|
|
|
@ -3,6 +3,7 @@ |
|
|
|
#include <string.h> |
|
|
|
#include <openssl/evp.h> |
|
|
|
#include <openssl/hmac.h> |
|
|
|
#include <glib.h> |
|
|
|
|
|
|
|
#include "str.h" |
|
|
|
#include "aux.h" |
|
|
|
@ -23,6 +24,8 @@ static int hmac_sha1_rtp(struct crypto_context *, char *out, str *in, u_int64_t) |
|
|
|
static int hmac_sha1_rtcp(struct crypto_context *, char *out, str *in); |
|
|
|
static int aes_f8_encrypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s, u_int64_t idx); |
|
|
|
static int aes_f8_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, u_int64_t idx); |
|
|
|
static int aes_session_key_init(struct crypto_context *c); |
|
|
|
static int aes_session_key_cleanup(struct crypto_context *c); |
|
|
|
|
|
|
|
/* all lengths are in bits, some code assumes everything to be multiples of 8 */ |
|
|
|
const struct crypto_suite crypto_suites[] = { |
|
|
|
@ -47,6 +50,8 @@ const struct crypto_suite crypto_suites[] = { |
|
|
|
.decrypt_rtcp = aes_cm_encrypt_rtcp, |
|
|
|
.hash_rtp = hmac_sha1_rtp, |
|
|
|
.hash_rtcp = hmac_sha1_rtcp, |
|
|
|
.session_key_init = aes_session_key_init, |
|
|
|
.session_key_cleanup = aes_session_key_cleanup, |
|
|
|
}, |
|
|
|
{ |
|
|
|
.name = "AES_CM_128_HMAC_SHA1_32", |
|
|
|
@ -125,8 +130,7 @@ const struct crypto_suite *crypto_find_suite(const str *s) { |
|
|
|
|
|
|
|
/* rfc 3711 section 4.1 and 4.1.1 |
|
|
|
* "in" and "out" MAY point to the same buffer */ |
|
|
|
static void aes_ctr_128(char *out, str *in, char *key, char *iv) { |
|
|
|
EVP_CIPHER_CTX ecc; |
|
|
|
static void aes_ctr_128(char *out, str *in, EVP_CIPHER_CTX *ecc, char *iv) { |
|
|
|
unsigned char ivx[16]; |
|
|
|
unsigned char key_block[16]; |
|
|
|
unsigned char *p, *q; |
|
|
|
@ -134,19 +138,17 @@ static void aes_ctr_128(char *out, str *in, char *key, char *iv) { |
|
|
|
int outlen, i; |
|
|
|
u_int64_t *pi, *qi, *ki; |
|
|
|
|
|
|
|
if (!ecc) |
|
|
|
return; |
|
|
|
|
|
|
|
memcpy(ivx, iv, 16); |
|
|
|
pi = (void *) in->s; |
|
|
|
qi = (void *) out; |
|
|
|
ki = (void *) key_block; |
|
|
|
left = in->len; |
|
|
|
|
|
|
|
/* XXX do this only once per thread or maybe once per stream/key? */ |
|
|
|
EVP_CIPHER_CTX_init(&ecc); |
|
|
|
|
|
|
|
EVP_EncryptInit_ex(&ecc, EVP_aes_128_ecb(), NULL, (unsigned char *) key, NULL); |
|
|
|
|
|
|
|
while (left) { |
|
|
|
EVP_EncryptUpdate(&ecc, key_block, &outlen, ivx, 16); |
|
|
|
EVP_EncryptUpdate(ecc, key_block, &outlen, ivx, 16); |
|
|
|
assert(outlen == 16); |
|
|
|
|
|
|
|
if (G_UNLIKELY(left < 16)) { |
|
|
|
@ -173,10 +175,19 @@ static void aes_ctr_128(char *out, str *in, char *key, char *iv) { |
|
|
|
} |
|
|
|
|
|
|
|
done: |
|
|
|
; |
|
|
|
} |
|
|
|
|
|
|
|
EVP_EncryptFinal_ex(&ecc, key_block, &outlen); |
|
|
|
static void aes_ctr_128_no_ctx(char *out, str *in, char *key, char *iv) { |
|
|
|
EVP_CIPHER_CTX ctx; |
|
|
|
unsigned char block[16]; |
|
|
|
int len; |
|
|
|
|
|
|
|
EVP_CIPHER_CTX_cleanup(&ecc); |
|
|
|
EVP_CIPHER_CTX_init(&ctx); |
|
|
|
EVP_EncryptInit_ex(&ctx, EVP_aes_128_ecb(), NULL, (unsigned char *) key, NULL); |
|
|
|
aes_ctr_128(out, in, &ctx, iv); |
|
|
|
EVP_EncryptFinal_ex(&ctx, block, &len); |
|
|
|
EVP_CIPHER_CTX_cleanup(&ctx); |
|
|
|
} |
|
|
|
|
|
|
|
/* rfc 3711 section 4.3.1 and 4.3.3 |
|
|
|
@ -197,7 +208,7 @@ static void prf_n(str *out, char *key, char *x) { |
|
|
|
/* iv[14] = iv[15] = 0; := x << 16 */ |
|
|
|
ZERO(in); /* outputs the key stream */ |
|
|
|
str_init_len(&in_s, in, out->len >= 16 ? 32 : 16); |
|
|
|
aes_ctr_128(o, &in_s, key, iv); |
|
|
|
aes_ctr_128_no_ctx(o, &in_s, key, iv); |
|
|
|
|
|
|
|
memcpy(out->s, o, out->len); |
|
|
|
} |
|
|
|
@ -263,7 +274,7 @@ static int aes_cm_encrypt(struct crypto_context *c, u_int32_t ssrc, str *s, u_in |
|
|
|
ivi[2] ^= idxh; |
|
|
|
ivi[3] ^= idxl; |
|
|
|
|
|
|
|
aes_ctr_128(s->s, s, c->session_key, (char *) iv); |
|
|
|
aes_ctr_128(s->s, s, c->session_key_ctx, (char *) iv); |
|
|
|
|
|
|
|
return 0; |
|
|
|
} |
|
|
|
@ -423,3 +434,27 @@ static int hmac_sha1_rtcp(struct crypto_context *c, char *out, str *in) { |
|
|
|
|
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
static int aes_session_key_init(struct crypto_context *c) { |
|
|
|
aes_session_key_cleanup(c); |
|
|
|
c->session_key_ctx = g_slice_alloc(sizeof(EVP_CIPHER_CTX)); |
|
|
|
EVP_CIPHER_CTX_init(c->session_key_ctx); |
|
|
|
EVP_EncryptInit_ex(c->session_key_ctx, EVP_aes_128_ecb(), NULL, |
|
|
|
(unsigned char *) c->session_key, NULL); |
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
static int aes_session_key_cleanup(struct crypto_context *c) { |
|
|
|
unsigned char block[16]; |
|
|
|
int len; |
|
|
|
|
|
|
|
if (!c->session_key_ctx) |
|
|
|
return 0; |
|
|
|
|
|
|
|
EVP_EncryptFinal_ex(c->session_key_ctx, block, &len); |
|
|
|
EVP_CIPHER_CTX_cleanup(c->session_key_ctx); |
|
|
|
g_slice_free1(sizeof(EVP_CIPHER_CTX), c->session_key_ctx); |
|
|
|
c->session_key_ctx = NULL; |
|
|
|
|
|
|
|
return 0; |
|
|
|
} |
Richard Fuchs
13 years ago