("assertion failed")
}
// Output: // Output:
// binding request l=48 attrs=3 id=AQIDBAUGBwgJAAEA buff length: 68 // binding request l=48 attrs=3 id=AQIDBAUGBwgJAAEA buff length: 68
@@ -726,9 +718,6 @@ func ExampleMessage() {
// integrity ok // integrity ok
// for corrupted message: // for corrupted message:
// fingerprint: CRC mismatch: b36d2c38 (expected) != 8ef13141 (actual) // fingerprint: CRC mismatch: b36d2c38 (expected) != 8ef13141 (actual)
// integrity check failed
// got: 06f0692c159f4256c14b9442927889e341256ac2
// want: c1105962efee5c96f4f194cc91b4eb8ab7667c7a
} }
func TestAllocations(t *testing.T) { func TestAllocations(t *testing.T) {