external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity
srs/trunk/3rdparty/srt-1-fit/haicrypt/hcrypt_sa.c
john fe086dfc31
SRT: Upgrade libsrt from 1.4.1 to 1.5.1. v6.0.12 (#3362) 
Co-authored-by: winlin <winlin@vip.126.com>
2023-01-04 19:56:33 +08:00

96 lines
2.7 KiB
C
Raw Blame History

/*
* SRT - Secure, Reliable, Transport
* Copyright (c) 2018 Haivision Systems Inc.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
*/
/*****************************************************************************
written by
Haivision Systems Inc.
2011-06-23 (jdube)
HaiCrypt initial implementation.
*****************************************************************************/
/*
* For now:
* Pre-shared or password derived KEK (Key Encrypting Key)
* Future:
* Certificate-based association
*/
#include <string.h> /* memcpy */
#include "hcrypt.h"
int hcryptCtx_SetSecret(hcrypt_Session *crypto, hcrypt_Ctx *ctx, const HaiCrypt_Secret *secret)
{
int iret;
(void)crypto;
switch(secret->typ) {
case HAICRYPT_SECTYP_PRESHARED:
ASSERT(secret->len <= HAICRYPT_KEY_MAX_SZ);
ctx->cfg.pwd_len = 0;
/* KEK: Key Encrypting Key */
if (0 > (iret = crypto->cryspr->km_setkey(crypto->cryspr_cb,
((HCRYPT_CTX_F_ENCRYPT & ctx->flags) ? true : false),
secret->str, secret->len))) {
HCRYPT_LOG(LOG_ERR, "km_setkey(pdkek[%zd]) failed (rc=%d)\n", secret->len, iret);
return(-1);
}
ctx->status = HCRYPT_CTX_S_SARDY;
break;
case HAICRYPT_SECTYP_PASSPHRASE:
ASSERT(secret->len <= sizeof(ctx->cfg.pwd));
memcpy(ctx->cfg.pwd, secret->str, secret->len);
ctx->cfg.pwd_len = secret->len;
/* KEK will be derived from password with Salt */
ctx->status = HCRYPT_CTX_S_SARDY;
break;
default:
HCRYPT_LOG(LOG_ERR, "Unknown secret type %d\n",
secret->typ);
return(-1);
}
return(0);
}
int hcryptCtx_GenSecret(hcrypt_Session *crypto, hcrypt_Ctx *ctx)
{
/*
* KEK need same length as the key it protects (SEK)
* KEK = PBKDF2(Pwd, LSB(64, Salt), Iter, Klen)
*/
unsigned char kek[HAICRYPT_KEY_MAX_SZ];
size_t kek_len = ctx->sek_len;
size_t pbkdf_salt_len = (ctx->salt_len >= HAICRYPT_PBKDF2_SALT_LEN
? HAICRYPT_PBKDF2_SALT_LEN
: ctx->salt_len);
int iret = 0;
(void)crypto;
iret = crypto->cryspr->km_pbkdf2(crypto->cryspr_cb, ctx->cfg.pwd, ctx->cfg.pwd_len,
&ctx->salt[ctx->salt_len - pbkdf_salt_len], pbkdf_salt_len,
HAICRYPT_PBKDF2_ITER_CNT, kek_len, kek);
if(iret) {
HCRYPT_LOG(LOG_ERR, "km_pbkdf2() failed (rc=%d)\n", iret);
return(-1);
}
HCRYPT_PRINTKEY(ctx->cfg.pwd, ctx->cfg.pwd_len, "pwd");
HCRYPT_PRINTKEY(kek, kek_len, "kek");
/* KEK: Key Encrypting Key */
if (0 > (iret = crypto->cryspr->km_setkey(crypto->cryspr_cb, ((HCRYPT_CTX_F_ENCRYPT & ctx->flags) ? true : false), kek, kek_len))) {
HCRYPT_LOG(LOG_ERR, "km_setkey(pdkek[%zd]) failed (rc=%d)\n", kek_len, iret);
return(-1);
}
return(0);
}
Reference in a new issue View git blame Copy permalink