Update libsrtp to upstream 1.5.0

srtp/test/rtpw.c

 /*
  * rtpw.c
  *
  * rtp word sender/receiver
  *
  * David A. McGrew
  * Cisco Systems, Inc.
  *
  * This app is a simple RTP application intended only for testing
  * libsrtp.  It reads one word at a time from /usr/dict/words (or
@@ skipping 33 matching lines @@
  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
 
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include "datatypes.h"
 #include "getopt_s.h"       /* for local getopt()  */
 
 #include <stdio.h>          /* for printf, fprintf */
 #include <stdlib.h>         /* for atoi()          */
 #include <errno.h>
 #include <signal.h>         /* for signal()        */
 
 #include <string.h>         /* for strncpy()       */
 #include <time.h>           /* for usleep()        */
@@ skipping 10 matching lines @@
 # include <winsock2.h>
 # include <ws2tcpip.h>
 # define RTPW_USE_WINSOCK2      1
 #endif
 #ifdef HAVE_ARPA_INET_H
 # include <arpa/inet.h>
 #endif
 
 #include "srtp.h"           
 #include "rtp.h"
+#include "crypto_kernel.h"
 
 #ifdef RTPW_USE_WINSOCK2
 # define DICT_FILE        "words.txt"
 #else
 # define DICT_FILE        "/usr/share/dict/words"
 #endif
 #define USEC_RATE        (5e5)
 #define MAX_WORD_LEN     128  
 #define ADDR_IS_MULTICAST(a) IN_MULTICAST(htonl(a))
-#define MAX_KEY_LEN      64
-#define MASTER_KEY_LEN   30
+#define MAX_KEY_LEN      96
 
 
 #ifndef HAVE_USLEEP
 # ifdef HAVE_WINDOWS_H
 #  define usleep(us)    Sleep((us)/1000)
 # else
 #  define usleep(us)    sleep((us)/1000000)
 # endif
 #endif
 
@@ skipping 41 matching lines @@
   struct in_addr rcvr_addr;
   struct sockaddr_in name;
   struct ip_mreq mreq;
 #if BEW
   struct sockaddr_in local;
 #endif 
   program_type prog_type = unknown;
   sec_serv_t sec_servs = sec_serv_none;
   unsigned char ttl = 5;
   int c;
+  int key_size = 128;
+  int tag_size = 8;
+  int gcm_on = 0;
   char *input_key = NULL;
   char *address = NULL;
   char key[MAX_KEY_LEN];
   unsigned short port = 0;
   rtp_sender_t snd;
   srtp_policy_t policy;
   err_status_t status;
   int len;
   int do_list_mods = 0;
   uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */
 #ifdef RTPW_USE_WINSOCK2
   WORD wVersionRequested = MAKEWORD(2, 0);
   WSADATA wsaData;
 
   ret = WSAStartup(wVersionRequested, &wsaData);
   if (ret != 0) {
     fprintf(stderr, "error: WSAStartup() failed: %d\n", ret);
     exit(1);
   }
 #endif
 
+  printf("Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version());
+
   if (setup_signal_handler(argv[0]) != 0) {
     exit(1);
   }
 
   /* initialize srtp library */
   status = srtp_init();
   if (status) {
     printf("error: srtp initialization failed with error code %d\n", status);
     exit(1);
   }
 
   /* check args */
   while (1) {
-    c = getopt_s(argc, argv, "k:rsaeld:");
+    c = getopt_s(argc, argv, "k:rsgt:ae:ld:");
     if (c == -1) {
       break;
     }
     switch (c) {
     case 'k':
       input_key = optarg_s;
       break;
     case 'e':
+      key_size = atoi(optarg_s);
+      if (key_size != 128 && key_size != 256) {
+        printf("error: encryption key size must be 128 or 256 (%d)\n", key_size);
+        exit(1);
+      }
       sec_servs |= sec_serv_conf;
       break;
+    case 't':
+      tag_size = atoi(optarg_s);
+      if (tag_size != 8 && tag_size != 16) {
+        printf("error: GCM tag size must be 8 or 16 (%d)\n", tag_size);
+        exit(1);
+      }
+      break;
     case 'a':
       sec_servs |= sec_serv_auth;
       break;
+    case 'g':
+      gcm_on = 1;
+      sec_servs |= sec_serv_auth;
+      break;
     case 'r':
       prog_type = receiver;
       break;
     case 's':
       prog_type = sender;
       break;
     case 'd':
       status = crypto_kernel_set_debug_module(optarg_s, 1);
       if (status) {
         printf("error: set debug module (%s) failed\n", optarg_s);
@@ skipping 110 matching lines @@
   
   /* set up the srtp policy and master key */    
   if (sec_servs) {
     /* 
      * create policy structure, using the default mechanisms but 
      * with only the security services requested on the command line,
      * using the right SSRC value
      */
     switch (sec_servs) {
     case sec_serv_conf_and_auth:
-      crypto_policy_set_rtp_default(&policy.rtp);
-      crypto_policy_set_rtcp_default(&policy.rtcp);
+      if (gcm_on) {
+#ifdef OPENSSL
+        switch (key_size) {
+        case 128:
+          crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+          crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+          break;
+        case 256:
+          crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+          crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+          break;
+        }
+#else
+        printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
+        return 0;
+#endif
+      } else {
+        switch (key_size) {
+        case 128:
+          crypto_policy_set_rtp_default(&policy.rtp);
+          crypto_policy_set_rtcp_default(&policy.rtcp);
+          break;
+        case 256:
+          crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+          crypto_policy_set_rtcp_default(&policy.rtcp);
+          break;
+        }
+      }
       break;
     case sec_serv_conf:
-      crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
-      crypto_policy_set_rtcp_default(&policy.rtcp);      
+      if (gcm_on) {
+          printf("error: GCM mode must always be used with auth enabled\n");
+          return -1;
+      } else {
+        switch (key_size) {
+        case 128:
+          crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+          crypto_policy_set_rtcp_default(&policy.rtcp);      
+          break;
+        case 256:
+          crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+          crypto_policy_set_rtcp_default(&policy.rtcp);      
+          break;
+        }
+      }
       break;
     case sec_serv_auth:
-      crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
-      crypto_policy_set_rtcp_default(&policy.rtcp);
+      if (gcm_on) {
+#ifdef OPENSSL
+        switch (key_size) {
+        case 128:
+          crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+          crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
+          break;
+        case 256:
+          crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+          crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
+          break;
+        }
+#else
+        printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
+        return 0;
+#endif
+      } else {
+        crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+        crypto_policy_set_rtcp_default(&policy.rtcp);
+      }
       break;
     default:
       printf("error: unknown security service requested\n");
       return -1;
     } 
     policy.ssrc.type  = ssrc_specific;
     policy.ssrc.value = ssrc;
     policy.key  = (uint8_t *) key;
     policy.ekt  = NULL;
     policy.next = NULL;
     policy.window_size = 128;
     policy.allow_repeat_tx = 0;
     policy.rtp.sec_serv = sec_servs;
     policy.rtcp.sec_serv = sec_serv_none;  /* we don't do RTCP anyway */
 
+    if (gcm_on && tag_size != 8) {
+        policy.rtp.auth_tag_len = tag_size;
+    }
+
     /*
      * read key from hexadecimal on command line into an octet string
      */
-    len = hex_string_to_octet_string(key, input_key, MASTER_KEY_LEN*2);
+    len = hex_string_to_octet_string(key, input_key, policy.rtp.cipher_key_len*2);
     
     /* check that hex string is the right length */
-    if (len < MASTER_KEY_LEN*2) {
+    if (len < policy.rtp.cipher_key_len*2) {
       fprintf(stderr, 
               "error: too few digits in key/salt "
               "(should be %d hexadecimal digits, found %d)\n",
-              MASTER_KEY_LEN*2, len);
+              policy.rtp.cipher_key_len*2, len);
       exit(1);    
     } 
-    if (strlen(input_key) > MASTER_KEY_LEN*2) {
+    if (strlen(input_key) > policy.rtp.cipher_key_len*2) {
       fprintf(stderr, 
               "error: too many digits in key/salt "
               "(should be %d hexadecimal digits, found %u)\n",
-              MASTER_KEY_LEN*2, (unsigned)strlen(input_key));
+              policy.rtp.cipher_key_len*2, (unsigned)strlen(input_key));
       exit(1);    
     }
     
     printf("set master key/salt to %s/", octet_string_hex_string(key, 16));
     printf("%s\n", octet_string_hex_string(key+16, 14));
   
   } else {
     /*
      * we're not providing security services, so set the policy to the
      * null policy
@@ skipping 147 matching lines @@
 }
 
 
 void
 usage(char *string) {
 
   printf("usage: %s [-d <debug>]* [-k <key> [-a][-e]] "
          "[-s | -r] dest_ip dest_port\n"
          "or     %s -l\n"
          "where  -a use message authentication\n"
-         "       -e use encryption\n"
+         "       -e <key size> use encryption (use 128 or 256 for key size)\n"
+         "       -g Use AES-GCM mode (must be used with -e)\n"
+         "       -t <tag size> Tag size to use in GCM mode (use 8 or 16)\n"
          "       -k <key>  sets the srtp master key\n"
          "       -s act as rtp sender\n"
          "       -r act as rtp receiver\n"
          "       -l list debug modules\n"
          "       -d <debug> turn on debugging for module <debug>\n",
          string, string);
   exit(1);
   
 }
 
@@ skipping 41 matching lines @@
   }
 #else
   if (signal(SIGTERM, handle_signal) == SIG_ERR) {
     fprintf(stderr, "%s: error setting up signal handler", name);
     perror("");
     return -1;
   }
 #endif
   return 0;
 }