diff --git a/srtp/CryptoContext.h b/srtp/CryptoContext.h index 10fe2eae..d03bd66f 100644 --- a/srtp/CryptoContext.h +++ b/srtp/CryptoContext.h @@ -421,11 +421,11 @@ class CryptoContext { typedef union _hmacCtx { SkeinCtx_t hmacSkeinCtx; #ifdef ZRTP_OPENSSL - #if OPENSSL_VERSION_NUMBER < 0x10100000L + #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX hmacSha1Ctx; - #else - HMAC_CTX * hmacSha1Ctx; - #endif + #else + HMAC_CTX * hmacSha1Ctx; + #endif #else hmacSha1Context hmacSha1Ctx; #endif diff --git a/srtp/crypto/hmac.cpp b/srtp/crypto/hmac.cpp index 3730a9b8..5070c4de 100644 --- a/srtp/crypto/hmac.cpp +++ b/srtp/crypto/hmac.cpp @@ -148,6 +148,7 @@ void* createSha1HmacContext(uint8_t* key, int32_t keyLength) void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength) { + puts("!!! Not using OpenSSL for initializeSha1HmacContext"); hmacSha1Context *pctx = (hmacSha1Context*)ctx; hmacSha1Init(pctx, key, keyLength); diff --git a/srtp/crypto/hmac.h b/srtp/crypto/hmac.h index 9dbc05dd..ef3c94b8 100644 --- a/srtp/crypto/hmac.h +++ b/srtp/crypto/hmac.h @@ -134,7 +134,30 @@ void* createSha1HmacContext(uint8_t* key, int32_t key_length); * Lenght of the MAC key in bytes * @return Returns a pointer to the initialized context. */ +// void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length); + +/** + * Initialize a SHA1 HMAC context. + * + * An application uses this context to create several HMAC with the same key. + * + * @param ctx + * Pointer to initialized SHA1 HMAC context + * @param key + * The MAC key. + * @param key_length + * Lenght of the MAC key in bytes + * @return Returns a pointer to the initialized context. + */ +// void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t key_length); + +#if OPENSSL_VERSION_NUMBER < 0x10100000L void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length); +#else +// We still need to provide both the double- and single-pointer functions for CryptoContext.cpp and CryptoContextCtrl.cpp +void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t key_length); +void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length); +#endif /** * Compute SHA1 HMAC. diff --git a/srtp/crypto/openssl/hmac.cpp b/srtp/crypto/openssl/hmac.cpp index f0f22feb..7ea0ea15 100644 --- a/srtp/crypto/openssl/hmac.cpp +++ b/srtp/crypto/openssl/hmac.cpp @@ -1,20 +1,20 @@ /* - Copyright (C) 2010 Werner Dittmann - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - + Copyright (C) 2010 Werner Dittmann + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * In addition, as a special exception, the copyright holders give * permission to link the code of portions of this program with the * OpenSSL library under certain conditions as described in each @@ -47,23 +47,23 @@ void hmac_sha1(uint8_t * key, int32_t key_length, } void hmac_sha1( uint8_t* key, int32_t key_length, - const uint8_t* data_chunks[], - uint32_t data_chunck_length[], - uint8_t* mac, int32_t* mac_length ) { + const uint8_t* data_chunks[], + uint32_t data_chunck_length[], + uint8_t* mac, int32_t* mac_length ) { #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, key_length, EVP_sha1(), NULL); #else - HMAC_CTX* ctx; - ctx = HMAC_CTX_new(); - HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); + HMAC_CTX* ctx; + ctx = HMAC_CTX_new(); + HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); #endif while (*data_chunks) { #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_Update(&ctx, *data_chunks, *data_chunck_length); #else - HMAC_Update(ctx, *data_chunks, *data_chunck_length); + HMAC_Update(ctx, *data_chunks, *data_chunck_length); #endif data_chunks ++; data_chunck_length ++; @@ -72,8 +72,8 @@ void hmac_sha1( uint8_t* key, int32_t key_length, HMAC_Final(&ctx, mac, reinterpret_cast(mac_length)); HMAC_CTX_cleanup(&ctx); #else - HMAC_Final(ctx, mac, reinterpret_cast(mac_length)); - HMAC_CTX_free( ctx ); + HMAC_Final(ctx, mac, reinterpret_cast(mac_length)); + HMAC_CTX_reset( ctx ); #endif } @@ -81,43 +81,59 @@ void* createSha1HmacContext(uint8_t* key, int32_t key_length) { #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX* ctx = (HMAC_CTX*)malloc(sizeof(HMAC_CTX)); - + HMAC_CTX_init(ctx); #else - HMAC_CTX* ctx = HMAC_CTX_new(); + HMAC_CTX* ctx = HMAC_CTX_new(); #endif HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); return ctx; } -void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength) +#if OPENSSL_VERSION_NUMBER < 0x10100000L +void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length) { HMAC_CTX *pctx = (HMAC_CTX*)ctx; - -#if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_init(pctx); + HMAC_Init_ex(pctx, key, key_length, EVP_sha1(), NULL); + return pctx; +} + #else - HMAC_CTX_reset(pctx); -#endif - HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL); +// We still need to provide both the double- and single-pointer functions. +void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t key_length) +{ + HMAC_CTX **pctx = (HMAC_CTX**)ctx; + *pctx = HMAC_CTX_new(); // correct (!) + HMAC_Init_ex(*pctx, key, key_length, EVP_sha1(), NULL); + return *pctx; +} + +void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length) +{ + HMAC_CTX *pctx = (HMAC_CTX*)ctx; + pctx = HMAC_CTX_new(); + HMAC_Init_ex(pctx, key, key_length, EVP_sha1(), NULL); return pctx; } +#endif + void hmacSha1Ctx(void* ctx, const uint8_t* data, uint32_t data_length, - uint8_t* mac, int32_t* mac_length) + uint8_t* mac, int32_t* mac_length) { HMAC_CTX* pctx = (HMAC_CTX*)ctx; - + HMAC_Init_ex( pctx, NULL, 0, NULL, NULL ); HMAC_Update( pctx, data, data_length ); HMAC_Final( pctx, mac, reinterpret_cast(mac_length) ); } void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[], - uint8_t* mac, int32_t* mac_length ) + uint8_t* mac, int32_t* mac_length ) { HMAC_CTX* pctx = (HMAC_CTX*)ctx; - + HMAC_Init_ex( pctx, NULL, 0, NULL, NULL ); while (*data) { HMAC_Update( pctx, *data, *data_length ); @@ -132,9 +148,9 @@ void freeSha1HmacContext(void* ctx) if (ctx) { #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_cleanup((HMAC_CTX*)ctx); - free(ctx); + free(ctx); #else - HMAC_CTX_free((HMAC_CTX*)ctx); + HMAC_CTX_free((HMAC_CTX*)ctx); #endif } } diff --git a/zrtp/ZIDCacheFile.cpp b/zrtp/ZIDCacheFile.cpp index 11e733d8..420bbda4 100644 --- a/zrtp/ZIDCacheFile.cpp +++ b/zrtp/ZIDCacheFile.cpp @@ -119,6 +119,7 @@ void ZIDCacheFile::checkDoMigration(char* name) { } zidFile = fopen(name, "wb+"); // create new format file in binary r/w mode if (zidFile == NULL) { + fputs("ZIDCacheFile::checkDoMigration error: zidFile fopen failed", stderr); fclose(fdOld); return; } diff --git a/zrtp/ZrtpCWrapper.cpp b/zrtp/ZrtpCWrapper.cpp index 556a509a..c28a1188 100644 --- a/zrtp/ZrtpCWrapper.cpp +++ b/zrtp/ZrtpCWrapper.cpp @@ -54,7 +54,7 @@ void zrtp_initializeZrtpEngine(ZrtpContext* zrtpContext, } // Initialize ZID file (cache) and get my own ZID - zrtp_initZidFile(zidFilename); + int32_t res = zrtp_initZidFile(zidFilename); const unsigned char* myZid = getZidCacheInstance()->getZid(); zrtpContext->zrtpEngine = new ZRtp((uint8_t*)myZid, zrtpContext->zrtpCallback, diff --git a/zrtp/crypto/openssl/hmac256.cpp b/zrtp/crypto/openssl/hmac256.cpp index 6f5cf0ee..98990e41 100644 --- a/zrtp/crypto/openssl/hmac256.cpp +++ b/zrtp/crypto/openssl/hmac256.cpp @@ -58,28 +58,28 @@ void hmac_sha256(uint8_t* key, uint32_t key_length, HMAC_CTX_init( &ctx ); HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL ); #else - HMAC_CTX * ctx; - ctx = HMAC_CTX_new(); - HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL ); + HMAC_CTX * ctx; + ctx = HMAC_CTX_new(); + HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL ); #endif while( *data_chunks ){ #if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); + HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); #else - HMAC_Update( ctx, *data_chunks, *data_chunck_length ); + HMAC_Update( ctx, *data_chunks, *data_chunck_length ); #endif - data_chunks ++; - data_chunck_length ++; + data_chunks ++; + data_chunck_length ++; } #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_Final( &ctx, mac, &tmp); #else - HMAC_Final( ctx, mac, &tmp); + HMAC_Final( ctx, mac, &tmp); #endif *mac_length = tmp; #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_cleanup( &ctx ); #else - HMAC_CTX_free( ctx ); + HMAC_CTX_reset( ctx ); #endif } diff --git a/zrtp/crypto/openssl/hmac384.cpp b/zrtp/crypto/openssl/hmac384.cpp index 7445f25a..e7268945 100644 --- a/zrtp/crypto/openssl/hmac384.cpp +++ b/zrtp/crypto/openssl/hmac384.cpp @@ -53,31 +53,31 @@ void hmac_sha384(uint8_t* key, uint32_t key_length, unsigned int tmp; #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX ctx; - HMAC_CTX_init( &ctx ); - HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL ); + HMAC_CTX_init( &ctx ); + HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL ); #else - HMAC_CTX * ctx; - ctx = HMAC_CTX_new(); - HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL ); + HMAC_CTX * ctx; + ctx = HMAC_CTX_new(); + HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL ); #endif while( *data_chunks ){ #if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); + HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); #else - HMAC_Update( ctx, *data_chunks, *data_chunck_length ); + HMAC_Update( ctx, *data_chunks, *data_chunck_length ); #endif - data_chunks ++; - data_chunck_length ++; + data_chunks ++; + data_chunck_length ++; } #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_Final( &ctx, mac, &tmp); #else - HMAC_Final( ctx, mac, &tmp); + HMAC_Final( ctx, mac, &tmp); #endif *mac_length = tmp; #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_cleanup( &ctx ); #else - HMAC_CTX_free( ctx ); + HMAC_CTX_reset( ctx ); #endif } diff --git a/zrtp/crypto/openssl/zrtpDH.cpp b/zrtp/crypto/openssl/zrtpDH.cpp index 0c6e2984..320f0938 100644 --- a/zrtp/crypto/openssl/zrtpDH.cpp +++ b/zrtp/crypto/openssl/zrtpDH.cpp @@ -224,74 +224,74 @@ ZrtpDH::ZrtpDH(const char* type) { ctx = static_cast(DH_new()); tmpCtx = static_cast(ctx); #if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->g = BN_new(); - BN_set_word(tmpCtx->g, DH_GENERATOR_2); + tmpCtx->g = BN_new(); + BN_set_word(tmpCtx->g, DH_GENERATOR_2); #else - { - BIGNUM* g = BN_new(); - BN_set_word(g, DH_GENERATOR_2); + { + BIGNUM* g = BN_new(); + BN_set_word(g, DH_GENERATOR_2); #endif - - if (pkType == DH2K) { + + if (pkType == DH2K) { #if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->p = BN_dup(bnP2048); + tmpCtx->p = BN_dup(bnP2048); #else - DH_set0_pqg(tmpCtx, BN_dup(bnP2048), NULL, g); + DH_set0_pqg(tmpCtx, BN_dup(bnP2048), NULL, g); #endif - RAND_bytes(random, 32); + RAND_bytes(random, 32); #if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); + tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); #else - DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); + DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); #endif - } - else if (pkType == DH3K) { + } + else if (pkType == DH3K) { #if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->p = BN_dup(bnP3072); + tmpCtx->p = BN_dup(bnP3072); #else - DH_set0_pqg(tmpCtx, BN_dup(bnP3072), NULL, g); + DH_set0_pqg(tmpCtx, BN_dup(bnP3072), NULL, g); #endif - RAND_bytes(random, 64); + RAND_bytes(random, 64); #if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); + tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); #else - DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); - } + DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); + } #endif } - break; - - case EC25: - ctx = static_cast(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); - break; - case EC38: - ctx = static_cast(EC_KEY_new_by_curve_name(NID_secp384r1)); - break; + break; + + case EC25: + ctx = static_cast(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + break; + case EC38: + ctx = static_cast(EC_KEY_new_by_curve_name(NID_secp384r1)); + break; } } ZrtpDH::~ZrtpDH() { if (ctx == NULL) return; - + switch (pkType) { - case DH2K: - case DH3K: - DH_free(static_cast(ctx)); - break; - - case EC25: - case EC38: - EC_KEY_free(static_cast(ctx)); - break; + case DH2K: + case DH3K: + DH_free(static_cast(ctx)); + break; + + case EC25: + case EC38: + EC_KEY_free(static_cast(ctx)); + break; } } int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) { - + if (pkType == DH2K || pkType == DH3K) { DH* tmpCtx = static_cast(ctx); - + #if OPENSSL_VERSION_NUMBER < 0x10100000L if (tmpCtx->pub_key != NULL) { BN_free(tmpCtx->pub_key); @@ -299,10 +299,10 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) { tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL); return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx); #else - DH_set0_key(tmpCtx, BN_bin2bn(pubKeyBytes, getDhSize(), NULL), NULL); - BIGNUM* pub_key; - DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); - return DH_compute_key(secret, pub_key, tmpCtx); + BIGNUM* pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL); + DH_set0_key(tmpCtx, pub_key, NULL); + // DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); + return DH_compute_key(secret, pub_key, tmpCtx); #endif } if (pkType == EC25 || pkType == EC38) { @@ -312,13 +312,13 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) { if (len+1 > sizeof(buffer)) { return -1; } - + buffer[0] = POINT_CONVERSION_UNCOMPRESSED; memcpy(buffer+1, pubKeyBytes, len); EC_POINT* point = EC_POINT_new(EC_KEY_get0_group(static_cast(ctx))); EC_POINT_oct2point(EC_KEY_get0_group(static_cast(ctx)), - point, buffer, len+1, NULL); + point, buffer, len+1, NULL); ret = ECDH_compute_key(secret, getDhSize(), point, static_cast(ctx), NULL); EC_POINT_free(point); return ret; @@ -330,7 +330,7 @@ int32_t ZrtpDH::generatePublicKey() { if (pkType == DH2K || pkType == DH3K) return DH_generate_key(static_cast(ctx)); - + if (pkType == EC25 || pkType == EC38) return EC_KEY_generate_key(static_cast(ctx)); return 0; @@ -340,38 +340,38 @@ int32_t ZrtpDH::getDhSize() const { if (pkType == DH2K || pkType == DH3K) return DH_size(static_cast(ctx)); - + if (pkType == EC25) return 32; if (pkType == EC38) return 48; - + return 0; } int32_t ZrtpDH::getPubKeySize() const { - if (pkType == DH2K || pkType == DH3K) { + if (pkType == DH2K || pkType == DH3K) { #if OPENSSL_VERSION_NUMBER < 0x10100000L - return BN_num_bytes(static_cast(ctx)->pub_key); + return BN_num_bytes(static_cast(ctx)->pub_key); #else - BIGNUM* pub_key; - DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); - return BN_num_bytes(pub_key); + BIGNUM* pub_key; + DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); + return BN_num_bytes(pub_key); #endif - } - + } + if (pkType == EC25 || pkType == EC38) return EC_POINT_point2oct(EC_KEY_get0_group(static_cast(ctx)), EC_KEY_get0_public_key(static_cast(ctx)), POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL) - 1; return 0; - + } int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const { - + if (pkType == DH2K || pkType == DH3K) { // get len of pub_key, prepend with zeros to DH size int32_t prepend = getDhSize() - getPubKeySize(); @@ -381,9 +381,9 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const #if OPENSSL_VERSION_NUMBER < 0x10100000L return BN_bn2bin(static_cast(ctx)->pub_key, buf + prepend); #else - BIGNUM* pub_key; - DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); - return BN_bn2bin(pub_key, buf + prepend); + BIGNUM* pub_key; + DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); + return BN_bn2bin(pub_key, buf + prepend); #endif } if (pkType == EC25 || pkType == EC38) {