OLD | NEW |
1 /* | 1 /* |
2 * srtp.c | 2 * srtp.c |
3 * | 3 * |
4 * the secure real-time transport protocol | 4 * the secure real-time transport protocol |
5 * | 5 * |
6 * David A. McGrew | 6 * David A. McGrew |
7 * Cisco Systems, Inc. | 7 * Cisco Systems, Inc. |
8 */ | 8 */ |
9 /* | 9 /* |
10 * | 10 * |
(...skipping 24 matching lines...) Expand all Loading... |
35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
41 * OF THE POSSIBILITY OF SUCH DAMAGE. | 41 * OF THE POSSIBILITY OF SUCH DAMAGE. |
42 * | 42 * |
43 */ | 43 */ |
44 | 44 |
45 | 45 #include "srtp.h" |
46 #include "srtp_priv.h" | 46 #include "srtp_priv.h" |
| 47 #include "crypto_types.h" |
| 48 #include "err.h" |
47 #include "ekt.h" /* for SRTP Encrypted Key Transport */ | 49 #include "ekt.h" /* for SRTP Encrypted Key Transport */ |
48 #include "alloc.h" /* for crypto_alloc() */ | 50 #include "alloc.h" /* for srtp_crypto_alloc() */ |
49 #ifdef OPENSSL | 51 #ifdef OPENSSL |
50 #include "aes_gcm_ossl.h" /* for AES GCM mode */ | 52 #include "aes_gcm_ossl.h" /* for AES GCM mode */ |
| 53 # ifdef OPENSSL_KDF |
| 54 # include <openssl/kdf.h> |
| 55 # include "aes_icm_ossl.h" /* for AES GCM mode */ |
| 56 # endif |
51 #endif | 57 #endif |
52 | 58 |
53 #ifndef SRTP_KERNEL | 59 #include <limits.h> |
54 # include <limits.h> | 60 #ifdef HAVE_NETINET_IN_H |
55 # ifdef HAVE_NETINET_IN_H | 61 # include <netinet/in.h> |
56 # include <netinet/in.h> | 62 #elif defined(HAVE_WINSOCK2_H) |
57 # elif defined(HAVE_WINSOCK2_H) | 63 # include <winsock2.h> |
58 # include <winsock2.h> | 64 #endif |
59 # endif | |
60 #endif /* ! SRTP_KERNEL */ | |
61 | 65 |
62 | 66 |
63 /* the debug module for srtp */ | 67 /* the debug module for srtp */ |
64 | 68 |
65 debug_module_t mod_srtp = { | 69 srtp_debug_module_t mod_srtp = { |
66 0, /* debugging is off by default */ | 70 0, /* debugging is off by default */ |
67 "srtp" /* printable name for module */ | 71 "srtp" /* printable name for module */ |
68 }; | 72 }; |
69 | 73 |
70 #define octets_in_rtp_header 12 | 74 #define octets_in_rtp_header 12 |
71 #define uint32s_in_rtp_header 3 | 75 #define uint32s_in_rtp_header 3 |
72 #define octets_in_rtcp_header 8 | 76 #define octets_in_rtcp_header 8 |
73 #define uint32s_in_rtcp_header 2 | 77 #define uint32s_in_rtcp_header 2 |
74 #define octets_in_rtp_extn_hdr 4 | 78 #define octets_in_rtp_extn_hdr 4 |
75 | 79 |
76 static err_status_t | 80 static srtp_err_status_t |
77 srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) { | 81 srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) { |
78 if (*pkt_octet_len < octets_in_rtp_header) | 82 if (*pkt_octet_len < octets_in_rtp_header) |
79 return err_status_bad_param; | 83 return srtp_err_status_bad_param; |
80 | 84 |
81 srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; | 85 srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; |
82 | 86 |
83 /* Check RTP header length */ | 87 /* Check RTP header length */ |
84 int rtp_header_len = octets_in_rtp_header + 4 * hdr->cc; | 88 int rtp_header_len = octets_in_rtp_header + 4 * hdr->cc; |
85 if (hdr->x == 1) | 89 if (hdr->x == 1) |
86 rtp_header_len += octets_in_rtp_extn_hdr; | 90 rtp_header_len += octets_in_rtp_extn_hdr; |
87 | 91 |
88 if (*pkt_octet_len < rtp_header_len) | 92 if (*pkt_octet_len < rtp_header_len) |
89 return err_status_bad_param; | 93 return srtp_err_status_bad_param; |
90 | 94 |
91 /* Verifing profile length. */ | 95 /* Verifing profile length. */ |
92 if (hdr->x == 1) { | 96 if (hdr->x == 1) { |
93 srtp_hdr_xtnd_t *xtn_hdr = | 97 srtp_hdr_xtnd_t *xtn_hdr = |
94 (srtp_hdr_xtnd_t *)((uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc); | 98 (srtp_hdr_xtnd_t *)((uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc); |
95 int profile_len = ntohs(xtn_hdr->length); | 99 int profile_len = ntohs(xtn_hdr->length); |
96 rtp_header_len += profile_len * 4; | 100 rtp_header_len += profile_len * 4; |
97 /* profile length counts the number of 32-bit words */ | 101 /* profile length counts the number of 32-bit words */ |
98 if (*pkt_octet_len < rtp_header_len) | 102 if (*pkt_octet_len < rtp_header_len) |
99 return err_status_bad_param; | 103 return srtp_err_status_bad_param; |
100 } | 104 } |
101 return err_status_ok; | 105 return srtp_err_status_ok; |
102 } | 106 } |
103 | 107 |
104 const char *srtp_get_version_string () | 108 const char *srtp_get_version_string () |
105 { | 109 { |
106 /* | 110 /* |
107 * Simply return the autotools generated string | 111 * Simply return the autotools generated string |
108 */ | 112 */ |
109 return SRTP_VER_STRING; | 113 return SRTP_VER_STRING; |
110 } | 114 } |
111 | 115 |
(...skipping 21 matching lines...) Expand all Loading... |
133 * allowing 16 bits for the micro. 16 bits for the micro | 137 * allowing 16 bits for the micro. 16 bits for the micro |
134 * may be beneficial for a continuous delivery model | 138 * may be beneficial for a continuous delivery model |
135 * in the future. | 139 * in the future. |
136 */ | 140 */ |
137 rv |= (major & 0xFF) << 24; | 141 rv |= (major & 0xFF) << 24; |
138 rv |= (minor & 0xFF) << 16; | 142 rv |= (minor & 0xFF) << 16; |
139 rv |= micro & 0xFF; | 143 rv |= micro & 0xFF; |
140 return rv; | 144 return rv; |
141 } | 145 } |
142 | 146 |
143 err_status_t | 147 /* Release (maybe partially allocated) stream. */ |
| 148 static void |
| 149 srtp_stream_free(srtp_stream_ctx_t *str) { |
| 150 if (str->rtp_xtn_hdr_cipher) { |
| 151 srtp_cipher_dealloc(str->rtp_xtn_hdr_cipher); |
| 152 } |
| 153 if (str->enc_xtn_hdr) { |
| 154 srtp_crypto_free(str->enc_xtn_hdr); |
| 155 } |
| 156 if (str->rtcp_auth) { |
| 157 srtp_auth_dealloc(str->rtcp_auth); |
| 158 } |
| 159 if (str->rtcp_cipher) { |
| 160 srtp_cipher_dealloc(str->rtcp_cipher); |
| 161 } |
| 162 if (str->limit) { |
| 163 srtp_crypto_free(str->limit); |
| 164 } |
| 165 if (str->rtp_auth) { |
| 166 srtp_auth_dealloc(str->rtp_auth); |
| 167 } |
| 168 if (str->rtp_cipher) { |
| 169 srtp_cipher_dealloc(str->rtp_cipher); |
| 170 } |
| 171 srtp_crypto_free(str); |
| 172 } |
| 173 |
| 174 srtp_err_status_t |
144 srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, | 175 srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, |
145 const srtp_policy_t *p) { | 176 const srtp_policy_t *p) { |
146 srtp_stream_ctx_t *str; | 177 srtp_stream_ctx_t *str; |
147 err_status_t stat; | 178 srtp_err_status_t stat; |
148 | 179 |
149 /* | 180 /* |
150 * This function allocates the stream context, rtp and rtcp ciphers | 181 * This function allocates the stream context, rtp and rtcp ciphers |
151 * and auth functions, and key limit structure. If there is a | 182 * and auth functions, and key limit structure. If there is a |
152 * failure during allocation, we free all previously allocated | 183 * failure during allocation, we free all previously allocated |
153 * memory and return a failure code. The code could probably | 184 * memory and return a failure code. The code could probably |
154 * be improved, but it works and should be clear. | 185 * be improved, but it works and should be clear. |
155 */ | 186 */ |
156 | 187 |
157 /* allocate srtp stream and set str_ptr */ | 188 /* allocate srtp stream and set str_ptr */ |
158 str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t)); | 189 str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); |
159 if (str == NULL) | 190 if (str == NULL) |
160 return err_status_alloc_fail; | 191 return srtp_err_status_alloc_fail; |
161 *str_ptr = str; | 192 |
162 | 193 memset(str, 0, sizeof(srtp_stream_ctx_t)); |
| 194 *str_ptr = str; |
| 195 |
163 /* allocate cipher */ | 196 /* allocate cipher */ |
164 stat = crypto_kernel_alloc_cipher(p->rtp.cipher_type, | 197 stat = srtp_crypto_kernel_alloc_cipher(p->rtp.cipher_type, |
165 &str->rtp_cipher, | 198 &str->rtp_cipher, |
166 p->rtp.cipher_key_len, | 199 p->rtp.cipher_key_len, |
167 p->rtp.auth_tag_len); | 200 p->rtp.auth_tag_len); |
168 if (stat) { | 201 if (stat) { |
169 crypto_free(str); | 202 srtp_stream_free(str); |
170 return stat; | 203 return stat; |
171 } | 204 } |
172 | 205 |
173 /* allocate auth function */ | 206 /* allocate auth function */ |
174 stat = crypto_kernel_alloc_auth(p->rtp.auth_type, | 207 stat = srtp_crypto_kernel_alloc_auth(p->rtp.auth_type, |
175 &str->rtp_auth, | 208 &str->rtp_auth, |
176 p->rtp.auth_key_len, | 209 p->rtp.auth_key_len, |
177 p->rtp.auth_tag_len); | 210 p->rtp.auth_tag_len); |
178 if (stat) { | 211 if (stat) { |
179 cipher_dealloc(str->rtp_cipher); | 212 srtp_stream_free(str); |
180 crypto_free(str); | |
181 return stat; | 213 return stat; |
182 } | 214 } |
183 | 215 |
184 /* allocate key limit structure */ | 216 /* allocate key limit structure */ |
185 str->limit = (key_limit_ctx_t*) crypto_alloc(sizeof(key_limit_ctx_t)); | 217 str->limit = (srtp_key_limit_ctx_t*) srtp_crypto_alloc(sizeof(srtp_key_limit_c
tx_t)); |
186 if (str->limit == NULL) { | 218 if (str->limit == NULL) { |
187 auth_dealloc(str->rtp_auth); | 219 srtp_stream_free(str); |
188 cipher_dealloc(str->rtp_cipher); | 220 return srtp_err_status_alloc_fail; |
189 crypto_free(str); | |
190 return err_status_alloc_fail; | |
191 } | 221 } |
192 | 222 |
193 /* | 223 /* |
194 * ...and now the RTCP-specific initialization - first, allocate | 224 * ...and now the RTCP-specific initialization - first, allocate |
195 * the cipher | 225 * the cipher |
196 */ | 226 */ |
197 stat = crypto_kernel_alloc_cipher(p->rtcp.cipher_type, | 227 stat = srtp_crypto_kernel_alloc_cipher(p->rtcp.cipher_type, |
198 &str->rtcp_cipher, | 228 &str->rtcp_cipher, |
199 p->rtcp.cipher_key_len, | 229 p->rtcp.cipher_key_len, |
200 p->rtcp.auth_tag_len); | 230 p->rtcp.auth_tag_len); |
201 if (stat) { | 231 if (stat) { |
202 auth_dealloc(str->rtp_auth); | 232 srtp_stream_free(str); |
203 cipher_dealloc(str->rtp_cipher); | |
204 crypto_free(str->limit); | |
205 crypto_free(str); | |
206 return stat; | 233 return stat; |
207 } | 234 } |
208 | 235 |
209 /* allocate auth function */ | 236 /* allocate auth function */ |
210 stat = crypto_kernel_alloc_auth(p->rtcp.auth_type, | 237 stat = srtp_crypto_kernel_alloc_auth(p->rtcp.auth_type, |
211 &str->rtcp_auth, | 238 &str->rtcp_auth, |
212 p->rtcp.auth_key_len, | 239 p->rtcp.auth_key_len, |
213 p->rtcp.auth_tag_len); | 240 p->rtcp.auth_tag_len); |
214 if (stat) { | 241 if (stat) { |
215 cipher_dealloc(str->rtcp_cipher); | 242 srtp_stream_free(str); |
216 auth_dealloc(str->rtp_auth); | 243 return stat; |
217 cipher_dealloc(str->rtp_cipher); | |
218 crypto_free(str->limit); | |
219 crypto_free(str); | |
220 return stat; | |
221 } | 244 } |
222 | 245 |
223 /* allocate ekt data associated with stream */ | 246 /* allocate ekt data associated with stream */ |
224 stat = ekt_alloc(&str->ekt, p->ekt); | 247 stat = srtp_ekt_alloc(&str->ekt, p->ekt); |
225 if (stat) { | 248 if (stat) { |
226 auth_dealloc(str->rtcp_auth); | 249 srtp_stream_free(str); |
227 cipher_dealloc(str->rtcp_cipher); | 250 return stat; |
228 auth_dealloc(str->rtp_auth); | |
229 cipher_dealloc(str->rtp_cipher); | |
230 crypto_free(str->limit); | |
231 crypto_free(str); | |
232 return stat; | |
233 } | 251 } |
234 | 252 |
235 if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) { | 253 if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) { |
236 cipher_type_id_t enc_xtn_hdr_cipher_type; | 254 srtp_cipher_type_id_t enc_xtn_hdr_cipher_type; |
237 int enc_xtn_hdr_cipher_key_len; | 255 int enc_xtn_hdr_cipher_key_len; |
238 | 256 |
239 str->enc_xtn_hdr = (int*) crypto_alloc(p->enc_xtn_hdr_count * sizeof(p->enc_
xtn_hdr[0])); | 257 str->enc_xtn_hdr = (int*) srtp_crypto_alloc(p->enc_xtn_hdr_count * sizeof(p-
>enc_xtn_hdr[0])); |
240 if (!str->enc_xtn_hdr) { | 258 if (!str->enc_xtn_hdr) { |
241 auth_dealloc(str->rtcp_auth); | 259 srtp_stream_free(str); |
242 cipher_dealloc(str->rtcp_cipher); | 260 return srtp_err_status_alloc_fail; |
243 auth_dealloc(str->rtp_auth); | |
244 cipher_dealloc(str->rtp_cipher); | |
245 crypto_free(str->limit); | |
246 crypto_free(str); | |
247 return err_status_alloc_fail; | |
248 } | 261 } |
249 memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr, p->enc_xtn_hdr_count * sizeof(p->en
c_xtn_hdr[0])); | 262 memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr, p->enc_xtn_hdr_count * sizeof(p->en
c_xtn_hdr[0])); |
250 str->enc_xtn_hdr_count = p->enc_xtn_hdr_count; | 263 str->enc_xtn_hdr_count = p->enc_xtn_hdr_count; |
251 | 264 |
252 /* For GCM ciphers, the corresponding ICM cipher is used for header extensio
ns encryption. */ | 265 /* For GCM ciphers, the corresponding ICM cipher is used for header extensio
ns encryption. */ |
253 switch (p->rtp.cipher_type) { | 266 switch (p->rtp.cipher_type) { |
254 case AES_128_GCM: | 267 case SRTP_AES_128_GCM: |
255 enc_xtn_hdr_cipher_type = AES_128_ICM; | 268 enc_xtn_hdr_cipher_type = SRTP_AES_128_ICM; |
256 enc_xtn_hdr_cipher_key_len = 30; | 269 enc_xtn_hdr_cipher_key_len = 30; |
257 break; | 270 break; |
258 case AES_256_GCM: | 271 case SRTP_AES_256_GCM: |
259 enc_xtn_hdr_cipher_type = AES_256_ICM; | 272 enc_xtn_hdr_cipher_type = SRTP_AES_256_ICM; |
260 enc_xtn_hdr_cipher_key_len = 46; | 273 enc_xtn_hdr_cipher_key_len = 46; |
261 break; | 274 break; |
262 default: | 275 default: |
263 enc_xtn_hdr_cipher_type = p->rtp.cipher_type; | 276 enc_xtn_hdr_cipher_type = p->rtp.cipher_type; |
264 enc_xtn_hdr_cipher_key_len = p->rtp.cipher_key_len; | 277 enc_xtn_hdr_cipher_key_len = p->rtp.cipher_key_len; |
265 break; | 278 break; |
266 } | 279 } |
267 | 280 |
268 /* allocate cipher for extensions header encryption */ | 281 /* allocate cipher for extensions header encryption */ |
269 stat = crypto_kernel_alloc_cipher(enc_xtn_hdr_cipher_type, | 282 stat = srtp_crypto_kernel_alloc_cipher(enc_xtn_hdr_cipher_type, |
270 &str->rtp_xtn_hdr_cipher, | 283 &str->rtp_xtn_hdr_cipher, |
271 enc_xtn_hdr_cipher_key_len, | 284 enc_xtn_hdr_cipher_key_len, |
272 0); | 285 0); |
273 | |
274 if (stat) { | 286 if (stat) { |
275 crypto_free(str->enc_xtn_hdr); | 287 srtp_stream_free(str); |
276 auth_dealloc(str->rtcp_auth); | |
277 cipher_dealloc(str->rtcp_cipher); | |
278 auth_dealloc(str->rtp_auth); | |
279 cipher_dealloc(str->rtp_cipher); | |
280 crypto_free(str->limit); | |
281 crypto_free(str); | |
282 return stat; | 288 return stat; |
283 } | 289 } |
284 } else { | 290 } else { |
285 str->rtp_xtn_hdr_cipher = NULL; | 291 str->rtp_xtn_hdr_cipher = NULL; |
286 str->enc_xtn_hdr = NULL; | 292 str->enc_xtn_hdr = NULL; |
287 str->enc_xtn_hdr_count = 0; | 293 str->enc_xtn_hdr_count = 0; |
288 } | 294 } |
289 | 295 |
290 return err_status_ok; | 296 return srtp_err_status_ok; |
291 } | 297 } |
292 | 298 |
293 err_status_t | 299 srtp_err_status_t |
294 srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) { | 300 srtp_stream_dealloc(srtp_stream_ctx_t *stream, srtp_stream_ctx_t *stream_templat
e) { |
295 err_status_t status; | 301 srtp_err_status_t status; |
296 | 302 |
297 /* | 303 /* |
298 * we use a conservative deallocation strategy - if any deallocation | 304 * we use a conservative deallocation strategy - if any deallocation |
299 * fails, then we report that fact without trying to deallocate | 305 * fails, then we report that fact without trying to deallocate |
300 * anything else | 306 * anything else |
301 */ | 307 */ |
302 | 308 |
303 /* deallocate cipher, if it is not the same as that in template */ | 309 /* deallocate cipher, if it is not the same as that in template */ |
304 if (session->stream_template | 310 if (stream_template |
305 && stream->rtp_cipher == session->stream_template->rtp_cipher) { | 311 && stream->rtp_cipher == stream_template->rtp_cipher) { |
306 /* do nothing */ | 312 /* do nothing */ |
307 } else { | 313 } else { |
308 status = cipher_dealloc(stream->rtp_cipher); | 314 status = srtp_cipher_dealloc(stream->rtp_cipher); |
309 if (status) | 315 if (status) |
310 return status; | 316 return status; |
311 } | 317 } |
312 | 318 |
313 /* deallocate auth function, if it is not the same as that in template */ | 319 /* deallocate auth function, if it is not the same as that in template */ |
314 if (session->stream_template | 320 if (stream_template |
315 && stream->rtp_auth == session->stream_template->rtp_auth) { | 321 && stream->rtp_auth == stream_template->rtp_auth) { |
316 /* do nothing */ | 322 /* do nothing */ |
317 } else { | 323 } else { |
318 status = auth_dealloc(stream->rtp_auth); | 324 status = srtp_auth_dealloc(stream->rtp_auth); |
319 if (status) | 325 if (status) |
320 return status; | 326 return status; |
321 } | 327 } |
322 | 328 |
323 /* deallocate key usage limit, if it is not the same as that in template */ | 329 /* deallocate key usage limit, if it is not the same as that in template */ |
324 if (session->stream_template | 330 if (stream_template |
325 && stream->limit == session->stream_template->limit) { | 331 && stream->limit == stream_template->limit) { |
326 /* do nothing */ | 332 /* do nothing */ |
327 } else { | 333 } else { |
328 crypto_free(stream->limit); | 334 srtp_crypto_free(stream->limit); |
329 } | 335 } |
330 | 336 |
331 if (session->stream_template | 337 if (stream_template |
332 && stream->rtp_xtn_hdr_cipher == session->stream_template->rtp_xtn_hdr_cip
her) { | 338 && stream->rtp_xtn_hdr_cipher == stream_template->rtp_xtn_hdr_cipher) { |
333 /* do nothing */ | 339 /* do nothing */ |
334 } else if (stream->rtp_xtn_hdr_cipher) { | 340 } else if (stream->rtp_xtn_hdr_cipher) { |
335 status = cipher_dealloc(stream->rtp_xtn_hdr_cipher); | 341 status = srtp_cipher_dealloc(stream->rtp_xtn_hdr_cipher); |
336 if (status) | 342 if (status) |
337 return status; | 343 return status; |
338 } | 344 } |
339 | 345 |
340 /* | 346 /* |
341 * deallocate rtcp cipher, if it is not the same as that in | 347 * deallocate rtcp cipher, if it is not the same as that in |
342 * template | 348 * template |
343 */ | 349 */ |
344 if (session->stream_template | 350 if (stream_template |
345 && stream->rtcp_cipher == session->stream_template->rtcp_cipher) { | 351 && stream->rtcp_cipher == stream_template->rtcp_cipher) { |
346 /* do nothing */ | 352 /* do nothing */ |
347 } else { | 353 } else { |
348 status = cipher_dealloc(stream->rtcp_cipher); | 354 status = srtp_cipher_dealloc(stream->rtcp_cipher); |
349 if (status) | 355 if (status) |
350 return status; | 356 return status; |
351 } | 357 } |
352 | 358 |
353 /* | 359 /* |
354 * deallocate rtcp auth function, if it is not the same as that in | 360 * deallocate rtcp auth function, if it is not the same as that in |
355 * template | 361 * template |
356 */ | 362 */ |
357 if (session->stream_template | 363 if (stream_template |
358 && stream->rtcp_auth == session->stream_template->rtcp_auth) { | 364 && stream->rtcp_auth == stream_template->rtcp_auth) { |
359 /* do nothing */ | 365 /* do nothing */ |
360 } else { | 366 } else { |
361 status = auth_dealloc(stream->rtcp_auth); | 367 status = srtp_auth_dealloc(stream->rtcp_auth); |
362 if (status) | 368 if (status) |
363 return status; | 369 return status; |
364 } | 370 } |
365 | 371 |
366 status = rdbx_dealloc(&stream->rtp_rdbx); | 372 status = srtp_rdbx_dealloc(&stream->rtp_rdbx); |
367 if (status) | 373 if (status) |
368 return status; | 374 return status; |
369 | 375 |
370 /* DAM - need to deallocate EKT here */ | 376 /* DAM - need to deallocate EKT here */ |
371 | 377 |
372 if (session->stream_template | 378 if (stream_template |
373 && stream->enc_xtn_hdr == session->stream_template->enc_xtn_hdr) { | 379 && stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) { |
374 /* do nothing */ | 380 /* do nothing */ |
375 } else if (stream->enc_xtn_hdr) { | 381 } else if (stream->enc_xtn_hdr) { |
376 crypto_free(stream->enc_xtn_hdr); | 382 srtp_crypto_free(stream->enc_xtn_hdr); |
377 } | 383 } |
378 | 384 |
379 /* | 385 /* |
380 * zeroize the salt value | 386 * zeroize the salt value |
381 */ | 387 */ |
382 memset(stream->salt, 0, SRTP_AEAD_SALT_LEN); | 388 memset(stream->salt, 0, SRTP_AEAD_SALT_LEN); |
383 memset(stream->c_salt, 0, SRTP_AEAD_SALT_LEN); | 389 memset(stream->c_salt, 0, SRTP_AEAD_SALT_LEN); |
384 | 390 |
385 | 391 |
386 /* deallocate srtp stream context */ | 392 /* deallocate srtp stream context */ |
387 crypto_free(stream); | 393 srtp_crypto_free(stream); |
388 | 394 |
389 return err_status_ok; | 395 return srtp_err_status_ok; |
390 } | 396 } |
391 | 397 |
392 | 398 |
393 /* | 399 /* |
394 * srtp_stream_clone(stream_template, new) allocates a new stream and | 400 * srtp_stream_clone(stream_template, new) allocates a new stream and |
395 * initializes it using the cipher and auth of the stream_template | 401 * initializes it using the cipher and auth of the stream_template |
396 * | 402 * |
397 * the only unique data in a cloned stream is the replay database and | 403 * the only unique data in a cloned stream is the replay database and |
398 * the SSRC | 404 * the SSRC |
399 */ | 405 */ |
400 | 406 |
401 err_status_t | 407 srtp_err_status_t |
402 srtp_stream_clone(const srtp_stream_ctx_t *stream_template, | 408 srtp_stream_clone(const srtp_stream_ctx_t *stream_template, |
403 uint32_t ssrc, | 409 uint32_t ssrc, |
404 srtp_stream_ctx_t **str_ptr) { | 410 srtp_stream_ctx_t **str_ptr) { |
405 err_status_t status; | 411 srtp_err_status_t status; |
406 srtp_stream_ctx_t *str; | 412 srtp_stream_ctx_t *str; |
407 | 413 |
408 debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ssrc); | 414 debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ntohl(ssrc)); |
409 | 415 |
410 /* allocate srtp stream and set str_ptr */ | 416 /* allocate srtp stream and set str_ptr */ |
411 str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t)); | 417 str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); |
412 if (str == NULL) | 418 if (str == NULL) |
413 return err_status_alloc_fail; | 419 return srtp_err_status_alloc_fail; |
414 *str_ptr = str; | 420 *str_ptr = str; |
415 | 421 |
416 /* set cipher and auth pointers to those of the template */ | 422 /* set cipher and auth pointers to those of the template */ |
417 str->rtp_cipher = stream_template->rtp_cipher; | 423 str->rtp_cipher = stream_template->rtp_cipher; |
418 str->rtp_auth = stream_template->rtp_auth; | 424 str->rtp_auth = stream_template->rtp_auth; |
419 str->rtp_xtn_hdr_cipher = stream_template->rtp_xtn_hdr_cipher; | 425 str->rtp_xtn_hdr_cipher = stream_template->rtp_xtn_hdr_cipher; |
420 str->rtcp_cipher = stream_template->rtcp_cipher; | 426 str->rtcp_cipher = stream_template->rtcp_cipher; |
421 str->rtcp_auth = stream_template->rtcp_auth; | 427 str->rtcp_auth = stream_template->rtcp_auth; |
422 | 428 |
423 /* set key limit to point to that of the template */ | 429 /* set key limit to point to that of the template */ |
424 status = key_limit_clone(stream_template->limit, &str->limit); | 430 status = srtp_key_limit_clone(stream_template->limit, &str->limit); |
425 if (status) { | 431 if (status) { |
426 crypto_free(*str_ptr); | 432 srtp_crypto_free(*str_ptr); |
427 *str_ptr = NULL; | 433 *str_ptr = NULL; |
428 return status; | 434 return status; |
429 } | 435 } |
430 | 436 |
431 /* initialize replay databases */ | 437 /* initialize replay databases */ |
432 status = rdbx_init(&str->rtp_rdbx, | 438 status = srtp_rdbx_init(&str->rtp_rdbx, |
433 » » rdbx_get_window_size(&stream_template->rtp_rdbx)); | 439 » » srtp_rdbx_get_window_size(&stream_template->rtp_rdbx)); |
434 if (status) { | 440 if (status) { |
435 crypto_free(*str_ptr); | 441 srtp_crypto_free(*str_ptr); |
436 *str_ptr = NULL; | 442 *str_ptr = NULL; |
437 return status; | 443 return status; |
438 } | 444 } |
439 rdb_init(&str->rtcp_rdb); | 445 srtp_rdb_init(&str->rtcp_rdb); |
440 str->allow_repeat_tx = stream_template->allow_repeat_tx; | 446 str->allow_repeat_tx = stream_template->allow_repeat_tx; |
441 | 447 |
442 /* set ssrc to that provided */ | 448 /* set ssrc to that provided */ |
443 str->ssrc = ssrc; | 449 str->ssrc = ssrc; |
444 | 450 |
445 /* set direction and security services */ | 451 /* set direction and security services */ |
446 str->direction = stream_template->direction; | 452 str->direction = stream_template->direction; |
447 str->rtp_services = stream_template->rtp_services; | 453 str->rtp_services = stream_template->rtp_services; |
448 str->rtcp_services = stream_template->rtcp_services; | 454 str->rtcp_services = stream_template->rtcp_services; |
449 | 455 |
450 /* set pointer to EKT data associated with stream */ | 456 /* set pointer to EKT data associated with stream */ |
451 str->ekt = stream_template->ekt; | 457 str->ekt = stream_template->ekt; |
452 | 458 |
| 459 /* Copy the salt values */ |
| 460 memcpy(str->salt, stream_template->salt, SRTP_AEAD_SALT_LEN); |
| 461 memcpy(str->c_salt, stream_template->c_salt, SRTP_AEAD_SALT_LEN); |
| 462 |
453 /* copy information about extensions header encryption */ | 463 /* copy information about extensions header encryption */ |
454 str->enc_xtn_hdr = stream_template->enc_xtn_hdr; | 464 str->enc_xtn_hdr = stream_template->enc_xtn_hdr; |
455 str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count; | 465 str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count; |
456 | 466 |
457 /* Copy the salt values */ | |
458 memcpy(str->salt, stream_template->salt, SRTP_AEAD_SALT_LEN); | |
459 memcpy(str->c_salt, stream_template->c_salt, SRTP_AEAD_SALT_LEN); | |
460 | |
461 /* defensive coding */ | 467 /* defensive coding */ |
462 str->next = NULL; | 468 str->next = NULL; |
463 | 469 |
464 return err_status_ok; | 470 return srtp_err_status_ok; |
465 } | 471 } |
466 | 472 |
467 | 473 |
468 /* | 474 /* |
469 * key derivation functions, internal to libSRTP | 475 * key derivation functions, internal to libSRTP |
470 * | 476 * |
471 * srtp_kdf_t is a key derivation context | 477 * srtp_kdf_t is a key derivation context |
472 * | 478 * |
473 * srtp_kdf_init(&kdf, cipher_id, k, keylen) initializes kdf to use cipher | 479 * srtp_kdf_init(&kdf, cipher_id, k, keylen) initializes kdf to use cipher |
474 * described by cipher_id, with the master key k with length in octets keylen. | 480 * described by cipher_id, with the master key k with length in octets keylen. |
(...skipping 10 matching lines...) Expand all Loading... |
485 label_rtp_encryption = 0x00, | 491 label_rtp_encryption = 0x00, |
486 label_rtp_msg_auth = 0x01, | 492 label_rtp_msg_auth = 0x01, |
487 label_rtp_salt = 0x02, | 493 label_rtp_salt = 0x02, |
488 label_rtcp_encryption = 0x03, | 494 label_rtcp_encryption = 0x03, |
489 label_rtcp_msg_auth = 0x04, | 495 label_rtcp_msg_auth = 0x04, |
490 label_rtcp_salt = 0x05, | 496 label_rtcp_salt = 0x05, |
491 label_rtp_header_encryption = 0x06, | 497 label_rtp_header_encryption = 0x06, |
492 label_rtp_header_salt = 0x07 | 498 label_rtp_header_salt = 0x07 |
493 } srtp_prf_label; | 499 } srtp_prf_label; |
494 | 500 |
| 501 #define MAX_SRTP_KEY_LEN 256 |
| 502 |
| 503 #if defined(OPENSSL) && defined(OPENSSL_KDF) |
| 504 #define MAX_SRTP_AESKEY_LEN 32 |
| 505 #define MAX_SRTP_SALT_LEN 14 |
495 | 506 |
496 /* | 507 /* |
497 * srtp_kdf_t represents a key derivation function. The SRTP | 508 * srtp_kdf_t represents a key derivation function. The SRTP |
498 * default KDF is the only one implemented at present. | 509 * default KDF is the only one implemented at present. |
499 */ | 510 */ |
500 | |
501 typedef struct { | 511 typedef struct { |
502 cipher_t *cipher; /* cipher used for key derivation */ | 512 uint8_t master_key[MAX_SRTP_AESKEY_LEN]; |
| 513 uint8_t master_salt[MAX_SRTP_SALT_LEN]; |
| 514 const EVP_CIPHER *evp; |
503 } srtp_kdf_t; | 515 } srtp_kdf_t; |
504 | 516 |
505 err_status_t | |
506 srtp_kdf_init(srtp_kdf_t *kdf, cipher_type_id_t cipher_id, const uint8_t *key, i
nt length) { | |
507 | 517 |
508 err_status_t stat; | 518 static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int
key_len, int salt_len) |
509 stat = crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, length, 0); | 519 { |
510 if (stat) | 520 memset(kdf, 0x0, sizeof(srtp_kdf_t)); |
511 return stat; | |
512 | 521 |
513 stat = cipher_init(kdf->cipher, key); | 522 /* The NULL cipher has zero key length */ |
514 if (stat) { | 523 if (key_len == 0) return srtp_err_status_ok; |
515 cipher_dealloc(kdf->cipher); | |
516 return stat; | |
517 } | |
518 | 524 |
519 return err_status_ok; | 525 if ((key_len > MAX_SRTP_AESKEY_LEN) || (salt_len > MAX_SRTP_SALT_LEN)) { |
| 526 return srtp_err_status_bad_param; |
| 527 } |
| 528 switch (key_len) { |
| 529 case SRTP_AES_256_KEYSIZE: |
| 530 kdf->evp = EVP_aes_256_ctr(); |
| 531 break; |
| 532 case SRTP_AES_192_KEYSIZE: |
| 533 kdf->evp = EVP_aes_192_ctr(); |
| 534 break; |
| 535 case SRTP_AES_128_KEYSIZE: |
| 536 kdf->evp = EVP_aes_128_ctr(); |
| 537 break; |
| 538 default: |
| 539 return srtp_err_status_bad_param; |
| 540 break; |
| 541 } |
| 542 memcpy(kdf->master_key, key, key_len); |
| 543 memcpy(kdf->master_salt, key+key_len, salt_len); |
| 544 return srtp_err_status_ok; |
520 } | 545 } |
521 | 546 |
522 err_status_t | 547 static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label
, uint8_t *key, unsigned int length) |
523 srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, | 548 { |
524 » » uint8_t *key, unsigned int length) { | 549 int ret; |
525 | 550 |
526 v128_t nonce; | 551 /* The NULL cipher will not have an EVP */ |
527 err_status_t status; | 552 if (!kdf->evp) return srtp_err_status_ok; |
528 | |
529 /* set eigth octet of nonce to <label>, set the rest of it to zero */ | |
530 v128_set_to_zero(&nonce); | |
531 nonce.v8[7] = label; | |
532 | |
533 status = cipher_set_iv(kdf->cipher, &nonce, direction_encrypt); | |
534 if (status) | |
535 return status; | |
536 | |
537 /* generate keystream output */ | |
538 octet_string_set_to_zero(key, length); | |
539 status = cipher_encrypt(kdf->cipher, key, &length); | |
540 if (status) | |
541 return status; | |
542 | 553 |
543 return err_status_ok; | 554 octet_string_set_to_zero(key, length); |
| 555 |
| 556 /* |
| 557 * Invoke the OpenSSL SRTP KDF function |
| 558 * This is useful if OpenSSL is in FIPS mode and FIP |
| 559 * compliance is required for SRTP. |
| 560 */ |
| 561 ret = kdf_srtp(kdf->evp, (char *)&kdf->master_key, (char *)&kdf->master_salt
, NULL, NULL, label, (char *)key); |
| 562 if (ret == -1) { |
| 563 return (srtp_err_status_algo_fail); |
| 564 } |
| 565 |
| 566 return srtp_err_status_ok; |
544 } | 567 } |
545 | 568 |
546 err_status_t | 569 static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { |
547 srtp_kdf_clear(srtp_kdf_t *kdf) { | 570 memset(kdf->master_key, 0x0, MAX_SRTP_AESKEY_LEN); |
548 err_status_t status; | 571 memset(kdf->master_salt, 0x0, MAX_SRTP_SALT_LEN); |
549 status = cipher_dealloc(kdf->cipher); | 572 kdf->evp = NULL; |
550 if (status) | |
551 return status; | |
552 kdf->cipher = NULL; | |
553 | 573 |
554 return err_status_ok; | 574 return srtp_err_status_ok; |
555 } | 575 } |
556 | 576 |
| 577 #else /* if OPENSSL_KDF */ |
| 578 |
| 579 /* |
| 580 * srtp_kdf_t represents a key derivation function. The SRTP |
| 581 * default KDF is the only one implemented at present. |
| 582 */ |
| 583 typedef struct { |
| 584 srtp_cipher_t *cipher; /* cipher used for key derivation */ |
| 585 } srtp_kdf_t; |
| 586 |
| 587 static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, srtp_cipher_type_id_t ci
pher_id, const uint8_t *key, int length) |
| 588 { |
| 589 srtp_err_status_t stat; |
| 590 stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, length, 0); |
| 591 if (stat) return stat; |
| 592 |
| 593 stat = srtp_cipher_init(kdf->cipher, key); |
| 594 if (stat) { |
| 595 srtp_cipher_dealloc(kdf->cipher); |
| 596 return stat; |
| 597 } |
| 598 return srtp_err_status_ok; |
| 599 } |
| 600 |
| 601 static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label
, uint8_t *key, unsigned int length) |
| 602 { |
| 603 srtp_err_status_t status; |
| 604 v128_t nonce; |
| 605 |
| 606 /* set eigth octet of nonce to <label>, set the rest of it to zero */ |
| 607 v128_set_to_zero(&nonce); |
| 608 nonce.v8[7] = label; |
| 609 |
| 610 status = srtp_cipher_set_iv(kdf->cipher, (uint8_t*)&nonce, srtp_direction_en
crypt); |
| 611 if (status) return status; |
| 612 |
| 613 /* generate keystream output */ |
| 614 octet_string_set_to_zero(key, length); |
| 615 status = srtp_cipher_encrypt(kdf->cipher, key, &length); |
| 616 if (status) return status; |
| 617 |
| 618 return srtp_err_status_ok; |
| 619 } |
| 620 |
| 621 static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { |
| 622 srtp_err_status_t status; |
| 623 status = srtp_cipher_dealloc(kdf->cipher); |
| 624 if (status) return status; |
| 625 kdf->cipher = NULL; |
| 626 return srtp_err_status_ok; |
| 627 } |
| 628 #endif /* else OPENSSL_KDF */ |
| 629 |
557 /* | 630 /* |
558 * end of key derivation functions | 631 * end of key derivation functions |
559 */ | 632 */ |
560 | 633 |
561 #define MAX_SRTP_KEY_LEN 256 | |
562 | 634 |
563 | 635 |
564 /* Get the base key length corresponding to a given combined key+salt | 636 /* Get the base key length corresponding to a given combined key+salt |
565 * length for the given cipher. | 637 * length for the given cipher. |
566 * Assumption is that for AES-ICM a key length < 30 is Ismacryp using | 638 * Assumption is that for AES-ICM a key length < 30 is Ismacryp using |
567 * AES-128 and short salts; everything else uses a salt length of 14. | 639 * AES-128 and short salts; everything else uses a salt length of 14. |
568 * TODO: key and salt lengths should be separate fields in the policy. */ | 640 * TODO: key and salt lengths should be separate fields in the policy. */ |
569 static inline int base_key_length(const cipher_type_t *cipher, int key_length) | 641 static inline int base_key_length(const srtp_cipher_type_t *cipher, int key_leng
th) |
570 { | 642 { |
571 switch (cipher->id) { | 643 switch (cipher->id) { |
572 case AES_128_ICM: | 644 case SRTP_AES_128_ICM: |
573 case AES_192_ICM: | 645 case SRTP_AES_192_ICM: |
574 case AES_256_ICM: | 646 case SRTP_AES_256_ICM: |
575 /* The legacy modes are derived from | 647 /* The legacy modes are derived from |
576 * the configured key length on the policy */ | 648 * the configured key length on the policy */ |
577 return key_length - 14; | 649 return key_length - 14; |
578 break; | 650 break; |
579 case AES_128_GCM: | 651 case SRTP_AES_128_GCM: |
580 return 16; | 652 return 16; |
581 break; | 653 break; |
582 case AES_256_GCM: | 654 case SRTP_AES_256_GCM: |
583 return 32; | 655 return 32; |
584 break; | 656 break; |
585 default: | 657 default: |
586 return key_length; | 658 return key_length; |
587 break; | 659 break; |
588 } | 660 } |
589 } | 661 } |
590 | 662 |
591 err_status_t | 663 srtp_err_status_t |
592 srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { | 664 srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
593 err_status_t stat; | 665 srtp_err_status_t stat; |
594 srtp_kdf_t kdf; | 666 srtp_kdf_t kdf; |
595 uint8_t tmp_key[MAX_SRTP_KEY_LEN]; | 667 uint8_t tmp_key[MAX_SRTP_KEY_LEN]; |
596 int kdf_keylen = 30, rtp_keylen, rtcp_keylen; | 668 int kdf_keylen = 30, rtp_keylen, rtcp_keylen; |
597 int rtp_base_key_len, rtp_salt_len; | 669 int rtp_base_key_len, rtp_salt_len; |
598 int rtcp_base_key_len, rtcp_salt_len; | 670 int rtcp_base_key_len, rtcp_salt_len; |
599 | 671 |
600 /* If RTP or RTCP have a key length > AES-128, assume matching kdf. */ | 672 /* If RTP or RTCP have a key length > AES-128, assume matching kdf. */ |
601 /* TODO: kdf algorithm, master key length, and master salt length should | 673 /* TODO: kdf algorithm, master key length, and master salt length should |
602 * be part of srtp_policy_t. */ | 674 * be part of srtp_policy_t. */ |
603 rtp_keylen = cipher_get_key_length(srtp->rtp_cipher); | 675 rtp_keylen = srtp_cipher_get_key_length(srtp->rtp_cipher); |
604 rtcp_keylen = cipher_get_key_length(srtp->rtcp_cipher); | 676 rtcp_keylen = srtp_cipher_get_key_length(srtp->rtcp_cipher); |
605 rtp_base_key_len = base_key_length(srtp->rtp_cipher->type, rtp_keylen); | 677 rtp_base_key_len = base_key_length(srtp->rtp_cipher->type, rtp_keylen); |
606 rtp_salt_len = rtp_keylen - rtp_base_key_len; | 678 rtp_salt_len = rtp_keylen - rtp_base_key_len; |
607 | 679 |
608 if (rtp_keylen > kdf_keylen) { | 680 if (rtp_keylen > kdf_keylen) { |
609 kdf_keylen = 46; /* AES-CTR mode is always used for KDF */ | 681 kdf_keylen = 46; /* AES-CTR mode is always used for KDF */ |
610 } | 682 } |
611 | 683 |
612 if (rtcp_keylen > kdf_keylen) { | 684 if (rtcp_keylen > kdf_keylen) { |
613 kdf_keylen = 46; /* AES-CTR mode is always used for KDF */ | 685 kdf_keylen = 46; /* AES-CTR mode is always used for KDF */ |
614 } | 686 } |
615 | 687 |
616 debug_print(mod_srtp, "srtp key len: %d", rtp_keylen); | 688 debug_print(mod_srtp, "srtp key len: %d", rtp_keylen); |
617 debug_print(mod_srtp, "srtcp key len: %d", rtcp_keylen); | 689 debug_print(mod_srtp, "srtcp key len: %d", rtcp_keylen); |
618 debug_print(mod_srtp, "base key len: %d", rtp_base_key_len); | 690 debug_print(mod_srtp, "base key len: %d", rtp_base_key_len); |
619 debug_print(mod_srtp, "kdf key len: %d", kdf_keylen); | 691 debug_print(mod_srtp, "kdf key len: %d", kdf_keylen); |
620 debug_print(mod_srtp, "rtp salt len: %d", rtp_salt_len); | 692 debug_print(mod_srtp, "rtp salt len: %d", rtp_salt_len); |
621 | 693 |
622 /* | 694 /* |
623 * Make sure the key given to us is 'zero' appended. GCM | 695 * Make sure the key given to us is 'zero' appended. GCM |
624 * mode uses a shorter master SALT (96 bits), but still relies on | 696 * mode uses a shorter master SALT (96 bits), but still relies on |
625 * the legacy CTR mode KDF, which uses a 112 bit master SALT. | 697 * the legacy CTR mode KDF, which uses a 112 bit master SALT. |
626 */ | 698 */ |
627 memset(tmp_key, 0x0, MAX_SRTP_KEY_LEN); | 699 memset(tmp_key, 0x0, MAX_SRTP_KEY_LEN); |
628 memcpy(tmp_key, key, (rtp_base_key_len + rtp_salt_len)); | 700 memcpy(tmp_key, key, (rtp_base_key_len + rtp_salt_len)); |
629 | 701 |
630 /* initialize KDF state */ | 702 /* initialize KDF state */ |
631 stat = srtp_kdf_init(&kdf, AES_ICM, (const uint8_t *)tmp_key, kdf_keylen); | 703 #if defined(OPENSSL) && defined(OPENSSL_KDF) |
| 704 stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, rtp_base_key_len, rtp_sal
t_len); |
| 705 #else |
| 706 stat = srtp_kdf_init(&kdf, SRTP_AES_ICM, (const uint8_t *)tmp_key, kdf_keylen)
; |
| 707 #endif |
632 if (stat) { | 708 if (stat) { |
633 return err_status_init_fail; | 709 return srtp_err_status_init_fail; |
634 } | 710 } |
635 | 711 |
636 /* generate encryption key */ | 712 /* generate encryption key */ |
637 stat = srtp_kdf_generate(&kdf, label_rtp_encryption, | 713 stat = srtp_kdf_generate(&kdf, label_rtp_encryption, |
638 tmp_key, rtp_base_key_len); | 714 tmp_key, rtp_base_key_len); |
639 if (stat) { | 715 if (stat) { |
640 /* zeroize temp buffer */ | 716 /* zeroize temp buffer */ |
641 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 717 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
642 return err_status_init_fail; | 718 return srtp_err_status_init_fail; |
643 } | 719 } |
644 debug_print(mod_srtp, "cipher key: %s", | 720 debug_print(mod_srtp, "cipher key: %s", |
645 » octet_string_hex_string(tmp_key, rtp_base_key_len)); | 721 » srtp_octet_string_hex_string(tmp_key, rtp_base_key_len)); |
646 | 722 |
647 /* | 723 /* |
648 * if the cipher in the srtp context uses a salt, then we need | 724 * if the cipher in the srtp context uses a salt, then we need |
649 * to generate the salt value | 725 * to generate the salt value |
650 */ | 726 */ |
651 if (rtp_salt_len > 0) { | 727 if (rtp_salt_len > 0) { |
652 debug_print(mod_srtp, "found rtp_salt_len > 0, generating salt", NULL); | 728 debug_print(mod_srtp, "found rtp_salt_len > 0, generating salt", NULL); |
653 | 729 |
654 /* generate encryption salt, put after encryption key */ | 730 /* generate encryption salt, put after encryption key */ |
655 stat = srtp_kdf_generate(&kdf, label_rtp_salt, | 731 stat = srtp_kdf_generate(&kdf, label_rtp_salt, |
656 tmp_key + rtp_base_key_len, rtp_salt_len); | 732 tmp_key + rtp_base_key_len, rtp_salt_len); |
657 if (stat) { | 733 if (stat) { |
658 /* zeroize temp buffer */ | 734 /* zeroize temp buffer */ |
659 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 735 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
660 return err_status_init_fail; | 736 return srtp_err_status_init_fail; |
661 } | 737 } |
662 memcpy(srtp->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN); | 738 memcpy(srtp->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN); |
663 } | 739 } |
664 if (rtp_salt_len > 0) { | 740 if (rtp_salt_len > 0) { |
665 debug_print(mod_srtp, "cipher salt: %s", | 741 debug_print(mod_srtp, "cipher salt: %s", |
666 » » octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_salt_len
)); | 742 » » srtp_octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_sal
t_len)); |
667 } | 743 } |
668 | 744 |
669 /* initialize cipher */ | 745 /* initialize cipher */ |
670 stat = cipher_init(srtp->rtp_cipher, tmp_key); | 746 stat = srtp_cipher_init(srtp->rtp_cipher, tmp_key); |
671 if (stat) { | 747 if (stat) { |
672 /* zeroize temp buffer */ | 748 /* zeroize temp buffer */ |
673 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 749 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
674 return err_status_init_fail; | 750 return srtp_err_status_init_fail; |
675 } | 751 } |
676 | 752 |
677 if (srtp->rtp_xtn_hdr_cipher) { | 753 if (srtp->rtp_xtn_hdr_cipher) { |
678 /* generate extensions header encryption key */ | 754 /* generate extensions header encryption key */ |
679 int rtp_xtn_hdr_keylen; | 755 int rtp_xtn_hdr_keylen; |
680 int rtp_xtn_hdr_base_key_len; | 756 int rtp_xtn_hdr_base_key_len; |
681 int rtp_xtn_hdr_salt_len; | 757 int rtp_xtn_hdr_salt_len; |
682 srtp_kdf_t tmp_kdf; | 758 srtp_kdf_t tmp_kdf; |
683 srtp_kdf_t *xtn_hdr_kdf; | 759 srtp_kdf_t *xtn_hdr_kdf; |
684 | 760 |
685 if (srtp->rtp_xtn_hdr_cipher->type != srtp->rtp_cipher->type) { | 761 if (srtp->rtp_xtn_hdr_cipher->type != srtp->rtp_cipher->type) { |
686 /* With GCM ciphers, the header extensions are still encrypted using the c
orresponding ICM cipher. */ | 762 /* With GCM ciphers, the header extensions are still encrypted using the c
orresponding ICM cipher. */ |
687 /* See https://tools.ietf.org/html/draft-ietf-avtcore-srtp-aes-gcm-17#sect
ion-8.3 */ | 763 /* See https://tools.ietf.org/html/draft-ietf-avtcore-srtp-aes-gcm-17#sect
ion-8.3 */ |
688 uint8_t tmp_xtn_hdr_key[MAX_SRTP_KEY_LEN]; | 764 uint8_t tmp_xtn_hdr_key[MAX_SRTP_KEY_LEN]; |
689 rtp_xtn_hdr_keylen = cipher_get_key_length(srtp->rtp_xtn_hdr_cipher); | 765 rtp_xtn_hdr_keylen = srtp_cipher_get_key_length(srtp->rtp_xtn_hdr_cipher); |
690 rtp_xtn_hdr_base_key_len = base_key_length(srtp->rtp_xtn_hdr_cipher->type,
rtp_xtn_hdr_keylen); | 766 rtp_xtn_hdr_base_key_len = base_key_length(srtp->rtp_xtn_hdr_cipher->type,
rtp_xtn_hdr_keylen); |
691 rtp_xtn_hdr_salt_len = rtp_xtn_hdr_keylen - rtp_xtn_hdr_base_key_len; | 767 rtp_xtn_hdr_salt_len = rtp_xtn_hdr_keylen - rtp_xtn_hdr_base_key_len; |
692 memset(tmp_xtn_hdr_key, 0x0, MAX_SRTP_KEY_LEN); | 768 memset(tmp_xtn_hdr_key, 0x0, MAX_SRTP_KEY_LEN); |
693 memcpy(tmp_xtn_hdr_key, key, (rtp_xtn_hdr_base_key_len + rtp_xtn_hdr_salt_
len)); | 769 memcpy(tmp_xtn_hdr_key, key, (rtp_xtn_hdr_base_key_len + rtp_xtn_hdr_salt_
len)); |
694 xtn_hdr_kdf = &tmp_kdf; | 770 xtn_hdr_kdf = &tmp_kdf; |
695 | 771 |
696 /* initialize KDF state */ | 772 /* initialize KDF state */ |
697 stat = srtp_kdf_init(xtn_hdr_kdf, AES_ICM, (const uint8_t *)tmp_xtn_hdr_ke
y, kdf_keylen); | 773 #if defined(OPENSSL) && defined(OPENSSL_KDF) |
| 774 stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, rtp_xt
n_hdr_base_key_len, rtp_xtn_hdr_salt_len); |
| 775 #else |
| 776 stat = srtp_kdf_init(xtn_hdr_kdf, SRTP_AES_ICM, (const uint8_t *)tmp_xtn_h
dr_key, kdf_keylen); |
| 777 #endif |
698 octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN); | 778 octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN); |
699 if (stat) { | 779 if (stat) { |
700 return err_status_init_fail; | 780 return srtp_err_status_init_fail; |
701 } | 781 } |
702 } else { | 782 } else { |
703 /* Reuse main KDF. */ | 783 /* Reuse main KDF. */ |
704 rtp_xtn_hdr_keylen = rtp_keylen; | 784 rtp_xtn_hdr_keylen = rtp_keylen; |
705 rtp_xtn_hdr_base_key_len = rtp_base_key_len; | 785 rtp_xtn_hdr_base_key_len = rtp_base_key_len; |
706 rtp_xtn_hdr_salt_len = rtp_salt_len; | 786 rtp_xtn_hdr_salt_len = rtp_salt_len; |
707 xtn_hdr_kdf = &kdf; | 787 xtn_hdr_kdf = &kdf; |
708 } | 788 } |
709 | 789 |
710 stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_encryption, | 790 stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_encryption, |
711 tmp_key, rtp_xtn_hdr_base_key_len); | 791 tmp_key, rtp_xtn_hdr_base_key_len); |
712 if (stat) { | 792 if (stat) { |
713 /* zeroize temp buffer */ | 793 /* zeroize temp buffer */ |
714 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 794 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
715 return err_status_init_fail; | 795 return srtp_err_status_init_fail; |
716 } | 796 } |
717 debug_print(mod_srtp, "extensions cipher key: %s", | 797 debug_print(mod_srtp, "extensions cipher key: %s", |
718 octet_string_hex_string(tmp_key, rtp_xtn_hdr_base_key_len)); | 798 srtp_octet_string_hex_string(tmp_key, rtp_xtn_hdr_base_key_len)); |
719 | 799 |
720 /* | 800 /* |
721 * if the cipher in the srtp context uses a salt, then we need | 801 * if the cipher in the srtp context uses a salt, then we need |
722 * to generate the salt value | 802 * to generate the salt value |
723 */ | 803 */ |
724 if (rtp_xtn_hdr_salt_len > 0) { | 804 if (rtp_xtn_hdr_salt_len > 0) { |
725 debug_print(mod_srtp, "found rtp_xtn_hdr_salt_len > 0, generating salt", N
ULL); | 805 debug_print(mod_srtp, "found rtp_xtn_hdr_salt_len > 0, generating salt", N
ULL); |
726 | 806 |
727 /* generate encryption salt, put after encryption key */ | 807 /* generate encryption salt, put after encryption key */ |
728 stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_salt, | 808 stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_salt, |
729 tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); | 809 tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); |
730 if (stat) { | 810 if (stat) { |
731 /* zeroize temp buffer */ | 811 /* zeroize temp buffer */ |
732 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 812 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
733 return err_status_init_fail; | 813 return srtp_err_status_init_fail; |
734 } | 814 } |
735 } | 815 } |
736 if (rtp_xtn_hdr_salt_len > 0) { | 816 if (rtp_xtn_hdr_salt_len > 0) { |
737 debug_print(mod_srtp, "extensions cipher salt: %s", | 817 debug_print(mod_srtp, "extensions cipher salt: %s", |
738 octet_string_hex_string(tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_sa
lt_len)); | 818 srtp_octet_string_hex_string(tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_h
dr_salt_len)); |
739 } | 819 } |
740 | 820 |
741 /* initialize extensions header cipher */ | 821 /* initialize extensions header cipher */ |
742 stat = cipher_init(srtp->rtp_xtn_hdr_cipher, tmp_key); | 822 stat = srtp_cipher_init(srtp->rtp_xtn_hdr_cipher, tmp_key); |
743 if (stat) { | 823 if (stat) { |
744 /* zeroize temp buffer */ | 824 /* zeroize temp buffer */ |
745 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 825 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
746 return err_status_init_fail; | 826 return srtp_err_status_init_fail; |
747 } | 827 } |
748 | 828 |
749 if (xtn_hdr_kdf != &kdf) { | 829 if (xtn_hdr_kdf != &kdf) { |
750 /* release memory for custom header extension encryption kdf */ | 830 /* release memory for custom header extension encryption kdf */ |
751 stat = srtp_kdf_clear(xtn_hdr_kdf); | 831 stat = srtp_kdf_clear(xtn_hdr_kdf); |
752 if (stat) { | 832 if (stat) { |
753 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 833 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
754 return err_status_init_fail; | 834 return srtp_err_status_init_fail; |
755 } | 835 } |
756 } | 836 } |
757 } | 837 } |
758 | 838 |
759 /* generate authentication key */ | 839 /* generate authentication key */ |
760 stat = srtp_kdf_generate(&kdf, label_rtp_msg_auth, | 840 stat = srtp_kdf_generate(&kdf, label_rtp_msg_auth, |
761 » » » tmp_key, auth_get_key_length(srtp->rtp_auth)); | 841 » » » tmp_key, srtp_auth_get_key_length(srtp->rtp_auth)); |
762 if (stat) { | 842 if (stat) { |
763 /* zeroize temp buffer */ | 843 /* zeroize temp buffer */ |
764 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 844 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
765 return err_status_init_fail; | 845 return srtp_err_status_init_fail; |
766 } | 846 } |
767 debug_print(mod_srtp, "auth key: %s", | 847 debug_print(mod_srtp, "auth key: %s", |
768 » octet_string_hex_string(tmp_key, | 848 » srtp_octet_string_hex_string(tmp_key, |
769 » » » » auth_get_key_length(srtp->rtp_auth))); | 849 » » » » srtp_auth_get_key_length(srtp->rtp_auth)))
; |
770 | 850 |
771 /* initialize auth function */ | 851 /* initialize auth function */ |
772 stat = auth_init(srtp->rtp_auth, tmp_key); | 852 stat = srtp_auth_init(srtp->rtp_auth, tmp_key); |
773 if (stat) { | 853 if (stat) { |
774 /* zeroize temp buffer */ | 854 /* zeroize temp buffer */ |
775 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 855 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
776 return err_status_init_fail; | 856 return srtp_err_status_init_fail; |
777 } | 857 } |
778 | 858 |
779 /* | 859 /* |
780 * ...now initialize SRTCP keys | 860 * ...now initialize SRTCP keys |
781 */ | 861 */ |
782 | 862 |
783 rtcp_base_key_len = base_key_length(srtp->rtcp_cipher->type, rtcp_keylen); | 863 rtcp_base_key_len = base_key_length(srtp->rtcp_cipher->type, rtcp_keylen); |
784 rtcp_salt_len = rtcp_keylen - rtcp_base_key_len; | 864 rtcp_salt_len = rtcp_keylen - rtcp_base_key_len; |
785 debug_print(mod_srtp, "rtcp salt len: %d", rtcp_salt_len); | 865 debug_print(mod_srtp, "rtcp salt len: %d", rtcp_salt_len); |
786 | 866 |
787 /* generate encryption key */ | 867 /* generate encryption key */ |
788 stat = srtp_kdf_generate(&kdf, label_rtcp_encryption, | 868 stat = srtp_kdf_generate(&kdf, label_rtcp_encryption, |
789 tmp_key, rtcp_base_key_len); | 869 tmp_key, rtcp_base_key_len); |
790 if (stat) { | 870 if (stat) { |
791 /* zeroize temp buffer */ | 871 /* zeroize temp buffer */ |
792 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 872 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
793 return err_status_init_fail; | 873 return srtp_err_status_init_fail; |
794 } | 874 } |
795 | 875 |
796 /* | 876 /* |
797 * if the cipher in the srtp context uses a salt, then we need | 877 * if the cipher in the srtp context uses a salt, then we need |
798 * to generate the salt value | 878 * to generate the salt value |
799 */ | 879 */ |
800 if (rtcp_salt_len > 0) { | 880 if (rtcp_salt_len > 0) { |
801 debug_print(mod_srtp, "found rtcp_salt_len > 0, generating rtcp salt", | 881 debug_print(mod_srtp, "found rtcp_salt_len > 0, generating rtcp salt", |
802 NULL); | 882 NULL); |
803 | 883 |
804 /* generate encryption salt, put after encryption key */ | 884 /* generate encryption salt, put after encryption key */ |
805 stat = srtp_kdf_generate(&kdf, label_rtcp_salt, | 885 stat = srtp_kdf_generate(&kdf, label_rtcp_salt, |
806 tmp_key + rtcp_base_key_len, rtcp_salt_len); | 886 tmp_key + rtcp_base_key_len, rtcp_salt_len); |
807 if (stat) { | 887 if (stat) { |
808 /* zeroize temp buffer */ | 888 /* zeroize temp buffer */ |
809 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 889 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
810 return err_status_init_fail; | 890 return srtp_err_status_init_fail; |
811 } | 891 } |
812 memcpy(srtp->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN); | 892 memcpy(srtp->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN); |
813 } | 893 } |
814 debug_print(mod_srtp, "rtcp cipher key: %s", | 894 debug_print(mod_srtp, "rtcp cipher key: %s", |
815 » octet_string_hex_string(tmp_key, rtcp_base_key_len)); | 895 » srtp_octet_string_hex_string(tmp_key, rtcp_base_key_len)); |
816 if (rtcp_salt_len > 0) { | 896 if (rtcp_salt_len > 0) { |
817 debug_print(mod_srtp, "rtcp cipher salt: %s", | 897 debug_print(mod_srtp, "rtcp cipher salt: %s", |
818 » » octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_salt_l
en)); | 898 » » srtp_octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_s
alt_len)); |
819 } | 899 } |
820 | 900 |
821 /* initialize cipher */ | 901 /* initialize cipher */ |
822 stat = cipher_init(srtp->rtcp_cipher, tmp_key); | 902 stat = srtp_cipher_init(srtp->rtcp_cipher, tmp_key); |
823 if (stat) { | 903 if (stat) { |
824 /* zeroize temp buffer */ | 904 /* zeroize temp buffer */ |
825 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 905 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
826 return err_status_init_fail; | 906 return srtp_err_status_init_fail; |
827 } | 907 } |
828 | 908 |
829 /* generate authentication key */ | 909 /* generate authentication key */ |
830 stat = srtp_kdf_generate(&kdf, label_rtcp_msg_auth, | 910 stat = srtp_kdf_generate(&kdf, label_rtcp_msg_auth, |
831 » » » tmp_key, auth_get_key_length(srtp->rtcp_auth)); | 911 » » » tmp_key, srtp_auth_get_key_length(srtp->rtcp_auth)); |
832 if (stat) { | 912 if (stat) { |
833 /* zeroize temp buffer */ | 913 /* zeroize temp buffer */ |
834 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 914 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
835 return err_status_init_fail; | 915 return srtp_err_status_init_fail; |
836 } | 916 } |
837 | 917 |
838 debug_print(mod_srtp, "rtcp auth key: %s", | 918 debug_print(mod_srtp, "rtcp auth key: %s", |
839 » octet_string_hex_string(tmp_key, | 919 » srtp_octet_string_hex_string(tmp_key, |
840 » » auth_get_key_length(srtp->rtcp_auth))); | 920 » » srtp_auth_get_key_length(srtp->rtcp_auth))); |
841 | 921 |
842 /* initialize auth function */ | 922 /* initialize auth function */ |
843 stat = auth_init(srtp->rtcp_auth, tmp_key); | 923 stat = srtp_auth_init(srtp->rtcp_auth, tmp_key); |
844 if (stat) { | 924 if (stat) { |
845 /* zeroize temp buffer */ | 925 /* zeroize temp buffer */ |
846 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 926 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
847 return err_status_init_fail; | 927 return srtp_err_status_init_fail; |
848 } | 928 } |
849 | 929 |
850 /* clear memory then return */ | 930 /* clear memory then return */ |
851 stat = srtp_kdf_clear(&kdf); | 931 stat = srtp_kdf_clear(&kdf); |
852 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); | 932 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
853 if (stat) | 933 if (stat) |
854 return err_status_init_fail; | 934 return srtp_err_status_init_fail; |
855 | 935 |
856 return err_status_ok; | 936 return srtp_err_status_ok; |
857 } | 937 } |
858 | 938 |
859 err_status_t | 939 srtp_err_status_t |
860 srtp_stream_init(srtp_stream_ctx_t *srtp, | 940 srtp_stream_init(srtp_stream_ctx_t *srtp, |
861 const srtp_policy_t *p) { | 941 const srtp_policy_t *p) { |
862 err_status_t err; | 942 srtp_err_status_t err; |
863 | 943 |
864 debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)", | 944 debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)", |
865 p->ssrc.value); | 945 p->ssrc.value); |
866 | 946 |
867 /* initialize replay database */ | 947 /* initialize replay database */ |
868 /* window size MUST be at least 64. MAY be larger. Values more than | 948 /* window size MUST be at least 64. MAY be larger. Values more than |
869 * 2^15 aren't meaningful due to how extended sequence numbers are | 949 * 2^15 aren't meaningful due to how extended sequence numbers are |
870 * calculated. Let a window size of 0 imply the default value. */ | 950 * calculated. Let a window size of 0 imply the default value. */ |
871 | 951 |
872 if (p->window_size != 0 && (p->window_size < 64 || p->window_size >= 0x8000)) | 952 if (p->window_size != 0 && (p->window_size < 64 || p->window_size >= 0x8000)) |
873 return err_status_bad_param; | 953 return srtp_err_status_bad_param; |
874 | 954 |
875 if (p->window_size != 0) | 955 if (p->window_size != 0) |
876 err = rdbx_init(&srtp->rtp_rdbx, p->window_size); | 956 err = srtp_rdbx_init(&srtp->rtp_rdbx, p->window_size); |
877 else | 957 else |
878 err = rdbx_init(&srtp->rtp_rdbx, 128); | 958 err = srtp_rdbx_init(&srtp->rtp_rdbx, 128); |
879 if (err) return err; | 959 if (err) return err; |
880 | 960 |
881 /* initialize key limit to maximum value */ | 961 /* initialize key limit to maximum value */ |
882 #ifdef NO_64BIT_MATH | 962 #ifdef NO_64BIT_MATH |
883 { | 963 { |
884 uint64_t temp; | 964 uint64_t temp; |
885 temp = make64(UINT_MAX,UINT_MAX); | 965 temp = make64(UINT_MAX,UINT_MAX); |
886 key_limit_set(srtp->limit, temp); | 966 srtp_key_limit_set(srtp->limit, temp); |
887 } | 967 } |
888 #else | 968 #else |
889 key_limit_set(srtp->limit, 0xffffffffffffLL); | 969 srtp_key_limit_set(srtp->limit, 0xffffffffffffLL); |
890 #endif | 970 #endif |
891 | 971 |
892 /* set the SSRC value */ | 972 /* set the SSRC value */ |
893 srtp->ssrc = htonl(p->ssrc.value); | 973 srtp->ssrc = htonl(p->ssrc.value); |
894 | 974 |
895 /* set the security service flags */ | 975 /* set the security service flags */ |
896 srtp->rtp_services = p->rtp.sec_serv; | 976 srtp->rtp_services = p->rtp.sec_serv; |
897 srtp->rtcp_services = p->rtcp.sec_serv; | 977 srtp->rtcp_services = p->rtcp.sec_serv; |
898 | 978 |
899 /* | 979 /* |
900 * set direction to unknown - this flag gets checked in srtp_protect(), | 980 * set direction to unknown - this flag gets checked in srtp_protect(), |
901 * srtp_unprotect(), srtp_protect_rtcp(), and srtp_unprotect_rtcp(), and | 981 * srtp_unprotect(), srtp_protect_rtcp(), and srtp_unprotect_rtcp(), and |
902 * gets set appropriately if it is set to unknown. | 982 * gets set appropriately if it is set to unknown. |
903 */ | 983 */ |
904 srtp->direction = dir_unknown; | 984 srtp->direction = dir_unknown; |
905 | 985 |
906 /* initialize SRTCP replay database */ | 986 /* initialize SRTCP replay database */ |
907 rdb_init(&srtp->rtcp_rdb); | 987 srtp_rdb_init(&srtp->rtcp_rdb); |
908 | 988 |
909 /* initialize allow_repeat_tx */ | 989 /* initialize allow_repeat_tx */ |
910 /* guard against uninitialized memory: allow only 0 or 1 here */ | 990 /* guard against uninitialized memory: allow only 0 or 1 here */ |
911 if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) { | 991 if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) { |
912 rdbx_dealloc(&srtp->rtp_rdbx); | 992 srtp_rdbx_dealloc(&srtp->rtp_rdbx); |
913 return err_status_bad_param; | 993 return srtp_err_status_bad_param; |
914 } | 994 } |
915 srtp->allow_repeat_tx = p->allow_repeat_tx; | 995 srtp->allow_repeat_tx = p->allow_repeat_tx; |
916 | 996 |
917 /* DAM - no RTCP key limit at present */ | 997 /* DAM - no RTCP key limit at present */ |
918 | 998 |
919 /* initialize keys */ | 999 /* initialize keys */ |
920 err = srtp_stream_init_keys(srtp, p->key); | 1000 err = srtp_stream_init_keys(srtp, p->key); |
921 if (err) { | 1001 if (err) { |
922 rdbx_dealloc(&srtp->rtp_rdbx); | 1002 srtp_rdbx_dealloc(&srtp->rtp_rdbx); |
923 return err; | 1003 return err; |
924 } | 1004 } |
925 | 1005 |
926 /* | 1006 /* |
927 * if EKT is in use, then initialize the EKT data associated with | 1007 * if EKT is in use, then initialize the EKT data associated with |
928 * the stream | 1008 * the stream |
929 */ | 1009 */ |
930 err = ekt_stream_init_from_policy(srtp->ekt, p->ekt); | 1010 err = srtp_ekt_stream_init_from_policy(srtp->ekt, p->ekt); |
931 if (err) { | 1011 if (err) { |
932 rdbx_dealloc(&srtp->rtp_rdbx); | 1012 srtp_rdbx_dealloc(&srtp->rtp_rdbx); |
933 return err; | 1013 return err; |
934 } | 1014 } |
935 | 1015 |
936 return err_status_ok; | 1016 return srtp_err_status_ok; |
937 } | 1017 } |
938 | 1018 |
939 | 1019 |
940 /* | 1020 /* |
941 * srtp_event_reporter is an event handler function that merely | 1021 * srtp_event_reporter is an event handler function that merely |
942 * reports the events that are reported by the callbacks | 1022 * reports the events that are reported by the callbacks |
943 */ | 1023 */ |
944 | 1024 |
945 void | 1025 void |
946 srtp_event_reporter(srtp_event_data_t *data) { | 1026 srtp_event_reporter(srtp_event_data_t *data) { |
947 | 1027 |
948 err_report(err_level_warning, "srtp: in stream 0x%x: ", | 1028 srtp_err_report(srtp_err_level_warning, "srtp: in stream 0x%x: ", |
949 data->stream->ssrc); | 1029 data->stream->ssrc); |
950 | 1030 |
951 switch(data->event) { | 1031 switch(data->event) { |
952 case event_ssrc_collision: | 1032 case event_ssrc_collision: |
953 err_report(err_level_warning, "\tSSRC collision\n"); | 1033 srtp_err_report(srtp_err_level_warning, "\tSSRC collision\n"); |
954 break; | 1034 break; |
955 case event_key_soft_limit: | 1035 case event_key_soft_limit: |
956 err_report(err_level_warning, "\tkey usage soft limit reached\n"); | 1036 srtp_err_report(srtp_err_level_warning, "\tkey usage soft limit reached\n")
; |
957 break; | 1037 break; |
958 case event_key_hard_limit: | 1038 case event_key_hard_limit: |
959 err_report(err_level_warning, "\tkey usage hard limit reached\n"); | 1039 srtp_err_report(srtp_err_level_warning, "\tkey usage hard limit reached\n")
; |
960 break; | 1040 break; |
961 case event_packet_index_limit: | 1041 case event_packet_index_limit: |
962 err_report(err_level_warning, "\tpacket index limit reached\n"); | 1042 srtp_err_report(srtp_err_level_warning, "\tpacket index limit reached\n"); |
963 break; | 1043 break; |
964 default: | 1044 default: |
965 err_report(err_level_warning, "\tunknown event reported to handler\n"); | 1045 srtp_err_report(srtp_err_level_warning, "\tunknown event reported to handle
r\n"); |
966 } | 1046 } |
967 } | 1047 } |
968 | 1048 |
969 /* | 1049 /* |
970 * srtp_event_handler is a global variable holding a pointer to the | 1050 * srtp_event_handler is a global variable holding a pointer to the |
971 * event handler function; this function is called for any unexpected | 1051 * event handler function; this function is called for any unexpected |
972 * event that needs to be handled out of the SRTP data path. see | 1052 * event that needs to be handled out of the SRTP data path. see |
973 * srtp_event_t in srtp.h for more info | 1053 * srtp_event_t in srtp.h for more info |
974 * | 1054 * |
975 * it is okay to set srtp_event_handler to NULL, but we set | 1055 * it is okay to set srtp_event_handler to NULL, but we set |
976 * it to the srtp_event_reporter. | 1056 * it to the srtp_event_reporter. |
977 */ | 1057 */ |
978 | 1058 |
979 static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter; | 1059 static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter; |
980 | 1060 |
981 err_status_t | 1061 srtp_err_status_t |
982 srtp_install_event_handler(srtp_event_handler_func_t func) { | 1062 srtp_install_event_handler(srtp_event_handler_func_t func) { |
983 | 1063 |
984 /* | 1064 /* |
985 * note that we accept NULL arguments intentionally - calling this | 1065 * note that we accept NULL arguments intentionally - calling this |
986 * function with a NULL arguments removes an event handler that's | 1066 * function with a NULL arguments removes an event handler that's |
987 * been previously installed | 1067 * been previously installed |
988 */ | 1068 */ |
989 | 1069 |
990 /* set global event handling function */ | 1070 /* set global event handling function */ |
991 srtp_event_handler = func; | 1071 srtp_event_handler = func; |
992 return err_status_ok; | 1072 return srtp_err_status_ok; |
993 } | 1073 } |
994 | 1074 |
995 | 1075 |
996 /* | 1076 /* |
997 * Check if the given extension header id is / should be encrypted. | 1077 * Check if the given extension header id is / should be encrypted. |
998 * Returns 1 if yes, otherwise 0. | 1078 * Returns 1 if yes, otherwise 0. |
999 */ | 1079 */ |
1000 static int | 1080 static int |
1001 srtp_protect_extension_header(srtp_stream_ctx_t *stream, int id) { | 1081 srtp_protect_extension_header(srtp_stream_ctx_t *stream, int id) { |
1002 int* enc_xtn_hdr = stream->enc_xtn_hdr; | 1082 int* enc_xtn_hdr = stream->enc_xtn_hdr; |
1003 int count = stream->enc_xtn_hdr_count; | 1083 int count = stream->enc_xtn_hdr_count; |
1004 | 1084 |
1005 if (!enc_xtn_hdr || count <= 0) { | 1085 if (!enc_xtn_hdr || count <= 0) { |
1006 return 0; | 1086 return 0; |
1007 } | 1087 } |
1008 | 1088 |
1009 while (count > 0) { | 1089 while (count > 0) { |
1010 if (*enc_xtn_hdr == id) { | 1090 if (*enc_xtn_hdr == id) { |
1011 return 1; | 1091 return 1; |
1012 } | 1092 } |
1013 | 1093 |
1014 enc_xtn_hdr++; | 1094 enc_xtn_hdr++; |
1015 count--; | 1095 count--; |
1016 } | 1096 } |
1017 return 0; | 1097 return 0; |
1018 } | 1098 } |
1019 | 1099 |
1020 | 1100 |
1021 /* | 1101 /* |
1022 + * extensions header encryption RFC 6904 | 1102 * extensions header encryption RFC 6904 |
1023 */ | 1103 */ |
1024 static err_status_t | 1104 static srtp_err_status_t |
1025 srtp_process_header_encryption(srtp_stream_ctx_t *stream, srtp_hdr_xtnd_t *xtn_h
dr) { | 1105 srtp_process_header_encryption(srtp_stream_ctx_t *stream, srtp_hdr_xtnd_t *xtn_h
dr) { |
1026 err_status_t status; | 1106 srtp_err_status_t status; |
1027 uint8_t keystream[257]; /* Maximum 2 bytes header + 255 bytes data. */ | 1107 uint8_t keystream[257]; /* Maximum 2 bytes header + 255 bytes data. */ |
1028 int keystream_pos; | 1108 int keystream_pos; |
1029 uint8_t* xtn_hdr_data = ((uint8_t *)xtn_hdr) + octets_in_rtp_extn_hdr; | 1109 uint8_t* xtn_hdr_data = ((uint8_t *)xtn_hdr) + octets_in_rtp_extn_hdr; |
1030 uint8_t* xtn_hdr_end = xtn_hdr_data + (ntohs(xtn_hdr->length) * sizeof(uint32_
t)); | 1110 uint8_t* xtn_hdr_end = xtn_hdr_data + (ntohs(xtn_hdr->length) * sizeof(uint32_
t)); |
1031 | 1111 |
1032 if (ntohs(xtn_hdr->profile_specific) == 0xbede) { | 1112 if (ntohs(xtn_hdr->profile_specific) == 0xbede) { |
1033 /* RFC 5285, section 4.2. One-Byte Header */ | 1113 /* RFC 5285, section 4.2. One-Byte Header */ |
1034 while (xtn_hdr_data < xtn_hdr_end) { | 1114 while (xtn_hdr_data < xtn_hdr_end) { |
1035 uint8_t xid = (*xtn_hdr_data & 0xf0) >> 4; | 1115 uint8_t xid = (*xtn_hdr_data & 0xf0) >> 4; |
1036 unsigned int xlen = (*xtn_hdr_data & 0x0f) + 1; | 1116 unsigned int xlen = (*xtn_hdr_data & 0x0f) + 1; |
1037 uint32_t xlen_with_header = 1+xlen; | 1117 uint32_t xlen_with_header = 1+xlen; |
1038 xtn_hdr_data++; | 1118 xtn_hdr_data++; |
1039 | 1119 |
1040 if (xtn_hdr_data + xlen > xtn_hdr_end) | 1120 if (xtn_hdr_data + xlen > xtn_hdr_end) |
1041 return err_status_parse_err; | 1121 return srtp_err_status_parse_err; |
1042 | 1122 |
1043 if (xid == 15) { | 1123 if (xid == 15) { |
1044 /* found header 15, stop further processing. */ | 1124 /* found header 15, stop further processing. */ |
1045 break; | 1125 break; |
1046 } | 1126 } |
1047 | 1127 |
1048 status = cipher_output(stream->rtp_xtn_hdr_cipher, keystream, xlen_with_he
ader); | 1128 status = srtp_cipher_output(stream->rtp_xtn_hdr_cipher, keystream, &xlen_w
ith_header); |
1049 if (status) | 1129 if (status) |
1050 return err_status_cipher_fail; | 1130 return srtp_err_status_cipher_fail; |
1051 | 1131 |
1052 if (srtp_protect_extension_header(stream, xid)) { | 1132 if (srtp_protect_extension_header(stream, xid)) { |
1053 keystream_pos = 1; | 1133 keystream_pos = 1; |
1054 while (xlen > 0) { | 1134 while (xlen > 0) { |
1055 *xtn_hdr_data ^= keystream[keystream_pos++]; | 1135 *xtn_hdr_data ^= keystream[keystream_pos++]; |
1056 xtn_hdr_data++; | 1136 xtn_hdr_data++; |
1057 xlen--; | 1137 xlen--; |
1058 } | 1138 } |
1059 } else { | 1139 } else { |
1060 xtn_hdr_data += xlen; | 1140 xtn_hdr_data += xlen; |
1061 } | 1141 } |
1062 | 1142 |
1063 /* skip padding bytes. */ | 1143 /* skip padding bytes. */ |
1064 while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { | 1144 while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { |
1065 xtn_hdr_data++; | 1145 xtn_hdr_data++; |
1066 } | 1146 } |
1067 } | 1147 } |
1068 } else if ((ntohs(xtn_hdr->profile_specific) & 0x1fff) == 0x100) { | 1148 } else if ((ntohs(xtn_hdr->profile_specific) & 0x1fff) == 0x100) { |
1069 /* RFC 5285, section 4.3. Two-Byte Header */ | 1149 /* RFC 5285, section 4.3. Two-Byte Header */ |
1070 while (xtn_hdr_data + 1 < xtn_hdr_end) { | 1150 while (xtn_hdr_data + 1 < xtn_hdr_end) { |
1071 uint8_t xid = *xtn_hdr_data; | 1151 uint8_t xid = *xtn_hdr_data; |
1072 unsigned int xlen = *(xtn_hdr_data+1); | 1152 unsigned int xlen = *(xtn_hdr_data+1); |
1073 uint32_t xlen_with_header = 2+xlen; | 1153 uint32_t xlen_with_header = 2+xlen; |
1074 xtn_hdr_data += 2; | 1154 xtn_hdr_data += 2; |
1075 | 1155 |
1076 if (xtn_hdr_data + xlen > xtn_hdr_end) | 1156 if (xtn_hdr_data + xlen > xtn_hdr_end) |
1077 return err_status_parse_err; | 1157 return srtp_err_status_parse_err; |
1078 | 1158 |
1079 status = cipher_output(stream->rtp_xtn_hdr_cipher, keystream, xlen_with_he
ader); | 1159 status = srtp_cipher_output(stream->rtp_xtn_hdr_cipher, keystream, &xlen_w
ith_header); |
1080 if (status) | 1160 if (status) |
1081 return err_status_cipher_fail; | 1161 return srtp_err_status_cipher_fail; |
1082 | 1162 |
1083 if (xlen > 0 && srtp_protect_extension_header(stream, xid)) { | 1163 if (xlen > 0 && srtp_protect_extension_header(stream, xid)) { |
1084 keystream_pos = 2; | 1164 keystream_pos = 2; |
1085 while (xlen > 0) { | 1165 while (xlen > 0) { |
1086 *xtn_hdr_data ^= keystream[keystream_pos++]; | 1166 *xtn_hdr_data ^= keystream[keystream_pos++]; |
1087 xtn_hdr_data++; | 1167 xtn_hdr_data++; |
1088 xlen--; | 1168 xlen--; |
1089 } | 1169 } |
1090 } else { | 1170 } else { |
1091 xtn_hdr_data += xlen; | 1171 xtn_hdr_data += xlen; |
1092 } | 1172 } |
1093 | 1173 |
1094 /* skip padding bytes. */ | 1174 /* skip padding bytes. */ |
1095 while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { | 1175 while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { |
1096 xtn_hdr_data++; | 1176 xtn_hdr_data++; |
1097 } | 1177 } |
1098 } | 1178 } |
1099 } else { | 1179 } else { |
1100 /* unsupported extension header format. */ | 1180 /* unsupported extension header format. */ |
1101 return err_status_parse_err; | 1181 return srtp_err_status_parse_err; |
1102 } | 1182 } |
1103 | 1183 |
1104 return err_status_ok; | 1184 return srtp_err_status_ok; |
1105 } | 1185 } |
1106 | 1186 |
1107 | 1187 |
1108 /* | 1188 /* |
1109 * AEAD uses a new IV formation method. This function implements | 1189 * AEAD uses a new IV formation method. This function implements |
1110 * section 9.1 from draft-ietf-avtcore-srtp-aes-gcm-07.txt. The | 1190 * section 9.1 from draft-ietf-avtcore-srtp-aes-gcm-07.txt. The |
1111 * calculation is defined as, where (+) is the xor operation: | 1191 * calculation is defined as, where (+) is the xor operation: |
1112 * | 1192 * |
1113 * | 1193 * |
1114 * 0 0 0 0 0 0 0 0 0 0 1 1 | 1194 * 0 0 0 0 0 0 0 0 0 0 1 1 |
(...skipping 12 matching lines...) Expand all Loading... |
1127 * | 1207 * |
1128 * Input: *stream - pointer to SRTP stream context, used to retrieve | 1208 * Input: *stream - pointer to SRTP stream context, used to retrieve |
1129 * the SALT | 1209 * the SALT |
1130 * *iv - Pointer to receive the calculated IV | 1210 * *iv - Pointer to receive the calculated IV |
1131 * *seq - The ROC and SEQ value to use for the | 1211 * *seq - The ROC and SEQ value to use for the |
1132 * IV calculation. | 1212 * IV calculation. |
1133 * *hdr - The RTP header, used to get the SSRC value | 1213 * *hdr - The RTP header, used to get the SSRC value |
1134 * | 1214 * |
1135 */ | 1215 */ |
1136 static void srtp_calc_aead_iv(srtp_stream_ctx_t *stream, v128_t *iv, | 1216 static void srtp_calc_aead_iv(srtp_stream_ctx_t *stream, v128_t *iv, |
1137 » xtd_seq_num_t *seq, srtp_hdr_t *hdr) | 1217 » srtp_xtd_seq_num_t *seq, srtp_hdr_t *hdr) |
1138 { | 1218 { |
1139 v128_t in; | 1219 v128_t in; |
1140 v128_t salt; | 1220 v128_t salt; |
1141 | 1221 |
1142 #ifdef NO_64BIT_MATH | 1222 #ifdef NO_64BIT_MATH |
1143 uint32_t local_roc = ((high32(*seq) << 16) | | 1223 uint32_t local_roc = ((high32(*seq) << 16) | |
1144 (low32(*seq) >> 16)); | 1224 (low32(*seq) >> 16)); |
1145 uint16_t local_seq = (uint16_t) (low32(*seq)); | 1225 uint16_t local_seq = (uint16_t) (low32(*seq)); |
1146 #else | 1226 #else |
1147 uint32_t local_roc = (uint32_t)(*seq >> 16); | 1227 uint32_t local_roc = (uint32_t)(*seq >> 16); |
(...skipping 24 matching lines...) Expand all Loading... |
1172 */ | 1252 */ |
1173 v128_xor(iv, &in, &salt); | 1253 v128_xor(iv, &in, &salt); |
1174 } | 1254 } |
1175 | 1255 |
1176 | 1256 |
1177 /* | 1257 /* |
1178 * This function handles outgoing SRTP packets while in AEAD mode, | 1258 * This function handles outgoing SRTP packets while in AEAD mode, |
1179 * which currently supports AES-GCM encryption. All packets are | 1259 * which currently supports AES-GCM encryption. All packets are |
1180 * encrypted and authenticated. | 1260 * encrypted and authenticated. |
1181 */ | 1261 */ |
1182 static err_status_t | 1262 static srtp_err_status_t |
1183 srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, | 1263 srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, |
1184 void *rtp_hdr, unsigned int *pkt_octet_len) | 1264 void *rtp_hdr, unsigned int *pkt_octet_len) |
1185 { | 1265 { |
1186 srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr; | 1266 srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr; |
1187 uint32_t *enc_start; /* pointer to start of encrypted portion */ | 1267 uint32_t *enc_start; /* pointer to start of encrypted portion */ |
1188 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ | 1268 int enc_octet_len = 0; /* number of octets in encrypted portion */ |
1189 xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ | 1269 srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr *
/ |
1190 int delta; /* delta of local pkt idx and that in hdr */ | 1270 int delta; /* delta of local pkt idx and that in hdr */ |
1191 err_status_t status; | 1271 srtp_err_status_t status; |
1192 int tag_len; | 1272 uint32_t tag_len; |
1193 v128_t iv; | 1273 v128_t iv; |
1194 unsigned int aad_len; | 1274 unsigned int aad_len; |
1195 srtp_hdr_xtnd_t *xtn_hdr = NULL; | 1275 srtp_hdr_xtnd_t *xtn_hdr = NULL; |
1196 | 1276 |
1197 debug_print(mod_srtp, "function srtp_protect_aead", NULL); | 1277 debug_print(mod_srtp, "function srtp_protect_aead", NULL); |
1198 | 1278 |
1199 /* | 1279 /* |
1200 * update the key usage limit, and check it to make sure that we | 1280 * update the key usage limit, and check it to make sure that we |
1201 * didn't just hit either the soft limit or the hard limit, and call | 1281 * didn't just hit either the soft limit or the hard limit, and call |
1202 * the event handler if we hit either. | 1282 * the event handler if we hit either. |
1203 */ | 1283 */ |
1204 switch (key_limit_update(stream->limit)) { | 1284 switch (srtp_key_limit_update(stream->limit)) { |
1205 case key_event_normal: | 1285 case srtp_key_event_normal: |
1206 break; | 1286 break; |
1207 case key_event_hard_limit: | 1287 case srtp_key_event_hard_limit: |
1208 srtp_handle_event(ctx, stream, event_key_hard_limit); | 1288 srtp_handle_event(ctx, stream, event_key_hard_limit); |
1209 return err_status_key_expired; | 1289 return srtp_err_status_key_expired; |
1210 case key_event_soft_limit: | 1290 case srtp_key_event_soft_limit: |
1211 default: | 1291 default: |
1212 srtp_handle_event(ctx, stream, event_key_soft_limit); | 1292 srtp_handle_event(ctx, stream, event_key_soft_limit); |
1213 break; | 1293 break; |
1214 } | 1294 } |
1215 | 1295 |
1216 /* get tag length from stream */ | 1296 /* get tag length from stream */ |
1217 tag_len = auth_get_tag_length(stream->rtp_auth); | 1297 tag_len = srtp_auth_get_tag_length(stream->rtp_auth); |
1218 | 1298 |
1219 /* | 1299 /* |
1220 * find starting point for encryption and length of data to be | 1300 * find starting point for encryption and length of data to be |
1221 * encrypted - the encrypted portion starts after the rtp header | 1301 * encrypted - the encrypted portion starts after the rtp header |
1222 * extension, if present; otherwise, it starts after the last csrc, | 1302 * extension, if present; otherwise, it starts after the last csrc, |
1223 * if any are present | 1303 * if any are present |
1224 */ | 1304 */ |
1225 enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc; | 1305 enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc; |
1226 if (hdr->x == 1) { | 1306 if (hdr->x == 1) { |
1227 xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; | 1307 xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; |
1228 enc_start += (ntohs(xtn_hdr->length) + 1); | 1308 enc_start += (ntohs(xtn_hdr->length) + 1); |
1229 } | 1309 } |
| 1310 /* note: the passed size is without the auth tag */ |
1230 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) | 1311 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) |
1231 return err_status_parse_err; | 1312 return srtp_err_status_parse_err; |
1232 enc_octet_len = (unsigned int)(*pkt_octet_len - | 1313 enc_octet_len = (int)(*pkt_octet_len - |
1233 ((uint8_t*)enc_start - (uint8_t*)hdr)); | 1314 ((uint8_t*)enc_start - (uint8_t*)hdr)); |
| 1315 if (enc_octet_len < 0) return srtp_err_status_parse_err; |
1234 | 1316 |
1235 /* | 1317 /* |
1236 * estimate the packet index using the start of the replay window | 1318 * estimate the packet index using the start of the replay window |
1237 * and the sequence number from the header | 1319 * and the sequence number from the header |
1238 */ | 1320 */ |
1239 delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); | 1321 delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); |
1240 status = rdbx_check(&stream->rtp_rdbx, delta); | 1322 status = srtp_rdbx_check(&stream->rtp_rdbx, delta); |
1241 if (status) { | 1323 if (status) { |
1242 » if (status != err_status_replay_fail || !stream->allow_repeat_tx) { | 1324 » if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) { |
1243 return status; /* we've been asked to reuse an index */ | 1325 return status; /* we've been asked to reuse an index */ |
1244 } | 1326 } |
1245 } else { | 1327 } else { |
1246 » rdbx_add_index(&stream->rtp_rdbx, delta); | 1328 » srtp_rdbx_add_index(&stream->rtp_rdbx, delta); |
1247 } | 1329 } |
1248 | 1330 |
1249 #ifdef NO_64BIT_MATH | 1331 #ifdef NO_64BIT_MATH |
1250 debug_print2(mod_srtp, "estimated packet index: %08x%08x", | 1332 debug_print2(mod_srtp, "estimated packet index: %08x%08x", |
1251 high32(est), low32(est)); | 1333 high32(est), low32(est)); |
1252 #else | 1334 #else |
1253 debug_print(mod_srtp, "estimated packet index: %016llx", est); | 1335 debug_print(mod_srtp, "estimated packet index: %016llx", est); |
1254 #endif | 1336 #endif |
1255 | 1337 |
1256 /* | 1338 /* |
1257 * AEAD uses a new IV formation method | 1339 * AEAD uses a new IV formation method |
1258 */ | 1340 */ |
1259 srtp_calc_aead_iv(stream, &iv, &est, hdr); | 1341 srtp_calc_aead_iv(stream, &iv, &est, hdr); |
1260 | |
1261 /* shift est, put into network byte order */ | 1342 /* shift est, put into network byte order */ |
1262 #ifdef NO_64BIT_MATH | 1343 #ifdef NO_64BIT_MATH |
1263 est = be64_to_cpu(make64((high32(est) << 16) | | 1344 est = be64_to_cpu(make64((high32(est) << 16) | |
1264 (low32(est) >> 16), | 1345 (low32(est) >> 16), |
1265 low32(est) << 16)); | 1346 low32(est) << 16)); |
1266 #else | 1347 #else |
1267 est = be64_to_cpu(est << 16); | 1348 est = be64_to_cpu(est << 16); |
1268 #endif | 1349 #endif |
1269 | 1350 |
1270 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt); | 1351 status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_directio
n_encrypt); |
1271 if (!status && stream->rtp_xtn_hdr_cipher) { | 1352 if (!status && stream->rtp_xtn_hdr_cipher) { |
1272 iv.v32[0] = 0; | 1353 iv.v32[0] = 0; |
1273 iv.v32[1] = hdr->ssrc; | 1354 iv.v32[1] = hdr->ssrc; |
1274 iv.v64[1] = est; | 1355 iv.v64[1] = est; |
1275 status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, directio
n_encrypt); | 1356 status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srt
p_direction_encrypt); |
1276 } | 1357 } |
1277 if (status) { | 1358 if (status) { |
1278 return err_status_cipher_fail; | 1359 return srtp_err_status_cipher_fail; |
1279 } | 1360 } |
1280 | 1361 |
1281 if (xtn_hdr && stream->rtp_xtn_hdr_cipher) { | 1362 if (xtn_hdr && stream->rtp_xtn_hdr_cipher) { |
1282 /* | 1363 /* |
1283 * extensions header encryption RFC 6904 | 1364 * extensions header encryption RFC 6904 |
1284 */ | 1365 */ |
1285 status = srtp_process_header_encryption(stream, xtn_hdr); | 1366 status = srtp_process_header_encryption(stream, xtn_hdr); |
1286 if (status) { | 1367 if (status) { |
1287 return status; | 1368 return status; |
1288 } | 1369 } |
1289 } | 1370 } |
1290 | 1371 |
1291 /* | 1372 /* |
1292 * Set the AAD over the RTP header | 1373 * Set the AAD over the RTP header |
1293 */ | 1374 */ |
1294 aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; | 1375 aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; |
1295 status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len); | 1376 status = srtp_cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len); |
1296 if (status) { | 1377 if (status) { |
1297 return ( err_status_cipher_fail); | 1378 return ( srtp_err_status_cipher_fail); |
1298 } | 1379 } |
1299 | 1380 |
1300 /* Encrypt the payload */ | 1381 /* Encrypt the payload */ |
1301 status = cipher_encrypt(stream->rtp_cipher, | 1382 status = srtp_cipher_encrypt(stream->rtp_cipher, |
1302 (uint8_t*)enc_start, &enc_octet_len); | 1383 (uint8_t*)enc_start, (unsigned int *)&enc_octet_len)
; |
1303 if (status) { | 1384 if (status) { |
1304 return err_status_cipher_fail; | 1385 return srtp_err_status_cipher_fail; |
1305 } | 1386 } |
1306 /* | 1387 /* |
1307 * If we're doing GCM, we need to get the tag | 1388 * If we're doing GCM, we need to get the tag |
1308 * and append that to the output | 1389 * and append that to the output |
1309 */ | 1390 */ |
1310 status = cipher_get_tag(stream->rtp_cipher, | 1391 status = srtp_cipher_get_tag(stream->rtp_cipher, |
1311 (uint8_t*)enc_start+enc_octet_len, &tag_len); | 1392 (uint8_t*)enc_start+enc_octet_len, &tag_len); |
1312 if (status) { | 1393 if (status) { |
1313 » return ( err_status_cipher_fail); | 1394 » return ( srtp_err_status_cipher_fail); |
1314 } | 1395 } |
1315 enc_octet_len += tag_len; | |
1316 | 1396 |
1317 /* increase the packet length by the length of the auth tag */ | 1397 /* increase the packet length by the length of the auth tag */ |
1318 *pkt_octet_len += tag_len; | 1398 *pkt_octet_len += tag_len; |
1319 | 1399 |
1320 return err_status_ok; | 1400 return srtp_err_status_ok; |
1321 } | 1401 } |
1322 | 1402 |
1323 | 1403 |
1324 /* | 1404 /* |
1325 * This function handles incoming SRTP packets while in AEAD mode, | 1405 * This function handles incoming SRTP packets while in AEAD mode, |
1326 * which currently supports AES-GCM encryption. All packets are | 1406 * which currently supports AES-GCM encryption. All packets are |
1327 * encrypted and authenticated. Note, the auth tag is at the end | 1407 * encrypted and authenticated. Note, the auth tag is at the end |
1328 * of the packet stream and is automatically checked by GCM | 1408 * of the packet stream and is automatically checked by GCM |
1329 * when decrypting the payload. | 1409 * when decrypting the payload. |
1330 */ | 1410 */ |
1331 static err_status_t | 1411 static srtp_err_status_t |
1332 srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, | 1412 srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
1333 » xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_
len) | 1413 » srtp_xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_o
ctet_len) |
1334 { | 1414 { |
1335 srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr; | 1415 srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr; |
1336 uint32_t *enc_start; /* pointer to start of encrypted portion */ | 1416 uint32_t *enc_start; /* pointer to start of encrypted portion */ |
1337 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ | 1417 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ |
1338 v128_t iv; | 1418 v128_t iv; |
1339 err_status_t status; | 1419 srtp_err_status_t status; |
1340 int tag_len; | 1420 int tag_len; |
1341 unsigned int aad_len; | 1421 unsigned int aad_len; |
1342 srtp_hdr_xtnd_t *xtn_hdr = NULL; | 1422 srtp_hdr_xtnd_t *xtn_hdr = NULL; |
1343 | 1423 |
1344 debug_print(mod_srtp, "function srtp_unprotect_aead", NULL); | 1424 debug_print(mod_srtp, "function srtp_unprotect_aead", NULL); |
1345 | 1425 |
1346 #ifdef NO_64BIT_MATH | 1426 #ifdef NO_64BIT_MATH |
1347 debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est), lo
w32(est)); | 1427 debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est), lo
w32(est)); |
1348 #else | 1428 #else |
1349 debug_print(mod_srtp, "estimated u_packet index: %016llx", est); | 1429 debug_print(mod_srtp, "estimated u_packet index: %016llx", est); |
1350 #endif | 1430 #endif |
1351 | 1431 |
1352 /* get tag length from stream */ | 1432 /* get tag length from stream */ |
1353 tag_len = auth_get_tag_length(stream->rtp_auth); | 1433 tag_len = srtp_auth_get_tag_length(stream->rtp_auth); |
1354 | 1434 |
1355 /* | 1435 /* |
1356 * AEAD uses a new IV formation method | 1436 * AEAD uses a new IV formation method |
1357 */ | 1437 */ |
1358 srtp_calc_aead_iv(stream, &iv, &est, hdr); | 1438 srtp_calc_aead_iv(stream, &iv, &est, hdr); |
1359 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt); | 1439 status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_directio
n_decrypt); |
| 1440 if (!status && stream->rtp_xtn_hdr_cipher) { |
| 1441 iv.v32[0] = 0; |
| 1442 iv.v32[1] = hdr->ssrc; |
| 1443 #ifdef NO_64BIT_MATH |
| 1444 iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), |
| 1445 low32(est) << 16)); |
| 1446 #else |
| 1447 iv.v64[1] = be64_to_cpu(est << 16); |
| 1448 #endif |
| 1449 status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srt
p_direction_encrypt); |
| 1450 } |
1360 if (status) { | 1451 if (status) { |
1361 return err_status_cipher_fail; | 1452 return srtp_err_status_cipher_fail; |
1362 } | 1453 } |
1363 | 1454 |
1364 /* | 1455 /* |
1365 * find starting point for decryption and length of data to be | 1456 * find starting point for decryption and length of data to be |
1366 * decrypted - the encrypted portion starts after the rtp header | 1457 * decrypted - the encrypted portion starts after the rtp header |
1367 * extension, if present; otherwise, it starts after the last csrc, | 1458 * extension, if present; otherwise, it starts after the last csrc, |
1368 * if any are present | 1459 * if any are present |
1369 */ | 1460 */ |
1370 enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc; | 1461 enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc; |
1371 if (hdr->x == 1) { | 1462 if (hdr->x == 1) { |
1372 xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; | 1463 xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; |
1373 enc_start += (ntohs(xtn_hdr->length) + 1); | 1464 enc_start += (ntohs(xtn_hdr->length) + 1); |
1374 } | 1465 } |
1375 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len))) | 1466 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len))) |
1376 return err_status_parse_err; | 1467 return srtp_err_status_parse_err; |
1377 /* | 1468 /* |
1378 * We pass the tag down to the cipher when doing GCM mode | 1469 * We pass the tag down to the cipher when doing GCM mode |
1379 */ | 1470 */ |
1380 enc_octet_len = (unsigned int)(*pkt_octet_len - | 1471 enc_octet_len = (unsigned int)(*pkt_octet_len - |
1381 ((uint8_t*)enc_start - (uint8_t*)hdr)); | 1472 ((uint8_t*)enc_start - (uint8_t*)hdr)); |
1382 | 1473 |
1383 /* | 1474 /* |
1384 * Sanity check the encrypted payload length against | 1475 * Sanity check the encrypted payload length against |
1385 * the tag size. It must always be at least as large | 1476 * the tag size. It must always be at least as large |
1386 * as the tag length. | 1477 * as the tag length. |
1387 */ | 1478 */ |
1388 if (enc_octet_len < (unsigned int) tag_len) { | 1479 if (enc_octet_len < (unsigned int) tag_len) { |
1389 return err_status_cipher_fail; | 1480 return srtp_err_status_cipher_fail; |
1390 } | 1481 } |
1391 | 1482 |
1392 /* | 1483 /* |
1393 * update the key usage limit, and check it to make sure that we | 1484 * update the key usage limit, and check it to make sure that we |
1394 * didn't just hit either the soft limit or the hard limit, and call | 1485 * didn't just hit either the soft limit or the hard limit, and call |
1395 * the event handler if we hit either. | 1486 * the event handler if we hit either. |
1396 */ | 1487 */ |
1397 switch (key_limit_update(stream->limit)) { | 1488 switch (srtp_key_limit_update(stream->limit)) { |
1398 case key_event_normal: | 1489 case srtp_key_event_normal: |
1399 break; | 1490 break; |
1400 case key_event_soft_limit: | 1491 case srtp_key_event_soft_limit: |
1401 srtp_handle_event(ctx, stream, event_key_soft_limit); | 1492 srtp_handle_event(ctx, stream, event_key_soft_limit); |
1402 break; | 1493 break; |
1403 case key_event_hard_limit: | 1494 case srtp_key_event_hard_limit: |
1404 srtp_handle_event(ctx, stream, event_key_hard_limit); | 1495 srtp_handle_event(ctx, stream, event_key_hard_limit); |
1405 return err_status_key_expired; | 1496 return srtp_err_status_key_expired; |
1406 default: | 1497 default: |
1407 break; | 1498 break; |
1408 } | 1499 } |
1409 | 1500 |
1410 /* | 1501 /* |
1411 * Set the AAD for AES-GCM, which is the RTP header | 1502 * Set the AAD for AES-GCM, which is the RTP header |
1412 */ | 1503 */ |
1413 aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; | 1504 aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; |
1414 status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len); | 1505 status = srtp_cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len); |
1415 if (!status && stream->rtp_xtn_hdr_cipher) { | |
1416 iv.v32[0] = 0; | |
1417 iv.v32[1] = hdr->ssrc; | |
1418 #ifdef NO_64BIT_MATH | |
1419 iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), | |
1420 low32(est) << 16)); | |
1421 #else | |
1422 iv.v64[1] = be64_to_cpu(est << 16); | |
1423 #endif | |
1424 status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, directio
n_encrypt); | |
1425 } | |
1426 if (status) { | 1506 if (status) { |
1427 return ( err_status_cipher_fail); | 1507 return ( srtp_err_status_cipher_fail); |
1428 } | 1508 } |
1429 | 1509 |
1430 /* Decrypt the ciphertext. This also checks the auth tag based | 1510 /* Decrypt the ciphertext. This also checks the auth tag based |
1431 * on the AAD we just specified above */ | 1511 * on the AAD we just specified above */ |
1432 status = cipher_decrypt(stream->rtp_cipher, | 1512 status = srtp_cipher_decrypt(stream->rtp_cipher, (uint8_t*)enc_start, &enc_o
ctet_len); |
1433 (uint8_t*)enc_start, &enc_octet_len); | |
1434 if (status) { | 1513 if (status) { |
1435 return status; | 1514 return status; |
1436 } | 1515 } |
1437 | 1516 |
1438 if (xtn_hdr && stream->rtp_xtn_hdr_cipher) { | 1517 if (xtn_hdr && stream->rtp_xtn_hdr_cipher) { |
1439 /* | 1518 /* |
1440 * extensions header encryption RFC 6904 | 1519 * extensions header encryption RFC 6904 |
1441 */ | 1520 */ |
1442 status = srtp_process_header_encryption(stream, xtn_hdr); | 1521 status = srtp_process_header_encryption(stream, xtn_hdr); |
1443 if (status) { | 1522 if (status) { |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1488 ctx->stream_list = new_stream; | 1567 ctx->stream_list = new_stream; |
1489 | 1568 |
1490 /* set stream (the pointer used in this function) */ | 1569 /* set stream (the pointer used in this function) */ |
1491 stream = new_stream; | 1570 stream = new_stream; |
1492 } | 1571 } |
1493 | 1572 |
1494 /* | 1573 /* |
1495 * the message authentication function passed, so add the packet | 1574 * the message authentication function passed, so add the packet |
1496 * index into the replay database | 1575 * index into the replay database |
1497 */ | 1576 */ |
1498 rdbx_add_index(&stream->rtp_rdbx, delta); | 1577 srtp_rdbx_add_index(&stream->rtp_rdbx, delta); |
1499 | 1578 |
1500 /* decrease the packet length by the length of the auth tag */ | 1579 /* decrease the packet length by the length of the auth tag */ |
1501 *pkt_octet_len -= tag_len; | 1580 *pkt_octet_len -= tag_len; |
1502 | 1581 |
1503 return err_status_ok; | 1582 return srtp_err_status_ok; |
1504 } | 1583 } |
1505 | 1584 |
1506 | 1585 |
1507 | 1586 srtp_err_status_t |
1508 | |
1509 err_status_t | |
1510 srtp_protect(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len) { | 1587 srtp_protect(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len) { |
1511 srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; | 1588 srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; |
1512 uint32_t *enc_start; /* pointer to start of encrypted portion */ | 1589 uint32_t *enc_start; /* pointer to start of encrypted portion */ |
1513 uint32_t *auth_start; /* pointer to start of auth. portion */ | 1590 uint32_t *auth_start; /* pointer to start of auth. portion */ |
1514 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ | 1591 int enc_octet_len = 0; /* number of octets in encrypted portion */ |
1515 xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ | 1592 srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ |
1516 int delta; /* delta of local pkt idx and that in hdr */ | 1593 int delta; /* delta of local pkt idx and that in hdr */ |
1517 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ | 1594 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
1518 err_status_t status; | 1595 srtp_err_status_t status; |
1519 int tag_len; | 1596 int tag_len; |
1520 srtp_stream_ctx_t *stream; | 1597 srtp_stream_ctx_t *stream; |
1521 int prefix_len; | 1598 uint32_t prefix_len; |
1522 srtp_hdr_xtnd_t *xtn_hdr = NULL; | 1599 srtp_hdr_xtnd_t *xtn_hdr = NULL; |
1523 | 1600 |
1524 debug_print(mod_srtp, "function srtp_protect", NULL); | 1601 debug_print(mod_srtp, "function srtp_protect", NULL); |
1525 | 1602 |
1526 /* we assume the hdr is 32-bit aligned to start */ | 1603 /* we assume the hdr is 32-bit aligned to start */ |
1527 | 1604 |
1528 /* Verify RTP header */ | 1605 /* Verify RTP header */ |
1529 status = srtp_validate_rtp_header(rtp_hdr, pkt_octet_len); | 1606 status = srtp_validate_rtp_header(rtp_hdr, pkt_octet_len); |
1530 if (status) | 1607 if (status) |
1531 return status; | 1608 return status; |
1532 | 1609 |
1533 /* check the packet length - it must at least contain a full header */ | 1610 /* check the packet length - it must at least contain a full header */ |
1534 if (*pkt_octet_len < octets_in_rtp_header) | 1611 if (*pkt_octet_len < octets_in_rtp_header) |
1535 return err_status_bad_param; | 1612 return srtp_err_status_bad_param; |
1536 | 1613 |
1537 /* | 1614 /* |
1538 * look up ssrc in srtp_stream list, and process the packet with | 1615 * look up ssrc in srtp_stream list, and process the packet with |
1539 * the appropriate stream. if we haven't seen this stream before, | 1616 * the appropriate stream. if we haven't seen this stream before, |
1540 * there's a template key for this srtp_session, and the cipher | 1617 * there's a template key for this srtp_session, and the cipher |
1541 * supports key-sharing, then we assume that a new stream using | 1618 * supports key-sharing, then we assume that a new stream using |
1542 * that key has just started up | 1619 * that key has just started up |
1543 */ | 1620 */ |
1544 stream = srtp_get_stream(ctx, hdr->ssrc); | 1621 stream = srtp_get_stream(ctx, hdr->ssrc); |
1545 if (stream == NULL) { | 1622 if (stream == NULL) { |
(...skipping 10 matching lines...) Expand all Loading... |
1556 new_stream->next = ctx->stream_list; | 1633 new_stream->next = ctx->stream_list; |
1557 ctx->stream_list = new_stream; | 1634 ctx->stream_list = new_stream; |
1558 | 1635 |
1559 /* set direction to outbound */ | 1636 /* set direction to outbound */ |
1560 new_stream->direction = dir_srtp_sender; | 1637 new_stream->direction = dir_srtp_sender; |
1561 | 1638 |
1562 /* set stream (the pointer used in this function) */ | 1639 /* set stream (the pointer used in this function) */ |
1563 stream = new_stream; | 1640 stream = new_stream; |
1564 } else { | 1641 } else { |
1565 /* no template stream, so we return an error */ | 1642 /* no template stream, so we return an error */ |
1566 return err_status_no_ctx; | 1643 return srtp_err_status_no_ctx; |
1567 } | 1644 } |
1568 } | 1645 } |
1569 | 1646 |
1570 /* | 1647 /* |
1571 * verify that stream is for sending traffic - this check will | 1648 * verify that stream is for sending traffic - this check will |
1572 * detect SSRC collisions, since a stream that appears in both | 1649 * detect SSRC collisions, since a stream that appears in both |
1573 * srtp_protect() and srtp_unprotect() will fail this test in one of | 1650 * srtp_protect() and srtp_unprotect() will fail this test in one of |
1574 * those functions. | 1651 * those functions. |
1575 */ | 1652 */ |
1576 if (stream->direction != dir_srtp_sender) { | 1653 if (stream->direction != dir_srtp_sender) { |
1577 if (stream->direction == dir_unknown) { | 1654 if (stream->direction == dir_unknown) { |
1578 stream->direction = dir_srtp_sender; | 1655 stream->direction = dir_srtp_sender; |
1579 } else { | 1656 } else { |
1580 srtp_handle_event(ctx, stream, event_ssrc_collision); | 1657 srtp_handle_event(ctx, stream, event_ssrc_collision); |
1581 } | 1658 } |
1582 } | 1659 } |
1583 | 1660 |
1584 /* | 1661 /* |
1585 * Check if this is an AEAD stream (GCM mode). If so, then dispatch | 1662 * Check if this is an AEAD stream (GCM mode). If so, then dispatch |
1586 * the request to our AEAD handler. | 1663 * the request to our AEAD handler. |
1587 */ | 1664 */ |
1588 if (stream->rtp_cipher->algorithm == AES_128_GCM || | 1665 if (stream->rtp_cipher->algorithm == SRTP_AES_128_GCM || |
1589 stream->rtp_cipher->algorithm == AES_256_GCM) { | 1666 stream->rtp_cipher->algorithm == SRTP_AES_256_GCM) { |
1590 return srtp_protect_aead(ctx, stream, rtp_hdr, (unsigned int*)pkt_octet_le
n); | 1667 return srtp_protect_aead(ctx, stream, rtp_hdr, (unsigned int*)pkt_octet_le
n); |
1591 } | 1668 } |
1592 | 1669 |
1593 /* | 1670 /* |
1594 * update the key usage limit, and check it to make sure that we | 1671 * update the key usage limit, and check it to make sure that we |
1595 * didn't just hit either the soft limit or the hard limit, and call | 1672 * didn't just hit either the soft limit or the hard limit, and call |
1596 * the event handler if we hit either. | 1673 * the event handler if we hit either. |
1597 */ | 1674 */ |
1598 switch(key_limit_update(stream->limit)) { | 1675 switch(srtp_key_limit_update(stream->limit)) { |
1599 case key_event_normal: | 1676 case srtp_key_event_normal: |
1600 break; | 1677 break; |
1601 case key_event_soft_limit: | 1678 case srtp_key_event_soft_limit: |
1602 srtp_handle_event(ctx, stream, event_key_soft_limit); | 1679 srtp_handle_event(ctx, stream, event_key_soft_limit); |
1603 break; | 1680 break; |
1604 case key_event_hard_limit: | 1681 case srtp_key_event_hard_limit: |
1605 srtp_handle_event(ctx, stream, event_key_hard_limit); | 1682 srtp_handle_event(ctx, stream, event_key_hard_limit); |
1606 » return err_status_key_expired; | 1683 » return srtp_err_status_key_expired; |
1607 default: | 1684 default: |
1608 break; | 1685 break; |
1609 } | 1686 } |
1610 | 1687 |
1611 /* get tag length from stream */ | 1688 /* get tag length from stream */ |
1612 tag_len = auth_get_tag_length(stream->rtp_auth); | 1689 tag_len = srtp_auth_get_tag_length(stream->rtp_auth); |
1613 | 1690 |
1614 /* | 1691 /* |
1615 * find starting point for encryption and length of data to be | 1692 * find starting point for encryption and length of data to be |
1616 * encrypted - the encrypted portion starts after the rtp header | 1693 * encrypted - the encrypted portion starts after the rtp header |
1617 * extension, if present; otherwise, it starts after the last csrc, | 1694 * extension, if present; otherwise, it starts after the last csrc, |
1618 * if any are present | 1695 * if any are present |
1619 * | 1696 * |
1620 * if we're not providing confidentiality, set enc_start to NULL | 1697 * if we're not providing confidentiality, set enc_start to NULL |
1621 */ | 1698 */ |
1622 if (stream->rtp_services & sec_serv_conf) { | 1699 if (stream->rtp_services & sec_serv_conf) { |
1623 enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; | 1700 enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; |
1624 if (hdr->x == 1) { | 1701 if (hdr->x == 1) { |
1625 xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; | 1702 xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; |
1626 enc_start += (ntohs(xtn_hdr->length) + 1); | 1703 enc_start += (ntohs(xtn_hdr->length) + 1); |
1627 } | 1704 } |
| 1705 /* note: the passed size is without the auth tag */ |
1628 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) | 1706 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) |
1629 return err_status_parse_err; | 1707 return srtp_err_status_parse_err; |
1630 enc_octet_len = (unsigned int)(*pkt_octet_len - | 1708 enc_octet_len = (int)(*pkt_octet_len - |
1631 ((uint8_t*)enc_start - (uint8_t*)hdr)); | 1709 ((uint8_t*)enc_start - (uint8_t*)hdr)); |
| 1710 if (enc_octet_len < 0) return srtp_err_status_parse_err; |
1632 } else { | 1711 } else { |
1633 enc_start = NULL; | 1712 enc_start = NULL; |
1634 } | 1713 } |
1635 | 1714 |
1636 /* | 1715 /* |
1637 * if we're providing authentication, set the auth_start and auth_tag | 1716 * if we're providing authentication, set the auth_start and auth_tag |
1638 * pointers to the proper locations; otherwise, set auth_start to NULL | 1717 * pointers to the proper locations; otherwise, set auth_start to NULL |
1639 * to indicate that no authentication is needed | 1718 * to indicate that no authentication is needed |
1640 */ | 1719 */ |
1641 if (stream->rtp_services & sec_serv_auth) { | 1720 if (stream->rtp_services & sec_serv_auth) { |
1642 auth_start = (uint32_t *)hdr; | 1721 auth_start = (uint32_t *)hdr; |
1643 auth_tag = (uint8_t *)hdr + *pkt_octet_len; | 1722 auth_tag = (uint8_t *)hdr + *pkt_octet_len; |
1644 } else { | 1723 } else { |
1645 auth_start = NULL; | 1724 auth_start = NULL; |
1646 auth_tag = NULL; | 1725 auth_tag = NULL; |
1647 } | 1726 } |
1648 | 1727 |
1649 /* | 1728 /* |
1650 * estimate the packet index using the start of the replay window | 1729 * estimate the packet index using the start of the replay window |
1651 * and the sequence number from the header | 1730 * and the sequence number from the header |
1652 */ | 1731 */ |
1653 delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); | 1732 delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); |
1654 status = rdbx_check(&stream->rtp_rdbx, delta); | 1733 status = srtp_rdbx_check(&stream->rtp_rdbx, delta); |
1655 if (status) { | 1734 if (status) { |
1656 if (status != err_status_replay_fail || !stream->allow_repeat_tx) | 1735 if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) |
1657 return status; /* we've been asked to reuse an index */ | 1736 return status; /* we've been asked to reuse an index */ |
1658 } | 1737 } |
1659 else | 1738 else |
1660 rdbx_add_index(&stream->rtp_rdbx, delta); | 1739 srtp_rdbx_add_index(&stream->rtp_rdbx, delta); |
1661 | 1740 |
1662 #ifdef NO_64BIT_MATH | 1741 #ifdef NO_64BIT_MATH |
1663 debug_print2(mod_srtp, "estimated packet index: %08x%08x", | 1742 debug_print2(mod_srtp, "estimated packet index: %08x%08x", |
1664 high32(est),low32(est)); | 1743 high32(est),low32(est)); |
1665 #else | 1744 #else |
1666 debug_print(mod_srtp, "estimated packet index: %016llx", est); | 1745 debug_print(mod_srtp, "estimated packet index: %016llx", est); |
1667 #endif | 1746 #endif |
1668 | 1747 |
1669 /* | 1748 /* |
1670 * if we're using rindael counter mode, set nonce and seq | 1749 * if we're using rindael counter mode, set nonce and seq |
1671 */ | 1750 */ |
1672 if (stream->rtp_cipher->type->id == AES_ICM || | 1751 if (stream->rtp_cipher->type->id == SRTP_AES_ICM || |
1673 stream->rtp_cipher->type->id == AES_256_ICM) { | 1752 stream->rtp_cipher->type->id == SRTP_AES_256_ICM) { |
1674 v128_t iv; | 1753 v128_t iv; |
1675 | 1754 |
1676 iv.v32[0] = 0; | 1755 iv.v32[0] = 0; |
1677 iv.v32[1] = hdr->ssrc; | 1756 iv.v32[1] = hdr->ssrc; |
1678 #ifdef NO_64BIT_MATH | 1757 #ifdef NO_64BIT_MATH |
1679 iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), | 1758 iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), |
1680 low32(est) << 1
6)); | 1759 low32(est) << 1
6)); |
1681 #else | 1760 #else |
1682 iv.v64[1] = be64_to_cpu(est << 16); | 1761 iv.v64[1] = be64_to_cpu(est << 16); |
1683 #endif | 1762 #endif |
1684 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt); | 1763 status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_directi
on_encrypt); |
1685 if (!status && stream->rtp_xtn_hdr_cipher) { | 1764 if (!status && stream->rtp_xtn_hdr_cipher) { |
1686 status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, directi
on_encrypt); | 1765 status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, sr
tp_direction_encrypt); |
1687 } | 1766 } |
1688 } else { | 1767 } else { |
1689 v128_t iv; | 1768 v128_t iv; |
1690 | 1769 |
1691 /* otherwise, set the index to est */ | 1770 /* otherwise, set the index to est */ |
1692 #ifdef NO_64BIT_MATH | 1771 #ifdef NO_64BIT_MATH |
1693 iv.v32[0] = 0; | 1772 iv.v32[0] = 0; |
1694 iv.v32[1] = 0; | 1773 iv.v32[1] = 0; |
1695 #else | 1774 #else |
1696 iv.v64[0] = 0; | 1775 iv.v64[0] = 0; |
1697 #endif | 1776 #endif |
1698 iv.v64[1] = be64_to_cpu(est); | 1777 iv.v64[1] = be64_to_cpu(est); |
1699 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt); | 1778 status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_directi
on_encrypt); |
1700 if (!status && stream->rtp_xtn_hdr_cipher) { | 1779 if (!status && stream->rtp_xtn_hdr_cipher) { |
1701 status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, directi
on_encrypt); | 1780 status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, sr
tp_direction_encrypt); |
1702 } | 1781 } |
1703 } | 1782 } |
1704 if (status) | 1783 if (status) |
1705 return err_status_cipher_fail; | 1784 return srtp_err_status_cipher_fail; |
1706 | 1785 |
1707 /* shift est, put into network byte order */ | 1786 /* shift est, put into network byte order */ |
1708 #ifdef NO_64BIT_MATH | 1787 #ifdef NO_64BIT_MATH |
1709 est = be64_to_cpu(make64((high32(est) << 16) | | 1788 est = be64_to_cpu(make64((high32(est) << 16) | |
1710 (low32(est) >> 16), | 1789 (low32(est) >> 16), |
1711 low32(est) << 16)); | 1790 low32(est) << 16)); |
1712 #else | 1791 #else |
1713 est = be64_to_cpu(est << 16); | 1792 est = be64_to_cpu(est << 16); |
1714 #endif | 1793 #endif |
1715 | 1794 |
1716 /* | 1795 /* |
1717 * if we're authenticating using a universal hash, put the keystream | 1796 * if we're authenticating using a universal hash, put the keystream |
1718 * prefix into the authentication tag | 1797 * prefix into the authentication tag |
1719 */ | 1798 */ |
1720 if (auth_start) { | 1799 if (auth_start) { |
1721 | 1800 |
1722 prefix_len = auth_get_prefix_length(stream->rtp_auth); | 1801 prefix_len = srtp_auth_get_prefix_length(stream->rtp_auth); |
1723 if (prefix_len) { | 1802 if (prefix_len) { |
1724 status = cipher_output(stream->rtp_cipher, auth_tag, prefix_len); | 1803 status = srtp_cipher_output(stream->rtp_cipher, auth_tag, &prefix_len); |
1725 if (status) | 1804 if (status) |
1726 » return err_status_cipher_fail; | 1805 » return srtp_err_status_cipher_fail; |
1727 debug_print(mod_srtp, "keystream prefix: %s", | 1806 debug_print(mod_srtp, "keystream prefix: %s", |
1728 » » octet_string_hex_string(auth_tag, prefix_len)); | 1807 » » srtp_octet_string_hex_string(auth_tag, prefix_len)); |
1729 } | 1808 } |
1730 } | 1809 } |
1731 | 1810 |
1732 if (xtn_hdr && stream->rtp_xtn_hdr_cipher) { | 1811 if (xtn_hdr && stream->rtp_xtn_hdr_cipher) { |
1733 /* | 1812 /* |
1734 * extensions header encryption RFC 6904 | 1813 * extensions header encryption RFC 6904 |
1735 */ | 1814 */ |
1736 status = srtp_process_header_encryption(stream, xtn_hdr); | 1815 status = srtp_process_header_encryption(stream, xtn_hdr); |
1737 if (status) { | 1816 if (status) { |
1738 return status; | 1817 return status; |
1739 } | 1818 } |
1740 } | 1819 } |
1741 | 1820 |
1742 /* if we're encrypting, exor keystream into the message */ | 1821 /* if we're encrypting, exor keystream into the message */ |
1743 if (enc_start) { | 1822 if (enc_start) { |
1744 status = cipher_encrypt(stream->rtp_cipher, | 1823 status = srtp_cipher_encrypt(stream->rtp_cipher, |
1745 » » » (uint8_t *)enc_start, &enc_octet_len); | 1824 » » » (uint8_t *)enc_start, (unsigned int *)&enc_octet
_len); |
1746 if (status) | 1825 if (status) |
1747 return err_status_cipher_fail; | 1826 return srtp_err_status_cipher_fail; |
1748 } | 1827 } |
1749 | 1828 |
1750 /* | 1829 /* |
1751 * if we're authenticating, run authentication function and put result | 1830 * if we're authenticating, run authentication function and put result |
1752 * into the auth_tag | 1831 * into the auth_tag |
1753 */ | 1832 */ |
1754 if (auth_start) { | 1833 if (auth_start) { |
1755 | 1834 |
1756 /* initialize auth func context */ | 1835 /* initialize auth func context */ |
1757 status = auth_start(stream->rtp_auth); | 1836 status = srtp_auth_start(stream->rtp_auth); |
1758 if (status) return status; | 1837 if (status) return status; |
1759 | 1838 |
1760 /* run auth func over packet */ | 1839 /* run auth func over packet */ |
1761 status = auth_update(stream->rtp_auth, | 1840 status = srtp_auth_update(stream->rtp_auth, |
1762 (uint8_t *)auth_start, *pkt_octet_len); | 1841 (uint8_t *)auth_start, *pkt_octet_len); |
1763 if (status) return status; | 1842 if (status) return status; |
1764 | 1843 |
1765 /* run auth func over ROC, put result into auth_tag */ | 1844 /* run auth func over ROC, put result into auth_tag */ |
1766 debug_print(mod_srtp, "estimated packet index: %016llx", est); | 1845 debug_print(mod_srtp, "estimated packet index: %016llx", est); |
1767 status = auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, auth_tag); | 1846 status = srtp_auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, auth_tag); |
1768 debug_print(mod_srtp, "srtp auth tag: %s", | 1847 debug_print(mod_srtp, "srtp auth tag: %s", |
1769 » » octet_string_hex_string(auth_tag, tag_len)); | 1848 » » srtp_octet_string_hex_string(auth_tag, tag_len)); |
1770 if (status) | 1849 if (status) |
1771 return err_status_auth_fail; | 1850 return srtp_err_status_auth_fail; |
1772 | 1851 |
1773 } | 1852 } |
1774 | 1853 |
1775 if (auth_tag) { | 1854 if (auth_tag) { |
1776 | 1855 |
1777 /* increase the packet length by the length of the auth tag */ | 1856 /* increase the packet length by the length of the auth tag */ |
1778 *pkt_octet_len += tag_len; | 1857 *pkt_octet_len += tag_len; |
1779 } | 1858 } |
1780 | 1859 |
1781 return err_status_ok; | 1860 return srtp_err_status_ok; |
1782 } | 1861 } |
1783 | 1862 |
1784 | 1863 |
1785 err_status_t | 1864 srtp_err_status_t |
1786 srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { | 1865 srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
1787 srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr; | 1866 srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr; |
1788 uint32_t *enc_start; /* pointer to start of encrypted portion */ | 1867 uint32_t *enc_start; /* pointer to start of encrypted portion */ |
1789 uint32_t *auth_start; /* pointer to start of auth. portion */ | 1868 uint32_t *auth_start; /* pointer to start of auth. portion */ |
1790 unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ | 1869 unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ |
1791 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ | 1870 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
1792 xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ | 1871 srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ |
1793 int delta; /* delta of local pkt idx and that in hdr */ | 1872 int delta; /* delta of local pkt idx and that in hdr */ |
1794 v128_t iv; | 1873 v128_t iv; |
1795 err_status_t status; | 1874 srtp_err_status_t status; |
1796 srtp_stream_ctx_t *stream; | 1875 srtp_stream_ctx_t *stream; |
1797 uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; | 1876 uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; |
1798 int tag_len, prefix_len; | 1877 uint32_t tag_len, prefix_len; |
1799 srtp_hdr_xtnd_t *xtn_hdr = NULL; | 1878 srtp_hdr_xtnd_t *xtn_hdr = NULL; |
1800 | 1879 |
1801 debug_print(mod_srtp, "function srtp_unprotect", NULL); | 1880 debug_print(mod_srtp, "function srtp_unprotect", NULL); |
1802 | 1881 |
1803 /* we assume the hdr is 32-bit aligned to start */ | 1882 /* we assume the hdr is 32-bit aligned to start */ |
1804 | 1883 |
1805 /* Verify RTP header */ | 1884 /* Verify RTP header */ |
1806 status = srtp_validate_rtp_header(srtp_hdr, pkt_octet_len); | 1885 status = srtp_validate_rtp_header(srtp_hdr, pkt_octet_len); |
1807 if (status) | 1886 if (status) |
1808 return status; | 1887 return status; |
1809 | 1888 |
1810 /* check the packet length - it must at least contain a full header */ | 1889 /* check the packet length - it must at least contain a full header */ |
1811 if (*pkt_octet_len < octets_in_rtp_header) | 1890 if (*pkt_octet_len < octets_in_rtp_header) |
1812 return err_status_bad_param; | 1891 return srtp_err_status_bad_param; |
1813 | 1892 |
1814 /* | 1893 /* |
1815 * look up ssrc in srtp_stream list, and process the packet with | 1894 * look up ssrc in srtp_stream list, and process the packet with |
1816 * the appropriate stream. if we haven't seen this stream before, | 1895 * the appropriate stream. if we haven't seen this stream before, |
1817 * there's only one key for this srtp_session, and the cipher | 1896 * there's only one key for this srtp_session, and the cipher |
1818 * supports key-sharing, then we assume that a new stream using | 1897 * supports key-sharing, then we assume that a new stream using |
1819 * that key has just started up | 1898 * that key has just started up |
1820 */ | 1899 */ |
1821 stream = srtp_get_stream(ctx, hdr->ssrc); | 1900 stream = srtp_get_stream(ctx, hdr->ssrc); |
1822 if (stream == NULL) { | 1901 if (stream == NULL) { |
1823 if (ctx->stream_template != NULL) { | 1902 if (ctx->stream_template != NULL) { |
1824 stream = ctx->stream_template; | 1903 stream = ctx->stream_template; |
1825 debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)", | 1904 debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)", |
1826 » » hdr->ssrc); | 1905 » » ntohl(hdr->ssrc)); |
1827 | 1906 |
1828 /* | 1907 /* |
1829 * set estimated packet index to sequence number from header, | 1908 * set estimated packet index to sequence number from header, |
1830 * and set delta equal to the same value | 1909 * and set delta equal to the same value |
1831 */ | 1910 */ |
1832 #ifdef NO_64BIT_MATH | 1911 #ifdef NO_64BIT_MATH |
1833 est = (xtd_seq_num_t) make64(0,ntohs(hdr->seq)); | 1912 est = (srtp_xtd_seq_num_t) make64(0,ntohs(hdr->seq)); |
1834 delta = low32(est); | 1913 delta = low32(est); |
1835 #else | 1914 #else |
1836 est = (xtd_seq_num_t) ntohs(hdr->seq); | 1915 est = (srtp_xtd_seq_num_t) ntohs(hdr->seq); |
1837 delta = (int)est; | 1916 delta = (int)est; |
1838 #endif | 1917 #endif |
1839 } else { | 1918 } else { |
1840 | 1919 |
1841 /* | 1920 /* |
1842 * no stream corresponding to SSRC found, and we don't do | 1921 * no stream corresponding to SSRC found, and we don't do |
1843 * key-sharing, so return an error | 1922 * key-sharing, so return an error |
1844 */ | 1923 */ |
1845 return err_status_no_ctx; | 1924 return srtp_err_status_no_ctx; |
1846 } | 1925 } |
1847 } else { | 1926 } else { |
1848 | 1927 |
1849 /* estimate packet index from seq. num. in header */ | 1928 /* estimate packet index from seq. num. in header */ |
1850 delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); | 1929 delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); |
1851 | 1930 |
1852 /* check replay database */ | 1931 /* check replay database */ |
1853 status = rdbx_check(&stream->rtp_rdbx, delta); | 1932 status = srtp_rdbx_check(&stream->rtp_rdbx, delta); |
1854 if (status) | 1933 if (status) |
1855 return status; | 1934 return status; |
1856 } | 1935 } |
1857 | 1936 |
1858 #ifdef NO_64BIT_MATH | 1937 #ifdef NO_64BIT_MATH |
1859 debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est),low32
(est)); | 1938 debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est),low32
(est)); |
1860 #else | 1939 #else |
1861 debug_print(mod_srtp, "estimated u_packet index: %016llx", est); | 1940 debug_print(mod_srtp, "estimated u_packet index: %016llx", est); |
1862 #endif | 1941 #endif |
1863 | 1942 |
1864 /* | 1943 /* |
1865 * Check if this is an AEAD stream (GCM mode). If so, then dispatch | 1944 * Check if this is an AEAD stream (GCM mode). If so, then dispatch |
1866 * the request to our AEAD handler. | 1945 * the request to our AEAD handler. |
1867 */ | 1946 */ |
1868 if (stream->rtp_cipher->algorithm == AES_128_GCM || | 1947 if (stream->rtp_cipher->algorithm == SRTP_AES_128_GCM || |
1869 stream->rtp_cipher->algorithm == AES_256_GCM) { | 1948 stream->rtp_cipher->algorithm == SRTP_AES_256_GCM) { |
1870 return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, (unsigned in
t*)pkt_octet_len); | 1949 return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, (unsigned in
t*)pkt_octet_len); |
1871 } | 1950 } |
1872 | 1951 |
1873 /* get tag length from stream */ | 1952 /* get tag length from stream */ |
1874 tag_len = auth_get_tag_length(stream->rtp_auth); | 1953 tag_len = srtp_auth_get_tag_length(stream->rtp_auth); |
1875 | 1954 |
1876 /* | 1955 /* |
1877 * set the cipher's IV properly, depending on whatever cipher we | 1956 * set the cipher's IV properly, depending on whatever cipher we |
1878 * happen to be using | 1957 * happen to be using |
1879 */ | 1958 */ |
1880 if (stream->rtp_cipher->type->id == AES_ICM || | 1959 if (stream->rtp_cipher->type->id == SRTP_AES_ICM || |
1881 stream->rtp_cipher->type->id == AES_256_ICM) { | 1960 stream->rtp_cipher->type->id == SRTP_AES_256_ICM) { |
1882 | 1961 |
1883 /* aes counter mode */ | 1962 /* aes counter mode */ |
1884 iv.v32[0] = 0; | 1963 iv.v32[0] = 0; |
1885 iv.v32[1] = hdr->ssrc; /* still in network order */ | 1964 iv.v32[1] = hdr->ssrc; /* still in network order */ |
1886 #ifdef NO_64BIT_MATH | 1965 #ifdef NO_64BIT_MATH |
1887 iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), | 1966 iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), |
1888 low32(est) << 16)); | 1967 low32(est) << 16)); |
1889 #else | 1968 #else |
1890 iv.v64[1] = be64_to_cpu(est << 16); | 1969 iv.v64[1] = be64_to_cpu(est << 16); |
1891 #endif | 1970 #endif |
1892 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt); | 1971 status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_directio
n_decrypt); |
1893 if (!status && stream->rtp_xtn_hdr_cipher) { | 1972 if (!status && stream->rtp_xtn_hdr_cipher) { |
1894 status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, directio
n_decrypt); | 1973 status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srt
p_direction_decrypt); |
1895 } | 1974 } |
1896 } else { | 1975 } else { |
1897 | 1976 |
1898 /* no particular format - set the iv to the pakcet index */ | 1977 /* no particular format - set the iv to the pakcet index */ |
1899 #ifdef NO_64BIT_MATH | 1978 #ifdef NO_64BIT_MATH |
1900 iv.v32[0] = 0; | 1979 iv.v32[0] = 0; |
1901 iv.v32[1] = 0; | 1980 iv.v32[1] = 0; |
1902 #else | 1981 #else |
1903 iv.v64[0] = 0; | 1982 iv.v64[0] = 0; |
1904 #endif | 1983 #endif |
1905 iv.v64[1] = be64_to_cpu(est); | 1984 iv.v64[1] = be64_to_cpu(est); |
1906 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt); | 1985 status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_directio
n_decrypt); |
1907 if (!status && stream->rtp_xtn_hdr_cipher) { | 1986 if (!status && stream->rtp_xtn_hdr_cipher) { |
1908 status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, directio
n_decrypt); | 1987 status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srt
p_direction_decrypt); |
1909 } | 1988 } |
1910 } | 1989 } |
1911 if (status) | 1990 if (status) |
1912 return err_status_cipher_fail; | 1991 return srtp_err_status_cipher_fail; |
1913 | 1992 |
1914 /* shift est, put into network byte order */ | 1993 /* shift est, put into network byte order */ |
1915 #ifdef NO_64BIT_MATH | 1994 #ifdef NO_64BIT_MATH |
1916 est = be64_to_cpu(make64((high32(est) << 16) | | 1995 est = be64_to_cpu(make64((high32(est) << 16) | |
1917 (low32(est) >> 16), | 1996 (low32(est) >> 16), |
1918 low32(est) << 16)); | 1997 low32(est) << 16)); |
1919 #else | 1998 #else |
1920 est = be64_to_cpu(est << 16); | 1999 est = be64_to_cpu(est << 16); |
1921 #endif | 2000 #endif |
1922 | 2001 |
1923 /* | 2002 /* |
1924 * find starting point for decryption and length of data to be | 2003 * find starting point for decryption and length of data to be |
1925 * decrypted - the encrypted portion starts after the rtp header | 2004 * decrypted - the encrypted portion starts after the rtp header |
1926 * extension, if present; otherwise, it starts after the last csrc, | 2005 * extension, if present; otherwise, it starts after the last csrc, |
1927 * if any are present | 2006 * if any are present |
1928 * | 2007 * |
1929 * if we're not providing confidentiality, set enc_start to NULL | 2008 * if we're not providing confidentiality, set enc_start to NULL |
1930 */ | 2009 */ |
1931 if (stream->rtp_services & sec_serv_conf) { | 2010 if (stream->rtp_services & sec_serv_conf) { |
1932 enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; | 2011 enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; |
1933 if (hdr->x == 1) { | 2012 if (hdr->x == 1) { |
1934 xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; | 2013 xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; |
1935 enc_start += (ntohs(xtn_hdr->length) + 1); | 2014 enc_start += (ntohs(xtn_hdr->length) + 1); |
1936 } | 2015 } |
1937 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len))) | 2016 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len))) |
1938 return err_status_parse_err; | 2017 return srtp_err_status_parse_err; |
1939 enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - | 2018 enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - |
1940 ((uint8_t*)enc_start - (uint8_t*)hdr)); | 2019 ((uint8_t*)enc_start - (uint8_t*)hdr)); |
1941 } else { | 2020 } else { |
1942 enc_start = NULL; | 2021 enc_start = NULL; |
1943 } | 2022 } |
1944 | 2023 |
1945 /* | 2024 /* |
1946 * if we're providing authentication, set the auth_start and auth_tag | 2025 * if we're providing authentication, set the auth_start and auth_tag |
1947 * pointers to the proper locations; otherwise, set auth_start to NULL | 2026 * pointers to the proper locations; otherwise, set auth_start to NULL |
1948 * to indicate that no authentication is needed | 2027 * to indicate that no authentication is needed |
(...skipping 14 matching lines...) Expand all Loading... |
1963 | 2042 |
1964 /* | 2043 /* |
1965 * if we're using a universal hash, then we need to compute the | 2044 * if we're using a universal hash, then we need to compute the |
1966 * keystream prefix for encrypting the universal hash output | 2045 * keystream prefix for encrypting the universal hash output |
1967 * | 2046 * |
1968 * if the keystream prefix length is zero, then we know that | 2047 * if the keystream prefix length is zero, then we know that |
1969 * the authenticator isn't using a universal hash function | 2048 * the authenticator isn't using a universal hash function |
1970 */ | 2049 */ |
1971 if (stream->rtp_auth->prefix_len != 0) { | 2050 if (stream->rtp_auth->prefix_len != 0) { |
1972 | 2051 |
1973 prefix_len = auth_get_prefix_length(stream->rtp_auth); | 2052 prefix_len = srtp_auth_get_prefix_length(stream->rtp_auth); |
1974 status = cipher_output(stream->rtp_cipher, tmp_tag, prefix_len); | 2053 status = srtp_cipher_output(stream->rtp_cipher, tmp_tag, &prefix_len); |
1975 debug_print(mod_srtp, "keystream prefix: %s", | 2054 debug_print(mod_srtp, "keystream prefix: %s", |
1976 » » octet_string_hex_string(tmp_tag, prefix_len)); | 2055 » » srtp_octet_string_hex_string(tmp_tag, prefix_len)); |
1977 if (status) | 2056 if (status) |
1978 » return err_status_cipher_fail; | 2057 » return srtp_err_status_cipher_fail; |
1979 } | 2058 } |
1980 | 2059 |
1981 /* initialize auth func context */ | 2060 /* initialize auth func context */ |
1982 status = auth_start(stream->rtp_auth); | 2061 status = srtp_auth_start(stream->rtp_auth); |
1983 if (status) return status; | 2062 if (status) return status; |
1984 | 2063 |
1985 /* now compute auth function over packet */ | 2064 /* now compute auth function over packet */ |
1986 status = auth_update(stream->rtp_auth, (uint8_t *)auth_start, | 2065 status = srtp_auth_update(stream->rtp_auth, (uint8_t *)auth_start, |
1987 *pkt_octet_len - tag_len); | 2066 *pkt_octet_len - tag_len); |
1988 | 2067 |
1989 /* run auth func over ROC, then write tmp tag */ | 2068 /* run auth func over ROC, then write tmp tag */ |
1990 status = auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, tmp_tag); | 2069 status = srtp_auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, tmp_tag); |
1991 | 2070 |
1992 debug_print(mod_srtp, "computed auth tag: %s", | 2071 debug_print(mod_srtp, "computed auth tag: %s", |
1993 » » octet_string_hex_string(tmp_tag, tag_len)); | 2072 » » srtp_octet_string_hex_string(tmp_tag, tag_len)); |
1994 debug_print(mod_srtp, "packet auth tag: %s", | 2073 debug_print(mod_srtp, "packet auth tag: %s", |
1995 » » octet_string_hex_string(auth_tag, tag_len)); | 2074 » » srtp_octet_string_hex_string(auth_tag, tag_len)); |
1996 if (status) | 2075 if (status) |
1997 return err_status_auth_fail; | 2076 return srtp_err_status_auth_fail; |
1998 | 2077 |
1999 if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) | 2078 if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) |
2000 return err_status_auth_fail; | 2079 return srtp_err_status_auth_fail; |
2001 } | 2080 } |
2002 | 2081 |
2003 /* | 2082 /* |
2004 * update the key usage limit, and check it to make sure that we | 2083 * update the key usage limit, and check it to make sure that we |
2005 * didn't just hit either the soft limit or the hard limit, and call | 2084 * didn't just hit either the soft limit or the hard limit, and call |
2006 * the event handler if we hit either. | 2085 * the event handler if we hit either. |
2007 */ | 2086 */ |
2008 switch(key_limit_update(stream->limit)) { | 2087 switch(srtp_key_limit_update(stream->limit)) { |
2009 case key_event_normal: | 2088 case srtp_key_event_normal: |
2010 break; | 2089 break; |
2011 case key_event_soft_limit: | 2090 case srtp_key_event_soft_limit: |
2012 srtp_handle_event(ctx, stream, event_key_soft_limit); | 2091 srtp_handle_event(ctx, stream, event_key_soft_limit); |
2013 break; | 2092 break; |
2014 case key_event_hard_limit: | 2093 case srtp_key_event_hard_limit: |
2015 srtp_handle_event(ctx, stream, event_key_hard_limit); | 2094 srtp_handle_event(ctx, stream, event_key_hard_limit); |
2016 return err_status_key_expired; | 2095 return srtp_err_status_key_expired; |
2017 default: | 2096 default: |
2018 break; | 2097 break; |
2019 } | 2098 } |
2020 | 2099 |
2021 if (xtn_hdr && stream->rtp_xtn_hdr_cipher) { | 2100 if (xtn_hdr && stream->rtp_xtn_hdr_cipher) { |
2022 /* | 2101 /* |
2023 * extensions header encryption RFC 6904 | 2102 * extensions header encryption RFC 6904 |
2024 */ | 2103 */ |
2025 status = srtp_process_header_encryption(stream, xtn_hdr); | 2104 status = srtp_process_header_encryption(stream, xtn_hdr); |
2026 if (status) { | 2105 if (status) { |
2027 return status; | 2106 return status; |
2028 } | 2107 } |
2029 } | 2108 } |
2030 | 2109 |
2031 /* if we're decrypting, add keystream into ciphertext */ | 2110 /* if we're decrypting, add keystream into ciphertext */ |
2032 if (enc_start) { | 2111 if (enc_start) { |
2033 status = cipher_decrypt(stream->rtp_cipher, | 2112 status = srtp_cipher_decrypt(stream->rtp_cipher, (uint8_t *)enc_start, &enc_
octet_len); |
2034 » » » (uint8_t *)enc_start, &enc_octet_len); | |
2035 if (status) | 2113 if (status) |
2036 return err_status_cipher_fail; | 2114 return srtp_err_status_cipher_fail; |
2037 } | 2115 } |
2038 | 2116 |
2039 /* | 2117 /* |
2040 * verify that stream is for received traffic - this check will | 2118 * verify that stream is for received traffic - this check will |
2041 * detect SSRC collisions, since a stream that appears in both | 2119 * detect SSRC collisions, since a stream that appears in both |
2042 * srtp_protect() and srtp_unprotect() will fail this test in one of | 2120 * srtp_protect() and srtp_unprotect() will fail this test in one of |
2043 * those functions. | 2121 * those functions. |
2044 * | 2122 * |
2045 * we do this check *after* the authentication check, so that the | 2123 * we do this check *after* the authentication check, so that the |
2046 * latter check will catch any attempts to fool us into thinking | 2124 * latter check will catch any attempts to fool us into thinking |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2078 ctx->stream_list = new_stream; | 2156 ctx->stream_list = new_stream; |
2079 | 2157 |
2080 /* set stream (the pointer used in this function) */ | 2158 /* set stream (the pointer used in this function) */ |
2081 stream = new_stream; | 2159 stream = new_stream; |
2082 } | 2160 } |
2083 | 2161 |
2084 /* | 2162 /* |
2085 * the message authentication function passed, so add the packet | 2163 * the message authentication function passed, so add the packet |
2086 * index into the replay database | 2164 * index into the replay database |
2087 */ | 2165 */ |
2088 rdbx_add_index(&stream->rtp_rdbx, delta); | 2166 srtp_rdbx_add_index(&stream->rtp_rdbx, delta); |
2089 | 2167 |
2090 /* decrease the packet length by the length of the auth tag */ | 2168 /* decrease the packet length by the length of the auth tag */ |
2091 *pkt_octet_len -= tag_len; | 2169 *pkt_octet_len -= tag_len; |
2092 | 2170 |
2093 return err_status_ok; | 2171 return srtp_err_status_ok; |
2094 } | 2172 } |
2095 | 2173 |
2096 err_status_t | 2174 srtp_err_status_t |
2097 srtp_init() { | 2175 srtp_init() { |
2098 err_status_t status; | 2176 srtp_err_status_t status; |
2099 | 2177 |
2100 /* initialize crypto kernel */ | 2178 /* initialize crypto kernel */ |
2101 status = crypto_kernel_init(); | 2179 status = srtp_crypto_kernel_init(); |
2102 if (status) | 2180 if (status) |
2103 return status; | 2181 return status; |
2104 | 2182 |
2105 /* load srtp debug module into the kernel */ | 2183 /* load srtp debug module into the kernel */ |
2106 status = crypto_kernel_load_debug_module(&mod_srtp); | 2184 status = srtp_crypto_kernel_load_debug_module(&mod_srtp); |
2107 if (status) | 2185 if (status) |
2108 return status; | 2186 return status; |
2109 | 2187 |
2110 return err_status_ok; | 2188 return srtp_err_status_ok; |
2111 } | 2189 } |
2112 | 2190 |
2113 err_status_t | 2191 srtp_err_status_t |
2114 srtp_shutdown() { | 2192 srtp_shutdown() { |
2115 err_status_t status; | 2193 srtp_err_status_t status; |
2116 | 2194 |
2117 /* shut down crypto kernel */ | 2195 /* shut down crypto kernel */ |
2118 status = crypto_kernel_shutdown(); | 2196 status = srtp_crypto_kernel_shutdown(); |
2119 if (status) | 2197 if (status) |
2120 return status; | 2198 return status; |
2121 | 2199 |
2122 /* shutting down crypto kernel frees the srtp debug module as well */ | 2200 /* shutting down crypto kernel frees the srtp debug module as well */ |
2123 | 2201 |
2124 return err_status_ok; | 2202 return srtp_err_status_ok; |
2125 } | 2203 } |
2126 | 2204 |
2127 | 2205 |
2128 /* | 2206 /* |
2129 * The following code is under consideration for removal. See | 2207 * The following code is under consideration for removal. See |
2130 * SRTP_MAX_TRAILER_LEN | 2208 * SRTP_MAX_TRAILER_LEN |
2131 */ | 2209 */ |
2132 #if 0 | 2210 #if 0 |
2133 | 2211 |
2134 /* | 2212 /* |
2135 * srtp_get_trailer_length(&a) returns the number of octets that will | 2213 * srtp_get_trailer_length(&a) returns the number of octets that will |
2136 * be added to an RTP packet by the SRTP processing. This value | 2214 * be added to an RTP packet by the SRTP processing. This value |
2137 * is constant for a given srtp_stream_t (i.e. between initializations). | 2215 * is constant for a given srtp_stream_t (i.e. between initializations). |
2138 */ | 2216 */ |
2139 | 2217 |
2140 int | 2218 int |
2141 srtp_get_trailer_length(const srtp_stream_t s) { | 2219 srtp_get_trailer_length(const srtp_stream_t s) { |
2142 return auth_get_tag_length(s->rtp_auth); | 2220 return srtp_auth_get_tag_length(s->rtp_auth); |
2143 } | 2221 } |
2144 | 2222 |
2145 #endif | 2223 #endif |
2146 | 2224 |
2147 /* | 2225 /* |
2148 * srtp_get_stream(ssrc) returns a pointer to the stream corresponding | 2226 * srtp_get_stream(ssrc) returns a pointer to the stream corresponding |
2149 * to ssrc, or NULL if no stream exists for that ssrc | 2227 * to ssrc, or NULL if no stream exists for that ssrc |
2150 * | 2228 * |
2151 * this is an internal function | 2229 * this is an internal function |
2152 */ | 2230 */ |
2153 | 2231 |
2154 srtp_stream_ctx_t * | 2232 srtp_stream_ctx_t * |
2155 srtp_get_stream(srtp_t srtp, uint32_t ssrc) { | 2233 srtp_get_stream(srtp_t srtp, uint32_t ssrc) { |
2156 srtp_stream_ctx_t *stream; | 2234 srtp_stream_ctx_t *stream; |
2157 | 2235 |
2158 /* walk down list until ssrc is found */ | 2236 /* walk down list until ssrc is found */ |
2159 stream = srtp->stream_list; | 2237 stream = srtp->stream_list; |
2160 while (stream != NULL) { | 2238 while (stream != NULL) { |
2161 if (stream->ssrc == ssrc) | 2239 if (stream->ssrc == ssrc) |
2162 return stream; | 2240 return stream; |
2163 stream = stream->next; | 2241 stream = stream->next; |
2164 } | 2242 } |
2165 | 2243 |
2166 /* we haven't found our ssrc, so return a null */ | 2244 /* we haven't found our ssrc, so return a null */ |
2167 return NULL; | 2245 return NULL; |
2168 } | 2246 } |
2169 | 2247 |
2170 err_status_t | 2248 srtp_err_status_t |
2171 srtp_dealloc(srtp_t session) { | 2249 srtp_dealloc(srtp_t session) { |
2172 srtp_stream_ctx_t *stream; | 2250 srtp_stream_ctx_t *stream; |
2173 err_status_t status; | 2251 srtp_err_status_t status; |
2174 | 2252 |
2175 /* | 2253 /* |
2176 * we take a conservative deallocation strategy - if we encounter an | 2254 * we take a conservative deallocation strategy - if we encounter an |
2177 * error deallocating a stream, then we stop trying to deallocate | 2255 * error deallocating a stream, then we stop trying to deallocate |
2178 * memory and just return an error | 2256 * memory and just return an error |
2179 */ | 2257 */ |
2180 | 2258 |
2181 /* walk list of streams, deallocating as we go */ | 2259 /* walk list of streams, deallocating as we go */ |
2182 stream = session->stream_list; | 2260 stream = session->stream_list; |
2183 while (stream != NULL) { | 2261 while (stream != NULL) { |
2184 srtp_stream_t next = stream->next; | 2262 srtp_stream_t next = stream->next; |
2185 status = srtp_stream_dealloc(session, stream); | 2263 status = srtp_stream_dealloc(stream, session->stream_template); |
2186 if (status) | 2264 if (status) |
2187 return status; | 2265 return status; |
2188 stream = next; | 2266 stream = next; |
2189 } | 2267 } |
2190 | 2268 |
2191 /* deallocate stream template, if there is one */ | 2269 /* deallocate stream template, if there is one */ |
2192 if (session->stream_template != NULL) { | 2270 if (session->stream_template != NULL) { |
2193 status = auth_dealloc(session->stream_template->rtcp_auth); | 2271 status = srtp_stream_dealloc(session->stream_template, NULL); |
2194 if (status) | |
2195 return status; | |
2196 status = cipher_dealloc(session->stream_template->rtcp_cipher); | |
2197 if (status) | |
2198 return status; | |
2199 crypto_free(session->stream_template->limit); | |
2200 status = cipher_dealloc(session->stream_template->rtp_cipher); | |
2201 if (status) | |
2202 return status; | |
2203 status = auth_dealloc(session->stream_template->rtp_auth); | |
2204 if (status) | 2272 if (status) |
2205 return status; | 2273 return status; |
2206 status = rdbx_dealloc(&session->stream_template->rtp_rdbx); | |
2207 if (status) | |
2208 return status; | |
2209 crypto_free(session->stream_template); | |
2210 } | 2274 } |
2211 | 2275 |
2212 /* deallocate session context */ | 2276 /* deallocate session context */ |
2213 crypto_free(session); | 2277 srtp_crypto_free(session); |
2214 | 2278 |
2215 return err_status_ok; | 2279 return srtp_err_status_ok; |
2216 } | 2280 } |
2217 | 2281 |
2218 | 2282 |
2219 err_status_t | 2283 srtp_err_status_t |
2220 srtp_add_stream(srtp_t session, | 2284 srtp_add_stream(srtp_t session, |
2221 const srtp_policy_t *policy) { | 2285 const srtp_policy_t *policy) { |
2222 err_status_t status; | 2286 srtp_err_status_t status; |
2223 srtp_stream_t tmp; | 2287 srtp_stream_t tmp; |
2224 | 2288 |
2225 /* sanity check arguments */ | 2289 /* sanity check arguments */ |
2226 if ((session == NULL) || (policy == NULL) || (policy->key == NULL)) | 2290 if ((session == NULL) || (policy == NULL) || (policy->key == NULL)) |
2227 return err_status_bad_param; | 2291 return srtp_err_status_bad_param; |
2228 | 2292 |
2229 /* allocate stream */ | 2293 /* allocate stream */ |
2230 status = srtp_stream_alloc(&tmp, policy); | 2294 status = srtp_stream_alloc(&tmp, policy); |
2231 if (status) { | 2295 if (status) { |
2232 return status; | 2296 return status; |
2233 } | 2297 } |
2234 | 2298 |
2235 /* initialize stream */ | 2299 /* initialize stream */ |
2236 status = srtp_stream_init(tmp, policy); | 2300 status = srtp_stream_init(tmp, policy); |
2237 if (status) { | 2301 if (status) { |
2238 crypto_free(tmp); | 2302 srtp_crypto_free(tmp); |
2239 return status; | 2303 return status; |
2240 } | 2304 } |
2241 | 2305 |
2242 /* | 2306 /* |
2243 * set the head of the stream list or the template to point to the | 2307 * set the head of the stream list or the template to point to the |
2244 * stream that we've just alloced and init'ed, depending on whether | 2308 * stream that we've just alloced and init'ed, depending on whether |
2245 * or not it has a wildcard SSRC value or not | 2309 * or not it has a wildcard SSRC value or not |
2246 * | 2310 * |
2247 * if the template stream has already been set, then the policy is | 2311 * if the template stream has already been set, then the policy is |
2248 * inconsistent, so we return a bad_param error code | 2312 * inconsistent, so we return a bad_param error code |
2249 */ | 2313 */ |
2250 switch (policy->ssrc.type) { | 2314 switch (policy->ssrc.type) { |
2251 case (ssrc_any_outbound): | 2315 case (ssrc_any_outbound): |
2252 if (session->stream_template) { | 2316 if (session->stream_template) { |
2253 return err_status_bad_param; | 2317 return srtp_err_status_bad_param; |
2254 } | 2318 } |
2255 session->stream_template = tmp; | 2319 session->stream_template = tmp; |
2256 session->stream_template->direction = dir_srtp_sender; | 2320 session->stream_template->direction = dir_srtp_sender; |
2257 break; | 2321 break; |
2258 case (ssrc_any_inbound): | 2322 case (ssrc_any_inbound): |
2259 if (session->stream_template) { | 2323 if (session->stream_template) { |
2260 return err_status_bad_param; | 2324 return srtp_err_status_bad_param; |
2261 } | 2325 } |
2262 session->stream_template = tmp; | 2326 session->stream_template = tmp; |
2263 session->stream_template->direction = dir_srtp_receiver; | 2327 session->stream_template->direction = dir_srtp_receiver; |
2264 break; | 2328 break; |
2265 case (ssrc_specific): | 2329 case (ssrc_specific): |
2266 tmp->next = session->stream_list; | 2330 tmp->next = session->stream_list; |
2267 session->stream_list = tmp; | 2331 session->stream_list = tmp; |
2268 break; | 2332 break; |
2269 case (ssrc_undefined): | 2333 case (ssrc_undefined): |
2270 default: | 2334 default: |
2271 crypto_free(tmp); | 2335 srtp_crypto_free(tmp); |
2272 return err_status_bad_param; | 2336 return srtp_err_status_bad_param; |
2273 } | 2337 } |
2274 | 2338 |
2275 return err_status_ok; | 2339 return srtp_err_status_ok; |
2276 } | 2340 } |
2277 | 2341 |
2278 | 2342 |
2279 err_status_t | 2343 srtp_err_status_t |
2280 srtp_create(srtp_t *session, /* handle for session */ | 2344 srtp_create(srtp_t *session, /* handle for session */ |
2281 const srtp_policy_t *policy) { /* SRTP policy (list) */ | 2345 const srtp_policy_t *policy) { /* SRTP policy (list) */ |
2282 err_status_t stat; | 2346 srtp_err_status_t stat; |
2283 srtp_ctx_t *ctx; | 2347 srtp_ctx_t *ctx; |
2284 | 2348 |
2285 /* sanity check arguments */ | 2349 /* sanity check arguments */ |
2286 if (session == NULL) | 2350 if (session == NULL) |
2287 return err_status_bad_param; | 2351 return srtp_err_status_bad_param; |
2288 | 2352 |
2289 /* allocate srtp context and set ctx_ptr */ | 2353 /* allocate srtp context and set ctx_ptr */ |
2290 ctx = (srtp_ctx_t *) crypto_alloc(sizeof(srtp_ctx_t)); | 2354 ctx = (srtp_ctx_t *) srtp_crypto_alloc(sizeof(srtp_ctx_t)); |
2291 if (ctx == NULL) | 2355 if (ctx == NULL) |
2292 return err_status_alloc_fail; | 2356 return srtp_err_status_alloc_fail; |
2293 *session = ctx; | 2357 *session = ctx; |
2294 | 2358 |
2295 /* | 2359 /* |
2296 * loop over elements in the policy list, allocating and | 2360 * loop over elements in the policy list, allocating and |
2297 * initializing a stream for each element | 2361 * initializing a stream for each element |
2298 */ | 2362 */ |
2299 ctx->stream_template = NULL; | 2363 ctx->stream_template = NULL; |
2300 ctx->stream_list = NULL; | 2364 ctx->stream_list = NULL; |
2301 ctx->user_data = NULL; | 2365 ctx->user_data = NULL; |
2302 while (policy != NULL) { | 2366 while (policy != NULL) { |
2303 | 2367 |
2304 stat = srtp_add_stream(ctx, policy); | 2368 stat = srtp_add_stream(ctx, policy); |
2305 if (stat) { | 2369 if (stat) { |
2306 /* clean up everything */ | 2370 /* clean up everything */ |
2307 srtp_dealloc(*session); | 2371 srtp_dealloc(*session); |
| 2372 *session = NULL; |
2308 return stat; | 2373 return stat; |
2309 } | 2374 } |
2310 | 2375 |
2311 /* set policy to next item in list */ | 2376 /* set policy to next item in list */ |
2312 policy = policy->next; | 2377 policy = policy->next; |
2313 } | 2378 } |
2314 | 2379 |
2315 return err_status_ok; | 2380 return srtp_err_status_ok; |
2316 } | 2381 } |
2317 | 2382 |
2318 | 2383 |
2319 err_status_t | 2384 srtp_err_status_t |
2320 srtp_remove_stream(srtp_t session, uint32_t ssrc) { | 2385 srtp_remove_stream(srtp_t session, uint32_t ssrc) { |
2321 srtp_stream_ctx_t *stream, *last_stream; | 2386 srtp_stream_ctx_t *stream, *last_stream; |
2322 err_status_t status; | 2387 srtp_err_status_t status; |
2323 | 2388 |
2324 /* sanity check arguments */ | 2389 /* sanity check arguments */ |
2325 if (session == NULL) | 2390 if (session == NULL) |
2326 return err_status_bad_param; | 2391 return srtp_err_status_bad_param; |
2327 | 2392 |
2328 /* find stream in list; complain if not found */ | 2393 /* find stream in list; complain if not found */ |
2329 last_stream = stream = session->stream_list; | 2394 last_stream = stream = session->stream_list; |
2330 while ((stream != NULL) && (ssrc != stream->ssrc)) { | 2395 while ((stream != NULL) && (ssrc != stream->ssrc)) { |
2331 last_stream = stream; | 2396 last_stream = stream; |
2332 stream = stream->next; | 2397 stream = stream->next; |
2333 } | 2398 } |
2334 if (stream == NULL) | 2399 if (stream == NULL) |
2335 return err_status_no_ctx; | 2400 return srtp_err_status_no_ctx; |
2336 | 2401 |
2337 /* remove stream from the list */ | 2402 /* remove stream from the list */ |
2338 if (last_stream == stream) | 2403 if (last_stream == stream) |
2339 /* stream was first in list */ | 2404 /* stream was first in list */ |
2340 session->stream_list = stream->next; | 2405 session->stream_list = stream->next; |
2341 else | 2406 else |
2342 last_stream->next = stream->next; | 2407 last_stream->next = stream->next; |
2343 | 2408 |
2344 /* deallocate the stream */ | 2409 /* deallocate the stream */ |
2345 status = srtp_stream_dealloc(session, stream); | 2410 status = srtp_stream_dealloc(stream, session->stream_template); |
2346 if (status) | 2411 if (status) |
2347 return status; | 2412 return status; |
2348 | 2413 |
2349 return err_status_ok; | 2414 return srtp_err_status_ok; |
2350 } | 2415 } |
2351 | 2416 |
2352 | 2417 |
| 2418 srtp_err_status_t |
| 2419 srtp_update(srtp_t session, const srtp_policy_t *policy) { |
| 2420 srtp_err_status_t stat; |
| 2421 |
| 2422 /* sanity check arguments */ |
| 2423 if ((session == NULL) || (policy == NULL) || (policy->key == NULL)) { |
| 2424 return srtp_err_status_bad_param; |
| 2425 } |
| 2426 |
| 2427 while (policy != NULL) { |
| 2428 stat = srtp_update_stream(session, policy); |
| 2429 if (stat) { |
| 2430 return stat; |
| 2431 } |
| 2432 |
| 2433 /* set policy to next item in list */ |
| 2434 policy = policy->next; |
| 2435 } |
| 2436 return srtp_err_status_ok; |
| 2437 } |
| 2438 |
| 2439 |
| 2440 static srtp_err_status_t |
| 2441 update_template_streams(srtp_t session, const srtp_policy_t *policy) { |
| 2442 srtp_err_status_t status; |
| 2443 srtp_stream_t new_stream_template; |
| 2444 srtp_stream_t new_stream_list = NULL; |
| 2445 |
| 2446 if (session->stream_template == NULL) { |
| 2447 return srtp_err_status_bad_param; |
| 2448 } |
| 2449 |
| 2450 /* allocate new template stream */ |
| 2451 status = srtp_stream_alloc(&new_stream_template, policy); |
| 2452 if (status) { |
| 2453 return status; |
| 2454 } |
| 2455 |
| 2456 /* initialize new template stream */ |
| 2457 status = srtp_stream_init(new_stream_template, policy); |
| 2458 if (status) { |
| 2459 srtp_crypto_free(new_stream_template); |
| 2460 return status; |
| 2461 } |
| 2462 |
| 2463 /* for all old templated streams */ |
| 2464 for (;;) { |
| 2465 srtp_stream_t stream; |
| 2466 uint32_t ssrc; |
| 2467 srtp_xtd_seq_num_t old_index; |
| 2468 srtp_rdb_t old_rtcp_rdb; |
| 2469 |
| 2470 stream = session->stream_list; |
| 2471 while ((stream != NULL) && (stream->rtp_auth != session->stream_template->rt
p_auth)) { |
| 2472 stream = stream->next; |
| 2473 } |
| 2474 if (stream == NULL) { |
| 2475 /* no more templated streams */ |
| 2476 break; |
| 2477 } |
| 2478 |
| 2479 /* save old extendard seq */ |
| 2480 ssrc = stream->ssrc; |
| 2481 old_index = stream->rtp_rdbx.index; |
| 2482 old_rtcp_rdb = stream->rtcp_rdb; |
| 2483 |
| 2484 /* remove stream */ |
| 2485 status = srtp_remove_stream(session, ssrc); |
| 2486 if (status) { |
| 2487 /* free new allocations */ |
| 2488 while (new_stream_list != NULL) { |
| 2489 srtp_stream_t next = new_stream_list->next; |
| 2490 srtp_stream_dealloc(new_stream_list, new_stream_template); |
| 2491 new_stream_list = next; |
| 2492 } |
| 2493 srtp_stream_dealloc(new_stream_template, NULL); |
| 2494 return status; |
| 2495 } |
| 2496 |
| 2497 /* allocate and initialize a new stream */ |
| 2498 status = srtp_stream_clone(new_stream_template, ssrc, &stream); |
| 2499 if (status) { |
| 2500 /* free new allocations */ |
| 2501 while (new_stream_list != NULL) { |
| 2502 srtp_stream_t next = new_stream_list->next; |
| 2503 srtp_stream_dealloc(new_stream_list, new_stream_template); |
| 2504 new_stream_list = next; |
| 2505 } |
| 2506 srtp_stream_dealloc(new_stream_template, NULL); |
| 2507 return status; |
| 2508 } |
| 2509 |
| 2510 /* add new stream to the head of the new_stream_list */ |
| 2511 stream->next = new_stream_list; |
| 2512 new_stream_list = stream; |
| 2513 |
| 2514 /* restore old extended seq */ |
| 2515 stream->rtp_rdbx.index = old_index; |
| 2516 stream->rtcp_rdb = old_rtcp_rdb; |
| 2517 } |
| 2518 /* dealloc old template */ |
| 2519 srtp_stream_dealloc(session->stream_template, NULL); |
| 2520 /* set new template */ |
| 2521 session->stream_template = new_stream_template; |
| 2522 /* add new list */ |
| 2523 if (new_stream_list) { |
| 2524 srtp_stream_t tail = new_stream_list; |
| 2525 while (tail->next) { |
| 2526 tail = tail->next; |
| 2527 } |
| 2528 tail->next = session->stream_list; |
| 2529 session->stream_list = new_stream_list; |
| 2530 } |
| 2531 return status; |
| 2532 } |
| 2533 |
| 2534 |
| 2535 static srtp_err_status_t |
| 2536 update_stream(srtp_t session, const srtp_policy_t *policy) { |
| 2537 srtp_err_status_t status; |
| 2538 srtp_xtd_seq_num_t old_index; |
| 2539 srtp_rdb_t old_rtcp_rdb; |
| 2540 srtp_stream_t stream; |
| 2541 |
| 2542 stream = srtp_get_stream(session, policy->ssrc.value); |
| 2543 if (stream == NULL) { |
| 2544 return srtp_err_status_bad_param; |
| 2545 } |
| 2546 |
| 2547 /* save old extendard seq */ |
| 2548 old_index = stream->rtp_rdbx.index; |
| 2549 old_rtcp_rdb = stream->rtcp_rdb; |
| 2550 |
| 2551 status = srtp_remove_stream(session, policy->ssrc.value); |
| 2552 if (status) { |
| 2553 return status; |
| 2554 } |
| 2555 |
| 2556 status = srtp_add_stream(session, policy); |
| 2557 if (status) { |
| 2558 return status; |
| 2559 } |
| 2560 |
| 2561 stream = srtp_get_stream(session, policy->ssrc.value); |
| 2562 if (stream == NULL) { |
| 2563 return srtp_err_status_fail; |
| 2564 } |
| 2565 |
| 2566 /* restore old extended seq */ |
| 2567 stream->rtp_rdbx.index = old_index; |
| 2568 stream->rtcp_rdb = old_rtcp_rdb; |
| 2569 |
| 2570 return srtp_err_status_ok; |
| 2571 } |
| 2572 |
| 2573 |
| 2574 srtp_err_status_t |
| 2575 srtp_update_stream(srtp_t session, const srtp_policy_t *policy) { |
| 2576 srtp_err_status_t status; |
| 2577 |
| 2578 /* sanity check arguments */ |
| 2579 if ((session == NULL) || (policy == NULL) || (policy->key == NULL)) |
| 2580 return srtp_err_status_bad_param; |
| 2581 |
| 2582 switch (policy->ssrc.type) { |
| 2583 case (ssrc_any_outbound): |
| 2584 case (ssrc_any_inbound): |
| 2585 status = update_template_streams(session, policy); |
| 2586 break; |
| 2587 case (ssrc_specific): |
| 2588 status = update_stream(session, policy); |
| 2589 break; |
| 2590 case (ssrc_undefined): |
| 2591 default: |
| 2592 return srtp_err_status_bad_param; |
| 2593 } |
| 2594 |
| 2595 return status; |
| 2596 } |
| 2597 |
| 2598 |
2353 /* | 2599 /* |
2354 * the default policy - provides a convenient way for callers to use | 2600 * the default policy - provides a convenient way for callers to use |
2355 * the default security policy | 2601 * the default security policy |
2356 * | 2602 * |
2357 * this policy is that defined in the current SRTP internet draft. | 2603 * this policy is that defined in the current SRTP internet draft. |
2358 * | 2604 * |
2359 */ | 2605 */ |
2360 | 2606 |
2361 /* | 2607 /* |
2362 * NOTE: cipher_key_len is really key len (128 bits) plus salt len | 2608 * NOTE: cipher_key_len is really key len (128 bits) plus salt len |
2363 * (112 bits) | 2609 * (112 bits) |
2364 */ | 2610 */ |
2365 /* There are hard-coded 16's for base_key_len in the key generation code */ | 2611 /* There are hard-coded 16's for base_key_len in the key generation code */ |
2366 | 2612 |
2367 void | 2613 void |
2368 crypto_policy_set_rtp_default(crypto_policy_t *p) { | 2614 srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p) { |
2369 | 2615 |
2370 p->cipher_type = AES_ICM; | 2616 p->cipher_type = SRTP_AES_ICM; |
2371 p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */ | 2617 p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */ |
2372 p->auth_type = HMAC_SHA1; | 2618 p->auth_type = SRTP_HMAC_SHA1; |
2373 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ | 2619 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ |
2374 p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ | 2620 p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ |
2375 p->sec_serv = sec_serv_conf_and_auth; | 2621 p->sec_serv = sec_serv_conf_and_auth; |
2376 | 2622 |
2377 } | 2623 } |
2378 | 2624 |
2379 void | 2625 void |
2380 crypto_policy_set_rtcp_default(crypto_policy_t *p) { | 2626 srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p) { |
2381 | 2627 |
2382 p->cipher_type = AES_ICM; | 2628 p->cipher_type = SRTP_AES_ICM; |
2383 p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */ | 2629 p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */ |
2384 p->auth_type = HMAC_SHA1; | 2630 p->auth_type = SRTP_HMAC_SHA1; |
2385 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ | 2631 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ |
2386 p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ | 2632 p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ |
2387 p->sec_serv = sec_serv_conf_and_auth; | 2633 p->sec_serv = sec_serv_conf_and_auth; |
2388 | 2634 |
2389 } | 2635 } |
2390 | 2636 |
2391 void | 2637 void |
2392 crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p) { | 2638 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p) { |
2393 | 2639 |
2394 /* | 2640 /* |
2395 * corresponds to RFC 4568 | 2641 * corresponds to RFC 4568 |
2396 * | 2642 * |
2397 * note that this crypto policy is intended for SRTP, but not SRTCP | 2643 * note that this crypto policy is intended for SRTP, but not SRTCP |
2398 */ | 2644 */ |
2399 | 2645 |
2400 p->cipher_type = AES_ICM; | 2646 p->cipher_type = SRTP_AES_ICM; |
2401 p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */ | 2647 p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */ |
2402 p->auth_type = HMAC_SHA1; | 2648 p->auth_type = SRTP_HMAC_SHA1; |
2403 p->auth_key_len = 20; /* 160 bit key */ | 2649 p->auth_key_len = 20; /* 160 bit key */ |
2404 p->auth_tag_len = 4; /* 32 bit tag */ | 2650 p->auth_tag_len = 4; /* 32 bit tag */ |
2405 p->sec_serv = sec_serv_conf_and_auth; | 2651 p->sec_serv = sec_serv_conf_and_auth; |
2406 | 2652 |
2407 } | 2653 } |
2408 | 2654 |
2409 | 2655 |
2410 void | 2656 void |
2411 crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p) { | 2657 srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p) { |
2412 | 2658 |
2413 /* | 2659 /* |
2414 * corresponds to RFC 4568 | 2660 * corresponds to RFC 4568 |
2415 * | 2661 * |
2416 * note that this crypto policy is intended for SRTP, but not SRTCP | 2662 * note that this crypto policy is intended for SRTP, but not SRTCP |
2417 */ | 2663 */ |
2418 | 2664 |
2419 p->cipher_type = AES_ICM; | 2665 p->cipher_type = SRTP_AES_ICM; |
2420 p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */ | 2666 p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */ |
2421 p->auth_type = NULL_AUTH; | 2667 p->auth_type = SRTP_NULL_AUTH; |
2422 p->auth_key_len = 0; | 2668 p->auth_key_len = 0; |
2423 p->auth_tag_len = 0; | 2669 p->auth_tag_len = 0; |
2424 p->sec_serv = sec_serv_conf; | 2670 p->sec_serv = sec_serv_conf; |
2425 | 2671 |
2426 } | 2672 } |
2427 | 2673 |
2428 | 2674 |
2429 void | 2675 void |
2430 crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p) { | 2676 srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p) { |
2431 | 2677 |
2432 /* | 2678 /* |
2433 * corresponds to RFC 4568 | 2679 * corresponds to RFC 4568 |
2434 */ | 2680 */ |
2435 | 2681 |
2436 p->cipher_type = NULL_CIPHER; | 2682 p->cipher_type = SRTP_NULL_CIPHER; |
2437 p->cipher_key_len = 0; | 2683 p->cipher_key_len = 0; |
2438 p->auth_type = HMAC_SHA1; | 2684 p->auth_type = SRTP_HMAC_SHA1; |
2439 p->auth_key_len = 20; | 2685 p->auth_key_len = 20; |
2440 p->auth_tag_len = 10; | 2686 p->auth_tag_len = 10; |
2441 p->sec_serv = sec_serv_auth; | 2687 p->sec_serv = sec_serv_auth; |
2442 | 2688 |
2443 } | 2689 } |
2444 | 2690 |
| 2691 void |
| 2692 srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p) { |
| 2693 |
| 2694 /* |
| 2695 * Should only be used for testing |
| 2696 */ |
| 2697 |
| 2698 p->cipher_type = SRTP_NULL_CIPHER; |
| 2699 p->cipher_key_len = 0; |
| 2700 p->auth_type = SRTP_NULL_AUTH; |
| 2701 p->auth_key_len = 0; |
| 2702 p->auth_tag_len = 0; |
| 2703 p->sec_serv = sec_serv_none; |
| 2704 |
| 2705 } |
| 2706 |
2445 | 2707 |
2446 void | 2708 void |
2447 crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p) { | 2709 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p) { |
2448 | 2710 |
2449 /* | 2711 /* |
2450 * corresponds to draft-ietf-avt-big-aes-03.txt | 2712 * corresponds to draft-ietf-avt-big-aes-03.txt |
2451 */ | 2713 */ |
2452 | 2714 |
2453 p->cipher_type = AES_ICM; | 2715 p->cipher_type = SRTP_AES_ICM; |
2454 p->cipher_key_len = 46; | 2716 p->cipher_key_len = 46; |
2455 p->auth_type = HMAC_SHA1; | 2717 p->auth_type = SRTP_HMAC_SHA1; |
2456 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ | 2718 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ |
2457 p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ | 2719 p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ |
2458 p->sec_serv = sec_serv_conf_and_auth; | 2720 p->sec_serv = sec_serv_conf_and_auth; |
2459 } | 2721 } |
2460 | 2722 |
2461 | 2723 |
2462 void | 2724 void |
2463 crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p) { | 2725 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p) { |
2464 | 2726 |
2465 /* | 2727 /* |
2466 * corresponds to draft-ietf-avt-big-aes-03.txt | 2728 * corresponds to draft-ietf-avt-big-aes-03.txt |
2467 * | 2729 * |
2468 * note that this crypto policy is intended for SRTP, but not SRTCP | 2730 * note that this crypto policy is intended for SRTP, but not SRTCP |
2469 */ | 2731 */ |
2470 | 2732 |
2471 p->cipher_type = AES_ICM; | 2733 p->cipher_type = SRTP_AES_ICM; |
2472 p->cipher_key_len = 46; | 2734 p->cipher_key_len = 46; |
2473 p->auth_type = HMAC_SHA1; | 2735 p->auth_type = SRTP_HMAC_SHA1; |
2474 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ | 2736 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ |
2475 p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ | 2737 p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ |
2476 p->sec_serv = sec_serv_conf_and_auth; | 2738 p->sec_serv = sec_serv_conf_and_auth; |
2477 } | 2739 } |
2478 | 2740 |
2479 /* | 2741 /* |
2480 * AES-256 with no authentication. | 2742 * AES-256 with no authentication. |
2481 */ | 2743 */ |
2482 void | 2744 void |
2483 crypto_policy_set_aes_cm_256_null_auth (crypto_policy_t *p) | 2745 srtp_crypto_policy_set_aes_cm_256_null_auth (srtp_crypto_policy_t *p) |
2484 { | 2746 { |
2485 p->cipher_type = AES_ICM; | 2747 p->cipher_type = SRTP_AES_ICM; |
2486 p->cipher_key_len = 46; | 2748 p->cipher_key_len = 46; |
2487 p->auth_type = NULL_AUTH; | 2749 p->auth_type = SRTP_NULL_AUTH; |
2488 p->auth_key_len = 0; | 2750 p->auth_key_len = 0; |
2489 p->auth_tag_len = 0; | 2751 p->auth_tag_len = 0; |
2490 p->sec_serv = sec_serv_conf; | 2752 p->sec_serv = sec_serv_conf; |
2491 } | 2753 } |
2492 | 2754 |
2493 #ifdef OPENSSL | 2755 #ifdef OPENSSL |
2494 /* | 2756 /* |
2495 * AES-128 GCM mode with 8 octet auth tag. | 2757 * AES-128 GCM mode with 8 octet auth tag. |
2496 */ | 2758 */ |
2497 void | 2759 void |
2498 crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p) { | 2760 srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p) { |
2499 p->cipher_type = AES_128_GCM; | 2761 p->cipher_type = SRTP_AES_128_GCM; |
2500 p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT; | 2762 p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT; |
2501 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ | 2763 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
|
2502 p->auth_key_len = 0; | 2764 p->auth_key_len = 0; |
2503 p->auth_tag_len = 8; /* 8 octet tag length */ | 2765 p->auth_tag_len = 8; /* 8 octet tag length */ |
2504 p->sec_serv = sec_serv_conf_and_auth; | 2766 p->sec_serv = sec_serv_conf_and_auth; |
2505 } | 2767 } |
2506 | 2768 |
2507 /* | 2769 /* |
2508 * AES-256 GCM mode with 8 octet auth tag. | 2770 * AES-256 GCM mode with 8 octet auth tag. |
2509 */ | 2771 */ |
2510 void | 2772 void |
2511 crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p) { | 2773 srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p) { |
2512 p->cipher_type = AES_256_GCM; | 2774 p->cipher_type = SRTP_AES_256_GCM; |
2513 p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT; | 2775 p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT; |
2514 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ | 2776 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ |
2515 p->auth_key_len = 0; | 2777 p->auth_key_len = 0; |
2516 p->auth_tag_len = 8; /* 8 octet tag length */ | 2778 p->auth_tag_len = 8; /* 8 octet tag length */ |
2517 p->sec_serv = sec_serv_conf_and_auth; | 2779 p->sec_serv = sec_serv_conf_and_auth; |
2518 } | 2780 } |
2519 | 2781 |
2520 /* | 2782 /* |
2521 * AES-128 GCM mode with 8 octet auth tag, no RTCP encryption. | 2783 * AES-128 GCM mode with 8 octet auth tag, no RTCP encryption. |
2522 */ | 2784 */ |
2523 void | 2785 void |
2524 crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p) { | 2786 srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p) { |
2525 p->cipher_type = AES_128_GCM; | 2787 p->cipher_type = SRTP_AES_128_GCM; |
2526 p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT; | 2788 p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT; |
2527 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ | 2789 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ |
2528 p->auth_key_len = 0; | 2790 p->auth_key_len = 0; |
2529 p->auth_tag_len = 8; /* 8 octet tag length */ | 2791 p->auth_tag_len = 8; /* 8 octet tag length */ |
2530 p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ | 2792 p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ |
2531 } | 2793 } |
2532 | 2794 |
2533 /* | 2795 /* |
2534 * AES-256 GCM mode with 8 octet auth tag, no RTCP encryption. | 2796 * AES-256 GCM mode with 8 octet auth tag, no RTCP encryption. |
2535 */ | 2797 */ |
2536 void | 2798 void |
2537 crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p) { | 2799 srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p) { |
2538 p->cipher_type = AES_256_GCM; | 2800 p->cipher_type = SRTP_AES_256_GCM; |
2539 p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT; | 2801 p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT; |
2540 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ | 2802 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ |
2541 p->auth_key_len = 0; | 2803 p->auth_key_len = 0; |
2542 p->auth_tag_len = 8; /* 8 octet tag length */ | 2804 p->auth_tag_len = 8; /* 8 octet tag length */ |
2543 p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ | 2805 p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ |
2544 } | 2806 } |
2545 | 2807 |
2546 /* | 2808 /* |
2547 * AES-128 GCM mode with 16 octet auth tag. | 2809 * AES-128 GCM mode with 16 octet auth tag. |
2548 */ | 2810 */ |
2549 void | 2811 void |
2550 crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p) { | 2812 srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p) { |
2551 p->cipher_type = AES_128_GCM; | 2813 p->cipher_type = SRTP_AES_128_GCM; |
2552 p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT; | 2814 p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT; |
2553 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ | 2815 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
|
2554 p->auth_key_len = 0; | 2816 p->auth_key_len = 0; |
2555 p->auth_tag_len = 16; /* 16 octet tag length */ | 2817 p->auth_tag_len = 16; /* 16 octet tag length */ |
2556 p->sec_serv = sec_serv_conf_and_auth; | 2818 p->sec_serv = sec_serv_conf_and_auth; |
2557 } | 2819 } |
2558 | 2820 |
2559 /* | 2821 /* |
2560 * AES-256 GCM mode with 16 octet auth tag. | 2822 * AES-256 GCM mode with 16 octet auth tag. |
2561 */ | 2823 */ |
2562 void | 2824 void |
2563 crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p) { | 2825 srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) { |
2564 p->cipher_type = AES_256_GCM; | 2826 p->cipher_type = SRTP_AES_256_GCM; |
2565 p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT; | 2827 p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT; |
2566 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ | 2828 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ |
2567 p->auth_key_len = 0; | 2829 p->auth_key_len = 0; |
2568 p->auth_tag_len = 16; /* 16 octet tag length */ | 2830 p->auth_tag_len = 16; /* 16 octet tag length */ |
2569 p->sec_serv = sec_serv_conf_and_auth; | 2831 p->sec_serv = sec_serv_conf_and_auth; |
2570 } | 2832 } |
2571 | 2833 |
2572 #endif | 2834 #endif |
2573 | 2835 |
2574 /* | 2836 /* |
2575 * secure rtcp functions | 2837 * secure rtcp functions |
2576 */ | 2838 */ |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2625 /* | 2887 /* |
2626 * Finally, apply the SALT to the input | 2888 * Finally, apply the SALT to the input |
2627 */ | 2889 */ |
2628 v128_xor(iv, &in, &salt); | 2890 v128_xor(iv, &in, &salt); |
2629 } | 2891 } |
2630 | 2892 |
2631 /* | 2893 /* |
2632 * This code handles AEAD ciphers for outgoing RTCP. We currently support | 2894 * This code handles AEAD ciphers for outgoing RTCP. We currently support |
2633 * AES-GCM mode with 128 or 256 bit keys. | 2895 * AES-GCM mode with 128 or 256 bit keys. |
2634 */ | 2896 */ |
2635 static err_status_t | 2897 static srtp_err_status_t |
2636 srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, | 2898 srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
2637 void *rtcp_hdr, unsigned int *pkt_octet_len) | 2899 void *rtcp_hdr, unsigned int *pkt_octet_len) |
2638 { | 2900 { |
2639 srtcp_hdr_t *hdr = (srtcp_hdr_t*)rtcp_hdr; | 2901 srtcp_hdr_t *hdr = (srtcp_hdr_t*)rtcp_hdr; |
2640 uint32_t *enc_start; /* pointer to start of encrypted portion */ | 2902 uint32_t *enc_start; /* pointer to start of encrypted portion */ |
2641 uint32_t *trailer; /* pointer to start of trailer */ | 2903 uint32_t *trailer; /* pointer to start of trailer */ |
2642 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ | 2904 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ |
2643 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ | 2905 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
2644 err_status_t status; | 2906 srtp_err_status_t status; |
2645 int tag_len; | 2907 uint32_t tag_len; |
2646 uint32_t seq_num; | 2908 uint32_t seq_num; |
2647 v128_t iv; | 2909 v128_t iv; |
2648 uint32_t tseq; | 2910 uint32_t tseq; |
2649 | 2911 |
2650 /* get tag length from stream context */ | 2912 /* get tag length from stream context */ |
2651 tag_len = auth_get_tag_length(stream->rtcp_auth); | 2913 tag_len = srtp_auth_get_tag_length(stream->rtcp_auth); |
2652 | 2914 |
2653 /* | 2915 /* |
2654 * set encryption start and encryption length - if we're not | 2916 * set encryption start and encryption length - if we're not |
2655 * providing confidentiality, set enc_start to NULL | 2917 * providing confidentiality, set enc_start to NULL |
2656 */ | 2918 */ |
2657 enc_start = (uint32_t*)hdr + uint32s_in_rtcp_header; | 2919 enc_start = (uint32_t*)hdr + uint32s_in_rtcp_header; |
2658 enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; | 2920 enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; |
2659 | 2921 |
2660 /* NOTE: hdr->length is not usable - it refers to only the first | 2922 /* NOTE: hdr->length is not usable - it refers to only the first |
2661 RTCP report in the compound packet! */ | 2923 RTCP report in the compound packet! */ |
(...skipping 15 matching lines...) Expand all Loading... |
2677 * the payload, but before the trailer | 2939 * the payload, but before the trailer |
2678 * (note that srtpc *always* provides authentication, unlike srtp) | 2940 * (note that srtpc *always* provides authentication, unlike srtp) |
2679 */ | 2941 */ |
2680 /* Note: This would need to change for optional mikey data */ | 2942 /* Note: This would need to change for optional mikey data */ |
2681 auth_tag = (uint8_t*)hdr + *pkt_octet_len; | 2943 auth_tag = (uint8_t*)hdr + *pkt_octet_len; |
2682 | 2944 |
2683 /* | 2945 /* |
2684 * check sequence number for overruns, and copy it into the packet | 2946 * check sequence number for overruns, and copy it into the packet |
2685 * if its value isn't too big | 2947 * if its value isn't too big |
2686 */ | 2948 */ |
2687 status = rdb_increment(&stream->rtcp_rdb); | 2949 status = srtp_rdb_increment(&stream->rtcp_rdb); |
2688 if (status) { | 2950 if (status) { |
2689 return status; | 2951 return status; |
2690 } | 2952 } |
2691 seq_num = rdb_get_value(&stream->rtcp_rdb); | 2953 seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); |
2692 *trailer |= htonl(seq_num); | 2954 *trailer |= htonl(seq_num); |
2693 debug_print(mod_srtp, "srtcp index: %x", seq_num); | 2955 debug_print(mod_srtp, "srtcp index: %x", seq_num); |
2694 | 2956 |
2695 /* | 2957 /* |
2696 * Calculating the IV and pass it down to the cipher | 2958 * Calculating the IV and pass it down to the cipher |
2697 */ | 2959 */ |
2698 srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr); | 2960 srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr); |
2699 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt); | 2961 status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_directi
on_encrypt); |
2700 if (status) { | 2962 if (status) { |
2701 return err_status_cipher_fail; | 2963 return srtp_err_status_cipher_fail; |
2702 } | 2964 } |
2703 | 2965 |
2704 /* | 2966 /* |
2705 * Set the AAD for GCM mode | 2967 * Set the AAD for GCM mode |
2706 */ | 2968 */ |
2707 if (enc_start) { | 2969 if (enc_start) { |
2708 /* | 2970 /* |
2709 * If payload encryption is enabled, then the AAD consist of | 2971 * If payload encryption is enabled, then the AAD consist of |
2710 * the RTCP header and the seq# at the end of the packet | 2972 * the RTCP header and the seq# at the end of the packet |
2711 */ | 2973 */ |
2712 » status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, | 2974 » status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, octets_
in_rtcp_header); |
2713 octets_in_rtcp_header); | |
2714 if (status) { | 2975 if (status) { |
2715 » return ( err_status_cipher_fail); | 2976 » return ( srtp_err_status_cipher_fail); |
2716 } | 2977 } |
2717 } else { | 2978 } else { |
2718 /* | 2979 /* |
2719 * Since payload encryption is not enabled, we must authenticate | 2980 * Since payload encryption is not enabled, we must authenticate |
2720 * the entire packet as described in section 10.3 in revision 07 | 2981 * the entire packet as described in section 10.3 in revision 07 |
2721 * of the draft. | 2982 * of the draft. |
2722 */ | 2983 */ |
2723 » status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, | 2984 » status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, *pkt_oc
tet_len); |
2724 *pkt_octet_len); | |
2725 if (status) { | 2985 if (status) { |
2726 » return ( err_status_cipher_fail); | 2986 » return ( srtp_err_status_cipher_fail); |
2727 } | 2987 } |
2728 } | 2988 } |
2729 /* | 2989 /* |
2730 * Process the sequence# as AAD | 2990 * Process the sequence# as AAD |
2731 */ | 2991 */ |
2732 tseq = *trailer; | 2992 tseq = *trailer; |
2733 status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq, | 2993 status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq, sizeof(sr
tcp_trailer_t)); |
2734 sizeof(srtcp_trailer_t)); | |
2735 if (status) { | 2994 if (status) { |
2736 return ( err_status_cipher_fail); | 2995 return ( srtp_err_status_cipher_fail); |
2737 } | 2996 } |
2738 | 2997 |
2739 /* if we're encrypting, exor keystream into the message */ | 2998 /* if we're encrypting, exor keystream into the message */ |
2740 if (enc_start) { | 2999 if (enc_start) { |
2741 status = cipher_encrypt(stream->rtcp_cipher, | 3000 status = srtp_cipher_encrypt(stream->rtcp_cipher, |
2742 (uint8_t*)enc_start, &enc_octet_len); | 3001 (uint8_t*)enc_start, &enc_octet_len); |
2743 if (status) { | 3002 if (status) { |
2744 return err_status_cipher_fail; | 3003 return srtp_err_status_cipher_fail; |
2745 } | 3004 } |
2746 /* | 3005 /* |
2747 * Get the tag and append that to the output | 3006 * Get the tag and append that to the output |
2748 */ | 3007 */ |
2749 » status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag, | 3008 » status = srtp_cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag, &t
ag_len); |
2750 &tag_len); | |
2751 if (status) { | 3009 if (status) { |
2752 » return ( err_status_cipher_fail); | 3010 » return ( srtp_err_status_cipher_fail); |
2753 } | 3011 } |
2754 enc_octet_len += tag_len; | 3012 enc_octet_len += tag_len; |
2755 } else { | 3013 } else { |
2756 /* | 3014 /* |
2757 * Even though we're not encrypting the payload, we need | 3015 * Even though we're not encrypting the payload, we need |
2758 * to run the cipher to get the auth tag. | 3016 * to run the cipher to get the auth tag. |
2759 */ | 3017 */ |
2760 unsigned int nolen = 0; | 3018 unsigned int nolen = 0; |
2761 status = cipher_encrypt(stream->rtcp_cipher, NULL, &nolen); | 3019 status = srtp_cipher_encrypt(stream->rtcp_cipher, NULL, &nolen); |
2762 if (status) { | 3020 if (status) { |
2763 return err_status_cipher_fail; | 3021 return srtp_err_status_cipher_fail; |
2764 } | 3022 } |
2765 /* | 3023 /* |
2766 * Get the tag and append that to the output | 3024 * Get the tag and append that to the output |
2767 */ | 3025 */ |
2768 » status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag, | 3026 » status = srtp_cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag, &t
ag_len); |
2769 &tag_len); | |
2770 if (status) { | 3027 if (status) { |
2771 » return ( err_status_cipher_fail); | 3028 » return ( srtp_err_status_cipher_fail); |
2772 } | 3029 } |
2773 enc_octet_len += tag_len; | 3030 enc_octet_len += tag_len; |
2774 } | 3031 } |
2775 | 3032 |
2776 /* increase the packet length by the length of the auth tag and seq_num*/ | 3033 /* increase the packet length by the length of the auth tag and seq_num*/ |
2777 *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); | 3034 *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); |
2778 | 3035 |
2779 return err_status_ok; | 3036 return srtp_err_status_ok; |
2780 } | 3037 } |
2781 | 3038 |
2782 /* | 3039 /* |
2783 * This function handles incoming SRTCP packets while in AEAD mode, | 3040 * This function handles incoming SRTCP packets while in AEAD mode, |
2784 * which currently supports AES-GCM encryption. Note, the auth tag is | 3041 * which currently supports AES-GCM encryption. Note, the auth tag is |
2785 * at the end of the packet stream and is automatically checked by GCM | 3042 * at the end of the packet stream and is automatically checked by GCM |
2786 * when decrypting the payload. | 3043 * when decrypting the payload. |
2787 */ | 3044 */ |
2788 static err_status_t | 3045 static srtp_err_status_t |
2789 srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, | 3046 srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
2790 void *srtcp_hdr, unsigned int *pkt_octet_len) | 3047 void *srtcp_hdr, unsigned int *pkt_octet_len) |
2791 { | 3048 { |
2792 srtcp_hdr_t *hdr = (srtcp_hdr_t*)srtcp_hdr; | 3049 srtcp_hdr_t *hdr = (srtcp_hdr_t*)srtcp_hdr; |
2793 uint32_t *enc_start; /* pointer to start of encrypted portion */ | 3050 uint32_t *enc_start; /* pointer to start of encrypted portion */ |
2794 uint32_t *trailer; /* pointer to start of trailer */ | 3051 uint32_t *trailer; /* pointer to start of trailer */ |
2795 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ | 3052 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ |
2796 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ | 3053 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
2797 err_status_t status; | 3054 srtp_err_status_t status; |
2798 int tag_len; | 3055 int tag_len; |
2799 unsigned int tmp_len; | 3056 unsigned int tmp_len; |
2800 uint32_t seq_num; | 3057 uint32_t seq_num; |
2801 v128_t iv; | 3058 v128_t iv; |
2802 uint32_t tseq; | 3059 uint32_t tseq; |
2803 | 3060 |
2804 /* get tag length from stream context */ | 3061 /* get tag length from stream context */ |
2805 tag_len = auth_get_tag_length(stream->rtcp_auth); | 3062 tag_len = srtp_auth_get_tag_length(stream->rtcp_auth); |
2806 | 3063 |
2807 /* | 3064 /* |
2808 * set encryption start, encryption length, and trailer | 3065 * set encryption start, encryption length, and trailer |
2809 */ | 3066 */ |
2810 /* index & E (encryption) bit follow normal data. hdr->len | 3067 /* index & E (encryption) bit follow normal data. hdr->len |
2811 is the number of words (32-bit) in the normal packet minus 1 */ | 3068 is the number of words (32-bit) in the normal packet minus 1 */ |
2812 /* This should point trailer to the word past the end of the | 3069 /* This should point trailer to the word past the end of the |
2813 normal data. */ | 3070 normal data. */ |
2814 /* This would need to be modified for optional mikey data */ | 3071 /* This would need to be modified for optional mikey data */ |
2815 /* | 3072 /* |
(...skipping 14 matching lines...) Expand all Loading... |
2830 enc_octet_len = 0; | 3087 enc_octet_len = 0; |
2831 enc_start = NULL; /* this indicates that there's no encryption */ | 3088 enc_start = NULL; /* this indicates that there's no encryption */ |
2832 } | 3089 } |
2833 | 3090 |
2834 /* | 3091 /* |
2835 * check the sequence number for replays | 3092 * check the sequence number for replays |
2836 */ | 3093 */ |
2837 /* this is easier than dealing with bitfield access */ | 3094 /* this is easier than dealing with bitfield access */ |
2838 seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; | 3095 seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; |
2839 debug_print(mod_srtp, "srtcp index: %x", seq_num); | 3096 debug_print(mod_srtp, "srtcp index: %x", seq_num); |
2840 status = rdb_check(&stream->rtcp_rdb, seq_num); | 3097 status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); |
2841 if (status) { | 3098 if (status) { |
2842 return status; | 3099 return status; |
2843 } | 3100 } |
2844 | 3101 |
2845 /* | 3102 /* |
2846 * Calculate and set the IV | 3103 * Calculate and set the IV |
2847 */ | 3104 */ |
2848 srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr); | 3105 srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr); |
2849 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt); | 3106 status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_directi
on_decrypt); |
2850 if (status) { | 3107 if (status) { |
2851 return err_status_cipher_fail; | 3108 return srtp_err_status_cipher_fail; |
2852 } | 3109 } |
2853 | 3110 |
2854 /* | 3111 /* |
2855 * Set the AAD for GCM mode | 3112 * Set the AAD for GCM mode |
2856 */ | 3113 */ |
2857 if (enc_start) { | 3114 if (enc_start) { |
2858 /* | 3115 /* |
2859 * If payload encryption is enabled, then the AAD consist of | 3116 * If payload encryption is enabled, then the AAD consist of |
2860 * the RTCP header and the seq# at the end of the packet | 3117 * the RTCP header and the seq# at the end of the packet |
2861 */ | 3118 */ |
2862 » status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, | 3119 » status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, octets_
in_rtcp_header); |
2863 octets_in_rtcp_header); | |
2864 if (status) { | 3120 if (status) { |
2865 » return ( err_status_cipher_fail); | 3121 » return ( srtp_err_status_cipher_fail); |
2866 } | 3122 } |
2867 } else { | 3123 } else { |
2868 /* | 3124 /* |
2869 * Since payload encryption is not enabled, we must authenticate | 3125 * Since payload encryption is not enabled, we must authenticate |
2870 * the entire packet as described in section 10.3 in revision 07 | 3126 * the entire packet as described in section 10.3 in revision 07 |
2871 * of the draft. | 3127 * of the draft. |
2872 */ | 3128 */ |
2873 » status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, | 3129 » status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, |
2874 » » » (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_
t))); | 3130 » » » (*pkt_octet_len - tag_len - sizeof(srtcp_tra
iler_t))); |
2875 if (status) { | 3131 if (status) { |
2876 » return ( err_status_cipher_fail); | 3132 » return ( srtp_err_status_cipher_fail); |
2877 } | 3133 } |
2878 } | 3134 } |
2879 | 3135 |
2880 /* | 3136 /* |
2881 * Process the sequence# as AAD | 3137 * Process the sequence# as AAD |
2882 */ | 3138 */ |
2883 tseq = *trailer; | 3139 tseq = *trailer; |
2884 status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq, | 3140 status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq, sizeof(sr
tcp_trailer_t)); |
2885 sizeof(srtcp_trailer_t)); | |
2886 if (status) { | 3141 if (status) { |
2887 » return ( err_status_cipher_fail); | 3142 » return ( srtp_err_status_cipher_fail); |
2888 } | 3143 } |
2889 | 3144 |
2890 /* if we're decrypting, exor keystream into the message */ | 3145 /* if we're decrypting, exor keystream into the message */ |
2891 if (enc_start) { | 3146 if (enc_start) { |
2892 status = cipher_decrypt(stream->rtcp_cipher, | 3147 status = srtp_cipher_decrypt(stream->rtcp_cipher, (uint8_t*)enc_start, &
enc_octet_len); |
2893 (uint8_t*)enc_start, &enc_octet_len); | |
2894 if (status) { | 3148 if (status) { |
2895 return status; | 3149 return status; |
2896 } | 3150 } |
2897 } else { | 3151 } else { |
2898 /* | 3152 /* |
2899 * Still need to run the cipher to check the tag | 3153 * Still need to run the cipher to check the tag |
2900 */ | 3154 */ |
2901 tmp_len = tag_len; | 3155 tmp_len = tag_len; |
2902 status = cipher_decrypt(stream->rtcp_cipher, (uint8_t*)auth_tag, | 3156 status = srtp_cipher_decrypt(stream->rtcp_cipher, (uint8_t*)auth_tag, &t
mp_len); |
2903 &tmp_len); | |
2904 if (status) { | 3157 if (status) { |
2905 return status; | 3158 return status; |
2906 } | 3159 } |
2907 } | 3160 } |
2908 | 3161 |
2909 /* decrease the packet length by the length of the auth tag and seq_num*/ | 3162 /* decrease the packet length by the length of the auth tag and seq_num*/ |
2910 *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t)); | 3163 *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t)); |
2911 | 3164 |
2912 /* | 3165 /* |
2913 * verify that stream is for received traffic - this check will | 3166 * verify that stream is for received traffic - this check will |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2949 | 3202 |
2950 /* add new stream to the head of the stream_list */ | 3203 /* add new stream to the head of the stream_list */ |
2951 new_stream->next = ctx->stream_list; | 3204 new_stream->next = ctx->stream_list; |
2952 ctx->stream_list = new_stream; | 3205 ctx->stream_list = new_stream; |
2953 | 3206 |
2954 /* set stream (the pointer used in this function) */ | 3207 /* set stream (the pointer used in this function) */ |
2955 stream = new_stream; | 3208 stream = new_stream; |
2956 } | 3209 } |
2957 | 3210 |
2958 /* we've passed the authentication check, so add seq_num to the rdb */ | 3211 /* we've passed the authentication check, so add seq_num to the rdb */ |
2959 rdb_add_index(&stream->rtcp_rdb, seq_num); | 3212 srtp_rdb_add_index(&stream->rtcp_rdb, seq_num); |
2960 | 3213 |
2961 return err_status_ok; | 3214 return srtp_err_status_ok; |
2962 } | 3215 } |
2963 | 3216 |
2964 err_status_t | 3217 srtp_err_status_t |
2965 srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { | 3218 srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { |
2966 srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; | 3219 srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; |
2967 uint32_t *enc_start; /* pointer to start of encrypted portion */ | 3220 uint32_t *enc_start; /* pointer to start of encrypted portion */ |
2968 uint32_t *auth_start; /* pointer to start of auth. portion */ | 3221 uint32_t *auth_start; /* pointer to start of auth. portion */ |
2969 uint32_t *trailer; /* pointer to start of trailer */ | 3222 uint32_t *trailer; /* pointer to start of trailer */ |
2970 unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ | 3223 unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ |
2971 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ | 3224 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
2972 err_status_t status; | 3225 srtp_err_status_t status; |
2973 int tag_len; | 3226 int tag_len; |
2974 srtp_stream_ctx_t *stream; | 3227 srtp_stream_ctx_t *stream; |
2975 int prefix_len; | 3228 uint32_t prefix_len; |
2976 uint32_t seq_num; | 3229 uint32_t seq_num; |
2977 | 3230 |
2978 /* we assume the hdr is 32-bit aligned to start */ | 3231 /* we assume the hdr is 32-bit aligned to start */ |
2979 | 3232 |
2980 /* check the packet length - it must at least contain a full header */ | 3233 /* check the packet length - it must at least contain a full header */ |
2981 if (*pkt_octet_len < octets_in_rtcp_header) | 3234 if (*pkt_octet_len < octets_in_rtcp_header) |
2982 return err_status_bad_param; | 3235 return srtp_err_status_bad_param; |
2983 | 3236 |
2984 /* | 3237 /* |
2985 * look up ssrc in srtp_stream list, and process the packet with | 3238 * look up ssrc in srtp_stream list, and process the packet with |
2986 * the appropriate stream. if we haven't seen this stream before, | 3239 * the appropriate stream. if we haven't seen this stream before, |
2987 * there's only one key for this srtp_session, and the cipher | 3240 * there's only one key for this srtp_session, and the cipher |
2988 * supports key-sharing, then we assume that a new stream using | 3241 * supports key-sharing, then we assume that a new stream using |
2989 * that key has just started up | 3242 * that key has just started up |
2990 */ | 3243 */ |
2991 stream = srtp_get_stream(ctx, hdr->ssrc); | 3244 stream = srtp_get_stream(ctx, hdr->ssrc); |
2992 if (stream == NULL) { | 3245 if (stream == NULL) { |
2993 if (ctx->stream_template != NULL) { | 3246 if (ctx->stream_template != NULL) { |
2994 srtp_stream_ctx_t *new_stream; | 3247 srtp_stream_ctx_t *new_stream; |
2995 | 3248 |
2996 /* allocate and initialize a new stream */ | 3249 /* allocate and initialize a new stream */ |
2997 status = srtp_stream_clone(ctx->stream_template, | 3250 status = srtp_stream_clone(ctx->stream_template, |
2998 hdr->ssrc, &new_stream); | 3251 hdr->ssrc, &new_stream); |
2999 if (status) | 3252 if (status) |
3000 return status; | 3253 return status; |
3001 | 3254 |
3002 /* add new stream to the head of the stream_list */ | 3255 /* add new stream to the head of the stream_list */ |
3003 new_stream->next = ctx->stream_list; | 3256 new_stream->next = ctx->stream_list; |
3004 ctx->stream_list = new_stream; | 3257 ctx->stream_list = new_stream; |
3005 | 3258 |
3006 /* set stream (the pointer used in this function) */ | 3259 /* set stream (the pointer used in this function) */ |
3007 stream = new_stream; | 3260 stream = new_stream; |
3008 } else { | 3261 } else { |
3009 /* no template stream, so we return an error */ | 3262 /* no template stream, so we return an error */ |
3010 return err_status_no_ctx; | 3263 return srtp_err_status_no_ctx; |
3011 } | 3264 } |
3012 } | 3265 } |
3013 | 3266 |
3014 /* | 3267 /* |
3015 * verify that stream is for sending traffic - this check will | 3268 * verify that stream is for sending traffic - this check will |
3016 * detect SSRC collisions, since a stream that appears in both | 3269 * detect SSRC collisions, since a stream that appears in both |
3017 * srtp_protect() and srtp_unprotect() will fail this test in one of | 3270 * srtp_protect() and srtp_unprotect() will fail this test in one of |
3018 * those functions. | 3271 * those functions. |
3019 */ | 3272 */ |
3020 if (stream->direction != dir_srtp_sender) { | 3273 if (stream->direction != dir_srtp_sender) { |
3021 if (stream->direction == dir_unknown) { | 3274 if (stream->direction == dir_unknown) { |
3022 stream->direction = dir_srtp_sender; | 3275 stream->direction = dir_srtp_sender; |
3023 } else { | 3276 } else { |
3024 srtp_handle_event(ctx, stream, event_ssrc_collision); | 3277 srtp_handle_event(ctx, stream, event_ssrc_collision); |
3025 } | 3278 } |
3026 } | 3279 } |
3027 | 3280 |
3028 /* | 3281 /* |
3029 * Check if this is an AEAD stream (GCM mode). If so, then dispatch | 3282 * Check if this is an AEAD stream (GCM mode). If so, then dispatch |
3030 * the request to our AEAD handler. | 3283 * the request to our AEAD handler. |
3031 */ | 3284 */ |
3032 if (stream->rtp_cipher->algorithm == AES_128_GCM || | 3285 if (stream->rtp_cipher->algorithm == SRTP_AES_128_GCM || |
3033 stream->rtp_cipher->algorithm == AES_256_GCM) { | 3286 stream->rtp_cipher->algorithm == SRTP_AES_256_GCM) { |
3034 return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, (unsigned int*)pkt_oc
tet_len); | 3287 return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, (unsigned int*)pkt_oc
tet_len); |
3035 } | 3288 } |
3036 | 3289 |
3037 /* get tag length from stream context */ | 3290 /* get tag length from stream context */ |
3038 tag_len = auth_get_tag_length(stream->rtcp_auth); | 3291 tag_len = srtp_auth_get_tag_length(stream->rtcp_auth); |
3039 | 3292 |
3040 /* | 3293 /* |
3041 * set encryption start and encryption length - if we're not | 3294 * set encryption start and encryption length - if we're not |
3042 * providing confidentiality, set enc_start to NULL | 3295 * providing confidentiality, set enc_start to NULL |
3043 */ | 3296 */ |
3044 enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; | 3297 enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; |
3045 enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; | 3298 enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; |
3046 | 3299 |
3047 /* all of the packet, except the header, gets encrypted */ | 3300 /* all of the packet, except the header, gets encrypted */ |
3048 /* NOTE: hdr->length is not usable - it refers to only the first | 3301 /* NOTE: hdr->length is not usable - it refers to only the first |
(...skipping 13 matching lines...) Expand all Loading... |
3062 | 3315 |
3063 /* | 3316 /* |
3064 * set the auth_start and auth_tag pointers to the proper locations | 3317 * set the auth_start and auth_tag pointers to the proper locations |
3065 * (note that srtpc *always* provides authentication, unlike srtp) | 3318 * (note that srtpc *always* provides authentication, unlike srtp) |
3066 */ | 3319 */ |
3067 /* Note: This would need to change for optional mikey data */ | 3320 /* Note: This would need to change for optional mikey data */ |
3068 auth_start = (uint32_t *)hdr; | 3321 auth_start = (uint32_t *)hdr; |
3069 auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t); | 3322 auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t); |
3070 | 3323 |
3071 /* perform EKT processing if needed */ | 3324 /* perform EKT processing if needed */ |
3072 ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len, | 3325 srtp_ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len, |
3073 » » rdbx_get_packet_index(&stream->rtp_rdbx)); | 3326 » » srtp_rdbx_get_packet_index(&stream->rtp_rdbx)); |
3074 | 3327 |
3075 /* | 3328 /* |
3076 * check sequence number for overruns, and copy it into the packet | 3329 * check sequence number for overruns, and copy it into the packet |
3077 * if its value isn't too big | 3330 * if its value isn't too big |
3078 */ | 3331 */ |
3079 status = rdb_increment(&stream->rtcp_rdb); | 3332 status = srtp_rdb_increment(&stream->rtcp_rdb); |
3080 if (status) | 3333 if (status) |
3081 return status; | 3334 return status; |
3082 seq_num = rdb_get_value(&stream->rtcp_rdb); | 3335 seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); |
3083 *trailer |= htonl(seq_num); | 3336 *trailer |= htonl(seq_num); |
3084 debug_print(mod_srtp, "srtcp index: %x", seq_num); | 3337 debug_print(mod_srtp, "srtcp index: %x", seq_num); |
3085 | 3338 |
3086 /* | 3339 /* |
3087 * if we're using rindael counter mode, set nonce and seq | 3340 * if we're using rindael counter mode, set nonce and seq |
3088 */ | 3341 */ |
3089 if (stream->rtcp_cipher->type->id == AES_ICM) { | 3342 if (stream->rtcp_cipher->type->id == SRTP_AES_ICM) { |
3090 v128_t iv; | 3343 v128_t iv; |
3091 | 3344 |
3092 iv.v32[0] = 0; | 3345 iv.v32[0] = 0; |
3093 iv.v32[1] = hdr->ssrc; /* still in network order! */ | 3346 iv.v32[1] = hdr->ssrc; /* still in network order! */ |
3094 iv.v32[2] = htonl(seq_num >> 16); | 3347 iv.v32[2] = htonl(seq_num >> 16); |
3095 iv.v32[3] = htonl(seq_num << 16); | 3348 iv.v32[3] = htonl(seq_num << 16); |
3096 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt); | 3349 status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_directi
on_encrypt); |
3097 | 3350 |
3098 } else { | 3351 } else { |
3099 v128_t iv; | 3352 v128_t iv; |
3100 | 3353 |
3101 /* otherwise, just set the index to seq_num */ | 3354 /* otherwise, just set the index to seq_num */ |
3102 iv.v32[0] = 0; | 3355 iv.v32[0] = 0; |
3103 iv.v32[1] = 0; | 3356 iv.v32[1] = 0; |
3104 iv.v32[2] = 0; | 3357 iv.v32[2] = 0; |
3105 iv.v32[3] = htonl(seq_num); | 3358 iv.v32[3] = htonl(seq_num); |
3106 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt); | 3359 status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_directi
on_encrypt); |
3107 } | 3360 } |
3108 if (status) | 3361 if (status) |
3109 return err_status_cipher_fail; | 3362 return srtp_err_status_cipher_fail; |
3110 | 3363 |
3111 /* | 3364 /* |
3112 * if we're authenticating using a universal hash, put the keystream | 3365 * if we're authenticating using a universal hash, put the keystream |
3113 * prefix into the authentication tag | 3366 * prefix into the authentication tag |
3114 */ | 3367 */ |
3115 | 3368 |
3116 /* if auth_start is non-null, then put keystream into tag */ | 3369 /* if auth_start is non-null, then put keystream into tag */ |
3117 if (auth_start) { | 3370 if (auth_start) { |
3118 | 3371 |
3119 /* put keystream prefix into auth_tag */ | 3372 /* put keystream prefix into auth_tag */ |
3120 prefix_len = auth_get_prefix_length(stream->rtcp_auth); | 3373 prefix_len = srtp_auth_get_prefix_length(stream->rtcp_auth); |
3121 status = cipher_output(stream->rtcp_cipher, auth_tag, prefix_len); | 3374 status = srtp_cipher_output(stream->rtcp_cipher, auth_tag, &prefix_len); |
3122 | 3375 |
3123 debug_print(mod_srtp, "keystream prefix: %s", | 3376 debug_print(mod_srtp, "keystream prefix: %s", |
3124 » » octet_string_hex_string(auth_tag, prefix_len)); | 3377 » » srtp_octet_string_hex_string(auth_tag, prefix_len)); |
3125 | 3378 |
3126 if (status) | 3379 if (status) |
3127 return err_status_cipher_fail; | 3380 return srtp_err_status_cipher_fail; |
3128 } | 3381 } |
3129 | 3382 |
3130 /* if we're encrypting, exor keystream into the message */ | 3383 /* if we're encrypting, exor keystream into the message */ |
3131 if (enc_start) { | 3384 if (enc_start) { |
3132 status = cipher_encrypt(stream->rtcp_cipher, | 3385 status = srtp_cipher_encrypt(stream->rtcp_cipher, |
3133 » » » (uint8_t *)enc_start, &enc_octet_len); | 3386 » » » (uint8_t *)enc_start, &enc_octet_len); |
3134 if (status) | 3387 if (status) |
3135 return err_status_cipher_fail; | 3388 return srtp_err_status_cipher_fail; |
3136 } | 3389 } |
3137 | 3390 |
3138 /* initialize auth func context */ | 3391 /* initialize auth func context */ |
3139 auth_start(stream->rtcp_auth); | 3392 srtp_auth_start(stream->rtcp_auth); |
3140 | 3393 |
3141 /* | 3394 /* |
3142 * run auth func over packet (including trailer), and write the | 3395 * run auth func over packet (including trailer), and write the |
3143 * result at auth_tag | 3396 * result at auth_tag |
3144 */ | 3397 */ |
3145 status = auth_compute(stream->rtcp_auth, | 3398 status = srtp_auth_compute(stream->rtcp_auth, |
3146 (uint8_t *)auth_start, | 3399 (uint8_t *)auth_start, |
3147 (*pkt_octet_len) + sizeof(srtcp_trailer_t), | 3400 (*pkt_octet_len) + sizeof(srtcp_trailer_t), |
3148 auth_tag); | 3401 auth_tag); |
3149 debug_print(mod_srtp, "srtcp auth tag: %s", | 3402 debug_print(mod_srtp, "srtcp auth tag: %s", |
3150 » octet_string_hex_string(auth_tag, tag_len)); | 3403 » srtp_octet_string_hex_string(auth_tag, tag_len)); |
3151 if (status) | 3404 if (status) |
3152 return err_status_auth_fail; | 3405 return srtp_err_status_auth_fail; |
3153 | 3406 |
3154 /* increase the packet length by the length of the auth tag and seq_num*/ | 3407 /* increase the packet length by the length of the auth tag and seq_num*/ |
3155 *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); | 3408 *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); |
3156 | 3409 |
3157 return err_status_ok; | 3410 return srtp_err_status_ok; |
3158 } | 3411 } |
3159 | 3412 |
3160 | 3413 |
3161 err_status_t | 3414 srtp_err_status_t |
3162 srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { | 3415 srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
3163 srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; | 3416 srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; |
3164 uint32_t *enc_start; /* pointer to start of encrypted portion */ | 3417 uint32_t *enc_start; /* pointer to start of encrypted portion */ |
3165 uint32_t *auth_start; /* pointer to start of auth. portion */ | 3418 uint32_t *auth_start; /* pointer to start of auth. portion */ |
3166 uint32_t *trailer; /* pointer to start of trailer */ | 3419 uint32_t *trailer; /* pointer to start of trailer */ |
3167 unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ | 3420 unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ |
3168 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ | 3421 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
3169 uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; | 3422 uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; |
3170 uint8_t tag_copy[SRTP_MAX_TAG_LEN]; | 3423 uint8_t tag_copy[SRTP_MAX_TAG_LEN]; |
3171 err_status_t status; | 3424 srtp_err_status_t status; |
3172 unsigned int auth_len; | 3425 unsigned int auth_len; |
3173 int tag_len; | 3426 int tag_len; |
3174 srtp_stream_ctx_t *stream; | 3427 srtp_stream_ctx_t *stream; |
3175 int prefix_len; | 3428 uint32_t prefix_len; |
3176 uint32_t seq_num; | 3429 uint32_t seq_num; |
3177 int e_bit_in_packet; /* whether the E-bit was found in the packet */ | 3430 int e_bit_in_packet; /* whether the E-bit was found in the packet */ |
3178 int sec_serv_confidentiality; /* whether confidentiality was requested */ | 3431 int sec_serv_confidentiality; /* whether confidentiality was requested */ |
3179 | 3432 |
3180 /* we assume the hdr is 32-bit aligned to start */ | 3433 /* we assume the hdr is 32-bit aligned to start */ |
3181 | 3434 |
3182 /* check that the length value is sane; we'll check again once we | 3435 /* check that the length value is sane; we'll check again once we |
3183 know the tag length, but we at least want to know that it is | 3436 know the tag length, but we at least want to know that it is |
3184 a positive value */ | 3437 a positive value */ |
3185 if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t)) | 3438 if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t)) |
3186 return err_status_bad_param; | 3439 return srtp_err_status_bad_param; |
3187 | 3440 |
3188 /* | 3441 /* |
3189 * look up ssrc in srtp_stream list, and process the packet with | 3442 * look up ssrc in srtp_stream list, and process the packet with |
3190 * the appropriate stream. if we haven't seen this stream before, | 3443 * the appropriate stream. if we haven't seen this stream before, |
3191 * there's only one key for this srtp_session, and the cipher | 3444 * there's only one key for this srtp_session, and the cipher |
3192 * supports key-sharing, then we assume that a new stream using | 3445 * supports key-sharing, then we assume that a new stream using |
3193 * that key has just started up | 3446 * that key has just started up |
3194 */ | 3447 */ |
3195 stream = srtp_get_stream(ctx, hdr->ssrc); | 3448 stream = srtp_get_stream(ctx, hdr->ssrc); |
3196 if (stream == NULL) { | 3449 if (stream == NULL) { |
(...skipping 10 matching lines...) Expand all Loading... |
3207 * stream should not be accepted until and unless the packet | 3460 * stream should not be accepted until and unless the packet |
3208 * passes its authentication check | 3461 * passes its authentication check |
3209 */ | 3462 */ |
3210 if (stream->ekt != NULL) { | 3463 if (stream->ekt != NULL) { |
3211 status = srtp_stream_init_from_ekt(stream, srtcp_hdr, *pkt_octet_len); | 3464 status = srtp_stream_init_from_ekt(stream, srtcp_hdr, *pkt_octet_len); |
3212 if (status) | 3465 if (status) |
3213 return status; | 3466 return status; |
3214 } | 3467 } |
3215 | 3468 |
3216 debug_print(mod_srtp, "srtcp using provisional stream (SSRC: 0x%08x)", | 3469 debug_print(mod_srtp, "srtcp using provisional stream (SSRC: 0x%08x)", |
3217 » » hdr->ssrc); | 3470 » » ntohl(hdr->ssrc)); |
3218 } else { | 3471 } else { |
3219 /* no template stream, so we return an error */ | 3472 /* no template stream, so we return an error */ |
3220 return err_status_no_ctx; | 3473 return srtp_err_status_no_ctx; |
3221 } | 3474 } |
3222 } | 3475 } |
3223 | 3476 |
3224 /* get tag length from stream context */ | 3477 /* get tag length from stream context */ |
3225 tag_len = auth_get_tag_length(stream->rtcp_auth); | 3478 tag_len = srtp_auth_get_tag_length(stream->rtcp_auth); |
3226 | 3479 |
3227 /* check the packet length - it must contain at least a full RTCP | 3480 /* check the packet length - it must contain at least a full RTCP |
3228 header, an auth tag (if applicable), and the SRTCP encrypted flag | 3481 header, an auth tag (if applicable), and the SRTCP encrypted flag |
3229 and 31-bit index value */ | 3482 and 31-bit index value */ |
3230 if (*pkt_octet_len < (int) (octets_in_rtcp_header + tag_len + sizeof(srtcp_tra
iler_t))) { | 3483 if (*pkt_octet_len < (int) (octets_in_rtcp_header + tag_len + sizeof(srtcp_tra
iler_t))) { |
3231 return err_status_bad_param; | 3484 return srtp_err_status_bad_param; |
3232 } | 3485 } |
3233 | 3486 |
3234 /* | 3487 /* |
3235 * Check if this is an AEAD stream (GCM mode). If so, then dispatch | 3488 * Check if this is an AEAD stream (GCM mode). If so, then dispatch |
3236 * the request to our AEAD handler. | 3489 * the request to our AEAD handler. |
3237 */ | 3490 */ |
3238 if (stream->rtp_cipher->algorithm == AES_128_GCM || | 3491 if (stream->rtp_cipher->algorithm == SRTP_AES_128_GCM || |
3239 stream->rtp_cipher->algorithm == AES_256_GCM) { | 3492 stream->rtp_cipher->algorithm == SRTP_AES_256_GCM) { |
3240 return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, (unsigned int*)pkt
_octet_len); | 3493 return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, (unsigned int*)pkt
_octet_len); |
3241 } | 3494 } |
3242 | 3495 |
3243 sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf || | 3496 sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf || |
3244 stream->rtcp_services == sec_serv_conf_and_auth; | 3497 stream->rtcp_services == sec_serv_conf_and_auth; |
3245 | 3498 |
3246 /* | 3499 /* |
3247 * set encryption start, encryption length, and trailer | 3500 * set encryption start, encryption length, and trailer |
3248 */ | 3501 */ |
3249 enc_octet_len = *pkt_octet_len - | 3502 enc_octet_len = *pkt_octet_len - |
3250 (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t)); | 3503 (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t)); |
3251 /* index & E (encryption) bit follow normal data. hdr->len | 3504 /* index & E (encryption) bit follow normal data. hdr->len |
3252 is the number of words (32-bit) in the normal packet minus 1 */ | 3505 is the number of words (32-bit) in the normal packet minus 1 */ |
3253 /* This should point trailer to the word past the end of the | 3506 /* This should point trailer to the word past the end of the |
3254 normal data. */ | 3507 normal data. */ |
3255 /* This would need to be modified for optional mikey data */ | 3508 /* This would need to be modified for optional mikey data */ |
3256 /* | 3509 /* |
3257 * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always | 3510 * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always |
3258 * multiples of 32-bits (RFC 3550 6.1) | 3511 * multiples of 32-bits (RFC 3550 6.1) |
3259 */ | 3512 */ |
3260 trailer = (uint32_t *) ((char *) hdr + | 3513 trailer = (uint32_t *) ((char *) hdr + |
3261 *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t))); | 3514 *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t))); |
3262 e_bit_in_packet = | 3515 e_bit_in_packet = |
3263 (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT; | 3516 (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT; |
3264 if (e_bit_in_packet != sec_serv_confidentiality) { | 3517 if (e_bit_in_packet != sec_serv_confidentiality) { |
3265 return err_status_cant_check; | 3518 return srtp_err_status_cant_check; |
3266 } | 3519 } |
3267 if (sec_serv_confidentiality) { | 3520 if (sec_serv_confidentiality) { |
3268 enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; | 3521 enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; |
3269 } else { | 3522 } else { |
3270 enc_octet_len = 0; | 3523 enc_octet_len = 0; |
3271 enc_start = NULL; /* this indicates that there's no encryption */ | 3524 enc_start = NULL; /* this indicates that there's no encryption */ |
3272 } | 3525 } |
3273 | 3526 |
3274 /* | 3527 /* |
3275 * set the auth_start and auth_tag pointers to the proper locations | 3528 * set the auth_start and auth_tag pointers to the proper locations |
3276 * (note that srtcp *always* uses authentication, unlike srtp) | 3529 * (note that srtcp *always* uses authentication, unlike srtp) |
3277 */ | 3530 */ |
3278 auth_start = (uint32_t *)hdr; | 3531 auth_start = (uint32_t *)hdr; |
3279 auth_len = *pkt_octet_len - tag_len; | 3532 auth_len = *pkt_octet_len - tag_len; |
3280 auth_tag = (uint8_t *)hdr + auth_len; | 3533 auth_tag = (uint8_t *)hdr + auth_len; |
3281 | 3534 |
3282 /* | 3535 /* |
3283 * if EKT is in use, then we make a copy of the tag from the packet, | 3536 * if EKT is in use, then we make a copy of the tag from the packet, |
3284 * and then zeroize the location of the base tag | 3537 * and then zeroize the location of the base tag |
3285 * | 3538 * |
3286 * we first re-position the auth_tag pointer so that it points to | 3539 * we first re-position the auth_tag pointer so that it points to |
3287 * the base tag | 3540 * the base tag |
3288 */ | 3541 */ |
3289 if (stream->ekt) { | 3542 if (stream->ekt) { |
3290 auth_tag -= ekt_octets_after_base_tag(stream->ekt); | 3543 auth_tag -= srtp_ekt_octets_after_base_tag(stream->ekt); |
3291 memcpy(tag_copy, auth_tag, tag_len); | 3544 memcpy(tag_copy, auth_tag, tag_len); |
3292 octet_string_set_to_zero(auth_tag, tag_len); | 3545 octet_string_set_to_zero(auth_tag, tag_len); |
3293 auth_tag = tag_copy; | 3546 auth_tag = tag_copy; |
3294 auth_len += tag_len; | 3547 auth_len += tag_len; |
3295 } | 3548 } |
3296 | 3549 |
3297 /* | 3550 /* |
3298 * check the sequence number for replays | 3551 * check the sequence number for replays |
3299 */ | 3552 */ |
3300 /* this is easier than dealing with bitfield access */ | 3553 /* this is easier than dealing with bitfield access */ |
3301 seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; | 3554 seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; |
3302 debug_print(mod_srtp, "srtcp index: %x", seq_num); | 3555 debug_print(mod_srtp, "srtcp index: %x", seq_num); |
3303 status = rdb_check(&stream->rtcp_rdb, seq_num); | 3556 status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); |
3304 if (status) | 3557 if (status) |
3305 return status; | 3558 return status; |
3306 | 3559 |
3307 /* | 3560 /* |
3308 * if we're using aes counter mode, set nonce and seq | 3561 * if we're using aes counter mode, set nonce and seq |
3309 */ | 3562 */ |
3310 if (stream->rtcp_cipher->type->id == AES_ICM) { | 3563 if (stream->rtcp_cipher->type->id == SRTP_AES_ICM) { |
3311 v128_t iv; | 3564 v128_t iv; |
3312 | 3565 |
3313 iv.v32[0] = 0; | 3566 iv.v32[0] = 0; |
3314 iv.v32[1] = hdr->ssrc; /* still in network order! */ | 3567 iv.v32[1] = hdr->ssrc; /* still in network order! */ |
3315 iv.v32[2] = htonl(seq_num >> 16); | 3568 iv.v32[2] = htonl(seq_num >> 16); |
3316 iv.v32[3] = htonl(seq_num << 16); | 3569 iv.v32[3] = htonl(seq_num << 16); |
3317 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt); | 3570 status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_directi
on_decrypt); |
3318 | 3571 |
3319 } else { | 3572 } else { |
3320 v128_t iv; | 3573 v128_t iv; |
3321 | 3574 |
3322 /* otherwise, just set the index to seq_num */ | 3575 /* otherwise, just set the index to seq_num */ |
3323 iv.v32[0] = 0; | 3576 iv.v32[0] = 0; |
3324 iv.v32[1] = 0; | 3577 iv.v32[1] = 0; |
3325 iv.v32[2] = 0; | 3578 iv.v32[2] = 0; |
3326 iv.v32[3] = htonl(seq_num); | 3579 iv.v32[3] = htonl(seq_num); |
3327 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt); | 3580 status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_directi
on_decrypt); |
3328 | 3581 |
3329 } | 3582 } |
3330 if (status) | 3583 if (status) |
3331 return err_status_cipher_fail; | 3584 return srtp_err_status_cipher_fail; |
3332 | 3585 |
3333 /* initialize auth func context */ | 3586 /* initialize auth func context */ |
3334 auth_start(stream->rtcp_auth); | 3587 srtp_auth_start(stream->rtcp_auth); |
3335 | 3588 |
3336 /* run auth func over packet, put result into tmp_tag */ | 3589 /* run auth func over packet, put result into tmp_tag */ |
3337 status = auth_compute(stream->rtcp_auth, (uint8_t *)auth_start, | 3590 status = srtp_auth_compute(stream->rtcp_auth, (uint8_t *)auth_start, |
3338 auth_len, tmp_tag); | 3591 auth_len, tmp_tag); |
3339 debug_print(mod_srtp, "srtcp computed tag: %s", | 3592 debug_print(mod_srtp, "srtcp computed tag: %s", |
3340 » octet_string_hex_string(tmp_tag, tag_len)); | 3593 » srtp_octet_string_hex_string(tmp_tag, tag_len)); |
3341 if (status) | 3594 if (status) |
3342 return err_status_auth_fail; | 3595 return srtp_err_status_auth_fail; |
3343 | 3596 |
3344 /* compare the tag just computed with the one in the packet */ | 3597 /* compare the tag just computed with the one in the packet */ |
3345 debug_print(mod_srtp, "srtcp tag from packet: %s", | 3598 debug_print(mod_srtp, "srtcp tag from packet: %s", |
3346 » octet_string_hex_string(auth_tag, tag_len)); | 3599 » srtp_octet_string_hex_string(auth_tag, tag_len)); |
3347 if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) | 3600 if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) |
3348 return err_status_auth_fail; | 3601 return srtp_err_status_auth_fail; |
3349 | 3602 |
3350 /* | 3603 /* |
3351 * if we're authenticating using a universal hash, put the keystream | 3604 * if we're authenticating using a universal hash, put the keystream |
3352 * prefix into the authentication tag | 3605 * prefix into the authentication tag |
3353 */ | 3606 */ |
3354 prefix_len = auth_get_prefix_length(stream->rtcp_auth); | 3607 prefix_len = srtp_auth_get_prefix_length(stream->rtcp_auth); |
3355 if (prefix_len) { | 3608 if (prefix_len) { |
3356 status = cipher_output(stream->rtcp_cipher, auth_tag, prefix_len); | 3609 status = srtp_cipher_output(stream->rtcp_cipher, auth_tag, &prefix_len); |
3357 debug_print(mod_srtp, "keystream prefix: %s", | 3610 debug_print(mod_srtp, "keystream prefix: %s", |
3358 » » octet_string_hex_string(auth_tag, prefix_len)); | 3611 » » srtp_octet_string_hex_string(auth_tag, prefix_len)); |
3359 if (status) | 3612 if (status) |
3360 return err_status_cipher_fail; | 3613 return srtp_err_status_cipher_fail; |
3361 } | 3614 } |
3362 | 3615 |
3363 /* if we're decrypting, exor keystream into the message */ | 3616 /* if we're decrypting, exor keystream into the message */ |
3364 if (enc_start) { | 3617 if (enc_start) { |
3365 status = cipher_decrypt(stream->rtcp_cipher, | 3618 status = srtp_cipher_decrypt(stream->rtcp_cipher, (uint8_t *)enc_start, &enc
_octet_len); |
3366 » » » (uint8_t *)enc_start, &enc_octet_len); | |
3367 if (status) | 3619 if (status) |
3368 return err_status_cipher_fail; | 3620 return srtp_err_status_cipher_fail; |
3369 } | 3621 } |
3370 | 3622 |
3371 /* decrease the packet length by the length of the auth tag and seq_num */ | 3623 /* decrease the packet length by the length of the auth tag and seq_num */ |
3372 *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t)); | 3624 *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t)); |
3373 | 3625 |
3374 /* | 3626 /* |
3375 * if EKT is in effect, subtract the EKT data out of the packet | 3627 * if EKT is in effect, subtract the EKT data out of the packet |
3376 * length | 3628 * length |
3377 */ | 3629 */ |
3378 *pkt_octet_len -= ekt_octets_after_base_tag(stream->ekt); | 3630 *pkt_octet_len -= srtp_ekt_octets_after_base_tag(stream->ekt); |
3379 | 3631 |
3380 /* | 3632 /* |
3381 * verify that stream is for received traffic - this check will | 3633 * verify that stream is for received traffic - this check will |
3382 * detect SSRC collisions, since a stream that appears in both | 3634 * detect SSRC collisions, since a stream that appears in both |
3383 * srtp_protect() and srtp_unprotect() will fail this test in one of | 3635 * srtp_protect() and srtp_unprotect() will fail this test in one of |
3384 * those functions. | 3636 * those functions. |
3385 * | 3637 * |
3386 * we do this check *after* the authentication check, so that the | 3638 * we do this check *after* the authentication check, so that the |
3387 * latter check will catch any attempts to fool us into thinking | 3639 * latter check will catch any attempts to fool us into thinking |
3388 * that we've got a collision | 3640 * that we've got a collision |
(...skipping 27 matching lines...) Expand all Loading... |
3416 | 3668 |
3417 /* add new stream to the head of the stream_list */ | 3669 /* add new stream to the head of the stream_list */ |
3418 new_stream->next = ctx->stream_list; | 3670 new_stream->next = ctx->stream_list; |
3419 ctx->stream_list = new_stream; | 3671 ctx->stream_list = new_stream; |
3420 | 3672 |
3421 /* set stream (the pointer used in this function) */ | 3673 /* set stream (the pointer used in this function) */ |
3422 stream = new_stream; | 3674 stream = new_stream; |
3423 } | 3675 } |
3424 | 3676 |
3425 /* we've passed the authentication check, so add seq_num to the rdb */ | 3677 /* we've passed the authentication check, so add seq_num to the rdb */ |
3426 rdb_add_index(&stream->rtcp_rdb, seq_num); | 3678 srtp_rdb_add_index(&stream->rtcp_rdb, seq_num); |
3427 | 3679 |
3428 | 3680 |
3429 return err_status_ok; | 3681 return srtp_err_status_ok; |
3430 } | 3682 } |
3431 | 3683 |
3432 | 3684 |
3433 /* | 3685 /* |
3434 * user data within srtp_t context | 3686 * user data within srtp_t context |
3435 */ | 3687 */ |
3436 | 3688 |
3437 void | 3689 void |
3438 srtp_set_user_data(srtp_t ctx, void *data) { | 3690 srtp_set_user_data(srtp_t ctx, void *data) { |
3439 ctx->user_data = data; | 3691 ctx->user_data = data; |
3440 } | 3692 } |
3441 | 3693 |
3442 void* | 3694 void* |
3443 srtp_get_user_data(srtp_t ctx) { | 3695 srtp_get_user_data(srtp_t ctx) { |
3444 return ctx->user_data; | 3696 return ctx->user_data; |
3445 } | 3697 } |
3446 | 3698 |
3447 | 3699 |
3448 /* | 3700 /* |
3449 * dtls keying for srtp | 3701 * dtls keying for srtp |
3450 */ | 3702 */ |
3451 | 3703 |
3452 err_status_t | 3704 srtp_err_status_t |
3453 crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy, | 3705 srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy, |
3454 » » » » srtp_profile_t profile) { | 3706 » » » » srtp_profile_t profile) { |
3455 | 3707 |
3456 /* set SRTP policy from the SRTP profile in the key set */ | 3708 /* set SRTP policy from the SRTP profile in the key set */ |
3457 switch(profile) { | 3709 switch(profile) { |
3458 case srtp_profile_aes128_cm_sha1_80: | 3710 case srtp_profile_aes128_cm_sha1_80: |
3459 crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); | 3711 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); |
3460 break; | 3712 break; |
3461 case srtp_profile_aes128_cm_sha1_32: | 3713 case srtp_profile_aes128_cm_sha1_32: |
3462 crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); | 3714 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); |
3463 break; | 3715 break; |
3464 case srtp_profile_null_sha1_80: | 3716 case srtp_profile_null_sha1_80: |
3465 crypto_policy_set_null_cipher_hmac_sha1_80(policy); | 3717 srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); |
3466 break; | 3718 break; |
3467 case srtp_profile_aes256_cm_sha1_80: | 3719 case srtp_profile_aes256_cm_sha1_80: |
3468 crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); | 3720 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); |
3469 break; | 3721 break; |
3470 case srtp_profile_aes256_cm_sha1_32: | 3722 case srtp_profile_aes256_cm_sha1_32: |
3471 crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); | 3723 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); |
3472 break; | 3724 break; |
3473 /* the following profiles are not (yet) supported */ | 3725 /* the following profiles are not (yet) supported */ |
3474 case srtp_profile_null_sha1_32: | 3726 case srtp_profile_null_sha1_32: |
3475 default: | 3727 default: |
3476 return err_status_bad_param; | 3728 return srtp_err_status_bad_param; |
3477 } | 3729 } |
3478 | 3730 |
3479 return err_status_ok; | 3731 return srtp_err_status_ok; |
3480 } | 3732 } |
3481 | 3733 |
3482 err_status_t | 3734 srtp_err_status_t |
3483 crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy, | 3735 srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy, |
3484 » » » » » srtp_profile_t profile) { | 3736 » » » » » srtp_profile_t profile) { |
3485 | 3737 |
3486 /* set SRTP policy from the SRTP profile in the key set */ | 3738 /* set SRTP policy from the SRTP profile in the key set */ |
3487 switch(profile) { | 3739 switch(profile) { |
3488 case srtp_profile_aes128_cm_sha1_80: | 3740 case srtp_profile_aes128_cm_sha1_80: |
3489 crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); | 3741 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); |
3490 break; | 3742 break; |
3491 case srtp_profile_aes128_cm_sha1_32: | 3743 case srtp_profile_aes128_cm_sha1_32: |
3492 /* We do not honor the 32-bit auth tag request since | 3744 /* We do not honor the 32-bit auth tag request since |
3493 * this is not compliant with RFC 3711 */ | 3745 * this is not compliant with RFC 3711 */ |
3494 crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); | 3746 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); |
3495 break; | 3747 break; |
3496 case srtp_profile_null_sha1_80: | 3748 case srtp_profile_null_sha1_80: |
3497 crypto_policy_set_null_cipher_hmac_sha1_80(policy); | 3749 srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); |
3498 break; | 3750 break; |
3499 case srtp_profile_aes256_cm_sha1_80: | 3751 case srtp_profile_aes256_cm_sha1_80: |
3500 crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); | 3752 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); |
3501 break; | 3753 break; |
3502 case srtp_profile_aes256_cm_sha1_32: | 3754 case srtp_profile_aes256_cm_sha1_32: |
3503 /* We do not honor the 32-bit auth tag request since | 3755 /* We do not honor the 32-bit auth tag request since |
3504 * this is not compliant with RFC 3711 */ | 3756 * this is not compliant with RFC 3711 */ |
3505 crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); | 3757 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); |
3506 break; | 3758 break; |
3507 /* the following profiles are not (yet) supported */ | 3759 /* the following profiles are not (yet) supported */ |
3508 case srtp_profile_null_sha1_32: | 3760 case srtp_profile_null_sha1_32: |
3509 default: | 3761 default: |
3510 return err_status_bad_param; | 3762 return srtp_err_status_bad_param; |
3511 } | 3763 } |
3512 | 3764 |
3513 return err_status_ok; | 3765 return srtp_err_status_ok; |
3514 } | 3766 } |
3515 | 3767 |
3516 void | 3768 void srtp_append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, uint8_t *s
alt, unsigned int bytes_in_salt) { |
3517 append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, | |
3518 » » uint8_t *salt, unsigned int bytes_in_salt) { | |
3519 | |
3520 memcpy(key + bytes_in_key, salt, bytes_in_salt); | 3769 memcpy(key + bytes_in_key, salt, bytes_in_salt); |
3521 | |
3522 } | 3770 } |
3523 | 3771 |
3524 unsigned int | 3772 unsigned int |
3525 srtp_profile_get_master_key_length(srtp_profile_t profile) { | 3773 srtp_profile_get_master_key_length(srtp_profile_t profile) { |
3526 | 3774 |
3527 switch(profile) { | 3775 switch(profile) { |
3528 case srtp_profile_aes128_cm_sha1_80: | 3776 case srtp_profile_aes128_cm_sha1_80: |
3529 return 16; | 3777 return 16; |
3530 break; | 3778 break; |
3531 case srtp_profile_aes128_cm_sha1_32: | 3779 case srtp_profile_aes128_cm_sha1_32: |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3565 break; | 3813 break; |
3566 case srtp_profile_aes256_cm_sha1_32: | 3814 case srtp_profile_aes256_cm_sha1_32: |
3567 return 14; | 3815 return 14; |
3568 break; | 3816 break; |
3569 /* the following profiles are not (yet) supported */ | 3817 /* the following profiles are not (yet) supported */ |
3570 case srtp_profile_null_sha1_32: | 3818 case srtp_profile_null_sha1_32: |
3571 default: | 3819 default: |
3572 return 0; /* indicate error by returning a zero */ | 3820 return 0; /* indicate error by returning a zero */ |
3573 } | 3821 } |
3574 } | 3822 } |
| 3823 |
| 3824 /* |
| 3825 * SRTP debug interface |
| 3826 */ |
| 3827 srtp_err_status_t srtp_set_debug_module(char *mod_name, int v) |
| 3828 { |
| 3829 return srtp_crypto_kernel_set_debug_module(mod_name, v); |
| 3830 } |
| 3831 |
| 3832 srtp_err_status_t srtp_list_debug_modules(void) |
| 3833 { |
| 3834 return srtp_crypto_kernel_list_debug_modules(); |
| 3835 } |
| 3836 |
OLD | NEW |