[rtmpdump] r453 - in trunk: Makefile librtmp/Makefile librtmp/dh.h librtmp/handshake.h librtmp/hashswf.c librtmp/rtmp.c librtmp/rtmp_sys.h
hyc
subversion at mplayerhq.hu
Thu Apr 29 17:42:09 CEST 2010
Author: hyc
Date: Thu Apr 29 17:42:08 2010
New Revision: 453
Log:
Add support for polarssl, http://www.polarssl.org
Modified:
trunk/Makefile
trunk/librtmp/Makefile
trunk/librtmp/dh.h
trunk/librtmp/handshake.h
trunk/librtmp/hashswf.c
trunk/librtmp/rtmp.c
trunk/librtmp/rtmp_sys.h
Modified: trunk/Makefile
==============================================================================
--- trunk/Makefile Wed Apr 28 23:19:03 2010 (r452)
+++ trunk/Makefile Thu Apr 29 17:42:08 2010 (r453)
@@ -4,9 +4,11 @@ CC=$(CROSS_COMPILE)gcc
LD=$(CROSS_COMPILE)ld
CRYPTO=OPENSSL
+#CRYPTO=POLARSSL
#CRYPTO=GNUTLS
LIB_GNUTLS=-lgnutls -lgcrypt
LIB_OPENSSL=-lssl -lcrypto
+LIB_POLARSSL=-lpolarssl
CRYPTO_LIB=$(LIB_$(CRYPTO))
DEF_=-DNO_CRYPTO
CRYPTO_DEF=$(DEF_$(CRYPTO))
Modified: trunk/librtmp/Makefile
==============================================================================
--- trunk/librtmp/Makefile Wed Apr 28 23:19:03 2010 (r452)
+++ trunk/librtmp/Makefile Thu Apr 29 17:42:08 2010 (r453)
@@ -8,6 +8,7 @@ AR=$(CROSS_COMPILE)ar
CRYPTO=OPENSSL
#CRYPTO=GNUTLS
+DEF_POLARSSL=-DUSE_POLARSSL
DEF_OPENSSL=-DUSE_OPENSSL
DEF_GNUTLS=-DUSE_GNUTLS
DEF_=-DNO_CRYPTO
Modified: trunk/librtmp/dh.h
==============================================================================
--- trunk/librtmp/dh.h Wed Apr 28 23:19:03 2010 (r452)
+++ trunk/librtmp/dh.h Thu Apr 29 17:42:08 2010 (r453)
@@ -26,10 +26,60 @@
#include <assert.h>
#include <limits.h>
-#ifdef USE_GNUTLS
+#ifdef USE_POLARSSL
+#include <polarssl/dhm.h>
+typedef mpi * MP_t;
+#define MP_new(m) m = malloc(sizeof(mpi)); mpi_init(m, NULL)
+#define MP_set_w(mpi, w) mpi_lset(mpi, w)
+#define MP_cmp(u, v) mpi_cmp_mpi(u, v)
+#define MP_set(u, v) mpi_copy(u, v)
+#define MP_sub_w(mpi, w) mpi_sub_int(mpi, mpi, w)
+#define MP_cmp_1(mpi) mpi_cmp_int(mpi, 1)
+#define MP_modexp(r, y, q, p) mpi_exp_mod(r, y, q, p, NULL)
+#define MP_free(mpi) mpi_free(mpi, NULL); free(mpi)
+#define MP_gethex(u, hex, res) MP_new(u); res = mpi_read_string(u, 16, hex) == 0
+#define MP_bytes(u) mpi_size(u)
+#define MP_setbin(u,buf,len) mpi_write_binary(u,buf,len)
+#define MP_getbin(u,buf,len) MP_new(u); mpi_read_binary(u,buf,len)
+
+typedef struct MDH {
+ MP_t p;
+ MP_t g;
+ MP_t pub_key;
+ MP_t priv_key;
+ long length;
+ dhm_context ctx;
+} MDH;
+
+#define MDH_new() calloc(1,sizeof(MDH))
+#define MDH_free(vp) {MDH *dh = vp; dhm_free(&dh->ctx); MP_free(dh->p); MP_free(dh->g); MP_free(dh->pub_key); MP_free(dh->priv_key); free(dh);}
+
+static int MDH_generate_key(MDH *dh)
+{
+ unsigned char out[2];
+ MP_set(&dh->ctx.P, dh->p);
+ MP_set(&dh->ctx.G, dh->g);
+ dh->ctx.len = 128;
+ dhm_make_public(&dh->ctx, 1024, out, 1, havege_rand, &RTMP_TLS_ctx->hs);
+ MP_new(dh->pub_key);
+ MP_new(dh->priv_key);
+ MP_set(dh->pub_key, &dh->ctx.GX);
+ MP_set(dh->priv_key, &dh->ctx.X);
+ return 1;
+}
+
+static int MDH_compute_key(uint8_t *secret, size_t len, MP_t pub, MDH *dh)
+{
+ int n = len;
+ MP_set(&dh->ctx.GY, pub);
+ dhm_calc_secret(&dh->ctx, secret, &n);
+ return 0;
+}
+
+#elif defined(USE_GNUTLS)
#include <gcrypt.h>
typedef gcry_mpi_t MP_t;
-#define MP_new() gcry_mpi_new(1)
+#define MP_new(m) m = gcry_mpi_new(1)
#define MP_set_w(mpi, w) gcry_mpi_set_ui(mpi, w)
#define MP_cmp(u, v) gcry_mpi_cmp(u, v)
#define MP_set(u, v) gcry_mpi_set(u, v)
@@ -37,7 +87,7 @@ typedef gcry_mpi_t MP_t;
#define MP_cmp_1(mpi) gcry_mpi_cmp_ui(mpi, 1)
#define MP_modexp(r, y, q, p) gcry_mpi_powm(r, y, q, p)
#define MP_free(mpi) gcry_mpi_release(mpi)
-#define MP_gethex(u, hex, res) res = (gcry_mpi_scan(u, GCRYMPI_FMT_HEX, hex, 0, 0) == 0)
+#define MP_gethex(u, hex, res) res = (gcry_mpi_scan(&u, GCRYMPI_FMT_HEX, hex, 0, 0) == 0)
#define MP_bytes(u) (gcry_mpi_get_nbits(u) + 7) / 8
#define MP_setbin(u,buf,len) gcry_mpi_print(GCRYMPI_FMT_USG,buf,len,NULL,u)
#define MP_getbin(u,buf,len) gcry_mpi_scan(&u,GCRYMPI_FMT_USG,buf,len,NULL)
@@ -56,7 +106,6 @@ typedef struct MDH {
extern MP_t gnutls_calc_dh_secret(MP_t *priv, MP_t g, MP_t p);
extern MP_t gnutls_calc_dh_key(MP_t y, MP_t x, MP_t p);
-
#define MDH_generate_key(dh) (dh->pub_key = gnutls_calc_dh_secret(&dh->priv_key, dh->g, dh->p))
static int MDH_compute_key(uint8_t *secret, size_t len, MP_t pub, MDH *dh)
{
@@ -71,12 +120,12 @@ static int MDH_compute_key(uint8_t *secr
return -1;
}
-#else
+#else /* USE_OPENSSL */
#include <openssl/bn.h>
#include <openssl/dh.h>
typedef BIGNUM * MP_t;
-#define MP_new() BN_new()
+#define MP_new(m) m = BN_new()
#define MP_set_w(mpi, w) BN_set_word(mpi, w)
#define MP_cmp(u, v) BN_cmp(u, v)
#define MP_set(u, v) BN_copy(u, v)
@@ -84,7 +133,7 @@ typedef BIGNUM * MP_t;
#define MP_cmp_1(mpi) BN_cmp(mpi, BN_value_one())
#define MP_modexp(r, y, q, p) do {BN_CTX *ctx = BN_CTX_new(); BN_mod_exp(r, y, q, p, ctx); BN_CTX_free(ctx);} while(0)
#define MP_free(mpi) BN_free(mpi)
-#define MP_gethex(u, hex, res) res = BN_hex2bn(u, hex)
+#define MP_gethex(u, hex, res) res = BN_hex2bn(&u, hex)
#define MP_bytes(u) BN_num_bytes(u)
#define MP_setbin(u,buf,len) BN_bn2bin(u,buf)
#define MP_getbin(u,buf,len) u = BN_bin2bn(buf,len,0)
@@ -100,27 +149,6 @@ typedef BIGNUM * MP_t;
#include "log.h"
#include "dhgroups.h"
-/*
-MP_t dh_shared_p = 0; // shared prime
-MP_t dh_shared_g = 0; // shared base
-
-void dh_pg_init()
-{
- int res;
- if(dh_shared_p || dh_shared_g)
- return;
-
- dh_shared_p = MP_new();
- dh_shared_g = MP_new();
- assert(dh_shared_p && dh_shared_g);
-
- MP_gethex(&dh_shared_p, P1024, res); // prime P1024, see dhgroups.h
- assert(res);
-
- assert(MP_set_w(dh_shared_g, 2)); // base 2
-}
-*/
-
/* RFC 2631, Section 2.1.5, http://www.ietf.org/rfc/rfc2631.txt */
static bool
isValidPublicKey(MP_t y, MP_t p, MP_t q)
@@ -129,7 +157,7 @@ isValidPublicKey(MP_t y, MP_t p, MP_t q)
MP_t bn;
assert(y);
- bn = MP_new();
+ MP_new(bn);
assert(bn);
/* y must lie in [2,p-1] */
@@ -182,21 +210,18 @@ DHInit(int nKeyBits)
if (!dh)
goto failed;
- dh->g = MP_new();
+ MP_new(dh->g);
if (!dh->g)
goto failed;
- MP_gethex(&dh->p, P1024, res); /* prime P1024, see dhgroups.h */
+ MP_gethex(dh->p, P1024, res); /* prime P1024, see dhgroups.h */
if (!res)
{
goto failed;
}
- if (!MP_set_w(dh->g, 2)) /* base 2 */
- {
- goto failed;
- }
+ MP_set_w(dh->g, 2); /* base 2 */
dh->length = nKeyBits;
return dh;
@@ -222,7 +247,7 @@ DHGenerateKey(MDH *dh)
if (!MDH_generate_key(dh))
return 0;
- MP_gethex(&q1, Q1024, res);
+ MP_gethex(q1, Q1024, res);
assert(res);
res = isValidPublicKey(dh->pub_key, dh->p, q1);
@@ -293,7 +318,7 @@ DHComputeSharedSecretKey(MDH *dh, uint8_
if (!pubkeyBn)
return -1;
- MP_gethex(&q1, Q1024, len);
+ MP_gethex(q1, Q1024, len);
assert(len);
if (isValidPublicKey(pubkeyBn, dh->p, q1))
Modified: trunk/librtmp/handshake.h
==============================================================================
--- trunk/librtmp/handshake.h Wed Apr 28 23:19:03 2010 (r452)
+++ trunk/librtmp/handshake.h Thu Apr 29 17:42:08 2010 (r453)
@@ -23,7 +23,24 @@
/* This file is #included in rtmp.c, it is not meant to be compiled alone */
-#ifdef USE_GNUTLS
+#ifdef USE_POLARSSL
+#include <polarssl/sha2.h>
+#include <polarssl/arc4.h>
+#ifndef SHA256_DIGEST_LENGTH
+#define SHA256_DIGEST_LENGTH 32
+#endif
+#define HMAC_CTX sha2_context
+#define HMAC_setup(ctx, key, len) sha2_hmac_starts(&ctx, (unsigned char *)key, len, 0)
+#define HMAC_crunch(ctx, buf, len) sha2_hmac_update(&ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; sha2_hmac_finish(&ctx, dig)
+
+typedef arc4_context * RC4_handle;
+#define RC4_setup(h) *h = malloc(sizeof(arc4_context))
+#define RC4_setkey(h,l,k) arc4_setup(h,k,l)
+#define RC4_encrypt(h,l,d) arc4_crypt(h,l,(unsigned char *)d,(unsigned char *)d)
+#define RC4_encrypt2(h,l,s,d) arc4_crypt(h,l,(unsigned char *)s,(unsigned char *)d)
+
+#elif defined(USE_GNUTLS)
#include <gcrypt.h>
#ifndef SHA256_DIGEST_LENGTH
#define SHA256_DIGEST_LENGTH 32
@@ -39,7 +56,7 @@ typedef gcry_cipher_hd_t RC4_handle;
#define RC4_encrypt(h,l,d) gcry_cipher_encrypt(h,(void *)d,l,NULL,0)
#define RC4_encrypt2(h,l,s,d) gcry_cipher_encrypt(h,(void *)d,l,(void *)s,l)
-#else
+#else /* USE_OPENSSL */
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/rc4.h>
@@ -414,7 +431,7 @@ HandShake(RTMP * r, bool FP9HandShake)
if (encrypted)
{
/* generate Diffie-Hellmann parameters */
- r->Link.dh = DHInit(128); /* 1024 */
+ r->Link.dh = DHInit(1024);
if (!r->Link.dh)
{
RTMP_Log(RTMP_LOGERROR, "%s: Couldn't initialize Diffie-Hellmann!",
@@ -806,7 +823,7 @@ SHandShake(RTMP * r)
if (encrypted)
{
/* generate Diffie-Hellmann parameters */
- r->Link.dh = DHInit(128);
+ r->Link.dh = DHInit(1024);
if (!r->Link.dh)
{
RTMP_Log(RTMP_LOGERROR, "%s: Couldn't initialize Diffie-Hellmann!",
Modified: trunk/librtmp/hashswf.c
==============================================================================
--- trunk/librtmp/hashswf.c Wed Apr 28 23:19:03 2010 (r452)
+++ trunk/librtmp/hashswf.c Thu Apr 29 17:42:08 2010 (r453)
@@ -30,7 +30,17 @@
#include "http.h"
#ifdef CRYPTO
-#ifdef USE_GNUTLS
+#ifdef USE_POLARSSL
+#include <polarssl/sha2.h>
+#ifndef SHA256_DIGEST_LENGTH
+#define SHA256_DIGEST_LENGTH 32
+#endif
+#define HMAC_CTX sha2_context
+#define HMAC_setup(ctx, key, len) sha2_hmac_starts(&ctx, (unsigned char *)key, len, 0)
+#define HMAC_crunch(ctx, buf, len) sha2_hmac_update(&ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; sha2_hmac_finish(&ctx, dig)
+#define HMAC_close(ctx)
+#elif defined(USE_GNUTLS)
#include <gnutls/gnutls.h>
#include <gcrypt.h>
#ifndef SHA256_DIGEST_LENGTH
@@ -41,7 +51,7 @@
#define HMAC_crunch(ctx, buf, len) gcry_md_write(ctx, buf, len)
#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; memcpy(dig, gcry_md_read(ctx, 0), dlen)
#define HMAC_close(ctx) gcry_md_close(ctx)
-#else
+#else /* USE_OPENSSL */
#include <openssl/ssl.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
Modified: trunk/librtmp/rtmp.c
==============================================================================
--- trunk/librtmp/rtmp.c Wed Apr 28 23:19:03 2010 (r452)
+++ trunk/librtmp/rtmp.c Thu Apr 29 17:42:08 2010 (r453)
@@ -31,9 +31,11 @@
#include "log.h"
#ifdef CRYPTO
-#ifdef USE_GNUTLS
+#ifdef USE_POLARSSL
+#include <polarssl/havege.h>
+#elif defined(USE_GNUTLS)
#include <gnutls/gnutls.h>
-#else
+#else /* USE_OPENSSL */
#include <openssl/ssl.h>
#include <openssl/rc4.h>
#endif
@@ -196,14 +198,17 @@ void
RTMP_TLS_Init()
{
#ifdef CRYPTO
-#ifdef USE_GNUTLS
+#ifdef USE_POLARSSL
+ RTMP_TLS_ctx = calloc(1,sizeof(struct tls_ctx));
+ havege_init(&RTMP_TLS_ctx->hs);
+#elif defined(USE_GNUTLS)
gnutls_global_init();
RTMP_TLS_ctx = malloc(sizeof(struct tls_ctx));
gnutls_certificate_allocate_credentials(&RTMP_TLS_ctx->cred);
gnutls_priority_init(&RTMP_TLS_ctx->prios, "NORMAL", NULL);
gnutls_certificate_set_x509_trust_file(RTMP_TLS_ctx->cred,
"ca.pem", GNUTLS_X509_FMT_PEM);
-#else
+#else /* USE_OPENSSL */
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_digests();
Modified: trunk/librtmp/rtmp_sys.h
==============================================================================
--- trunk/librtmp/rtmp_sys.h Wed Apr 28 23:19:03 2010 (r452)
+++ trunk/librtmp/rtmp_sys.h Thu Apr 29 17:42:08 2010 (r453)
@@ -48,7 +48,27 @@
#include "rtmp.h"
-#ifdef USE_GNUTLS
+#ifdef USE_POLARSSL
+#include <polarssl/net.h>
+#include <polarssl/ssl.h>
+#include <polarssl/havege.h>
+typedef struct tls_ctx {
+ havege_state hs;
+ ssl_session ssn;
+} tls_ctx;
+#define TLS_CTX tls_ctx *
+#define TLS_client(ctx,s) s = malloc(sizeof(ssl_context)); ssl_init(s);\
+ ssl_set_endpoint(s, SSL_IS_CLIENT); ssl_set_authmode(s, SSL_VERIFY_NONE);\
+ ssl_set_rng(s, havege_rand, &ctx->hs); ssl_set_ciphers(s, ssl_default_ciphers);\
+ ssl_set_session(s, 1, 600, &ctx->ssn)
+#define TLS_setfd(s,fd) ssl_set_bio(s, net_recv, &fd, net_send, &fd)
+#define TLS_connect(s) ssl_handshake(s)
+#define TLS_read(s,b,l) ssl_read(s,(unsigned char *)b,l)
+#define TLS_write(s,b,l) ssl_write(s,(unsigned char *)b,l)
+#define TLS_shutdown(s) ssl_close_notify(s)
+#define TLS_close(s) ssl_free(s); free(s)
+
+#elif defined(USE_GNUTLS)
#include <gnutls/gnutls.h>
typedef struct tls_ctx {
gnutls_certificate_credentials_t cred;
@@ -62,7 +82,8 @@ typedef struct tls_ctx {
#define TLS_write(s,b,l) gnutls_record_send(s,b,l)
#define TLS_shutdown(s) gnutls_bye(s, GNUTLS_SHUT_RDWR)
#define TLS_close(s) gnutls_deinit(s)
-#else
+
+#else /* USE_OPENSSL */
#define TLS_CTX SSL_CTX *
#define TLS_client(ctx,s) s = SSL_new(ctx)
#define TLS_setfd(s,fd) SSL_set_fd(s,fd)
More information about the rtmpdump
mailing list