Commit acf9c009 authored by johan's avatar johan

Switch to bctoolbox instead of direct usage of crypto library

parent d1cf1db9
......@@ -67,17 +67,11 @@ find_package(CUnit)
endif()
endif()
find_package(MbedTLS)
if (MBEDTLS_FOUND)
message("Use mbedTLS")
else()
find_package(PolarSSL)
if (POLARSSL_FOUND)
message("Use polarSSL")
else()
message(FATAL_ERROR " No polarSSL or mbedTLS found")
endif()
endif()
if(LINPHONE_BUILDER_GROUP_EXTERNAL_SOURCE_PATH_BUILDERS)
include("${EP_bctoolbox_CONFIG_DIR}/BcToolboxConfig.cmake")
else()
find_package(BcToolBox REQUIRED)
endif()
find_package(XML2)
......@@ -104,21 +98,13 @@ if(STRICT_OPTIONS_CPP)
string(REPLACE ";" " " STRICT_OPTIONS_CPP "${STRICT_OPTIONS_CPP}")
endif()
if (MBEDTLS_FOUND)
include_directories(
include
${CMAKE_CURRENT_BINARY_DIR}
${MBEDTLS_INCLUDE_DIRS}
)
set(LIBS ${MBEDTLS_LIBRARIES})
else ()
include_directories(
include
${CMAKE_CURRENT_BINARY_DIR}
${POLARSSL_INCLUDE_DIRS}
)
set(LIBS ${POLARSSL_LIBRARIES})
endif()
include_directories(
include
${CMAKE_CURRENT_BINARY_DIR}
${BCTOOLBOX_INCLUDE_DIRS}
)
set(LIBS ${BCTOOLBOX_LIBRARIES})
if(CUNIT_FOUND)
include_directories(${CUNIT_INCLUDE_DIRS})
......
############################################################################
# FindPolarSSL.txt
# Copyright (C) 2015 Belledonne Communications, Grenoble France
# FindiBcToolBox.cmake
# Copyright (C) 2016 Belledonne Communications, Grenoble France
#
############################################################################
#
......@@ -20,58 +20,37 @@
#
############################################################################
#
# - Find the polarssl include file and library
# - Find the bctoolbox include file and library
#
# POLARSSL_FOUND - system has polarssl
# POLARSSL_INCLUDE_DIRS - the polarssl include directory
# POLARSSL_LIBRARIES - The libraries needed to use polarssl
# BCTOOLBOX_FOUND - system has BC Toolbox
# BCTOOLBOX_INCLUDE_DIRS - the BC Toolbox include directory
# BCTOOLBOX_LIBRARIES - The libraries needed to use BC Toolbox
include(CMakePushCheckState)
include(CheckIncludeFile)
include(CheckCSourceCompiles)
include(CheckSymbolExists)
set(_POLARSSL_ROOT_PATHS
set(_BCTOOLBOX_ROOT_PATHS
${CMAKE_INSTALL_PREFIX}
)
find_path(POLARSSL_INCLUDE_DIRS
NAMES polarssl/ssl.h
HINTS _POLARSSL_ROOT_PATHS
find_path(BCTOOLBOX_INCLUDE_DIRS
NAMES bctoolbox/crypto.h
HINTS _BCTOOLBOX_ROOT_PATHS
PATH_SUFFIXES include
)
if(POLARSSL_INCLUDE_DIRS)
set(HAVE_POLARSSL_SSL_H 1)
endif()
find_library(POLARSSL_LIBRARIES
NAMES polarssl mbedtls
HINTS _POLARSSL_ROOT_PATHS
find_library(BCTOOLBOX_LIBRARIES
NAMES bctoolbox
HINTS _BCTOOLBOX_ROOT_PATHS
PATH_SUFFIXES bin lib
)
if(POLARSSL_LIBRARIES)
cmake_push_check_state(RESET)
set(CMAKE_REQUIRED_INCLUDES ${POLARSSL_INCLUDE_DIRS})
set(CMAKE_REQUIRED_LIBRARIES ${POLARSSL_LIBRARIES})
check_c_source_compiles("#include <polarssl/version.h>
#include <polarssl/x509.h>
#if POLARSSL_VERSION_NUMBER >= 0x01030000
#include <polarssl/compat-1.2.h>
#endif
int main(int argc, char *argv[]) {
x509parse_crtpath(0,0);
return 0;
}"
X509PARSE_CRTPATH_OK)
check_symbol_exists(ssl_get_dtls_srtp_protection_profile "polarssl/ssl.h" HAVE_SSL_GET_DTLS_SRTP_PROTECTION_PROFILE)
cmake_pop_check_state()
endif()
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(PolarSSL
find_package_handle_standard_args(BcToolBox
DEFAULT_MSG
POLARSSL_INCLUDE_DIRS POLARSSL_LIBRARIES HAVE_POLARSSL_SSL_H
BCTOOLBOX_INCLUDE_DIRS BCTOOLBOX_LIBRARIES
)
mark_as_advanced(POLARSSL_INCLUDE_DIRS POLARSSL_LIBRARIES HAVE_POLARSSL_SSL_H X509PARSE_CRTPATH_OK HAVE_SSL_GET_DTLS_SRTP_PROTECTION_PROFILE)
mark_as_advanced(BCTOOLBOX_INCLUDE_DIRS BCTOOLBOX_LIBRARIES)
############################################################################
# FindMdebTLS.txt
# Copyright (C) 2015 Belledonne Communications, Grenoble France
#
############################################################################
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
############################################################################
#
# - Find the mbedTLS include file and library
#
# MBEDTLS_FOUND - system has mbedTLS
# MBEDTLS_INCLUDE_DIRS - the mbedTLS include directory
# MBEDTLS_LIBRARIES - The libraries needed to use mbedTLS
include(CMakePushCheckState)
include(CheckIncludeFile)
include(CheckCSourceCompiles)
include(CheckSymbolExists)
set(_MBEDTLS_ROOT_PATHS
${CMAKE_INSTALL_PREFIX}
)
find_path(MBEDTLS_INCLUDE_DIRS
NAMES mbedtls/ssl.h
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES include
)
# find the three mbedtls library
find_library(MBEDTLS_LIBRARY
NAMES mbedtls
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES bin lib
)
if (MBEDTLS_LIBRARY)
find_library(MBEDX509_LIBRARY
NAMES mbedx509
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES bin lib
)
endif()
if (MBEDX509_LIBRARY)
find_library(MBEDCRYPTO_LIBRARY
NAMES mbedcrypto
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES bin lib
)
endif()
# check we have a mbedTLS version 2 or above(all functions are prefixed mbedtls_)
if (MBEDCRYPTO_LIBRARY)
cmake_push_check_state(RESET)
set(CMAKE_REQUIRED_INCLUDES ${MBEDTLS_INCLUDE_DIRS})
set(CMAKE_REQUIRED_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRARY})
check_symbol_exists(mbedtls_ssl_init "mbedtls/ssl.h" MBEDTLS_V2)
cmake_pop_check_state()
endif()
if (MBEDTLS_V2)
set (MBEDTLS_LIBRARIES
${MBEDTLS_LIBRARY}
${MBEDX509_LIBRARY}
${MBEDCRYPTO_LIBRARY}
)
endif()
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(MbedTLS
DEFAULT_MSG
MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARIES
)
mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARIES)
......@@ -31,6 +31,16 @@
#include "typedef.h"
#include "packetParser.h"
/** Return available crypto functions. For now we have
*
* - Hash: HMAC-SHA256(Mandatory)
* - CipherBlock: AES128(Mandatory)
* - Auth Tag: HMAC-SHA132 and HMAC-SHA180 (These are mandatory for SRTP and depends on the SRTP implementation thus we can just suppose they are both available)
* - Key Agreement: DHM3k(Mandatory), DHM2k(optional and shall not be used except on low power devices)
* - Sas: base32(Mandatory), b256(pgp words)
*/
uint8_t bzrtpUtils_getAvailableCryptoTypes(uint8_t algoType, uint8_t availableTypes[7]);
/**
*
* @brief ZRTP Key Derivation Function as in rfc 4.5.1
......
/**
@file cryptoWrapper.h
@brief This file contains all functions prototypes to the needed cryptographic operations:
- SHA256
- HMAC-SHA256
- AES128-CFB128
- Diffie-Hellman-Merkle 2048 and 3072 bits
- Random number generator
This functions are implemented by an external lib(polarssl but it can be other) and the functions
wrapper depends on the external lib API.
@author Johan Pascal
@copyright Copyright (C) 2014 Belledonne Communications, Grenoble, France
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef CRYPTOWRAPPER_H
#define CRYPTOWRAPPER_H
#include <stdint.h>
#include "bzrtp/bzrtp.h"
/**
* @brief Get the available crypto functions
* - Hash function
* - Cipher Block
* - Auth Tag (this depends on SRTP implementation, thus returns only mandatory types: "HS32" and "HS80" HMAC-SHA1)
* - Key agreement
* - SAS
*
* @param[in] algoType mapped to defines, must be in [ZRTP_HASH_TYPE, ZRTP_CIPHERBLOCK_TYPE, ZRTP_AUTHTAG_TYPE, ZRTP_KEYAGREEMENT_TYPE or ZRTP_SAS_TYPE]
* @param[out] availableTypes mapped to uint8_t value of the 4 char strings giving the available types as string according to rfc section 5.1.2 to 5.1.6
*
* @return number of available types, 0 on error
*/
uint8_t bzrtpCrypto_getAvailableCryptoTypes(uint8_t algoType, uint8_t availableTypes[7]);
/**
* @brief Get the mandatory crypto functions
* - Hash function
* - Cipher Block
* - Auth Tag
* - Key agreement
* - SAS
*
* @param[in] algoType mapped to defines, must be in [ZRTP_HASH_TYPE, ZRTP_CIPHERBLOCK_TYPE, ZRTP_AUTHTAG_TYPE, ZRTP_KEYAGREEMENT_TYPE or ZRTP_SAS_TYPE]
* @param[out] mandatoryTypes mapped to uint8_t value of the 4 char strings giving the available types as string according to rfc section 5.1.2 to 5.1.6
*
* @return number of mandatory types, 0 on error
*/
uint8_t bzrtpCrypto_getMandatoryCryptoTypes(uint8_t algoType, uint8_t mandatoryTypes[7]);
/**
*
* @brief The context structure to the Random Number Generator
* actually just holds a pointer to the crypto module implementation context
*
*/
typedef struct bzrtpRNGContext_struct {
void *cryptoModuleData; /**< a context needed by the actual implementation */
} bzrtpRNGContext_t;
/**
*
* @brief Initialise the random number generator
*
* @param[in] entropyString Any string providing more entropy to the RNG
* @param[in] entropyStringLength Length of previous parameter
* @return The context initialised. NULL on error
*
*/
bzrtpRNGContext_t *bzrtpCrypto_startRNG(const uint8_t *entropyString, uint16_t entropyStringLength);
/**
*
* @brief Generate a random number
* @param[in] context The RNG context
* @param[out] output The random generated
* @param[in] outputLength The length(in bytes) of random number to be generated
* @return 0 on success.
*
*/
int bzrtpCrypto_getRandom(bzrtpRNGContext_t *context, uint8_t *output, size_t outputLength);
/**
*
* @brief Destroy the RNG context
*
* @param[in] context The context to be destroyed
* @return 0 on success.
*
*/
int bzrtpCrypto_destroyRNG(bzrtpRNGContext_t *context);
/**
* @brief HMAC-SHA256 wrapper
* @param[in] key HMAC secret key
* @param[in] keyLength HMAC key length in bytes
* @param[in] input Input data buffer
* @param[in] inputLength Input data length in bytes
* @param[in] hmacLength Length of output required in bytes, HMAC output is truncated to the hmacLength left bytes. 32 bytes maximum
* @param[out] output Output data buffer.
*
*/
void bzrtpCrypto_hmacSha256(const uint8_t *key,
size_t keyLength,
const uint8_t *input,
size_t inputLength,
uint8_t hmacLength,
uint8_t *output);
/**
* @brief SHA256 wrapper
* @param[in] input Input data buffer
* @param[in] inputLength Input data length in bytes
* @param[in] hmacLength Length of output required in bytes, SHA256 output is truncated to the hashLength left bytes. 32 bytes maximum
* @param[out] output Output data buffer.
*
*/
void bzrtpCrypto_sha256(const uint8_t *input,
size_t inputLength,
uint8_t hashLength,
uint8_t *output);
/**
* @brief HMAC-SHA1 wrapper
* @param[in] key HMAC secret key
* @param[in] keyLength HMAC key length
* @param[in] input Input data buffer
* @param[in] inputLength Input data length
* @param[in] hmacLength Length of output required in bytes, HMAC output is truncated to the hmacLength left bytes. 32 bytes maximum
* @param[out] output Output data buffer
*
*/
void bzrtpCrypto_hmacSha1(const uint8_t *key,
size_t keyLength,
const uint8_t *input,
size_t inputLength,
uint8_t hmacLength,
uint8_t *output);
/**
* @brief Wrapper for AES-128 in CFB128 mode encryption
* Both key and IV must be 16 bytes long
*
* @param[in] key encryption key, 128 bits long
* @param[in] IV Initialisation vector, 128 bits long, is not modified by this function.
* @param[in] input Input data buffer
* @param[in] inputLength Input data length
* @param[out] output Output data buffer
*
*/
void bzrtpCrypto_aes128CfbEncrypt(const uint8_t *key,
const uint8_t *IV,
const uint8_t *input,
size_t inputLength,
uint8_t *output);
/**
* @brief Wrapper for AES-128 in CFB128 mode decryption
* Both key and IV must be 16 bytes long
*
* @param[in] key decryption key, 128 bits long
* @param[in] IV Initialisation vector, 128 bits long, is not modified by this function.
* @param[in] input Input data buffer
* @param[in] inputLength Input data length
* @param[out] output Output data buffer
*
*/
void bzrtpCrypto_aes128CfbDecrypt(const uint8_t *key,
const uint8_t *IV,
const uint8_t *input,
size_t inputLength,
uint8_t *output);
/**
* @brief Wrapper for AES-256 in CFB128 mode encryption
* The key must be 32 bytes long and the IV must be 16 bytes long
*
* @param[in] key encryption key, 256 bits long
* @param[in] IV Initialisation vector, 128 bits long, is not modified by this function.
* @param[in] input Input data buffer
* @param[in] inputLength Input data length
* @param[out] output Output data buffer
*
*/
void bzrtpCrypto_aes256CfbEncrypt(const uint8_t *key,
const uint8_t *IV,
const uint8_t *input,
size_t inputLength,
uint8_t *output);
/**
* @brief Wrapper for AES-256 in CFB128 mode decryption
* The key must be 32 bytes long and the IV must be 16 bytes long
*
* @param[in] key decryption key, 256 bits long
* @param[in] IV Initialisation vector, 128 bits long, is not modified by this function.
* @param[in] input Input data buffer
* @param[in] inputLength Input data length
* @param[out] output Output data buffer
*
*/
void bzrtpCrypto_aes256CfbDecrypt(const uint8_t *key,
const uint8_t *IV,
const uint8_t *input,
size_t inputLength,
uint8_t *output);
/**
* @brief Context for the Diffie-Hellman-Merkle key exchange
* ZRTP specifies the use of RFC3526 values for G and P so we do not need to store them in this context
*/
typedef struct bzrtpDHMContext_struct {
uint8_t algo; /**< Algorithm used for the key exchange mapped to an int */
uint16_t primeLength; /**< Prime number length in bytes(256 or 384)*/
uint8_t *secret; /**< the random secret (X), this field may not be used if the crypto module implementation already store this value in his context */
uint8_t secretLength; /**< in bytes. Shall be twice the AES key length used (rfc 5.1.5) */
uint8_t *key; /**< the key exchanged (G^Y)^X mod P */
uint8_t *self; /**< this side of the public exchange G^X mod P */
uint8_t *peer; /**< the other side of the public exchange G^Y mod P */
void *cryptoModuleData; /**< a context needed by the crypto implementation */
}bzrtpDHMContext_t;
/**
*
* @brief Create a context for the DHM key exchange
* This function will also instantiate the context needed by the actual implementation of the crypto module
*
* @param[in] DHMAlgo The algorithm type(ZRTP_KEYAGREEMENT_DH2k or ZRTP_KEYAGREEMENT_DH3k)
* @param[in] secretLength The length in byte of the random secret(X). Shall be twice the AES key length used(rfc 5.1.5)
*
* @return The initialised context for the DHM calculation(must then be freed calling the destroyDHMContext function), NULL on error
*
*/
bzrtpDHMContext_t *bzrtpCrypto_CreateDHMContext(uint8_t DHMAlgo, uint8_t secretLength);
/**
*
* @brief Generate the private secret X and compute the public value G^X mod P
* G, P and X length have been set by previous call to DHM_CreateDHMContext
*
* @param[in/out] context DHM context, will store the public value in ->self after this call
* @param[in] rngFunction pointer to a random number generator used to create the secret X
* @param[in] rngContext pointer to the rng context if neeeded
*
*/
void bzrtpCrypto_DHMCreatePublic(bzrtpDHMContext_t *context, int (*rngFunction)(void *, uint8_t *, size_t), void *rngContext);
/**
*
* @brief Compute the secret key G^X^Y mod p
* G^X mod P has been computed in previous call to DHMCreatePublic
* G^Y mod P must have been set in context->peer
*
* @param[in/out] context Read the public values from context, export the key to context->key
* @param[in] rngFunction Pointer to a random number generation function, used for blinding countermeasure, may be NULL
* @param[in] rngContext Pointer to the RNG function context
*
*/
void bzrtpCrypto_DHMComputeSecret(bzrtpDHMContext_t *context, int (*rngFunction)(void *, uint8_t *, size_t), void *rngContext);
/**
*
* @brief Clean DHM context
*
* @param context The context to deallocate
*
*/
void bzrtpCrypto_DestroyDHMContext(bzrtpDHMContext_t *context);
#endif /* ifndef CRYPTOWRAPPER_H */
......@@ -48,7 +48,7 @@
typedef struct bzrtpChannelContext_struct bzrtpChannelContext_t;
#include "cryptoWrapper.h"
#include <bctoolbox/crypto.h>
#include "packetParser.h"
#include "stateMachine.h"
......@@ -184,8 +184,8 @@ struct bzrtpChannelContext_struct {
*/
struct bzrtpContext_struct {
/* contexts */
bzrtpRNGContext_t *RNGContext; /**< context for random number generation */
bzrtpDHMContext_t *DHMContext; /**< context for the Diffie-Hellman-Merkle operations. Only one DHM computation may be done during a call, so this belongs to the general context and not the channel one */
bctoolbox_rng_context_t *RNGContext; /**< context for random number generation */
bctoolbox_DHMContext_t *DHMContext; /**< context for the Diffie-Hellman-Merkle operations. Only one DHM computation may be done during a call, so this belongs to the general context and not the channel one */
/* flags */
uint8_t isSecure; /**< this flag is set to 1 after the first channel have completed the ZRTP protocol exchange(i.e. when the responder have sent the conf2ACK message) */
......
......@@ -27,7 +27,7 @@
#include "bzrtp/bzrtp.h"
#include "typedef.h"
#include "cryptoWrapper.h"
#include "bctoolbox/crypto.h"
#include "cryptoUtils.h"
#include "zidCache.h"
#include "packetParser.h"
......@@ -54,7 +54,7 @@ bzrtpContext_t *bzrtp_createBzrtpContext(uint32_t selfSSRC) {
memset(context, 0, sizeof(bzrtpContext_t));
/* start the random number generator */
context->RNGContext = bzrtpCrypto_startRNG(NULL, 0); /* TODO: give a seed for the RNG? */
context->RNGContext = bctoolbox_rng_context_new(); /* TODO: give a seed for the RNG? */
/* set the DHM context to NULL, it will be created if needed when creating a DHPart packet */
context->DHMContext = NULL;
......@@ -81,11 +81,11 @@ bzrtpContext_t *bzrtp_createBzrtpContext(uint32_t selfSSRC) {
/* get the list of crypto algorithms provided by the crypto module */
/* this list may then be updated according to users settings */
context->hc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_HASH_TYPE, context->supportedHash);
context->cc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_CIPHERBLOCK_TYPE, context->supportedCipher);
context->ac = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_AUTHTAG_TYPE, context->supportedAuthTag);
context->kc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_KEYAGREEMENT_TYPE, context->supportedKeyAgreement);
context->sc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_SAS_TYPE, context->supportedSas);
context->hc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_HASH_TYPE, context->supportedHash);
context->cc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_CIPHERBLOCK_TYPE, context->supportedCipher);
context->ac = bzrtpUtils_getAvailableCryptoTypes(ZRTP_AUTHTAG_TYPE, context->supportedAuthTag);
context->kc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_KEYAGREEMENT_TYPE, context->supportedKeyAgreement);
context->sc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_SAS_TYPE, context->supportedSas);
/* initialise cached secret buffer to null */
#ifdef HAVE_LIBXML2
......@@ -157,7 +157,7 @@ void bzrtp_destroyBzrtpContext(bzrtpContext_t *context, uint32_t selfSSRC) {
/* We have no more channel, destroy the zrtp context */
if (context->DHMContext != NULL) {
bzrtpCrypto_DestroyDHMContext(context->DHMContext);
bctoolbox_DestroyDHMContext(context->DHMContext);
context->DHMContext = NULL;
}
......@@ -180,7 +180,7 @@ void bzrtp_destroyBzrtpContext(bzrtpContext_t *context, uint32_t selfSSRC) {
#endif
/* destroy the RNG context at the end because it may be needed to destroy some keys */
bzrtpCrypto_destroyRNG(context->RNGContext);
bctoolbox_rng_context_free(context->RNGContext);
context->RNGContext = NULL;
free(context);
return;
......@@ -612,10 +612,10 @@ int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelContext_t
zrtpChannelContext->role = INITIATOR;
/* create H0 (32 bytes random) and derive using implicit Hash(SHA256) H1,H2,H3 */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpChannelContext->selfH[0], 32);
bzrtpCrypto_sha256(zrtpChannelContext->selfH[0], 32, 32, zrtpChannelContext->selfH[1]);
bzrtpCrypto_sha256(zrtpChannelContext->selfH[1], 32, 32, zrtpChannelContext->selfH[2]);
bzrtpCrypto_sha256(zrtpChannelContext->selfH[2], 32, 32, zrtpChannelContext->selfH[3]);
bctoolbox_rng_get(zrtpContext->RNGContext, zrtpChannelContext->selfH[0], 32);
bctoolbox_sha256(zrtpChannelContext->selfH[0], 32, 32, zrtpChannelContext->selfH[1]);
bctoolbox_sha256(zrtpChannelContext->selfH[1], 32, 32, zrtpChannelContext->selfH[2]);
bctoolbox_sha256(zrtpChannelContext->selfH[2], 32, 32, zrtpChannelContext->selfH[3]);
/* initialisation of packet storage */
for (i=0; i<PACKET_STORAGE_CAPACITY; i++) {
......@@ -624,7 +624,7 @@ int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelContext_t
}
/* initialise the self Sequence number to a random and peer to 0 */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, (uint8_t *)&(zrtpChannelContext->selfSequenceNumber), 2);
bctoolbox_rng_get(zrtpContext->RNGContext, (uint8_t *)&(zrtpChannelContext->selfSequenceNumber), 2);
zrtpChannelContext->selfSequenceNumber &= 0x0FFF; /* first 4 bits to zero in order to avoid reaching FFFF and turning back to 0 */
zrtpChannelContext->selfSequenceNumber++; /* be sure it is not initialised to 0 */
zrtpChannelContext->peerSequenceNumber = 0;
......@@ -791,7 +791,7 @@ void bzrtp_setSupportedCryptoTypes(bzrtpContext_t *zrtpContext, uint8_t algoType
return;
}
implementedTypesCount = bzrtpCrypto_getAvailableCryptoTypes(algoType, implementedTypes);
implementedTypesCount = bzrtpUtils_getAvailableCryptoTypes(algoType, implementedTypes);
switch(algoType) {
case ZRTP_HASH_TYPE:
......
/**
@file cryptoMdebtls.c
@brief bind zrtpCrypto functions to their MbedTLS implementation
@author Johan Pascal
@copyright Copyright (C) 2015 Belledonne Communications, Grenoble, France
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include <stdlib.h>
#include <string.h>
/* Random number generator */
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
/* Hash and HMAC functions */
#include "mbedtls/md.h"
#include "mbedtls/sha256.h"
/* Asymmetrics encryption */
#include "mbedtls/dhm.h"
/* Symmetric encryption */
#include "mbedtls/aes.h"
#include "cryptoWrapper.h"
/** Return available crypto functions. For now we have
*
* - Hash: HMAC-SHA256(Mandatory)
* - CipherBlock: AES128(Mandatory)
* - Auth Tag: HMAC-SHA132 and HMAC-SHA180 (These are mandatory for SRTP and depends on the SRTP implementation thus we can just suppose they are both available)
* - Key Agreement: DHM3k(Mandatory), DHM2k(optional and shall not be used except on low power devices)
* - Sas: base32(Mandatory), b256(pgp words)
*/
uint8_t bzrtpCrypto_getAvailableCryptoTypes(uint8_t algoType, uint8_t availableTypes[7]) {
switch(algoType) {
case ZRTP_HASH_TYPE:
availableTypes[0] = ZRTP_HASH_S256;
return 1;
break;
case ZRTP_CIPHERBLOCK_TYPE:
availableTypes[0] = ZRTP_CIPHER_AES1;
availableTypes[1] = ZRTP_CIPHER_AES3;
return 2;
break;
case ZRTP_AUTHTAG_TYPE:
availableTypes[0] = ZRTP_AUTHTAG_HS32;
availableTypes[1] = ZRTP_AUTHTAG_HS80;
return 2;
break;
case ZRTP_KEYAGREEMENT_TYPE:
availableTypes[0] = ZRTP_KEYAGREEMENT_DH3k;
availableTypes[1] = ZRTP_KEYAGREEMENT_DH2k;
availableTypes[2] = ZRTP_KEYAGREEMENT_Mult; /* This one shall always be at the end of the list, it is just to inform the peer ZRTP endpoint that we support the Multichannel ZRTP */
return 3;
break;
case ZRTP_SAS_TYPE: /* the SAS function is implemented in cryptoUtils.c and then is not directly linked to the mbedtls crypto wrapper */
availableTypes[0] = ZRTP_SAS_B32;
availableTypes[1] = ZRTP_SAS_B256;
return 2;
break;
default:
return 0;
}
}
/** Return mandatory crypto functions. For now we have
*
* - Hash: HMAC-SHA256
* - CipherBlock: AES128
* - Auth Tag: HMAC-SHA132 and HMAC-SHA180
* - Key Agreement: DHM3k
* - Sas: base32
*/
uint8_t bzrtpCrypto_getMandatoryCryptoTypes(uint8_t algoType, uint8_t mandatoryTypes[7]) {
switch(algoType) {
case ZRTP_HASH_TYPE:
mandatoryTypes[0] = ZRTP_HASH_S256;
return 1;
case ZRTP_CIPHERBLOCK_TYPE:
mandatoryTypes[0] = ZRTP_CIPHER_AES1;
return 1;
case ZRTP_AUTHTAG_TYPE:
mandatoryTypes[0] = ZRTP_AUTHTAG_HS32;
mandatoryTypes[1] = ZRTP_AUTHTAG_HS80;
return 2;
case ZRTP_KEYAGREEMENT_TYPE:
mandatoryTypes[0] = ZRTP_KEYAGREEMENT_DH3k;
mandatoryTypes[1] = ZRTP_KEYAGREEMENT_Mult; /* we must add this one if we want to be able to make multistream */
return 2;
case ZRTP_SAS_TYPE:
mandatoryTypes[0] = ZRTP_SAS_B32;
return 1;
default:
return 0;
}
}
/**
*
* @brief Structure to store all the contexts data needed for Random Number Generation
*
*/
typedef struct mbedtlsRNGContext_struct {
mbedtls_entropy_context entropyContext; /**< the entropy function context */