|
|
|
@ -10,29 +10,7 @@ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static inline int check_session_key(struct crypto_context *c) { |
|
|
|
str s; |
|
|
|
|
|
|
|
if (c->have_session_key) |
|
|
|
return 0; |
|
|
|
if (!c->crypto_suite) |
|
|
|
return -1; |
|
|
|
|
|
|
|
str_init_len(&s, c->session_key, c->crypto_suite->session_key_len); |
|
|
|
if (crypto_gen_session_key(c, &s, 0x00)) |
|
|
|
return -1; |
|
|
|
str_init_len(&s, c->session_auth_key, c->crypto_suite->srtp_auth_key_len); |
|
|
|
if (crypto_gen_session_key(c, &s, 0x01)) |
|
|
|
return -1; |
|
|
|
str_init_len(&s, c->session_salt, c->crypto_suite->session_salt_len); |
|
|
|
if (crypto_gen_session_key(c, &s, 0x02)) |
|
|
|
return -1; |
|
|
|
|
|
|
|
c->have_session_key = 1; |
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
static int rtp_payload(str *p, str *s) { |
|
|
|
static int rtp_payload(struct rtp_header **out, str *p, const str *s) { |
|
|
|
struct rtp_header *rtp; |
|
|
|
struct rtp_extension *ext; |
|
|
|
|
|
|
|
@ -59,6 +37,8 @@ static int rtp_payload(str *p, str *s) { |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
*out = rtp; |
|
|
|
|
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
@ -94,21 +74,46 @@ static u_int64_t packet_index(struct crypto_context *c, struct rtp_header *rtp) |
|
|
|
return index; |
|
|
|
} |
|
|
|
|
|
|
|
void rtp_append_mki(str *s, struct crypto_context *c) { |
|
|
|
u_int32_t mki_part; |
|
|
|
char *p; |
|
|
|
|
|
|
|
if (!c->mki_len) |
|
|
|
return; |
|
|
|
|
|
|
|
/* RTP_BUFFER_TAIL_ROOM guarantees enough room */ |
|
|
|
p = s->s + s->len; |
|
|
|
memset(p, 0, c->mki_len); |
|
|
|
if (c->mki_len > 4) { |
|
|
|
mki_part = (c->mki & 0xffffffff00000000ULL) >> 32; |
|
|
|
mki_part = htonl(mki_part); |
|
|
|
if (c->mki_len < 8) |
|
|
|
memcpy(p, ((char *) &mki_part) + (8 - c->mki_len), c->mki_len - 4); |
|
|
|
else |
|
|
|
memcpy(p + (c->mki_len - 8), &mki_part, 4); |
|
|
|
} |
|
|
|
mki_part = (c->mki & 0xffffffffULL); |
|
|
|
mki_part = htonl(mki_part); |
|
|
|
if (c->mki_len < 4) |
|
|
|
memcpy(p, ((char *) &mki_part) + (4 - c->mki_len), c->mki_len); |
|
|
|
else |
|
|
|
memcpy(p + (c->mki_len - 4), &mki_part, 4); |
|
|
|
|
|
|
|
s->len += c->mki_len; |
|
|
|
} |
|
|
|
|
|
|
|
/* rfc 3711, section 3.3 */ |
|
|
|
/* XXX some error handling/logging here */ |
|
|
|
int rtp_avp2savp(str *s, struct crypto_context *c) { |
|
|
|
struct rtp_header *rtp; |
|
|
|
str payload, to_auth; |
|
|
|
u_int64_t index; |
|
|
|
char *pl_end; |
|
|
|
u_int32_t mki_part; |
|
|
|
|
|
|
|
if (rtp_payload(&payload, s)) |
|
|
|
if (rtp_payload(&rtp, &payload, s)) |
|
|
|
return -1; |
|
|
|
if (check_session_key(c)) |
|
|
|
if (crypto_check_session_keys(c)) |
|
|
|
return -1; |
|
|
|
|
|
|
|
rtp = (void *) s->s; |
|
|
|
index = packet_index(c, rtp); |
|
|
|
|
|
|
|
/* rfc 3711 section 3.1 */ |
|
|
|
@ -116,38 +121,15 @@ int rtp_avp2savp(str *s, struct crypto_context *c) { |
|
|
|
if (crypto_encrypt_rtp(c, rtp, &payload, index)) |
|
|
|
return -1; |
|
|
|
|
|
|
|
pl_end = s->s + s->len; |
|
|
|
to_auth = *s; |
|
|
|
|
|
|
|
if (c->mki_len) { |
|
|
|
/* RTP_BUFFER_TAIL_ROOM guarantees enough room */ |
|
|
|
memset(pl_end, 0, c->mki_len); |
|
|
|
if (c->mki_len > 4) { |
|
|
|
mki_part = (c->mki & 0xffffffff00000000ULL) >> 32; |
|
|
|
mki_part = htonl(mki_part); |
|
|
|
if (c->mki_len < 8) |
|
|
|
memcpy(pl_end, ((char *) &mki_part) + (8 - c->mki_len), c->mki_len - 4); |
|
|
|
else |
|
|
|
memcpy(pl_end + (c->mki_len - 8), &mki_part, 4); |
|
|
|
} |
|
|
|
mki_part = (c->mki & 0xffffffffULL); |
|
|
|
mki_part = htonl(mki_part); |
|
|
|
if (c->mki_len < 4) |
|
|
|
memcpy(pl_end, ((char *) &mki_part) + (4 - c->mki_len), c->mki_len); |
|
|
|
else |
|
|
|
memcpy(pl_end + (c->mki_len - 4), &mki_part, 4); |
|
|
|
|
|
|
|
pl_end += c->mki_len; |
|
|
|
to_auth.len += c->mki_len; |
|
|
|
} |
|
|
|
rtp_append_mki(s, c); |
|
|
|
|
|
|
|
if (c->crypto_suite->srtp_auth_tag) { |
|
|
|
c->crypto_suite->hash_rtp(c, pl_end, &to_auth, index); |
|
|
|
pl_end += c->crypto_suite->srtp_auth_tag / 8; |
|
|
|
c->crypto_suite->hash_rtp(c, s->s + s->len, &to_auth, index); |
|
|
|
s->len += c->crypto_suite->srtp_auth_tag / 8; |
|
|
|
} |
|
|
|
|
|
|
|
s->len = pl_end - s->s; |
|
|
|
|
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
@ -155,55 +137,68 @@ int rtp_avp2savp(str *s, struct crypto_context *c) { |
|
|
|
int rtp_savp2avp(str *s, struct crypto_context *c) { |
|
|
|
struct rtp_header *rtp; |
|
|
|
u_int64_t index; |
|
|
|
str payload, mki, to_auth; |
|
|
|
char hmac[20], *auth_tag = NULL; |
|
|
|
int i; |
|
|
|
str payload, to_auth, to_decrypt, auth_tag; |
|
|
|
char hmac[20]; |
|
|
|
|
|
|
|
if (rtp_payload(&payload, s)) |
|
|
|
if (rtp_payload(&rtp, &payload, s)) |
|
|
|
return -1; |
|
|
|
if (check_session_key(c)) |
|
|
|
if (crypto_check_session_keys(c)) |
|
|
|
return -1; |
|
|
|
|
|
|
|
rtp = (void *) s->s; |
|
|
|
index = packet_index(c, rtp); |
|
|
|
if (srtp_payloads(&to_auth, &to_decrypt, &auth_tag, NULL, |
|
|
|
c->crypto_suite->srtp_auth_tag, c->mki_len, |
|
|
|
s, &payload)) |
|
|
|
return -1; |
|
|
|
|
|
|
|
/* rfc 3711 section 3.1 */ |
|
|
|
|
|
|
|
to_auth = *s; |
|
|
|
|
|
|
|
if (c->crypto_suite->srtp_auth_tag) { |
|
|
|
i = c->crypto_suite->srtp_auth_tag / 8; |
|
|
|
|
|
|
|
assert(sizeof(hmac) >= i); |
|
|
|
if (payload.len < i) |
|
|
|
if (auth_tag.len) { |
|
|
|
assert(sizeof(hmac) >= auth_tag.len); |
|
|
|
c->crypto_suite->hash_rtp(c, hmac, &to_auth, index); |
|
|
|
if (str_memcmp(&auth_tag, hmac)) |
|
|
|
return -1; |
|
|
|
|
|
|
|
auth_tag = payload.s + payload.len - i; |
|
|
|
payload.len -= i; |
|
|
|
to_auth.len -= i; |
|
|
|
} |
|
|
|
|
|
|
|
if (c->mki_len) { |
|
|
|
if (payload.len < c->mki_len) |
|
|
|
return -1; |
|
|
|
if (crypto_decrypt_rtp(c, rtp, &to_decrypt, index)) |
|
|
|
return -1; |
|
|
|
|
|
|
|
str_init_len(&mki, payload.s - c->mki_len, c->mki_len); |
|
|
|
payload.len -= c->mki_len; |
|
|
|
to_auth.len -= c->mki_len; |
|
|
|
*s = to_auth; |
|
|
|
|
|
|
|
/* ignoring the mki for now */ |
|
|
|
} |
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
if (c->crypto_suite->srtp_auth_tag) { |
|
|
|
c->crypto_suite->hash_rtp(c, hmac, &to_auth, index); |
|
|
|
if (memcmp(hmac, auth_tag, c->crypto_suite->srtp_auth_tag / 8)) |
|
|
|
/* rfc 3711 section 3.1 and 3.4 */ |
|
|
|
int srtp_payloads(str *to_auth, str *to_decrypt, str *auth_tag, str *mki, |
|
|
|
int auth_len, int mki_len, |
|
|
|
const str *packet, const str *payload) |
|
|
|
{ |
|
|
|
auth_len /= 8; /* given in bits */ |
|
|
|
*to_auth = *packet; |
|
|
|
*to_decrypt = *payload; |
|
|
|
/* packet and payload should be identical except for the respective header */ |
|
|
|
assert(to_auth->s + to_auth->len == to_decrypt->s + to_decrypt->len); |
|
|
|
assert(to_decrypt->s >= to_auth->s); |
|
|
|
|
|
|
|
*auth_tag = STR_NULL; |
|
|
|
if (auth_len) { |
|
|
|
if (to_decrypt->len < auth_len) |
|
|
|
return -1; |
|
|
|
|
|
|
|
str_init_len(auth_tag, to_decrypt->s + to_decrypt->len - auth_len, auth_len); |
|
|
|
to_decrypt->len -= auth_len; |
|
|
|
to_auth->len -= auth_len; |
|
|
|
} |
|
|
|
|
|
|
|
if (crypto_decrypt_rtp(c, rtp, &payload, index)) |
|
|
|
return -1; |
|
|
|
if (mki) |
|
|
|
*mki = STR_NULL; |
|
|
|
if (mki_len) { |
|
|
|
if (to_decrypt->len < mki_len) |
|
|
|
return -1; |
|
|
|
|
|
|
|
*s = to_auth; |
|
|
|
if (mki) |
|
|
|
str_init_len(mki, to_decrypt->s - mki_len, mki_len); |
|
|
|
to_decrypt->len -= mki_len; |
|
|
|
to_auth->len -= mki_len; |
|
|
|
} |
|
|
|
|
|
|
|
return 0; |
|
|
|
} |
Richard Fuchs
13 years ago