diff options
| author | Pascal Bühler <pabuhler@cisco.com> | 2017-03-07 09:18:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-03-07 09:18:12 +0100 |
| commit | b6c8434e769e58699f05cf25b5c2290d347eb4e0 (patch) | |
| tree | 56d46cbadabaa215a4269b0c5163a4f21cd324a0 /srtp | |
| parent | f34bedbe5e95542ae02d8315bac76a62a9ddef13 (diff) | |
| parent | d335bd88b147cf0fdf956bd21a55d3c7c9d974d7 (diff) | |
| download | libsrtp2-b6c8434e769e58699f05cf25b5c2290d347eb4e0.tar.gz | |
Merge pull request #253 from pabuhler/cipher-type-cleanup-for-aes
Cipher type cleanup for aes
Diffstat (limited to 'srtp')
| -rw-r--r-- | srtp/srtp.c | 166 |
1 files changed, 117 insertions, 49 deletions
diff --git a/srtp/srtp.c b/srtp/srtp.c index c3f309d..608d9a0 100644 --- a/srtp/srtp.c +++ b/srtp/srtp.c @@ -311,12 +311,12 @@ srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, /* For GCM ciphers, the corresponding ICM cipher is used for header extensions encryption. */ switch (p->rtp.cipher_type) { - case SRTP_AES_128_GCM: - enc_xtn_hdr_cipher_type = SRTP_AES_128_ICM; + case SRTP_AES_GCM_128: + enc_xtn_hdr_cipher_type = SRTP_AES_ICM_128; enc_xtn_hdr_cipher_key_len = 30; break; - case SRTP_AES_256_GCM: - enc_xtn_hdr_cipher_type = SRTP_AES_256_ICM; + case SRTP_AES_GCM_256: + enc_xtn_hdr_cipher_type = SRTP_AES_ICM_256; enc_xtn_hdr_cipher_key_len = 46; break; default: @@ -693,10 +693,26 @@ typedef struct { srtp_cipher_t *cipher; /* cipher used for key derivation */ } srtp_kdf_t; -static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, srtp_cipher_type_id_t cipher_id, const uint8_t *key, int length) +static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int key_len) { + srtp_cipher_type_id_t cipher_id; + switch (key_len) { + case 46: + cipher_id = SRTP_AES_ICM_256; + break; + case 38: + cipher_id = SRTP_AES_ICM_192; + break; + case 30: + cipher_id = SRTP_AES_ICM_128; + break; + default: + return srtp_err_status_bad_param; + break; + } + srtp_err_status_t stat; - stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, length, 0); + stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, key_len, 0); if (stat) return stat; stat = srtp_cipher_init(kdf->cipher, key); @@ -748,17 +764,17 @@ static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { static inline int base_key_length(const srtp_cipher_type_t *cipher, int key_length) { switch (cipher->id) { - case SRTP_AES_128_ICM: - case SRTP_AES_192_ICM: - case SRTP_AES_256_ICM: + case SRTP_AES_ICM_128: + case SRTP_AES_ICM_192: + case SRTP_AES_ICM_256: /* The legacy modes are derived from * the configured key length on the policy */ return key_length - 14; break; - case SRTP_AES_128_GCM: + case SRTP_AES_GCM_128: return 16; break; - case SRTP_AES_256_GCM: + case SRTP_AES_GCM_256: return 32; break; default: @@ -925,7 +941,7 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, srtp_master_key_t *master_key, #if defined(OPENSSL) && defined(OPENSSL_KDF) stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, rtp_base_key_len, rtp_salt_len); #else - stat = srtp_kdf_init(&kdf, SRTP_AES_ICM, (const uint8_t *)tmp_key, kdf_keylen); + stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, kdf_keylen); #endif if (stat) { return srtp_err_status_init_fail; @@ -996,7 +1012,7 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, srtp_master_key_t *master_key, #if defined(OPENSSL) && defined(OPENSSL_KDF) stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); #else - stat = srtp_kdf_init(xtn_hdr_kdf, SRTP_AES_ICM, (const uint8_t *)tmp_xtn_hdr_key, kdf_keylen); + stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, kdf_keylen); #endif octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN); if (stat) { @@ -1481,8 +1497,8 @@ srtp_get_session_keys(srtp_stream_ctx_t *stream, uint8_t* hdr, unsigned int i = 0; // Determine the authentication tag size - if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_128_GCM || - stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_256_GCM) { + if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 || + stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) { tag_len = 0; } else { tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth); @@ -1948,8 +1964,8 @@ srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len, * Check if this is an AEAD stream (GCM mode). If so, then dispatch * the request to our AEAD handler. */ - if (session_keys->rtp_cipher->algorithm == SRTP_AES_128_GCM || - session_keys->rtp_cipher->algorithm == SRTP_AES_256_GCM) { + if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || + session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { return srtp_protect_aead(ctx, stream, rtp_hdr, (unsigned int*)pkt_octet_len, session_keys, use_mki); @@ -2039,8 +2055,9 @@ srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len, /* * if we're using rindael counter mode, set nonce and seq */ - if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM || - session_keys->rtp_cipher->type->id == SRTP_AES_256_ICM) { + if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 || + session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 || + session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) { v128_t iv; iv.v32[0] = 0; @@ -2262,8 +2279,8 @@ srtp_unprotect_mki(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len, * Check if this is an AEAD stream (GCM mode). If so, then dispatch * the request to our AEAD handler. */ - if (session_keys->rtp_cipher->algorithm == SRTP_AES_128_GCM || - session_keys->rtp_cipher->algorithm == SRTP_AES_256_GCM) { + if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || + session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, (unsigned int*)pkt_octet_len, session_keys, mki_size); @@ -2276,9 +2293,9 @@ srtp_unprotect_mki(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len, * set the cipher's IV properly, depending on whatever cipher we * happen to be using */ - if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM || - session_keys->rtp_cipher->type->id == SRTP_AES_256_ICM) { - + if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 || + session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 || + session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) { /* aes counter mode */ iv.v32[0] = 0; iv.v32[1] = hdr->ssrc; /* still in network order */ @@ -2941,7 +2958,7 @@ srtp_update_stream(srtp_t session, const srtp_policy_t *policy) { void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p) { - p->cipher_type = SRTP_AES_ICM; + p->cipher_type = SRTP_AES_ICM_128; p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */ p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ @@ -2953,7 +2970,7 @@ srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p) { void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p) { - p->cipher_type = SRTP_AES_ICM; + p->cipher_type = SRTP_AES_ICM_128; p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */ p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ @@ -2971,7 +2988,7 @@ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p) { * note that this crypto policy is intended for SRTP, but not SRTCP */ - p->cipher_type = SRTP_AES_ICM; + p->cipher_type = SRTP_AES_ICM_128; p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */ p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* 160 bit key */ @@ -2990,7 +3007,7 @@ srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p) { * note that this crypto policy is intended for SRTP, but not SRTCP */ - p->cipher_type = SRTP_AES_ICM; + p->cipher_type = SRTP_AES_ICM_128; p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */ p->auth_type = SRTP_NULL_AUTH; p->auth_key_len = 0; @@ -3040,7 +3057,7 @@ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p) { * corresponds to draft-ietf-avt-big-aes-03.txt */ - p->cipher_type = SRTP_AES_ICM; + p->cipher_type = SRTP_AES_ICM_256; p->cipher_key_len = 46; p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ @@ -3058,7 +3075,7 @@ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p) { * note that this crypto policy is intended for SRTP, but not SRTCP */ - p->cipher_type = SRTP_AES_ICM; + p->cipher_type = SRTP_AES_ICM_256; p->cipher_key_len = 46; p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ @@ -3072,7 +3089,7 @@ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p) { void srtp_crypto_policy_set_aes_cm_256_null_auth (srtp_crypto_policy_t *p) { - p->cipher_type = SRTP_AES_ICM; + p->cipher_type = SRTP_AES_ICM_256; p->cipher_key_len = 46; p->auth_type = SRTP_NULL_AUTH; p->auth_key_len = 0; @@ -3081,13 +3098,60 @@ srtp_crypto_policy_set_aes_cm_256_null_auth (srtp_crypto_policy_t *p) } #ifdef OPENSSL +void +srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p) { + + /* + * corresponds to draft-ietf-avt-big-aes-03.txt + */ + + p->cipher_type = SRTP_AES_ICM_192; + p->cipher_key_len = 38; + p->auth_type = SRTP_HMAC_SHA1; + p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ + p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ + p->sec_serv = sec_serv_conf_and_auth; +} + + +void +srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p) { + + /* + * corresponds to draft-ietf-avt-big-aes-03.txt + * + * note that this crypto policy is intended for SRTP, but not SRTCP + */ + + p->cipher_type = SRTP_AES_ICM_192; + p->cipher_key_len = 38; + p->auth_type = SRTP_HMAC_SHA1; + p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ + p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ + p->sec_serv = sec_serv_conf_and_auth; +} + +/* + * AES-192 with no authentication. + */ +void +srtp_crypto_policy_set_aes_cm_192_null_auth (srtp_crypto_policy_t *p) +{ + p->cipher_type = SRTP_AES_ICM_192; + p->cipher_key_len = 38; + p->auth_type = SRTP_NULL_AUTH; + p->auth_key_len = 0; + p->auth_tag_len = 0; + p->sec_serv = sec_serv_conf; +} + /* * AES-128 GCM mode with 8 octet auth tag. */ void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p) { - p->cipher_type = SRTP_AES_128_GCM; - p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT; + p->cipher_type = SRTP_AES_GCM_128; + p->cipher_key_len = SRTP_AES_GCM_128_KEYSIZE_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 8; /* 8 octet tag length */ @@ -3099,8 +3163,8 @@ srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p) { */ void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p) { - p->cipher_type = SRTP_AES_256_GCM; - p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT; + p->cipher_type = SRTP_AES_GCM_256; + p->cipher_key_len = SRTP_AES_GCM_256_KEYSIZE_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 8; /* 8 octet tag length */ @@ -3112,8 +3176,8 @@ srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p) { */ void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p) { - p->cipher_type = SRTP_AES_128_GCM; - p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT; + p->cipher_type = SRTP_AES_GCM_128; + p->cipher_key_len = SRTP_AES_GCM_128_KEYSIZE_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 8; /* 8 octet tag length */ @@ -3125,8 +3189,8 @@ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p) { */ void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p) { - p->cipher_type = SRTP_AES_256_GCM; - p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT; + p->cipher_type = SRTP_AES_GCM_256; + p->cipher_key_len = SRTP_AES_GCM_256_KEYSIZE_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 8; /* 8 octet tag length */ @@ -3138,8 +3202,8 @@ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p) { */ void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p) { - p->cipher_type = SRTP_AES_128_GCM; - p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT; + p->cipher_type = SRTP_AES_GCM_128; + p->cipher_key_len = SRTP_AES_GCM_128_KEYSIZE_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 16; /* 16 octet tag length */ @@ -3151,8 +3215,8 @@ srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p) { */ void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) { - p->cipher_type = SRTP_AES_256_GCM; - p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT; + p->cipher_type = SRTP_AES_GCM_256; + p->cipher_key_len = SRTP_AES_GCM_256_KEYSIZE_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 16; /* 16 octet tag length */ @@ -3644,8 +3708,8 @@ srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len, * Check if this is an AEAD stream (GCM mode). If so, then dispatch * the request to our AEAD handler. */ - if (session_keys->rtp_cipher->algorithm == SRTP_AES_128_GCM || - session_keys->rtp_cipher->algorithm == SRTP_AES_256_GCM) { + if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || + session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, (unsigned int*)pkt_octet_len, session_keys, use_mki); @@ -3706,7 +3770,9 @@ srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len, /* * if we're using rindael counter mode, set nonce and seq */ - if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM) { + if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 || + session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 || + session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) { v128_t iv; iv.v32[0] = 0; @@ -3883,8 +3949,8 @@ srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len, * Check if this is an AEAD stream (GCM mode). If so, then dispatch * the request to our AEAD handler. */ - if (session_keys->rtp_cipher->algorithm == SRTP_AES_128_GCM || - session_keys->rtp_cipher->algorithm == SRTP_AES_256_GCM) { + if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || + session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, (unsigned int*)pkt_octet_len, session_keys, mki_size); @@ -3963,7 +4029,9 @@ srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len, /* * if we're using aes counter mode, set nonce and seq */ - if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM) { + if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 || + session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 || + session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) { v128_t iv; iv.v32[0] = 0; |