|
|
|
|
@ -28,7 +28,9 @@ static int hmac_sha1_rtp(struct crypto_context *, char *out, str *in, u_int64_t)
|
|
|
|
|
static int hmac_sha1_rtcp(struct crypto_context *, char *out, str *in);
|
|
|
|
|
static int aes_f8_encrypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s, u_int64_t idx);
|
|
|
|
|
static int aes_f8_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, u_int64_t idx);
|
|
|
|
|
static int aes_cm_session_key_init(struct crypto_context *c);
|
|
|
|
|
static int aes_cm_session_key_init_128(struct crypto_context *c);
|
|
|
|
|
static int aes_cm_session_key_init_192(struct crypto_context *c);
|
|
|
|
|
static int aes_cm_session_key_init_256(struct crypto_context *c);
|
|
|
|
|
static int aes_f8_session_key_init(struct crypto_context *c);
|
|
|
|
|
static int evp_session_key_cleanup(struct crypto_context *c);
|
|
|
|
|
static int null_crypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s, u_int64_t idx);
|
|
|
|
|
@ -45,7 +47,7 @@ const struct crypto_suite crypto_suites[] = {
|
|
|
|
|
.session_salt_len = 14,
|
|
|
|
|
.srtp_lifetime = 1ULL << 48,
|
|
|
|
|
.srtcp_lifetime = 1ULL << 31,
|
|
|
|
|
.kernel_cipher = REC_AES_CM,
|
|
|
|
|
.kernel_cipher = REC_AES_CM_128,
|
|
|
|
|
.kernel_hmac = REH_HMAC_SHA1,
|
|
|
|
|
.srtp_auth_tag = 10,
|
|
|
|
|
.srtcp_auth_tag = 10,
|
|
|
|
|
@ -57,7 +59,7 @@ const struct crypto_suite crypto_suites[] = {
|
|
|
|
|
.decrypt_rtcp = aes_cm_encrypt_rtcp,
|
|
|
|
|
.hash_rtp = hmac_sha1_rtp,
|
|
|
|
|
.hash_rtcp = hmac_sha1_rtcp,
|
|
|
|
|
.session_key_init = aes_cm_session_key_init,
|
|
|
|
|
.session_key_init = aes_cm_session_key_init_128,
|
|
|
|
|
.session_key_cleanup = evp_session_key_cleanup,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
@ -69,7 +71,7 @@ const struct crypto_suite crypto_suites[] = {
|
|
|
|
|
.session_salt_len = 14,
|
|
|
|
|
.srtp_lifetime = 1ULL << 48,
|
|
|
|
|
.srtcp_lifetime = 1ULL << 31,
|
|
|
|
|
.kernel_cipher = REC_AES_CM,
|
|
|
|
|
.kernel_cipher = REC_AES_CM_128,
|
|
|
|
|
.kernel_hmac = REH_HMAC_SHA1,
|
|
|
|
|
.srtp_auth_tag = 4,
|
|
|
|
|
.srtcp_auth_tag = 10,
|
|
|
|
|
@ -81,7 +83,103 @@ const struct crypto_suite crypto_suites[] = {
|
|
|
|
|
.decrypt_rtcp = aes_cm_encrypt_rtcp,
|
|
|
|
|
.hash_rtp = hmac_sha1_rtp,
|
|
|
|
|
.hash_rtcp = hmac_sha1_rtcp,
|
|
|
|
|
.session_key_init = aes_cm_session_key_init,
|
|
|
|
|
.session_key_init = aes_cm_session_key_init_128,
|
|
|
|
|
.session_key_cleanup = evp_session_key_cleanup,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
.name = "AES_CM_192_HMAC_SHA1_80",
|
|
|
|
|
//.dtls_name = "SRTP_AES128_CM_SHA1_80",
|
|
|
|
|
.master_key_len = 24,
|
|
|
|
|
.master_salt_len = 14,
|
|
|
|
|
.session_key_len = 24,
|
|
|
|
|
.session_salt_len = 14,
|
|
|
|
|
.srtp_lifetime = 1ULL << 48,
|
|
|
|
|
.srtcp_lifetime = 1ULL << 31,
|
|
|
|
|
.kernel_cipher = REC_AES_CM_192,
|
|
|
|
|
.kernel_hmac = REH_HMAC_SHA1,
|
|
|
|
|
.srtp_auth_tag = 10,
|
|
|
|
|
.srtcp_auth_tag = 10,
|
|
|
|
|
.srtp_auth_key_len = 20,
|
|
|
|
|
.srtcp_auth_key_len = 20,
|
|
|
|
|
.encrypt_rtp = aes_cm_encrypt_rtp,
|
|
|
|
|
.decrypt_rtp = aes_cm_encrypt_rtp,
|
|
|
|
|
.encrypt_rtcp = aes_cm_encrypt_rtcp,
|
|
|
|
|
.decrypt_rtcp = aes_cm_encrypt_rtcp,
|
|
|
|
|
.hash_rtp = hmac_sha1_rtp,
|
|
|
|
|
.hash_rtcp = hmac_sha1_rtcp,
|
|
|
|
|
.session_key_init = aes_cm_session_key_init_192,
|
|
|
|
|
.session_key_cleanup = evp_session_key_cleanup,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
.name = "AES_CM_192_HMAC_SHA1_32",
|
|
|
|
|
//.dtls_name = "SRTP_AES128_CM_SHA1_32",
|
|
|
|
|
.master_key_len = 24,
|
|
|
|
|
.master_salt_len = 14,
|
|
|
|
|
.session_key_len = 24,
|
|
|
|
|
.session_salt_len = 14,
|
|
|
|
|
.srtp_lifetime = 1ULL << 48,
|
|
|
|
|
.srtcp_lifetime = 1ULL << 31,
|
|
|
|
|
.kernel_cipher = REC_AES_CM_192,
|
|
|
|
|
.kernel_hmac = REH_HMAC_SHA1,
|
|
|
|
|
.srtp_auth_tag = 4,
|
|
|
|
|
.srtcp_auth_tag = 10,
|
|
|
|
|
.srtp_auth_key_len = 20,
|
|
|
|
|
.srtcp_auth_key_len = 20,
|
|
|
|
|
.encrypt_rtp = aes_cm_encrypt_rtp,
|
|
|
|
|
.decrypt_rtp = aes_cm_encrypt_rtp,
|
|
|
|
|
.encrypt_rtcp = aes_cm_encrypt_rtcp,
|
|
|
|
|
.decrypt_rtcp = aes_cm_encrypt_rtcp,
|
|
|
|
|
.hash_rtp = hmac_sha1_rtp,
|
|
|
|
|
.hash_rtcp = hmac_sha1_rtcp,
|
|
|
|
|
.session_key_init = aes_cm_session_key_init_192,
|
|
|
|
|
.session_key_cleanup = evp_session_key_cleanup,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
.name = "AES_CM_256_HMAC_SHA1_80",
|
|
|
|
|
//.dtls_name = "SRTP_AES128_CM_SHA1_80",
|
|
|
|
|
.master_key_len = 32,
|
|
|
|
|
.master_salt_len = 14,
|
|
|
|
|
.session_key_len = 32,
|
|
|
|
|
.session_salt_len = 14,
|
|
|
|
|
.srtp_lifetime = 1ULL << 48,
|
|
|
|
|
.srtcp_lifetime = 1ULL << 31,
|
|
|
|
|
.kernel_cipher = REC_AES_CM_256,
|
|
|
|
|
.kernel_hmac = REH_HMAC_SHA1,
|
|
|
|
|
.srtp_auth_tag = 10,
|
|
|
|
|
.srtcp_auth_tag = 10,
|
|
|
|
|
.srtp_auth_key_len = 20,
|
|
|
|
|
.srtcp_auth_key_len = 20,
|
|
|
|
|
.encrypt_rtp = aes_cm_encrypt_rtp,
|
|
|
|
|
.decrypt_rtp = aes_cm_encrypt_rtp,
|
|
|
|
|
.encrypt_rtcp = aes_cm_encrypt_rtcp,
|
|
|
|
|
.decrypt_rtcp = aes_cm_encrypt_rtcp,
|
|
|
|
|
.hash_rtp = hmac_sha1_rtp,
|
|
|
|
|
.hash_rtcp = hmac_sha1_rtcp,
|
|
|
|
|
.session_key_init = aes_cm_session_key_init_256,
|
|
|
|
|
.session_key_cleanup = evp_session_key_cleanup,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
.name = "AES_CM_256_HMAC_SHA1_32",
|
|
|
|
|
//.dtls_name = "SRTP_AES128_CM_SHA1_32",
|
|
|
|
|
.master_key_len = 32,
|
|
|
|
|
.master_salt_len = 14,
|
|
|
|
|
.session_key_len = 32,
|
|
|
|
|
.session_salt_len = 14,
|
|
|
|
|
.srtp_lifetime = 1ULL << 48,
|
|
|
|
|
.srtcp_lifetime = 1ULL << 31,
|
|
|
|
|
.kernel_cipher = REC_AES_CM_256,
|
|
|
|
|
.kernel_hmac = REH_HMAC_SHA1,
|
|
|
|
|
.srtp_auth_tag = 4,
|
|
|
|
|
.srtcp_auth_tag = 10,
|
|
|
|
|
.srtp_auth_key_len = 20,
|
|
|
|
|
.srtcp_auth_key_len = 20,
|
|
|
|
|
.encrypt_rtp = aes_cm_encrypt_rtp,
|
|
|
|
|
.decrypt_rtp = aes_cm_encrypt_rtp,
|
|
|
|
|
.encrypt_rtcp = aes_cm_encrypt_rtcp,
|
|
|
|
|
.decrypt_rtcp = aes_cm_encrypt_rtcp,
|
|
|
|
|
.hash_rtp = hmac_sha1_rtp,
|
|
|
|
|
.hash_rtcp = hmac_sha1_rtcp,
|
|
|
|
|
.session_key_init = aes_cm_session_key_init_256,
|
|
|
|
|
.session_key_cleanup = evp_session_key_cleanup,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
@ -211,7 +309,7 @@ const struct crypto_suite *crypto_find_suite(const str *s) {
|
|
|
|
|
|
|
|
|
|
/* rfc 3711 section 4.1 and 4.1.1
|
|
|
|
|
* "in" and "out" MAY point to the same buffer */
|
|
|
|
|
static void aes_ctr_128(unsigned char *out, str *in, EVP_CIPHER_CTX *ecc, const unsigned char *iv) {
|
|
|
|
|
static void aes_ctr(unsigned char *out, str *in, EVP_CIPHER_CTX *ecc, const unsigned char *iv) {
|
|
|
|
|
unsigned char ivx[16];
|
|
|
|
|
unsigned char key_block[16];
|
|
|
|
|
unsigned char *p, *q;
|
|
|
|
|
@ -259,10 +357,11 @@ done:
|
|
|
|
|
;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void aes_ctr_128_no_ctx(unsigned char *out, str *in, const unsigned char *key, const unsigned char *iv) {
|
|
|
|
|
static void aes_ctr_no_ctx(unsigned char *out, str *in, const unsigned char *key, int keylen, const unsigned char *iv) {
|
|
|
|
|
EVP_CIPHER_CTX *ctx;
|
|
|
|
|
unsigned char block[16];
|
|
|
|
|
int len;
|
|
|
|
|
const EVP_CIPHER *ecb_cipher;
|
|
|
|
|
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
|
|
|
ctx = EVP_CIPHER_CTX_new();
|
|
|
|
|
@ -271,8 +370,23 @@ static void aes_ctr_128_no_ctx(unsigned char *out, str *in, const unsigned char
|
|
|
|
|
ctx = &ctx_s;
|
|
|
|
|
EVP_CIPHER_CTX_init(ctx);
|
|
|
|
|
#endif
|
|
|
|
|
EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, key, NULL);
|
|
|
|
|
aes_ctr_128(out, in, ctx, iv);
|
|
|
|
|
switch(keylen) {
|
|
|
|
|
case 16:
|
|
|
|
|
ecb_cipher = EVP_aes_128_ecb();
|
|
|
|
|
break;
|
|
|
|
|
case 24:
|
|
|
|
|
ecb_cipher = EVP_aes_192_ecb();
|
|
|
|
|
break;
|
|
|
|
|
case 32:
|
|
|
|
|
ecb_cipher = EVP_aes_256_ecb();
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
// silence -Wmaybe-unintialized; must not end up here
|
|
|
|
|
assert(FALSE);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
EVP_EncryptInit_ex(ctx, ecb_cipher, NULL, key, NULL);
|
|
|
|
|
aes_ctr(out, in, ctx, iv);
|
|
|
|
|
EVP_EncryptFinal_ex(ctx, block, &len);
|
|
|
|
|
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
|
|
|
@ -287,7 +401,7 @@ static void aes_ctr_128_no_ctx(unsigned char *out, str *in, const unsigned char
|
|
|
|
|
* x: 112 bits
|
|
|
|
|
* n <= 256
|
|
|
|
|
* out->len := n / 8 */
|
|
|
|
|
static void prf_n(str *out, const unsigned char *key, const unsigned char *x) {
|
|
|
|
|
static void prf_n(str *out, const unsigned char *key, int keylen, const unsigned char *x) {
|
|
|
|
|
unsigned char iv[16];
|
|
|
|
|
unsigned char o[32];
|
|
|
|
|
unsigned char in[32];
|
|
|
|
|
@ -300,7 +414,7 @@ static void prf_n(str *out, const unsigned char *key, const unsigned char *x) {
|
|
|
|
|
/* iv[14] = iv[15] = 0; := x << 16 */
|
|
|
|
|
ZERO(in); /* outputs the key stream */
|
|
|
|
|
str_init_len(&in_s, (void *) in, out->len > 16 ? 32 : 16);
|
|
|
|
|
aes_ctr_128_no_ctx(o, &in_s, key, iv);
|
|
|
|
|
aes_ctr_no_ctx(o, &in_s, key, keylen, iv);
|
|
|
|
|
|
|
|
|
|
memcpy(out->s, o, out->len);
|
|
|
|
|
}
|
|
|
|
|
@ -322,7 +436,7 @@ int crypto_gen_session_key(struct crypto_context *c, str *out, unsigned char lab
|
|
|
|
|
for (i = 13 - index_len; i < 14; i++)
|
|
|
|
|
x[i] = key_id[i - (13 - index_len)] ^ x[i];
|
|
|
|
|
|
|
|
|
|
prf_n(out, c->params.master_key, x);
|
|
|
|
|
prf_n(out, c->params.master_key, c->params.crypto_suite->master_key_len, x);
|
|
|
|
|
|
|
|
|
|
#if CRYPTO_DEBUG
|
|
|
|
|
ilog(LOG_DEBUG, "Generated session key: master key "
|
|
|
|
|
@ -366,7 +480,7 @@ static int aes_cm_encrypt(struct crypto_context *c, u_int32_t ssrc, str *s, u_in
|
|
|
|
|
ivi[2] ^= idxh;
|
|
|
|
|
ivi[3] ^= idxl;
|
|
|
|
|
|
|
|
|
|
aes_ctr_128((void *) s->s, s, c->session_key_ctx[0], iv);
|
|
|
|
|
aes_ctr((void *) s->s, s, c->session_key_ctx[0], iv);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
@ -515,7 +629,7 @@ static int hmac_sha1_rtcp(struct crypto_context *c, char *out, str *in) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int aes_cm_session_key_init(struct crypto_context *c) {
|
|
|
|
|
static int aes_cm_session_key_init_128(struct crypto_context *c) {
|
|
|
|
|
evp_session_key_cleanup(c);
|
|
|
|
|
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
|
|
|
@ -529,13 +643,41 @@ static int aes_cm_session_key_init(struct crypto_context *c) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int aes_cm_session_key_init_192(struct crypto_context *c) {
|
|
|
|
|
evp_session_key_cleanup(c);
|
|
|
|
|
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
|
|
|
c->session_key_ctx[0] = EVP_CIPHER_CTX_new();
|
|
|
|
|
#else
|
|
|
|
|
c->session_key_ctx[0] = g_slice_alloc(sizeof(EVP_CIPHER_CTX));
|
|
|
|
|
EVP_CIPHER_CTX_init(c->session_key_ctx[0]);
|
|
|
|
|
#endif
|
|
|
|
|
EVP_EncryptInit_ex(c->session_key_ctx[0], EVP_aes_192_ecb(), NULL,
|
|
|
|
|
(unsigned char *) c->session_key, NULL);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int aes_cm_session_key_init_256(struct crypto_context *c) {
|
|
|
|
|
evp_session_key_cleanup(c);
|
|
|
|
|
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
|
|
|
c->session_key_ctx[0] = EVP_CIPHER_CTX_new();
|
|
|
|
|
#else
|
|
|
|
|
c->session_key_ctx[0] = g_slice_alloc(sizeof(EVP_CIPHER_CTX));
|
|
|
|
|
EVP_CIPHER_CTX_init(c->session_key_ctx[0]);
|
|
|
|
|
#endif
|
|
|
|
|
EVP_EncryptInit_ex(c->session_key_ctx[0], EVP_aes_256_ecb(), NULL,
|
|
|
|
|
(unsigned char *) c->session_key, NULL);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int aes_f8_session_key_init(struct crypto_context *c) {
|
|
|
|
|
unsigned char m[16];
|
|
|
|
|
int i;
|
|
|
|
|
int k_e_len, k_s_len; /* n_e, n_s */
|
|
|
|
|
unsigned char *key;
|
|
|
|
|
|
|
|
|
|
aes_cm_session_key_init(c);
|
|
|
|
|
aes_cm_session_key_init_128(c);
|
|
|
|
|
|
|
|
|
|
k_e_len = c->params.crypto_suite->session_key_len;
|
|
|
|
|
k_s_len = c->params.crypto_suite->session_salt_len;
|
|
|
|
|
|
Richard Fuchs
9 years ago