Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-27 23:02:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1479665: update libsrtp to bb0412ee84ebe3d2916b45b19de72fabb183d9db. r=bwc

Browse Source 
update libsrtp to bb0412ee84ebe3d2916b45b19de72fabb183d9db

Differential Revision: https://phabricator.services.mozilla.com/D5732

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Nils Ohlmeier [:drno] 2018-09-13 14:39:31 +00:00
parent 77d354dda1
commit 88b946bb6b
30 changed files with 3265 additions and 410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
netwerk/srtp/src/crypto/Makefile.in Normal file
View File

@ -0,0 +1,119 @@
# Makefile for crypto test suite
#
# David A. McGrew
# Cisco Systems, Inc.
srcdir = @srcdir@
top_srcdir = @top_srcdir@
top_builddir = @top_builddir@
VPATH = @srcdir@
CC = @CC@
INCDIR = -Iinclude -I$(srcdir)/include -I$(top_srcdir)/include
DEFS = @DEFS@
CPPFLAGS= @CPPFLAGS@
CFLAGS = @CFLAGS@
LIBS = @LIBS@
LDFLAGS = @LDFLAGS@ -L. -L..
COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS)
CRYPTOLIB = -lsrtp2
CRYPTO_LIBDIR = @CRYPTO_LIBDIR@
RANLIB = @RANLIB@
# Specify how tests should find shared libraries on macOS and Linux
#
# macOS purges DYLD_LIBRARY_PATH when spawning subprocesses, so it's
# not possible to pass this in from the outside; we have to specify
# it for any subprocesses we call. No support for dynamic linked
# tests on Windows.
ifneq ($(strip $(CRYPTO_LIBDIR)),)
ifneq ($(OS),Windows_NT)
UNAME_S = $(shell uname -s)
ifeq ($(UNAME_S),Linux)
FIND_LIBRARIES = LD_LIBRARY_PATH=$(CRYPTO_LIBDIR)
endif
ifeq ($(UNAME_S),Darwin)
FIND_LIBRARIES = DYLD_LIBRARY_PATH=$(CRYPTO_LIBDIR)
endif
endif
endif
# EXE defines the suffix on executables - it's .exe for cygwin, and
# null on linux, bsd, and OS X and other OSes. we define this so that
# `make clean` will work on the cygwin platform
EXE = @EXE@
# Random source.
USE_EXTERNAL_CRYPTO = @USE_EXTERNAL_CRYPTO@
ifdef ARCH
DEFS += -D$(ARCH)=1
endif
ifdef sysname
DEFS += -D$(sysname)=1
endif
.PHONY: dummy all runtest clean superclean
dummy : all runtest
# test applications
ifneq (1, $(USE_EXTERNAL_CRYPTO))
AES_CALC = test/aes_calc$(EXE)
endif
testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
test/stat_driver$(EXE) test/sha1_driver$(EXE) \
test/kernel_driver$(EXE) $(AES_CALC) \
test/env$(EXE)
# data values used to test the aes_calc application for AES-128
k128=000102030405060708090a0b0c0d0e0f
p128=00112233445566778899aabbccddeeff
c128=69c4e0d86a7b0430d8cdb78070b4c55a
# data values used to test the aes_calc application for AES-256
k256=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
p256=00112233445566778899aabbccddeeff
c256=8ea2b7ca516745bfeafc49904b496089
runtest: $(testapp)
$(FIND_LIBRARIES) test/env$(EXE) # print out information on the build environment
@echo "running crypto test applications..."
ifneq (1, $(USE_EXTERNAL_CRYPTO))
$(FIND_LIBRARIES) test `test/aes_calc $(k128) $(p128)` = $(c128)
$(FIND_LIBRARIES) test `test/aes_calc $(k256) $(p256)` = $(c256)
endif
$(FIND_LIBRARIES) test/cipher_driver$(EXE) -v >/dev/null
$(FIND_LIBRARIES) test/datatypes_driver$(EXE) -v >/dev/null
$(FIND_LIBRARIES) test/stat_driver$(EXE) >/dev/null
$(FIND_LIBRARIES) test/sha1_driver$(EXE) -v >/dev/null
$(FIND_LIBRARIES) test/kernel_driver$(EXE) -v >/dev/null
@echo "crypto test applications passed."
# the rule for making object files and test apps
%.o: %.c
$(COMPILE) -c $< -o $@
%$(EXE): %.c $(srcdir)/../test/getopt_s.c
$(COMPILE) $(LDFLAGS) $< $(srcdir)/../test/getopt_s.c -o $@ $(CRYPTOLIB) $(LIBS)
all: $(testapp)
# housekeeping functions
clean:
rm -f $(testapp) *.o */*.o
for a in * .* */*; do if [ -f "$$a~" ] ; then rm $$a~; fi; done;
rm -f `find . -name "*.[ch]~*~"`
rm -rf latex
superclean: clean
rm -f *core TAGS ktrace.out
# EOF

596
netwerk/srtp/src/crypto/cipher/aes_gcm_nss.c Normal file
View File

@ -0,0 +1,596 @@
/*
* aes_gcm_nss.c
*
* AES Galois Counter Mode
*
* Richard L. Barnes
* Cisco Systems, Inc.
*
*/
/*
*
* Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "aes_gcm.h"
#include "alloc.h"
#include "err.h" /* for srtp_debug */
#include "crypto_types.h"
#include "cipher_types.h"
#include <nss.h>
#include <secerr.h>
#include <nspr.h>
srtp_debug_module_t srtp_mod_aes_gcm = {
0, /* debugging is off by default */
"aes gcm nss" /* printable module name */
};
/*
* For now we only support 8 and 16 octet tags. The spec allows for
* optional 12 byte tag, which may be supported in the future.
*/
#define GCM_IV_LEN 12
#define GCM_AUTH_TAG_LEN 16
#define GCM_AUTH_TAG_LEN_8 8
/*
* This function allocates a new instance of this crypto engine.
* The key_len parameter should be one of 28 or 44 for
* AES-128-GCM or AES-256-GCM respectively. Note that the
* key length includes the 14 byte salt value that is used when
* initializing the KDF.
*/
static srtp_err_status_t srtp_aes_gcm_nss_alloc(srtp_cipher_t **c,
int key_len,
int tlen)
{
srtp_aes_gcm_ctx_t *gcm;
debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d",
key_len);
debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen);
/*
* Verify the key_len is valid for one of: AES-128/256
*/
if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT &&
key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) {
return (srtp_err_status_bad_param);
}
if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) {
return (srtp_err_status_bad_param);
}
/* Initialize NSS */
if (!NSS_IsInitialized() && NSS_NoDB_Init(NULL) != SECSuccess) {
return (srtp_err_status_cipher_fail);
}
/* allocate memory a cipher of type aes_gcm */
*c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
if (*c == NULL) {
return (srtp_err_status_alloc_fail);
}
gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t));
if (gcm == NULL) {
srtp_crypto_free(*c);
*c = NULL;
return (srtp_err_status_alloc_fail);
}
/* set pointers */
(*c)->state = gcm;
/* setup cipher attributes */
switch (key_len) {
case SRTP_AES_GCM_128_KEY_LEN_WSALT:
(*c)->type = &srtp_aes_gcm_128;
(*c)->algorithm = SRTP_AES_GCM_128;
gcm->key_size = SRTP_AES_128_KEY_LEN;
gcm->tag_size = tlen;
gcm->params.ulTagBits = 8 * tlen;
break;
case SRTP_AES_GCM_256_KEY_LEN_WSALT:
(*c)->type = &srtp_aes_gcm_256;
(*c)->algorithm = SRTP_AES_GCM_256;
gcm->key_size = SRTP_AES_256_KEY_LEN;
gcm->tag_size = tlen;
gcm->params.ulTagBits = 8 * tlen;
break;
default:
/* this should never hit, but to be sure... */
return (srtp_err_status_bad_param);
}
/* set key size and tag size*/
(*c)->key_len = key_len;
return (srtp_err_status_ok);
}
/*
* This function deallocates a GCM session
*/
static srtp_err_status_t srtp_aes_gcm_nss_dealloc(srtp_cipher_t *c)
{
srtp_aes_gcm_ctx_t *ctx;
ctx = (srtp_aes_gcm_ctx_t *)c->state;
if (ctx) {
/* release NSS resources */
if (ctx->key) {
PK11_FreeSymKey(ctx->key);
}
/* zeroize the key material */
octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t));
srtp_crypto_free(ctx);
}
/* free memory */
srtp_crypto_free(c);
return (srtp_err_status_ok);
}
/*
* aes_gcm_nss_context_init(...) initializes the aes_gcm_context
* using the value in key[].
*
* the key is the secret key
*/
static srtp_err_status_t srtp_aes_gcm_nss_context_init(void *cv,
const uint8_t *key)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
c->dir = srtp_direction_any;
debug_print(srtp_mod_aes_gcm, "key: %s",
srtp_octet_string_hex_string(key, c->key_size));
if (c->key) {
PK11_FreeSymKey(c->key);
c->key = NULL;
}
PK11SlotInfo *slot = PK11_GetBestSlot(CKM_AES_GCM, NULL);
if (!slot) {
return (srtp_err_status_cipher_fail);
}
SECItem key_item = { siBuffer, (unsigned char *)key, c->key_size };
c->key = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap,
CKA_ENCRYPT, &key_item, NULL);
PK11_FreeSlot(slot);
if (!c->key) {
return (srtp_err_status_cipher_fail);
}
return (srtp_err_status_ok);
}
/*
* aes_gcm_nss_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
static srtp_err_status_t srtp_aes_gcm_nss_set_iv(
void *cv,
uint8_t *iv,
srtp_cipher_direction_t direction)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
if (direction != srtp_direction_encrypt &&
direction != srtp_direction_decrypt) {
return (srtp_err_status_bad_param);
}
c->dir = direction;
debug_print(srtp_mod_aes_gcm, "setting iv: %s",
srtp_octet_string_hex_string(iv, GCM_IV_LEN));
memcpy(c->iv, iv, GCM_IV_LEN);
return (srtp_err_status_ok);
}
/*
* This function processes the AAD
*
* Parameters:
* c Crypto context
* aad Additional data to process for AEAD cipher suites
* aad_len length of aad buffer
*/
static srtp_err_status_t srtp_aes_gcm_nss_set_aad(void *cv,
const uint8_t *aad,
uint32_t aad_len)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
debug_print(srtp_mod_aes_gcm, "setting AAD: %s",
srtp_octet_string_hex_string(aad, aad_len));
if (aad_len + c->aad_size > MAX_AD_SIZE) {
return srtp_err_status_bad_param;
}
memcpy(c->aad + c->aad_size, aad, aad_len);
c->aad_size += aad_len;
return (srtp_err_status_ok);
}
static srtp_err_status_t srtp_aes_gcm_nss_do_crypto(void *cv,
int encrypt,
unsigned char *buf,
unsigned int *enc_len)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
c->params.pIv = c->iv;
c->params.ulIvLen = GCM_IV_LEN;
c->params.pAAD = c->aad;
c->params.ulAADLen = c->aad_size;
// Reset AAD
c->aad_size = 0;
int rv;
SECItem param = { siBuffer, (unsigned char *)&c->params,
sizeof(CK_GCM_PARAMS) };
if (encrypt) {
rv = PK11_Encrypt(c->key, CKM_AES_GCM, &param, buf, enc_len,
*enc_len + 16, buf, *enc_len);
} else {
rv = PK11_Decrypt(c->key, CKM_AES_GCM, &param, buf, enc_len, *enc_len,
buf, *enc_len);
}
srtp_err_status_t status = (srtp_err_status_ok);
if (rv != SECSuccess) {
status = (srtp_err_status_cipher_fail);
}
return status;
}
/*
* This function encrypts a buffer using AES GCM mode
*
* XXX(rlb@ipv.sx): We're required to break off and cache the tag
* here, because the get_tag() method is separate and the tests expect
* encrypt() not to change the size of the plaintext. It might be
* good to update the calling API so that this is cleaner.
*
* Parameters:
* c Crypto context
* buf data to encrypt
* enc_len length of encrypt buffer
*/
static srtp_err_status_t srtp_aes_gcm_nss_encrypt(void *cv,
unsigned char *buf,
unsigned int *enc_len)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
// When we get a non-NULL buffer, we know that the caller is
// prepared to also take the tag. When we get a NULL buffer,
// even though there's no data, we need to give NSS a buffer
// where it can write the tag. We can't just use c->tag because
// memcpy has undefined behavior on overlapping ranges.
unsigned char tagbuf[16];
unsigned char *non_null_buf = buf;
if (!non_null_buf && (*enc_len == 0)) {
non_null_buf = tagbuf;
} else if (!non_null_buf) {
return srtp_err_status_bad_param;
}
srtp_err_status_t status =
srtp_aes_gcm_nss_do_crypto(cv, 1, non_null_buf, enc_len);
if (status != srtp_err_status_ok) {
return status;
}
memcpy(c->tag, non_null_buf + (*enc_len - c->tag_size), c->tag_size);
*enc_len -= c->tag_size;
return srtp_err_status_ok;
}
/*
* This function calculates and returns the GCM tag for a given context.
* This should be called after encrypting the data. The *len value
* is increased by the tag size. The caller must ensure that *buf has
* enough room to accept the appended tag.
*
* Parameters:
* c Crypto context
* buf data to encrypt
* len length of encrypt buffer
*/
static srtp_err_status_t srtp_aes_gcm_nss_get_tag(void *cv,
uint8_t *buf,
uint32_t *len)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
*len = c->tag_size;
memcpy(buf, c->tag, c->tag_size);
return (srtp_err_status_ok);
}
/*
* This function decrypts a buffer using AES GCM mode
*
* Parameters:
* c Crypto context
* buf data to encrypt
* enc_len length of encrypt buffer
*/
static srtp_err_status_t srtp_aes_gcm_nss_decrypt(void *cv,
unsigned char *buf,
unsigned int *enc_len)
{
srtp_err_status_t status = srtp_aes_gcm_nss_do_crypto(cv, 0, buf, enc_len);
if (status != srtp_err_status_ok) {
int err = PR_GetError();
if (err == SEC_ERROR_BAD_DATA) {
status = srtp_err_status_auth_fail;
}
}
return status;
}
/*
* Name of this crypto engine
*/
static const char srtp_aes_gcm_128_nss_description[] = "AES-128 GCM using NSS";
static const char srtp_aes_gcm_256_nss_description[] = "AES-256 GCM using NSS";
/*
* KAT values for AES self-test. These
* values we're derived from independent test code
* using OpenSSL.
*/
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c,
};
/* clang-format on */
/* clang-format off */
static uint8_t srtp_aes_gcm_test_case_0_iv[12] = {
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = {
0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91,
/* the last 16 bytes are the tag */
0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47,
};
/* clang-format on */
static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = {
SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */
srtp_aes_gcm_test_case_0_key, /* key */
srtp_aes_gcm_test_case_0_iv, /* packet index */
60, /* octets in plaintext */
srtp_aes_gcm_test_case_0_plaintext, /* plaintext */
68, /* octets in ciphertext */
srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
20, /* octets in AAD */
srtp_aes_gcm_test_case_0_aad, /* AAD */
GCM_AUTH_TAG_LEN_8, /* */
NULL /* pointer to next testcase */
};
static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = {
SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */
srtp_aes_gcm_test_case_0_key, /* key */
srtp_aes_gcm_test_case_0_iv, /* packet index */
60, /* octets in plaintext */
srtp_aes_gcm_test_case_0_plaintext, /* plaintext */
76, /* octets in ciphertext */
srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
20, /* octets in AAD */
srtp_aes_gcm_test_case_0_aad, /* AAD */
GCM_AUTH_TAG_LEN, /* */
&srtp_aes_gcm_test_case_0a /* pointer to next testcase */
};
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c,
0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c,
};
/* clang-format on */
/* clang-format off */
static uint8_t srtp_aes_gcm_test_case_1_iv[12] = {
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = {
0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46,
0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a,
0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86,
0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a,
0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9,
0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80,
0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10,
0x09, 0xc9, 0x86, 0xc1,
/* the last 16 bytes are the tag */
0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f,
0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d,
};
/* clang-format on */
static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = {
SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */
srtp_aes_gcm_test_case_1_key, /* key */
srtp_aes_gcm_test_case_1_iv, /* packet index */
60, /* octets in plaintext */
srtp_aes_gcm_test_case_1_plaintext, /* plaintext */
68, /* octets in ciphertext */
srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
20, /* octets in AAD */
srtp_aes_gcm_test_case_1_aad, /* AAD */
GCM_AUTH_TAG_LEN_8, /* */
NULL /* pointer to next testcase */
};
static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = {
SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */
srtp_aes_gcm_test_case_1_key, /* key */
srtp_aes_gcm_test_case_1_iv, /* packet index */
60, /* octets in plaintext */
srtp_aes_gcm_test_case_1_plaintext, /* plaintext */
76, /* octets in ciphertext */
srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
20, /* octets in AAD */
srtp_aes_gcm_test_case_1_aad, /* AAD */
GCM_AUTH_TAG_LEN, /* */
&srtp_aes_gcm_test_case_1a /* pointer to next testcase */
};
/*
* This is the vector function table for this crypto engine.
*/
/* clang-format off */
const srtp_cipher_type_t srtp_aes_gcm_128 = {
srtp_aes_gcm_nss_alloc,
srtp_aes_gcm_nss_dealloc,
srtp_aes_gcm_nss_context_init,
srtp_aes_gcm_nss_set_aad,
srtp_aes_gcm_nss_encrypt,
srtp_aes_gcm_nss_decrypt,
srtp_aes_gcm_nss_set_iv,
srtp_aes_gcm_nss_get_tag,
srtp_aes_gcm_128_nss_description,
&srtp_aes_gcm_test_case_0,
SRTP_AES_GCM_128
};
/* clang-format on */
/*
* This is the vector function table for this crypto engine.
*/
/* clang-format off */
const srtp_cipher_type_t srtp_aes_gcm_256 = {
srtp_aes_gcm_nss_alloc,
srtp_aes_gcm_nss_dealloc,
srtp_aes_gcm_nss_context_init,
srtp_aes_gcm_nss_set_aad,
srtp_aes_gcm_nss_encrypt,
srtp_aes_gcm_nss_decrypt,
srtp_aes_gcm_nss_set_iv,
srtp_aes_gcm_nss_get_tag,
srtp_aes_gcm_256_nss_description,
&srtp_aes_gcm_test_case_1,
SRTP_AES_GCM_256
};
/* clang-format on */

582
netwerk/srtp/src/crypto/cipher/aes_gcm_ossl.c Normal file
View File

@ -0,0 +1,582 @@
/*
* aes_gcm_ossl.c
*
* AES Galois Counter Mode
*
* John A. Foley
* Cisco Systems, Inc.
*
*/
/*
*
* Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <openssl/evp.h>
#include "aes_gcm.h"
#include "alloc.h"
#include "err.h" /* for srtp_debug */
#include "crypto_types.h"
#include "cipher_types.h"
srtp_debug_module_t srtp_mod_aes_gcm = {
0, /* debugging is off by default */
"aes gcm" /* printable module name */
};
/*
* For now we only support 8 and 16 octet tags. The spec allows for
* optional 12 byte tag, which may be supported in the future.
*/
#define GCM_AUTH_TAG_LEN 16
#define GCM_AUTH_TAG_LEN_8 8
/*
* This function allocates a new instance of this crypto engine.
* The key_len parameter should be one of 28 or 44 for
* AES-128-GCM or AES-256-GCM respectively. Note that the
* key length includes the 14 byte salt value that is used when
* initializing the KDF.
*/
static srtp_err_status_t srtp_aes_gcm_openssl_alloc(srtp_cipher_t **c,
int key_len,
int tlen)
{
srtp_aes_gcm_ctx_t *gcm;
debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d",
key_len);
debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen);
/*
* Verify the key_len is valid for one of: AES-128/256
*/
if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT &&
key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) {
return (srtp_err_status_bad_param);
}
if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) {
return (srtp_err_status_bad_param);
}
/* allocate memory a cipher of type aes_gcm */
*c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
if (*c == NULL) {
return (srtp_err_status_alloc_fail);
}
gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t));
if (gcm == NULL) {
srtp_crypto_free(*c);
*c = NULL;
return (srtp_err_status_alloc_fail);
}
gcm->ctx = EVP_CIPHER_CTX_new();
if (gcm->ctx == NULL) {
srtp_crypto_free(gcm);
srtp_crypto_free(*c);
*c = NULL;
return srtp_err_status_alloc_fail;
}
/* set pointers */
(*c)->state = gcm;
/* setup cipher attributes */
switch (key_len) {
case SRTP_AES_GCM_128_KEY_LEN_WSALT:
(*c)->type = &srtp_aes_gcm_128;
(*c)->algorithm = SRTP_AES_GCM_128;
gcm->key_size = SRTP_AES_128_KEY_LEN;
gcm->tag_len = tlen;
break;
case SRTP_AES_GCM_256_KEY_LEN_WSALT:
(*c)->type = &srtp_aes_gcm_256;
(*c)->algorithm = SRTP_AES_GCM_256;
gcm->key_size = SRTP_AES_256_KEY_LEN;
gcm->tag_len = tlen;
break;
}
/* set key size */
(*c)->key_len = key_len;
return (srtp_err_status_ok);
}
/*
* This function deallocates a GCM session
*/
static srtp_err_status_t srtp_aes_gcm_openssl_dealloc(srtp_cipher_t *c)
{
srtp_aes_gcm_ctx_t *ctx;
ctx = (srtp_aes_gcm_ctx_t *)c->state;
if (ctx) {
EVP_CIPHER_CTX_free(ctx->ctx);
/* zeroize the key material */
octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t));
srtp_crypto_free(ctx);
}
/* free memory */
srtp_crypto_free(c);
return (srtp_err_status_ok);
}
/*
* aes_gcm_openssl_context_init(...) initializes the aes_gcm_context
* using the value in key[].
*
* the key is the secret key
*/
static srtp_err_status_t srtp_aes_gcm_openssl_context_init(void *cv,
const uint8_t *key)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
const EVP_CIPHER *evp;
c->dir = srtp_direction_any;
debug_print(srtp_mod_aes_gcm, "key: %s",
srtp_octet_string_hex_string(key, c->key_size));
switch (c->key_size) {
case SRTP_AES_256_KEY_LEN:
evp = EVP_aes_256_gcm();
break;
case SRTP_AES_128_KEY_LEN:
evp = EVP_aes_128_gcm();
break;
default:
return (srtp_err_status_bad_param);
break;
}
if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) {
return (srtp_err_status_init_fail);
}
return (srtp_err_status_ok);
}
/*
* aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
static srtp_err_status_t srtp_aes_gcm_openssl_set_iv(
void *cv,
uint8_t *iv,
srtp_cipher_direction_t direction)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
if (direction != srtp_direction_encrypt &&
direction != srtp_direction_decrypt) {
return (srtp_err_status_bad_param);
}
c->dir = direction;
debug_print(srtp_mod_aes_gcm, "setting iv: %s",
srtp_octet_string_hex_string(iv, 12));
if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
return (srtp_err_status_init_fail);
}
if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL, iv,
(c->dir == srtp_direction_encrypt ? 1 : 0))) {
return (srtp_err_status_init_fail);
}
return (srtp_err_status_ok);
}
/*
* This function processes the AAD
*
* Parameters:
* c Crypto context
* aad Additional data to process for AEAD cipher suites
* aad_len length of aad buffer
*/
static srtp_err_status_t srtp_aes_gcm_openssl_set_aad(void *cv,
const uint8_t *aad,
uint32_t aad_len)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
int rv;
debug_print(srtp_mod_aes_gcm, "setting AAD: %s",
srtp_octet_string_hex_string(aad, aad_len));
/*
* Set dummy tag, OpenSSL requires the Tag to be set before
* processing AAD
*/
/*
* OpenSSL never write to address pointed by the last parameter of
* EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality,
* OpenSSL copy its content to the context), so we can make
* aad read-only in this function and all its wrappers.
*/
unsigned char dummy_tag[GCM_AUTH_TAG_LEN];
memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN);
EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag);
rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
if (rv != aad_len) {
return (srtp_err_status_algo_fail);
} else {
return (srtp_err_status_ok);
}
}
/*
* This function encrypts a buffer using AES GCM mode
*
* Parameters:
* c Crypto context
* buf data to encrypt
* enc_len length of encrypt buffer
*/
static srtp_err_status_t srtp_aes_gcm_openssl_encrypt(void *cv,
unsigned char *buf,
unsigned int *enc_len)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) {
return (srtp_err_status_bad_param);
}
/*
* Encrypt the data
*/
EVP_Cipher(c->ctx, buf, buf, *enc_len);
return (srtp_err_status_ok);
}
/*
* This function calculates and returns the GCM tag for a given context.
* This should be called after encrypting the data. The *len value
* is increased by the tag size. The caller must ensure that *buf has
* enough room to accept the appended tag.
*
* Parameters:
* c Crypto context
* buf data to encrypt
* len length of encrypt buffer
*/
static srtp_err_status_t srtp_aes_gcm_openssl_get_tag(void *cv,
uint8_t *buf,
uint32_t *len)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
/*
* Calculate the tag
*/
EVP_Cipher(c->ctx, NULL, NULL, 0);
/*
* Retreive the tag
*/
EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
/*
* Increase encryption length by desired tag size
*/
*len = c->tag_len;
return (srtp_err_status_ok);
}
/*
* This function decrypts a buffer using AES GCM mode
*
* Parameters:
* c Crypto context
* buf data to encrypt
* enc_len length of encrypt buffer
*/
static srtp_err_status_t srtp_aes_gcm_openssl_decrypt(void *cv,
unsigned char *buf,
unsigned int *enc_len)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) {
return (srtp_err_status_bad_param);
}
/*
* Set the tag before decrypting
*/
EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
buf + (*enc_len - c->tag_len));
EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
/*
* Check the tag
*/
if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
return (srtp_err_status_auth_fail);
}
/*
* Reduce the buffer size by the tag length since the tag
* is not part of the original payload
*/
*enc_len -= c->tag_len;
return (srtp_err_status_ok);
}
/*
* Name of this crypto engine
*/
static const char srtp_aes_gcm_128_openssl_description[] =
"AES-128 GCM using openssl";
static const char srtp_aes_gcm_256_openssl_description[] =
"AES-256 GCM using openssl";
/*
* KAT values for AES self-test. These
* values we're derived from independent test code
* using OpenSSL.
*/
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c,
};
/* clang-format on */
/* clang-format off */
static uint8_t srtp_aes_gcm_test_case_0_iv[12] = {
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = {
0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91,
/* the last 16 bytes are the tag */
0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47,
};
/* clang-format on */
static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = {
SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */
srtp_aes_gcm_test_case_0_key, /* key */
srtp_aes_gcm_test_case_0_iv, /* packet index */
60, /* octets in plaintext */
srtp_aes_gcm_test_case_0_plaintext, /* plaintext */
68, /* octets in ciphertext */
srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
20, /* octets in AAD */
srtp_aes_gcm_test_case_0_aad, /* AAD */
GCM_AUTH_TAG_LEN_8, /* */
NULL /* pointer to next testcase */
};
static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = {
SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */
srtp_aes_gcm_test_case_0_key, /* key */
srtp_aes_gcm_test_case_0_iv, /* packet index */
60, /* octets in plaintext */
srtp_aes_gcm_test_case_0_plaintext, /* plaintext */
76, /* octets in ciphertext */
srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
20, /* octets in AAD */
srtp_aes_gcm_test_case_0_aad, /* AAD */
GCM_AUTH_TAG_LEN, /* */
&srtp_aes_gcm_test_case_0a /* pointer to next testcase */
};
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c,
0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c,
};
/* clang-format on */
/* clang-format off */
static uint8_t srtp_aes_gcm_test_case_1_iv[12] = {
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = {
0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46,
0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a,
0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86,
0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a,
0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9,
0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80,
0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10,
0x09, 0xc9, 0x86, 0xc1,
/* the last 16 bytes are the tag */
0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f,
0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d,
};
/* clang-format on */
static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = {
SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */
srtp_aes_gcm_test_case_1_key, /* key */
srtp_aes_gcm_test_case_1_iv, /* packet index */
60, /* octets in plaintext */
srtp_aes_gcm_test_case_1_plaintext, /* plaintext */
68, /* octets in ciphertext */
srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
20, /* octets in AAD */
srtp_aes_gcm_test_case_1_aad, /* AAD */
GCM_AUTH_TAG_LEN_8, /* */
NULL /* pointer to next testcase */
};
static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = {
SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */
srtp_aes_gcm_test_case_1_key, /* key */
srtp_aes_gcm_test_case_1_iv, /* packet index */
60, /* octets in plaintext */
srtp_aes_gcm_test_case_1_plaintext, /* plaintext */
76, /* octets in ciphertext */
srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
20, /* octets in AAD */
srtp_aes_gcm_test_case_1_aad, /* AAD */
GCM_AUTH_TAG_LEN, /* */
&srtp_aes_gcm_test_case_1a /* pointer to next testcase */
};
/*
* This is the vector function table for this crypto engine.
*/
const srtp_cipher_type_t srtp_aes_gcm_128 = {
srtp_aes_gcm_openssl_alloc,
srtp_aes_gcm_openssl_dealloc,
srtp_aes_gcm_openssl_context_init,
srtp_aes_gcm_openssl_set_aad,
srtp_aes_gcm_openssl_encrypt,
srtp_aes_gcm_openssl_decrypt,
srtp_aes_gcm_openssl_set_iv,
srtp_aes_gcm_openssl_get_tag,
srtp_aes_gcm_128_openssl_description,
&srtp_aes_gcm_test_case_0,
SRTP_AES_GCM_128
};
/*
* This is the vector function table for this crypto engine.
*/
const srtp_cipher_type_t srtp_aes_gcm_256 = {
srtp_aes_gcm_openssl_alloc,
srtp_aes_gcm_openssl_dealloc,
srtp_aes_gcm_openssl_context_init,
srtp_aes_gcm_openssl_set_aad,
srtp_aes_gcm_openssl_encrypt,
srtp_aes_gcm_openssl_decrypt,
srtp_aes_gcm_openssl_set_iv,
srtp_aes_gcm_openssl_get_tag,
srtp_aes_gcm_256_openssl_description,
&srtp_aes_gcm_test_case_1,
SRTP_AES_GCM_256
};

1
netwerk/srtp/src/crypto/cipher/aes_icm.c
View File

@ -121,6 +121,7 @@ static srtp_err_status_t srtp_aes_icm_alloc(srtp_cipher_t **c,
icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
if (icm == NULL) {
srtp_crypto_free(*c);
*c = NULL;
return srtp_err_status_alloc_fail;
}

550
netwerk/srtp/src/crypto/cipher/aes_icm_nss.c Normal file
View File

@ -0,0 +1,550 @@
/*
* aes_icm_nss.c
*
* AES Integer Counter Mode
*
* Richard L. Barnes
* Cisco Systems, Inc.
*/
/*
*
* Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "aes_icm_ext.h"
#include "crypto_types.h"
#include "err.h" /* for srtp_debug */
#include "alloc.h"
#include "cipher_types.h"
#include <nss.h>
srtp_debug_module_t srtp_mod_aes_icm = {
0, /* debugging is off by default */
"aes icm nss" /* printable module name */
};
/*
* integer counter mode works as follows:
*
* 16 bits
* <----->
* +------+------+------+------+------+------+------+------+
* | nonce | packet index | ctr |---+
* +------+------+------+------+------+------+------+------+ |
* |
* +------+------+------+------+------+------+------+------+ v
* | salt |000000|->(+)
* +------+------+------+------+------+------+------+------+ |
* |
* +---------+
* | encrypt |
* +---------+
* |
* +------+------+------+------+------+------+------+------+ |
* | keystream block |<--+
* +------+------+------+------+------+------+------+------+
*
* All fields are big-endian
*
* ctr is the block counter, which increments from zero for
* each packet (16 bits wide)
*
* packet index is distinct for each packet (48 bits wide)
*
* nonce can be distinct across many uses of the same key, or
* can be a fixed value per key, or can be per-packet randomness
* (64 bits)
*
*/
/*
* This function allocates a new instance of this crypto engine.
* The key_len parameter should be one of 30, 38, or 46 for
* AES-128, AES-192, and AES-256 respectively. Note, this key_len
* value is inflated, as it also accounts for the 112 bit salt
* value. The tlen argument is for the AEAD tag length, which
* isn't used in counter mode.
*/
static srtp_err_status_t srtp_aes_icm_nss_alloc(srtp_cipher_t **c,
int key_len,
int tlen)
{
srtp_aes_icm_ctx_t *icm;
debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d",
key_len);
/*
* Verify the key_len is valid for one of: AES-128/192/256
*/
if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT &&
key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT &&
key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
return srtp_err_status_bad_param;
}
/* Initialize NSS */
if (!NSS_IsInitialized() && NSS_NoDB_Init(NULL) != SECSuccess) {
return (srtp_err_status_cipher_fail);
}
/* allocate memory a cipher of type aes_icm */
*c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
if (*c == NULL) {
return srtp_err_status_alloc_fail;
}
icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
if (icm == NULL) {
srtp_crypto_free(*c);
*c = NULL;
return srtp_err_status_alloc_fail;
}
icm->key = NULL;
icm->ctx = NULL;
/* set pointers */
(*c)->state = icm;
/* setup cipher parameters */
switch (key_len) {
case SRTP_AES_ICM_128_KEY_LEN_WSALT:
(*c)->algorithm = SRTP_AES_ICM_128;
(*c)->type = &srtp_aes_icm_128;
icm->key_size = SRTP_AES_128_KEY_LEN;
break;
case SRTP_AES_ICM_192_KEY_LEN_WSALT:
(*c)->algorithm = SRTP_AES_ICM_192;
(*c)->type = &srtp_aes_icm_192;
icm->key_size = SRTP_AES_192_KEY_LEN;
break;
case SRTP_AES_ICM_256_KEY_LEN_WSALT:
(*c)->algorithm = SRTP_AES_ICM_256;
(*c)->type = &srtp_aes_icm_256;
icm->key_size = SRTP_AES_256_KEY_LEN;
break;
}
/* set key size */
(*c)->key_len = key_len;
return srtp_err_status_ok;
}
/*
* This function deallocates an instance of this engine
*/
static srtp_err_status_t srtp_aes_icm_nss_dealloc(srtp_cipher_t *c)
{
srtp_aes_icm_ctx_t *ctx;
ctx = (srtp_aes_icm_ctx_t *)c->state;
if (ctx) {
/* free any PK11 values that have been created */
if (ctx->key) {
PK11_FreeSymKey(ctx->key);
ctx->key = NULL;
}
if (ctx->ctx) {
PK11_DestroyContext(ctx->ctx, PR_TRUE);
ctx->ctx = NULL;
}
/* zeroize everything */
octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
srtp_crypto_free(ctx);
}
/* free memory */
srtp_crypto_free(c);
return (srtp_err_status_ok);
}
/*
* aes_icm_nss_context_init(...) initializes the aes_icm_context
* using the value in key[].
*
* the key is the secret key
*
* the salt is unpredictable (but not necessarily secret) data which
* randomizes the starting point in the keystream
*/
static srtp_err_status_t srtp_aes_icm_nss_context_init(void *cv,
const uint8_t *key)
{
srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
/*
* set counter and initial values to 'offset' value, being careful not to
* go past the end of the key buffer
*/
v128_set_to_zero(&c->counter);
v128_set_to_zero(&c->offset);
memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN);
memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN);
/* force last two octets of the offset to zero (for srtp compatibility) */
c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0;
c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0;
debug_print(srtp_mod_aes_icm, "key: %s",
srtp_octet_string_hex_string(key, c->key_size));
debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
if (c->key) {
PK11_FreeSymKey(c->key);
c->key = NULL;
}
PK11SlotInfo *slot = PK11_GetBestSlot(CKM_AES_CTR, NULL);
if (!slot) {
return srtp_err_status_bad_param;
}
SECItem keyItem = { siBuffer, (unsigned char *)key, c->key_size };
c->key = PK11_ImportSymKey(slot, CKM_AES_CTR, PK11_OriginUnwrap,
CKA_ENCRYPT, &keyItem, NULL);
PK11_FreeSlot(slot);
if (!c->key) {
return srtp_err_status_cipher_fail;
}
return (srtp_err_status_ok);
}
/*
* aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
static srtp_err_status_t srtp_aes_icm_nss_set_iv(void *cv,
uint8_t *iv,
srtp_cipher_direction_t dir)
{
srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
v128_t nonce;
/* set nonce (for alignment) */
v128_copy_octet_string(&nonce, iv);
debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
v128_xor(&c->counter, &c->offset, &nonce);
debug_print(srtp_mod_aes_icm, "set_counter: %s",
v128_hex_string(&c->counter));
/* set up the PK11 context now that we have all the info */
CK_AES_CTR_PARAMS param;
param.ulCounterBits = 16;
memcpy(param.cb, &c->counter, 16);
if (!c->key) {
return srtp_err_status_bad_param;
}
if (c->ctx) {
PK11_DestroyContext(c->ctx, PR_TRUE);
}
SECItem paramItem = { siBuffer, (unsigned char *)&param,
sizeof(CK_AES_CTR_PARAMS) };
c->ctx = PK11_CreateContextBySymKey(CKM_AES_CTR, CKA_ENCRYPT, c->key,
&paramItem);
if (!c->ctx) {
return srtp_err_status_cipher_fail;
}
return srtp_err_status_ok;
}
/*
* This function encrypts a buffer using AES CTR mode
*
* Parameters:
* c Crypto context
* buf data to encrypt
* enc_len length of encrypt buffer
*/
static srtp_err_status_t srtp_aes_icm_nss_encrypt(void *cv,
unsigned char *buf,
unsigned int *enc_len)
{
srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
if (!c->ctx) {
return srtp_err_status_bad_param;
}
int rv =
PK11_CipherOp(c->ctx, buf, (int *)enc_len, *enc_len, buf, *enc_len);
srtp_err_status_t status = (srtp_err_status_ok);
if (rv != SECSuccess) {
status = (srtp_err_status_cipher_fail);
}
return status;
}
/*
* Name of this crypto engine
*/
static const char srtp_aes_icm_128_nss_description[] =
"AES-128 counter mode using NSS";
static const char srtp_aes_icm_192_nss_description[] =
"AES-192 counter mode using NSS";
static const char srtp_aes_icm_256_nss_description[] =
"AES-256 counter mode using NSS";
/*
* KAT values for AES self-test. These
* values came from the legacy libsrtp code.
*/
/* clang-format off */
static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
/* clang-format on */
/* clang-format off */
static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = {
0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
};
/* clang-format on */
static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = {
SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */
srtp_aes_icm_128_test_case_0_key, /* key */
srtp_aes_icm_128_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */
0, /* */
NULL, /* */
0, /* */
NULL /* pointer to next testcase */
};
/*
* KAT values for AES-192-CTR self-test. These
* values came from section 7 of RFC 6188.
*/
/* clang-format off */
static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = {
0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d,
0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21,
0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
/* clang-format on */
/* clang-format off */
static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = {
0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d,
0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c,
0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61,
0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a
};
/* clang-format on */
static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = {
SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */
srtp_aes_icm_192_test_case_0_key, /* key */
srtp_aes_icm_192_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */
0, /* */
NULL, /* */
0, /* */
NULL /* pointer to next testcase */
};
/*
* KAT values for AES-256-CTR self-test. These
* values came from section 7 of RFC 6188.
*/
/* clang-format off */
static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = {
0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
/* clang-format on */
/* clang-format off */
static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = {
0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
};
/* clang-format on */
static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = {
SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */
srtp_aes_icm_256_test_case_0_key, /* key */
srtp_aes_icm_256_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */
0, /* */
NULL, /* */
0, /* */
NULL /* pointer to next testcase */
};
/*
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
const srtp_cipher_type_t srtp_aes_icm_128 = {
srtp_aes_icm_nss_alloc, /* */
srtp_aes_icm_nss_dealloc, /* */
srtp_aes_icm_nss_context_init, /* */
0, /* set_aad */
srtp_aes_icm_nss_encrypt, /* */
srtp_aes_icm_nss_encrypt, /* */
srtp_aes_icm_nss_set_iv, /* */
0, /* get_tag */
srtp_aes_icm_128_nss_description, /* */
&srtp_aes_icm_128_test_case_0, /* */
SRTP_AES_ICM_128 /* */
};
/*
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
const srtp_cipher_type_t srtp_aes_icm_192 = {
srtp_aes_icm_nss_alloc, /* */
srtp_aes_icm_nss_dealloc, /* */
srtp_aes_icm_nss_context_init, /* */
0, /* set_aad */
srtp_aes_icm_nss_encrypt, /* */
srtp_aes_icm_nss_encrypt, /* */
srtp_aes_icm_nss_set_iv, /* */
0, /* get_tag */
srtp_aes_icm_192_nss_description, /* */
&srtp_aes_icm_192_test_case_0, /* */
SRTP_AES_ICM_192 /* */
};
/*
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
const srtp_cipher_type_t srtp_aes_icm_256 = {
srtp_aes_icm_nss_alloc, /* */
srtp_aes_icm_nss_dealloc, /* */
srtp_aes_icm_nss_context_init, /* */
0, /* set_aad */
srtp_aes_icm_nss_encrypt, /* */
srtp_aes_icm_nss_encrypt, /* */
srtp_aes_icm_nss_set_iv, /* */
0, /* get_tag */
srtp_aes_icm_256_nss_description, /* */
&srtp_aes_icm_256_test_case_0, /* */
SRTP_AES_ICM_256 /* */
};

540
netwerk/srtp/src/crypto/cipher/aes_icm_ossl.c Normal file
View File

@ -0,0 +1,540 @@
/*
* aes_icm_ossl.c
*
* AES Integer Counter Mode
*
* John A. Foley
* Cisco Systems, Inc.
*
* 2/24/2012: This module was modified to use CiscoSSL for AES counter
* mode. Eddy Lem contributed the code to allow this.
*
* 12/20/2012: Added support for AES-192 and AES-256.
*/
/*
*
* Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <openssl/evp.h>
#include "aes_icm_ext.h"
#include "crypto_types.h"
#include "err.h" /* for srtp_debug */
#include "alloc.h"
#include "cipher_types.h"
srtp_debug_module_t srtp_mod_aes_icm = {
0, /* debugging is off by default */
"aes icm ossl" /* printable module name */
};
/*
* integer counter mode works as follows:
*
* 16 bits
* <----->
* +------+------+------+------+------+------+------+------+
* | nonce | packet index | ctr |---+
* +------+------+------+------+------+------+------+------+ |
* |
* +------+------+------+------+------+------+------+------+ v
* | salt |000000|->(+)
* +------+------+------+------+------+------+------+------+ |
* |
* +---------+
* | encrypt |
* +---------+
* |
* +------+------+------+------+------+------+------+------+ |
* | keystream block |<--+
* +------+------+------+------+------+------+------+------+
*
* All fields are big-endian
*
* ctr is the block counter, which increments from zero for
* each packet (16 bits wide)
*
* packet index is distinct for each packet (48 bits wide)
*
* nonce can be distinct across many uses of the same key, or
* can be a fixed value per key, or can be per-packet randomness
* (64 bits)
*
*/
/*
* This function allocates a new instance of this crypto engine.
* The key_len parameter should be one of 30, 38, or 46 for
* AES-128, AES-192, and AES-256 respectively. Note, this key_len
* value is inflated, as it also accounts for the 112 bit salt
* value. The tlen argument is for the AEAD tag length, which
* isn't used in counter mode.
*/
static srtp_err_status_t srtp_aes_icm_openssl_alloc(srtp_cipher_t **c,
int key_len,
int tlen)
{
srtp_aes_icm_ctx_t *icm;
debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d",
key_len);
/*
* Verify the key_len is valid for one of: AES-128/192/256
*/
if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT &&
key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT &&
key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
return srtp_err_status_bad_param;
}
/* allocate memory a cipher of type aes_icm */
*c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
if (*c == NULL) {
return srtp_err_status_alloc_fail;
}
icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
if (icm == NULL) {
srtp_crypto_free(*c);
*c = NULL;
return srtp_err_status_alloc_fail;
}
icm->ctx = EVP_CIPHER_CTX_new();
if (icm->ctx == NULL) {
srtp_crypto_free(icm);
srtp_crypto_free(*c);
*c = NULL;
return srtp_err_status_alloc_fail;
}
/* set pointers */
(*c)->state = icm;
/* setup cipher parameters */
switch (key_len) {
case SRTP_AES_ICM_128_KEY_LEN_WSALT:
(*c)->algorithm = SRTP_AES_ICM_128;
(*c)->type = &srtp_aes_icm_128;
icm->key_size = SRTP_AES_128_KEY_LEN;
break;
case SRTP_AES_ICM_192_KEY_LEN_WSALT:
(*c)->algorithm = SRTP_AES_ICM_192;
(*c)->type = &srtp_aes_icm_192;
icm->key_size = SRTP_AES_192_KEY_LEN;
break;
case SRTP_AES_ICM_256_KEY_LEN_WSALT:
(*c)->algorithm = SRTP_AES_ICM_256;
(*c)->type = &srtp_aes_icm_256;
icm->key_size = SRTP_AES_256_KEY_LEN;
break;
}
/* set key size */
(*c)->key_len = key_len;
return srtp_err_status_ok;
}
/*
* This function deallocates an instance of this engine
*/
static srtp_err_status_t srtp_aes_icm_openssl_dealloc(srtp_cipher_t *c)
{
srtp_aes_icm_ctx_t *ctx;
if (c == NULL) {
return srtp_err_status_bad_param;
}
/*
* Free the EVP context
*/
ctx = (srtp_aes_icm_ctx_t *)c->state;
if (ctx != NULL) {
EVP_CIPHER_CTX_free(ctx->ctx);
/* zeroize the key material */
octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
srtp_crypto_free(ctx);
}
/* free memory */
srtp_crypto_free(c);
return srtp_err_status_ok;
}
/*
* aes_icm_openssl_context_init(...) initializes the aes_icm_context
* using the value in key[].
*
* the key is the secret key
*
* the salt is unpredictable (but not necessarily secret) data which
* randomizes the starting point in the keystream
*/
static srtp_err_status_t srtp_aes_icm_openssl_context_init(void *cv,
const uint8_t *key)
{
srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
const EVP_CIPHER *evp;
/*
* set counter and initial values to 'offset' value, being careful not to
* go past the end of the key buffer
*/
v128_set_to_zero(&c->counter);
v128_set_to_zero(&c->offset);
memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN);
memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN);
/* force last two octets of the offset to zero (for srtp compatibility) */
c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0;
c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0;
debug_print(srtp_mod_aes_icm, "key: %s",
srtp_octet_string_hex_string(key, c->key_size));
debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
switch (c->key_size) {
case SRTP_AES_256_KEY_LEN:
evp = EVP_aes_256_ctr();
break;
case SRTP_AES_192_KEY_LEN:
evp = EVP_aes_192_ctr();
break;
case SRTP_AES_128_KEY_LEN:
evp = EVP_aes_128_ctr();
break;
default:
return srtp_err_status_bad_param;
break;
}
if (!EVP_EncryptInit_ex(c->ctx, evp, NULL, key, NULL)) {
return srtp_err_status_fail;
} else {
return srtp_err_status_ok;
}
return srtp_err_status_ok;
}
/*
* aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
static srtp_err_status_t srtp_aes_icm_openssl_set_iv(
void *cv,
uint8_t *iv,
srtp_cipher_direction_t dir)
{
srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
v128_t nonce;
/* set nonce (for alignment) */
v128_copy_octet_string(&nonce, iv);
debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
v128_xor(&c->counter, &c->offset, &nonce);
debug_print(srtp_mod_aes_icm, "set_counter: %s",
v128_hex_string(&c->counter));
if (!EVP_EncryptInit_ex(c->ctx, NULL, NULL, NULL, c->counter.v8)) {
return srtp_err_status_fail;
} else {
return srtp_err_status_ok;
}
}
/*
* This function encrypts a buffer using AES CTR mode
*
* Parameters:
* c Crypto context
* buf data to encrypt
* enc_len length of encrypt buffer
*/
static srtp_err_status_t srtp_aes_icm_openssl_encrypt(void *cv,
unsigned char *buf,
unsigned int *enc_len)
{
srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
int len = 0;
debug_print(srtp_mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {
return srtp_err_status_cipher_fail;
}
*enc_len = len;
if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) {
return srtp_err_status_cipher_fail;
}
*enc_len += len;
return srtp_err_status_ok;
}
/*
* Name of this crypto engine
*/
static const char srtp_aes_icm_128_openssl_description[] =
"AES-128 counter mode using openssl";
static const char srtp_aes_icm_192_openssl_description[] =
"AES-192 counter mode using openssl";
static const char srtp_aes_icm_256_openssl_description[] =
"AES-256 counter mode using openssl";
/*
* KAT values for AES self-test. These
* values came from the legacy libsrtp code.
*/
/* clang-format off */
static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
/* clang-format on */
/* clang-format off */
static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = {
0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
};
/* clang-format on */
static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = {
SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */
srtp_aes_icm_128_test_case_0_key, /* key */
srtp_aes_icm_128_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */
0, /* */
NULL, /* */
0, /* */
NULL /* pointer to next testcase */
};
/*
* KAT values for AES-192-CTR self-test. These
* values came from section 7 of RFC 6188.
*/
/* clang-format off */
static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = {
0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d,
0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21,
0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
/* clang-format on */
/* clang-format off */
static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = {
0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d,
0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c,
0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61,
0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a
};
/* clang-format on */
static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = {
SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */
srtp_aes_icm_192_test_case_0_key, /* key */
srtp_aes_icm_192_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */
0, /* */
NULL, /* */
0, /* */
NULL /* pointer to next testcase */
};
/*
* KAT values for AES-256-CTR self-test. These
* values came from section 7 of RFC 6188.
*/
/* clang-format off */
static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = {
0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
/* clang-format on */
/* clang-format off */
static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = {
0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
};
/* clang-format on */
static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = {
SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */
srtp_aes_icm_256_test_case_0_key, /* key */
srtp_aes_icm_256_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */
0, /* */
NULL, /* */
0, /* */
NULL /* pointer to next testcase */
};
/*
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
const srtp_cipher_type_t srtp_aes_icm_128 = {
srtp_aes_icm_openssl_alloc, /* */
srtp_aes_icm_openssl_dealloc, /* */
srtp_aes_icm_openssl_context_init, /* */
0, /* set_aad */
srtp_aes_icm_openssl_encrypt, /* */
srtp_aes_icm_openssl_encrypt, /* */
srtp_aes_icm_openssl_set_iv, /* */
0, /* get_tag */
srtp_aes_icm_128_openssl_description, /* */
&srtp_aes_icm_128_test_case_0, /* */
SRTP_AES_ICM_128 /* */
};
/*
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
const srtp_cipher_type_t srtp_aes_icm_192 = {
srtp_aes_icm_openssl_alloc, /* */
srtp_aes_icm_openssl_dealloc, /* */
srtp_aes_icm_openssl_context_init, /* */
0, /* set_aad */
srtp_aes_icm_openssl_encrypt, /* */
srtp_aes_icm_openssl_encrypt, /* */
srtp_aes_icm_openssl_set_iv, /* */
0, /* get_tag */
srtp_aes_icm_192_openssl_description, /* */
&srtp_aes_icm_192_test_case_0, /* */
SRTP_AES_ICM_192 /* */
};
/*
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
const srtp_cipher_type_t srtp_aes_icm_256 = {
srtp_aes_icm_openssl_alloc, /* */
srtp_aes_icm_openssl_dealloc, /* */
srtp_aes_icm_openssl_context_init, /* */
0, /* set_aad */
srtp_aes_icm_openssl_encrypt, /* */
srtp_aes_icm_openssl_encrypt, /* */
srtp_aes_icm_openssl_set_iv, /* */
0, /* get_tag */
srtp_aes_icm_256_openssl_description, /* */
&srtp_aes_icm_256_test_case_0, /* */
SRTP_AES_ICM_256 /* */
};

273
netwerk/srtp/src/crypto/hash/hmac_ossl.c Normal file
View File

@ -0,0 +1,273 @@
/*
* hmac_ossl.c
*
* Implementation of hmac srtp_auth_type_t that leverages OpenSSL
*
* John A. Foley
* Cisco Systems, Inc.
*/
/*
*
* Copyright(c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "auth.h"
#include "alloc.h"
#include "err.h" /* for srtp_debug */
#include <openssl/evp.h>
#include <openssl/hmac.h>
#define SHA1_DIGEST_SIZE 20
/* the debug module for authentiation */
srtp_debug_module_t srtp_mod_hmac = {
0, /* debugging is off by default */
"hmac sha-1 openssl" /* printable name for module */
};
static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a,
int key_len,
int out_len)
{
extern const srtp_auth_type_t srtp_hmac;
debug_print(srtp_mod_hmac, "allocating auth func with key length %d",
key_len);
debug_print(srtp_mod_hmac, " tag length %d",
out_len);
/* check output length - should be less than 20 bytes */
if (out_len > SHA1_DIGEST_SIZE) {
return srtp_err_status_bad_param;
}
/* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
{
/* allocate memory for auth and HMAC_CTX structures */
uint8_t *pointer;
HMAC_CTX *new_hmac_ctx;
pointer = (uint8_t *)srtp_crypto_alloc(sizeof(HMAC_CTX) +
sizeof(srtp_auth_t));
if (pointer == NULL) {
return srtp_err_status_alloc_fail;
}
*a = (srtp_auth_t *)pointer;
(*a)->state = pointer + sizeof(srtp_auth_t);
new_hmac_ctx = (HMAC_CTX *)((*a)->state);
HMAC_CTX_init(new_hmac_ctx);
}
#else
*a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t));
if (*a == NULL) {
return srtp_err_status_alloc_fail;
}
(*a)->state = HMAC_CTX_new();
if ((*a)->state == NULL) {
srtp_crypto_free(*a);
*a = NULL;
return srtp_err_status_alloc_fail;
}
#endif
/* set pointers */
(*a)->type = &srtp_hmac;
(*a)->out_len = out_len;
(*a)->key_len = key_len;
(*a)->prefix_len = 0;
return srtp_err_status_ok;
}
static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a)
{
HMAC_CTX *hmac_ctx;
hmac_ctx = (HMAC_CTX *)a->state;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
HMAC_CTX_cleanup(hmac_ctx);
/* zeroize entire state*/
octet_string_set_to_zero(a, sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
#else
HMAC_CTX_free(hmac_ctx);
/* zeroize entire state*/
octet_string_set_to_zero(a, sizeof(srtp_auth_t));
#endif
/* free memory */
srtp_crypto_free(a);
return srtp_err_status_ok;
}
static srtp_err_status_t srtp_hmac_start(void *statev)
{
HMAC_CTX *state = (HMAC_CTX *)statev;
if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
return srtp_err_status_auth_fail;
return srtp_err_status_ok;
}
static srtp_err_status_t srtp_hmac_init(void *statev,
const uint8_t *key,
int key_len)
{
HMAC_CTX *state = (HMAC_CTX *)statev;
if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
return srtp_err_status_auth_fail;
return srtp_err_status_ok;
}
static srtp_err_status_t srtp_hmac_update(void *statev,
const uint8_t *message,
int msg_octets)
{
HMAC_CTX *state = (HMAC_CTX *)statev;
debug_print(srtp_mod_hmac, "input: %s",
srtp_octet_string_hex_string(message, msg_octets));
if (HMAC_Update(state, message, msg_octets) == 0)
return srtp_err_status_auth_fail;
return srtp_err_status_ok;
}
static srtp_err_status_t srtp_hmac_compute(void *statev,
const uint8_t *message,
int msg_octets,
int tag_len,
uint8_t *result)
{
HMAC_CTX *state = (HMAC_CTX *)statev;
uint8_t hash_value[SHA1_DIGEST_SIZE];
int i;
unsigned int len;
/* check tag length, return error if we can't provide the value expected */
if (tag_len > SHA1_DIGEST_SIZE) {
return srtp_err_status_bad_param;
}
/* hash message, copy output into H */
if (HMAC_Update(state, message, msg_octets) == 0)
return srtp_err_status_auth_fail;
if (HMAC_Final(state, hash_value, &len) == 0)
return srtp_err_status_auth_fail;
if (len < tag_len)
return srtp_err_status_auth_fail;
/* copy hash_value to *result */
for (i = 0; i < tag_len; i++) {
result[i] = hash_value[i];
}
debug_print(srtp_mod_hmac, "output: %s",
srtp_octet_string_hex_string(hash_value, tag_len));
return srtp_err_status_ok;
}
/* begin test case 0 */
/* clang-format off */
static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = {
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_hmac_test_case_0_data[8] = {
0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
};
/* clang-format on */
/* clang-format off */
static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = {
0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
0xf1, 0x46, 0xbe, 0x00
};
/* clang-format on */
static const srtp_auth_test_case_t srtp_hmac_test_case_0 = {
sizeof(srtp_hmac_test_case_0_key), /* octets in key */
srtp_hmac_test_case_0_key, /* key */
sizeof(srtp_hmac_test_case_0_data), /* octets in data */
srtp_hmac_test_case_0_data, /* data */
sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */
srtp_hmac_test_case_0_tag, /* tag */
NULL /* pointer to next testcase */
};
/* end test case 0 */
static const char srtp_hmac_description[] =
"hmac sha-1 authentication function";
/*
* srtp_auth_type_t hmac is the hmac metaobject
*/
const srtp_auth_type_t srtp_hmac = {
srtp_hmac_alloc, /* */
srtp_hmac_dealloc, /* */
srtp_hmac_init, /* */
srtp_hmac_compute, /* */
srtp_hmac_update, /* */
srtp_hmac_start, /* */
srtp_hmac_description, /* */
&srtp_hmac_test_case_0, /* */
SRTP_HMAC_SHA1 /* */
};

87
netwerk/srtp/src/crypto/include/aes_gcm.h Normal file
View File

@ -0,0 +1,87 @@
/*
* aes_gcm.h
*
* Header for AES Galois Counter Mode.
*
* John A. Foley
* Cisco Systems, Inc.
*
*/
/*
*
* Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef AES_GCM_H
#define AES_GCM_H
#include "cipher.h"
#include "srtp.h"
#include "datatypes.h"
#ifdef OPENSSL
#include <openssl/evp.h>
#include <openssl/aes.h>
typedef struct {
int key_size;
int tag_len;
EVP_CIPHER_CTX *ctx;
srtp_cipher_direction_t dir;
} srtp_aes_gcm_ctx_t;
#endif /* OPENSSL */
#ifdef NSS
#include <pk11pub.h>
#define MAX_AD_SIZE 2048
typedef struct {
int key_size;
int tag_size;
srtp_cipher_direction_t dir;
PK11SymKey *key;
uint8_t iv[12];
uint8_t aad[MAX_AD_SIZE];
int aad_size;
CK_GCM_PARAMS params;
uint8_t tag[16];
} srtp_aes_gcm_ctx_t;
#endif /* NSS */
#endif /* AES_GCM_H */

81
netwerk/srtp/src/crypto/include/aes_icm_ext.h Normal file
View File

@ -0,0 +1,81 @@
/*
* aes_icm.h
*
* Header for AES Integer Counter Mode.
*
* David A. McGrew
* Cisco Systems, Inc.
*
*/
/*
*
* Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef AES_ICM_H
#define AES_ICM_H
#include "cipher.h"
#include "datatypes.h"
#ifdef OPENSSL
#include <openssl/evp.h>
#include <openssl/aes.h>
typedef struct {
v128_t counter; /* holds the counter value */
v128_t offset; /* initial offset value */
int key_size;
EVP_CIPHER_CTX *ctx;
} srtp_aes_icm_ctx_t;
#endif /* OPENSSL */
#ifdef NSS
#include <pk11pub.h>
typedef struct {
v128_t counter;
v128_t offset;
int key_size;
uint8_t iv[16];
PK11SymKey *key;
PK11Context *ctx;
} srtp_aes_icm_ctx_t;
#endif /* NSS */
#endif /* AES_ICM_H */

35
netwerk/srtp/src/crypto/include/cipher_types.h
View File

@ -44,38 +44,41 @@
* cipher types that can be included in the kernel
*/
const srtp_cipher_type_t srtp_null_cipher;
const srtp_cipher_type_t srtp_aes_icm_128;
const srtp_cipher_type_t srtp_aes_icm_256;
#ifdef OPENSSL
const srtp_cipher_type_t srtp_aes_icm_192;
const srtp_cipher_type_t srtp_aes_gcm_128_openssl;
const srtp_cipher_type_t srtp_aes_gcm_256_openssl;
extern const srtp_cipher_type_t srtp_null_cipher;
extern const srtp_cipher_type_t srtp_aes_icm_128;
extern const srtp_cipher_type_t srtp_aes_icm_256;
#ifdef GCM
extern const srtp_cipher_type_t srtp_aes_icm_192;
extern const srtp_cipher_type_t srtp_aes_gcm_128;
extern const srtp_cipher_type_t srtp_aes_gcm_256;
#endif
/*
* auth func types that can be included in the kernel
*/
const srtp_auth_type_t srtp_null_auth;
const srtp_auth_type_t srtp_hmac;
extern const srtp_auth_type_t srtp_null_auth;
extern const srtp_auth_type_t srtp_hmac;
/*
* other generic debug modules that can be included in the kernel
*/
srtp_debug_module_t srtp_mod_auth;
srtp_debug_module_t srtp_mod_cipher;
srtp_debug_module_t mod_stat;
srtp_debug_module_t mod_alloc;
extern srtp_debug_module_t srtp_mod_auth;
extern srtp_debug_module_t srtp_mod_cipher;
extern srtp_debug_module_t srtp_mod_stat;
extern srtp_debug_module_t srtp_mod_alloc;
/* debug modules for cipher types */
srtp_debug_module_t srtp_mod_aes_icm;
extern srtp_debug_module_t srtp_mod_aes_icm;
#ifdef OPENSSL
srtp_debug_module_t srtp_mod_aes_gcm;
extern srtp_debug_module_t srtp_mod_aes_gcm;
#endif
#ifdef NSS
extern srtp_debug_module_t srtp_mod_aes_gcm;
#endif
/* debug modules for auth types */
srtp_debug_module_t srtp_mod_hmac;
extern srtp_debug_module_t srtp_mod_hmac;
#endif

2
netwerk/srtp/src/crypto/include/sha1.h
View File

@ -81,7 +81,7 @@ extern "C" {
/* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated
using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
typedef EVP_MD_CTX srtp_sha1_ctx_t;

12
netwerk/srtp/src/crypto/kernel/alloc.c
View File

@ -51,7 +51,7 @@
/* the debug module for memory allocation */
srtp_debug_module_t mod_alloc = {
srtp_debug_module_t srtp_mod_alloc = {
0, /* debugging is off by default */
"alloc" /* printable name for module */
};
@ -71,12 +71,16 @@ void *srtp_crypto_alloc(size_t size)
{
void *ptr;
if (!size) {
return NULL;
}
ptr = calloc(1, size);
if (ptr) {
debug_print(mod_alloc, "(location: %p) allocated", ptr);
debug_print(srtp_mod_alloc, "(location: %p) allocated", ptr);
} else {
debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n",
debug_print(srtp_mod_alloc, "allocation failed (asked for %d bytes)\n",
size);
}
@ -85,7 +89,7 @@ void *srtp_crypto_alloc(size_t size)
void srtp_crypto_free(void *ptr)
{
debug_print(mod_alloc, "(location: %p) freed", ptr);
debug_print(srtp_mod_alloc, "(location: %p) freed", ptr);
free(ptr);
}

12
netwerk/srtp/src/crypto/kernel/crypto_kernel.c
View File

@ -101,11 +101,11 @@ srtp_err_status_t srtp_crypto_kernel_init()
if (status) {
return status;
}
status = srtp_crypto_kernel_load_debug_module(&mod_stat);
status = srtp_crypto_kernel_load_debug_module(&srtp_mod_stat);
if (status) {
return status;
}
status = srtp_crypto_kernel_load_debug_module(&mod_alloc);
status = srtp_crypto_kernel_load_debug_module(&srtp_mod_alloc);
if (status) {
return status;
}
@ -130,18 +130,18 @@ srtp_err_status_t srtp_crypto_kernel_init()
if (status) {
return status;
}
#ifdef OPENSSL
#ifdef GCM
status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_192,
SRTP_AES_ICM_192);
if (status) {
return status;
}
status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128_openssl,
status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128,
SRTP_AES_GCM_128);
if (status) {
return status;
}
status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256_openssl,
status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256,
SRTP_AES_GCM_256);
if (status) {
return status;
@ -512,7 +512,7 @@ srtp_err_status_t srtp_crypto_kernel_load_debug_module(
srtp_kernel_debug_module_t *kdm, *new;
/* defensive coding */
if (new_dm == NULL) {
if (new_dm == NULL || new_dm->name == NULL) {
return srtp_err_status_bad_param;
}

8
netwerk/srtp/src/crypto/math/datatypes.c
View File

@ -328,9 +328,11 @@ int bitvector_alloc(bitvector_t *v, unsigned long length)
l = length / bits_per_word * bytes_per_word;
/* allocate memory, then set parameters */
if (l == 0)
if (l == 0) {
v->word = NULL;
else {
v->length = 0;
return -1;
} else {
v->word = (uint32_t *)srtp_crypto_alloc(l);
if (v->word == NULL) {
v->length = 0;
@ -434,7 +436,7 @@ void srtp_cleanse(void *s, size_t len)
void octet_string_set_to_zero(void *s, size_t len)
{
#ifdef OPENSSL
#if defined(OPENSSL) && !defined(OPENSSL_CLEANSE_BROKEN)
OPENSSL_cleanse(s, len);
#else
srtp_cleanse(s, len);

22
netwerk/srtp/src/crypto/math/stat.c
View File

@ -49,7 +49,7 @@
#include "stat.h"
srtp_debug_module_t mod_stat = {
srtp_debug_module_t srtp_mod_stat = {
0, /* debugging is off by default */
(char *)"stat test" /* printable module name */
};
@ -72,7 +72,7 @@ srtp_err_status_t stat_test_monobit(uint8_t *data)
data++;
}
debug_print(mod_stat, "bit count: %d", ones_count);
debug_print(srtp_mod_stat, "bit count: %d", ones_count);
if ((ones_count < 9725) || (ones_count > 10275))
return srtp_err_status_algo_fail;
@ -100,7 +100,7 @@ srtp_err_status_t stat_test_poker(uint8_t *data)
poker *= (16.0 / 5000.0);
poker -= 5000.0;
debug_print(mod_stat, "poker test: %f\n", poker);
debug_print(srtp_mod_stat, "poker test: %f\n", poker);
if ((poker < 2.16) || (poker > 46.17))
return srtp_err_status_algo_fail;
@ -139,14 +139,14 @@ srtp_err_status_t stat_test_runs(uint8_t *data)
/* check for long runs */
if (state > 25) {
debug_print(mod_stat, ">25 runs: %d", state);
debug_print(srtp_mod_stat, ">25 runs: %d", state);
return srtp_err_status_algo_fail;
}
} else if (state < 0) {
/* prefix is a gap */
if (state < -25) {
debug_print(mod_stat, ">25 gaps: %d", state);
debug_print(srtp_mod_stat, ">25 gaps: %d", state);
return srtp_err_status_algo_fail; /* long-runs test
failed */
}
@ -164,7 +164,7 @@ srtp_err_status_t stat_test_runs(uint8_t *data)
if (state > 0) {
/* prefix is a run */
if (state > 25) {
debug_print(mod_stat, ">25 runs (2): %d", state);
debug_print(srtp_mod_stat, ">25 runs (2): %d", state);
return srtp_err_status_algo_fail; /* long-runs test
failed */
}
@ -180,7 +180,7 @@ srtp_err_status_t stat_test_runs(uint8_t *data)
/* check for long gaps */
if (state < -25) {
debug_print(mod_stat, ">25 gaps (2): %d", state);
debug_print(srtp_mod_stat, ">25 gaps (2): %d", state);
return srtp_err_status_algo_fail;
}
@ -195,12 +195,12 @@ srtp_err_status_t stat_test_runs(uint8_t *data)
data++;
}
if (mod_stat.on) {
debug_print(mod_stat, "runs test", NULL);
if (srtp_mod_stat.on) {
debug_print(srtp_mod_stat, "runs test", NULL);
for (i = 0; i < 6; i++)
debug_print(mod_stat, " runs[]: %d", runs[i]);
debug_print(srtp_mod_stat, " runs[]: %d", runs[i]);
for (i = 0; i < 6; i++)
debug_print(mod_stat, " gaps[]: %d", gaps[i]);
debug_print(srtp_mod_stat, " gaps[]: %d", gaps[i]);
}
/* check run and gap counts against the fixed limits */

52
netwerk/srtp/src/crypto/test/cipher_driver.c
View File

@ -51,9 +51,9 @@
#include <stdlib.h> /* for rand() */
#include "getopt_s.h"
#include "cipher.h"
#ifdef OPENSSL
#include "aes_icm_ossl.h"
#include "aes_gcm_ossl.h"
#ifdef GCM
#include "aes_icm_ext.h"
#include "aes_gcm.h"
#else
#include "aes_icm.h"
#endif
@ -118,10 +118,10 @@ void check_status(srtp_err_status_t s)
extern srtp_cipher_type_t srtp_null_cipher;
extern srtp_cipher_type_t srtp_aes_icm_128;
extern srtp_cipher_type_t srtp_aes_icm_256;
#ifdef OPENSSL
#ifdef GCM
extern srtp_cipher_type_t srtp_aes_icm_192;
extern srtp_cipher_type_t srtp_aes_gcm_128_openssl;
extern srtp_cipher_type_t srtp_aes_gcm_256_openssl;
extern srtp_cipher_type_t srtp_aes_gcm_128;
extern srtp_cipher_type_t srtp_aes_gcm_256;
#endif
int main(int argc, char *argv[])
@ -187,21 +187,19 @@ int main(int argc, char *argv[])
cipher_driver_test_array_throughput(
&srtp_aes_icm_256, SRTP_AES_ICM_256_KEY_LEN_WSALT, num_cipher);
#ifdef OPENSSL
#ifdef GCM
for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8)
cipher_driver_test_array_throughput(
&srtp_aes_icm_192, SRTP_AES_ICM_192_KEY_LEN_WSALT, num_cipher);
for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) {
cipher_driver_test_array_throughput(&srtp_aes_gcm_128_openssl,
SRTP_AES_GCM_128_KEY_LEN_WSALT,
num_cipher);
cipher_driver_test_array_throughput(
&srtp_aes_gcm_128, SRTP_AES_GCM_128_KEY_LEN_WSALT, num_cipher);
}
for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) {
cipher_driver_test_array_throughput(&srtp_aes_gcm_256_openssl,
SRTP_AES_GCM_256_KEY_LEN_WSALT,
num_cipher);
cipher_driver_test_array_throughput(
&srtp_aes_gcm_256, SRTP_AES_GCM_256_KEY_LEN_WSALT, num_cipher);
}
#endif
}
@ -210,10 +208,10 @@ int main(int argc, char *argv[])
cipher_driver_self_test(&srtp_null_cipher);
cipher_driver_self_test(&srtp_aes_icm_128);
cipher_driver_self_test(&srtp_aes_icm_256);
#ifdef OPENSSL
#ifdef GCM
cipher_driver_self_test(&srtp_aes_icm_192);
cipher_driver_self_test(&srtp_aes_gcm_128_openssl);
cipher_driver_self_test(&srtp_aes_gcm_256_openssl);
cipher_driver_self_test(&srtp_aes_gcm_128);
cipher_driver_self_test(&srtp_aes_gcm_256);
#endif
}
@ -277,9 +275,9 @@ int main(int argc, char *argv[])
status = srtp_cipher_dealloc(c);
check_status(status);
#ifdef OPENSSL
/* run the throughput test on the aes_gcm_128_openssl cipher */
status = srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c,
#ifdef GCM
/* run the throughput test on the aes_gcm_128 cipher */
status = srtp_cipher_type_alloc(&srtp_aes_gcm_128, &c,
SRTP_AES_GCM_128_KEY_LEN_WSALT, 8);
if (status) {
fprintf(stderr, "error: can't allocate GCM 128 cipher\n");
@ -291,15 +289,13 @@ int main(int argc, char *argv[])
cipher_driver_test_throughput(c);
}
if (do_validation) {
status = cipher_driver_test_buffering(c);
check_status(status);
}
// GCM ciphers don't do buffering; they're "one shot"
status = srtp_cipher_dealloc(c);
check_status(status);
/* run the throughput test on the aes_gcm_256_openssl cipher */
status = srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c,
/* run the throughput test on the aes_gcm_256 cipher */
status = srtp_cipher_type_alloc(&srtp_aes_gcm_256, &c,
SRTP_AES_GCM_256_KEY_LEN_WSALT, 16);
if (status) {
fprintf(stderr, "error: can't allocate GCM 256 cipher\n");
@ -311,10 +307,8 @@ int main(int argc, char *argv[])
cipher_driver_test_throughput(c);
}
if (do_validation) {
status = cipher_driver_test_buffering(c);
check_status(status);
}
// GCM ciphers don't do buffering; they're "one shot"
status = srtp_cipher_dealloc(c);
check_status(status);
#endif

26
netwerk/srtp/src/crypto/test/datatypes_driver.c
View File

@ -60,6 +60,8 @@ void print_string(char *s);
void test_bswap(void);
void test_set_to_zero(void);
int main(void)
{
/*
@ -135,6 +137,7 @@ int main(void)
printf(" } \n");
test_bswap();
test_set_to_zero();
return 0;
}
@ -228,3 +231,26 @@ void test_bswap(void)
printf("bswapped octet string: %s\n",
octet_string_hex_string((uint8_t *)&y, 8));
}
void test_set_to_zero(void)
{
#define BUFFER_SIZE (16)
uint8_t buffer[BUFFER_SIZE];
size_t i;
for (i = 0; i < BUFFER_SIZE; i++) {
buffer[i] = i & 0xff;
}
printf("Buffer before: %s\n", octet_string_hex_string(buffer, BUFFER_SIZE));
octet_string_set_to_zero(buffer, BUFFER_SIZE);
printf("Buffer after: %s\n", octet_string_hex_string(buffer, BUFFER_SIZE));
for (i = 0; i < BUFFER_SIZE; i++) {
if (buffer[i]) {
fprintf(stderr,
"Buffer contents not zero at position %zu (is %d)\n", i,
buffer[i]);
abort();
}
}
#undef BUFFER_SIZE
}

12
netwerk/srtp/src/crypto/test/stat_driver.c
View File

@ -76,9 +76,9 @@ int main(int argc, char *argv[])
int i, j;
extern srtp_cipher_type_t srtp_aes_icm_128;
extern srtp_cipher_type_t srtp_aes_icm_256;
#ifdef OPENSSL
extern srtp_cipher_type_t srtp_aes_gcm_128_openssl;
extern srtp_cipher_type_t srtp_aes_gcm_256_openssl;
#ifdef GCM
extern srtp_cipher_type_t srtp_aes_gcm_128;
extern srtp_cipher_type_t srtp_aes_gcm_256;
#endif
srtp_cipher_t *c;
/* clang-format off */
@ -180,14 +180,14 @@ int main(int argc, char *argv[])
}
}
#ifdef OPENSSL
#ifdef GCM
{
printf("running stat_tests on AES-128-GCM, expecting success\n");
/* set buffer to cipher output */
for (i = 0; i < 2500; i++) {
buffer[i] = 0;
}
err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c,
err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_128, &c,
SRTP_AES_GCM_128_KEY_LEN_WSALT, 8));
err_check(srtp_cipher_init(c, key));
err_check(
@ -219,7 +219,7 @@ int main(int argc, char *argv[])
for (i = 0; i < 2500; i++) {
buffer[i] = 0;
}
err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c,
err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_256, &c,
SRTP_AES_GCM_256_KEY_LEN_WSALT, 16));
err_check(srtp_cipher_init(c, key));
err_check(

9
netwerk/srtp/src/moz.build
View File

@ -5,8 +5,8 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
UNIFIED_SOURCES += [
'crypto/cipher/aes.c',
'crypto/cipher/aes_icm.c',
'crypto/cipher/aes_gcm_nss.c',
'crypto/cipher/aes_icm_nss.c',
'crypto/cipher/cipher.c',
'crypto/cipher/null_cipher.c',
'crypto/hash/auth.c',
@ -50,6 +50,11 @@ for var in ('HAVE_STDLIB_H', 'HAVE_UINT8_T', 'HAVE_UINT16_T',
'HAVE_INT32_T', 'HAVE_UINT32_T', 'HAVE_UINT64_T'):
DEFINES[var] = 1
# Enable AES-GCM cipher suite in libsrtp
DEFINES['GCM'] = 1
# Let libsrtp use NSS instead of build-in crypto
DEFINES['NSS'] = 1
# XXX while arm is not a CISC architecture, the code guarded by CPU_RISC makes
# (at least) the AES ciphers fail their self-tests on ARM, so for now we're
# falling back to the (presumably) slower-on-this-architecture but working

2
netwerk/srtp/src/srtp/ekt.c
View File

@ -151,7 +151,7 @@ srtp_err_status_t srtp_ekt_stream_init_from_policy(
void aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len)
{
#ifndef OPENSSL
#ifndef GCM
// FIXME: need to get this working through the crypto module interface
srtp_aes_expanded_key_t expanded_key;

561
netwerk/srtp/src/srtp/srtp.c
View File

@ -51,12 +51,13 @@
#include "ekt.h" /* for SRTP Encrypted Key Transport */
#include "alloc.h" /* for srtp_crypto_alloc() */
#ifdef OPENSSL
#include "aes_gcm_ossl.h" /* for AES GCM mode */
#ifdef GCM
#include "aes_gcm.h" /* for AES GCM mode */
#endif
#ifdef OPENSSL_KDF
#include <openssl/kdf.h>
#include "aes_icm_ossl.h" /* for AES GCM mode */
#endif
#include "aes_icm_ext.h"
#endif
#include <limits.h>
@ -147,51 +148,136 @@ unsigned int srtp_get_version()
return rv;
}
/* Release (maybe partially allocated) stream. */
static void srtp_stream_free(srtp_stream_ctx_t *str)
srtp_err_status_t srtp_stream_dealloc(srtp_stream_ctx_t *stream,
const srtp_stream_ctx_t *stream_template)
{
srtp_err_status_t status;
unsigned int i = 0;
srtp_session_keys_t *session_keys = NULL;
srtp_session_keys_t *template_session_keys = NULL;
for (i = 0; i < str->num_master_keys; i++) {
session_keys = &str->session_keys[i];
/*
* we use a conservative deallocation strategy - if any deallocation
* fails, then we report that fact without trying to deallocate
* anything else
*/
if (stream->session_keys) {
for (i = 0; i < stream->num_master_keys; i++) {
session_keys = &stream->session_keys[i];
if (session_keys->rtp_xtn_hdr_cipher) {
srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher);
}
if (session_keys->rtcp_cipher) {
srtp_cipher_dealloc(session_keys->rtcp_cipher);
}
if (session_keys->rtcp_auth) {
srtp_auth_dealloc(session_keys->rtcp_auth);
}
if (session_keys->rtp_cipher) {
srtp_cipher_dealloc(session_keys->rtp_cipher);
}
if (session_keys->rtp_auth) {
srtp_auth_dealloc(session_keys->rtp_auth);
}
if (session_keys->mki_id) {
srtp_crypto_free(session_keys->mki_id);
}
if (session_keys->limit) {
srtp_crypto_free(session_keys->limit);
if (stream_template &&
stream->num_master_keys == stream_template->num_master_keys) {
template_session_keys = &stream_template->session_keys[i];
} else {
template_session_keys = NULL;
}
/*
* deallocate cipher, if it is not the same as that in template
*/
if (template_session_keys &&
session_keys->rtp_cipher == template_session_keys->rtp_cipher) {
/* do nothing */
} else if (session_keys->rtp_cipher) {
status = srtp_cipher_dealloc(session_keys->rtp_cipher);
if (status)
return status;
}
/*
* deallocate auth function, if it is not the same as that in
* template
*/
if (template_session_keys &&
session_keys->rtp_auth == template_session_keys->rtp_auth) {
/* do nothing */
} else if (session_keys->rtp_auth) {
status = srtp_auth_dealloc(session_keys->rtp_auth);
if (status)
return status;
}
if (template_session_keys &&
session_keys->rtp_xtn_hdr_cipher ==
template_session_keys->rtp_xtn_hdr_cipher) {
/* do nothing */
} else if (session_keys->rtp_xtn_hdr_cipher) {
status = srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher);
if (status)
return status;
}
/*
* deallocate rtcp cipher, if it is not the same as that in
* template
*/
if (template_session_keys &&
session_keys->rtcp_cipher ==
template_session_keys->rtcp_cipher) {
/* do nothing */
} else if (session_keys->rtcp_cipher) {
status = srtp_cipher_dealloc(session_keys->rtcp_cipher);
if (status)
return status;
}
/*
* deallocate rtcp auth function, if it is not the same as that in
* template
*/
if (template_session_keys &&
session_keys->rtcp_auth == template_session_keys->rtcp_auth) {
/* do nothing */
} else if (session_keys->rtcp_auth) {
status = srtp_auth_dealloc(session_keys->rtcp_auth);
if (status)
return status;
}
/*
* zeroize the salt value
*/
octet_string_set_to_zero(session_keys->salt, SRTP_AEAD_SALT_LEN);
octet_string_set_to_zero(session_keys->c_salt, SRTP_AEAD_SALT_LEN);
if (session_keys->mki_id) {
octet_string_set_to_zero(session_keys->mki_id,
session_keys->mki_size);
srtp_crypto_free(session_keys->mki_id);
session_keys->mki_id = NULL;
}
/*
* deallocate key usage limit, if it is not the same as that in
* template
*/
if (template_session_keys &&
session_keys->limit == template_session_keys->limit) {
/* do nothing */
} else if (session_keys->limit) {
srtp_crypto_free(session_keys->limit);
}
}
srtp_crypto_free(stream->session_keys);
}
srtp_crypto_free(str->session_keys);
status = srtp_rdbx_dealloc(&stream->rtp_rdbx);
if (status)
return status;
if (str->enc_xtn_hdr) {
srtp_crypto_free(str->enc_xtn_hdr);
/* DAM - need to deallocate EKT here */
if (stream_template &&
stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) {
/* do nothing */
} else if (stream->enc_xtn_hdr) {
srtp_crypto_free(stream->enc_xtn_hdr);
}
srtp_crypto_free(str);
/* deallocate srtp stream context */
srtp_crypto_free(stream);
return srtp_err_status_ok;
}
srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
@ -231,7 +317,7 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
sizeof(srtp_session_keys_t) * str->num_master_keys);
if (str->session_keys == NULL) {
srtp_stream_free(str);
srtp_stream_dealloc(str, NULL);
return srtp_err_status_alloc_fail;
}
@ -243,7 +329,7 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
p->rtp.cipher_type, &session_keys->rtp_cipher,
p->rtp.cipher_key_len, p->rtp.auth_tag_len);
if (stat) {
srtp_stream_free(str);
srtp_stream_dealloc(str, NULL);
return stat;
}
@ -252,7 +338,7 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
p->rtp.auth_type, &session_keys->rtp_auth, p->rtp.auth_key_len,
p->rtp.auth_tag_len);
if (stat) {
srtp_stream_free(str);
srtp_stream_dealloc(str, NULL);
return stat;
}
@ -264,7 +350,7 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
p->rtcp.cipher_type, &session_keys->rtcp_cipher,
p->rtcp.cipher_key_len, p->rtcp.auth_tag_len);
if (stat) {
srtp_stream_free(str);
srtp_stream_dealloc(str, NULL);
return stat;
}
@ -273,7 +359,7 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
p->rtcp.auth_type, &session_keys->rtcp_auth, p->rtcp.auth_key_len,
p->rtcp.auth_tag_len);
if (stat) {
srtp_stream_free(str);
srtp_stream_dealloc(str, NULL);
return stat;
}
@ -283,7 +369,7 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
session_keys->limit = (srtp_key_limit_ctx_t *)srtp_crypto_alloc(
sizeof(srtp_key_limit_ctx_t));
if (session_keys->limit == NULL) {
srtp_stream_free(str);
srtp_stream_dealloc(str, NULL);
return srtp_err_status_alloc_fail;
}
}
@ -291,7 +377,7 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
/* allocate ekt data associated with stream */
stat = srtp_ekt_alloc(&str->ekt, p->ekt);
if (stat) {
srtp_stream_free(str);
srtp_stream_dealloc(str, NULL);
return stat;
}
@ -302,7 +388,7 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
str->enc_xtn_hdr = (int *)srtp_crypto_alloc(p->enc_xtn_hdr_count *
sizeof(p->enc_xtn_hdr[0]));
if (!str->enc_xtn_hdr) {
srtp_stream_free(str);
srtp_stream_dealloc(str, NULL);
return srtp_err_status_alloc_fail;
}
memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr,
@ -336,7 +422,7 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
enc_xtn_hdr_cipher_type, &session_keys->rtp_xtn_hdr_cipher,
enc_xtn_hdr_cipher_key_len, 0);
if (stat) {
srtp_stream_free(str);
srtp_stream_dealloc(str, NULL);
return stat;
}
}
@ -353,138 +439,6 @@ srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
return srtp_err_status_ok;
}
srtp_err_status_t srtp_stream_dealloc(srtp_stream_ctx_t *stream,
srtp_stream_ctx_t *stream_template)
{
srtp_err_status_t status;
unsigned int i = 0;
srtp_session_keys_t *session_keys = NULL;
srtp_session_keys_t *template_session_keys = NULL;
/*
* we use a conservative deallocation strategy - if any deallocation
* fails, then we report that fact without trying to deallocate
* anything else
*/
for (i = 0; i < stream->num_master_keys; i++) {
session_keys = &stream->session_keys[i];
if (stream_template) {
template_session_keys = &stream_template->session_keys[i];
} else {
template_session_keys = NULL;
}
/*
* deallocate cipher, if it is not the same as that in template
*/
if (template_session_keys &&
session_keys->rtp_cipher == template_session_keys->rtp_cipher) {
/* do nothing */
} else {
status = srtp_cipher_dealloc(session_keys->rtp_cipher);
if (status)
return status;
}
/*
* deallocate auth function, if it is not the same as that in template
*/
if (template_session_keys &&
session_keys->rtp_auth == template_session_keys->rtp_auth) {
/* do nothing */
} else {
status = srtp_auth_dealloc(session_keys->rtp_auth);
if (status)
return status;
}
if (template_session_keys &&
session_keys->rtp_xtn_hdr_cipher ==
template_session_keys->rtp_xtn_hdr_cipher) {
/* do nothing */
} else if (session_keys->rtp_xtn_hdr_cipher) {
status = srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher);
if (status)
return status;
}
/*
* deallocate rtcp cipher, if it is not the same as that in
* template
*/
if (template_session_keys &&
session_keys->rtcp_cipher == template_session_keys->rtcp_cipher) {
/* do nothing */
} else {
status = srtp_cipher_dealloc(session_keys->rtcp_cipher);
if (status)
return status;
}
/*
* deallocate rtcp auth function, if it is not the same as that in
* template
*/
if (template_session_keys &&
session_keys->rtcp_auth == template_session_keys->rtcp_auth) {
/* do nothing */
} else {
status = srtp_auth_dealloc(session_keys->rtcp_auth);
if (status)
return status;
}
/*
* zeroize the salt value
*/
octet_string_set_to_zero(session_keys->salt, SRTP_AEAD_SALT_LEN);
octet_string_set_to_zero(session_keys->c_salt, SRTP_AEAD_SALT_LEN);
if (session_keys->mki_id) {
octet_string_set_to_zero(session_keys->mki_id,
session_keys->mki_size);
srtp_crypto_free(session_keys->mki_id);
session_keys->mki_id = NULL;
}
/*
* deallocate key usage limit, if it is not the same as that in template
*/
if (template_session_keys &&
session_keys->limit == template_session_keys->limit) {
/* do nothing */
} else {
srtp_crypto_free(session_keys->limit);
}
}
if (stream_template &&
stream->session_keys == stream_template->session_keys) {
/* do nothing */
} else {
srtp_crypto_free(stream->session_keys);
}
status = srtp_rdbx_dealloc(&stream->rtp_rdbx);
if (status)
return status;
/* DAM - need to deallocate EKT here */
if (stream_template &&
stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) {
/* do nothing */
} else if (stream->enc_xtn_hdr) {
srtp_crypto_free(stream->enc_xtn_hdr);
}
/* deallocate srtp stream context */
srtp_crypto_free(stream);
return srtp_err_status_ok;
}
/*
* srtp_stream_clone(stream_template, new) allocates a new stream and
* initializes it using the cipher and auth of the stream_template
@ -516,7 +470,7 @@ srtp_err_status_t srtp_stream_clone(const srtp_stream_ctx_t *stream_template,
sizeof(srtp_session_keys_t) * str->num_master_keys);
if (str->session_keys == NULL) {
srtp_stream_free(*str_ptr);
srtp_stream_dealloc(*str_ptr, stream_template);
*str_ptr = NULL;
return srtp_err_status_alloc_fail;
}
@ -541,7 +495,7 @@ srtp_err_status_t srtp_stream_clone(const srtp_stream_ctx_t *stream_template,
srtp_crypto_alloc(template_session_keys->mki_size);
if (session_keys->mki_id == NULL) {
srtp_stream_free(*str_ptr);
srtp_stream_dealloc(*str_ptr, stream_template);
*str_ptr = NULL;
return srtp_err_status_init_fail;
}
@ -558,7 +512,7 @@ srtp_err_status_t srtp_stream_clone(const srtp_stream_ctx_t *stream_template,
status = srtp_key_limit_clone(template_session_keys->limit,
&session_keys->limit);
if (status) {
srtp_stream_free(*str_ptr);
srtp_stream_dealloc(*str_ptr, stream_template);
*str_ptr = NULL;
return status;
}
@ -568,7 +522,7 @@ srtp_err_status_t srtp_stream_clone(const srtp_stream_ctx_t *stream_template,
status = srtp_rdbx_init(
&str->rtp_rdbx, srtp_rdbx_get_window_size(&stream_template->rtp_rdbx));
if (status) {
srtp_stream_free(*str_ptr);
srtp_stream_dealloc(*str_ptr, stream_template);
*str_ptr = NULL;
return status;
}
@ -847,9 +801,10 @@ srtp_session_keys_t *srtp_get_session_keys_with_mki_index(
unsigned int mki_index)
{
if (use_mki) {
if (mki_index < stream->num_master_keys) {
return &stream->session_keys[mki_index];
if (mki_index >= stream->num_master_keys) {
return NULL;
}
return &stream->session_keys[mki_index];
}
return &stream->session_keys[0];
@ -1604,12 +1559,12 @@ srtp_session_keys_t *srtp_get_session_keys(srtp_stream_ctx_t *stream,
base_mki_start_location -= tag_len;
for (i = 0; i < stream->num_master_keys; i++) {
if (stream->session_keys[i].mki_size != 0) {
if (stream->session_keys[i].mki_size != 0 &&
stream->session_keys[i].mki_size <= base_mki_start_location) {
*mki_size = stream->session_keys[i].mki_size;
mki_start_location = base_mki_start_location - *mki_size;
if (mki_start_location >= *mki_size &&
memcmp(hdr + mki_start_location, stream->session_keys[i].mki_id,
if (memcmp(hdr + mki_start_location, stream->session_keys[i].mki_id,
*mki_size) == 0) {
return &stream->session_keys[i];
}
@ -2170,6 +2125,9 @@ srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx,
session_keys =
srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index);
if (session_keys == NULL)
return srtp_err_status_bad_mki;
/*
* Check if this is an AEAD stream (GCM mode). If so, then dispatch
* the request to our AEAD handler.
@ -2889,7 +2847,7 @@ srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy)
/* initialize stream */
status = srtp_stream_init(tmp, policy);
if (status) {
srtp_stream_free(tmp);
srtp_stream_dealloc(tmp, NULL);
return status;
}
@ -2904,7 +2862,7 @@ srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy)
switch (policy->ssrc.type) {
case (ssrc_any_outbound):
if (session->stream_template) {
srtp_stream_free(tmp);
srtp_stream_dealloc(tmp, NULL);
return srtp_err_status_bad_param;
}
session->stream_template = tmp;
@ -2912,7 +2870,7 @@ srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy)
break;
case (ssrc_any_inbound):
if (session->stream_template) {
srtp_stream_free(tmp);
srtp_stream_dealloc(tmp, NULL);
return srtp_err_status_bad_param;
}
session->stream_template = tmp;
@ -2924,7 +2882,7 @@ srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy)
break;
case (ssrc_undefined):
default:
srtp_stream_free(tmp);
srtp_stream_dealloc(tmp, NULL);
return srtp_err_status_bad_param;
}
@ -3329,7 +3287,7 @@ void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p)
p->sec_serv = sec_serv_conf;
}
#ifdef OPENSSL
#ifdef GCM
void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p)
{
/*
@ -3540,7 +3498,8 @@ static srtp_err_status_t srtp_protect_rtcp_aead(
{
srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *trailer; /* pointer to start of trailer */
uint32_t *trailer_p; /* pointer to start of trailer */
uint32_t trailer; /* trailer value */
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
srtp_err_status_t status;
@ -3563,18 +3522,15 @@ static srtp_err_status_t srtp_protect_rtcp_aead(
/* NOTE: hdr->length is not usable - it refers to only the first
* RTCP report in the compound packet!
*/
/* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always
* multiples of 32-bits (RFC 3550 6.1)
*/
trailer = (uint32_t *)((char *)enc_start + enc_octet_len + tag_len);
trailer_p = (uint32_t *)((char *)enc_start + enc_octet_len + tag_len);
if (stream->rtcp_services & sec_serv_conf) {
*trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */
trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */
} else {
enc_start = NULL;
enc_octet_len = 0;
/* 0 is network-order independant */
*trailer = 0x00000000; /* set encrypt bit */
trailer = 0x00000000; /* set encrypt bit */
}
mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + tag_len +
@ -3598,9 +3554,11 @@ static srtp_err_status_t srtp_protect_rtcp_aead(
return status;
}
seq_num = srtp_rdb_get_value(&stream->rtcp_rdb);
*trailer |= htonl(seq_num);
trailer |= htonl(seq_num);
debug_print(mod_srtp, "srtcp index: %x", seq_num);
memcpy(trailer_p, &trailer, sizeof(trailer));
/*
* Calculate and set the IV
*/
@ -3642,7 +3600,7 @@ static srtp_err_status_t srtp_protect_rtcp_aead(
/*
* Process the sequence# as AAD
*/
tseq = *trailer;
tseq = trailer;
status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)&tseq,
sizeof(srtcp_trailer_t));
if (status) {
@ -3711,7 +3669,8 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead(
{
srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *trailer; /* pointer to start of trailer */
uint32_t *trailer_p; /* pointer to start of trailer */
uint32_t trailer; /* trailer value */
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
srtp_err_status_t status;
@ -3737,12 +3696,10 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead(
*/
/* This should point trailer to the word past the end of the normal data. */
/* This would need to be modified for optional mikey data */
/*
* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always
* multiples of 32-bits (RFC 3550 6.1)
*/
trailer = (uint32_t *)((char *)hdr + *pkt_octet_len -
sizeof(srtcp_trailer_t) - mki_size);
trailer_p = (uint32_t *)((char *)hdr + *pkt_octet_len -
sizeof(srtcp_trailer_t) - mki_size);
memcpy(&trailer, trailer_p, sizeof(trailer));
/*
* We pass the tag down to the cipher when doing GCM mode
*/
@ -3751,7 +3708,7 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead(
auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len - mki_size -
sizeof(srtcp_trailer_t);
if (*((unsigned char *)trailer) & SRTCP_E_BYTE_BIT) {
if (*((unsigned char *)trailer_p) & SRTCP_E_BYTE_BIT) {
enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
} else {
enc_octet_len = 0;
@ -3762,7 +3719,7 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead(
* check the sequence number for replays
*/
/* this is easier than dealing with bitfield access */
seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK;
seq_num = ntohl(trailer) & SRTCP_INDEX_MASK;
debug_print(mod_srtp, "srtcp index: %x", seq_num);
status = srtp_rdb_check(&stream->rtcp_rdb, seq_num);
if (status) {
@ -3812,7 +3769,7 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead(
/*
* Process the sequence# as AAD
*/
tseq = *trailer;
tseq = trailer;
status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)&tseq,
sizeof(srtcp_trailer_t));
if (status) {
@ -3910,7 +3867,8 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx,
srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */
uint32_t *trailer; /* pointer to start of trailer */
uint32_t *trailer_p; /* pointer to start of trailer */
uint32_t trailer; /* trailer value */
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
srtp_err_status_t status;
@ -3974,6 +3932,9 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx,
session_keys =
srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index);
if (session_keys == NULL)
return srtp_err_status_bad_mki;
/*
* Check if this is an AEAD stream (GCM mode). If so, then dispatch
* the request to our AEAD handler.
@ -4000,19 +3961,15 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx,
* NOTE: hdr->length is not usable - it refers to only the first RTCP report
* in the compound packet!
*/
/*
* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always
* multiples of 32-bits (RFC 3550 6.1)
*/
trailer = (uint32_t *)((char *)enc_start + enc_octet_len);
trailer_p = (uint32_t *)((char *)enc_start + enc_octet_len);
if (stream->rtcp_services & sec_serv_conf) {
*trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */
trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */
} else {
enc_start = NULL;
enc_octet_len = 0;
/* 0 is network-order independant */
*trailer = 0x00000000; /* set encrypt bit */
trailer = 0x00000000; /* set encrypt bit */
}
mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len +
@ -4040,9 +3997,11 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx,
if (status)
return status;
seq_num = srtp_rdb_get_value(&stream->rtcp_rdb);
*trailer |= htonl(seq_num);
trailer |= htonl(seq_num);
debug_print(mod_srtp, "srtcp index: %x", seq_num);
memcpy(trailer_p, &trailer, sizeof(trailer));
/*
* if we're using rindael counter mode, set nonce and seq
*/
@ -4138,7 +4097,8 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx,
srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */
uint32_t *trailer; /* pointer to start of trailer */
uint32_t *trailer_p; /* pointer to start of trailer */
uint32_t trailer; /* trailer value */
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
@ -4256,14 +4216,12 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx,
*/
/* This should point trailer to the word past the end of the normal data. */
/* This would need to be modified for optional mikey data */
/*
* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always
* multiples of 32-bits (RFC 3550 6.1)
*/
trailer = (uint32_t *)((char *)hdr + *pkt_octet_len -
(tag_len + mki_size + sizeof(srtcp_trailer_t)));
trailer_p = (uint32_t *)((char *)hdr + *pkt_octet_len -
(tag_len + mki_size + sizeof(srtcp_trailer_t)));
memcpy(&trailer, trailer_p, sizeof(trailer));
e_bit_in_packet =
(*((unsigned char *)trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT;
(*((unsigned char *)trailer_p) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT;
if (e_bit_in_packet != sec_serv_confidentiality) {
return srtp_err_status_cant_check;
}
@ -4307,7 +4265,7 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx,
* check the sequence number for replays
*/
/* this is easier than dealing with bitfield access */
seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK;
seq_num = ntohl(trailer) & SRTCP_INDEX_MASK;
debug_print(mod_srtp, "srtcp index: %x", seq_num);
status = srtp_rdb_check(&stream->rtcp_rdb, seq_num);
if (status)
@ -4478,7 +4436,7 @@ srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(
case srtp_profile_null_sha1_80:
srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy);
break;
#if defined(OPENSSL)
#ifdef GCM
case srtp_profile_aead_aes_128_gcm:
srtp_crypto_policy_set_aes_gcm_128_16_auth(policy);
break;
@ -4512,7 +4470,7 @@ srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp(
case srtp_profile_null_sha1_80:
srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy);
break;
#if defined(OPENSSL)
#ifdef GCM
case srtp_profile_aead_aes_128_gcm:
srtp_crypto_policy_set_aes_gcm_128_16_auth(policy);
break;
@ -4587,42 +4545,85 @@ unsigned int srtp_profile_get_master_salt_length(srtp_profile_t profile)
}
}
srtp_err_status_t stream_get_protect_trailer_length(srtp_stream_ctx_t *stream,
uint32_t is_rtp,
uint32_t use_mki,
uint32_t mki_index,
uint32_t *length)
{
*length = 0;
srtp_session_keys_t *session_key;
if (use_mki) {
if (mki_index >= stream->num_master_keys) {
return srtp_err_status_bad_mki;
}
session_key = &stream->session_keys[mki_index];
*length += session_key->mki_size;
} else {
session_key = &stream->session_keys[0];
}
if (is_rtp) {
*length += srtp_auth_get_tag_length(session_key->rtp_auth);
} else {
*length += srtp_auth_get_tag_length(session_key->rtcp_auth);
*length += sizeof(srtcp_trailer_t);
}
return srtp_err_status_ok;
}
srtp_err_status_t get_protect_trailer_length(srtp_t session,
uint32_t is_rtp,
uint32_t use_mki,
uint32_t mki_index,
uint32_t *length)
{
srtp_stream_ctx_t *stream;
if (session == NULL) {
return srtp_err_status_bad_param;
}
if (session->stream_template == NULL && session->stream_list == NULL) {
return srtp_err_status_bad_param;
}
*length = 0;
stream = session->stream_template;
if (stream != NULL) {
stream_get_protect_trailer_length(stream, is_rtp, use_mki, mki_index,
length);
}
stream = session->stream_list;
while (stream != NULL) {
uint32_t temp_length;
if (stream_get_protect_trailer_length(stream, is_rtp, use_mki,
mki_index, &temp_length) ==
srtp_err_status_ok) {
if (temp_length > *length) {
*length = temp_length;
}
}
stream = stream->next;
}
return srtp_err_status_ok;
}
srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session,
uint32_t use_mki,
uint32_t mki_index,
uint32_t *length)
{
srtp_stream_ctx_t *stream;
if (session == NULL)
return srtp_err_status_bad_param;
*length = 0;
/* Try obtaining stream from stream_list */
stream = session->stream_list;
if (stream == NULL) {
/* Try obtaining the template stream */
stream = session->stream_template;
}
if (stream == NULL) {
return srtp_err_status_bad_param;
}
if (use_mki) {
if (mki_index > stream->num_master_keys)
return srtp_err_status_bad_mki;
*length += stream->session_keys[mki_index].mki_size;
*length +=
srtp_auth_get_tag_length(stream->session_keys[mki_index].rtp_auth);
} else {
*length += srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth);
}
return srtp_err_status_ok;
return get_protect_trailer_length(session, 1, use_mki, mki_index, length);
}
srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session,
@ -4630,39 +4631,7 @@ srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session,
uint32_t mki_index,
uint32_t *length)
{
srtp_stream_ctx_t *stream;
if (session == NULL)
return srtp_err_status_bad_param;
*length = 0;
/* Try obtaining stream from stream_list */
stream = session->stream_list;
if (stream == NULL) {
/* Try obtaining the template stream */
stream = session->stream_template;
}
if (stream == NULL) {
return srtp_err_status_bad_param;
}
if (use_mki) {
if (mki_index > stream->num_master_keys)
return srtp_err_status_bad_mki;
*length += stream->session_keys[mki_index].mki_size;
*length +=
srtp_auth_get_tag_length(stream->session_keys[mki_index].rtcp_auth);
} else {
*length += srtp_auth_get_tag_length(stream->session_keys[0].rtcp_auth);
}
*length += sizeof(srtcp_trailer_t);
return srtp_err_status_ok;
return get_protect_trailer_length(session, 0, use_mki, mki_index, length);
}
/*

3
netwerk/srtp/src/test/getopt_s.c
View File

@ -58,8 +58,9 @@ static int getopt_check_character(char c, const char *string)
while (*string != 0) {
if (max_string_len == 0) {
return '?';
return GETOPT_NOT_FOUND;
}
max_string_len--;
if (*string++ == c) {
if (*string == ':') {
return GETOPT_FOUND_WITH_ARGUMENT;

3
netwerk/srtp/src/test/rdbx_driver.c
View File

@ -348,6 +348,9 @@ double rdbx_check_adds_per_second(int num_trials, unsigned long ws)
++failures;
}
timer = clock() - timer;
if (timer < 1) {
timer = 1;
}
printf("number of failures: %d \n", failures);

2
netwerk/srtp/src/test/roc_driver.c
View File

@ -97,7 +97,7 @@ srtp_err_status_t roc_test(int num_trials)
printf("\n\ttesting sequential insertion...");
for (i = 0; i < 2048; i++) {
delta = srtp_index_guess(&local, &est, (uint16_t)ref);
srtp_index_guess(&local, &est, (uint16_t)ref);
#if ROC_VERBOSE
printf("%lld, %lld, %d\n", ref, est, i);
#endif

7
netwerk/srtp/src/test/rtpw.c
View File

@ -317,6 +317,7 @@ int main(int argc, char *argv[])
exit(1);
}
memset(&name, 0, sizeof(struct sockaddr_in));
name.sin_addr = rcvr_addr;
name.sin_family = PF_INET;
name.sin_port = htons(port);
@ -364,7 +365,7 @@ int main(int argc, char *argv[])
switch (sec_servs) {
case sec_serv_conf_and_auth:
if (gcm_on) {
#ifdef OPENSSL
#ifdef GCM
switch (key_size) {
case 128:
srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
@ -377,7 +378,7 @@ int main(int argc, char *argv[])
}
#else
printf("error: GCM mode only supported when using the OpenSSL "
"crypto engine.\n");
"or NSS crypto engine.\n");
return 0;
#endif
} else {
@ -413,7 +414,7 @@ int main(int argc, char *argv[])
break;
case sec_serv_auth:
if (gcm_on) {
#ifdef OPENSSL
#ifdef GCM
switch (key_size) {
case 128:
srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);

7
netwerk/srtp/src/test/rtpw_test.sh
View File

@ -41,8 +41,13 @@ case $(uname -s) in
*CYGWIN*|*MINGW*)
EXE=".exe"
;;
*)
*Linux*)
EXE=""
export LD_LIBRARY_PATH=$CRYPTO_LIBDIR
;;
*Darwin*)
EXE=""
export DYLD_LIBRARY_PATH=$CRYPTO_LIBDIR
;;
esac

7
netwerk/srtp/src/test/rtpw_test_gcm.sh
View File

@ -41,8 +41,13 @@ case $(uname -s) in
*CYGWIN*|*MINGW*)
EXE=".exe"
;;
*)
*Linux*)
EXE=""
export LD_LIBRARY_PATH=$CRYPTO_LIBDIR
;;
*Darwin*)
EXE=""
export DYLD_LIBRARY_PATH=$CRYPTO_LIBDIR
;;
esac

58
netwerk/srtp/src/test/srtp_driver.c
View File

@ -61,13 +61,13 @@
srtp_err_status_t srtp_validate(void);
#ifdef OPENSSL
#ifdef GCM
srtp_err_status_t srtp_validate_gcm(void);
#endif
srtp_err_status_t srtp_validate_encrypted_extensions_headers(void);
#ifdef OPENSSL
#ifdef GCM
srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void);
#endif
@ -79,7 +79,7 @@ srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list);
srtp_err_status_t srtp_test_empty_payload(void);
#ifdef OPENSSL
#ifdef GCM
srtp_err_status_t srtp_test_empty_payload_gcm(void);
#endif
@ -422,7 +422,7 @@ int main(int argc, char *argv[])
exit(1);
}
#ifdef OPENSSL
#ifdef GCM
printf("testing srtp_protect and srtp_unprotect against "
"reference packet using GCM\n");
if (srtp_validate_gcm() == srtp_err_status_ok) {
@ -442,7 +442,7 @@ int main(int argc, char *argv[])
exit(1);
}
#ifdef OPENSSL
#ifdef GCM
printf("testing srtp_protect and srtp_unprotect against "
"reference packet with encrypted extension headers (GCM)\n");
if (srtp_validate_encrypted_extensions_headers_gcm() ==
@ -478,7 +478,7 @@ int main(int argc, char *argv[])
printf("failed\n");
exit(1);
}
#ifdef OPENSSL
#ifdef GCM
printf("testing srtp_protect and srtp_unprotect against "
"packet with empty payload (GCM)\n");
if (srtp_test_empty_payload_gcm() == srtp_err_status_ok) {
@ -1077,8 +1077,8 @@ srtp_err_status_t srtp_test(const srtp_policy_t *policy,
* data following the packet is different, then we know that the
* protect function is overwriting the end of the packet.
*/
srtp_get_protect_trailer_length(srtp_sender, use_mki, mki_index,
&tag_length);
err_check(srtp_get_protect_trailer_length(srtp_sender, use_mki, mki_index,
&tag_length));
pkt_end = (uint8_t *)hdr + msg_len + tag_length;
for (i = 0; i < 4; i++) {
if (pkt_end[i] != 0xff) {
@ -1341,6 +1341,8 @@ srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index)
*/
rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t));
if (rcvr_policy == NULL) {
free(hdr);
free(hdr2);
return srtp_err_status_alloc_fail;
}
memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
@ -1606,6 +1608,9 @@ double mips_estimate(int num_trials, int *ignore)
sum += i;
}
t = clock() - t;
if (t < 1) {
t = 1;
}
/* printf("%d\n", sum); */
*ignore = sum;
@ -1772,7 +1777,7 @@ srtp_err_status_t srtp_validate()
return srtp_err_status_ok;
}
#ifdef OPENSSL
#ifdef GCM
/*
* srtp_validate_gcm() verifies the correctness of libsrtp by comparing
* an computed packet against the known ciphertext for the plaintext.
@ -2063,7 +2068,7 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers()
return srtp_err_status_ok;
}
#ifdef OPENSSL
#ifdef GCM
/*
* Headers of test vectors taken from RFC 6904, Appendix A
@ -2424,7 +2429,7 @@ srtp_err_status_t srtp_test_empty_payload()
return srtp_err_status_ok;
}
#ifdef OPENSSL
#ifdef GCM
srtp_err_status_t srtp_test_empty_payload_gcm()
{
srtp_t srtp_snd, srtp_recv;
@ -2499,7 +2504,7 @@ srtp_err_status_t srtp_test_empty_payload_gcm()
return srtp_err_status_ok;
}
#endif // OPENSSL
#endif // GCM
srtp_err_status_t srtp_test_remove_stream()
{
@ -2783,10 +2788,10 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams(
srtp_policy_t policy;
srtp_policy_t policy_mki;
#ifdef OPENSSL
#ifdef GCM
srtp_policy_t policy_aes_gcm;
srtp_policy_t policy_aes_gcm_mki;
#endif // OPENSSL
#endif // GCM
memset(&policy, 0, sizeof(policy));
srtp_crypto_policy_set_rtp_default(&policy.rtp);
@ -2810,7 +2815,7 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams(
policy_mki.keys = test_keys;
policy_mki.num_master_keys = 2;
#ifdef OPENSSL
#ifdef GCM
memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm));
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp);
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp);
@ -2832,7 +2837,7 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams(
policy_aes_gcm_mki.key = NULL;
policy_aes_gcm_mki.keys = test_keys;
policy_aes_gcm_mki.num_master_keys = 2;
#endif
#endif // GCM
/* create a send ctx with defualt profile and test_key */
status = srtp_create(srtp_send, &policy);
@ -2843,7 +2848,7 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams(
if (status)
return status;
#ifdef OPENSSL
#ifdef GCM
status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm);
if (status)
return status;
@ -2851,7 +2856,7 @@ srtp_err_status_t srtp_test_setup_protect_trailer_streams(
status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki);
if (status)
return status;
#endif // OPENSSL
#endif // GCM
return srtp_err_status_ok;
}
@ -2884,7 +2889,7 @@ srtp_err_status_t srtp_test_protect_trailer_length()
if (length != 14)
return srtp_err_status_fail;
#ifdef OPENSSL
#ifdef GCM
status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
if (status)
return status;
@ -2901,11 +2906,11 @@ srtp_err_status_t srtp_test_protect_trailer_length()
/* TAG Length: 16 bytes + MKI length: 4 bytes*/
if (length != 20)
return srtp_err_status_fail;
#endif // OPENSSL
#endif // GCM
srtp_dealloc(srtp_send);
srtp_dealloc(srtp_send_mki);
#ifdef OPENSSL
#ifdef GCM
srtp_dealloc(srtp_send_aes_gcm);
srtp_dealloc(srtp_send_aes_gcm_mki);
#endif
@ -2941,7 +2946,7 @@ srtp_err_status_t srtp_test_protect_rtcp_trailer_length()
if (length != 18)
return srtp_err_status_fail;
#ifdef OPENSSL
#ifdef GCM
status =
srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
if (status)
@ -2959,11 +2964,11 @@ srtp_err_status_t srtp_test_protect_rtcp_trailer_length()
/* TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
if (length != 24)
return srtp_err_status_fail;
#endif // OPENSSL
#endif // GCM
srtp_dealloc(srtp_send);
srtp_dealloc(srtp_send_mki);
#ifdef OPENSSL
#ifdef GCM
srtp_dealloc(srtp_send_aes_gcm);
srtp_dealloc(srtp_send_aes_gcm_mki);
#endif
@ -3088,6 +3093,7 @@ static srtp_err_status_t test_set_receiver_roc(uint32_t packets,
if (status) {
return status;
}
seq++;
ts++;
}
@ -3500,7 +3506,7 @@ const srtp_policy_t hmac_only_policy = {
NULL
};
#ifdef OPENSSL
#ifdef GCM
const srtp_policy_t aes128_gcm_8_policy = {
{ ssrc_any_outbound, 0 }, /* SSRC */
{
@ -3786,7 +3792,7 @@ const srtp_policy_t *policy_array[] = {
&hmac_only_policy,
&aes_only_policy,
&default_policy,
#ifdef OPENSSL
#ifdef GCM
&aes128_gcm_8_policy,
&aes128_gcm_8_cauth_policy,
&aes256_gcm_8_policy,

5
netwerk/srtp/src/test/util.c
View File

@ -47,7 +47,8 @@
#include <string.h>
#include <stdint.h>
char bit_string[MAX_PRINT_STRING_LEN];
/* include space for null terminator */
char bit_string[MAX_PRINT_STRING_LEN + 1];
static inline int hex_char_to_nibble(uint8_t c)
{
@ -151,7 +152,7 @@ char *octet_string_hex_string(const void *s, int length)
/* truncate string if it would be too long */
if (length > MAX_PRINT_STRING_LEN) {
length = MAX_PRINT_STRING_LEN - 1;
length = MAX_PRINT_STRING_LEN;
}
for (i = 0; i < length; i += 2) {

1
netwerk/srtp/srtp_update.log
View File

@ -1,2 +1,3 @@
srtp updated from CVS on Fri Sep 21 14:51:37 EDT 2012
srtp updated to revision 8f38517394a45678cd4468febf69f75722f35d00 from git on Wed Nov 22 14:15:32 PST 2017
srtp updated to revision bb0412ee84ebe3d2916b45b19de72fabb183d9db from git on Tue Sep 11 21:51:05 PDT 2018