sync changes from srtp upstream

This commit is contained in:
Michael Jerris 2014-07-08 10:25:52 -04:00
parent ebe4238a7e
commit a99f06dfc6
14 changed files with 156 additions and 56 deletions

View File

@ -29,7 +29,7 @@ The configure script accepts the following options:
--enable-openssl use OpenSSL crypto primitives --enable-openssl use OpenSSL crypto primitives
--gdoi use GDOI key management (disabled at present) --gdoi use GDOI key management (disabled at present)
By default, debbuging is enabled and stdout is used for debugging. By default, debugging is enabled and stdout is used for debugging.
You can use the above configure options to have the debugging output You can use the above configure options to have the debugging output
sent to syslog or the system console. Alternatively, you can define sent to syslog or the system console. Alternatively, you can define
ERR_REPORTING_FILE in include/conf.h to be any other file that can be ERR_REPORTING_FILE in include/conf.h to be any other file that can be
@ -87,15 +87,30 @@ or rtpw -l
which the dictionary will be sent, respectively. which the dictionary will be sent, respectively.
options: options:
-a use message authentication
-e <key size> use encryption (use 128, 192, or 256 for key size) -s (s)rtp sender - causes app to send words
-g Use AES-GCM mode (must be used with -e)
-k <key> sets the srtp master key -r (s)rtp receive - causes app to receive words
-s act as rtp sender
-r act as rtp receiver -k <key> use srtp master key <key>, where the
-l list debug modules key is a hexadecimal value (without the
-d <debug> turn on debugging for module <debug> leading "0x")
-i specify input/output file
-e <keysize> encrypt/decrypt (for data confidentiality)
(requires use of -k option as well)
(use 128, 192, or 256 for keysize)
-g use AES-GCM mode (must be used with -e)
-a message authentication
(requires use of -k option as well)
-l list debug modules
-d <debug> turn on debugging for module <debug>
-i specify input/output file
(instead of using dictionary file)
In order to get random 30-byte values for use as key/salt pairs , you In order to get random 30-byte values for use as key/salt pairs , you
can use the following bash function to format the output of can use the following bash function to format the output of

View File

@ -40,15 +40,14 @@ endif
dummy : all runtest dummy : all runtest
# test applications # test applications
ifneq (1, $(USE_OPENSSL)) ifneq (1, $(USE_OPENSSL))
AES_CALC = test/aes_calc$(EXE) AES_CALC = test/aes_calc$(EXE)
endif endif
testapp = #test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \ testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
#test/stat_driver$(EXE) test/sha1_driver$(EXE) \ test/stat_driver$(EXE) test/sha1_driver$(EXE) \
#test/kernel_driver$(EXE) $(AES_CALC) test/rand_gen$(EXE) \ test/kernel_driver$(EXE) $(AES_CALC) test/rand_gen$(EXE) \
#test/env$(EXE) test/env$(EXE)
# data values used to test the aes_calc application for AES-128 # data values used to test the aes_calc application for AES-128
k128=000102030405060708090a0b0c0d0e0f k128=000102030405060708090a0b0c0d0e0f

View File

@ -395,7 +395,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) { for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) {
/* fill buffer with new keystream */ /* fill buffer with new keystream */
aes_icm_advance_ismacryp(c, (uint8_t)forIsmacryp); aes_icm_advance_ismacryp(c, forIsmacryp);
/* /*
* add keystream into the data buffer (this would be a lot faster * add keystream into the data buffer (this would be a lot faster
@ -443,7 +443,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
if ((bytes_to_encr & 0xf) != 0) { if ((bytes_to_encr & 0xf) != 0) {
/* fill buffer with new keystream */ /* fill buffer with new keystream */
aes_icm_advance_ismacryp(c, (uint8_t)forIsmacryp); aes_icm_advance_ismacryp(c, forIsmacryp);
for (i=0; i < (bytes_to_encr & 0xf); i++) for (i=0; i < (bytes_to_encr & 0xf); i++)
*buf++ ^= c->keystream_buffer.v8[i]; *buf++ ^= c->keystream_buffer.v8[i];
@ -476,6 +476,10 @@ aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) {
return aes_icm_encrypt(c, buffer, &len); return aes_icm_encrypt(c, buffer, &len);
} }
uint16_t
aes_icm_bytes_encrypted(aes_icm_ctx_t *c) {
return htons(c->counter.v16[7]);
}
char char
aes_icm_description[] = "aes integer counter mode"; aes_icm_description[] = "aes integer counter mode";

View File

@ -48,7 +48,6 @@
#include "null_cipher.h" #include "null_cipher.h"
#include "alloc.h" #include "alloc.h"
/* the null_cipher uses the cipher debug module */ /* the null_cipher uses the cipher debug module */
extern debug_module_t mod_cipher; extern debug_module_t mod_cipher;

View File

@ -48,7 +48,6 @@
#include "null_auth.h" #include "null_auth.h"
#include "alloc.h" #include "alloc.h"
/* null_auth uses the auth debug module */ /* null_auth uses the auth debug module */
extern debug_module_t mod_auth; extern debug_module_t mod_auth;

View File

@ -53,5 +53,8 @@ aes_icm_alloc_ismacryp(cipher_t **c,
int key_len, int key_len,
int forIsmacryp); int forIsmacryp);
uint16_t
aes_icm_bytes_encrypted(aes_icm_ctx_t *c);
#endif /* AES_ICM_H */ #endif /* AES_ICM_H */

View File

@ -47,6 +47,7 @@
#include "ut_sim.h" #include "ut_sim.h"
int int
ut_compar(const void *a, const void *b) { ut_compar(const void *a, const void *b) {
return rand() > (RAND_MAX/2) ? -1 : 1; return rand() > (RAND_MAX/2) ? -1 : 1;

View File

@ -83,10 +83,8 @@ ctr_prng_get_octet_string(void *dest, uint32_t len) {
/* /*
* if we need to re-initialize the prng, do so now * if we need to re-initialize the prng, do so now
*
* avoid 32-bit overflows by subtracting instead of adding
*/ */
if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) { if ((aes_icm_bytes_encrypted(&ctr_prng.state) + len) > 0xffff) {
status = ctr_prng_init(ctr_prng.rand); status = ctr_prng_init(ctr_prng.rand);
if (status) if (status)
return status; return status;

View File

@ -36,7 +36,7 @@ main (int argc, char *argv[]) {
uint8_t key[AES_MAX_KEY_LEN]; uint8_t key[AES_MAX_KEY_LEN];
aes_expanded_key_t exp_key; aes_expanded_key_t exp_key;
int key_len, len; int key_len, len;
int verbose; int verbose = 0;
err_status_t status; err_status_t status;
if (argc == 3) { if (argc == 3) {

View File

@ -0,0 +1,76 @@
/*
* Soak test the RNG for exhaustion failures
*/
#include <stdio.h> /* for printf() */
#include <unistd.h> /* for getopt() */
#include "crypto_kernel.h"
#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
int main(int argc, char *argv[])
{
int q;
extern char *optarg;
int num_octets = 0;
err_status_t status;
uint32_t iterations = 0;
int print_values = 0;
if (argc == 1) {
exit(255);
}
status = crypto_kernel_init();
if (status) {
printf("error: crypto_kernel init failed\n");
exit(1);
}
while (1) {
q = getopt(argc, argv, "pvn:");
if (q == -1) {
break;
}
switch (q) {
case 'p':
print_values = 1;
break;
case 'n':
num_octets = atoi(optarg);
if (num_octets < 0 || num_octets > BUF_LEN) {
exit(255);
}
break;
case 'v':
num_octets = 30;
print_values = 0;
break;
default:
exit(255);
}
}
if (num_octets > 0) {
while (iterations < 300000) {
uint8_t buffer[BUF_LEN];
status = crypto_get_random(buffer, num_octets);
if (status) {
printf("iteration %d error: failure in random source\n", iterations);
exit(255);
} else if (print_values) {
printf("%s\n", octet_string_hex_string(buffer, num_octets));
}
iterations++;
}
}
status = crypto_kernel_shutdown();
if (status) {
printf("error: crypto_kernel shutdown failed\n");
exit(1);
}
return 0;
}

Binary file not shown.

View File

@ -47,7 +47,6 @@
#include "srtp_priv.h" #include "srtp_priv.h"
#include "ekt.h" #include "ekt.h"
extern debug_module_t mod_srtp; extern debug_module_t mod_srtp;
/* /*

View File

@ -376,7 +376,7 @@ srtp_kdf_init(srtp_kdf_t *kdf, cipher_type_id_t cipher_id, const uint8_t *key, i
err_status_t err_status_t
srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label,
uint8_t *key, unsigned length) { uint8_t *key, unsigned int length) {
v128_t nonce; v128_t nonce;
err_status_t status; err_status_t status;
@ -841,11 +841,11 @@ static void srtp_calc_aead_iv(srtp_stream_ctx_t *stream, v128_t *iv,
*/ */
static err_status_t static err_status_t
srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream,
void *rtp_hdr, int *pkt_octet_len) void *rtp_hdr, unsigned int *pkt_octet_len)
{ {
srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr; srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *enc_start; /* pointer to start of encrypted portion */
unsigned enc_octet_len = 0; /* number of octets in encrypted portion */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */ int delta; /* delta of local pkt idx and that in hdr */
err_status_t status; err_status_t status;
@ -886,10 +886,10 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream,
srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1); enc_start += (ntohs(xtn_hdr->length) + 1);
} }
if (!(enc_start < (uint32_t*)hdr + *pkt_octet_len)) if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
return err_status_parse_err; return err_status_parse_err;
enc_octet_len = (unsigned int)(*pkt_octet_len - enc_octet_len = (unsigned int)(*pkt_octet_len -
((enc_start - (uint32_t*)hdr) << 2)); ((uint8_t*)enc_start - (uint8_t*)hdr));
/* /*
* estimate the packet index using the start of the replay window * estimate the packet index using the start of the replay window
@ -972,11 +972,11 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream,
*/ */
static err_status_t static err_status_t
srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
xtd_seq_num_t est, void *srtp_hdr, int *pkt_octet_len) xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len)
{ {
srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr; srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *enc_start; /* pointer to start of encrypted portion */
unsigned enc_octet_len = 0; /* number of octets in encrypted portion */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
v128_t iv; v128_t iv;
err_status_t status; err_status_t status;
int tag_len; int tag_len;
@ -1013,13 +1013,13 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1); enc_start += (ntohs(xtn_hdr->length) + 1);
} }
if (!(enc_start < (uint32_t*)hdr + *pkt_octet_len)) if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
return err_status_parse_err; return err_status_parse_err;
/* /*
* We pass the tag down to the cipher when doing GCM mode * We pass the tag down to the cipher when doing GCM mode
*/ */
enc_octet_len = (unsigned int) *pkt_octet_len - enc_octet_len = (unsigned int)(*pkt_octet_len -
((enc_start - (uint32_t *)hdr) << 2); ((uint8_t*)enc_start - (uint8_t*)hdr));
/* /*
* Sanity check the encrypted payload length against * Sanity check the encrypted payload length against
@ -1131,7 +1131,7 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */ uint32_t *auth_start; /* pointer to start of auth. portion */
unsigned enc_octet_len = 0; /* number of octets in encrypted portion */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */ int delta; /* delta of local pkt idx and that in hdr */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
@ -1201,7 +1201,7 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
*/ */
if (stream->rtp_cipher->algorithm == AES_128_GCM || if (stream->rtp_cipher->algorithm == AES_128_GCM ||
stream->rtp_cipher->algorithm == AES_256_GCM) { stream->rtp_cipher->algorithm == AES_256_GCM) {
return srtp_protect_aead(ctx, stream, rtp_hdr, pkt_octet_len); return srtp_protect_aead(ctx, stream, rtp_hdr, (unsigned int*)pkt_octet_len);
} }
/* /*
@ -1238,11 +1238,11 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
if (hdr->x == 1) { if (hdr->x == 1) {
srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1); enc_start += (ntohs(xtn_hdr->length) + 1);
if (!(enc_start < (uint32_t*)hdr + *pkt_octet_len)) if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
return err_status_parse_err; return err_status_parse_err;
} }
enc_octet_len = (unsigned int)(*pkt_octet_len enc_octet_len = (unsigned int)(*pkt_octet_len -
- ((enc_start - (uint32_t *)hdr) << 2)); ((uint8_t*)enc_start - (uint8_t*)hdr));
} else { } else {
enc_start = NULL; enc_start = NULL;
} }
@ -1386,7 +1386,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr; srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */ uint32_t *auth_start; /* pointer to start of auth. portion */
unsigned enc_octet_len = 0;/* number of octets in encrypted portion */ unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */ int delta; /* delta of local pkt idx and that in hdr */
@ -1460,7 +1460,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
*/ */
if (stream->rtp_cipher->algorithm == AES_128_GCM || if (stream->rtp_cipher->algorithm == AES_128_GCM ||
stream->rtp_cipher->algorithm == AES_256_GCM) { stream->rtp_cipher->algorithm == AES_256_GCM) {
return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, pkt_octet_len); return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, (unsigned int*)pkt_octet_len);
} }
/* get tag length from stream */ /* get tag length from stream */
@ -1521,10 +1521,10 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1); enc_start += (ntohs(xtn_hdr->length) + 1);
} }
if (!(enc_start < (uint32_t*)hdr + *pkt_octet_len)) if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
return err_status_parse_err; return err_status_parse_err;
enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len -
- ((enc_start - (uint32_t *)hdr) << 2)); ((uint8_t*)enc_start - (uint8_t*)hdr));
} else { } else {
enc_start = NULL; enc_start = NULL;
} }
@ -2210,12 +2210,12 @@ static void srtp_calc_aead_iv_srtcp(srtp_stream_ctx_t *stream, v128_t *iv,
*/ */
static err_status_t static err_status_t
srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
void *rtcp_hdr, int *pkt_octet_len) void *rtcp_hdr, unsigned int *pkt_octet_len)
{ {
srtcp_hdr_t *hdr = (srtcp_hdr_t*)rtcp_hdr; srtcp_hdr_t *hdr = (srtcp_hdr_t*)rtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *trailer; /* pointer to start of trailer */ uint32_t *trailer; /* pointer to start of trailer */
unsigned enc_octet_len = 0; /* number of octets in encrypted portion */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
err_status_t status; err_status_t status;
int tag_len; int tag_len;
@ -2333,7 +2333,7 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
* Even though we're not encrypting the payload, we need * Even though we're not encrypting the payload, we need
* to run the cipher to get the auth tag. * to run the cipher to get the auth tag.
*/ */
unsigned nolen = 0; unsigned int nolen = 0;
status = cipher_encrypt(stream->rtcp_cipher, NULL, &nolen); status = cipher_encrypt(stream->rtcp_cipher, NULL, &nolen);
if (status) { if (status) {
return err_status_cipher_fail; return err_status_cipher_fail;
@ -2363,12 +2363,12 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
*/ */
static err_status_t static err_status_t
srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
void *srtcp_hdr, int *pkt_octet_len) void *srtcp_hdr, unsigned int *pkt_octet_len)
{ {
srtcp_hdr_t *hdr = (srtcp_hdr_t*)srtcp_hdr; srtcp_hdr_t *hdr = (srtcp_hdr_t*)srtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *trailer; /* pointer to start of trailer */ uint32_t *trailer; /* pointer to start of trailer */
unsigned enc_octet_len = 0; /* number of octets in encrypted portion */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
err_status_t status; err_status_t status;
int tag_len; int tag_len;
@ -2543,7 +2543,7 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */ uint32_t *auth_start; /* pointer to start of auth. portion */
uint32_t *trailer; /* pointer to start of trailer */ uint32_t *trailer; /* pointer to start of trailer */
unsigned enc_octet_len = 0;/* number of octets in encrypted portion */ unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
err_status_t status; err_status_t status;
int tag_len; int tag_len;
@ -2607,7 +2607,7 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
*/ */
if (stream->rtp_cipher->algorithm == AES_128_GCM || if (stream->rtp_cipher->algorithm == AES_128_GCM ||
stream->rtp_cipher->algorithm == AES_256_GCM) { stream->rtp_cipher->algorithm == AES_256_GCM) {
return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, pkt_octet_len); return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, (unsigned int*)pkt_octet_len);
} }
/* get tag length from stream context */ /* get tag length from stream context */
@ -2740,12 +2740,12 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */ uint32_t *auth_start; /* pointer to start of auth. portion */
uint32_t *trailer; /* pointer to start of trailer */ uint32_t *trailer; /* pointer to start of trailer */
unsigned enc_octet_len = 0;/* number of octets in encrypted portion */ unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
uint8_t tag_copy[SRTP_MAX_TAG_LEN]; uint8_t tag_copy[SRTP_MAX_TAG_LEN];
err_status_t status; err_status_t status;
unsigned auth_len; unsigned int auth_len;
int tag_len; int tag_len;
srtp_stream_ctx_t *stream; srtp_stream_ctx_t *stream;
int prefix_len; int prefix_len;
@ -2754,6 +2754,13 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
int sec_serv_confidentiality; /* whether confidentiality was requested */ int sec_serv_confidentiality; /* whether confidentiality was requested */
/* we assume the hdr is 32-bit aligned to start */ /* we assume the hdr is 32-bit aligned to start */
/* check that the length value is sane; we'll check again once we
know the tag length, but we at least want to know that it is
a positive value */
if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t))
return err_status_bad_param;
/* /*
* look up ssrc in srtp_stream list, and process the packet with * look up ssrc in srtp_stream list, and process the packet with
* the appropriate stream. if we haven't seen this stream before, * the appropriate stream. if we haven't seen this stream before,
@ -2796,9 +2803,9 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
/* check the packet length - it must contain at least a full RTCP /* check the packet length - it must contain at least a full RTCP
header, an auth tag (if applicable), and the SRTCP encrypted flag header, an auth tag (if applicable), and the SRTCP encrypted flag
and 31-bit index value */ and 31-bit index value */
if (*pkt_octet_len < (octets_in_rtcp_header + tag_len + if (*pkt_octet_len < (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t))) {
sizeof(srtcp_trailer_t)))
return err_status_bad_param; return err_status_bad_param;
}
/* /*
* Check if this is an AEAD stream (GCM mode). If so, then dispatch * Check if this is an AEAD stream (GCM mode). If so, then dispatch
@ -2806,7 +2813,7 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
*/ */
if (stream->rtp_cipher->algorithm == AES_128_GCM || if (stream->rtp_cipher->algorithm == AES_128_GCM ||
stream->rtp_cipher->algorithm == AES_256_GCM) { stream->rtp_cipher->algorithm == AES_256_GCM) {
return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, pkt_octet_len); return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, (unsigned int*)pkt_octet_len);
} }
sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf || sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf ||

0
libs/srtp/test/rtpw_test_gcm.sh Normal file → Executable file
View File