mirror of
				https://github.com/ossrs/srs.git
				synced 2025-03-09 15:49:59 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			96 lines
		
	
	
	
		
			2.7 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			96 lines
		
	
	
	
		
			2.7 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * SRT - Secure, Reliable, Transport
 | |
|  * Copyright (c) 2018 Haivision Systems Inc.
 | |
|  * 
 | |
|  * This Source Code Form is subject to the terms of the Mozilla Public
 | |
|  * License, v. 2.0. If a copy of the MPL was not distributed with this
 | |
|  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 | |
|  * 
 | |
|  */
 | |
| 
 | |
| 
 | |
| /*****************************************************************************
 | |
| written by
 | |
|    Haivision Systems Inc.
 | |
| 
 | |
|    2011-06-23 (jdube)
 | |
|         HaiCrypt initial implementation.
 | |
| *****************************************************************************/
 | |
| 
 | |
| /*
 | |
|  * For now: 
 | |
|  *  Pre-shared or password derived KEK (Key Encrypting Key)
 | |
|  * Future:
 | |
|  *  Certificate-based association
 | |
|  */
 | |
| #include <string.h>				/* memcpy */
 | |
| #include "hcrypt.h"
 | |
| 
 | |
| int hcryptCtx_SetSecret(hcrypt_Session *crypto, hcrypt_Ctx *ctx, const HaiCrypt_Secret *secret)
 | |
| {
 | |
| 	int iret;
 | |
| 	(void)crypto;
 | |
| 
 | |
| 	switch(secret->typ) {
 | |
| 	case HAICRYPT_SECTYP_PRESHARED:
 | |
| 		ASSERT(secret->len <= HAICRYPT_KEY_MAX_SZ);
 | |
| 		ctx->cfg.pwd_len = 0;
 | |
| 		/* KEK: Key Encrypting Key */
 | |
| 		if (0 > (iret = crypto->cryspr->km_setkey(crypto->cryspr_cb,
 | |
| 							  (HCRYPT_CTX_F_ENCRYPT & ctx->flags ? true : false),
 | |
| 							  secret->str, secret->len))) {
 | |
| 			HCRYPT_LOG(LOG_ERR, "km_setkey(pdkek[%zd]) failed (rc=%d)\n", secret->len, iret);
 | |
| 			return(-1);
 | |
| 		}
 | |
| 		ctx->status = HCRYPT_CTX_S_SARDY;
 | |
| 		break;
 | |
| 
 | |
| 	case HAICRYPT_SECTYP_PASSPHRASE:
 | |
| 		ASSERT(secret->len <= sizeof(ctx->cfg.pwd));
 | |
| 		memcpy(ctx->cfg.pwd, secret->str, secret->len);
 | |
| 		ctx->cfg.pwd_len = secret->len;
 | |
| 		/* KEK will be derived from password with Salt */
 | |
| 		ctx->status = HCRYPT_CTX_S_SARDY;
 | |
| 		break;
 | |
| 
 | |
| 	default:
 | |
| 	    HCRYPT_LOG(LOG_ERR, "Unknown secret type  %d\n", 
 | |
| 			secret->typ);
 | |
| 		return(-1);
 | |
| 	}
 | |
| 	return(0);
 | |
| }
 | |
| 
 | |
| int hcryptCtx_GenSecret(hcrypt_Session *crypto, hcrypt_Ctx *ctx)
 | |
| {
 | |
| 	/*
 | |
| 	 * KEK need same length as the key it protects (SEK)
 | |
| 	 * KEK = PBKDF2(Pwd, LSB(64, Salt), Iter, Klen)
 | |
| 	 */
 | |
| 	unsigned char kek[HAICRYPT_KEY_MAX_SZ];
 | |
| 	size_t kek_len = ctx->sek_len;
 | |
| 	size_t pbkdf_salt_len = (ctx->salt_len >= HAICRYPT_PBKDF2_SALT_LEN
 | |
| 		? HAICRYPT_PBKDF2_SALT_LEN 
 | |
| 		: ctx->salt_len);
 | |
| 	int iret = 0;
 | |
| 	(void)crypto;
 | |
| 
 | |
| 	iret = crypto->cryspr->km_pbkdf2(crypto->cryspr_cb, ctx->cfg.pwd, ctx->cfg.pwd_len,
 | |
| 		&ctx->salt[ctx->salt_len - pbkdf_salt_len], pbkdf_salt_len, 
 | |
| 		HAICRYPT_PBKDF2_ITER_CNT, kek_len, kek);
 | |
| 
 | |
| 	if(iret) {
 | |
| 		HCRYPT_LOG(LOG_ERR, "km_pbkdf2() failed (rc=%d)\n", iret);
 | |
| 		return(-1);
 | |
| 	}
 | |
| 	HCRYPT_PRINTKEY(ctx->cfg.pwd, ctx->cfg.pwd_len, "pwd");
 | |
| 	HCRYPT_PRINTKEY(kek, kek_len, "kek");
 | |
| 	
 | |
| 	/* KEK: Key Encrypting Key */
 | |
| 	if (0 > (iret = crypto->cryspr->km_setkey(crypto->cryspr_cb, (HCRYPT_CTX_F_ENCRYPT & ctx->flags ? true : false), kek, kek_len))) {
 | |
| 		HCRYPT_LOG(LOG_ERR, "km_setkey(pdkek[%zd]) failed (rc=%d)\n", kek_len, iret);
 | |
| 		return(-1);
 | |
| 	}
 | |
| 	return(0);
 | |
| }
 | |
| 
 |