| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * ekt.c | |
| 3 * | |
| 4 * Encrypted Key Transport for SRTP | |
| 5 * | |
| 6 * David McGrew | |
| 7 * Cisco Systems, Inc. | |
| 8 */ | |
| 9 /* | |
| 10 * | |
| 11 * Copyright (c) 2001-2006 Cisco Systems, Inc. | |
| 12 * All rights reserved. | |
| 13 * | |
| 14 * Redistribution and use in source and binary forms, with or without | |
| 15 * modification, are permitted provided that the following conditions | |
| 16 * are met: | |
| 17 * | |
| 18 * Redistributions of source code must retain the above copyright | |
| 19 * notice, this list of conditions and the following disclaimer. | |
| 20 * | |
| 21 * Redistributions in binary form must reproduce the above | |
| 22 * copyright notice, this list of conditions and the following | |
| 23 * disclaimer in the documentation and/or other materials provided | |
| 24 * with the distribution. | |
| 25 * | |
| 26 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
| 27 * contributors may be used to endorse or promote products derived | |
| 28 * from this software without specific prior written permission. | |
| 29 * | |
| 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
| 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
| 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 41 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 42 * | |
| 43 */ | |
| 44 | |
| 45 | |
| 46 #include "srtp_priv.h" | |
| 47 #include "err.h" | |
| 48 #include "ekt.h" | |
| 49 | |
| 50 extern debug_module_t mod_srtp; | |
| 51 | |
| 52 /* | |
| 53 * The EKT Authentication Tag format. | |
| 54 * | |
| 55 * 0 1 2 3 | |
| 56 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |
| 57 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
| 58 * : Base Authentication Tag : | |
| 59 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
| 60 * : Encrypted Master Key : | |
| 61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
| 62 * | Rollover Counter | | |
| 63 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
| 64 * | Initial Sequence Number | Security Parameter Index | | |
| 65 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
| 66 * | |
| 67 */ | |
| 68 | |
| 69 #define EKT_OCTETS_AFTER_BASE_TAG 24 | |
| 70 #define EKT_OCTETS_AFTER_EMK 8 | |
| 71 #define EKT_OCTETS_AFTER_ROC 4 | |
| 72 #define EKT_SPI_LEN 2 | |
| 73 | |
| 74 unsigned | |
| 75 ekt_octets_after_base_tag(ekt_stream_t ekt) { | |
| 76 /* | |
| 77 * if the pointer ekt is NULL, then EKT is not in effect, so we | |
| 78 * indicate this by returning zero | |
| 79 */ | |
| 80 if (!ekt) | |
| 81 return 0; | |
| 82 | |
| 83 switch(ekt->data->ekt_cipher_type) { | |
| 84 case EKT_CIPHER_AES_128_ECB: | |
| 85 return 16 + EKT_OCTETS_AFTER_EMK; | |
| 86 break; | |
| 87 default: | |
| 88 break; | |
| 89 } | |
| 90 return 0; | |
| 91 } | |
| 92 | |
| 93 static inline ekt_spi_t | |
| 94 srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) { | |
| 95 const uint8_t *spi_location; | |
| 96 | |
| 97 spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN); | |
| 98 | |
| 99 return *((const ekt_spi_t *)spi_location); | |
| 100 } | |
| 101 | |
| 102 static inline uint32_t | |
| 103 srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) { | |
| 104 const uint8_t *roc_location; | |
| 105 | |
| 106 roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC); | |
| 107 | |
| 108 return *((const uint32_t *)roc_location); | |
| 109 } | |
| 110 | |
| 111 static inline const uint8_t * | |
| 112 srtcp_packet_get_emk_location(const uint8_t *packet_start, | |
| 113 unsigned pkt_octet_len) { | |
| 114 const uint8_t *location; | |
| 115 | |
| 116 location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG); | |
| 117 | |
| 118 return location; | |
| 119 } | |
| 120 | |
| 121 | |
| 122 err_status_t | |
| 123 ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy) { | |
| 124 | |
| 125 /* | |
| 126 * if the policy pointer is NULL, then EKT is not in use | |
| 127 * so we just set the EKT stream data pointer to NULL | |
| 128 */ | |
| 129 if (!policy) { | |
| 130 *stream_data = NULL; | |
| 131 return err_status_ok; | |
| 132 } | |
| 133 | |
| 134 /* TODO */ | |
| 135 *stream_data = NULL; | |
| 136 | |
| 137 return err_status_ok; | |
| 138 } | |
| 139 | |
| 140 err_status_t | |
| 141 ekt_stream_init_from_policy(ekt_stream_t stream_data, ekt_policy_t policy) { | |
| 142 if (!stream_data) | |
| 143 return err_status_ok; | |
| 144 | |
| 145 return err_status_ok; | |
| 146 } | |
| 147 | |
| 148 | |
| 149 void | |
| 150 aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) { | |
| 151 #ifndef OPENSSL | |
| 152 //FIXME: need to get this working through the crypto module interface | |
| 153 aes_expanded_key_t expanded_key; | |
| 154 | |
| 155 aes_expand_decryption_key(key, key_len, &expanded_key); | |
| 156 aes_decrypt(ciphertext, &expanded_key); | |
| 157 #endif | |
| 158 } | |
| 159 | |
| 160 /* | |
| 161 * The function srtp_stream_init_from_ekt() initializes a stream using | |
| 162 * the EKT data from an SRTCP trailer. | |
| 163 */ | |
| 164 | |
| 165 err_status_t | |
| 166 srtp_stream_init_from_ekt(srtp_stream_t stream, | |
| 167 const void *srtcp_hdr, | |
| 168 unsigned pkt_octet_len) { | |
| 169 err_status_t err; | |
| 170 const uint8_t *master_key; | |
| 171 srtp_policy_t srtp_policy; | |
| 172 uint32_t roc; | |
| 173 | |
| 174 /* | |
| 175 * NOTE: at present, we only support a single ekt_policy at a time. | |
| 176 */ | |
| 177 if (stream->ekt->data->spi != | |
| 178 srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len)) | |
| 179 return err_status_no_ctx; | |
| 180 | |
| 181 if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB) | |
| 182 return err_status_bad_param; | |
| 183 | |
| 184 /* decrypt the Encrypted Master Key field */ | |
| 185 master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len); | |
| 186 /* FIX!? This decrypts the master key in-place, and never uses it */ | |
| 187 /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t) | |
| 188 * to a function which expects a raw (unexpanded) key */ | |
| 189 aes_decrypt_with_raw_key((void*)master_key, &stream->ekt->data->ekt_dec_key, 1
6); | |
| 190 | |
| 191 /* set the SRTP ROC */ | |
| 192 roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len); | |
| 193 err = rdbx_set_roc(&stream->rtp_rdbx, roc); | |
| 194 if (err) return err; | |
| 195 | |
| 196 err = srtp_stream_init(stream, &srtp_policy); | |
| 197 if (err) return err; | |
| 198 | |
| 199 return err_status_ok; | |
| 200 } | |
| 201 | |
| 202 void | |
| 203 ekt_write_data(ekt_stream_t ekt, | |
| 204 uint8_t *base_tag, | |
| 205 unsigned base_tag_len, | |
| 206 int *packet_len, | |
| 207 xtd_seq_num_t pkt_index) { | |
| 208 uint32_t roc; | |
| 209 uint16_t isn; | |
| 210 unsigned emk_len; | |
| 211 uint8_t *packet; | |
| 212 | |
| 213 /* if the pointer ekt is NULL, then EKT is not in effect */ | |
| 214 if (!ekt) { | |
| 215 debug_print(mod_srtp, "EKT not in use", NULL); | |
| 216 return; | |
| 217 } | |
| 218 | |
| 219 /* write zeros into the location of the base tag */ | |
| 220 octet_string_set_to_zero(base_tag, base_tag_len); | |
| 221 packet = base_tag + base_tag_len; | |
| 222 | |
| 223 /* copy encrypted master key into packet */ | |
| 224 emk_len = ekt_octets_after_base_tag(ekt); | |
| 225 memcpy(packet, ekt->encrypted_master_key, emk_len); | |
| 226 debug_print(mod_srtp, "writing EKT EMK: %s,", | |
| 227 octet_string_hex_string(packet, emk_len)); | |
| 228 packet += emk_len; | |
| 229 | |
| 230 /* copy ROC into packet */ | |
| 231 roc = (uint32_t)(pkt_index >> 16); | |
| 232 *((uint32_t *)packet) = be32_to_cpu(roc); | |
| 233 debug_print(mod_srtp, "writing EKT ROC: %s,", | |
| 234 octet_string_hex_string(packet, sizeof(roc))); | |
| 235 packet += sizeof(roc); | |
| 236 | |
| 237 /* copy ISN into packet */ | |
| 238 isn = (uint16_t)pkt_index; | |
| 239 *((uint16_t *)packet) = htons(isn); | |
| 240 debug_print(mod_srtp, "writing EKT ISN: %s,", | |
| 241 octet_string_hex_string(packet, sizeof(isn))); | |
| 242 packet += sizeof(isn); | |
| 243 | |
| 244 /* copy SPI into packet */ | |
| 245 *((uint16_t *)packet) = htons(ekt->data->spi); | |
| 246 debug_print(mod_srtp, "writing EKT SPI: %s,", | |
| 247 octet_string_hex_string(packet, sizeof(ekt->data->spi))); | |
| 248 | |
| 249 /* increase packet length appropriately */ | |
| 250 *packet_len += EKT_OCTETS_AFTER_EMK + emk_len; | |
| 251 } | |
| 252 | |
| 253 | |
| 254 /* | |
| 255 * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag ) | |
| 256 * | |
| 257 * If the pointer ekt is NULL, then the other inputs are unaffected. | |
| 258 * | |
| 259 * auth_tag is a pointer to the pointer to the location of the | |
| 260 * authentication tag in the packet. If EKT is in effect, then the | |
| 261 * auth_tag pointer is set to the location | |
| 262 */ | |
| 263 | |
| 264 void | |
| 265 srtcp_ekt_trailer(ekt_stream_t ekt, | |
| 266 unsigned *auth_len, | |
| 267 void **auth_tag, | |
| 268 void *tag_copy) { | |
| 269 | |
| 270 /* | |
| 271 * if there is no EKT policy, then the other inputs are unaffected | |
| 272 */ | |
| 273 if (!ekt) | |
| 274 return; | |
| 275 | |
| 276 /* copy auth_tag into temporary location */ | |
| 277 | |
| 278 } | |
| 279 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2344973002:
Update libsrtp to version 2.0 (Closed)
