Commit 6ac4d568 authored by Ghislain MARY's avatar Ghislain MARY
Browse files

Merge branch 'bctoolbox'

Conflicts:
	mediastreamer2
parents e78a360a a3efb610
......@@ -91,9 +91,11 @@ endif()
if(LINPHONE_BUILDER_GROUP_EXTERNAL_SOURCE_PATH_BUILDERS)
include("${EP_bellesip_CONFIG_DIR}/BelleSIPConfig.cmake")
include("${EP_ms2_CONFIG_DIR}/Mediastreamer2Config.cmake")
include("${EP_bctoolbox_CONFIG_DIR}/BcToolboxConfig.cmake")
else()
find_package(BelleSIP REQUIRED)
find_package(Mediastreamer2 REQUIRED)
find_package(BcToolBox REQUIRED)
endif()
find_package(XML2 REQUIRED)
find_package(Zlib)
......@@ -181,6 +183,7 @@ include_directories(
${CMAKE_CURRENT_BINARY_DIR}/coreapi/
${BELLESIP_INCLUDE_DIRS}
${MEDIASTREAMER2_INCLUDE_DIRS}
${BCTOOLBOX_INCLUDE_DIRS}
)
if(ENABLE_TUNNEL)
include_directories(${TUNNEL_INCLUDE_DIRS})
......
############################################################################
# FindiBcToolBox.cmake
# Copyright (C) 2016 Belledonne Communications, Grenoble France
#
############################################################################
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
############################################################################
#
# - Find the bctoolbox include file and library
#
# BCTOOLBOX_FOUND - system has BC Toolbox
# BCTOOLBOX_INCLUDE_DIRS - the BC Toolbox include directory
# BCTOOLBOX_LIBRARIES - The libraries needed to use BC Toolbox
include(CMakePushCheckState)
include(CheckIncludeFile)
include(CheckCSourceCompiles)
include(CheckSymbolExists)
set(_BCTOOLBOX_ROOT_PATHS
${CMAKE_INSTALL_PREFIX}
)
find_path(BCTOOLBOX_INCLUDE_DIRS
NAMES bctoolbox/crypto.h
HINTS _BCTOOLBOX_ROOT_PATHS
PATH_SUFFIXES include
)
find_library(BCTOOLBOX_LIBRARIES
NAMES bctoolbox
HINTS _BCTOOLBOX_ROOT_PATHS
PATH_SUFFIXES bin lib
)
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(BcToolBox
DEFAULT_MSG
BCTOOLBOX_INCLUDE_DIRS BCTOOLBOX_LIBRARIES
)
mark_as_advanced(BCTOOLBOX_INCLUDE_DIRS BCTOOLBOX_LIBRARIES)
......@@ -149,6 +149,7 @@ apply_compile_flags(LINPHONE_SOURCE_FILES_CXX "CPP" "CXX")
apply_compile_flags(LINPHONE_SOURCE_FILES_OBJC "CPP" "OBJC")
set(LIBS
${BCTOOLBOX_LIBRARIES}
${BELLESIP_LIBRARIES}
${MEDIASTREAMER2_LIBRARIES}
${XML2_LIBRARIES}
......
......@@ -20,7 +20,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#include "linphonecore.h"
#include "private.h"
#include <polarssl/md5.h>
#include <bctoolbox/crypto.h>
static char * create_resource_list_xml(const LinphoneFriendList *list) {
......@@ -393,7 +393,7 @@ void linphone_friend_list_update_subscriptions(LinphoneFriendList *list, Linphon
char *xml_content = create_resource_list_xml(list);
if ((address != NULL) && (xml_content != NULL) && (linphone_friend_list_has_subscribe_inactive(list) == TRUE)) {
unsigned char digest[16];
md5((unsigned char *)xml_content, strlen(xml_content), digest);
bctoolbox_md5((unsigned char *)xml_content, strlen(xml_content), digest);
if ((list->event != NULL) && (list->content_digest != NULL) && (memcmp(list->content_digest, digest, sizeof(digest)) == 0)) {
/* The content has not changed, only refresh the event. */
linphone_event_refresh_subscribe(list->event);
......
......@@ -4,19 +4,8 @@
#endif
#ifdef HAVE_LIME
#include "linphonecore.h"
#include "ortp/b64.h"
#include "polarssl/gcm.h"
/* check polarssl version */
#include <polarssl/version.h>
#if POLARSSL_VERSION_NUMBER >= 0x01030000 /* for Polarssl version 1.3 */
#include "polarssl/sha256.h"
#else /* for Polarssl version 1.2 */
#include "polarssl/sha2.h"
#endif
#include "bctoolbox/crypto.h"
/**
* @brief check at runtime if LIME is available
......@@ -417,13 +406,6 @@ static int lime_deriveKey(limeKey_t *key) {
return LIME_UNABLE_TO_DERIVE_KEY;
}
#if 0
/*not doing anything yet since key and sessionId are array, not pointers*/
if ((key->key == NULL) || (key->sessionId == NULL)) {
return LIME_UNABLE_TO_DERIVE_KEY;
}
#endif
/* Derivation is made derived Key = HMAC_SHA256(Key, 0x0000001||"MessageKey"||0x00||SessionId||SessionIndex||0x00000100)*/
/* total data to be hashed is 55 bytes : 4 + 10 + 1 + 32 + 4 + 4 */
inputData[0] = 0x00;
......@@ -448,11 +430,7 @@ static int lime_deriveKey(limeKey_t *key) {
inputData[54] = 0x00;
/* derive the key in a temp buffer */
#if POLARSSL_VERSION_NUMBER >= 0x01030000 /* for Polarssl version 1.3 */
sha256_hmac(key->key, 32, inputData, 55, derivedKey, 0); /* last param to zero to select SHA256 and not SHA224 */
#else /* for Polarssl version 1.2 */
sha2_hmac(key->key, 32, inputData, 55, derivedKey, 0); /* last param to zero to select SHA256 and not SHA224 */
#endif /* POLARSSL_VERSION_NUMBER */
bctoolbox_hmacSha256(key->key, 32, inputData, 55, 32, derivedKey);
/* overwrite the old key with the derived one */
memcpy(key->key, derivedKey, 32);
......@@ -481,7 +459,6 @@ void lime_freeKeys(limeURIKeys_t associatedKeys) {
int lime_encryptMessage(limeKey_t *key, uint8_t *plainMessage, uint32_t messageLength, uint8_t selfZID[12], uint8_t *encryptedMessage) {
uint8_t authenticatedData[28];
gcm_context gcmContext;
/* Authenticated data is senderZID(12 bytes)||receiverZID(12 bytes)||sessionIndex(4 bytes) */
memcpy(authenticatedData, selfZID, 12);
memcpy(authenticatedData+12, key->peerZID, 12);
......@@ -492,31 +469,31 @@ int lime_encryptMessage(limeKey_t *key, uint8_t *plainMessage, uint32_t messageL
/* AES-GCM : key is 192 bits long, Init Vector 64 bits. 256 bits key given is AES key||IV */
/* tag is 16 bytes long and is set in the 16 first bytes of the encrypted message */
gcm_init(&gcmContext, POLARSSL_CIPHER_ID_AES, key->key, 192);
gcm_crypt_and_tag(&gcmContext, GCM_ENCRYPT, messageLength, key->key+24, 8, authenticatedData, 28, plainMessage, encryptedMessage+16, 16, encryptedMessage);
gcm_free(&gcmContext);
return bctoolbox_aes_gcm_encrypt_and_tag(key->key, 24,
plainMessage, messageLength,
authenticatedData, 28,
key->key+24, 8, /* IV is at the end(last 64 bits) of the given key buffer */
encryptedMessage, 16, /* the first 16 bytes of output are the authentication tag */
encryptedMessage+16); /* actual encrypted message starts after 16 bytes of authentication tag */
return 0;
}
int lime_encryptFile(void **cryptoContext, unsigned char *key, size_t length, char *plain, char *cipher) {
gcm_context *gcmContext;
bctoolbox_aes_gcm_context_t *gcmContext;
if (*cryptoContext == NULL) { /* first call to the function, allocate a crypto context and initialise it */
gcmContext = (gcm_context *)malloc(sizeof(gcm_context));
*cryptoContext = (void *)gcmContext;
gcm_init(gcmContext, POLARSSL_CIPHER_ID_AES, key, 192);
gcm_starts(gcmContext, GCM_ENCRYPT, key+24, 8, NULL, 0); /* key contains 192bits of key || 64 bits of Initialisation Vector */
/* key contains 192bits of key || 64 bits of Initialisation Vector, no additional data */
gcmContext = bctoolbox_aes_gcm_context_new(key, 24, NULL, 0, key+24, 8, BCTOOLBOX_GCM_ENCRYPT);
*cryptoContext = gcmContext;
} else { /* this is not the first call, get the context */
gcmContext = (gcm_context *)*cryptoContext;
gcmContext = (bctoolbox_aes_gcm_context_t *)*cryptoContext;
}
if (length != 0) {
gcm_update(gcmContext, length, (const unsigned char *)plain, (unsigned char *)cipher);
} else { /* lenght is 0, finish the stream */
gcm_finish(gcmContext, NULL, 0); /* do not generate tag */
gcm_free(gcmContext);
free(*cryptoContext);
bctoolbox_aes_gcm_process_chunk(gcmContext, (const uint8_t *)plain, length, (uint8_t *)cipher);
} else { /* lenght is 0, finish the stream, no tag to be generated */
bctoolbox_aes_gcm_finish(gcmContext, NULL, 0);
*cryptoContext = NULL;
}
......@@ -524,23 +501,20 @@ int lime_encryptFile(void **cryptoContext, unsigned char *key, size_t length, ch
}
int lime_decryptFile(void **cryptoContext, unsigned char *key, size_t length, char *plain, char *cipher) {
gcm_context *gcmContext;
bctoolbox_aes_gcm_context_t *gcmContext;
if (*cryptoContext == NULL) { /* first call to the function, allocate a crypto context and initialise it */
gcmContext = (gcm_context *)malloc(sizeof(gcm_context));
*cryptoContext = (void *)gcmContext;
gcm_init(gcmContext, POLARSSL_CIPHER_ID_AES, key, 192);
gcm_starts(gcmContext, GCM_DECRYPT, key+24, 8, NULL, 0); /* key contains 192bits of key || 64 bits of Initialisation Vector */
/* key contains 192bits of key || 64 bits of Initialisation Vector, no additional data */
gcmContext = bctoolbox_aes_gcm_context_new(key, 24, NULL, 0, key+24, 8, BCTOOLBOX_GCM_DECRYPT);
*cryptoContext = gcmContext;
} else { /* this is not the first call, get the context */
gcmContext = (gcm_context *)*cryptoContext;
gcmContext = (bctoolbox_aes_gcm_context_t *)*cryptoContext;
}
if (length != 0) {
gcm_update(gcmContext, length, (const unsigned char *)cipher, (unsigned char *)plain);
bctoolbox_aes_gcm_process_chunk(gcmContext, (const unsigned char *)cipher, length, (unsigned char *)plain);
} else { /* lenght is 0, finish the stream */
gcm_finish(gcmContext, NULL, 0); /* do not generate tag */
gcm_free(gcmContext);
free(*cryptoContext);
bctoolbox_aes_gcm_finish(gcmContext, NULL, 0);
*cryptoContext = NULL;
}
......@@ -550,7 +524,6 @@ int lime_decryptFile(void **cryptoContext, unsigned char *key, size_t length, ch
int lime_decryptMessage(limeKey_t *key, uint8_t *encryptedMessage, uint32_t messageLength, uint8_t selfZID[12], uint8_t *plainMessage) {
uint8_t authenticatedData[28];
gcm_context gcmContext;
int retval;
/* Authenticated data is senderZID(12 bytes)||receiverZID(12 bytes)||sessionIndex(4 bytes) */
......@@ -563,10 +536,13 @@ int lime_decryptMessage(limeKey_t *key, uint8_t *encryptedMessage, uint32_t mess
/* AES-GCM : key is 192 bits long, Init Vector 64 bits. 256 bits key given is AES key||IV */
/* tag is 16 bytes long and is the 16 first bytes of the encrypted message */
gcm_init(&gcmContext, POLARSSL_CIPHER_ID_AES, key->key, 192);
/* messageLength-16 is the length of encrypted data, messageLength include the 16 bytes tag included at the begining of encryptedMessage */
retval = gcm_auth_decrypt(&gcmContext, messageLength-16, key->key+24, 8, authenticatedData, 28, encryptedMessage, 16, encryptedMessage+16, plainMessage);
gcm_free(&gcmContext);
retval = bctoolbox_aes_gcm_decrypt_and_auth(key->key, 24, /* key is 192 bits long */
encryptedMessage+16, messageLength-16, /* encrypted message first 16 bytes store the authentication tag, then is the actual message */
authenticatedData, 28, /* additionnal data needed for authentication */
key->key+24, 8, /* last 8 bytes of key is the initialisation vector */
encryptedMessage, 16, /* first 16 bytes of message is the authentication tag */
plainMessage);
/* add the null termination char */
plainMessage[messageLength-16] = '\0';
......@@ -621,8 +597,8 @@ int lime_createMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_t
uint8_t peerZidHex[25];
uint8_t sessionIndexHex[9];
xmlNodePtr msgNode;
int b64Size;
char *encryptedMessageb64;
size_t b64Size = 0;
unsigned char *encryptedMessageb64;
/* encrypt message with current key */
limeKey_t *currentKey = associatedKeys.peerKeys[i];
......@@ -652,9 +628,9 @@ int lime_createMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_t
xmlNewTextChild(msgNode, NULL, (const xmlChar *)"index", sessionIndexHex);
/* convert the cipherText to base 64 */
b64Size = b64_encode(NULL, encryptedMessageLength, NULL, 0);
encryptedMessageb64 = (char *)malloc(b64Size+1);
b64Size = b64_encode(encryptedMessage, encryptedMessageLength, encryptedMessageb64, b64Size);
bctoolbox_base64_encode(NULL, &b64Size, encryptedMessage, encryptedMessageLength); /* b64Size is 0, so it is set to the requested output buffer size */
encryptedMessageb64 = malloc(b64Size+1); /* allocate a buffer of requested size +1 for NULL termination */
bctoolbox_base64_encode(encryptedMessageb64, &b64Size, encryptedMessage, encryptedMessageLength); /* b64Size is 0, so it is set to the requested output buffer size */
encryptedMessageb64[b64Size] = '\0'; /* libxml need a null terminated string */
xmlNewTextChild(msgNode, NULL, (const xmlChar *)"text", (const xmlChar *)encryptedMessageb64);
free(encryptedMessage);
......@@ -685,7 +661,7 @@ int lime_decryptMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_
xmlChar *peerZidHex = NULL;
xmlNodePtr cur;
uint8_t *encryptedMessage = NULL;
uint32_t encryptedMessageLength = 0;
size_t encryptedMessageLength = 0;
uint32_t usedSessionIndex = 0;
xmlDocPtr xmlEncryptedMessage;
......@@ -750,14 +726,19 @@ int lime_decryptMultipartMessage(xmlDocPtr cacheBuffer, uint8_t *message, uint8_
| (((uint32_t)lime_charToByte(sessionIndexHex[6]))<<4)
| (((uint32_t)lime_charToByte(sessionIndexHex[7])));
xmlFree(sessionIndexHex);
/* get the encrypted message */
msgChildrenNode = msgChildrenNode->next;
/* convert the cipherText from base 64 */
encryptedMessageb64 = xmlNodeListGetString(cacheBuffer, msgChildrenNode->xmlChildrenNode, 1);
encryptedMessageLength = b64_decode((char *)encryptedMessageb64, strlen((char *)encryptedMessageb64), NULL, 0);
bctoolbox_base64_decode(NULL, &encryptedMessageLength, encryptedMessageb64, strlen((char *)encryptedMessageb64)); /* encryptedMessageLength is 0, so it will be set to the requested buffer length */
encryptedMessage = (uint8_t *)malloc(encryptedMessageLength);
encryptedMessageLength = b64_decode((char *)encryptedMessageb64, strlen((char *)encryptedMessageb64), encryptedMessage, encryptedMessageLength);
bctoolbox_base64_decode(encryptedMessage, &encryptedMessageLength, encryptedMessageb64, strlen((char *)encryptedMessageb64));
xmlFree(encryptedMessageb64);
xmlFree(currentZidHex);
break;
}
cur = cur->next;
......
......@@ -116,6 +116,8 @@ if(APPLE)
target_link_libraries(linphone-gtk "-framework Cocoa")
endif()
set_target_properties(linphone-gtk PROPERTIES XCODE_ATTRIBUTE_WARNING_CFLAGS "")
install(TARGETS linphone-gtk
RUNTIME DESTINATION bin
......
mediastreamer2 @ 900261f2
Subproject commit 897f0ba1a46a56ddd79a86d9f2804decff9d6bed
Subproject commit 900261f27b468fdb735b61b491eba92b0cb4701b
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment