Use GnuTLS/gcrypt for HMAC/RC4

git-svn-id: svn://svn.mplayerhq.hu/rtmpdump/trunk@364 400ebc74-4327-4243-bc38-086b20814532

diff --git a/librtmp/dh.h b/librtmp/dh.h
index 0ffd9a784de6a80393ac3a33b101f142b87bb765..8cd524cbf68325bbcc616e7590fc86f9109fb563 100644 (file)
--- a/librtmp/dh.h
+++ b/librtmp/dh.h
@@ -75,10 +75,6 @@ static int MDH_compute_key(uint8_t *secret, size_t len, MP_t pub, MDH *dh)
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-#include <openssl/sha.h>
-#include <openssl/hmac.h>
-#include <openssl/rc4.h>
-
 typedef BIGNUM * MP_t;
 #define MP_new()       BN_new()
 #define MP_set_w(mpi, w)       BN_set_word(mpi, w)

diff --git a/librtmp/handshake.h b/librtmp/handshake.h
index 602c5168a78cb1299123b67ed06c84599230a364..735cdd512a0fe2bf80aa87381b308ddf388d3a84 100644 (file)
--- a/librtmp/handshake.h
+++ b/librtmp/handshake.h
@@ -23,9 +23,38 @@
 
 /* This file is #included in rtmp.c, it is not meant to be compiled alone */
 
+#define USE_GNUTLS
+
+#ifdef USE_GNUTLS
+#include <gcrypt.h>
+#ifndef SHA256_DIGEST_LENGTH
+#define SHA256_DIGEST_LENGTH   32
+#endif
+#define HMAC_CTX       gcry_md_hd_t
+#define HMAC_setup(ctx, key, len)      gcry_md_open(&ctx, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC); gcry_md_setkey(ctx, key, len)
+#define HMAC_crunch(ctx, buf, len)     gcry_md_write(ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen)    dlen = SHA256_DIGEST_LENGTH; memcpy(dig, gcry_md_read(ctx, 0), dlen); gcry_md_close(ctx)
+
+typedef gcry_cipher_hd_t       RC4_handle;
+#define        RC4_setup(h)    gcry_cipher_open(h, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM, 0)
+#define RC4_setkey(h,l,k)      gcry_cipher_setkey(h,k,l)
+#define RC4_encrypt(h,l,d)     gcry_cipher_encrypt(h,(void *)d,l,NULL,0)
+#define RC4_encrypt2(h,l,s,d)  gcry_cipher_encrypt(h,(void *)d,l,(void *)s,l)
+
+#else
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <openssl/rc4.h>
+#define HMAC_setup(ctx, key, len)      HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, (unsigned char *)key, len, EVP_sha256(), 0)
+#define HMAC_crunch(ctx, buf, len)     HMAC_Update(&ctx, (unsigned char *)buf, len)
+#define HMAC_finish(ctx, dig, dlen)    HMAC_Final(&ctx, (unsigned char *)dig, &dlen); HMAC_CTX_cleanup(&ctx)
+
+typedef RC4_KEY *      RC4_handle;
+#define RC4_setup(h)   *h = malloc(sizeof(RC4_KEY))
+#define RC4_setkey(h,l,k)      RC4_set_key(h,l,k)
+#define RC4_encrypt(h,l,d)     RC4(h,l,(uint8_t *)d,(uint8_t *)d)
+#define RC4_encrypt2(h,l,s,d)  RC4(h,l,(uint8_t *)s,(uint8_t *)d)
+#endif
 
 #define FP10
 
@@ -59,36 +88,32 @@ static const char GenuineFPKey[] = {
 static void InitRC4Encryption
   (uint8_t * secretKey,
    uint8_t * pubKeyIn,
-   uint8_t * pubKeyOut, RC4_KEY ** rc4keyIn, RC4_KEY ** rc4keyOut)
+   uint8_t * pubKeyOut, RC4_handle *rc4keyIn, RC4_handle *rc4keyOut)
 {
   uint8_t digest[SHA256_DIGEST_LENGTH];
   unsigned int digestLen = 0;
+  HMAC_CTX ctx;
 
-  *rc4keyIn = malloc(sizeof(RC4_KEY));
-  *rc4keyOut = malloc(sizeof(RC4_KEY));
+  RC4_setup(rc4keyIn);
+  RC4_setup(rc4keyOut);
 
-  HMAC_CTX ctx;
-  HMAC_CTX_init(&ctx);
-  HMAC_Init_ex(&ctx, secretKey, 128, EVP_sha256(), 0);
-  HMAC_Update(&ctx, pubKeyIn, 128);
-  HMAC_Final(&ctx, digest, &digestLen);
-  HMAC_CTX_cleanup(&ctx);
+  HMAC_setup(ctx, secretKey, 128);
+  HMAC_crunch(ctx, pubKeyIn, 128);
+  HMAC_finish(ctx, digest, digestLen);
 
   Log(LOGDEBUG, "RC4 Out Key: ");
   LogHex(LOGDEBUG, (char *) digest, 16);
 
-  RC4_set_key(*rc4keyOut, 16, digest);
+  RC4_setkey(*rc4keyOut, 16, digest);
 
-  HMAC_CTX_init(&ctx);
-  HMAC_Init_ex(&ctx, secretKey, 128, EVP_sha256(), 0);
-  HMAC_Update(&ctx, pubKeyOut, 128);
-  HMAC_Final(&ctx, digest, &digestLen);
-  HMAC_CTX_cleanup(&ctx);
+  HMAC_setup(ctx, secretKey, 128);
+  HMAC_crunch(ctx, pubKeyOut, 128);
+  HMAC_finish(ctx, digest, digestLen);
 
   Log(LOGDEBUG, "RC4 In Key: ");
   LogHex(LOGDEBUG, (char *) digest, 16);
 
-  RC4_set_key(*rc4keyIn, 16, digest);
+  RC4_setkey(*rc4keyIn, 16, digest);
 }
 
 typedef unsigned int (getoff)(char *buf, unsigned int len);
@@ -209,13 +234,11 @@ HMACsha256(const char *message, size_t messageLen, const char *key,
           size_t keylen, char *digest)
 {
   unsigned int digestLen;
-
   HMAC_CTX ctx;
-  HMAC_CTX_init(&ctx);
-  HMAC_Init_ex(&ctx, (unsigned char *) key, keylen, EVP_sha256(), NULL);
-  HMAC_Update(&ctx, (unsigned char *) message, messageLen);
-  HMAC_Final(&ctx, (unsigned char *) digest, &digestLen);
-  HMAC_CTX_cleanup(&ctx);
+
+  HMAC_setup(ctx, key, keylen);
+  HMAC_crunch(ctx, message, messageLen);
+  HMAC_finish(ctx, digest, digestLen);
 
   assert(digestLen == 32);
 }
@@ -314,8 +337,8 @@ HandShake(RTMP * r, bool FP9HandShake)
   int digestPosClient = 0;
   bool encrypted = r->Link.protocol & RTMP_FEATURE_ENC;
 
-  RC4_KEY *keyIn = 0;
-  RC4_KEY *keyOut = 0;
+  RC4_handle keyIn = 0;
+  RC4_handle keyOut = 0;
 
   int32_t *ip;
   uint32_t uptime;
@@ -660,14 +683,12 @@ HandShake(RTMP * r, bool FP9HandShake)
          /* update the keystreams */
          if (r->Link.rc4keyIn)
            {
-             RC4(r->Link.rc4keyIn, RTMP_SIG_SIZE, (uint8_t *) buff,
-                 (uint8_t *) buff);
+             RC4_encrypt(r->Link.rc4keyIn, RTMP_SIG_SIZE, (uint8_t *) buff);
            }
 
          if (r->Link.rc4keyOut)
            {
-             RC4(r->Link.rc4keyOut, RTMP_SIG_SIZE, (uint8_t *) buff,
-                 (uint8_t *) buff);
+             RC4_encrypt(r->Link.rc4keyOut, RTMP_SIG_SIZE, (uint8_t *) buff);
            }
        }
     }
@@ -691,8 +712,8 @@ SHandShake(RTMP * r)
   int dhposClient = 0;
   int dhposServer = 0;
   int digestPosServer = 0;
-  RC4_KEY *keyIn = 0;
-  RC4_KEY *keyOut = 0;
+  RC4_handle keyIn = 0;
+  RC4_handle keyOut = 0;
   bool FP9HandShake = false;
   bool encrypted;
   int32_t *ip;
@@ -971,14 +992,12 @@ SHandShake(RTMP * r)
          /* update the keystreams */
          if (r->Link.rc4keyIn)
            {
-             RC4(r->Link.rc4keyIn, RTMP_SIG_SIZE, (uint8_t *) buff,
-                 (uint8_t *) buff);
+             RC4_encrypt(r->Link.rc4keyIn, RTMP_SIG_SIZE, (uint8_t *) buff);
            }
 
          if (r->Link.rc4keyOut)
            {
-             RC4(r->Link.rc4keyOut, RTMP_SIG_SIZE, (uint8_t *) buff,
-                 (uint8_t *) buff);
+             RC4_encrypt(r->Link.rc4keyOut, RTMP_SIG_SIZE, (uint8_t *) buff);
            }
        }
     }

diff --git a/librtmp/rtmp.c b/librtmp/rtmp.c
index f817c5cc1a542238c3e35eb89d8d32c33efda208..915de17926a1f1b484453c79e172c1a8605b5291 100644 (file)
--- a/librtmp/rtmp.c
+++ b/librtmp/rtmp.c
@@ -119,6 +119,10 @@ static int HTTP_read(RTMP *r, int fill);
 static int clk_tck;
 #endif
 
+#ifdef CRYPTO
+#include "handshake.h"
+#endif
+
 uint32_t
 RTMP_GetTime()
 {
@@ -930,7 +934,7 @@ ReadN(RTMP *r, char *buffer, int n)
 #ifdef CRYPTO
       if (r->Link.rc4keyIn)
        {
-         RC4(r->Link.rc4keyIn, nBytes, (uint8_t *) ptr, (uint8_t *) ptr);
+         RC4_encrypt(r->Link.rc4keyIn, nBytes, ptr);
        }
 #endif
 
@@ -956,7 +960,7 @@ WriteN(RTMP *r, const char *buffer, int n)
       else
        encrypted = (char *)buf;
       ptr = encrypted;
-      RC4(r->Link.rc4keyOut, n, (uint8_t *) buffer, (uint8_t *) ptr);
+      RC4_encrypt2(r->Link.rc4keyOut, n, buffer, ptr);
     }
 #endif
 
@@ -2386,9 +2390,7 @@ RTMP_ReadPacket(RTMP *r, RTMPPacket *packet)
   return true;
 }
 
-#ifdef CRYPTO
-#include "handshake.h"
-#else
+#ifndef CRYPTO
 static bool
 HandShake(RTMP *r, bool FP9HandShake)
 {