直播：后台 JWT 推流、前台画中画；WebRTC 服务与 Nginx WebSocket 代理

Made-with: Cursor

server/vendor/github.com/pion/stun/internal/hmac/hmac.go

@@ -0,0 +1,156 @@
+// SPDX-FileCopyrightText: 2009 The Go Authors. All rights reserved.
+// SPDX-License-Identifier: BSD-3-Clause
+
+/*
+Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as
+defined in U.S. Federal Information Processing Standards Publication 198.
+An HMAC is a cryptographic hash that uses a key to sign a message.
+The receiver verifies the hash by recomputing it using the same key.
+
+Receivers should be careful to use Equal to compare MACs in order to avoid
+timing side-channels:
+
+	// ValidMAC reports whether messageMAC is a valid HMAC tag for message.
+	func ValidMAC(message, messageMAC, key []byte) bool {
+		mac := hmac.New(sha256.New, key)
+		mac.Write(message)
+		expectedMAC := mac.Sum(nil)
+		return hmac.Equal(messageMAC, expectedMAC)
+	}
+*/
+package hmac
+
+import (
+	"crypto/subtle"
+	"hash"
+)
+
+// FIPS 198-1:
+// https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf
+
+// key is zero padded to the block size of the hash function
+// ipad = 0x36 byte repeated for key length
+// opad = 0x5c byte repeated for key length
+// hmac = H([key ^ opad] H([key ^ ipad] text))
+
+// Marshalable is the combination of encoding.BinaryMarshaler and
+// encoding.BinaryUnmarshaler. Their method definitions are repeated here to
+// avoid a dependency on the encoding package.
+type marshalable interface {
+	MarshalBinary() ([]byte, error)
+	UnmarshalBinary([]byte) error
+}
+
+type hmac struct {
+	opad, ipad   []byte
+	outer, inner hash.Hash
+
+	// If marshaled is true, then opad and ipad do not contain a padded
+	// copy of the key, but rather the marshaled state of outer/inner after
+	// opad/ipad has been fed into it.
+	marshaled bool
+}
+
+func (h *hmac) Sum(in []byte) []byte {
+	origLen := len(in)
+	in = h.inner.Sum(in)
+
+	if h.marshaled {
+		if err := h.outer.(marshalable).UnmarshalBinary(h.opad); err != nil { //nolint:forcetypeassert
+			panic(err) //nolint
+		}
+	} else {
+		h.outer.Reset()
+		h.outer.Write(h.opad) //nolint:errcheck,gosec
+	}
+	h.outer.Write(in[origLen:]) //nolint:errcheck,gosec
+	return h.outer.Sum(in[:origLen])
+}
+
+func (h *hmac) Write(p []byte) (n int, err error) {
+	return h.inner.Write(p)
+}
+
+func (h *hmac) Size() int      { return h.outer.Size() }
+func (h *hmac) BlockSize() int { return h.inner.BlockSize() }
+
+func (h *hmac) Reset() {
+	if h.marshaled {
+		if err := h.inner.(marshalable).UnmarshalBinary(h.ipad); err != nil { //nolint:forcetypeassert
+			panic(err) //nolint
+		}
+		return
+	}
+
+	h.inner.Reset()
+	h.inner.Write(h.ipad) //nolint:errcheck,gosec
+
+	// If the underlying hash is marshalable, we can save some time by
+	// saving a copy of the hash state now, and restoring it on future
+	// calls to Reset and Sum instead of writing ipad/opad every time.
+	//
+	// If either hash is unmarshalable for whatever reason,
+	// it's safe to bail out here.
+	marshalableInner, innerOK := h.inner.(marshalable)
+	if !innerOK {
+		return
+	}
+	marshalableOuter, outerOK := h.outer.(marshalable)
+	if !outerOK {
+		return
+	}
+
+	imarshal, err := marshalableInner.MarshalBinary()
+	if err != nil {
+		return
+	}
+
+	h.outer.Reset()
+	h.outer.Write(h.opad) //nolint:errcheck,gosec
+	omarshal, err := marshalableOuter.MarshalBinary()
+	if err != nil {
+		return
+	}
+
+	// Marshaling succeeded; save the marshaled state for later
+	h.ipad = imarshal
+	h.opad = omarshal
+	h.marshaled = true
+}
+
+// New returns a new HMAC hash using the given hash.Hash type and key.
+// Note that unlike other hash implementations in the standard library,
+// the returned Hash does not implement encoding.BinaryMarshaler
+// or encoding.BinaryUnmarshaler.
+func New(h func() hash.Hash, key []byte) hash.Hash {
+	hm := new(hmac)
+	hm.outer = h()
+	hm.inner = h()
+	blocksize := hm.inner.BlockSize()
+	hm.ipad = make([]byte, blocksize)
+	hm.opad = make([]byte, blocksize)
+	if len(key) > blocksize {
+		// If key is too big, hash it.
+		hm.outer.Write(key) //nolint:errcheck,gosec
+		key = hm.outer.Sum(nil)
+	}
+	copy(hm.ipad, key)
+	copy(hm.opad, key)
+	for i := range hm.ipad {
+		hm.ipad[i] ^= 0x36
+	}
+	for i := range hm.opad {
+		hm.opad[i] ^= 0x5c
+	}
+	hm.inner.Write(hm.ipad) //nolint:errcheck,gosec
+
+	return hm
+}
+
+// Equal compares two MACs for equality without leaking timing information.
+func Equal(mac1, mac2 []byte) bool {
+	// We don't have to be constant time if the lengths of the MACs are
+	// different as that suggests that a completely different hash function
+	// was used.
+	return subtle.ConstantTimeCompare(mac1, mac2) == 1
+}

server/vendor/github.com/pion/stun/internal/hmac/pool.go

@@ -0,0 +1,92 @@
+// SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
+// SPDX-License-Identifier: MIT
+
+package hmac
+
+import ( //nolint:gci
+	"crypto/sha1" //nolint:gosec
+	"crypto/sha256"
+	"hash"
+	"sync"
+)
+
+func (h *hmac) resetTo(key []byte) {
+	h.outer.Reset()
+	h.inner.Reset()
+	blocksize := h.inner.BlockSize()
+
+	// Reset size and zero of ipad and opad.
+	h.ipad = append(h.ipad[:0], make([]byte, blocksize)...)
+	h.opad = append(h.opad[:0], make([]byte, blocksize)...)
+
+	if len(key) > blocksize {
+		// If key is too big, hash it.
+		h.outer.Write(key) //nolint:errcheck,gosec
+		key = h.outer.Sum(nil)
+	}
+	copy(h.ipad, key)
+	copy(h.opad, key)
+	for i := range h.ipad {
+		h.ipad[i] ^= 0x36
+	}
+	for i := range h.opad {
+		h.opad[i] ^= 0x5c
+	}
+	h.inner.Write(h.ipad) //nolint:errcheck,gosec
+
+	h.marshaled = false
+}
+
+var hmacSHA1Pool = &sync.Pool{ //nolint:gochecknoglobals
+	New: func() interface{} {
+		h := New(sha1.New, make([]byte, sha1.BlockSize))
+		return h
+	},
+}
+
+// AcquireSHA1 returns new HMAC from pool.
+func AcquireSHA1(key []byte) hash.Hash {
+	h := hmacSHA1Pool.Get().(*hmac) //nolint:forcetypeassert
+	assertHMACSize(h, sha1.Size, sha1.BlockSize)
+	h.resetTo(key)
+	return h
+}
+
+// PutSHA1 puts h to pool.
+func PutSHA1(h hash.Hash) {
+	hm := h.(*hmac) //nolint:forcetypeassert
+	assertHMACSize(hm, sha1.Size, sha1.BlockSize)
+	hmacSHA1Pool.Put(hm)
+}
+
+var hmacSHA256Pool = &sync.Pool{ //nolint:gochecknoglobals
+	New: func() interface{} {
+		h := New(sha256.New, make([]byte, sha256.BlockSize))
+		return h
+	},
+}
+
+// AcquireSHA256 returns new HMAC from SHA256 pool.
+func AcquireSHA256(key []byte) hash.Hash {
+	h := hmacSHA256Pool.Get().(*hmac) //nolint:forcetypeassert
+	assertHMACSize(h, sha256.Size, sha256.BlockSize)
+	h.resetTo(key)
+	return h
+}
+
+// PutSHA256 puts h to SHA256 pool.
+func PutSHA256(h hash.Hash) {
+	hm := h.(*hmac) //nolint:forcetypeassert
+	assertHMACSize(hm, sha256.Size, sha256.BlockSize)
+	hmacSHA256Pool.Put(hm)
+}
+
+// assertHMACSize panics if h.size != size or h.blocksize != blocksize.
+//
+// Put and Acquire functions are internal functions to project, so
+// checking it via such assert is optimal.
+func assertHMACSize(h *hmac, size, blocksize int) { //nolint:unparam
+	if h.Size() != size || h.BlockSize() != blocksize {
+		panic("BUG: hmac size invalid") //nolint
+	}
+}

server/vendor/github.com/pion/stun/internal/hmac/vendor.sh

@@ -0,0 +1,7 @@
+#!/bin/env bash
+
+# SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
+# SPDX-License-Identifier: MIT
+
+cp -v $GOROOT/src/crypto/hmac/{hmac,hmac_test}.go .
+git diff {hmac,hmac_test}.go