From 6399892bf2c53fc3701438c752718638baff8e27 Mon Sep 17 00:00:00 2001 From: Marvin W Date: Fri, 14 May 2021 19:26:05 +0200 Subject: Move crypto-vala to shared library --- crypto-vala/src/cipher.vala | 152 ++++++++++++++++++++++++++++++++++ crypto-vala/src/cipher_converter.vala | 102 +++++++++++++++++++++++ crypto-vala/src/error.vala | 15 ++++ crypto-vala/src/random.vala | 5 ++ crypto-vala/src/srtp.vala | 122 +++++++++++++++++++++++++++ 5 files changed, 396 insertions(+) create mode 100644 crypto-vala/src/cipher.vala create mode 100644 crypto-vala/src/cipher_converter.vala create mode 100644 crypto-vala/src/error.vala create mode 100644 crypto-vala/src/random.vala create mode 100644 crypto-vala/src/srtp.vala (limited to 'crypto-vala/src') diff --git a/crypto-vala/src/cipher.vala b/crypto-vala/src/cipher.vala new file mode 100644 index 00000000..306dafa8 --- /dev/null +++ b/crypto-vala/src/cipher.vala @@ -0,0 +1,152 @@ +namespace Crypto { +public class SymmetricCipher { + private GCrypt.Cipher.Cipher cipher; + + public static bool supports(string algo_name) { + GCrypt.Cipher.Algorithm algo; + GCrypt.Cipher.Mode mode; + GCrypt.Cipher.Flag flags; + return parse(algo_name, out algo, out mode, out flags); + } + + private static unowned string mode_to_string(GCrypt.Cipher.Mode mode) { + switch (mode) { + case GCrypt.Cipher.Mode.ECB: return "ECB"; + case GCrypt.Cipher.Mode.CFB: return "CFB"; + case GCrypt.Cipher.Mode.CBC: return "CBC"; + case GCrypt.Cipher.Mode.STREAM: return "STREAM"; + case GCrypt.Cipher.Mode.OFB: return "OFB"; + case GCrypt.Cipher.Mode.CTR: return "CTR"; + case GCrypt.Cipher.Mode.AESWRAP: return "AESWRAP"; + case GCrypt.Cipher.Mode.GCM: return "GCM"; + case GCrypt.Cipher.Mode.POLY1305: return "POLY1305"; + case GCrypt.Cipher.Mode.OCB: return "OCB"; + case GCrypt.Cipher.Mode.CFB8: return "CFB8"; + // case GCrypt.Cipher.Mode.XTS: return "XTS"; // Not supported in gcrypt < 1.8 + } + return "NONE"; + } + + private static GCrypt.Cipher.Mode mode_from_string(string name) { + switch (name) { + case "ECB": return GCrypt.Cipher.Mode.ECB; + case "CFB": return GCrypt.Cipher.Mode.CFB; + case "CBC": return GCrypt.Cipher.Mode.CBC; + case "STREAM": return GCrypt.Cipher.Mode.STREAM; + case "OFB": return GCrypt.Cipher.Mode.OFB; + case "CTR": return GCrypt.Cipher.Mode.CTR; + case "AESWRAP": return GCrypt.Cipher.Mode.AESWRAP; + case "GCM": return GCrypt.Cipher.Mode.GCM; + case "POLY1305": return GCrypt.Cipher.Mode.POLY1305; + case "OCB": return GCrypt.Cipher.Mode.OCB; + case "CFB8": return GCrypt.Cipher.Mode.CFB8; + // case "XTS": return GCrypt.Cipher.Mode.XTS; // Not supported in gcrypt < 1.8 + } + return GCrypt.Cipher.Mode.NONE; + } + + private static string flags_to_string(GCrypt.Cipher.Flag flags) { + string? s = null; + if ((GCrypt.Cipher.Flag.CBC_MAC & flags) != 0) s = (s == null ? "" : @"$s-") + "MAC"; + if ((GCrypt.Cipher.Flag.CBC_CTS & flags) != 0) s = (s == null ? "" : @"$s-") + "CTS"; + if ((GCrypt.Cipher.Flag.ENABLE_SYNC & flags) != 0) s = (s == null ? "" : @"$s-") + "SYNC"; + if ((GCrypt.Cipher.Flag.SECURE & flags) != 0) s = (s == null ? "" : @"$s-") + "SECURE"; + return s ?? "NONE"; + } + + private static GCrypt.Cipher.Flag flag_from_string(string flag_name) { + if (flag_name == "SECURE") return GCrypt.Cipher.Flag.SECURE; + if (flag_name == "SYNC") return GCrypt.Cipher.Flag.ENABLE_SYNC; + if (flag_name == "CTS") return GCrypt.Cipher.Flag.CBC_CTS; + if (flag_name == "MAC") return GCrypt.Cipher.Flag.CBC_MAC; + return 0; + } + + private static GCrypt.Cipher.Flag flags_from_string(string flag_names) { + GCrypt.Cipher.Flag flags = 0; + foreach(string flag in flag_names.split("-")) { + flags |= flag_from_string(flag); + } + return flags; + } + + private static bool parse(string algo_name, out GCrypt.Cipher.Algorithm algo, out GCrypt.Cipher.Mode mode, out GCrypt.Cipher.Flag flags) { + algo = GCrypt.Cipher.Algorithm.NONE; + mode = GCrypt.Cipher.Mode.NONE; + flags = 0; + string[] algo_parts = algo_name.split("-", 3); + + algo = GCrypt.Cipher.Algorithm.from_string(algo_parts[0]); + if (algo_parts.length >= 2) { + mode = mode_from_string(algo_parts[1]); + } + if (algo_parts.length == 3) { + flags |= flags_from_string(algo_parts[2]); + } + return to_algo_name(algo, mode, flags) == algo_name; + } + + private static string to_algo_name(GCrypt.Cipher.Algorithm algo = GCrypt.Cipher.Algorithm.NONE, GCrypt.Cipher.Mode mode = GCrypt.Cipher.Mode.NONE, GCrypt.Cipher.Flag flags = 0) { + if (flags != 0) { + return @"$algo-$(mode_to_string(mode))-$(flags_to_string(flags))"; + } else if (mode != GCrypt.Cipher.Mode.NONE) { + return @"$algo-$(mode_to_string(mode))"; + } else { + return algo.to_string(); + } + } + + public SymmetricCipher(string algo_name) throws Error { + GCrypt.Cipher.Algorithm algo; + GCrypt.Cipher.Mode mode; + GCrypt.Cipher.Flag flags; + if (parse(algo_name, out algo, out mode, out flags)) { + this.gcrypt(algo, mode, flags); + } else { + throw new Error.ILLEGAL_ARGUMENTS(@"The algorithm $algo_name is not supported"); + } + } + + private SymmetricCipher.gcrypt(GCrypt.Cipher.Algorithm algo, GCrypt.Cipher.Mode mode, GCrypt.Cipher.Flag flags) throws Error { + may_throw_gcrypt_error(GCrypt.Cipher.Cipher.open(out this.cipher, algo, mode, flags)); + } + + public void set_key(uint8[] key) throws Error { + may_throw_gcrypt_error(cipher.set_key(key)); + } + + public void set_iv(uint8[] iv) throws Error { + may_throw_gcrypt_error(cipher.set_iv(iv)); + } + + public void set_counter_vector(uint8[] ctr) throws Error { + may_throw_gcrypt_error(cipher.set_counter_vector(ctr)); + } + + public void reset() throws Error { + may_throw_gcrypt_error(cipher.reset()); + } + + public uint8[] get_tag(size_t taglen) throws Error { + uint8[] tag = new uint8[taglen]; + may_throw_gcrypt_error(cipher.get_tag(tag)); + return tag; + } + + public void check_tag(uint8[] tag) throws Error { + may_throw_gcrypt_error(cipher.check_tag(tag)); + } + + public void encrypt(uint8[] output, uint8[] input) throws Error { + may_throw_gcrypt_error(cipher.encrypt(output, input)); + } + + public void decrypt(uint8[] output, uint8[] input) throws Error { + may_throw_gcrypt_error(cipher.decrypt(output, input)); + } + + public void sync() throws Error { + may_throw_gcrypt_error(cipher.sync()); + } +} +} diff --git a/crypto-vala/src/cipher_converter.vala b/crypto-vala/src/cipher_converter.vala new file mode 100644 index 00000000..b2b52c5a --- /dev/null +++ b/crypto-vala/src/cipher_converter.vala @@ -0,0 +1,102 @@ +using GLib; + +namespace Crypto { +public abstract class SymmetricCipherConverter : Converter, Object { + internal SymmetricCipher cipher; + internal size_t attached_taglen; + + public abstract ConverterResult convert(uint8[] inbuf, uint8[] outbuf, ConverterFlags flags, out size_t bytes_read, out size_t bytes_written) throws IOError; + + public uint8[] get_tag(size_t taglen) throws Error { + return cipher.get_tag(taglen); + } + + public void check_tag(uint8[] tag) throws Error { + cipher.check_tag(tag); + } + + public void reset() { + try { + cipher.reset(); + } catch (Crypto.Error e) { + warning(@"$(e.domain) error while resetting cipher: $(e.message)"); + } + } +} + +public class SymmetricCipherEncrypter : SymmetricCipherConverter { + public SymmetricCipherEncrypter(owned SymmetricCipher cipher, size_t attached_taglen = 0) { + this.cipher = (owned) cipher; + this.attached_taglen = attached_taglen; + } + + public override ConverterResult convert(uint8[] inbuf, uint8[] outbuf, ConverterFlags flags, out size_t bytes_read, out size_t bytes_written) throws IOError { + if (inbuf.length > outbuf.length) { + throw new IOError.NO_SPACE("CipherConverter needs at least the size of input as output space"); + } + if ((flags & ConverterFlags.INPUT_AT_END) != 0 && inbuf.length + attached_taglen > outbuf.length) { + throw new IOError.NO_SPACE("CipherConverter needs additional output space to attach tag"); + } + try { + if (inbuf.length > 0) { + cipher.encrypt(outbuf, inbuf); + } + bytes_read = inbuf.length; + bytes_written = inbuf.length; + if ((flags & ConverterFlags.INPUT_AT_END) != 0) { + if (attached_taglen > 0) { + Memory.copy((uint8*)outbuf + inbuf.length, get_tag(attached_taglen), attached_taglen); + bytes_written = inbuf.length + attached_taglen; + } + return ConverterResult.FINISHED; + } + if ((flags & ConverterFlags.FLUSH) != 0) { + return ConverterResult.FLUSHED; + } + return ConverterResult.CONVERTED; + } catch (Crypto.Error e) { + throw new IOError.FAILED(@"$(e.domain) error while decrypting: $(e.message)"); + } + } +} + +public class SymmetricCipherDecrypter : SymmetricCipherConverter { + public SymmetricCipherDecrypter(owned SymmetricCipher cipher, size_t attached_taglen = 0) { + this.cipher = (owned) cipher; + this.attached_taglen = attached_taglen; + } + + public override ConverterResult convert(uint8[] inbuf, uint8[] outbuf, ConverterFlags flags, out size_t bytes_read, out size_t bytes_written) throws IOError { + if (inbuf.length > outbuf.length + attached_taglen) { + throw new IOError.NO_SPACE("CipherConverter needs at least the size of input as output space"); + } + if ((flags & ConverterFlags.INPUT_AT_END) != 0 && inbuf.length < attached_taglen) { + throw new IOError.PARTIAL_INPUT("CipherConverter needs additional input to read tag"); + } else if ((flags & ConverterFlags.INPUT_AT_END) == 0 && inbuf.length < attached_taglen + 1) { + throw new IOError.PARTIAL_INPUT("CipherConverter needs additional input to make sure to not accidentally read tag"); + } + try { + inbuf.length -= (int) attached_taglen; + if (inbuf.length > 0) { + cipher.decrypt(outbuf, inbuf); + } + bytes_read = inbuf.length; + bytes_written = inbuf.length; + inbuf.length += (int) attached_taglen; + if ((flags & ConverterFlags.INPUT_AT_END) != 0) { + if (attached_taglen > 0) { + check_tag(inbuf[(inbuf.length - attached_taglen):inbuf.length]); + bytes_read = inbuf.length; + } + return ConverterResult.FINISHED; + } + if ((flags & ConverterFlags.FLUSH) != 0) { + return ConverterResult.FLUSHED; + } + return ConverterResult.CONVERTED; + } catch (Crypto.Error e) { + throw new IOError.FAILED(@"$(e.domain) error while decrypting: $(e.message)"); + } + } +} +} diff --git a/crypto-vala/src/error.vala b/crypto-vala/src/error.vala new file mode 100644 index 00000000..5007d725 --- /dev/null +++ b/crypto-vala/src/error.vala @@ -0,0 +1,15 @@ +namespace Crypto { + +public errordomain Error { + ILLEGAL_ARGUMENTS, + GCRYPT, + AUTHENTICATION_FAILED, + UNKNOWN +} + +internal void may_throw_gcrypt_error(GCrypt.Error e) throws Error { + if (((int)e) != 0) { + throw new Crypto.Error.GCRYPT(e.to_string()); + } +} +} \ No newline at end of file diff --git a/crypto-vala/src/random.vala b/crypto-vala/src/random.vala new file mode 100644 index 00000000..3f5d3ba9 --- /dev/null +++ b/crypto-vala/src/random.vala @@ -0,0 +1,5 @@ +namespace Crypto { +public static void randomize(uint8[] buffer) { + GCrypt.Random.randomize(buffer); +} +} \ No newline at end of file diff --git a/crypto-vala/src/srtp.vala b/crypto-vala/src/srtp.vala new file mode 100644 index 00000000..c7f45da3 --- /dev/null +++ b/crypto-vala/src/srtp.vala @@ -0,0 +1,122 @@ +using Srtp; + +namespace Crypto.Srtp { +public const string AES_CM_128_HMAC_SHA1_80 = "AES_CM_128_HMAC_SHA1_80"; +public const string AES_CM_128_HMAC_SHA1_32 = "AES_CM_128_HMAC_SHA1_32"; +public const string F8_128_HMAC_SHA1_80 = "F8_128_HMAC_SHA1_80"; + +public class Session { + public bool has_encrypt { get; private set; default = false; } + public bool has_decrypt { get; private set; default = false; } + + private Context encrypt_context; + private Context decrypt_context; + + static construct { + init(); + install_log_handler(log); + } + + private static void log(LogLevel level, string msg) { + print(@"SRTP[$level]: $msg\n"); + } + + public Session() { + Context.create(out encrypt_context, null); + Context.create(out decrypt_context, null); + } + + public uint8[] encrypt_rtp(uint8[] data) throws Error { + uint8[] buf = new uint8[data.length + MAX_TRAILER_LEN]; + Memory.copy(buf, data, data.length); + int buf_use = data.length; + ErrorStatus res = encrypt_context.protect(buf, ref buf_use); + if (res != ErrorStatus.ok) { + throw new Error.UNKNOWN(@"SRTP encrypt failed: $res"); + } + uint8[] ret = new uint8[buf_use]; + GLib.Memory.copy(ret, buf, buf_use); + return ret; + } + + public uint8[] decrypt_rtp(uint8[] data) throws Error { + uint8[] buf = new uint8[data.length]; + Memory.copy(buf, data, data.length); + int buf_use = data.length; + ErrorStatus res = decrypt_context.unprotect(buf, ref buf_use); + switch (res) { + case ErrorStatus.auth_fail: + throw new Error.AUTHENTICATION_FAILED("SRTP packet failed the message authentication check"); + case ErrorStatus.ok: + break; + default: + throw new Error.UNKNOWN(@"SRTP decrypt failed: $res"); + } + uint8[] ret = new uint8[buf_use]; + GLib.Memory.copy(ret, buf, buf_use); + return ret; + } + + public uint8[] encrypt_rtcp(uint8[] data) throws Error { + uint8[] buf = new uint8[data.length + MAX_TRAILER_LEN + 4]; + Memory.copy(buf, data, data.length); + int buf_use = data.length; + ErrorStatus res = encrypt_context.protect_rtcp(buf, ref buf_use); + if (res != ErrorStatus.ok) { + throw new Error.UNKNOWN(@"SRTCP encrypt failed: $res"); + } + uint8[] ret = new uint8[buf_use]; + GLib.Memory.copy(ret, buf, buf_use); + return ret; + } + + public uint8[] decrypt_rtcp(uint8[] data) throws Error { + uint8[] buf = new uint8[data.length]; + Memory.copy(buf, data, data.length); + int buf_use = data.length; + ErrorStatus res = decrypt_context.unprotect_rtcp(buf, ref buf_use); + switch (res) { + case ErrorStatus.auth_fail: + throw new Error.AUTHENTICATION_FAILED("SRTCP packet failed the message authentication check"); + case ErrorStatus.ok: + break; + default: + throw new Error.UNKNOWN(@"SRTP decrypt failed: $res"); + } + uint8[] ret = new uint8[buf_use]; + GLib.Memory.copy(ret, buf, buf_use); + return ret; + } + + private Policy create_policy(string profile) { + Policy policy = Policy(); + switch (profile) { + case AES_CM_128_HMAC_SHA1_80: + policy.rtp.set_aes_cm_128_hmac_sha1_80(); + policy.rtcp.set_aes_cm_128_hmac_sha1_80(); + break; + } + return policy; + } + + public void set_encryption_key(string profile, uint8[] key, uint8[] salt) { + Policy policy = create_policy(profile); + policy.ssrc.type = SsrcType.any_outbound; + policy.key = new uint8[key.length + salt.length]; + Memory.copy(policy.key, key, key.length); + Memory.copy(((uint8*)policy.key) + key.length, salt, salt.length); + encrypt_context.add_stream(ref policy); + has_encrypt = true; + } + + public void set_decryption_key(string profile, uint8[] key, uint8[] salt) { + Policy policy = create_policy(profile); + policy.ssrc.type = SsrcType.any_inbound; + policy.key = new uint8[key.length + salt.length]; + Memory.copy(policy.key, key, key.length); + Memory.copy(((uint8*)policy.key) + key.length, salt, salt.length); + decrypt_context.add_stream(ref policy); + has_decrypt = true; + } +} +} \ No newline at end of file -- cgit v1.2.3-54-g00ecf