Index: srtp/srtp.c |
diff --git a/srtp/srtp/srtp.c b/srtp/srtp.c |
similarity index 70% |
rename from srtp/srtp/srtp.c |
rename to srtp/srtp.c |
index a5c7412a3bdd868790952a48187f28a5654999ba..191a9a3272ba5bc747f08aeaaae3f8a9bffd39a4 100644 |
--- a/srtp/srtp/srtp.c |
+++ b/srtp/srtp.c |
@@ -42,27 +42,31 @@ |
* |
*/ |
- |
+#include "srtp.h" |
#include "srtp_priv.h" |
+#include "crypto_types.h" |
+#include "err.h" |
#include "ekt.h" /* for SRTP Encrypted Key Transport */ |
-#include "alloc.h" /* for crypto_alloc() */ |
+#include "alloc.h" /* for srtp_crypto_alloc() */ |
#ifdef OPENSSL |
#include "aes_gcm_ossl.h" /* for AES GCM mode */ |
+# ifdef OPENSSL_KDF |
+# include <openssl/kdf.h> |
+# include "aes_icm_ossl.h" /* for AES GCM mode */ |
+# endif |
#endif |
-#ifndef SRTP_KERNEL |
-# include <limits.h> |
-# ifdef HAVE_NETINET_IN_H |
-# include <netinet/in.h> |
-# elif defined(HAVE_WINSOCK2_H) |
-# include <winsock2.h> |
-# endif |
-#endif /* ! SRTP_KERNEL */ |
+#include <limits.h> |
+#ifdef HAVE_NETINET_IN_H |
+# include <netinet/in.h> |
+#elif defined(HAVE_WINSOCK2_H) |
+# include <winsock2.h> |
+#endif |
/* the debug module for srtp */ |
-debug_module_t mod_srtp = { |
+srtp_debug_module_t mod_srtp = { |
0, /* debugging is off by default */ |
"srtp" /* printable name for module */ |
}; |
@@ -73,10 +77,10 @@ debug_module_t mod_srtp = { |
#define uint32s_in_rtcp_header 2 |
#define octets_in_rtp_extn_hdr 4 |
-static err_status_t |
+static srtp_err_status_t |
srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) { |
if (*pkt_octet_len < octets_in_rtp_header) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; |
@@ -86,7 +90,7 @@ srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) { |
rtp_header_len += octets_in_rtp_extn_hdr; |
if (*pkt_octet_len < rtp_header_len) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
/* Verifing profile length. */ |
if (hdr->x == 1) { |
@@ -96,9 +100,9 @@ srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) { |
rtp_header_len += profile_len * 4; |
/* profile length counts the number of 32-bit words */ |
if (*pkt_octet_len < rtp_header_len) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
} |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
const char *srtp_get_version_string () |
@@ -140,11 +144,38 @@ unsigned int srtp_get_version () |
return rv; |
} |
-err_status_t |
+/* Release (maybe partially allocated) stream. */ |
+static void |
+srtp_stream_free(srtp_stream_ctx_t *str) { |
+ if (str->rtp_xtn_hdr_cipher) { |
+ srtp_cipher_dealloc(str->rtp_xtn_hdr_cipher); |
+ } |
+ if (str->enc_xtn_hdr) { |
+ srtp_crypto_free(str->enc_xtn_hdr); |
+ } |
+ if (str->rtcp_auth) { |
+ srtp_auth_dealloc(str->rtcp_auth); |
+ } |
+ if (str->rtcp_cipher) { |
+ srtp_cipher_dealloc(str->rtcp_cipher); |
+ } |
+ if (str->limit) { |
+ srtp_crypto_free(str->limit); |
+ } |
+ if (str->rtp_auth) { |
+ srtp_auth_dealloc(str->rtp_auth); |
+ } |
+ if (str->rtp_cipher) { |
+ srtp_cipher_dealloc(str->rtp_cipher); |
+ } |
+ srtp_crypto_free(str); |
+} |
+ |
+srtp_err_status_t |
srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, |
const srtp_policy_t *p) { |
srtp_stream_ctx_t *str; |
- err_status_t stat; |
+ srtp_err_status_t stat; |
/* |
* This function allocates the stream context, rtp and rtcp ciphers |
@@ -155,108 +186,90 @@ srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, |
*/ |
/* allocate srtp stream and set str_ptr */ |
- str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t)); |
+ str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); |
if (str == NULL) |
- return err_status_alloc_fail; |
- *str_ptr = str; |
- |
+ return srtp_err_status_alloc_fail; |
+ |
+ memset(str, 0, sizeof(srtp_stream_ctx_t)); |
+ *str_ptr = str; |
+ |
/* allocate cipher */ |
- stat = crypto_kernel_alloc_cipher(p->rtp.cipher_type, |
+ stat = srtp_crypto_kernel_alloc_cipher(p->rtp.cipher_type, |
&str->rtp_cipher, |
p->rtp.cipher_key_len, |
p->rtp.auth_tag_len); |
if (stat) { |
- crypto_free(str); |
+ srtp_stream_free(str); |
return stat; |
} |
/* allocate auth function */ |
- stat = crypto_kernel_alloc_auth(p->rtp.auth_type, |
+ stat = srtp_crypto_kernel_alloc_auth(p->rtp.auth_type, |
&str->rtp_auth, |
p->rtp.auth_key_len, |
p->rtp.auth_tag_len); |
if (stat) { |
- cipher_dealloc(str->rtp_cipher); |
- crypto_free(str); |
+ srtp_stream_free(str); |
return stat; |
} |
/* allocate key limit structure */ |
- str->limit = (key_limit_ctx_t*) crypto_alloc(sizeof(key_limit_ctx_t)); |
+ str->limit = (srtp_key_limit_ctx_t*) srtp_crypto_alloc(sizeof(srtp_key_limit_ctx_t)); |
if (str->limit == NULL) { |
- auth_dealloc(str->rtp_auth); |
- cipher_dealloc(str->rtp_cipher); |
- crypto_free(str); |
- return err_status_alloc_fail; |
+ srtp_stream_free(str); |
+ return srtp_err_status_alloc_fail; |
} |
/* |
* ...and now the RTCP-specific initialization - first, allocate |
* the cipher |
*/ |
- stat = crypto_kernel_alloc_cipher(p->rtcp.cipher_type, |
+ stat = srtp_crypto_kernel_alloc_cipher(p->rtcp.cipher_type, |
&str->rtcp_cipher, |
p->rtcp.cipher_key_len, |
p->rtcp.auth_tag_len); |
if (stat) { |
- auth_dealloc(str->rtp_auth); |
- cipher_dealloc(str->rtp_cipher); |
- crypto_free(str->limit); |
- crypto_free(str); |
+ srtp_stream_free(str); |
return stat; |
} |
/* allocate auth function */ |
- stat = crypto_kernel_alloc_auth(p->rtcp.auth_type, |
+ stat = srtp_crypto_kernel_alloc_auth(p->rtcp.auth_type, |
&str->rtcp_auth, |
p->rtcp.auth_key_len, |
p->rtcp.auth_tag_len); |
if (stat) { |
- cipher_dealloc(str->rtcp_cipher); |
- auth_dealloc(str->rtp_auth); |
- cipher_dealloc(str->rtp_cipher); |
- crypto_free(str->limit); |
- crypto_free(str); |
- return stat; |
+ srtp_stream_free(str); |
+ return stat; |
} |
/* allocate ekt data associated with stream */ |
- stat = ekt_alloc(&str->ekt, p->ekt); |
+ stat = srtp_ekt_alloc(&str->ekt, p->ekt); |
if (stat) { |
- auth_dealloc(str->rtcp_auth); |
- cipher_dealloc(str->rtcp_cipher); |
- auth_dealloc(str->rtp_auth); |
- cipher_dealloc(str->rtp_cipher); |
- crypto_free(str->limit); |
- crypto_free(str); |
- return stat; |
+ srtp_stream_free(str); |
+ return stat; |
} |
if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) { |
- cipher_type_id_t enc_xtn_hdr_cipher_type; |
+ srtp_cipher_type_id_t enc_xtn_hdr_cipher_type; |
int enc_xtn_hdr_cipher_key_len; |
- str->enc_xtn_hdr = (int*) crypto_alloc(p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); |
+ str->enc_xtn_hdr = (int*) srtp_crypto_alloc(p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); |
if (!str->enc_xtn_hdr) { |
- auth_dealloc(str->rtcp_auth); |
- cipher_dealloc(str->rtcp_cipher); |
- auth_dealloc(str->rtp_auth); |
- cipher_dealloc(str->rtp_cipher); |
- crypto_free(str->limit); |
- crypto_free(str); |
- return err_status_alloc_fail; |
+ srtp_stream_free(str); |
+ return srtp_err_status_alloc_fail; |
} |
memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr, p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); |
str->enc_xtn_hdr_count = p->enc_xtn_hdr_count; |
/* For GCM ciphers, the corresponding ICM cipher is used for header extensions encryption. */ |
switch (p->rtp.cipher_type) { |
- case AES_128_GCM: |
- enc_xtn_hdr_cipher_type = AES_128_ICM; |
+ case SRTP_AES_128_GCM: |
+ enc_xtn_hdr_cipher_type = SRTP_AES_128_ICM; |
enc_xtn_hdr_cipher_key_len = 30; |
break; |
- case AES_256_GCM: |
- enc_xtn_hdr_cipher_type = AES_256_ICM; |
+ case SRTP_AES_256_GCM: |
+ enc_xtn_hdr_cipher_type = SRTP_AES_256_ICM; |
enc_xtn_hdr_cipher_key_len = 46; |
break; |
default: |
@@ -266,19 +279,12 @@ srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, |
} |
/* allocate cipher for extensions header encryption */ |
- stat = crypto_kernel_alloc_cipher(enc_xtn_hdr_cipher_type, |
+ stat = srtp_crypto_kernel_alloc_cipher(enc_xtn_hdr_cipher_type, |
&str->rtp_xtn_hdr_cipher, |
enc_xtn_hdr_cipher_key_len, |
0); |
- |
if (stat) { |
- crypto_free(str->enc_xtn_hdr); |
- auth_dealloc(str->rtcp_auth); |
- cipher_dealloc(str->rtcp_cipher); |
- auth_dealloc(str->rtp_auth); |
- cipher_dealloc(str->rtp_cipher); |
- crypto_free(str->limit); |
- crypto_free(str); |
+ srtp_stream_free(str); |
return stat; |
} |
} else { |
@@ -287,12 +293,12 @@ srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, |
str->enc_xtn_hdr_count = 0; |
} |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
-srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) { |
- err_status_t status; |
+srtp_err_status_t |
+srtp_stream_dealloc(srtp_stream_ctx_t *stream, srtp_stream_ctx_t *stream_template) { |
+ srtp_err_status_t status; |
/* |
* we use a conservative deallocation strategy - if any deallocation |
@@ -301,38 +307,38 @@ srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) { |
*/ |
/* deallocate cipher, if it is not the same as that in template */ |
- if (session->stream_template |
- && stream->rtp_cipher == session->stream_template->rtp_cipher) { |
+ if (stream_template |
+ && stream->rtp_cipher == stream_template->rtp_cipher) { |
/* do nothing */ |
} else { |
- status = cipher_dealloc(stream->rtp_cipher); |
+ status = srtp_cipher_dealloc(stream->rtp_cipher); |
if (status) |
return status; |
} |
/* deallocate auth function, if it is not the same as that in template */ |
- if (session->stream_template |
- && stream->rtp_auth == session->stream_template->rtp_auth) { |
+ if (stream_template |
+ && stream->rtp_auth == stream_template->rtp_auth) { |
/* do nothing */ |
} else { |
- status = auth_dealloc(stream->rtp_auth); |
+ status = srtp_auth_dealloc(stream->rtp_auth); |
if (status) |
return status; |
} |
/* deallocate key usage limit, if it is not the same as that in template */ |
- if (session->stream_template |
- && stream->limit == session->stream_template->limit) { |
+ if (stream_template |
+ && stream->limit == stream_template->limit) { |
/* do nothing */ |
} else { |
- crypto_free(stream->limit); |
+ srtp_crypto_free(stream->limit); |
} |
- if (session->stream_template |
- && stream->rtp_xtn_hdr_cipher == session->stream_template->rtp_xtn_hdr_cipher) { |
+ if (stream_template |
+ && stream->rtp_xtn_hdr_cipher == stream_template->rtp_xtn_hdr_cipher) { |
/* do nothing */ |
} else if (stream->rtp_xtn_hdr_cipher) { |
- status = cipher_dealloc(stream->rtp_xtn_hdr_cipher); |
+ status = srtp_cipher_dealloc(stream->rtp_xtn_hdr_cipher); |
if (status) |
return status; |
} |
@@ -341,11 +347,11 @@ srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) { |
* deallocate rtcp cipher, if it is not the same as that in |
* template |
*/ |
- if (session->stream_template |
- && stream->rtcp_cipher == session->stream_template->rtcp_cipher) { |
+ if (stream_template |
+ && stream->rtcp_cipher == stream_template->rtcp_cipher) { |
/* do nothing */ |
} else { |
- status = cipher_dealloc(stream->rtcp_cipher); |
+ status = srtp_cipher_dealloc(stream->rtcp_cipher); |
if (status) |
return status; |
} |
@@ -354,26 +360,26 @@ srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) { |
* deallocate rtcp auth function, if it is not the same as that in |
* template |
*/ |
- if (session->stream_template |
- && stream->rtcp_auth == session->stream_template->rtcp_auth) { |
+ if (stream_template |
+ && stream->rtcp_auth == stream_template->rtcp_auth) { |
/* do nothing */ |
} else { |
- status = auth_dealloc(stream->rtcp_auth); |
+ status = srtp_auth_dealloc(stream->rtcp_auth); |
if (status) |
return status; |
} |
- status = rdbx_dealloc(&stream->rtp_rdbx); |
+ status = srtp_rdbx_dealloc(&stream->rtp_rdbx); |
if (status) |
return status; |
/* DAM - need to deallocate EKT here */ |
- if (session->stream_template |
- && stream->enc_xtn_hdr == session->stream_template->enc_xtn_hdr) { |
+ if (stream_template |
+ && stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) { |
/* do nothing */ |
} else if (stream->enc_xtn_hdr) { |
- crypto_free(stream->enc_xtn_hdr); |
+ srtp_crypto_free(stream->enc_xtn_hdr); |
} |
/* |
@@ -384,9 +390,9 @@ srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) { |
/* deallocate srtp stream context */ |
- crypto_free(stream); |
+ srtp_crypto_free(stream); |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
@@ -398,19 +404,19 @@ srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) { |
* the SSRC |
*/ |
-err_status_t |
+srtp_err_status_t |
srtp_stream_clone(const srtp_stream_ctx_t *stream_template, |
uint32_t ssrc, |
srtp_stream_ctx_t **str_ptr) { |
- err_status_t status; |
+ srtp_err_status_t status; |
srtp_stream_ctx_t *str; |
- debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ssrc); |
+ debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ntohl(ssrc)); |
/* allocate srtp stream and set str_ptr */ |
- str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t)); |
+ str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); |
if (str == NULL) |
- return err_status_alloc_fail; |
+ return srtp_err_status_alloc_fail; |
*str_ptr = str; |
/* set cipher and auth pointers to those of the template */ |
@@ -421,22 +427,22 @@ srtp_stream_clone(const srtp_stream_ctx_t *stream_template, |
str->rtcp_auth = stream_template->rtcp_auth; |
/* set key limit to point to that of the template */ |
- status = key_limit_clone(stream_template->limit, &str->limit); |
+ status = srtp_key_limit_clone(stream_template->limit, &str->limit); |
if (status) { |
- crypto_free(*str_ptr); |
+ srtp_crypto_free(*str_ptr); |
*str_ptr = NULL; |
return status; |
} |
/* initialize replay databases */ |
- status = rdbx_init(&str->rtp_rdbx, |
- rdbx_get_window_size(&stream_template->rtp_rdbx)); |
+ status = srtp_rdbx_init(&str->rtp_rdbx, |
+ srtp_rdbx_get_window_size(&stream_template->rtp_rdbx)); |
if (status) { |
- crypto_free(*str_ptr); |
+ srtp_crypto_free(*str_ptr); |
*str_ptr = NULL; |
return status; |
} |
- rdb_init(&str->rtcp_rdb); |
+ srtp_rdb_init(&str->rtcp_rdb); |
str->allow_repeat_tx = stream_template->allow_repeat_tx; |
/* set ssrc to that provided */ |
@@ -450,18 +456,18 @@ srtp_stream_clone(const srtp_stream_ctx_t *stream_template, |
/* set pointer to EKT data associated with stream */ |
str->ekt = stream_template->ekt; |
- /* copy information about extensions header encryption */ |
- str->enc_xtn_hdr = stream_template->enc_xtn_hdr; |
- str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count; |
- |
/* Copy the salt values */ |
memcpy(str->salt, stream_template->salt, SRTP_AEAD_SALT_LEN); |
memcpy(str->c_salt, stream_template->c_salt, SRTP_AEAD_SALT_LEN); |
+ /* copy information about extensions header encryption */ |
+ str->enc_xtn_hdr = stream_template->enc_xtn_hdr; |
+ str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count; |
+ |
/* defensive coding */ |
str->next = NULL; |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
@@ -492,73 +498,139 @@ typedef enum { |
label_rtp_header_salt = 0x07 |
} srtp_prf_label; |
+#define MAX_SRTP_KEY_LEN 256 |
+ |
+#if defined(OPENSSL) && defined(OPENSSL_KDF) |
+#define MAX_SRTP_AESKEY_LEN 32 |
+#define MAX_SRTP_SALT_LEN 14 |
/* |
* srtp_kdf_t represents a key derivation function. The SRTP |
* default KDF is the only one implemented at present. |
*/ |
- |
typedef struct { |
- cipher_t *cipher; /* cipher used for key derivation */ |
+ uint8_t master_key[MAX_SRTP_AESKEY_LEN]; |
+ uint8_t master_salt[MAX_SRTP_SALT_LEN]; |
+ const EVP_CIPHER *evp; |
} srtp_kdf_t; |
-err_status_t |
-srtp_kdf_init(srtp_kdf_t *kdf, cipher_type_id_t cipher_id, const uint8_t *key, int length) { |
- err_status_t stat; |
- stat = crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, length, 0); |
- if (stat) |
- return stat; |
+static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int key_len, int salt_len) |
+{ |
+ memset(kdf, 0x0, sizeof(srtp_kdf_t)); |
- stat = cipher_init(kdf->cipher, key); |
- if (stat) { |
- cipher_dealloc(kdf->cipher); |
- return stat; |
- } |
+ /* The NULL cipher has zero key length */ |
+ if (key_len == 0) return srtp_err_status_ok; |
+ |
+ if ((key_len > MAX_SRTP_AESKEY_LEN) || (salt_len > MAX_SRTP_SALT_LEN)) { |
+ return srtp_err_status_bad_param; |
+ } |
+ switch (key_len) { |
+ case SRTP_AES_256_KEYSIZE: |
+ kdf->evp = EVP_aes_256_ctr(); |
+ break; |
+ case SRTP_AES_192_KEYSIZE: |
+ kdf->evp = EVP_aes_192_ctr(); |
+ break; |
+ case SRTP_AES_128_KEYSIZE: |
+ kdf->evp = EVP_aes_128_ctr(); |
+ break; |
+ default: |
+ return srtp_err_status_bad_param; |
+ break; |
+ } |
+ memcpy(kdf->master_key, key, key_len); |
+ memcpy(kdf->master_salt, key+key_len, salt_len); |
+ return srtp_err_status_ok; |
+} |
+ |
+static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, uint8_t *key, unsigned int length) |
+{ |
+ int ret; |
+ |
+ /* The NULL cipher will not have an EVP */ |
+ if (!kdf->evp) return srtp_err_status_ok; |
+ |
+ octet_string_set_to_zero(key, length); |
+ |
+ /* |
+ * Invoke the OpenSSL SRTP KDF function |
+ * This is useful if OpenSSL is in FIPS mode and FIP |
+ * compliance is required for SRTP. |
+ */ |
+ ret = kdf_srtp(kdf->evp, (char *)&kdf->master_key, (char *)&kdf->master_salt, NULL, NULL, label, (char *)key); |
+ if (ret == -1) { |
+ return (srtp_err_status_algo_fail); |
+ } |
+ |
+ return srtp_err_status_ok; |
+} |
- return err_status_ok; |
+static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { |
+ memset(kdf->master_key, 0x0, MAX_SRTP_AESKEY_LEN); |
+ memset(kdf->master_salt, 0x0, MAX_SRTP_SALT_LEN); |
+ kdf->evp = NULL; |
+ |
+ return srtp_err_status_ok; |
} |
-err_status_t |
-srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, |
- uint8_t *key, unsigned int length) { |
+#else /* if OPENSSL_KDF */ |
+ |
+/* |
+ * srtp_kdf_t represents a key derivation function. The SRTP |
+ * default KDF is the only one implemented at present. |
+ */ |
+typedef struct { |
+ srtp_cipher_t *cipher; /* cipher used for key derivation */ |
+} srtp_kdf_t; |
+ |
+static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, srtp_cipher_type_id_t cipher_id, const uint8_t *key, int length) |
+{ |
+ srtp_err_status_t stat; |
+ stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, length, 0); |
+ if (stat) return stat; |
+ |
+ stat = srtp_cipher_init(kdf->cipher, key); |
+ if (stat) { |
+ srtp_cipher_dealloc(kdf->cipher); |
+ return stat; |
+ } |
+ return srtp_err_status_ok; |
+} |
- v128_t nonce; |
- err_status_t status; |
+static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, uint8_t *key, unsigned int length) |
+{ |
+ srtp_err_status_t status; |
+ v128_t nonce; |
- /* set eigth octet of nonce to <label>, set the rest of it to zero */ |
- v128_set_to_zero(&nonce); |
- nonce.v8[7] = label; |
+ /* set eigth octet of nonce to <label>, set the rest of it to zero */ |
+ v128_set_to_zero(&nonce); |
+ nonce.v8[7] = label; |
- status = cipher_set_iv(kdf->cipher, &nonce, direction_encrypt); |
- if (status) |
- return status; |
+ status = srtp_cipher_set_iv(kdf->cipher, (uint8_t*)&nonce, srtp_direction_encrypt); |
+ if (status) return status; |
- /* generate keystream output */ |
- octet_string_set_to_zero(key, length); |
- status = cipher_encrypt(kdf->cipher, key, &length); |
- if (status) |
- return status; |
+ /* generate keystream output */ |
+ octet_string_set_to_zero(key, length); |
+ status = srtp_cipher_encrypt(kdf->cipher, key, &length); |
+ if (status) return status; |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
-srtp_kdf_clear(srtp_kdf_t *kdf) { |
- err_status_t status; |
- status = cipher_dealloc(kdf->cipher); |
- if (status) |
- return status; |
- kdf->cipher = NULL; |
- |
- return err_status_ok; |
+static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { |
+ srtp_err_status_t status; |
+ status = srtp_cipher_dealloc(kdf->cipher); |
+ if (status) return status; |
+ kdf->cipher = NULL; |
+ return srtp_err_status_ok; |
} |
+#endif /* else OPENSSL_KDF */ |
/* |
* end of key derivation functions |
*/ |
-#define MAX_SRTP_KEY_LEN 256 |
/* Get the base key length corresponding to a given combined key+salt |
@@ -566,20 +638,20 @@ srtp_kdf_clear(srtp_kdf_t *kdf) { |
* Assumption is that for AES-ICM a key length < 30 is Ismacryp using |
* AES-128 and short salts; everything else uses a salt length of 14. |
* TODO: key and salt lengths should be separate fields in the policy. */ |
-static inline int base_key_length(const cipher_type_t *cipher, int key_length) |
+static inline int base_key_length(const srtp_cipher_type_t *cipher, int key_length) |
{ |
switch (cipher->id) { |
- case AES_128_ICM: |
- case AES_192_ICM: |
- case AES_256_ICM: |
+ case SRTP_AES_128_ICM: |
+ case SRTP_AES_192_ICM: |
+ case SRTP_AES_256_ICM: |
/* The legacy modes are derived from |
* the configured key length on the policy */ |
return key_length - 14; |
break; |
- case AES_128_GCM: |
+ case SRTP_AES_128_GCM: |
return 16; |
break; |
- case AES_256_GCM: |
+ case SRTP_AES_256_GCM: |
return 32; |
break; |
default: |
@@ -588,9 +660,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) |
} |
} |
-err_status_t |
+srtp_err_status_t |
srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
- err_status_t stat; |
+ srtp_err_status_t stat; |
srtp_kdf_t kdf; |
uint8_t tmp_key[MAX_SRTP_KEY_LEN]; |
int kdf_keylen = 30, rtp_keylen, rtcp_keylen; |
@@ -600,8 +672,8 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
/* If RTP or RTCP have a key length > AES-128, assume matching kdf. */ |
/* TODO: kdf algorithm, master key length, and master salt length should |
* be part of srtp_policy_t. */ |
- rtp_keylen = cipher_get_key_length(srtp->rtp_cipher); |
- rtcp_keylen = cipher_get_key_length(srtp->rtcp_cipher); |
+ rtp_keylen = srtp_cipher_get_key_length(srtp->rtp_cipher); |
+ rtcp_keylen = srtp_cipher_get_key_length(srtp->rtcp_cipher); |
rtp_base_key_len = base_key_length(srtp->rtp_cipher->type, rtp_keylen); |
rtp_salt_len = rtp_keylen - rtp_base_key_len; |
@@ -628,9 +700,13 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
memcpy(tmp_key, key, (rtp_base_key_len + rtp_salt_len)); |
/* initialize KDF state */ |
- stat = srtp_kdf_init(&kdf, AES_ICM, (const uint8_t *)tmp_key, kdf_keylen); |
+#if defined(OPENSSL) && defined(OPENSSL_KDF) |
+ stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, rtp_base_key_len, rtp_salt_len); |
+#else |
+ stat = srtp_kdf_init(&kdf, SRTP_AES_ICM, (const uint8_t *)tmp_key, kdf_keylen); |
+#endif |
if (stat) { |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
/* generate encryption key */ |
@@ -639,10 +715,10 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
debug_print(mod_srtp, "cipher key: %s", |
- octet_string_hex_string(tmp_key, rtp_base_key_len)); |
+ srtp_octet_string_hex_string(tmp_key, rtp_base_key_len)); |
/* |
* if the cipher in the srtp context uses a salt, then we need |
@@ -657,21 +733,21 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
memcpy(srtp->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN); |
} |
if (rtp_salt_len > 0) { |
debug_print(mod_srtp, "cipher salt: %s", |
- octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_salt_len)); |
+ srtp_octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_salt_len)); |
} |
/* initialize cipher */ |
- stat = cipher_init(srtp->rtp_cipher, tmp_key); |
+ stat = srtp_cipher_init(srtp->rtp_cipher, tmp_key); |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
if (srtp->rtp_xtn_hdr_cipher) { |
@@ -686,7 +762,7 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
/* With GCM ciphers, the header extensions are still encrypted using the corresponding ICM cipher. */ |
/* See https://tools.ietf.org/html/draft-ietf-avtcore-srtp-aes-gcm-17#section-8.3 */ |
uint8_t tmp_xtn_hdr_key[MAX_SRTP_KEY_LEN]; |
- rtp_xtn_hdr_keylen = cipher_get_key_length(srtp->rtp_xtn_hdr_cipher); |
+ rtp_xtn_hdr_keylen = srtp_cipher_get_key_length(srtp->rtp_xtn_hdr_cipher); |
rtp_xtn_hdr_base_key_len = base_key_length(srtp->rtp_xtn_hdr_cipher->type, rtp_xtn_hdr_keylen); |
rtp_xtn_hdr_salt_len = rtp_xtn_hdr_keylen - rtp_xtn_hdr_base_key_len; |
memset(tmp_xtn_hdr_key, 0x0, MAX_SRTP_KEY_LEN); |
@@ -694,10 +770,14 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
xtn_hdr_kdf = &tmp_kdf; |
/* initialize KDF state */ |
- stat = srtp_kdf_init(xtn_hdr_kdf, AES_ICM, (const uint8_t *)tmp_xtn_hdr_key, kdf_keylen); |
+#if defined(OPENSSL) && defined(OPENSSL_KDF) |
+ stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); |
+#else |
+ stat = srtp_kdf_init(xtn_hdr_kdf, SRTP_AES_ICM, (const uint8_t *)tmp_xtn_hdr_key, kdf_keylen); |
+#endif |
octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN); |
if (stat) { |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
} else { |
/* Reuse main KDF. */ |
@@ -712,10 +792,10 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
debug_print(mod_srtp, "extensions cipher key: %s", |
- octet_string_hex_string(tmp_key, rtp_xtn_hdr_base_key_len)); |
+ srtp_octet_string_hex_string(tmp_key, rtp_xtn_hdr_base_key_len)); |
/* |
* if the cipher in the srtp context uses a salt, then we need |
@@ -730,20 +810,20 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
} |
if (rtp_xtn_hdr_salt_len > 0) { |
debug_print(mod_srtp, "extensions cipher salt: %s", |
- octet_string_hex_string(tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len)); |
+ srtp_octet_string_hex_string(tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len)); |
} |
/* initialize extensions header cipher */ |
- stat = cipher_init(srtp->rtp_xtn_hdr_cipher, tmp_key); |
+ stat = srtp_cipher_init(srtp->rtp_xtn_hdr_cipher, tmp_key); |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
if (xtn_hdr_kdf != &kdf) { |
@@ -751,29 +831,29 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
stat = srtp_kdf_clear(xtn_hdr_kdf); |
if (stat) { |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
} |
} |
/* generate authentication key */ |
stat = srtp_kdf_generate(&kdf, label_rtp_msg_auth, |
- tmp_key, auth_get_key_length(srtp->rtp_auth)); |
+ tmp_key, srtp_auth_get_key_length(srtp->rtp_auth)); |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
debug_print(mod_srtp, "auth key: %s", |
- octet_string_hex_string(tmp_key, |
- auth_get_key_length(srtp->rtp_auth))); |
+ srtp_octet_string_hex_string(tmp_key, |
+ srtp_auth_get_key_length(srtp->rtp_auth))); |
/* initialize auth function */ |
- stat = auth_init(srtp->rtp_auth, tmp_key); |
+ stat = srtp_auth_init(srtp->rtp_auth, tmp_key); |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
/* |
@@ -790,7 +870,7 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
/* |
@@ -807,59 +887,59 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
memcpy(srtp->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN); |
} |
debug_print(mod_srtp, "rtcp cipher key: %s", |
- octet_string_hex_string(tmp_key, rtcp_base_key_len)); |
+ srtp_octet_string_hex_string(tmp_key, rtcp_base_key_len)); |
if (rtcp_salt_len > 0) { |
debug_print(mod_srtp, "rtcp cipher salt: %s", |
- octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_salt_len)); |
+ srtp_octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_salt_len)); |
} |
/* initialize cipher */ |
- stat = cipher_init(srtp->rtcp_cipher, tmp_key); |
+ stat = srtp_cipher_init(srtp->rtcp_cipher, tmp_key); |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
/* generate authentication key */ |
stat = srtp_kdf_generate(&kdf, label_rtcp_msg_auth, |
- tmp_key, auth_get_key_length(srtp->rtcp_auth)); |
+ tmp_key, srtp_auth_get_key_length(srtp->rtcp_auth)); |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
debug_print(mod_srtp, "rtcp auth key: %s", |
- octet_string_hex_string(tmp_key, |
- auth_get_key_length(srtp->rtcp_auth))); |
+ srtp_octet_string_hex_string(tmp_key, |
+ srtp_auth_get_key_length(srtp->rtcp_auth))); |
/* initialize auth function */ |
- stat = auth_init(srtp->rtcp_auth, tmp_key); |
+ stat = srtp_auth_init(srtp->rtcp_auth, tmp_key); |
if (stat) { |
/* zeroize temp buffer */ |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
} |
/* clear memory then return */ |
stat = srtp_kdf_clear(&kdf); |
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); |
if (stat) |
- return err_status_init_fail; |
+ return srtp_err_status_init_fail; |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
+srtp_err_status_t |
srtp_stream_init(srtp_stream_ctx_t *srtp, |
const srtp_policy_t *p) { |
- err_status_t err; |
+ srtp_err_status_t err; |
debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)", |
p->ssrc.value); |
@@ -870,12 +950,12 @@ srtp_stream_init(srtp_stream_ctx_t *srtp, |
* calculated. Let a window size of 0 imply the default value. */ |
if (p->window_size != 0 && (p->window_size < 64 || p->window_size >= 0x8000)) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
if (p->window_size != 0) |
- err = rdbx_init(&srtp->rtp_rdbx, p->window_size); |
+ err = srtp_rdbx_init(&srtp->rtp_rdbx, p->window_size); |
else |
- err = rdbx_init(&srtp->rtp_rdbx, 128); |
+ err = srtp_rdbx_init(&srtp->rtp_rdbx, 128); |
if (err) return err; |
/* initialize key limit to maximum value */ |
@@ -883,10 +963,10 @@ srtp_stream_init(srtp_stream_ctx_t *srtp, |
{ |
uint64_t temp; |
temp = make64(UINT_MAX,UINT_MAX); |
- key_limit_set(srtp->limit, temp); |
+ srtp_key_limit_set(srtp->limit, temp); |
} |
#else |
- key_limit_set(srtp->limit, 0xffffffffffffLL); |
+ srtp_key_limit_set(srtp->limit, 0xffffffffffffLL); |
#endif |
/* set the SSRC value */ |
@@ -904,13 +984,13 @@ srtp_stream_init(srtp_stream_ctx_t *srtp, |
srtp->direction = dir_unknown; |
/* initialize SRTCP replay database */ |
- rdb_init(&srtp->rtcp_rdb); |
+ srtp_rdb_init(&srtp->rtcp_rdb); |
/* initialize allow_repeat_tx */ |
/* guard against uninitialized memory: allow only 0 or 1 here */ |
if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) { |
- rdbx_dealloc(&srtp->rtp_rdbx); |
- return err_status_bad_param; |
+ srtp_rdbx_dealloc(&srtp->rtp_rdbx); |
+ return srtp_err_status_bad_param; |
} |
srtp->allow_repeat_tx = p->allow_repeat_tx; |
@@ -919,7 +999,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp, |
/* initialize keys */ |
err = srtp_stream_init_keys(srtp, p->key); |
if (err) { |
- rdbx_dealloc(&srtp->rtp_rdbx); |
+ srtp_rdbx_dealloc(&srtp->rtp_rdbx); |
return err; |
} |
@@ -927,13 +1007,13 @@ srtp_stream_init(srtp_stream_ctx_t *srtp, |
* if EKT is in use, then initialize the EKT data associated with |
* the stream |
*/ |
- err = ekt_stream_init_from_policy(srtp->ekt, p->ekt); |
+ err = srtp_ekt_stream_init_from_policy(srtp->ekt, p->ekt); |
if (err) { |
- rdbx_dealloc(&srtp->rtp_rdbx); |
+ srtp_rdbx_dealloc(&srtp->rtp_rdbx); |
return err; |
} |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
@@ -945,24 +1025,24 @@ srtp_stream_init(srtp_stream_ctx_t *srtp, |
void |
srtp_event_reporter(srtp_event_data_t *data) { |
- err_report(err_level_warning, "srtp: in stream 0x%x: ", |
+ srtp_err_report(srtp_err_level_warning, "srtp: in stream 0x%x: ", |
data->stream->ssrc); |
switch(data->event) { |
case event_ssrc_collision: |
- err_report(err_level_warning, "\tSSRC collision\n"); |
+ srtp_err_report(srtp_err_level_warning, "\tSSRC collision\n"); |
break; |
case event_key_soft_limit: |
- err_report(err_level_warning, "\tkey usage soft limit reached\n"); |
+ srtp_err_report(srtp_err_level_warning, "\tkey usage soft limit reached\n"); |
break; |
case event_key_hard_limit: |
- err_report(err_level_warning, "\tkey usage hard limit reached\n"); |
+ srtp_err_report(srtp_err_level_warning, "\tkey usage hard limit reached\n"); |
break; |
case event_packet_index_limit: |
- err_report(err_level_warning, "\tpacket index limit reached\n"); |
+ srtp_err_report(srtp_err_level_warning, "\tpacket index limit reached\n"); |
break; |
default: |
- err_report(err_level_warning, "\tunknown event reported to handler\n"); |
+ srtp_err_report(srtp_err_level_warning, "\tunknown event reported to handler\n"); |
} |
} |
@@ -978,7 +1058,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp, |
static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter; |
- err_status_t |
+ srtp_err_status_t |
srtp_install_event_handler(srtp_event_handler_func_t func) { |
/* |
@@ -989,7 +1069,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp, |
/* set global event handling function */ |
srtp_event_handler = func; |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
@@ -1019,11 +1099,11 @@ srtp_protect_extension_header(srtp_stream_ctx_t *stream, int id) { |
/* |
-+ * extensions header encryption RFC 6904 |
+ * extensions header encryption RFC 6904 |
*/ |
-static err_status_t |
+static srtp_err_status_t |
srtp_process_header_encryption(srtp_stream_ctx_t *stream, srtp_hdr_xtnd_t *xtn_hdr) { |
- err_status_t status; |
+ srtp_err_status_t status; |
uint8_t keystream[257]; /* Maximum 2 bytes header + 255 bytes data. */ |
int keystream_pos; |
uint8_t* xtn_hdr_data = ((uint8_t *)xtn_hdr) + octets_in_rtp_extn_hdr; |
@@ -1038,16 +1118,16 @@ srtp_process_header_encryption(srtp_stream_ctx_t *stream, srtp_hdr_xtnd_t *xtn_h |
xtn_hdr_data++; |
if (xtn_hdr_data + xlen > xtn_hdr_end) |
- return err_status_parse_err; |
+ return srtp_err_status_parse_err; |
if (xid == 15) { |
/* found header 15, stop further processing. */ |
break; |
} |
- status = cipher_output(stream->rtp_xtn_hdr_cipher, keystream, xlen_with_header); |
+ status = srtp_cipher_output(stream->rtp_xtn_hdr_cipher, keystream, &xlen_with_header); |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
if (srtp_protect_extension_header(stream, xid)) { |
keystream_pos = 1; |
@@ -1074,11 +1154,11 @@ srtp_process_header_encryption(srtp_stream_ctx_t *stream, srtp_hdr_xtnd_t *xtn_h |
xtn_hdr_data += 2; |
if (xtn_hdr_data + xlen > xtn_hdr_end) |
- return err_status_parse_err; |
+ return srtp_err_status_parse_err; |
- status = cipher_output(stream->rtp_xtn_hdr_cipher, keystream, xlen_with_header); |
+ status = srtp_cipher_output(stream->rtp_xtn_hdr_cipher, keystream, &xlen_with_header); |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
if (xlen > 0 && srtp_protect_extension_header(stream, xid)) { |
keystream_pos = 2; |
@@ -1098,10 +1178,10 @@ srtp_process_header_encryption(srtp_stream_ctx_t *stream, srtp_hdr_xtnd_t *xtn_h |
} |
} else { |
/* unsupported extension header format. */ |
- return err_status_parse_err; |
+ return srtp_err_status_parse_err; |
} |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
@@ -1134,7 +1214,7 @@ srtp_process_header_encryption(srtp_stream_ctx_t *stream, srtp_hdr_xtnd_t *xtn_h |
* |
*/ |
static void srtp_calc_aead_iv(srtp_stream_ctx_t *stream, v128_t *iv, |
- xtd_seq_num_t *seq, srtp_hdr_t *hdr) |
+ srtp_xtd_seq_num_t *seq, srtp_hdr_t *hdr) |
{ |
v128_t in; |
v128_t salt; |
@@ -1179,17 +1259,17 @@ static void srtp_calc_aead_iv(srtp_stream_ctx_t *stream, v128_t *iv, |
* which currently supports AES-GCM encryption. All packets are |
* encrypted and authenticated. |
*/ |
-static err_status_t |
+static srtp_err_status_t |
srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, |
void *rtp_hdr, unsigned int *pkt_octet_len) |
{ |
srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr; |
uint32_t *enc_start; /* pointer to start of encrypted portion */ |
- unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ |
- xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ |
+ int enc_octet_len = 0; /* number of octets in encrypted portion */ |
+ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ |
int delta; /* delta of local pkt idx and that in hdr */ |
- err_status_t status; |
- int tag_len; |
+ srtp_err_status_t status; |
+ uint32_t tag_len; |
v128_t iv; |
unsigned int aad_len; |
srtp_hdr_xtnd_t *xtn_hdr = NULL; |
@@ -1201,20 +1281,20 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, |
* didn't just hit either the soft limit or the hard limit, and call |
* the event handler if we hit either. |
*/ |
- switch (key_limit_update(stream->limit)) { |
- case key_event_normal: |
+ switch (srtp_key_limit_update(stream->limit)) { |
+ case srtp_key_event_normal: |
break; |
- case key_event_hard_limit: |
+ case srtp_key_event_hard_limit: |
srtp_handle_event(ctx, stream, event_key_hard_limit); |
- return err_status_key_expired; |
- case key_event_soft_limit: |
+ return srtp_err_status_key_expired; |
+ case srtp_key_event_soft_limit: |
default: |
srtp_handle_event(ctx, stream, event_key_soft_limit); |
break; |
} |
/* get tag length from stream */ |
- tag_len = auth_get_tag_length(stream->rtp_auth); |
+ tag_len = srtp_auth_get_tag_length(stream->rtp_auth); |
/* |
* find starting point for encryption and length of data to be |
@@ -1227,23 +1307,25 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, |
xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; |
enc_start += (ntohs(xtn_hdr->length) + 1); |
} |
+ /* note: the passed size is without the auth tag */ |
if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) |
- return err_status_parse_err; |
- enc_octet_len = (unsigned int)(*pkt_octet_len - |
+ return srtp_err_status_parse_err; |
+ enc_octet_len = (int)(*pkt_octet_len - |
((uint8_t*)enc_start - (uint8_t*)hdr)); |
+ if (enc_octet_len < 0) return srtp_err_status_parse_err; |
/* |
* estimate the packet index using the start of the replay window |
* and the sequence number from the header |
*/ |
- delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); |
- status = rdbx_check(&stream->rtp_rdbx, delta); |
+ delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); |
+ status = srtp_rdbx_check(&stream->rtp_rdbx, delta); |
if (status) { |
- if (status != err_status_replay_fail || !stream->allow_repeat_tx) { |
+ if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) { |
return status; /* we've been asked to reuse an index */ |
} |
} else { |
- rdbx_add_index(&stream->rtp_rdbx, delta); |
+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta); |
} |
#ifdef NO_64BIT_MATH |
@@ -1257,7 +1339,6 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, |
* AEAD uses a new IV formation method |
*/ |
srtp_calc_aead_iv(stream, &iv, &est, hdr); |
- |
/* shift est, put into network byte order */ |
#ifdef NO_64BIT_MATH |
est = be64_to_cpu(make64((high32(est) << 16) | |
@@ -1267,15 +1348,15 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, |
est = be64_to_cpu(est << 16); |
#endif |
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); |
if (!status && stream->rtp_xtn_hdr_cipher) { |
iv.v32[0] = 0; |
iv.v32[1] = hdr->ssrc; |
iv.v64[1] = est; |
- status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, direction_encrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); |
} |
if (status) { |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
if (xtn_hdr && stream->rtp_xtn_hdr_cipher) { |
@@ -1292,32 +1373,31 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, |
* Set the AAD over the RTP header |
*/ |
aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; |
- status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len); |
+ status = srtp_cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
/* Encrypt the payload */ |
- status = cipher_encrypt(stream->rtp_cipher, |
- (uint8_t*)enc_start, &enc_octet_len); |
+ status = srtp_cipher_encrypt(stream->rtp_cipher, |
+ (uint8_t*)enc_start, (unsigned int *)&enc_octet_len); |
if (status) { |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* |
* If we're doing GCM, we need to get the tag |
* and append that to the output |
*/ |
- status = cipher_get_tag(stream->rtp_cipher, |
+ status = srtp_cipher_get_tag(stream->rtp_cipher, |
(uint8_t*)enc_start+enc_octet_len, &tag_len); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
- enc_octet_len += tag_len; |
/* increase the packet length by the length of the auth tag */ |
*pkt_octet_len += tag_len; |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
@@ -1328,15 +1408,15 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, |
* of the packet stream and is automatically checked by GCM |
* when decrypting the payload. |
*/ |
-static err_status_t |
+static srtp_err_status_t |
srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
- xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len) |
+ srtp_xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len) |
{ |
srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr; |
uint32_t *enc_start; /* pointer to start of encrypted portion */ |
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ |
v128_t iv; |
- err_status_t status; |
+ srtp_err_status_t status; |
int tag_len; |
unsigned int aad_len; |
srtp_hdr_xtnd_t *xtn_hdr = NULL; |
@@ -1350,15 +1430,26 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
#endif |
/* get tag length from stream */ |
- tag_len = auth_get_tag_length(stream->rtp_auth); |
+ tag_len = srtp_auth_get_tag_length(stream->rtp_auth); |
/* |
* AEAD uses a new IV formation method |
*/ |
srtp_calc_aead_iv(stream, &iv, &est, hdr); |
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); |
+ if (!status && stream->rtp_xtn_hdr_cipher) { |
+ iv.v32[0] = 0; |
+ iv.v32[1] = hdr->ssrc; |
+#ifdef NO_64BIT_MATH |
+ iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), |
+ low32(est) << 16)); |
+#else |
+ iv.v64[1] = be64_to_cpu(est << 16); |
+#endif |
+ status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); |
+ } |
if (status) { |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* |
@@ -1373,7 +1464,7 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
enc_start += (ntohs(xtn_hdr->length) + 1); |
} |
if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len))) |
- return err_status_parse_err; |
+ return srtp_err_status_parse_err; |
/* |
* We pass the tag down to the cipher when doing GCM mode |
*/ |
@@ -1386,7 +1477,7 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
* as the tag length. |
*/ |
if (enc_octet_len < (unsigned int) tag_len) { |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* |
@@ -1394,15 +1485,15 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
* didn't just hit either the soft limit or the hard limit, and call |
* the event handler if we hit either. |
*/ |
- switch (key_limit_update(stream->limit)) { |
- case key_event_normal: |
+ switch (srtp_key_limit_update(stream->limit)) { |
+ case srtp_key_event_normal: |
break; |
- case key_event_soft_limit: |
+ case srtp_key_event_soft_limit: |
srtp_handle_event(ctx, stream, event_key_soft_limit); |
break; |
- case key_event_hard_limit: |
+ case srtp_key_event_hard_limit: |
srtp_handle_event(ctx, stream, event_key_hard_limit); |
- return err_status_key_expired; |
+ return srtp_err_status_key_expired; |
default: |
break; |
} |
@@ -1411,26 +1502,14 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
* Set the AAD for AES-GCM, which is the RTP header |
*/ |
aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; |
- status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len); |
- if (!status && stream->rtp_xtn_hdr_cipher) { |
- iv.v32[0] = 0; |
- iv.v32[1] = hdr->ssrc; |
-#ifdef NO_64BIT_MATH |
- iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), |
- low32(est) << 16)); |
-#else |
- iv.v64[1] = be64_to_cpu(est << 16); |
-#endif |
- status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, direction_encrypt); |
- } |
+ status = srtp_cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
- /* Decrypt the ciphertext. This also checks the auth tag based |
+ /* Decrypt the ciphertext. This also checks the auth tag based |
* on the AAD we just specified above */ |
- status = cipher_decrypt(stream->rtp_cipher, |
- (uint8_t*)enc_start, &enc_octet_len); |
+ status = srtp_cipher_decrypt(stream->rtp_cipher, (uint8_t*)enc_start, &enc_octet_len); |
if (status) { |
return status; |
} |
@@ -1495,30 +1574,28 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
* the message authentication function passed, so add the packet |
* index into the replay database |
*/ |
- rdbx_add_index(&stream->rtp_rdbx, delta); |
+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta); |
/* decrease the packet length by the length of the auth tag */ |
*pkt_octet_len -= tag_len; |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
- |
- |
- err_status_t |
+ srtp_err_status_t |
srtp_protect(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len) { |
srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; |
uint32_t *enc_start; /* pointer to start of encrypted portion */ |
uint32_t *auth_start; /* pointer to start of auth. portion */ |
- unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ |
- xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ |
+ int enc_octet_len = 0; /* number of octets in encrypted portion */ |
+ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ |
int delta; /* delta of local pkt idx and that in hdr */ |
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
- err_status_t status; |
+ srtp_err_status_t status; |
int tag_len; |
srtp_stream_ctx_t *stream; |
- int prefix_len; |
+ uint32_t prefix_len; |
srtp_hdr_xtnd_t *xtn_hdr = NULL; |
debug_print(mod_srtp, "function srtp_protect", NULL); |
@@ -1532,7 +1609,7 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
/* check the packet length - it must at least contain a full header */ |
if (*pkt_octet_len < octets_in_rtp_header) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
/* |
* look up ssrc in srtp_stream list, and process the packet with |
@@ -1563,7 +1640,7 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
stream = new_stream; |
} else { |
/* no template stream, so we return an error */ |
- return err_status_no_ctx; |
+ return srtp_err_status_no_ctx; |
} |
} |
@@ -1585,8 +1662,8 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
* Check if this is an AEAD stream (GCM mode). If so, then dispatch |
* the request to our AEAD handler. |
*/ |
- if (stream->rtp_cipher->algorithm == AES_128_GCM || |
- stream->rtp_cipher->algorithm == AES_256_GCM) { |
+ if (stream->rtp_cipher->algorithm == SRTP_AES_128_GCM || |
+ stream->rtp_cipher->algorithm == SRTP_AES_256_GCM) { |
return srtp_protect_aead(ctx, stream, rtp_hdr, (unsigned int*)pkt_octet_len); |
} |
@@ -1595,21 +1672,21 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
* didn't just hit either the soft limit or the hard limit, and call |
* the event handler if we hit either. |
*/ |
- switch(key_limit_update(stream->limit)) { |
- case key_event_normal: |
+ switch(srtp_key_limit_update(stream->limit)) { |
+ case srtp_key_event_normal: |
break; |
- case key_event_soft_limit: |
+ case srtp_key_event_soft_limit: |
srtp_handle_event(ctx, stream, event_key_soft_limit); |
break; |
- case key_event_hard_limit: |
+ case srtp_key_event_hard_limit: |
srtp_handle_event(ctx, stream, event_key_hard_limit); |
- return err_status_key_expired; |
+ return srtp_err_status_key_expired; |
default: |
break; |
} |
/* get tag length from stream */ |
- tag_len = auth_get_tag_length(stream->rtp_auth); |
+ tag_len = srtp_auth_get_tag_length(stream->rtp_auth); |
/* |
* find starting point for encryption and length of data to be |
@@ -1625,10 +1702,12 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; |
enc_start += (ntohs(xtn_hdr->length) + 1); |
} |
+ /* note: the passed size is without the auth tag */ |
if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) |
- return err_status_parse_err; |
- enc_octet_len = (unsigned int)(*pkt_octet_len - |
+ return srtp_err_status_parse_err; |
+ enc_octet_len = (int)(*pkt_octet_len - |
((uint8_t*)enc_start - (uint8_t*)hdr)); |
+ if (enc_octet_len < 0) return srtp_err_status_parse_err; |
} else { |
enc_start = NULL; |
} |
@@ -1650,14 +1729,14 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
* estimate the packet index using the start of the replay window |
* and the sequence number from the header |
*/ |
- delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); |
- status = rdbx_check(&stream->rtp_rdbx, delta); |
+ delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); |
+ status = srtp_rdbx_check(&stream->rtp_rdbx, delta); |
if (status) { |
- if (status != err_status_replay_fail || !stream->allow_repeat_tx) |
+ if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) |
return status; /* we've been asked to reuse an index */ |
} |
else |
- rdbx_add_index(&stream->rtp_rdbx, delta); |
+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta); |
#ifdef NO_64BIT_MATH |
debug_print2(mod_srtp, "estimated packet index: %08x%08x", |
@@ -1669,8 +1748,8 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
/* |
* if we're using rindael counter mode, set nonce and seq |
*/ |
- if (stream->rtp_cipher->type->id == AES_ICM || |
- stream->rtp_cipher->type->id == AES_256_ICM) { |
+ if (stream->rtp_cipher->type->id == SRTP_AES_ICM || |
+ stream->rtp_cipher->type->id == SRTP_AES_256_ICM) { |
v128_t iv; |
iv.v32[0] = 0; |
@@ -1681,9 +1760,9 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
#else |
iv.v64[1] = be64_to_cpu(est << 16); |
#endif |
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); |
if (!status && stream->rtp_xtn_hdr_cipher) { |
- status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, direction_encrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); |
} |
} else { |
v128_t iv; |
@@ -1696,13 +1775,13 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
iv.v64[0] = 0; |
#endif |
iv.v64[1] = be64_to_cpu(est); |
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); |
if (!status && stream->rtp_xtn_hdr_cipher) { |
- status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, direction_encrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); |
} |
} |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
/* shift est, put into network byte order */ |
#ifdef NO_64BIT_MATH |
@@ -1719,13 +1798,13 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
*/ |
if (auth_start) { |
- prefix_len = auth_get_prefix_length(stream->rtp_auth); |
+ prefix_len = srtp_auth_get_prefix_length(stream->rtp_auth); |
if (prefix_len) { |
- status = cipher_output(stream->rtp_cipher, auth_tag, prefix_len); |
+ status = srtp_cipher_output(stream->rtp_cipher, auth_tag, &prefix_len); |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
debug_print(mod_srtp, "keystream prefix: %s", |
- octet_string_hex_string(auth_tag, prefix_len)); |
+ srtp_octet_string_hex_string(auth_tag, prefix_len)); |
} |
} |
@@ -1741,10 +1820,10 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
/* if we're encrypting, exor keystream into the message */ |
if (enc_start) { |
- status = cipher_encrypt(stream->rtp_cipher, |
- (uint8_t *)enc_start, &enc_octet_len); |
+ status = srtp_cipher_encrypt(stream->rtp_cipher, |
+ (uint8_t *)enc_start, (unsigned int *)&enc_octet_len); |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* |
@@ -1754,21 +1833,21 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
if (auth_start) { |
/* initialize auth func context */ |
- status = auth_start(stream->rtp_auth); |
+ status = srtp_auth_start(stream->rtp_auth); |
if (status) return status; |
/* run auth func over packet */ |
- status = auth_update(stream->rtp_auth, |
+ status = srtp_auth_update(stream->rtp_auth, |
(uint8_t *)auth_start, *pkt_octet_len); |
if (status) return status; |
/* run auth func over ROC, put result into auth_tag */ |
debug_print(mod_srtp, "estimated packet index: %016llx", est); |
- status = auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, auth_tag); |
+ status = srtp_auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, auth_tag); |
debug_print(mod_srtp, "srtp auth tag: %s", |
- octet_string_hex_string(auth_tag, tag_len)); |
+ srtp_octet_string_hex_string(auth_tag, tag_len)); |
if (status) |
- return err_status_auth_fail; |
+ return srtp_err_status_auth_fail; |
} |
@@ -1778,24 +1857,24 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, |
*pkt_octet_len += tag_len; |
} |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
+srtp_err_status_t |
srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr; |
uint32_t *enc_start; /* pointer to start of encrypted portion */ |
uint32_t *auth_start; /* pointer to start of auth. portion */ |
unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ |
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
- xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ |
+ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ |
int delta; /* delta of local pkt idx and that in hdr */ |
v128_t iv; |
- err_status_t status; |
+ srtp_err_status_t status; |
srtp_stream_ctx_t *stream; |
uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; |
- int tag_len, prefix_len; |
+ uint32_t tag_len, prefix_len; |
srtp_hdr_xtnd_t *xtn_hdr = NULL; |
debug_print(mod_srtp, "function srtp_unprotect", NULL); |
@@ -1809,7 +1888,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
/* check the packet length - it must at least contain a full header */ |
if (*pkt_octet_len < octets_in_rtp_header) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
/* |
* look up ssrc in srtp_stream list, and process the packet with |
@@ -1823,17 +1902,17 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
if (ctx->stream_template != NULL) { |
stream = ctx->stream_template; |
debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)", |
- hdr->ssrc); |
+ ntohl(hdr->ssrc)); |
/* |
* set estimated packet index to sequence number from header, |
* and set delta equal to the same value |
*/ |
#ifdef NO_64BIT_MATH |
- est = (xtd_seq_num_t) make64(0,ntohs(hdr->seq)); |
+ est = (srtp_xtd_seq_num_t) make64(0,ntohs(hdr->seq)); |
delta = low32(est); |
#else |
- est = (xtd_seq_num_t) ntohs(hdr->seq); |
+ est = (srtp_xtd_seq_num_t) ntohs(hdr->seq); |
delta = (int)est; |
#endif |
} else { |
@@ -1842,15 +1921,15 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
* no stream corresponding to SSRC found, and we don't do |
* key-sharing, so return an error |
*/ |
- return err_status_no_ctx; |
+ return srtp_err_status_no_ctx; |
} |
} else { |
/* estimate packet index from seq. num. in header */ |
- delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); |
+ delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); |
/* check replay database */ |
- status = rdbx_check(&stream->rtp_rdbx, delta); |
+ status = srtp_rdbx_check(&stream->rtp_rdbx, delta); |
if (status) |
return status; |
} |
@@ -1865,20 +1944,20 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
* Check if this is an AEAD stream (GCM mode). If so, then dispatch |
* the request to our AEAD handler. |
*/ |
- if (stream->rtp_cipher->algorithm == AES_128_GCM || |
- stream->rtp_cipher->algorithm == AES_256_GCM) { |
+ if (stream->rtp_cipher->algorithm == SRTP_AES_128_GCM || |
+ stream->rtp_cipher->algorithm == SRTP_AES_256_GCM) { |
return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, (unsigned int*)pkt_octet_len); |
} |
/* get tag length from stream */ |
- tag_len = auth_get_tag_length(stream->rtp_auth); |
+ tag_len = srtp_auth_get_tag_length(stream->rtp_auth); |
/* |
* set the cipher's IV properly, depending on whatever cipher we |
* happen to be using |
*/ |
- if (stream->rtp_cipher->type->id == AES_ICM || |
- stream->rtp_cipher->type->id == AES_256_ICM) { |
+ if (stream->rtp_cipher->type->id == SRTP_AES_ICM || |
+ stream->rtp_cipher->type->id == SRTP_AES_256_ICM) { |
/* aes counter mode */ |
iv.v32[0] = 0; |
@@ -1889,9 +1968,9 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
#else |
iv.v64[1] = be64_to_cpu(est << 16); |
#endif |
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); |
if (!status && stream->rtp_xtn_hdr_cipher) { |
- status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, direction_decrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_decrypt); |
} |
} else { |
@@ -1903,13 +1982,13 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
iv.v64[0] = 0; |
#endif |
iv.v64[1] = be64_to_cpu(est); |
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); |
if (!status && stream->rtp_xtn_hdr_cipher) { |
- status = cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, direction_decrypt); |
+ status = srtp_cipher_set_iv(stream->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_decrypt); |
} |
} |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
/* shift est, put into network byte order */ |
#ifdef NO_64BIT_MATH |
@@ -1935,7 +2014,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
enc_start += (ntohs(xtn_hdr->length) + 1); |
} |
if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len))) |
- return err_status_parse_err; |
+ return srtp_err_status_parse_err; |
enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - |
((uint8_t*)enc_start - (uint8_t*)hdr)); |
} else { |
@@ -1970,34 +2049,34 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
*/ |
if (stream->rtp_auth->prefix_len != 0) { |
- prefix_len = auth_get_prefix_length(stream->rtp_auth); |
- status = cipher_output(stream->rtp_cipher, tmp_tag, prefix_len); |
+ prefix_len = srtp_auth_get_prefix_length(stream->rtp_auth); |
+ status = srtp_cipher_output(stream->rtp_cipher, tmp_tag, &prefix_len); |
debug_print(mod_srtp, "keystream prefix: %s", |
- octet_string_hex_string(tmp_tag, prefix_len)); |
+ srtp_octet_string_hex_string(tmp_tag, prefix_len)); |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* initialize auth func context */ |
- status = auth_start(stream->rtp_auth); |
+ status = srtp_auth_start(stream->rtp_auth); |
if (status) return status; |
/* now compute auth function over packet */ |
- status = auth_update(stream->rtp_auth, (uint8_t *)auth_start, |
+ status = srtp_auth_update(stream->rtp_auth, (uint8_t *)auth_start, |
*pkt_octet_len - tag_len); |
/* run auth func over ROC, then write tmp tag */ |
- status = auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, tmp_tag); |
+ status = srtp_auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, tmp_tag); |
debug_print(mod_srtp, "computed auth tag: %s", |
- octet_string_hex_string(tmp_tag, tag_len)); |
+ srtp_octet_string_hex_string(tmp_tag, tag_len)); |
debug_print(mod_srtp, "packet auth tag: %s", |
- octet_string_hex_string(auth_tag, tag_len)); |
+ srtp_octet_string_hex_string(auth_tag, tag_len)); |
if (status) |
- return err_status_auth_fail; |
+ return srtp_err_status_auth_fail; |
if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) |
- return err_status_auth_fail; |
+ return srtp_err_status_auth_fail; |
} |
/* |
@@ -2005,15 +2084,15 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
* didn't just hit either the soft limit or the hard limit, and call |
* the event handler if we hit either. |
*/ |
- switch(key_limit_update(stream->limit)) { |
- case key_event_normal: |
+ switch(srtp_key_limit_update(stream->limit)) { |
+ case srtp_key_event_normal: |
break; |
- case key_event_soft_limit: |
+ case srtp_key_event_soft_limit: |
srtp_handle_event(ctx, stream, event_key_soft_limit); |
break; |
- case key_event_hard_limit: |
+ case srtp_key_event_hard_limit: |
srtp_handle_event(ctx, stream, event_key_hard_limit); |
- return err_status_key_expired; |
+ return srtp_err_status_key_expired; |
default: |
break; |
} |
@@ -2030,10 +2109,9 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
/* if we're decrypting, add keystream into ciphertext */ |
if (enc_start) { |
- status = cipher_decrypt(stream->rtp_cipher, |
- (uint8_t *)enc_start, &enc_octet_len); |
+ status = srtp_cipher_decrypt(stream->rtp_cipher, (uint8_t *)enc_start, &enc_octet_len); |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* |
@@ -2085,43 +2163,43 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { |
* the message authentication function passed, so add the packet |
* index into the replay database |
*/ |
- rdbx_add_index(&stream->rtp_rdbx, delta); |
+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta); |
/* decrease the packet length by the length of the auth tag */ |
*pkt_octet_len -= tag_len; |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
+srtp_err_status_t |
srtp_init() { |
- err_status_t status; |
+ srtp_err_status_t status; |
/* initialize crypto kernel */ |
- status = crypto_kernel_init(); |
+ status = srtp_crypto_kernel_init(); |
if (status) |
return status; |
/* load srtp debug module into the kernel */ |
- status = crypto_kernel_load_debug_module(&mod_srtp); |
+ status = srtp_crypto_kernel_load_debug_module(&mod_srtp); |
if (status) |
return status; |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
+srtp_err_status_t |
srtp_shutdown() { |
- err_status_t status; |
+ srtp_err_status_t status; |
/* shut down crypto kernel */ |
- status = crypto_kernel_shutdown(); |
+ status = srtp_crypto_kernel_shutdown(); |
if (status) |
return status; |
/* shutting down crypto kernel frees the srtp debug module as well */ |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
@@ -2139,7 +2217,7 @@ srtp_shutdown() { |
int |
srtp_get_trailer_length(const srtp_stream_t s) { |
- return auth_get_tag_length(s->rtp_auth); |
+ return srtp_auth_get_tag_length(s->rtp_auth); |
} |
#endif |
@@ -2167,10 +2245,10 @@ srtp_get_stream(srtp_t srtp, uint32_t ssrc) { |
return NULL; |
} |
-err_status_t |
+srtp_err_status_t |
srtp_dealloc(srtp_t session) { |
srtp_stream_ctx_t *stream; |
- err_status_t status; |
+ srtp_err_status_t status; |
/* |
* we take a conservative deallocation strategy - if we encounter an |
@@ -2182,7 +2260,7 @@ srtp_dealloc(srtp_t session) { |
stream = session->stream_list; |
while (stream != NULL) { |
srtp_stream_t next = stream->next; |
- status = srtp_stream_dealloc(session, stream); |
+ status = srtp_stream_dealloc(stream, session->stream_template); |
if (status) |
return status; |
stream = next; |
@@ -2190,41 +2268,27 @@ srtp_dealloc(srtp_t session) { |
/* deallocate stream template, if there is one */ |
if (session->stream_template != NULL) { |
- status = auth_dealloc(session->stream_template->rtcp_auth); |
- if (status) |
- return status; |
- status = cipher_dealloc(session->stream_template->rtcp_cipher); |
- if (status) |
- return status; |
- crypto_free(session->stream_template->limit); |
- status = cipher_dealloc(session->stream_template->rtp_cipher); |
- if (status) |
- return status; |
- status = auth_dealloc(session->stream_template->rtp_auth); |
- if (status) |
- return status; |
- status = rdbx_dealloc(&session->stream_template->rtp_rdbx); |
+ status = srtp_stream_dealloc(session->stream_template, NULL); |
if (status) |
return status; |
- crypto_free(session->stream_template); |
} |
/* deallocate session context */ |
- crypto_free(session); |
+ srtp_crypto_free(session); |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
+srtp_err_status_t |
srtp_add_stream(srtp_t session, |
const srtp_policy_t *policy) { |
- err_status_t status; |
+ srtp_err_status_t status; |
srtp_stream_t tmp; |
/* sanity check arguments */ |
if ((session == NULL) || (policy == NULL) || (policy->key == NULL)) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
/* allocate stream */ |
status = srtp_stream_alloc(&tmp, policy); |
@@ -2235,7 +2299,7 @@ srtp_add_stream(srtp_t session, |
/* initialize stream */ |
status = srtp_stream_init(tmp, policy); |
if (status) { |
- crypto_free(tmp); |
+ srtp_crypto_free(tmp); |
return status; |
} |
@@ -2250,14 +2314,14 @@ srtp_add_stream(srtp_t session, |
switch (policy->ssrc.type) { |
case (ssrc_any_outbound): |
if (session->stream_template) { |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
} |
session->stream_template = tmp; |
session->stream_template->direction = dir_srtp_sender; |
break; |
case (ssrc_any_inbound): |
if (session->stream_template) { |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
} |
session->stream_template = tmp; |
session->stream_template->direction = dir_srtp_receiver; |
@@ -2268,28 +2332,28 @@ srtp_add_stream(srtp_t session, |
break; |
case (ssrc_undefined): |
default: |
- crypto_free(tmp); |
- return err_status_bad_param; |
+ srtp_crypto_free(tmp); |
+ return srtp_err_status_bad_param; |
} |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
+srtp_err_status_t |
srtp_create(srtp_t *session, /* handle for session */ |
const srtp_policy_t *policy) { /* SRTP policy (list) */ |
- err_status_t stat; |
+ srtp_err_status_t stat; |
srtp_ctx_t *ctx; |
/* sanity check arguments */ |
if (session == NULL) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
/* allocate srtp context and set ctx_ptr */ |
- ctx = (srtp_ctx_t *) crypto_alloc(sizeof(srtp_ctx_t)); |
+ ctx = (srtp_ctx_t *) srtp_crypto_alloc(sizeof(srtp_ctx_t)); |
if (ctx == NULL) |
- return err_status_alloc_fail; |
+ return srtp_err_status_alloc_fail; |
*session = ctx; |
/* |
@@ -2305,6 +2369,7 @@ srtp_create(srtp_t *session, /* handle for session */ |
if (stat) { |
/* clean up everything */ |
srtp_dealloc(*session); |
+ *session = NULL; |
return stat; |
} |
@@ -2312,18 +2377,18 @@ srtp_create(srtp_t *session, /* handle for session */ |
policy = policy->next; |
} |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
+srtp_err_status_t |
srtp_remove_stream(srtp_t session, uint32_t ssrc) { |
srtp_stream_ctx_t *stream, *last_stream; |
- err_status_t status; |
+ srtp_err_status_t status; |
/* sanity check arguments */ |
if (session == NULL) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
/* find stream in list; complain if not found */ |
last_stream = stream = session->stream_list; |
@@ -2332,7 +2397,7 @@ srtp_remove_stream(srtp_t session, uint32_t ssrc) { |
stream = stream->next; |
} |
if (stream == NULL) |
- return err_status_no_ctx; |
+ return srtp_err_status_no_ctx; |
/* remove stream from the list */ |
if (last_stream == stream) |
@@ -2342,11 +2407,192 @@ srtp_remove_stream(srtp_t session, uint32_t ssrc) { |
last_stream->next = stream->next; |
/* deallocate the stream */ |
- status = srtp_stream_dealloc(session, stream); |
+ status = srtp_stream_dealloc(stream, session->stream_template); |
if (status) |
return status; |
- return err_status_ok; |
+ return srtp_err_status_ok; |
+} |
+ |
+ |
+srtp_err_status_t |
+srtp_update(srtp_t session, const srtp_policy_t *policy) { |
+ srtp_err_status_t stat; |
+ |
+ /* sanity check arguments */ |
+ if ((session == NULL) || (policy == NULL) || (policy->key == NULL)) { |
+ return srtp_err_status_bad_param; |
+ } |
+ |
+ while (policy != NULL) { |
+ stat = srtp_update_stream(session, policy); |
+ if (stat) { |
+ return stat; |
+ } |
+ |
+ /* set policy to next item in list */ |
+ policy = policy->next; |
+ } |
+ return srtp_err_status_ok; |
+} |
+ |
+ |
+static srtp_err_status_t |
+update_template_streams(srtp_t session, const srtp_policy_t *policy) { |
+ srtp_err_status_t status; |
+ srtp_stream_t new_stream_template; |
+ srtp_stream_t new_stream_list = NULL; |
+ |
+ if (session->stream_template == NULL) { |
+ return srtp_err_status_bad_param; |
+ } |
+ |
+ /* allocate new template stream */ |
+ status = srtp_stream_alloc(&new_stream_template, policy); |
+ if (status) { |
+ return status; |
+ } |
+ |
+ /* initialize new template stream */ |
+ status = srtp_stream_init(new_stream_template, policy); |
+ if (status) { |
+ srtp_crypto_free(new_stream_template); |
+ return status; |
+ } |
+ |
+ /* for all old templated streams */ |
+ for (;;) { |
+ srtp_stream_t stream; |
+ uint32_t ssrc; |
+ srtp_xtd_seq_num_t old_index; |
+ srtp_rdb_t old_rtcp_rdb; |
+ |
+ stream = session->stream_list; |
+ while ((stream != NULL) && (stream->rtp_auth != session->stream_template->rtp_auth)) { |
+ stream = stream->next; |
+ } |
+ if (stream == NULL) { |
+ /* no more templated streams */ |
+ break; |
+ } |
+ |
+ /* save old extendard seq */ |
+ ssrc = stream->ssrc; |
+ old_index = stream->rtp_rdbx.index; |
+ old_rtcp_rdb = stream->rtcp_rdb; |
+ |
+ /* remove stream */ |
+ status = srtp_remove_stream(session, ssrc); |
+ if (status) { |
+ /* free new allocations */ |
+ while (new_stream_list != NULL) { |
+ srtp_stream_t next = new_stream_list->next; |
+ srtp_stream_dealloc(new_stream_list, new_stream_template); |
+ new_stream_list = next; |
+ } |
+ srtp_stream_dealloc(new_stream_template, NULL); |
+ return status; |
+ } |
+ |
+ /* allocate and initialize a new stream */ |
+ status = srtp_stream_clone(new_stream_template, ssrc, &stream); |
+ if (status) { |
+ /* free new allocations */ |
+ while (new_stream_list != NULL) { |
+ srtp_stream_t next = new_stream_list->next; |
+ srtp_stream_dealloc(new_stream_list, new_stream_template); |
+ new_stream_list = next; |
+ } |
+ srtp_stream_dealloc(new_stream_template, NULL); |
+ return status; |
+ } |
+ |
+ /* add new stream to the head of the new_stream_list */ |
+ stream->next = new_stream_list; |
+ new_stream_list = stream; |
+ |
+ /* restore old extended seq */ |
+ stream->rtp_rdbx.index = old_index; |
+ stream->rtcp_rdb = old_rtcp_rdb; |
+ } |
+ /* dealloc old template */ |
+ srtp_stream_dealloc(session->stream_template, NULL); |
+ /* set new template */ |
+ session->stream_template = new_stream_template; |
+ /* add new list */ |
+ if (new_stream_list) { |
+ srtp_stream_t tail = new_stream_list; |
+ while (tail->next) { |
+ tail = tail->next; |
+ } |
+ tail->next = session->stream_list; |
+ session->stream_list = new_stream_list; |
+ } |
+ return status; |
+} |
+ |
+ |
+static srtp_err_status_t |
+update_stream(srtp_t session, const srtp_policy_t *policy) { |
+ srtp_err_status_t status; |
+ srtp_xtd_seq_num_t old_index; |
+ srtp_rdb_t old_rtcp_rdb; |
+ srtp_stream_t stream; |
+ |
+ stream = srtp_get_stream(session, policy->ssrc.value); |
+ if (stream == NULL) { |
+ return srtp_err_status_bad_param; |
+ } |
+ |
+ /* save old extendard seq */ |
+ old_index = stream->rtp_rdbx.index; |
+ old_rtcp_rdb = stream->rtcp_rdb; |
+ |
+ status = srtp_remove_stream(session, policy->ssrc.value); |
+ if (status) { |
+ return status; |
+ } |
+ |
+ status = srtp_add_stream(session, policy); |
+ if (status) { |
+ return status; |
+ } |
+ |
+ stream = srtp_get_stream(session, policy->ssrc.value); |
+ if (stream == NULL) { |
+ return srtp_err_status_fail; |
+ } |
+ |
+ /* restore old extended seq */ |
+ stream->rtp_rdbx.index = old_index; |
+ stream->rtcp_rdb = old_rtcp_rdb; |
+ |
+ return srtp_err_status_ok; |
+} |
+ |
+ |
+srtp_err_status_t |
+srtp_update_stream(srtp_t session, const srtp_policy_t *policy) { |
+ srtp_err_status_t status; |
+ |
+ /* sanity check arguments */ |
+ if ((session == NULL) || (policy == NULL) || (policy->key == NULL)) |
+ return srtp_err_status_bad_param; |
+ |
+ switch (policy->ssrc.type) { |
+ case (ssrc_any_outbound): |
+ case (ssrc_any_inbound): |
+ status = update_template_streams(session, policy); |
+ break; |
+ case (ssrc_specific): |
+ status = update_stream(session, policy); |
+ break; |
+ case (ssrc_undefined): |
+ default: |
+ return srtp_err_status_bad_param; |
+ } |
+ |
+ return status; |
} |
@@ -2365,11 +2611,11 @@ srtp_remove_stream(srtp_t session, uint32_t ssrc) { |
/* There are hard-coded 16's for base_key_len in the key generation code */ |
void |
-crypto_policy_set_rtp_default(crypto_policy_t *p) { |
+srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p) { |
- p->cipher_type = AES_ICM; |
+ p->cipher_type = SRTP_AES_ICM; |
p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */ |
- p->auth_type = HMAC_SHA1; |
+ p->auth_type = SRTP_HMAC_SHA1; |
p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ |
p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ |
p->sec_serv = sec_serv_conf_and_auth; |
@@ -2377,11 +2623,11 @@ crypto_policy_set_rtp_default(crypto_policy_t *p) { |
} |
void |
-crypto_policy_set_rtcp_default(crypto_policy_t *p) { |
+srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p) { |
- p->cipher_type = AES_ICM; |
+ p->cipher_type = SRTP_AES_ICM; |
p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */ |
- p->auth_type = HMAC_SHA1; |
+ p->auth_type = SRTP_HMAC_SHA1; |
p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ |
p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ |
p->sec_serv = sec_serv_conf_and_auth; |
@@ -2389,7 +2635,7 @@ crypto_policy_set_rtcp_default(crypto_policy_t *p) { |
} |
void |
-crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p) { |
+srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p) { |
/* |
* corresponds to RFC 4568 |
@@ -2397,9 +2643,9 @@ crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p) { |
* note that this crypto policy is intended for SRTP, but not SRTCP |
*/ |
- p->cipher_type = AES_ICM; |
+ p->cipher_type = SRTP_AES_ICM; |
p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */ |
- p->auth_type = HMAC_SHA1; |
+ p->auth_type = SRTP_HMAC_SHA1; |
p->auth_key_len = 20; /* 160 bit key */ |
p->auth_tag_len = 4; /* 32 bit tag */ |
p->sec_serv = sec_serv_conf_and_auth; |
@@ -2408,7 +2654,7 @@ crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p) { |
void |
-crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p) { |
+srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p) { |
/* |
* corresponds to RFC 4568 |
@@ -2416,9 +2662,9 @@ crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p) { |
* note that this crypto policy is intended for SRTP, but not SRTCP |
*/ |
- p->cipher_type = AES_ICM; |
+ p->cipher_type = SRTP_AES_ICM; |
p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */ |
- p->auth_type = NULL_AUTH; |
+ p->auth_type = SRTP_NULL_AUTH; |
p->auth_key_len = 0; |
p->auth_tag_len = 0; |
p->sec_serv = sec_serv_conf; |
@@ -2427,32 +2673,48 @@ crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p) { |
void |
-crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p) { |
+srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p) { |
/* |
* corresponds to RFC 4568 |
*/ |
- p->cipher_type = NULL_CIPHER; |
+ p->cipher_type = SRTP_NULL_CIPHER; |
p->cipher_key_len = 0; |
- p->auth_type = HMAC_SHA1; |
+ p->auth_type = SRTP_HMAC_SHA1; |
p->auth_key_len = 20; |
p->auth_tag_len = 10; |
p->sec_serv = sec_serv_auth; |
} |
+void |
+srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p) { |
+ |
+ /* |
+ * Should only be used for testing |
+ */ |
+ |
+ p->cipher_type = SRTP_NULL_CIPHER; |
+ p->cipher_key_len = 0; |
+ p->auth_type = SRTP_NULL_AUTH; |
+ p->auth_key_len = 0; |
+ p->auth_tag_len = 0; |
+ p->sec_serv = sec_serv_none; |
+ |
+} |
+ |
void |
-crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p) { |
+srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p) { |
/* |
* corresponds to draft-ietf-avt-big-aes-03.txt |
*/ |
- p->cipher_type = AES_ICM; |
+ p->cipher_type = SRTP_AES_ICM; |
p->cipher_key_len = 46; |
- p->auth_type = HMAC_SHA1; |
+ p->auth_type = SRTP_HMAC_SHA1; |
p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ |
p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ |
p->sec_serv = sec_serv_conf_and_auth; |
@@ -2460,7 +2722,7 @@ crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p) { |
void |
-crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p) { |
+srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p) { |
/* |
* corresponds to draft-ietf-avt-big-aes-03.txt |
@@ -2468,9 +2730,9 @@ crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p) { |
* note that this crypto policy is intended for SRTP, but not SRTCP |
*/ |
- p->cipher_type = AES_ICM; |
+ p->cipher_type = SRTP_AES_ICM; |
p->cipher_key_len = 46; |
- p->auth_type = HMAC_SHA1; |
+ p->auth_type = SRTP_HMAC_SHA1; |
p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ |
p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ |
p->sec_serv = sec_serv_conf_and_auth; |
@@ -2480,11 +2742,11 @@ crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p) { |
* AES-256 with no authentication. |
*/ |
void |
-crypto_policy_set_aes_cm_256_null_auth (crypto_policy_t *p) |
+srtp_crypto_policy_set_aes_cm_256_null_auth (srtp_crypto_policy_t *p) |
{ |
- p->cipher_type = AES_ICM; |
+ p->cipher_type = SRTP_AES_ICM; |
p->cipher_key_len = 46; |
- p->auth_type = NULL_AUTH; |
+ p->auth_type = SRTP_NULL_AUTH; |
p->auth_key_len = 0; |
p->auth_tag_len = 0; |
p->sec_serv = sec_serv_conf; |
@@ -2495,10 +2757,10 @@ crypto_policy_set_aes_cm_256_null_auth (crypto_policy_t *p) |
* AES-128 GCM mode with 8 octet auth tag. |
*/ |
void |
-crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p) { |
- p->cipher_type = AES_128_GCM; |
- p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT; |
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ |
+srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p) { |
+ p->cipher_type = SRTP_AES_128_GCM; |
+ p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT; |
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ |
p->auth_key_len = 0; |
p->auth_tag_len = 8; /* 8 octet tag length */ |
p->sec_serv = sec_serv_conf_and_auth; |
@@ -2508,10 +2770,10 @@ crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p) { |
* AES-256 GCM mode with 8 octet auth tag. |
*/ |
void |
-crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p) { |
- p->cipher_type = AES_256_GCM; |
- p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT; |
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ |
+srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p) { |
+ p->cipher_type = SRTP_AES_256_GCM; |
+ p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT; |
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ |
p->auth_key_len = 0; |
p->auth_tag_len = 8; /* 8 octet tag length */ |
p->sec_serv = sec_serv_conf_and_auth; |
@@ -2521,10 +2783,10 @@ crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p) { |
* AES-128 GCM mode with 8 octet auth tag, no RTCP encryption. |
*/ |
void |
-crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p) { |
- p->cipher_type = AES_128_GCM; |
- p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT; |
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ |
+srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p) { |
+ p->cipher_type = SRTP_AES_128_GCM; |
+ p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT; |
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ |
p->auth_key_len = 0; |
p->auth_tag_len = 8; /* 8 octet tag length */ |
p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ |
@@ -2534,10 +2796,10 @@ crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p) { |
* AES-256 GCM mode with 8 octet auth tag, no RTCP encryption. |
*/ |
void |
-crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p) { |
- p->cipher_type = AES_256_GCM; |
- p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT; |
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ |
+srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p) { |
+ p->cipher_type = SRTP_AES_256_GCM; |
+ p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT; |
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ |
p->auth_key_len = 0; |
p->auth_tag_len = 8; /* 8 octet tag length */ |
p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ |
@@ -2547,10 +2809,10 @@ crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p) { |
* AES-128 GCM mode with 16 octet auth tag. |
*/ |
void |
-crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p) { |
- p->cipher_type = AES_128_GCM; |
- p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT; |
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ |
+srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p) { |
+ p->cipher_type = SRTP_AES_128_GCM; |
+ p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT; |
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ |
p->auth_key_len = 0; |
p->auth_tag_len = 16; /* 16 octet tag length */ |
p->sec_serv = sec_serv_conf_and_auth; |
@@ -2560,10 +2822,10 @@ crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p) { |
* AES-256 GCM mode with 16 octet auth tag. |
*/ |
void |
-crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p) { |
- p->cipher_type = AES_256_GCM; |
- p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT; |
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */ |
+srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) { |
+ p->cipher_type = SRTP_AES_256_GCM; |
+ p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT; |
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ |
p->auth_key_len = 0; |
p->auth_tag_len = 16; /* 16 octet tag length */ |
p->sec_serv = sec_serv_conf_and_auth; |
@@ -2632,7 +2894,7 @@ static void srtp_calc_aead_iv_srtcp(srtp_stream_ctx_t *stream, v128_t *iv, |
* This code handles AEAD ciphers for outgoing RTCP. We currently support |
* AES-GCM mode with 128 or 256 bit keys. |
*/ |
-static err_status_t |
+static srtp_err_status_t |
srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
void *rtcp_hdr, unsigned int *pkt_octet_len) |
{ |
@@ -2641,14 +2903,14 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
uint32_t *trailer; /* pointer to start of trailer */ |
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ |
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
- err_status_t status; |
- int tag_len; |
+ srtp_err_status_t status; |
+ uint32_t tag_len; |
uint32_t seq_num; |
v128_t iv; |
uint32_t tseq; |
/* get tag length from stream context */ |
- tag_len = auth_get_tag_length(stream->rtcp_auth); |
+ tag_len = srtp_auth_get_tag_length(stream->rtcp_auth); |
/* |
* set encryption start and encryption length - if we're not |
@@ -2684,11 +2946,11 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
* check sequence number for overruns, and copy it into the packet |
* if its value isn't too big |
*/ |
- status = rdb_increment(&stream->rtcp_rdb); |
+ status = srtp_rdb_increment(&stream->rtcp_rdb); |
if (status) { |
return status; |
} |
- seq_num = rdb_get_value(&stream->rtcp_rdb); |
+ seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); |
*trailer |= htonl(seq_num); |
debug_print(mod_srtp, "srtcp index: %x", seq_num); |
@@ -2696,9 +2958,9 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
* Calculating the IV and pass it down to the cipher |
*/ |
srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr); |
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt); |
+ status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); |
if (status) { |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* |
@@ -2709,10 +2971,9 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
* If payload encryption is enabled, then the AAD consist of |
* the RTCP header and the seq# at the end of the packet |
*/ |
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, |
- octets_in_rtcp_header); |
+ status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, octets_in_rtcp_header); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
} else { |
/* |
@@ -2720,36 +2981,33 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
* the entire packet as described in section 10.3 in revision 07 |
* of the draft. |
*/ |
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, |
- *pkt_octet_len); |
+ status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, *pkt_octet_len); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
} |
/* |
* Process the sequence# as AAD |
*/ |
tseq = *trailer; |
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq, |
- sizeof(srtcp_trailer_t)); |
+ status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq, sizeof(srtcp_trailer_t)); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
/* if we're encrypting, exor keystream into the message */ |
if (enc_start) { |
- status = cipher_encrypt(stream->rtcp_cipher, |
- (uint8_t*)enc_start, &enc_octet_len); |
+ status = srtp_cipher_encrypt(stream->rtcp_cipher, |
+ (uint8_t*)enc_start, &enc_octet_len); |
if (status) { |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* |
* Get the tag and append that to the output |
*/ |
- status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag, |
- &tag_len); |
+ status = srtp_cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag, &tag_len); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
enc_octet_len += tag_len; |
} else { |
@@ -2758,17 +3016,16 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
* to run the cipher to get the auth tag. |
*/ |
unsigned int nolen = 0; |
- status = cipher_encrypt(stream->rtcp_cipher, NULL, &nolen); |
+ status = srtp_cipher_encrypt(stream->rtcp_cipher, NULL, &nolen); |
if (status) { |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* |
* Get the tag and append that to the output |
*/ |
- status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag, |
- &tag_len); |
+ status = srtp_cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag, &tag_len); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
enc_octet_len += tag_len; |
} |
@@ -2776,7 +3033,7 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
/* increase the packet length by the length of the auth tag and seq_num*/ |
*pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
/* |
@@ -2785,7 +3042,7 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
* at the end of the packet stream and is automatically checked by GCM |
* when decrypting the payload. |
*/ |
-static err_status_t |
+static srtp_err_status_t |
srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
void *srtcp_hdr, unsigned int *pkt_octet_len) |
{ |
@@ -2794,7 +3051,7 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
uint32_t *trailer; /* pointer to start of trailer */ |
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ |
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
- err_status_t status; |
+ srtp_err_status_t status; |
int tag_len; |
unsigned int tmp_len; |
uint32_t seq_num; |
@@ -2802,7 +3059,7 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
uint32_t tseq; |
/* get tag length from stream context */ |
- tag_len = auth_get_tag_length(stream->rtcp_auth); |
+ tag_len = srtp_auth_get_tag_length(stream->rtcp_auth); |
/* |
* set encryption start, encryption length, and trailer |
@@ -2837,7 +3094,7 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
/* this is easier than dealing with bitfield access */ |
seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; |
debug_print(mod_srtp, "srtcp index: %x", seq_num); |
- status = rdb_check(&stream->rtcp_rdb, seq_num); |
+ status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); |
if (status) { |
return status; |
} |
@@ -2846,9 +3103,9 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
* Calculate and set the IV |
*/ |
srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr); |
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt); |
+ status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); |
if (status) { |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* |
@@ -2859,10 +3116,9 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
* If payload encryption is enabled, then the AAD consist of |
* the RTCP header and the seq# at the end of the packet |
*/ |
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, |
- octets_in_rtcp_header); |
+ status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, octets_in_rtcp_header); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
} else { |
/* |
@@ -2870,27 +3126,25 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
* the entire packet as described in section 10.3 in revision 07 |
* of the draft. |
*/ |
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, |
- (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t))); |
+ status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, |
+ (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t))); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
} |
/* |
- * Process the sequence# as AAD |
+ * Process the sequence# as AAD |
*/ |
tseq = *trailer; |
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq, |
- sizeof(srtcp_trailer_t)); |
+ status = srtp_cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq, sizeof(srtcp_trailer_t)); |
if (status) { |
- return ( err_status_cipher_fail); |
+ return ( srtp_err_status_cipher_fail); |
} |
/* if we're decrypting, exor keystream into the message */ |
if (enc_start) { |
- status = cipher_decrypt(stream->rtcp_cipher, |
- (uint8_t*)enc_start, &enc_octet_len); |
+ status = srtp_cipher_decrypt(stream->rtcp_cipher, (uint8_t*)enc_start, &enc_octet_len); |
if (status) { |
return status; |
} |
@@ -2899,8 +3153,7 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
* Still need to run the cipher to check the tag |
*/ |
tmp_len = tag_len; |
- status = cipher_decrypt(stream->rtcp_cipher, (uint8_t*)auth_tag, |
- &tmp_len); |
+ status = srtp_cipher_decrypt(stream->rtcp_cipher, (uint8_t*)auth_tag, &tmp_len); |
if (status) { |
return status; |
} |
@@ -2956,12 +3209,12 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, |
} |
/* we've passed the authentication check, so add seq_num to the rdb */ |
- rdb_add_index(&stream->rtcp_rdb, seq_num); |
+ srtp_rdb_add_index(&stream->rtcp_rdb, seq_num); |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
+srtp_err_status_t |
srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { |
srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; |
uint32_t *enc_start; /* pointer to start of encrypted portion */ |
@@ -2969,17 +3222,17 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { |
uint32_t *trailer; /* pointer to start of trailer */ |
unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ |
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
- err_status_t status; |
+ srtp_err_status_t status; |
int tag_len; |
srtp_stream_ctx_t *stream; |
- int prefix_len; |
+ uint32_t prefix_len; |
uint32_t seq_num; |
/* we assume the hdr is 32-bit aligned to start */ |
/* check the packet length - it must at least contain a full header */ |
if (*pkt_octet_len < octets_in_rtcp_header) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
/* |
* look up ssrc in srtp_stream list, and process the packet with |
@@ -3007,7 +3260,7 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { |
stream = new_stream; |
} else { |
/* no template stream, so we return an error */ |
- return err_status_no_ctx; |
+ return srtp_err_status_no_ctx; |
} |
} |
@@ -3029,13 +3282,13 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { |
* Check if this is an AEAD stream (GCM mode). If so, then dispatch |
* the request to our AEAD handler. |
*/ |
- if (stream->rtp_cipher->algorithm == AES_128_GCM || |
- stream->rtp_cipher->algorithm == AES_256_GCM) { |
+ if (stream->rtp_cipher->algorithm == SRTP_AES_128_GCM || |
+ stream->rtp_cipher->algorithm == SRTP_AES_256_GCM) { |
return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, (unsigned int*)pkt_octet_len); |
} |
/* get tag length from stream context */ |
- tag_len = auth_get_tag_length(stream->rtcp_auth); |
+ tag_len = srtp_auth_get_tag_length(stream->rtcp_auth); |
/* |
* set encryption start and encryption length - if we're not |
@@ -3069,31 +3322,31 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { |
auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t); |
/* perform EKT processing if needed */ |
- ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len, |
- rdbx_get_packet_index(&stream->rtp_rdbx)); |
+ srtp_ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len, |
+ srtp_rdbx_get_packet_index(&stream->rtp_rdbx)); |
/* |
* check sequence number for overruns, and copy it into the packet |
* if its value isn't too big |
*/ |
- status = rdb_increment(&stream->rtcp_rdb); |
+ status = srtp_rdb_increment(&stream->rtcp_rdb); |
if (status) |
return status; |
- seq_num = rdb_get_value(&stream->rtcp_rdb); |
+ seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); |
*trailer |= htonl(seq_num); |
debug_print(mod_srtp, "srtcp index: %x", seq_num); |
/* |
* if we're using rindael counter mode, set nonce and seq |
*/ |
- if (stream->rtcp_cipher->type->id == AES_ICM) { |
+ if (stream->rtcp_cipher->type->id == SRTP_AES_ICM) { |
v128_t iv; |
iv.v32[0] = 0; |
iv.v32[1] = hdr->ssrc; /* still in network order! */ |
iv.v32[2] = htonl(seq_num >> 16); |
iv.v32[3] = htonl(seq_num << 16); |
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt); |
+ status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); |
} else { |
v128_t iv; |
@@ -3103,10 +3356,10 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { |
iv.v32[1] = 0; |
iv.v32[2] = 0; |
iv.v32[3] = htonl(seq_num); |
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt); |
+ status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); |
} |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
/* |
* if we're authenticating using a universal hash, put the keystream |
@@ -3117,48 +3370,48 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { |
if (auth_start) { |
/* put keystream prefix into auth_tag */ |
- prefix_len = auth_get_prefix_length(stream->rtcp_auth); |
- status = cipher_output(stream->rtcp_cipher, auth_tag, prefix_len); |
+ prefix_len = srtp_auth_get_prefix_length(stream->rtcp_auth); |
+ status = srtp_cipher_output(stream->rtcp_cipher, auth_tag, &prefix_len); |
debug_print(mod_srtp, "keystream prefix: %s", |
- octet_string_hex_string(auth_tag, prefix_len)); |
+ srtp_octet_string_hex_string(auth_tag, prefix_len)); |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* if we're encrypting, exor keystream into the message */ |
if (enc_start) { |
- status = cipher_encrypt(stream->rtcp_cipher, |
- (uint8_t *)enc_start, &enc_octet_len); |
+ status = srtp_cipher_encrypt(stream->rtcp_cipher, |
+ (uint8_t *)enc_start, &enc_octet_len); |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* initialize auth func context */ |
- auth_start(stream->rtcp_auth); |
+ srtp_auth_start(stream->rtcp_auth); |
/* |
* run auth func over packet (including trailer), and write the |
* result at auth_tag |
*/ |
- status = auth_compute(stream->rtcp_auth, |
+ status = srtp_auth_compute(stream->rtcp_auth, |
(uint8_t *)auth_start, |
(*pkt_octet_len) + sizeof(srtcp_trailer_t), |
auth_tag); |
debug_print(mod_srtp, "srtcp auth tag: %s", |
- octet_string_hex_string(auth_tag, tag_len)); |
+ srtp_octet_string_hex_string(auth_tag, tag_len)); |
if (status) |
- return err_status_auth_fail; |
+ return srtp_err_status_auth_fail; |
/* increase the packet length by the length of the auth tag and seq_num*/ |
*pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
+srtp_err_status_t |
srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; |
uint32_t *enc_start; /* pointer to start of encrypted portion */ |
@@ -3168,11 +3421,11 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ |
uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; |
uint8_t tag_copy[SRTP_MAX_TAG_LEN]; |
- err_status_t status; |
+ srtp_err_status_t status; |
unsigned int auth_len; |
int tag_len; |
srtp_stream_ctx_t *stream; |
- int prefix_len; |
+ uint32_t prefix_len; |
uint32_t seq_num; |
int e_bit_in_packet; /* whether the E-bit was found in the packet */ |
int sec_serv_confidentiality; /* whether confidentiality was requested */ |
@@ -3183,7 +3436,7 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
know the tag length, but we at least want to know that it is |
a positive value */ |
if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t)) |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
/* |
* look up ssrc in srtp_stream list, and process the packet with |
@@ -3214,29 +3467,29 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
} |
debug_print(mod_srtp, "srtcp using provisional stream (SSRC: 0x%08x)", |
- hdr->ssrc); |
+ ntohl(hdr->ssrc)); |
} else { |
/* no template stream, so we return an error */ |
- return err_status_no_ctx; |
+ return srtp_err_status_no_ctx; |
} |
} |
/* get tag length from stream context */ |
- tag_len = auth_get_tag_length(stream->rtcp_auth); |
+ tag_len = srtp_auth_get_tag_length(stream->rtcp_auth); |
/* check the packet length - it must contain at least a full RTCP |
header, an auth tag (if applicable), and the SRTCP encrypted flag |
and 31-bit index value */ |
if (*pkt_octet_len < (int) (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t))) { |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
} |
/* |
* Check if this is an AEAD stream (GCM mode). If so, then dispatch |
* the request to our AEAD handler. |
*/ |
- if (stream->rtp_cipher->algorithm == AES_128_GCM || |
- stream->rtp_cipher->algorithm == AES_256_GCM) { |
+ if (stream->rtp_cipher->algorithm == SRTP_AES_128_GCM || |
+ stream->rtp_cipher->algorithm == SRTP_AES_256_GCM) { |
return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, (unsigned int*)pkt_octet_len); |
} |
@@ -3262,7 +3515,7 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
e_bit_in_packet = |
(*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT; |
if (e_bit_in_packet != sec_serv_confidentiality) { |
- return err_status_cant_check; |
+ return srtp_err_status_cant_check; |
} |
if (sec_serv_confidentiality) { |
enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; |
@@ -3287,7 +3540,7 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
* the base tag |
*/ |
if (stream->ekt) { |
- auth_tag -= ekt_octets_after_base_tag(stream->ekt); |
+ auth_tag -= srtp_ekt_octets_after_base_tag(stream->ekt); |
memcpy(tag_copy, auth_tag, tag_len); |
octet_string_set_to_zero(auth_tag, tag_len); |
auth_tag = tag_copy; |
@@ -3300,21 +3553,21 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
/* this is easier than dealing with bitfield access */ |
seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; |
debug_print(mod_srtp, "srtcp index: %x", seq_num); |
- status = rdb_check(&stream->rtcp_rdb, seq_num); |
+ status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); |
if (status) |
return status; |
/* |
* if we're using aes counter mode, set nonce and seq |
*/ |
- if (stream->rtcp_cipher->type->id == AES_ICM) { |
+ if (stream->rtcp_cipher->type->id == SRTP_AES_ICM) { |
v128_t iv; |
iv.v32[0] = 0; |
iv.v32[1] = hdr->ssrc; /* still in network order! */ |
iv.v32[2] = htonl(seq_num >> 16); |
iv.v32[3] = htonl(seq_num << 16); |
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt); |
+ status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); |
} else { |
v128_t iv; |
@@ -3324,48 +3577,47 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
iv.v32[1] = 0; |
iv.v32[2] = 0; |
iv.v32[3] = htonl(seq_num); |
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt); |
+ status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); |
} |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
/* initialize auth func context */ |
- auth_start(stream->rtcp_auth); |
+ srtp_auth_start(stream->rtcp_auth); |
/* run auth func over packet, put result into tmp_tag */ |
- status = auth_compute(stream->rtcp_auth, (uint8_t *)auth_start, |
+ status = srtp_auth_compute(stream->rtcp_auth, (uint8_t *)auth_start, |
auth_len, tmp_tag); |
debug_print(mod_srtp, "srtcp computed tag: %s", |
- octet_string_hex_string(tmp_tag, tag_len)); |
+ srtp_octet_string_hex_string(tmp_tag, tag_len)); |
if (status) |
- return err_status_auth_fail; |
+ return srtp_err_status_auth_fail; |
/* compare the tag just computed with the one in the packet */ |
debug_print(mod_srtp, "srtcp tag from packet: %s", |
- octet_string_hex_string(auth_tag, tag_len)); |
+ srtp_octet_string_hex_string(auth_tag, tag_len)); |
if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) |
- return err_status_auth_fail; |
+ return srtp_err_status_auth_fail; |
/* |
* if we're authenticating using a universal hash, put the keystream |
* prefix into the authentication tag |
*/ |
- prefix_len = auth_get_prefix_length(stream->rtcp_auth); |
+ prefix_len = srtp_auth_get_prefix_length(stream->rtcp_auth); |
if (prefix_len) { |
- status = cipher_output(stream->rtcp_cipher, auth_tag, prefix_len); |
+ status = srtp_cipher_output(stream->rtcp_cipher, auth_tag, &prefix_len); |
debug_print(mod_srtp, "keystream prefix: %s", |
- octet_string_hex_string(auth_tag, prefix_len)); |
+ srtp_octet_string_hex_string(auth_tag, prefix_len)); |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* if we're decrypting, exor keystream into the message */ |
if (enc_start) { |
- status = cipher_decrypt(stream->rtcp_cipher, |
- (uint8_t *)enc_start, &enc_octet_len); |
+ status = srtp_cipher_decrypt(stream->rtcp_cipher, (uint8_t *)enc_start, &enc_octet_len); |
if (status) |
- return err_status_cipher_fail; |
+ return srtp_err_status_cipher_fail; |
} |
/* decrease the packet length by the length of the auth tag and seq_num */ |
@@ -3375,7 +3627,7 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
* if EKT is in effect, subtract the EKT data out of the packet |
* length |
*/ |
- *pkt_octet_len -= ekt_octets_after_base_tag(stream->ekt); |
+ *pkt_octet_len -= srtp_ekt_octets_after_base_tag(stream->ekt); |
/* |
* verify that stream is for received traffic - this check will |
@@ -3423,10 +3675,10 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { |
} |
/* we've passed the authentication check, so add seq_num to the rdb */ |
- rdb_add_index(&stream->rtcp_rdb, seq_num); |
+ srtp_rdb_add_index(&stream->rtcp_rdb, seq_num); |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
@@ -3449,76 +3701,72 @@ srtp_get_user_data(srtp_t ctx) { |
* dtls keying for srtp |
*/ |
-err_status_t |
-crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy, |
- srtp_profile_t profile) { |
+srtp_err_status_t |
+srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy, |
+ srtp_profile_t profile) { |
/* set SRTP policy from the SRTP profile in the key set */ |
switch(profile) { |
case srtp_profile_aes128_cm_sha1_80: |
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); |
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); |
break; |
case srtp_profile_aes128_cm_sha1_32: |
- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); |
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); |
break; |
case srtp_profile_null_sha1_80: |
- crypto_policy_set_null_cipher_hmac_sha1_80(policy); |
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); |
break; |
case srtp_profile_aes256_cm_sha1_80: |
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); |
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); |
break; |
case srtp_profile_aes256_cm_sha1_32: |
- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); |
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); |
break; |
/* the following profiles are not (yet) supported */ |
case srtp_profile_null_sha1_32: |
default: |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
} |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-err_status_t |
-crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy, |
- srtp_profile_t profile) { |
+srtp_err_status_t |
+srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy, |
+ srtp_profile_t profile) { |
/* set SRTP policy from the SRTP profile in the key set */ |
switch(profile) { |
case srtp_profile_aes128_cm_sha1_80: |
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); |
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); |
break; |
case srtp_profile_aes128_cm_sha1_32: |
/* We do not honor the 32-bit auth tag request since |
* this is not compliant with RFC 3711 */ |
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); |
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); |
break; |
case srtp_profile_null_sha1_80: |
- crypto_policy_set_null_cipher_hmac_sha1_80(policy); |
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); |
break; |
case srtp_profile_aes256_cm_sha1_80: |
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); |
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); |
break; |
case srtp_profile_aes256_cm_sha1_32: |
/* We do not honor the 32-bit auth tag request since |
* this is not compliant with RFC 3711 */ |
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); |
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); |
break; |
/* the following profiles are not (yet) supported */ |
case srtp_profile_null_sha1_32: |
default: |
- return err_status_bad_param; |
+ return srtp_err_status_bad_param; |
} |
- return err_status_ok; |
+ return srtp_err_status_ok; |
} |
-void |
-append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, |
- uint8_t *salt, unsigned int bytes_in_salt) { |
- |
+void srtp_append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, uint8_t *salt, unsigned int bytes_in_salt) { |
memcpy(key + bytes_in_key, salt, bytes_in_salt); |
- |
} |
unsigned int |
@@ -3572,3 +3820,17 @@ srtp_profile_get_master_salt_length(srtp_profile_t profile) { |
return 0; /* indicate error by returning a zero */ |
} |
} |
+ |
+/* |
+ * SRTP debug interface |
+ */ |
+srtp_err_status_t srtp_set_debug_module(char *mod_name, int v) |
+{ |
+ return srtp_crypto_kernel_set_debug_module(mod_name, v); |
+} |
+ |
+srtp_err_status_t srtp_list_debug_modules(void) |
+{ |
+ return srtp_crypto_kernel_list_debug_modules(); |
+} |
+ |