diff --git a/Makefile.am b/Makefile.am index 984872c36d..8905f06729 100644 --- a/Makefile.am +++ b/Makefile.am @@ -599,14 +599,15 @@ libs/apr/libapr-1.la: libs/apr/Makefile libs/apr/.update libs/apr-util/libaprutil-1.la: libs/apr/libapr-1.la libs/apr-util libs/apr-util/.update @if [ $(MAKELEVEL) = 0 -o -z "`echo "$(MAKEARGS)" | grep "j"`" ] ; then touch $(switch_srcdir)/src/include/switch.h; cd libs/apr-util && $(MAKE) $(MFLAGS) && touch libaprutil-1.la; fi -SRTP_SRC = libs/srtp/srtp/srtp.c libs/srtp/srtp/ekt.c libs/srtp/crypto/cipher/cipher.c libs/srtp/crypto/cipher/null_cipher.c \ +SRTP_SRC = libs/srtp/srtp/srtp.c libs/srtp/crypto/cipher/cipher.c libs/srtp/crypto/cipher/null_cipher.c \ libs/srtp/crypto/cipher/aes.c libs/srtp/crypto/cipher/aes_icm.c \ libs/srtp/crypto/hash/null_auth.c libs/srtp/crypto/hash/sha1.c \ libs/srtp/crypto/hash/hmac.c libs/srtp/crypto/hash/auth.c \ - libs/srtp/crypto/math/datatypes.c libs/srtp/crypto/math/stat.c \ + libs/srtp/crypto/math/datatypes.c \ libs/srtp/crypto/kernel/crypto_kernel.c libs/srtp/crypto/kernel/alloc.c \ libs/srtp/crypto/kernel/key.c libs/srtp/crypto/kernel/err.c \ - libs/srtp/crypto/replay/rdb.c libs/srtp/crypto/replay/rdbx.c libs/srtp/crypto/replay/ut_sim.c + libs/srtp/crypto/replay/rdb.c libs/srtp/crypto/replay/rdbx.c \ + libs/srtp/crypto/cipher/cipher_test_cases.c libs/srtp/crypto/hash/auth_test_cases.c libs/srtp/libsrtp.la: libs/srtp libs/srtp/.update $(SRTP_SRC) touch $(switch_srcdir)/src/include/switch.h diff --git a/libs/srtp/.gitignore b/libs/srtp/.gitignore index a5ccf852db..270bd9e2b1 100644 --- a/libs/srtp/.gitignore +++ b/libs/srtp/.gitignore @@ -23,6 +23,7 @@ old? *.app # srtp things +build Debug Makefile Root @@ -35,12 +36,9 @@ crypto/test/cipher_driver crypto/test/datatypes_driver crypto/test/env crypto/test/kernel_driver -crypto/test/rand_gen crypto/test/sha1_driver crypto/test/stat_driver -crypto/test/rand_gen_soak tables/aes_tables -test/dtls_srtp_driver test/rdbx_driver test/replay_driver test/roc_driver diff --git a/libs/srtp/.travis.yml b/libs/srtp/.travis.yml index e0a7983de2..010fba072d 100644 --- a/libs/srtp/.travis.yml +++ b/libs/srtp/.travis.yml @@ -1,5 +1,4 @@ -dist: trusty -sudo: false +dist: xenial language: c env: @@ -9,58 +8,204 @@ env: matrix: include: - # default linux build with gcc + # linux build - os: linux env: - - TEST="linux gcc" - addons: - apt: - sources: - - ubuntu-toolchain-r-test - packages: - - gcc-6 - script: - - CC=gcc-6 EXTRA_CFLAGS=-Werror ./configure - - make - - make runtest - - # linux build with openssl and gcc - - os: linux - env: - - TEST="linux gcc (openssl)" + - TEST="linux (gcc)" addons: apt: sources: - ubuntu-toolchain-r-test packages: - gcc-6 + - valgrind + install: + - pyenv global 3.7.1 + - pip3 install meson ninja + script: + - CC=gcc-6 EXTRA_CFLAGS=-Werror ./configure + - make + - make runtest + - make runtest-valgrind + - make distclean + - mkdir build && cd build + - cmake -DBUILD_WITH_SANITIZERS=TRUE .. + - make + - CTEST_OUTPUT_ON_FAILURE=1 make test + - cd .. + - CC=gcc-6 meson setup --werror builddir + - meson compile -C builddir + - meson test -v -C builddir + + # linux build with openssl + - os: linux + env: + - TEST="linux openssl (gcc)" + addons: + apt: + sources: + - ubuntu-toolchain-r-test + packages: + - gcc-6 + - valgrind + install: + - pyenv global 3.7.1 + - pip3 install meson ninja script: - CC=gcc-6 EXTRA_CFLAGS=-Werror ./configure --enable-openssl - make - make runtest + - make runtest-valgrind + - make distclean + - mkdir build && cd build + - cmake -DENABLE_OPENSSL=ON -DBUILD_WITH_SANITIZERS=TRUE .. + - make + - CTEST_OUTPUT_ON_FAILURE=1 make test + - cd .. + - mkdir build_shared && cd build_shared + - cmake -DENABLE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON .. + - make + - make test + - cd .. + - meson setup --werror -Dcrypto-library=openssl builddir + - meson compile -C builddir + - meson test -v -C builddir # linux build with openssl and clang - os: linux env: - - TEST="linux clang (openssl)" + - TEST="linux openssl (clang)" addons: apt: packages: - clang + install: + - pyenv global 3.7.1 + - pip3 install meson ninja script: - CC=clang EXTRA_CFLAGS=-Werror ./configure --enable-openssl - make - make runtest + - CC=clang meson setup --werror -Dcrypto-library=openssl builddir + - meson compile -C builddir + - meson test -v -C builddir - # default osx build with xcode (clang) + # linux build with nss + - os: linux + env: + - TEST="linux nss (gcc / valgrind)" + addons: + apt: + sources: + - ubuntu-toolchain-r-test + packages: + - gcc-6 + - valgrind + - libnss3-dev + install: + - pyenv global 3.7.1 + - pip3 install meson ninja + script: + - CC=gcc-6 EXTRA_CFLAGS=-Werror ./configure --enable-nss + - make + - make runtest + - make runtest-valgrind + - mkdir build && cd build + - cmake -DENABLE_NSS=ON -DBUILD_WITH_SANITIZERS=TRUE .. + - make + - CTEST_OUTPUT_ON_FAILURE=1 make test + - cd .. + - CC=gcc-6 meson setup --werror -Dcrypto-library=nss builddir + - meson compile -C builddir + - meson test -v -C builddir + + # linux build with mbedtls + - os: linux + env: + - TEST="linux mbedtls (gcc)" + addons: + apt: + sources: + - ubuntu-toolchain-r-test + packages: + - gcc-6 + - libmbedtls-dev + script: + - mkdir build && cd build + - cmake -DENABLE_MBEDTLS=ON -DBUILD_WITH_SANITIZERS=TRUE .. + - make + - CTEST_OUTPUT_ON_FAILURE=1 make test + - cd .. + + # default osx build - os: osx env: - - TEST="osx XCode 8.2" - osx_image: xcode8.2 + - TEST="osx" + before_install: + - pip3 install meson ninja script: - EXTRA_CFLAGS=-Werror ./configure - make - make runtest + - make distclean + - mkdir build && cd build + - cmake .. + - make + - make test + - cd .. + - meson setup --werror builddir + - meson compile -C builddir + - meson test -v -C builddir + + # osx build with openssl + - os: osx + osx_image: xcode11.2 + env: + - TEST="osx openssl" + before_install: + - pip3 install meson ninja + - brew install openssl@1.1 + script: + - PKG_CONFIG_PATH=$(brew --prefix openssl@1.1)/lib/pkgconfig EXTRA_CFLAGS=-Werror ./configure --enable-openssl + - make + - make runtest + - make distclean + - mkdir build && cd build + - cmake -DOPENSSL_ROOT_DIR=$(brew --prefix openssl@1.1) -DENABLE_OPENSSL=ON .. + - make + - make test + - cd .. + - PKG_CONFIG_PATH=$(brew --prefix openssl@1.1)/lib/pkgconfig meson setup --werror -Dcrypto-library=openssl builddir + - meson compile -C builddir + - meson test -v -C builddir + + # osx build with nss + - os: osx + osx_image: xcode11.2 + env: + - TEST="osx nss" + before_install: + - pip3 install meson ninja + script: + - PKG_CONFIG_PATH=$(brew --prefix nss)/lib/pkgconfig EXTRA_CFLAGS=-Werror ./configure --enable-nss + - make + - make runtest + - PKG_CONFIG_PATH=$(brew --prefix nss)/lib/pkgconfig meson setup --werror -Dcrypto-library=nss builddir + - meson compile -C builddir + - meson test -v -C builddir + + # osx build for Apple Silicon + - os: osx + osx_image: xcode12u + env: + - TEST="osx Apple Silicon" + script: + - mkdir build && cd build + - cmake "-DCMAKE_OSX_ARCHITECTURES=arm64;x86_64" .. + - make + - lipo -info srtp_driver + - make test + # code format check - os: linux @@ -73,25 +218,8 @@ matrix: script: - CLANG_FORMAT=clang-format-3.9 ./format.sh -d - # valgrind - - os: linux - env: - - TEST="valgrind (openssl)" - addons: - apt: - sources: - - ubuntu-toolchain-r-test - packages: - - gcc-6 - - valgrind - script: - - CC=gcc-6 ./configure --enable-openssl - - make - - make runtest-valgrind - # big-endian - os: linux - sudo: true env: - TEST="big-endian" services: @@ -105,13 +233,48 @@ matrix: - sudo docker run --volume $(pwd):/src --workdir /src --name mipsX --tty --detach ubuntu:16.04 tail - sudo docker exec --tty mipsX apt-get update - sudo docker exec --tty mipsX apt-get install build-essential -y - - sudo docker exec --tty mipsX apt-get install gcc-mips-linux-gnu -y + - sudo docker exec --tty mipsX apt-get install qemu-user-static qemu-system-mips gcc-mips-linux-gnu python3-pip -y + - sudo docker exec --tty mipsX pip3 install meson==0.56.2 ninja script: - sudo docker exec --tty mipsX bash -c 'EXTRA_CFLAGS=-static CC=mips-linux-gnu-gcc ./configure --host=mips-linux-gnu' - sudo docker exec --tty mipsX make - - sudo docker kill mipsX - file test/srtp_driver - make runtest + - | + cat > mips-cross-file.txt < uwp-amd64-cross-file.txt < uwp-arm64-cross-file.txt < android-cross-file.txt < ios-cross-file.txt <= 3.52. + +#521 - Remove references to dtls from libsrtp. + +#520 - Use nss based hmac when nss enabled. + +#519 - Move selftest vectors form backends to common files. + +#515 - Extend cmake support. + +#514 - Fix gcc11 warning by defining output length. + +#502 - Remove visual studio build files. + +#501 - cmake: Set the VERSION property of the srtp2 library. + +#500 - Fixed issue #499 with buffer overflow. + +#498 - Feature/additional error checks. + +#496 - Rework check for OPENSSL_cleanse(). + +#492 - Avoid non-existing compiler flag -O4. + +#491 - Fix two-byte RTP header extension encryption. + +#478 - Modify cmake to install crypto_types.h instead of cipher_types.h + +2.3.0 + +Major changes + +A fuzzer was added to the project based on libFuzzer. This is run as part of Google oss-fuzz, the current status can be found at https://oss-fuzz-build-logs.storage.googleapis.com/index.html#libsrtp . Details available in PR #442 and issue #393. + +CMake support was added as an alternative build system. This was primarily added to replace the Visual Studio project files currently checked in but has been extend to support building on all platforms. Initial PR #449 and #455 but has been support has been continuously improved. + +NSS support for crypto backend was added. This is can be used as an alternative to openssl. Initial PR #413 but there has been numerous improvements. + +Other changes + +PR #474 - Add flag to disable pcap dependency when build test apps. + +PR #472 - Add ci builds for ios and android. + +PR #463 - problem on srtp_aes_icm_openssl_encrypt. + +PR #471 - Allow the pcap file to be read from a physical file. + +PR #457 - Fix docs crypto_policy_* -> srtp_crypto_policy_* . + +PR #452 - crypto/cipher: Reset the EVP_CIPHER_CTX structure before each test. + +PR #444 - Extend rtp_ecoder to support RTCP and multiplexed SSRC's. + +PR #443 - rtp_decoder avoid crash when no packets found. + +PR #429 - Rand for test only. + +PR #421 - Fix GCM IV logging. + +PR #415 - Fixes unaligned trailer access. + +PR #414 - Detect and handle broken "OPENSSL_cleanse". + +2.2.0 Major changes diff --git a/libs/srtp/CMakeLists.txt b/libs/srtp/CMakeLists.txt new file mode 100644 index 0000000000..f12b9f0adf --- /dev/null +++ b/libs/srtp/CMakeLists.txt @@ -0,0 +1,348 @@ +cmake_minimum_required(VERSION 3.12) + +project(libsrtp2 VERSION 2.4.0 LANGUAGES C) + +set(PACKAGE_VERSION ${CMAKE_PROJECT_VERSION}) +set(PACKAGE_STRING "${CMAKE_PROJECT_NAME} ${CMAKE_PROJECT_VERSION}") + +list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake) + +include(TestBigEndian) +include(CheckIncludeFile) +include(CheckFunctionExists) +include(CheckTypeSize) +include(CheckCSourceCompiles) + +test_big_endian(WORDS_BIGENDIAN) + +if (NOT APPLE AND CMAKE_SYSTEM_PROCESSOR MATCHES "(x86)|(X86)|(amd64)|(AMD64)") + set (HAVE_X86 TRUE) +else () + set (HAVE_X86 FALSE) +endif () + +check_include_file(arpa/inet.h HAVE_ARPA_INET_H) +check_include_file(byteswap.h HAVE_BYTESWAP_H) +check_include_file(inttypes.h HAVE_INTTYPES_H) +check_include_file(machine/types.h HAVE_MACHINE_TYPES_H) +check_include_file(netinet/in.h HAVE_NETINET_IN_H) +check_include_file(stdint.h HAVE_STDINT_H) +check_include_file(stdlib.h HAVE_STDLIB_H) +check_include_file(sys/int_types.h HAVE_SYS_INT_TYPES_H) +check_include_file(sys/socket.h HAVE_SYS_SOCKET_H) +check_include_file(sys/types.h HAVE_SYS_TYPES_H) +check_include_file(unistd.h HAVE_UNISTD_H) +check_include_file(windows.h HAVE_WINDOWS_H) +check_include_file(winsock2.h HAVE_WINSOCK2_H) + +check_function_exists(sigaction HAVE_SIGACTION) +check_function_exists(inet_aton HAVE_INET_ATON) +check_function_exists(usleep HAVE_USLEEP) + +check_type_size(uint8_t UINT8_T) +check_type_size(uint16_t UINT16_T) +check_type_size(uint32_t UINT32_T) +check_type_size(uint64_t UINT64_T) +check_type_size(int32_t INT32_T) +check_type_size("unsigned long" SIZEOF_UNSIGNED_LONG) +check_type_size("unsigned long long" SIZEOF_UNSIGNED_LONG_LONG) + +check_c_source_compiles("inline void func(); void func() { } int main() { func(); return 0; }" HAVE_INLINE) +if(NOT HAVE_INLINE) + check_c_source_compiles("__inline void func(); void func() { } int main() { func(); return 0; }" HAVE___INLINE) +endif() + +set(ENABLE_DEBUG_LOGGING OFF CACHE BOOL "Enable debug logging in all modules") +set(ERR_REPORTING_STDOUT OFF CACHE BOOL "Enable logging to stdout") +set(ERR_REPORTING_FILE "" CACHE FILEPATH "Use file for logging") +set(ENABLE_OPENSSL OFF CACHE BOOL "Enable OpenSSL crypto engine") +set(ENABLE_MBEDTLS OFF CACHE BOOL "Enable MbedTLS crypto engine") +set(ENABLE_NSS OFF CACHE BOOL "Enable NSS crypto engine") +set(TEST_APPS ON CACHE BOOL "Build test applications") +set(BUILD_WITH_SANITIZERS OFF CACHE BOOL "Adds sanitizer flags to compiler") +option(BUILD_SHARED_LIBS "Build shared library" OFF) + +if(ENABLE_OPENSSL OR ENABLE_MBEDTLS OR ENABLE_NSS) + set(USE_EXTERNAL_CRYPTO TRUE) +else() + set(USE_EXTERNAL_CRYPTO FALSE) +endif() + +if(ENABLE_OPENSSL) + if(ENABLE_NSS OR ENABLE_MBEDTLS) + message(FATAL_ERROR "ssl conflict. can not enable openssl and mbedtls or nss simultaneously.") + endif() + find_package(OpenSSL REQUIRED) + set(OPENSSL ${ENABLE_OPENSSL} CACHE BOOL INTERNAL) + set(GCM ${ENABLE_OPENSSL} CACHE BOOL INTERNAL) +endif() + +if(ENABLE_MBEDTLS) + if(ENABLE_OPENSSL OR ENABLE_NSS) + message(FATAL_ERROR "ssl conflict. can not enable mbedtls and openssl or nss simultaneously.") + endif() + find_package(MbedTLS REQUIRED) + set(MBEDTLS ${ENABLE_MBEDTLS} CACHE BOOL INTERNAL) + set(GCM ${ENABLE_MBEDTLS} CACHE BOOL INTERNAL) +endif() + +if(ENABLE_NSS) + if(ENABLE_OPENSSL OR ENABLE_MBEDTLS) + message(FATAL_ERROR "ssl conflict. can not enable nss and openssl or mbedtls simultaneously.") + endif() + find_package(NSS REQUIRED) + set(NSS ${ENABLE_NSS} CACHE BOOL INTERNAL) + set(GCM ${ENABLE_NSS} CACHE BOOL INTERNAL) +endif() + +set(CONFIG_FILE_DIR ${CMAKE_CURRENT_BINARY_DIR}) +include_directories(${CONFIG_FILE_DIR}) + +configure_file(config_in_cmake.h ${CONFIG_FILE_DIR}/config.h) +add_definitions(-DHAVE_CONFIG_H) + +if(BUILD_WITH_SANITIZERS AND NOT WIN32) + if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") + set(SANITIZERS address,undefined) + else() + set(SANITIZERS leak,address,undefined) + endif() + message(STATUS "Using sanitizers: ${SANITIZERS}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-omit-frame-pointer -fsanitize=${SANITIZERS}") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-omit-frame-pointer -fsanitize=${SANITIZERS}") + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fno-omit-frame-pointer -fsanitize=${SANITIZERS}") + set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -fno-omit-frame-pointer -fsanitize=${SANITIZERS}") + set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -fno-omit-frame-pointer -fsanitize=${SANITIZERS}") +endif() + +set(SOURCES_C + srtp/srtp.c +) + +set(CIPHERS_SOURCES_C + crypto/cipher/cipher.c + crypto/cipher/cipher_test_cases.c + crypto/cipher/cipher_test_cases.h + crypto/cipher/null_cipher.c +) + +if(ENABLE_OPENSSL) + list(APPEND CIPHERS_SOURCES_C + crypto/cipher/aes_icm_ossl.c + crypto/cipher/aes_gcm_ossl.c + ) +elseif(ENABLE_MBEDTLS) + list(APPEND CIPHERS_SOURCES_C + crypto/cipher/aes_icm_mbedtls.c + crypto/cipher/aes_gcm_mbedtls.c + ) +elseif(ENABLE_NSS) + list(APPEND CIPHERS_SOURCES_C + crypto/cipher/aes_icm_nss.c + crypto/cipher/aes_gcm_nss.c + ) +else() + list(APPEND CIPHERS_SOURCES_C + crypto/cipher/aes.c + crypto/cipher/aes_icm.c + ) +endif() + +set(HASHES_SOURCES_C + crypto/hash/auth.c + crypto/hash/auth_test_cases.c + crypto/hash/auth_test_cases.h + crypto/hash/null_auth.c +) + +if(ENABLE_OPENSSL) + list(APPEND HASHES_SOURCES_C + crypto/hash/hmac_ossl.c + ) +elseif(ENABLE_MBEDTLS) + list(APPEND HASHES_SOURCES_C + crypto/hash/hmac_mbedtls.c + ) +elseif(ENABLE_NSS) + list(APPEND HASHES_SOURCES_C + crypto/hash/hmac_nss.c + ) +else() + list(APPEND HASHES_SOURCES_C + crypto/hash/hmac.c + crypto/hash/sha1.c + ) +endif() + +set(KERNEL_SOURCES_C + crypto/kernel/alloc.c + crypto/kernel/crypto_kernel.c + crypto/kernel/err.c + crypto/kernel/key.c +) + +set(MATH_SOURCES_C + crypto/math/datatypes.c +) + +set(REPLAY_SOURCES_C + crypto/replay/rdb.c + crypto/replay/rdbx.c +) + +set(SOURCES_H + crypto/include/aes.h + crypto/include/aes_icm.h + crypto/include/alloc.h + crypto/include/auth.h + crypto/include/cipher.h + crypto/include/cipher_types.h + crypto/include/crypto_kernel.h + crypto/include/crypto_types.h + crypto/include/datatypes.h + crypto/include/err.h + crypto/include/hmac.h + crypto/include/integers.h + crypto/include/key.h + crypto/include/null_auth.h + crypto/include/null_cipher.h + crypto/include/rdb.h + crypto/include/rdbx.h + crypto/include/sha1.h + include/srtp.h + include/srtp_priv.h + ${CONFIG_FILE_DIR}/config.h +) + +if(BUILD_SHARED_LIBS AND WIN32) + list(APPEND SOURCES_C + srtp.def + ) +endif() + +source_group("src" FILES ${SOURCES_C}) +source_group("src\\Ciphers" FILES ${CIPHERS_SOURCES_C}) +source_group("src\\Hashes" FILES ${HASHES_SOURCES_C}) +source_group("src\\Kernel" FILES ${KERNEL_SOURCES_C}) +source_group("src\\Math" FILES ${MATH_SOURCES_C}) +source_group("src\\Replay" FILES ${REPLAY_SOURCES_C}) +source_group("include" FILES ${SOURCES_H}) + +add_library(srtp2 + ${SOURCES_C} + ${CIPHERS_SOURCES_C} + ${HASHES_SOURCES_C} + ${KERNEL_SOURCES_C} + ${MATH_SOURCES_C} + ${REPLAY_SOURCES_C} + ${SOURCES_H} +) + +set_target_properties(srtp2 PROPERTIES VERSION ${CMAKE_PROJECT_VERSION}) + +target_include_directories(srtp2 PUBLIC crypto/include include) +if(ENABLE_OPENSSL) + target_include_directories(srtp2 PRIVATE ${OPENSSL_INCLUDE_DIR}) + target_link_libraries(srtp2 OpenSSL::Crypto) +elseif(ENABLE_MBEDTLS) + target_include_directories(srtp2 PRIVATE ${MBEDTLS_INCLUDE_DIRS}) + target_link_libraries(srtp2 ${MBEDTLS_LIBRARIES}) +elseif(ENABLE_NSS) + target_include_directories(srtp2 PRIVATE ${NSS_INCLUDE_DIRS}) + target_link_libraries(srtp2 ${NSS_LIBRARIES}) +endif() +if(WIN32) + target_link_libraries(srtp2 ws2_32) + target_compile_definitions(srtp2 PUBLIC _CRT_SECURE_NO_WARNINGS) +endif() + +install(TARGETS srtp2 DESTINATION lib) +install(FILES include/srtp.h crypto/include/auth.h + crypto/include/cipher.h + crypto/include/crypto_types.h + DESTINATION include/srtp2) + +if(TEST_APPS) + enable_testing() + + if(NOT (BUILD_SHARED_LIBS AND WIN32)) + if(NOT USE_EXTERNAL_CRYPTO) + add_executable(aes_calc crypto/test/aes_calc.c test/getopt_s.c test/util.c) + target_include_directories(aes_calc PRIVATE test) + target_link_libraries(aes_calc srtp2) + add_test(aes_calc_128 aes_calc 000102030405060708090a0b0c0d0e0f + 00112233445566778899aabbccddeeff + 69c4e0d86a7b0430d8cdb78070b4c55a) + add_test(aes_calc_256 aes_calc 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f + 00112233445566778899aabbccddeeff + 8ea2b7ca516745bfeafc49904b496089) + + add_executable(sha1_driver crypto/test/sha1_driver.c test/util.c) + target_include_directories(sha1_driver PRIVATE test) + target_link_libraries(sha1_driver srtp2) + add_test(sha1_driver sha1_driver -v) + endif() + + add_executable(datatypes_driver crypto/test/datatypes_driver.c test/util.c) + target_include_directories(datatypes_driver PRIVATE test) + target_link_libraries(datatypes_driver srtp2) + add_test(datatypes_driver datatypes_driver -v) + + add_executable(cipher_driver crypto/test/cipher_driver.c test/getopt_s.c) + target_include_directories(cipher_driver PRIVATE test) + target_link_libraries(cipher_driver srtp2) + add_test(cipher_driver cipher_driver -v) + + add_executable(kernel_driver crypto/test/kernel_driver.c test/getopt_s.c) + target_include_directories(kernel_driver PRIVATE test) + target_link_libraries(kernel_driver srtp2) + add_test(kernel_driver kernel_driver -v) + + add_executable(rdbx_driver test/rdbx_driver.c test/getopt_s.c test/ut_sim.c) + target_include_directories(rdbx_driver PRIVATE test) + target_link_libraries(rdbx_driver srtp2) + add_test(rdbx_driver rdbx_driver -v) + + add_executable(replay_driver test/replay_driver.c test/ut_sim.c) + target_include_directories(replay_driver PRIVATE test) + target_link_libraries(replay_driver srtp2) + add_test(replay_driver replay_driver -v) + + add_executable(roc_driver test/roc_driver.c test/ut_sim.c) + target_include_directories(roc_driver PRIVATE test) + target_link_libraries(roc_driver srtp2) + add_test(roc_driver roc_driver -v) + endif() + + add_executable(srtp_driver test/srtp_driver.c + test/util.c test/getopt_s.c) + target_link_libraries(srtp_driver srtp2) + add_test(srtp_driver srtp_driver -v) + + if(NOT (BUILD_SHARED_LIBS AND WIN32)) + add_executable(test_srtp test/test_srtp.c) + if(ENABLE_OPENSSL) + target_include_directories(test_srtp PRIVATE ${OPENSSL_INCLUDE_DIR}) + elseif(ENABLE_MBEDTLS) + target_include_directories(test_srtp PRIVATE ${MBEDTLS_INCLUDE_DIRS}) + elseif(ENABLE_NSS) + target_include_directories(test_srtp PRIVATE ${NSS_INCLUDE_DIRS}) + endif() + target_link_libraries(test_srtp srtp2) + add_test(test_srtp test_srtp) + endif() + + find_program(BASH_PROGRAM bash) + if(BASH_PROGRAM AND NOT WIN32) + add_executable(rtpw test/rtpw.c test/rtp.c test/util.c test/getopt_s.c) + target_link_libraries(rtpw srtp2) + add_test(NAME rtpw_test + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/test/rtpw_test.sh -w ${CMAKE_CURRENT_SOURCE_DIR}/test/words.txt + WORKING_DIRECTORY ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}) + if(GCM) + add_test(NAME rtpw_test_gcm + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/test/rtpw_test_gcm.sh -w ${CMAKE_CURRENT_SOURCE_DIR}/test/words.txt + WORKING_DIRECTORY ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}) + endif() + endif() +endif() diff --git a/libs/srtp/CODEOWNERS b/libs/srtp/CODEOWNERS new file mode 100644 index 0000000000..79fbd2c8c0 --- /dev/null +++ b/libs/srtp/CODEOWNERS @@ -0,0 +1,3 @@ +# Meson build file maintainers +meson.build @nirbheek @tp-m @xhaakon +meson_options.txt @nirbheek @tp-m @xhaakon diff --git a/libs/srtp/Makefile.am b/libs/srtp/Makefile.am index caff627c76..441f3ff9b1 100644 --- a/libs/srtp/Makefile.am +++ b/libs/srtp/Makefile.am @@ -9,18 +9,24 @@ HMAC_OBJS = @HMAC_OBJS@ AES_ICM_OBJS = @AES_ICM_OBJS@ lib_LTLIBRARIES = libsrtp.la -libsrtp_la_SOURCES = srtp/srtp.c srtp/ekt.c crypto/cipher/cipher.c crypto/cipher/null_cipher.c \ +libsrtp_la_SOURCES = srtp/srtp.c crypto/cipher/cipher.c crypto/cipher/null_cipher.c \ crypto/hash/null_auth.c crypto/hash/auth.c \ - crypto/math/datatypes.c crypto/math/stat.c \ + crypto/math/datatypes.c \ crypto/kernel/crypto_kernel.c crypto/kernel/alloc.c \ crypto/kernel/key.c \ crypto/kernel/err.c \ - crypto/replay/rdb.c crypto/replay/rdbx.c crypto/replay/ut_sim.c + crypto/replay/rdb.c crypto/replay/rdbx.c \ + crypto/cipher/cipher_test_cases.c crypto/hash/auth_test_cases.c -libsrtp_la_LDFLAGS = -version-info 1:42:1 +libsrtp_la_LDFLAGS = -version-info 2:4:0 EXTRA_DIST= +if GCM +AM_CPPFLAGS += -DGCM +AM_CFLAGS += -DGCM +endif + if ENABLE_OPENSSL libsrtp_la_SOURCES += crypto/cipher/aes_icm_ossl.c crypto/cipher/aes_gcm_ossl.c libsrtp_la_SOURCES += crypto/hash/hmac_ossl.c @@ -29,18 +35,14 @@ libsrtp_la_SOURCES += crypto/hash/sha1.c crypto/hash/hmac.c libsrtp_la_SOURCES += crypto/cipher/aes_icm.c crypto/cipher/aes.c endif -if GDOI -libsrtp_la_SOURCES += gdoi/srtp+gdoi.c -endif - library_includedir = $(prefix)/include/srtp -library_include_HEADERS = include/srtp.h include/ut_sim.h crypto/include/auth.h \ +library_include_HEADERS = include/srtp.h crypto/include/auth.h \ crypto/include/cipher_types.h \ crypto/include/datatypes.h crypto/include/integers.h crypto/include/null_cipher.h \ crypto/include/rdbx.h crypto/include/aes_icm.h crypto/include/cipher.h crypto/include/crypto_types.h \ crypto/include/err.h crypto/include/sha1.h \ crypto/include/aes.h crypto/include/config.h crypto/include/key.h \ - crypto/include/stat.h crypto/include/alloc.h crypto/include/crypto_kernel.h \ + crypto/include/alloc.h crypto/include/crypto_kernel.h \ crypto/include/hmac.h crypto/include/null_auth.h crypto/include/rdb.h pkgconfigdir = $(libdir)/pkgconfig diff --git a/libs/srtp/README.md b/libs/srtp/README.md index 3f1e5bbfde..b7072414b1 100644 --- a/libs/srtp/README.md +++ b/libs/srtp/README.md @@ -1,5 +1,7 @@ +[![CMake Build](https://github.com/cisco/libsrtp/actions/workflows/cmake.yml/badge.svg)](https://github.com/cisco/libsrtp/actions/workflows/cmake.yml) [![Build Status](https://travis-ci.org/cisco/libsrtp.svg?branch=master)](https://travis-ci.org/cisco/libsrtp) [![Coverity Scan Build Status](https://scan.coverity.com/projects/14274/badge.svg)](https://scan.coverity.com/projects/cisco-libsrtp) +[![OSS-Fuzz Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/systemd.svg)](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#libsrtp) # Introduction to libSRTP @@ -12,10 +14,10 @@ and the library is in libsrtp2.a (after compilation). This document describes libSRTP, the Open Source Secure RTP library from Cisco Systems, Inc. RTP is the Real-time Transport Protocol, an IETF standard for the transport of real-time data such as telephony, -audio, and video, defined by [RFC 3550](https://www.ietf.org/rfc/rfc3550.txt). +audio, and video, defined by [RFC 3550](https://tools.ietf.org/html/rfc3550). Secure RTP (SRTP) is an RTP profile for providing confidentiality to RTP data and authentication to the RTP header and payload. SRTP is an IETF Standard, -defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt), and was developed +defined in [RFC 3711](https://tools.ietf.org/html/rfc3711), and was developed in the IETF Audio/Video Transport (AVT) Working Group. This library supports all of the mandatory features of SRTP, but not all of the optional features. See the [Supported Features](#supported-features) section for more detailed information. @@ -31,7 +33,7 @@ because it does its work behind the scenes. -------------------------------------------------------------------------------- - + # Contact Us - [libsrtp@lists.packetizer.com](mailto:libsrtp@lists.packetizer.com) general mailing list for news / announcements / discussions. This is an open list, see @@ -46,7 +48,7 @@ because it does its work behind the scenes. ## Contents - [Introduction to libSRTP](#introduction-to-libsrtp) - - [Contact Us](#contact) +- [Contact Us](#contact-us) - [Contents](#contents) - [License and Disclaimer](#license-and-disclaimer) - [libSRTP Overview](#libsrtp-overview) @@ -55,6 +57,7 @@ because it does its work behind the scenes. - [Implementation Notes](#implementation-notes) - [Installing and Building libSRTP](#installing-and-building-libsrtp) - [Changing Build Configuration](#changing-build-configuration) + - [Using Visual Studio](#using-visual-studio) - [Applications](#applications) - [Example Code](#example-code) - [Credits](#credits) @@ -137,16 +140,16 @@ can also be linked together to form an entire session policy. A linked list of `srtp_policy_t` structures is equivalent to a session policy. In such a policy, we refer to a single `srtp_policy_t` as an *element*. -An `srtp_policy_t` strucutre contains two `crypto_policy_t` structures +An `srtp_policy_t` structure contains two `srtp_crypto_policy_t` structures that describe the cryptograhic policies for RTP and RTCP, as well as the SRTP master key and the SSRC value. The SSRC describes what to -protect (e.g. which stream), and the `crypto_policy_t` structures +protect (e.g. which stream), and the `srtp_crypto_policy_t` structures describe how to protect it. The key is contained in a policy element because it simplifies the interface to the library. In many cases, it is desirable to use the same cryptographic policies across all of the streams in a session, but to use a distinct key for each stream. A -`crypto_policy_t` structure can be initialized by using either the -`crypto_policy_set_rtp_default()` or `crypto_policy_set_rtcp_default()` +`srtp_crypto_policy_t` structure can be initialized by using either the +`srtp_crypto_policy_set_rtp_default()` or `srtp_crypto_policy_set_rtcp_default()` functions, which set a crypto policy structure to the default policies for RTP and RTCP protection, respectively. @@ -195,7 +198,7 @@ in which a key is used for both inbound and outbound data. ## Supported Features This library supports all of the mandatory-to-implement features of -SRTP (as defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt)). Some of these +SRTP (as defined in [RFC 3711](https://tools.ietf.org/html/rfc3711)). Some of these features can be selected (or de-selected) at run time by setting an appropriate policy; this is done using the structure `srtp_policy_t`. Some other behaviors of the protocol can be adapted by defining an @@ -212,7 +215,7 @@ supported. This includes The user should be aware that it is possible to misuse this libary, and that the result may be that the security level it provides is inadequate. If you are implementing a feature using this library, you -will want to read the Security Considerations section of [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt). +will want to read the Security Considerations section of [RFC 3711](https://tools.ietf.org/html/rfc3711#section-9). In addition, it is important that you read and understand the terms outlined in the [License and Disclaimer](#license-and-disclaimer) section. @@ -313,6 +316,56 @@ brew install automake pkgconfig autoremake -ivf ``` +-------------------------------------------------------------------------------- + +## Using Visual Studio + +On Windows one can use Visual Studio via CMake. CMake can be downloaded here: +https://cmake.org/ . To create Visual Studio build files, for example run the +following commands: + +``` +# Create build subdirectory +mkdir build +cd build + +# Make project files +cmake .. -G "Visual Studio 15 2017" + +# Or for 64 bit project files +cmake .. -G "Visual Studio 15 2017 Win64" +``` + +-------------------------------------------------------------------------------- + +## Using Meson + +On all platforms including Windows, one can build using [Meson](https://mesonbuild.org). +Steps to download Meson are here: https://mesonbuild.com/Getting-meson.html + +To build with Meson, you can do something like: + +``` +# Setup the build subdirectory +meson setup --prefix=/path/to/prefix builddir + +# Build the project +meson compile -C builddir + +# Run tests +meson test -C builddir + +# Optionally, install +meson install -C builddir +``` + +To build with Visual Studio, run the above commands from inside a Visual Studio +command prompt, or run `vcvarsall.bat` with the appropriate arguments inside +a Command Prompt. + +Note that you can also replace the above commands with the appropriate `ninja` +targets: `ninja -C build`, `ninja -C build test`, `ninja -C build install`. + -------------------------------------------------------------------------------- @@ -425,8 +478,8 @@ srtp_init(); memset(&policy, 0x0, sizeof(srtp_policy_t)); // set policy to describe a policy for an SRTP stream -crypto_policy_set_rtp_default(&policy.rtp); -crypto_policy_set_rtcp_default(&policy.rtcp); +srtp_crypto_policy_set_rtp_default(&policy.rtp); +srtp_crypto_policy_set_rtcp_default(&policy.rtcp); policy.ssrc = ssrc; policy.key = key; policy.next = NULL; @@ -475,13 +528,13 @@ Copyright 2001-2005 by David A. McGrew, Cisco Systems, Inc. SRTP and ICM References September, 2005 -Secure RTP is defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt). -The counter mode definition is in Section 4.1.1. +Secure RTP is defined in [RFC 3711](https://tools.ietf.org/html/rfc3711). +The counter mode definition is in [Section 4.1.1](https://tools.ietf.org/html/rfc3711#section-4.1.1). SHA-1 is defined in [FIPS PUB 180-4](http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf). -HMAC is defined in [RFC 2104](https://www.ietf.org/rfc/rfc2104.txt) +HMAC is defined in [RFC 2104](https://tools.ietf.org/html/rfc2104) and HMAC-SHA1 test vectors are available -in [RFC 2202](https://www.ietf.org/rfc/rfc2202.txt). +in [RFC 2202](https://tools.ietf.org/html/rfc2202#section-3). -AES-GCM usage in SRTP is defined in [RFC 7714](https://www.ietf.org/html/rfc7714) +AES-GCM usage in SRTP is defined in [RFC 7714](https://tools.ietf.org/html/rfc7714) diff --git a/libs/srtp/cmake/FindMbedTLS.cmake b/libs/srtp/cmake/FindMbedTLS.cmake new file mode 100644 index 0000000000..b3ed046b69 --- /dev/null +++ b/libs/srtp/cmake/FindMbedTLS.cmake @@ -0,0 +1,38 @@ +find_path(MBEDTLS_INCLUDE_DIRS mbedtls/ssl.h) + +find_library(MBEDTLS_LIBRARY mbedtls) +find_library(MBEDX509_LIBRARY mbedx509) +find_library(MBEDCRYPTO_LIBRARY mbedcrypto) + +set(MBEDTLS_LIBRARIES "${MBEDTLS_LIBRARY}" "${MBEDX509_LIBRARY}" "${MBEDCRYPTO_LIBRARY}") + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(MbedTLS DEFAULT_MSG + MBEDTLS_LIBRARY MBEDTLS_INCLUDE_DIRS MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) + +mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) + +if(NOT TARGET MbedTLS) + message("in mbedtls ${MBEDTLS_LIBRARY}") + add_library(MbedTLS UNKNOWN IMPORTED) + set_target_properties(MbedTLS PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INCLUDE_DIRS}" + IMPORTED_LINK_INTERFACE_LANGUAGES "C" + IMPORTED_LOCATION "${MBEDTLS_LIBRARY}") +endif() + +if(NOT TARGET MbedCrypto) + add_library(MbedCrypto UNKNOWN IMPORTED) + set_target_properties(MbedCrypto PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INCLUDE_DIRS}" + IMPORTED_LINK_INTERFACE_LANGUAGES "C" + IMPORTED_LOCATION "${MBEDCRYPTO_LIBRARY}") +endif() + +if(NOT TARGET MbedX509) + add_library(MbedX509 UNKNOWN IMPORTED) + set_target_properties(MbedX509 PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INCLUDE_DIRS}" + IMPORTED_LINK_INTERFACE_LANGUAGES "C" + IMPORTED_LOCATION "${MBEDX509_LIBRARY}") +endif() diff --git a/libs/srtp/cmake/FindNSS.cmake b/libs/srtp/cmake/FindNSS.cmake new file mode 100644 index 0000000000..716616bd01 --- /dev/null +++ b/libs/srtp/cmake/FindNSS.cmake @@ -0,0 +1,15 @@ +find_path(NSS_INCLUDE_DIR nss/nss.h) +find_path(NSPR_INCLUDE_DIR nspr/nspr.h) + +set(NSS_INCLUDE_DIRS "${NSS_INCLUDE_DIR}/nss" "${NSPR_INCLUDE_DIR}/nspr") + +find_library(NSS3_LIBRARY nss3) +find_library(NSPR4_LIBRARY nspr4) + +set(NSS_LIBRARIES "${NSS3_LIBRARY}" "${NSPR4_LIBRARY}") + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(NSS DEFAULT_MSG + NSS3_LIBRARY NSS_INCLUDE_DIR NSPR4_LIBRARY NSPR_INCLUDE_DIR) + +mark_as_advanced(NSS_INCLUDE_DIR NSPR_INCLUDE_DIR NSS3_LIBRARY NSPR4_LIBRARY) diff --git a/libs/srtp/config.hw b/libs/srtp/config.hw index 44dba2a2d5..f49618baa9 100644 --- a/libs/srtp/config.hw +++ b/libs/srtp/config.hw @@ -1,184 +1,121 @@ -/* crypto/include/config.h. Generated by configure. */ -/* config_in.h. Generated from configure.in by autoheader. */ - -#if (_MSC_VER >= 1400) -# define HAVE_RAND_S 1 -# define _CRT_RAND_S -#endif - -/* Define if building for a CISC machine (e.g. Intel). */ -#define CPU_CISC 1 - -/* Define if building for a RISC machine (assume slow byte access). */ -/* #undef CPU_RISC */ - -/* Define to enabled debug logging for all mudules. */ -#undef ENABLE_DEBUG_LOGGING - -/* Logging statments will be writen to this file. */ -/* #undef ERR_REPORTING_FILE */ - -/* Define to redirect logging to stdout. */ -#undef ERR_REPORTING_STDOUT - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_ARPA_INET_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_BYTESWAP_H */ - -/* Define to 1 if you have the `inet_aton' function. */ -/* #undef HAVE_INET_ATON */ - -/* Define to 1 if the system has the type `int16_t'. */ -#define HAVE_INT16_T 1 - -/* Define to 1 if the system has the type `int32_t'. */ -#define HAVE_INT32_T 1 - -/* Define to 1 if the system has the type `int8_t'. */ -#define HAVE_INT8_T 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_INTTYPES_H */ - -/* Define to 1 if you have the `socket' library (-lsocket). */ -/* #undef HAVE_LIBSOCKET */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_MACHINE_TYPES_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_MEMORY_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NETINET_IN_H */ - -/* Define to 1 if you have the `socket' function. */ -/* #undef HAVE_SOCKET */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_STDINT_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_STDLIB_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STRINGS_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STRING_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_INT_TYPES_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_SOCKET_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_STAT_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_TYPES_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_UIO_H */ - -/* Define to 1 if the system has the type `uint16_t'. */ -#define HAVE_UINT16_T 1 - -/* Define to 1 if the system has the type `uint32_t'. */ -#define HAVE_UINT32_T 1 - -/* Define to 1 if the system has the type `uint64_t'. */ -#define HAVE_UINT64_T 1 - -/* Define to 1 if the system has the type `uint8_t'. */ -#define HAVE_UINT8_T 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_UNISTD_H */ - -/* Define to 1 if you have the `usleep' function. */ -/* #undef HAVE_USLEEP */ - -/* Define to 1 if you have the header file. */ -#define HAVE_WINDOWS_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_WINSOCK2_H 1 - -/* Define to use X86 inlined assembly code */ -/* #undef HAVE_X86 */ - -/* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "" - -/* Define to the full name of this package. */ -#define PACKAGE_NAME "" - -/* Define to the full name and version of this package. */ -#define PACKAGE_STRING "" - -/* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "" - -/* Define to the version of this package. */ -#define PACKAGE_VERSION "" - -/* The size of a `unsigned long', as computed by sizeof. */ -#define SIZEOF_UNSIGNED_LONG 4 - -/* The size of a `unsigned long long', as computed by sizeof. */ -#define SIZEOF_UNSIGNED_LONG_LONG 8 - -/* Define to use GDOI. */ -/* #undef SRTP_GDOI */ - -/* Define to compile for kernel contexts. */ -/* #undef SRTP_KERNEL */ - -/* Define to compile for Linux kernel context. */ -/* #undef SRTP_KERNEL_LINUX */ - -/* Define to 1 if you have the ANSI C header files. */ -#define STDC_HEADERS 1 - -/* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ -/* #undef WORDS_BIGENDIAN */ - -/* Define to empty if `const' does not conform to ANSI C. */ -/* #undef const */ - -/* Define 'inline' to nothing, since the MSVC compiler doesn't support it. */ -#ifndef inline -#define inline -#endif - -/* Define to `unsigned' if does not define. */ -/* #undef size_t */ - -#if (_MSC_VER >= 1400) // VC8+ -#ifndef _CRT_SECURE_NO_DEPRECATE -#define _CRT_SECURE_NO_DEPRECATE -#endif -#ifndef _CRT_NONSTDC_NO_DEPRECATE -#define _CRT_NONSTDC_NO_DEPRECATE -#endif -#endif // VC8+ - -#ifndef uint32_t -typedef unsigned __int8 uint8_t; -typedef unsigned __int16 uint16_t; -typedef unsigned __int32 uint32_t; -typedef unsigned __int64 uint64_t; -typedef __int8 int8_t; -typedef __int16 int16_t; -typedef __int32 int32_t; -typedef __int64 int64_t; -#endif - -#ifdef _MSC_VER -#pragma warning(disable:4311) -#endif +/* clang-format off */ + +/* Define to the full name and version of this package. */ +#define PACKAGE_VERSION "2.4.0" + +/* Define to the version of this package. */ +#define PACKAGE_STRING "libsrtp2 2.4.0" + +/* Define to enabled debug logging for all mudules. */ +/* #undef ENABLE_DEBUG_LOGGING */ + +/* Logging statments will be writen to this file. */ +/* #undef ERR_REPORTING_FILE */ + +/* Define to redirect logging to stdout. */ +/* #undef ERR_REPORTING_STDOUT */ + +/* Define this to use OpenSSL crypto. */ +#define OPENSSL 1 + +/* Define this to use MBEDTLS. */ +/* #undef MBEDTLS */ + +/* Define this to use NSS crypto. */ +/* #undef NSS */ + +/* Define this to use AES-GCM. */ +#define GCM 1 + +/* Define if building for a CISC machine (e.g. Intel). */ +#define CPU_CISC 1 + +/* Define if building for a RISC machine (assume slow byte access). */ +/* #undef CPU_RISC */ + +/* Define to use X86 inlined assembly code */ +#define HAVE_X86 1 + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +/* #undef WORDS_BIGENDIAN */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_ARPA_INET_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_BYTESWAP_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_INTTYPES_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_MACHINE_TYPES_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IN_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_INT_TYPES_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_SOCKET_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_UNISTD_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_WINDOWS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_WINSOCK2_H 1 + +/* Define to 1 if you have the `inet_aton' function. */ +/* #undef HAVE_INET_ATON */ + +/* Define to 1 if you have the `sigaction' function. */ +/* #undef HAVE_SIGACTION */ + +/* Define to 1 if you have the `usleep' function. */ +/* #undef HAVE_USLEEP */ + +/* Define to 1 if the system has the type `uint8_t'. */ +#define HAVE_UINT8_T 1 + +/* Define to 1 if the system has the type `uint16_t'. */ +#define HAVE_UINT16_T 1 + +/* Define to 1 if the system has the type `uint32_t'. */ +#define HAVE_UINT32_T 1 + +/* Define to 1 if the system has the type `uint64_t'. */ +#define HAVE_UINT64_T 1 + +/* Define to 1 if the system has the type `int32_t'. */ +#define HAVE_INT32_T 1 + +/* The size of `unsigned long', as computed by sizeof. */ +#define SIZEOF_UNSIGNED_LONG 4 + +/* The size of `unsigned long long', as computed by sizeof. */ +#define SIZEOF_UNSIGNED_LONG_LONG 8 + +/* Define inline to what is supported by compiler */ +#define HAVE_INLINE 1 +/* #undef HAVE___INLINE */ +#ifndef HAVE_INLINE + #ifdef HAVE___INLINE + #define inline __inline + #else + #define inline + #endif +#endif diff --git a/libs/srtp/config.h_win32vc7 b/libs/srtp/config_in.h similarity index 63% rename from libs/srtp/config.h_win32vc7 rename to libs/srtp/config_in.h index 3b2a78c7b1..31e6ffe385 100644 --- a/libs/srtp/config.h_win32vc7 +++ b/libs/srtp/config_in.h @@ -1,18 +1,14 @@ -/* Hacked config.h for Windows XP 32-bit & VC7 */ +/* config_in.h. Generated from configure.ac by autoheader. */ -#ifdef (_MSC_VER >= 1400) -# define HAVE_RAND_S 1 -#endif +/* Define if building universal (internal helper macro) */ +#undef AC_APPLE_UNIVERSAL_BUILD /* Define if building for a CISC machine (e.g. Intel). */ -#define CPU_CISC 1 +#undef CPU_CISC /* Define if building for a RISC machine (assume slow byte access). */ #undef CPU_RISC -/* Path to random device */ -#undef DEV_URANDOM - /* Define to enabled debug logging for all mudules. */ #undef ENABLE_DEBUG_LOGGING @@ -22,6 +18,9 @@ /* Define to redirect logging to stdout. */ #undef ERR_REPORTING_STDOUT +/* Define this to use AES-GCM. */ +#undef GCM + /* Define to 1 if you have the header file. */ #undef HAVE_ARPA_INET_H @@ -29,7 +28,7 @@ #undef HAVE_BYTESWAP_H /* Define to 1 if you have the `inet_aton' function. */ -#define HAVE_INET_ATON 1 +#undef HAVE_INET_ATON /* Define to 1 if the system has the type `int16_t'. */ #undef HAVE_INT16_T @@ -43,32 +42,53 @@ /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H +/* Define to 1 if you have the `dl' library (-ldl). */ +#undef HAVE_LIBDL + +/* Define to 1 if you have the `nspr4' library (-lnspr4). */ +#undef HAVE_LIBNSPR4 + +/* Define to 1 if you have the `nss3' library (-lnss3). */ +#undef HAVE_LIBNSS3 + /* Define to 1 if you have the `socket' library (-lsocket). */ #undef HAVE_LIBSOCKET +/* Define to 1 if you have the `z' library (-lz). */ +#undef HAVE_LIBZ + /* Define to 1 if you have the header file. */ #undef HAVE_MACHINE_TYPES_H /* Define to 1 if you have the header file. */ -#define HAVE_MEMORY_H 1 +#undef HAVE_MEMORY_H /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_IN_H +/* Define to 1 if you have the header file. */ +#undef HAVE_NSS_H + +/* Define to 1 if you have the `winpcap' library (-lwpcap) */ +#undef HAVE_PCAP + +/* Define to 1 if you have the `sigaction' function. */ +#undef HAVE_SIGACTION + /* Define to 1 if you have the `socket' function. */ -#define HAVE_SOCKET 1 +#undef HAVE_SOCKET /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ -#define HAVE_STDLIB_H 1 +#undef HAVE_STDLIB_H /* Define to 1 if you have the header file. */ -#define HAVE_STRINGS_H 1 +#undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ -#define HAVE_STRING_H 1 +#undef HAVE_STRING_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_INT_TYPES_H @@ -89,7 +109,7 @@ #undef HAVE_UINT16_T /* Define to 1 if the system has the type `uint32_t'. */ -#undef HAVE_UINT32_T +#undef HAVE_UINT32_T /* Define to 1 if the system has the type `uint64_t'. */ #undef HAVE_UINT64_T @@ -98,20 +118,32 @@ #undef HAVE_UINT8_T /* Define to 1 if you have the header file. */ -#define HAVE_UNISTD_H 1 +#undef HAVE_UNISTD_H /* Define to 1 if you have the `usleep' function. */ -#define HAVE_USLEEP 1 +#undef HAVE_USLEEP /* Define to 1 if you have the header file. */ -#define HAVE_WINDOWS_H 1 +#undef HAVE_WINDOWS_H /* Define to 1 if you have the header file. */ -#define HAVE_WINSOCK2_H 1 +#undef HAVE_WINSOCK2_H /* Define to use X86 inlined assembly code */ #undef HAVE_X86 +/* Define this to use NSS crypto. */ +#undef NSS + +/* Define this to use OpenSSL crypto. */ +#undef OPENSSL + +/* Define this if OPENSSL_cleanse is broken. */ +#undef OPENSSL_CLEANSE_BROKEN + +/* Define this to use OpenSSL KDF for SRTP. */ +#undef OPENSSL_KDF + /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT @@ -124,39 +156,41 @@ /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME +/* Define to the home page for this package. */ +#undef PACKAGE_URL + /* Define to the version of this package. */ #undef PACKAGE_VERSION -/* The size of a `unsigned long', as computed by sizeof. */ -#define SIZEOF_UNSIGNED_LONG 4 +/* The size of `unsigned long', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_LONG -/* The size of a `unsigned long long', as computed by sizeof. */ -#define SIZEOF_UNSIGNED_LONG_LONG 8 - -/* Define to use GDOI. */ -#undef SRTP_GDOI - -/* Define to compile for kernel contexts. */ -#undef SRTP_KERNEL - -/* Define to compile for Linux kernel context. */ -#undef SRTP_KERNEL_LINUX +/* The size of `unsigned long long', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_LONG_LONG /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS -/* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ -#undef WORDS_BIGENDIAN +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +# undef WORDS_BIGENDIAN +# endif +#endif /* Define to empty if `const' does not conform to ANSI C. */ -//#undef const +#undef const + /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ -//#ifndef __cplusplus -//#undef inline -//#endif -#define inline __inline +#ifndef __cplusplus +#undef inline +#endif -/* Define to `unsigned' if does not define. */ -//#undef size_t +/* Define to `unsigned int' if does not define. */ +#undef size_t diff --git a/libs/srtp/config_in_cmake.h b/libs/srtp/config_in_cmake.h new file mode 100644 index 0000000000..73113471a9 --- /dev/null +++ b/libs/srtp/config_in_cmake.h @@ -0,0 +1,121 @@ +/* clang-format off */ + +/* Define to the full name and version of this package. */ +#cmakedefine PACKAGE_VERSION "@PACKAGE_VERSION@" + +/* Define to the version of this package. */ +#cmakedefine PACKAGE_STRING "@PACKAGE_STRING@" + +/* Define to enabled debug logging for all mudules. */ +#cmakedefine ENABLE_DEBUG_LOGGING 1 + +/* Logging statments will be writen to this file. */ +#cmakedefine ERR_REPORTING_FILE "@ERR_REPORTING_FILE@" + +/* Define to redirect logging to stdout. */ +#cmakedefine ERR_REPORTING_STDOUT 1 + +/* Define this to use OpenSSL crypto. */ +#cmakedefine OPENSSL 1 + +/* Define this to use MBEDTLS. */ +#cmakedefine MBEDTLS 1 + +/* Define this to use NSS crypto. */ +#cmakedefine NSS 1 + +/* Define this to use AES-GCM. */ +#cmakedefine GCM 1 + +/* Define if building for a CISC machine (e.g. Intel). */ +#define CPU_CISC 1 + +/* Define if building for a RISC machine (assume slow byte access). */ +/* #undef CPU_RISC */ + +/* Define to use X86 inlined assembly code */ +#cmakedefine HAVE_X86 1 + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#cmakedefine WORDS_BIGENDIAN 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_ARPA_INET_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_BYTESWAP_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_INTTYPES_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_MACHINE_TYPES_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_NETINET_IN_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STDLIB_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_INT_TYPES_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_SOCKET_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_UNISTD_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_WINDOWS_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_WINSOCK2_H 1 + +/* Define to 1 if you have the `inet_aton' function. */ +#cmakedefine HAVE_INET_ATON 1 + +/* Define to 1 if you have the `sigaction' function. */ +#cmakedefine HAVE_SIGACTION 1 + +/* Define to 1 if you have the `usleep' function. */ +#cmakedefine HAVE_USLEEP 1 + +/* Define to 1 if the system has the type `uint8_t'. */ +#cmakedefine HAVE_UINT8_T 1 + +/* Define to 1 if the system has the type `uint16_t'. */ +#cmakedefine HAVE_UINT16_T 1 + +/* Define to 1 if the system has the type `uint32_t'. */ +#cmakedefine HAVE_UINT32_T 1 + +/* Define to 1 if the system has the type `uint64_t'. */ +#cmakedefine HAVE_UINT64_T 1 + +/* Define to 1 if the system has the type `int32_t'. */ +#cmakedefine HAVE_INT32_T 1 + +/* The size of `unsigned long', as computed by sizeof. */ +@SIZEOF_UNSIGNED_LONG_CODE@ + +/* The size of `unsigned long long', as computed by sizeof. */ +@SIZEOF_UNSIGNED_LONG_LONG_CODE@ + +/* Define inline to what is supported by compiler */ +#cmakedefine HAVE_INLINE 1 +#cmakedefine HAVE___INLINE 1 +#ifndef HAVE_INLINE + #ifdef HAVE___INLINE + #define inline __inline + #else + #define inline + #endif +#endif diff --git a/libs/srtp/configure.ac b/libs/srtp/configure.ac index 288d0e970a..59a3b69437 100644 --- a/libs/srtp/configure.ac +++ b/libs/srtp/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ(2.59) -AC_INIT(srtp, 1.4.2, mcgrew@cisco.com) +AC_INIT(srtp, 2.4.0, mcgrew@cisco.com) AC_CONFIG_AUX_DIR(build) AM_INIT_AUTOMAKE @@ -286,6 +286,7 @@ else HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o" fi AM_CONDITIONAL([ENABLE_OPENSSL],[test "${enable_openssl}" = "yes"]) +AM_CONDITIONAL([GCM],[test "${enable_openssl}" = "yes"]) AC_SUBST(AES_ICM_OBJS) AC_SUBST(HMAC_OBJS) @@ -319,21 +320,9 @@ if test "$enable_console" = "yes"; then fi AC_MSG_RESULT($enable_console) -AC_MSG_CHECKING(whether to use GDOI key management) -AC_ARG_ENABLE(gdoi, - [AS_HELP_STRING([--enable-gdoi], [enable GDOI key management])], - [], enable_gdoi=no) -if test "$enable_gdoi" = "yes"; then - AC_DEFINE(SRTP_GDOI, 1, [Define to use GDOI.]) - GDOI_OBJS=gdoi/srtp+gdoi.o - AC_SUBST(GDOI_OBJS) -fi -AC_MSG_RESULT($enable_gdoi) -AM_CONDITIONAL([GDOI],[test "SRTP_GDOI" = "1"]) - AC_CONFIG_HEADERS(crypto/include/config.h:config_in.h) -AC_OUTPUT(Makefile crypto/Makefile doc/Makefile test/Makefile libsrtp2.pc) +AC_OUTPUT(Makefile crypto/Makefile doc/Makefile libsrtp2.pc) # This is needed when building outside the source dir. AS_MKDIR_P(crypto/cipher) diff --git a/libs/srtp/crypto/Makefile.in b/libs/srtp/crypto/Makefile.in index faaa991a09..8c2c4fabef 100644 --- a/libs/srtp/crypto/Makefile.in +++ b/libs/srtp/crypto/Makefile.in @@ -17,15 +17,34 @@ LIBS = @LIBS@ LDFLAGS = @LDFLAGS@ -L. -L.. COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS) CRYPTOLIB = -lsrtp2 +CRYPTO_LIBDIR = @CRYPTO_LIBDIR@ RANLIB = @RANLIB@ +# Specify how tests should find shared libraries on macOS and Linux +# +# macOS purges DYLD_LIBRARY_PATH when spawning subprocesses, so it's +# not possible to pass this in from the outside; we have to specify +# it for any subprocesses we call. No support for dynamic linked +# tests on Windows. +ifneq ($(strip $(CRYPTO_LIBDIR)),) + ifneq ($(OS),Windows_NT) + UNAME_S = $(shell uname -s) + ifeq ($(UNAME_S),Linux) + FIND_LIBRARIES = LD_LIBRARY_PATH=$(CRYPTO_LIBDIR) + endif + ifeq ($(UNAME_S),Darwin) + FIND_LIBRARIES = DYLD_LIBRARY_PATH=$(CRYPTO_LIBDIR) + endif + endif +endif + # EXE defines the suffix on executables - it's .exe for cygwin, and # null on linux, bsd, and OS X and other OSes. we define this so that # `make clean` will work on the cygwin platform EXE = @EXE@ # Random source. -USE_OPENSSL = @USE_OPENSSL@ +USE_EXTERNAL_CRYPTO = @USE_EXTERNAL_CRYPTO@ ifdef ARCH DEFS += -D$(ARCH)=1 @@ -40,14 +59,14 @@ endif dummy : all runtest # test applications -ifneq (1, $(USE_OPENSSL)) +ifneq (1, $(USE_EXTERNAL_CRYPTO)) AES_CALC = test/aes_calc$(EXE) +SHA1_DRIVER = test/sha1_driver$(EXE) endif testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \ - test/stat_driver$(EXE) test/sha1_driver$(EXE) \ - test/kernel_driver$(EXE) $(AES_CALC) \ - test/env$(EXE) + $(SHA1_DRIVER) test/kernel_driver$(EXE) \ + $(AES_CALC) test/env$(EXE) # data values used to test the aes_calc application for AES-128 k128=000102030405060708090a0b0c0d0e0f @@ -62,17 +81,16 @@ c256=8ea2b7ca516745bfeafc49904b496089 runtest: $(testapp) - test/env$(EXE) # print out information on the build environment + $(FIND_LIBRARIES) test/env$(EXE) # print out information on the build environment @echo "running crypto test applications..." -ifneq (1, $(USE_OPENSSL)) - test `test/aes_calc $(k128) $(p128)` = $(c128) - test `test/aes_calc $(k256) $(p256)` = $(c256) +ifneq (1, $(USE_EXTERNAL_CRYPTO)) + $(FIND_LIBRARIES) test `test/aes_calc $(k128) $(p128)` = $(c128) + $(FIND_LIBRARIES) test `test/aes_calc $(k256) $(p256)` = $(c256) + $(FIND_LIBRARIES) test/sha1_driver$(EXE) -v >/dev/null endif - test/cipher_driver$(EXE) -v >/dev/null - test/datatypes_driver$(EXE) -v >/dev/null - test/stat_driver$(EXE) >/dev/null - test/sha1_driver$(EXE) -v >/dev/null - test/kernel_driver$(EXE) -v >/dev/null + $(FIND_LIBRARIES) test/cipher_driver$(EXE) -v >/dev/null + $(FIND_LIBRARIES) test/datatypes_driver$(EXE) -v >/dev/null + $(FIND_LIBRARIES) test/kernel_driver$(EXE) -v >/dev/null @echo "crypto test applications passed." diff --git a/libs/srtp/crypto/cipher/aes.c b/libs/srtp/crypto/cipher/aes.c index c9cd774201..a2060c53e8 100644 --- a/libs/srtp/crypto/cipher/aes.c +++ b/libs/srtp/crypto/cipher/aes.c @@ -1414,11 +1414,6 @@ static void aes_128_expand_encryption_key(const uint8_t *key, v128_copy_octet_string(&expanded_key->round[0], key); -#if 0 - debug_print(srtp_mod_aes_icm, - "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0])); -#endif - /* loop over round keys */ for (i = 1; i < 11; i++) { /* munge first word of round key */ @@ -1445,11 +1440,6 @@ static void aes_128_expand_encryption_key(const uint8_t *key, expanded_key->round[i].v32[3] = expanded_key->round[i].v32[2] ^ expanded_key->round[i - 1].v32[3]; -#if 0 - debug_print2(srtp_mod_aes_icm, - "expanded key[%d]: %s", i, v128_hex_string(&expanded_key->round[i])); -#endif - /* modify round constant */ rc = gf2_8_shift(rc); } @@ -1469,13 +1459,6 @@ static void aes_256_expand_encryption_key(const unsigned char *key, v128_copy_octet_string(&expanded_key->round[0], key); v128_copy_octet_string(&expanded_key->round[1], key + 16); -#if 0 - debug_print(srtp_mod_aes_icm, - "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0])); - debug_print(srtp_mod_aes_icm, - "expanded key[1]: %s", v128_hex_string(&expanded_key->round[1])); -#endif - /* loop over rest of round keys */ for (i = 2; i < 15; i++) { /* munge first word of round key */ @@ -1515,11 +1498,6 @@ static void aes_256_expand_encryption_key(const unsigned char *key, expanded_key->round[i].v32[3] = expanded_key->round[i].v32[2] ^ expanded_key->round[i - 2].v32[3]; - -#if 0 - debug_print2(srtp_mod_aes_icm, - "expanded key[%d]: %s", i, v128_hex_string(&expanded_key->round[i])); -#endif } } @@ -1796,7 +1774,7 @@ static inline void aes_inv_final_round(v128_t *state, const v128_t *round_key) v128_xor_eq(state, round_key); } -#elif CPU_RISC +#elif defined(CPU_RISC) static inline void aes_round(v128_t *state, const v128_t *round_key) { diff --git a/libs/srtp/crypto/cipher/aes_gcm_mbedtls.c b/libs/srtp/crypto/cipher/aes_gcm_mbedtls.c new file mode 100644 index 0000000000..d7d4b61cdf --- /dev/null +++ b/libs/srtp/crypto/cipher/aes_gcm_mbedtls.c @@ -0,0 +1,412 @@ +/* + * aes_gcm_mbedtls.c + * + * AES Galois Counter Mode + * + * YongCheng Yang + * + */ + +/* + * + * Copyright (c) 2013-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include "aes_gcm.h" +#include "alloc.h" +#include "err.h" /* for srtp_debug */ +#include "crypto_types.h" +#include "cipher_types.h" +#include "cipher_test_cases.h" + +srtp_debug_module_t srtp_mod_aes_gcm = { + 0, /* debugging is off by default */ + "aes gcm mbedtls" /* printable module name */ +}; + +/** + * SRTP IV Formation for AES-GCM + * https://tools.ietf.org/html/rfc7714#section-8.1 + * 0 0 0 0 0 0 0 0 0 0 1 1 + * 0 1 2 3 4 5 6 7 8 9 0 1 + * +--+--+--+--+--+--+--+--+--+--+--+--+ + * |00|00| SSRC | ROC | SEQ |---+ + * +--+--+--+--+--+--+--+--+--+--+--+--+ | + * | + * +--+--+--+--+--+--+--+--+--+--+--+--+ | + * | Encryption Salt |->(+) + * +--+--+--+--+--+--+--+--+--+--+--+--+ | + * | + * +--+--+--+--+--+--+--+--+--+--+--+--+ | + * | Initialization Vector |<--+ + * +--+--+--+--+--+--+--+--+--+--+--+--+ + * + * SRTCP IV Formation for AES-GCM + * https://tools.ietf.org/html/rfc7714#section-9.1 + * + */ + +/* + * For now we only support 8 and 16 octet tags. The spec allows for + * optional 12 byte tag, which may be supported in the future. + */ +#define GCM_IV_LEN 12 +#define GCM_AUTH_TAG_LEN 16 +#define GCM_AUTH_TAG_LEN_8 8 + +#define FUNC_ENTRY() debug_print(srtp_mod_aes_gcm, "%s entry", __func__); +/* + * This function allocates a new instance of this crypto engine. + * The key_len parameter should be one of 28 or 44 for + * AES-128-GCM or AES-256-GCM respectively. Note that the + * key length includes the 14 byte salt value that is used when + * initializing the KDF. + */ +static srtp_err_status_t srtp_aes_gcm_mbedtls_alloc(srtp_cipher_t **c, + int key_len, + int tlen) +{ + FUNC_ENTRY(); + srtp_aes_gcm_ctx_t *gcm; + + debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d", + key_len); + debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen); + + /* + * Verify the key_len is valid for one of: AES-128/256 + */ + if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT && + key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) { + return (srtp_err_status_bad_param); + } + + if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) { + return (srtp_err_status_bad_param); + } + + /* allocate memory a cipher of type aes_gcm */ + *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); + if (*c == NULL) { + return (srtp_err_status_alloc_fail); + } + + gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t)); + if (gcm == NULL) { + srtp_crypto_free(*c); + *c = NULL; + return (srtp_err_status_alloc_fail); + } + + gcm->ctx = + (mbedtls_gcm_context *)srtp_crypto_alloc(sizeof(mbedtls_gcm_context)); + if (gcm->ctx == NULL) { + srtp_crypto_free(gcm); + srtp_crypto_free(*c); + *c = NULL; + return srtp_err_status_alloc_fail; + } + mbedtls_gcm_init(gcm->ctx); + + /* set pointers */ + (*c)->state = gcm; + + /* setup cipher attributes */ + switch (key_len) { + case SRTP_AES_GCM_128_KEY_LEN_WSALT: + (*c)->type = &srtp_aes_gcm_128; + (*c)->algorithm = SRTP_AES_GCM_128; + gcm->key_size = SRTP_AES_128_KEY_LEN; + gcm->tag_len = tlen; + break; + case SRTP_AES_GCM_256_KEY_LEN_WSALT: + (*c)->type = &srtp_aes_gcm_256; + (*c)->algorithm = SRTP_AES_GCM_256; + gcm->key_size = SRTP_AES_256_KEY_LEN; + gcm->tag_len = tlen; + break; + } + + /* set key size */ + (*c)->key_len = key_len; + + return (srtp_err_status_ok); +} + +/* + * This function deallocates a GCM session + */ +static srtp_err_status_t srtp_aes_gcm_mbedtls_dealloc(srtp_cipher_t *c) +{ + srtp_aes_gcm_ctx_t *ctx; + FUNC_ENTRY(); + ctx = (srtp_aes_gcm_ctx_t *)c->state; + if (ctx) { + mbedtls_gcm_free(ctx->ctx); + srtp_crypto_free(ctx->ctx); + /* zeroize the key material */ + octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t)); + srtp_crypto_free(ctx); + } + + /* free memory */ + srtp_crypto_free(c); + + return (srtp_err_status_ok); +} + +static srtp_err_status_t srtp_aes_gcm_mbedtls_context_init(void *cv, + const uint8_t *key) +{ + FUNC_ENTRY(); + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + uint32_t key_len_in_bits; + int errCode = 0; + c->dir = srtp_direction_any; + c->aad_size = 0; + + debug_print(srtp_mod_aes_gcm, "key: %s", + srtp_octet_string_hex_string(key, c->key_size)); + key_len_in_bits = (c->key_size << 3); + switch (c->key_size) { + case SRTP_AES_256_KEY_LEN: + case SRTP_AES_128_KEY_LEN: + break; + default: + return (srtp_err_status_bad_param); + break; + } + + errCode = mbedtls_gcm_setkey(c->ctx, MBEDTLS_CIPHER_ID_AES, + (const unsigned char *)key, key_len_in_bits); + if (errCode != 0) { + debug_print(srtp_mod_aes_gcm, "mbedtls error code: %d", errCode); + return srtp_err_status_init_fail; + } + + return (srtp_err_status_ok); +} + +static srtp_err_status_t srtp_aes_gcm_mbedtls_set_iv( + void *cv, + uint8_t *iv, + srtp_cipher_direction_t direction) +{ + FUNC_ENTRY(); + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + + if (direction != srtp_direction_encrypt && + direction != srtp_direction_decrypt) { + return (srtp_err_status_bad_param); + } + c->dir = direction; + + debug_print(srtp_mod_aes_gcm, "setting iv: %s", + srtp_octet_string_hex_string(iv, GCM_IV_LEN)); + c->iv_len = GCM_IV_LEN; + memcpy(c->iv, iv, c->iv_len); + return (srtp_err_status_ok); +} + +/* + * This function processes the AAD + * + * Parameters: + * c Crypto context + * aad Additional data to process for AEAD cipher suites + * aad_len length of aad buffer + */ +static srtp_err_status_t srtp_aes_gcm_mbedtls_set_aad(void *cv, + const uint8_t *aad, + uint32_t aad_len) +{ + FUNC_ENTRY(); + int errCode = 0; + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + + debug_print(srtp_mod_aes_gcm, "setting AAD: %s", + srtp_octet_string_hex_string(aad, aad_len)); + + if (aad_len + c->aad_size > MAX_AD_SIZE) { + return srtp_err_status_bad_param; + } + + memcpy(c->aad + c->aad_size, aad, aad_len); + c->aad_size += aad_len; + + return (srtp_err_status_ok); +} + +/* + * This function encrypts a buffer using AES GCM mode + * + * Parameters: + * c Crypto context + * buf data to encrypt + * enc_len length of encrypt buffer + */ +static srtp_err_status_t srtp_aes_gcm_mbedtls_encrypt(void *cv, + unsigned char *buf, + unsigned int *enc_len) +{ + FUNC_ENTRY(); + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + int errCode = 0; + + if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) { + return (srtp_err_status_bad_param); + } + + errCode = mbedtls_gcm_crypt_and_tag(c->ctx, MBEDTLS_GCM_ENCRYPT, *enc_len, + c->iv, c->iv_len, c->aad, c->aad_size, + buf, buf, c->tag_len, c->tag); + + c->aad_size = 0; + if (errCode != 0) { + debug_print(srtp_mod_aes_gcm, "mbedtls error code: %d", errCode); + return srtp_err_status_bad_param; + } + + return (srtp_err_status_ok); +} + +/* + * This function calculates and returns the GCM tag for a given context. + * This should be called after encrypting the data. The *len value + * is increased by the tag size. The caller must ensure that *buf has + * enough room to accept the appended tag. + * + * Parameters: + * c Crypto context + * buf data to encrypt + * len length of encrypt buffer + */ +static srtp_err_status_t srtp_aes_gcm_mbedtls_get_tag(void *cv, + uint8_t *buf, + uint32_t *len) +{ + FUNC_ENTRY(); + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + debug_print(srtp_mod_aes_gcm, "appended tag size: %d", c->tag_len); + *len = c->tag_len; + memcpy(buf, c->tag, c->tag_len); + return (srtp_err_status_ok); +} + +/* + * This function decrypts a buffer using AES GCM mode + * + * Parameters: + * c Crypto context + * buf data to encrypt + * enc_len length of encrypt buffer + */ +static srtp_err_status_t srtp_aes_gcm_mbedtls_decrypt(void *cv, + unsigned char *buf, + unsigned int *enc_len) +{ + FUNC_ENTRY(); + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + int errCode = 0; + int len = *enc_len; + + if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) { + return (srtp_err_status_bad_param); + } + + debug_print(srtp_mod_aes_gcm, "AAD: %s", + srtp_octet_string_hex_string(c->aad, c->aad_size)); + + errCode = mbedtls_gcm_auth_decrypt( + c->ctx, (*enc_len - c->tag_len), c->iv, c->iv_len, c->aad, c->aad_size, + buf + (*enc_len - c->tag_len), c->tag_len, buf, buf); + c->aad_size = 0; + if (errCode != 0) { + return (srtp_err_status_auth_fail); + } + + /* + * Reduce the buffer size by the tag length since the tag + * is not part of the original payload + */ + *enc_len -= c->tag_len; + + return (srtp_err_status_ok); +} + +/* + * Name of this crypto engine + */ +static const char srtp_aes_gcm_128_mbedtls_description[] = + "AES-128 GCM using mbedtls"; +static const char srtp_aes_gcm_256_mbedtls_description[] = + "AES-256 GCM using mbedtls"; + +/* + * This is the vector function table for this crypto engine. + */ +const srtp_cipher_type_t srtp_aes_gcm_128 = { + srtp_aes_gcm_mbedtls_alloc, + srtp_aes_gcm_mbedtls_dealloc, + srtp_aes_gcm_mbedtls_context_init, + srtp_aes_gcm_mbedtls_set_aad, + srtp_aes_gcm_mbedtls_encrypt, + srtp_aes_gcm_mbedtls_decrypt, + srtp_aes_gcm_mbedtls_set_iv, + srtp_aes_gcm_mbedtls_get_tag, + srtp_aes_gcm_128_mbedtls_description, + &srtp_aes_gcm_128_test_case_0, + SRTP_AES_GCM_128 +}; + +/* + * This is the vector function table for this crypto engine. + */ +const srtp_cipher_type_t srtp_aes_gcm_256 = { + srtp_aes_gcm_mbedtls_alloc, + srtp_aes_gcm_mbedtls_dealloc, + srtp_aes_gcm_mbedtls_context_init, + srtp_aes_gcm_mbedtls_set_aad, + srtp_aes_gcm_mbedtls_encrypt, + srtp_aes_gcm_mbedtls_decrypt, + srtp_aes_gcm_mbedtls_set_iv, + srtp_aes_gcm_mbedtls_get_tag, + srtp_aes_gcm_256_mbedtls_description, + &srtp_aes_gcm_256_test_case_0, + SRTP_AES_GCM_256 +}; diff --git a/libs/srtp/crypto/cipher/aes_gcm_nss.c b/libs/srtp/crypto/cipher/aes_gcm_nss.c new file mode 100644 index 0000000000..23b6e0946a --- /dev/null +++ b/libs/srtp/crypto/cipher/aes_gcm_nss.c @@ -0,0 +1,442 @@ +/* + * aes_gcm_nss.c + * + * AES Galois Counter Mode + * + * Richard L. Barnes + * Cisco Systems, Inc. + * + */ + +/* + * + * Copyright (c) 2013-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "aes_gcm.h" +#include "alloc.h" +#include "err.h" /* for srtp_debug */ +#include "crypto_types.h" +#include "cipher_types.h" +#include "cipher_test_cases.h" +#include +#include + +srtp_debug_module_t srtp_mod_aes_gcm = { + 0, /* debugging is off by default */ + "aes gcm nss" /* printable module name */ +}; + +/* + * For now we only support 8 and 16 octet tags. The spec allows for + * optional 12 byte tag, which may be supported in the future. + */ +#define GCM_IV_LEN 12 +#define GCM_AUTH_TAG_LEN 16 +#define GCM_AUTH_TAG_LEN_8 8 + +/* + * This function allocates a new instance of this crypto engine. + * The key_len parameter should be one of 28 or 44 for + * AES-128-GCM or AES-256-GCM respectively. Note that the + * key length includes the 14 byte salt value that is used when + * initializing the KDF. + */ +static srtp_err_status_t srtp_aes_gcm_nss_alloc(srtp_cipher_t **c, + int key_len, + int tlen) +{ + srtp_aes_gcm_ctx_t *gcm; + NSSInitContext *nss; + + debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d", + key_len); + debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen); + + /* + * Verify the key_len is valid for one of: AES-128/256 + */ + if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT && + key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) { + return (srtp_err_status_bad_param); + } + + if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) { + return (srtp_err_status_bad_param); + } + + /* Initialize NSS equiv of NSS_NoDB_Init(NULL) */ + nss = NSS_InitContext("", "", "", "", NULL, + NSS_INIT_READONLY | NSS_INIT_NOCERTDB | + NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN | + NSS_INIT_OPTIMIZESPACE); + if (!nss) { + return (srtp_err_status_cipher_fail); + } + + /* allocate memory a cipher of type aes_gcm */ + *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); + if (*c == NULL) { + NSS_ShutdownContext(nss); + return (srtp_err_status_alloc_fail); + } + + gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t)); + if (gcm == NULL) { + NSS_ShutdownContext(nss); + srtp_crypto_free(*c); + *c = NULL; + return (srtp_err_status_alloc_fail); + } + + gcm->nss = nss; + + /* set pointers */ + (*c)->state = gcm; + + /* setup cipher attributes */ + switch (key_len) { + case SRTP_AES_GCM_128_KEY_LEN_WSALT: + (*c)->type = &srtp_aes_gcm_128; + (*c)->algorithm = SRTP_AES_GCM_128; + gcm->key_size = SRTP_AES_128_KEY_LEN; + gcm->tag_size = tlen; + gcm->params.ulTagBits = 8 * tlen; + break; + case SRTP_AES_GCM_256_KEY_LEN_WSALT: + (*c)->type = &srtp_aes_gcm_256; + (*c)->algorithm = SRTP_AES_GCM_256; + gcm->key_size = SRTP_AES_256_KEY_LEN; + gcm->tag_size = tlen; + gcm->params.ulTagBits = 8 * tlen; + break; + default: + /* this should never hit, but to be sure... */ + return (srtp_err_status_bad_param); + } + + /* set key size and tag size*/ + (*c)->key_len = key_len; + + return (srtp_err_status_ok); +} + +/* + * This function deallocates a GCM session + */ +static srtp_err_status_t srtp_aes_gcm_nss_dealloc(srtp_cipher_t *c) +{ + srtp_aes_gcm_ctx_t *ctx; + + ctx = (srtp_aes_gcm_ctx_t *)c->state; + if (ctx) { + /* release NSS resources */ + if (ctx->key) { + PK11_FreeSymKey(ctx->key); + } + + if (ctx->nss) { + NSS_ShutdownContext(ctx->nss); + ctx->nss = NULL; + } + + /* zeroize the key material */ + octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t)); + srtp_crypto_free(ctx); + } + + /* free memory */ + srtp_crypto_free(c); + + return (srtp_err_status_ok); +} + +/* + * aes_gcm_nss_context_init(...) initializes the aes_gcm_context + * using the value in key[]. + * + * the key is the secret key + */ +static srtp_err_status_t srtp_aes_gcm_nss_context_init(void *cv, + const uint8_t *key) +{ + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + + c->dir = srtp_direction_any; + + debug_print(srtp_mod_aes_gcm, "key: %s", + srtp_octet_string_hex_string(key, c->key_size)); + + if (c->key) { + PK11_FreeSymKey(c->key); + c->key = NULL; + } + + PK11SlotInfo *slot = PK11_GetBestSlot(CKM_AES_GCM, NULL); + if (!slot) { + return (srtp_err_status_cipher_fail); + } + + SECItem key_item = { siBuffer, (unsigned char *)key, c->key_size }; + c->key = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap, + CKA_ENCRYPT, &key_item, NULL); + PK11_FreeSlot(slot); + + if (!c->key) { + return (srtp_err_status_cipher_fail); + } + + return (srtp_err_status_ok); +} + +/* + * aes_gcm_nss_set_iv(c, iv) sets the counter value to the exor of iv with + * the offset + */ +static srtp_err_status_t srtp_aes_gcm_nss_set_iv( + void *cv, + uint8_t *iv, + srtp_cipher_direction_t direction) +{ + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + + if (direction != srtp_direction_encrypt && + direction != srtp_direction_decrypt) { + return (srtp_err_status_bad_param); + } + c->dir = direction; + + debug_print(srtp_mod_aes_gcm, "setting iv: %s", + srtp_octet_string_hex_string(iv, GCM_IV_LEN)); + + memcpy(c->iv, iv, GCM_IV_LEN); + + return (srtp_err_status_ok); +} + +/* + * This function processes the AAD + * + * Parameters: + * c Crypto context + * aad Additional data to process for AEAD cipher suites + * aad_len length of aad buffer + */ +static srtp_err_status_t srtp_aes_gcm_nss_set_aad(void *cv, + const uint8_t *aad, + uint32_t aad_len) +{ + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + + debug_print(srtp_mod_aes_gcm, "setting AAD: %s", + srtp_octet_string_hex_string(aad, aad_len)); + + if (aad_len + c->aad_size > MAX_AD_SIZE) { + return srtp_err_status_bad_param; + } + + memcpy(c->aad + c->aad_size, aad, aad_len); + c->aad_size += aad_len; + + return (srtp_err_status_ok); +} + +static srtp_err_status_t srtp_aes_gcm_nss_do_crypto(void *cv, + int encrypt, + unsigned char *buf, + unsigned int *enc_len) +{ + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + + c->params.pIv = c->iv; + c->params.ulIvLen = GCM_IV_LEN; + c->params.pAAD = c->aad; + c->params.ulAADLen = c->aad_size; + + // Reset AAD + c->aad_size = 0; + + int rv; + SECItem param = { siBuffer, (unsigned char *)&c->params, + sizeof(CK_GCM_PARAMS) }; + if (encrypt) { + rv = PK11_Encrypt(c->key, CKM_AES_GCM, ¶m, buf, enc_len, + *enc_len + 16, buf, *enc_len); + } else { + rv = PK11_Decrypt(c->key, CKM_AES_GCM, ¶m, buf, enc_len, *enc_len, + buf, *enc_len); + } + + srtp_err_status_t status = (srtp_err_status_ok); + if (rv != SECSuccess) { + status = (srtp_err_status_cipher_fail); + } + + return status; +} + +/* + * This function encrypts a buffer using AES GCM mode + * + * XXX(rlb@ipv.sx): We're required to break off and cache the tag + * here, because the get_tag() method is separate and the tests expect + * encrypt() not to change the size of the plaintext. It might be + * good to update the calling API so that this is cleaner. + * + * Parameters: + * c Crypto context + * buf data to encrypt + * enc_len length of encrypt buffer + */ +static srtp_err_status_t srtp_aes_gcm_nss_encrypt(void *cv, + unsigned char *buf, + unsigned int *enc_len) +{ + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + + // When we get a non-NULL buffer, we know that the caller is + // prepared to also take the tag. When we get a NULL buffer, + // even though there's no data, we need to give NSS a buffer + // where it can write the tag. We can't just use c->tag because + // memcpy has undefined behavior on overlapping ranges. + unsigned char tagbuf[16]; + unsigned char *non_null_buf = buf; + if (!non_null_buf && (*enc_len == 0)) { + non_null_buf = tagbuf; + } else if (!non_null_buf) { + return srtp_err_status_bad_param; + } + + srtp_err_status_t status = + srtp_aes_gcm_nss_do_crypto(cv, 1, non_null_buf, enc_len); + if (status != srtp_err_status_ok) { + return status; + } + + memcpy(c->tag, non_null_buf + (*enc_len - c->tag_size), c->tag_size); + *enc_len -= c->tag_size; + return srtp_err_status_ok; +} + +/* + * This function calculates and returns the GCM tag for a given context. + * This should be called after encrypting the data. The *len value + * is increased by the tag size. The caller must ensure that *buf has + * enough room to accept the appended tag. + * + * Parameters: + * c Crypto context + * buf data to encrypt + * len length of encrypt buffer + */ +static srtp_err_status_t srtp_aes_gcm_nss_get_tag(void *cv, + uint8_t *buf, + uint32_t *len) +{ + srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; + *len = c->tag_size; + memcpy(buf, c->tag, c->tag_size); + return (srtp_err_status_ok); +} + +/* + * This function decrypts a buffer using AES GCM mode + * + * Parameters: + * c Crypto context + * buf data to encrypt + * enc_len length of encrypt buffer + */ +static srtp_err_status_t srtp_aes_gcm_nss_decrypt(void *cv, + unsigned char *buf, + unsigned int *enc_len) +{ + srtp_err_status_t status = srtp_aes_gcm_nss_do_crypto(cv, 0, buf, enc_len); + if (status != srtp_err_status_ok) { + int err = PR_GetError(); + if (err == SEC_ERROR_BAD_DATA) { + status = srtp_err_status_auth_fail; + } + } + + return status; +} + +/* + * Name of this crypto engine + */ +static const char srtp_aes_gcm_128_nss_description[] = "AES-128 GCM using NSS"; +static const char srtp_aes_gcm_256_nss_description[] = "AES-256 GCM using NSS"; + +/* + * This is the vector function table for this crypto engine. + */ +/* clang-format off */ +const srtp_cipher_type_t srtp_aes_gcm_128 = { + srtp_aes_gcm_nss_alloc, + srtp_aes_gcm_nss_dealloc, + srtp_aes_gcm_nss_context_init, + srtp_aes_gcm_nss_set_aad, + srtp_aes_gcm_nss_encrypt, + srtp_aes_gcm_nss_decrypt, + srtp_aes_gcm_nss_set_iv, + srtp_aes_gcm_nss_get_tag, + srtp_aes_gcm_128_nss_description, + &srtp_aes_gcm_128_test_case_0, + SRTP_AES_GCM_128 +}; +/* clang-format on */ + +/* + * This is the vector function table for this crypto engine. + */ +/* clang-format off */ +const srtp_cipher_type_t srtp_aes_gcm_256 = { + srtp_aes_gcm_nss_alloc, + srtp_aes_gcm_nss_dealloc, + srtp_aes_gcm_nss_context_init, + srtp_aes_gcm_nss_set_aad, + srtp_aes_gcm_nss_encrypt, + srtp_aes_gcm_nss_decrypt, + srtp_aes_gcm_nss_set_iv, + srtp_aes_gcm_nss_get_tag, + srtp_aes_gcm_256_nss_description, + &srtp_aes_gcm_256_test_case_0, + SRTP_AES_GCM_256 +}; +/* clang-format on */ diff --git a/libs/srtp/crypto/cipher/aes_gcm_ossl.c b/libs/srtp/crypto/cipher/aes_gcm_ossl.c index ef13a78240..3e2d6bb113 100644 --- a/libs/srtp/crypto/cipher/aes_gcm_ossl.c +++ b/libs/srtp/crypto/cipher/aes_gcm_ossl.c @@ -49,12 +49,12 @@ #endif #include -#include "aes_icm_ossl.h" -#include "aes_gcm_ossl.h" +#include "aes_gcm.h" #include "alloc.h" #include "err.h" /* for srtp_debug */ #include "crypto_types.h" #include "cipher_types.h" +#include "cipher_test_cases.h" srtp_debug_module_t srtp_mod_aes_gcm = { 0, /* debugging is off by default */ @@ -124,13 +124,13 @@ static srtp_err_status_t srtp_aes_gcm_openssl_alloc(srtp_cipher_t **c, /* setup cipher attributes */ switch (key_len) { case SRTP_AES_GCM_128_KEY_LEN_WSALT: - (*c)->type = &srtp_aes_gcm_128_openssl; + (*c)->type = &srtp_aes_gcm_128; (*c)->algorithm = SRTP_AES_GCM_128; gcm->key_size = SRTP_AES_128_KEY_LEN; gcm->tag_len = tlen; break; case SRTP_AES_GCM_256_KEY_LEN_WSALT: - (*c)->type = &srtp_aes_gcm_256_openssl; + (*c)->type = &srtp_aes_gcm_256; (*c)->algorithm = SRTP_AES_GCM_256; gcm->key_size = SRTP_AES_256_KEY_LEN; gcm->tag_len = tlen; @@ -193,6 +193,7 @@ static srtp_err_status_t srtp_aes_gcm_openssl_context_init(void *cv, break; } + EVP_CIPHER_CTX_cleanup(c->ctx); if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) { return (srtp_err_status_init_fail); } @@ -218,7 +219,7 @@ static srtp_err_status_t srtp_aes_gcm_openssl_set_iv( c->dir = direction; debug_print(srtp_mod_aes_gcm, "setting iv: %s", - v128_hex_string((v128_t *)iv)); + srtp_octet_string_hex_string(iv, 12)); if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { return (srtp_err_status_init_fail); @@ -247,20 +248,31 @@ static srtp_err_status_t srtp_aes_gcm_openssl_set_aad(void *cv, srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; int rv; - /* - * Set dummy tag, OpenSSL requires the Tag to be set before - * processing AAD - */ + debug_print(srtp_mod_aes_gcm, "setting AAD: %s", + srtp_octet_string_hex_string(aad, aad_len)); /* - * OpenSSL never write to address pointed by the last parameter of - * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality, - * OpenSSL copy its content to the context), so we can make - * aad read-only in this function and all its wrappers. + * EVP_CTRL_GCM_SET_TAG can only be used when decrypting */ - unsigned char dummy_tag[GCM_AUTH_TAG_LEN]; - memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN); - EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag); + if (c->dir == srtp_direction_decrypt) { + /* + * Set dummy tag, OpenSSL requires the Tag to be set before + * processing AAD + */ + + /* + * OpenSSL never write to address pointed by the last parameter of + * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality, + * OpenSSL copy its content to the context), so we can make + * aad read-only in this function and all its wrappers. + */ + unsigned char dummy_tag[GCM_AUTH_TAG_LEN]; + memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN); + if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, + &dummy_tag)) { + return (srtp_err_status_algo_fail); + } + } rv = EVP_Cipher(c->ctx, NULL, aad, aad_len); if (rv != aad_len) { @@ -319,7 +331,9 @@ static srtp_err_status_t srtp_aes_gcm_openssl_get_tag(void *cv, /* * Retreive the tag */ - EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); + if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf)) { + return (srtp_err_status_algo_fail); + } /* * Increase encryption length by desired tag size @@ -349,8 +363,10 @@ static srtp_err_status_t srtp_aes_gcm_openssl_decrypt(void *cv, /* * Set the tag before decrypting */ - EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, - buf + (*enc_len - c->tag_len)); + if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, + buf + (*enc_len - c->tag_len))) { + return (srtp_err_status_auth_fail); + } EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len); /* @@ -377,178 +393,10 @@ static const char srtp_aes_gcm_128_openssl_description[] = static const char srtp_aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl"; -/* - * KAT values for AES self-test. These - * values we're derived from independent test code - * using OpenSSL. - */ -/* clang-format off */ -static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0a, 0x0b, 0x0c, -}; -/* clang-format on */ - -/* clang-format off */ -static uint8_t srtp_aes_gcm_test_case_0_iv[12] = { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 -}; - -/* clang-format off */ -static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = { - 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, - 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, - 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, - 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, - 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, - 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, - 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, - 0x3d, 0x58, 0xe0, 0x91, - /* the last 16 bytes are the tag */ - 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, - 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, -}; -/* clang-format on */ - -static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = { - SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */ - srtp_aes_gcm_test_case_0_key, /* key */ - srtp_aes_gcm_test_case_0_iv, /* packet index */ - 60, /* octets in plaintext */ - srtp_aes_gcm_test_case_0_plaintext, /* plaintext */ - 68, /* octets in ciphertext */ - srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ - 20, /* octets in AAD */ - srtp_aes_gcm_test_case_0_aad, /* AAD */ - GCM_AUTH_TAG_LEN_8, /* */ - NULL /* pointer to next testcase */ -}; - -static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = { - SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */ - srtp_aes_gcm_test_case_0_key, /* key */ - srtp_aes_gcm_test_case_0_iv, /* packet index */ - 60, /* octets in plaintext */ - srtp_aes_gcm_test_case_0_plaintext, /* plaintext */ - 76, /* octets in ciphertext */ - srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ - 20, /* octets in AAD */ - srtp_aes_gcm_test_case_0_aad, /* AAD */ - GCM_AUTH_TAG_LEN, /* */ - &srtp_aes_gcm_test_case_0a /* pointer to next testcase */ -}; - -/* clang-format off */ -static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c, - 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0a, 0x0b, 0x0c, -}; -/* clang-format on */ - -/* clang-format off */ -static uint8_t srtp_aes_gcm_test_case_1_iv[12] = { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = { - 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46, - 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a, - 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86, - 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a, - 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9, - 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80, - 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10, - 0x09, 0xc9, 0x86, 0xc1, - /* the last 16 bytes are the tag */ - 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f, - 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d, -}; -/* clang-format on */ - -static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = { - SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */ - srtp_aes_gcm_test_case_1_key, /* key */ - srtp_aes_gcm_test_case_1_iv, /* packet index */ - 60, /* octets in plaintext */ - srtp_aes_gcm_test_case_1_plaintext, /* plaintext */ - 68, /* octets in ciphertext */ - srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ - 20, /* octets in AAD */ - srtp_aes_gcm_test_case_1_aad, /* AAD */ - GCM_AUTH_TAG_LEN_8, /* */ - NULL /* pointer to next testcase */ -}; - -static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = { - SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */ - srtp_aes_gcm_test_case_1_key, /* key */ - srtp_aes_gcm_test_case_1_iv, /* packet index */ - 60, /* octets in plaintext */ - srtp_aes_gcm_test_case_1_plaintext, /* plaintext */ - 76, /* octets in ciphertext */ - srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ - 20, /* octets in AAD */ - srtp_aes_gcm_test_case_1_aad, /* AAD */ - GCM_AUTH_TAG_LEN, /* */ - &srtp_aes_gcm_test_case_1a /* pointer to next testcase */ -}; - /* * This is the vector function table for this crypto engine. */ -const srtp_cipher_type_t srtp_aes_gcm_128_openssl = { +const srtp_cipher_type_t srtp_aes_gcm_128 = { srtp_aes_gcm_openssl_alloc, srtp_aes_gcm_openssl_dealloc, srtp_aes_gcm_openssl_context_init, @@ -558,14 +406,14 @@ const srtp_cipher_type_t srtp_aes_gcm_128_openssl = { srtp_aes_gcm_openssl_set_iv, srtp_aes_gcm_openssl_get_tag, srtp_aes_gcm_128_openssl_description, - &srtp_aes_gcm_test_case_0, + &srtp_aes_gcm_128_test_case_0, SRTP_AES_GCM_128 }; /* * This is the vector function table for this crypto engine. */ -const srtp_cipher_type_t srtp_aes_gcm_256_openssl = { +const srtp_cipher_type_t srtp_aes_gcm_256 = { srtp_aes_gcm_openssl_alloc, srtp_aes_gcm_openssl_dealloc, srtp_aes_gcm_openssl_context_init, @@ -575,6 +423,6 @@ const srtp_cipher_type_t srtp_aes_gcm_256_openssl = { srtp_aes_gcm_openssl_set_iv, srtp_aes_gcm_openssl_get_tag, srtp_aes_gcm_256_openssl_description, - &srtp_aes_gcm_test_case_1, + &srtp_aes_gcm_256_test_case_0, SRTP_AES_GCM_256 }; diff --git a/libs/srtp/crypto/cipher/aes_icm.c b/libs/srtp/crypto/cipher/aes_icm.c index 7551c75148..e05d9e45a3 100644 --- a/libs/srtp/crypto/cipher/aes_icm.c +++ b/libs/srtp/crypto/cipher/aes_icm.c @@ -52,6 +52,7 @@ #include "aes_icm.h" #include "alloc.h" #include "cipher_types.h" +#include "cipher_test_cases.h" srtp_debug_module_t srtp_mod_aes_icm = { 0, /* debugging is off by default */ @@ -399,104 +400,6 @@ static const char srtp_aes_icm_128_description[] = static const char srtp_aes_icm_256_description[] = "AES-256 integer counter mode"; -/* clang-format off */ -static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd -}; -/* clang-format on */ - -/* clang-format off */ -static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = { - 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, - 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, - 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, - 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab -}; -/* clang-format on */ - -static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = { - SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */ - srtp_aes_icm_128_test_case_0_key, /* key */ - srtp_aes_icm_128_test_case_0_nonce, /* packet index */ - 32, /* octets in plaintext */ - srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */ - 32, /* octets in ciphertext */ - srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */ - 0, /* */ - NULL, /* */ - 0, /* */ - NULL /* pointer to next testcase */ -}; - -/* clang-format off */ -static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = { - 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, - 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, - 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, - 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd -}; -/* clang-format on */ - -/* clang-format off */ -static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = { - 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, - 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, - 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, - 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac -}; -/* clang-format on */ - -static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = { - SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */ - srtp_aes_icm_256_test_case_0_key, /* key */ - srtp_aes_icm_256_test_case_0_nonce, /* packet index */ - 32, /* octets in plaintext */ - srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */ - 32, /* octets in ciphertext */ - srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */ - 0, /* */ - NULL, /* */ - 0, /* */ - NULL, /* pointer to next testcase */ -}; - /* * note: the encrypt function is identical to the decrypt function */ diff --git a/libs/srtp/crypto/cipher/aes_icm_mbedtls.c b/libs/srtp/crypto/cipher/aes_icm_mbedtls.c new file mode 100644 index 0000000000..9893ded702 --- /dev/null +++ b/libs/srtp/crypto/cipher/aes_icm_mbedtls.c @@ -0,0 +1,371 @@ +/* + * aes_icm_mbedtls.c + * + * AES Integer Counter Mode + * + * YongCheng Yang + */ + +/* + * + * Copyright (c) 2013-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include "aes_icm_ext.h" +#include "crypto_types.h" +#include "err.h" /* for srtp_debug */ +#include "alloc.h" +#include "cipher_types.h" +#include "cipher_test_cases.h" + +srtp_debug_module_t srtp_mod_aes_icm = { + 0, /* debugging is off by default */ + "aes icm mbedtls" /* printable module name */ +}; + +/* + * integer counter mode works as follows: + * + * https://tools.ietf.org/html/rfc3711#section-4.1.1 + * + * E(k, IV) || E(k, IV + 1 mod 2^128) || E(k, IV + 2 mod 2^128) ... + * IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (i * 2^16) + * + * IV SHALL be defined by the SSRC, the SRTP packet index i, + * and the SRTP session salting key k_s. + * + * SSRC: 32bits. + * Sequence number: 16bits. + * nonce is 64bits. . + * packet index = ROC || SEQ. (ROC: Rollover counter) + * + * 16 bits + * <-----> + * +------+------+------+------+------+------+------+------+ + * | nonce | packet index | ctr |---+ + * +------+------+------+------+------+------+------+------+ | + * | + * +------+------+------+------+------+------+------+------+ v + * | salt |000000|->(+) + * +------+------+------+------+------+------+------+------+ | + * | + * +---------+ + * | encrypt | + * +---------+ + * | + * +------+------+------+------+------+------+------+------+ | + * | keystream block |<--+ + * +------+------+------+------+------+------+------+------+ + * + * All fields are big-endian + * + * ctr is the block counter, which increments from zero for + * each packet (16 bits wide) + * + * packet index is distinct for each packet (48 bits wide) + * + * nonce can be distinct across many uses of the same key, or + * can be a fixed value per key, or can be per-packet randomness + * (64 bits) + * + */ + +/* + * This function allocates a new instance of this crypto engine. + * The key_len parameter should be one of 30, 38, or 46 for + * AES-128, AES-192, and AES-256 respectively. Note, this key_len + * value is inflated, as it also accounts for the 112 bit salt + * value. The tlen argument is for the AEAD tag length, which + * isn't used in counter mode. + */ +static srtp_err_status_t srtp_aes_icm_mbedtls_alloc(srtp_cipher_t **c, + int key_len, + int tlen) +{ + srtp_aes_icm_ctx_t *icm; + + debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", + key_len); + + /* + * Verify the key_len is valid for one of: AES-128/192/256 + */ + if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && + key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT && + key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) { + return srtp_err_status_bad_param; + } + + /* allocate memory a cipher of type aes_icm */ + *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); + if (*c == NULL) { + return srtp_err_status_alloc_fail; + } + + icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t)); + if (icm == NULL) { + srtp_crypto_free(*c); + *c = NULL; + return srtp_err_status_alloc_fail; + } + + icm->ctx = + (mbedtls_aes_context *)srtp_crypto_alloc(sizeof(mbedtls_aes_context)); + if (icm->ctx == NULL) { + srtp_crypto_free(icm); + srtp_crypto_free(*c); + *c = NULL; + return srtp_err_status_alloc_fail; + } + + mbedtls_aes_init(icm->ctx); + + /* set pointers */ + (*c)->state = icm; + + /* setup cipher parameters */ + switch (key_len) { + case SRTP_AES_ICM_128_KEY_LEN_WSALT: + (*c)->algorithm = SRTP_AES_ICM_128; + (*c)->type = &srtp_aes_icm_128; + icm->key_size = SRTP_AES_128_KEY_LEN; + break; + case SRTP_AES_ICM_192_KEY_LEN_WSALT: + (*c)->algorithm = SRTP_AES_ICM_192; + (*c)->type = &srtp_aes_icm_192; + icm->key_size = SRTP_AES_192_KEY_LEN; + break; + case SRTP_AES_ICM_256_KEY_LEN_WSALT: + (*c)->algorithm = SRTP_AES_ICM_256; + (*c)->type = &srtp_aes_icm_256; + icm->key_size = SRTP_AES_256_KEY_LEN; + break; + } + + /* set key size */ + (*c)->key_len = key_len; + + return srtp_err_status_ok; +} + +/* + * This function deallocates an instance of this engine + */ +static srtp_err_status_t srtp_aes_icm_mbedtls_dealloc(srtp_cipher_t *c) +{ + srtp_aes_icm_ctx_t *ctx; + + if (c == NULL) { + return srtp_err_status_bad_param; + } + + /* + * Free the aes context + */ + ctx = (srtp_aes_icm_ctx_t *)c->state; + if (ctx != NULL) { + mbedtls_aes_free(ctx->ctx); + srtp_crypto_free(ctx->ctx); + /* zeroize the key material */ + octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t)); + srtp_crypto_free(ctx); + } + + /* free memory */ + srtp_crypto_free(c); + + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_aes_icm_mbedtls_context_init(void *cv, + const uint8_t *key) +{ + srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; + uint32_t key_size_in_bits = (c->key_size << 3); + int errcode = 0; + + /* + * set counter and initial values to 'offset' value, being careful not to + * go past the end of the key buffer + */ + v128_set_to_zero(&c->counter); + v128_set_to_zero(&c->offset); + memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN); + memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN); + + /* force last two octets of the offset to zero (for srtp compatibility) */ + c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0; + c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0; + debug_print(srtp_mod_aes_icm, "key: %s", + srtp_octet_string_hex_string(key, c->key_size)); + debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); + + switch (c->key_size) { + case SRTP_AES_256_KEY_LEN: + case SRTP_AES_192_KEY_LEN: + case SRTP_AES_128_KEY_LEN: + break; + default: + return srtp_err_status_bad_param; + break; + } + + errcode = mbedtls_aes_setkey_enc(c->ctx, key, key_size_in_bits); + if (errcode != 0) { + debug_print(srtp_mod_aes_icm, "errCode: %d", errcode); + } + + return srtp_err_status_ok; +} + +/* + * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with + * the offset + */ +static srtp_err_status_t srtp_aes_icm_mbedtls_set_iv( + void *cv, + uint8_t *iv, + srtp_cipher_direction_t dir) +{ + srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; + v128_t nonce; + c->nc_off = 0; + /* set nonce (for alignment) */ + v128_copy_octet_string(&nonce, iv); + + debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce)); + + v128_xor(&c->counter, &c->offset, &nonce); + + debug_print(srtp_mod_aes_icm, "set_counter: %s", + v128_hex_string(&c->counter)); + + return srtp_err_status_ok; +} + +/* + * This function encrypts a buffer using AES CTR mode + * + * Parameters: + * c Crypto context + * buf data to encrypt + * enc_len length of encrypt buffer + */ +static srtp_err_status_t srtp_aes_icm_mbedtls_encrypt(void *cv, + unsigned char *buf, + unsigned int *enc_len) +{ + srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; + + int errCode = 0; + debug_print(srtp_mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); + + errCode = + mbedtls_aes_crypt_ctr(c->ctx, *enc_len, &(c->nc_off), c->counter.v8, + c->stream_block.v8, buf, buf); + if (errCode != 0) { + debug_print(srtp_mod_aes_icm, "encrypt error: %d", errCode); + return srtp_err_status_cipher_fail; + } + + return srtp_err_status_ok; +} + +/* + * Name of this crypto engine + */ +static const char srtp_aes_icm_128_mbedtls_description[] = + "AES-128 counter mode using mbedtls"; +static const char srtp_aes_icm_192_mbedtls_description[] = + "AES-192 counter mode using mbedtls"; +static const char srtp_aes_icm_256_mbedtls_description[] = + "AES-256 counter mode using mbedtls"; + +/* + * This is the function table for this crypto engine. + * note: the encrypt function is identical to the decrypt function + */ +const srtp_cipher_type_t srtp_aes_icm_128 = { + srtp_aes_icm_mbedtls_alloc, /* */ + srtp_aes_icm_mbedtls_dealloc, /* */ + srtp_aes_icm_mbedtls_context_init, /* */ + 0, /* set_aad */ + srtp_aes_icm_mbedtls_encrypt, /* */ + srtp_aes_icm_mbedtls_encrypt, /* */ + srtp_aes_icm_mbedtls_set_iv, /* */ + 0, /* get_tag */ + srtp_aes_icm_128_mbedtls_description, /* */ + &srtp_aes_icm_128_test_case_0, /* */ + SRTP_AES_ICM_128 /* */ +}; + +/* + * This is the function table for this crypto engine. + * note: the encrypt function is identical to the decrypt function + */ +const srtp_cipher_type_t srtp_aes_icm_192 = { + srtp_aes_icm_mbedtls_alloc, /* */ + srtp_aes_icm_mbedtls_dealloc, /* */ + srtp_aes_icm_mbedtls_context_init, /* */ + 0, /* set_aad */ + srtp_aes_icm_mbedtls_encrypt, /* */ + srtp_aes_icm_mbedtls_encrypt, /* */ + srtp_aes_icm_mbedtls_set_iv, /* */ + 0, /* get_tag */ + srtp_aes_icm_192_mbedtls_description, /* */ + &srtp_aes_icm_192_test_case_0, /* */ + SRTP_AES_ICM_192 /* */ +}; + +/* + * This is the function table for this crypto engine. + * note: the encrypt function is identical to the decrypt function + */ +const srtp_cipher_type_t srtp_aes_icm_256 = { + srtp_aes_icm_mbedtls_alloc, /* */ + srtp_aes_icm_mbedtls_dealloc, /* */ + srtp_aes_icm_mbedtls_context_init, /* */ + 0, /* set_aad */ + srtp_aes_icm_mbedtls_encrypt, /* */ + srtp_aes_icm_mbedtls_encrypt, /* */ + srtp_aes_icm_mbedtls_set_iv, /* */ + 0, /* get_tag */ + srtp_aes_icm_256_mbedtls_description, /* */ + &srtp_aes_icm_256_test_case_0, /* */ + SRTP_AES_ICM_256 /* */ +}; diff --git a/libs/srtp/crypto/cipher/aes_icm_nss.c b/libs/srtp/crypto/cipher/aes_icm_nss.c new file mode 100644 index 0000000000..04323b4fef --- /dev/null +++ b/libs/srtp/crypto/cipher/aes_icm_nss.c @@ -0,0 +1,404 @@ +/* + * aes_icm_nss.c + * + * AES Integer Counter Mode + * + * Richard L. Barnes + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2013-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "aes_icm_ext.h" +#include "crypto_types.h" +#include "err.h" /* for srtp_debug */ +#include "alloc.h" +#include "cipher_types.h" +#include "cipher_test_cases.h" + +srtp_debug_module_t srtp_mod_aes_icm = { + 0, /* debugging is off by default */ + "aes icm nss" /* printable module name */ +}; + +/* + * integer counter mode works as follows: + * + * 16 bits + * <-----> + * +------+------+------+------+------+------+------+------+ + * | nonce | packet index | ctr |---+ + * +------+------+------+------+------+------+------+------+ | + * | + * +------+------+------+------+------+------+------+------+ v + * | salt |000000|->(+) + * +------+------+------+------+------+------+------+------+ | + * | + * +---------+ + * | encrypt | + * +---------+ + * | + * +------+------+------+------+------+------+------+------+ | + * | keystream block |<--+ + * +------+------+------+------+------+------+------+------+ + * + * All fields are big-endian + * + * ctr is the block counter, which increments from zero for + * each packet (16 bits wide) + * + * packet index is distinct for each packet (48 bits wide) + * + * nonce can be distinct across many uses of the same key, or + * can be a fixed value per key, or can be per-packet randomness + * (64 bits) + * + */ + +/* + * This function allocates a new instance of this crypto engine. + * The key_len parameter should be one of 30, 38, or 46 for + * AES-128, AES-192, and AES-256 respectively. Note, this key_len + * value is inflated, as it also accounts for the 112 bit salt + * value. The tlen argument is for the AEAD tag length, which + * isn't used in counter mode. + */ +static srtp_err_status_t srtp_aes_icm_nss_alloc(srtp_cipher_t **c, + int key_len, + int tlen) +{ + srtp_aes_icm_ctx_t *icm; + NSSInitContext *nss; + + debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", + key_len); + + /* + * Verify the key_len is valid for one of: AES-128/192/256 + */ + if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && + key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT && + key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) { + return srtp_err_status_bad_param; + } + + /* Initialize NSS equiv of NSS_NoDB_Init(NULL) */ + nss = NSS_InitContext("", "", "", "", NULL, + NSS_INIT_READONLY | NSS_INIT_NOCERTDB | + NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN | + NSS_INIT_OPTIMIZESPACE); + if (!nss) { + return (srtp_err_status_cipher_fail); + } + + /* allocate memory a cipher of type aes_icm */ + *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); + if (*c == NULL) { + NSS_ShutdownContext(nss); + return srtp_err_status_alloc_fail; + } + + icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t)); + if (icm == NULL) { + NSS_ShutdownContext(nss); + srtp_crypto_free(*c); + *c = NULL; + return srtp_err_status_alloc_fail; + } + + icm->key = NULL; + icm->ctx = NULL; + icm->nss = nss; + + /* set pointers */ + (*c)->state = icm; + + /* setup cipher parameters */ + switch (key_len) { + case SRTP_AES_ICM_128_KEY_LEN_WSALT: + (*c)->algorithm = SRTP_AES_ICM_128; + (*c)->type = &srtp_aes_icm_128; + icm->key_size = SRTP_AES_128_KEY_LEN; + break; + case SRTP_AES_ICM_192_KEY_LEN_WSALT: + (*c)->algorithm = SRTP_AES_ICM_192; + (*c)->type = &srtp_aes_icm_192; + icm->key_size = SRTP_AES_192_KEY_LEN; + break; + case SRTP_AES_ICM_256_KEY_LEN_WSALT: + (*c)->algorithm = SRTP_AES_ICM_256; + (*c)->type = &srtp_aes_icm_256; + icm->key_size = SRTP_AES_256_KEY_LEN; + break; + } + + /* set key size */ + (*c)->key_len = key_len; + + return srtp_err_status_ok; +} + +/* + * This function deallocates an instance of this engine + */ +static srtp_err_status_t srtp_aes_icm_nss_dealloc(srtp_cipher_t *c) +{ + srtp_aes_icm_ctx_t *ctx; + + ctx = (srtp_aes_icm_ctx_t *)c->state; + if (ctx) { + /* free any PK11 values that have been created */ + if (ctx->key) { + PK11_FreeSymKey(ctx->key); + ctx->key = NULL; + } + + if (ctx->ctx) { + PK11_DestroyContext(ctx->ctx, PR_TRUE); + ctx->ctx = NULL; + } + + if (ctx->nss) { + NSS_ShutdownContext(ctx->nss); + ctx->nss = NULL; + } + + /* zeroize everything */ + octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t)); + srtp_crypto_free(ctx); + } + + /* free memory */ + srtp_crypto_free(c); + + return (srtp_err_status_ok); +} + +/* + * aes_icm_nss_context_init(...) initializes the aes_icm_context + * using the value in key[]. + * + * the key is the secret key + * + * the salt is unpredictable (but not necessarily secret) data which + * randomizes the starting point in the keystream + */ +static srtp_err_status_t srtp_aes_icm_nss_context_init(void *cv, + const uint8_t *key) +{ + srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; + + /* + * set counter and initial values to 'offset' value, being careful not to + * go past the end of the key buffer + */ + v128_set_to_zero(&c->counter); + v128_set_to_zero(&c->offset); + memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN); + memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN); + + /* force last two octets of the offset to zero (for srtp compatibility) */ + c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0; + c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0; + + debug_print(srtp_mod_aes_icm, "key: %s", + srtp_octet_string_hex_string(key, c->key_size)); + debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); + + if (c->key) { + PK11_FreeSymKey(c->key); + c->key = NULL; + } + + PK11SlotInfo *slot = PK11_GetBestSlot(CKM_AES_CTR, NULL); + if (!slot) { + return srtp_err_status_bad_param; + } + + SECItem keyItem = { siBuffer, (unsigned char *)key, c->key_size }; + c->key = PK11_ImportSymKey(slot, CKM_AES_CTR, PK11_OriginUnwrap, + CKA_ENCRYPT, &keyItem, NULL); + PK11_FreeSlot(slot); + + if (!c->key) { + return srtp_err_status_cipher_fail; + } + + return (srtp_err_status_ok); +} + +/* + * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with + * the offset + */ +static srtp_err_status_t srtp_aes_icm_nss_set_iv(void *cv, + uint8_t *iv, + srtp_cipher_direction_t dir) +{ + srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; + v128_t nonce; + + /* set nonce (for alignment) */ + v128_copy_octet_string(&nonce, iv); + + debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce)); + + v128_xor(&c->counter, &c->offset, &nonce); + + debug_print(srtp_mod_aes_icm, "set_counter: %s", + v128_hex_string(&c->counter)); + + /* set up the PK11 context now that we have all the info */ + CK_AES_CTR_PARAMS param; + param.ulCounterBits = 16; + memcpy(param.cb, &c->counter, 16); + + if (!c->key) { + return srtp_err_status_bad_param; + } + + if (c->ctx) { + PK11_DestroyContext(c->ctx, PR_TRUE); + } + + SECItem paramItem = { siBuffer, (unsigned char *)¶m, + sizeof(CK_AES_CTR_PARAMS) }; + c->ctx = PK11_CreateContextBySymKey(CKM_AES_CTR, CKA_ENCRYPT, c->key, + ¶mItem); + if (!c->ctx) { + return srtp_err_status_cipher_fail; + } + + return srtp_err_status_ok; +} + +/* + * This function encrypts a buffer using AES CTR mode + * + * Parameters: + * c Crypto context + * buf data to encrypt + * enc_len length of encrypt buffer + */ +static srtp_err_status_t srtp_aes_icm_nss_encrypt(void *cv, + unsigned char *buf, + unsigned int *enc_len) +{ + srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; + + if (!c->ctx) { + return srtp_err_status_bad_param; + } + + int rv = + PK11_CipherOp(c->ctx, buf, (int *)enc_len, *enc_len, buf, *enc_len); + + srtp_err_status_t status = (srtp_err_status_ok); + if (rv != SECSuccess) { + status = (srtp_err_status_cipher_fail); + } + + return status; +} + +/* + * Name of this crypto engine + */ +static const char srtp_aes_icm_128_nss_description[] = + "AES-128 counter mode using NSS"; +static const char srtp_aes_icm_192_nss_description[] = + "AES-192 counter mode using NSS"; +static const char srtp_aes_icm_256_nss_description[] = + "AES-256 counter mode using NSS"; + +/* + * This is the function table for this crypto engine. + * note: the encrypt function is identical to the decrypt function + */ +const srtp_cipher_type_t srtp_aes_icm_128 = { + srtp_aes_icm_nss_alloc, /* */ + srtp_aes_icm_nss_dealloc, /* */ + srtp_aes_icm_nss_context_init, /* */ + 0, /* set_aad */ + srtp_aes_icm_nss_encrypt, /* */ + srtp_aes_icm_nss_encrypt, /* */ + srtp_aes_icm_nss_set_iv, /* */ + 0, /* get_tag */ + srtp_aes_icm_128_nss_description, /* */ + &srtp_aes_icm_128_test_case_0, /* */ + SRTP_AES_ICM_128 /* */ +}; + +/* + * This is the function table for this crypto engine. + * note: the encrypt function is identical to the decrypt function + */ +const srtp_cipher_type_t srtp_aes_icm_192 = { + srtp_aes_icm_nss_alloc, /* */ + srtp_aes_icm_nss_dealloc, /* */ + srtp_aes_icm_nss_context_init, /* */ + 0, /* set_aad */ + srtp_aes_icm_nss_encrypt, /* */ + srtp_aes_icm_nss_encrypt, /* */ + srtp_aes_icm_nss_set_iv, /* */ + 0, /* get_tag */ + srtp_aes_icm_192_nss_description, /* */ + &srtp_aes_icm_192_test_case_0, /* */ + SRTP_AES_ICM_192 /* */ +}; + +/* + * This is the function table for this crypto engine. + * note: the encrypt function is identical to the decrypt function + */ +const srtp_cipher_type_t srtp_aes_icm_256 = { + srtp_aes_icm_nss_alloc, /* */ + srtp_aes_icm_nss_dealloc, /* */ + srtp_aes_icm_nss_context_init, /* */ + 0, /* set_aad */ + srtp_aes_icm_nss_encrypt, /* */ + srtp_aes_icm_nss_encrypt, /* */ + srtp_aes_icm_nss_set_iv, /* */ + 0, /* get_tag */ + srtp_aes_icm_256_nss_description, /* */ + &srtp_aes_icm_256_test_case_0, /* */ + SRTP_AES_ICM_256 /* */ +}; diff --git a/libs/srtp/crypto/cipher/aes_icm_ossl.c b/libs/srtp/crypto/cipher/aes_icm_ossl.c index b591897623..f960a33ecf 100644 --- a/libs/srtp/crypto/cipher/aes_icm_ossl.c +++ b/libs/srtp/crypto/cipher/aes_icm_ossl.c @@ -53,11 +53,12 @@ #endif #include -#include "aes_icm_ossl.h" +#include "aes_icm_ext.h" #include "crypto_types.h" #include "err.h" /* for srtp_debug */ #include "alloc.h" #include "cipher_types.h" +#include "cipher_test_cases.h" srtp_debug_module_t srtp_mod_aes_icm = { 0, /* debugging is off by default */ @@ -78,9 +79,9 @@ srtp_debug_module_t srtp_mod_aes_icm = { * +------+------+------+------+------+------+------+------+ | * | * +---------+ - * | encrypt | - * +---------+ - * | + * | encrypt | + * +---------+ + * | * +------+------+------+------+------+------+------+------+ | * | keystream block |<--+ * +------+------+------+------+------+------+------+------+ @@ -248,6 +249,7 @@ static srtp_err_status_t srtp_aes_icm_openssl_context_init(void *cv, break; } + EVP_CIPHER_CTX_cleanup(c->ctx); if (!EVP_EncryptInit_ex(c->ctx, evp, NULL, key, NULL)) { return srtp_err_status_fail; } else { @@ -308,7 +310,7 @@ static srtp_err_status_t srtp_aes_icm_openssl_encrypt(void *cv, } *enc_len = len; - if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) { + if (!EVP_EncryptFinal_ex(c->ctx, buf + len, &len)) { return srtp_err_status_cipher_fail; } *enc_len += len; @@ -326,165 +328,6 @@ static const char srtp_aes_icm_192_openssl_description[] = static const char srtp_aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl"; -/* - * KAT values for AES self-test. These - * values came from the legacy libsrtp code. - */ -/* clang-format off */ -static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd -}; -/* clang-format on */ - -/* clang-format off */ -static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = { - 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, - 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, - 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, - 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab -}; -/* clang-format on */ - -static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = { - SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */ - srtp_aes_icm_128_test_case_0_key, /* key */ - srtp_aes_icm_128_test_case_0_nonce, /* packet index */ - 32, /* octets in plaintext */ - srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */ - 32, /* octets in ciphertext */ - srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */ - 0, /* */ - NULL, /* */ - 0, /* */ - NULL /* pointer to next testcase */ -}; - -/* - * KAT values for AES-192-CTR self-test. These - * values came from section 7 of RFC 6188. - */ -/* clang-format off */ -static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = { - 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d, - 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21, - 0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd -}; -/* clang-format on */ - -/* clang-format off */ -static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = { - 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d, - 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c, - 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61, - 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a -}; -/* clang-format on */ - -static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = { - SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */ - srtp_aes_icm_192_test_case_0_key, /* key */ - srtp_aes_icm_192_test_case_0_nonce, /* packet index */ - 32, /* octets in plaintext */ - srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */ - 32, /* octets in ciphertext */ - srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */ - 0, /* */ - NULL, /* */ - 0, /* */ - NULL /* pointer to next testcase */ -}; - -/* - * KAT values for AES-256-CTR self-test. These - * values came from section 7 of RFC 6188. - */ -/* clang-format off */ -static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = { - 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, - 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, - 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, - 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd -}; -/* clang-format on */ - -/* clang-format off */ -static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = { - 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, - 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, - 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, - 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac -}; -/* clang-format on */ - -static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = { - SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */ - srtp_aes_icm_256_test_case_0_key, /* key */ - srtp_aes_icm_256_test_case_0_nonce, /* packet index */ - 32, /* octets in plaintext */ - srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */ - 32, /* octets in ciphertext */ - srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */ - 0, /* */ - NULL, /* */ - 0, /* */ - NULL /* pointer to next testcase */ -}; - /* * This is the function table for this crypto engine. * note: the encrypt function is identical to the decrypt function diff --git a/libs/srtp/crypto/cipher/cipher.c b/libs/srtp/crypto/cipher/cipher.c index 19f00abc55..de93bc90d8 100644 --- a/libs/srtp/crypto/cipher/cipher.c +++ b/libs/srtp/crypto/cipher/cipher.c @@ -49,6 +49,7 @@ #endif #include "cipher.h" +#include "cipher_priv.h" #include "crypto_types.h" #include "err.h" /* for srtp_debug */ #include "alloc.h" /* for crypto_alloc(), crypto_free() */ @@ -165,24 +166,11 @@ int srtp_cipher_get_key_length(const srtp_cipher_t *c) } /* - * A trivial platform independent random source. The random - * data is used for some of the cipher self-tests. + * A trivial platform independent random source. + * For use in test only. */ -static srtp_err_status_t srtp_cipher_rand(void *dest, uint32_t len) +void srtp_cipher_rand_for_tests(void *dest, uint32_t len) { -#if defined(HAVE_RAND_S) - uint8_t *dst = (uint8_t *)dest; - while (len) { - unsigned int val; - errno_t err = rand_s(&val); - - if (err != 0) - return srtp_err_status_fail; - - *dst++ = val & 0xff; - len--; - } -#else /* Generic C-library (rand()) version */ /* This is a random source of last resort */ uint8_t *dst = (uint8_t *)dest; @@ -194,8 +182,17 @@ static srtp_err_status_t srtp_cipher_rand(void *dest, uint32_t len) *dst++ = val & 0xff; len--; } -#endif - return srtp_err_status_ok; +} + +/* + * A trivial platform independent 32 bit random number. + * For use in test only. + */ +uint32_t srtp_cipher_rand_u32_for_tests(void) +{ + uint32_t r; + srtp_cipher_rand_for_tests(&r, sizeof(r)); + return r; } #define SELF_TEST_BUF_OCTETS 128 @@ -246,7 +243,7 @@ srtp_err_status_t srtp_cipher_type_test( /* * test the encrypt function */ - debug_print(srtp_mod_cipher, "testing encryption", NULL); + debug_print0(srtp_mod_cipher, "testing encryption"); /* initialize cipher */ status = srtp_cipher_init(c, test_case->key); @@ -350,7 +347,7 @@ srtp_err_status_t srtp_cipher_type_test( /* * test the decrypt function */ - debug_print(srtp_mod_cipher, "testing decryption", NULL); + debug_print0(srtp_mod_cipher, "testing decryption"); /* re-initialize cipher for decryption */ status = srtp_cipher_init(c, test_case->key); @@ -465,13 +462,9 @@ srtp_err_status_t srtp_cipher_type_test( uint8_t iv[MAX_KEY_LEN]; /* choose a length at random (leaving room for IV and padding) */ - length = rand() % (SELF_TEST_BUF_OCTETS - 64); + length = srtp_cipher_rand_u32_for_tests() % (SELF_TEST_BUF_OCTETS - 64); debug_print(srtp_mod_cipher, "random plaintext length %d\n", length); - status = srtp_cipher_rand(buffer, length); - if (status) { - srtp_cipher_dealloc(c); - return status; - } + srtp_cipher_rand_for_tests(buffer, length); debug_print(srtp_mod_cipher, "plaintext: %s", srtp_octet_string_hex_string(buffer, length)); @@ -486,18 +479,10 @@ srtp_err_status_t srtp_cipher_type_test( srtp_cipher_dealloc(c); return srtp_err_status_cant_check; } - status = srtp_cipher_rand(key, test_case->key_length_octets); - if (status) { - srtp_cipher_dealloc(c); - return status; - } + srtp_cipher_rand_for_tests(key, test_case->key_length_octets); /* chose a random initialization vector */ - status = srtp_cipher_rand(iv, MAX_KEY_LEN); - if (status) { - srtp_cipher_dealloc(c); - return status; - } + srtp_cipher_rand_for_tests(iv, MAX_KEY_LEN); /* initialize cipher */ status = srtp_cipher_init(c, key); diff --git a/libs/srtp/crypto/cipher/cipher_test_cases.c b/libs/srtp/crypto/cipher/cipher_test_cases.c new file mode 100644 index 0000000000..e4b8f0fcd8 --- /dev/null +++ b/libs/srtp/crypto/cipher/cipher_test_cases.c @@ -0,0 +1,365 @@ +/* + * + * Copyright (c) 2013-2021, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "cipher_test_cases.h" +#include + +/* + * KAT values for AES self-test. These + * values came from the legacy libsrtp code. + */ +/* clang-format off */ +static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd +}; +/* clang-format on */ + +/* clang-format off */ +static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = { + 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, + 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, + 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, + 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab +}; +/* clang-format on */ + +const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = { + SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */ + srtp_aes_icm_128_test_case_0_key, /* key */ + srtp_aes_icm_128_test_case_0_nonce, /* packet index */ + 32, /* octets in plaintext */ + srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */ + 32, /* octets in ciphertext */ + srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */ + 0, /* */ + NULL, /* */ + 0, /* */ + NULL /* pointer to next testcase */ +}; + +/* + * KAT values for AES-192-CTR self-test. These + * values came from section 7 of RFC 6188. + */ +/* clang-format off */ +static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = { + 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d, + 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21, + 0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd +}; +/* clang-format on */ + +/* clang-format off */ +static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = { + 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d, + 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c, + 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61, + 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a +}; +/* clang-format on */ + +const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = { + SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */ + srtp_aes_icm_192_test_case_0_key, /* key */ + srtp_aes_icm_192_test_case_0_nonce, /* packet index */ + 32, /* octets in plaintext */ + srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */ + 32, /* octets in ciphertext */ + srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */ + 0, /* */ + NULL, /* */ + 0, /* */ + NULL /* pointer to next testcase */ +}; + +/* + * KAT values for AES-256-CTR self-test. These + * values came from section 7 of RFC 6188. + */ +/* clang-format off */ +static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = { + 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, + 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, + 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, + 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd +}; +/* clang-format on */ + +/* clang-format off */ +static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = { + 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, + 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, + 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, + 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac +}; +/* clang-format on */ + +const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = { + SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */ + srtp_aes_icm_256_test_case_0_key, /* key */ + srtp_aes_icm_256_test_case_0_nonce, /* packet index */ + 32, /* octets in plaintext */ + srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */ + 32, /* octets in ciphertext */ + srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */ + 0, /* */ + NULL, /* */ + 0, /* */ + NULL /* pointer to next testcase */ +}; + +/* + * KAT values for AES self-test. These + * values we're derived from independent test code + * using OpenSSL. + */ +/* clang-format off */ +static const uint8_t srtp_aes_gcm_128_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, +}; +/* clang-format on */ + +/* clang-format off */ +static uint8_t srtp_aes_gcm_128_test_case_0_iv[12] = { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_gcm_128_test_case_0_plaintext[60] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 +}; + +/* clang-format off */ +static const uint8_t srtp_aes_gcm_128_test_case_0_aad[20] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_gcm_128_test_case_0_ciphertext[76] = { + 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, + 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, + 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, + 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, + 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, + 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, + 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, + 0x3d, 0x58, 0xe0, 0x91, + /* the last 16 bytes are the tag */ + 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, + 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, +}; +/* clang-format on */ + +static const srtp_cipher_test_case_t srtp_aes_gcm_128_test_case_0a = { + SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */ + srtp_aes_gcm_128_test_case_0_key, /* key */ + srtp_aes_gcm_128_test_case_0_iv, /* packet index */ + 60, /* octets in plaintext */ + srtp_aes_gcm_128_test_case_0_plaintext, /* plaintext */ + 68, /* octets in ciphertext */ + srtp_aes_gcm_128_test_case_0_ciphertext, /* ciphertext + tag */ + 20, /* octets in AAD */ + srtp_aes_gcm_128_test_case_0_aad, /* AAD */ + 8, /* */ + NULL /* pointer to next testcase */ +}; + +const srtp_cipher_test_case_t srtp_aes_gcm_128_test_case_0 = { + SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */ + srtp_aes_gcm_128_test_case_0_key, /* key */ + srtp_aes_gcm_128_test_case_0_iv, /* packet index */ + 60, /* octets in plaintext */ + srtp_aes_gcm_128_test_case_0_plaintext, /* plaintext */ + 76, /* octets in ciphertext */ + srtp_aes_gcm_128_test_case_0_ciphertext, /* ciphertext + tag */ + 20, /* octets in AAD */ + srtp_aes_gcm_128_test_case_0_aad, /* AAD */ + 16, /* */ + &srtp_aes_gcm_128_test_case_0a /* pointer to next testcase */ +}; + +/* clang-format off */ +static const uint8_t srtp_aes_gcm_256_test_case_0_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c, + 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, +}; +/* clang-format on */ + +/* clang-format off */ +static uint8_t srtp_aes_gcm_256_test_case_0_iv[12] = { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_gcm_256_test_case_0_plaintext[60] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_gcm_256_test_case_0_aad[20] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_aes_gcm_256_test_case_0_ciphertext[76] = { + 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46, + 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a, + 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86, + 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a, + 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9, + 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80, + 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10, + 0x09, 0xc9, 0x86, 0xc1, + /* the last 16 bytes are the tag */ + 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f, + 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d, +}; +/* clang-format on */ + +static const srtp_cipher_test_case_t srtp_aes_gcm_256_test_case_0a = { + SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */ + srtp_aes_gcm_256_test_case_0_key, /* key */ + srtp_aes_gcm_256_test_case_0_iv, /* packet index */ + 60, /* octets in plaintext */ + srtp_aes_gcm_256_test_case_0_plaintext, /* plaintext */ + 68, /* octets in ciphertext */ + srtp_aes_gcm_256_test_case_0_ciphertext, /* ciphertext + tag */ + 20, /* octets in AAD */ + srtp_aes_gcm_256_test_case_0_aad, /* AAD */ + 8, /* */ + NULL /* pointer to next testcase */ +}; + +const srtp_cipher_test_case_t srtp_aes_gcm_256_test_case_0 = { + SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */ + srtp_aes_gcm_256_test_case_0_key, /* key */ + srtp_aes_gcm_256_test_case_0_iv, /* packet index */ + 60, /* octets in plaintext */ + srtp_aes_gcm_256_test_case_0_plaintext, /* plaintext */ + 76, /* octets in ciphertext */ + srtp_aes_gcm_256_test_case_0_ciphertext, /* ciphertext + tag */ + 20, /* octets in AAD */ + srtp_aes_gcm_256_test_case_0_aad, /* AAD */ + 16, /* */ + &srtp_aes_gcm_256_test_case_0a /* pointer to next testcase */ +}; diff --git a/libs/srtp/crypto/cipher/cipher_test_cases.h b/libs/srtp/crypto/cipher/cipher_test_cases.h new file mode 100644 index 0000000000..c8a9284002 --- /dev/null +++ b/libs/srtp/crypto/cipher/cipher_test_cases.h @@ -0,0 +1,53 @@ +/* + * + * Copyright (c) 2013-2021, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CHIPHER_TEST_CASES_H +#define CHIPHER_TEST_CASES_H + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "cipher.h" + +extern const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0; +extern const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0; +extern const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0; + +extern const srtp_cipher_test_case_t srtp_aes_gcm_128_test_case_0; +extern const srtp_cipher_test_case_t srtp_aes_gcm_256_test_case_0; + +#endif diff --git a/libs/srtp/crypto/cipher/null_cipher.c b/libs/srtp/crypto/cipher/null_cipher.c index 659add0d47..969724611c 100644 --- a/libs/srtp/crypto/cipher/null_cipher.c +++ b/libs/srtp/crypto/cipher/null_cipher.c @@ -97,7 +97,7 @@ static srtp_err_status_t srtp_null_cipher_init(void *cv, const uint8_t *key) { /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ - debug_print(srtp_mod_cipher, "initializing null cipher", NULL); + debug_print0(srtp_mod_cipher, "initializing null cipher"); return srtp_err_status_ok; } diff --git a/libs/srtp/crypto/hash/auth.c b/libs/srtp/crypto/hash/auth.c index f19327dc8e..9be0ccfd36 100644 --- a/libs/srtp/crypto/hash/auth.c +++ b/libs/srtp/crypto/hash/auth.c @@ -123,6 +123,12 @@ srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at, return status; } + status = srtp_auth_start(a); + if (status) { + srtp_auth_dealloc(a); + return status; + } + /* zeroize tag then compute */ octet_string_set_to_zero(tag, test_case->tag_length_octets); status = srtp_auth_compute(a, test_case->data, diff --git a/libs/srtp/crypto/hash/auth_test_cases.c b/libs/srtp/crypto/hash/auth_test_cases.c new file mode 100644 index 0000000000..22b9418434 --- /dev/null +++ b/libs/srtp/crypto/hash/auth_test_cases.c @@ -0,0 +1,70 @@ +/* + * + * Copyright (c) 2013-2021, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "auth_test_cases.h" +#include + +/* clang-format off */ +static const uint8_t srtp_hmac_test_case_0_key[20] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_hmac_test_case_0_data[8] = { + 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ +}; +/* clang-format on */ + +/* clang-format off */ +static const uint8_t srtp_hmac_test_case_0_tag[20] = { + 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, + 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, + 0xf1, 0x46, 0xbe, 0x00 +}; +/* clang-format on */ + +const srtp_auth_test_case_t srtp_hmac_test_case_0 = { + sizeof(srtp_hmac_test_case_0_key), /* octets in key */ + srtp_hmac_test_case_0_key, /* key */ + sizeof(srtp_hmac_test_case_0_data), /* octets in data */ + srtp_hmac_test_case_0_data, /* data */ + sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */ + srtp_hmac_test_case_0_tag, /* tag */ + NULL /* pointer to next testcase */ +}; diff --git a/libs/srtp/crypto/include/aes_gcm_ossl.h b/libs/srtp/crypto/hash/auth_test_cases.h similarity index 76% rename from libs/srtp/crypto/include/aes_gcm_ossl.h rename to libs/srtp/crypto/hash/auth_test_cases.h index d5b83eeeb0..9f37718205 100644 --- a/libs/srtp/crypto/include/aes_gcm_ossl.h +++ b/libs/srtp/crypto/hash/auth_test_cases.h @@ -1,15 +1,6 @@ -/* - * aes_gcm_ossl.h - * - * Header for AES Galois Counter Mode. - * - * John A. Foley - * Cisco Systems, Inc. - * - */ /* * - * Copyright (c) 2013-2017, Cisco Systems, Inc. + * Copyright (c) 2013-2021, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -43,20 +34,15 @@ * */ -#ifndef AES_GCM_OSSL_H -#define AES_GCM_OSSL_H +#ifndef AUTH_TEST_CASES_H +#define AUTH_TEST_CASES_H -#include "cipher.h" -#include "srtp.h" -#include "datatypes.h" -#include -#include +#ifdef HAVE_CONFIG_H +#include +#endif -typedef struct { - int key_size; - int tag_len; - EVP_CIPHER_CTX *ctx; - srtp_cipher_direction_t dir; -} srtp_aes_gcm_ctx_t; +#include "auth.h" -#endif /* AES_GCM_OSSL_H */ +extern const srtp_auth_test_case_t srtp_hmac_test_case_0; + +#endif diff --git a/libs/srtp/crypto/hash/hmac.c b/libs/srtp/crypto/hash/hmac.c index 6e91468f36..269c3f6a71 100644 --- a/libs/srtp/crypto/hash/hmac.c +++ b/libs/srtp/crypto/hash/hmac.c @@ -49,6 +49,7 @@ #include "hmac.h" #include "alloc.h" #include "cipher_types.h" +#include "auth_test_cases.h" /* the debug module for authentiation */ @@ -228,41 +229,6 @@ static srtp_err_status_t srtp_hmac_compute(void *statev, return srtp_err_status_ok; } -/* begin test case 0 */ -/* clang-format off */ -static const uint8_t srtp_hmac_test_case_0_key[20] = { - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_hmac_test_case_0_data[8] = { - 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_hmac_test_case_0_tag[20] = { - 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, - 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, - 0xf1, 0x46, 0xbe, 0x00 -}; -/* clang-format on */ - -static const srtp_auth_test_case_t srtp_hmac_test_case_0 = { - 20, /* octets in key */ - srtp_hmac_test_case_0_key, /* key */ - 8, /* octets in data */ - srtp_hmac_test_case_0_data, /* data */ - 20, /* octets in tag */ - srtp_hmac_test_case_0_tag, /* tag */ - NULL /* pointer to next testcase */ -}; - -/* end test case 0 */ - static const char srtp_hmac_description[] = "hmac sha-1 authentication function"; diff --git a/libs/srtp/crypto/hash/hmac_mbedtls.c b/libs/srtp/crypto/hash/hmac_mbedtls.c new file mode 100644 index 0000000000..f710be9c78 --- /dev/null +++ b/libs/srtp/crypto/hash/hmac_mbedtls.c @@ -0,0 +1,221 @@ +/* + * hmac_mbedtls.c + * + * Implementation of hmac srtp_auth_type_t that leverages Mbedtls + * + * YongCheng Yang + */ +/* + * + * Copyright(c) 2013-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "auth.h" +#include "alloc.h" +#include "err.h" /* for srtp_debug */ +#include "auth_test_cases.h" +#include + +#define SHA1_DIGEST_SIZE 20 + +/* the debug module for authentiation */ + +srtp_debug_module_t srtp_mod_hmac = { + 0, /* debugging is off by default */ + "hmac sha-1 mbedtls" /* printable name for module */ +}; + +static srtp_err_status_t srtp_hmac_mbedtls_alloc(srtp_auth_t **a, + int key_len, + int out_len) +{ + extern const srtp_auth_type_t srtp_hmac; + + debug_print(srtp_mod_hmac, "allocating auth func with key length %d", + key_len); + debug_print(srtp_mod_hmac, " tag length %d", + out_len); + + /* check output length - should be less than 20 bytes */ + if (key_len > SHA1_DIGEST_SIZE) { + return srtp_err_status_bad_param; + } + /* check output length - should be less than 20 bytes */ + if (out_len > SHA1_DIGEST_SIZE) { + return srtp_err_status_bad_param; + } + + *a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t)); + if (*a == NULL) { + return srtp_err_status_alloc_fail; + } + // allocate the buffer of mbedtls context. + (*a)->state = srtp_crypto_alloc(sizeof(mbedtls_md_context_t)); + if ((*a)->state == NULL) { + srtp_crypto_free(*a); + *a = NULL; + return srtp_err_status_alloc_fail; + } + mbedtls_md_init((mbedtls_md_context_t *)(*a)->state); + + /* set pointers */ + (*a)->type = &srtp_hmac; + (*a)->out_len = out_len; + (*a)->key_len = key_len; + (*a)->prefix_len = 0; + + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_hmac_mbedtls_dealloc(srtp_auth_t *a) +{ + mbedtls_md_context_t *hmac_ctx; + hmac_ctx = (mbedtls_md_context_t *)a->state; + mbedtls_md_free(hmac_ctx); + srtp_crypto_free(hmac_ctx); + /* zeroize entire state*/ + octet_string_set_to_zero(a, sizeof(srtp_auth_t)); + + /* free memory */ + srtp_crypto_free(a); + + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_hmac_mbedtls_start(void *statev) +{ + mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev; + if (mbedtls_md_hmac_reset(state) != 0) + return srtp_err_status_auth_fail; + + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_hmac_mbedtls_init(void *statev, + const uint8_t *key, + int key_len) +{ + mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev; + const mbedtls_md_info_t *info = NULL; + + info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); + if (info == NULL) + return srtp_err_status_auth_fail; + + if (mbedtls_md_setup(state, info, 1) != 0) + return srtp_err_status_auth_fail; + + debug_print(srtp_mod_hmac, "mbedtls setup, name: %s", + mbedtls_md_get_name(info)); + debug_print(srtp_mod_hmac, "mbedtls setup, size: %d", + mbedtls_md_get_size(info)); + + if (mbedtls_md_hmac_starts(state, key, key_len) != 0) + return srtp_err_status_auth_fail; + + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_hmac_mbedtls_update(void *statev, + const uint8_t *message, + int msg_octets) +{ + mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev; + + debug_print(srtp_mod_hmac, "input: %s", + srtp_octet_string_hex_string(message, msg_octets)); + + if (mbedtls_md_hmac_update(state, message, msg_octets) != 0) + return srtp_err_status_auth_fail; + + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_hmac_mbedtls_compute(void *statev, + const uint8_t *message, + int msg_octets, + int tag_len, + uint8_t *result) +{ + mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev; + uint8_t hash_value[SHA1_DIGEST_SIZE]; + int i; + + /* check tag length, return error if we can't provide the value expected */ + if (tag_len > SHA1_DIGEST_SIZE) { + return srtp_err_status_bad_param; + } + + /* hash message, copy output into H */ + if (mbedtls_md_hmac_update(statev, message, msg_octets) != 0) + return srtp_err_status_auth_fail; + + if (mbedtls_md_hmac_finish(state, hash_value) != 0) + return srtp_err_status_auth_fail; + + /* copy hash_value to *result */ + for (i = 0; i < tag_len; i++) { + result[i] = hash_value[i]; + } + + debug_print(srtp_mod_hmac, "output: %s", + srtp_octet_string_hex_string(hash_value, tag_len)); + + return srtp_err_status_ok; +} + +/* end test case 0 */ + +static const char srtp_hmac_mbedtls_description[] = + "hmac sha-1 authentication function using mbedtls"; + +/* + * srtp_auth_type_t hmac is the hmac metaobject + */ + +const srtp_auth_type_t srtp_hmac = { + srtp_hmac_mbedtls_alloc, /* */ + srtp_hmac_mbedtls_dealloc, /* */ + srtp_hmac_mbedtls_init, /* */ + srtp_hmac_mbedtls_compute, /* */ + srtp_hmac_mbedtls_update, /* */ + srtp_hmac_mbedtls_start, /* */ + srtp_hmac_mbedtls_description, /* */ + &srtp_hmac_test_case_0, /* */ + SRTP_HMAC_SHA1 /* */ +}; diff --git a/libs/srtp/crypto/hash/hmac_nss.c b/libs/srtp/crypto/hash/hmac_nss.c new file mode 100644 index 0000000000..8d1e42f620 --- /dev/null +++ b/libs/srtp/crypto/hash/hmac_nss.c @@ -0,0 +1,290 @@ +/* + * + * Copyright(c) 2013-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "auth.h" +#include "alloc.h" +#include "err.h" /* for srtp_debug */ +#include "auth_test_cases.h" + +#define NSS_PKCS11_2_0_COMPAT 1 + +#include +#include + +#define SHA1_DIGEST_SIZE 20 + +/* the debug module for authentiation */ + +srtp_debug_module_t srtp_mod_hmac = { + 0, /* debugging is off by default */ + "hmac sha-1 nss" /* printable name for module */ +}; + +typedef struct { + NSSInitContext *nss; + PK11SymKey *key; + PK11Context *ctx; +} srtp_hmac_nss_ctx_t; + +static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a, + int key_len, + int out_len) +{ + extern const srtp_auth_type_t srtp_hmac; + srtp_hmac_nss_ctx_t *hmac; + NSSInitContext *nss; + + debug_print(srtp_mod_hmac, "allocating auth func with key length %d", + key_len); + debug_print(srtp_mod_hmac, " tag length %d", + out_len); + + /* check output length - should be less than 20 bytes */ + if (out_len > SHA1_DIGEST_SIZE) { + return srtp_err_status_bad_param; + } + + /* Initialize NSS equiv of NSS_NoDB_Init(NULL) */ + nss = NSS_InitContext("", "", "", "", NULL, + NSS_INIT_READONLY | NSS_INIT_NOCERTDB | + NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN | + NSS_INIT_OPTIMIZESPACE); + if (!nss) { + return srtp_err_status_auth_fail; + } + + *a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t)); + if (*a == NULL) { + NSS_ShutdownContext(nss); + return srtp_err_status_alloc_fail; + } + + hmac = + (srtp_hmac_nss_ctx_t *)srtp_crypto_alloc(sizeof(srtp_hmac_nss_ctx_t)); + if (hmac == NULL) { + NSS_ShutdownContext(nss); + srtp_crypto_free(*a); + *a = NULL; + return srtp_err_status_alloc_fail; + } + + hmac->nss = nss; + hmac->key = NULL; + hmac->ctx = NULL; + + /* set pointers */ + (*a)->state = hmac; + (*a)->type = &srtp_hmac; + (*a)->out_len = out_len; + (*a)->key_len = key_len; + (*a)->prefix_len = 0; + + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a) +{ + srtp_hmac_nss_ctx_t *hmac; + + hmac = (srtp_hmac_nss_ctx_t *)a->state; + if (hmac) { + /* free any PK11 values that have been created */ + if (hmac->key) { + PK11_FreeSymKey(hmac->key); + hmac->key = NULL; + } + + if (hmac->ctx) { + PK11_DestroyContext(hmac->ctx, PR_TRUE); + hmac->ctx = NULL; + } + + if (hmac->nss) { + NSS_ShutdownContext(hmac->nss); + hmac->nss = NULL; + } + + /* zeroize everything */ + octet_string_set_to_zero(hmac, sizeof(srtp_hmac_nss_ctx_t)); + srtp_crypto_free(hmac); + } + + /* free memory */ + srtp_crypto_free(a); + + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_hmac_start(void *statev) +{ + srtp_hmac_nss_ctx_t *hmac; + hmac = (srtp_hmac_nss_ctx_t *)statev; + + if (PK11_DigestBegin(hmac->ctx) != SECSuccess) { + return srtp_err_status_auth_fail; + } + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_hmac_init(void *statev, + const uint8_t *key, + int key_len) +{ + srtp_hmac_nss_ctx_t *hmac; + hmac = (srtp_hmac_nss_ctx_t *)statev; + PK11SymKey *sym_key; + PK11Context *ctx; + + if (hmac->ctx) { + PK11_DestroyContext(hmac->ctx, PR_TRUE); + hmac->ctx = NULL; + } + + if (hmac->key) { + PK11_FreeSymKey(hmac->key); + hmac->key = NULL; + } + + PK11SlotInfo *slot = PK11_GetBestSlot(CKM_SHA_1_HMAC, NULL); + if (!slot) { + return srtp_err_status_bad_param; + } + + SECItem key_item = { siBuffer, (unsigned char *)key, key_len }; + sym_key = PK11_ImportSymKey(slot, CKM_SHA_1_HMAC, PK11_OriginUnwrap, + CKA_SIGN, &key_item, NULL); + PK11_FreeSlot(slot); + + if (!sym_key) { + return srtp_err_status_auth_fail; + } + + SECItem param_item = { siBuffer, NULL, 0 }; + ctx = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC, CKA_SIGN, sym_key, + ¶m_item); + if (!ctx) { + PK11_FreeSymKey(sym_key); + return srtp_err_status_auth_fail; + } + + hmac->key = sym_key; + hmac->ctx = ctx; + + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_hmac_update(void *statev, + const uint8_t *message, + int msg_octets) +{ + srtp_hmac_nss_ctx_t *hmac; + hmac = (srtp_hmac_nss_ctx_t *)statev; + + debug_print(srtp_mod_hmac, "input: %s", + srtp_octet_string_hex_string(message, msg_octets)); + + if (PK11_DigestOp(hmac->ctx, message, msg_octets) != SECSuccess) { + return srtp_err_status_auth_fail; + } + + return srtp_err_status_ok; +} + +static srtp_err_status_t srtp_hmac_compute(void *statev, + const uint8_t *message, + int msg_octets, + int tag_len, + uint8_t *result) +{ + srtp_hmac_nss_ctx_t *hmac; + hmac = (srtp_hmac_nss_ctx_t *)statev; + uint8_t hash_value[SHA1_DIGEST_SIZE]; + int i; + unsigned int len; + + debug_print(srtp_mod_hmac, "input: %s", + srtp_octet_string_hex_string(message, msg_octets)); + + /* check tag length, return error if we can't provide the value expected */ + if (tag_len > SHA1_DIGEST_SIZE) { + return srtp_err_status_bad_param; + } + + if (PK11_DigestOp(hmac->ctx, message, msg_octets) != SECSuccess) { + return srtp_err_status_auth_fail; + } + + if (PK11_DigestFinal(hmac->ctx, hash_value, &len, SHA1_DIGEST_SIZE) != + SECSuccess) { + return srtp_err_status_auth_fail; + } + + if (len < tag_len) + return srtp_err_status_auth_fail; + + /* copy hash_value to *result */ + for (i = 0; i < tag_len; i++) { + result[i] = hash_value[i]; + } + + debug_print(srtp_mod_hmac, "output: %s", + srtp_octet_string_hex_string(hash_value, tag_len)); + + return srtp_err_status_ok; +} + +static const char srtp_hmac_description[] = + "hmac sha-1 authentication function"; + +/* + * srtp_auth_type_t hmac is the hmac metaobject + */ + +const srtp_auth_type_t srtp_hmac = { + srtp_hmac_alloc, /* */ + srtp_hmac_dealloc, /* */ + srtp_hmac_init, /* */ + srtp_hmac_compute, /* */ + srtp_hmac_update, /* */ + srtp_hmac_start, /* */ + srtp_hmac_description, /* */ + &srtp_hmac_test_case_0, /* */ + SRTP_HMAC_SHA1 /* */ +}; diff --git a/libs/srtp/crypto/hash/hmac_ossl.c b/libs/srtp/crypto/hash/hmac_ossl.c index 8146438b05..ee6b0b5851 100644 --- a/libs/srtp/crypto/hash/hmac_ossl.c +++ b/libs/srtp/crypto/hash/hmac_ossl.c @@ -49,6 +49,7 @@ #include "auth.h" #include "alloc.h" #include "err.h" /* for srtp_debug */ +#include "auth_test_cases.h" #include #include @@ -192,6 +193,9 @@ static srtp_err_status_t srtp_hmac_compute(void *statev, int i; unsigned int len; + debug_print(srtp_mod_hmac, "input: %s", + srtp_octet_string_hex_string(message, msg_octets)); + /* check tag length, return error if we can't provide the value expected */ if (tag_len > SHA1_DIGEST_SIZE) { return srtp_err_status_bad_param; @@ -218,41 +222,6 @@ static srtp_err_status_t srtp_hmac_compute(void *statev, return srtp_err_status_ok; } -/* begin test case 0 */ -/* clang-format off */ -static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = { - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_hmac_test_case_0_data[8] = { - 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ -}; -/* clang-format on */ - -/* clang-format off */ -static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = { - 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, - 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, - 0xf1, 0x46, 0xbe, 0x00 -}; -/* clang-format on */ - -static const srtp_auth_test_case_t srtp_hmac_test_case_0 = { - sizeof(srtp_hmac_test_case_0_key), /* octets in key */ - srtp_hmac_test_case_0_key, /* key */ - sizeof(srtp_hmac_test_case_0_data), /* octets in data */ - srtp_hmac_test_case_0_data, /* data */ - sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */ - srtp_hmac_test_case_0_tag, /* tag */ - NULL /* pointer to next testcase */ -}; - -/* end test case 0 */ - static const char srtp_hmac_description[] = "hmac sha-1 authentication function"; diff --git a/libs/srtp/crypto/hash/sha1.c b/libs/srtp/crypto/hash/sha1.c index afd6381542..901a933250 100644 --- a/libs/srtp/crypto/hash/sha1.c +++ b/libs/srtp/crypto/hash/sha1.c @@ -76,15 +76,6 @@ uint32_t SHA_K1 = 0x6ED9EBA1; /* Kt for 20 <= t <= 39 */ uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */ uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */ -void srtp_sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) -{ - srtp_sha1_ctx_t ctx; - - srtp_sha1_init(&ctx); - srtp_sha1_update(&ctx, msg, octets_in_msg); - srtp_sha1_final(&ctx, hash_value); -} - /* * srtp_sha1_core(M, H) computes the core compression function, where M is * the next part of the message (in network byte order) and H is the @@ -261,14 +252,13 @@ void srtp_sha1_update(srtp_sha1_ctx_t *ctx, /* process a whole block */ - debug_print(srtp_mod_sha1, "(update) running srtp_sha1_core()", - NULL); + debug_print0(srtp_mod_sha1, "(update) running srtp_sha1_core()"); srtp_sha1_core(ctx->M, ctx->H); } else { - debug_print(srtp_mod_sha1, "(update) not running srtp_sha1_core()", - NULL); + debug_print0(srtp_mod_sha1, + "(update) not running srtp_sha1_core()"); for (i = ctx->octets_in_buffer; i < (ctx->octets_in_buffer + octets_in_msg); i++) { @@ -285,7 +275,7 @@ void srtp_sha1_update(srtp_sha1_ctx_t *ctx, * into the twenty octets located at *output */ -void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output) +void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t output[5]) { uint32_t A, B, C, D, E, TEMP; uint32_t W[80]; @@ -391,11 +381,10 @@ void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output) ctx->H[4] += E; } - debug_print(srtp_mod_sha1, "(final) running srtp_sha1_core()", NULL); + debug_print0(srtp_mod_sha1, "(final) running srtp_sha1_core()"); if (ctx->octets_in_buffer >= 56) { - debug_print(srtp_mod_sha1, "(final) running srtp_sha1_core() again", - NULL); + debug_print0(srtp_mod_sha1, "(final) running srtp_sha1_core() again"); /* we need to do one final run of the compression algo */ diff --git a/libs/srtp/crypto/include/aes_gcm.h b/libs/srtp/crypto/include/aes_gcm.h new file mode 100644 index 0000000000..cd0dceed3e --- /dev/null +++ b/libs/srtp/crypto/include/aes_gcm.h @@ -0,0 +1,110 @@ +/* + * aes_gcm.h + * + * Header for AES Galois Counter Mode. + * + * John A. Foley + * Cisco Systems, Inc. + * + */ +/* + * + * Copyright (c) 2013-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef AES_GCM_H +#define AES_GCM_H + +#include "cipher.h" +#include "srtp.h" +#include "datatypes.h" + +#ifdef OPENSSL + +#include +#include + +typedef struct { + int key_size; + int tag_len; + EVP_CIPHER_CTX *ctx; + srtp_cipher_direction_t dir; +} srtp_aes_gcm_ctx_t; + +#endif /* OPENSSL */ + +#ifdef MBEDTLS +#define MAX_AD_SIZE 2048 +#include +#include + +typedef struct { + int key_size; + int tag_len; + int aad_size; + int iv_len; + uint8_t iv[12]; + uint8_t tag[16]; + uint8_t aad[MAX_AD_SIZE]; + mbedtls_gcm_context *ctx; + srtp_cipher_direction_t dir; +} srtp_aes_gcm_ctx_t; + +#endif /* MBEDTLS */ + +#ifdef NSS + +#define NSS_PKCS11_2_0_COMPAT 1 + +#include +#include + +#define MAX_AD_SIZE 2048 + +typedef struct { + int key_size; + int tag_size; + srtp_cipher_direction_t dir; + NSSInitContext *nss; + PK11SymKey *key; + uint8_t iv[12]; + uint8_t aad[MAX_AD_SIZE]; + int aad_size; + CK_GCM_PARAMS params; + uint8_t tag[16]; +} srtp_aes_gcm_ctx_t; + +#endif /* NSS */ + +#endif /* AES_GCM_H */ diff --git a/libs/srtp/crypto/include/aes_icm_ossl.h b/libs/srtp/crypto/include/aes_icm_ext.h similarity index 76% rename from libs/srtp/crypto/include/aes_icm_ossl.h rename to libs/srtp/crypto/include/aes_icm_ext.h index c4aae376e6..5b21c95dde 100644 --- a/libs/srtp/crypto/include/aes_icm_ossl.h +++ b/libs/srtp/crypto/include/aes_icm_ext.h @@ -48,6 +48,9 @@ #include "cipher.h" #include "datatypes.h" + +#ifdef OPENSSL + #include #include @@ -58,4 +61,39 @@ typedef struct { EVP_CIPHER_CTX *ctx; } srtp_aes_icm_ctx_t; +#endif /* OPENSSL */ + +#ifdef MBEDTLS + +#include +typedef struct { + v128_t counter; /* holds the counter value */ + v128_t offset; /* initial offset value */ + v128_t stream_block; + size_t nc_off; + int key_size; + mbedtls_aes_context *ctx; +} srtp_aes_icm_ctx_t; + +#endif /* MBEDTLS */ + +#ifdef NSS + +#define NSS_PKCS11_2_0_COMPAT 1 + +#include +#include + +typedef struct { + v128_t counter; + v128_t offset; + int key_size; + uint8_t iv[16]; + NSSInitContext *nss; + PK11SymKey *key; + PK11Context *ctx; +} srtp_aes_icm_ctx_t; + +#endif /* NSS */ + #endif /* AES_ICM_H */ diff --git a/libs/srtp/crypto/include/stat.h b/libs/srtp/crypto/include/cipher_priv.h similarity index 77% rename from libs/srtp/crypto/include/stat.h rename to libs/srtp/crypto/include/cipher_priv.h index 1894e041aa..46848ea7c6 100644 --- a/libs/srtp/crypto/include/stat.h +++ b/libs/srtp/crypto/include/cipher_priv.h @@ -1,15 +1,6 @@ -/* - * stats.h - * - * interface to statistical test functions - * - * David A. McGrew - * Cisco Systems, Inc. - */ - /* * - * Copyright(c) 2001-2017, Cisco Systems, Inc. + * Copyright(c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -43,24 +34,29 @@ * */ -#ifndef STAT_H -#define STAT_H +#ifndef SRTP_CIHPER_PRIV_H +#define SRTP_CIHPER_PRIV_H -#include "datatypes.h" /* for uint8_t */ -#include "err.h" /* for srtp_err_status_t */ +#include "cipher.h" #ifdef __cplusplus extern "C" { #endif -srtp_err_status_t stat_test_monobit(uint8_t *data); +/* + * A trivial platform independent random source. + * For use in test only. + */ +void srtp_cipher_rand_for_tests(void *dest, uint32_t len); -srtp_err_status_t stat_test_poker(uint8_t *data); - -srtp_err_status_t stat_test_runs(uint8_t *data); +/* + * A trivial platform independent 32 bit random number. + * For use in test only. + */ +uint32_t srtp_cipher_rand_u32_for_tests(void); #ifdef __cplusplus } #endif -#endif /* STAT_H */ +#endif /* SRTP_CIPHER_PRIV_H */ diff --git a/libs/srtp/crypto/include/cipher_types.h b/libs/srtp/crypto/include/cipher_types.h index a543b5478b..28250d1624 100644 --- a/libs/srtp/crypto/include/cipher_types.h +++ b/libs/srtp/crypto/include/cipher_types.h @@ -47,10 +47,10 @@ extern const srtp_cipher_type_t srtp_null_cipher; extern const srtp_cipher_type_t srtp_aes_icm_128; extern const srtp_cipher_type_t srtp_aes_icm_256; -#ifdef OPENSSL +#ifdef GCM extern const srtp_cipher_type_t srtp_aes_icm_192; -extern const srtp_cipher_type_t srtp_aes_gcm_128_openssl; -extern const srtp_cipher_type_t srtp_aes_gcm_256_openssl; +extern const srtp_cipher_type_t srtp_aes_gcm_128; +extern const srtp_cipher_type_t srtp_aes_gcm_256; #endif /* @@ -66,16 +66,15 @@ extern const srtp_auth_type_t srtp_hmac; extern srtp_debug_module_t srtp_mod_auth; extern srtp_debug_module_t srtp_mod_cipher; -extern srtp_debug_module_t srtp_mod_stat; extern srtp_debug_module_t srtp_mod_alloc; /* debug modules for cipher types */ extern srtp_debug_module_t srtp_mod_aes_icm; -#ifdef OPENSSL + +#if defined(OPENSSL) || defined(MBEDTLS) || defined(NSS) extern srtp_debug_module_t srtp_mod_aes_gcm; #endif /* debug modules for auth types */ extern srtp_debug_module_t srtp_mod_hmac; - #endif diff --git a/libs/srtp/crypto/include/datatypes.h b/libs/srtp/crypto/include/datatypes.h index 182cca25b9..5164cf0021 100644 --- a/libs/srtp/crypto/include/datatypes.h +++ b/libs/srtp/crypto/include/datatypes.h @@ -66,27 +66,6 @@ extern "C" { #endif -/* if DATATYPES_USE_MACROS is defined, then little functions are macros */ -#define DATATYPES_USE_MACROS - -typedef union { - uint8_t v8[2]; - uint16_t value; -} v16_t; - -typedef union { - uint8_t v8[4]; - uint16_t v16[2]; - uint32_t value; -} v32_t; - -typedef union { - uint8_t v8[8]; - uint16_t v16[4]; - uint32_t v32[2]; - uint64_t value; -} v64_t; - typedef union { uint8_t v8[16]; uint16_t v16[8]; @@ -94,26 +73,6 @@ typedef union { uint64_t v64[2]; } v128_t; -typedef union { - uint8_t v8[32]; - uint16_t v16[16]; - uint32_t v32[8]; - uint64_t v64[4]; -} v256_t; - -/* some useful and simple math functions */ - -#define pow_2(X) ((unsigned int)1 << (X)) /* 2^X */ - -#define pow_minus_one(X) ((X) ? -1 : 1) /* (-1)^X */ - -/* - * octet_get_weight(x) returns the hamming weight (number of bits equal to - * one) in the octet x - */ - -int octet_get_weight(uint8_t octet); - #define MAX_PRINT_STRING_LEN 1024 char *srtp_octet_string_hex_string(const void *str, int length); @@ -126,56 +85,31 @@ void v128_copy_octet_string(v128_t *x, const uint8_t s[16]); void v128_left_shift(v128_t *x, int shift_index); -void v128_right_shift(v128_t *x, int shift_index); - /* * the following macros define the data manipulation functions * - * If DATATYPES_USE_MACROS is defined, then these macros are used - * directly (and function call overhead is avoided). Otherwise, - * the macros are used through the functions defined in datatypes.c - * (and the compiler provides better warnings). */ -#define _v128_set_to_zero(x) \ +#define v128_set_to_zero(x) \ ((x)->v32[0] = 0, (x)->v32[1] = 0, (x)->v32[2] = 0, (x)->v32[3] = 0) -#define _v128_copy(x, y) \ +#define v128_copy(x, y) \ ((x)->v32[0] = (y)->v32[0], (x)->v32[1] = (y)->v32[1], \ (x)->v32[2] = (y)->v32[2], (x)->v32[3] = (y)->v32[3]) -#define _v128_xor(z, x, y) \ +#define v128_xor(z, x, y) \ ((z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \ (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \ (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \ (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3]) -#define _v128_and(z, x, y) \ - ((z)->v32[0] = (x)->v32[0] & (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] & (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] & (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] & (y)->v32[3]) - -#define _v128_or(z, x, y) \ - ((z)->v32[0] = (x)->v32[0] | (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] | (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] | (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] | (y)->v32[3]) - -#define _v128_complement(x) \ - ((x)->v32[0] = ~(x)->v32[0], (x)->v32[1] = ~(x)->v32[1], \ - (x)->v32[2] = ~(x)->v32[2], (x)->v32[3] = ~(x)->v32[3]) - /* ok for NO_64BIT_MATH if it can compare uint64_t's (even as structures) */ -#define _v128_is_eq(x, y) \ - (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1])) - #ifdef NO_64BIT_MATH -#define _v128_xor_eq(z, x) \ +#define v128_xor_eq(z, x) \ ((z)->v32[0] ^= (x)->v32[0], (z)->v32[1] ^= (x)->v32[1], \ (z)->v32[2] ^= (x)->v32[2], (z)->v32[3] ^= (x)->v32[3]) #else -#define _v128_xor_eq(z, x) \ +#define v128_xor_eq(z, x) \ ((z)->v64[0] ^= (x)->v64[0], (z)->v64[1] ^= (x)->v64[1]) #endif @@ -188,66 +122,22 @@ void v128_right_shift(v128_t *x, int shift_index); really care which bit is which. AES does care which bit is which, but doesn't use the 128-bit get/set or 128-bit shifts */ -#define _v128_get_bit(x, bit) (((((x)->v32[(bit) >> 5]) >> ((bit)&31)) & 1)) +#define v128_get_bit(x, bit) (((((x)->v32[(bit) >> 5]) >> ((bit)&31)) & 1)) -#define _v128_set_bit(x, bit) \ +#define v128_set_bit(x, bit) \ ((((x)->v32[(bit) >> 5]) |= ((uint32_t)1 << ((bit)&31)))) -#define _v128_clear_bit(x, bit) \ +#define v128_clear_bit(x, bit) \ ((((x)->v32[(bit) >> 5]) &= ~((uint32_t)1 << ((bit)&31)))) -#define _v128_set_bit_to(x, bit, value) \ - ((value) ? _v128_set_bit(x, bit) : _v128_clear_bit(x, bit)) - -#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ - -#define v128_set_to_zero(z) _v128_set_to_zero(z) -#define v128_copy(z, x) _v128_copy(z, x) -#define v128_xor(z, x, y) _v128_xor(z, x, y) -#define v128_and(z, x, y) _v128_and(z, x, y) -#define v128_or(z, x, y) _v128_or(z, x, y) -#define v128_complement(x) _v128_complement(x) -#define v128_is_eq(x, y) _v128_is_eq(x, y) -#define v128_xor_eq(x, y) _v128_xor_eq(x, y) -#define v128_get_bit(x, i) _v128_get_bit(x, i) -#define v128_set_bit(x, i) _v128_set_bit(x, i) -#define v128_clear_bit(x, i) _v128_clear_bit(x, i) -#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) - -#else - -void v128_set_to_zero(v128_t *x); - -int v128_is_eq(const v128_t *x, const v128_t *y); - -void v128_copy(v128_t *x, const v128_t *y); - -void v128_xor(v128_t *z, v128_t *x, v128_t *y); - -void v128_and(v128_t *z, v128_t *x, v128_t *y); - -void v128_or(v128_t *z, v128_t *x, v128_t *y); - -void v128_complement(v128_t *x); - -int v128_get_bit(const v128_t *x, int i); - -void v128_set_bit(v128_t *x, int i); - -void v128_clear_bit(v128_t *x, int i); - -void v128_set_bit_to(v128_t *x, int i, int y); - -#endif /* DATATYPES_USE_MACROS */ - /* - * octet_string_is_eq(a, b, len) returns 1 if the length len strings a - * and b are not equal. It returns 0 otherwise. The running time of the + * srtp_octet_string_is_eq(a, b, len) returns 1 if the length len strings + * a and b are not equal. It returns 0 otherwise. The running time of the * comparison depends only on len, making this safe to use for (e.g.) * verifying authentication tags. */ -int octet_string_is_eq(uint8_t *a, uint8_t *b, int len); +int srtp_octet_string_is_eq(uint8_t *a, uint8_t *b, int len); /* * A portable way to zero out memory as recommended by @@ -278,7 +168,7 @@ void octet_string_set_to_zero(void *s, size_t len); #define be64_to_cpu(x) bswap_64((x)) #else /* WORDS_BIGENDIAN */ -#if defined(__GNUC__) && defined(HAVE_X86) +#if defined(__GNUC__) && (defined(HAVE_X86) || defined(__x86_64__)) /* Fall back. */ static inline uint32_t be32_to_cpu(uint32_t v) { @@ -331,35 +221,13 @@ typedef struct { uint32_t *word; } bitvector_t; -#define _bitvector_get_bit(v, bit_index) \ +#define bitvector_get_bit(v, bit_index) \ (((((v)->word[((bit_index) >> 5)]) >> ((bit_index)&31)) & 1)) -#define _bitvector_set_bit(v, bit_index) \ +#define bitvector_set_bit(v, bit_index) \ ((((v)->word[((bit_index) >> 5)] |= ((uint32_t)1 << ((bit_index)&31))))) -#define _bitvector_clear_bit(v, bit_index) \ - ((((v)->word[((bit_index) >> 5)] &= ~((uint32_t)1 << ((bit_index)&31))))) - -#define _bitvector_get_length(v) (((v)->length)) - -#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ - -#define bitvector_get_bit(v, bit_index) _bitvector_get_bit(v, bit_index) -#define bitvector_set_bit(v, bit_index) _bitvector_set_bit(v, bit_index) -#define bitvector_clear_bit(v, bit_index) _bitvector_clear_bit(v, bit_index) -#define bitvector_get_length(v) _bitvector_get_length(v) - -#else - -int bitvector_get_bit(const bitvector_t *v, int bit_index); - -void bitvector_set_bit(bitvector_t *v, int bit_index); - -void bitvector_clear_bit(bitvector_t *v, int bit_index); - -unsigned long bitvector_get_length(const bitvector_t *v); - -#endif +#define bitvector_get_length(v) (((v)->length)) int bitvector_alloc(bitvector_t *v, unsigned long length); @@ -369,8 +237,6 @@ void bitvector_set_to_zero(bitvector_t *x); void bitvector_left_shift(bitvector_t *x, int index); -char *bitvector_bit_string(bitvector_t *x, char *buf, int len); - #ifdef __cplusplus } #endif diff --git a/libs/srtp/crypto/include/err.h b/libs/srtp/crypto/include/err.h index 66a1023ec8..326f5e96b7 100644 --- a/libs/srtp/crypto/include/err.h +++ b/libs/srtp/crypto/include/err.h @@ -109,6 +109,8 @@ typedef struct { #ifdef ENABLE_DEBUG_LOGGING +#define debug_print0(mod, format) \ + srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name) #define debug_print(mod, format, arg) \ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) #define debug_print2(mod, format, arg1, arg2) \ @@ -117,6 +119,9 @@ typedef struct { #else +#define debug_print0(mod, format) \ + if (mod.on) \ + srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name) #define debug_print(mod, format, arg) \ if (mod.on) \ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) diff --git a/libs/srtp/crypto/include/key.h b/libs/srtp/crypto/include/key.h index 3498114b05..4164722c7c 100644 --- a/libs/srtp/crypto/include/key.h +++ b/libs/srtp/crypto/include/key.h @@ -66,8 +66,6 @@ srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key, srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original, srtp_key_limit_t *new_key); -srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key); - srtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key); typedef enum { diff --git a/libs/srtp/crypto/include/null_auth.h b/libs/srtp/crypto/include/null_auth.h index 490dd7bc0f..0e57d67061 100644 --- a/libs/srtp/crypto/include/null_auth.h +++ b/libs/srtp/crypto/include/null_auth.h @@ -55,17 +55,6 @@ typedef struct { char foo; } srtp_null_auth_ctx_t; -#if 0 -srtp_err_status_t srtp_null_auth_alloc(srtp_auth_t **a, int key_len, int out_len); - -srtp_err_status_t srtp_null_auth_dealloc(srtp_auth_t *a); - -srtp_err_status_t srtp_null_auth_init(srtp_null_auth_ctx_t *state, const uint8_t *key, int key_len); - -srtp_err_status_t srtp_null_auth_compute(srtp_null_auth_ctx_t *state, uint8_t *message, int msg_octets, int tag_len, uint8_t *result); - -#endif - #ifdef __cplusplus } #endif diff --git a/libs/srtp/crypto/include/rdb.h b/libs/srtp/crypto/include/rdb.h index 98314c1f3e..208dff3ff1 100644 --- a/libs/srtp/crypto/include/rdb.h +++ b/libs/srtp/crypto/include/rdb.h @@ -64,8 +64,6 @@ typedef struct { v128_t bitmask; } srtp_rdb_t; -#define rdb_bits_in_bitmask (8 * sizeof(v128_t)) - /* * srtp_rdb_init * diff --git a/libs/srtp/crypto/include/sha1.h b/libs/srtp/crypto/include/sha1.h index 933c1466a3..c9bf592dff 100644 --- a/libs/srtp/crypto/include/sha1.h +++ b/libs/srtp/crypto/include/sha1.h @@ -52,88 +52,12 @@ #endif #include "err.h" -#ifdef OPENSSL -#include -#include -#else #include "datatypes.h" -#endif #ifdef __cplusplus extern "C" { #endif -#ifdef OPENSSL - -/* - * srtp_sha1_init(&ctx) initializes the SHA1 context ctx - * - * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg - * into the SHA1 context - * - * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1 - * context and writes the result to the 20 octets at output - * - * Return values are ignored on the EVP functions since all three - * of these functions return void. - * - */ - -/* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated - using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER - -typedef EVP_MD_CTX srtp_sha1_ctx_t; - -static inline void srtp_sha1_init(srtp_sha1_ctx_t *ctx) -{ - EVP_MD_CTX_init(ctx); - EVP_DigestInit(ctx, EVP_sha1()); -} - -static inline void srtp_sha1_update(srtp_sha1_ctx_t *ctx, - const uint8_t *M, - int octets_in_msg) -{ - EVP_DigestUpdate(ctx, M, octets_in_msg); -} - -static inline void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output) -{ - unsigned int len = 0; - - EVP_DigestFinal(ctx, (unsigned char *)output, &len); - EVP_MD_CTX_cleanup(ctx); -} - -#else - -typedef EVP_MD_CTX *srtp_sha1_ctx_t; - -static inline void srtp_sha1_init(srtp_sha1_ctx_t *ctx) -{ - *ctx = EVP_MD_CTX_new(); - EVP_DigestInit(*ctx, EVP_sha1()); -} - -static inline void srtp_sha1_update(srtp_sha1_ctx_t *ctx, - const uint8_t *M, - int octets_in_msg) -{ - EVP_DigestUpdate(*ctx, M, octets_in_msg); -} - -static inline void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output) -{ - unsigned int len = 0; - - EVP_DigestFinal(*ctx, (unsigned char *)output, &len); - EVP_MD_CTX_free(*ctx); -} -#endif - -#else - typedef struct { uint32_t H[5]; /* state vector */ uint32_t M[16]; /* message buffer */ @@ -159,24 +83,6 @@ void srtp_sha1_update(srtp_sha1_ctx_t *ctx, void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t output[5]); -/* - * The srtp_sha1_core function is INTERNAL to SHA-1, but it is declared - * here because it is also used by the cipher SEAL 3.0 in its key - * setup algorithm. - */ - -/* - * srtp_sha1_core(M, H) computes the core sha1 compression function, where M is - * the next part of the message and H is the intermediate state {H0, - * H1, ...} - * - * this function does not do any of the padding required in the - * complete sha1 function - */ -void srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]); - -#endif /* else OPENSSL */ - #ifdef __cplusplus } #endif diff --git a/libs/srtp/crypto/kernel/alloc.c b/libs/srtp/crypto/kernel/alloc.c index dbe58266f4..3ebc315259 100644 --- a/libs/srtp/crypto/kernel/alloc.c +++ b/libs/srtp/crypto/kernel/alloc.c @@ -80,7 +80,7 @@ void *srtp_crypto_alloc(size_t size) if (ptr) { debug_print(srtp_mod_alloc, "(location: %p) allocated", ptr); } else { - debug_print(srtp_mod_alloc, "allocation failed (asked for %d bytes)\n", + debug_print(srtp_mod_alloc, "allocation failed (asked for %zu bytes)\n", size); } diff --git a/libs/srtp/crypto/kernel/crypto_kernel.c b/libs/srtp/crypto/kernel/crypto_kernel.c index ab4492e8a6..764e7ecfa0 100644 --- a/libs/srtp/crypto/kernel/crypto_kernel.c +++ b/libs/srtp/crypto/kernel/crypto_kernel.c @@ -101,10 +101,6 @@ srtp_err_status_t srtp_crypto_kernel_init() if (status) { return status; } - status = srtp_crypto_kernel_load_debug_module(&srtp_mod_stat); - if (status) { - return status; - } status = srtp_crypto_kernel_load_debug_module(&srtp_mod_alloc); if (status) { return status; @@ -130,18 +126,18 @@ srtp_err_status_t srtp_crypto_kernel_init() if (status) { return status; } -#ifdef OPENSSL +#ifdef GCM status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_192, SRTP_AES_ICM_192); if (status) { return status; } - status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128_openssl, + status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128, SRTP_AES_GCM_128); if (status) { return status; } - status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256_openssl, + status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256, SRTP_AES_GCM_256); if (status) { return status; @@ -277,7 +273,8 @@ static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type( srtp_cipher_type_id_t id, int replace) { - srtp_kernel_cipher_type_t *ctype, *new_ctype; + srtp_kernel_cipher_type_t *ctype; + srtp_kernel_cipher_type_t *new_ctype = NULL; srtp_err_status_t status; /* defensive coding */ @@ -354,7 +351,8 @@ srtp_err_status_t srtp_crypto_kernel_do_load_auth_type( srtp_auth_type_id_t id, int replace) { - srtp_kernel_auth_type_t *atype, *new_atype; + srtp_kernel_auth_type_t *atype; + srtp_kernel_auth_type_t *new_atype = NULL; srtp_err_status_t status; /* defensive coding */ diff --git a/libs/srtp/crypto/kernel/err.c b/libs/srtp/crypto/kernel/err.c index f443549e5a..9db5bfb432 100644 --- a/libs/srtp/crypto/kernel/err.c +++ b/libs/srtp/crypto/kernel/err.c @@ -80,6 +80,7 @@ srtp_err_status_t srtp_install_err_report_handler( void srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...) { + char msg[512]; va_list args; if (srtp_err_file != NULL) { va_start(args, format); @@ -88,7 +89,6 @@ void srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...) } if (srtp_err_report_handler != NULL) { va_start(args, format); - char msg[512]; if (vsnprintf(msg, sizeof(msg), format, args) > 0) { /* strip trailing \n, callback should not have one */ size_t l = strlen(msg); diff --git a/libs/srtp/crypto/kernel/key.c b/libs/srtp/crypto/kernel/key.c index 0466195046..5e6a188726 100644 --- a/libs/srtp/crypto/kernel/key.c +++ b/libs/srtp/crypto/kernel/key.c @@ -77,14 +77,6 @@ srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original, return srtp_err_status_ok; } -srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key) -{ - if (key->state == srtp_key_state_expired) { - return srtp_err_status_key_expired; - } - return srtp_err_status_ok; -} - srtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key) { #ifdef NO_64BIT_MATH diff --git a/libs/srtp/crypto/math/datatypes.c b/libs/srtp/crypto/math/datatypes.c index c0dfece659..0eb9d919b5 100644 --- a/libs/srtp/crypto/math/datatypes.c +++ b/libs/srtp/crypto/math/datatypes.c @@ -53,33 +53,14 @@ #include "datatypes.h" -static const int8_t octet_weight[256] = { - 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4, 1, 2, 2, 3, 2, 3, 3, 4, - 2, 3, 3, 4, 3, 4, 4, 5, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 1, 2, 2, 3, 2, 3, 3, 4, - 2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, - 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, - 4, 5, 5, 6, 5, 6, 6, 7, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, - 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, - 4, 5, 5, 6, 5, 6, 6, 7, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, - 4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8 -}; - -int octet_get_weight(uint8_t octet) -{ - return (int)octet_weight[octet]; -} - /* * bit_string is a buffer that is used to hold output strings, e.g. * for printing. */ /* the value MAX_PRINT_STRING_LEN is defined in datatypes.h */ - -char bit_string[MAX_PRINT_STRING_LEN]; +/* include space for null terminator */ +static char bit_string[MAX_PRINT_STRING_LEN + 1]; uint8_t srtp_nibble_to_hex_char(uint8_t nibble) { @@ -172,104 +153,6 @@ void v128_copy_octet_string(v128_t *x, const uint8_t s[16]) #endif } -#ifndef DATATYPES_USE_MACROS /* little functions are not macros */ - -void v128_set_to_zero(v128_t *x) -{ - _v128_set_to_zero(x); -} - -void v128_copy(v128_t *x, const v128_t *y) -{ - _v128_copy(x, y); -} - -void v128_xor(v128_t *z, v128_t *x, v128_t *y) -{ - _v128_xor(z, x, y); -} - -void v128_and(v128_t *z, v128_t *x, v128_t *y) -{ - _v128_and(z, x, y); -} - -void v128_or(v128_t *z, v128_t *x, v128_t *y) -{ - _v128_or(z, x, y); -} - -void v128_complement(v128_t *x) -{ - _v128_complement(x); -} - -int v128_is_eq(const v128_t *x, const v128_t *y) -{ - return _v128_is_eq(x, y); -} - -int v128_xor_eq(v128_t *x, const v128_t *y) -{ - return _v128_xor_eq(x, y); -} - -int v128_get_bit(const v128_t *x, int i) -{ - return _v128_get_bit(x, i); -} - -void v128_set_bit(v128_t *x, int i) -{ - _v128_set_bit(x, i); -} - -void v128_clear_bit(v128_t *x, int i) -{ - _v128_clear_bit(x, i); -} - -void v128_set_bit_to(v128_t *x, int i, int y) -{ - _v128_set_bit_to(x, i, y); -} - -#endif /* DATATYPES_USE_MACROS */ - -void v128_right_shift(v128_t *x, int shift) -{ - const int base_index = shift >> 5; - const int bit_index = shift & 31; - int i, from; - uint32_t b; - - if (shift > 127) { - v128_set_to_zero(x); - return; - } - - if (bit_index == 0) { - /* copy each word from left size to right side */ - x->v32[4 - 1] = x->v32[4 - 1 - base_index]; - for (i = 4 - 1; i > base_index; i--) - x->v32[i - 1] = x->v32[i - 1 - base_index]; - - } else { - /* set each word to the "or" of the two bit-shifted words */ - for (i = 4; i > base_index; i--) { - from = i - 1 - base_index; - b = x->v32[from] << bit_index; - if (from > 0) - b |= x->v32[from - 1] >> (32 - bit_index); - x->v32[i - 1] = b; - } - } - - /* now wrap up the final portion */ - for (i = 0; i < base_index; i++) - x->v32[i] = 0; -} - void v128_left_shift(v128_t *x, int shift) { int i; @@ -298,25 +181,6 @@ void v128_left_shift(v128_t *x, int shift) /* functions manipulating bitvector_t */ -#ifndef DATATYPES_USE_MACROS /* little functions are not macros */ - -int bitvector_get_bit(const bitvector_t *v, int bit_index) -{ - return _bitvector_get_bit(v, bit_index); -} - -void bitvector_set_bit(bitvector_t *v, int bit_index) -{ - _bitvector_set_bit(v, bit_index); -} - -void bitvector_clear_bit(bitvector_t *v, int bit_index) -{ - _bitvector_clear_bit(v, bit_index); -} - -#endif /* DATATYPES_USE_MACROS */ - int bitvector_alloc(bitvector_t *v, unsigned long length) { unsigned long l; @@ -361,27 +225,6 @@ void bitvector_set_to_zero(bitvector_t *x) memset(x->word, 0, x->length >> 3); } -char *bitvector_bit_string(bitvector_t *x, char *buf, int len) -{ - int j, i; - uint32_t mask; - - for (j = i = 0; j < (int)(x->length >> 5) && i < len - 1; j++) { - for (mask = 0x80000000; mask > 0; mask >>= 1) { - if (x->word[j] & mask) - buf[i] = '1'; - else - buf[i] = '0'; - ++i; - if (i >= len - 1) - break; - } - } - buf[i] = 0; /* null terminate string */ - - return buf; -} - void bitvector_left_shift(bitvector_t *x, int shift) { int i; @@ -410,7 +253,7 @@ void bitvector_left_shift(bitvector_t *x, int shift) x->word[i] = 0; } -int octet_string_is_eq(uint8_t *a, uint8_t *b, int len) +int srtp_octet_string_is_eq(uint8_t *a, uint8_t *b, int len) { uint8_t *end = b + len; uint8_t accumulator = 0; @@ -436,55 +279,9 @@ void srtp_cleanse(void *s, size_t len) void octet_string_set_to_zero(void *s, size_t len) { -#ifdef OPENSSL +#if defined(OPENSSL) && !defined(OPENSSL_CLEANSE_BROKEN) OPENSSL_cleanse(s, len); #else srtp_cleanse(s, len); #endif } - -#ifdef TESTAPP_SOURCE - -static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz0123456789+/"; - -static int base64_block_to_octet_triple(char *out, char *in) -{ - unsigned char sextets[4] = { 0 }; - int j = 0; - int i; - - for (i = 0; i < 4; i++) { - char *p = strchr(b64chars, in[i]); - if (p != NULL) - sextets[i] = p - b64chars; - else - j++; - } - - out[0] = (sextets[0] << 2) | (sextets[1] >> 4); - if (j < 2) - out[1] = (sextets[1] << 4) | (sextets[2] >> 2); - if (j < 1) - out[2] = (sextets[2] << 6) | sextets[3]; - return j; -} - -int base64_string_to_octet_string(char *out, int *pad, char *in, int len) -{ - int k = 0; - int i = 0; - int j = 0; - if (len % 4 != 0) - return 0; - - while (i < len && j == 0) { - j = base64_block_to_octet_triple(out + k, in + i); - k += 3; - i += 4; - } - *pad = j; - return i; -} - -#endif diff --git a/libs/srtp/crypto/math/stat.c b/libs/srtp/crypto/math/stat.c deleted file mode 100644 index 6dd332b0cf..0000000000 --- a/libs/srtp/crypto/math/stat.c +++ /dev/null @@ -1,213 +0,0 @@ -/* - * stats.c - * - * statistical tests - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2017, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include "stat.h" - -srtp_debug_module_t srtp_mod_stat = { - 0, /* debugging is off by default */ - (char *)"stat test" /* printable module name */ -}; - -/* - * each test assumes that 20,000 bits (2500 octets) of data is - * provided as input - */ - -#define STAT_TEST_DATA_LEN 2500 - -srtp_err_status_t stat_test_monobit(uint8_t *data) -{ - uint8_t *data_end = data + STAT_TEST_DATA_LEN; - uint16_t ones_count; - - ones_count = 0; - while (data < data_end) { - ones_count += octet_get_weight(*data); - data++; - } - - debug_print(srtp_mod_stat, "bit count: %d", ones_count); - - if ((ones_count < 9725) || (ones_count > 10275)) - return srtp_err_status_algo_fail; - - return srtp_err_status_ok; -} - -srtp_err_status_t stat_test_poker(uint8_t *data) -{ - int i; - uint8_t *data_end = data + STAT_TEST_DATA_LEN; - double poker; - uint16_t f[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - - while (data < data_end) { - f[*data & 0x0f]++; /* increment freq. count for low nibble */ - f[(*data) >> 4]++; /* increment freq. count for high nibble */ - data++; - } - - poker = 0.0; - for (i = 0; i < 16; i++) - poker += (double)f[i] * f[i]; - - poker *= (16.0 / 5000.0); - poker -= 5000.0; - - debug_print(srtp_mod_stat, "poker test: %f\n", poker); - - if ((poker < 2.16) || (poker > 46.17)) - return srtp_err_status_algo_fail; - - return srtp_err_status_ok; -} - -/* - * runs[i] holds the number of runs of size (i-1) - */ - -srtp_err_status_t stat_test_runs(uint8_t *data) -{ - uint8_t *data_end = data + STAT_TEST_DATA_LEN; - uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 }; - uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 }; - uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 }; - uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 }; - int state = 0; - uint16_t mask; - int i; - - /* - * the state variable holds the number of bits in the - * current run (or gap, if negative) - */ - - while (data < data_end) { - /* loop over the bits of this byte */ - for (mask = 1; mask < 256; mask <<= 1) { - if (*data & mask) { - /* next bit is a one */ - if (state > 0) { - /* prefix is a run, so increment the run-count */ - state++; - - /* check for long runs */ - if (state > 25) { - debug_print(srtp_mod_stat, ">25 runs: %d", state); - return srtp_err_status_algo_fail; - } - - } else if (state < 0) { - /* prefix is a gap */ - if (state < -25) { - debug_print(srtp_mod_stat, ">25 gaps: %d", state); - return srtp_err_status_algo_fail; /* long-runs test - failed */ - } - if (state < -6) { - state = -6; /* group together gaps > 5 */ - } - gaps[-1 - state]++; /* increment gap count */ - state = 1; /* set state at one set bit */ - } else { - /* state is zero; this happens only at initialization */ - state = 1; - } - } else { - /* next bit is a zero */ - if (state > 0) { - /* prefix is a run */ - if (state > 25) { - debug_print(srtp_mod_stat, ">25 runs (2): %d", state); - return srtp_err_status_algo_fail; /* long-runs test - failed */ - } - if (state > 6) { - state = 6; /* group together runs > 5 */ - } - runs[state - 1]++; /* increment run count */ - state = -1; /* set state at one zero bit */ - } else if (state < 0) { - /* prefix is a gap, so increment gap-count (decrement state) - */ - state--; - - /* check for long gaps */ - if (state < -25) { - debug_print(srtp_mod_stat, ">25 gaps (2): %d", state); - return srtp_err_status_algo_fail; - } - - } else { - /* state is zero; this happens only at initialization */ - state = -1; - } - } - } - - /* move along to next octet */ - data++; - } - - if (srtp_mod_stat.on) { - debug_print(srtp_mod_stat, "runs test", NULL); - for (i = 0; i < 6; i++) - debug_print(srtp_mod_stat, " runs[]: %d", runs[i]); - for (i = 0; i < 6; i++) - debug_print(srtp_mod_stat, " gaps[]: %d", gaps[i]); - } - - /* check run and gap counts against the fixed limits */ - for (i = 0; i < 6; i++) - if ((runs[i] < lo_value[i]) || (runs[i] > hi_value[i]) || - (gaps[i] < lo_value[i]) || (gaps[i] > hi_value[i])) - return srtp_err_status_algo_fail; - - return srtp_err_status_ok; -} diff --git a/libs/srtp/crypto/replay/rdb.c b/libs/srtp/crypto/replay/rdb.c index ab1c7b55b6..d8c2b3838e 100644 --- a/libs/srtp/crypto/replay/rdb.c +++ b/libs/srtp/crypto/replay/rdb.c @@ -49,6 +49,8 @@ #include "rdb.h" +#define rdb_bits_in_bitmask (8 * sizeof(v128_t)) + /* * this implementation of a replay database works as follows: * diff --git a/libs/srtp/crypto/test/aes_calc.c b/libs/srtp/crypto/test/aes_calc.c index b362fd57fc..3d0d5cf36b 100644 --- a/libs/srtp/crypto/test/aes_calc.c +++ b/libs/srtp/crypto/test/aes_calc.c @@ -67,7 +67,7 @@ void usage(char *prog_name) { - printf("usage: %s [-v]\n", prog_name); + printf("usage: %s <key> <plaintext> [<ciphertext>] [-v]\n", prog_name); exit(255); } @@ -75,6 +75,8 @@ void usage(char *prog_name) int main(int argc, char *argv[]) { + const char *expected_ciphertext = NULL; + const char *ciphertext = NULL; v128_t data; uint8_t key[AES_MAX_KEY_LEN]; srtp_aes_expanded_key_t exp_key; @@ -82,22 +84,26 @@ int main(int argc, char *argv[]) int verbose = 0; srtp_err_status_t status; - if (argc == 3) { - /* we're not in verbose mode */ - verbose = 0; - } else if (argc == 4) { - if (strncmp(argv[3], "-v", 2) == 0) { - /* we're in verbose mode */ - verbose = 1; - } else { - /* unrecognized flag, complain and exit */ - usage(argv[0]); - } - } else { + /* -v must be last if it's passed */ + if (argc > 0 && strncmp(argv[argc - 1], "-v", 2) == 0) { + /* we're in verbose mode */ + verbose = 1; + --argc; + } + + if (argc < 3 || argc > 4) { /* we've been fed the wrong number of arguments - compain and exit */ usage(argv[0]); } + if (argc == 4) { + /* we're being passed the ciphertext to check (in unit test mode) */ + expected_ciphertext = argv[3]; + if (strlen(expected_ciphertext) != 16 * 2) { + usage(argv[0]); + } + } + /* read in key, checking length */ if (strlen(argv[1]) > AES_MAX_KEY_LEN * 2) { fprintf(stderr, "error: too many digits in key " @@ -151,7 +157,16 @@ int main(int argc, char *argv[]) printf("key:\t\t%s\n", octet_string_hex_string(key, key_len)); printf("ciphertext:\t"); } - printf("%s\n", v128_hex_string(&data)); + + ciphertext = v128_hex_string(&data); + printf("%s\n", ciphertext); + + if (expected_ciphertext && strcmp(ciphertext, expected_ciphertext) != 0) { + fprintf(stderr, "error: calculated ciphertext %s does not match " + "expected ciphertext %s\n", + ciphertext, expected_ciphertext); + exit(1); + } return 0; } diff --git a/libs/srtp/crypto/test/cipher_driver.c b/libs/srtp/crypto/test/cipher_driver.c index e28f5f264f..4fbcd95e39 100644 --- a/libs/srtp/crypto/test/cipher_driver.c +++ b/libs/srtp/crypto/test/cipher_driver.c @@ -47,16 +47,11 @@ #include <config.h> #endif -#include <stdio.h> /* for printf() */ -#include <stdlib.h> /* for rand() */ +#include <stdio.h> /* for printf() */ #include "getopt_s.h" #include "cipher.h" -#ifdef OPENSSL -#include "aes_icm_ossl.h" -#include "aes_gcm_ossl.h" -#else -#include "aes_icm.h" -#endif +#include "cipher_priv.h" +#include "datatypes.h" #define PRINT_DEBUG 0 @@ -118,10 +113,10 @@ void check_status(srtp_err_status_t s) extern srtp_cipher_type_t srtp_null_cipher; extern srtp_cipher_type_t srtp_aes_icm_128; extern srtp_cipher_type_t srtp_aes_icm_256; -#ifdef OPENSSL +#ifdef GCM extern srtp_cipher_type_t srtp_aes_icm_192; -extern srtp_cipher_type_t srtp_aes_gcm_128_openssl; -extern srtp_cipher_type_t srtp_aes_gcm_256_openssl; +extern srtp_cipher_type_t srtp_aes_gcm_128; +extern srtp_cipher_type_t srtp_aes_gcm_256; #endif int main(int argc, char *argv[]) @@ -187,21 +182,19 @@ int main(int argc, char *argv[]) cipher_driver_test_array_throughput( &srtp_aes_icm_256, SRTP_AES_ICM_256_KEY_LEN_WSALT, num_cipher); -#ifdef OPENSSL +#ifdef GCM for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) cipher_driver_test_array_throughput( &srtp_aes_icm_192, SRTP_AES_ICM_192_KEY_LEN_WSALT, num_cipher); for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) { - cipher_driver_test_array_throughput(&srtp_aes_gcm_128_openssl, - SRTP_AES_GCM_128_KEY_LEN_WSALT, - num_cipher); + cipher_driver_test_array_throughput( + &srtp_aes_gcm_128, SRTP_AES_GCM_128_KEY_LEN_WSALT, num_cipher); } for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) { - cipher_driver_test_array_throughput(&srtp_aes_gcm_256_openssl, - SRTP_AES_GCM_256_KEY_LEN_WSALT, - num_cipher); + cipher_driver_test_array_throughput( + &srtp_aes_gcm_256, SRTP_AES_GCM_256_KEY_LEN_WSALT, num_cipher); } #endif } @@ -210,10 +203,10 @@ int main(int argc, char *argv[]) cipher_driver_self_test(&srtp_null_cipher); cipher_driver_self_test(&srtp_aes_icm_128); cipher_driver_self_test(&srtp_aes_icm_256); -#ifdef OPENSSL +#ifdef GCM cipher_driver_self_test(&srtp_aes_icm_192); - cipher_driver_self_test(&srtp_aes_gcm_128_openssl); - cipher_driver_self_test(&srtp_aes_gcm_256_openssl); + cipher_driver_self_test(&srtp_aes_gcm_128); + cipher_driver_self_test(&srtp_aes_gcm_256); #endif } @@ -277,9 +270,9 @@ int main(int argc, char *argv[]) status = srtp_cipher_dealloc(c); check_status(status); -#ifdef OPENSSL - /* run the throughput test on the aes_gcm_128_openssl cipher */ - status = srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, +#ifdef GCM + /* run the throughput test on the aes_gcm_128 cipher */ + status = srtp_cipher_type_alloc(&srtp_aes_gcm_128, &c, SRTP_AES_GCM_128_KEY_LEN_WSALT, 8); if (status) { fprintf(stderr, "error: can't allocate GCM 128 cipher\n"); @@ -291,15 +284,13 @@ int main(int argc, char *argv[]) cipher_driver_test_throughput(c); } - if (do_validation) { - status = cipher_driver_test_buffering(c); - check_status(status); - } + // GCM ciphers don't do buffering; they're "one shot" + status = srtp_cipher_dealloc(c); check_status(status); - /* run the throughput test on the aes_gcm_256_openssl cipher */ - status = srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, + /* run the throughput test on the aes_gcm_256 cipher */ + status = srtp_cipher_type_alloc(&srtp_aes_gcm_256, &c, SRTP_AES_GCM_256_KEY_LEN_WSALT, 16); if (status) { fprintf(stderr, "error: can't allocate GCM 256 cipher\n"); @@ -311,10 +302,8 @@ int main(int argc, char *argv[]) cipher_driver_test_throughput(c); } - if (do_validation) { - status = cipher_driver_test_buffering(c); - check_status(status); - } + // GCM ciphers don't do buffering; they're "one shot" + status = srtp_cipher_dealloc(c); check_status(status); #endif @@ -396,7 +385,7 @@ srtp_err_status_t cipher_driver_test_buffering(srtp_cipher_t *c) end = buffer1 + buflen; while (current < end) { /* choose a short length */ - len = rand() & 0x01f; + len = srtp_cipher_rand_u32_for_tests() & 0x01f; /* make sure that len doesn't cause us to overreach the buffer */ if (current + len > end) @@ -479,9 +468,8 @@ srtp_err_status_t cipher_array_alloc_init(srtp_cipher_t ***ca, return status; /* generate random key and initialize cipher */ - for (j = 0; j < klen; j++) - key[j] = (uint8_t)rand(); - for (; j < klen_pad; j++) + srtp_cipher_rand_for_tests(key, klen); + for (j = klen; j < klen_pad; j++) key[j] = 0; status = srtp_cipher_init(*cipher_array, key); if (status) @@ -535,7 +523,7 @@ uint64_t cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], v128_t nonce; clock_t timer; unsigned char *enc_buf; - int cipher_index = rand() % num_cipher; + int cipher_index = srtp_cipher_rand_u32_for_tests() % num_cipher; /* Over-alloc, for NIST CBC padding */ enc_buf = srtp_crypto_alloc(octets_in_buffer + 17); diff --git a/libs/srtp/crypto/test/datatypes_driver.c b/libs/srtp/crypto/test/datatypes_driver.c index 2f78903eb8..db1be7f668 100644 --- a/libs/srtp/crypto/test/datatypes_driver.c +++ b/libs/srtp/crypto/test/datatypes_driver.c @@ -60,6 +60,8 @@ void print_string(char *s); void test_bswap(void); +void test_set_to_zero(void); + int main(void) { /* @@ -98,13 +100,6 @@ int main(void) } printf("%s\n", v128_bit_string(&x)); - printf("----------------------------------------------\n"); - v128_set_to_zero(&x); - v128_set_bit(&x, 0); - for (i = 0; i < 128; i++) { - printf("%s\n", v128_bit_string(&x)); - v128_right_shift(&x, 1); - } printf("----------------------------------------------\n"); v128_set_to_zero(&x); v128_set_bit(&x, 127); @@ -135,6 +130,7 @@ int main(void) printf(" } \n"); test_bswap(); + test_set_to_zero(); return 0; } @@ -145,33 +141,6 @@ void byte_order(void) { int i; v128_t e; -#if 0 - v16_t b; - v32_t c; - v64_t d; - - for (i=0; i < sizeof(b); i++) - b.octet[i] = i; - for (i=0; i < sizeof(c); i++) - c.octet[i] = i; - for (i=0; i < sizeof(d); i++) - d.octet[i] = i; - - printf("v128_t:\t%s\n", v128_hex_string(&e)); - printf("v64_t:\t%s\n", v64_hex_string(&d)); - printf("v32_t:\t%s\n", v32_hex_string(c)); - printf("v16_t:\t%s\n", v16_hex_string(b)); - - c.value = 0x01020304; - printf("v32_t:\t%s\n", v32_hex_string(c)); - b.value = 0x0102; - printf("v16_t:\t%s\n", v16_hex_string(b)); - - printf("uint16_t ordering:\n"); - - c.value = 0x00010002; - printf("v32_t:\t%x%x\n", c.v16[0], c.v16[1]); -#endif printf("byte ordering of crypto/math datatypes:\n"); for (i = 0; i < sizeof(e); i++) @@ -228,3 +197,26 @@ void test_bswap(void) printf("bswapped octet string: %s\n", octet_string_hex_string((uint8_t *)&y, 8)); } + +void test_set_to_zero(void) +{ +#define BUFFER_SIZE (16) + uint8_t buffer[BUFFER_SIZE]; + size_t i; + + for (i = 0; i < BUFFER_SIZE; i++) { + buffer[i] = i & 0xff; + } + printf("Buffer before: %s\n", octet_string_hex_string(buffer, BUFFER_SIZE)); + octet_string_set_to_zero(buffer, BUFFER_SIZE); + printf("Buffer after: %s\n", octet_string_hex_string(buffer, BUFFER_SIZE)); + for (i = 0; i < BUFFER_SIZE; i++) { + if (buffer[i]) { + fprintf(stderr, + "Buffer contents not zero at position %zu (is %d)\n", i, + buffer[i]); + abort(); + } + } +#undef BUFFER_SIZE +} diff --git a/libs/srtp/crypto/test/kernel_driver.c b/libs/srtp/crypto/test/kernel_driver.c index d29405a971..929a2470af 100644 --- a/libs/srtp/crypto/test/kernel_driver.c +++ b/libs/srtp/crypto/test/kernel_driver.c @@ -113,15 +113,3 @@ int main(int argc, char *argv[]) return 0; } - -/* - * crypto_kernel_cipher_test() is a test of the cipher interface - * of the crypto_kernel - */ - -srtp_err_status_t crypto_kernel_cipher_test(void) -{ - /* not implemented yet! */ - - return srtp_err_status_ok; -} diff --git a/libs/srtp/crypto/test/meson.build b/libs/srtp/crypto/test/meson.build new file mode 100644 index 0000000000..533431c54e --- /dev/null +++ b/libs/srtp/crypto/test/meson.build @@ -0,0 +1,41 @@ +# crypto test suite + +test_apps = [ + 'cipher_driver', + 'datatypes_driver', + 'kernel_driver', + 'env', +] + +if not use_openssl and not use_nss + test_apps += ['sha1_driver'] +endif + +foreach test_name : test_apps + test_exe = executable(test_name, + '@0@.c'.format(test_name), '../../test/getopt_s.c', '../../test/util.c', + include_directories: [config_incs, crypto_incs, srtp2_incs, test_incs], + dependencies: [srtp2_deps, syslibs], + link_with: libsrtp2_for_tests) + test(test_name, test_exe, args: ['-v']) +endforeach + +if not use_openssl and not use_nss + test_exe = executable('aes_calc', + 'aes_calc.c', '../../test/getopt_s.c', '../../test/util.c', + include_directories: [config_incs, crypto_incs, srtp2_incs, test_incs], + dependencies: [srtp2_deps, syslibs], + link_with: libsrtp2_for_tests) + + # data values used to test the aes_calc application for AES-128 + k128 = '000102030405060708090a0b0c0d0e0f' + p128 = '00112233445566778899aabbccddeeff' + c128 = '69c4e0d86a7b0430d8cdb78070b4c55a' + test('aes_calc_128', test_exe, args: [k128, p128, c128]) + + # data values used to test the aes_calc application for AES-256 + k256 = '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f' + p256 = '00112233445566778899aabbccddeeff' + c256 = '8ea2b7ca516745bfeafc49904b496089' + test('aes_calc_256', test_exe, args: [k256, p256, c256]) +endif diff --git a/libs/srtp/crypto/test/stat_driver.c b/libs/srtp/crypto/test/stat_driver.c deleted file mode 100644 index 4149447f74..0000000000 --- a/libs/srtp/crypto/test/stat_driver.c +++ /dev/null @@ -1,258 +0,0 @@ -/* - * stat-driver.c - * - * test driver for the stat_test functions - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2017, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdio.h> /* for printf() */ - -#include "err.h" -#include "stat.h" -#include "srtp.h" - -#include "cipher.h" - -typedef struct { - void *state; -} random_source_t; - -srtp_err_status_t random_source_alloc(void); - -void err_check(srtp_err_status_t s) -{ - if (s) { - printf("error (code %d)\n", s); - exit(1); - } -} - -int main(int argc, char *argv[]) -{ - uint8_t buffer[2532]; - unsigned int buf_len = 2500; - int i, j; - extern srtp_cipher_type_t srtp_aes_icm_128; - extern srtp_cipher_type_t srtp_aes_icm_256; -#ifdef OPENSSL - extern srtp_cipher_type_t srtp_aes_gcm_128_openssl; - extern srtp_cipher_type_t srtp_aes_gcm_256_openssl; -#endif - srtp_cipher_t *c; - /* clang-format off */ - uint8_t key[46] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 - }; - /* clang-format on */ - v128_t nonce; - int num_trials = 500; - int num_fail; - - printf("statistical tests driver\n"); - - v128_set_to_zero(&nonce); - for (i = 0; i < 2500; i++) - buffer[i] = 0; - - /* run tests */ - printf("running stat_tests on all-null buffer, expecting failure\n"); - printf("monobit %d\n", stat_test_monobit(buffer)); - printf("poker %d\n", stat_test_poker(buffer)); - printf("runs %d\n", stat_test_runs(buffer)); - - for (i = 0; i < 2500; i++) - buffer[i] = rand(); - printf("running stat_tests on rand(), expecting success\n"); - printf("monobit %d\n", stat_test_monobit(buffer)); - printf("poker %d\n", stat_test_poker(buffer)); - printf("runs %d\n", stat_test_runs(buffer)); - - printf("running stat_tests on AES-128-ICM, expecting success\n"); - /* set buffer to cipher output */ - for (i = 0; i < 2500; i++) - buffer[i] = 0; - err_check(srtp_cipher_type_alloc(&srtp_aes_icm_128, &c, - SRTP_AES_ICM_128_KEY_LEN_WSALT, 0)); - err_check(srtp_cipher_init(c, key)); - err_check(srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt)); - err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); - /* run tests on cipher outout */ - printf("monobit %d\n", stat_test_monobit(buffer)); - printf("poker %d\n", stat_test_poker(buffer)); - printf("runs %d\n", stat_test_runs(buffer)); - - printf("runs test (please be patient): "); - fflush(stdout); - num_fail = 0; - v128_set_to_zero(&nonce); - for (j = 0; j < num_trials; j++) { - for (i = 0; i < 2500; i++) - buffer[i] = 0; - nonce.v32[3] = i; - err_check( - srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt)); - err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); - if (stat_test_runs(buffer)) { - num_fail++; - } - } - - printf("%d failures in %d tests\n", num_fail, num_trials); - printf("(nota bene: a small fraction of stat_test failures does not \n" - "indicate that the random source is invalid)\n"); - - err_check(srtp_cipher_dealloc(c)); - - printf("running stat_tests on AES-256-ICM, expecting success\n"); - /* set buffer to cipher output */ - for (i = 0; i < 2500; i++) - buffer[i] = 0; - err_check(srtp_cipher_type_alloc(&srtp_aes_icm_256, &c, - SRTP_AES_ICM_256_KEY_LEN_WSALT, 0)); - err_check(srtp_cipher_init(c, key)); - err_check(srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt)); - err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); - /* run tests on cipher outout */ - printf("monobit %d\n", stat_test_monobit(buffer)); - printf("poker %d\n", stat_test_poker(buffer)); - printf("runs %d\n", stat_test_runs(buffer)); - - printf("runs test (please be patient): "); - fflush(stdout); - num_fail = 0; - v128_set_to_zero(&nonce); - for (j = 0; j < num_trials; j++) { - for (i = 0; i < 2500; i++) - buffer[i] = 0; - nonce.v32[3] = i; - err_check( - srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt)); - err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); - if (stat_test_runs(buffer)) { - num_fail++; - } - } - -#ifdef OPENSSL - { - printf("running stat_tests on AES-128-GCM, expecting success\n"); - /* set buffer to cipher output */ - for (i = 0; i < 2500; i++) { - buffer[i] = 0; - } - err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, - SRTP_AES_GCM_128_KEY_LEN_WSALT, 8)); - err_check(srtp_cipher_init(c, key)); - err_check( - srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt)); - err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); - /* run tests on cipher outout */ - printf("monobit %d\n", stat_test_monobit(buffer)); - printf("poker %d\n", stat_test_poker(buffer)); - printf("runs %d\n", stat_test_runs(buffer)); - fflush(stdout); - num_fail = 0; - v128_set_to_zero(&nonce); - for (j = 0; j < num_trials; j++) { - for (i = 0; i < 2500; i++) { - buffer[i] = 0; - } - nonce.v32[3] = i; - err_check(srtp_cipher_set_iv(c, (uint8_t *)&nonce, - srtp_direction_encrypt)); - err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); - buf_len = 2500; - if (stat_test_runs(buffer)) { - num_fail++; - } - } - - printf("running stat_tests on AES-256-GCM, expecting success\n"); - /* set buffer to cipher output */ - for (i = 0; i < 2500; i++) { - buffer[i] = 0; - } - err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, - SRTP_AES_GCM_256_KEY_LEN_WSALT, 16)); - err_check(srtp_cipher_init(c, key)); - err_check( - srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt)); - err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); - /* run tests on cipher outout */ - printf("monobit %d\n", stat_test_monobit(buffer)); - printf("poker %d\n", stat_test_poker(buffer)); - printf("runs %d\n", stat_test_runs(buffer)); - fflush(stdout); - num_fail = 0; - v128_set_to_zero(&nonce); - for (j = 0; j < num_trials; j++) { - for (i = 0; i < 2500; i++) { - buffer[i] = 0; - } - nonce.v32[3] = i; - err_check(srtp_cipher_set_iv(c, (uint8_t *)&nonce, - srtp_direction_encrypt)); - err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); - buf_len = 2500; - if (stat_test_runs(buffer)) { - num_fail++; - } - } - } -#endif - - printf("%d failures in %d tests\n", num_fail, num_trials); - printf("(nota bene: a small fraction of stat_test failures does not \n" - "indicate that the random source is invalid)\n"); - - err_check(srtp_cipher_dealloc(c)); - - return 0; -} diff --git a/libs/srtp/doc/Doxyfile.in b/libs/srtp/doc/Doxyfile.in index 129a03d6db..69c6ef680e 100644 --- a/libs/srtp/doc/Doxyfile.in +++ b/libs/srtp/doc/Doxyfile.in @@ -38,7 +38,7 @@ PROJECT_NAME = libSRTP # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = LIBSRTPVERSIONNUMBER +PROJECT_NUMBER = @LIBSRTPVERSIONNUMBER@ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a diff --git a/libs/srtp/doc/Makefile.in b/libs/srtp/doc/Makefile.in index 830ccbbbda..523174ab42 100644 --- a/libs/srtp/doc/Makefile.in +++ b/libs/srtp/doc/Makefile.in @@ -21,7 +21,7 @@ libsrtpdoc: @if test ! -e Doxyfile.in; then \ echo "*** Sorry, can't build doc outside source dir"; exit 1; \ fi - sed 's/LIBSRTPVERSIONNUMBER/$(version)/' Doxyfile.in > Doxyfile + sed 's/@LIBSRTPVERSIONNUMBER@/$(version)/' Doxyfile.in > Doxyfile doxygen clean: diff --git a/libs/srtp/doc/meson.build b/libs/srtp/doc/meson.build new file mode 100644 index 0000000000..a693897e8c --- /dev/null +++ b/libs/srtp/doc/meson.build @@ -0,0 +1,22 @@ +# libSRTP documentation + +doxygen = find_program('doxygen', required: get_option('doc')) + +if not doxygen.found() + subdir_done() +endif + +doc_config = configuration_data() +doc_config.set('LIBSRTPVERSIONNUMBER', meson.project_version()) + +doxyfile = configure_file(input: 'Doxyfile.in', + output: 'Doxyfile', + configuration: doc_config) + +# can be built on demand with ninja -C builddir doc/html +doxygen_html_docs = custom_target('doc', + build_by_default: false, + command: [doxygen, doxyfile], + output: ['html']) + +alias_target('libsrtp2doc', doxygen_html_docs) diff --git a/libs/srtp/include/ekt.h b/libs/srtp/include/ekt.h deleted file mode 100644 index a289a53dab..0000000000 --- a/libs/srtp/include/ekt.h +++ /dev/null @@ -1,181 +0,0 @@ -/* - * ekt.h - * - * interface to Encrypted Key Transport for SRTP - * - * David McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2017 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/* - * EKT implementation strategy - * - * use stream_template approach - * - * in srtp_unprotect, when a new stream appears, check if template has - * EKT defined, and if it does, then apply EKT processing - * - * question: will we want to allow key-sharing templates in addition - * to EKT templates? could define a new ssrc_type_t that's associated - * with an EKT, e.g. ssrc_any_ekt. - * - * - */ - -#ifndef SRTP_EKT_H -#define SRTP_EKT_H - -// left in commented out as reminder to not include private headers -//#include "srtp_priv.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define SRTP_EKT_CIPHER_DEFAULT 1 -#define SRTP_EKT_CIPHER_AES_128_ECB 1 -#define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2 -#define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3 - -typedef uint16_t srtp_ekt_spi_t; - -unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt); - -/* - * an srtp_policy_t structure can contain a pointer to an - * srtp_ekt_policy_t structure - * - * this structure holds all of the high level EKT information, and it - * is passed into libsrtp to indicate what policy should be in effect - */ - -typedef struct srtp_ekt_policy_ctx_t { - srtp_ekt_spi_t spi; /* security parameter index */ - uint8_t ekt_cipher_type; - uint8_t *ekt_key; - struct srtp_ekt_policy_ctx_t *next_ekt_policy; -} srtp_ekt_policy_ctx_t; - -/* - * an srtp_ekt_data_t structure holds the data corresponding to an ekt key, - * spi, and so on - */ - -typedef struct srtp_ekt_data_t { - srtp_ekt_spi_t spi; - uint8_t ekt_cipher_type; - srtp_aes_expanded_key_t ekt_enc_key; - srtp_aes_expanded_key_t ekt_dec_key; - struct ekt_data_t *next_ekt_data; -} srtp_ekt_data_t; - -/* - * an srtp_stream_ctx_t can contain an srtp_ekt_stream_ctx_t - * - * an srtp_ekt_stream_ctx_t structure holds all of the EKT information for - * a specific SRTP stream - */ - -typedef struct srtp_ekt_stream_ctx_t { - srtp_ekt_data_t *data; - uint16_t isn; /* initial sequence number */ - uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; -} srtp_ekt_stream_ctx_t; - -srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, - srtp_ekt_policy_t policy); - -srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e, - srtp_ekt_spi_t spi, - void *ekt_key, - unsigned ekt_cipher_type); - -srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e, - srtp_ekt_policy_t p); - -srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, - const void *srtcp_hdr, - unsigned pkt_octet_len); - -void srtp_ekt_write_data(srtp_ekt_stream_t ekt, - uint8_t *base_tag, - unsigned base_tag_len, - int *packet_len, - srtp_xtd_seq_num_t pkt_index); - -/* - * We handle EKT by performing some additional steps before - * authentication (copying the auth tag into a temporary location, - * zeroizing the "base tag" field in the packet) - * - * With EKT, the tag_len parameter is actually the base tag - * length - */ -srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag, - uint8_t *pkt_tag_copy, - unsigned tag_len); - -srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, - uint8_t *pkt_tag_copy, - unsigned tag_len); - -/* - * @brief EKT pre-processing for srtcp tag generation - * - * This function does the pre-processing of the SRTCP authentication - * tag format. When EKT is used, it consists of writing the Encrypted - * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI - * fields. The Base Authentication Tag field is set to the all-zero - * value - * - * When EKT is not used, this function is a no-op. - * - */ -srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess( - const srtp_stream_t *s, - uint8_t *pkt_tag, - unsigned pkt_octet_len); - -/* it's not clear that a tag_generation_postprocess function is needed */ -srtp_err_status_t srtcp_auth_tag_generation_postprocess(void); - -#ifdef __cplusplus -} -#endif - -#endif /* SRTP_EKT_H */ diff --git a/libs/srtp/include/srtp.h b/libs/srtp/include/srtp.h index 1fdd6c3aff..fa34daf641 100644 --- a/libs/srtp/include/srtp.h +++ b/libs/srtp/include/srtp.h @@ -86,7 +86,7 @@ extern "C" { /** * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer * (authentication tag and MKI) supported by libSRTP. This value is - * the maixmum number of octets that will be added to an RTP packet by + * the maximum number of octets that will be added to an RTP packet by * srtp_protect(). * * @brief the maximum number of octets added by srtp_protect(). @@ -130,7 +130,7 @@ extern "C" { * * A srtp_cipher_type_id_t is an integer that represents a particular * cipher type, e.g. the Advanced Encryption Standard (AES). A - * SRTP_NULL_CIPHER is avaliable; this cipher leaves the data unchanged, + * SRTP_NULL_CIPHER is available; this cipher leaves the data unchanged, * and can be selected to indicate that no encryption is to take * place. * @@ -145,7 +145,7 @@ typedef uint32_t srtp_cipher_type_id_t; * * An srtp_auth_type_id_t is an integer that represents a particular * authentication function type, e.g. HMAC-SHA1. A SRTP_NULL_AUTH is - * avaliable; this authentication function performs no computation, + * available; this authentication function performs no computation, * and can be selected to indicate that no authentication is to take * place. * @@ -242,7 +242,7 @@ typedef struct srtp_crypto_policy_t { * @brief srtp_ssrc_type_t describes the type of an SSRC. * * An srtp_ssrc_type_t enumeration is used to indicate a type of SSRC. See - * @ref srtp_policy_t for more informataion. + * @ref srtp_policy_t for more information. */ typedef enum { ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */ @@ -270,16 +270,6 @@ typedef struct { /**< wildcard */ } srtp_ssrc_t; -/** - * @brief points to an EKT policy - */ -typedef struct srtp_ekt_policy_ctx_t *srtp_ekt_policy_t; - -/** - * @brief points to EKT stream data - */ -typedef struct srtp_ekt_stream_ctx_t *srtp_ekt_stream_t; - /** * @brief srtp_master_key_t represents a master key. There will * be a Master Key Index and the Master Key associated with the @@ -329,8 +319,8 @@ typedef struct srtp_policy_t { /**< this stream. */ srtp_master_key_t **keys; /** Array of Master Key structures */ unsigned long num_master_keys; /** Number of master keys */ - srtp_ekt_policy_t ekt; /**< Pointer to the EKT policy structure */ - /**< for this stream (if any) */ + void *deprecated_ekt; /**< DEPRECATED: pointer to the EKT */ + /**< policy structure for this stream */ unsigned long window_size; /**< The window size to use for replay */ /**< protection. */ int allow_repeat_tx; /**< Whether retransmissions of */ @@ -350,7 +340,7 @@ typedef struct srtp_policy_t { * @brief An srtp_t points to an SRTP session structure. * * The typedef srtp_t is a pointer to a structure that represents - * an SRTP session. This datatype is intentially opaque in + * an SRTP session. This datatype is intentionally opaque in * order to separate the interface from the implementation. * * An SRTP session consists of all of the traffic sent to the RTP and @@ -581,7 +571,7 @@ srtp_err_status_t srtp_unprotect_mki(srtp_t ctx, * have its `next' field set to NULL. * * @return - * - srtp_err_status_ok if creation succeded. + * - srtp_err_status_ok if creation succeeded. * - srtp_err_status_alloc_fail if allocation failed. * - srtp_err_status_init_fail if initialization failed. */ @@ -597,7 +587,7 @@ srtp_err_status_t srtp_create(srtp_t *session, const srtp_policy_t *policy); * stream. * * @return values: - * - srtp_err_status_ok if stream creation succeded. + * - srtp_err_status_ok if stream creation succeeded. * - srtp_err_status_alloc_fail if stream allocation failed * - srtp_err_status_init_fail if stream initialization failed. */ @@ -620,18 +610,18 @@ srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy); * session. * * @return - * - srtp_err_status_ok if the stream deallocation succeded. + * - srtp_err_status_ok if the stream deallocation succeeded. * - [other] otherwise. * */ srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc); /** - * @brief srtp_update() udpates all streams in the session. + * @brief srtp_update() updates all streams in the session. * * The function call srtp_update(session, policy) updates * all the streams in the session applying the given policy - * and key. The exsisting ROC value of all streams will be + * and key. The existing ROC value of all streams will be * preserved. * * @param session is the SRTP session that contains the streams @@ -644,7 +634,7 @@ srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc); * have its `next' field set to NULL. * * @return - * - srtp_err_status_ok if stream creation succeded. + * - srtp_err_status_ok if stream creation succeed. * - srtp_err_status_alloc_fail if stream allocation failed * - srtp_err_status_init_fail if stream initialization failed. * - [other] otherwise. @@ -653,11 +643,11 @@ srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc); srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy); /** - * @brief srtp_update_stream() udpates a SRTP stream. + * @brief srtp_update_stream() updates a SRTP stream. * * The function call srtp_update_stream(session, policy) updates * the stream(s) in the session that match applying the given - * policy and key. The exsisting ROC value of all stream(s) will + * policy and key. The existing ROC value of all stream(s) will * be preserved. * * @param session is the SRTP session that contains the streams @@ -667,7 +657,7 @@ srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy); * for the session. * * @return - * - srtp_err_status_ok if stream creation succeded. + * - srtp_err_status_ok if stream creation succeeded. * - srtp_err_status_alloc_fail if stream allocation failed * - srtp_err_status_init_fail if stream initialization failed. * - [other] otherwise. @@ -682,14 +672,14 @@ srtp_err_status_t srtp_update_stream(srtp_t session, * * @param p is a pointer to the policy structure to be set * - * The function call crypto_policy_set_rtp_default(&p) sets the - * crypto_policy_t at location p to the SRTP default policy for RTP + * The function call srtp_crypto_policy_set_rtp_default(&p) sets the + * srtp_crypto_policy_t at location p to the SRTP default policy for RTP * protection, as defined in the specification. This function is a * convenience that helps to avoid dealing directly with the policy * data structure. You are encouraged to initialize policy elements * with this function call. Doing so may allow your code to be * forward compatible with later versions of libSRTP that include more - * elements in the crypto_policy_t datatype. + * elements in the srtp_crypto_policy_t datatype. * * @return void. * @@ -802,7 +792,7 @@ void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p); * sets the srtp_crypto_policy_t at location p to use HMAC-SHA1 with an 80 * bit authentication tag to provide message authentication, but to * use no encryption. This policy is NOT RECOMMENDED for SRTP unless - * there is a requirement to forego encryption. + * there is a requirement to forgo encryption. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize @@ -811,7 +801,7 @@ void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p); * include more elements in the srtp_crypto_policy_t datatype. * * @warning This policy is NOT RECOMMENDED for SRTP unless there is a - * requirement to forego encryption. + * requirement to forgo encryption. * * @return void. * @@ -827,7 +817,7 @@ void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p); * The function call srtp_crypto_policy_set_null_cipher_hmac_null(&p) * sets the srtp_crypto_policy_t at location p to use no encryption and * no authentication. This policy should only be used for testing and - * troubleshootingl. + * troubleshooting. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize @@ -836,7 +826,7 @@ void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p); * include more elements in the srtp_crypto_policy_t datatype. * * @warning This policy is NOT RECOMMENDED for SRTP unless there is a - * requirement to forego encryption and authentication. + * requirement to forgo encryption and authentication. * * @return void. * @@ -934,7 +924,7 @@ void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p); * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(&p) - * sets the crypto_policy_t at location p to use policy + * sets the srtp_crypto_policy_t at location p to use policy * AES_CM_192_HMAC_SHA1_80 as defined in RFC 6188. This policy uses AES-192 * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit * authentication tag. @@ -943,7 +933,7 @@ void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p); * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that - * include more elements in the crypto_policy_t datatype. + * include more elements in the srtp_crypto_policy_t datatype. * * @return void. * @@ -958,7 +948,7 @@ void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p); * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(&p) - * sets the crypto_policy_t at location p to use policy + * sets the srtp_crypto_policy_t at location p to use policy * AES_CM_192_HMAC_SHA1_32 as defined in RFC 6188. This policy uses AES-192 * Counter Mode encryption and HMAC-SHA1 authentication, with an * authentication tag that is only 32 bits long. This length is @@ -970,7 +960,7 @@ void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p); * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that - * include more elements in the crypto_policy_t datatype. + * include more elements in the srtp_crypto_policy_t datatype. * * @warning This crypto policy is intended for use in SRTP, but not in * SRTCP. It is recommended that a policy that uses longer @@ -989,7 +979,7 @@ void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p); * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_192_null_auth(&p) sets - * the crypto_policy_t at location p to use the SRTP default cipher + * the srtp_crypto_policy_t at location p to use the SRTP default cipher * (AES-192 Counter Mode), but to use no authentication method. This * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). @@ -998,7 +988,7 @@ void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p); * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that - * include more elements in the crypto_policy_t datatype. + * include more elements in the srtp_crypto_policy_t datatype. * * @warning This policy is NOT RECOMMENDED for SRTP unless it is * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see @@ -1160,7 +1150,7 @@ void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p); * * @return * - srtp_err_status_ok if there no problems. - * - srtp_err_status_dealloc_fail a memory deallocation failure occured. + * - srtp_err_status_dealloc_fail a memory deallocation failure occurred. */ srtp_err_status_t srtp_dealloc(srtp_t s); @@ -1168,9 +1158,7 @@ srtp_err_status_t srtp_dealloc(srtp_t s); * @brief identifies a particular SRTP profile * * An srtp_profile_t enumeration is used to identify a particular SRTP - * profile (that is, a set of algorithms and parameters). These profiles - * are defined for DTLS-SRTP: - * https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml + * profile (that is, a set of algorithms and parameters). */ typedef enum { srtp_profile_reserved = 0, @@ -1363,7 +1351,7 @@ srtp_err_status_t srtp_protect_rtcp(srtp_t ctx, * will * use the session keys identified by the mki_index * - * @param mki_index integer value specifying which set of session kesy should be + * @param mki_index integer value specifying which set of session keys should be * used if use_mki is set to true. * * @return @@ -1560,7 +1548,7 @@ void *srtp_get_user_data(srtp_t ctx); * latter case, all of the streams in the session will expire. */ typedef enum { - event_ssrc_collision, /**< An SSRC collision occured. */ + event_ssrc_collision, /**< An SSRC collision occurred. */ event_key_soft_limit, /**< An SRTP stream reached the soft key */ /**< usage limit and will expire soon. */ event_key_hard_limit, /**< An SRTP stream reached the hard */ @@ -1577,9 +1565,9 @@ typedef enum { * handler function. */ typedef struct srtp_event_data_t { - srtp_t session; /**< The session in which the event happend. */ + srtp_t session; /**< The session in which the event happened. */ uint32_t ssrc; /**< The ssrc in host order of the stream in which */ - /**< the event happend */ + /**< the event happened */ srtp_event_t event; /**< An enum indicating the type of event. */ } srtp_event_data_t; @@ -1603,7 +1591,7 @@ typedef void(srtp_event_handler_func_t)(srtp_event_data_t *data); * as an argument; in this case, events will be ignored rather than * handled. * - * @param func is a pointer to a fuction that takes an srtp_event_data_t + * @param func is a pointer to a function that takes an srtp_event_data_t * pointer as an argument and returns void. This function * will be used by libSRTP to handle events. */ @@ -1671,10 +1659,10 @@ typedef void(srtp_log_handler_func_t)(srtp_log_level_t level, * The function call srtp_install_log_handler(func) sets the log * handler function to the value func. The value NULL is acceptable * as an argument; in this case, log messages will be ignored. - * This function can be called before srtp_init() inorder to capture + * This function can be called before srtp_init() in order to capture * any logging during start up. * - * @param func is a pointer to a fuction of type srtp_log_handler_func_t. + * @param func is a pointer to a function of type srtp_log_handler_func_t. * This function will be used by libSRTP to output log messages. * @param data is a user pointer that will be returned as the data argument in * func. diff --git a/libs/srtp/include/srtp2/meson.build b/libs/srtp/include/srtp2/meson.build new file mode 100644 index 0000000000..88d068a338 --- /dev/null +++ b/libs/srtp/include/srtp2/meson.build @@ -0,0 +1,8 @@ +# Copy public headers scattered across the source tree into a single directory +# so that we can use it in declare_dependency() +foreach h : public_headers + configure_file(input: h, + output: '@BASENAME@.h', + copy: true) +endforeach +public_incs = include_directories('.') diff --git a/libs/srtp/include/srtp_priv.h b/libs/srtp/include/srtp_priv.h index 661a7f94ab..355277e137 100644 --- a/libs/srtp/include/srtp_priv.h +++ b/libs/srtp/include/srtp_priv.h @@ -55,7 +55,6 @@ #include "cipher.h" #include "auth.h" #include "aes.h" -#include "key.h" #include "crypto_kernel.h" #ifdef __cplusplus @@ -147,7 +146,6 @@ typedef struct srtp_stream_ctx_t_ { srtp_sec_serv_t rtcp_services; direction_t direction; int allow_repeat_tx; - srtp_ekt_stream_t ekt; int *enc_xtn_hdr; int enc_xtn_hdr_count; uint32_t pending_roc; @@ -219,7 +217,7 @@ typedef struct { * srtcp_hdr_t represents a secure rtcp header * * in this implementation, an srtcp header is assumed to be 32-bit - * alinged + * aligned */ #ifndef WORDS_BIGENDIAN diff --git a/libs/srtp/install-win.bat b/libs/srtp/install-win.bat deleted file mode 100644 index a4fc0eb7a8..0000000000 --- a/libs/srtp/install-win.bat +++ /dev/null @@ -1,35 +0,0 @@ -:: Installs from srtp windows build directory to directory specified on -:: command line - - -@if "%1"=="" ( - echo "Usage: %~nx0 destdir" - exit /b 1 -) else ( - set destdir=%1 -) - -@if not exist %destdir% ( - echo %destdir% not found - exit /b 1 -) - -@for %%d in (include\srtp.h crypto\include\cipher.h Debug\srtp2.lib Release\srtp2.lib x64\Debug\srtp2.lib x64\Release\srtp2.lib) do ( - if not exist "%%d" ( - echo "%%d not found: are you in the right directory?" - exit /b 1 - ) -) - -mkdir %destdir%\include -mkdir %destdir%\include\srtp2 -mkdir %destdir%\lib -mkdir %destdir%\lib\x64 - -@for %%d in (include\srtp.h include\ekt.h crypto\include\cipher.h crypto\include\auth.h crypto\include\crypto_types.h) do ( - copy %%d %destdir%\include\srtp2 -) -copy Release\srtp2.lib %destdir%\lib\srtp2.lib -copy Debug\srtp2.lib %destdir%\lib\srtp2d.lib -copy x64\Release\srtp2.lib %destdir%\lib\x64\srtp2.lib -copy x64\Debug\srtp2.lib %destdir%\lib\x64\srtp2d.lib diff --git a/libs/srtp/libsrtp.2017.vcxproj b/libs/srtp/libsrtp.2017.vcxproj index f3e0dac48a..80826653db 100644 --- a/libs/srtp/libsrtp.2017.vcxproj +++ b/libs/srtp/libsrtp.2017.vcxproj @@ -360,7 +360,6 @@ <ClCompile Include="crypto\cipher\aes_gcm_ossl.c" /> <ClCompile Include="crypto\cipher\aes_icm_ossl.c" /> <ClCompile Include="crypto\hash\hmac_ossl.c" /> - <ClCompile Include="srtp\ekt.c" /> <ClCompile Include="srtp\srtp.c" /> <ClCompile Include="crypto\kernel\alloc.c" /> <ClCompile Include="crypto\kernel\crypto_kernel.c" /> @@ -375,14 +374,14 @@ <FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</FunctionLevelLinking> </ClCompile> <ClCompile Include="crypto\cipher\cipher.c" /> + <ClCompile Include="crypto\cipher\cipher_test_cases.c" /> <ClCompile Include="crypto\cipher\null_cipher.c" /> <ClCompile Include="crypto\hash\auth.c" /> + <ClCompile Include="crypto\hash\auth_test_cases.c" /> <ClCompile Include="crypto\hash\null_auth.c" /> <ClCompile Include="crypto\replay\rdb.c" /> <ClCompile Include="crypto\replay\rdbx.c" /> - <ClCompile Include="crypto\replay\ut_sim.c" /> <ClCompile Include="crypto\math\datatypes.c" /> - <ClCompile Include="crypto\math\stat.c" /> </ItemGroup> <ItemGroup> <ClInclude Include="crypto\include\aes.h" /> @@ -408,8 +407,6 @@ <ClInclude Include="include\rtp.h" /> <ClInclude Include="crypto\include\sha1.h" /> <ClInclude Include="include\srtp.h" /> - <ClInclude Include="crypto\include\stat.h" /> - <ClInclude Include="include\ut_sim.h" /> </ItemGroup> <ItemGroup> <None Include="srtp.def" /> diff --git a/libs/srtp/libsrtp2.pc.in b/libs/srtp/libsrtp2.pc.in index fcb86528c4..f2097a3a2d 100644 --- a/libs/srtp/libsrtp2.pc.in +++ b/libs/srtp/libsrtp2.pc.in @@ -7,5 +7,6 @@ Name: @PACKAGE_NAME@ Version: @PACKAGE_VERSION@ Description: Library for SRTP (Secure Realtime Transport Protocol) -Libs: -L${libdir} -lsrtp2 @LIBS@ +Libs: -L${libdir} -lsrtp2 +Libs.private: @LIBS@ Cflags: -I${includedir} diff --git a/libs/srtp/meson.build b/libs/srtp/meson.build new file mode 100644 index 0000000000..c70efd7fde --- /dev/null +++ b/libs/srtp/meson.build @@ -0,0 +1,297 @@ +project('libsrtp2', 'c', version: '2.4.0', + meson_version: '>= 0.52.0', + default_options: ['buildtype=debugoptimized']) + +soversion = 1 + +cc = meson.get_compiler('c') +host_system = host_machine.system() + +srtp2_deps = [] +syslibs = [] + +if host_system == 'windows' + syslibs += [cc.find_library('ws2_32')] # for socket +endif + +cdata = configuration_data() +cdata.set_quoted('PACKAGE_VERSION', meson.project_version()) +cdata.set_quoted('PACKAGE_STRING', '@0@ @1@'.format(meson.project_name(), meson.project_version())) + +check_headers = [ + 'arpa/inet.h', + 'byteswap.h', + 'inttypes.h', + 'machine/types.h', + 'netinet/in.h', + 'stdint.h', + 'stdlib.h', + 'sys/int_types.h', + 'sys/socket.h', + 'sys/types.h', + 'sys/uio.h', + 'unistd.h', +] + +if host_system == 'windows' + check_headers += ['windows.h', 'winsock2.h'] +endif + +foreach h : check_headers + if cc.has_header(h) + cdata.set('HAVE_' + h.to_upper().underscorify(), true) + endif +endforeach + +check_functions = [ + 'sigaction', + 'inet_aton', + 'usleep', + 'socket', +] + +foreach f : check_functions + if cc.has_function(f, dependencies: syslibs) + cdata.set('HAVE_' + f.to_upper().underscorify(), true) + endif +endforeach + +if host_machine.endian() == 'big' + cdata.set('WORDS_BIGENDIAN', true) +endif + +# This follows the checks in configure.ac, but is it up-to-date ?! +if host_machine.cpu_family() in ['x86', 'x86_64'] + cdata.set('CPU_CISC', true, description: 'Building for a CISC machine (e.g. Intel)') + cdata.set('HAVE_X86', true, description: 'Use x86 inlined assembly code') +else + cdata.set('CPU_RISC', true, description: 'Building for a RISC machine (assume slow byte access)') +endif + +# Pretty much all supported platforms have stdint.h nowadays +assert(cc.has_header('stdint.h'), 'stdint.h not available!') + +# we'll just assume these types are available via stdint.h +foreach type : ['int8_t', 'uint8_t', 'int16_t', 'uint16_t', 'int32_t', 'uint32_t', 'uint64_t'] + cdata.set('HAVE_' + type.to_upper().underscorify(), true) +endforeach + +size_t_prefix = ''' +#ifdef _WIN32 +#include <crtdefs.h> +#endif +#include <sys/types.h> +''' +if not cc.has_type('size_t', prefix: size_t_prefix) + cdata.set('size_t', 'unsigned int') +endif + +# check type availability and size +foreach type : ['unsigned long', 'unsigned long long'] + if cc.has_type(type) + cdata.set('HAVE_' + type.to_upper().underscorify(), true) + cdata.set('SIZEOF_' + type.to_upper().underscorify(), cc.sizeof(type)) + endif +endforeach + +if not cc.compiles('inline void func(); void func() { } int main() { func(); return 0; }', name: 'inline keyword check') + if cc.compiles('__inline void func(); void func() { } int main() { func(); return 0; }', name: '__inline keyword check') + cdata.set('inline', '__inline') + else + cdata.set('inline', '') + endif +endif + +if get_option('log-stdout') + cdata.set('ERR_REPORTING_STDOUT', true) +endif + +if get_option('log-file') != '' + cdata.set('ERR_REPORTING_FILE', get_option('log-file')) +endif + +if cdata.has('ERR_REPORTING_STDOUT') and cdata.has('ERR_REPORTING_FILE') + error('The log-stdout and log-file options are mutually exclusive!') +endif + +if get_option('debug-logging') + cdata.set('ENABLE_DEBUG_LOGGING', true) +endif + +use_openssl = false +use_nss = false + +crypto_library = get_option('crypto-library') +if crypto_library == 'openssl' + openssl_dep = dependency('openssl', version: '>= 1.0.1', required: true) + srtp2_deps += [openssl_dep] + cdata.set('GCM', true) + cdata.set('OPENSSL', true) + cdata.set('USE_EXTERNAL_CRYPTO', true) + use_openssl = true + # NOTE: This is not available in upstream OpenSSL yet. It's only in 'certain' + # forks of OpenSSL: https://github.com/cisco/libsrtp/issues/458 + if ( + openssl_dep.type_name() != 'internal' and + not get_option('crypto-library-kdf').disabled() and + cc.has_function('kdf_srtp', dependencies: openssl_dep) + ) + cdata.set('OPENSSL_KDF', true) + elif get_option('crypto-library-kdf').enabled() + error('KDF support has been enabled, but OpenSSL does not provide it') + endif +elif crypto_library == 'nss' + nss_dep = dependency('nss', version: '>= 1.0.1', required: true) + srtp2_deps += [nss_dep] + cdata.set('GCM', true) + cdata.set('NSS', true) + cdata.set('USE_EXTERNAL_CRYPTO', true) + use_nss = true + # TODO(RLB): Use NSS for KDF + if get_option('crypto-library-kdf').enabled() + error('KDF support has not been implemented for NSS') + endif +endif + +configure_file(output: 'config.h', configuration: cdata) + +add_project_arguments('-DHAVE_CONFIG_H', language: 'c') + +if get_option('buildtype') != 'plain' + w_args = ['-Wstrict-prototypes'] + add_project_arguments(cc.get_supported_arguments(w_args), language: 'c') +endif + +if get_option('optimization') not in ['0', 'g', 's'] + # -fexpensive-optimizations set already by default for -O2, -O3 + o_args = ['-funroll-loops'] + add_project_arguments(cc.get_supported_arguments(o_args), language: 'c') +endif + +sources = files( + 'srtp/srtp.c', + ) + +ciphers_sources = files( + 'crypto/cipher/cipher.c', + 'crypto/cipher/cipher_test_cases.c', + 'crypto/cipher/null_cipher.c', + ) + +if use_openssl + ciphers_sources += files( + 'crypto/cipher/aes_icm_ossl.c', + 'crypto/cipher/aes_gcm_ossl.c', + ) +elif use_nss + ciphers_sources += files( + 'crypto/cipher/aes_icm_nss.c', + 'crypto/cipher/aes_gcm_nss.c', + ) +else + ciphers_sources += files( + 'crypto/cipher/aes.c', + 'crypto/cipher/aes_icm.c', + ) +endif + +hashes_sources = files( + 'crypto/hash/auth.c', + 'crypto/hash/auth_test_cases.c', + 'crypto/hash/null_auth.c', + ) + +if use_openssl + hashes_sources += files( + 'crypto/hash/hmac_ossl.c', + ) +elif use_nss + hashes_sources += files( + 'crypto/hash/hmac_nss.c', + ) +else + hashes_sources += files( + 'crypto/hash/hmac.c', + 'crypto/hash/sha1.c', + ) +endif + +kernel_sources = files( + 'crypto/kernel/alloc.c', + 'crypto/kernel/crypto_kernel.c', + 'crypto/kernel/err.c', + 'crypto/kernel/key.c', +) + +math_sources = files( + 'crypto/math/datatypes.c', +) + +replay_sources = files( + 'crypto/replay/rdb.c', + 'crypto/replay/rdbx.c', +) + +public_headers = files( + 'include/srtp.h', + 'crypto/include/auth.h', + 'crypto/include/cipher.h', + 'crypto/include/crypto_types.h', +) +install_headers(public_headers, subdir : 'srtp2') + +config_incs = include_directories('.') +crypto_incs = include_directories('crypto/include') +srtp2_incs = include_directories('include') +test_incs = include_directories('test') + +default_library = get_option('default_library') + +libsrtp2_static = static_library('srtp2', sources, ciphers_sources, hashes_sources, + kernel_sources, math_sources, replay_sources, + dependencies: [srtp2_deps, syslibs], + include_directories: [crypto_incs, srtp2_incs], + install: default_library != 'shared') + +if default_library != 'static' + libsrtp2 = shared_library('srtp2', + dependencies: [srtp2_deps, syslibs], + soversion : soversion, + vs_module_defs: 'srtp.def', + link_whole: libsrtp2_static, + install: true) +else + libsrtp2 = libsrtp2_static +endif + +subdir('include/srtp2') # copies public_headers into the builddir and sets public_incs + +libsrtp2_dep = declare_dependency(link_with: libsrtp2, + include_directories: public_incs) + +if not get_option('tests').disabled() + # Tests use non-public API, and when building on Windows the only symbols we + # export are those in srtp.def, so link to the static library in that case. + if host_system == 'windows' + libsrtp2_for_tests = libsrtp2_static + else + libsrtp2_for_tests = libsrtp2 + endif + subdir('crypto/test') + subdir('test') +endif + +if not get_option('fuzzer').disabled() + subdir('fuzzer') +endif + +if not get_option('doc').disabled() + subdir('doc') +endif + +pkgconfig = import('pkgconfig') +pkgconfig.generate(libsrtp2, + filebase: meson.project_name(), + name: meson.project_name(), + version: meson.project_version(), + description: 'Library for SRTP (Secure Realtime Transport Protocol)') diff --git a/libs/srtp/meson_options.txt b/libs/srtp/meson_options.txt new file mode 100644 index 0000000000..1c39b9d881 --- /dev/null +++ b/libs/srtp/meson_options.txt @@ -0,0 +1,18 @@ +option('debug-logging', type : 'boolean', value : false, + description : 'Enable debug logging in all modules') +option('log-stdout', type : 'boolean', value : false, + description : 'Redirect logging to stdout') +option('log-file', type : 'string', value : '', + description : 'Write logging output into this file') +option('crypto-library', type: 'combo', choices : ['none', 'openssl', 'nss'], value : 'none', + description : 'What external crypto library to leverage, if any (OpenSSL or NSS)') +option('crypto-library-kdf', type : 'feature', value : 'auto', + description : 'Use the external crypto library for Key Derivation Function support') +option('fuzzer', type : 'feature', value : 'disabled', + description : 'Build libsrtp2 fuzzer (requires build with clang)') +option('tests', type : 'feature', value : 'auto', yield : true, + description : 'Build test applications') +option('pcap-tests', type : 'feature', value : 'auto', + description : 'Build test application that require libpcap') +option('doc', type : 'feature', value : 'auto', yield : true, + description : 'Generate API documentation with doxygen') diff --git a/libs/srtp/srtp.def b/libs/srtp/srtp.def index e22074057f..d418b1464b 100644 --- a/libs/srtp/srtp.def +++ b/libs/srtp/srtp.def @@ -2,12 +2,15 @@ EXPORTS srtp_init srtp_shutdown srtp_protect +srtp_protect_mki srtp_unprotect +srtp_unprotect_mki srtp_create srtp_add_stream srtp_remove_stream srtp_update srtp_update_stream +srtp_get_stream srtp_crypto_policy_set_rtp_default srtp_crypto_policy_set_rtcp_default srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32 @@ -17,32 +20,36 @@ srtp_crypto_policy_set_null_cipher_hmac_null srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32 srtp_crypto_policy_set_aes_cm_256_null_auth -; TODO - GCM module not yet supported on Win32 -; srtp_crypto_policy_set_aes_gcm_128_8_auth -; srtp_crypto_policy_set_aes_gcm_256_8_auth -; srtp_crypto_policy_set_aes_gcm_128_8_only_auth -; srtp_crypto_policy_set_aes_gcm_256_8_only_auth -; srtp_crypto_policy_set_aes_gcm_128_16_auth -; srtp_crypto_policy_set_aes_gcm_256_16_auth +srtp_crypto_policy_set_aes_gcm_128_8_auth +srtp_crypto_policy_set_aes_gcm_256_8_auth +srtp_crypto_policy_set_aes_gcm_128_8_only_auth +srtp_crypto_policy_set_aes_gcm_256_8_only_auth +srtp_crypto_policy_set_aes_gcm_128_16_auth +srtp_crypto_policy_set_aes_gcm_256_16_auth srtp_dealloc srtp_crypto_policy_set_from_profile_for_rtp srtp_crypto_policy_set_from_profile_for_rtcp srtp_profile_get_master_key_length srtp_profile_get_master_salt_length srtp_append_salt_to_key +srtp_get_protect_trailer_length +srtp_get_protect_rtcp_trailer_length srtp_protect_rtcp +srtp_protect_rtcp_mki srtp_unprotect_rtcp +srtp_unprotect_rtcp_mki +srtp_set_stream_roc srtp_set_user_data +srtp_get_stream_roc srtp_get_user_data srtp_install_event_handler srtp_get_version_string srtp_get_version srtp_set_debug_module srtp_list_debug_modules -srtp_ekt_octets_after_base_tag -srtp_ekt_alloc -srtp_ekt_stream_init_from_policy -srtp_ekt_write_data +srtp_install_log_handler +srtp_err_report +srtp_crypto_kernel_load_debug_module srtp_cipher_get_key_length srtp_cipher_type_self_test srtp_cipher_type_test @@ -63,3 +70,6 @@ srtp_auth_get_prefix_length srtp_auth_type_self_test srtp_auth_type_test srtp_replace_auth_type +srtp_octet_string_hex_string +srtp_octet_string_is_eq +srtp_rdbx_get_window_size diff --git a/libs/srtp/srtp/ekt.c b/libs/srtp/srtp/ekt.c deleted file mode 100644 index b54ecf64eb..0000000000 --- a/libs/srtp/srtp/ekt.c +++ /dev/null @@ -1,281 +0,0 @@ -/* - * ekt.c - * - * Encrypted Key Transport for SRTP - * - * David McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2017 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "srtp_priv.h" -#include "err.h" -#include "ekt.h" - -extern srtp_debug_module_t mod_srtp; - -/* - * The EKT Authentication Tag format. - * - * 0 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * : Base Authentication Tag : - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * : Encrypted Master Key : - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Rollover Counter | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Initial Sequence Number | Security Parameter Index | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * - */ - -#define EKT_OCTETS_AFTER_BASE_TAG 24 -#define EKT_OCTETS_AFTER_EMK 8 -#define EKT_OCTETS_AFTER_ROC 4 -#define EKT_SPI_LEN 2 - -unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt) -{ - /* - * if the pointer ekt is NULL, then EKT is not in effect, so we - * indicate this by returning zero - */ - if (!ekt) - return 0; - - switch (ekt->data->ekt_cipher_type) { - case SRTP_EKT_CIPHER_AES_128_ECB: - return 16 + EKT_OCTETS_AFTER_EMK; - break; - default: - break; - } - return 0; -} - -static inline srtp_ekt_spi_t srtcp_packet_get_ekt_spi( - const uint8_t *packet_start, - unsigned pkt_octet_len) -{ - const uint8_t *spi_location; - - spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN); - - return *((const srtp_ekt_spi_t *)spi_location); -} - -static inline uint32_t srtcp_packet_get_ekt_roc(const uint8_t *packet_start, - unsigned pkt_octet_len) -{ - const uint8_t *roc_location; - - roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC); - - return *((const uint32_t *)roc_location); -} - -static inline const uint8_t *srtcp_packet_get_emk_location( - const uint8_t *packet_start, - unsigned pkt_octet_len) -{ - const uint8_t *location; - - location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG); - - return location; -} - -srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, - srtp_ekt_policy_t policy) -{ - /* - * if the policy pointer is NULL, then EKT is not in use - * so we just set the EKT stream data pointer to NULL - */ - if (!policy) { - *stream_data = NULL; - return srtp_err_status_ok; - } - - /* TODO */ - *stream_data = NULL; - - return srtp_err_status_ok; -} - -srtp_err_status_t srtp_ekt_stream_init_from_policy( - srtp_ekt_stream_t stream_data, - srtp_ekt_policy_t policy) -{ - if (!stream_data) - return srtp_err_status_ok; - - return srtp_err_status_ok; -} - -void aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) -{ -#ifndef OPENSSL - // FIXME: need to get this working through the crypto module interface - srtp_aes_expanded_key_t expanded_key; - - srtp_aes_expand_decryption_key(key, key_len, &expanded_key); - srtp_aes_decrypt(ciphertext, &expanded_key); -#endif -} - -/* - * The function srtp_stream_init_from_ekt() initializes a stream using - * the EKT data from an SRTCP trailer. - */ - -srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, - const void *srtcp_hdr, - unsigned pkt_octet_len) -{ - srtp_err_status_t err; - const uint8_t *master_key; - srtp_policy_t srtp_policy; - uint32_t roc; - - /* - * NOTE: at present, we only support a single ekt_policy at a time. - */ - if (stream->ekt->data->spi != - srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len)) - return srtp_err_status_no_ctx; - - if (stream->ekt->data->ekt_cipher_type != SRTP_EKT_CIPHER_AES_128_ECB) - return srtp_err_status_bad_param; - - /* decrypt the Encrypted Master Key field */ - master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len); - /* FIX!? This decrypts the master key in-place, and never uses it */ - /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t) - * to a function which expects a raw (unexpanded) key */ - aes_decrypt_with_raw_key((void *)master_key, - &stream->ekt->data->ekt_dec_key, 16); - - /* set the SRTP ROC */ - roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len); - err = srtp_rdbx_set_roc(&stream->rtp_rdbx, roc); - if (err) - return err; - - err = srtp_stream_init(stream, &srtp_policy); - if (err) - return err; - - return srtp_err_status_ok; -} - -void srtp_ekt_write_data(srtp_ekt_stream_t ekt, - uint8_t *base_tag, - unsigned base_tag_len, - int *packet_len, - srtp_xtd_seq_num_t pkt_index) -{ - uint32_t roc; - uint16_t isn; - unsigned emk_len; - uint8_t *packet; - - /* if the pointer ekt is NULL, then EKT is not in effect */ - if (!ekt) { - debug_print(mod_srtp, "EKT not in use", NULL); - return; - } - - /* write zeros into the location of the base tag */ - octet_string_set_to_zero(base_tag, base_tag_len); - packet = base_tag + base_tag_len; - - /* copy encrypted master key into packet */ - emk_len = srtp_ekt_octets_after_base_tag(ekt); - memcpy(packet, ekt->encrypted_master_key, emk_len); - debug_print(mod_srtp, "writing EKT EMK: %s,", - srtp_octet_string_hex_string(packet, emk_len)); - packet += emk_len; - - /* copy ROC into packet */ - roc = (uint32_t)(pkt_index >> 16); - *((uint32_t *)packet) = be32_to_cpu(roc); - debug_print(mod_srtp, "writing EKT ROC: %s,", - srtp_octet_string_hex_string(packet, sizeof(roc))); - packet += sizeof(roc); - - /* copy ISN into packet */ - isn = (uint16_t)pkt_index; - *((uint16_t *)packet) = htons(isn); - debug_print(mod_srtp, "writing EKT ISN: %s,", - srtp_octet_string_hex_string(packet, sizeof(isn))); - packet += sizeof(isn); - - /* copy SPI into packet */ - *((uint16_t *)packet) = htons(ekt->data->spi); - debug_print(mod_srtp, "writing EKT SPI: %s,", - srtp_octet_string_hex_string(packet, sizeof(ekt->data->spi))); - - /* increase packet length appropriately */ - *packet_len += EKT_OCTETS_AFTER_EMK + emk_len; -} - -/* - * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag ) - * - * If the pointer ekt is NULL, then the other inputs are unaffected. - * - * auth_tag is a pointer to the pointer to the location of the - * authentication tag in the packet. If EKT is in effect, then the - * auth_tag pointer is set to the location - */ - -void srtcp_ekt_trailer(srtp_ekt_stream_t ekt, - unsigned *auth_len, - void **auth_tag, - void *tag_copy) -{ - /* - * if there is no EKT policy, then the other inputs are unaffected - */ - if (!ekt) - return; - - /* copy auth_tag into temporary location */ -} diff --git a/libs/srtp/srtp/srtp.c b/libs/srtp/srtp/srtp.c index 966757e7ad..fb5574f4ca 100644 --- a/libs/srtp/srtp/srtp.c +++ b/libs/srtp/srtp/srtp.c @@ -48,15 +48,15 @@ #include "srtp_priv.h" #include "crypto_types.h" #include "err.h" -#include "ekt.h" /* for SRTP Encrypted Key Transport */ #include "alloc.h" /* for srtp_crypto_alloc() */ -#ifdef OPENSSL -#include "aes_gcm_ossl.h" /* for AES GCM mode */ +#ifdef GCM +#include "aes_gcm.h" /* for AES GCM mode */ +#endif + #ifdef OPENSSL_KDF #include <openssl/kdf.h> -#include "aes_icm_ossl.h" /* for AES GCM mode */ -#endif +#include "aes_icm_ext.h" #endif #include <limits.h> @@ -81,13 +81,14 @@ srtp_debug_module_t mod_srtp = { static srtp_err_status_t srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) { + srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; + int rtp_header_len; + if (*pkt_octet_len < octets_in_rtp_header) return srtp_err_status_bad_param; - srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; - /* Check RTP header length */ - int rtp_header_len = octets_in_rtp_header + 4 * hdr->cc; + rtp_header_len = octets_in_rtp_header + 4 * hdr->cc; if (hdr->x == 1) rtp_header_len += octets_in_rtp_extn_hdr; @@ -264,8 +265,6 @@ srtp_err_status_t srtp_stream_dealloc(srtp_stream_ctx_t *stream, if (status) return status; - /* DAM - need to deallocate EKT here */ - if (stream_template && stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) { /* do nothing */ @@ -279,6 +278,15 @@ srtp_err_status_t srtp_stream_dealloc(srtp_stream_ctx_t *stream, return srtp_err_status_ok; } +static srtp_err_status_t srtp_valid_policy(const srtp_policy_t *p) +{ + if (p != NULL && p->deprecated_ekt != NULL) { + return srtp_err_status_bad_param; + } + + return srtp_err_status_ok; +} + srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, const srtp_policy_t *p) { @@ -287,6 +295,11 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, unsigned int i = 0; srtp_session_keys_t *session_keys = NULL; + stat = srtp_valid_policy(p); + if (stat != srtp_err_status_ok) { + return stat; + } + /* * This function allocates the stream context, rtp and rtcp ciphers * and auth functions, and key limit structure. If there is a @@ -373,13 +386,6 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, } } - /* allocate ekt data associated with stream */ - stat = srtp_ekt_alloc(&str->ekt, p->ekt); - if (stat) { - srtp_stream_dealloc(str, NULL); - return stat; - } - if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) { srtp_cipher_type_id_t enc_xtn_hdr_cipher_type; int enc_xtn_hdr_cipher_key_len; @@ -539,9 +545,6 @@ srtp_err_status_t srtp_stream_clone(const srtp_stream_ctx_t *stream_template, str->rtp_services = stream_template->rtp_services; str->rtcp_services = stream_template->rtcp_services; - /* set pointer to EKT data associated with stream */ - str->ekt = stream_template->ekt; - /* copy information about extensions header encryption */ str->enc_xtn_hdr = stream_template->enc_xtn_hdr; str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count; @@ -677,6 +680,8 @@ static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, int key_len) { srtp_cipher_type_id_t cipher_id; + srtp_err_status_t stat; + switch (key_len) { case SRTP_AES_ICM_256_KEY_LEN_WSALT: cipher_id = SRTP_AES_ICM_256; @@ -692,7 +697,6 @@ static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, break; } - srtp_err_status_t stat; stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, key_len, 0); if (stat) return stat; @@ -959,7 +963,7 @@ srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp, * to generate the salt value */ if (rtp_salt_len > 0) { - debug_print(mod_srtp, "found rtp_salt_len > 0, generating salt", NULL); + debug_print0(mod_srtp, "found rtp_salt_len > 0, generating salt"); /* generate encryption salt, put after encryption key */ stat = srtp_kdf_generate(&kdf, label_rtp_salt, @@ -1067,9 +1071,8 @@ srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp, * to generate the salt value */ if (rtp_xtn_hdr_salt_len > 0) { - debug_print(mod_srtp, - "found rtp_xtn_hdr_salt_len > 0, generating salt", - NULL); + debug_print0(mod_srtp, + "found rtp_xtn_hdr_salt_len > 0, generating salt"); /* generate encryption salt, put after encryption key */ stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_salt, @@ -1150,8 +1153,7 @@ srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp, * to generate the salt value */ if (rtcp_salt_len > 0) { - debug_print(mod_srtp, "found rtcp_salt_len > 0, generating rtcp salt", - NULL); + debug_print0(mod_srtp, "found rtcp_salt_len > 0, generating rtcp salt"); /* generate encryption salt, put after encryption key */ stat = srtp_kdf_generate(&kdf, label_rtcp_salt, @@ -1216,6 +1218,11 @@ srtp_err_status_t srtp_stream_init(srtp_stream_ctx_t *srtp, { srtp_err_status_t err; + err = srtp_valid_policy(p); + if (err != srtp_err_status_ok) { + return err; + } + debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)", p->ssrc.value); /* initialize replay database */ @@ -1275,16 +1282,6 @@ srtp_err_status_t srtp_stream_init(srtp_stream_ctx_t *srtp, return err; } - /* - * if EKT is in use, then initialize the EKT data associated with - * the stream - */ - err = srtp_ekt_stream_init_from_policy(srtp->ekt, p->ekt); - if (err) { - srtp_rdbx_dealloc(&srtp->rtp_rdbx); - return err; - } - return srtp_err_status_ok; } @@ -1421,7 +1418,7 @@ static srtp_err_status_t srtp_process_header_encryption( xtn_hdr_data++; } } - } else if ((ntohs(xtn_hdr->profile_specific) & 0x1fff) == 0x100) { + } else if ((ntohs(xtn_hdr->profile_specific) & 0xfff0) == 0x1000) { /* RFC 5285, section 4.3. Two-Byte Header */ while (xtn_hdr_data + 1 < xtn_hdr_end) { uint8_t xid = *xtn_hdr_data; @@ -1667,7 +1664,7 @@ static srtp_err_status_t srtp_get_est_pkt_index(srtp_hdr_t *hdr, debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(*est), low32(*est)); #else - debug_print(mod_srtp, "estimated u_packet index: %016llx", *est); + debug_print(mod_srtp, "estimated u_packet index: %016" PRIx64, *est); #endif return result; } @@ -1697,7 +1694,7 @@ static srtp_err_status_t srtp_protect_aead(srtp_ctx_t *ctx, unsigned int mki_size = 0; uint8_t *mki_location = NULL; - debug_print(mod_srtp, "function srtp_protect_aead", NULL); + debug_print0(mod_srtp, "function srtp_protect_aead"); /* * update the key usage limit, and check it to make sure that we @@ -1756,7 +1753,7 @@ static srtp_err_status_t srtp_protect_aead(srtp_ctx_t *ctx, debug_print2(mod_srtp, "estimated packet index: %08x%08x", high32(est), low32(est)); #else - debug_print(mod_srtp, "estimated packet index: %016llx", est); + debug_print(mod_srtp, "estimated packet index: %016" PRIx64, est); #endif /* @@ -1858,13 +1855,13 @@ static srtp_err_status_t srtp_unprotect_aead(srtp_ctx_t *ctx, unsigned int aad_len; srtp_hdr_xtnd_t *xtn_hdr = NULL; - debug_print(mod_srtp, "function srtp_unprotect_aead", NULL); + debug_print0(mod_srtp, "function srtp_unprotect_aead"); #ifdef NO_64BIT_MATH debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est), low32(est)); #else - debug_print(mod_srtp, "estimated u_packet index: %016llx", est); + debug_print(mod_srtp, "estimated u_packet index: %016" PRIx64, est); #endif /* get tag length from stream */ @@ -2059,7 +2056,7 @@ srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, uint8_t *mki_location = NULL; int advance_packet_index = 0; - debug_print(mod_srtp, "function srtp_protect", NULL); + debug_print0(mod_srtp, "function srtp_protect"); /* we assume the hdr is 32-bit aligned to start */ @@ -2230,7 +2227,7 @@ srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, debug_print2(mod_srtp, "estimated packet index: %08x%08x", high32(est), low32(est)); #else - debug_print(mod_srtp, "estimated packet index: %016llx", est); + debug_print(mod_srtp, "estimated packet index: %016" PRIx64, est); #endif /* @@ -2336,7 +2333,7 @@ srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, return status; /* run auth func over ROC, put result into auth_tag */ - debug_print(mod_srtp, "estimated packet index: %016llx", est); + debug_print(mod_srtp, "estimated packet index: %016" PRIx64, est); status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, auth_tag); debug_print(mod_srtp, "srtp auth tag: %s", @@ -2389,7 +2386,7 @@ srtp_err_status_t srtp_unprotect_mki(srtp_ctx_t *ctx, uint32_t roc_to_set = 0; uint16_t seq_to_set = 0; - debug_print(mod_srtp, "function srtp_unprotect", NULL); + debug_print0(mod_srtp, "function srtp_unprotect"); /* we assume the hdr is 32-bit aligned to start */ @@ -2458,7 +2455,7 @@ srtp_err_status_t srtp_unprotect_mki(srtp_ctx_t *ctx, debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est), low32(est)); #else - debug_print(mod_srtp, "estimated u_packet index: %016llx", est); + debug_print(mod_srtp, "estimated u_packet index: %016" PRIx64, est); #endif /* Determine if MKI is being used and what session keys should be used */ @@ -2600,8 +2597,10 @@ srtp_err_status_t srtp_unprotect_mki(srtp_ctx_t *ctx, return status; /* now compute auth function over packet */ - srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start, + status = srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start, *pkt_octet_len - tag_len - mki_size); + if (status) + return status; /* run auth func over ROC, then write tmp tag */ status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, @@ -2614,7 +2613,7 @@ srtp_err_status_t srtp_unprotect_mki(srtp_ctx_t *ctx, if (status) return srtp_err_status_auth_fail; - if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) + if (srtp_octet_string_is_eq(tmp_tag, auth_tag, tag_len)) return srtp_err_status_auth_fail; } @@ -2750,25 +2749,6 @@ srtp_err_status_t srtp_shutdown() return srtp_err_status_ok; } -/* - * The following code is under consideration for removal. See - * SRTP_MAX_TRAILER_LEN - */ -#if 0 - -/* - * srtp_get_trailer_length(&a) returns the number of octets that will - * be added to an RTP packet by the SRTP processing. This value - * is constant for a given srtp_stream_t (i.e. between initializations). - */ - -int -srtp_get_trailer_length(const srtp_stream_t s) { - return srtp_auth_get_tag_length(s->rtp_auth); -} - -#endif - /* * srtp_get_stream(ssrc) returns a pointer to the stream corresponding * to ssrc, or NULL if no stream exists for that ssrc @@ -2831,6 +2811,11 @@ srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy) srtp_err_status_t status; srtp_stream_t tmp; + status = srtp_valid_policy(policy); + if (status != srtp_err_status_ok) { + return status; + } + /* sanity check arguments */ if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) @@ -2893,6 +2878,11 @@ srtp_err_status_t srtp_create(srtp_t *session, /* handle for session */ srtp_err_status_t stat; srtp_ctx_t *ctx; + stat = srtp_valid_policy(policy); + if (stat != srtp_err_status_ok) { + return stat; + } + /* sanity check arguments */ if (session == NULL) return srtp_err_status_bad_param; @@ -2963,6 +2953,11 @@ srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy) { srtp_err_status_t stat; + stat = srtp_valid_policy(policy); + if (stat != srtp_err_status_ok) { + return stat; + } + /* sanity check arguments */ if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) { @@ -2988,6 +2983,11 @@ static srtp_err_status_t update_template_streams(srtp_t session, srtp_stream_t new_stream_template; srtp_stream_t new_stream_list = NULL; + status = srtp_valid_policy(policy); + if (status != srtp_err_status_ok) { + return status; + } + if (session->stream_template == NULL) { return srtp_err_status_bad_param; } @@ -3086,6 +3086,11 @@ static srtp_err_status_t update_stream(srtp_t session, srtp_rdb_t old_rtcp_rdb; srtp_stream_t stream; + status = srtp_valid_policy(policy); + if (status != srtp_err_status_ok) { + return status; + } + stream = srtp_get_stream(session, htonl(policy->ssrc.value)); if (stream == NULL) { return srtp_err_status_bad_param; @@ -3122,6 +3127,11 @@ srtp_err_status_t srtp_update_stream(srtp_t session, { srtp_err_status_t status; + status = srtp_valid_policy(policy); + if (status != srtp_err_status_ok) { + return status; + } + /* sanity check arguments */ if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) @@ -3285,7 +3295,6 @@ void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p) p->sec_serv = sec_serv_conf; } -#ifdef OPENSSL void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p) { /* @@ -3407,8 +3416,6 @@ void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) p->sec_serv = sec_serv_conf_and_auth; } -#endif - /* * secure rtcp functions */ @@ -3496,7 +3503,8 @@ static srtp_err_status_t srtp_protect_rtcp_aead( { srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ - uint32_t *trailer; /* pointer to start of trailer */ + uint32_t *trailer_p; /* pointer to start of trailer */ + uint32_t trailer; /* trailer value */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_err_status_t status; @@ -3519,18 +3527,15 @@ static srtp_err_status_t srtp_protect_rtcp_aead( /* NOTE: hdr->length is not usable - it refers to only the first * RTCP report in the compound packet! */ - /* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always - * multiples of 32-bits (RFC 3550 6.1) - */ - trailer = (uint32_t *)((char *)enc_start + enc_octet_len + tag_len); + trailer_p = (uint32_t *)((char *)enc_start + enc_octet_len + tag_len); if (stream->rtcp_services & sec_serv_conf) { - *trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ + trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ } else { enc_start = NULL; enc_octet_len = 0; /* 0 is network-order independant */ - *trailer = 0x00000000; /* set encrypt bit */ + trailer = 0x00000000; /* set encrypt bit */ } mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + tag_len + @@ -3554,9 +3559,11 @@ static srtp_err_status_t srtp_protect_rtcp_aead( return status; } seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); - *trailer |= htonl(seq_num); + trailer |= htonl(seq_num); debug_print(mod_srtp, "srtcp index: %x", seq_num); + memcpy(trailer_p, &trailer, sizeof(trailer)); + /* * Calculate and set the IV */ @@ -3598,7 +3605,7 @@ static srtp_err_status_t srtp_protect_rtcp_aead( /* * Process the sequence# as AAD */ - tseq = *trailer; + tseq = trailer; status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)&tseq, sizeof(srtcp_trailer_t)); if (status) { @@ -3667,7 +3674,8 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead( { srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ - uint32_t *trailer; /* pointer to start of trailer */ + uint32_t *trailer_p; /* pointer to start of trailer */ + uint32_t trailer; /* trailer value */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_err_status_t status; @@ -3693,12 +3701,10 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead( */ /* This should point trailer to the word past the end of the normal data. */ /* This would need to be modified for optional mikey data */ - /* - * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always - * multiples of 32-bits (RFC 3550 6.1) - */ - trailer = (uint32_t *)((char *)hdr + *pkt_octet_len - - sizeof(srtcp_trailer_t) - mki_size); + trailer_p = (uint32_t *)((char *)hdr + *pkt_octet_len - + sizeof(srtcp_trailer_t) - mki_size); + memcpy(&trailer, trailer_p, sizeof(trailer)); + /* * We pass the tag down to the cipher when doing GCM mode */ @@ -3707,7 +3713,7 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead( auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len - mki_size - sizeof(srtcp_trailer_t); - if (*((unsigned char *)trailer) & SRTCP_E_BYTE_BIT) { + if (*((unsigned char *)trailer_p) & SRTCP_E_BYTE_BIT) { enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; } else { enc_octet_len = 0; @@ -3718,7 +3724,7 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead( * check the sequence number for replays */ /* this is easier than dealing with bitfield access */ - seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; + seq_num = ntohl(trailer) & SRTCP_INDEX_MASK; debug_print(mod_srtp, "srtcp index: %x", seq_num); status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); if (status) { @@ -3768,7 +3774,7 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead( /* * Process the sequence# as AAD */ - tseq = *trailer; + tseq = trailer; status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)&tseq, sizeof(srtcp_trailer_t)); if (status) { @@ -3866,7 +3872,8 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *auth_start; /* pointer to start of auth. portion */ - uint32_t *trailer; /* pointer to start of trailer */ + uint32_t *trailer_p; /* pointer to start of trailer */ + uint32_t trailer; /* trailer value */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_err_status_t status; @@ -3959,19 +3966,15 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, * NOTE: hdr->length is not usable - it refers to only the first RTCP report * in the compound packet! */ - /* - * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always - * multiples of 32-bits (RFC 3550 6.1) - */ - trailer = (uint32_t *)((char *)enc_start + enc_octet_len); + trailer_p = (uint32_t *)((char *)enc_start + enc_octet_len); if (stream->rtcp_services & sec_serv_conf) { - *trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ + trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ } else { enc_start = NULL; enc_octet_len = 0; /* 0 is network-order independant */ - *trailer = 0x00000000; /* set encrypt bit */ + trailer = 0x00000000; /* set encrypt bit */ } mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + @@ -3987,10 +3990,6 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t) + mki_size; - /* perform EKT processing if needed */ - srtp_ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len, - srtp_rdbx_get_packet_index(&stream->rtp_rdbx)); - /* * check sequence number for overruns, and copy it into the packet * if its value isn't too big @@ -3999,9 +3998,11 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, if (status) return status; seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); - *trailer |= htonl(seq_num); + trailer |= htonl(seq_num); debug_print(mod_srtp, "srtcp index: %x", seq_num); + memcpy(trailer_p, &trailer, sizeof(trailer)); + /* * if we're using rindael counter mode, set nonce and seq */ @@ -4059,7 +4060,9 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, } /* initialize auth func context */ - srtp_auth_start(session_keys->rtcp_auth); + status = srtp_auth_start(session_keys->rtcp_auth); + if (status) + return status; /* * run auth func over packet (including trailer), and write the @@ -4097,11 +4100,11 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *auth_start; /* pointer to start of auth. portion */ - uint32_t *trailer; /* pointer to start of trailer */ + uint32_t *trailer_p; /* pointer to start of trailer */ + uint32_t trailer; /* trailer value */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; - uint8_t tag_copy[SRTP_MAX_TAG_LEN]; srtp_err_status_t status; unsigned int auth_len; int tag_len; @@ -4139,23 +4142,6 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, if (ctx->stream_template != NULL) { stream = ctx->stream_template; - /* - * check to see if stream_template has an EKT data structure, in - * which case we initialize the template using the EKT policy - * referenced by that data (which consists of decrypting the - * master key from the EKT field) - * - * this function initializes a *provisional* stream, and this - * stream should not be accepted until and unless the packet - * passes its authentication check - */ - if (stream->ekt != NULL) { - status = srtp_stream_init_from_ekt(stream, srtcp_hdr, - *pkt_octet_len); - if (status) - return status; - } - debug_print(mod_srtp, "srtcp using provisional stream (SSRC: 0x%08x)", ntohl(hdr->ssrc)); @@ -4215,14 +4201,12 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, */ /* This should point trailer to the word past the end of the normal data. */ /* This would need to be modified for optional mikey data */ - /* - * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always - * multiples of 32-bits (RFC 3550 6.1) - */ - trailer = (uint32_t *)((char *)hdr + *pkt_octet_len - - (tag_len + mki_size + sizeof(srtcp_trailer_t))); + trailer_p = (uint32_t *)((char *)hdr + *pkt_octet_len - + (tag_len + mki_size + sizeof(srtcp_trailer_t))); + memcpy(&trailer, trailer_p, sizeof(trailer)); + e_bit_in_packet = - (*((unsigned char *)trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT; + (*((unsigned char *)trailer_p) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT; if (e_bit_in_packet != sec_serv_confidentiality) { return srtp_err_status_cant_check; } @@ -4247,26 +4231,11 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, auth_len = *pkt_octet_len - tag_len - mki_size; auth_tag = (uint8_t *)hdr + auth_len + mki_size; - /* - * if EKT is in use, then we make a copy of the tag from the packet, - * and then zeroize the location of the base tag - * - * we first re-position the auth_tag pointer so that it points to - * the base tag - */ - if (stream->ekt) { - auth_tag -= srtp_ekt_octets_after_base_tag(stream->ekt); - memcpy(tag_copy, auth_tag, tag_len); - octet_string_set_to_zero(auth_tag, tag_len); - auth_tag = tag_copy; - auth_len += tag_len; - } - /* * check the sequence number for replays */ /* this is easier than dealing with bitfield access */ - seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; + seq_num = ntohl(trailer) & SRTCP_INDEX_MASK; debug_print(mod_srtp, "srtcp index: %x", seq_num); status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); if (status) @@ -4302,7 +4271,9 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, return srtp_err_status_cipher_fail; /* initialize auth func context */ - srtp_auth_start(session_keys->rtcp_auth); + status = srtp_auth_start(session_keys->rtcp_auth); + if (status) + return status; /* run auth func over packet, put result into tmp_tag */ status = srtp_auth_compute(session_keys->rtcp_auth, (uint8_t *)auth_start, @@ -4315,7 +4286,7 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, /* compare the tag just computed with the one in the packet */ debug_print(mod_srtp, "srtcp tag from packet: %s", srtp_octet_string_hex_string(auth_tag, tag_len)); - if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) + if (srtp_octet_string_is_eq(tmp_tag, auth_tag, tag_len)) return srtp_err_status_auth_fail; /* @@ -4346,12 +4317,6 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, /* decrease the packet length by the length of the mki_size */ *pkt_octet_len -= mki_size; - /* - * if EKT is in effect, subtract the EKT data out of the packet - * length - */ - *pkt_octet_len -= srtp_ekt_octets_after_base_tag(stream->ekt); - /* * verify that stream is for received traffic - this check will * detect SSRC collisions, since a stream that appears in both @@ -4418,10 +4383,6 @@ void *srtp_get_user_data(srtp_t ctx) return ctx->user_data; } -/* - * dtls keying for srtp - */ - srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp( srtp_crypto_policy_t *policy, srtp_profile_t profile) @@ -4437,7 +4398,7 @@ srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp( case srtp_profile_null_sha1_80: srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); break; -#if defined(OPENSSL) +#ifdef GCM case srtp_profile_aead_aes_128_gcm: srtp_crypto_policy_set_aes_gcm_128_16_auth(policy); break; @@ -4471,7 +4432,7 @@ srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp( case srtp_profile_null_sha1_80: srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); break; -#if defined(OPENSSL) +#ifdef GCM case srtp_profile_aead_aes_128_gcm: srtp_crypto_policy_set_aes_gcm_128_16_auth(policy); break; @@ -4552,10 +4513,10 @@ srtp_err_status_t stream_get_protect_trailer_length(srtp_stream_ctx_t *stream, uint32_t mki_index, uint32_t *length) { - *length = 0; - srtp_session_keys_t *session_key; + *length = 0; + if (use_mki) { if (mki_index >= stream->num_master_keys) { return srtp_err_status_bad_mki; diff --git a/libs/srtp/srtp2.vcxproj b/libs/srtp/srtp2.vcxproj index a6ac642546..2e2e8223dc 100644 --- a/libs/srtp/srtp2.vcxproj +++ b/libs/srtp/srtp2.vcxproj @@ -1,405 +1,403 @@ -<?xml version="1.0" encoding="utf-8"?> -<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> - <ItemGroup Label="ProjectConfigurations"> - <ProjectConfiguration Include="Debug Dll|Win32"> - <Configuration>Debug Dll</Configuration> - <Platform>Win32</Platform> - </ProjectConfiguration> - <ProjectConfiguration Include="Debug Dll|x64"> - <Configuration>Debug Dll</Configuration> - <Platform>x64</Platform> - </ProjectConfiguration> - <ProjectConfiguration Include="Debug|Win32"> - <Configuration>Debug</Configuration> - <Platform>Win32</Platform> - </ProjectConfiguration> - <ProjectConfiguration Include="Debug|x64"> - <Configuration>Debug</Configuration> - <Platform>x64</Platform> - </ProjectConfiguration> - <ProjectConfiguration Include="Release Dll|Win32"> - <Configuration>Release Dll</Configuration> - <Platform>Win32</Platform> - </ProjectConfiguration> - <ProjectConfiguration Include="Release Dll|x64"> - <Configuration>Release Dll</Configuration> - <Platform>x64</Platform> - </ProjectConfiguration> - <ProjectConfiguration Include="Release|Win32"> - <Configuration>Release</Configuration> - <Platform>Win32</Platform> - </ProjectConfiguration> - <ProjectConfiguration Include="Release|x64"> - <Configuration>Release</Configuration> - <Platform>x64</Platform> - </ProjectConfiguration> - </ItemGroup> - <PropertyGroup Label="Globals"> - <ProjectGuid>{EEF031CB-FED8-451E-A471-91EC8D4F6750}</ProjectGuid> - <RootNamespace>srtp2</RootNamespace> - <Keyword>Win32Proj</Keyword> - </PropertyGroup> - <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'" Label="Configuration"> - <ConfigurationType>DynamicLibrary</ConfigurationType> - <PlatformToolset>v140</PlatformToolset> - <CharacterSet>Unicode</CharacterSet> - <WholeProgramOptimization>true</WholeProgramOptimization> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" Label="Configuration"> - <ConfigurationType>DynamicLibrary</ConfigurationType> - <PlatformToolset>v140</PlatformToolset> - <CharacterSet>Unicode</CharacterSet> - <WholeProgramOptimization>true</WholeProgramOptimization> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'" Label="Configuration"> - <ConfigurationType>DynamicLibrary</ConfigurationType> - <PlatformToolset>v140</PlatformToolset> - <CharacterSet>Unicode</CharacterSet> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" Label="Configuration"> - <ConfigurationType>DynamicLibrary</ConfigurationType> - <PlatformToolset>v140</PlatformToolset> - <CharacterSet>Unicode</CharacterSet> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> - <ConfigurationType>StaticLibrary</ConfigurationType> - <PlatformToolset>v140</PlatformToolset> - <CharacterSet>Unicode</CharacterSet> - <WholeProgramOptimization>true</WholeProgramOptimization> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> - <ConfigurationType>StaticLibrary</ConfigurationType> - <PlatformToolset>v140</PlatformToolset> - <CharacterSet>Unicode</CharacterSet> - <WholeProgramOptimization>true</WholeProgramOptimization> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> - <ConfigurationType>StaticLibrary</ConfigurationType> - <PlatformToolset>v140</PlatformToolset> - <CharacterSet>Unicode</CharacterSet> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> - <ConfigurationType>StaticLibrary</ConfigurationType> - <PlatformToolset>v140</PlatformToolset> - <CharacterSet>Unicode</CharacterSet> - </PropertyGroup> - <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> - <ImportGroup Label="ExtensionSettings"> - </ImportGroup> - <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'" Label="PropertySheets"> - <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> - </ImportGroup> - <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" Label="PropertySheets"> - <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> - </ImportGroup> - <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'" Label="PropertySheets"> - <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> - </ImportGroup> - <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" Label="PropertySheets"> - <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> - </ImportGroup> - <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets"> - <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> - </ImportGroup> - <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets"> - <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> - </ImportGroup> - <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets"> - <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> - </ImportGroup> - <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets"> - <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> - </ImportGroup> - <PropertyGroup Label="UserMacros" /> - <PropertyGroup> - <_ProjectFileVersion>12.0.30501.0</_ProjectFileVersion> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> - <OutDir>$(SolutionDir)$(Configuration)\</OutDir> - <IntDir>$(Configuration)\</IntDir> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" /> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> - <OutDir>$(SolutionDir)$(Configuration)\</OutDir> - <IntDir>$(Configuration)\</IntDir> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'"> - <OutDir>$(SolutionDir)$(Configuration)\</OutDir> - <IntDir>$(Configuration)\</IntDir> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" /> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'"> - <OutDir>$(SolutionDir)$(Configuration)\</OutDir> - <IntDir>$(Configuration)\</IntDir> - </PropertyGroup> - <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" /> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> - <PreBuildEvent> - <Message>Creating config.h from config.hw</Message> - <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> - </PreBuildEvent> - <CustomBuildStep> - <Message /> - <Command /> - </CustomBuildStep> - <ClCompile> - <Optimization>Disabled</Optimization> - <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> - <MinimalRebuild>true</MinimalRebuild> - <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> - <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> - <StructMemberAlignment>Default</StructMemberAlignment> - <PrecompiledHeader /> - <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - </ClCompile> - </ItemDefinitionGroup> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> - <PreBuildEvent> - <Message>Creating config.h from config.hw</Message> - <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> - </PreBuildEvent> - <CustomBuildStep> - <Message> - </Message> - <Command> - </Command> - </CustomBuildStep> - <ClCompile> - <Optimization>Disabled</Optimization> - <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> - <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> - <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> - <StructMemberAlignment>Default</StructMemberAlignment> - <PrecompiledHeader> - </PrecompiledHeader> - <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - </ClCompile> - </ItemDefinitionGroup> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> - <PreBuildEvent> - <Message>Creating config.h from config.hw</Message> - <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> - </PreBuildEvent> - <CustomBuildStep> - <Message /> - <Command /> - </CustomBuildStep> - <ClCompile> - <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> - <RuntimeLibrary>MultiThreaded</RuntimeLibrary> - <StructMemberAlignment>Default</StructMemberAlignment> - <PrecompiledHeader /> - <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - </ClCompile> - </ItemDefinitionGroup> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> - <PreBuildEvent> - <Message>Creating config.h from config.hw</Message> - <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> - </PreBuildEvent> - <CustomBuildStep> - <Message> - </Message> - <Command> - </Command> - </CustomBuildStep> - <ClCompile> - <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> - <RuntimeLibrary>MultiThreaded</RuntimeLibrary> - <StructMemberAlignment>Default</StructMemberAlignment> - <PrecompiledHeader> - </PrecompiledHeader> - <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - </ClCompile> - </ItemDefinitionGroup> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'"> - <PreBuildEvent> - <Message>Creating config.h from config.hw</Message> - <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> - </PreBuildEvent> - <CustomBuildStep> - <Message /> - <Command /> - </CustomBuildStep> - <ClCompile> - <Optimization>Disabled</Optimization> - <IntrinsicFunctions>true</IntrinsicFunctions> - <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> - <MinimalRebuild>true</MinimalRebuild> - <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> - <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> - <StructMemberAlignment>Default</StructMemberAlignment> - <PrecompiledHeader /> - <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>EditAndContinue</DebugInformationFormat> - <FunctionLevelLinking>true</FunctionLevelLinking> - </ClCompile> - <Link> - <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> - <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> - <OptimizeReferences>false</OptimizeReferences> - <EnableCOMDATFolding>false</EnableCOMDATFolding> - <LinkTimeCodeGeneration /> - </Link> - </ItemDefinitionGroup> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'"> - <PreBuildEvent> - <Message>Creating config.h from config.hw</Message> - <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> - </PreBuildEvent> - <CustomBuildStep> - <Message> - </Message> - <Command> - </Command> - </CustomBuildStep> - <ClCompile> - <Optimization>Disabled</Optimization> - <IntrinsicFunctions>true</IntrinsicFunctions> - <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> - <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> - <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> - <StructMemberAlignment>Default</StructMemberAlignment> - <PrecompiledHeader> - </PrecompiledHeader> - <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - </ClCompile> - <Link> - <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> - <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> - <OptimizeReferences>false</OptimizeReferences> - <EnableCOMDATFolding>false</EnableCOMDATFolding> - <LinkTimeCodeGeneration> - </LinkTimeCodeGeneration> - </Link> - </ItemDefinitionGroup> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'"> - <PreBuildEvent> - <Message>Creating config.h from config.hw</Message> - <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> - </PreBuildEvent> - <CustomBuildStep> - <Message /> - <Command /> - </CustomBuildStep> - <ClCompile> - <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> - <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> - <StructMemberAlignment>Default</StructMemberAlignment> - <PrecompiledHeader /> - <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - </ClCompile> - <Link> - <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> - <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> - </Link> - </ItemDefinitionGroup> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'"> - <PreBuildEvent> - <Message>Creating config.h from config.hw</Message> - <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> - </PreBuildEvent> - <CustomBuildStep> - <Message> - </Message> - <Command> - </Command> - </CustomBuildStep> - <ClCompile> - <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> - <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> - <StructMemberAlignment>Default</StructMemberAlignment> - <PrecompiledHeader> - </PrecompiledHeader> - <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - </ClCompile> - <Link> - <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> - <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> - </Link> - </ItemDefinitionGroup> - <ItemGroup> - <ClCompile Include="crypto\cipher\aes.c"> - <InlineFunctionExpansion Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">Default</InlineFunctionExpansion> - <InlineFunctionExpansion Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">Default</InlineFunctionExpansion> - <IntrinsicFunctions Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">false</IntrinsicFunctions> - <IntrinsicFunctions Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</IntrinsicFunctions> - <FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">false</FunctionLevelLinking> - <FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</FunctionLevelLinking> - </ClCompile> - <ClCompile Include="crypto\cipher\aes_icm.c" /> - <ClCompile Include="crypto\cipher\cipher.c" /> - <ClCompile Include="crypto\cipher\null_cipher.c" /> - <ClCompile Include="crypto\hash\auth.c" /> - <ClCompile Include="crypto\hash\hmac.c" /> - <ClCompile Include="crypto\hash\null_auth.c" /> - <ClCompile Include="crypto\hash\sha1.c" /> - <ClCompile Include="crypto\kernel\alloc.c" /> - <ClCompile Include="crypto\kernel\crypto_kernel.c" /> - <ClCompile Include="crypto\kernel\err.c" /> - <ClCompile Include="crypto\kernel\key.c" /> - <ClCompile Include="crypto\math\datatypes.c" /> - <ClCompile Include="crypto\math\stat.c" /> - <ClCompile Include="crypto\replay\rdb.c" /> - <ClCompile Include="crypto\replay\rdbx.c" /> - <ClCompile Include="crypto\replay\ut_sim.c" /> - <ClCompile Include="srtp\ekt.c" /> - <ClCompile Include="srtp\srtp.c" /> - </ItemGroup> - <ItemGroup> - <ClInclude Include="crypto\include\aes.h" /> - <ClInclude Include="crypto\include\aes_cbc.h" /> - <ClInclude Include="crypto\include\aes_icm.h" /> - <ClInclude Include="crypto\include\alloc.h" /> - <ClInclude Include="crypto\include\auth.h" /> - <ClInclude Include="crypto\include\cipher.h" /> - <ClInclude Include="crypto\include\cipher_types.h" /> - <ClInclude Include="crypto\include\config.h" /> - <ClInclude Include="crypto\include\crypto.h" /> - <ClInclude Include="crypto\include\cryptoalg.h" /> - <ClInclude Include="crypto\include\crypto_kernel.h" /> - <ClInclude Include="crypto\include\crypto_types.h" /> - <ClInclude Include="crypto\include\datatypes.h" /> - <ClInclude Include="crypto\include\err.h" /> - <ClInclude Include="crypto\include\gf2_8.h" /> - <ClInclude Include="crypto\include\hmac.h" /> - <ClInclude Include="crypto\include\integers.h" /> - <ClInclude Include="crypto\include\key.h" /> - <ClInclude Include="crypto\include\null_auth.h" /> - <ClInclude Include="crypto\include\null_cipher.h" /> - <ClInclude Include="crypto\include\prng.h" /> - <ClInclude Include="crypto\include\rand_source.h" /> - <ClInclude Include="crypto\include\rdb.h" /> - <ClInclude Include="crypto\include\rdbx.h" /> - <ClInclude Include="crypto\include\sha1.h" /> - <ClInclude Include="crypto\include\stat.h" /> - <ClInclude Include="include\ekt.h" /> - <ClInclude Include="include\srtp.h" /> - <ClInclude Include="include\srtp_priv.h" /> - <ClInclude Include="include\ut_sim.h" /> - </ItemGroup> - <ItemGroup> - <None Include="config.hw" /> - <None Include="srtp.def" /> - </ItemGroup> - <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> - <ImportGroup Label="ExtensionTargets"> - </ImportGroup> -</Project> +<?xml version="1.0" encoding="utf-8"?> +<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup Label="ProjectConfigurations"> + <ProjectConfiguration Include="Debug Dll|Win32"> + <Configuration>Debug Dll</Configuration> + <Platform>Win32</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Debug Dll|x64"> + <Configuration>Debug Dll</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Debug|Win32"> + <Configuration>Debug</Configuration> + <Platform>Win32</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Debug|x64"> + <Configuration>Debug</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release Dll|Win32"> + <Configuration>Release Dll</Configuration> + <Platform>Win32</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release Dll|x64"> + <Configuration>Release Dll</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release|Win32"> + <Configuration>Release</Configuration> + <Platform>Win32</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release|x64"> + <Configuration>Release</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> + </ItemGroup> + <PropertyGroup Label="Globals"> + <ProjectGuid>{EEF031CB-FED8-451E-A471-91EC8D4F6750}</ProjectGuid> + <RootNamespace>srtp2</RootNamespace> + <Keyword>Win32Proj</Keyword> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> + <Import Project="$(SolutionDir)\..\..\w32\openssl.props" Condition=" '$(OpensslPropsImported)' == '' " /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'" Label="Configuration"> + <ConfigurationType>DynamicLibrary</ConfigurationType> + <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + <WholeProgramOptimization>true</WholeProgramOptimization> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" Label="Configuration"> + <ConfigurationType>DynamicLibrary</ConfigurationType> + <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + <WholeProgramOptimization>true</WholeProgramOptimization> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'" Label="Configuration"> + <ConfigurationType>DynamicLibrary</ConfigurationType> + <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" Label="Configuration"> + <ConfigurationType>DynamicLibrary</ConfigurationType> + <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> + <ConfigurationType>StaticLibrary</ConfigurationType> + <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + <WholeProgramOptimization>true</WholeProgramOptimization> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> + <ConfigurationType>StaticLibrary</ConfigurationType> + <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + <WholeProgramOptimization>true</WholeProgramOptimization> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> + <ConfigurationType>StaticLibrary</ConfigurationType> + <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> + <ConfigurationType>StaticLibrary</ConfigurationType> + <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> + <ImportGroup Label="ExtensionSettings"> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <PropertyGroup Label="UserMacros" /> + <PropertyGroup> + <_ProjectFileVersion>12.0.30501.0</_ProjectFileVersion> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <OutDir>$(SolutionDir)$(Configuration)\</OutDir> + <IntDir>$(Configuration)\</IntDir> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <OutDir>$(SolutionDir)$(Configuration)\</OutDir> + <IntDir>$(Configuration)\</IntDir> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'"> + <OutDir>$(SolutionDir)$(Configuration)\</OutDir> + <IntDir>$(Configuration)\</IntDir> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'"> + <OutDir>$(SolutionDir)$(Configuration)\</OutDir> + <IntDir>$(Configuration)\</IntDir> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" /> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <PreBuildEvent> + <Message>Creating config.h from config.hw</Message> + <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> + </PreBuildEvent> + <CustomBuildStep> + <Message /> + <Command /> + </CustomBuildStep> + <ClCompile> + <Optimization>Disabled</Optimization> + <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <MinimalRebuild>true</MinimalRebuild> + <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> + <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> + <StructMemberAlignment>Default</StructMemberAlignment> + <PrecompiledHeader /> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <PreBuildEvent> + <Message>Creating config.h from config.hw</Message> + <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> + </PreBuildEvent> + <CustomBuildStep> + <Message> + </Message> + <Command> + </Command> + </CustomBuildStep> + <ClCompile> + <Optimization>Disabled</Optimization> + <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> + <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> + <StructMemberAlignment>Default</StructMemberAlignment> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <PreBuildEvent> + <Message>Creating config.h from config.hw</Message> + <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> + </PreBuildEvent> + <CustomBuildStep> + <Message /> + <Command /> + </CustomBuildStep> + <ClCompile> + <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <RuntimeLibrary>MultiThreaded</RuntimeLibrary> + <StructMemberAlignment>Default</StructMemberAlignment> + <PrecompiledHeader /> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <PreBuildEvent> + <Message>Creating config.h from config.hw</Message> + <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> + </PreBuildEvent> + <CustomBuildStep> + <Message> + </Message> + <Command> + </Command> + </CustomBuildStep> + <ClCompile> + <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <RuntimeLibrary>MultiThreaded</RuntimeLibrary> + <StructMemberAlignment>Default</StructMemberAlignment> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'"> + <PreBuildEvent> + <Message>Creating config.h from config.hw</Message> + <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> + </PreBuildEvent> + <CustomBuildStep> + <Message /> + <Command /> + </CustomBuildStep> + <ClCompile> + <Optimization>Disabled</Optimization> + <IntrinsicFunctions>true</IntrinsicFunctions> + <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <MinimalRebuild>true</MinimalRebuild> + <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> + <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> + <StructMemberAlignment>Default</StructMemberAlignment> + <PrecompiledHeader /> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>EditAndContinue</DebugInformationFormat> + <FunctionLevelLinking>true</FunctionLevelLinking> + </ClCompile> + <Link> + <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> + <OptimizeReferences>false</OptimizeReferences> + <EnableCOMDATFolding>false</EnableCOMDATFolding> + <LinkTimeCodeGeneration /> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'"> + <PreBuildEvent> + <Message>Creating config.h from config.hw</Message> + <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> + </PreBuildEvent> + <CustomBuildStep> + <Message> + </Message> + <Command> + </Command> + </CustomBuildStep> + <ClCompile> + <Optimization>Disabled</Optimization> + <IntrinsicFunctions>true</IntrinsicFunctions> + <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> + <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> + <StructMemberAlignment>Default</StructMemberAlignment> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + <Link> + <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> + <OptimizeReferences>false</OptimizeReferences> + <EnableCOMDATFolding>false</EnableCOMDATFolding> + <LinkTimeCodeGeneration> + </LinkTimeCodeGeneration> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'"> + <PreBuildEvent> + <Message>Creating config.h from config.hw</Message> + <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> + </PreBuildEvent> + <CustomBuildStep> + <Message /> + <Command /> + </CustomBuildStep> + <ClCompile> + <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> + <StructMemberAlignment>Default</StructMemberAlignment> + <PrecompiledHeader /> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + <Link> + <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'"> + <PreBuildEvent> + <Message>Creating config.h from config.hw</Message> + <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> + </PreBuildEvent> + <CustomBuildStep> + <Message> + </Message> + <Command> + </Command> + </CustomBuildStep> + <ClCompile> + <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> + <StructMemberAlignment>Default</StructMemberAlignment> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + <Link> + <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> + </Link> + </ItemDefinitionGroup> + <ItemGroup> + <ClCompile Include="crypto\cipher\aes.c"> + <InlineFunctionExpansion Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">Default</InlineFunctionExpansion> + <InlineFunctionExpansion Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">Default</InlineFunctionExpansion> + <IntrinsicFunctions Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">false</IntrinsicFunctions> + <IntrinsicFunctions Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</IntrinsicFunctions> + <FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">false</FunctionLevelLinking> + <FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</FunctionLevelLinking> + </ClCompile> + <ClCompile Include="crypto\cipher\aes_icm.c" /> + <ClCompile Include="crypto\cipher\cipher.c" /> + <ClCompile Include="crypto\cipher\cipher_test_cases.c" /> + <ClCompile Include="crypto\cipher\null_cipher.c" /> + <ClCompile Include="crypto\hash\auth.c" /> + <ClCompile Include="crypto\hash\auth_test_cases.c" /> + <ClCompile Include="crypto\hash\hmac.c" /> + <ClCompile Include="crypto\hash\null_auth.c" /> + <ClCompile Include="crypto\hash\sha1.c" /> + <ClCompile Include="crypto\kernel\alloc.c" /> + <ClCompile Include="crypto\kernel\crypto_kernel.c" /> + <ClCompile Include="crypto\kernel\err.c" /> + <ClCompile Include="crypto\kernel\key.c" /> + <ClCompile Include="crypto\math\datatypes.c" /> + <ClCompile Include="crypto\replay\rdb.c" /> + <ClCompile Include="crypto\replay\rdbx.c" /> + <ClCompile Include="srtp\srtp.c" /> + </ItemGroup> + <ItemGroup> + <ClInclude Include="crypto\include\aes.h" /> + <ClInclude Include="crypto\include\aes_cbc.h" /> + <ClInclude Include="crypto\include\aes_icm.h" /> + <ClInclude Include="crypto\include\alloc.h" /> + <ClInclude Include="crypto\include\auth.h" /> + <ClInclude Include="crypto\include\cipher.h" /> + <ClInclude Include="crypto\include\cipher_types.h" /> + <ClInclude Include="crypto\include\config.h" /> + <ClInclude Include="crypto\include\crypto.h" /> + <ClInclude Include="crypto\include\cryptoalg.h" /> + <ClInclude Include="crypto\include\crypto_kernel.h" /> + <ClInclude Include="crypto\include\crypto_types.h" /> + <ClInclude Include="crypto\include\datatypes.h" /> + <ClInclude Include="crypto\include\err.h" /> + <ClInclude Include="crypto\include\gf2_8.h" /> + <ClInclude Include="crypto\include\hmac.h" /> + <ClInclude Include="crypto\include\integers.h" /> + <ClInclude Include="crypto\include\key.h" /> + <ClInclude Include="crypto\include\null_auth.h" /> + <ClInclude Include="crypto\include\null_cipher.h" /> + <ClInclude Include="crypto\include\prng.h" /> + <ClInclude Include="crypto\include\rand_source.h" /> + <ClInclude Include="crypto\include\rdb.h" /> + <ClInclude Include="crypto\include\rdbx.h" /> + <ClInclude Include="crypto\include\sha1.h" /> + <ClInclude Include="include\ekt.h" /> + <ClInclude Include="include\srtp.h" /> + <ClInclude Include="include\srtp_priv.h" /> + </ItemGroup> + <ItemGroup> + <None Include="config.hw" /> + <None Include="srtp.def" /> + </ItemGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> + <ImportGroup Label="ExtensionTargets"> + </ImportGroup> +</Project> \ No newline at end of file diff --git a/libs/srtp/srtp2.vcxproj.filters b/libs/srtp/srtp2.vcxproj.filters index 24e040fb5b..7ac5887623 100644 --- a/libs/srtp/srtp2.vcxproj.filters +++ b/libs/srtp/srtp2.vcxproj.filters @@ -1,189 +1,180 @@ -<?xml version="1.0" encoding="utf-8"?> -<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> - <ItemGroup> - <Filter Include="Source Files"> - <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> - <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> - </Filter> - <Filter Include="Source Files\Kernel"> - <UniqueIdentifier>{c23c2703-7a15-4b7e-be1c-0555b7d0f8e1}</UniqueIdentifier> - </Filter> - <Filter Include="Source Files\Ciphers"> - <UniqueIdentifier>{43e45f3f-795e-4f2a-8801-3e19b7801d07}</UniqueIdentifier> - </Filter> - <Filter Include="Source Files\Hashes"> - <UniqueIdentifier>{11a7bf2a-6706-4c35-8e91-f58bef0f8669}</UniqueIdentifier> - </Filter> - <Filter Include="Source Files\Replay"> - <UniqueIdentifier>{237501ce-7043-44c7-a895-df2ceae6c8cd}</UniqueIdentifier> - </Filter> - <Filter Include="Source Files\Math"> - <UniqueIdentifier>{2a11592a-e474-4a50-bb3a-e4f039633257}</UniqueIdentifier> - </Filter> - <Filter Include="Header Files"> - <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> - <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions> - </Filter> - <Filter Include="Resource Files"> - <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> - <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions> - </Filter> - </ItemGroup> - <ItemGroup> - <ClCompile Include="srtp\ekt.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="srtp\srtp.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="crypto\kernel\alloc.c"> - <Filter>Source Files\Kernel</Filter> - </ClCompile> - <ClCompile Include="crypto\kernel\crypto_kernel.c"> - <Filter>Source Files\Kernel</Filter> - </ClCompile> - <ClCompile Include="crypto\kernel\err.c"> - <Filter>Source Files\Kernel</Filter> - </ClCompile> - <ClCompile Include="crypto\kernel\key.c"> - <Filter>Source Files\Kernel</Filter> - </ClCompile> - <ClCompile Include="crypto\cipher\aes.c"> - <Filter>Source Files\Ciphers</Filter> - </ClCompile> - <ClCompile Include="crypto\cipher\aes_icm.c"> - <Filter>Source Files\Ciphers</Filter> - </ClCompile> - <ClCompile Include="crypto\cipher\cipher.c"> - <Filter>Source Files\Ciphers</Filter> - </ClCompile> - <ClCompile Include="crypto\cipher\null_cipher.c"> - <Filter>Source Files\Ciphers</Filter> - </ClCompile> - <ClCompile Include="crypto\hash\auth.c"> - <Filter>Source Files\Hashes</Filter> - </ClCompile> - <ClCompile Include="crypto\hash\hmac.c"> - <Filter>Source Files\Hashes</Filter> - </ClCompile> - <ClCompile Include="crypto\hash\null_auth.c"> - <Filter>Source Files\Hashes</Filter> - </ClCompile> - <ClCompile Include="crypto\hash\sha1.c"> - <Filter>Source Files\Hashes</Filter> - </ClCompile> - <ClCompile Include="crypto\replay\rdb.c"> - <Filter>Source Files\Replay</Filter> - </ClCompile> - <ClCompile Include="crypto\replay\rdbx.c"> - <Filter>Source Files\Replay</Filter> - </ClCompile> - <ClCompile Include="crypto\replay\ut_sim.c"> - <Filter>Source Files\Replay</Filter> - </ClCompile> - <ClCompile Include="crypto\math\datatypes.c"> - <Filter>Source Files\Math</Filter> - </ClCompile> - <ClCompile Include="crypto\math\stat.c"> - <Filter>Source Files\Math</Filter> - </ClCompile> - </ItemGroup> - <ItemGroup> - <ClInclude Include="crypto\include\aes.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\aes_cbc.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\aes_icm.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\alloc.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\auth.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\cipher.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\cipher_types.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\config.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\crypto.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\crypto_kernel.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\crypto_types.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\cryptoalg.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\datatypes.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="include\ekt.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\err.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\gf2_8.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\hmac.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\integers.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\key.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\null_auth.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\null_cipher.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\prng.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\rand_source.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\rdb.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\rdbx.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\sha1.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="include\srtp.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="include\srtp_priv.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="crypto\include\stat.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="include\ut_sim.h"> - <Filter>Header Files</Filter> - </ClInclude> - </ItemGroup> - <ItemGroup> - <None Include="config.hw" /> - <None Include="srtp.def"> - <Filter>Source Files</Filter> - </None> - </ItemGroup> -</Project> +<?xml version="1.0" encoding="utf-8"?> +<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup> + <Filter Include="Source Files"> + <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> + <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> + </Filter> + <Filter Include="Source Files\Kernel"> + <UniqueIdentifier>{c23c2703-7a15-4b7e-be1c-0555b7d0f8e1}</UniqueIdentifier> + </Filter> + <Filter Include="Source Files\Ciphers"> + <UniqueIdentifier>{43e45f3f-795e-4f2a-8801-3e19b7801d07}</UniqueIdentifier> + </Filter> + <Filter Include="Source Files\Hashes"> + <UniqueIdentifier>{11a7bf2a-6706-4c35-8e91-f58bef0f8669}</UniqueIdentifier> + </Filter> + <Filter Include="Source Files\Replay"> + <UniqueIdentifier>{237501ce-7043-44c7-a895-df2ceae6c8cd}</UniqueIdentifier> + </Filter> + <Filter Include="Source Files\Math"> + <UniqueIdentifier>{2a11592a-e474-4a50-bb3a-e4f039633257}</UniqueIdentifier> + </Filter> + <Filter Include="Header Files"> + <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> + <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions> + </Filter> + <Filter Include="Resource Files"> + <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> + <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions> + </Filter> + </ItemGroup> + <ItemGroup> + <ClCompile Include="srtp\srtp.c"> + <Filter>Source Files</Filter> + </ClCompile> + <ClCompile Include="crypto\kernel\alloc.c"> + <Filter>Source Files\Kernel</Filter> + </ClCompile> + <ClCompile Include="crypto\kernel\crypto_kernel.c"> + <Filter>Source Files\Kernel</Filter> + </ClCompile> + <ClCompile Include="crypto\kernel\err.c"> + <Filter>Source Files\Kernel</Filter> + </ClCompile> + <ClCompile Include="crypto\kernel\key.c"> + <Filter>Source Files\Kernel</Filter> + </ClCompile> + <ClCompile Include="crypto\cipher\aes.c"> + <Filter>Source Files\Ciphers</Filter> + </ClCompile> + <ClCompile Include="crypto\cipher\aes_icm.c"> + <Filter>Source Files\Ciphers</Filter> + </ClCompile> + <ClCompile Include="crypto\cipher\cipher.c"> + <Filter>Source Files\Ciphers</Filter> + </ClCompile> + <ClCompile Include="crypto\cipher\null_cipher.c"> + <Filter>Source Files\Ciphers</Filter> + </ClCompile> + <ClCompile Include="crypto\hash\auth.c"> + <Filter>Source Files\Hashes</Filter> + </ClCompile> + <ClCompile Include="crypto\hash\hmac.c"> + <Filter>Source Files\Hashes</Filter> + </ClCompile> + <ClCompile Include="crypto\hash\null_auth.c"> + <Filter>Source Files\Hashes</Filter> + </ClCompile> + <ClCompile Include="crypto\hash\sha1.c"> + <Filter>Source Files\Hashes</Filter> + </ClCompile> + <ClCompile Include="crypto\replay\rdb.c"> + <Filter>Source Files\Replay</Filter> + </ClCompile> + <ClCompile Include="crypto\replay\rdbx.c"> + <Filter>Source Files\Replay</Filter> + </ClCompile> + <ClCompile Include="crypto\math\datatypes.c"> + <Filter>Source Files\Math</Filter> + </ClCompile> + <ClCompile Include="crypto\cipher\cipher_test_cases.c"> + <Filter>Source Files</Filter> + </ClCompile> + <ClCompile Include="crypto\hash\auth_test_cases.c"> + <Filter>Source Files</Filter> + </ClCompile> + </ItemGroup> + <ItemGroup> + <ClInclude Include="crypto\include\aes.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\aes_cbc.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\aes_icm.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\alloc.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\auth.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\cipher.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\cipher_types.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\config.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\crypto.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\crypto_kernel.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\crypto_types.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\cryptoalg.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\datatypes.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="include\ekt.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\err.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\gf2_8.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\hmac.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\integers.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\key.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\null_auth.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\null_cipher.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\prng.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\rand_source.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\rdb.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\rdbx.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="crypto\include\sha1.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="include\srtp.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="include\srtp_priv.h"> + <Filter>Header Files</Filter> + </ClInclude> + </ItemGroup> + <ItemGroup> + <None Include="config.hw" /> + <None Include="srtp.def"> + <Filter>Source Files</Filter> + </None> + </ItemGroup> +</Project> \ No newline at end of file diff --git a/libs/srtp/test/Makefile.am b/libs/srtp/test/Makefile.am deleted file mode 100644 index 444f730431..0000000000 --- a/libs/srtp/test/Makefile.am +++ /dev/null @@ -1,33 +0,0 @@ -AUTOMAKE_OPTIONS = gnu -AM_CFLAGS = $(new_AM_CFLAGS) -I$(top_srcdir)/include -I$(top_srcdir)/crypto/include -AM_CPPFLAGS = $(AM_CFLAGS) -AM_LDFLAGS = $(new_AM_LDFLAGS) -L$(srcdir) -lsrtp - -check_PROGRAMS = cipher_driver kernel_driver rdbx_driver srtp_driver roc_driver replay_driver \ - aes_calc datatypes_driver sha1_driver stat_driver rtpw - -cipher_driver_SOURCES = crypto/cipher_driver.c -kernel_driver_SOURCES = crypto/kernel_driver.c -aes_calc_SOURCES = crypto/aes_calc.c -datatypes_driver_SOURCES = crypto/datatypes_driver.c -sha1_driver_SOURCES = crypto/sha1_driver.c -stat_driver_SOURCES = crypto/stat_driver.c -rdbx_driver_SOURCES = rdbx_driver.c -srtp_driver_SOURCES = srtp_driver.c -roc_driver_SOURCES = roc_driver.c -replay_driver_SOURCES = replay_driver.c -rtpw_SOURCES = rtpw.c rtp.c -rtpw_LDADD = -lnsl -lsocket - -check-local: cipher_driver - ./cipher_driver -v - ./kernel_driver -v - ./rdbx_driver -v - ./srtp_driver -v - ./roc_driver -v - ./replay_driver -v - ./datatypes_driver -v - ./stat_driver - ./sha1_driver -v - ./kernel_driver -v - diff --git a/libs/srtp/test/dtls_srtp_driver.c b/libs/srtp/test/dtls_srtp_driver.c deleted file mode 100644 index 4f4d0a39b3..0000000000 --- a/libs/srtp/test/dtls_srtp_driver.c +++ /dev/null @@ -1,261 +0,0 @@ -/* - * dtls_srtp_driver.c - * - * test driver for DTLS-SRTP functions - * - * David McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2017 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include <stdio.h> /* for printf() */ -#include "getopt_s.h" /* for local getopt() */ -#include "srtp_priv.h" - -srtp_err_status_t test_dtls_srtp(void); - -srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc); - -void usage(char *prog_name) -{ - printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n" - " -d <mod> turn on debugging module <mod>\n" - " -l list debugging modules\n", - prog_name); - exit(1); -} - -int main(int argc, char *argv[]) -{ - unsigned do_list_mods = 0; - int q; - srtp_err_status_t err; - - printf("dtls_srtp_driver\n"); - - /* initialize srtp library */ - err = srtp_init(); - if (err) { - printf("error: srtp init failed with error code %d\n", err); - exit(1); - } - - /* process input arguments */ - while (1) { - q = getopt_s(argc, argv, "ld:"); - if (q == -1) - break; - switch (q) { - case 'l': - do_list_mods = 1; - break; - case 'd': - err = srtp_crypto_kernel_set_debug_module(optarg_s, 1); - if (err) { - printf("error: set debug module (%s) failed\n", optarg_s); - exit(1); - } - break; - default: - usage(argv[0]); - } - } - - if (do_list_mods) { - err = srtp_crypto_kernel_list_debug_modules(); - if (err) { - printf("error: list of debug modules failed\n"); - exit(1); - } - } - - printf("testing dtls_srtp..."); - err = test_dtls_srtp(); - if (err) { - printf("\nerror (code %d)\n", err); - exit(1); - } - printf("passed\n"); - - /* shut down srtp library */ - err = srtp_shutdown(); - if (err) { - printf("error: srtp shutdown failed with error code %d\n", err); - exit(1); - } - - return 0; -} - -srtp_err_status_t test_dtls_srtp(void) -{ - srtp_hdr_t *test_packet; - int test_packet_len = 80; - srtp_t s; - srtp_policy_t policy; - uint8_t key[SRTP_MAX_KEY_LEN]; - uint8_t salt[SRTP_MAX_KEY_LEN]; - unsigned int key_len, salt_len; - srtp_profile_t profile; - srtp_err_status_t err; - - memset(&policy, 0x0, sizeof(srtp_policy_t)); - - /* create a 'null' SRTP session */ - err = srtp_create(&s, NULL); - if (err) - return err; - - /* - * verify that packet-processing functions behave properly - we - * expect that these functions will return srtp_err_status_no_ctx - */ - test_packet = srtp_create_test_packet(80, 0xa5a5a5a5); - if (test_packet == NULL) - return srtp_err_status_alloc_fail; - - err = srtp_protect(s, test_packet, &test_packet_len); - if (err != srtp_err_status_no_ctx) { - printf("wrong return value from srtp_protect() (got code %d)\n", err); - return srtp_err_status_fail; - } - - err = srtp_unprotect(s, test_packet, &test_packet_len); - if (err != srtp_err_status_no_ctx) { - printf("wrong return value from srtp_unprotect() (got code %d)\n", err); - return srtp_err_status_fail; - } - - err = srtp_protect_rtcp(s, test_packet, &test_packet_len); - if (err != srtp_err_status_no_ctx) { - printf("wrong return value from srtp_protect_rtcp() (got code %d)\n", - err); - return srtp_err_status_fail; - } - - err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len); - if (err != srtp_err_status_no_ctx) { - printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n", - err); - return srtp_err_status_fail; - } - - /* - * set keys to known values for testing - */ - profile = srtp_profile_aes128_cm_sha1_80; - key_len = srtp_profile_get_master_key_length(profile); - salt_len = srtp_profile_get_master_salt_length(profile); - memset(key, 0xff, key_len); - memset(salt, 0xee, salt_len); - srtp_append_salt_to_key(key, key_len, salt, salt_len); - policy.key = key; - - /* initialize SRTP policy from profile */ - err = srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile); - if (err) - return err; - err = srtp_crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile); - if (err) - return err; - policy.ssrc.type = ssrc_any_inbound; - policy.ekt = NULL; - policy.window_size = 128; - policy.allow_repeat_tx = 0; - policy.next = NULL; - - err = srtp_add_stream(s, &policy); - if (err) - return err; - - err = srtp_dealloc(s); - if (err) - return err; - - free(test_packet); - - return srtp_err_status_ok; -} - -/* - * srtp_create_test_packet(len, ssrc) returns a pointer to a - * (malloced) example RTP packet whose data field has the length given - * by pkt_octet_len and the SSRC value ssrc. The total length of the - * packet is twelve octets longer, since the header is at the - * beginning. There is room at the end of the packet for a trailer, - * and the four octets following the packet are filled with 0xff - * values to enable testing for overwrites. - * - * note that the location of the test packet can (and should) be - * deallocated with the free() call once it is no longer needed. - */ - -srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) -{ - int i; - uint8_t *buffer; - srtp_hdr_t *hdr; - int bytes_in_hdr = 12; - - /* allocate memory for test packet */ - hdr = malloc(pkt_octet_len + bytes_in_hdr + SRTP_MAX_TRAILER_LEN + 4); - if (!hdr) - return NULL; - - hdr->version = 2; /* RTP version two */ - hdr->p = 0; /* no padding needed */ - hdr->x = 0; /* no header extension */ - hdr->cc = 0; /* no CSRCs */ - hdr->m = 0; /* marker bit */ - hdr->pt = 0xf; /* payload type */ - hdr->seq = htons(0x1234); /* sequence number */ - hdr->ts = htonl(0xdecafbad); /* timestamp */ - hdr->ssrc = htonl(ssrc); /* synch. source */ - - buffer = (uint8_t *)hdr; - buffer += bytes_in_hdr; - - /* set RTP data to 0xab */ - for (i = 0; i < pkt_octet_len; i++) - *buffer++ = 0xab; - - /* set post-data value to 0xffff to enable overrun checking */ - for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) - *buffer++ = 0xff; - - return hdr; -} diff --git a/libs/srtp/test/getopt_s.c b/libs/srtp/test/getopt_s.c index ab631878a4..e0bd7f77ed 100644 --- a/libs/srtp/test/getopt_s.c +++ b/libs/srtp/test/getopt_s.c @@ -58,8 +58,9 @@ static int getopt_check_character(char c, const char *string) while (*string != 0) { if (max_string_len == 0) { - return '?'; + return GETOPT_NOT_FOUND; } + max_string_len--; if (*string++ == c) { if (*string == ':') { return GETOPT_FOUND_WITH_ARGUMENT; diff --git a/libs/srtp/include/getopt_s.h b/libs/srtp/test/getopt_s.h similarity index 100% rename from libs/srtp/include/getopt_s.h rename to libs/srtp/test/getopt_s.h diff --git a/libs/srtp/test/meson.build b/libs/srtp/test/meson.build new file mode 100644 index 0000000000..4a67912ebb --- /dev/null +++ b/libs/srtp/test/meson.build @@ -0,0 +1,77 @@ +# test suite + +# XXX: Makefile only runs test_srtp and srtp_driver with valgrind +add_test_setup('valgrind', + exe_wrapper: ['valgrind', '--leak-check=full'], + timeout_multiplier: 10) + +test_apps = [ + ['srtp_driver', {'extra_sources': 'util.c', 'run_args': '-v'}], + ['replay_driver', {'extra_sources': 'ut_sim.c', 'run_args': '-v'}], + ['roc_driver', {'extra_sources': 'ut_sim.c', 'run_args': '-v'}], + ['rdbx_driver', {'extra_sources': 'ut_sim.c', 'run_args': '-v'}], + ['test_srtp', {'run_args': '-v'}], + ['rtpw', {'extra_sources': ['rtp.c', 'util.c', '../crypto/math/datatypes.c'], 'define_test': false}], +] + +foreach t : test_apps + test_name = t.get(0) + test_dict = t.get(1, {}) + test_extra_sources = test_dict.get('extra_sources', []) + test_run_args = test_dict.get('run_args', []) + + test_exe = executable(test_name, + '@0@.c'.format(test_name), 'getopt_s.c', test_extra_sources, + include_directories: [config_incs, crypto_incs, srtp2_incs, test_incs], + dependencies: [srtp2_deps, syslibs], + link_with: libsrtp2_for_tests) + + if test_dict.get('define_test', true) + test(test_name, test_exe, args: test_run_args) + else + set_variable(test_name + '_exe', test_exe) + endif +endforeach + +# rtpw test needs to be run using shell scripts +can_run_rtpw = find_program('sh', 'bash', required: false).found() + +# Meson only passes the exe_wrapper to shell scripts starting 0.55 +if meson.is_cross_build() and meson.version().version_compare('<0.55') + can_run_rtpw = false +endif + +if can_run_rtpw + words_txt = files('words.txt') + + rtpw_test_sh = find_program('rtpw_test.sh', required: false) + if rtpw_test_sh.found() + test('rtpw_test', rtpw_test_sh, + args: ['-w', words_txt], + depends: rtpw_exe, + is_parallel: false, + workdir: meson.current_build_dir()) + endif + + rtpw_test_gcm_sh = find_program('rtpw_test_gcm.sh', required: false) + if (use_openssl or use_nss) and rtpw_test_gcm_sh.found() + test('rtpw_test_gcm', rtpw_test_gcm_sh, + args: ['-w', words_txt], + depends: rtpw_exe, + is_parallel: false, + workdir: meson.current_build_dir()) + endif +endif + +# rtp_decoder +pcap_dep = dependency('libpcap', required: get_option('pcap-tests')) + +if pcap_dep.found() + executable('rtp_decoder', + 'rtp_decoder.c', 'getopt_s.c', 'rtp.c', 'util.c', 'getopt_s.c', + '../crypto/math/datatypes.c', + include_directories: [config_incs, crypto_incs, srtp2_incs, test_incs], + dependencies: [srtp2_deps, pcap_dep, syslibs], + link_with: libsrtp2, + install: false) +endif diff --git a/libs/srtp/test/rdbx_driver.c b/libs/srtp/test/rdbx_driver.c index 609ce9c8e4..430e28389a 100644 --- a/libs/srtp/test/rdbx_driver.c +++ b/libs/srtp/test/rdbx_driver.c @@ -50,6 +50,7 @@ #include "getopt_s.h" /* for local getopt() */ #include "rdbx.h" +#include "cipher_priv.h" #ifdef ROC_TEST #error "srtp_rdbx_t won't work with ROC_TEST - bitmask same size as seq_median" @@ -129,13 +130,6 @@ int main(int argc, char *argv[]) return 0; } -void print_rdbx(srtp_rdbx_t *rdbx) -{ - char buf[2048]; - printf("rdbx: {%llu, %s}\n", (unsigned long long)(rdbx->index), - bitvector_bit_string(&rdbx->bitmask, buf, sizeof(buf))); -} - /* * rdbx_check_add(rdbx, idx) checks a known-to-be-good idx against * rdbx, then adds it. if a failure is detected (i.e., the check @@ -305,7 +299,7 @@ srtp_err_status_t test_replay_dbx(int num_trials, unsigned long ws) */ printf("\ttesting insertion with large gaps..."); for (idx = 0, ircvd = 0; (int)idx < num_trials; - idx++, ircvd += (1 << (rand() % 12))) { + idx++, ircvd += (1 << (srtp_cipher_rand_u32_for_tests() % 12))) { status = rdbx_check_add(&rdbx, ircvd); if (status) return status; @@ -320,8 +314,7 @@ srtp_err_status_t test_replay_dbx(int num_trials, unsigned long ws) return srtp_err_status_ok; } -#include <time.h> /* for clock() */ -#include <stdlib.h> /* for random() */ +#include <time.h> /* for clock() */ double rdbx_check_adds_per_second(int num_trials, unsigned long ws) { @@ -348,6 +341,9 @@ double rdbx_check_adds_per_second(int num_trials, unsigned long ws) ++failures; } timer = clock() - timer; + if (timer < 1) { + timer = 1; + } printf("number of failures: %d \n", failures); diff --git a/libs/srtp/test/replay_driver.c b/libs/srtp/test/replay_driver.c index a88224684f..9807e50c12 100644 --- a/libs/srtp/test/replay_driver.c +++ b/libs/srtp/test/replay_driver.c @@ -52,6 +52,8 @@ #include "rdb.h" #include "ut_sim.h" +#include "cipher_priv.h" + /* * num_trials defines the number of trials that are used in the * validation functions below @@ -80,12 +82,6 @@ int main(void) return 0; } -void print_rdb(srtp_rdb_t *rdb) -{ - printf("rdb: {%u, %s}\n", rdb->window_start, - v128_bit_string(&rdb->bitmask)); -} - srtp_err_status_t rdb_check_add(srtp_rdb_t *rdb, uint32_t idx) { if (srtp_rdb_check(rdb, idx) != srtp_err_status_ok) { @@ -189,7 +185,7 @@ srtp_err_status_t test_rdb_db() /* test insertion with large gaps */ for (idx = 0, ircvd = 0; idx < num_trials; - idx++, ircvd += (1 << (rand() % 10))) { + idx++, ircvd += (1 << (srtp_cipher_rand_u32_for_tests() % 10))) { err = rdb_check_add(&rdb, ircvd); if (err) return err; diff --git a/libs/srtp/test/roc_driver.c b/libs/srtp/test/roc_driver.c index d61ba8ef24..439862039a 100644 --- a/libs/srtp/test/roc_driver.c +++ b/libs/srtp/test/roc_driver.c @@ -97,7 +97,7 @@ srtp_err_status_t roc_test(int num_trials) printf("\n\ttesting sequential insertion..."); for (i = 0; i < 2048; i++) { - delta = srtp_index_guess(&local, &est, (uint16_t)ref); + srtp_index_guess(&local, &est, (uint16_t)ref); #if ROC_VERBOSE printf("%lld, %lld, %d\n", ref, est, i); #endif diff --git a/libs/srtp/test/rtp.c b/libs/srtp/test/rtp.c index f60a9b11b2..70248ee2b5 100644 --- a/libs/srtp/test/rtp.c +++ b/libs/srtp/test/rtp.c @@ -53,6 +53,8 @@ #include <sys/socket.h> #endif +#include "cipher_priv.h" + #define PRINT_DEBUG 0 /* set to 1 to print out debugging data */ #define VERBOSE_DEBUG 0 /* set to 1 to print out more data */ @@ -148,7 +150,7 @@ int rtp_sender_init(rtp_sender_t sender, /* set header values */ sender->message.header.ssrc = htonl(ssrc); sender->message.header.ts = 0; - sender->message.header.seq = (uint16_t)rand(); + sender->message.header.seq = (uint16_t)srtp_cipher_rand_u32_for_tests(); sender->message.header.m = 0; sender->message.header.pt = 0x1; sender->message.header.version = 2; diff --git a/libs/srtp/test/rtp_decoder.c b/libs/srtp/test/rtp_decoder.c index d718a2b3ad..137e7e6b39 100644 --- a/libs/srtp/test/rtp_decoder.c +++ b/libs/srtp/test/rtp_decoder.c @@ -83,23 +83,76 @@ #define MAX_KEY_LEN 96 #define MAX_FILTER 256 +#define MAX_FILE 255 struct srtp_crypto_suite { const char *can_name; + int gcm_on; int key_size; int tag_size; }; static struct srtp_crypto_suite srtp_crypto_suites[] = { - {.can_name = "AES_CM_128_HMAC_SHA1_32", .key_size = 128, .tag_size = 4 }, #if 0 - {.can_name = "F8_128_HMAC_SHA1_32", .key_size = 128, .tag_size = 4}, + {.can_name = "F8_128_HMAC_SHA1_32", .gcm_on = 0, .key_size = 128, .tag_size = 4}, #endif - {.can_name = "AES_CM_128_HMAC_SHA1_32", .key_size = 128, .tag_size = 4 }, - {.can_name = "AES_CM_128_HMAC_SHA1_80", .key_size = 128, .tag_size = 10 }, + {.can_name = "AES_CM_128_HMAC_SHA1_32", + .gcm_on = 0, + .key_size = 128, + .tag_size = 4 }, + {.can_name = "AES_CM_128_HMAC_SHA1_80", + .gcm_on = 0, + .key_size = 128, + .tag_size = 10 }, + {.can_name = "AES_192_CM_HMAC_SHA1_32", + .gcm_on = 0, + .key_size = 192, + .tag_size = 4 }, + {.can_name = "AES_192_CM_HMAC_SHA1_80", + .gcm_on = 0, + .key_size = 192, + .tag_size = 10 }, + {.can_name = "AES_256_CM_HMAC_SHA1_32", + .gcm_on = 0, + .key_size = 256, + .tag_size = 4 }, + {.can_name = "AES_256_CM_HMAC_SHA1_80", + .gcm_on = 0, + .key_size = 256, + .tag_size = 10 }, + {.can_name = "AEAD_AES_128_GCM", + .gcm_on = 1, + .key_size = 128, + .tag_size = 16 }, + {.can_name = "AEAD_AES_256_GCM", + .gcm_on = 1, + .key_size = 256, + .tag_size = 16 }, {.can_name = NULL } }; +void rtp_decoder_srtp_log_handler(srtp_log_level_t level, + const char *msg, + void *data) +{ + char level_char = '?'; + switch (level) { + case srtp_log_level_error: + level_char = 'e'; + break; + case srtp_log_level_warning: + level_char = 'w'; + break; + case srtp_log_level_info: + level_char = 'i'; + break; + case srtp_log_level_debug: + level_char = 'd'; + break; + } + fprintf(stderr, "SRTP-LOG [%c]: %s\n", level_char, msg); +} + int main(int argc, char *argv[]) { char errbuf[PCAP_ERRBUF_SIZE]; @@ -112,15 +165,18 @@ int main(int argc, char *argv[]) int c; struct srtp_crypto_suite scs, *i_scsp; scs.key_size = 128; - scs.tag_size = 8; + scs.tag_size = 0; int gcm_on = 0; char *input_key = NULL; int b64_input = 0; char key[MAX_KEY_LEN]; struct bpf_program fp; char filter_exp[MAX_FILTER] = ""; + char pcap_file[MAX_FILE] = "-"; + int rtp_packet_offset = DEFAULT_RTP_OFFSET; rtp_decoder_t dec; - srtp_policy_t policy; + srtp_policy_t policy = { { 0 } }; + rtp_decoder_mode_t mode = mode_rtp; srtp_err_status_t status; int len; int expected_len; @@ -138,9 +194,15 @@ int main(int argc, char *argv[]) exit(1); } + status = srtp_install_log_handler(rtp_decoder_srtp_log_handler, NULL); + if (status) { + fprintf(stderr, "error: install log handler failed\n"); + exit(1); + } + /* check args */ while (1) { - c = getopt_s(argc, argv, "b:k:gt:ae:ld:f:s:"); + c = getopt_s(argc, argv, "b:k:gt:ae:ld:f:s:m:p:o:"); if (c == -1) { break; } @@ -153,10 +215,12 @@ int main(int argc, char *argv[]) break; case 'e': scs.key_size = atoi(optarg_s); - if (scs.key_size != 128 && scs.key_size != 256) { - fprintf(stderr, - "error: encryption key size must be 128 or 256 (%d)\n", - scs.key_size); + if (scs.key_size != 128 && scs.key_size != 192 && + scs.key_size != 256) { + fprintf( + stderr, + "error: encryption key size must be 128, 192 or 256 (%d)\n", + scs.key_size); exit(1); } input_key = malloc(scs.key_size); @@ -173,7 +237,7 @@ int main(int argc, char *argv[]) sec_servs |= sec_serv_auth; break; case 'd': - status = srtp_crypto_kernel_set_debug_module(optarg_s, 1); + status = srtp_set_debug_module(optarg_s, 1); if (status) { fprintf(stderr, "error: set debug module (%s) failed\n", optarg_s); @@ -207,20 +271,59 @@ int main(int argc, char *argv[]) scs = *i_scsp; input_key = malloc(scs.key_size); sec_servs |= sec_serv_conf | sec_serv_auth; + gcm_on = scs.gcm_on; + break; + case 'm': + if (strcasecmp("rtp", optarg_s) == 0) { + mode = mode_rtp; + } else if (strcasecmp("rtcp", optarg_s) == 0) { + mode = mode_rtcp; + } else if (strcasecmp("rtcp-mux", optarg_s) == 0) { + mode = mode_rtcp_mux; + } else { + fprintf(stderr, "Unknown/unsupported mode %s\n", optarg_s); + exit(1); + } + break; + case 'p': + if (strlen(optarg_s) > MAX_FILE) { + fprintf(stderr, + "error: pcap file path bigger than %d characters\n", + MAX_FILE); + exit(1); + } + strcpy(pcap_file, optarg_s); + break; + case 'o': + rtp_packet_offset = atoi(optarg_s); break; default: usage(argv[0]); } } + if (scs.tag_size == 0) { + if (gcm_on) { + scs.tag_size = 16; + } else { + scs.tag_size = 10; + } + } + if (gcm_on && scs.tag_size != 8 && scs.tag_size != 16) { fprintf(stderr, "error: GCM tag size must be 8 or 16 (%d)\n", scs.tag_size); - // exit(1); + exit(1); + } + + if (!gcm_on && scs.tag_size != 4 && scs.tag_size != 10) { + fprintf(stderr, "error: non GCM tag size must be 4 or 10 (%d)\n", + scs.tag_size); + exit(1); } if (do_list_mods) { - status = srtp_crypto_kernel_list_debug_modules(); + status = srtp_list_debug_modules(); if (status) { fprintf(stderr, "error: list of debug modules failed\n"); exit(1); @@ -266,12 +369,24 @@ int main(int argc, char *argv[]) #ifdef OPENSSL switch (scs.key_size) { case 128: - srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); - srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); + if (scs.tag_size == 16) { + srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); + srtp_crypto_policy_set_aes_gcm_128_16_auth( + &policy.rtcp); + } else { + srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); + srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); + } break; case 256: - srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp); - srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp); + if (scs.tag_size == 16) { + srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp); + srtp_crypto_policy_set_aes_gcm_256_16_auth( + &policy.rtcp); + } else { + srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp); + srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp); + } break; } #else @@ -282,12 +397,51 @@ int main(int argc, char *argv[]) } else { switch (scs.key_size) { case 128: - srtp_crypto_policy_set_rtp_default(&policy.rtp); - srtp_crypto_policy_set_rtcp_default(&policy.rtcp); + if (scs.tag_size == 4) { + srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32( + &policy.rtp); + srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80( + &policy.rtcp); + } else { + srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80( + &policy.rtp); + srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80( + &policy.rtcp); + } + break; + case 192: +#ifdef OPENSSL + if (scs.tag_size == 4) { + srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32( + &policy.rtp); + srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80( + &policy.rtcp); + } else { + srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80( + &policy.rtp); + srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80( + &policy.rtcp); + } +#else + fprintf(stderr, + "error: AES 192 mode only supported when using the " + "OpenSSL crypto engine.\n"); + return 0; + +#endif break; case 256: - srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp); - srtp_crypto_policy_set_rtcp_default(&policy.rtcp); + if (scs.tag_size == 4) { + srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32( + &policy.rtp); + srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80( + &policy.rtcp); + } else { + srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80( + &policy.rtp); + srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80( + &policy.rtcp); + } break; } } @@ -302,11 +456,26 @@ int main(int argc, char *argv[]) switch (scs.key_size) { case 128: srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp); - srtp_crypto_policy_set_rtcp_default(&policy.rtcp); + srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80( + &policy.rtcp); + break; + case 192: +#ifdef OPENSSL + srtp_crypto_policy_set_aes_cm_192_null_auth(&policy.rtp); + srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80( + &policy.rtcp); +#else + fprintf(stderr, + "error: AES 192 mode only supported when using the " + "OpenSSL crypto engine.\n"); + return 0; + +#endif break; case 256: srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp); - srtp_crypto_policy_set_rtcp_default(&policy.rtcp); + srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80( + &policy.rtcp); break; } } @@ -342,7 +511,6 @@ int main(int argc, char *argv[]) } policy.key = (uint8_t *)key; - policy.ekt = NULL; policy.next = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; @@ -353,7 +521,7 @@ int main(int argc, char *argv[]) policy.rtp.auth_tag_len = scs.tag_size; if (gcm_on && scs.tag_size != 8) { - fprintf(stderr, "setted tag len %d\n", scs.tag_size); + fprintf(stderr, "set tag len %d\n", scs.tag_size); policy.rtp.auth_tag_len = scs.tag_size; } @@ -365,11 +533,7 @@ int main(int argc, char *argv[]) int pad; expected_len = policy.rtp.cipher_key_len * 4 / 3; len = base64_string_to_octet_string(key, &pad, input_key, - expected_len); - if (pad != 0) { - fprintf(stderr, "error: padding in base64 unexpected\n"); - exit(1); - } + strlen(input_key)); } else { expected_len = policy.rtp.cipher_key_len * 2; len = hex_string_to_octet_string(key, input_key, expected_len); @@ -388,17 +552,20 @@ int main(int argc, char *argv[]) exit(1); } + int key_octets = (scs.key_size / 8); + int salt_octets = policy.rtp.cipher_key_len - key_octets; fprintf(stderr, "set master key/salt to %s/", - octet_string_hex_string(key, 16)); - fprintf(stderr, "%s\n", octet_string_hex_string(key + 16, 14)); + octet_string_hex_string(key, key_octets)); + fprintf(stderr, "%s\n", + octet_string_hex_string(key + key_octets, salt_octets)); } else { fprintf(stderr, - "error: neither encryption or authentication were selected"); + "error: neither encryption or authentication were selected\n"); exit(1); } - pcap_handle = pcap_open_offline("-", errbuf); + pcap_handle = pcap_open_offline(pcap_file, errbuf); if (!pcap_handle) { fprintf(stderr, "libpcap failed to open file '%s'\n", errbuf); @@ -421,11 +588,22 @@ int main(int argc, char *argv[]) exit(1); } fprintf(stderr, "Starting decoder\n"); - rtp_decoder_init(dec, policy); + if (rtp_decoder_init(dec, policy, mode, rtp_packet_offset)) { + fprintf(stderr, "error: init failed\n"); + exit(1); + } pcap_loop(pcap_handle, 0, rtp_decoder_handle_pkt, (u_char *)dec); - rtp_decoder_deinit_srtp(dec); + if (dec->mode == mode_rtp || dec->mode == mode_rtcp_mux) { + fprintf(stderr, "RTP packets decoded: %d\n", dec->rtp_cnt); + } + if (dec->mode == mode_rtcp || dec->mode == mode_rtcp_mux) { + fprintf(stderr, "RTCP packets decoded: %d\n", dec->rtcp_cnt); + } + fprintf(stderr, "Packet decode errors: %d\n", dec->error_cnt); + + rtp_decoder_deinit(dec); rtp_decoder_dealloc(dec); status = srtp_shutdown(); @@ -442,7 +620,8 @@ void usage(char *string) { fprintf( stderr, - "usage: %s [-d <debug>]* [[-k][-b] <key> [-a][-e]]\n" + "usage: %s [-d <debug>]* [[-k][-b] <key>] [-a][-t][-e] [-s " + "<srtp-crypto-suite>] [-m <mode>]\n" "or %s -l\n" "where -a use message authentication\n" " -e <key size> use encryption (use 128 or 256 for key size)\n" @@ -454,7 +633,10 @@ void usage(char *string) " -f \"<pcap filter>\" to filter only the desired SRTP packets\n" " -d <debug> turn on debugging for module <debug>\n" " -s \"<srtp-crypto-suite>\" to set both key and tag size based\n" - " on RFC4568-style crypto suite specification\n", + " on RFC4568-style crypto suite specification\n" + " -m <mode> set the mode to be one of [rtp]|rtcp|rtcp-mux\n" + " -p <pcap file> path to pcap file (defaults to stdin)\n" + " -o byte offset of RTP packet in capture (defaults to 42)\n", string, string); exit(1); } @@ -469,27 +651,34 @@ void rtp_decoder_dealloc(rtp_decoder_t rtp_ctx) free(rtp_ctx); } -srtp_err_status_t rtp_decoder_init_srtp(rtp_decoder_t decoder, - unsigned int ssrc) +int rtp_decoder_deinit(rtp_decoder_t decoder) { - decoder->policy.ssrc.value = htonl(ssrc); - return srtp_create(&decoder->srtp_ctx, &decoder->policy); + if (decoder->srtp_ctx) { + return srtp_dealloc(decoder->srtp_ctx); + } + return 0; } -int rtp_decoder_deinit_srtp(rtp_decoder_t decoder) +int rtp_decoder_init(rtp_decoder_t dcdr, + srtp_policy_t policy, + rtp_decoder_mode_t mode, + int rtp_packet_offset) { - return srtp_dealloc(decoder->srtp_ctx); -} - -int rtp_decoder_init(rtp_decoder_t dcdr, srtp_policy_t policy) -{ - dcdr->rtp_offset = DEFAULT_RTP_OFFSET; + dcdr->rtp_offset = rtp_packet_offset; dcdr->srtp_ctx = NULL; dcdr->start_tv.tv_usec = 0; dcdr->start_tv.tv_sec = 0; dcdr->frame_nr = -1; + dcdr->error_cnt = 0; + dcdr->rtp_cnt = 0; + dcdr->rtcp_cnt = 0; + dcdr->mode = mode; dcdr->policy = policy; - dcdr->policy.ssrc.type = ssrc_specific; + dcdr->policy.ssrc.type = ssrc_any_inbound; + + if (srtp_create(&dcdr->srtp_ctx, &dcdr->policy)) { + return 1; + } return 0; } @@ -516,6 +705,8 @@ void rtp_decoder_handle_pkt(u_char *arg, const u_char *bytes) { rtp_decoder_t dcdr = (rtp_decoder_t)arg; + rtp_msg_t message; + int rtp; int pktsize; struct timeval delta; int octets_recvd; @@ -531,7 +722,7 @@ void rtp_decoder_handle_pkt(u_char *arg, } const void *rtp_packet = bytes + dcdr->rtp_offset; - memcpy((void *)&dcdr->message, rtp_packet, hdr->caplen - dcdr->rtp_offset); + memcpy((void *)&message, rtp_packet, hdr->caplen - dcdr->rtp_offset); pktsize = hdr->caplen - dcdr->rtp_offset; octets_recvd = pktsize; @@ -539,36 +730,41 @@ void rtp_decoder_handle_pkt(u_char *arg, return; } - /* verify rtp header */ - if (dcdr->message.header.version != 2) { - return; - } - if (dcdr->srtp_ctx == NULL) { - status = rtp_decoder_init_srtp(dcdr, dcdr->message.header.ssrc); - if (status) { - exit(1); + if (dcdr->mode == mode_rtp) { + rtp = 1; + } else if (dcdr->mode == mode_rtcp) { + rtp = 0; + } else { + rtp = 1; + if (octets_recvd >= 2) { + /* rfc5761 */ + u_char payload_type = *(bytes + dcdr->rtp_offset + 1) & 0x7f; + rtp = payload_type < 64 || payload_type > 95; } } - status = srtp_unprotect(dcdr->srtp_ctx, &dcdr->message, &octets_recvd); - if (status) { - return; + + if (rtp) { + /* verify rtp header */ + if (message.header.version != 2) { + return; + } + + status = srtp_unprotect(dcdr->srtp_ctx, &message, &octets_recvd); + if (status) { + dcdr->error_cnt++; + return; + } + dcdr->rtp_cnt++; + } else { + status = srtp_unprotect_rtcp(dcdr->srtp_ctx, &message, &octets_recvd); + if (status) { + dcdr->error_cnt++; + return; + } + dcdr->rtcp_cnt++; } timersub(&hdr->ts, &dcdr->start_tv, &delta); fprintf(stdout, "%02ld:%02ld.%06ld\n", delta.tv_sec / 60, delta.tv_sec % 60, (long)delta.tv_usec); - hexdump(&dcdr->message, octets_recvd); -} - -void rtp_print_error(srtp_err_status_t status, char *message) -{ - // clang-format off - fprintf(stderr, - "error: %s %d%s\n", message, status, - status == srtp_err_status_replay_fail ? " (replay check failed)" : - status == srtp_err_status_bad_param ? " (bad param)" : - status == srtp_err_status_no_ctx ? " (no context)" : - status == srtp_err_status_cipher_fail ? " (cipher failed)" : - status == srtp_err_status_key_expired ? " (key expired)" : - status == srtp_err_status_auth_fail ? " (auth check failed)" : ""); - // clang-format on + hexdump(&message, octets_recvd); } diff --git a/libs/srtp/test/rtp_decoder.h b/libs/srtp/test/rtp_decoder.h index c8c31dd773..955caf640e 100644 --- a/libs/srtp/test/rtp_decoder.h +++ b/libs/srtp/test/rtp_decoder.h @@ -52,22 +52,26 @@ #define DEFAULT_RTP_OFFSET 42 +typedef enum { + mode_rtp = 0, + mode_rtcp, + mode_rtcp_mux, +} rtp_decoder_mode_t; + typedef struct rtp_decoder_ctx_t { srtp_policy_t policy; srtp_ctx_t *srtp_ctx; + rtp_decoder_mode_t mode; int rtp_offset; struct timeval start_tv; int frame_nr; - rtp_msg_t message; + int error_cnt; + int rtp_cnt; + int rtcp_cnt; } rtp_decoder_ctx_t; typedef struct rtp_decoder_ctx_t *rtp_decoder_t; -/* - * error to string - */ -void rtp_print_error(srtp_err_status_t status, char *message); - /* * prints the output of a random buffer in hexadecimal */ @@ -95,11 +99,19 @@ rtp_decoder_t rtp_decoder_alloc(void); void rtp_decoder_dealloc(rtp_decoder_t rtp_ctx); -int rtp_decoder_init(rtp_decoder_t dcdr, srtp_policy_t policy); +int rtp_decoder_init(rtp_decoder_t dcdr, + srtp_policy_t policy, + rtp_decoder_mode_t mode, + int rtp_packet_offset); -srtp_err_status_t rtp_decoder_init_srtp(rtp_decoder_t decoder, - unsigned int ssrc); +int rtp_decoder_deinit(rtp_decoder_t decoder); -int rtp_decoder_deinit_srtp(rtp_decoder_t decoder); +void rtp_decoder_srtp_log_handler(srtp_log_level_t level, + const char *msg, + void *data); + +void rtp_decoder_srtp_log_handler(srtp_log_level_t level, + const char *msg, + void *data); #endif /* RTP_DECODER_H */ diff --git a/libs/srtp/test/rtpw.c b/libs/srtp/test/rtpw.c index 6e7416c7f5..ad84448298 100644 --- a/libs/srtp/test/rtpw.c +++ b/libs/srtp/test/rtpw.c @@ -96,7 +96,7 @@ #ifndef HAVE_USLEEP #ifdef HAVE_WINDOWS_H -#define usleep(us) Sleep((us) / 1000) +#define usleep(us) Sleep(((DWORD)us) / 1000) #else #define usleep(us) sleep((us) / 1000000) #endif @@ -317,6 +317,7 @@ int main(int argc, char *argv[]) exit(1); } + memset(&name, 0, sizeof(struct sockaddr_in)); name.sin_addr = rcvr_addr; name.sin_family = PF_INET; name.sin_port = htons(port); @@ -364,7 +365,7 @@ int main(int argc, char *argv[]) switch (sec_servs) { case sec_serv_conf_and_auth: if (gcm_on) { -#ifdef OPENSSL +#ifdef GCM switch (key_size) { case 128: srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); @@ -377,7 +378,7 @@ int main(int argc, char *argv[]) } #else printf("error: GCM mode only supported when using the OpenSSL " - "crypto engine.\n"); + "or NSS crypto engine.\n"); return 0; #endif } else { @@ -413,7 +414,7 @@ int main(int argc, char *argv[]) break; case sec_serv_auth: if (gcm_on) { -#ifdef OPENSSL +#ifdef GCM switch (key_size) { case 128: srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp); @@ -443,7 +444,6 @@ int main(int argc, char *argv[]) policy.ssrc.type = ssrc_specific; policy.ssrc.value = ssrc; policy.key = (uint8_t *)key; - policy.ekt = NULL; policy.next = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; @@ -505,7 +505,6 @@ int main(int argc, char *argv[]) policy.ssrc.value = ssrc; policy.window_size = 0; policy.allow_repeat_tx = 0; - policy.ekt = NULL; policy.next = NULL; } @@ -670,7 +669,7 @@ void handle_signal(int signum) int setup_signal_handler(char *name) { -#if HAVE_SIGACTION +#ifdef HAVE_SIGACTION struct sigaction act; memset(&act, 0, sizeof(act)); diff --git a/libs/srtp/test/rtpw_test.sh b/libs/srtp/test/rtpw_test.sh index 238ec93c5d..8fcb35f363 100755 --- a/libs/srtp/test/rtpw_test.sh +++ b/libs/srtp/test/rtpw_test.sh @@ -41,12 +41,24 @@ case $(uname -s) in *CYGWIN*|*MINGW*) EXE=".exe" ;; - *) + *Linux*) EXE="" + if [ -n "$CRYPTO_LIBDIR" ] + then + export LD_LIBRARY_PATH="$CRYPTO_LIBDIR" + fi + ;; + *Darwin*) + EXE="" + if [ -n "$CRYPTO_LIBDIR" ] + then + export DYLD_LIBRARY_PATH="$CRYPTO_LIBDIR" + fi ;; esac RTPW=./rtpw$EXE +[ -n "$MESON_EXE_WRAPPER" ] && RTPW="$MESON_EXE_WRAPPER $RTPW" DEST_PORT=9999 DURATION=3 @@ -62,7 +74,7 @@ ARGS="-b $key -a -e 128" killall rtpw 2>/dev/null -if test -x $RTPW; then +if test -n $MESON_EXE_WRAPPER || test -x $RTPW; then echo $0 ": starting rtpw receiver process... " diff --git a/libs/srtp/test/rtpw_test_gcm.sh b/libs/srtp/test/rtpw_test_gcm.sh index 773400562c..1722f44ea7 100755 --- a/libs/srtp/test/rtpw_test_gcm.sh +++ b/libs/srtp/test/rtpw_test_gcm.sh @@ -41,12 +41,24 @@ case $(uname -s) in *CYGWIN*|*MINGW*) EXE=".exe" ;; - *) + *Linux*) EXE="" + if [ -n "$CRYPTO_LIBDIR" ] + then + export LD_LIBRARY_PATH="$CRYPTO_LIBDIR" + fi + ;; + *Darwin*) + EXE="" + if [ -n "$CRYPTO_LIBDIR" ] + then + export DYLD_LIBRARY_PATH="$CRYPTO_LIBDIR" + fi ;; esac RTPW=./rtpw$EXE +[ -n "$MESON_EXE_WRAPPER" ] && RTPW="$MESON_EXE_WRAPPER $RTPW" DEST_PORT=9999 DURATION=3 @@ -58,7 +70,7 @@ DURATION=3 killall rtpw 2>/dev/null -if test -x $RTPW; then +if test -n $MESON_EXE_WRAPPER || test -x $RTPW; then GCMARGS128="-k 01234567890123456789012345678901234567890123456789012345 -g -e 128" echo $0 ": starting GCM mode 128-bit rtpw receiver process... " diff --git a/libs/srtp/test/srtp_driver.c b/libs/srtp/test/srtp_driver.c index 4ea8fe5302..4355022b66 100644 --- a/libs/srtp/test/srtp_driver.c +++ b/libs/srtp/test/srtp_driver.c @@ -61,13 +61,13 @@ srtp_err_status_t srtp_validate(void); -#ifdef OPENSSL +#ifdef GCM srtp_err_status_t srtp_validate_gcm(void); #endif srtp_err_status_t srtp_validate_encrypted_extensions_headers(void); -#ifdef OPENSSL +#ifdef GCM srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void); #endif @@ -79,7 +79,7 @@ srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list); srtp_err_status_t srtp_test_empty_payload(void); -#ifdef OPENSSL +#ifdef GCM srtp_err_status_t srtp_test_empty_payload_gcm(void); #endif @@ -181,11 +181,12 @@ void log_handler(srtp_log_level_t level, const char *msg, void *data) } /* - * The policy_array is a null-terminated array of policy structs. it - * is declared at the end of this file + * The policy_array and invalid_policy_array are null-terminated arrays of + * policy structs. They is declared at the end of this file. */ extern const srtp_policy_t *policy_array[]; +extern const srtp_policy_t *invalid_policy_array[]; /* the wildcard_policy is declared below; it has a wildcard ssrc */ @@ -302,6 +303,7 @@ int main(int argc, char *argv[]) if (do_validation) { const srtp_policy_t **policy = policy_array; srtp_policy_t *big_policy; + srtp_t srtp_sender; /* loop over policy array, testing srtp and srtcp for each policy */ while (*policy != NULL) { @@ -364,6 +366,21 @@ int main(int argc, char *argv[]) policy++; } + /* loop over invalid policy array, testing that an SRTP context cannot + * be created with the policy */ + policy = invalid_policy_array; + while (*policy != NULL) { + printf("testing srtp_create fails with invalid policy\n"); + if (srtp_create(&srtp_sender, *policy) != srtp_err_status_ok) { + printf("passed\n\n"); + } else { + printf("failed\n"); + exit(1); + } + + policy++; + } + /* create a big policy list and run tests on it */ status = srtp_create_big_policy(&big_policy); if (status) { @@ -422,7 +439,7 @@ int main(int argc, char *argv[]) exit(1); } -#ifdef OPENSSL +#ifdef GCM printf("testing srtp_protect and srtp_unprotect against " "reference packet using GCM\n"); if (srtp_validate_gcm() == srtp_err_status_ok) { @@ -442,7 +459,7 @@ int main(int argc, char *argv[]) exit(1); } -#ifdef OPENSSL +#ifdef GCM printf("testing srtp_protect and srtp_unprotect against " "reference packet with encrypted extension headers (GCM)\n"); if (srtp_validate_encrypted_extensions_headers_gcm() == @@ -478,7 +495,7 @@ int main(int argc, char *argv[]) printf("failed\n"); exit(1); } -#ifdef OPENSSL +#ifdef GCM printf("testing srtp_protect and srtp_unprotect against " "packet with empty payload (GCM)\n"); if (srtp_test_empty_payload_gcm() == srtp_err_status_ok) { @@ -589,7 +606,7 @@ int main(int argc, char *argv[]) policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xdecafbad; policy.key = test_key; - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; @@ -928,12 +945,10 @@ double srtp_rejections_per_second(int msg_len_octets, void err_check(srtp_err_status_t s) { - if (s == srtp_err_status_ok) { - return; - } else { + if (s != srtp_err_status_ok) { fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s); + exit(1); } - exit(1); } srtp_err_status_t srtp_test_call_protect(srtp_t srtp_sender, @@ -1341,6 +1356,8 @@ srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index) */ rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t)); if (rcvr_policy == NULL) { + free(hdr); + free(hdr2); return srtp_err_status_alloc_fail; } memcpy(rcvr_policy, policy, sizeof(srtp_policy_t)); @@ -1606,6 +1623,9 @@ double mips_estimate(int num_trials, int *ignore) sum += i; } t = clock() - t; + if (t < 1) { + t = 1; + } /* printf("%d\n", sum); */ *ignore = sum; @@ -1678,7 +1698,7 @@ srtp_err_status_t srtp_validate() policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key; - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; @@ -1702,7 +1722,7 @@ srtp_err_status_t srtp_validate() debug_print(mod_driver, "ciphertext reference:\n %s", octet_string_hex_string(srtp_ciphertext, len)); - if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) { + if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) { return srtp_err_status_fail; } @@ -1720,7 +1740,7 @@ srtp_err_status_t srtp_validate() debug_print(mod_driver, "srtcp ciphertext reference:\n %s", octet_string_hex_string(srtcp_ciphertext, len)); - if (octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) { + if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) { return srtp_err_status_fail; } @@ -1742,7 +1762,7 @@ srtp_err_status_t srtp_validate() return status; } - if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) { + if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) { return srtp_err_status_fail; } @@ -1755,7 +1775,7 @@ srtp_err_status_t srtp_validate() return status; } - if (octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) { + if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) { return srtp_err_status_fail; } @@ -1772,7 +1792,7 @@ srtp_err_status_t srtp_validate() return srtp_err_status_ok; } -#ifdef OPENSSL +#ifdef GCM /* * srtp_validate_gcm() verifies the correctness of libsrtp by comparing * an computed packet against the known ciphertext for the plaintext. @@ -1846,7 +1866,7 @@ srtp_err_status_t srtp_validate_gcm() policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key_gcm; - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; @@ -1870,7 +1890,7 @@ srtp_err_status_t srtp_validate_gcm() debug_print(mod_driver, "srtp ciphertext reference:\n %s", octet_string_hex_string(srtp_ciphertext, len)); - if (octet_string_is_eq(rtp_plaintext, srtp_ciphertext, len)) { + if (srtp_octet_string_is_eq(rtp_plaintext, srtp_ciphertext, len)) { return srtp_err_status_fail; } @@ -1888,7 +1908,7 @@ srtp_err_status_t srtp_validate_gcm() debug_print(mod_driver, "srtcp ciphertext reference:\n %s", octet_string_hex_string(srtcp_ciphertext, len)); - if (octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) { + if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) { return srtp_err_status_fail; } @@ -1911,7 +1931,7 @@ srtp_err_status_t srtp_validate_gcm() return status; } - if (octet_string_is_eq(srtp_ciphertext, rtp_plaintext_ref, len)) { + if (srtp_octet_string_is_eq(srtp_ciphertext, rtp_plaintext_ref, len)) { return srtp_err_status_fail; } @@ -1924,7 +1944,7 @@ srtp_err_status_t srtp_validate_gcm() return status; } - if (octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) { + if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) { return srtp_err_status_fail; } @@ -2003,7 +2023,7 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers() policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key_ext_headers; - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.enc_xtn_hdr = headers; @@ -2027,7 +2047,7 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers() debug_print(mod_driver, "ciphertext reference:\n %s", srtp_octet_string_hex_string(srtp_ciphertext, len)); - if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) + if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) return srtp_err_status_fail; /* @@ -2049,7 +2069,7 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers() return srtp_err_status_fail; } - if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) + if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) return srtp_err_status_fail; status = srtp_dealloc(srtp_snd); @@ -2063,7 +2083,7 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers() return srtp_err_status_ok; } -#ifdef OPENSSL +#ifdef GCM /* * Headers of test vectors taken from RFC 6904, Appendix A @@ -2124,7 +2144,7 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm() policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key_ext_headers; - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.enc_xtn_hdr = headers; @@ -2148,7 +2168,7 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm() debug_print(mod_driver, "ciphertext reference:\n %s", srtp_octet_string_hex_string(srtp_ciphertext, len)); - if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) + if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) return srtp_err_status_fail; /* @@ -2170,7 +2190,7 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm() return srtp_err_status_fail; } - if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) + if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) return srtp_err_status_fail; status = srtp_dealloc(srtp_snd); @@ -2240,7 +2260,7 @@ srtp_err_status_t srtp_validate_aes_256() policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = aes_256_test_key; - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; @@ -2264,7 +2284,7 @@ srtp_err_status_t srtp_validate_aes_256() debug_print(mod_driver, "ciphertext reference:\n %s", octet_string_hex_string(srtp_ciphertext, len)); - if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) { + if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) { return srtp_err_status_fail; } @@ -2286,7 +2306,7 @@ srtp_err_status_t srtp_validate_aes_256() return status; } - if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) { + if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) { return srtp_err_status_fail; } @@ -2306,7 +2326,8 @@ srtp_err_status_t srtp_validate_aes_256() srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list) { extern const srtp_policy_t *policy_array[]; - srtp_policy_t *p, *tmp; + srtp_policy_t *p = NULL; + srtp_policy_t *tmp; int i = 0; uint32_t ssrc = 0; @@ -2367,7 +2388,7 @@ srtp_err_status_t srtp_test_empty_payload() policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key; - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; @@ -2424,7 +2445,7 @@ srtp_err_status_t srtp_test_empty_payload() return srtp_err_status_ok; } -#ifdef OPENSSL +#ifdef GCM srtp_err_status_t srtp_test_empty_payload_gcm() { srtp_t srtp_snd, srtp_recv; @@ -2443,7 +2464,7 @@ srtp_err_status_t srtp_test_empty_payload_gcm() policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key; - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; @@ -2499,7 +2520,7 @@ srtp_err_status_t srtp_test_empty_payload_gcm() return srtp_err_status_ok; } -#endif // OPENSSL +#endif // GCM srtp_err_status_t srtp_test_remove_stream() { @@ -2568,7 +2589,7 @@ srtp_err_status_t srtp_test_remove_stream() policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key; - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; @@ -2627,7 +2648,7 @@ srtp_err_status_t srtp_test_update() memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; @@ -2783,15 +2804,15 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams( srtp_policy_t policy; srtp_policy_t policy_mki; -#ifdef OPENSSL +#ifdef GCM srtp_policy_t policy_aes_gcm; srtp_policy_t policy_aes_gcm_mki; -#endif // OPENSSL +#endif // GCM memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); - policy.ekt = NULL; + policy.deprecated_ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; @@ -2801,7 +2822,7 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams( memset(&policy_mki, 0, sizeof(policy_mki)); srtp_crypto_policy_set_rtp_default(&policy_mki.rtp); srtp_crypto_policy_set_rtcp_default(&policy_mki.rtcp); - policy_mki.ekt = NULL; + policy_mki.deprecated_ekt = NULL; policy_mki.window_size = 128; policy_mki.allow_repeat_tx = 0; policy_mki.next = NULL; @@ -2810,11 +2831,11 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams( policy_mki.keys = test_keys; policy_mki.num_master_keys = 2; -#ifdef OPENSSL +#ifdef GCM memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm)); srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp); srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp); - policy_aes_gcm.ekt = NULL; + policy_aes_gcm.deprecated_ekt = NULL; policy_aes_gcm.window_size = 128; policy_aes_gcm.allow_repeat_tx = 0; policy_aes_gcm.next = NULL; @@ -2824,7 +2845,7 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams( memset(&policy_aes_gcm_mki, 0, sizeof(policy_aes_gcm_mki)); srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtp); srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtcp); - policy_aes_gcm_mki.ekt = NULL; + policy_aes_gcm_mki.deprecated_ekt = NULL; policy_aes_gcm_mki.window_size = 128; policy_aes_gcm_mki.allow_repeat_tx = 0; policy_aes_gcm_mki.next = NULL; @@ -2832,7 +2853,7 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams( policy_aes_gcm_mki.key = NULL; policy_aes_gcm_mki.keys = test_keys; policy_aes_gcm_mki.num_master_keys = 2; -#endif +#endif // GCM /* create a send ctx with defualt profile and test_key */ status = srtp_create(srtp_send, &policy); @@ -2843,7 +2864,7 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams( if (status) return status; -#ifdef OPENSSL +#ifdef GCM status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm); if (status) return status; @@ -2851,7 +2872,7 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams( status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki); if (status) return status; -#endif // OPENSSL +#endif // GCM return srtp_err_status_ok; } @@ -2884,7 +2905,7 @@ srtp_err_status_t srtp_test_protect_trailer_length() if (length != 14) return srtp_err_status_fail; -#ifdef OPENSSL +#ifdef GCM status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length); if (status) return status; @@ -2901,11 +2922,11 @@ srtp_err_status_t srtp_test_protect_trailer_length() /* TAG Length: 16 bytes + MKI length: 4 bytes*/ if (length != 20) return srtp_err_status_fail; -#endif // OPENSSL +#endif // GCM srtp_dealloc(srtp_send); srtp_dealloc(srtp_send_mki); -#ifdef OPENSSL +#ifdef GCM srtp_dealloc(srtp_send_aes_gcm); srtp_dealloc(srtp_send_aes_gcm_mki); #endif @@ -2941,7 +2962,7 @@ srtp_err_status_t srtp_test_protect_rtcp_trailer_length() if (length != 18) return srtp_err_status_fail; -#ifdef OPENSSL +#ifdef GCM status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length); if (status) @@ -2959,11 +2980,11 @@ srtp_err_status_t srtp_test_protect_rtcp_trailer_length() /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/ if (length != 24) return srtp_err_status_fail; -#endif // OPENSSL +#endif // GCM srtp_dealloc(srtp_send); srtp_dealloc(srtp_send_mki); -#ifdef OPENSSL +#ifdef GCM srtp_dealloc(srtp_send_aes_gcm); srtp_dealloc(srtp_send_aes_gcm_mki); #endif @@ -3088,6 +3109,7 @@ static srtp_err_status_t test_set_receiver_roc(uint32_t packets, if (status) { return status; } + seq++; ts++; } @@ -3500,7 +3522,7 @@ const srtp_policy_t hmac_only_policy = { NULL }; -#ifdef OPENSSL +#ifdef GCM const srtp_policy_t aes128_gcm_8_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { @@ -3724,23 +3746,7 @@ const srtp_policy_t aes_256_hmac_policy = { NULL }; -// clang-format off -uint8_t ekt_test_key[16] = { - 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca, - 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b -}; -// clang-format on - -#include "ekt.h" - -// clang-format off -srtp_ekt_policy_ctx_t ekt_test_policy = { - 0xa5a5, /* SPI */ - SRTP_EKT_CIPHER_AES_128_ECB, - ekt_test_key, - NULL -}; -// clang-format on +char ekt_test_policy = 'x'; const srtp_policy_t hmac_only_with_ekt_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ @@ -3763,7 +3769,7 @@ const srtp_policy_t hmac_only_with_ekt_policy = { NULL, (srtp_master_key_t **)test_keys, 2, /* indicates the number of Master keys */ - &ekt_test_policy, /* indicates that EKT is not in use */ + &ekt_test_policy, /* requests deprecated EKT functionality */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ @@ -3786,7 +3792,7 @@ const srtp_policy_t *policy_array[] = { &hmac_only_policy, &aes_only_policy, &default_policy, -#ifdef OPENSSL +#ifdef GCM &aes128_gcm_8_policy, &aes128_gcm_8_cauth_policy, &aes256_gcm_8_policy, @@ -3794,6 +3800,12 @@ const srtp_policy_t *policy_array[] = { #endif &null_policy, &aes_256_hmac_policy, + NULL +}; +// clang-format on + +// clang-format off +const srtp_policy_t *invalid_policy_array[] = { &hmac_only_with_ekt_policy, NULL }; diff --git a/libs/srtp/test/test_srtp.c b/libs/srtp/test/test_srtp.c index cdc9b5d5b7..0cea1f3c37 100644 --- a/libs/srtp/test/test_srtp.c +++ b/libs/srtp/test/test_srtp.c @@ -43,16 +43,16 @@ * */ -/* - * Test specific. - */ -#include "cutest.h" - /* * libSRTP specific. */ #include "../srtp/srtp.c" // Get access to static functions +/* + * Test specific. + */ +#include "cutest.h" + /* * Standard library. */ @@ -152,14 +152,15 @@ void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number() srtp_session_keys_t session_keys; srtcp_hdr_t header; v128_t output_iv[SAMPLE_COUNT]; - memset(&output_iv, 0, SAMPLE_COUNT * sizeof(v128_t)); uint32_t sequence_num[SAMPLE_COUNT]; + v128_t final_iv[SAMPLE_COUNT]; + size_t i = 0; + memset(&output_iv, 0, SAMPLE_COUNT * sizeof(v128_t)); sequence_num[0] = 0xFF; sequence_num[1] = 0xFF00; sequence_num[2] = 0xFF0000; // Postconditions - v128_t final_iv[SAMPLE_COUNT]; memset(&final_iv, 0, SAMPLE_COUNT * sizeof(v128_t)); final_iv[0].v8[11] = 0xFF; final_iv[1].v8[10] = 0xFF; @@ -170,7 +171,6 @@ void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number() memset(&header, 0, sizeof(srtcp_hdr_t)); // When - size_t i = 0; for (i = 0; i < SAMPLE_COUNT; i++) { TEST_CHECK(srtp_calc_aead_iv_srtcp(&session_keys, &output_iv[i], sequence_num[i], diff --git a/libs/srtp/crypto/replay/ut_sim.c b/libs/srtp/test/ut_sim.c similarity index 95% rename from libs/srtp/crypto/replay/ut_sim.c rename to libs/srtp/test/ut_sim.c index c621c0e9f2..2825b68df9 100644 --- a/libs/srtp/crypto/replay/ut_sim.c +++ b/libs/srtp/test/ut_sim.c @@ -49,10 +49,13 @@ #endif #include "ut_sim.h" +#include "cipher_priv.h" int ut_compar(const void *a, const void *b) { - return rand() > (RAND_MAX / 2) ? -1 : 1; + uint8_t r; + srtp_cipher_rand_for_tests(&r, sizeof(r)); + return r > (UINT8_MAX / 2) ? -1 : 1; } void ut_init(ut_connection *utc) diff --git a/libs/srtp/include/ut_sim.h b/libs/srtp/test/ut_sim.h similarity index 100% rename from libs/srtp/include/ut_sim.h rename to libs/srtp/test/ut_sim.h diff --git a/libs/srtp/test/util.c b/libs/srtp/test/util.c index eb203f4c4a..c0f7614903 100644 --- a/libs/srtp/test/util.c +++ b/libs/srtp/test/util.c @@ -42,12 +42,14 @@ * */ +#include "config.h" #include "util.h" #include <string.h> #include <stdint.h> -char bit_string[MAX_PRINT_STRING_LEN]; +/* include space for null terminator */ +static char bit_string[MAX_PRINT_STRING_LEN + 1]; static inline int hex_char_to_nibble(uint8_t c) { @@ -151,7 +153,7 @@ char *octet_string_hex_string(const void *s, int length) /* truncate string if it would be too long */ if (length > MAX_PRINT_STRING_LEN) { - length = MAX_PRINT_STRING_LEN - 1; + length = MAX_PRINT_STRING_LEN; } for (i = 0; i < length; i += 2) { diff --git a/libs/srtp/undos.sh b/libs/srtp/undos.sh deleted file mode 100755 index db12064968..0000000000 --- a/libs/srtp/undos.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# -# usage: undos <file> -# -# strips CRs from a file - useful when moving DOS-created files -# onto UN*X machines - -cat $1 | tr -d "\r" > $1.tmp -mv $1.tmp $1 -