コード例 #1
0
ファイル: aes_gcm_ossl.c プロジェクト: Harut42/libsrtp
/*
 * This function allocates a new instance of this crypto engine.
 * The key_len parameter should be one of 28 or 44 for
 * AES-128-GCM or AES-256-GCM respectively.  Note that the
 * key length includes the 14 byte salt value that is used when
 * initializing the KDF.
 */
static srtp_err_status_t srtp_aes_gcm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen)
{
    srtp_aes_gcm_ctx_t *gcm;

    debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d", key_len);
    debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen);

    /*
     * Verify the key_len is valid for one of: AES-128/256
     */
    if (key_len != SRTP_AES_128_GCM_KEYSIZE_WSALT &&
        key_len != SRTP_AES_256_GCM_KEYSIZE_WSALT) {
        return (srtp_err_status_bad_param);
    }

    if (tlen != GCM_AUTH_TAG_LEN &&
        tlen != GCM_AUTH_TAG_LEN_8) {
        return (srtp_err_status_bad_param);
    }

    /* allocate memory a cipher of type aes_gcm */
    *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
    if (*c == NULL) {
        return (srtp_err_status_alloc_fail);
    }
    memset(*c, 0x0, sizeof(srtp_cipher_t));

    gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t));
    if (gcm == NULL) {
	srtp_crypto_free(*c);	
	*c = NULL;
        return (srtp_err_status_alloc_fail);
    }
    memset(gcm, 0x0, sizeof(srtp_aes_gcm_ctx_t));

    /* set pointers */
    (*c)->state = gcm;

    /* setup cipher attributes */
    switch (key_len) {
    case SRTP_AES_128_GCM_KEYSIZE_WSALT:
        (*c)->type = &srtp_aes_gcm_128_openssl;
        (*c)->algorithm = SRTP_AES_128_GCM;
        gcm->key_size = SRTP_AES_128_KEYSIZE;
        gcm->tag_len = tlen;
        break;
    case SRTP_AES_256_GCM_KEYSIZE_WSALT:
        (*c)->type = &srtp_aes_gcm_256_openssl;
        (*c)->algorithm = SRTP_AES_256_GCM;
        gcm->key_size = SRTP_AES_256_KEYSIZE;
        gcm->tag_len = tlen;
        break;
    }

    /* set key size        */
    (*c)->key_len = key_len;
    EVP_CIPHER_CTX_init(&gcm->ctx);

    return (srtp_err_status_ok);
}
コード例 #2
0
ファイル: hmac_ossl.c プロジェクト: PlexChat/libsrtp
static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a)
{
    HMAC_CTX *hmac_ctx;

    hmac_ctx = (HMAC_CTX*)a->state;

#if OPENSSL_VERSION_NUMBER < 0x10100000L
    HMAC_CTX_cleanup(hmac_ctx);

    /* zeroize entire state*/
    octet_string_set_to_zero((uint8_t*)a,
                             sizeof(HMAC_CTX) + sizeof(srtp_auth_t));

#else
    HMAC_CTX_free(hmac_ctx);

    /* zeroize entire state*/
    octet_string_set_to_zero((uint8_t*)a, sizeof(srtp_auth_t));
#endif

    /* free memory */
    srtp_crypto_free(a);

    return srtp_err_status_ok;
}
コード例 #3
0
ファイル: datatypes.c プロジェクト: PlexChat/libsrtp
void
bitvector_dealloc(bitvector_t *v) {
  if (v->word != NULL)
    srtp_crypto_free(v->word);
  v->word = NULL;
  v->length = 0;
}
コード例 #4
0
ファイル: cipher.c プロジェクト: Distrotech/libsrtp
/*
 * cipher_bits_per_second(c, l, t) computes (an estimate of) the
 * number of bits that a cipher implementation can encrypt in a second
 *
 * c is a cipher (which MUST be allocated and initialized already), l
 * is the length in octets of the test data to be encrypted, and t is
 * the number of trials
 *
 * if an error is encountered, the value 0 is returned
 */
uint64_t srtp_cipher_bits_per_second (srtp_cipher_t *c, int octets_in_buffer, int num_trials)
{
    int i;
    v128_t nonce;
    clock_t timer;
    unsigned char *enc_buf;
    unsigned int len = octets_in_buffer;

    enc_buf = (unsigned char*)srtp_crypto_alloc(octets_in_buffer);
    if (enc_buf == NULL) {
        return 0; /* indicate bad parameters by returning null */

    }
    /* time repeated trials */
    v128_set_to_zero(&nonce);
    timer = clock();
    for (i = 0; i < num_trials; i++, nonce.v32[3] = i) {
        srtp_cipher_set_iv(c, (uint8_t*)&nonce, direction_encrypt);
        srtp_cipher_encrypt(c, enc_buf, &len);
    }
    timer = clock() - timer;

    srtp_crypto_free(enc_buf);

    if (timer == 0) {
        /* Too fast! */
        return 0;
    }

    return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer;
}
コード例 #5
0
ファイル: aes_gcm_ossl.c プロジェクト: Harut42/libsrtp
/*
 * This function deallocates a GCM session
 */
static srtp_err_status_t srtp_aes_gcm_openssl_dealloc (srtp_cipher_t *c)
{
    srtp_aes_gcm_ctx_t *ctx;

    ctx = (srtp_aes_gcm_ctx_t*)c->state;
    if (ctx) {
        EVP_CIPHER_CTX_cleanup(&ctx->ctx);
	/* zeroize the key material */
	octet_string_set_to_zero((uint8_t*)ctx, sizeof(srtp_aes_gcm_ctx_t));
	srtp_crypto_free(ctx);
    }

    /* free memory */
    srtp_crypto_free(c);

    return (srtp_err_status_ok);
}
コード例 #6
0
ファイル: aes_icm.c プロジェクト: PlexChat/libsrtp
static srtp_err_status_t srtp_aes_icm_alloc_ismacryp (srtp_cipher_t **c, int key_len, int forIsmacryp)
{
    extern const srtp_cipher_type_t srtp_aes_icm;
    srtp_aes_icm_ctx_t *icm;

    debug_print(srtp_mod_aes_icm,
                "allocating cipher with key length %d", key_len);

    /*
     * Ismacryp, for example, uses 16 byte key + 8 byte
     * salt  so this function is called with key_len = 24.
     * The check for key_len = 30/38/46 does not apply. Our usage
     * of aes functions with key_len = values other than 30
     * has not broken anything. Don't know what would be the
     * effect of skipping this check for srtp in general.
     */
    if (!(forIsmacryp && key_len > 16 && key_len < 30) &&
        key_len != 30 && key_len != 38 && key_len != 46) {
        return srtp_err_status_bad_param;
    }

    /* allocate memory a cipher of type aes_icm */
    *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
    if (*c == NULL) {
        return srtp_err_status_alloc_fail;
    }
    memset(*c, 0x0, sizeof(srtp_cipher_t));

    icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
    if (icm == NULL) {
	srtp_crypto_free(*c);
        return srtp_err_status_alloc_fail;
    }
    memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t));

    /* set pointers */
    (*c)->state = icm;
    (*c)->type = &srtp_aes_icm;

    switch (key_len) {
    case 46:
        (*c)->algorithm = SRTP_AES_256_ICM;
        break;
    case 38:
        (*c)->algorithm = SRTP_AES_192_ICM;
        break;
    default:
        (*c)->algorithm = SRTP_AES_128_ICM;
        break;
    }

    /* set key size        */
    icm->key_size = key_len;
    (*c)->key_len = key_len;

    return srtp_err_status_ok;
}
コード例 #7
0
ファイル: hmac.c プロジェクト: Harut42/libsrtp
static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a)
{
    /* zeroize entire state*/
    octet_string_set_to_zero((uint8_t*)a,
                             sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t));

    /* free memory */
    srtp_crypto_free(a);

    return srtp_err_status_ok;
}
コード例 #8
0
ファイル: aes_icm.c プロジェクト: PlexChat/libsrtp
static srtp_err_status_t srtp_aes_icm_dealloc (srtp_cipher_t *c)
{
    srtp_aes_icm_ctx_t *ctx;

    if (c == NULL) {
        return srtp_err_status_bad_param;
    }

    ctx = (srtp_aes_icm_ctx_t *)c->state;
    if (ctx) {
	/* zeroize the key material */
	octet_string_set_to_zero((uint8_t*)ctx, sizeof(srtp_aes_icm_ctx_t));
	srtp_crypto_free(ctx);
    }

    /* free the cipher context */
    srtp_crypto_free(c);

    return srtp_err_status_ok;
}
コード例 #9
0
srtp_err_status_t srtp_crypto_kernel_shutdown ()
{
    /*
     * free dynamic memory used in crypto_kernel at present
     */

    /* walk down cipher type list, freeing memory */
    while (crypto_kernel.cipher_type_list != NULL) {
        srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
        crypto_kernel.cipher_type_list = ctype->next;
        debug_print(srtp_mod_crypto_kernel,
                    "freeing memory for cipher %s",
                    ctype->cipher_type->description);
        srtp_crypto_free(ctype);
    }

    /* walk down authetication module list, freeing memory */
    while (crypto_kernel.auth_type_list != NULL) {
        srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
        crypto_kernel.auth_type_list = atype->next;
        debug_print(srtp_mod_crypto_kernel,
                    "freeing memory for authentication %s",
                    atype->auth_type->description);
        srtp_crypto_free(atype);
    }

    /* walk down debug module list, freeing memory */
    while (crypto_kernel.debug_module_list != NULL) {
        srtp_kernel_debug_module_t *kdm = crypto_kernel.debug_module_list;
        crypto_kernel.debug_module_list = kdm->next;
        debug_print(srtp_mod_crypto_kernel,
                    "freeing memory for debug module %s",
                    kdm->mod->name);
        srtp_crypto_free(kdm);
    }

    /* return to insecure state */
    crypto_kernel.state = srtp_crypto_kernel_state_insecure;

    return srtp_err_status_ok;
}
コード例 #10
0
ファイル: hmac_ossl.c プロジェクト: PlexChat/libsrtp
static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len)
{
    extern const srtp_auth_type_t srtp_hmac;

    debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len);
    debug_print(srtp_mod_hmac, "                          tag length %d", out_len);

    /* check output length - should be less than 20 bytes */
    if (out_len > SHA1_DIGEST_SIZE) {
        return srtp_err_status_bad_param;
    }

/* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
   using HMAC_CTX_new.  But this function doesn't exist in OpenSSL 1.0.x. */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
    {
        /* allocate memory for auth and HMAC_CTX structures */
        uint8_t* pointer;
        HMAC_CTX *new_hmac_ctx;
        pointer = (uint8_t*)srtp_crypto_alloc(sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
        if (pointer == NULL) {
            return srtp_err_status_alloc_fail;
        }
        *a = (srtp_auth_t*)pointer;
        (*a)->state = pointer + sizeof(srtp_auth_t);
        new_hmac_ctx = (HMAC_CTX*)((*a)->state);

        HMAC_CTX_init(new_hmac_ctx);
    }

#else
    *a = (srtp_auth_t*)srtp_crypto_alloc(sizeof(srtp_auth_t));
    if (*a == NULL) {
        return srtp_err_status_alloc_fail;
    }

    (*a)->state = HMAC_CTX_new();
    if ((*a)->state == NULL) {
        srtp_crypto_free(*a);
        *a = NULL;
        return srtp_err_status_alloc_fail;
    }
#endif

    /* set pointers */
    (*a)->type = &srtp_hmac;
    (*a)->out_len = out_len;
    (*a)->key_len = key_len;
    (*a)->prefix_len = 0;

    return srtp_err_status_ok;
}
コード例 #11
0
ファイル: null_cipher.c プロジェクト: PlexChat/libsrtp
static srtp_err_status_t srtp_null_cipher_dealloc (srtp_cipher_t *c)
{
    extern const srtp_cipher_type_t srtp_null_cipher;

    /* zeroize entire state*/
    octet_string_set_to_zero((uint8_t*)c, sizeof(srtp_cipher_t));

    /* free memory of type null_cipher */
    srtp_crypto_free(c);

    return srtp_err_status_ok;

}
コード例 #12
0
ファイル: aes_icm.c プロジェクト: RyanLee27/pjproject
static srtp_err_status_t srtp_aes_icm_alloc (srtp_cipher_t **c, int key_len, int tlen)
{
    srtp_aes_icm_ctx_t *icm;

    debug_print(srtp_mod_aes_icm,
                "allocating cipher with key length %d", key_len);

    /*
     * The check for key_len = 30/46 does not apply. Our usage
     * of aes functions with key_len = values other than 30
     * has not broken anything. Don't know what would be the
     * effect of skipping this check for srtp in general.
     */
    if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
        return srtp_err_status_bad_param;
    }

    /* allocate memory a cipher of type aes_icm */
    *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
    if (*c == NULL) {
        return srtp_err_status_alloc_fail;
    }
    memset(*c, 0x0, sizeof(srtp_cipher_t));

    icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
    if (icm == NULL) {
	srtp_crypto_free(*c);
        return srtp_err_status_alloc_fail;
    }
    memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t));

    /* set pointers */
    (*c)->state = icm;

    switch (key_len) {
    case SRTP_AES_ICM_256_KEY_LEN_WSALT:
        (*c)->algorithm = SRTP_AES_ICM_256;
        (*c)->type = &srtp_aes_icm_256;
        break;
    default:
        (*c)->algorithm = SRTP_AES_ICM_128;
        (*c)->type = &srtp_aes_icm_128;
        break;
    }

    /* set key size        */
    icm->key_size = key_len;
    (*c)->key_len = key_len;

    return srtp_err_status_ok;
}
コード例 #13
0
ファイル: aes_icm_ossl.c プロジェクト: Harut42/libsrtp
/*
 * This function deallocates an instance of this engine
 */
static srtp_err_status_t srtp_aes_icm_openssl_dealloc (srtp_cipher_t *c)
{
    srtp_aes_icm_ctx_t *ctx;

    if (c == NULL) {
        return srtp_err_status_bad_param;
    }

    /*
     * Free the EVP context
     */
    ctx = (srtp_aes_icm_ctx_t*)c->state;
    if (ctx != NULL) {
        EVP_CIPHER_CTX_cleanup(&ctx->ctx);
	/* zeroize the key material */
	octet_string_set_to_zero((uint8_t*)ctx, sizeof(srtp_aes_icm_ctx_t));
	srtp_crypto_free(ctx);
    }

    /* free memory */
    srtp_crypto_free(c);

    return srtp_err_status_ok;
}
コード例 #14
0
ファイル: hmac_ossl.c プロジェクト: Harut42/libsrtp
static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a)
{
    srtp_hmac_ctx_t *hmac_ctx;

    hmac_ctx = (srtp_hmac_ctx_t*)a->state;
    if (hmac_ctx->ctx_initialized) {
        EVP_MD_CTX_cleanup(&hmac_ctx->ctx);
    }
    if (hmac_ctx->init_ctx_initialized) {
        EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);
    }

    /* zeroize entire state*/
    octet_string_set_to_zero((uint8_t*)a,
                             sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t));

    /* free memory */
    srtp_crypto_free(a);

    return srtp_err_status_ok;
}
コード例 #15
0
ファイル: aes_icm_ossl.c プロジェクト: Harut42/libsrtp
/*
 * This function allocates a new instance of this crypto engine.
 * The key_len parameter should be one of 30, 38, or 46 for
 * AES-128, AES-192, and AES-256 respectively.  Note, this key_len
 * value is inflated, as it also accounts for the 112 bit salt
 * value.  The tlen argument is for the AEAD tag length, which
 * isn't used in counter mode.
 */
static srtp_err_status_t srtp_aes_icm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen)
{
    srtp_aes_icm_ctx_t *icm;

    debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", key_len);

    /*
     * Verify the key_len is valid for one of: AES-128/192/256
     */
    if (key_len != SRTP_AES_128_KEYSIZE_WSALT && key_len != SRTP_AES_192_KEYSIZE_WSALT &&
        key_len != SRTP_AES_256_KEYSIZE_WSALT) {
        return srtp_err_status_bad_param;
    }

    if (key_len != SRTP_AES_128_KEYSIZE_WSALT &&
#ifndef SRTP_NO_AES192
        key_len != SRTP_AES_192_KEYSIZE_WSALT &&
#endif
        key_len != SRTP_AES_256_KEYSIZE_WSALT) {
        return srtp_err_status_bad_param;
    }

    /* allocate memory a cipher of type aes_icm */
    *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
    if (*c == NULL) {
        return srtp_err_status_alloc_fail;
    }
    memset(*c, 0x0, sizeof(srtp_cipher_t));

    icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
    if (icm == NULL) {
	srtp_crypto_free(*c);
	*c = NULL;
        return srtp_err_status_alloc_fail;
    }
    memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t));

    /* set pointers */
    (*c)->state = icm;

    /* setup cipher parameters */
    switch (key_len) {
    case SRTP_AES_128_KEYSIZE_WSALT:
        (*c)->algorithm = SRTP_AES_128_ICM;
        (*c)->type = &srtp_aes_icm;
        icm->key_size = SRTP_AES_128_KEYSIZE;
        break;
#ifndef SRTP_NO_AES192
    case SRTP_AES_192_KEYSIZE_WSALT:
        (*c)->algorithm = SRTP_AES_192_ICM;
        (*c)->type = &srtp_aes_icm_192;
        icm->key_size = SRTP_AES_192_KEYSIZE;
        break;
#endif
    case SRTP_AES_256_KEYSIZE_WSALT:
        (*c)->algorithm = SRTP_AES_256_ICM;
        (*c)->type = &srtp_aes_icm_256;
        icm->key_size = SRTP_AES_256_KEYSIZE;
        break;
    }

    /* set key size        */
    (*c)->key_len = key_len;
    EVP_CIPHER_CTX_init(&icm->ctx);

    return srtp_err_status_ok;
}