Commit acf9c009 authored by johan's avatar johan

Switch to bctoolbox instead of direct usage of crypto library

parent d1cf1db9
......@@ -67,17 +67,11 @@ find_package(CUnit)
endif()
endif()
find_package(MbedTLS)
if (MBEDTLS_FOUND)
message("Use mbedTLS")
else()
find_package(PolarSSL)
if (POLARSSL_FOUND)
message("Use polarSSL")
else()
message(FATAL_ERROR " No polarSSL or mbedTLS found")
endif()
endif()
if(LINPHONE_BUILDER_GROUP_EXTERNAL_SOURCE_PATH_BUILDERS)
include("${EP_bctoolbox_CONFIG_DIR}/BcToolboxConfig.cmake")
else()
find_package(BcToolBox REQUIRED)
endif()
find_package(XML2)
......@@ -104,21 +98,13 @@ if(STRICT_OPTIONS_CPP)
string(REPLACE ";" " " STRICT_OPTIONS_CPP "${STRICT_OPTIONS_CPP}")
endif()
if (MBEDTLS_FOUND)
include_directories(
include
${CMAKE_CURRENT_BINARY_DIR}
${MBEDTLS_INCLUDE_DIRS}
)
set(LIBS ${MBEDTLS_LIBRARIES})
else ()
include_directories(
include
${CMAKE_CURRENT_BINARY_DIR}
${POLARSSL_INCLUDE_DIRS}
)
set(LIBS ${POLARSSL_LIBRARIES})
endif()
include_directories(
include
${CMAKE_CURRENT_BINARY_DIR}
${BCTOOLBOX_INCLUDE_DIRS}
)
set(LIBS ${BCTOOLBOX_LIBRARIES})
if(CUNIT_FOUND)
include_directories(${CUNIT_INCLUDE_DIRS})
......
############################################################################
# FindPolarSSL.txt
# Copyright (C) 2015 Belledonne Communications, Grenoble France
# FindiBcToolBox.cmake
# Copyright (C) 2016 Belledonne Communications, Grenoble France
#
############################################################################
#
......@@ -20,58 +20,37 @@
#
############################################################################
#
# - Find the polarssl include file and library
# - Find the bctoolbox include file and library
#
# POLARSSL_FOUND - system has polarssl
# POLARSSL_INCLUDE_DIRS - the polarssl include directory
# POLARSSL_LIBRARIES - The libraries needed to use polarssl
# BCTOOLBOX_FOUND - system has BC Toolbox
# BCTOOLBOX_INCLUDE_DIRS - the BC Toolbox include directory
# BCTOOLBOX_LIBRARIES - The libraries needed to use BC Toolbox
include(CMakePushCheckState)
include(CheckIncludeFile)
include(CheckCSourceCompiles)
include(CheckSymbolExists)
set(_POLARSSL_ROOT_PATHS
set(_BCTOOLBOX_ROOT_PATHS
${CMAKE_INSTALL_PREFIX}
)
find_path(POLARSSL_INCLUDE_DIRS
NAMES polarssl/ssl.h
HINTS _POLARSSL_ROOT_PATHS
find_path(BCTOOLBOX_INCLUDE_DIRS
NAMES bctoolbox/crypto.h
HINTS _BCTOOLBOX_ROOT_PATHS
PATH_SUFFIXES include
)
if(POLARSSL_INCLUDE_DIRS)
set(HAVE_POLARSSL_SSL_H 1)
endif()
find_library(POLARSSL_LIBRARIES
NAMES polarssl mbedtls
HINTS _POLARSSL_ROOT_PATHS
find_library(BCTOOLBOX_LIBRARIES
NAMES bctoolbox
HINTS _BCTOOLBOX_ROOT_PATHS
PATH_SUFFIXES bin lib
)
if(POLARSSL_LIBRARIES)
cmake_push_check_state(RESET)
set(CMAKE_REQUIRED_INCLUDES ${POLARSSL_INCLUDE_DIRS})
set(CMAKE_REQUIRED_LIBRARIES ${POLARSSL_LIBRARIES})
check_c_source_compiles("#include <polarssl/version.h>
#include <polarssl/x509.h>
#if POLARSSL_VERSION_NUMBER >= 0x01030000
#include <polarssl/compat-1.2.h>
#endif
int main(int argc, char *argv[]) {
x509parse_crtpath(0,0);
return 0;
}"
X509PARSE_CRTPATH_OK)
check_symbol_exists(ssl_get_dtls_srtp_protection_profile "polarssl/ssl.h" HAVE_SSL_GET_DTLS_SRTP_PROTECTION_PROFILE)
cmake_pop_check_state()
endif()
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(PolarSSL
find_package_handle_standard_args(BcToolBox
DEFAULT_MSG
POLARSSL_INCLUDE_DIRS POLARSSL_LIBRARIES HAVE_POLARSSL_SSL_H
BCTOOLBOX_INCLUDE_DIRS BCTOOLBOX_LIBRARIES
)
mark_as_advanced(POLARSSL_INCLUDE_DIRS POLARSSL_LIBRARIES HAVE_POLARSSL_SSL_H X509PARSE_CRTPATH_OK HAVE_SSL_GET_DTLS_SRTP_PROTECTION_PROFILE)
mark_as_advanced(BCTOOLBOX_INCLUDE_DIRS BCTOOLBOX_LIBRARIES)
############################################################################
# FindMdebTLS.txt
# Copyright (C) 2015 Belledonne Communications, Grenoble France
#
############################################################################
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
############################################################################
#
# - Find the mbedTLS include file and library
#
# MBEDTLS_FOUND - system has mbedTLS
# MBEDTLS_INCLUDE_DIRS - the mbedTLS include directory
# MBEDTLS_LIBRARIES - The libraries needed to use mbedTLS
include(CMakePushCheckState)
include(CheckIncludeFile)
include(CheckCSourceCompiles)
include(CheckSymbolExists)
set(_MBEDTLS_ROOT_PATHS
${CMAKE_INSTALL_PREFIX}
)
find_path(MBEDTLS_INCLUDE_DIRS
NAMES mbedtls/ssl.h
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES include
)
# find the three mbedtls library
find_library(MBEDTLS_LIBRARY
NAMES mbedtls
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES bin lib
)
if (MBEDTLS_LIBRARY)
find_library(MBEDX509_LIBRARY
NAMES mbedx509
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES bin lib
)
endif()
if (MBEDX509_LIBRARY)
find_library(MBEDCRYPTO_LIBRARY
NAMES mbedcrypto
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES bin lib
)
endif()
# check we have a mbedTLS version 2 or above(all functions are prefixed mbedtls_)
if (MBEDCRYPTO_LIBRARY)
cmake_push_check_state(RESET)
set(CMAKE_REQUIRED_INCLUDES ${MBEDTLS_INCLUDE_DIRS})
set(CMAKE_REQUIRED_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRARY})
check_symbol_exists(mbedtls_ssl_init "mbedtls/ssl.h" MBEDTLS_V2)
cmake_pop_check_state()
endif()
if (MBEDTLS_V2)
set (MBEDTLS_LIBRARIES
${MBEDTLS_LIBRARY}
${MBEDX509_LIBRARY}
${MBEDCRYPTO_LIBRARY}
)
endif()
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(MbedTLS
DEFAULT_MSG
MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARIES
)
mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARIES)
......@@ -31,6 +31,16 @@
#include "typedef.h"
#include "packetParser.h"
/** Return available crypto functions. For now we have
*
* - Hash: HMAC-SHA256(Mandatory)
* - CipherBlock: AES128(Mandatory)
* - Auth Tag: HMAC-SHA132 and HMAC-SHA180 (These are mandatory for SRTP and depends on the SRTP implementation thus we can just suppose they are both available)
* - Key Agreement: DHM3k(Mandatory), DHM2k(optional and shall not be used except on low power devices)
* - Sas: base32(Mandatory), b256(pgp words)
*/
uint8_t bzrtpUtils_getAvailableCryptoTypes(uint8_t algoType, uint8_t availableTypes[7]);
/**
*
* @brief ZRTP Key Derivation Function as in rfc 4.5.1
......
This diff is collapsed.
......@@ -48,7 +48,7 @@
typedef struct bzrtpChannelContext_struct bzrtpChannelContext_t;
#include "cryptoWrapper.h"
#include <bctoolbox/crypto.h>
#include "packetParser.h"
#include "stateMachine.h"
......@@ -184,8 +184,8 @@ struct bzrtpChannelContext_struct {
*/
struct bzrtpContext_struct {
/* contexts */
bzrtpRNGContext_t *RNGContext; /**< context for random number generation */
bzrtpDHMContext_t *DHMContext; /**< context for the Diffie-Hellman-Merkle operations. Only one DHM computation may be done during a call, so this belongs to the general context and not the channel one */
bctoolbox_rng_context_t *RNGContext; /**< context for random number generation */
bctoolbox_DHMContext_t *DHMContext; /**< context for the Diffie-Hellman-Merkle operations. Only one DHM computation may be done during a call, so this belongs to the general context and not the channel one */
/* flags */
uint8_t isSecure; /**< this flag is set to 1 after the first channel have completed the ZRTP protocol exchange(i.e. when the responder have sent the conf2ACK message) */
......
......@@ -27,7 +27,7 @@
#include "bzrtp/bzrtp.h"
#include "typedef.h"
#include "cryptoWrapper.h"
#include "bctoolbox/crypto.h"
#include "cryptoUtils.h"
#include "zidCache.h"
#include "packetParser.h"
......@@ -54,7 +54,7 @@ bzrtpContext_t *bzrtp_createBzrtpContext(uint32_t selfSSRC) {
memset(context, 0, sizeof(bzrtpContext_t));
/* start the random number generator */
context->RNGContext = bzrtpCrypto_startRNG(NULL, 0); /* TODO: give a seed for the RNG? */
context->RNGContext = bctoolbox_rng_context_new(); /* TODO: give a seed for the RNG? */
/* set the DHM context to NULL, it will be created if needed when creating a DHPart packet */
context->DHMContext = NULL;
......@@ -81,11 +81,11 @@ bzrtpContext_t *bzrtp_createBzrtpContext(uint32_t selfSSRC) {
/* get the list of crypto algorithms provided by the crypto module */
/* this list may then be updated according to users settings */
context->hc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_HASH_TYPE, context->supportedHash);
context->cc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_CIPHERBLOCK_TYPE, context->supportedCipher);
context->ac = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_AUTHTAG_TYPE, context->supportedAuthTag);
context->kc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_KEYAGREEMENT_TYPE, context->supportedKeyAgreement);
context->sc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_SAS_TYPE, context->supportedSas);
context->hc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_HASH_TYPE, context->supportedHash);
context->cc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_CIPHERBLOCK_TYPE, context->supportedCipher);
context->ac = bzrtpUtils_getAvailableCryptoTypes(ZRTP_AUTHTAG_TYPE, context->supportedAuthTag);
context->kc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_KEYAGREEMENT_TYPE, context->supportedKeyAgreement);
context->sc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_SAS_TYPE, context->supportedSas);
/* initialise cached secret buffer to null */
#ifdef HAVE_LIBXML2
......@@ -157,7 +157,7 @@ void bzrtp_destroyBzrtpContext(bzrtpContext_t *context, uint32_t selfSSRC) {
/* We have no more channel, destroy the zrtp context */
if (context->DHMContext != NULL) {
bzrtpCrypto_DestroyDHMContext(context->DHMContext);
bctoolbox_DestroyDHMContext(context->DHMContext);
context->DHMContext = NULL;
}
......@@ -180,7 +180,7 @@ void bzrtp_destroyBzrtpContext(bzrtpContext_t *context, uint32_t selfSSRC) {
#endif
/* destroy the RNG context at the end because it may be needed to destroy some keys */
bzrtpCrypto_destroyRNG(context->RNGContext);
bctoolbox_rng_context_free(context->RNGContext);
context->RNGContext = NULL;
free(context);
return;
......@@ -612,10 +612,10 @@ int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelContext_t
zrtpChannelContext->role = INITIATOR;
/* create H0 (32 bytes random) and derive using implicit Hash(SHA256) H1,H2,H3 */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpChannelContext->selfH[0], 32);
bzrtpCrypto_sha256(zrtpChannelContext->selfH[0], 32, 32, zrtpChannelContext->selfH[1]);
bzrtpCrypto_sha256(zrtpChannelContext->selfH[1], 32, 32, zrtpChannelContext->selfH[2]);
bzrtpCrypto_sha256(zrtpChannelContext->selfH[2], 32, 32, zrtpChannelContext->selfH[3]);
bctoolbox_rng_get(zrtpContext->RNGContext, zrtpChannelContext->selfH[0], 32);
bctoolbox_sha256(zrtpChannelContext->selfH[0], 32, 32, zrtpChannelContext->selfH[1]);
bctoolbox_sha256(zrtpChannelContext->selfH[1], 32, 32, zrtpChannelContext->selfH[2]);
bctoolbox_sha256(zrtpChannelContext->selfH[2], 32, 32, zrtpChannelContext->selfH[3]);
/* initialisation of packet storage */
for (i=0; i<PACKET_STORAGE_CAPACITY; i++) {
......@@ -624,7 +624,7 @@ int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelContext_t
}
/* initialise the self Sequence number to a random and peer to 0 */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, (uint8_t *)&(zrtpChannelContext->selfSequenceNumber), 2);
bctoolbox_rng_get(zrtpContext->RNGContext, (uint8_t *)&(zrtpChannelContext->selfSequenceNumber), 2);
zrtpChannelContext->selfSequenceNumber &= 0x0FFF; /* first 4 bits to zero in order to avoid reaching FFFF and turning back to 0 */
zrtpChannelContext->selfSequenceNumber++; /* be sure it is not initialised to 0 */
zrtpChannelContext->peerSequenceNumber = 0;
......@@ -791,7 +791,7 @@ void bzrtp_setSupportedCryptoTypes(bzrtpContext_t *zrtpContext, uint8_t algoType
return;
}
implementedTypesCount = bzrtpCrypto_getAvailableCryptoTypes(algoType, implementedTypes);
implementedTypesCount = bzrtpUtils_getAvailableCryptoTypes(algoType, implementedTypes);
switch(algoType) {
case ZRTP_HASH_TYPE:
......
This diff is collapsed.
This diff is collapsed.
......@@ -30,8 +30,81 @@
#include <string.h>
#include "cryptoUtils.h"
#include "cryptoWrapper.h"
#include "bctoolbox/crypto.h"
/** Return available crypto functions. For now we have
*
* - Hash: HMAC-SHA256(Mandatory)
* - CipherBlock: AES128(Mandatory)
* - Auth Tag: HMAC-SHA132 and HMAC-SHA180 (These are mandatory for SRTP and depends on the SRTP implementation thus we can just suppose they are both available)
* - Key Agreement: DHM3k(Mandatory), DHM2k(optional and shall not be used except on low power devices)
* - Sas: base32(Mandatory), b256(pgp words)
*/
uint8_t bzrtpUtils_getAvailableCryptoTypes(uint8_t algoType, uint8_t availableTypes[7]) {
switch(algoType) {
case ZRTP_HASH_TYPE:
availableTypes[0] = ZRTP_HASH_S256;
return 1;
break;
case ZRTP_CIPHERBLOCK_TYPE:
availableTypes[0] = ZRTP_CIPHER_AES1;
availableTypes[1] = ZRTP_CIPHER_AES3;
return 2;
break;
case ZRTP_AUTHTAG_TYPE:
availableTypes[0] = ZRTP_AUTHTAG_HS32;
availableTypes[1] = ZRTP_AUTHTAG_HS80;
return 2;
break;
case ZRTP_KEYAGREEMENT_TYPE:
availableTypes[0] = ZRTP_KEYAGREEMENT_DH3k;
availableTypes[1] = ZRTP_KEYAGREEMENT_DH2k;
availableTypes[2] = ZRTP_KEYAGREEMENT_Mult; /* This one shall always be at the end of the list, it is just to inform the peer ZRTP endpoint that we support the Multichannel ZRTP */
return 3;
break;
case ZRTP_SAS_TYPE: /* the SAS function is implemented in cryptoUtils.c and then is not directly linked to the polarSSL crypto wrapper */
availableTypes[0] = ZRTP_SAS_B32;
availableTypes[1] = ZRTP_SAS_B256;
return 2;
break;
default:
return 0;
}
}
/** Return mandatory crypto functions. For now we have
*
* - Hash: HMAC-SHA256
* - CipherBlock: AES128
* - Auth Tag: HMAC-SHA132 and HMAC-SHA180
* - Key Agreement: DHM3k
* - Sas: base32
*/
uint8_t bzrtpUtils_getMandatoryCryptoTypes(uint8_t algoType, uint8_t mandatoryTypes[7]) {
switch(algoType) {
case ZRTP_HASH_TYPE:
mandatoryTypes[0] = ZRTP_HASH_S256;
return 1;
case ZRTP_CIPHERBLOCK_TYPE:
mandatoryTypes[0] = ZRTP_CIPHER_AES1;
return 1;
case ZRTP_AUTHTAG_TYPE:
mandatoryTypes[0] = ZRTP_AUTHTAG_HS32;
mandatoryTypes[1] = ZRTP_AUTHTAG_HS80;
return 2;
case ZRTP_KEYAGREEMENT_TYPE:
mandatoryTypes[0] = ZRTP_KEYAGREEMENT_DH3k;
mandatoryTypes[1] = ZRTP_KEYAGREEMENT_Mult; /* we must add this one if we want to be able to make multistream */
return 2;
case ZRTP_SAS_TYPE:
mandatoryTypes[0] = ZRTP_SAS_B32;
return 1;
default:
return 0;
}
}
int bzrtp_keyDerivationFunction(uint8_t *key, uint16_t keyLength,
uint8_t *label, uint16_t labelLength,
......@@ -368,8 +441,8 @@ int updateCryptoFunctionPointers(bzrtpChannelContext_t *zrtpChannelContext) {
/* Hash algo */
switch (zrtpChannelContext->hashAlgo) {
case ZRTP_HASH_S256 :
zrtpChannelContext->hashFunction = bzrtpCrypto_sha256;
zrtpChannelContext->hmacFunction = bzrtpCrypto_hmacSha256;
zrtpChannelContext->hashFunction = bctoolbox_sha256;
zrtpChannelContext->hmacFunction = bctoolbox_hmacSha256;
zrtpChannelContext->hashLength = 32;
break;
case ZRTP_UNSET_ALGO :
......@@ -385,13 +458,13 @@ int updateCryptoFunctionPointers(bzrtpChannelContext_t *zrtpChannelContext) {
/* CipherBlock algo */
switch (zrtpChannelContext->cipherAlgo) {
case ZRTP_CIPHER_AES1 :
zrtpChannelContext->cipherEncryptionFunction = bzrtpCrypto_aes128CfbEncrypt;
zrtpChannelContext->cipherDecryptionFunction = bzrtpCrypto_aes128CfbDecrypt;
zrtpChannelContext->cipherEncryptionFunction = bctoolbox_aes128CfbEncrypt;
zrtpChannelContext->cipherDecryptionFunction = bctoolbox_aes128CfbDecrypt;
zrtpChannelContext->cipherKeyLength = 16;
break;
case ZRTP_CIPHER_AES3 :
zrtpChannelContext->cipherEncryptionFunction = bzrtpCrypto_aes256CfbEncrypt;
zrtpChannelContext->cipherDecryptionFunction = bzrtpCrypto_aes256CfbDecrypt;
zrtpChannelContext->cipherEncryptionFunction = bctoolbox_aes256CfbEncrypt;
zrtpChannelContext->cipherDecryptionFunction = bctoolbox_aes256CfbDecrypt;
zrtpChannelContext->cipherKeyLength = 32;
break;
case ZRTP_UNSET_ALGO :
......@@ -502,7 +575,7 @@ void addMandatoryCryptoTypesIfNeeded(uint8_t algoType, uint8_t algoTypes[7], uin
int algosBitmask[BITMASK_256_SIZE];
int missingBitmask[BITMASK_256_SIZE];
uint8_t mandatoryTypes[7];
const uint8_t mandatoryTypesCount = bzrtpCrypto_getMandatoryCryptoTypes(algoType, mandatoryTypes);
const uint8_t mandatoryTypesCount = bzrtpUtils_getMandatoryCryptoTypes(algoType, mandatoryTypes);
uint8_t missingTypesCount = mandatoryTypesCount;
BITMASK_256_SET_ZERO(missingBitmask);
......@@ -727,7 +800,7 @@ void cryptoAlgoTypeIntToString(uint8_t algoTypeInt, uint8_t algoTypeString[4]) {
*/
void bzrtp_DestroyKey(uint8_t *key, uint8_t keyLength, void *rngContext) {
if (key != NULL) {
bzrtpCrypto_getRandom(rngContext, key, keyLength);
bctoolbox_rng_get(rngContext, key, keyLength);
}
}
This diff is collapsed.
......@@ -30,6 +30,7 @@
#include "packetParser.h"
#include "cryptoUtils.h"
#include "zidCache.h"
#include <bctoolbox/crypto.h>
#include "stateMachine.h"
......@@ -566,7 +567,7 @@ int state_keyAgreement_sendingCommit(bzrtpEvent_t event) {
/* Compute the shared DH secret */
zrtpContext->DHMContext->peer = (uint8_t *)malloc(zrtpChannelContext->keyAgreementLength*sizeof(uint8_t));
memcpy (zrtpContext->DHMContext->peer, dhPart1Message->pv, zrtpChannelContext->keyAgreementLength);
bzrtpCrypto_DHMComputeSecret(zrtpContext->DHMContext, (int (*)(void *, uint8_t *, size_t))bzrtpCrypto_getRandom, (void *)zrtpContext->RNGContext);
bctoolbox_DHMComputeSecret(zrtpContext->DHMContext, (int (*)(void *, uint8_t *, size_t))bctoolbox_rng_get, (void *)zrtpContext->RNGContext);
/* Derive the s0 key */
bzrtp_computeS0DHMMode(zrtpContext, zrtpChannelContext);
......@@ -856,7 +857,7 @@ int state_keyAgreement_responderSendingDHPart1(bzrtpEvent_t event) {
/* Compute the shared DH secret */
zrtpContext->DHMContext->peer = (uint8_t *)malloc(zrtpChannelContext->keyAgreementLength*sizeof(uint8_t));
memcpy (zrtpContext->DHMContext->peer, dhPart2Message->pv, zrtpChannelContext->keyAgreementLength);
bzrtpCrypto_DHMComputeSecret(zrtpContext->DHMContext, (int (*)(void *, uint8_t *, size_t))bzrtpCrypto_getRandom, (void *)zrtpContext->RNGContext);
bctoolbox_DHMComputeSecret(zrtpContext->DHMContext, (int (*)(void *, uint8_t *, size_t))bctoolbox_rng_get, (void *)zrtpContext->RNGContext);
/* Derive the s0 key */
bzrtp_computeS0DHMMode(zrtpContext, zrtpChannelContext);
......@@ -1656,16 +1657,16 @@ int bzrtp_responseToHelloMessage(bzrtpContext_t *zrtpContext, bzrtpChannelContex
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs1, zrtpContext->cachedSecret.rs1Length, (uint8_t *)"Initiator", 9, 8, zrtpContext->initiatorCachedSecretHash.rs1ID);
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs1, zrtpContext->cachedSecret.rs1Length, (uint8_t *)"Responder", 9, 8, zrtpContext->responderCachedSecretHash.rs1ID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.rs1ID, 8);
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.rs1ID, 8);
bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.rs1ID, 8);
bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.rs1ID, 8);
}
if (zrtpContext->cachedSecret.rs2!=NULL) {
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs2, zrtpContext->cachedSecret.rs2Length, (uint8_t *)"Initiator", 9, 8, zrtpContext->initiatorCachedSecretHash.rs2ID);
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs2, zrtpContext->cachedSecret.rs2Length, (uint8_t *)"Responder", 9, 8, zrtpContext->responderCachedSecretHash.rs2ID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.rs2ID, 8);
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.rs2ID, 8);
bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.rs2ID, 8);
bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.rs2ID, 8);
}
......@@ -1673,16 +1674,16 @@ int bzrtp_responseToHelloMessage(bzrtpContext_t *zrtpContext, bzrtpChannelContex
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.pbxsecret, zrtpContext->cachedSecret.pbxsecretLength, (uint8_t *)"Initiator", 9, 8, zrtpContext->initiatorCachedSecretHash.pbxsecretID);
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.pbxsecret, zrtpContext->cachedSecret.pbxsecretLength, (uint8_t *)"Responder", 9, 8, zrtpContext->responderCachedSecretHash.pbxsecretID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.pbxsecretID, 8);
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.pbxsecretID, 8);
bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.pbxsecretID, 8);
bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.pbxsecretID, 8);
}
if (zrtpContext->cachedSecret.auxsecret!=NULL) {
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.auxsecret, zrtpContext->cachedSecret.auxsecretLength, zrtpChannelContext->selfH[3], 32, 8, zrtpChannelContext->initiatorAuxsecretID);
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.auxsecret, zrtpContext->cachedSecret.auxsecretLength, zrtpChannelContext->peerH[3], 32, 8, zrtpChannelContext->responderAuxsecretID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpChannelContext->initiatorAuxsecretID, 8);
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpChannelContext->responderAuxsecretID, 8);
bctoolbox_rng_get(zrtpContext->RNGContext, zrtpChannelContext->initiatorAuxsecretID, 8);
bctoolbox_rng_get(zrtpContext->RNGContext, zrtpChannelContext->responderAuxsecretID, 8);
}
/* now select mode according to context */
......
......@@ -26,9 +26,10 @@
*/
#include <stdlib.h>
#include <string.h>
#include "typedef.h"
#include <bctoolbox/crypto.h>
#include "zidCache.h"
#include "typedef.h"
#ifdef HAVE_LIBXML2
......@@ -61,7 +62,7 @@ int bzrtp_getSelfZID(bzrtpContext_t *context, uint8_t selfZID[12]) {
if (cb!=NULL) cb(cacheStringBuffer);
} else {
/* we are running cacheless, return a random number */
bzrtpCrypto_getRandom(context->RNGContext, selfZID, 12);
bctoolbox_rng_get(context->RNGContext, selfZID, 12);
return 0;
}
......@@ -90,7 +91,7 @@ int bzrtp_getSelfZID(bzrtpContext_t *context, uint8_t selfZID[12]) {
xmlNodePtr rootNode;
/* generate a random ZID */
bzrtpCrypto_getRandom(context->RNGContext, selfZID, 12);
bctoolbox_rng_get(context->RNGContext, selfZID, 12);
/* convert it to an Hexa String */
bzrtp_int8ToStr(newZidHex, selfZID, 12);
newZidHex[24] = '\0'; /* the string must be null terminated for libxml2 to add it correctly in the element */
......@@ -429,7 +430,7 @@ int bzrtp_getSelfZID(bzrtpContext_t *context, uint8_t selfZID[12]) {
return ZRTP_ZIDCACHE_INVALID_CONTEXT;
}
/* we are running cacheless, return a random number */
bzrtpCrypto_getRandom(context->RNGContext, selfZID, 12);
bctoolbox_rng_get(context->RNGContext, selfZID, 12);
return 0;
}
int bzrtp_getPeerAssociatedSecretsHash(bzrtpContext_t *context, uint8_t peerZID[12]) {
......
......@@ -34,18 +34,6 @@ set(TEST_SOURCES
../src/zidCache.c
)
if (POLARSSL_FOUND)
set(TEST_SOURCES
${TEST_SOURCES}
../src/cryptoPolarssl.c
)
elseif (MBEDTLS_FOUND)
set(TEST_SOURCES
${TEST_SOURCES}
../src/cryptoMbedtls.c
)
endif()
apply_compile_flags(TEST_SOURCES "CPP")
add_executable(bzrtpTest ${TEST_SOURCES})
......
This diff is collapsed.
......@@ -452,49 +452,49 @@ void test_parserComplete() {
if (contextAlice->cachedSecret.rs1!=NULL) {
contextAlice->channelContext[0]->hmacFunction(contextAlice->cachedSecret.rs1, contextAlice->cachedSecret.rs1Length, (uint8_t *)"Initiator", 9, 8, contextAlice->initiatorCachedSecretHash.rs1ID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextAlice->RNGContext, contextAlice->initiatorCachedSecretHash.rs1ID, 8);
bctoolbox_rng_get(contextAlice->RNGContext, contextAlice->initiatorCachedSecretHash.rs1ID, 8);
}
if (contextAlice->cachedSecret.rs2!=NULL) {
contextAlice->channelContext[0]->hmacFunction(contextAlice->cachedSecret.rs2, contextAlice->cachedSecret.rs2Length, (uint8_t *)"Initiator", 9, 8, contextAlice->initiatorCachedSecretHash.rs2ID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextAlice->RNGContext, contextAlice->initiatorCachedSecretHash.rs2ID, 8);
bctoolbox_rng_get(contextAlice->RNGContext, contextAlice->initiatorCachedSecretHash.rs2ID, 8);
}
if (contextAlice->cachedSecret.auxsecret!=NULL) {
contextAlice->channelContext[0]->hmacFunction(contextAlice->cachedSecret.auxsecret, contextAlice->cachedSecret.auxsecretLength, contextAlice->channelContext[0]->selfH[3], 32, 8, contextAlice->channelContext[0]->initiatorAuxsecretID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextAlice->RNGContext, contextAlice->channelContext[0]->initiatorAuxsecretID, 8);
bctoolbox_rng_get(contextAlice->RNGContext, contextAlice->channelContext[0]->initiatorAuxsecretID, 8);
}
if (contextAlice->cachedSecret.pbxsecret!=NULL) {
contextAlice->channelContext[0]->hmacFunction(contextAlice->cachedSecret.pbxsecret, contextAlice->cachedSecret.pbxsecretLength, (uint8_t *)"Initiator", 9, 8, contextAlice->initiatorCachedSecretHash.pbxsecretID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextAlice->RNGContext, contextAlice->initiatorCachedSecretHash.pbxsecretID, 8);
bctoolbox_rng_get(contextAlice->RNGContext, contextAlice->initiatorCachedSecretHash.pbxsecretID, 8);
}
if (contextAlice->cachedSecret.rs1!=NULL) {
contextAlice->channelContext[0]->hmacFunction(contextAlice->cachedSecret.rs1, contextAlice->cachedSecret.rs1Length, (uint8_t *)"Responder", 9, 8, contextAlice->responderCachedSecretHash.rs1ID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextAlice->RNGContext, contextAlice->responderCachedSecretHash.rs1ID, 8);
bctoolbox_rng_get(contextAlice->RNGContext, contextAlice->responderCachedSecretHash.rs1ID, 8);
}
if (contextAlice->cachedSecret.rs2!=NULL) {
contextAlice->channelContext[0]->hmacFunction(contextAlice->cachedSecret.rs2, contextAlice->cachedSecret.rs2Length, (uint8_t *)"Responder", 9, 8, contextAlice->responderCachedSecretHash.rs2ID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextAlice->RNGContext, contextAlice->responderCachedSecretHash.rs2ID, 8);
bctoolbox_rng_get(contextAlice->RNGContext, contextAlice->responderCachedSecretHash.rs2ID, 8);
}
if (contextAlice->cachedSecret.auxsecret!=NULL) {
contextAlice->channelContext[0]->hmacFunction(contextAlice->cachedSecret.auxsecret, contextAlice->cachedSecret.auxsecretLength, contextAlice->channelContext[0]->peerH[3], 32, 8, contextAlice->channelContext[0]->responderAuxsecretID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextAlice->RNGContext, contextAlice->channelContext[0]->responderAuxsecretID, 8);
bctoolbox_rng_get(contextAlice->RNGContext, contextAlice->channelContext[0]->responderAuxsecretID, 8);
}
if (contextAlice->cachedSecret.pbxsecret!=NULL) {
contextAlice->channelContext[0]->hmacFunction(contextAlice->cachedSecret.pbxsecret, contextAlice->cachedSecret.pbxsecretLength, (uint8_t *)"Responder", 9, 8, contextAlice->responderCachedSecretHash.pbxsecretID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextAlice->RNGContext, contextAlice->responderCachedSecretHash.pbxsecretID, 8);
bctoolbox_rng_get(contextAlice->RNGContext, contextAlice->responderCachedSecretHash.pbxsecretID, 8);
}
......@@ -502,49 +502,49 @@ void test_parserComplete() {
if (contextBob->cachedSecret.rs1!=NULL) {
contextBob->channelContext[0]->hmacFunction(contextBob->cachedSecret.rs1, contextBob->cachedSecret.rs1Length, (uint8_t *)"Initiator", 9, 8, contextBob->initiatorCachedSecretHash.rs1ID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextBob->RNGContext, contextBob->initiatorCachedSecretHash.rs1ID, 8);
bctoolbox_rng_get(contextBob->RNGContext, contextBob->initiatorCachedSecretHash.rs1ID, 8);
}
if (contextBob->cachedSecret.rs2!=NULL) {
contextBob->channelContext[0]->hmacFunction(contextBob->cachedSecret.rs2, contextBob->cachedSecret.rs2Length, (uint8_t *)"Initiator", 9, 8, contextBob->initiatorCachedSecretHash.rs2ID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextBob->RNGContext, contextBob->initiatorCachedSecretHash.rs2ID, 8);
bctoolbox_rng_get(contextBob->RNGContext, contextBob->initiatorCachedSecretHash.rs2ID, 8);
}
if (contextBob->cachedSecret.auxsecret!=NULL) {
contextBob->channelContext[0]->hmacFunction(contextBob->cachedSecret.auxsecret, contextBob->cachedSecret.auxsecretLength, contextBob->channelContext[0]->selfH[3], 32, 8, contextBob->channelContext[0]->initiatorAuxsecretID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextBob->RNGContext, contextBob->channelContext[0]->initiatorAuxsecretID, 8);
bctoolbox_rng_get(contextBob->RNGContext, contextBob->channelContext[0]->initiatorAuxsecretID, 8);
}
if (contextBob->cachedSecret.pbxsecret!=NULL) {
contextBob->channelContext[0]->hmacFunction(contextBob->cachedSecret.pbxsecret, contextBob->cachedSecret.pbxsecretLength, (uint8_t *)"Initiator", 9, 8, contextBob->initiatorCachedSecretHash.pbxsecretID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextBob->RNGContext, contextBob->initiatorCachedSecretHash.pbxsecretID, 8);
bctoolbox_rng_get(contextBob->RNGContext, contextBob->initiatorCachedSecretHash.pbxsecretID, 8);
}
if (contextBob->cachedSecret.rs1!=NULL) {
contextBob->channelContext[0]->hmacFunction(contextBob->cachedSecret.rs1, contextBob->cachedSecret.rs1Length, (uint8_t *)"Responder", 9, 8, contextBob->responderCachedSecretHash.rs1ID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextBob->RNGContext, contextBob->responderCachedSecretHash.rs1ID, 8);
bctoolbox_rng_get(contextBob->RNGContext, contextBob->responderCachedSecretHash.rs1ID, 8);
}
if (contextBob->cachedSecret.rs2!=NULL) {
contextBob->channelContext[0]->hmacFunction(contextBob->cachedSecret.rs2, contextBob->cachedSecret.rs2Length, (uint8_t *)"Responder", 9, 8, contextBob->responderCachedSecretHash.rs2ID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextBob->RNGContext, contextBob->responderCachedSecretHash.rs2ID, 8);
bctoolbox_rng_get(contextBob->RNGContext, contextBob->responderCachedSecretHash.rs2ID, 8);
}
if (contextBob->cachedSecret.auxsecret!=NULL) {
contextBob->channelContext[0]->hmacFunction(contextBob->cachedSecret.auxsecret, contextBob->cachedSecret.auxsecretLength, contextBob->channelContext[0]->peerH[3], 32, 8, contextBob->channelContext[0]->responderAuxsecretID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextBob->RNGContext, contextBob->channelContext[0]->responderAuxsecretID, 8);
bctoolbox_rng_get(contextBob->RNGContext, contextBob->channelContext[0]->responderAuxsecretID, 8);
}
if (contextBob->cachedSecret.pbxsecret!=NULL) {
contextBob->channelContext[0]->hmacFunction(contextBob->cachedSecret.pbxsecret, contextBob->cachedSecret.pbxsecretLength, (uint8_t *)"Responder", 9, 8, contextBob->responderCachedSecretHash.pbxsecretID);
} else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(contextBob->RNGContext, contextBob->responderCachedSecretHash.pbxsecretID, 8);
bctoolbox_rng_get(contextBob->RNGContext, contextBob->responderCachedSecretHash.pbxsecretID, 8);
}