external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

Upgrade libsrt to v1.5.3. v5.0.183 v6.0.81 (#3808)

Browse source 
fix https://github.com/ossrs/srs/issues/3155
Build srt-1-fit fails with `standard attributes in middle of
decl-specifiers` on GCC 12,Arch Linux.

See https://github.com/Haivision/srt/releases/tag/v1.5.3
This commit is contained in:
Haibo Chen 2023-09-21 22:23:56 +08:00 committed by GitHub
parent f9bba0a9b0
commit c5e067fb0b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
94 changed files with 5974 additions and 6273 deletions
Download patch file Download diff file Expand all files Collapse all files

15
trunk/3rdparty/srt-1-fit/haicrypt/cryspr-mbedtls.c vendored
View file

@ -16,7 +16,7 @@ written by
2022-05-19 (jdube)
CRYSPR2 adaptation
2019-06-27 (jdube)
GnuTLS/Nettle CRYSPR/4SRT (CRYypto Service PRovider for SRT)
MBedTLS CRYSPR/4SRT (CRYypto Service PRovider for SRT)
*****************************************************************************/
#include "hcrypt.h"
@ -32,7 +32,7 @@ written by
static mbedtls_ctr_drbg_context crysprMbedtls_ctr_drbg;
static mbedtls_entropy_context crysprMbedtls_entropy;
typedef struct tag_crysprGnuTLS_AES_cb {
typedef struct tag_crysprMBedTLS_AES_cb {
CRYSPR_cb ccb; /* CRYSPR control block */
/* Add other cryptolib specific data here */
#ifdef CRYSPR2
@ -75,9 +75,9 @@ int crysprMbedtls_AES_SetKey(
// kstr_len is in "bytes" convention (16, 24, 32).
if (bEncrypt) { /* Encrypt key */
ret = mbedtls_aes_setkey_enc(aes_key, kstr, kstr_len*8);
ret = mbedtls_aes_setkey_enc(aes_key, kstr, (unsigned int)kstr_len*8);
} else { /* Decrypt key */
ret = mbedtls_aes_setkey_dec(aes_key, kstr, kstr_len*8);
ret = mbedtls_aes_setkey_dec(aes_key, kstr, (unsigned int)kstr_len*8);
}
return ret == 0 ? 0 : -1;
@ -91,8 +91,8 @@ int crysprMbedtls_AES_EcbCipher( /* AES Electronic Codebook cipher*/
unsigned char *out_txt, /* dst (cipher text) */
size_t *outlen) /* dst len */
{
int nblk = inlen/CRYSPR_AESBLKSZ;
int nmore = inlen%CRYSPR_AESBLKSZ;
int nblk = (int)(inlen/CRYSPR_AESBLKSZ);
int nmore = (int)(inlen%CRYSPR_AESBLKSZ);
int i;
if (bEncrypt) {
@ -160,7 +160,6 @@ int crysprMbedtls_AES_CtrCipher( /* AES-CTR128 Encryption */
static CRYSPR_cb *crysprMbedtls_Open(CRYSPR_methods *cryspr, size_t max_len)
{
crysprMbedtls_cb *aes_data;
CRYSPR_cb *cryspr_cb;
aes_data = (crysprMbedtls_cb *)crysprHelper_Open(cryspr, sizeof(crysprMbedtls_cb), max_len);
if (NULL == aes_data) {
@ -216,7 +215,7 @@ int crysprMbedtls_KmPbkdf2(
ret = mbedtls_pkcs5_pbkdf2_hmac(&mdctx,
(unsigned char*)passwd, passwd_len, salt, salt_len,
itr, key_len, out);
itr, (uint32_t)key_len, out);
mbedtls_md_free(&mdctx);

8
trunk/3rdparty/srt-1-fit/haicrypt/cryspr-mbedtls.h vendored
View file

@ -13,12 +13,12 @@ written by
Haivision Systems Inc.
2019-06-27 (jdube)
GnuTLS/Nettle CRYSPR/4SRT (CRYypto Service PRovider for SRT)
MBedTLS CRYSPR/4SRT (CRYypto Service PRovider for SRT)
*****************************************************************************/
#ifndef CRYSPR_GNUTLS_H
#define CRYSPR_GNUTLS_H
#ifndef CRYSPR_MBEDTLS_H
#define CRYSPR_MBEDTLS_H
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/aes.h>
@ -59,5 +59,5 @@ typedef mbedtls_aes_context CRYSPR_AESCTX; /* CRYpto Service PRovider AES key
struct tag_CRYSPR_methods *crysprMbedtls(void);
#endif /* CRYSPR_GNUTLS_H */
#endif /* CRYSPR_MBEDTLS_H */

100
trunk/3rdparty/srt-1-fit/haicrypt/cryspr-openssl-evp.c vendored
View file

@ -34,9 +34,11 @@ int crysprOpenSSL_EVP_Prng(unsigned char* rn, int len)
const EVP_CIPHER* (*Xcipher_fnptr)(void) = EVP_aes_128_ecb;
const EVP_CIPHER* (*_crysprOpenSSL_EVP_cipher_fnptr[][3])(void) = {
{NULL, NULL, NULL},
{EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb},
{EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr},
{NULL, NULL, NULL}, // HCRYPT_CTX_MODE_CLRTXT
{EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb}, // HCRYPT_CTX_MODE_AESECB
{EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr}, // HCRYPT_CTX_MODE_AESCTR
{NULL, NULL, NULL}, // HCRYPT_CTX_MODE_AESCBC
{EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm}, // HCRYPT_CTX_MODE_AESGCM
};
int crysprOpenSSL_EVP_AES_SetKey(
@ -47,7 +49,7 @@ int crysprOpenSSL_EVP_AES_SetKey(
CRYSPR_AESCTX* aes_key) /* CRYpto Service PRovider AES Key context */
{
const EVP_CIPHER* cipher = NULL;
int idxKlen = (kstr_len / 8) - 2; /* key_len index in cipher_fnptr array in [0,1,2] range */
int idxKlen = (int)((kstr_len / 8) - 2); /* key_len index in cipher_fnptr array in [0,1,2] range */
switch (cipher_type)
{
@ -61,6 +63,8 @@ int crysprOpenSSL_EVP_AES_SetKey(
cipher_type = HCRYPT_CTX_MODE_AESECB;
#endif
break;
case HCRYPT_CTX_MODE_AESGCM:
break;
default:
HCRYPT_LOG(LOG_ERR,
"invalid cipher type (%d). Expected: [%d..%d]\n",
@ -139,7 +143,7 @@ int crysprOpenSSL_EVP_AES_EcbCipher(bool bEncrypt, /* true:encry
size_t* outlen_p) /* in/out dst len */
{
int nmore = inlen % CRYSPR_AESBLKSZ; /* bytes in last incomplete block */
int nblk = inlen / CRYSPR_AESBLKSZ + (nmore ? 1 : 0); /* blocks including incomplete */
int nblk = (int)(inlen / CRYSPR_AESBLKSZ + (nmore ? 1 : 0)); /* blocks including incomplete */
size_t outsiz = (outlen_p ? *outlen_p : 0);
int c_len = 0, f_len = 0;
@ -156,7 +160,7 @@ int crysprOpenSSL_EVP_AES_EcbCipher(bool bEncrypt, /* true:encry
return (-1); /* output buf size must have room for PKCS7 padding */
}
/* allows reusing of 'e' for multiple encryption cycles */
if (!EVP_CipherInit_ex(aes_key, NULL, NULL, NULL, NULL, -1))
if (!EVP_CipherInit_ex(aes_key, NULL, NULL, NULL, NULL, bEncrypt))
{
HCRYPT_LOG(LOG_ERR, "EVP_CipherInit_ex(%p,NULL,...,-1) failed\n", aes_key);
return -1;
@ -170,7 +174,7 @@ int crysprOpenSSL_EVP_AES_EcbCipher(bool bEncrypt, /* true:encry
/* update ciphertext, c_len is filled with the length of ciphertext generated,
* cryptoPtr->cipher_in_len is the size of plain/cipher text in bytes
*/
if (!EVP_CipherUpdate(aes_key, out_txt, &c_len, indata, inlen))
if (!EVP_CipherUpdate(aes_key, out_txt, &c_len, indata, (int)inlen))
{
HCRYPT_LOG(LOG_ERR, "EVP_CipherUpdate(%p, out, %d, in, %d) failed\n", aes_key, c_len, inlen);
return -1;
@ -223,7 +227,7 @@ int crysprOpenSSL_EVP_AES_CtrCipher(bool bEncrypt, /* true:encry
/* update ciphertext, c_len is filled with the length of ciphertext generated,
* cryptoPtr->cipher_in_len is the size of plain/cipher text in bytes
*/
if (!EVP_CipherUpdate(aes_key, out_txt, &c_len, indata, inlen))
if (!EVP_CipherUpdate(aes_key, out_txt, &c_len, indata, (int)inlen))
{
HCRYPT_LOG(LOG_ERR, "%s\n", "EVP_CipherUpdate() failed");
return -1;
@ -247,6 +251,83 @@ int crysprOpenSSL_EVP_AES_CtrCipher(bool bEncrypt, /* true:encry
return 0;
}
int crysprOpenSSL_EVP_AES_GCMCipher(bool bEncrypt, /* true:encrypt, false:decrypt */
CRYSPR_AESCTX* aes_key, /* CRYpto Service PRovider AES Key context */
unsigned char* iv, /* iv */
const unsigned char* aad, /* associated data */
size_t aadlen,
const unsigned char* indata, /* src */
size_t inlen, /* length */
unsigned char* out_txt,
unsigned char* out_tag) /* auth tag */
{
int c_len, f_len;
/* allows reusing of 'e' for multiple encryption cycles */
if (!EVP_CipherInit_ex(aes_key, NULL, NULL, NULL, iv, -1))
{
HCRYPT_LOG(LOG_ERR, "%s\n", "EVP_CipherInit_ex() failed");
return -1;
}
if (!EVP_CIPHER_CTX_set_padding(aes_key, 0))
{
HCRYPT_LOG(LOG_ERR, "%s\n", "EVP_CIPHER_CTX_set_padding() failed");
return -1;
}
/*
* Provide any AAD data. This can be called zero or more times as
* required
*/
if (1 != EVP_CipherUpdate(aes_key, NULL, &c_len, aad, (int) aadlen))
{
ERR_print_errors_fp(stderr);
HCRYPT_LOG(LOG_ERR, "%s\n", "EVP_EncryptUpdate failed");
return -1;
}
/* update ciphertext, c_len is filled with the length of ciphertext generated,
* cryptoPtr->cipher_in_len is the size of plain/cipher text in bytes
*/
if (!EVP_CipherUpdate(aes_key, out_txt, &c_len, indata, (int) inlen))
{
HCRYPT_LOG(LOG_ERR, "%s\n", "EVP_CipherUpdate() failed");
return -1;
}
if (!bEncrypt && !EVP_CIPHER_CTX_ctrl(aes_key, EVP_CTRL_GCM_SET_TAG, HAICRYPT_AUTHTAG_MAX, out_tag)) {
ERR_print_errors_fp(stderr);
HCRYPT_LOG(LOG_ERR, "%s\n", "EVP_EncryptUpdate failed");
return -1;
}
/* update ciphertext with the final remaining bytes */
/* Useless with pre-padding */
f_len = 0;
if (0 == EVP_CipherFinal_ex(aes_key, &out_txt[c_len], &f_len))
{
#if ENABLE_HAICRYPT_LOGGING
char szErrBuf[256];
HCRYPT_LOG(LOG_ERR,
"EVP_CipherFinal_ex(ctx,&out[%d],%d)) failed: %s\n",
c_len,
f_len,
ERR_error_string(ERR_get_error(), szErrBuf));
#endif /*ENABLE_HAICRYPT_LOGGING*/
return -1;
}
/* Get the tag if we are encrypting */
if (bEncrypt && !EVP_CIPHER_CTX_ctrl(aes_key, EVP_CTRL_GCM_GET_TAG, HAICRYPT_AUTHTAG_MAX, out_tag))
{
ERR_print_errors_fp(stderr);
HCRYPT_LOG(LOG_ERR, "%s\n", "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed");
return -1;
}
return 0;
}
/*
* Password-based Key Derivation Function
*/
@ -260,7 +341,7 @@ int crysprOpenSSL_EVP_KmPbkdf2(CRYSPR_cb* cryspr_cb,
unsigned char* out) /* derived key */
{
(void)cryspr_cb;
int rc = PKCS5_PBKDF2_HMAC_SHA1(passwd, passwd_len, salt, salt_len, itr, key_len, out);
int rc = PKCS5_PBKDF2_HMAC_SHA1(passwd, (int)passwd_len, salt, (int)salt_len, itr, (int)key_len, out);
return (rc == 1 ? 0 : -1);
}
@ -300,6 +381,7 @@ CRYSPR_methods* crysprOpenSSL_EVP(void)
#if CRYSPR_HAS_AESCTR
crysprOpenSSL_EVP_methods.aes_ctr_cipher = crysprOpenSSL_EVP_AES_CtrCipher;
#endif
crysprOpenSSL_EVP_methods.aes_gcm_cipher = crysprOpenSSL_EVP_AES_GCMCipher;
#if !(CRYSPR_HAS_AESCTR && CRYSPR_HAS_AESKWRAP)
/* AES-ECB only required if cryspr has no AES-CTR and no AES KeyWrap */
/* OpenSSL has both AESCTR and AESKWRP and the AESECB wrapper is only used

4
trunk/3rdparty/srt-1-fit/haicrypt/cryspr-openssl-evp.h vendored
View file

@ -34,6 +34,10 @@ written by
*/
#define CRYSPR_HAS_AESCTR 1
/* Define CRYSPR_HAS_AESGCM to 1 if this CRYSPR has AES GCM cipher mode. OpenSSL EVP supports GCM.
*/
#define CRYSPR_HAS_AESGCM 1
/* Define CRYSPR_HAS_AESKWRAP to 1 if this CRYSPR has AES Key Wrap
if not set to 0 to enable default/fallback crysprFallback_AES_WrapKey/crysprFallback_AES_UnwrapKey methods
and provide the aes_ecb_cipher method .

6
trunk/3rdparty/srt-1-fit/haicrypt/cryspr-openssl.c vendored
View file

@ -48,12 +48,12 @@ int crysprOpenSSL_AES_SetKey(
(void)cipher_type;
if (bEncrypt) { /* Encrypt key */
if (AES_set_encrypt_key(kstr, kstr_len * 8, aes_key)) {
if (AES_set_encrypt_key(kstr, (int)(kstr_len * 8), aes_key)) {
HCRYPT_LOG(LOG_ERR, "%s", "AES_set_encrypt_key(kek) failed\n");
return(-1);
}
} else { /* Decrypt key */
if (AES_set_decrypt_key(kstr, kstr_len * 8, aes_key)) {
if (AES_set_decrypt_key(kstr, (int)(kstr_len * 8), aes_key)) {
HCRYPT_LOG(LOG_ERR, "%s", "AES_set_decrypt_key(kek) failed\n");
return(-1);
}
@ -163,7 +163,7 @@ int crysprOpenSSL_KmPbkdf2(
unsigned char *out) /* derived key */
{
(void)cryspr_cb;
int rc = PKCS5_PBKDF2_HMAC_SHA1(passwd,passwd_len,salt,salt_len,itr,key_len,out);
int rc = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)passwd_len,salt,(int)salt_len,itr,(int)key_len,out);
return(rc == 1? 0 : -1);
}

415
trunk/3rdparty/srt-1-fit/haicrypt/cryspr.c vendored
View file

@ -14,7 +14,7 @@ written by
Haivision Systems Inc.
2019-06-28 (jdube)
CRYSPR/4SRT Initial implementation.
CRYSPR/4SRT Initial implementation.
*****************************************************************************/
#include "hcrypt.h"
@ -25,111 +25,135 @@ written by
int crysprStub_Prng(unsigned char *rn, int len)
{
(void)rn;
(void)len;
return(0);
(void)rn;
(void)len;
return(0);
}
int crysprStub_AES_SetKey(
int cipher_type, /* One of HCRYPT_CTX_MODE_[CLRTXT|AESECB|AESCTR|AESGDM] */
bool bEncrypt, /* true Enxcrypt key, false: decrypt */
const unsigned char *kstr, /* key sttring*/
size_t kstr_len, /* kstr len in bytes (16, 24, or 32 bytes (for AES128,AES192, or AES256) */
CRYSPR_AESCTX *aes_key) /* Cryptolib Specific AES key context */
int cipher_type, /* One of HCRYPT_CTX_MODE_[CLRTXT|AESECB|AESCTR|AESGDM] */
bool bEncrypt, /* true Enxcrypt key, false: decrypt */
const unsigned char *kstr, /* key sttring*/
size_t kstr_len, /* kstr len in bytes (16, 24, or 32 bytes (for AES128,AES192, or AES256) */
CRYSPR_AESCTX *aes_key) /* Cryptolib Specific AES key context */
{
(void)cipher_type;
(void)bEncrypt;
(void)kstr;
(void)kstr_len;
(void)aes_key;
(void)cipher_type;
(void)bEncrypt;
(void)kstr;
(void)kstr_len;
(void)aes_key;
return(0);
return(0);
}
int crysprStub_AES_EcbCipher(
bool bEncrypt, /* true:encrypt, false:decrypt */
CRYSPR_AESCTX *aes_key, /* AES context */
const unsigned char *indata,/* src (clear text)*/
size_t inlen, /* length */
unsigned char *out_txt, /* dst (cipher text) */
size_t *outlen) /* dst len */
bool bEncrypt, /* true:encrypt, false:decrypt */
CRYSPR_AESCTX *aes_key, /* AES context */
const unsigned char *indata,/* src (clear text)*/
size_t inlen, /* length */
unsigned char *out_txt, /* dst (cipher text) */
size_t *outlen) /* dst len */
{
(void)bEncrypt;
(void)aes_key;
(void)indata;
(void)inlen;
(void)out_txt;
(void)outlen;
(void)bEncrypt;
(void)aes_key;
(void)indata;
(void)inlen;
(void)out_txt;
(void)outlen;
return -1;
return -1;
}
int crysprStub_AES_CtrCipher(
bool bEncrypt, /* true:encrypt, false:decrypt */
CRYSPR_AESCTX *aes_key, /* AES context */
unsigned char *iv, /* iv */
const unsigned char *indata,/* src */
size_t inlen, /* length */
unsigned char *out_txt) /* dest */
bool bEncrypt, /* true:encrypt, false:decrypt */
CRYSPR_AESCTX *aes_key, /* AES context */
unsigned char *iv, /* iv */
const unsigned char *indata,/* src */
size_t inlen, /* length */
unsigned char *out_txt) /* dest */
{
(void)bEncrypt;
(void)aes_key;
(void)iv;
(void)indata;
(void)inlen;
(void)out_txt;
(void)bEncrypt;
(void)aes_key;
(void)iv;
(void)indata;
(void)inlen;
(void)out_txt;
return(-1);
return(-1);
}
int crysprStub_AES_GCMCipher(
bool bEncrypt, /* true:encrypt, false:decrypt */
CRYSPR_AESCTX *aes_key, /* AES context */
unsigned char *iv, /* iv */
const unsigned char *aad, /* associated data */
size_t aadlen,
const unsigned char * indata,
size_t inlen,
unsigned char *out_txt,
unsigned char* out_tag)
{
(void)bEncrypt;
(void)aes_key;
(void)iv;
(void)aad;
(void)aadlen;
(void)indata;
(void)inlen;
(void)out_txt;
(void)out_tag;
return(-1);
}
unsigned char *crysprStub_SHA1_MsgDigest(
const unsigned char *m, /* in: message */
size_t m_len, /* message length */
unsigned char *md) /* out: message digest buffer *160 bytes */
const unsigned char *m, /* in: message */
size_t m_len, /* message length */
unsigned char *md) /* out: message digest buffer *160 bytes */
{
(void)m;
(void)m_len;
(void)md;
(void)m;
(void)m_len;
(void)md;
return(NULL);//return md;
return(NULL);//return md;
}
/*
* Password-based Key Derivation Function
*/
int crysprStub_KmPbkdf2(
CRYSPR_cb *cryspr_cb,
char *passwd, /* passphrase */
size_t passwd_len, /* passphrase len */
unsigned char *salt, /* salt */
size_t salt_len, /* salt_len */
int itr, /* iterations */
size_t key_len, /* key_len */
unsigned char *out) /* derived key */
CRYSPR_cb *cryspr_cb,
char *passwd, /* passphrase */
size_t passwd_len, /* passphrase len */
unsigned char *salt, /* salt */
size_t salt_len, /* salt_len */
int itr, /* iterations */
size_t key_len, /* key_len */
unsigned char *out) /* derived key */
{
(void)cryspr_cb;
(void)passwd;
(void)passwd_len;
(void)salt;
(void)salt_len;
(void)itr;
(void)key_len;
(void)out;
(void)cryspr_cb;
(void)passwd;
(void)passwd_len;
(void)salt;
(void)salt_len;
(void)itr;
(void)key_len;
(void)out;
/* >>Todo:
* develop PBKDF2 using SHA1 primitive cryspr_cb->cryspr->sha1_msg_digest() for cryptolibs not providing it
*/
return(-1);
/* >>Todo:
* develop PBKDF2 using SHA1 primitive cryspr_cb->cryspr->sha1_msg_digest() for cryptolibs not providing it
*/
return(-1);
}
static int crysprFallback_KmSetKey(CRYSPR_cb *cryspr_cb, bool bWrap, const unsigned char *kek, size_t kek_len)
{
CRYSPR_AESCTX *aes_kek = CRYSPR_GETKEK(cryspr_cb);
CRYSPR_AESCTX *aes_kek = CRYSPR_GETKEK(cryspr_cb);
if (cryspr_cb->cryspr->aes_set_key(HCRYPT_CTX_MODE_AESECB, bWrap, kek, kek_len, aes_kek)) {
HCRYPT_LOG(LOG_ERR, "aes_set_%s_key(kek) failed\n", bWrap? "encrypt": "decrypt");
return(-1);
}
if (cryspr_cb->cryspr->aes_set_key(HCRYPT_CTX_MODE_AESECB, bWrap, kek, kek_len, aes_kek)) {
HCRYPT_LOG(LOG_ERR, "aes_set_%s_key(kek) failed\n", bWrap? "encrypt": "decrypt");
return(-1);
}
return(0);
}
@ -144,7 +168,7 @@ static const unsigned char default_iv[] = {
int crysprFallback_AES_WrapKey(CRYSPR_cb *cryspr_cb,
unsigned char *out,
const unsigned char *in,
unsigned int inlen)
unsigned int inlen)
{
unsigned char *A, B[16], *R;
const unsigned char *iv = default_iv;
@ -180,13 +204,13 @@ int crysprFallback_AES_WrapKey(CRYSPR_cb *cryspr_cb,
}
}
memcpy(out, A, 8);
return 0;
return 0;
}
int crysprFallback_AES_UnwrapKey(CRYSPR_cb *cryspr_cb,
unsigned char *out,
const unsigned char *in,
unsigned int inlen)
unsigned int inlen)
{
unsigned char *A, B[16], *R;
const unsigned char *iv = default_iv;
@ -225,9 +249,9 @@ int crysprFallback_AES_UnwrapKey(CRYSPR_cb *cryspr_cb,
if (memcmp(A, iv, 8))
{
memset(out, 0, inlen);
return -1;
return -1;
}
return 0;
return 0;
}
static unsigned char *_crysprFallback_GetOutbuf(CRYSPR_cb *cryspr_cb, size_t pfx_len, size_t out_len)
@ -249,12 +273,12 @@ CRYSPR_cb *crysprHelper_Open(CRYSPR_methods *cryspr, size_t cb_len, size_t max_l
unsigned char *membuf;
size_t memsiz, padded_len = hcryptMsg_PaddedLen(max_len, 128/8);
if(cb_len < sizeof(*cryspr_cb)) {
HCRYPT_LOG(LOG_ERR, "crysprHelper_Open() cb_len too small (%zd < %zd)n",
cb_len, sizeof(*cryspr_cb));
return(NULL);
}
memsiz = cb_len + (CRYSPR_OUTMSGMAX * padded_len);
if(cb_len < sizeof(*cryspr_cb)) {
HCRYPT_LOG(LOG_ERR, "crysprHelper_Open() cb_len too small (%zd < %zd)n",
cb_len, sizeof(*cryspr_cb));
return(NULL);
}
memsiz = cb_len + (CRYSPR_OUTMSGMAX * padded_len);
#if !CRYSPR_HAS_AESCTR
memsiz += HCRYPT_CTR_STREAM_SZ;
#endif /* !CRYSPR_HAS_AESCTR */
@ -267,8 +291,8 @@ CRYSPR_cb *crysprHelper_Open(CRYSPR_methods *cryspr, size_t cb_len, size_t max_l
membuf = (unsigned char *)cryspr_cb;
membuf += sizeof(*cryspr_cb);
/*reserve cryspr's private data that caller will initialize */
membuf += (cb_len-sizeof(CRYSPR_cb));
/*reserve cryspr's private data that caller will initialize */
membuf += (cb_len-sizeof(CRYSPR_cb));
#if !CRYSPR_HAS_AESCTR
cryspr_cb->ctr_stream = membuf;
@ -289,28 +313,33 @@ CRYSPR_cb *crysprHelper_Open(CRYSPR_methods *cryspr, size_t cb_len, size_t max_l
int crysprHelper_Close(CRYSPR_cb *cryspr_cb)
{
free(cryspr_cb);
return(0);
free(cryspr_cb);
return(0);
}
static CRYSPR_cb *crysprFallback_Open(CRYSPR_methods *cryspr, size_t max_len)
{
CRYSPR_cb *cryspr_cb;
CRYSPR_cb *cryspr_cb;
cryspr_cb = crysprHelper_Open(cryspr, sizeof(CRYSPR_cb), max_len);
return(cryspr_cb);
cryspr_cb = crysprHelper_Open(cryspr, sizeof(CRYSPR_cb), max_len);
return(cryspr_cb);
}
static int crysprFallback_Close(CRYSPR_cb *cryspr_cb)
{
return(crysprHelper_Close(cryspr_cb));
return(crysprHelper_Close(cryspr_cb));
}
static int crysprFallback_MsSetKey(CRYSPR_cb *cryspr_cb, hcrypt_Ctx *ctx, const unsigned char *key, size_t key_len)
{
CRYSPR_AESCTX *aes_sek = CRYSPR_GETSEK(cryspr_cb, hcryptCtx_GetKeyIndex(ctx)); /* Ctx tells if it's for odd or even key */
if ((ctx->flags & HCRYPT_CTX_F_ENCRYPT) /* Encrypt key */
if (ctx->mode == HCRYPT_CTX_MODE_AESGCM) { /* AES GCM mode */
if (cryspr_cb->cryspr->aes_set_key(HCRYPT_CTX_MODE_AESGCM, (ctx->flags & HCRYPT_CTX_F_ENCRYPT) != 0, key, key_len, aes_sek)) {
HCRYPT_LOG(LOG_ERR, "%s", "CRYSPR->set_encrypt_key(sek) failed\n");
return(-1);
}
} else if ((ctx->flags & HCRYPT_CTX_F_ENCRYPT) /* Encrypt key */
|| (ctx->mode == HCRYPT_CTX_MODE_AESCTR)) { /* CTR mode decrypts using encryption methods */
if (cryspr_cb->cryspr->aes_set_key(HCRYPT_CTX_MODE_AESCTR, true, key, key_len, aes_sek)) {
HCRYPT_LOG(LOG_ERR, "%s", "CRYSPR->set_encrypt_key(sek) failed\n");
@ -395,10 +424,17 @@ static int crysprFallback_MsEncrypt(
* to reserve room for unencrypted message header in output buffer
*/
pfx_len = ctx->msg_info->pfx_len;
/* Extra 16 bytes are needed for an authentication tag in GCM. */
const int aux_len = (ctx->mode == HCRYPT_CTX_MODE_AESGCM) ? HAICRYPT_AUTHTAG_MAX : 0;
/* Get buffer room from the internal circular output buffer */
out_msg = _crysprFallback_GetOutbuf(cryspr_cb, pfx_len, in_data[0].len);
/* Auth tag produced by AES GCM. */
unsigned char tag[HAICRYPT_AUTHTAG_MAX];
/*
* Get buffer room from the internal circular output buffer.
* Reserve additional 16 bytes for auth tag in AES GCM mode when needed.
*/
out_msg = _crysprFallback_GetOutbuf(cryspr_cb, pfx_len, in_data[0].len + aux_len);
if (NULL == out_msg) {
/* input data too big */
return(-1);
@ -406,6 +442,7 @@ static int crysprFallback_MsEncrypt(
switch(ctx->mode) {
case HCRYPT_CTX_MODE_AESCTR: /* Counter mode */
case HCRYPT_CTX_MODE_AESGCM:
{
/* Get current key (odd|even) from context */
CRYSPR_AESCTX *aes_key = CRYSPR_GETSEK(cryspr_cb, hcryptCtx_GetKeyIndex(ctx)); /* Ctx tells if it's for odd or even key */
@ -416,48 +453,64 @@ static int crysprFallback_MsEncrypt(
hcrypt_Pki pki = hcryptMsg_GetPki(ctx->msg_info, in_data[0].pfx, 1);
/*
* Compute the Initial Vector
* IV (128-bit):
* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* | 0s | pki | ctr |
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* XOR
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* | nonce +
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+
*
* pki (32-bit): packet index
* ctr (16-bit): block counter
* nonce (112-bit): number used once (salt)
*/
* Compute the Initial Vector
* IV (128-bit):
* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* | 0s | pki | ctr |
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* XOR
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* | nonce +
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+
*
* pki (32-bit): packet index
* ctr (16-bit): block counter
* nonce (112-bit): number used once (salt)
*/
hcrypt_SetCtrIV((unsigned char *)&pki, ctx->salt, iv);
if (ctx->mode == HCRYPT_CTX_MODE_AESGCM)
{
const int iret = cryspr_cb->cryspr->aes_gcm_cipher(true, aes_key, iv, in_data[0].pfx, pfx_len, in_data[0].payload, in_data[0].len,
&out_msg[pfx_len], tag);
if (iret) {
return(iret);
}
}
else {
#if CRYSPR_HAS_AESCTR
cryspr_cb->cryspr->aes_ctr_cipher(true, aes_key, iv, in_data[0].payload, in_data[0].len,
&out_msg[pfx_len]);
cryspr_cb->cryspr->aes_ctr_cipher(true, aes_key, iv, in_data[0].payload, in_data[0].len,
&out_msg[pfx_len]);
#else /*CRYSPR_HAS_AESCTR*/
/* Create CtrStream. May be longer than in_len (next cryspr block size boundary) */
int iret = _crysprFallback_AES_SetCtrStream(cryspr_cb, ctx, in_data[0].len, iv);
if (iret) {
return(iret);
}
/* Reserve output buffer for cryspr */
out_msg = _crysprFallback_GetOutbuf(cryspr_cb, pfx_len, cryspr_cb->ctr_stream_len);
/* Create KeyStream (encrypt CtrStream) */
iret = cryspr_cb->cryspr->aes_ecb_cipher(true, aes_key,
cryspr_cb->ctr_stream, cryspr_cb->ctr_stream_len,
&out_msg[pfx_len], &out_len);
if (iret) {
HCRYPT_LOG(LOG_ERR, "%s", "hcOpenSSL_AES_ecb_cipher(encrypt, failed\n");
return(iret);
}
/* Create CtrStream. May be longer than in_len (next cryspr block size boundary) */
int iret = _crysprFallback_AES_SetCtrStream(cryspr_cb, ctx, in_data[0].len, iv);
if (iret) {
return(iret);
}
/* Reserve output buffer for cryspr */
out_msg = _crysprFallback_GetOutbuf(cryspr_cb, pfx_len, cryspr_cb->ctr_stream_len);
/* Create KeyStream (encrypt CtrStream) */
iret = cryspr_cb->cryspr->aes_ecb_cipher(true, aes_key,
cryspr_cb->ctr_stream, cryspr_cb->ctr_stream_len,
&out_msg[pfx_len], &out_len);
if (iret) {
HCRYPT_LOG(LOG_ERR, "%s", "hcOpenSSL_AES_ecb_cipher(encrypt, failed\n");
return(iret);
}
#endif/*CRYSPR_HAS_AESCTR*/
}
/* Prepend packet prefix (clear text) in output buffer */
memcpy(out_msg, in_data[0].pfx, pfx_len);
/* CTR mode output length is same as input, no padding */
out_len = in_data[0].len;
if (ctx->mode == HCRYPT_CTX_MODE_AESGCM)
{
memcpy(out_msg + pfx_len + out_len, tag, sizeof(tag));
out_len += sizeof(tag);
}
break;
}
case HCRYPT_CTX_MODE_CLRTXT: /* Clear text mode (transparent mode for tests) */
@ -497,8 +550,12 @@ static int crysprFallback_MsEncrypt(
memcpy(in_data[0].payload, &out_msg[pfx_len], out_len);
}
#else /* CRYSPR_HAS_AESCTR */
/* Copy output data back in input buffer */
memcpy(in_data[0].payload, &out_msg[pfx_len], out_len);
/* Copy output data back in input buffer */
memcpy(in_data[0].payload, &out_msg[pfx_len], out_len);
if (ctx->mode == HCRYPT_CTX_MODE_AESGCM) {
// Encoding produced more payload (auth tag).
return (int)out_len;
}
#endif /* CRYSPR_HAS_AESCTR */
} else {
/* Copy header in output buffer if needed */
@ -533,8 +590,8 @@ static int crysprFallback_MsDecrypt(CRYSPR_cb *cryspr_cb, hcrypt_Ctx *ctx,
if (NULL != out_txt) {
switch(ctx->mode) {
case HCRYPT_CTX_MODE_AESCTR:
case HCRYPT_CTX_MODE_AESGCM:
{
#if CRYSPR_HAS_AESCTR
/* Get current key (odd|even) from context */
CRYSPR_AESCTX *aes_key = CRYSPR_GETSEK(cryspr_cb, hcryptCtx_GetKeyIndex(ctx));
unsigned char iv[CRYSPR_AESBLKSZ];
@ -560,54 +617,63 @@ static int crysprFallback_MsDecrypt(CRYSPR_cb *cryspr_cb, hcrypt_Ctx *ctx,
*/
hcrypt_SetCtrIV((unsigned char *)&pki, ctx->salt, iv);
cryspr_cb->cryspr->aes_ctr_cipher(false, aes_key, iv, in_data[0].payload, in_data[0].len,
out_txt);
out_len = in_data[0].len;
#else /*CRYSPR_HAS_AESCTR*/
/* Get current key (odd|even) from context */
CRYSPR_AESCTX *aes_key = CRYSPR_GETSEK(cryspr_cb, hcryptCtx_GetKeyIndex(ctx));
unsigned char iv[CRYSPR_AESBLKSZ];
int iret = 0;
/* Get input packet index (in network order) */
hcrypt_Pki pki = hcryptMsg_GetPki(ctx->msg_info, in_data[0].pfx, 1);
/*
* Compute the Initial Vector
* IV (128-bit):
* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* | 0s | pki | ctr |
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* XOR
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* | nonce +
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+
*
* pki (32-bit): packet index
* ctr (16-bit): block counter
* nonce (112-bit): number used once (salt)
*/
hcrypt_SetCtrIV((unsigned char *)&pki, ctx->salt, iv);
/* Create CtrStream. May be longer than in_len (next cipher block size boundary) */
iret = _crysprFallback_AES_SetCtrStream(cryspr_cb, ctx, in_data[0].len, iv);
if (iret) {
return(iret);
if (ctx->mode == HCRYPT_CTX_MODE_AESGCM)
{
unsigned char* tag = in_data[0].payload + in_data[0].len - HAICRYPT_AUTHTAG_MAX;
int liret = cryspr_cb->cryspr->aes_gcm_cipher(false, aes_key, iv, in_data[0].pfx, ctx->msg_info->pfx_len, in_data[0].payload, in_data[0].len - HAICRYPT_AUTHTAG_MAX,
out_txt, tag);
if (liret) {
return(liret);
}
out_len = in_data[0].len - HAICRYPT_AUTHTAG_MAX;
}
/* Reserve output buffer for cryspr */
out_txt = _crysprFallback_GetOutbuf(cryspr_cb, 0, cryspr_cb->ctr_stream_len);
else {
#if CRYSPR_HAS_AESCTR
cryspr_cb->cryspr->aes_ctr_cipher(false, aes_key, iv, in_data[0].payload, in_data[0].len,
out_txt);
out_len = in_data[0].len;
#else /*CRYSPR_HAS_AESCTR*/
/* Create KeyStream (encrypt CtrStream) */
iret = cryspr_cb->cryspr->aes_ecb_cipher(true, aes_key,
/* Get input packet index (in network order) */
hcrypt_Pki pki = hcryptMsg_GetPki(ctx->msg_info, in_data[0].pfx, 1);
/*
* Compute the Initial Vector
* IV (128-bit):
* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* | 0s | pki | ctr |
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* XOR
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* | nonce +
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+
*
* pki (32-bit): packet index
* ctr (16-bit): block counter
* nonce (112-bit): number used once (salt)
*/
hcrypt_SetCtrIV((unsigned char*)&pki, ctx->salt, iv);
/* Create CtrStream. May be longer than in_len (next cipher block size boundary) */
int liret = _crysprFallback_AES_SetCtrStream(cryspr_cb, ctx, in_data[0].len, iv);
if (liret) {
return(liret);
}
/* Reserve output buffer for cryspr */
out_txt = _crysprFallback_GetOutbuf(cryspr_cb, 0, cryspr_cb->ctr_stream_len);
/* Create KeyStream (encrypt CtrStream) */
liret = cryspr_cb->cryspr->aes_ecb_cipher(true, aes_key,
cryspr_cb->ctr_stream, cryspr_cb->ctr_stream_len,
out_txt, &out_len);
if (iret) {
HCRYPT_LOG(LOG_ERR, "%s", "crysprNatural_AES_ecb_cipher(encrypt failed\n");
return(iret);
}
if (liret) {
HCRYPT_LOG(LOG_ERR, "%s", "crysprNatural_AES_ecb_cipher(encrypt failed\n");
return(liret);
}
#endif /*CRYSPR_HAS_AESCTR*/
}
break;
}
case HCRYPT_CTX_MODE_CLRTXT:
@ -638,6 +704,7 @@ static int crysprFallback_MsDecrypt(CRYSPR_cb *cryspr_cb, hcrypt_Ctx *ctx,
#else /* CRYSPR_HAS_AESCTR */
/* Copy output data back in input buffer */
memcpy(in_data[0].payload, out_txt, out_len);
in_data->len = out_len;
#endif /* CRYSPR_HAS_AESCTR */
} else {
/* Copy header in output buffer if needed */
@ -683,9 +750,9 @@ CRYSPR_methods *crysprInit(CRYSPR_methods *cryspr)
cryspr->aes_set_key = crysprStub_AES_SetKey;
cryspr->aes_ecb_cipher = crysprStub_AES_EcbCipher;
cryspr->aes_ctr_cipher = crysprStub_AES_CtrCipher;
cryspr->aes_gcm_cipher = crysprStub_AES_GCMCipher;
cryspr->sha1_msg_digest = crysprStub_SHA1_MsgDigest;
/* Crypto Session API */
cryspr->open = crysprFallback_Open;
cryspr->close = crysprFallback_Close;
@ -704,5 +771,5 @@ CRYSPR_methods *crysprInit(CRYSPR_methods *cryspr)
HaiCrypt_Cryspr HaiCryptCryspr_Get_Instance(void)
{
return((HaiCrypt_Cryspr)cryspr4SRT());
return((HaiCrypt_Cryspr)cryspr4SRT());
}

33
trunk/3rdparty/srt-1-fit/haicrypt/cryspr.h vendored
View file

@ -40,32 +40,32 @@ extern "C" {
typedef struct tag_CRYSPR_cb {
#ifdef CRYSPR2
CRYSPR_AESCTX *aes_kek; /* Key Encrypting Key (KEK) */
CRYSPR_AESCTX *aes_sek[2]; /* even/odd Stream Encrypting Key (SEK) */
CRYSPR_AESCTX *aes_kek; /* Key Encrypting Key (KEK) */
CRYSPR_AESCTX *aes_sek[2]; /* even/odd Stream Encrypting Key (SEK) */
#define CRYSPR_GETKEK(cb) ((cb)->aes_kek)
#define CRYSPR_GETSEK(cb,kk) ((cb)->aes_sek[kk])
#else /*CRYSPR2*/
CRYSPR_AESCTX aes_kek; /* Key Encrypting Key (KEK) */
CRYSPR_AESCTX aes_sek[2]; /* even/odd Stream Encrypting Key (SEK) */
CRYSPR_AESCTX aes_kek; /* Key Encrypting Key (KEK) */
CRYSPR_AESCTX aes_sek[2]; /* even/odd Stream Encrypting Key (SEK) */
#define CRYSPR_GETKEK(cb) (&((cb)->aes_kek))
#define CRYSPR_GETSEK(cb,kk) (&((cb)->aes_sek[kk]))
#endif /*CRYSPR2*/
struct tag_CRYSPR_methods *cryspr;
struct tag_CRYSPR_methods *cryspr;
#if !CRYSPR_HAS_AESCTR
/* Reserve room to build the counter stream ourself */
#define HCRYPT_CTR_BLK_SZ CRYSPR_AESBLKSZ
#define HCRYPT_CTR_STREAM_SZ 2048
unsigned char * ctr_stream;
size_t ctr_stream_len; /* Content size */
size_t ctr_stream_siz; /* Allocated length */
unsigned char * ctr_stream;
size_t ctr_stream_len; /* Content size */
size_t ctr_stream_siz; /* Allocated length */
#endif /* !CRYSPR_HAS_AESCTR */
#define CRYSPR_OUTMSGMAX 6
uint8_t * outbuf; /* output circle buffer */
size_t outbuf_ofs; /* write offset in circle buffer */
size_t outbuf_siz; /* circle buffer size */
uint8_t * outbuf; /* output circle buffer */
size_t outbuf_ofs; /* write offset in circle buffer */
size_t outbuf_siz; /* circle buffer size */
} CRYSPR_cb;
typedef struct tag_CRYSPR_methods {
@ -100,6 +100,17 @@ typedef struct tag_CRYSPR_methods {
size_t inlen, /* src length */
unsigned char *out_txt);/* dest */
int (*aes_gcm_cipher)(
bool bEncrypt, /* true:encrypt false:decrypt (don't care with CTR) */
CRYSPR_AESCTX* aes_key, /* ctx */
unsigned char* iv, /* iv */
const unsigned char* aad, /* associated data */
size_t aadlen,
const unsigned char* indata, /* src (clear text) */
size_t inlen, /* src length */
unsigned char* out_txt, /* dest */
unsigned char* out_tag);
unsigned char *(*sha1_msg_digest)(
const unsigned char *m, /* in: message */
size_t m_len, /* message length */

8
trunk/3rdparty/srt-1-fit/haicrypt/haicrypt.h vendored
View file

@ -36,7 +36,7 @@ HaiCrypt_Cryspr HaiCryptCryspr_Get_Instance (void); /* Return a default crys
#define HAICRYPT_PWD_MAX_SZ 80 /* MAX password (for Password-based Key Derivation) */
#define HAICRYPT_KEY_MAX_SZ 32 /* MAX key */
#define HAICRYPT_SECRET_MAX_SZ (HAICRYPT_PWD_MAX_SZ > HAICRYPT_KEY_MAX_SZ ? HAICRYPT_PWD_MAX_SZ : HAICRYPT_KEY_MAX_SZ)
#define HAICRYPT_AUTHTAG_MAX 16 /* maximum length of the auth tag (e.g. GCM) */
#define HAICRYPT_SALT_SZ 16
@ -60,6 +60,7 @@ typedef struct {
#define HAICRYPT_CFG_F_TX 0x01 /* !TX -> RX */
#define HAICRYPT_CFG_F_CRYPTO 0x02 /* Perform crypto Tx:Encrypt Rx:Decrypt */
#define HAICRYPT_CFG_F_FEC 0x04 /* Do Forward Error Correction */
#define HAICRYPT_CFG_F_GCM 0x08 /* Use AES-GCM */
unsigned flags;
HaiCrypt_Secret secret; /* Security Association */
@ -108,10 +109,15 @@ int HaiCrypt_Tx_ManageKeys(HaiCrypt_Handle hhc, void *out_p[], size_t out_len_p
int HaiCrypt_Tx_Data(HaiCrypt_Handle hhc, unsigned char *pfx, unsigned char *data, size_t data_len);
int HaiCrypt_Rx_Data(HaiCrypt_Handle hhc, unsigned char *pfx, unsigned char *data, size_t data_len);
/// @brief Check if the crypto service provider supports AES GCM.
/// @return returns 1 if AES GCM is supported, 0 otherwise.
int HaiCrypt_IsAESGCM_Supported(void);
/* Status values */
#define HAICRYPT_ERROR -1
#define HAICRYPT_ERROR_WRONG_SECRET -2
#define HAICRYPT_ERROR_CIPHER -3
#define HAICRYPT_OK 0

4
trunk/3rdparty/srt-1-fit/haicrypt/haicrypt_log.cpp vendored
View file

@ -44,10 +44,10 @@ int HaiCrypt_SetLogLevel(int level, int logfa)
#define HAICRYPT_DEFINE_LOG_DISPATCHER(LOGLEVEL, dispatcher) \
int HaiCrypt_LogF_##LOGLEVEL ( const char* file, int line, const char* function, const char* format, ...) \
{ \
va_list ap; \
va_start(ap, format); \
srt_logging::LogDispatcher& lg = hclog.dispatcher; \
if (!lg.CheckEnabled()) return -1; \
va_list ap; \
va_start(ap, format); \
lg().setloc(file, line, function).vform(format, ap); \
va_end(ap); \
return 0; \

2
trunk/3rdparty/srt-1-fit/haicrypt/haicrypt_log.h vendored
View file

@ -21,7 +21,7 @@ HAICRYPT_DECLARE_LOG_DISPATCHER(LOG_EMERG);
#define HCRYPT_LOG_INIT()
#define HCRYPT_LOG_EXIT()
#define HCRYPT_LOG(lvl, fmt, ...) HaiCrypt_LogF_##lvl (__FILE__, __LINE__, __FUNCTION__, fmt, __VA_ARGS__)
#define HCRYPT_LOG(lvl, ...) HaiCrypt_LogF_##lvl (__FILE__, __LINE__, __FUNCTION__, __VA_ARGS__)
#if ENABLE_HAICRYPT_LOGGING == 2
#define HCRYPT_DEV 1

20
trunk/3rdparty/srt-1-fit/haicrypt/hcrypt.c vendored
View file

@ -156,7 +156,7 @@ int HaiCrypt_Create(const HaiCrypt_Cfg *cfg, HaiCrypt_Handle *phhc)
|| hcryptCtx_Tx_Init(crypto, &crypto->ctx_pair[1], cfg)) {
free(crypto);
return(-1);
}
}
/* Generate keys for first (default) context */
if (hcryptCtx_Tx_Rekey(crypto, &crypto->ctx_pair[0])) {
free(crypto);
@ -196,6 +196,9 @@ int HaiCrypt_ExtractConfig(HaiCrypt_Handle hhcSrc, HaiCrypt_Cfg* pcfg)
pcfg->flags = HAICRYPT_CFG_F_CRYPTO;
if ((ctx->flags & HCRYPT_CTX_F_ENCRYPT) == HCRYPT_CTX_F_ENCRYPT)
pcfg->flags |= HAICRYPT_CFG_F_TX;
if (ctx->mode == HCRYPT_CTX_MODE_AESGCM)
pcfg->flags |= HAICRYPT_CFG_F_GCM;
/* Set this explicitly - this use of this library is SRT only. */
pcfg->xport = HAICRYPT_XPT_SRT;
@ -237,7 +240,8 @@ int HaiCrypt_Clone(HaiCrypt_Handle hhcSrc, HaiCrypt_CryptoDir tx, HaiCrypt_Handl
if (tx) {
HaiCrypt_Cfg crypto_config;
HaiCrypt_ExtractConfig(hhcSrc, &crypto_config);
if (-1 == HaiCrypt_ExtractConfig(hhcSrc, &crypto_config))
return -1;
/*
* Just invert the direction written in flags and use the
@ -303,8 +307,7 @@ int HaiCrypt_Clone(HaiCrypt_Handle hhcSrc, HaiCrypt_CryptoDir tx, HaiCrypt_Handl
return(-1);
}
/* Configure contexts */
/* Configure contexts. Note that GCM mode has been already copied from the source context. */
if (hcryptCtx_Rx_Init(cryptoClone, &cryptoClone->ctx_pair[0], NULL)
|| hcryptCtx_Rx_Init(cryptoClone, &cryptoClone->ctx_pair[1], NULL)) {
free(cryptoClone);
@ -336,3 +339,12 @@ int HaiCrypt_Close(HaiCrypt_Handle hhc)
HCRYPT_LOG_EXIT();
return rc;
}
int HaiCrypt_IsAESGCM_Supported(void)
{
#if CRYSPR_HAS_AESGCM
return 1;
#else
return 0;
#endif
}

15
trunk/3rdparty/srt-1-fit/haicrypt/hcrypt.h vendored
View file

@ -32,10 +32,6 @@ written by
#ifdef _WIN32
#include <winsock2.h>
#include <ws2tcpip.h>
#if defined(_MSC_VER)
#pragma warning(disable:4267)
#pragma warning(disable:4018)
#endif
#else
#include <sys/time.h>
#endif
@ -163,7 +159,18 @@ int hcryptCtx_Tx_AsmKM(hcrypt_Session *crypto, hcrypt_Ctx *ctx, unsigned char *a
int hcryptCtx_Tx_ManageKM(hcrypt_Session *crypto);
int hcryptCtx_Tx_InjectKM(hcrypt_Session *crypto, void *out_p[], size_t out_len_p[], int maxout);
/// @brief Initialize receiving crypto context.
/// @param crypto library instance handle.
/// @param ctx additional crypto context.
/// @param cfg crypto configuration.
/// @return -1 on error, 0 otherwise.
int hcryptCtx_Rx_Init(hcrypt_Session *crypto, hcrypt_Ctx *ctx, const HaiCrypt_Cfg *cfg);
/// @brief Parse an incoming message related to cryptography module.
/// @param crypto library instance handle.
/// @param msg a message to parse.
/// @param msg_len length of the message in bytes.
/// @return 0 on success; -3 on cipher mode mismatch; -2 on unmatched shared secret; -1 on other failures.
int hcryptCtx_Rx_ParseKM(hcrypt_Session *crypto, unsigned char *msg, size_t msg_len);
#endif /* HCRYPT_H */

3
trunk/3rdparty/srt-1-fit/haicrypt/hcrypt_ctx.h vendored
View file

@ -45,7 +45,7 @@ typedef struct {
typedef struct tag_hcrypt_Ctx {
struct tag_hcrypt_Ctx * alt; /* Alternative ctx (even/odd) */
#define HCRYPT_CTX_F_MSG 0x00FF /* Aligned wiht message header flags */
#define HCRYPT_CTX_F_MSG 0x00FF /* Aligned with message header flags */
#define HCRYPT_CTX_F_eSEK HCRYPT_MSG_F_eSEK
#define HCRYPT_CTX_F_oSEK HCRYPT_MSG_F_oSEK
#define HCRYPT_CTX_F_xSEK HCRYPT_MSG_F_xSEK
@ -68,6 +68,7 @@ typedef struct tag_hcrypt_Ctx {
#define HCRYPT_CTX_MODE_AESECB 1 /* Electronic Code Book mode */
#define HCRYPT_CTX_MODE_AESCTR 2 /* Counter mode */
#define HCRYPT_CTX_MODE_AESCBC 3 /* Cipher-block chaining mode */
#define HCRYPT_CTX_MODE_AESGCM 4 /* AES GCM authenticated encryption */
unsigned mode;
struct {

60
trunk/3rdparty/srt-1-fit/haicrypt/hcrypt_ctx_rx.c vendored
View file

@ -14,9 +14,9 @@ written by
Haivision Systems Inc.
2011-06-23 (jdube)
HaiCrypt initial implementation.
HaiCrypt initial implementation.
2014-03-11 (jdube)
Adaptation for SRT.
Adaptation for SRT.
*****************************************************************************/
#include <string.h> /* memcpy */
@ -24,16 +24,18 @@ written by
int hcryptCtx_Rx_Init(hcrypt_Session *crypto, hcrypt_Ctx *ctx, const HaiCrypt_Cfg *cfg)
{
ctx->mode = HCRYPT_CTX_MODE_AESCTR;
ctx->status = HCRYPT_CTX_S_INIT;
if (cfg) {
ctx->mode = (cfg->flags & HAICRYPT_CFG_F_GCM) ? HCRYPT_CTX_MODE_AESGCM : HCRYPT_CTX_MODE_AESCTR;
}
ctx->status = HCRYPT_CTX_S_INIT;
ctx->msg_info = crypto->msg_info;
ctx->msg_info = crypto->msg_info;
if (cfg && hcryptCtx_SetSecret(crypto, ctx, &cfg->secret)) {
return(-1);
}
ctx->status = HCRYPT_CTX_S_SARDY;
return(0);
if (cfg && hcryptCtx_SetSecret(crypto, ctx, &cfg->secret)) {
return(-1);
}
ctx->status = HCRYPT_CTX_S_SARDY;
return(0);
}
int hcryptCtx_Rx_Rekey(hcrypt_Session *crypto, hcrypt_Ctx *ctx, unsigned char *sek, size_t sek_len)
@ -98,9 +100,31 @@ int hcryptCtx_Rx_ParseKM(hcrypt_Session *crypto, unsigned char *km_msg, size_t m
}
/* Check options support */
if ((HCRYPT_CIPHER_AES_CTR != km_msg[HCRYPT_MSG_KM_OFS_CIPHER])
|| (HCRYPT_AUTH_NONE != km_msg[HCRYPT_MSG_KM_OFS_AUTH])) {
HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg unsupported option\n");
if (HCRYPT_CIPHER_AES_CTR != km_msg[HCRYPT_MSG_KM_OFS_CIPHER]
&& HCRYPT_CIPHER_AES_GCM != km_msg[HCRYPT_MSG_KM_OFS_CIPHER])
{
HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg unsupported cipher\n");
return(-1);
}
#if !CRYSPR_HAS_AESGCM
/* Only OpenSSL EVP crypto provider allows the use of GCM.Add this condition. Reject if GCM is not supported by the CRYSPR. */
if (HCRYPT_CIPHER_AES_GCM == km_msg[HCRYPT_MSG_KM_OFS_CIPHER])
{
HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg unsupported GCM cipher\n");
return(-1);
}
#endif
if (HCRYPT_CIPHER_AES_GCM == km_msg[HCRYPT_MSG_KM_OFS_CIPHER]
&& HCRYPT_AUTH_AES_GCM != km_msg[HCRYPT_MSG_KM_OFS_AUTH]) {
HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg GCM auth method was expected.\n");
return(-1);
}
if (HCRYPT_CIPHER_AES_CTR == km_msg[HCRYPT_MSG_KM_OFS_CIPHER]
&& HCRYPT_AUTH_NONE != km_msg[HCRYPT_MSG_KM_OFS_AUTH]) {
HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg unsupported auth method\n");
return(-1);
}
@ -144,6 +168,13 @@ int hcryptCtx_Rx_ParseKM(hcrypt_Session *crypto, unsigned char *km_msg, size_t m
do_pbkdf = 1; /* Impact on password derived kek */
}
/* Check cipher mode */
if (ctx->mode != km_msg[HCRYPT_MSG_KM_OFS_CIPHER])
{
HCRYPT_LOG(LOG_WARNING, "%s", "cipher mode mismatch\n");
return(-3);
}
/*
* Regenerate KEK if it is password derived
* and Salt or SEK length changed
@ -159,7 +190,7 @@ int hcryptCtx_Rx_ParseKM(hcrypt_Session *crypto, unsigned char *km_msg, size_t m
/* Unwrap SEK(s) and set in context */
if (0 > crypto->cryspr->km_unwrap(crypto->cryspr_cb, seks,
&km_msg[HCRYPT_MSG_KM_OFS_SALT + salt_len],
(sek_cnt * sek_len) + HAICRYPT_WRAPKEY_SIGN_SZ)) {
(unsigned int)((sek_cnt * sek_len) + HAICRYPT_WRAPKEY_SIGN_SZ))) {
HCRYPT_LOG(LOG_WARNING, "%s", "unwrap key failed\n");
return(-2); //Report unmatched shared secret
}
@ -184,7 +215,6 @@ int hcryptCtx_Rx_ParseKM(hcrypt_Session *crypto, unsigned char *km_msg, size_t m
alt->salt_len = salt_len;
if (kek_len) { /* New or changed KEK */
// memcpy(&alt->aes_kek, &ctx->aes_kek, sizeof(alt->aes_kek));
alt->status = HCRYPT_CTX_S_SARDY;
}

30
trunk/3rdparty/srt-1-fit/haicrypt/hcrypt_ctx_tx.c vendored
View file

@ -14,18 +14,18 @@ written by
Haivision Systems Inc.
2011-06-23 (jdube)
HaiCrypt initial implementation.
HaiCrypt initial implementation.
2014-03-11 (jdube)
Adaptation for SRT.
Adaptation for SRT.
*****************************************************************************/
#include <string.h> /* memcpy */
#ifdef _WIN32
#include <winsock2.h>
#include <ws2tcpip.h>
#include <win/wintime.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <win/wintime.h>
#else
#include <sys/time.h>
#include <sys/time.h>
#endif
#include "hcrypt.h"
@ -33,7 +33,7 @@ int hcryptCtx_Tx_Init(hcrypt_Session *crypto, hcrypt_Ctx *ctx, const HaiCrypt_Cf
{
ctx->cfg.key_len = cfg->key_len;
ctx->mode = HCRYPT_CTX_MODE_AESCTR;
ctx->mode = (cfg->flags & HAICRYPT_CFG_F_GCM) ? HCRYPT_CTX_MODE_AESGCM : HCRYPT_CTX_MODE_AESCTR;
ctx->status = HCRYPT_CTX_S_INIT;
ctx->msg_info = crypto->msg_info;
@ -52,14 +52,14 @@ int hcryptCtx_Tx_Rekey(hcrypt_Session *crypto, hcrypt_Ctx *ctx)
/* Generate Salt */
ctx->salt_len = HAICRYPT_SALT_SZ;
if (0 > (iret = crypto->cryspr->prng(ctx->salt, ctx->salt_len))) {
if (0 > (iret = crypto->cryspr->prng(ctx->salt, (int)ctx->salt_len))) {
HCRYPT_LOG(LOG_ERR, "PRNG(salt[%zd]) failed\n", ctx->salt_len);
return(iret);
}
/* Generate SEK */
ctx->sek_len = ctx->cfg.key_len;
if (0 > (iret = crypto->cryspr->prng(ctx->sek, ctx->sek_len))) {
if (0 > (iret = crypto->cryspr->prng(ctx->sek, (int)ctx->sek_len))) {
HCRYPT_LOG(LOG_ERR, "PRNG(sek[%zd] failed\n", ctx->sek_len);
return(iret);
}
@ -195,7 +195,7 @@ int hcryptCtx_Tx_Refresh(hcrypt_Session *crypto)
HCRYPT_LOG(LOG_DEBUG, "refresh/generate SEK. salt_len=%d sek_len=%d\n", (int)new_ctx->salt_len, (int)new_ctx->sek_len);
if (0 > crypto->cryspr->prng(new_ctx->sek, new_ctx->sek_len)) {
if (0 > crypto->cryspr->prng(new_ctx->sek, (int)new_ctx->sek_len)) {
HCRYPT_LOG(LOG_ERR, "PRNG(sek[%zd] failed\n", new_ctx->sek_len);
return(-1);
}
@ -299,9 +299,9 @@ int hcryptCtx_Tx_AsmKM(hcrypt_Session *crypto, hcrypt_Ctx *ctx, unsigned char *a
2 == sek_cnt ? HCRYPT_MSG_F_xSEK : (ctx->flags & HCRYPT_MSG_F_xSEK));
/* crypto->KMmsg_cache[4..7]: KEKI=0 */
km_msg[HCRYPT_MSG_KM_OFS_CIPHER] = HCRYPT_CIPHER_AES_CTR;
km_msg[HCRYPT_MSG_KM_OFS_AUTH] = HCRYPT_AUTH_NONE;
km_msg[HCRYPT_MSG_KM_OFS_SE] = crypto->se;
km_msg[HCRYPT_MSG_KM_OFS_CIPHER] = (ctx->mode == HCRYPT_CTX_MODE_AESGCM) ? HCRYPT_CIPHER_AES_GCM : HCRYPT_CIPHER_AES_CTR;
km_msg[HCRYPT_MSG_KM_OFS_AUTH] = (ctx->mode == HCRYPT_CTX_MODE_AESGCM) ? HCRYPT_AUTH_AES_GCM : HCRYPT_AUTH_NONE;
km_msg[HCRYPT_MSG_KM_OFS_SE] = (char) crypto->se;
hcryptMsg_KM_SetSaltLen(km_msg, ctx->salt_len);
hcryptMsg_KM_SetSekLen(km_msg, ctx->sek_len);
@ -322,7 +322,7 @@ int hcryptCtx_Tx_AsmKM(hcrypt_Session *crypto, hcrypt_Ctx *ctx, unsigned char *a
}
if (0 > crypto->cryspr->km_wrap(crypto->cryspr_cb,
&km_msg[HCRYPT_MSG_KM_OFS_SALT + ctx->salt_len],
seks, sek_cnt * ctx->sek_len)) {
seks, (unsigned int)(sek_cnt * ctx->sek_len))) {
HCRYPT_LOG(LOG_ERR, "%s", "wrap key failed\n");
return(-1);
@ -360,7 +360,7 @@ int hcryptCtx_Tx_ManageKM(hcrypt_Session *crypto)
* prepare next SEK for announcement
*/
hcryptCtx_Tx_Refresh(crypto);
HCRYPT_LOG(LOG_INFO, "KM[%d] Pre-announced\n",
(ctx->alt->flags & HCRYPT_CTX_F_xSEK)/2);

6
trunk/3rdparty/srt-1-fit/haicrypt/hcrypt_msg.h vendored
View file

@ -122,8 +122,10 @@ typedef struct {
#define HCRYPT_CIPHER_AES_ECB 1
#define HCRYPT_CIPHER_AES_CTR 2
#define HCRYPT_CIPHER_AES_CBC 3
#define HCRYPT_CIPHER_AES_GCM 4
#define HCRYPT_AUTH_NONE 0
#define HCRYPT_AUTH_AES_GCM 1
#define HCRYPT_SE_TSUDP 1
hcrypt_MsgInfo * hcryptMsg_STA_MsgInfo(void);
@ -148,8 +150,8 @@ typedef struct {
#define hcryptMsg_KM_GetSaltLen(msg) (size_t)((msg)[HCRYPT_MSG_KM_OFS_SLEN] * 4)
#define hcryptMsg_KM_GetSekLen(msg) (size_t)((msg)[HCRYPT_MSG_KM_OFS_KLEN] * 4)
#define hcryptMsg_KM_SetSaltLen(msg,len)do {(msg)[HCRYPT_MSG_KM_OFS_SLEN] = (len)/4;} while(0)
#define hcryptMsg_KM_SetSekLen(msg,len) do {(msg)[HCRYPT_MSG_KM_OFS_KLEN] = (len)/4;} while(0)
#define hcryptMsg_KM_SetSaltLen(msg,len)do {(msg)[HCRYPT_MSG_KM_OFS_SLEN] = (unsigned char)(len)/4;} while(0)
#define hcryptMsg_KM_SetSekLen(msg,len) do {(msg)[HCRYPT_MSG_KM_OFS_KLEN] = (unsigned char)(len)/4;} while(0)
#endif /* HCRYPT_MSG_H */

5
trunk/3rdparty/srt-1-fit/haicrypt/hcrypt_rx.c vendored
View file

@ -53,7 +53,7 @@ int HaiCrypt_Rx_Data(HaiCrypt_Handle hhc,
if (0 > (nb = crypto->cryspr->ms_decrypt(crypto->cryspr_cb, ctx, &indata, 1, NULL, NULL, NULL))) {
HCRYPT_LOG(LOG_ERR, "%s", "ms_decrypt failed\n");
} else {
nb = indata.len;
nb = (int)indata.len;
}
} else { /* No key received yet */
nb = 0;
@ -124,9 +124,6 @@ int HaiCrypt_Rx_Process(HaiCrypt_Handle hhc,
|| (0 != memcmp(ctx->KMmsg_cache, in_msg, in_len))) { /* or different */
nbout = hcryptCtx_Rx_ParseKM(crypto, in_msg, in_len);
//-2: unmatched shared secret
//-1: other failures
//0: success
} else {
nbout = 0;
}

61
trunk/3rdparty/srt-1-fit/haicrypt/hcrypt_tx.c vendored
View file

@ -14,20 +14,20 @@ written by
Haivision Systems Inc.
2011-06-23 (jdube)
HaiCrypt initial implementation.
HaiCrypt initial implementation.
2014-03-11 (jdube)
Adaptation for SRT.
Adaptation for SRT.
*****************************************************************************/
#include <sys/types.h>
#include <stdlib.h> /* NULL */
#include <string.h> /* memcpy */
#ifdef _WIN32
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdint.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdint.h>
#else
#include <arpa/inet.h> /* htonl */
#include <arpa/inet.h> /* htonl */
#endif
#include "hcrypt.h"
@ -52,29 +52,28 @@ int HaiCrypt_Tx_GetBuf(HaiCrypt_Handle hhc, size_t data_len, unsigned char **in_
return(crypto->msg_info->pfx_len);
}
int HaiCrypt_Tx_ManageKeys(HaiCrypt_Handle hhc, void *out_p[], size_t out_len_p[], int maxout)
int HaiCrypt_Tx_ManageKeys(HaiCrypt_Handle hhc, void *out_p[], size_t out_len_p[], int maxout)
{
hcrypt_Session *crypto = (hcrypt_Session *)hhc;
hcrypt_Ctx *ctx = crypto->ctx;
int nbout = 0;
if ((NULL == crypto)
|| (NULL == ctx)
|| (NULL == crypto->ctx)
|| (NULL == out_p)
|| (NULL == out_len_p)) {
HCRYPT_LOG(LOG_ERR, "ManageKeys: invalid params: crypto=%p crypto->ctx=%p\n", crypto, ctx);
HCRYPT_LOG(LOG_ERR, "ManageKeys: invalid params: crypto=%p out_p=%p out_len_p=%p\n",
crypto, out_p, out_len_p);
return(-1);
}
/* Manage Key Material (refresh, announce, decommission) */
hcryptCtx_Tx_ManageKM(crypto);
ctx = crypto->ctx;
if (NULL == ctx) {
HCRYPT_LOG(LOG_ERR, "%s", "crypto context not defined\n");
if (NULL == crypto->ctx) {
HCRYPT_LOG(LOG_ERR, "%s", "crypto context NULL after ManageKM call\n");
return(-1);
}
ASSERT(ctx->status == HCRYPT_CTX_S_ACTIVE);
ASSERT(crypto->ctx->status == HCRYPT_CTX_S_ACTIVE);
nbout = hcryptCtx_Tx_InjectKM(crypto, out_p, out_len_p, maxout);
return(nbout);
@ -83,30 +82,35 @@ int HaiCrypt_Tx_ManageKeys(HaiCrypt_Handle hhc, void *out_p[], size_t out_len_p[
int HaiCrypt_Tx_GetKeyFlags(HaiCrypt_Handle hhc)
{
hcrypt_Session *crypto = (hcrypt_Session *)hhc;
hcrypt_Ctx *ctx = crypto->ctx;
hcrypt_Ctx *ctx = NULL;
if ((NULL == crypto)
|| (NULL == ctx)){
|| (NULL == (ctx = crypto->ctx))) {
HCRYPT_LOG(LOG_ERR, "GetKeyFlags: invalid params: crypto=%p crypto->ctx=%p\n", crypto, ctx);
return(-1);
}
return(hcryptCtx_GetKeyFlags(ctx));
return(hcryptCtx_GetKeyFlags(crypto->ctx));
}
int HaiCrypt_Tx_Data(HaiCrypt_Handle hhc,
unsigned char *in_pfx, unsigned char *in_data, size_t in_len)
int HaiCrypt_Tx_Data(HaiCrypt_Handle hhc,
unsigned char *in_pfx, unsigned char *in_data, size_t in_len)
{
hcrypt_Session *crypto = (hcrypt_Session *)hhc;
hcrypt_Ctx *ctx = crypto->ctx;
hcrypt_Ctx *ctx = NULL;
int nbout = 0;
if ((NULL == crypto)
|| (NULL == ctx)){
|| (NULL == (ctx = crypto->ctx))) {
HCRYPT_LOG(LOG_ERR, "Tx_Data: invalid params: crypto=%p crypto->ctx=%p\n", crypto, ctx);
return(-1);
}
/* Get/Set packet index */
ctx->msg_info->indexMsg(in_pfx, ctx->MSpfx_cache);
ctx->msg_info->indexMsg(in_pfx, ctx->MSpfx_cache);
if (hcryptMsg_GetKeyIndex(ctx->msg_info, in_pfx) != hcryptCtx_GetKeyIndex(ctx))
{
HCRYPT_LOG(LOG_ERR, "Tx_Data: Key mismatch!");
}
/* Encrypt */
{
@ -125,16 +129,16 @@ int HaiCrypt_Tx_Data(HaiCrypt_Handle hhc,
return(nbout);
}
int HaiCrypt_Tx_Process(HaiCrypt_Handle hhc,
unsigned char *in_msg, size_t in_len,
int HaiCrypt_Tx_Process(HaiCrypt_Handle hhc,
unsigned char *in_msg, size_t in_len,
void *out_p[], size_t out_len_p[], int maxout)
{
hcrypt_Session *crypto = (hcrypt_Session *)hhc;
hcrypt_Ctx *ctx = crypto->ctx;
hcrypt_Ctx *ctx = NULL;
int nb, nbout = 0;
if ((NULL == crypto)
|| (NULL == ctx)
|| (NULL == (ctx = crypto->ctx))
|| (NULL == out_p)
|| (NULL == out_len_p)) {
HCRYPT_LOG(LOG_ERR, "Tx_Process: invalid params: crypto=%p crypto->ctx=%p\n", crypto, ctx);
@ -144,11 +148,6 @@ int HaiCrypt_Tx_Process(HaiCrypt_Handle hhc,
/* Manage Key Material (refresh, announce, decommission) */
hcryptCtx_Tx_ManageKM(crypto);
ctx = crypto->ctx;
if (NULL == ctx) {
HCRYPT_LOG(LOG_ERR, "%s", "crypto context not defined\n");
return(-1);
}
ASSERT(ctx->status == HCRYPT_CTX_S_ACTIVE);
nbout += hcryptCtx_Tx_InjectKM(crypto, out_p, out_len_p, maxout);