diff options
| -rwxr-xr-x | lib/installer-exclude/lcrypto-jdk16-143.jar | bin | 73935 -> 79042 bytes | |||
| -rwxr-xr-x | lib/installer-exclude/zrtp4j-light.jar | bin | 121805 -> 125335 bytes | |||
| -rw-r--r-- | src/net/java/sip/communicator/impl/neomedia/transform/srtp/SRTPCryptoContext.java | 42 | ||||
| -rw-r--r-- | src/net/java/sip/communicator/impl/neomedia/transform/srtp/SRTPPolicy.java | 10 | ||||
| -rw-r--r-- | src/net/java/sip/communicator/impl/neomedia/transform/zrtp/ZRTPTransformEngine.java | 37 |
5 files changed, 65 insertions, 24 deletions
diff --git a/lib/installer-exclude/lcrypto-jdk16-143.jar b/lib/installer-exclude/lcrypto-jdk16-143.jar Binary files differindex 5a27513..927cc8f 100755 --- a/lib/installer-exclude/lcrypto-jdk16-143.jar +++ b/lib/installer-exclude/lcrypto-jdk16-143.jar diff --git a/lib/installer-exclude/zrtp4j-light.jar b/lib/installer-exclude/zrtp4j-light.jar Binary files differindex d840ab5..21644a0 100755 --- a/lib/installer-exclude/zrtp4j-light.jar +++ b/lib/installer-exclude/zrtp4j-light.jar diff --git a/src/net/java/sip/communicator/impl/neomedia/transform/srtp/SRTPCryptoContext.java b/src/net/java/sip/communicator/impl/neomedia/transform/srtp/SRTPCryptoContext.java index 5e7b7cc..3e35059 100644 --- a/src/net/java/sip/communicator/impl/neomedia/transform/srtp/SRTPCryptoContext.java +++ b/src/net/java/sip/communicator/impl/neomedia/transform/srtp/SRTPCryptoContext.java @@ -28,6 +28,7 @@ package net.java.sip.communicator.impl.neomedia.transform.srtp; import net.java.sip.communicator.impl.neomedia.*; +import org.bouncycastle.crypto.*; import org.bouncycastle.crypto.digests.*; import org.bouncycastle.crypto.engines.*; import org.bouncycastle.crypto.macs.*; @@ -137,7 +138,7 @@ public class SRTPCryptoContext /** * The HMAC object we used to do packet authentication */ - private HMac hmacSha1; // used for various HMAC computations + private Mac mac; // used for various HMAC computations /** * The symmetric cipher engines we need here @@ -246,7 +247,7 @@ public class SRTPCryptoContext System.arraycopy(masterS, 0, masterSalt, 0, policy .getSaltKeyLength()); - hmacSha1 = new HMac(new SHA1Digest()); + mac = new HMac(new SHA1Digest()); AEScipher = new AESFastEngine(); switch (policy.getEncType()) { @@ -272,8 +273,15 @@ public class SRTPCryptoContext break; case SRTPPolicy.HMACSHA1_AUTHENTICATION: + mac = new HMac(new SHA1Digest()); authKey = new byte[policy.getAuthKeyLength()]; - tagStore = new byte[hmacSha1.getMacSize()]; + tagStore = new byte[mac.getMacSize()]; + break; + + case SRTPPolicy.SKEIN_AUTHENTICATION: + mac = new SkeinMac(); + authKey = new byte[policy.getAuthKeyLength()]; + tagStore = new byte[policy.getAuthTagLength()]; break; default: @@ -361,7 +369,7 @@ public class SRTPCryptoContext } /* Authenticate the packet */ - if (policy.getAuthType() == SRTPPolicy.HMACSHA1_AUTHENTICATION) + if (policy.getAuthType() != SRTPPolicy.NULL_AUTHENTICATION) { authenticatePacketHMCSHA1(pkt, roc); pkt.append(tagStore, policy.getAuthTagLength()); @@ -410,7 +418,7 @@ public class SRTPCryptoContext return false; } /* Authenticate the packet */ - if (policy.getAuthType() == SRTPPolicy.HMACSHA1_AUTHENTICATION) { + if (policy.getAuthType() != SRTPPolicy.NULL_AUTHENTICATION) { int tagLength = policy.getAuthTagLength(); // get original authentication and store in tempStore @@ -505,7 +513,7 @@ public class SRTPCryptoContext } /** - * Authenticate a packet using HMC SHA1 method. + * Authenticate a packet. * Calculated authentication tag is returned. * * @param pkt the RTP packet to be authenticated @@ -513,14 +521,14 @@ public class SRTPCryptoContext */ private void authenticatePacketHMCSHA1(RawPacket pkt, int rocIn) { - hmacSha1.update(pkt.getBuffer(), pkt.getOffset(), pkt.getLength()); + mac.update(pkt.getBuffer(), pkt.getOffset(), pkt.getLength()); // byte[] rb = new byte[4]; rbStore[0] = (byte) (rocIn >> 24); rbStore[1] = (byte) (rocIn >> 16); rbStore[2] = (byte) (rocIn >> 8); rbStore[3] = (byte) rocIn; - hmacSha1.update(rbStore, 0, rbStore.length); - hmacSha1.doFinal(tagStore, 0); + mac.update(rbStore, 0, rbStore.length); + mac.doFinal(tagStore, 0); } /** @@ -610,10 +618,20 @@ public class SRTPCryptoContext computeIv(label, index); cipherCtr.getCipherStream(AEScipher, authKey, policy.getAuthKeyLength(), ivStore); - KeyParameter key = new KeyParameter(authKey); - hmacSha1.init(key); + switch ((policy.getAuthType())) { + case SRTPPolicy.HMACSHA1_AUTHENTICATION: + KeyParameter key = new KeyParameter(authKey); + mac.init(key); + break; + + case SRTPPolicy.SKEIN_AUTHENTICATION: + // Skein MAC uses number of bits as MAC size, not just bytes + ParametersForSkein pfs = new ParametersForSkein(new KeyParameter(authKey), + ParametersForSkein.Skein512, tagStore.length*8); + mac.init(pfs); + break; + } } - // compute the session salt label = 0x02; computeIv(label, index); diff --git a/src/net/java/sip/communicator/impl/neomedia/transform/srtp/SRTPPolicy.java b/src/net/java/sip/communicator/impl/neomedia/transform/srtp/SRTPPolicy.java index 575c32c..f9ceb4a 100644 --- a/src/net/java/sip/communicator/impl/neomedia/transform/srtp/SRTPPolicy.java +++ b/src/net/java/sip/communicator/impl/neomedia/transform/srtp/SRTPPolicy.java @@ -25,6 +25,11 @@ public class SRTPPolicy public final static int AESCM_ENCRYPTION = 1; /** + * Counter Mode TwoFish Cipher + */ + public final static int TWOFISH_ENCRYPTION = 3; + + /** * F8 mode AES Cipher, defined in Section 4.1.2, RFC 3711 */ public final static int AESF8_ENCRYPTION = 2; @@ -40,6 +45,11 @@ public class SRTPPolicy public final static int HMACSHA1_AUTHENTICATION = 1; /** + * Skein Authentication + */ + public final static int SKEIN_AUTHENTICATION = 2; + + /** * SRTP encryption type */ private int encType; diff --git a/src/net/java/sip/communicator/impl/neomedia/transform/zrtp/ZRTPTransformEngine.java b/src/net/java/sip/communicator/impl/neomedia/transform/zrtp/ZRTPTransformEngine.java index b47857d..c18e68f 100644 --- a/src/net/java/sip/communicator/impl/neomedia/transform/zrtp/ZRTPTransformEngine.java +++ b/src/net/java/sip/communicator/impl/neomedia/transform/zrtp/ZRTPTransformEngine.java @@ -751,6 +751,23 @@ public class ZRTPTransformEngine ZrtpSrtpSecrets secrets, EnableSecurity part) { SRTPPolicy srtpPolicy = null; + int cipher = 0, authn = 0, authKeyLen = 0; + + if (secrets.getAuthAlgorithm() == ZrtpConstants.SupportedAuthAlgos.HS) + { + authn = SRTPPolicy.HMACSHA1_AUTHENTICATION; + authKeyLen = 20; + } + if (secrets.getAuthAlgorithm() == ZrtpConstants.SupportedAuthAlgos.SK) + { + authn = SRTPPolicy.SKEIN_AUTHENTICATION; + authKeyLen = 32; + } + if (secrets.getSymEncAlgorithm() == ZrtpConstants.SupportedSymAlgos.AES) + cipher = SRTPPolicy.AESCM_ENCRYPTION; + + if (secrets.getSymEncAlgorithm() == ZrtpConstants.SupportedSymAlgos.TwoFish) + cipher = SRTPPolicy.TWOFISH_ENCRYPTION; if (part == EnableSecurity.ForSender) { @@ -760,10 +777,9 @@ public class ZRTPTransformEngine // the main crypto context for the sending part of the connection. if (secrets.getRole() == Role.Initiator) { - srtpPolicy = new SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, + srtpPolicy = new SRTPPolicy(cipher, secrets.getInitKeyLen() / 8, // key length - SRTPPolicy.HMACSHA1_AUTHENTICATION, - 20, // auth key length + authn, authKeyLen, // auth key length secrets.getSrtpAuthTagLen() / 8,// auth tag length secrets.getInitSaltLen() / 8 // salt length ); @@ -776,10 +792,9 @@ public class ZRTPTransformEngine } else { - srtpPolicy = new SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, + srtpPolicy = new SRTPPolicy(cipher, secrets.getRespKeyLen() / 8, // key length - SRTPPolicy.HMACSHA1_AUTHENTICATION, - 20, // auth key length + authn, authKeyLen, // auth key length secrets.getSrtpAuthTagLen() / 8,// auth taglength secrets.getRespSaltLen() / 8 // salt length ); @@ -798,10 +813,9 @@ public class ZRTPTransformEngine // See comment above. if (secrets.getRole() == Role.Initiator) { - srtpPolicy = new SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, + srtpPolicy = new SRTPPolicy(cipher, secrets.getRespKeyLen() / 8, // key length - SRTPPolicy.HMACSHA1_AUTHENTICATION, - 20, // auth key length + authn, authKeyLen, // auth key length secrets.getSrtpAuthTagLen() / 8,// auth tag length secrets.getRespSaltLen() / 8 // salt length ); @@ -814,10 +828,9 @@ public class ZRTPTransformEngine } else { - srtpPolicy = new SRTPPolicy(SRTPPolicy.AESCM_ENCRYPTION, + srtpPolicy = new SRTPPolicy(cipher, secrets.getInitKeyLen() / 8, // key length - SRTPPolicy.HMACSHA1_AUTHENTICATION, - 20, // auth key length + authn, authKeyLen, // auth key length secrets.getSrtpAuthTagLen() / 8,// auth tag length secrets.getInitSaltLen() / 8 // salt length ); |