From 6223f582cfeaad97c5771f45e3f82a18c552da4e Mon Sep 17 00:00:00 2001 From: Cort Buffington Date: Wed, 30 Oct 2013 13:36:45 -0500 Subject: [PATCH] Unauthenticate IPSC Bug Fixed unauthenticated packets were subject to having their hashes stripped just like other packets. The problem is that they don't have hashes to strip, so I was throwing away part of the packet. Fixed in log.py, dmrlink.py and bridge.py --- bridge.py | 20 ++++++++++++++++++-- dmrlink.py | 25 ++++++++++++++----------- log.py | 7 ++++++- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/bridge.py b/bridge.py index ae9844c..8d57ae0 100644 --- a/bridge.py +++ b/bridge.py @@ -66,12 +66,28 @@ class bridgeIPSC(IPSC): def private_data(self, _network, _src_sub, _dst_sub, _ts, _end, _peerid, _data): pass - +class bridgeUnauthIPSC(logIPSC): + + # There isn't a hash to build, so just return the data + # + def hashed_packet(self, _key, _data): + return _data + + # Remove the hash from a packet and return the payload + # + def strip_hash(self, _data): + return _data + + # Everything is validated, so just return True + # + def validate_auth(self, _key, _data): + return True + for ipsc_network in NETWORK: if (NETWORK[ipsc_network]['LOCAL']['ENABLED']): if NETWORK[ipsc_network]['LOCAL']['AUTH_ENABLED'] == True: networks[ipsc_network] = bridgeIPSC(ipsc_network) else: - networks[ipsc_network] = UnauthIPSC(ipsc_network) + networks[ipsc_network] = bridgeUnauthIPSC(ipsc_network) reactor.listenUDP(NETWORK[ipsc_network]['LOCAL']['PORT'], networks[ipsc_network]) reactor.run() \ No newline at end of file diff --git a/dmrlink.py b/dmrlink.py index 1888f70..c045189 100644 --- a/dmrlink.py +++ b/dmrlink.py @@ -202,14 +202,6 @@ def get_info(_id, _dict): return _dict[_id] return _id -# Remove the hash from a packet and return the payload -# -def strip_hash(_data): -# _log = logger.debug -# _log('Stripped Packet: %s', binascii.b2a_hex(_data[:-10])) - return _data[:-10] - - # Determine if the provided peer ID is valid for the provided network # def valid_peer(_peer_list, _peerid): @@ -507,12 +499,18 @@ class IPSC(DatagramProtocol): _hash = binascii.a2b_hex((hmac.new(_key,_data,hashlib.sha1)).hexdigest()[:20]) return (_data + _hash) + # Remove the hash from a packet and return the payload + # + def strip_hash(self, _data): + # _log = logger.debug + # _log('Stripped Packet: %s', binascii.b2a_hex(_data[:-10])) + return _data[:-10] # Take a RECEIVED packet, calculate the auth hash and verify authenticity # def validate_auth(self, _key, _data): _log = logger.info - _payload = strip_hash(_data) + _payload = self.strip_hash(_data) _hash = _data[-10:] _chk_hash = binascii.a2b_hex((hmac.new(_key,_payload,hashlib.sha1)).hexdigest()[:20]) @@ -643,7 +641,7 @@ class IPSC(DatagramProtocol): return # Strip the hash, we won't need it anymore - data = strip_hash(data) + data = self.strip_hash(data) # Packets types that must be originated from a peer (including master peer) if (_packettype in ANY_PEER_REQUIRED): @@ -798,7 +796,12 @@ class UnauthIPSC(IPSC): # There isn't a hash to build, so just return the data # def hashed_packet(self, _key, _data): - return (_data) + return _data + + # Remove the hash from a packet and return the payload + # + def strip_hash(_self, data): + return _data # Everything is validated, so just return True # diff --git a/log.py b/log.py index 551d676..391941d 100644 --- a/log.py +++ b/log.py @@ -95,7 +95,12 @@ class logUnauthIPSC(logIPSC): # There isn't a hash to build, so just return the data # def hashed_packet(self, _key, _data): - return (_data) + return _data + + # Remove the hash from a packet and return the payload + # + def strip_hash(self, _data): + return _data # Everything is validated, so just return True #