MCPcopy
hub / github.com/OpenNHP/opennhp / checkHMAC

Method checkHMAC

nhp/core/responder.go:574–615  ·  view source on GitHub ↗
(sumCookie bool)

Source from the content-addressed store, hash-verified

572}
573
574func (ppd *PacketParserData) checkHMAC(sumCookie bool) bool {
575 defer func() {
576 ppd.hmacHash.Reset()
577 ppd.hmacHash = nil
578 }()
579
580 len := ppd.header.Size() - HashSize
581 ppd.hmacHash.Write(ppd.header.Bytes()[0:len])
582
583 if sumCookie {
584 switch ppd.CipherScheme {
585 case common.CIPHER_SCHEME_CURVE:
586 fallthrough
587 case common.CIPHER_SCHEME_GMSM:
588 fallthrough
589 default:
590 ppd.ConnData.Lock()
591 defer ppd.ConnData.Unlock()
592
593 if ppd.LocalInitTime < ppd.ConnData.CookieStore.LastCookieTime+CookieRoundTripTimeMs*int64(time.Millisecond) {
594 // cookie has already or nearly been updated, use previous cookie
595 ppd.hmacHash.Write(ppd.ConnData.CookieStore.PrevCookie[:])
596 prevCookieHmac := ppd.hmacHash.Sum(nil)
597 return bytes.Equal(prevCookieHmac, ppd.header.HMACBytes())
598 } else {
599 // use current cookie
600 ppd.hmacHash.Write(ppd.ConnData.CookieStore.CurrCookie[:])
601 cookieHmac := ppd.hmacHash.Sum(nil)
602 return bytes.Equal(cookieHmac, ppd.header.HMACBytes())
603 }
604 }
605 } else {
606 calculatedHmac := ppd.hmacHash.Sum(nil)
607 headerHmac := ppd.header.HMACBytes()
608 if !bytes.Equal(calculatedHmac, headerHmac) {
609 log.Debug("checkHMAC: mismatch, calculated=%x, header=%x, headerSize=%d, cipherScheme=%d",
610 calculatedHmac[:8], headerHmac[:8], ppd.header.Size(), ppd.CipherScheme)
611 return false
612 }
613 return true
614 }
615}
616
617func (ppd *PacketParserData) Destroy() {
618 ppd.device.ReleasePoolPacket(ppd.basePacket)

Callers 1

Calls 5

EqualMethod · 0.80
SizeMethod · 0.65
BytesMethod · 0.65
HMACBytesMethod · 0.65
WriteMethod · 0.45

Tested by

no test coverage detected