1 /* 2 * libjingle 3 * Copyright 2014 Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #ifndef TALK_SESSION_MEDIA_EXTERNAL_HMAC_H_ 29 #define TALK_SESSION_MEDIA_EXTERNAL_HMAC_H_ 30 31 // External libsrtp HMAC auth module which implements methods defined in 32 // auth_type_t. 33 // The default auth module will be replaced only when the ENABLE_EXTERNAL_AUTH 34 // flag is enabled. This allows us to access to authentication keys, 35 // as the default auth implementation doesn't provide access and avoids 36 // hashing each packet twice. 37 38 // How will libsrtp select this module? 39 // Libsrtp defines authentication function types identified by an unsigned 40 // integer, e.g. HMAC_SHA1 is 3. Using authentication ids, the application 41 // can plug any desired authentication modules into libsrtp. 42 // libsrtp also provides a mechanism to select different auth functions for 43 // individual streams. This can be done by setting the right value in 44 // the auth_type of srtp_policy_t. The application must first register auth 45 // functions and the corresponding authentication id using 46 // crypto_kernel_replace_auth_type function. 47 #if defined(HAVE_SRTP) && defined(ENABLE_EXTERNAL_AUTH) 48 49 #include "webrtc/base/basictypes.h" 50 extern "C" { 51 #ifdef SRTP_RELATIVE_PATH 52 #include "auth.h" // NOLINT 53 #else 54 #include "third_party/libsrtp/srtp/crypto/include/auth.h" 55 #endif // SRTP_RELATIVE_PATH 56 } 57 58 #define EXTERNAL_HMAC_SHA1 HMAC_SHA1 + 1 59 #define HMAC_KEY_LENGTH 20 60 61 // The HMAC context structure used to store authentication keys. 62 // The pointer to the key will be allocated in the external_hmac_init function. 63 // This pointer is owned by srtp_t in a template context. 64 typedef struct { 65 uint8_t key[HMAC_KEY_LENGTH]; 66 int key_length; 67 } ExternalHmacContext; 68 69 err_status_t external_hmac_alloc(auth_t** a, int key_len, int out_len); 70 71 err_status_t external_hmac_dealloc(auth_t* a); 72 73 err_status_t external_hmac_init(ExternalHmacContext* state, 74 const uint8_t* key, 75 int key_len); 76 77 err_status_t external_hmac_start(ExternalHmacContext* state); 78 79 err_status_t external_hmac_update(ExternalHmacContext* state, 80 const uint8_t* message, 81 int msg_octets); 82 83 err_status_t external_hmac_compute(ExternalHmacContext* state, 84 const void* message, 85 int msg_octets, 86 int tag_len, 87 uint8_t* result); 88 89 err_status_t external_crypto_init(); 90 91 #endif // defined(HAVE_SRTP) && defined(ENABLE_EXTERNAL_AUTH) 92 #endif // TALK_SESSION_MEDIA_EXTERNAL_HMAC_H_ 93
