diff options
Diffstat (limited to 'stun')
-rw-r--r-- | stun/Makefile.am | 4 | ||||
-rw-r--r-- | stun/rand.c | 18 | ||||
-rw-r--r-- | stun/stunhmac.c | 55 |
3 files changed, 32 insertions, 45 deletions
diff --git a/stun/Makefile.am b/stun/Makefile.am index f532616..c9b0cb2 100644 --- a/stun/Makefile.am +++ b/stun/Makefile.am @@ -14,7 +14,7 @@ AM_CFLAGS = \ -std=gnu99 \ -DG_LOG_DOMAIN=\"libnice-stun\" \ $(LIBNICE_CFLAGS) \ - $(LIBGCRYPT_CFLAGS) \ + $(GNUTLS_CFLAGS) \ $(NULL) AM_CPPFLAGS = -I$(top_srcdir) @@ -38,7 +38,7 @@ libstun_la_SOURCES = constants.h \ usages/turn.c usages/turn.h \ usages/timer.c usages/timer.h -libstun_la_LIBADD = $(LIBRT) $(LIBGCRYPT_LIBS) +libstun_la_LIBADD = $(LIBRT) $(GNUTLS_LIBS) EXTRA_DIST = win32_common.h diff --git a/stun/rand.c b/stun/rand.c index a375f33..1deaf56 100644 --- a/stun/rand.c +++ b/stun/rand.c @@ -68,23 +68,13 @@ void nice_RAND_bytes (uint8_t *dst, int len) } #else -#include <gcrypt.h> +#include <sys/types.h> +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> void nice_RAND_bytes (uint8_t *dst, int len) { - /* Initialise libgcrypt. The application might do this first, but we need to - * do it otherwise. Abort if this fails, as we can’t do random number - * generation. */ - if (!gcry_check_version (GCRYPT_VERSION)) - abort (); - - if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) - { - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); - gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); - } - - gcry_randomize (dst, len, GCRY_STRONG_RANDOM); + gnutls_rnd (GNUTLS_RND_NONCE, dst, len); } #endif /* _WIN32 */ diff --git a/stun/stunhmac.c b/stun/stunhmac.c index 795e987..825656a 100644 --- a/stun/stunhmac.c +++ b/stun/stunhmac.c @@ -47,40 +47,40 @@ #include <string.h> #include <assert.h> -#include <gcrypt.h> +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> void stun_sha1 (const uint8_t *msg, size_t len, size_t msg_len, uint8_t *sha, const void *key, size_t keylen, int padding) { uint16_t fakelen = htons (msg_len); uint8_t pad_char[64] = {0}; - gcry_mac_hd_t hd; - size_t sha_len = 20; - -#define TRY(s) \ - if (!(s)) \ - abort (); + gnutls_hmac_hd_t handle; + int ret; assert (len >= 44u); - TRY (gcry_mac_open (&hd, GCRY_MAC_HMAC_SHA1, 0 /* flags */, NULL) == 0); - TRY (gcry_mac_setkey (hd, key, keylen) == 0); + assert (gnutls_hmac_get_len (GNUTLS_MAC_SHA1) == 20); + ret = gnutls_hmac_init (&handle, GNUTLS_MAC_SHA1, key, keylen); + assert (ret >= 0); - TRY (gcry_mac_write (hd, msg, 2) == 0); - TRY (gcry_mac_write (hd, &fakelen, 2) == 0); - TRY (gcry_mac_write (hd, msg + 4, len - 28) == 0); + ret = gnutls_hmac (handle, msg, 2); + assert (ret >= 0); + ret = gnutls_hmac (handle, &fakelen, 2); + assert (ret >= 0); + ret = gnutls_hmac (handle, msg + 4, len - 28); + assert (ret >= 0); /* RFC 3489 specifies that the message's size should be 64 bytes, and \x00 padding should be done */ if (padding && ((len - 24) % 64) > 0) { uint16_t pad_size = 64 - ((len - 24) % 64); - TRY (gcry_mac_write (hd, pad_char, pad_size) == 0); - } - TRY (gcry_mac_read (hd, sha, &sha_len) == 0); - assert (sha_len == 20); + ret = gnutls_hmac (handle, pad_char, pad_size); + assert (ret >= 0); + } - gcry_mac_close (hd); + gnutls_hmac_deinit (handle, sha); } static const uint8_t *priv_trim_var (const uint8_t *var, size_t *var_len) @@ -109,19 +109,16 @@ void stun_hash_creds (const uint8_t *realm, size_t realm_len, const uint8_t *password_trimmed = priv_trim_var (password, &password_len); const uint8_t *realm_trimmed = priv_trim_var (realm, &realm_len); const uint8_t *colon = (uint8_t *)":"; + gnutls_hash_hd_t handle; + + gnutls_hash_init (&handle, GNUTLS_DIG_MD5); + gnutls_hash (handle, username_trimmed, username_len); + gnutls_hash (handle, colon, 1); + gnutls_hash (handle, realm_trimmed, realm_len); + gnutls_hash (handle, colon, 1); + gnutls_hash (handle, password_trimmed, password_len); - /* https://gnupg.org/documentation/manuals/gcrypt/Buffer-description.html */ - const gcry_buffer_t iov[] = { - /* size, off, len, data */ - { 0, 0, username_len, (void *) username_trimmed }, - { 0, 0, 1, (void *) colon }, - { 0, 0, realm_len, (void *) realm_trimmed }, - { 0, 0, 1, (void *) colon }, - { 0, 0, password_len, (void *) password_trimmed }, - }; - - gcry_md_hash_buffers (GCRY_MD_MD5, 0 /* flags */, md5, - iov, sizeof (iov) / sizeof (*iov)); + gnutls_hash_deinit (handle, md5); } |