胡斌 / srs

转到一个项目
Toggle navigation Toggle navigation pinning
winlin
12ad95a5 1 parent 156a9ed2

refine HMAC sha256 digest algorithm. 0.9.193

内嵌 并排对比
正在显示 3 个修改的文件 包含 77 行增加29 行删除
@@ -31,7 +31,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. @@ -31,7 +31,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 // current release version 31 // current release version
32 #define VERSION_MAJOR "0" 32 #define VERSION_MAJOR "0"
33 #define VERSION_MINOR "9" 33 #define VERSION_MINOR "9"
34 -#define VERSION_REVISION "192" 34 +#define VERSION_REVISION "193"
35 #define RTMP_SIG_SRS_VERSION VERSION_MAJOR"."VERSION_MINOR"."VERSION_REVISION 35 #define RTMP_SIG_SRS_VERSION VERSION_MAJOR"."VERSION_MINOR"."VERSION_REVISION
36 // server info. 36 // server info.
37 #define RTMP_SIG_SRS_KEY "SRS" 37 #define RTMP_SIG_SRS_KEY "SRS"
@@ -123,13 +123,12 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. @@ -123,13 +123,12 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
123 #define ERROR_OpenSslParseP1024 2029 123 #define ERROR_OpenSslParseP1024 2029
124 #define ERROR_OpenSslSetG 2030 124 #define ERROR_OpenSslSetG 2030
125 #define ERROR_OpenSslGenerateDHKeys 2031 125 #define ERROR_OpenSslGenerateDHKeys 2031
126 -#define ERROR_OpenSslShareKeyComputed 2032  
127 -#define ERROR_OpenSslGetSharedKeySize 2033  
128 -#define ERROR_OpenSslGetPeerPublicKey 2034  
129 -#define ERROR_OpenSslComputeSharedKey 2035  
130 -#define ERROR_OpenSslInvalidDHState 2036  
131 -#define ERROR_OpenSslCopyKey 2037  
132 -#define ERROR_OpenSslSha256DigestSize 2038 126 +#define ERROR_OpenSslCopyKey 2032
  127 +#define ERROR_OpenSslSha256Update 2033
  128 +#define ERROR_OpenSslSha256Init 2034
  129 +#define ERROR_OpenSslSha256Final 2035
  130 +#define ERROR_OpenSslSha256EvpDigest 2036
  131 +#define ERROR_OpenSslSha256DigestSize 2037
133 // 132 //
134 // system control message, 133 // system control message,
135 // not an error, but special control logic. 134 // not an error, but special control logic.
@@ -70,24 +70,72 @@ namespace _srs_internal @@ -70,24 +70,72 @@ namespace _srs_internal
70 0x93, 0xB8, 0xE6, 0x36, 0xCF, 0xEB, 0x31, 0xAE 70 0x93, 0xB8, 0xE6, 0x36, 0xCF, 0xEB, 0x31, 0xAE
71 }; // 62 71 }; // 62
72 72
73 - int openssl_HMACsha256(const void* data, int data_size, const void* key, int key_size, void* digest) 73 + int __openssl_HMACsha256(HMAC_CTX* ctx, const void* data, int data_size, const void* key, int key_size, void* digest, unsigned int* digest_size)
74 { 74 {
75 - HMAC_CTX ctx; 75 + int ret = ERROR_SUCCESS;
76 76
77 - HMAC_CTX_init(&ctx);  
78 - HMAC_Init_ex(&ctx, (unsigned char*) key, key_size, EVP_sha256(), NULL);  
79 - HMAC_Update(&ctx, (unsigned char *) data, data_size); 77 + if (HMAC_Update(ctx, (unsigned char *) data, data_size) < 0) {
  78 + ret = ERROR_OpenSslSha256Update;
  79 + return ret;
  80 + }
80 81
81 - unsigned int digest_size;  
82 - HMAC_Final(&ctx, (unsigned char *) digest, &digest_size); 82 + if (HMAC_Final(ctx, (unsigned char *) digest, digest_size) < 0) {
  83 + ret = ERROR_OpenSslSha256Final;
  84 + return ret;
  85 + }
83 86
84 - HMAC_CTX_cleanup(&ctx); 87 + return ret;
  88 + }
  89 + /**
  90 + * sha256 digest algorithm.
  91 + * @param key the sha256 key, NULL to use EVP_Digest, for instance,
  92 + * hashlib.sha256(data).digest().
  93 + */
  94 + int openssl_HMACsha256(const void* key, int key_size, const void* data, int data_size, void* digest)
  95 + {
  96 + int ret = ERROR_SUCCESS;
  97 +
  98 + unsigned int digest_size = 0;
  99 +
  100 + unsigned char* __key = (unsigned char*)key;
  101 + unsigned char* __digest = (unsigned char*)digest;
  102 +
  103 + if (key == NULL) {
  104 + // use data to digest.
  105 + // @see ./crypto/sha/sha256t.c
  106 + // @see ./crypto/evp/digest.c
  107 + if (EVP_Digest(data, data_size, __key, &digest_size, EVP_sha256(), NULL) < 0)
  108 + {
  109 + ret = ERROR_OpenSslSha256EvpDigest;
  110 + return ret;
  111 + }
  112 + } else {
  113 + // use key-data to digest.
  114 + HMAC_CTX ctx;
  115 +
  116 + // @remark, if no key, use EVP_Digest to digest,
  117 + // for instance, in python, hashlib.sha256(data).digest().
  118 + HMAC_CTX_init(&ctx);
  119 +
  120 + if (HMAC_Init_ex(&ctx, __key, key_size, EVP_sha256(), NULL) < 0) {
  121 + ret = ERROR_OpenSslSha256Init;
  122 + return ret;
  123 + }
  124 +
  125 + ret = __openssl_HMACsha256(&ctx, data, data_size, __key, key_size, __digest, &digest_size);
  126 + HMAC_CTX_cleanup(&ctx);
  127 +
  128 + if (ret != ERROR_SUCCESS) {
  129 + return ret;
  130 + }
  131 + }
85 132
86 if (digest_size != 32) { 133 if (digest_size != 32) {
87 - return ERROR_OpenSslSha256DigestSize; 134 + ret = ERROR_OpenSslSha256DigestSize;
  135 + return ret;
88 } 136 }
89 137
90 - return ERROR_SUCCESS; 138 + return ret;
91 } 139 }
92 140
93 #define RFC2409_PRIME_1024 \ 141 #define RFC2409_PRIME_1024 \
@@ -97,7 +145,8 @@ namespace _srs_internal @@ -97,7 +145,8 @@ namespace _srs_internal
97 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ 145 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
98 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" \ 146 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" \
99 "FFFFFFFFFFFFFFFF" 147 "FFFFFFFFFFFFFFFF"
100 - int __openssl_initialize_dh(DH* pdh, int32_t bits_count){ 148 + int __openssl_initialize_dh(DH* pdh, int32_t bits_count)
  149 + {
101 int ret = ERROR_SUCCESS; 150 int ret = ERROR_SUCCESS;
102 151
103 //2. Create his internal p and g 152 //2. Create his internal p and g
@@ -543,14 +592,14 @@ namespace _srs_internal @@ -543,14 +592,14 @@ namespace _srs_internal
543 int ret = ERROR_SUCCESS; 592 int ret = ERROR_SUCCESS;
544 593
545 char temp_key[__SRS_OpensslHashSize]; 594 char temp_key[__SRS_OpensslHashSize];
546 - if ((ret = openssl_HMACsha256(s1->get_digest(), 32, SrsGenuineFPKey, 62, temp_key)) != ERROR_SUCCESS) { 595 + if ((ret = openssl_HMACsha256(SrsGenuineFPKey, 62, s1->get_digest(), 32, temp_key)) != ERROR_SUCCESS) {
547 srs_error("create c2 temp key failed. ret=%d", ret); 596 srs_error("create c2 temp key failed. ret=%d", ret);
548 return ret; 597 return ret;
549 } 598 }
550 srs_verbose("generate c2 temp key success."); 599 srs_verbose("generate c2 temp key success.");
551 600
552 char _digest[__SRS_OpensslHashSize]; 601 char _digest[__SRS_OpensslHashSize];
553 - if ((ret = openssl_HMACsha256(random, 1504, temp_key, 32, _digest)) != ERROR_SUCCESS) { 602 + if ((ret = openssl_HMACsha256(temp_key, 32, random, 1504, _digest)) != ERROR_SUCCESS) {
554 srs_error("create c2 digest failed. ret=%d", ret); 603 srs_error("create c2 digest failed. ret=%d", ret);
555 return ret; 604 return ret;
556 } 605 }
@@ -567,14 +616,14 @@ namespace _srs_internal @@ -567,14 +616,14 @@ namespace _srs_internal
567 int ret = ERROR_SUCCESS; 616 int ret = ERROR_SUCCESS;
568 617
569 char temp_key[__SRS_OpensslHashSize]; 618 char temp_key[__SRS_OpensslHashSize];
570 - if ((ret = openssl_HMACsha256(s1->get_digest(), 32, SrsGenuineFPKey, 62, temp_key)) != ERROR_SUCCESS) { 619 + if ((ret = openssl_HMACsha256(SrsGenuineFPKey, 62, s1->get_digest(), 32, temp_key)) != ERROR_SUCCESS) {
571 srs_error("create c2 temp key failed. ret=%d", ret); 620 srs_error("create c2 temp key failed. ret=%d", ret);
572 return ret; 621 return ret;
573 } 622 }
574 srs_verbose("generate c2 temp key success."); 623 srs_verbose("generate c2 temp key success.");
575 624
576 char _digest[__SRS_OpensslHashSize]; 625 char _digest[__SRS_OpensslHashSize];
577 - if ((ret = openssl_HMACsha256(random, 1504, temp_key, 32, _digest)) != ERROR_SUCCESS) { 626 + if ((ret = openssl_HMACsha256(temp_key, 32, random, 1504, _digest)) != ERROR_SUCCESS) {
578 srs_error("create c2 digest failed. ret=%d", ret); 627 srs_error("create c2 digest failed. ret=%d", ret);
579 return ret; 628 return ret;
580 } 629 }
@@ -590,14 +639,14 @@ namespace _srs_internal @@ -590,14 +639,14 @@ namespace _srs_internal
590 int ret = ERROR_SUCCESS; 639 int ret = ERROR_SUCCESS;
591 640
592 char temp_key[__SRS_OpensslHashSize]; 641 char temp_key[__SRS_OpensslHashSize];
593 - if ((ret = openssl_HMACsha256(c1->get_digest(), 32, SrsGenuineFMSKey, 68, temp_key)) != ERROR_SUCCESS) { 642 + if ((ret = openssl_HMACsha256(SrsGenuineFMSKey, 68, c1->get_digest(), 32, temp_key)) != ERROR_SUCCESS) {
594 srs_error("create s2 temp key failed. ret=%d", ret); 643 srs_error("create s2 temp key failed. ret=%d", ret);
595 return ret; 644 return ret;
596 } 645 }
597 srs_verbose("generate s2 temp key success."); 646 srs_verbose("generate s2 temp key success.");
598 647
599 char _digest[__SRS_OpensslHashSize]; 648 char _digest[__SRS_OpensslHashSize];
600 - if ((ret = openssl_HMACsha256(random, 1504, temp_key, 32, _digest)) != ERROR_SUCCESS) { 649 + if ((ret = openssl_HMACsha256(temp_key, 32, random, 1504, _digest)) != ERROR_SUCCESS) {
601 srs_error("create s2 digest failed. ret=%d", ret); 650 srs_error("create s2 digest failed. ret=%d", ret);
602 return ret; 651 return ret;
603 } 652 }
@@ -614,14 +663,14 @@ namespace _srs_internal @@ -614,14 +663,14 @@ namespace _srs_internal
614 int ret = ERROR_SUCCESS; 663 int ret = ERROR_SUCCESS;
615 664
616 char temp_key[__SRS_OpensslHashSize]; 665 char temp_key[__SRS_OpensslHashSize];
617 - if ((ret = openssl_HMACsha256(c1->get_digest(), 32, SrsGenuineFMSKey, 68, temp_key)) != ERROR_SUCCESS) { 666 + if ((ret = openssl_HMACsha256(SrsGenuineFMSKey, 68, c1->get_digest(), 32, temp_key)) != ERROR_SUCCESS) {
618 srs_error("create s2 temp key failed. ret=%d", ret); 667 srs_error("create s2 temp key failed. ret=%d", ret);
619 return ret; 668 return ret;
620 } 669 }
621 srs_verbose("generate s2 temp key success."); 670 srs_verbose("generate s2 temp key success.");
622 671
623 char _digest[__SRS_OpensslHashSize]; 672 char _digest[__SRS_OpensslHashSize];
624 - if ((ret = openssl_HMACsha256(random, 1504, temp_key, 32, _digest)) != ERROR_SUCCESS) { 673 + if ((ret = openssl_HMACsha256(temp_key, 32, random, 1504, _digest)) != ERROR_SUCCESS) {
625 srs_error("create s2 digest failed. ret=%d", ret); 674 srs_error("create s2 digest failed. ret=%d", ret);
626 return ret; 675 return ret;
627 } 676 }
@@ -883,7 +932,7 @@ namespace _srs_internal @@ -883,7 +932,7 @@ namespace _srs_internal
883 SrsAutoFree(char, c1s1_joined_bytes); 932 SrsAutoFree(char, c1s1_joined_bytes);
884 933
885 digest = new char[__SRS_OpensslHashSize]; 934 digest = new char[__SRS_OpensslHashSize];
886 - if ((ret = openssl_HMACsha256(c1s1_joined_bytes, 1536 - 32, SrsGenuineFMSKey, 36, digest)) != ERROR_SUCCESS) { 935 + if ((ret = openssl_HMACsha256(SrsGenuineFMSKey, 36, c1s1_joined_bytes, 1536 - 32, digest)) != ERROR_SUCCESS) {
887 srs_error("calc digest for s1 failed. ret=%d", ret); 936 srs_error("calc digest for s1 failed. ret=%d", ret);
888 return ret; 937 return ret;
889 } 938 }
@@ -910,7 +959,7 @@ namespace _srs_internal @@ -910,7 +959,7 @@ namespace _srs_internal
910 SrsAutoFree(char, c1s1_joined_bytes); 959 SrsAutoFree(char, c1s1_joined_bytes);
911 960
912 digest = new char[__SRS_OpensslHashSize]; 961 digest = new char[__SRS_OpensslHashSize];
913 - if ((ret = openssl_HMACsha256(c1s1_joined_bytes, 1536 - 32, SrsGenuineFPKey, 30, digest)) != ERROR_SUCCESS) { 962 + if ((ret = openssl_HMACsha256(SrsGenuineFPKey, 30, c1s1_joined_bytes, 1536 - 32, digest)) != ERROR_SUCCESS) {
914 srs_error("calc digest for c1 failed. ret=%d", ret); 963 srs_error("calc digest for c1 failed. ret=%d", ret);
915 return ret; 964 return ret;
916 } 965 }