mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
SRT: Build SRT from source by SRS. 4.0.115
This commit is contained in:
parent
262f0fc8c8
commit
90f1b482ab
115 changed files with 44513 additions and 19 deletions
96
trunk/3rdparty/srt-1-fit/haicrypt/hcrypt_sa.c
vendored
Normal file
96
trunk/3rdparty/srt-1-fit/haicrypt/hcrypt_sa.c
vendored
Normal file
|
@ -0,0 +1,96 @@
|
|||
/*
|
||||
* SRT - Secure, Reliable, Transport
|
||||
* Copyright (c) 2018 Haivision Systems Inc.
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
/*****************************************************************************
|
||||
written by
|
||||
Haivision Systems Inc.
|
||||
|
||||
2011-06-23 (jdube)
|
||||
HaiCrypt initial implementation.
|
||||
*****************************************************************************/
|
||||
|
||||
/*
|
||||
* For now:
|
||||
* Pre-shared or password derived KEK (Key Encrypting Key)
|
||||
* Future:
|
||||
* Certificate-based association
|
||||
*/
|
||||
#include <string.h> /* memcpy */
|
||||
#include "hcrypt.h"
|
||||
|
||||
int hcryptCtx_SetSecret(hcrypt_Session *crypto, hcrypt_Ctx *ctx, const HaiCrypt_Secret *secret)
|
||||
{
|
||||
int iret;
|
||||
(void)crypto;
|
||||
|
||||
switch(secret->typ) {
|
||||
case HAICRYPT_SECTYP_PRESHARED:
|
||||
ASSERT(secret->len <= HAICRYPT_KEY_MAX_SZ);
|
||||
ctx->cfg.pwd_len = 0;
|
||||
/* KEK: Key Encrypting Key */
|
||||
if (0 > (iret = crypto->cryspr->km_setkey(crypto->cryspr_cb,
|
||||
(HCRYPT_CTX_F_ENCRYPT & ctx->flags ? true : false),
|
||||
secret->str, secret->len))) {
|
||||
HCRYPT_LOG(LOG_ERR, "km_setkey(pdkek[%zd]) failed (rc=%d)\n", secret->len, iret);
|
||||
return(-1);
|
||||
}
|
||||
ctx->status = HCRYPT_CTX_S_SARDY;
|
||||
break;
|
||||
|
||||
case HAICRYPT_SECTYP_PASSPHRASE:
|
||||
ASSERT(secret->len <= sizeof(ctx->cfg.pwd));
|
||||
memcpy(ctx->cfg.pwd, secret->str, secret->len);
|
||||
ctx->cfg.pwd_len = secret->len;
|
||||
/* KEK will be derived from password with Salt */
|
||||
ctx->status = HCRYPT_CTX_S_SARDY;
|
||||
break;
|
||||
|
||||
default:
|
||||
HCRYPT_LOG(LOG_ERR, "Unknown secret type %d\n",
|
||||
secret->typ);
|
||||
return(-1);
|
||||
}
|
||||
return(0);
|
||||
}
|
||||
|
||||
int hcryptCtx_GenSecret(hcrypt_Session *crypto, hcrypt_Ctx *ctx)
|
||||
{
|
||||
/*
|
||||
* KEK need same length as the key it protects (SEK)
|
||||
* KEK = PBKDF2(Pwd, LSB(64, Salt), Iter, Klen)
|
||||
*/
|
||||
unsigned char kek[HAICRYPT_KEY_MAX_SZ];
|
||||
size_t kek_len = ctx->sek_len;
|
||||
size_t pbkdf_salt_len = (ctx->salt_len >= HAICRYPT_PBKDF2_SALT_LEN
|
||||
? HAICRYPT_PBKDF2_SALT_LEN
|
||||
: ctx->salt_len);
|
||||
int iret = 0;
|
||||
(void)crypto;
|
||||
|
||||
iret = crypto->cryspr->km_pbkdf2(crypto->cryspr_cb, ctx->cfg.pwd, ctx->cfg.pwd_len,
|
||||
&ctx->salt[ctx->salt_len - pbkdf_salt_len], pbkdf_salt_len,
|
||||
HAICRYPT_PBKDF2_ITER_CNT, kek_len, kek);
|
||||
|
||||
if(iret) {
|
||||
HCRYPT_LOG(LOG_ERR, "km_pbkdf2() failed (rc=%d)\n", iret);
|
||||
return(-1);
|
||||
}
|
||||
HCRYPT_PRINTKEY(ctx->cfg.pwd, ctx->cfg.pwd_len, "pwd");
|
||||
HCRYPT_PRINTKEY(kek, kek_len, "kek");
|
||||
|
||||
/* KEK: Key Encrypting Key */
|
||||
if (0 > (iret = crypto->cryspr->km_setkey(crypto->cryspr_cb, (HCRYPT_CTX_F_ENCRYPT & ctx->flags ? true : false), kek, kek_len))) {
|
||||
HCRYPT_LOG(LOG_ERR, "km_setkey(pdkek[%zd]) failed (rc=%d)\n", kek_len, iret);
|
||||
return(-1);
|
||||
}
|
||||
return(0);
|
||||
}
|
||||
|
Loading…
Add table
Add a link
Reference in a new issue