Commit acf9c009 authored by johan's avatar johan

Switch to bctoolbox instead of direct usage of crypto library

parent d1cf1db9
...@@ -67,17 +67,11 @@ find_package(CUnit) ...@@ -67,17 +67,11 @@ find_package(CUnit)
endif() endif()
endif() endif()
find_package(MbedTLS) if(LINPHONE_BUILDER_GROUP_EXTERNAL_SOURCE_PATH_BUILDERS)
if (MBEDTLS_FOUND) include("${EP_bctoolbox_CONFIG_DIR}/BcToolboxConfig.cmake")
message("Use mbedTLS") else()
else() find_package(BcToolBox REQUIRED)
find_package(PolarSSL) endif()
if (POLARSSL_FOUND)
message("Use polarSSL")
else()
message(FATAL_ERROR " No polarSSL or mbedTLS found")
endif()
endif()
find_package(XML2) find_package(XML2)
...@@ -104,21 +98,13 @@ if(STRICT_OPTIONS_CPP) ...@@ -104,21 +98,13 @@ if(STRICT_OPTIONS_CPP)
string(REPLACE ";" " " STRICT_OPTIONS_CPP "${STRICT_OPTIONS_CPP}") string(REPLACE ";" " " STRICT_OPTIONS_CPP "${STRICT_OPTIONS_CPP}")
endif() endif()
if (MBEDTLS_FOUND) include_directories(
include_directories( include
include ${CMAKE_CURRENT_BINARY_DIR}
${CMAKE_CURRENT_BINARY_DIR} ${BCTOOLBOX_INCLUDE_DIRS}
${MBEDTLS_INCLUDE_DIRS} )
)
set(LIBS ${MBEDTLS_LIBRARIES}) set(LIBS ${BCTOOLBOX_LIBRARIES})
else ()
include_directories(
include
${CMAKE_CURRENT_BINARY_DIR}
${POLARSSL_INCLUDE_DIRS}
)
set(LIBS ${POLARSSL_LIBRARIES})
endif()
if(CUNIT_FOUND) if(CUNIT_FOUND)
include_directories(${CUNIT_INCLUDE_DIRS}) include_directories(${CUNIT_INCLUDE_DIRS})
......
############################################################################ ############################################################################
# FindPolarSSL.txt # FindiBcToolBox.cmake
# Copyright (C) 2015 Belledonne Communications, Grenoble France # Copyright (C) 2016 Belledonne Communications, Grenoble France
# #
############################################################################ ############################################################################
# #
...@@ -20,58 +20,37 @@ ...@@ -20,58 +20,37 @@
# #
############################################################################ ############################################################################
# #
# - Find the polarssl include file and library # - Find the bctoolbox include file and library
# #
# POLARSSL_FOUND - system has polarssl # BCTOOLBOX_FOUND - system has BC Toolbox
# POLARSSL_INCLUDE_DIRS - the polarssl include directory # BCTOOLBOX_INCLUDE_DIRS - the BC Toolbox include directory
# POLARSSL_LIBRARIES - The libraries needed to use polarssl # BCTOOLBOX_LIBRARIES - The libraries needed to use BC Toolbox
include(CMakePushCheckState) include(CMakePushCheckState)
include(CheckIncludeFile) include(CheckIncludeFile)
include(CheckCSourceCompiles) include(CheckCSourceCompiles)
include(CheckSymbolExists) include(CheckSymbolExists)
set(_POLARSSL_ROOT_PATHS set(_BCTOOLBOX_ROOT_PATHS
${CMAKE_INSTALL_PREFIX} ${CMAKE_INSTALL_PREFIX}
) )
find_path(POLARSSL_INCLUDE_DIRS find_path(BCTOOLBOX_INCLUDE_DIRS
NAMES polarssl/ssl.h NAMES bctoolbox/crypto.h
HINTS _POLARSSL_ROOT_PATHS HINTS _BCTOOLBOX_ROOT_PATHS
PATH_SUFFIXES include PATH_SUFFIXES include
) )
if(POLARSSL_INCLUDE_DIRS)
set(HAVE_POLARSSL_SSL_H 1)
endif()
find_library(POLARSSL_LIBRARIES find_library(BCTOOLBOX_LIBRARIES
NAMES polarssl mbedtls NAMES bctoolbox
HINTS _POLARSSL_ROOT_PATHS HINTS _BCTOOLBOX_ROOT_PATHS
PATH_SUFFIXES bin lib PATH_SUFFIXES bin lib
) )
if(POLARSSL_LIBRARIES)
cmake_push_check_state(RESET)
set(CMAKE_REQUIRED_INCLUDES ${POLARSSL_INCLUDE_DIRS})
set(CMAKE_REQUIRED_LIBRARIES ${POLARSSL_LIBRARIES})
check_c_source_compiles("#include <polarssl/version.h>
#include <polarssl/x509.h>
#if POLARSSL_VERSION_NUMBER >= 0x01030000
#include <polarssl/compat-1.2.h>
#endif
int main(int argc, char *argv[]) {
x509parse_crtpath(0,0);
return 0;
}"
X509PARSE_CRTPATH_OK)
check_symbol_exists(ssl_get_dtls_srtp_protection_profile "polarssl/ssl.h" HAVE_SSL_GET_DTLS_SRTP_PROTECTION_PROFILE)
cmake_pop_check_state()
endif()
include(FindPackageHandleStandardArgs) include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(PolarSSL find_package_handle_standard_args(BcToolBox
DEFAULT_MSG DEFAULT_MSG
POLARSSL_INCLUDE_DIRS POLARSSL_LIBRARIES HAVE_POLARSSL_SSL_H BCTOOLBOX_INCLUDE_DIRS BCTOOLBOX_LIBRARIES
) )
mark_as_advanced(POLARSSL_INCLUDE_DIRS POLARSSL_LIBRARIES HAVE_POLARSSL_SSL_H X509PARSE_CRTPATH_OK HAVE_SSL_GET_DTLS_SRTP_PROTECTION_PROFILE) mark_as_advanced(BCTOOLBOX_INCLUDE_DIRS BCTOOLBOX_LIBRARIES)
############################################################################
# FindMdebTLS.txt
# Copyright (C) 2015 Belledonne Communications, Grenoble France
#
############################################################################
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
############################################################################
#
# - Find the mbedTLS include file and library
#
# MBEDTLS_FOUND - system has mbedTLS
# MBEDTLS_INCLUDE_DIRS - the mbedTLS include directory
# MBEDTLS_LIBRARIES - The libraries needed to use mbedTLS
include(CMakePushCheckState)
include(CheckIncludeFile)
include(CheckCSourceCompiles)
include(CheckSymbolExists)
set(_MBEDTLS_ROOT_PATHS
${CMAKE_INSTALL_PREFIX}
)
find_path(MBEDTLS_INCLUDE_DIRS
NAMES mbedtls/ssl.h
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES include
)
# find the three mbedtls library
find_library(MBEDTLS_LIBRARY
NAMES mbedtls
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES bin lib
)
if (MBEDTLS_LIBRARY)
find_library(MBEDX509_LIBRARY
NAMES mbedx509
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES bin lib
)
endif()
if (MBEDX509_LIBRARY)
find_library(MBEDCRYPTO_LIBRARY
NAMES mbedcrypto
HINTS _MBEDTLS_ROOT_PATHS
PATH_SUFFIXES bin lib
)
endif()
# check we have a mbedTLS version 2 or above(all functions are prefixed mbedtls_)
if (MBEDCRYPTO_LIBRARY)
cmake_push_check_state(RESET)
set(CMAKE_REQUIRED_INCLUDES ${MBEDTLS_INCLUDE_DIRS})
set(CMAKE_REQUIRED_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRARY})
check_symbol_exists(mbedtls_ssl_init "mbedtls/ssl.h" MBEDTLS_V2)
cmake_pop_check_state()
endif()
if (MBEDTLS_V2)
set (MBEDTLS_LIBRARIES
${MBEDTLS_LIBRARY}
${MBEDX509_LIBRARY}
${MBEDCRYPTO_LIBRARY}
)
endif()
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(MbedTLS
DEFAULT_MSG
MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARIES
)
mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARIES)
...@@ -31,6 +31,16 @@ ...@@ -31,6 +31,16 @@
#include "typedef.h" #include "typedef.h"
#include "packetParser.h" #include "packetParser.h"
/** Return available crypto functions. For now we have
*
* - Hash: HMAC-SHA256(Mandatory)
* - CipherBlock: AES128(Mandatory)
* - Auth Tag: HMAC-SHA132 and HMAC-SHA180 (These are mandatory for SRTP and depends on the SRTP implementation thus we can just suppose they are both available)
* - Key Agreement: DHM3k(Mandatory), DHM2k(optional and shall not be used except on low power devices)
* - Sas: base32(Mandatory), b256(pgp words)
*/
uint8_t bzrtpUtils_getAvailableCryptoTypes(uint8_t algoType, uint8_t availableTypes[7]);
/** /**
* *
* @brief ZRTP Key Derivation Function as in rfc 4.5.1 * @brief ZRTP Key Derivation Function as in rfc 4.5.1
......
This diff is collapsed.
...@@ -48,7 +48,7 @@ ...@@ -48,7 +48,7 @@
typedef struct bzrtpChannelContext_struct bzrtpChannelContext_t; typedef struct bzrtpChannelContext_struct bzrtpChannelContext_t;
#include "cryptoWrapper.h" #include <bctoolbox/crypto.h>
#include "packetParser.h" #include "packetParser.h"
#include "stateMachine.h" #include "stateMachine.h"
...@@ -184,8 +184,8 @@ struct bzrtpChannelContext_struct { ...@@ -184,8 +184,8 @@ struct bzrtpChannelContext_struct {
*/ */
struct bzrtpContext_struct { struct bzrtpContext_struct {
/* contexts */ /* contexts */
bzrtpRNGContext_t *RNGContext; /**< context for random number generation */ bctoolbox_rng_context_t *RNGContext; /**< context for random number generation */
bzrtpDHMContext_t *DHMContext; /**< context for the Diffie-Hellman-Merkle operations. Only one DHM computation may be done during a call, so this belongs to the general context and not the channel one */ bctoolbox_DHMContext_t *DHMContext; /**< context for the Diffie-Hellman-Merkle operations. Only one DHM computation may be done during a call, so this belongs to the general context and not the channel one */
/* flags */ /* flags */
uint8_t isSecure; /**< this flag is set to 1 after the first channel have completed the ZRTP protocol exchange(i.e. when the responder have sent the conf2ACK message) */ uint8_t isSecure; /**< this flag is set to 1 after the first channel have completed the ZRTP protocol exchange(i.e. when the responder have sent the conf2ACK message) */
......
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
#include "bzrtp/bzrtp.h" #include "bzrtp/bzrtp.h"
#include "typedef.h" #include "typedef.h"
#include "cryptoWrapper.h" #include "bctoolbox/crypto.h"
#include "cryptoUtils.h" #include "cryptoUtils.h"
#include "zidCache.h" #include "zidCache.h"
#include "packetParser.h" #include "packetParser.h"
...@@ -54,7 +54,7 @@ bzrtpContext_t *bzrtp_createBzrtpContext(uint32_t selfSSRC) { ...@@ -54,7 +54,7 @@ bzrtpContext_t *bzrtp_createBzrtpContext(uint32_t selfSSRC) {
memset(context, 0, sizeof(bzrtpContext_t)); memset(context, 0, sizeof(bzrtpContext_t));
/* start the random number generator */ /* start the random number generator */
context->RNGContext = bzrtpCrypto_startRNG(NULL, 0); /* TODO: give a seed for the RNG? */ context->RNGContext = bctoolbox_rng_context_new(); /* TODO: give a seed for the RNG? */
/* set the DHM context to NULL, it will be created if needed when creating a DHPart packet */ /* set the DHM context to NULL, it will be created if needed when creating a DHPart packet */
context->DHMContext = NULL; context->DHMContext = NULL;
...@@ -81,11 +81,11 @@ bzrtpContext_t *bzrtp_createBzrtpContext(uint32_t selfSSRC) { ...@@ -81,11 +81,11 @@ bzrtpContext_t *bzrtp_createBzrtpContext(uint32_t selfSSRC) {
/* get the list of crypto algorithms provided by the crypto module */ /* get the list of crypto algorithms provided by the crypto module */
/* this list may then be updated according to users settings */ /* this list may then be updated according to users settings */
context->hc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_HASH_TYPE, context->supportedHash); context->hc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_HASH_TYPE, context->supportedHash);
context->cc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_CIPHERBLOCK_TYPE, context->supportedCipher); context->cc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_CIPHERBLOCK_TYPE, context->supportedCipher);
context->ac = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_AUTHTAG_TYPE, context->supportedAuthTag); context->ac = bzrtpUtils_getAvailableCryptoTypes(ZRTP_AUTHTAG_TYPE, context->supportedAuthTag);
context->kc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_KEYAGREEMENT_TYPE, context->supportedKeyAgreement); context->kc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_KEYAGREEMENT_TYPE, context->supportedKeyAgreement);
context->sc = bzrtpCrypto_getAvailableCryptoTypes(ZRTP_SAS_TYPE, context->supportedSas); context->sc = bzrtpUtils_getAvailableCryptoTypes(ZRTP_SAS_TYPE, context->supportedSas);
/* initialise cached secret buffer to null */ /* initialise cached secret buffer to null */
#ifdef HAVE_LIBXML2 #ifdef HAVE_LIBXML2
...@@ -157,7 +157,7 @@ void bzrtp_destroyBzrtpContext(bzrtpContext_t *context, uint32_t selfSSRC) { ...@@ -157,7 +157,7 @@ void bzrtp_destroyBzrtpContext(bzrtpContext_t *context, uint32_t selfSSRC) {
/* We have no more channel, destroy the zrtp context */ /* We have no more channel, destroy the zrtp context */
if (context->DHMContext != NULL) { if (context->DHMContext != NULL) {
bzrtpCrypto_DestroyDHMContext(context->DHMContext); bctoolbox_DestroyDHMContext(context->DHMContext);
context->DHMContext = NULL; context->DHMContext = NULL;
} }
...@@ -180,7 +180,7 @@ void bzrtp_destroyBzrtpContext(bzrtpContext_t *context, uint32_t selfSSRC) { ...@@ -180,7 +180,7 @@ void bzrtp_destroyBzrtpContext(bzrtpContext_t *context, uint32_t selfSSRC) {
#endif #endif
/* destroy the RNG context at the end because it may be needed to destroy some keys */ /* destroy the RNG context at the end because it may be needed to destroy some keys */
bzrtpCrypto_destroyRNG(context->RNGContext); bctoolbox_rng_context_free(context->RNGContext);
context->RNGContext = NULL; context->RNGContext = NULL;
free(context); free(context);
return; return;
...@@ -612,10 +612,10 @@ int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelContext_t ...@@ -612,10 +612,10 @@ int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelContext_t
zrtpChannelContext->role = INITIATOR; zrtpChannelContext->role = INITIATOR;
/* create H0 (32 bytes random) and derive using implicit Hash(SHA256) H1,H2,H3 */ /* create H0 (32 bytes random) and derive using implicit Hash(SHA256) H1,H2,H3 */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpChannelContext->selfH[0], 32); bctoolbox_rng_get(zrtpContext->RNGContext, zrtpChannelContext->selfH[0], 32);
bzrtpCrypto_sha256(zrtpChannelContext->selfH[0], 32, 32, zrtpChannelContext->selfH[1]); bctoolbox_sha256(zrtpChannelContext->selfH[0], 32, 32, zrtpChannelContext->selfH[1]);
bzrtpCrypto_sha256(zrtpChannelContext->selfH[1], 32, 32, zrtpChannelContext->selfH[2]); bctoolbox_sha256(zrtpChannelContext->selfH[1], 32, 32, zrtpChannelContext->selfH[2]);
bzrtpCrypto_sha256(zrtpChannelContext->selfH[2], 32, 32, zrtpChannelContext->selfH[3]); bctoolbox_sha256(zrtpChannelContext->selfH[2], 32, 32, zrtpChannelContext->selfH[3]);
/* initialisation of packet storage */ /* initialisation of packet storage */
for (i=0; i<PACKET_STORAGE_CAPACITY; i++) { for (i=0; i<PACKET_STORAGE_CAPACITY; i++) {
...@@ -624,7 +624,7 @@ int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelContext_t ...@@ -624,7 +624,7 @@ int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelContext_t
} }
/* initialise the self Sequence number to a random and peer to 0 */ /* initialise the self Sequence number to a random and peer to 0 */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, (uint8_t *)&(zrtpChannelContext->selfSequenceNumber), 2); bctoolbox_rng_get(zrtpContext->RNGContext, (uint8_t *)&(zrtpChannelContext->selfSequenceNumber), 2);
zrtpChannelContext->selfSequenceNumber &= 0x0FFF; /* first 4 bits to zero in order to avoid reaching FFFF and turning back to 0 */ zrtpChannelContext->selfSequenceNumber &= 0x0FFF; /* first 4 bits to zero in order to avoid reaching FFFF and turning back to 0 */
zrtpChannelContext->selfSequenceNumber++; /* be sure it is not initialised to 0 */ zrtpChannelContext->selfSequenceNumber++; /* be sure it is not initialised to 0 */
zrtpChannelContext->peerSequenceNumber = 0; zrtpChannelContext->peerSequenceNumber = 0;
...@@ -791,7 +791,7 @@ void bzrtp_setSupportedCryptoTypes(bzrtpContext_t *zrtpContext, uint8_t algoType ...@@ -791,7 +791,7 @@ void bzrtp_setSupportedCryptoTypes(bzrtpContext_t *zrtpContext, uint8_t algoType
return; return;
} }
implementedTypesCount = bzrtpCrypto_getAvailableCryptoTypes(algoType, implementedTypes); implementedTypesCount = bzrtpUtils_getAvailableCryptoTypes(algoType, implementedTypes);
switch(algoType) { switch(algoType) {
case ZRTP_HASH_TYPE: case ZRTP_HASH_TYPE:
......
This diff is collapsed.
This diff is collapsed.
...@@ -30,8 +30,81 @@ ...@@ -30,8 +30,81 @@
#include <string.h> #include <string.h>
#include "cryptoUtils.h" #include "cryptoUtils.h"
#include "cryptoWrapper.h" #include "bctoolbox/crypto.h"
/** Return available crypto functions. For now we have
*
* - Hash: HMAC-SHA256(Mandatory)
* - CipherBlock: AES128(Mandatory)
* - Auth Tag: HMAC-SHA132 and HMAC-SHA180 (These are mandatory for SRTP and depends on the SRTP implementation thus we can just suppose they are both available)
* - Key Agreement: DHM3k(Mandatory), DHM2k(optional and shall not be used except on low power devices)
* - Sas: base32(Mandatory), b256(pgp words)
*/
uint8_t bzrtpUtils_getAvailableCryptoTypes(uint8_t algoType, uint8_t availableTypes[7]) {
switch(algoType) {
case ZRTP_HASH_TYPE:
availableTypes[0] = ZRTP_HASH_S256;
return 1;
break;
case ZRTP_CIPHERBLOCK_TYPE:
availableTypes[0] = ZRTP_CIPHER_AES1;
availableTypes[1] = ZRTP_CIPHER_AES3;
return 2;
break;
case ZRTP_AUTHTAG_TYPE:
availableTypes[0] = ZRTP_AUTHTAG_HS32;
availableTypes[1] = ZRTP_AUTHTAG_HS80;
return 2;
break;
case ZRTP_KEYAGREEMENT_TYPE:
availableTypes[0] = ZRTP_KEYAGREEMENT_DH3k;
availableTypes[1] = ZRTP_KEYAGREEMENT_DH2k;
availableTypes[2] = ZRTP_KEYAGREEMENT_Mult; /* This one shall always be at the end of the list, it is just to inform the peer ZRTP endpoint that we support the Multichannel ZRTP */
return 3;
break;
case ZRTP_SAS_TYPE: /* the SAS function is implemented in cryptoUtils.c and then is not directly linked to the polarSSL crypto wrapper */
availableTypes[0] = ZRTP_SAS_B32;
availableTypes[1] = ZRTP_SAS_B256;
return 2;
break;
default:
return 0;
}
}
/** Return mandatory crypto functions. For now we have
*
* - Hash: HMAC-SHA256
* - CipherBlock: AES128
* - Auth Tag: HMAC-SHA132 and HMAC-SHA180
* - Key Agreement: DHM3k
* - Sas: base32
*/
uint8_t bzrtpUtils_getMandatoryCryptoTypes(uint8_t algoType, uint8_t mandatoryTypes[7]) {
switch(algoType) {
case ZRTP_HASH_TYPE:
mandatoryTypes[0] = ZRTP_HASH_S256;
return 1;
case ZRTP_CIPHERBLOCK_TYPE:
mandatoryTypes[0] = ZRTP_CIPHER_AES1;
return 1;
case ZRTP_AUTHTAG_TYPE:
mandatoryTypes[0] = ZRTP_AUTHTAG_HS32;
mandatoryTypes[1] = ZRTP_AUTHTAG_HS80;
return 2;
case ZRTP_KEYAGREEMENT_TYPE:
mandatoryTypes[0] = ZRTP_KEYAGREEMENT_DH3k;
mandatoryTypes[1] = ZRTP_KEYAGREEMENT_Mult; /* we must add this one if we want to be able to make multistream */
return 2;
case ZRTP_SAS_TYPE:
mandatoryTypes[0] = ZRTP_SAS_B32;
return 1;
default:
return 0;
}
}
int bzrtp_keyDerivationFunction(uint8_t *key, uint16_t keyLength, int bzrtp_keyDerivationFunction(uint8_t *key, uint16_t keyLength,
uint8_t *label, uint16_t labelLength, uint8_t *label, uint16_t labelLength,
...@@ -368,8 +441,8 @@ int updateCryptoFunctionPointers(bzrtpChannelContext_t *zrtpChannelContext) { ...@@ -368,8 +441,8 @@ int updateCryptoFunctionPointers(bzrtpChannelContext_t *zrtpChannelContext) {
/* Hash algo */ /* Hash algo */
switch (zrtpChannelContext->hashAlgo) { switch (zrtpChannelContext->hashAlgo) {
case ZRTP_HASH_S256 : case ZRTP_HASH_S256 :
zrtpChannelContext->hashFunction = bzrtpCrypto_sha256; zrtpChannelContext->hashFunction = bctoolbox_sha256;
zrtpChannelContext->hmacFunction = bzrtpCrypto_hmacSha256; zrtpChannelContext->hmacFunction = bctoolbox_hmacSha256;
zrtpChannelContext->hashLength = 32; zrtpChannelContext->hashLength = 32;
break; break;
case ZRTP_UNSET_ALGO : case ZRTP_UNSET_ALGO :
...@@ -385,13 +458,13 @@ int updateCryptoFunctionPointers(bzrtpChannelContext_t *zrtpChannelContext) { ...@@ -385,13 +458,13 @@ int updateCryptoFunctionPointers(bzrtpChannelContext_t *zrtpChannelContext) {
/* CipherBlock algo */ /* CipherBlock algo */
switch (zrtpChannelContext->cipherAlgo) { switch (zrtpChannelContext->cipherAlgo) {
case ZRTP_CIPHER_AES1 : case ZRTP_CIPHER_AES1 :
zrtpChannelContext->cipherEncryptionFunction = bzrtpCrypto_aes128CfbEncrypt; zrtpChannelContext->cipherEncryptionFunction = bctoolbox_aes128CfbEncrypt;
zrtpChannelContext->cipherDecryptionFunction = bzrtpCrypto_aes128CfbDecrypt; zrtpChannelContext->cipherDecryptionFunction = bctoolbox_aes128CfbDecrypt;
zrtpChannelContext->cipherKeyLength = 16; zrtpChannelContext->cipherKeyLength = 16;
break; break;
case ZRTP_CIPHER_AES3 : case ZRTP_CIPHER_AES3 :
zrtpChannelContext->cipherEncryptionFunction = bzrtpCrypto_aes256CfbEncrypt; zrtpChannelContext->cipherEncryptionFunction = bctoolbox_aes256CfbEncrypt;
zrtpChannelContext->cipherDecryptionFunction = bzrtpCrypto_aes256CfbDecrypt; zrtpChannelContext->cipherDecryptionFunction = bctoolbox_aes256CfbDecrypt;
zrtpChannelContext->cipherKeyLength = 32; zrtpChannelContext->cipherKeyLength = 32;
break; break;
case ZRTP_UNSET_ALGO : case ZRTP_UNSET_ALGO :
...@@ -502,7 +575,7 @@ void addMandatoryCryptoTypesIfNeeded(uint8_t algoType, uint8_t algoTypes[7], uin ...@@ -502,7 +575,7 @@ void addMandatoryCryptoTypesIfNeeded(uint8_t algoType, uint8_t algoTypes[7], uin
int algosBitmask[BITMASK_256_SIZE]; int algosBitmask[BITMASK_256_SIZE];
int missingBitmask[BITMASK_256_SIZE]; int missingBitmask[BITMASK_256_SIZE];
uint8_t mandatoryTypes[7]; uint8_t mandatoryTypes[7];
const uint8_t mandatoryTypesCount = bzrtpCrypto_getMandatoryCryptoTypes(algoType, mandatoryTypes); const uint8_t mandatoryTypesCount = bzrtpUtils_getMandatoryCryptoTypes(algoType, mandatoryTypes);
uint8_t missingTypesCount = mandatoryTypesCount; uint8_t missingTypesCount = mandatoryTypesCount;
BITMASK_256_SET_ZERO(missingBitmask); BITMASK_256_SET_ZERO(missingBitmask);
...@@ -727,7 +800,7 @@ void cryptoAlgoTypeIntToString(uint8_t algoTypeInt, uint8_t algoTypeString[4]) { ...@@ -727,7 +800,7 @@ void cryptoAlgoTypeIntToString(uint8_t algoTypeInt, uint8_t algoTypeString[4]) {
*/ */
void bzrtp_DestroyKey(uint8_t *key, uint8_t keyLength, void *rngContext) { void bzrtp_DestroyKey(uint8_t *key, uint8_t keyLength, void *rngContext) {
if (key != NULL) { if (key != NULL) {
bzrtpCrypto_getRandom(rngContext, key, keyLength); bctoolbox_rng_get(rngContext, key, keyLength);
} }
} }
This diff is collapsed.
...@@ -30,6 +30,7 @@ ...@@ -30,6 +30,7 @@
#include "packetParser.h" #include "packetParser.h"
#include "cryptoUtils.h" #include "cryptoUtils.h"
#include "zidCache.h" #include "zidCache.h"
#include <bctoolbox/crypto.h>
#include "stateMachine.h" #include "stateMachine.h"
...@@ -566,7 +567,7 @@ int state_keyAgreement_sendingCommit(bzrtpEvent_t event) { ...@@ -566,7 +567,7 @@ int state_keyAgreement_sendingCommit(bzrtpEvent_t event) {
/* Compute the shared DH secret */ /* Compute the shared DH secret */
zrtpContext->DHMContext->peer = (uint8_t *)malloc(zrtpChannelContext->keyAgreementLength*sizeof(uint8_t)); zrtpContext->DHMContext->peer = (uint8_t *)malloc(zrtpChannelContext->keyAgreementLength*sizeof(uint8_t));
memcpy (zrtpContext->DHMContext->peer, dhPart1Message->pv, zrtpChannelContext->keyAgreementLength); memcpy (zrtpContext->DHMContext->peer, dhPart1Message->pv, zrtpChannelContext->keyAgreementLength);
bzrtpCrypto_DHMComputeSecret(zrtpContext->DHMContext, (int (*)(void *, uint8_t *, size_t))bzrtpCrypto_getRandom, (void *)zrtpContext->RNGContext); bctoolbox_DHMComputeSecret(zrtpContext->DHMContext, (int (*)(void *, uint8_t *, size_t))bctoolbox_rng_get, (void *)zrtpContext->RNGContext);
/* Derive the s0 key */ /* Derive the s0 key */
bzrtp_computeS0DHMMode(zrtpContext, zrtpChannelContext); bzrtp_computeS0DHMMode(zrtpContext, zrtpChannelContext);
...@@ -856,7 +857,7 @@ int state_keyAgreement_responderSendingDHPart1(bzrtpEvent_t event) { ...@@ -856,7 +857,7 @@ int state_keyAgreement_responderSendingDHPart1(bzrtpEvent_t event) {
/* Compute the shared DH secret */ /* Compute the shared DH secret */
zrtpContext->DHMContext->peer = (uint8_t *)malloc(zrtpChannelContext->keyAgreementLength*sizeof(uint8_t)); zrtpContext->DHMContext->peer = (uint8_t *)malloc(zrtpChannelContext->keyAgreementLength*sizeof(uint8_t));
memcpy (zrtpContext->DHMContext->peer, dhPart2Message->pv, zrtpChannelContext->keyAgreementLength); memcpy (zrtpContext->DHMContext->peer, dhPart2Message->pv, zrtpChannelContext->keyAgreementLength);
bzrtpCrypto_DHMComputeSecret(zrtpContext->DHMContext, (int (*)(void *, uint8_t *, size_t))bzrtpCrypto_getRandom, (void *)zrtpContext->RNGContext); bctoolbox_DHMComputeSecret(zrtpContext->DHMContext, (int (*)(void *, uint8_t *, size_t))bctoolbox_rng_get, (void *)zrtpContext->RNGContext);
/* Derive the s0 key */ /* Derive the s0 key */
bzrtp_computeS0DHMMode(zrtpContext, zrtpChannelContext); bzrtp_computeS0DHMMode(zrtpContext, zrtpChannelContext);
...@@ -1656,16 +1657,16 @@ int bzrtp_responseToHelloMessage(bzrtpContext_t *zrtpContext, bzrtpChannelContex ...@@ -1656,16 +1657,16 @@ int bzrtp_responseToHelloMessage(bzrtpContext_t *zrtpContext, bzrtpChannelContex
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs1, zrtpContext->cachedSecret.rs1Length, (uint8_t *)"Initiator", 9, 8, zrtpContext->initiatorCachedSecretHash.rs1ID); zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs1, zrtpContext->cachedSecret.rs1Length, (uint8_t *)"Initiator", 9, 8, zrtpContext->initiatorCachedSecretHash.rs1ID);
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs1, zrtpContext->cachedSecret.rs1Length, (uint8_t *)"Responder", 9, 8, zrtpContext->responderCachedSecretHash.rs1ID); zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs1, zrtpContext->cachedSecret.rs1Length, (uint8_t *)"Responder", 9, 8, zrtpContext->responderCachedSecretHash.rs1ID);
} else { /* we have no secret, generate a random */ } else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.rs1ID, 8); bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.rs1ID, 8);
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.rs1ID, 8); bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.rs1ID, 8);
} }
if (zrtpContext->cachedSecret.rs2!=NULL) { if (zrtpContext->cachedSecret.rs2!=NULL) {
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs2, zrtpContext->cachedSecret.rs2Length, (uint8_t *)"Initiator", 9, 8, zrtpContext->initiatorCachedSecretHash.rs2ID); zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs2, zrtpContext->cachedSecret.rs2Length, (uint8_t *)"Initiator", 9, 8, zrtpContext->initiatorCachedSecretHash.rs2ID);
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs2, zrtpContext->cachedSecret.rs2Length, (uint8_t *)"Responder", 9, 8, zrtpContext->responderCachedSecretHash.rs2ID); zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.rs2, zrtpContext->cachedSecret.rs2Length, (uint8_t *)"Responder", 9, 8, zrtpContext->responderCachedSecretHash.rs2ID);
} else { /* we have no secret, generate a random */ } else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.rs2ID, 8); bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.rs2ID, 8);
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.rs2ID, 8); bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.rs2ID, 8);
} }
...@@ -1673,16 +1674,16 @@ int bzrtp_responseToHelloMessage(bzrtpContext_t *zrtpContext, bzrtpChannelContex ...@@ -1673,16 +1674,16 @@ int bzrtp_responseToHelloMessage(bzrtpContext_t *zrtpContext, bzrtpChannelContex
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.pbxsecret, zrtpContext->cachedSecret.pbxsecretLength, (uint8_t *)"Initiator", 9, 8, zrtpContext->initiatorCachedSecretHash.pbxsecretID); zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.pbxsecret, zrtpContext->cachedSecret.pbxsecretLength, (uint8_t *)"Initiator", 9, 8, zrtpContext->initiatorCachedSecretHash.pbxsecretID);
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.pbxsecret, zrtpContext->cachedSecret.pbxsecretLength, (uint8_t *)"Responder", 9, 8, zrtpContext->responderCachedSecretHash.pbxsecretID); zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.pbxsecret, zrtpContext->cachedSecret.pbxsecretLength, (uint8_t *)"Responder", 9, 8, zrtpContext->responderCachedSecretHash.pbxsecretID);
} else { /* we have no secret, generate a random */ } else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.pbxsecretID, 8); bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->initiatorCachedSecretHash.pbxsecretID, 8);
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.pbxsecretID, 8); bctoolbox_rng_get(zrtpContext->RNGContext, zrtpContext->responderCachedSecretHash.pbxsecretID, 8);
} }
if (zrtpContext->cachedSecret.auxsecret!=NULL) { if (zrtpContext->cachedSecret.auxsecret!=NULL) {
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.auxsecret, zrtpContext->cachedSecret.auxsecretLength, zrtpChannelContext->selfH[3], 32, 8, zrtpChannelContext->initiatorAuxsecretID); zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.auxsecret, zrtpContext->cachedSecret.auxsecretLength, zrtpChannelContext->selfH[3], 32, 8, zrtpChannelContext->initiatorAuxsecretID);
zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.auxsecret, zrtpContext->cachedSecret.auxsecretLength, zrtpChannelContext->peerH[3], 32, 8, zrtpChannelContext->responderAuxsecretID); zrtpChannelContext->hmacFunction(zrtpContext->cachedSecret.auxsecret, zrtpContext->cachedSecret.auxsecretLength, zrtpChannelContext->peerH[3], 32, 8, zrtpChannelContext->responderAuxsecretID);
} else { /* we have no secret, generate a random */ } else { /* we have no secret, generate a random */
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpChannelContext->initiatorAuxsecretID, 8); bctoolbox_rng_get(zrtpContext->RNGContext, zrtpChannelContext->initiatorAuxsecretID, 8);
bzrtpCrypto_getRandom(zrtpContext->RNGContext, zrtpChannelContext->responderAuxsecretID, 8); bctoolbox_rng_get(zrtpContext->RNGContext, zrtpChannelContext->responderAuxsecretID, 8);
} }
/* now select mode according to context */ /* now select mode according to context */
......
...@@ -26,9 +26,10 @@ ...@@ -26,9 +26,10 @@
*/ */
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "typedef.h"
#include <bctoolbox/crypto.h>
#include "zidCache.h" #include "zidCache.h"
#include "typedef.h"
#ifdef HAVE_LIBXML2 #ifdef HAVE_LIBXML2
...@@ -61,7 +62,7 @@ int bzrtp_getSelfZID(bzrtpContext_t *context, uint8_t selfZID[12]) { ...@@ -61,7 +62,7 @@ int bzrtp_getSelfZID(bzrtpContext_t *context, uint8_t selfZID[12]) {
if (cb!=NULL) cb(cacheStringBuffer); if (cb!=NULL) cb(cacheStringBuffer);
} else { } else {
/* we are running cacheless, return a random number */ /* we are running cacheless, return a random number */
bzrtpCrypto_getRandom(context->RNGContext, selfZID, 12); bctoolbox_rng_get(context->RNGContext, selfZID, 12);
return 0; return 0;
} }
...@@ -90,7 +91,7 @@ int bzrtp_getSelfZID(bzrtpContext_t *context, uint8_t selfZID[12]) { ...@@ -90,7 +91,7 @@ int bzrtp_getSelfZID(bzrtpContext_t *context, uint8_t selfZID[12]) {
xmlNodePtr rootNode; xmlNodePtr rootNode;
/* generate a random ZID */ /* generate a random ZID */
bzrtpCrypto_getRandom(context->RNGContext, selfZID, 12); bctoolbox_rng_get(context->RNGContext, selfZID, 12);
/* convert it to an Hexa String */ /* convert it to an Hexa String */
bzrtp_int8ToStr(newZidHex, selfZID, 12); bzrtp_int8ToStr(newZidHex, selfZID, 12);
newZidHex[24] = '\0'; /* the string must be null terminated for libxml2 to add it correctly in the element */ newZidHex[24] = '\0'; /* the string must be null terminated for libxml2 to add it correctly in the element */
...@@ -429,7 +430,7 @@ int bzrtp_getSelfZID(bzrtpContext_t *context, uint8_t selfZID[12]) { ...@@ -429,7 +430,7 @@ int bzrtp_getSelfZID(bzrtpContext_t *context, uint8_t selfZID[12]) {
return ZRTP_ZIDCACHE_INVALID_CONTEXT; return ZRTP_ZIDCACHE_INVALID_CONTEXT;
} }
/* we are running cacheless, return a random number */ /* we are running cacheless, return a random number */
bzrtpCrypto_getRandom(context->RNGContext, selfZID, 12); bctoolbox_rng_get(context->RNGContext, selfZID, 12);
return 0; return 0;
} }
int bzrtp_getPeerAssociatedSecretsHash(bzrtpContext_t *context, uint8_t peerZID[12]) { int bzrtp_getPeerAssociatedSecretsHash(bzrtpContext_t *context, uint8_t peerZID[12]) {
......
...@@ -34,18 +34,6 @@ set(TEST_SOURCES ...@@ -34,18 +34,6 @@ set(TEST_SOURCES
../src/zidCache.c ../src/zidCache.c
)