OLD | NEW |
| (Empty) |
1 /* | |
2 * ekt.c | |
3 * | |
4 * Encrypted Key Transport for SRTP | |
5 * | |
6 * David McGrew | |
7 * Cisco Systems, Inc. | |
8 */ | |
9 /* | |
10 * | |
11 * Copyright (c) 2001-2006 Cisco Systems, Inc. | |
12 * All rights reserved. | |
13 * | |
14 * Redistribution and use in source and binary forms, with or without | |
15 * modification, are permitted provided that the following conditions | |
16 * are met: | |
17 * | |
18 * Redistributions of source code must retain the above copyright | |
19 * notice, this list of conditions and the following disclaimer. | |
20 * | |
21 * Redistributions in binary form must reproduce the above | |
22 * copyright notice, this list of conditions and the following | |
23 * disclaimer in the documentation and/or other materials provided | |
24 * with the distribution. | |
25 * | |
26 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
27 * contributors may be used to endorse or promote products derived | |
28 * from this software without specific prior written permission. | |
29 * | |
30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
41 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
42 * | |
43 */ | |
44 | |
45 | |
46 #include "srtp_priv.h" | |
47 #include "err.h" | |
48 #include "ekt.h" | |
49 | |
50 extern debug_module_t mod_srtp; | |
51 | |
52 /* | |
53 * The EKT Authentication Tag format. | |
54 * | |
55 * 0 1 2 3 | |
56 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |
57 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
58 * : Base Authentication Tag : | |
59 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
60 * : Encrypted Master Key : | |
61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
62 * | Rollover Counter | | |
63 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
64 * | Initial Sequence Number | Security Parameter Index | | |
65 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
66 * | |
67 */ | |
68 | |
69 #define EKT_OCTETS_AFTER_BASE_TAG 24 | |
70 #define EKT_OCTETS_AFTER_EMK 8 | |
71 #define EKT_OCTETS_AFTER_ROC 4 | |
72 #define EKT_SPI_LEN 2 | |
73 | |
74 unsigned | |
75 ekt_octets_after_base_tag(ekt_stream_t ekt) { | |
76 /* | |
77 * if the pointer ekt is NULL, then EKT is not in effect, so we | |
78 * indicate this by returning zero | |
79 */ | |
80 if (!ekt) | |
81 return 0; | |
82 | |
83 switch(ekt->data->ekt_cipher_type) { | |
84 case EKT_CIPHER_AES_128_ECB: | |
85 return 16 + EKT_OCTETS_AFTER_EMK; | |
86 break; | |
87 default: | |
88 break; | |
89 } | |
90 return 0; | |
91 } | |
92 | |
93 static inline ekt_spi_t | |
94 srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) { | |
95 const uint8_t *spi_location; | |
96 | |
97 spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN); | |
98 | |
99 return *((const ekt_spi_t *)spi_location); | |
100 } | |
101 | |
102 static inline uint32_t | |
103 srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) { | |
104 const uint8_t *roc_location; | |
105 | |
106 roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC); | |
107 | |
108 return *((const uint32_t *)roc_location); | |
109 } | |
110 | |
111 static inline const uint8_t * | |
112 srtcp_packet_get_emk_location(const uint8_t *packet_start, | |
113 unsigned pkt_octet_len) { | |
114 const uint8_t *location; | |
115 | |
116 location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG); | |
117 | |
118 return location; | |
119 } | |
120 | |
121 | |
122 err_status_t | |
123 ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy) { | |
124 | |
125 /* | |
126 * if the policy pointer is NULL, then EKT is not in use | |
127 * so we just set the EKT stream data pointer to NULL | |
128 */ | |
129 if (!policy) { | |
130 *stream_data = NULL; | |
131 return err_status_ok; | |
132 } | |
133 | |
134 /* TODO */ | |
135 *stream_data = NULL; | |
136 | |
137 return err_status_ok; | |
138 } | |
139 | |
140 err_status_t | |
141 ekt_stream_init_from_policy(ekt_stream_t stream_data, ekt_policy_t policy) { | |
142 if (!stream_data) | |
143 return err_status_ok; | |
144 | |
145 return err_status_ok; | |
146 } | |
147 | |
148 | |
149 void | |
150 aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) { | |
151 #ifndef OPENSSL | |
152 //FIXME: need to get this working through the crypto module interface | |
153 aes_expanded_key_t expanded_key; | |
154 | |
155 aes_expand_decryption_key(key, key_len, &expanded_key); | |
156 aes_decrypt(ciphertext, &expanded_key); | |
157 #endif | |
158 } | |
159 | |
160 /* | |
161 * The function srtp_stream_init_from_ekt() initializes a stream using | |
162 * the EKT data from an SRTCP trailer. | |
163 */ | |
164 | |
165 err_status_t | |
166 srtp_stream_init_from_ekt(srtp_stream_t stream, | |
167 const void *srtcp_hdr, | |
168 unsigned pkt_octet_len) { | |
169 err_status_t err; | |
170 const uint8_t *master_key; | |
171 srtp_policy_t srtp_policy; | |
172 uint32_t roc; | |
173 | |
174 /* | |
175 * NOTE: at present, we only support a single ekt_policy at a time. | |
176 */ | |
177 if (stream->ekt->data->spi != | |
178 srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len)) | |
179 return err_status_no_ctx; | |
180 | |
181 if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB) | |
182 return err_status_bad_param; | |
183 | |
184 /* decrypt the Encrypted Master Key field */ | |
185 master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len); | |
186 /* FIX!? This decrypts the master key in-place, and never uses it */ | |
187 /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t) | |
188 * to a function which expects a raw (unexpanded) key */ | |
189 aes_decrypt_with_raw_key((void*)master_key, &stream->ekt->data->ekt_dec_key, 1
6); | |
190 | |
191 /* set the SRTP ROC */ | |
192 roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len); | |
193 err = rdbx_set_roc(&stream->rtp_rdbx, roc); | |
194 if (err) return err; | |
195 | |
196 err = srtp_stream_init(stream, &srtp_policy); | |
197 if (err) return err; | |
198 | |
199 return err_status_ok; | |
200 } | |
201 | |
202 void | |
203 ekt_write_data(ekt_stream_t ekt, | |
204 uint8_t *base_tag, | |
205 unsigned base_tag_len, | |
206 int *packet_len, | |
207 xtd_seq_num_t pkt_index) { | |
208 uint32_t roc; | |
209 uint16_t isn; | |
210 unsigned emk_len; | |
211 uint8_t *packet; | |
212 | |
213 /* if the pointer ekt is NULL, then EKT is not in effect */ | |
214 if (!ekt) { | |
215 debug_print(mod_srtp, "EKT not in use", NULL); | |
216 return; | |
217 } | |
218 | |
219 /* write zeros into the location of the base tag */ | |
220 octet_string_set_to_zero(base_tag, base_tag_len); | |
221 packet = base_tag + base_tag_len; | |
222 | |
223 /* copy encrypted master key into packet */ | |
224 emk_len = ekt_octets_after_base_tag(ekt); | |
225 memcpy(packet, ekt->encrypted_master_key, emk_len); | |
226 debug_print(mod_srtp, "writing EKT EMK: %s,", | |
227 octet_string_hex_string(packet, emk_len)); | |
228 packet += emk_len; | |
229 | |
230 /* copy ROC into packet */ | |
231 roc = (uint32_t)(pkt_index >> 16); | |
232 *((uint32_t *)packet) = be32_to_cpu(roc); | |
233 debug_print(mod_srtp, "writing EKT ROC: %s,", | |
234 octet_string_hex_string(packet, sizeof(roc))); | |
235 packet += sizeof(roc); | |
236 | |
237 /* copy ISN into packet */ | |
238 isn = (uint16_t)pkt_index; | |
239 *((uint16_t *)packet) = htons(isn); | |
240 debug_print(mod_srtp, "writing EKT ISN: %s,", | |
241 octet_string_hex_string(packet, sizeof(isn))); | |
242 packet += sizeof(isn); | |
243 | |
244 /* copy SPI into packet */ | |
245 *((uint16_t *)packet) = htons(ekt->data->spi); | |
246 debug_print(mod_srtp, "writing EKT SPI: %s,", | |
247 octet_string_hex_string(packet, sizeof(ekt->data->spi))); | |
248 | |
249 /* increase packet length appropriately */ | |
250 *packet_len += EKT_OCTETS_AFTER_EMK + emk_len; | |
251 } | |
252 | |
253 | |
254 /* | |
255 * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag ) | |
256 * | |
257 * If the pointer ekt is NULL, then the other inputs are unaffected. | |
258 * | |
259 * auth_tag is a pointer to the pointer to the location of the | |
260 * authentication tag in the packet. If EKT is in effect, then the | |
261 * auth_tag pointer is set to the location | |
262 */ | |
263 | |
264 void | |
265 srtcp_ekt_trailer(ekt_stream_t ekt, | |
266 unsigned *auth_len, | |
267 void **auth_tag, | |
268 void *tag_copy) { | |
269 | |
270 /* | |
271 * if there is no EKT policy, then the other inputs are unaffected | |
272 */ | |
273 if (!ekt) | |
274 return; | |
275 | |
276 /* copy auth_tag into temporary location */ | |
277 | |
278 } | |
279 | |
OLD | NEW |