From 6399892bf2c53fc3701438c752718638baff8e27 Mon Sep 17 00:00:00 2001 From: Marvin W Date: Fri, 14 May 2021 19:26:05 +0200 Subject: Move crypto-vala to shared library --- plugins/crypto-vala/src/cipher.vala | 152 -------------------------- plugins/crypto-vala/src/cipher_converter.vala | 102 ----------------- plugins/crypto-vala/src/error.vala | 15 --- plugins/crypto-vala/src/random.vala | 5 - plugins/crypto-vala/src/srtp.vala | 122 --------------------- 5 files changed, 396 deletions(-) delete mode 100644 plugins/crypto-vala/src/cipher.vala delete mode 100644 plugins/crypto-vala/src/cipher_converter.vala delete mode 100644 plugins/crypto-vala/src/error.vala delete mode 100644 plugins/crypto-vala/src/random.vala delete mode 100644 plugins/crypto-vala/src/srtp.vala (limited to 'plugins/crypto-vala/src') diff --git a/plugins/crypto-vala/src/cipher.vala b/plugins/crypto-vala/src/cipher.vala deleted file mode 100644 index 306dafa8..00000000 --- a/plugins/crypto-vala/src/cipher.vala +++ /dev/null @@ -1,152 +0,0 @@ -namespace Crypto { -public class SymmetricCipher { - private GCrypt.Cipher.Cipher cipher; - - public static bool supports(string algo_name) { - GCrypt.Cipher.Algorithm algo; - GCrypt.Cipher.Mode mode; - GCrypt.Cipher.Flag flags; - return parse(algo_name, out algo, out mode, out flags); - } - - private static unowned string mode_to_string(GCrypt.Cipher.Mode mode) { - switch (mode) { - case GCrypt.Cipher.Mode.ECB: return "ECB"; - case GCrypt.Cipher.Mode.CFB: return "CFB"; - case GCrypt.Cipher.Mode.CBC: return "CBC"; - case GCrypt.Cipher.Mode.STREAM: return "STREAM"; - case GCrypt.Cipher.Mode.OFB: return "OFB"; - case GCrypt.Cipher.Mode.CTR: return "CTR"; - case GCrypt.Cipher.Mode.AESWRAP: return "AESWRAP"; - case GCrypt.Cipher.Mode.GCM: return "GCM"; - case GCrypt.Cipher.Mode.POLY1305: return "POLY1305"; - case GCrypt.Cipher.Mode.OCB: return "OCB"; - case GCrypt.Cipher.Mode.CFB8: return "CFB8"; - // case GCrypt.Cipher.Mode.XTS: return "XTS"; // Not supported in gcrypt < 1.8 - } - return "NONE"; - } - - private static GCrypt.Cipher.Mode mode_from_string(string name) { - switch (name) { - case "ECB": return GCrypt.Cipher.Mode.ECB; - case "CFB": return GCrypt.Cipher.Mode.CFB; - case "CBC": return GCrypt.Cipher.Mode.CBC; - case "STREAM": return GCrypt.Cipher.Mode.STREAM; - case "OFB": return GCrypt.Cipher.Mode.OFB; - case "CTR": return GCrypt.Cipher.Mode.CTR; - case "AESWRAP": return GCrypt.Cipher.Mode.AESWRAP; - case "GCM": return GCrypt.Cipher.Mode.GCM; - case "POLY1305": return GCrypt.Cipher.Mode.POLY1305; - case "OCB": return GCrypt.Cipher.Mode.OCB; - case "CFB8": return GCrypt.Cipher.Mode.CFB8; - // case "XTS": return GCrypt.Cipher.Mode.XTS; // Not supported in gcrypt < 1.8 - } - return GCrypt.Cipher.Mode.NONE; - } - - private static string flags_to_string(GCrypt.Cipher.Flag flags) { - string? s = null; - if ((GCrypt.Cipher.Flag.CBC_MAC & flags) != 0) s = (s == null ? "" : @"$s-") + "MAC"; - if ((GCrypt.Cipher.Flag.CBC_CTS & flags) != 0) s = (s == null ? "" : @"$s-") + "CTS"; - if ((GCrypt.Cipher.Flag.ENABLE_SYNC & flags) != 0) s = (s == null ? "" : @"$s-") + "SYNC"; - if ((GCrypt.Cipher.Flag.SECURE & flags) != 0) s = (s == null ? "" : @"$s-") + "SECURE"; - return s ?? "NONE"; - } - - private static GCrypt.Cipher.Flag flag_from_string(string flag_name) { - if (flag_name == "SECURE") return GCrypt.Cipher.Flag.SECURE; - if (flag_name == "SYNC") return GCrypt.Cipher.Flag.ENABLE_SYNC; - if (flag_name == "CTS") return GCrypt.Cipher.Flag.CBC_CTS; - if (flag_name == "MAC") return GCrypt.Cipher.Flag.CBC_MAC; - return 0; - } - - private static GCrypt.Cipher.Flag flags_from_string(string flag_names) { - GCrypt.Cipher.Flag flags = 0; - foreach(string flag in flag_names.split("-")) { - flags |= flag_from_string(flag); - } - return flags; - } - - private static bool parse(string algo_name, out GCrypt.Cipher.Algorithm algo, out GCrypt.Cipher.Mode mode, out GCrypt.Cipher.Flag flags) { - algo = GCrypt.Cipher.Algorithm.NONE; - mode = GCrypt.Cipher.Mode.NONE; - flags = 0; - string[] algo_parts = algo_name.split("-", 3); - - algo = GCrypt.Cipher.Algorithm.from_string(algo_parts[0]); - if (algo_parts.length >= 2) { - mode = mode_from_string(algo_parts[1]); - } - if (algo_parts.length == 3) { - flags |= flags_from_string(algo_parts[2]); - } - return to_algo_name(algo, mode, flags) == algo_name; - } - - private static string to_algo_name(GCrypt.Cipher.Algorithm algo = GCrypt.Cipher.Algorithm.NONE, GCrypt.Cipher.Mode mode = GCrypt.Cipher.Mode.NONE, GCrypt.Cipher.Flag flags = 0) { - if (flags != 0) { - return @"$algo-$(mode_to_string(mode))-$(flags_to_string(flags))"; - } else if (mode != GCrypt.Cipher.Mode.NONE) { - return @"$algo-$(mode_to_string(mode))"; - } else { - return algo.to_string(); - } - } - - public SymmetricCipher(string algo_name) throws Error { - GCrypt.Cipher.Algorithm algo; - GCrypt.Cipher.Mode mode; - GCrypt.Cipher.Flag flags; - if (parse(algo_name, out algo, out mode, out flags)) { - this.gcrypt(algo, mode, flags); - } else { - throw new Error.ILLEGAL_ARGUMENTS(@"The algorithm $algo_name is not supported"); - } - } - - private SymmetricCipher.gcrypt(GCrypt.Cipher.Algorithm algo, GCrypt.Cipher.Mode mode, GCrypt.Cipher.Flag flags) throws Error { - may_throw_gcrypt_error(GCrypt.Cipher.Cipher.open(out this.cipher, algo, mode, flags)); - } - - public void set_key(uint8[] key) throws Error { - may_throw_gcrypt_error(cipher.set_key(key)); - } - - public void set_iv(uint8[] iv) throws Error { - may_throw_gcrypt_error(cipher.set_iv(iv)); - } - - public void set_counter_vector(uint8[] ctr) throws Error { - may_throw_gcrypt_error(cipher.set_counter_vector(ctr)); - } - - public void reset() throws Error { - may_throw_gcrypt_error(cipher.reset()); - } - - public uint8[] get_tag(size_t taglen) throws Error { - uint8[] tag = new uint8[taglen]; - may_throw_gcrypt_error(cipher.get_tag(tag)); - return tag; - } - - public void check_tag(uint8[] tag) throws Error { - may_throw_gcrypt_error(cipher.check_tag(tag)); - } - - public void encrypt(uint8[] output, uint8[] input) throws Error { - may_throw_gcrypt_error(cipher.encrypt(output, input)); - } - - public void decrypt(uint8[] output, uint8[] input) throws Error { - may_throw_gcrypt_error(cipher.decrypt(output, input)); - } - - public void sync() throws Error { - may_throw_gcrypt_error(cipher.sync()); - } -} -} diff --git a/plugins/crypto-vala/src/cipher_converter.vala b/plugins/crypto-vala/src/cipher_converter.vala deleted file mode 100644 index b2b52c5a..00000000 --- a/plugins/crypto-vala/src/cipher_converter.vala +++ /dev/null @@ -1,102 +0,0 @@ -using GLib; - -namespace Crypto { -public abstract class SymmetricCipherConverter : Converter, Object { - internal SymmetricCipher cipher; - internal size_t attached_taglen; - - public abstract ConverterResult convert(uint8[] inbuf, uint8[] outbuf, ConverterFlags flags, out size_t bytes_read, out size_t bytes_written) throws IOError; - - public uint8[] get_tag(size_t taglen) throws Error { - return cipher.get_tag(taglen); - } - - public void check_tag(uint8[] tag) throws Error { - cipher.check_tag(tag); - } - - public void reset() { - try { - cipher.reset(); - } catch (Crypto.Error e) { - warning(@"$(e.domain) error while resetting cipher: $(e.message)"); - } - } -} - -public class SymmetricCipherEncrypter : SymmetricCipherConverter { - public SymmetricCipherEncrypter(owned SymmetricCipher cipher, size_t attached_taglen = 0) { - this.cipher = (owned) cipher; - this.attached_taglen = attached_taglen; - } - - public override ConverterResult convert(uint8[] inbuf, uint8[] outbuf, ConverterFlags flags, out size_t bytes_read, out size_t bytes_written) throws IOError { - if (inbuf.length > outbuf.length) { - throw new IOError.NO_SPACE("CipherConverter needs at least the size of input as output space"); - } - if ((flags & ConverterFlags.INPUT_AT_END) != 0 && inbuf.length + attached_taglen > outbuf.length) { - throw new IOError.NO_SPACE("CipherConverter needs additional output space to attach tag"); - } - try { - if (inbuf.length > 0) { - cipher.encrypt(outbuf, inbuf); - } - bytes_read = inbuf.length; - bytes_written = inbuf.length; - if ((flags & ConverterFlags.INPUT_AT_END) != 0) { - if (attached_taglen > 0) { - Memory.copy((uint8*)outbuf + inbuf.length, get_tag(attached_taglen), attached_taglen); - bytes_written = inbuf.length + attached_taglen; - } - return ConverterResult.FINISHED; - } - if ((flags & ConverterFlags.FLUSH) != 0) { - return ConverterResult.FLUSHED; - } - return ConverterResult.CONVERTED; - } catch (Crypto.Error e) { - throw new IOError.FAILED(@"$(e.domain) error while decrypting: $(e.message)"); - } - } -} - -public class SymmetricCipherDecrypter : SymmetricCipherConverter { - public SymmetricCipherDecrypter(owned SymmetricCipher cipher, size_t attached_taglen = 0) { - this.cipher = (owned) cipher; - this.attached_taglen = attached_taglen; - } - - public override ConverterResult convert(uint8[] inbuf, uint8[] outbuf, ConverterFlags flags, out size_t bytes_read, out size_t bytes_written) throws IOError { - if (inbuf.length > outbuf.length + attached_taglen) { - throw new IOError.NO_SPACE("CipherConverter needs at least the size of input as output space"); - } - if ((flags & ConverterFlags.INPUT_AT_END) != 0 && inbuf.length < attached_taglen) { - throw new IOError.PARTIAL_INPUT("CipherConverter needs additional input to read tag"); - } else if ((flags & ConverterFlags.INPUT_AT_END) == 0 && inbuf.length < attached_taglen + 1) { - throw new IOError.PARTIAL_INPUT("CipherConverter needs additional input to make sure to not accidentally read tag"); - } - try { - inbuf.length -= (int) attached_taglen; - if (inbuf.length > 0) { - cipher.decrypt(outbuf, inbuf); - } - bytes_read = inbuf.length; - bytes_written = inbuf.length; - inbuf.length += (int) attached_taglen; - if ((flags & ConverterFlags.INPUT_AT_END) != 0) { - if (attached_taglen > 0) { - check_tag(inbuf[(inbuf.length - attached_taglen):inbuf.length]); - bytes_read = inbuf.length; - } - return ConverterResult.FINISHED; - } - if ((flags & ConverterFlags.FLUSH) != 0) { - return ConverterResult.FLUSHED; - } - return ConverterResult.CONVERTED; - } catch (Crypto.Error e) { - throw new IOError.FAILED(@"$(e.domain) error while decrypting: $(e.message)"); - } - } -} -} diff --git a/plugins/crypto-vala/src/error.vala b/plugins/crypto-vala/src/error.vala deleted file mode 100644 index 5007d725..00000000 --- a/plugins/crypto-vala/src/error.vala +++ /dev/null @@ -1,15 +0,0 @@ -namespace Crypto { - -public errordomain Error { - ILLEGAL_ARGUMENTS, - GCRYPT, - AUTHENTICATION_FAILED, - UNKNOWN -} - -internal void may_throw_gcrypt_error(GCrypt.Error e) throws Error { - if (((int)e) != 0) { - throw new Crypto.Error.GCRYPT(e.to_string()); - } -} -} \ No newline at end of file diff --git a/plugins/crypto-vala/src/random.vala b/plugins/crypto-vala/src/random.vala deleted file mode 100644 index 3f5d3ba9..00000000 --- a/plugins/crypto-vala/src/random.vala +++ /dev/null @@ -1,5 +0,0 @@ -namespace Crypto { -public static void randomize(uint8[] buffer) { - GCrypt.Random.randomize(buffer); -} -} \ No newline at end of file diff --git a/plugins/crypto-vala/src/srtp.vala b/plugins/crypto-vala/src/srtp.vala deleted file mode 100644 index 493afdb0..00000000 --- a/plugins/crypto-vala/src/srtp.vala +++ /dev/null @@ -1,122 +0,0 @@ -using Srtp; - -public class Crypto.Srtp { - public const string AES_CM_128_HMAC_SHA1_80 = "AES_CM_128_HMAC_SHA1_80"; - public const string AES_CM_128_HMAC_SHA1_32 = "AES_CM_128_HMAC_SHA1_32"; - public const string F8_128_HMAC_SHA1_80 = "F8_128_HMAC_SHA1_80"; - - public class Session { - public bool has_encrypt { get; private set; default = false; } - public bool has_decrypt { get; private set; default = false; } - - private Context encrypt_context; - private Context decrypt_context; - - static construct { - init(); - install_log_handler(log); - } - - private static void log(LogLevel level, string msg) { - print(@"SRTP[$level]: $msg\n"); - } - - public Session() { - Context.create(out encrypt_context, null); - Context.create(out decrypt_context, null); - } - - public uint8[] encrypt_rtp(uint8[] data) throws Error { - uint8[] buf = new uint8[data.length + MAX_TRAILER_LEN]; - Memory.copy(buf, data, data.length); - int buf_use = data.length; - ErrorStatus res = encrypt_context.protect(buf, ref buf_use); - if (res != ErrorStatus.ok) { - throw new Error.UNKNOWN(@"SRTP encrypt failed: $res"); - } - uint8[] ret = new uint8[buf_use]; - GLib.Memory.copy(ret, buf, buf_use); - return ret; - } - - public uint8[] decrypt_rtp(uint8[] data) throws Error { - uint8[] buf = new uint8[data.length]; - Memory.copy(buf, data, data.length); - int buf_use = data.length; - ErrorStatus res = decrypt_context.unprotect(buf, ref buf_use); - switch (res) { - case ErrorStatus.auth_fail: - throw new Error.AUTHENTICATION_FAILED("SRTP packet failed the message authentication check"); - case ErrorStatus.ok: - break; - default: - throw new Error.UNKNOWN(@"SRTP decrypt failed: $res"); - } - uint8[] ret = new uint8[buf_use]; - GLib.Memory.copy(ret, buf, buf_use); - return ret; - } - - public uint8[] encrypt_rtcp(uint8[] data) throws Error { - uint8[] buf = new uint8[data.length + MAX_TRAILER_LEN + 4]; - Memory.copy(buf, data, data.length); - int buf_use = data.length; - ErrorStatus res = encrypt_context.protect_rtcp(buf, ref buf_use); - if (res != ErrorStatus.ok) { - throw new Error.UNKNOWN(@"SRTCP encrypt failed: $res"); - } - uint8[] ret = new uint8[buf_use]; - GLib.Memory.copy(ret, buf, buf_use); - return ret; - } - - public uint8[] decrypt_rtcp(uint8[] data) throws Error { - uint8[] buf = new uint8[data.length]; - Memory.copy(buf, data, data.length); - int buf_use = data.length; - ErrorStatus res = decrypt_context.unprotect_rtcp(buf, ref buf_use); - switch (res) { - case ErrorStatus.auth_fail: - throw new Error.AUTHENTICATION_FAILED("SRTCP packet failed the message authentication check"); - case ErrorStatus.ok: - break; - default: - throw new Error.UNKNOWN(@"SRTP decrypt failed: $res"); - } - uint8[] ret = new uint8[buf_use]; - GLib.Memory.copy(ret, buf, buf_use); - return ret; - } - - private Policy create_policy(string profile) { - Policy policy = Policy(); - switch (profile) { - case AES_CM_128_HMAC_SHA1_80: - policy.rtp.set_aes_cm_128_hmac_sha1_80(); - policy.rtcp.set_aes_cm_128_hmac_sha1_80(); - break; - } - return policy; - } - - public void set_encryption_key(string profile, uint8[] key, uint8[] salt) { - Policy policy = create_policy(profile); - policy.ssrc.type = SsrcType.any_outbound; - policy.key = new uint8[key.length + salt.length]; - Memory.copy(policy.key, key, key.length); - Memory.copy(((uint8*)policy.key) + key.length, salt, salt.length); - encrypt_context.add_stream(ref policy); - has_encrypt = true; - } - - public void set_decryption_key(string profile, uint8[] key, uint8[] salt) { - Policy policy = create_policy(profile); - policy.ssrc.type = SsrcType.any_inbound; - policy.key = new uint8[key.length + salt.length]; - Memory.copy(policy.key, key, key.length); - Memory.copy(((uint8*)policy.key) + key.length, salt, salt.length); - decrypt_context.add_stream(ref policy); - has_decrypt = true; - } - } -} \ No newline at end of file -- cgit v1.2.3-70-g09d2