Главная Обзор Помощь
Регистрация Вход
third
/
srs
зеркало из https://github.com/ossrs/srs
2
0
Ответвить 0
Файлы
Дерево: c2d75ca395
Ветки Метки
srs
/
trunk
/
3rdparty
/
srt-1-fit
/
haicrypt
/
hcrypt_ctx_rx.c

hcrypt_ctx_rx.c 6.5 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229 
  1. /*
    2. 

  2.  * SRT - Secure, Reliable, Transport
    3. 

  3.  * Copyright (c) 2018 Haivision Systems Inc.
    4. 

  4.  * 
    5. 

  5.  * This Source Code Form is subject to the terms of the Mozilla Public
    6. 

  6.  * License, v. 2.0. If a copy of the MPL was not distributed with this
    7. 

  7.  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    8. 

  8.  * 
    9. 

  9.  */
    10. 

  10. 

  11. 

  12. /*****************************************************************************
    13. 

  13. written by
    14. 

  14.    Haivision Systems Inc.
    15. 

  15. 

  16.    2011-06-23 (jdube)
    17. 

  17. 		HaiCrypt initial implementation.
    18. 

  18.    2014-03-11 (jdube)
    19. 

  19. 		Adaptation for SRT.
    20. 

  20. *****************************************************************************/
    21. 

  21. 

  22. #include <string.h>				/* memcpy */
    23. 

  23. #include "hcrypt.h"
    24. 

  24. 

  25. int hcryptCtx_Rx_Init(hcrypt_Session *crypto, hcrypt_Ctx *ctx, const HaiCrypt_Cfg *cfg)
    26. 

  26. {
    27. 

  27. 	if (cfg) {
    28. 

  28. 		ctx->mode = (cfg->flags & HAICRYPT_CFG_F_GCM) ? HCRYPT_CTX_MODE_AESGCM : HCRYPT_CTX_MODE_AESCTR;
    29. 

  29. 	}
    30. 

  30. 	ctx->status = HCRYPT_CTX_S_INIT;
    31. 

  31. 

  32. 	ctx->msg_info = crypto->msg_info;
    33. 

  33. 

  34. 	if (cfg && hcryptCtx_SetSecret(crypto, ctx, &cfg->secret)) {
    35. 

  35. 		return(-1);
    36. 

  36. 	}
    37. 

  37. 	ctx->status = HCRYPT_CTX_S_SARDY;
    38. 

  38. 	return(0);
    39. 

  39. }
    40. 

  40. 

  41. int hcryptCtx_Rx_Rekey(hcrypt_Session *crypto, hcrypt_Ctx *ctx, unsigned char *sek, size_t sek_len)
    42. 

  42. {
    43. 

  43. 	if (crypto->cryspr->ms_setkey(crypto->cryspr_cb, ctx, sek, sek_len)) {
    44. 

  44. 		HCRYPT_LOG(LOG_ERR, "cryspr setkey[%d](sek) failed\n", hcryptCtx_GetKeyIndex(ctx));
    45. 

  45. 		return(-1);
    46. 

  46. 	}
    47. 

  47. 	memcpy(ctx->sek, sek, sek_len);
    48. 

  48. 	ctx->sek_len = sek_len;
    49. 

  49. 

  50. 	HCRYPT_LOG(LOG_INFO, "updated context[%d]\n", hcryptCtx_GetKeyIndex(ctx));
    51. 

  51. 	HCRYPT_PRINTKEY(ctx->sek, ctx->sek_len, "sek");
    52. 

  52. 	ctx->status = HCRYPT_CTX_S_KEYED;
    53. 

  53. 	return(0);
    54. 

  54. }
    55. 

  55. 

  56. /* Parse Keying Material message */
    57. 

  57. int hcryptCtx_Rx_ParseKM(hcrypt_Session *crypto, unsigned char *km_msg, size_t msg_len)
    58. 

  58. {
    59. 

  59. 	size_t sek_len, salt_len;
    60. 

  60. 	unsigned char seks[HAICRYPT_KEY_MAX_SZ * 2];
    61. 

  61. 	int sek_cnt;
    62. 

  62. 	size_t kek_len = 0;
    63. 

  63. 	hcrypt_Ctx *ctx;
    64. 

  64. 	int do_pbkdf = 0;
    65. 

  65. 

  66. 	if (NULL == crypto) {
    67. 

  67. 		HCRYPT_LOG(LOG_ERR, "Rx_ParseKM: invalid params: crypto=%p\n", crypto);
    68. 

  68. 		return(-1);
    69. 

  69. 	}
    70. 

  70. 

  71. 	/* Validate message content */
    72. 

  72. 	{
    73. 

  73. 		if (msg_len <= HCRYPT_MSG_KM_OFS_SALT) {
    74. 

  74. 			HCRYPT_LOG(LOG_WARNING, "KMmsg length too small (%zd)\n", msg_len);
    75. 

  75. 			return(-1);
    76. 

  76. 		}
    77. 

  77. 		salt_len = hcryptMsg_KM_GetSaltLen(km_msg);
    78. 

  78. 		sek_len = hcryptMsg_KM_GetSekLen(km_msg);
    79. 

  79. 

  80. 		if ((salt_len > HAICRYPT_SALT_SZ)
    81. 

  81. 		||	(sek_len > HAICRYPT_KEY_MAX_SZ)) {
    82. 

  82. 			HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg unsupported salt/key length\n");
    83. 

  83. 			return(-1);
    84. 

  84. 		}
    85. 

  85. 		if ((16 != sek_len)
    86. 

  86. 		&&  (24 != sek_len)
    87. 

  87. 		&&  (32 != sek_len)) {
    88. 

  88. 			HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg unsupported key length\n");
    89. 

  89. 			return(-1);
    90. 

  90. 		}
    91. 

  91. 		if (hcryptMsg_KM_HasBothSek(km_msg)) {
    92. 

  92. 			sek_cnt = 2;
    93. 

  93. 		} else {
    94. 

  94. 			sek_cnt = 1;
    95. 

  95. 		}
    96. 

  96. 		if (msg_len != (HCRYPT_MSG_KM_OFS_SALT + salt_len + (sek_cnt * sek_len) + HAICRYPT_WRAPKEY_SIGN_SZ)) {
    97. 

  97. 			HCRYPT_LOG(LOG_WARNING, "KMmsg length inconsistent (%zd,%zd,%zd)\n",
    98. 

  98. 				salt_len, sek_len, msg_len);
    99. 

  99. 			return(-1);
    100. 

  100. 		}
    101. 

  101. 

  102. 		/* Check options support  */
    103. 

  103. 		if (HCRYPT_CIPHER_AES_CTR != km_msg[HCRYPT_MSG_KM_OFS_CIPHER]
    104. 

  104. 			&& HCRYPT_CIPHER_AES_GCM != km_msg[HCRYPT_MSG_KM_OFS_CIPHER])
    105. 

  105. 		{
    106. 

  106. 			HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg unsupported cipher\n");
    107. 

  107. 			return(-1);
    108. 

  108. 		}
    109. 

  109. 

  110. #if !CRYSPR_HAS_AESGCM
    111. 

  111. 		/* Only OpenSSL EVP crypto provider allows the use of GCM.Add this condition. Reject if GCM is not supported by the CRYSPR. */
    112. 

  112. 		if (HCRYPT_CIPHER_AES_GCM == km_msg[HCRYPT_MSG_KM_OFS_CIPHER])
    113. 

  113. 		{
    114. 

  114. 			HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg unsupported GCM cipher\n");
    115. 

  115. 			return(-1);
    116. 

  116. 		}
    117. 

  117. #endif
    118. 

  118. 

  119. 		if (HCRYPT_CIPHER_AES_GCM == km_msg[HCRYPT_MSG_KM_OFS_CIPHER]
    120. 

  120. 			&& HCRYPT_AUTH_AES_GCM != km_msg[HCRYPT_MSG_KM_OFS_AUTH]) {
    121. 

  121. 			HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg GCM auth method was expected.\n");
    122. 

  122. 			return(-1);
    123. 

  123. 		}
    124. 

  124. 

  125. 		if (HCRYPT_CIPHER_AES_CTR == km_msg[HCRYPT_MSG_KM_OFS_CIPHER]
    126. 

  126. 			&& HCRYPT_AUTH_NONE != km_msg[HCRYPT_MSG_KM_OFS_AUTH]) {
    127. 

  127. 			HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg unsupported auth method\n");
    128. 

  128. 			return(-1);
    129. 

  129. 		}
    130. 

  130. 

  131. 		if (crypto->se != km_msg[HCRYPT_MSG_KM_OFS_SE]) {
    132. 

  132. 			HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg invalid SE\n");
    133. 

  133. 			return(-1);
    134. 

  134. 		}
    135. 

  135. 

  136. 		/* Check KEKI here and pick right key */
    137. 

  137. 		//>>todo
    138. 

  138. 		/*
    139. 

  139. 		 * We support no key exchange,
    140. 

  140. 		 * KEK is preshared or derived from a passphrase
    141. 

  141. 		 */
    142. 

  142. 	}
    143. 

  143. 

  144. 	/* Pick the context updated by this KMmsg */
    145. 

  145. 	if (hcryptMsg_KM_HasBothSek(km_msg) && (NULL != crypto->ctx)) {
    146. 

  146. 		ctx = crypto->ctx->alt; /* 2 SEK KM, start with inactive ctx */
    147. 

  147. 	} else {
    148. 

  148. 		ctx = &crypto->ctx_pair[hcryptMsg_KM_GetKeyIndex(km_msg)];
    149. 

  149. 	}
    150. 

  150. 	if (NULL == ctx) {
    151. 

  151. 		HCRYPT_LOG(LOG_WARNING, "%s", "KMmsg invalid flags (no SEK)\n");
    152. 

  152. 		return(-1);
    153. 

  153. 	}
    154. 

  154. 

  155. 	/* Check Salt and get if new */
    156. 

  156. 	if ((salt_len != ctx->salt_len)
    157. 

  157. 	||  (0 != memcmp(ctx->salt, &km_msg[HCRYPT_MSG_KM_OFS_SALT], salt_len))) {
    158. 

  158. 		/* Salt changed (or 1st KMmsg received) */
    159. 

  159. 		memcpy(ctx->salt, &km_msg[HCRYPT_MSG_KM_OFS_SALT], salt_len);
    160. 

  160. 		ctx->salt_len = salt_len;
    161. 

  161. 		do_pbkdf = 1; /* Impact on password derived kek */
    162. 

  162. 	}
    163. 

  163. 

  164. 	/* Check SEK length and get if new */
    165. 

  165. 	if (sek_len != ctx->sek_len) {
    166. 

  166. 		/* Key length changed or 1st KMmsg received */
    167. 

  167. 		ctx->sek_len = sek_len;
    168. 

  168. 		do_pbkdf = 1; /* Impact on password derived kek */
    169. 

  169. 	}
    170. 

  170. 

  171. 	/* Check cipher mode */
    172. 

  172. 	if (ctx->mode != km_msg[HCRYPT_MSG_KM_OFS_CIPHER])
    173. 

  173. 	{
    174. 

  174. 		HCRYPT_LOG(LOG_WARNING, "%s", "cipher mode mismatch\n");
    175. 

  175. 		return(-3);
    176. 

  176. 	}
    177. 

  177. 

  178. 	/* 
    179. 

  179. 	 * Regenerate KEK if it is password derived
    180. 

  180. 	 * and Salt or SEK length changed
    181. 

  181. 	 */
    182. 

  182. 	if (ctx->cfg.pwd_len && do_pbkdf) {
    183. 

  183. 		if (hcryptCtx_GenSecret(crypto, ctx)) {
    184. 

  184. 			return(-1);
    185. 

  185. 		}
    186. 

  186. 		ctx->status = HCRYPT_CTX_S_SARDY;
    187. 

  187. 		kek_len = sek_len;	/* KEK changed */
    188. 

  188. 	}
    189. 

  189. 

  190. 	/* Unwrap SEK(s) and set in context */
    191. 

  191. 	if (0 > crypto->cryspr->km_unwrap(crypto->cryspr_cb, seks,
    192. 

  192. 		&km_msg[HCRYPT_MSG_KM_OFS_SALT + salt_len], 
    193. 

  193. 		(unsigned int)((sek_cnt * sek_len) + HAICRYPT_WRAPKEY_SIGN_SZ))) {
    194. 

  194. 		HCRYPT_LOG(LOG_WARNING, "%s", "unwrap key failed\n");
    195. 

  195. 		return(-2); //Report unmatched shared secret
    196. 

  196. 	}
    197. 

  197. 	/*
    198. 

  198. 	 * First SEK in KMmsg is eSEK if both SEK present
    199. 

  199. 	 */
    200. 

  200. 	hcryptCtx_Rx_Rekey(crypto, ctx,
    201. 

  201. 		((2 == sek_cnt) && (ctx->flags & HCRYPT_MSG_F_oSEK)) ? &seks[sek_len] : &seks[0],
    202. 

  202. 		sek_len);
    203. 

  203. 

  204. 	/*
    205. 

  205. 	 * Refresh KMmsg cache to detect Keying Material changes
    206. 

  206. 	 */
    207. 

  207. 	ctx->KMmsg_len = msg_len;
    208. 

  208. 	memcpy(ctx->KMmsg_cache, km_msg, msg_len);
    209. 

  209. 

  210. 	/* update other (alternate) context if both SEK provided */
    211. 

  211. 	if (2 == sek_cnt) {
    212. 

  212. 		hcrypt_Ctx *alt = ctx->alt;
    213. 

  213. 

  214. 		memcpy(alt->salt, &km_msg[HCRYPT_MSG_KM_OFS_SALT], salt_len);
    215. 

  215. 		alt->salt_len = salt_len;
    216. 

  216. 

  217. 		if (kek_len) { /* New or changed KEK */
    218. 

  218. 			alt->status = HCRYPT_CTX_S_SARDY;
    219. 

  219. 		}
    220. 

  220. 

  221. 		hcryptCtx_Rx_Rekey(crypto, alt,
    222. 

  222. 			((2 == sek_cnt) && (alt->flags & HCRYPT_MSG_F_oSEK)) ? &seks[sek_len] : &seks[0],
    223. 

  223. 			sek_len);
    224. 

  224. 

  225. 		alt->KMmsg_len = msg_len;
    226. 

  226. 		memcpy(alt->KMmsg_cache, km_msg, msg_len);
    227. 

  227. 	}
    228. 

  228. 	return(0);
    229. 

  229. }
    230.