srtp/srtp.c - Issue 2723863003: Fix incorrectly masked seq number for GCM IV.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: srtp/srtp.c

Issue 2723863003: Fix incorrectly masked seq number for GCM IV. (Closed)

Patch Set: Updated with upstream changes. Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: srtp/srtp.c

diff --git a/srtp/srtp.c b/srtp/srtp.c

index 191a9a3272ba5bc747f08aeaaae3f8a9bffd39a4..df092e32e073707ae21b112962982f2f476a977f 100644

--- a/srtp/srtp.c

+++ b/srtp/srtp.c

@@ -2861,9 +2861,13 @@ srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) {

* seq_num - The SEQ value to use for the IV calculation.

* *hdr - The RTP header, used to get the SSRC value

+ * Returns: srtp_err_status_ok if no error or srtp_err_status_bad_param

+ * if seq_num is invalid

+ *

-static void srtp_calc_aead_iv_srtcp(srtp_stream_ctx_t *stream, v128_t *iv,

- uint32_t seq_num, srtcp_hdr_t *hdr)

+static srtp_err_status_t

+srtp_calc_aead_iv_srtcp(srtp_stream_ctx_t *stream, v128_t *iv,

+ uint32_t seq_num, srtcp_hdr_t *hdr)

{

v128_t in;

v128_t salt;

@@ -2874,7 +2878,15 @@ static void srtp_calc_aead_iv_srtcp(srtp_stream_ctx_t *stream, v128_t *iv,

in.v16[0] = 0;

memcpy(&in.v16[1], &hdr->ssrc, 4); /* still in network order! */

in.v16[3] = 0;

- in.v32[2] = 0x7FFFFFFF & htonl(seq_num); /* bit 32 is suppose to be zero */

+ /*

+ * The SRTCP index (seq_num) spans bits 0 through 30 inclusive.

+ * The most significant bit should be zero.

+ */

+ if (seq_num & 0x80000000UL) {

+ return srtp_err_status_bad_param;

+ }

+ in.v32[2] = htonl(seq_num);

debug_print(mod_srtp, "Pre-salted RTCP IV = %s\n", v128_hex_string(&in));

@@ -2888,6 +2900,8 @@ static void srtp_calc_aead_iv_srtcp(srtp_stream_ctx_t *stream, v128_t *iv,

* Finally, apply the SALT to the input

v128_xor(iv, &in, &salt);

+ return srtp_err_status_ok;

}

@@ -2955,9 +2969,12 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,

debug_print(mod_srtp, "srtcp index: %x", seq_num);

- * Calculating the IV and pass it down to the cipher

+ * Calculate and set the IV

- srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr);

+ status = srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr);

+ if (status) {

+ return srtp_err_status_cipher_fail;

+ }

status = srtp_cipher_set_iv(stream->rtcp_cipher, (uint8_t*)&iv, srtp_direction_encrypt);

if (status) {

return srtp_err_status_cipher_fail;

@@ -3102,7 +3119,10 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,

* Calculate and set the IV