From: hyc Date: Thu, 29 Apr 2010 15:42:08 +0000 (+0000) Subject: Add support for polarssl, http://www.polarssl.org X-Git-Tag: v2.4~97 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=89d0b5c4067b0b9ca4570a76100de499a7010d38;p=rtmpdump Add support for polarssl, http://www.polarssl.org git-svn-id: svn://svn.mplayerhq.hu/rtmpdump/trunk@453 400ebc74-4327-4243-bc38-086b20814532 --- diff --git a/Makefile b/Makefile index 8e9ba22..ad490b8 100644 --- a/Makefile +++ b/Makefile @@ -4,9 +4,11 @@ CC=$(CROSS_COMPILE)gcc LD=$(CROSS_COMPILE)ld CRYPTO=OPENSSL +#CRYPTO=POLARSSL #CRYPTO=GNUTLS LIB_GNUTLS=-lgnutls -lgcrypt LIB_OPENSSL=-lssl -lcrypto +LIB_POLARSSL=-lpolarssl CRYPTO_LIB=$(LIB_$(CRYPTO)) DEF_=-DNO_CRYPTO CRYPTO_DEF=$(DEF_$(CRYPTO)) diff --git a/librtmp/Makefile b/librtmp/Makefile index b64aad4..bcf8a3e 100644 --- a/librtmp/Makefile +++ b/librtmp/Makefile @@ -8,6 +8,7 @@ AR=$(CROSS_COMPILE)ar CRYPTO=OPENSSL #CRYPTO=GNUTLS +DEF_POLARSSL=-DUSE_POLARSSL DEF_OPENSSL=-DUSE_OPENSSL DEF_GNUTLS=-DUSE_GNUTLS DEF_=-DNO_CRYPTO diff --git a/librtmp/dh.h b/librtmp/dh.h index 2513282..9aea78d 100644 --- a/librtmp/dh.h +++ b/librtmp/dh.h @@ -26,10 +26,60 @@ #include #include -#ifdef USE_GNUTLS +#ifdef USE_POLARSSL +#include +typedef mpi * MP_t; +#define MP_new(m) m = malloc(sizeof(mpi)); mpi_init(m, NULL) +#define MP_set_w(mpi, w) mpi_lset(mpi, w) +#define MP_cmp(u, v) mpi_cmp_mpi(u, v) +#define MP_set(u, v) mpi_copy(u, v) +#define MP_sub_w(mpi, w) mpi_sub_int(mpi, mpi, w) +#define MP_cmp_1(mpi) mpi_cmp_int(mpi, 1) +#define MP_modexp(r, y, q, p) mpi_exp_mod(r, y, q, p, NULL) +#define MP_free(mpi) mpi_free(mpi, NULL); free(mpi) +#define MP_gethex(u, hex, res) MP_new(u); res = mpi_read_string(u, 16, hex) == 0 +#define MP_bytes(u) mpi_size(u) +#define MP_setbin(u,buf,len) mpi_write_binary(u,buf,len) +#define MP_getbin(u,buf,len) MP_new(u); mpi_read_binary(u,buf,len) + +typedef struct MDH { + MP_t p; + MP_t g; + MP_t pub_key; + MP_t priv_key; + long length; + dhm_context ctx; +} MDH; + +#define MDH_new() calloc(1,sizeof(MDH)) +#define MDH_free(vp) {MDH *dh = vp; dhm_free(&dh->ctx); MP_free(dh->p); MP_free(dh->g); MP_free(dh->pub_key); MP_free(dh->priv_key); free(dh);} + +static int MDH_generate_key(MDH *dh) +{ + unsigned char out[2]; + MP_set(&dh->ctx.P, dh->p); + MP_set(&dh->ctx.G, dh->g); + dh->ctx.len = 128; + dhm_make_public(&dh->ctx, 1024, out, 1, havege_rand, &RTMP_TLS_ctx->hs); + MP_new(dh->pub_key); + MP_new(dh->priv_key); + MP_set(dh->pub_key, &dh->ctx.GX); + MP_set(dh->priv_key, &dh->ctx.X); + return 1; +} + +static int MDH_compute_key(uint8_t *secret, size_t len, MP_t pub, MDH *dh) +{ + int n = len; + MP_set(&dh->ctx.GY, pub); + dhm_calc_secret(&dh->ctx, secret, &n); + return 0; +} + +#elif defined(USE_GNUTLS) #include typedef gcry_mpi_t MP_t; -#define MP_new() gcry_mpi_new(1) +#define MP_new(m) m = gcry_mpi_new(1) #define MP_set_w(mpi, w) gcry_mpi_set_ui(mpi, w) #define MP_cmp(u, v) gcry_mpi_cmp(u, v) #define MP_set(u, v) gcry_mpi_set(u, v) @@ -37,7 +87,7 @@ typedef gcry_mpi_t MP_t; #define MP_cmp_1(mpi) gcry_mpi_cmp_ui(mpi, 1) #define MP_modexp(r, y, q, p) gcry_mpi_powm(r, y, q, p) #define MP_free(mpi) gcry_mpi_release(mpi) -#define MP_gethex(u, hex, res) res = (gcry_mpi_scan(u, GCRYMPI_FMT_HEX, hex, 0, 0) == 0) +#define MP_gethex(u, hex, res) res = (gcry_mpi_scan(&u, GCRYMPI_FMT_HEX, hex, 0, 0) == 0) #define MP_bytes(u) (gcry_mpi_get_nbits(u) + 7) / 8 #define MP_setbin(u,buf,len) gcry_mpi_print(GCRYMPI_FMT_USG,buf,len,NULL,u) #define MP_getbin(u,buf,len) gcry_mpi_scan(&u,GCRYMPI_FMT_USG,buf,len,NULL) @@ -56,7 +106,6 @@ typedef struct MDH { extern MP_t gnutls_calc_dh_secret(MP_t *priv, MP_t g, MP_t p); extern MP_t gnutls_calc_dh_key(MP_t y, MP_t x, MP_t p); - #define MDH_generate_key(dh) (dh->pub_key = gnutls_calc_dh_secret(&dh->priv_key, dh->g, dh->p)) static int MDH_compute_key(uint8_t *secret, size_t len, MP_t pub, MDH *dh) { @@ -71,12 +120,12 @@ static int MDH_compute_key(uint8_t *secret, size_t len, MP_t pub, MDH *dh) return -1; } -#else +#else /* USE_OPENSSL */ #include #include typedef BIGNUM * MP_t; -#define MP_new() BN_new() +#define MP_new(m) m = BN_new() #define MP_set_w(mpi, w) BN_set_word(mpi, w) #define MP_cmp(u, v) BN_cmp(u, v) #define MP_set(u, v) BN_copy(u, v) @@ -84,7 +133,7 @@ typedef BIGNUM * MP_t; #define MP_cmp_1(mpi) BN_cmp(mpi, BN_value_one()) #define MP_modexp(r, y, q, p) do {BN_CTX *ctx = BN_CTX_new(); BN_mod_exp(r, y, q, p, ctx); BN_CTX_free(ctx);} while(0) #define MP_free(mpi) BN_free(mpi) -#define MP_gethex(u, hex, res) res = BN_hex2bn(u, hex) +#define MP_gethex(u, hex, res) res = BN_hex2bn(&u, hex) #define MP_bytes(u) BN_num_bytes(u) #define MP_setbin(u,buf,len) BN_bn2bin(u,buf) #define MP_getbin(u,buf,len) u = BN_bin2bn(buf,len,0) @@ -100,27 +149,6 @@ typedef BIGNUM * MP_t; #include "log.h" #include "dhgroups.h" -/* -MP_t dh_shared_p = 0; // shared prime -MP_t dh_shared_g = 0; // shared base - -void dh_pg_init() -{ - int res; - if(dh_shared_p || dh_shared_g) - return; - - dh_shared_p = MP_new(); - dh_shared_g = MP_new(); - assert(dh_shared_p && dh_shared_g); - - MP_gethex(&dh_shared_p, P1024, res); // prime P1024, see dhgroups.h - assert(res); - - assert(MP_set_w(dh_shared_g, 2)); // base 2 -} -*/ - /* RFC 2631, Section 2.1.5, http://www.ietf.org/rfc/rfc2631.txt */ static bool isValidPublicKey(MP_t y, MP_t p, MP_t q) @@ -129,7 +157,7 @@ isValidPublicKey(MP_t y, MP_t p, MP_t q) MP_t bn; assert(y); - bn = MP_new(); + MP_new(bn); assert(bn); /* y must lie in [2,p-1] */ @@ -182,21 +210,18 @@ DHInit(int nKeyBits) if (!dh) goto failed; - dh->g = MP_new(); + MP_new(dh->g); if (!dh->g) goto failed; - MP_gethex(&dh->p, P1024, res); /* prime P1024, see dhgroups.h */ + MP_gethex(dh->p, P1024, res); /* prime P1024, see dhgroups.h */ if (!res) { goto failed; } - if (!MP_set_w(dh->g, 2)) /* base 2 */ - { - goto failed; - } + MP_set_w(dh->g, 2); /* base 2 */ dh->length = nKeyBits; return dh; @@ -222,7 +247,7 @@ DHGenerateKey(MDH *dh) if (!MDH_generate_key(dh)) return 0; - MP_gethex(&q1, Q1024, res); + MP_gethex(q1, Q1024, res); assert(res); res = isValidPublicKey(dh->pub_key, dh->p, q1); @@ -293,7 +318,7 @@ DHComputeSharedSecretKey(MDH *dh, uint8_t *pubkey, size_t nPubkeyLen, if (!pubkeyBn) return -1; - MP_gethex(&q1, Q1024, len); + MP_gethex(q1, Q1024, len); assert(len); if (isValidPublicKey(pubkeyBn, dh->p, q1)) diff --git a/librtmp/handshake.h b/librtmp/handshake.h index 93b6f16..c246286 100644 --- a/librtmp/handshake.h +++ b/librtmp/handshake.h @@ -23,7 +23,24 @@ /* This file is #included in rtmp.c, it is not meant to be compiled alone */ -#ifdef USE_GNUTLS +#ifdef USE_POLARSSL +#include +#include +#ifndef SHA256_DIGEST_LENGTH +#define SHA256_DIGEST_LENGTH 32 +#endif +#define HMAC_CTX sha2_context +#define HMAC_setup(ctx, key, len) sha2_hmac_starts(&ctx, (unsigned char *)key, len, 0) +#define HMAC_crunch(ctx, buf, len) sha2_hmac_update(&ctx, buf, len) +#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; sha2_hmac_finish(&ctx, dig) + +typedef arc4_context * RC4_handle; +#define RC4_setup(h) *h = malloc(sizeof(arc4_context)) +#define RC4_setkey(h,l,k) arc4_setup(h,k,l) +#define RC4_encrypt(h,l,d) arc4_crypt(h,l,(unsigned char *)d,(unsigned char *)d) +#define RC4_encrypt2(h,l,s,d) arc4_crypt(h,l,(unsigned char *)s,(unsigned char *)d) + +#elif defined(USE_GNUTLS) #include #ifndef SHA256_DIGEST_LENGTH #define SHA256_DIGEST_LENGTH 32 @@ -39,7 +56,7 @@ typedef gcry_cipher_hd_t RC4_handle; #define RC4_encrypt(h,l,d) gcry_cipher_encrypt(h,(void *)d,l,NULL,0) #define RC4_encrypt2(h,l,s,d) gcry_cipher_encrypt(h,(void *)d,l,(void *)s,l) -#else +#else /* USE_OPENSSL */ #include #include #include @@ -414,7 +431,7 @@ HandShake(RTMP * r, bool FP9HandShake) if (encrypted) { /* generate Diffie-Hellmann parameters */ - r->Link.dh = DHInit(128); /* 1024 */ + r->Link.dh = DHInit(1024); if (!r->Link.dh) { RTMP_Log(RTMP_LOGERROR, "%s: Couldn't initialize Diffie-Hellmann!", @@ -806,7 +823,7 @@ SHandShake(RTMP * r) if (encrypted) { /* generate Diffie-Hellmann parameters */ - r->Link.dh = DHInit(128); + r->Link.dh = DHInit(1024); if (!r->Link.dh) { RTMP_Log(RTMP_LOGERROR, "%s: Couldn't initialize Diffie-Hellmann!", diff --git a/librtmp/hashswf.c b/librtmp/hashswf.c index e5ef736..23921b2 100644 --- a/librtmp/hashswf.c +++ b/librtmp/hashswf.c @@ -30,7 +30,17 @@ #include "http.h" #ifdef CRYPTO -#ifdef USE_GNUTLS +#ifdef USE_POLARSSL +#include +#ifndef SHA256_DIGEST_LENGTH +#define SHA256_DIGEST_LENGTH 32 +#endif +#define HMAC_CTX sha2_context +#define HMAC_setup(ctx, key, len) sha2_hmac_starts(&ctx, (unsigned char *)key, len, 0) +#define HMAC_crunch(ctx, buf, len) sha2_hmac_update(&ctx, buf, len) +#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; sha2_hmac_finish(&ctx, dig) +#define HMAC_close(ctx) +#elif defined(USE_GNUTLS) #include #include #ifndef SHA256_DIGEST_LENGTH @@ -41,7 +51,7 @@ #define HMAC_crunch(ctx, buf, len) gcry_md_write(ctx, buf, len) #define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; memcpy(dig, gcry_md_read(ctx, 0), dlen) #define HMAC_close(ctx) gcry_md_close(ctx) -#else +#else /* USE_OPENSSL */ #include #include #include diff --git a/librtmp/rtmp.c b/librtmp/rtmp.c index 070c42e..958aabf 100644 --- a/librtmp/rtmp.c +++ b/librtmp/rtmp.c @@ -31,9 +31,11 @@ #include "log.h" #ifdef CRYPTO -#ifdef USE_GNUTLS +#ifdef USE_POLARSSL +#include +#elif defined(USE_GNUTLS) #include -#else +#else /* USE_OPENSSL */ #include #include #endif @@ -196,14 +198,17 @@ void RTMP_TLS_Init() { #ifdef CRYPTO -#ifdef USE_GNUTLS +#ifdef USE_POLARSSL + RTMP_TLS_ctx = calloc(1,sizeof(struct tls_ctx)); + havege_init(&RTMP_TLS_ctx->hs); +#elif defined(USE_GNUTLS) gnutls_global_init(); RTMP_TLS_ctx = malloc(sizeof(struct tls_ctx)); gnutls_certificate_allocate_credentials(&RTMP_TLS_ctx->cred); gnutls_priority_init(&RTMP_TLS_ctx->prios, "NORMAL", NULL); gnutls_certificate_set_x509_trust_file(RTMP_TLS_ctx->cred, "ca.pem", GNUTLS_X509_FMT_PEM); -#else +#else /* USE_OPENSSL */ SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_digests(); diff --git a/librtmp/rtmp_sys.h b/librtmp/rtmp_sys.h index d6e5843..a7ab97f 100644 --- a/librtmp/rtmp_sys.h +++ b/librtmp/rtmp_sys.h @@ -48,7 +48,27 @@ #include "rtmp.h" -#ifdef USE_GNUTLS +#ifdef USE_POLARSSL +#include +#include +#include +typedef struct tls_ctx { + havege_state hs; + ssl_session ssn; +} tls_ctx; +#define TLS_CTX tls_ctx * +#define TLS_client(ctx,s) s = malloc(sizeof(ssl_context)); ssl_init(s);\ + ssl_set_endpoint(s, SSL_IS_CLIENT); ssl_set_authmode(s, SSL_VERIFY_NONE);\ + ssl_set_rng(s, havege_rand, &ctx->hs); ssl_set_ciphers(s, ssl_default_ciphers);\ + ssl_set_session(s, 1, 600, &ctx->ssn) +#define TLS_setfd(s,fd) ssl_set_bio(s, net_recv, &fd, net_send, &fd) +#define TLS_connect(s) ssl_handshake(s) +#define TLS_read(s,b,l) ssl_read(s,(unsigned char *)b,l) +#define TLS_write(s,b,l) ssl_write(s,(unsigned char *)b,l) +#define TLS_shutdown(s) ssl_close_notify(s) +#define TLS_close(s) ssl_free(s); free(s) + +#elif defined(USE_GNUTLS) #include typedef struct tls_ctx { gnutls_certificate_credentials_t cred; @@ -62,7 +82,8 @@ typedef struct tls_ctx { #define TLS_write(s,b,l) gnutls_record_send(s,b,l) #define TLS_shutdown(s) gnutls_bye(s, GNUTLS_SHUT_RDWR) #define TLS_close(s) gnutls_deinit(s) -#else + +#else /* USE_OPENSSL */ #define TLS_CTX SSL_CTX * #define TLS_client(ctx,s) s = SSL_new(ctx) #define TLS_setfd(s,fd) SSL_set_fd(s,fd)