1#ifndef __KINESIS_VIDEO_WEBRTC_CLIENT_CRYPTO_CRYPTO__
2#define __KINESIS_VIDEO_WEBRTC_CLIENT_CRYPTO_CRYPTO__
11#include <openssl/opensslv.h>
20#if OPENSSL_VERSION_NUMBER >= 0x30000000L
21#define KVS_SSL_GET_PEER_CERTIFICATE(ssl) SSL_get1_peer_certificate(ssl)
23#define KVS_SSL_GET_PEER_CERTIFICATE(ssl) SSL_get_peer_certificate(ssl)
26#define KVS_RSA_F4 RSA_F4
27#define KVS_MD5_DIGEST_LENGTH MD5_DIGEST_LENGTH
28#define KVS_SHA1_DIGEST_LENGTH SHA_DIGEST_LENGTH
31#if OPENSSL_VERSION_NUMBER >= 0x30000000L
32#define KVS_MD5_DIGEST(m, mlen, ob) EVP_Q_digest(NULL, "MD5", NULL, (m), (mlen), (ob), NULL);
34#define KVS_MD5_DIGEST(m, mlen, ob) MD5((m), (mlen), (ob));
38#if OPENSSL_VERSION_NUMBER >= 0x30000000L
39STATUS kvsSha1Hmac(
const PBYTE pKey,
size_t keyLen,
const PBYTE pMessage,
size_t messageLen, PBYTE pOutput, PUINT32 pOutputLen);
40#define KVS_SHA1_HMAC(k, klen, m, mlen, ob, plen) \
41 CHK_STATUS(kvsSha1Hmac((const PBYTE)(k), (size_t) (klen), (const PBYTE)(m), (size_t) (mlen), (ob), (plen)));
43#define KVS_SHA1_HMAC(k, klen, m, mlen, ob, plen) \
44 CHK(NULL != HMAC(EVP_sha1(), (k), (INT32) (klen), (m), (mlen), (ob), (plen)), STATUS_HMAC_GENERATION_ERROR);
52#if OPENSSL_VERSION_NUMBER >= 0x30000000L
53#define KVS_CRYPTO_INIT() \
55 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_NO_ATEXIT, NULL); \
58#define KVS_CRYPTO_INIT() \
60 OpenSSL_add_ssl_algorithms(); \
61 SSL_load_error_strings(); \
66#define LOG_OPENSSL_ERROR(s) \
67 while ((sslErr = ERR_get_error()) != 0) { \
68 if (sslErr != SSL_ERROR_WANT_WRITE && sslErr != SSL_ERROR_WANT_READ) { \
69 DLOGW("%s failed with %s", (s), ERR_error_string(sslErr, NULL)); \
74 KVS_SRTP_PROFILE_AES128_CM_HMAC_SHA1_80 = SRTP_AES128_CM_SHA1_80,
75 KVS_SRTP_PROFILE_AES128_CM_HMAC_SHA1_32 = SRTP_AES128_CM_SHA1_32,
78#define KVS_RSA_F4 0x10001L
79#define KVS_MD5_DIGEST_LENGTH 16
80#define KVS_SHA1_DIGEST_LENGTH 20
81#if MBEDTLS_VERSION_MAJOR >= 4
84#define KVS_MD5_DIGEST(m, mlen, ob) \
86 size_t _kvsMd5Len = 0; \
87 (void) psa_crypto_init(); \
88 (void) psa_hash_compute(PSA_ALG_MD5, (const unsigned char*) (m), (mlen), (unsigned char*) (ob), KVS_MD5_DIGEST_LENGTH, &_kvsMd5Len); \
90#elif MBEDTLS_VERSION_NUMBER >= 0x03000000
91#define KVS_MD5_DIGEST(m, mlen, ob) mbedtls_md5((m), (mlen), (ob));
93#define KVS_MD5_DIGEST(m, mlen, ob) mbedtls_md5_ret((m), (mlen), (ob));
95#define KVS_SHA1_HMAC(k, klen, m, mlen, ob, plen) \
96 CHK(0 == mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), (k), (klen), (m), (mlen), (ob)), STATUS_HMAC_GENERATION_ERROR); \
97 *(plen) = mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1));
98#if MBEDTLS_VERSION_MAJOR >= 4
102#define KVS_CRYPTO_INIT() \
104 (void) psa_crypto_init(); \
107#define KVS_CRYPTO_INIT() \
111#define LOG_MBEDTLS_ERROR(s, ret) \
113 CHAR __mbedtlsErr[1024]; \
114 if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { \
115 mbedtls_strerror(ret, __mbedtlsErr, SIZEOF(__mbedtlsErr)); \
116 DLOGW("%s failed with %s", (s), __mbedtlsErr); \
121 KVS_SRTP_PROFILE_AES128_CM_HMAC_SHA1_80 = MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
122 KVS_SRTP_PROFILE_AES128_CM_HMAC_SHA1_32 = MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
125#error "A Crypto implementation is required."