webrtc_sdp/

anonymizer.rs

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

extern crate url;
use address::{Address, ExplicitlyTypedAddress};
use std::collections::HashMap;
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
use std::num::Wrapping;

pub trait AnonymizingClone {
    fn masked_clone(&self, anon: &mut StatefulSdpAnonymizer) -> Self;
}

pub trait ToBytesVec {
    fn to_byte_vec(&self) -> Vec<u8>;
}

impl ToBytesVec for u64 {
    fn to_byte_vec(&self) -> Vec<u8> {
        let mut bytes = Vec::new();
        let mut val = *self;
        for _ in 0..8 {
            bytes.push(val as u8);
            val <<= 8;
        }
        bytes.reverse();
        bytes
    }
}

/*
* Anonymizes SDP in a stateful fashion, such that a pre-anonymized value will
* always be transformed into the same anonymized value within the context of
* the anonymizer.
* Stores the opaque state necessary for intelligent anonymization of SDP. This
* state can be stored and reused during the offer-answer period, and it
* will maintain a stable set of masked values.
*/
pub struct StatefulSdpAnonymizer {
    ips: HashMap<IpAddr, IpAddr>,
    ip_v4_inc: Wrapping<u32>,
    ip_v6_inc: Wrapping<u128>,
    host_names: AnonymizationStrMap,
    ports: HashMap<u32, u32>,
    port_inc: Wrapping<u32>,
    origin_users: AnonymizationStrMap,
    ice_passwords: AnonymizationStrMap,
    ice_users: AnonymizationStrMap,
    cert_finger_prints: HashMap<Vec<u8>, Vec<u8>>,
    cert_finger_print_inc: Wrapping<u64>,
    cnames: AnonymizationStrMap,
}

impl Default for StatefulSdpAnonymizer {
    fn default() -> Self {
        Self::new()
    }
}

impl StatefulSdpAnonymizer {
    pub fn new() -> Self {
        StatefulSdpAnonymizer {
            ips: HashMap::new(),
            ip_v4_inc: Wrapping(0),
            ip_v6_inc: Wrapping(0),
            host_names: AnonymizationStrMap::new("fqdn-", 8),
            ports: HashMap::new(),
            port_inc: Wrapping(0),
            origin_users: AnonymizationStrMap::new("origin-user-", 8),
            ice_passwords: AnonymizationStrMap::new("ice-password-", 8),
            ice_users: AnonymizationStrMap::new("ice-user-", 8),
            cert_finger_prints: HashMap::new(),
            cert_finger_print_inc: Wrapping(0),
            cnames: AnonymizationStrMap::new("cname-", 8),
        }
    }

    pub fn mask_host(&mut self, host: &str) -> String {
        self.host_names.mask(host)
    }

    pub fn mask_ip(&mut self, addr: &IpAddr) -> IpAddr {
        if let Some(address) = self.ips.get(addr) {
            return *address;
        }
        let mapped = match addr {
            IpAddr::V4(_) => {
                self.ip_v4_inc += Wrapping(1);
                IpAddr::V4(Ipv4Addr::from(self.ip_v4_inc.0))
            }
            IpAddr::V6(_) => {
                self.ip_v6_inc += Wrapping(1);
                IpAddr::V6(Ipv6Addr::from(self.ip_v6_inc.0))
            }
        };
        self.ips.insert(*addr, mapped);
        mapped
    }

    pub fn mask_address(&mut self, address: &Address) -> Address {
        match address {
            Address::Fqdn(host) => Address::Fqdn(self.mask_host(host)),
            Address::Ip(ip) => Address::Ip(self.mask_ip(ip)),
        }
    }

    pub fn mask_typed_address(
        &mut self,
        address: &ExplicitlyTypedAddress,
    ) -> ExplicitlyTypedAddress {
        match address {
            ExplicitlyTypedAddress::Fqdn {
                address_type,
                domain,
            } => ExplicitlyTypedAddress::Fqdn {
                address_type: *address_type,
                domain: self.mask_host(domain),
            },
            ExplicitlyTypedAddress::Ip(ip) => ExplicitlyTypedAddress::Ip(self.mask_ip(ip)),
        }
    }

    pub fn mask_port(&mut self, port: u32) -> u32 {
        if let Some(stored) = self.ports.get(&port) {
            return *stored;
        }
        self.port_inc += Wrapping(1);
        self.ports.insert(port, self.port_inc.0);
        self.port_inc.0
    }

    pub fn mask_origin_user(&mut self, user: &str) -> String {
        self.origin_users.mask(user)
    }

    pub fn mask_ice_password(&mut self, password: &str) -> String {
        self.ice_passwords.mask(password)
    }

    pub fn mask_ice_user(&mut self, user: &str) -> String {
        self.ice_users.mask(user)
    }

    pub fn mask_cert_finger_print(&mut self, finger_print: &[u8]) -> Vec<u8> {
        if let Some(stored) = self.cert_finger_prints.get(finger_print) {
            return stored.clone();
        }
        self.cert_finger_print_inc += Wrapping(1);
        self.cert_finger_prints.insert(
            finger_print.to_vec(),
            self.cert_finger_print_inc.0.to_byte_vec(),
        );
        self.cert_finger_print_inc.0.to_byte_vec()
    }

    pub fn mask_cname(&mut self, cname: &str) -> String {
        self.cnames.mask(cname)
    }
}

struct AnonymizationStrMap {
    map: HashMap<String, String>,
    counter: Wrapping<u64>,
    prefix: &'static str,
    padding: usize,
}

impl AnonymizationStrMap {
    pub fn new(prefix: &'static str, padding: usize) -> Self {
        Self {
            map: HashMap::new(),
            counter: Wrapping(0),
            prefix,
            padding,
        }
    }

    pub fn mask(&mut self, value: &str) -> String {
        let key = value.to_owned();
        if let Some(stored) = self.map.get(&key) {
            return stored.clone();
        }
        self.counter += Wrapping(1);
        let store = format!(
            "{}{:0padding$}",
            self.prefix,
            self.counter.0,
            padding = self.padding
        );
        self.map.insert(key, store.clone());
        store
    }
}

#[cfg(test)]
#[path = "./anonymizer_tests.rs"]
mod tests;