Merge pull request #12690 from SimonWalton-HiFi/hmac-auth

Change packet authentication to use HMAC
2025-04-24 16:43:33 +02:00 · 2018-04-20 09:54:25 -07:00 · 2018-04-20 09:54:25 -07:00 · 7378c87ade
commit 7378c87ade
parent 92bf99f436 377fc6d6c6
9 changed files with 202 additions and 43 deletions
--- a/libraries/networking/src/HMACAuth.cpp
+++ b/libraries/networking/src/HMACAuth.cpp
@ -0,0 +1,94 @@
+//
+//  HMACAuth.cpp
+//  libraries/networking/src
+//
+//  Created by Simon Walton on 3/19/2018.
+//  Copyright 2018 High Fidelity, Inc.
+//
+//  Distributed under the Apache License, Version 2.0.
+//  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
+//
+
+#include <openssl/opensslv.h>
+#include <openssl/hmac.h>
+
+#include "HMACAuth.h"
+
+#include <QUuid>
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+HMACAuth::HMACAuth(AuthMethod authMethod)
+    : _hmacContext(HMAC_CTX_new())
+    , _authMethod(authMethod) { }
+
+HMACAuth::~HMACAuth()
+{
+    HMAC_CTX_free(_hmacContext);
+}
+
+#else
+
+HMACAuth::HMACAuth(AuthMethod authMethod)
+    : _hmacContext(new HMAC_CTX())
+    , _authMethod(authMethod) {
+    HMAC_CTX_init(_hmacContext);
+}
+
+HMACAuth::~HMACAuth() {
+    HMAC_CTX_cleanup(_hmacContext);
+    delete _hmacContext;
+}
+#endif
+
+bool HMACAuth::setKey(const char* keyValue, int keyLen) {
+    const EVP_MD* sslStruct = nullptr;
+
+    switch (_authMethod) {
+    case MD5:
+        sslStruct = EVP_md5();
+        break;
+
+    case SHA1:
+        sslStruct = EVP_sha1();
+        break;
+
+    case SHA224:
+        sslStruct = EVP_sha224();
+        break;
+
+    case SHA256:
+        sslStruct = EVP_sha256();
+        break;
+
+    case RIPEMD160:
+        sslStruct = EVP_ripemd160();
+        break;
+
+    default:
+        return false;
+    }
+
+    QMutexLocker lock(&_lock);
+    return (bool) HMAC_Init_ex(_hmacContext, keyValue, keyLen, sslStruct, nullptr);
+}
+
+bool HMACAuth::setKey(const QUuid& uidKey) {
+    const QByteArray rfcBytes(uidKey.toRfc4122());
+    return setKey(rfcBytes.constData(), rfcBytes.length());
+}
+
+bool HMACAuth::addData(const char* data, int dataLen) {
+    QMutexLocker lock(&_lock);
+    return (bool) HMAC_Update(_hmacContext, reinterpret_cast<const unsigned char*>(data), dataLen);
+}
+
+HMACAuth::HMACHash HMACAuth::result() {
+    HMACHash hashValue(EVP_MAX_MD_SIZE);
+    unsigned int  hashLen;
+    QMutexLocker lock(&_lock);
+    HMAC_Final(_hmacContext, &hashValue[0], &hashLen);
+    hashValue.resize((size_t) hashLen);
+    // Clear state for possible reuse.
+    HMAC_Init_ex(_hmacContext, nullptr, 0, nullptr, nullptr);
+    return hashValue;
+}
--- a/libraries/networking/src/HMACAuth.h
+++ b/libraries/networking/src/HMACAuth.h
@ -0,0 +1,40 @@
+//
+//  HMACAuth.h
+//  libraries/networking/src
+//
+//  Created by Simon Walton on 3/19/2018.
+//  Copyright 2018 High Fidelity, Inc.
+//
+//  Distributed under the Apache License, Version 2.0.
+//  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
+//
+
+#ifndef hifi_HMACAuth_h
+#define hifi_HMACAuth_h
+
+#include <vector>
+#include <memory>
+#include <QtCore/QMutex>
+
+class QUuid;
+
+class HMACAuth {
+public:
+    enum AuthMethod { MD5, SHA1, SHA224, SHA256, RIPEMD160 };
+    using HMACHash = std::vector<unsigned char>;
+    
+    explicit HMACAuth(AuthMethod authMethod = MD5);
+    ~HMACAuth();
+
+    bool setKey(const char* keyValue, int keyLen);
+    bool setKey(const QUuid& uidKey);
+    bool addData(const char* data, int dataLen);
+    HMACHash result();
+
+private:
+    QMutex _lock;
+    struct hmac_ctx_st* _hmacContext;
+    AuthMethod _authMethod;
+};
+
+#endif  // hifi_HMACAuth_h
--- a/libraries/networking/src/LimitedNodeList.cpp
+++ b/libraries/networking/src/LimitedNodeList.cpp
@ -36,6 +36,7 @@
 #include "HifiSockAddr.h"
 #include "NetworkLogging.h"
 #include "udt/Packet.h"
+#include "HMACAuth.h"

 static Setting::Handle<quint16> LIMITED_NODELIST_LOCAL_PORT("LimitedNodeList.LocalPort", 0);

@ -314,7 +315,7 @@ bool LimitedNodeList::packetSourceAndHashMatchAndTrackBandwidth(const udt::Packe
            if (verifiedPacket && !ignoreVerification) {

                QByteArray packetHeaderHash = NLPacket::verificationHashInHeader(packet);
-                QByteArray expectedHash = NLPacket::hashForPacketAndSecret(packet, sourceNode->getConnectionSecret());
+                QByteArray expectedHash = NLPacket::hashForPacketAndHMAC(packet, sourceNode->getAuthenticateHash());

                // check if the md5 hash in the header matches the hash we would expect
                if (packetHeaderHash != expectedHash) {
@ -354,15 +355,15 @@ void LimitedNodeList::collectPacketStats(const NLPacket& packet) {
    _numCollectedBytes += packet.getDataSize();
 }

-void LimitedNodeList::fillPacketHeader(const NLPacket& packet, const QUuid& connectionSecret) {
+void LimitedNodeList::fillPacketHeader(const NLPacket& packet, HMACAuth* hmacAuth) {
    if (!PacketTypeEnum::getNonSourcedPackets().contains(packet.getType())) {
        packet.writeSourceID(getSessionUUID());
    }

-    if (!connectionSecret.isNull()
+    if (hmacAuth
        && !PacketTypeEnum::getNonSourcedPackets().contains(packet.getType())
        && !PacketTypeEnum::getNonVerifiedPackets().contains(packet.getType())) {
-        packet.writeVerificationHashGivenSecret(connectionSecret);
+        packet.writeVerificationHash(*hmacAuth);
    }
 }

@ -378,17 +379,17 @@ qint64 LimitedNodeList::sendUnreliablePacket(const NLPacket& packet, const Node&
    emit dataSent(destinationNode.getType(), packet.getDataSize());
    destinationNode.recordBytesSent(packet.getDataSize());

-    return sendUnreliablePacket(packet, *destinationNode.getActiveSocket(), destinationNode.getConnectionSecret());
+    return sendUnreliablePacket(packet, *destinationNode.getActiveSocket(), &destinationNode.getAuthenticateHash());
 }

 qint64 LimitedNodeList::sendUnreliablePacket(const NLPacket& packet, const HifiSockAddr& sockAddr,
-                                             const QUuid& connectionSecret) {
+        HMACAuth* hmacAuth) {
    Q_ASSERT(!packet.isPartOfMessage());
    Q_ASSERT_X(!packet.isReliable(), "LimitedNodeList::sendUnreliablePacket",
               "Trying to send a reliable packet unreliably.");

    collectPacketStats(packet);
-    fillPacketHeader(packet, connectionSecret);
+    fillPacketHeader(packet, hmacAuth);

    return _nodeSocket.writePacket(packet, sockAddr);
 }
@ -401,7 +402,7 @@ qint64 LimitedNodeList::sendPacket(std::unique_ptr<NLPacket> packet, const Node&
        emit dataSent(destinationNode.getType(), packet->getDataSize());
        destinationNode.recordBytesSent(packet->getDataSize());

-        return sendPacket(std::move(packet), *activeSocket, destinationNode.getConnectionSecret());
+        return sendPacket(std::move(packet), *activeSocket, &destinationNode.getAuthenticateHash());
    } else {
        qCDebug(networking) << "LimitedNodeList::sendPacket called without active socket for node" << destinationNode << "- not sending";
        return ERROR_SENDING_PACKET_BYTES;
@ -409,18 +410,18 @@ qint64 LimitedNodeList::sendPacket(std::unique_ptr<NLPacket> packet, const Node&
 }

 qint64 LimitedNodeList::sendPacket(std::unique_ptr<NLPacket> packet, const HifiSockAddr& sockAddr,
-                                   const QUuid& connectionSecret) {
+                                   HMACAuth* hmacAuth) {
    Q_ASSERT(!packet->isPartOfMessage());
    if (packet->isReliable()) {
        collectPacketStats(*packet);
-        fillPacketHeader(*packet, connectionSecret);
+        fillPacketHeader(*packet, hmacAuth);

        auto size = packet->getDataSize();
        _nodeSocket.writePacket(std::move(packet), sockAddr);

        return size;
    } else {
-        return sendUnreliablePacket(*packet, sockAddr, connectionSecret);
+        return sendUnreliablePacket(*packet, sockAddr, hmacAuth);
    }
 }

@ -429,13 +430,14 @@ qint64 LimitedNodeList::sendUnreliableUnorderedPacketList(NLPacketList& packetLi

    if (activeSocket) {
        qint64 bytesSent = 0;
-        auto connectionSecret = destinationNode.getConnectionSecret();
+        auto& connectionHash = destinationNode.getAuthenticateHash();

        // close the last packet in the list
        packetList.closeCurrentPacket();

        while (!packetList._packets.empty()) {
-            bytesSent += sendPacket(packetList.takeFront<NLPacket>(), *activeSocket, connectionSecret);
+            bytesSent += sendPacket(packetList.takeFront<NLPacket>(), *activeSocket,
+                &connectionHash);
        }

        emit dataSent(destinationNode.getType(), bytesSent);
@ -448,14 +450,14 @@ qint64 LimitedNodeList::sendUnreliableUnorderedPacketList(NLPacketList& packetLi
 }

 qint64 LimitedNodeList::sendUnreliableUnorderedPacketList(NLPacketList& packetList, const HifiSockAddr& sockAddr,
-                                                          const QUuid& connectionSecret) {
+                                                          HMACAuth* hmacAuth) {
    qint64 bytesSent = 0;

    // close the last packet in the list
    packetList.closeCurrentPacket();

    while (!packetList._packets.empty()) {
-        bytesSent += sendPacket(packetList.takeFront<NLPacket>(), sockAddr, connectionSecret);
+        bytesSent += sendPacket(packetList.takeFront<NLPacket>(), sockAddr, hmacAuth);
    }

    return bytesSent;
@ -483,7 +485,7 @@ qint64 LimitedNodeList::sendPacketList(std::unique_ptr<NLPacketList> packetList,
        for (std::unique_ptr<udt::Packet>& packet : packetList->_packets) {
            NLPacket* nlPacket = static_cast<NLPacket*>(packet.get());
            collectPacketStats(*nlPacket);
-            fillPacketHeader(*nlPacket, destinationNode.getConnectionSecret());
+            fillPacketHeader(*nlPacket, &destinationNode.getAuthenticateHash());
        }

        return _nodeSocket.writePacketList(std::move(packetList), *activeSocket);
@ -506,7 +508,7 @@ qint64 LimitedNodeList::sendPacket(std::unique_ptr<NLPacket> packet, const Node&
    auto& destinationSockAddr = (overridenSockAddr.isNull()) ? *destinationNode.getActiveSocket()
                                                             : overridenSockAddr;

-    return sendPacket(std::move(packet), destinationSockAddr, destinationNode.getConnectionSecret());
+    return sendPacket(std::move(packet), destinationSockAddr, &destinationNode.getAuthenticateHash());
 }

 int LimitedNodeList::updateNodeWithDataFromPacket(QSharedPointer<ReceivedMessage> message, SharedNodePointer sendingNode) {
--- a/libraries/networking/src/LimitedNodeList.h
+++ b/libraries/networking/src/LimitedNodeList.h
@ -132,22 +132,20 @@ public:
    virtual QUuid getDomainUUID() const { assert(false); return QUuid(); }
    virtual HifiSockAddr getDomainSockAddr() const { assert(false); return HifiSockAddr(); }

-    // use sendUnreliablePacket to send an unrelaible packet (that you do not need to move)
+    // use sendUnreliablePacket to send an unreliable packet (that you do not need to move)
    // either to a node (via its active socket) or to a manual sockaddr
    qint64 sendUnreliablePacket(const NLPacket& packet, const Node& destinationNode);
-    qint64 sendUnreliablePacket(const NLPacket& packet, const HifiSockAddr& sockAddr,
-                                const QUuid& connectionSecret = QUuid());
+    qint64 sendUnreliablePacket(const NLPacket& packet, const HifiSockAddr& sockAddr, HMACAuth* hmacAuth = nullptr);

    // use sendPacket to send a moved unreliable or reliable NL packet to a node's active socket or manual sockaddr
    qint64 sendPacket(std::unique_ptr<NLPacket> packet, const Node& destinationNode);
-    qint64 sendPacket(std::unique_ptr<NLPacket> packet, const HifiSockAddr& sockAddr,
-                      const QUuid& connectionSecret = QUuid());
+    qint64 sendPacket(std::unique_ptr<NLPacket> packet, const HifiSockAddr& sockAddr, HMACAuth* hmacAuth = nullptr);

    // use sendUnreliableUnorderedPacketList to unreliably send separate packets from the packet list
    // either to a node's active socket or to a manual sockaddr
    qint64 sendUnreliableUnorderedPacketList(NLPacketList& packetList, const Node& destinationNode);
    qint64 sendUnreliableUnorderedPacketList(NLPacketList& packetList, const HifiSockAddr& sockAddr,
-                          const QUuid& connectionSecret = QUuid());
+        HMACAuth* hmacAuth = nullptr);

    // use sendPacketList to send reliable packet lists (ordered or unordered) to a node's active socket
    // or to a manual sock addr
@ -368,7 +366,7 @@ protected:
    qint64 writePacket(const NLPacket& packet, const HifiSockAddr& destinationSockAddr,
                       const QUuid& connectionSecret = QUuid());
    void collectPacketStats(const NLPacket& packet);
-    void fillPacketHeader(const NLPacket& packet, const QUuid& connectionSecret = QUuid());
+    void fillPacketHeader(const NLPacket& packet, HMACAuth* hmacAuth = nullptr);

    void setLocalSocket(const HifiSockAddr& sockAddr);

--- a/libraries/networking/src/NLPacket.cpp
+++ b/libraries/networking/src/NLPacket.cpp
@ -11,6 +11,8 @@

 #include "NLPacket.h"

+#include "HMACAuth.h"
+
 int NLPacket::localHeaderSize(PacketType type) {
    bool nonSourced = PacketTypeEnum::getNonSourcedPackets().contains(type);
    bool nonVerified = PacketTypeEnum::getNonVerifiedPackets().contains(type);
@ -149,18 +151,12 @@ QByteArray NLPacket::verificationHashInHeader(const udt::Packet& packet) {
    return QByteArray(packet.getData() + offset, NUM_BYTES_MD5_HASH);
 }

-QByteArray NLPacket::hashForPacketAndSecret(const udt::Packet& packet, const QUuid& connectionSecret) {
-    QCryptographicHash hash(QCryptographicHash::Md5);
-    
+QByteArray NLPacket::hashForPacketAndHMAC(const udt::Packet& packet, HMACAuth& hash) {
    int offset = Packet::totalHeaderSize(packet.isPartOfMessage()) + sizeof(PacketType) + sizeof(PacketVersion)
        + NUM_BYTES_RFC4122_UUID + NUM_BYTES_MD5_HASH;
-    
-    // add the packet payload and the connection UUID
    hash.addData(packet.getData() + offset, packet.getDataSize() - offset);
-    hash.addData(connectionSecret.toRfc4122());
-    
-    // return the hash
-    return hash.result();
+    auto hashResult { hash.result() };
+    return QByteArray((const char*) hashResult.data(), (int) hashResult.size());
 }

 void NLPacket::writeTypeAndVersion() {
@ -212,13 +208,14 @@ void NLPacket::writeSourceID(const QUuid& sourceID) const {
    _sourceID = sourceID;
 }

-void NLPacket::writeVerificationHashGivenSecret(const QUuid& connectionSecret) const {
+void NLPacket::writeVerificationHash(HMACAuth& hmacAuth) const {
    Q_ASSERT(!PacketTypeEnum::getNonSourcedPackets().contains(_type) &&
             !PacketTypeEnum::getNonVerifiedPackets().contains(_type));
    
    auto offset = Packet::totalHeaderSize(isPartOfMessage()) + sizeof(PacketType) + sizeof(PacketVersion)
                + NUM_BYTES_RFC4122_UUID;
-    QByteArray verificationHash = hashForPacketAndSecret(*this, connectionSecret);
+
+    QByteArray verificationHash = hashForPacketAndHMAC(*this, hmacAuth);
    
    memcpy(_packet.get() + offset, verificationHash.data(), verificationHash.size());
 }
--- a/libraries/networking/src/NLPacket.h
+++ b/libraries/networking/src/NLPacket.h
@ -18,6 +18,8 @@

 #include "udt/Packet.h"

+class HMACAuth;
+
 class NLPacket : public udt::Packet {
    Q_OBJECT
 public:
@ -71,7 +73,7 @@ public:
    
    static QUuid sourceIDInHeader(const udt::Packet& packet);
    static QByteArray verificationHashInHeader(const udt::Packet& packet);
-    static QByteArray hashForPacketAndSecret(const udt::Packet& packet, const QUuid& connectionSecret);
+    static QByteArray hashForPacketAndHMAC(const udt::Packet& packet, HMACAuth& hash);
    
    PacketType getType() const { return _type; }
    void setType(PacketType type);
@ -82,7 +84,7 @@ public:
    const QUuid& getSourceID() const { return _sourceID; }
    
    void writeSourceID(const QUuid& sourceID) const;
-    void writeVerificationHashGivenSecret(const QUuid& connectionSecret) const;
+    void writeVerificationHash(HMACAuth& hmacAuth) const;

 protected:
    
--- a/libraries/networking/src/Node.cpp
+++ b/libraries/networking/src/Node.cpp
@ -86,10 +86,10 @@ NodeType_t NodeType::fromString(QString type) {


 Node::Node(const QUuid& uuid, NodeType_t type, const HifiSockAddr& publicSocket,
-           const HifiSockAddr& localSocket, QObject* parent) :
+    const HifiSockAddr& localSocket, QObject* parent) :
    NetworkPeer(uuid, publicSocket, localSocket, parent),
    _type(type),
-    _pingMs(-1),  // "Uninitialized"
+    _authenticateHash(new HMACAuth), _pingMs(-1),  // "Uninitialized"
    _clockSkewUsec(0),
    _mutex(),
    _clockSkewMovingPercentile(30, 0.8f)   // moving 80th percentile of 30 samples
@ -108,6 +108,7 @@ void Node::setType(char type) {
    _symmetricSocket.setObjectName(typeString);
 }

+
 void Node::updateClockSkewUsec(qint64 clockSkewSample) {
    _clockSkewMovingPercentile.updatePercentile(clockSkewSample);
    _clockSkewUsec = (quint64)_clockSkewMovingPercentile.getValueAtPercentile();
@ -192,3 +193,12 @@ QDebug operator<<(QDebug debug, const Node& node) {
    debug.nospace() << node.getPublicSocket() << "/" << node.getLocalSocket();
    return debug.nospace();
 }
+
+void Node::setConnectionSecret(const QUuid& connectionSecret) {
+    if (_connectionSecret == connectionSecret) {
+        return;
+    }
+
+    _connectionSecret = connectionSecret;
+    _authenticateHash->setKey(_connectionSecret);
+}
--- a/libraries/networking/src/Node.h
+++ b/libraries/networking/src/Node.h
@ -33,6 +33,7 @@
 #include "SimpleMovingAverage.h"
 #include "MovingPercentile.h"
 #include "NodePermissions.h"
+#include "HMACAuth.h"

 class Node : public NetworkPeer {
    Q_OBJECT
@ -55,7 +56,8 @@ public:
    void setIsUpstream(bool isUpstream) { _isUpstream = isUpstream; }

    const QUuid& getConnectionSecret() const { return _connectionSecret; }
-    void setConnectionSecret(const QUuid& connectionSecret) { _connectionSecret = connectionSecret; }
+    void setConnectionSecret(const QUuid& connectionSecret);
+    HMACAuth& getAuthenticateHash() const { return *_authenticateHash; }

    NodeData* getLinkedData() const { return _linkedData.get(); }
    void setLinkedData(std::unique_ptr<NodeData> linkedData) { _linkedData = std::move(linkedData); }
@ -97,6 +99,7 @@ private:
    NodeType_t _type;

    QUuid _connectionSecret;
+    std::unique_ptr<HMACAuth> _authenticateHash;
    std::unique_ptr<NodeData> _linkedData;
    bool _isReplicated { false };
    int _pingMs;
--- a/libraries/networking/src/udt/PacketHeaders.cpp
+++ b/libraries/networking/src/udt/PacketHeaders.cpp
@ -24,6 +24,8 @@ int packetTypeMetaTypeId = qRegisterMetaType<PacketType>();

 PacketVersion versionForPacketType(PacketType packetType) {
    switch (packetType) {
+        case PacketType::StunResponse:
+            return 17;
        case PacketType::DomainList:
            return static_cast<PacketVersion>(DomainListVersion::GetMachineFingerprintFromUUIDSupport);
        case PacketType::EntityAdd:
@ -40,8 +42,21 @@ PacketVersion versionForPacketType(PacketType packetType) {
            return static_cast<PacketVersion>(AvatarMixerPacketVersion::FBXReaderNodeReparenting);
        case PacketType::MessagesData:
            return static_cast<PacketVersion>(MessageDataVersion::TextOrBinaryData);
+        // ICE packets
+        case PacketType::ICEServerPeerInformation:
+            return 17;
+        case PacketType::ICEServerHeartbeatACK:
+            return 17;
+        case PacketType::ICEServerQuery:
+            return 17;
        case PacketType::ICEServerHeartbeat:
            return 18; // ICE Server Heartbeat signing
+        case PacketType::ICEPing:
+            return static_cast<PacketVersion>(IcePingVersion::SendICEPeerID);
+        case PacketType::ICEPingReply:
+            return 17;
+        case PacketType::ICEServerHeartbeatDenied:
+            return 17;
        case PacketType::AssetMappingOperation:
        case PacketType::AssetMappingOperationReply:
            return static_cast<PacketVersion>(AssetServerPacketVersion::RedirectedMappings);
@ -71,14 +86,12 @@ PacketVersion versionForPacketType(PacketType packetType) {
        case PacketType::MicrophoneAudioWithEcho:
        case PacketType::AudioStreamStats:
            return static_cast<PacketVersion>(AudioVersion::HighDynamicRangeVolume);
-        case PacketType::ICEPing:
-            return static_cast<PacketVersion>(IcePingVersion::SendICEPeerID);
        case PacketType::DomainSettings:
            return 18;  // replace min_avatar_scale and max_avatar_scale with min_avatar_height and max_avatar_height
        case PacketType::Ping:
            return static_cast<PacketVersion>(PingVersion::IncludeConnectionID);
        default:
-            return 17;
+            return 18;
    }
 }