| 572 | } |
| 573 | |
| 574 | func (ppd *PacketParserData) checkHMAC(sumCookie bool) bool { |
| 575 | defer func() { |
| 576 | ppd.hmacHash.Reset() |
| 577 | ppd.hmacHash = nil |
| 578 | }() |
| 579 | |
| 580 | len := ppd.header.Size() - HashSize |
| 581 | ppd.hmacHash.Write(ppd.header.Bytes()[0:len]) |
| 582 | |
| 583 | if sumCookie { |
| 584 | switch ppd.CipherScheme { |
| 585 | case common.CIPHER_SCHEME_CURVE: |
| 586 | fallthrough |
| 587 | case common.CIPHER_SCHEME_GMSM: |
| 588 | fallthrough |
| 589 | default: |
| 590 | ppd.ConnData.Lock() |
| 591 | defer ppd.ConnData.Unlock() |
| 592 | |
| 593 | if ppd.LocalInitTime < ppd.ConnData.CookieStore.LastCookieTime+CookieRoundTripTimeMs*int64(time.Millisecond) { |
| 594 | // cookie has already or nearly been updated, use previous cookie |
| 595 | ppd.hmacHash.Write(ppd.ConnData.CookieStore.PrevCookie[:]) |
| 596 | prevCookieHmac := ppd.hmacHash.Sum(nil) |
| 597 | return bytes.Equal(prevCookieHmac, ppd.header.HMACBytes()) |
| 598 | } else { |
| 599 | // use current cookie |
| 600 | ppd.hmacHash.Write(ppd.ConnData.CookieStore.CurrCookie[:]) |
| 601 | cookieHmac := ppd.hmacHash.Sum(nil) |
| 602 | return bytes.Equal(cookieHmac, ppd.header.HMACBytes()) |
| 603 | } |
| 604 | } |
| 605 | } else { |
| 606 | calculatedHmac := ppd.hmacHash.Sum(nil) |
| 607 | headerHmac := ppd.header.HMACBytes() |
| 608 | if !bytes.Equal(calculatedHmac, headerHmac) { |
| 609 | log.Debug("checkHMAC: mismatch, calculated=%x, header=%x, headerSize=%d, cipherScheme=%d", |
| 610 | calculatedHmac[:8], headerHmac[:8], ppd.header.Size(), ppd.CipherScheme) |
| 611 | return false |
| 612 | } |
| 613 | return true |
| 614 | } |
| 615 | } |
| 616 | |
| 617 | func (ppd *PacketParserData) Destroy() { |
| 618 | ppd.device.ReleasePoolPacket(ppd.basePacket) |