std::string SrtpChannel::generateBase64Key() {
unsigned char key[30];
crypto_get_random(key, 30);
gchar* base64key = g_base64_encode((guchar*) key, 30);
return std::string(base64key);
}
int trtp_srtp_ctx_init(trtp_srtp_ctx_xt* ctx, int32_t tag, trtp_srtp_crypto_type_t type, uint32_t ssrc){
char* key_str = ctx->key_str;
err_status_t srtp_err;
tsk_size_t size;
if(!ctx){
TSK_DEBUG_ERROR("Invalid parameter");
return -1;
}
if(ctx->initialized){
trtp_srtp_ctx_deinit(ctx);
}
ctx->tag = tag;
ctx->crypto_type = type;
if((srtp_err = crypto_get_random((unsigned char*)ctx->key_bin, sizeof(ctx->key_bin))) != err_status_ok){
TSK_DEBUG_ERROR("crypto_get_random() failed");
return -2;
}
size = tsk_base64_encode((const uint8_t*)ctx->key_bin, sizeof(ctx->key_bin), &key_str);
key_str[size] = '\0';
switch(ctx->crypto_type){
case HMAC_SHA1_80:
{
crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtp);
crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtcp);
break;
}
case HMAC_SHA1_32:
default:
{
crypto_policy_set_aes_cm_128_hmac_sha1_32(&ctx->policy.rtp);
crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtcp); // RTCP always 80
break;
}
}
ctx->policy.key = (unsigned char*)ctx->key_bin;
ctx->policy.ssrc.type = ssrc_any_outbound;
ctx->policy.ssrc.value = ssrc;
if((srtp_err = srtp_create(&ctx->session, &ctx->policy)) != err_status_ok){
TSK_DEBUG_ERROR("srtp_create() failed");
return -3;
}
ctx->initialized = tsk_true;
return 0;
}
static int setup_srtp(struct menc_st *st)
{
err_status_t e;
/* init SRTP */
e = crypto_get_random(st->key_tx, SRTP_MASTER_KEY_LEN);
if (err_status_ok != e) {
DEBUG_WARNING("crypto_get_random() failed (%H)\n",
errstatus_print, e);
return ENOSYS;
}
return 0;
}
// int main(int argc, char *argv[]) {
int rand_gen(unsigned num_octets, unsigned do_debug) {
unsigned do_list_mods = 0;
err_status_t status;
/* initialize kernel - we need to do this before anything else */
status = crypto_kernel_init(0);
if (status) {
printf("error: crypto_kernel init failed\n");
return(1);
}
if (do_debug) {
status = crypto_kernel_set_debug_module(optarg, 1);
if (status) {
printf("error: set debug module (%s) failed\n", optarg);
return(1);
}
}
if (do_list_mods) {
status = crypto_kernel_list_debug_modules();
if (status) {
printf("error: list of debug modules failed\n");
return(1);
}
}
if (num_octets > 0) {
uint8_t buffer[BUF_LEN];
status = crypto_get_random(buffer, num_octets);
if (status) {
printf("error: failure in random source\n");
} else {
printf("%s\n", octet_string_hex_string(buffer, num_octets));
}
}
status = crypto_kernel_shutdown();
if (status) {
printf("error: crypto_kernel shutdown failed\n");
return(1);
}
return 0;
}
/* Generate crypto attribute, including crypto key.
* If crypto-suite chosen is crypto NULL, just return PJ_SUCCESS,
* and set buffer_len = 0.
*/
static pj_status_t generate_crypto_attr_value(pj_pool_t *pool,
char *buffer, int *buffer_len,
pjmedia_srtp_crypto *crypto,
int tag)
{
pj_status_t status;
int cs_idx = get_crypto_idx(&crypto->name);
char b64_key[PJ_BASE256_TO_BASE64_LEN(MAX_KEY_LEN)+1];
int b64_key_len = sizeof(b64_key);
if (cs_idx == -1)
return PJMEDIA_SRTP_ENOTSUPCRYPTO;
/* Crypto-suite NULL. */
if (cs_idx == 0) {
*buffer_len = 0;
return PJ_SUCCESS;
}
/* Generate key if not specified. */
if (crypto->key.slen == 0) {
pj_bool_t key_ok;
char key[MAX_KEY_LEN];
err_status_t err;
unsigned i;
PJ_ASSERT_RETURN(MAX_KEY_LEN >= crypto_suites[cs_idx].cipher_key_len,
PJ_ETOOSMALL);
do {
key_ok = PJ_TRUE;
err = crypto_get_random((unsigned char*)key,
crypto_suites[cs_idx].cipher_key_len);
if (err != err_status_ok) {
PJ_LOG(5,(THIS_FILE, "Failed generating random key: %s",
get_libsrtp_errstr(err)));
return PJMEDIA_ERRNO_FROM_LIBSRTP(err);
}
for (i=0; i<crypto_suites[cs_idx].cipher_key_len && key_ok; ++i)
if (key[i] == 0) key_ok = PJ_FALSE;
} while (!key_ok);
crypto->key.ptr = (char*)
pj_pool_zalloc(pool,
crypto_suites[cs_idx].cipher_key_len);
pj_memcpy(crypto->key.ptr, key, crypto_suites[cs_idx].cipher_key_len);
crypto->key.slen = crypto_suites[cs_idx].cipher_key_len;
}
if (crypto->key.slen != (pj_ssize_t)crypto_suites[cs_idx].cipher_key_len)
return PJMEDIA_SRTP_EINKEYLEN;
/* Key transmitted via SDP should be base64 encoded. */
status = pj_base64_encode((pj_uint8_t*)crypto->key.ptr, crypto->key.slen,
b64_key, &b64_key_len);
if (status != PJ_SUCCESS) {
PJ_LOG(5,(THIS_FILE, "Failed encoding plain key to base64"));
return status;
}
b64_key[b64_key_len] = '\0';
PJ_ASSERT_RETURN(*buffer_len >= (crypto->name.slen + \
b64_key_len + 16), PJ_ETOOSMALL);
/* Print the crypto attribute value. */
*buffer_len = pj_ansi_snprintf(buffer, *buffer_len, "%d %s inline:%s",
tag,
crypto_suites[cs_idx].name,
b64_key);
return PJ_SUCCESS;
}
int
main (int argc, char *argv[]) {
extern char *optarg;
int q;
int num_octets = 0;
unsigned do_list_mods = 0;
err_status_t status;
if (argc == 1)
usage(argv[0]);
/* initialize kernel - we need to do this before anything else */
status = crypto_kernel_init();
if (status) {
printf("error: crypto_kernel init failed\n");
exit(1);
}
/* process input arguments */
while (1) {
q = getopt(argc, argv, "ld:n:");
if (q == -1)
break;
switch (q) {
case 'd':
status = crypto_kernel_set_debug_module(optarg, 1);
if (status) {
printf("error: set debug module (%s) failed\n", optarg);
exit(1);
}
break;
case 'l':
do_list_mods = 1;
break;
case 'n':
num_octets = atoi(optarg);
if (num_octets < 0 || num_octets > BUF_LEN)
usage(argv[0]);
break;
default:
usage(argv[0]);
}
}
if (do_list_mods) {
status = crypto_kernel_list_debug_modules();
if (status) {
printf("error: list of debug modules failed\n");
exit(1);
}
}
if (num_octets > 0) {
uint8_t buffer[BUF_LEN];
status = crypto_get_random(buffer, num_octets);
if (status) {
printf("error: failure in random source\n");
} else {
printf("%s\n", octet_string_hex_string(buffer, num_octets));
}
}
status = crypto_kernel_shutdown();
if (status) {
printf("error: crypto_kernel shutdown failed\n");
exit(1);
}
return 0;
}
int main(int argc, char *argv[])
{
int q;
int num_octets = 0;
err_status_t status;
uint32_t iterations = 0;
int print_values = 0;
if (argc == 1) {
exit(255);
}
status = crypto_kernel_init();
if (status) {
printf("error: crypto_kernel init failed\n");
exit(1);
}
while (1) {
q = getopt_s(argc, argv, "pvn:");
if (q == -1) {
break;
}
switch (q) {
case 'p':
print_values = 1;
break;
case 'n':
num_octets = atoi(optarg_s);
if (num_octets < 0 || num_octets > BUF_LEN) {
exit(255);
}
break;
case 'v':
num_octets = 30;
print_values = 0;
break;
default:
exit(255);
}
}
if (num_octets > 0) {
while (iterations < 300000) {
uint8_t buffer[BUF_LEN];
status = crypto_get_random(buffer, num_octets);
if (status) {
printf("iteration %d error: failure in random source\n", iterations);
exit(255);
} else if (print_values) {
printf("%s\n", octet_string_hex_string(buffer, num_octets));
}
iterations++;
}
}
status = crypto_kernel_shutdown();
if (status) {
printf("error: crypto_kernel shutdown failed\n");
exit(1);
}
return 0;
}
err_status_t
aes_128_cbc_hmac_sha1_96_func(void *key,
void *clear,
unsigned clear_len,
void *iv,
void *opaque,
unsigned *opaque_len,
void *auth_tag) {
aes_cbc_ctx_t aes_ctx;
hmac_ctx_t hmac_ctx;
unsigned char enc_key[ENC_KEY_LEN];
unsigned char mac_key[MAC_KEY_LEN];
err_status_t status;
/* check if we're doing authentication only */
if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
/* perform authentication only */
} else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
/*
* bad parameter - we expect either all three pointers to be NULL,
* or none of those pointers to be NULL
*/
return err_status_fail;
} else {
/* derive encryption and authentication keys from the input key */
status = hmac_init(&hmac_ctx, key, KEY_LEN);
if (status) return status;
status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
if (status) return status;
status = hmac_init(&hmac_ctx, key, KEY_LEN);
if (status) return status;
status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
if (status) return status;
/* perform encryption and authentication */
/* set aes key */
status = aes_cbc_context_init(&aes_ctx, key, direction_encrypt);
if (status) return status;
/* set iv */
status = crypto_get_random(iv, IV_LEN);
if (status) return status;
status = aes_cbc_set_iv(&aes_ctx, iv);
/* encrypt the opaque data */
status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
if (status) return status;
/* authenticate clear and opaque data */
status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
if (status) return status;
status = hmac_start(&hmac_ctx);
if (status) return status;
status = hmac_update(&hmac_ctx, clear, clear_len);
if (status) return status;
status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
if (status) return status;
}
return err_status_ok;
}
err_status_t ortp_crypto_get_random(uint8_t *tmp, int size)
{
return crypto_get_random(tmp, size);
}
