Age | Commit message (Collapse) | Author |
|
Add remaining symbols to def file.
Add srtp prefix to all exported symbols.
Add shared build in travis.
|
|
So it also compiles in Visual Studio 2012 which uses C89.
|
|
|
|
|
|
|
|
|
|
|
|
All comments states that the trailer pointer should be 4-byte aligned
because 'packets' are always multiples of 32-bits.
But the address calculation for the trailer pointer includes tag length,
and tag length may not be a multiple of 4. See the
'srtp_crypto_policy_set*()' functions, where some have a tag length of 10
for instance.
Given the following trailer calculation:
trailer_p = (uint32_t *)((char *)hdr + *pkt_octet_len -
(tag_len + mki_size + sizeof(srtcp_trailer_t)));
and the following assumptions:
- hdr is correctly aligned
- mki_size = 0
- sizeof(srtcp_trailer_t) = 4
- tag_len = 10
Then the only variable in the offset calculation is pkg_octet_len, from
which we subtract 14 (which is not a multiple of 4).
Given pkg_octet_len = 46, the offset will be 32, which is aligned.
Given pkg_octet_len = 32, the offset will be 18, which is unaligned.
So even for tag lengths that aren't a multiple of 4, it will end up being
aligned some times, but not all the time.
What effect unaligned memory access has is architecture depended. Crashes,
huge performance penalties in the form of traps and fix-ups, or a almost
negligible CPU cache line miss. From a programming perspective, it's
undefined behaviour.
This fixes it by changing trailer access to use a intermediate variable
via 'memcpy()' instead of using the pointer directly.
|
|
|
|
The condition mki_start_location >= *mki_size in
srtp_get_session_keys() should use base_mki_start_location.
Now the condition is false for packets < 2*mki_size + tag_len.
But as of commit d4bd43c the correct condition is now checked
earlier so we simply remove the expression altogether.
|
|
Memory access fixes
|
|
If the mki index is not valid then a NULL session
key should be returned not just defaulting to first.
This allows the protect functions to return
with error bad mki.
|
|
The srtp_get_protect_trailer_length needs to ensure
that the returned value is large enough for any of
the streams in the session.
When a session is initialized with multiple polices
it is possible to have different tag lengths for each
policy. This function provides no way to specify which
policy to use, so for now loop over all and find largest.
The current function now has limited use so suggest to make
two functions, one that takes ssrc or packet header so
correct stream can be used, second function that takes a
policy.
# Conflicts:
# srtp/srtp.c
|
|
The session_keys array is not shared with the
template so if it was allocated just free it.
|
|
The template may not have been used for the deallocated
stream, therefore the size of the session_keys array
could be different.
Should maybe contain a pointer to template from stream
so it is explicitly known that it was used.
|
|
logic in srtp_stream_free was not correct and could result
in memory access errors, srtp_stream_dealloc can safely be used
instead and is "more" correct.
|
|
Issue:
In srtp_get_session_keys(), when packet size (*pkt_octet_len) is
greater than auth tag length but smaller than (auth tag length + MKI
size), mki_start_location would take on incredible huge values,
leading to memory access issue when calling memcmp() on iOS platform.
Fix:
Add additional sanity check before calculating mki_start_location.
|
|
mki_index is a zero based index in the sesssion_keys
array which has a max length of num_master_keys.
Reported by Guido Vranken <guidovranken@gmail.com>
|
|
session_keys may not have been allocated yet.
reported by Guido Vranken <guidovranken@gmail.com>
|
|
|
|
|
|
|
|
Proactively prevent accessing uninitialized memory.
Majority of calls to srtp_crypto_alloc had a corresponding
call to memset.
|
|
These are the remain files that require format changes as detected
by the format.sh.
|
|
srtp_stream_ctx_t is a complex struct, so once it has been
been allocated with srtp_crypto_alloc and at least partially
initialized it should always be freed with srtp_stream_free.
For this to work the struct needs to be initialized to 0.
Found in coverity.
|
|
If stream_template was already initialized then function
would fail but not clean up.
Found through coverity.
|
|
Also tweaked comments that looked a bit odd after the formatting.
|
|
The warning is incorrect in this case, but just to make it happy.
|
|
The ROC and the sequence number to set must be calculated
before the estimated index is used otherwise the packets
following the first one can't be decoded/authenticated
Change-Id: Ib2950b37771d39607fdead33d32245fa08fb0ab1
|
|
srtp.h was included in srtp.c before config.h was included. As a result
of this the WORDS_BIGENDIAN define was not set, and srtp_hdr_t would be
defined as per little endian implementation in srtp.c
This is a fix for issue 229 for big endian machines.
|
|
Added support for set and get the roll-over-counter
|
|
|
|
|
|
|
|
|
|
Not sure why it was not const, but it makes calling it a pain.
|
|
After some discussions we decided to use the implementation
in the 2_0_0_ekt_dev branch as a starting point
|
|
|
|
|
|
|
|
The salt of the GCM cipher is shorter than the salt required for the ICM cipher
which is used for the encrypted headers.
|
|
Reference and docs updates
|
|
test_srtp.c had incorrect year (copy paste), updated to current year.
|
|
Addressing review comments. The name of the RFC does not supply any
additional information and at the same time mentions AES-192 which could
spread confusion.
|
|
|
|
|
|
mandatory-to-impl. optional default
encryption AES-CM, NULL AES-f8 AES-CM
message integrity HMAC-SHA1 - HMAC-SHA1
key derivation (PRF) AES-CM - AES-CM
Table 1: Mandatory-to-implement, optional and default transforms in
SRTP and SRTCP.
|
|
"For the AEAD_AES_128_GCM algorithm, this keystream MUST be generated in
the manner defined in [RFC6904], using the AES Counter Mode (AES-CM)
transform. For the AEAD_AES_256_GCM algorithm, the keystream MUST be
generated in the manner defined for the AES_256_CM transform. The
originator must perform any required header extension encryption before
the AEAD algorithm is invoked."
|
|
Srtp aead srtcp iv regression tests
|
|
These numbers are well defines and reused in numerous places, safer to
define just once.
|