std::string SrtpChannel::generateBase64Key() { unsigned char key[30]; crypto_get_random(key, 30); gchar* base64key = g_base64_encode((guchar*) key, 30); return std::string(base64key); }
int trtp_srtp_ctx_init(trtp_srtp_ctx_xt* ctx, int32_t tag, trtp_srtp_crypto_type_t type, uint32_t ssrc){ char* key_str = ctx->key_str; err_status_t srtp_err; tsk_size_t size; if(!ctx){ TSK_DEBUG_ERROR("Invalid parameter"); return -1; } if(ctx->initialized){ trtp_srtp_ctx_deinit(ctx); } ctx->tag = tag; ctx->crypto_type = type; if((srtp_err = crypto_get_random((unsigned char*)ctx->key_bin, sizeof(ctx->key_bin))) != err_status_ok){ TSK_DEBUG_ERROR("crypto_get_random() failed"); return -2; } size = tsk_base64_encode((const uint8_t*)ctx->key_bin, sizeof(ctx->key_bin), &key_str); key_str[size] = '\0'; switch(ctx->crypto_type){ case HMAC_SHA1_80: { crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtp); crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtcp); break; } case HMAC_SHA1_32: default: { crypto_policy_set_aes_cm_128_hmac_sha1_32(&ctx->policy.rtp); crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtcp); // RTCP always 80 break; } } ctx->policy.key = (unsigned char*)ctx->key_bin; ctx->policy.ssrc.type = ssrc_any_outbound; ctx->policy.ssrc.value = ssrc; if((srtp_err = srtp_create(&ctx->session, &ctx->policy)) != err_status_ok){ TSK_DEBUG_ERROR("srtp_create() failed"); return -3; } ctx->initialized = tsk_true; return 0; }
static int setup_srtp(struct menc_st *st) { err_status_t e; /* init SRTP */ e = crypto_get_random(st->key_tx, SRTP_MASTER_KEY_LEN); if (err_status_ok != e) { DEBUG_WARNING("crypto_get_random() failed (%H)\n", errstatus_print, e); return ENOSYS; } return 0; }
// int main(int argc, char *argv[]) { int rand_gen(unsigned num_octets, unsigned do_debug) { unsigned do_list_mods = 0; err_status_t status; /* initialize kernel - we need to do this before anything else */ status = crypto_kernel_init(0); if (status) { printf("error: crypto_kernel init failed\n"); return(1); } if (do_debug) { status = crypto_kernel_set_debug_module(optarg, 1); if (status) { printf("error: set debug module (%s) failed\n", optarg); return(1); } } if (do_list_mods) { status = crypto_kernel_list_debug_modules(); if (status) { printf("error: list of debug modules failed\n"); return(1); } } if (num_octets > 0) { uint8_t buffer[BUF_LEN]; status = crypto_get_random(buffer, num_octets); if (status) { printf("error: failure in random source\n"); } else { printf("%s\n", octet_string_hex_string(buffer, num_octets)); } } status = crypto_kernel_shutdown(); if (status) { printf("error: crypto_kernel shutdown failed\n"); return(1); } return 0; }
/* Generate crypto attribute, including crypto key. * If crypto-suite chosen is crypto NULL, just return PJ_SUCCESS, * and set buffer_len = 0. */ static pj_status_t generate_crypto_attr_value(pj_pool_t *pool, char *buffer, int *buffer_len, pjmedia_srtp_crypto *crypto, int tag) { pj_status_t status; int cs_idx = get_crypto_idx(&crypto->name); char b64_key[PJ_BASE256_TO_BASE64_LEN(MAX_KEY_LEN)+1]; int b64_key_len = sizeof(b64_key); if (cs_idx == -1) return PJMEDIA_SRTP_ENOTSUPCRYPTO; /* Crypto-suite NULL. */ if (cs_idx == 0) { *buffer_len = 0; return PJ_SUCCESS; } /* Generate key if not specified. */ if (crypto->key.slen == 0) { pj_bool_t key_ok; char key[MAX_KEY_LEN]; err_status_t err; unsigned i; PJ_ASSERT_RETURN(MAX_KEY_LEN >= crypto_suites[cs_idx].cipher_key_len, PJ_ETOOSMALL); do { key_ok = PJ_TRUE; err = crypto_get_random((unsigned char*)key, crypto_suites[cs_idx].cipher_key_len); if (err != err_status_ok) { PJ_LOG(5,(THIS_FILE, "Failed generating random key: %s", get_libsrtp_errstr(err))); return PJMEDIA_ERRNO_FROM_LIBSRTP(err); } for (i=0; i<crypto_suites[cs_idx].cipher_key_len && key_ok; ++i) if (key[i] == 0) key_ok = PJ_FALSE; } while (!key_ok); crypto->key.ptr = (char*) pj_pool_zalloc(pool, crypto_suites[cs_idx].cipher_key_len); pj_memcpy(crypto->key.ptr, key, crypto_suites[cs_idx].cipher_key_len); crypto->key.slen = crypto_suites[cs_idx].cipher_key_len; } if (crypto->key.slen != (pj_ssize_t)crypto_suites[cs_idx].cipher_key_len) return PJMEDIA_SRTP_EINKEYLEN; /* Key transmitted via SDP should be base64 encoded. */ status = pj_base64_encode((pj_uint8_t*)crypto->key.ptr, crypto->key.slen, b64_key, &b64_key_len); if (status != PJ_SUCCESS) { PJ_LOG(5,(THIS_FILE, "Failed encoding plain key to base64")); return status; } b64_key[b64_key_len] = '\0'; PJ_ASSERT_RETURN(*buffer_len >= (crypto->name.slen + \ b64_key_len + 16), PJ_ETOOSMALL); /* Print the crypto attribute value. */ *buffer_len = pj_ansi_snprintf(buffer, *buffer_len, "%d %s inline:%s", tag, crypto_suites[cs_idx].name, b64_key); return PJ_SUCCESS; }
int main (int argc, char *argv[]) { extern char *optarg; int q; int num_octets = 0; unsigned do_list_mods = 0; err_status_t status; if (argc == 1) usage(argv[0]); /* initialize kernel - we need to do this before anything else */ status = crypto_kernel_init(); if (status) { printf("error: crypto_kernel init failed\n"); exit(1); } /* process input arguments */ while (1) { q = getopt(argc, argv, "ld:n:"); if (q == -1) break; switch (q) { case 'd': status = crypto_kernel_set_debug_module(optarg, 1); if (status) { printf("error: set debug module (%s) failed\n", optarg); exit(1); } break; case 'l': do_list_mods = 1; break; case 'n': num_octets = atoi(optarg); if (num_octets < 0 || num_octets > BUF_LEN) usage(argv[0]); break; default: usage(argv[0]); } } if (do_list_mods) { status = crypto_kernel_list_debug_modules(); if (status) { printf("error: list of debug modules failed\n"); exit(1); } } if (num_octets > 0) { uint8_t buffer[BUF_LEN]; status = crypto_get_random(buffer, num_octets); if (status) { printf("error: failure in random source\n"); } else { printf("%s\n", octet_string_hex_string(buffer, num_octets)); } } status = crypto_kernel_shutdown(); if (status) { printf("error: crypto_kernel shutdown failed\n"); exit(1); } return 0; }
int main(int argc, char *argv[]) { int q; int num_octets = 0; err_status_t status; uint32_t iterations = 0; int print_values = 0; if (argc == 1) { exit(255); } status = crypto_kernel_init(); if (status) { printf("error: crypto_kernel init failed\n"); exit(1); } while (1) { q = getopt_s(argc, argv, "pvn:"); if (q == -1) { break; } switch (q) { case 'p': print_values = 1; break; case 'n': num_octets = atoi(optarg_s); if (num_octets < 0 || num_octets > BUF_LEN) { exit(255); } break; case 'v': num_octets = 30; print_values = 0; break; default: exit(255); } } if (num_octets > 0) { while (iterations < 300000) { uint8_t buffer[BUF_LEN]; status = crypto_get_random(buffer, num_octets); if (status) { printf("iteration %d error: failure in random source\n", iterations); exit(255); } else if (print_values) { printf("%s\n", octet_string_hex_string(buffer, num_octets)); } iterations++; } } status = crypto_kernel_shutdown(); if (status) { printf("error: crypto_kernel shutdown failed\n"); exit(1); } return 0; }
err_status_t aes_128_cbc_hmac_sha1_96_func(void *key, void *clear, unsigned clear_len, void *iv, void *opaque, unsigned *opaque_len, void *auth_tag) { aes_cbc_ctx_t aes_ctx; hmac_ctx_t hmac_ctx; unsigned char enc_key[ENC_KEY_LEN]; unsigned char mac_key[MAC_KEY_LEN]; err_status_t status; /* check if we're doing authentication only */ if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { /* perform authentication only */ } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { /* * bad parameter - we expect either all three pointers to be NULL, * or none of those pointers to be NULL */ return err_status_fail; } else { /* derive encryption and authentication keys from the input key */ status = hmac_init(&hmac_ctx, key, KEY_LEN); if (status) return status; status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); if (status) return status; status = hmac_init(&hmac_ctx, key, KEY_LEN); if (status) return status; status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); if (status) return status; /* perform encryption and authentication */ /* set aes key */ status = aes_cbc_context_init(&aes_ctx, key, direction_encrypt); if (status) return status; /* set iv */ status = crypto_get_random(iv, IV_LEN); if (status) return status; status = aes_cbc_set_iv(&aes_ctx, iv); /* encrypt the opaque data */ status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len); if (status) return status; /* authenticate clear and opaque data */ status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); if (status) return status; status = hmac_start(&hmac_ctx); if (status) return status; status = hmac_update(&hmac_ctx, clear, clear_len); if (status) return status; status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag); if (status) return status; } return err_status_ok; }
err_status_t ortp_crypto_get_random(uint8_t *tmp, int size) { return crypto_get_random(tmp, size); }