From 58bd25c4bce8ee646d7d530f16435073861f7f8e Mon Sep 17 00:00:00 2001 From: Viktor Krikun Date: Tue, 20 Sep 2011 20:24:57 +0000 Subject: [PATCH] Move ZRTP_SRTP_HASH_SHA1 ZRTP_SRTP_HASH_SHA1 was moved from public zrtp_hash_id_t to the private srtp implementation. HMAC SHA1 constant was also renamed to ZRTP_SRTP_HASH_HMAC_SHA1 in order to raise an error if the user tries to use an old ZRTP_SRTP_HASH_SHA1 constant in a ZRTP session configuration. --- include/zrtp_crypto.h | 7 +----- include/zrtp_srtp.h | 12 ++++++++++ include/zrtp_version.h | 4 ++-- src/zrtp_crypto_hash.c | 48 +++++++++++++++++++------------------- src/zrtp_protocol.c | 2 +- test/pc/zrtp_test_crypto.c | 8 +++---- 6 files changed, 44 insertions(+), 37 deletions(-) diff --git a/include/zrtp_crypto.h b/include/zrtp_crypto.h index b9bbee1edc..f4ad639710 100644 --- a/include/zrtp_crypto.h +++ b/include/zrtp_crypto.h @@ -93,12 +93,7 @@ typedef enum zrtp_crypto_comp_t typedef enum zrtp_hash_id_t { ZRTP_HASH_SHA256 = 1, - /** - * \note SHA1 hash algorithm is for internal use only! It used for srtp authentication and does - * not used in ZRTP protocol itself. Don't use it in \ref zrtp_profile_t#hash_schemes configuration. - */ - ZRTP_SRTP_HASH_SHA1 = 2, - ZRTP_HASH_SHA384 = 3 + ZRTP_HASH_SHA384 = 2 } zrtp_hash_id_t; /*! Defines types of ciphers */ diff --git a/include/zrtp_srtp.h b/include/zrtp_srtp.h index 16e84b9f29..8a5489364a 100644 --- a/include/zrtp_srtp.h +++ b/include/zrtp_srtp.h @@ -32,6 +32,7 @@ /* Special types and definitions for the embedded implementation */ #if (!defined(ZRTP_USE_EXTERN_SRTP) || (ZRTP_USE_EXTERN_SRTP == 0)) #include "zrtp_srtp_builtin.h" + /*! * \brief Structure describing an SRTP session. * An instance of this structure is created by calling zrtp_srtp_create() @@ -58,6 +59,17 @@ typedef struct typedef void zrtp_srtp_global_t; #endif /* BUILDIN SRTP */ +/*! Defines types of SRTP hmac functions */ +typedef enum zrtp_srtp_hash_id_t +{ + /*! + * @warning SHA1 hash algorithm is for internal use only! It used for srtp authentication and does + * not used in ZRTP protocol itself. Don't use it in \ref zrtp_profile_t#hash_schemes configuration. + */ + ZRTP_SRTP_HASH_HMAC_SHA1 = 10 +} zrtp_srtp_hash_id_t; + + /*! * \brief Structure describing SRTP/SRTCP stream parameters. */ diff --git a/include/zrtp_version.h b/include/zrtp_version.h index bcf183f9be..61ea0cbd6a 100644 --- a/include/zrtp_version.h +++ b/include/zrtp_version.h @@ -13,7 +13,7 @@ #define LIBZRTP_VERSION_MAJOR 1 #define LIBZRTP_VERSION_MINOR 12 -#define LIBZRTP_VERSION_BUILD 598 -#define LIBZRTP_VERSION_STR "v1.12 598" +#define LIBZRTP_VERSION_BUILD 600 +#define LIBZRTP_VERSION_STR "v1.12 600" #endif /*__ZRTP_VERSION_H__*/ diff --git a/src/zrtp_crypto_hash.c b/src/zrtp_crypto_hash.c index 0d6753e30f..8154e8f970 100644 --- a/src/zrtp_crypto_hash.c +++ b/src/zrtp_crypto_hash.c @@ -29,7 +29,7 @@ static zrtp_status_t zrtp_sha_c(zrtp_hash_t *self, const char* msg, uint32_t len switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: { + case ZRTP_SRTP_HASH_HMAC_SHA1: { sha1_ctx ctx; if (dst->max_length < SHA1_DIGEST_SIZE) { return zrtp_status_buffer_size; @@ -79,7 +79,7 @@ static void* zrtp_sha_begin(zrtp_hash_t *self) void *ctx = NULL; switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: ctx = zrtp_sys_alloc(sizeof(sha1_ctx)); if (ctx) { sha1_begin(ctx); @@ -113,7 +113,7 @@ static zrtp_status_t zrtp_sha_update( zrtp_hash_t *self, } switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: sha1_hash((const unsigned char*)msg, length, (sha1_ctx*)ctx); break; case ZRTP_HASH_SHA256: @@ -137,7 +137,7 @@ static zrtp_status_t zrtp_sha_end( zrtp_hash_t *self, } switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: if (digest->max_length < SHA1_DIGEST_SIZE) { return zrtp_status_buffer_size; } @@ -330,7 +330,7 @@ static void* zrtp_hmac_sha1_begin_c( zrtp_hash_t *self, static void* zrtp_hmac_begin(zrtp_hash_t *self, const zrtp_stringn_t *key) { switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: return zrtp_hmac_sha1_begin_c(self, key->buffer, key->length); case ZRTP_HASH_SHA256: return zrtp_hmac_sha256_begin_c(self, key->buffer, key->length); @@ -350,7 +350,7 @@ static zrtp_status_t zrtp_hmac_update(zrtp_hash_t *self, void *ctx, const char * if (0 != length) { switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: sha1_hash((const unsigned char*)msg, length, &((hmac_sha1_context_t*)ctx)->context); break; case ZRTP_HASH_SHA256: @@ -381,7 +381,7 @@ static zrtp_status_t zrtp_hmac_end( zrtp_hash_t *self, switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: /* finish up 1st pass */ sha1_end((unsigned char*)dst.buffer, &((hmac_sha1_context_t*)ctx)->context); @@ -451,7 +451,7 @@ static zrtp_status_t zrtp_hmac_c( zrtp_hash_t *self, } switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: local_key_len = SHA1_BLOCK_SIZE; break; case ZRTP_HASH_SHA256: @@ -471,7 +471,7 @@ static zrtp_status_t zrtp_hmac_c( zrtp_hash_t *self, if (key_len > local_key_len) { switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: sha1_begin(&context1); sha1_hash((const unsigned char*)key, key_len, &context1); sha1_end(local_key, &context1); @@ -519,7 +519,7 @@ static zrtp_status_t zrtp_hmac_c( zrtp_hash_t *self, } switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: /* perform inner hash */ sha1_begin(&context1); /* init context for 1st pass */ sha1_hash(k_ipad, local_key_len, &context1);/* start with inner pad */ @@ -583,7 +583,7 @@ static zrtp_status_t zrtp_hmac_truncated_c( zrtp_hash_t *self, { uint32_t necessary_len_max = 0; switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: necessary_len_max = SHA1_DIGEST_SIZE; break; case ZRTP_HASH_SHA256: @@ -604,7 +604,7 @@ static zrtp_status_t zrtp_hmac_truncated_c( zrtp_hash_t *self, zrtp_hmac_c(self, key, key_len, msg, msg_len, (zrtp_stringn_t *)&dst); switch (self->base.id) { - case ZRTP_SRTP_HASH_SHA1: + case ZRTP_SRTP_HASH_HMAC_SHA1: necessary_len = ZRTP_MIN(necessary_len, SHA1_DIGEST_SIZE); break; case ZRTP_HASH_SHA256: @@ -1440,19 +1440,19 @@ zrtp_status_t zrtp_sha1_self_test(zrtp_hash_t *self) ZRTP_LOG(3, (_ZTU_,"SHA1 Testing\n")); ZRTP_LOG(3, (_ZTU_, "\t8-bit test... ")); - res = zrtp_sha_test(self, sha1_msg_8, sizeof(sha1_msg_8), sha1_MD_8, ZRTP_SRTP_HASH_SHA1); + res = zrtp_sha_test(self, sha1_msg_8, sizeof(sha1_msg_8), sha1_MD_8, ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); ZRTP_LOG(3, (_ZTU_, "\t128-bit test... ")); - res = zrtp_sha_test(self, sha1_msg_128, sizeof(sha1_msg_128), sha1_MD_128, ZRTP_SRTP_HASH_SHA1); + res = zrtp_sha_test(self, sha1_msg_128, sizeof(sha1_msg_128), sha1_MD_128, ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); ZRTP_LOG(3, (_ZTU_, "\t512-bit test... ")); - res = zrtp_sha_test(self, sha1_msg_512, sizeof(sha1_msg_512), sha1_MD_512, ZRTP_SRTP_HASH_SHA1); + res = zrtp_sha_test(self, sha1_msg_512, sizeof(sha1_msg_512), sha1_MD_512, ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); ZRTP_LOG(3, (_ZTU_, "\t2096-bit test... ")); - res = zrtp_sha_test(self, sha1_msg_2096, sizeof(sha1_msg_2096), sha1_MD_2096, ZRTP_SRTP_HASH_SHA1); + res = zrtp_sha_test(self, sha1_msg_2096, sizeof(sha1_msg_2096), sha1_MD_2096, ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); return res; @@ -1471,7 +1471,7 @@ zrtp_status_t zrtp_hmac_sha1_self_test(zrtp_hash_t *self) test_case1_hmac_sha1_data, sizeof(test_case1_hmac_sha1_data), test_case1_hmac_sha1_result, - ZRTP_SRTP_HASH_SHA1); + ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); ZRTP_LOG(3, (_ZTU_, "\t2 case test... ")); @@ -1481,7 +1481,7 @@ zrtp_status_t zrtp_hmac_sha1_self_test(zrtp_hash_t *self) test_case2_hmac_sha1_data, sizeof(test_case2_hmac_sha1_data), test_case2_hmac_sha1_result, - ZRTP_SRTP_HASH_SHA1); + ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); ZRTP_LOG(3, (_ZTU_, "\t3 case test... ")); @@ -1491,7 +1491,7 @@ zrtp_status_t zrtp_hmac_sha1_self_test(zrtp_hash_t *self) test_case3_hmac_sha1_data, sizeof(test_case3_hmac_sha1_data), test_case3_hmac_sha1_result, - ZRTP_SRTP_HASH_SHA1); + ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); ZRTP_LOG(3, (_ZTU_, "\t4 case test... ")); @@ -1501,7 +1501,7 @@ zrtp_status_t zrtp_hmac_sha1_self_test(zrtp_hash_t *self) test_case4_hmac_sha1_data, sizeof(test_case4_hmac_sha1_data), test_case4_hmac_sha1_result, - ZRTP_SRTP_HASH_SHA1); + ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); ZRTP_LOG(3, (_ZTU_, "\t5 case test... ")); @@ -1511,7 +1511,7 @@ zrtp_status_t zrtp_hmac_sha1_self_test(zrtp_hash_t *self) test_case5_hmac_sha1_data, sizeof(test_case5_hmac_sha1_data), test_case5_hmac_sha1_result, - ZRTP_SRTP_HASH_SHA1); + ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); ZRTP_LOG(3, (_ZTU_, "\t6 case test... ")); @@ -1521,7 +1521,7 @@ zrtp_status_t zrtp_hmac_sha1_self_test(zrtp_hash_t *self) test_case6_hmac_sha1_data, sizeof(test_case6_hmac_sha1_data), test_case6_hmac_sha1_result, - ZRTP_SRTP_HASH_SHA1); + ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); ZRTP_LOG(3, (_ZTU_, "\t7 case test... ")); @@ -1531,7 +1531,7 @@ zrtp_status_t zrtp_hmac_sha1_self_test(zrtp_hash_t *self) test_case7_hmac_sha1_data, sizeof(test_case7_hmac_sha1_data), test_case7_hmac_sha1_result, - ZRTP_SRTP_HASH_SHA1); + ZRTP_SRTP_HASH_HMAC_SHA1); ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE")); return res; @@ -1608,7 +1608,7 @@ zrtp_status_t zrtp_defaults_hash(zrtp_global_t* global_ctx) zrtp_memcpy(hash_sha1->base.type, ZRTP_S160, ZRTP_COMP_TYPE_SIZE); - hash_sha1->base.id = ZRTP_SRTP_HASH_SHA1; + hash_sha1->base.id = ZRTP_SRTP_HASH_HMAC_SHA1; hash_sha1->base.zrtp = global_ctx; hash_sha1->block_length = SHA1_BLOCK_SIZE; hash_sha1->digest_length = SHA1_DIGEST_SIZE; diff --git a/src/zrtp_protocol.c b/src/zrtp_protocol.c index 2cb6013b31..392509d328 100644 --- a/src/zrtp_protocol.c +++ b/src/zrtp_protocol.c @@ -805,7 +805,7 @@ zrtp_status_t _zrtp_set_public_value( zrtp_stream_t *stream, iprof.rtp_policy.cipher = session->blockcipher; iprof.rtp_policy.auth_tag_len = session->authtaglength; - iprof.rtp_policy.hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_SRTP_HASH_SHA1, session->zrtp); + iprof.rtp_policy.hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_SRTP_HASH_HMAC_SHA1, session->zrtp); iprof.rtp_policy.auth_key_len = 20; iprof.rtp_policy.cipher_key_len = cipher_key_length; diff --git a/test/pc/zrtp_test_crypto.c b/test/pc/zrtp_test_crypto.c index 0fc38fc00f..0a838fef96 100644 --- a/test/pc/zrtp_test_crypto.c +++ b/test/pc/zrtp_test_crypto.c @@ -34,9 +34,9 @@ static void cipher_test(zrtp_global_t *zrtp) /*---------------------------------------------------------------------------*/ static zrtp_status_t hash_test(zrtp_global_t *zrtp) { - zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_SRTP_HASH_SHA1, zrtp); + zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_SRTP_HASH_HMAC_SHA1, zrtp); if (NULL == hash) { - ZRTP_LOG(1, (_ZTU_,"ERROR! can't find ZRTP_SRTP_HASH_SHA1 component\n")); + ZRTP_LOG(1, (_ZTU_,"ERROR! can't find ZRTP_SRTP_HASH_HMAC_SHA1 component\n")); } else { hash->hash_self_test(hash); hash->hmac_self_test(hash); @@ -229,7 +229,7 @@ zrtp_status_t dk_test(zrtp_global_t *zrtp) #define FIRST_TEST_MAP_INIT_WIDTH 24 -extern zrtp_rp_node_t *get_rp_node(zrtp_rp_ctx_t *ctx, uint8_t direction, uint32_t ssrc); +extern zrtp_rp_node_t *get_rp_node_non_lock(zrtp_rp_ctx_t *ctx, uint8_t direction, uint32_t ssrc); extern zrtp_rp_node_t *add_rp_node(zrtp_srtp_ctx_t *srtp_ctx, zrtp_rp_ctx_t *ctx, uint8_t direction, uint32_t ssrc); extern zrtp_status_t zrtp_srtp_rp_check(zrtp_srtp_rp_t *srtp_rp, zrtp_rtp_info_t *packet); extern zrtp_status_t zrtp_srtp_rp_add(zrtp_srtp_rp_t *srtp_rp, zrtp_rtp_info_t *packet); @@ -273,7 +273,7 @@ void inject_from_map( zrtp_srtp_global_t *srtp_global, int i; zrtp_rtp_info_t pkt; - rp_node = get_rp_node(srtp_global->rp_ctx, RP_INCOMING_DIRECTION, ssrc); + rp_node = get_rp_node_non_lock(srtp_global->rp_ctx, RP_INCOMING_DIRECTION, ssrc); if (NULL == rp_node) { return; }