mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
128 lines
5.1 KiB
C
128 lines
5.1 KiB
C
/*
|
|
* SRT - Secure, Reliable, Transport
|
|
* Copyright (c) 2018 Haivision Systems Inc.
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
*/
|
|
|
|
/*****************************************************************************
|
|
written by
|
|
Haivision Systems Inc.
|
|
|
|
2011-06-23 (jdube)
|
|
HaiCrypt initial implementation.
|
|
2014-03-11 (jdube)
|
|
Adaptation for SRT.
|
|
*****************************************************************************/
|
|
|
|
#ifndef HAICRYPT_H
|
|
#define HAICRYPT_H
|
|
|
|
#include <sys/types.h>
|
|
#include <stdint.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
typedef void *HaiCrypt_Cryspr;
|
|
|
|
HaiCrypt_Cryspr HaiCryptCryspr_Get_Instance (void); /* Return a default cryspr instance */
|
|
|
|
#define HAICRYPT_CIPHER_BLK_SZ 16 /* AES Block Size */
|
|
|
|
#define HAICRYPT_PWD_MAX_SZ 80 /* MAX password (for Password-based Key Derivation) */
|
|
#define HAICRYPT_KEY_MAX_SZ 32 /* MAX key */
|
|
#define HAICRYPT_SECRET_MAX_SZ (HAICRYPT_PWD_MAX_SZ > HAICRYPT_KEY_MAX_SZ ? HAICRYPT_PWD_MAX_SZ : HAICRYPT_KEY_MAX_SZ)
|
|
#define HAICRYPT_AUTHTAG_MAX 16 /* maximum length of the auth tag (e.g. GCM) */
|
|
|
|
#define HAICRYPT_SALT_SZ 16
|
|
|
|
#define HAICRYPT_WRAPKEY_SIGN_SZ 8 /* RFC3394 AES KeyWrap signature size */
|
|
|
|
#define HAICRYPT_PBKDF2_SALT_LEN 8 /* PKCS#5 PBKDF2 Password based key derivation salt length */
|
|
#define HAICRYPT_PBKDF2_ITER_CNT 2048 /* PKCS#5 PBKDF2 Password based key derivation iteration count */
|
|
|
|
#define HAICRYPT_TS_PKT_SZ 188 /* Transport Stream packet size */
|
|
|
|
typedef struct {
|
|
#define HAICRYPT_SECTYP_UNDEF 0
|
|
#define HAICRYPT_SECTYP_PRESHARED 1 /* Preshared KEK */
|
|
#define HAICRYPT_SECTYP_PASSPHRASE 2 /* Password */
|
|
unsigned typ;
|
|
size_t len;
|
|
unsigned char str[HAICRYPT_SECRET_MAX_SZ];
|
|
}HaiCrypt_Secret;
|
|
|
|
typedef struct {
|
|
#define HAICRYPT_CFG_F_TX 0x01 /* !TX -> RX */
|
|
#define HAICRYPT_CFG_F_CRYPTO 0x02 /* Perform crypto Tx:Encrypt Rx:Decrypt */
|
|
#define HAICRYPT_CFG_F_FEC 0x04 /* Do Forward Error Correction */
|
|
#define HAICRYPT_CFG_F_GCM 0x08 /* Use AES-GCM */
|
|
unsigned flags;
|
|
|
|
HaiCrypt_Secret secret; /* Security Association */
|
|
|
|
HaiCrypt_Cryspr cryspr; /* CRYSPR implementation */
|
|
#define HAICRYPT_DEF_KEY_LENGTH 16 /* default key length (bytes) */
|
|
size_t key_len; /* SEK length (bytes) */
|
|
#define HAICRYPT_DEF_DATA_MAX_LENGTH 1500 /* default packet data length (bytes) */
|
|
size_t data_max_len; /* Maximum data_len passed to HaiCrypt (bytes) */
|
|
|
|
#define HAICRYPT_XPT_STANDALONE 0
|
|
#define HAICRYPT_XPT_SRT 1
|
|
int xport;
|
|
|
|
#define HAICRYPT_DEF_KM_TX_PERIOD 1000 /* Keying Material Default Tx Period (msec) */
|
|
unsigned int km_tx_period_ms; /* Keying Material Tx period (msec) */
|
|
#define HAICRYPT_DEF_KM_REFRESH_RATE 0x1000000 /* Keying Material Default Refresh Rate (pkts) */
|
|
unsigned int km_refresh_rate_pkt; /* Keying Material Refresh Rate (pkts) */
|
|
#define HAICRYPT_DEF_KM_PRE_ANNOUNCE 0x1000 /* Keying Material Default Pre/Post Announce (pkts) */
|
|
unsigned int km_pre_announce_pkt; /* Keying Material Pre/Post Announce (pkts) */
|
|
}HaiCrypt_Cfg;
|
|
|
|
typedef enum HaiCrypt_CryptoDir { HAICRYPT_CRYPTO_DIR_RX, HAICRYPT_CRYPTO_DIR_TX } HaiCrypt_CryptoDir;
|
|
|
|
//typedef void *HaiCrypt_Handle;
|
|
// internally it will be correctly interpreted,
|
|
// for the outsider it's just some kinda incomplete type
|
|
// but still if you use any kinda pointer instead, you'll get complaints
|
|
typedef struct hcrypt_Session_str* HaiCrypt_Handle;
|
|
|
|
|
|
|
|
int HaiCrypt_SetLogLevel(int level, int logfa);
|
|
|
|
int HaiCrypt_Create(const HaiCrypt_Cfg *cfg, HaiCrypt_Handle *phhc);
|
|
int HaiCrypt_Clone(HaiCrypt_Handle hhcSrc, HaiCrypt_CryptoDir tx, HaiCrypt_Handle *phhc);
|
|
int HaiCrypt_Close(HaiCrypt_Handle hhc);
|
|
int HaiCrypt_Tx_GetBuf(HaiCrypt_Handle hhc, size_t data_len, unsigned char **in_p);
|
|
int HaiCrypt_Tx_Process(HaiCrypt_Handle hhc, unsigned char *in, size_t in_len,
|
|
void *out_p[], size_t out_len_p[], int maxout);
|
|
int HaiCrypt_Rx_Process(HaiCrypt_Handle hhc, unsigned char *in, size_t in_len,
|
|
void *out_p[], size_t out_len_p[], int maxout);
|
|
|
|
int HaiCrypt_Tx_GetKeyFlags(HaiCrypt_Handle hhc);
|
|
int HaiCrypt_Tx_ManageKeys(HaiCrypt_Handle hhc, void *out_p[], size_t out_len_p[], int maxout);
|
|
int HaiCrypt_Tx_Data(HaiCrypt_Handle hhc, unsigned char *pfx, unsigned char *data, size_t data_len);
|
|
int HaiCrypt_Rx_Data(HaiCrypt_Handle hhc, unsigned char *pfx, unsigned char *data, size_t data_len);
|
|
|
|
/// @brief Check if the crypto service provider supports AES GCM.
|
|
/// @return returns 1 if AES GCM is supported, 0 otherwise.
|
|
int HaiCrypt_IsAESGCM_Supported(void);
|
|
|
|
/* Status values */
|
|
|
|
#define HAICRYPT_ERROR -1
|
|
#define HAICRYPT_ERROR_WRONG_SECRET -2
|
|
#define HAICRYPT_ERROR_CIPHER -3
|
|
#define HAICRYPT_OK 0
|
|
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* HAICRYPT_H */
|