|
|
|
@ -6,6 +6,7 @@ |
|
|
|
|
|
|
|
#include "str.h" |
|
|
|
#include "crypto.h" |
|
|
|
#include "log.h" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -16,20 +17,24 @@ static inline int check_session_keys(struct crypto_context *c) { |
|
|
|
if (c->have_session_key) |
|
|
|
return 0; |
|
|
|
if (!c->crypto_suite) |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
|
|
|
|
str_init_len(&s, c->session_key, c->crypto_suite->session_key_len); |
|
|
|
if (crypto_gen_session_key(c, &s, 0x00, 6)) |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
str_init_len(&s, c->session_auth_key, c->crypto_suite->srtp_auth_key_len); |
|
|
|
if (crypto_gen_session_key(c, &s, 0x01, 6)) |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
str_init_len(&s, c->session_salt, c->crypto_suite->session_salt_len); |
|
|
|
if (crypto_gen_session_key(c, &s, 0x02, 6)) |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
|
|
|
|
c->have_session_key = 1; |
|
|
|
return 0; |
|
|
|
|
|
|
|
error: |
|
|
|
mylog(LOG_WARNING, "Error generating SRTP session keys"); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
static int rtp_payload(struct rtp_header **out, str *p, const str *s) { |
|
|
|
@ -37,31 +42,35 @@ static int rtp_payload(struct rtp_header **out, str *p, const str *s) { |
|
|
|
struct rtp_extension *ext; |
|
|
|
|
|
|
|
if (s->len < sizeof(*rtp)) |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
|
|
|
|
rtp = (void *) s->s; |
|
|
|
if ((rtp->v_p_x_cc & 0xc0) != 0x80) /* version 2 */ |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
|
|
|
|
*p = *s; |
|
|
|
/* fixed header */ |
|
|
|
str_shift(p, sizeof(*rtp)); |
|
|
|
/* csrc list */ |
|
|
|
if (str_shift(p, (rtp->v_p_x_cc & 0xf) * 4)) |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
|
|
|
|
if ((rtp->v_p_x_cc & 0x10)) { |
|
|
|
/* extension */ |
|
|
|
if (p->len < sizeof(*ext)) |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
ext = (void *) p->s; |
|
|
|
if (str_shift(p, 4 + ntohs(ext->length) * 4)) |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
} |
|
|
|
|
|
|
|
*out = rtp; |
|
|
|
|
|
|
|
return 0; |
|
|
|
|
|
|
|
error: |
|
|
|
mylog(LOG_WARNING, "Error parsing RTP header"); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
static u_int64_t packet_index(struct crypto_context *c, struct rtp_header *rtp) { |
|
|
|
@ -125,7 +134,6 @@ void rtp_append_mki(str *s, struct crypto_context *c) { |
|
|
|
} |
|
|
|
|
|
|
|
/* rfc 3711, section 3.3 */ |
|
|
|
/* XXX some error handling/logging here */ |
|
|
|
int rtp_avp2savp(str *s, struct crypto_context *c) { |
|
|
|
struct rtp_header *rtp; |
|
|
|
str payload, to_auth; |
|
|
|
@ -203,7 +211,7 @@ int srtp_payloads(str *to_auth, str *to_decrypt, str *auth_tag, str *mki, |
|
|
|
*auth_tag = STR_NULL; |
|
|
|
if (auth_len) { |
|
|
|
if (to_decrypt->len < auth_len) |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
|
|
|
|
str_init_len(auth_tag, to_decrypt->s + to_decrypt->len - auth_len, auth_len); |
|
|
|
to_decrypt->len -= auth_len; |
|
|
|
@ -214,7 +222,7 @@ int srtp_payloads(str *to_auth, str *to_decrypt, str *auth_tag, str *mki, |
|
|
|
*mki = STR_NULL; |
|
|
|
if (mki_len) { |
|
|
|
if (to_decrypt->len < mki_len) |
|
|
|
return -1; |
|
|
|
goto error; |
|
|
|
|
|
|
|
if (mki) |
|
|
|
str_init_len(mki, to_decrypt->s - mki_len, mki_len); |
|
|
|
@ -223,4 +231,8 @@ int srtp_payloads(str *to_auth, str *to_decrypt, str *auth_tag, str *mki, |
|
|
|
} |
|
|
|
|
|
|
|
return 0; |
|
|
|
|
|
|
|
error: |
|
|
|
mylog(LOG_WARNING, "Invalid SRTP packet received"); |
|
|
|
return -1; |
|
|
|
} |
Richard Fuchs
13 years ago