stop with the bit-length silliness, give key/tag lengths in bytes

daemon/crypto.c

@@ -27,23 +27,22 @@ static int aes_f8_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r,
 static int aes_session_key_init(struct crypto_context *c);
 static int aes_session_key_cleanup(struct crypto_context *c);
 
-/* all lengths are in bits, some code assumes everything to be multiples of 8 */
+/* all lengths are in bytes */
 const struct crypto_suite crypto_suites[] = {
 	{
 		.name			= "AES_CM_128_HMAC_SHA1_80",
-		.master_key_len		= 128,
-		.master_salt_len	= 112,
-		.session_key_len	= 128,
-		.session_salt_len	= 112,
+		.master_key_len		= 16,
+		.master_salt_len	= 14,
+		.session_key_len	= 16,
+		.session_salt_len	= 14,
 		.srtp_lifetime		= 1ULL << 48,
 		.srtcp_lifetime		= 1ULL << 31,
 		.cipher			= CIPHER_AES_CM,
-		.encryption_key		= 128,
 		.mac			= MAC_HMAC_SHA1,
-		.srtp_auth_tag		= 80,
-		.srtcp_auth_tag		= 80,
-		.srtp_auth_key_len	= 160,
-		.srtcp_auth_key_len	= 160,
+		.srtp_auth_tag		= 10,
+		.srtcp_auth_tag		= 10,
+		.srtp_auth_key_len	= 20,
+		.srtcp_auth_key_len	= 20,
 		.encrypt_rtp		= aes_cm_encrypt_rtp,
 		.decrypt_rtp		= aes_cm_encrypt_rtp,
 		.encrypt_rtcp		= aes_cm_encrypt_rtcp,
@@ -55,19 +54,18 @@ const struct crypto_suite crypto_suites[] = {
 	},
 	{
 		.name			= "AES_CM_128_HMAC_SHA1_32",
-		.master_key_len		= 128,
-		.master_salt_len	= 112,
-		.session_key_len	= 128,
-		.session_salt_len	= 112,
+		.master_key_len		= 16,
+		.master_salt_len	= 14,
+		.session_key_len	= 16,
+		.session_salt_len	= 14,
 		.srtp_lifetime		= 1ULL << 48,
 		.srtcp_lifetime		= 1ULL << 31,
 		.cipher			= CIPHER_AES_CM,
-		.encryption_key		= 128,
 		.mac			= MAC_HMAC_SHA1,
-		.srtp_auth_tag		= 32,
-		.srtcp_auth_tag		= 80,
-		.srtp_auth_key_len	= 160,
-		.srtcp_auth_key_len	= 160,
+		.srtp_auth_tag		= 4,
+		.srtcp_auth_tag		= 10,
+		.srtp_auth_key_len	= 20,
+		.srtcp_auth_key_len	= 20,
 		.encrypt_rtp		= aes_cm_encrypt_rtp,
 		.decrypt_rtp		= aes_cm_encrypt_rtp,
 		.encrypt_rtcp		= aes_cm_encrypt_rtcp,
@@ -77,19 +75,18 @@ const struct crypto_suite crypto_suites[] = {
 	},
 	{
 		.name			= "F8_128_HMAC_SHA1_80",
-		.master_key_len		= 128,
-		.master_salt_len	= 112,
-		.session_key_len	= 128,
-		.session_salt_len	= 112,
+		.master_key_len		= 16,
+		.master_salt_len	= 14,
+		.session_key_len	= 16,
+		.session_salt_len	= 14,
 		.srtp_lifetime		= 1ULL << 48,
 		.srtcp_lifetime		= 1ULL << 31,
 		.cipher			= CIPHER_AES_F8,
-		.encryption_key		= 128,
 		.mac			= MAC_HMAC_SHA1,
-		.srtp_auth_tag		= 80,
-		.srtcp_auth_tag		= 80,
-		.srtp_auth_key_len	= 160,
-		.srtcp_auth_key_len	= 160,
+		.srtp_auth_tag		= 10,
+		.srtcp_auth_tag		= 10,
+		.srtp_auth_key_len	= 20,
+		.srtcp_auth_key_len	= 20,
 		.encrypt_rtp		= aes_f8_encrypt_rtp,
 		.decrypt_rtp		= aes_f8_encrypt_rtp,
 		.encrypt_rtcp		= aes_f8_encrypt_rtcp,
@@ -304,8 +301,8 @@ static void aes_128_f8_encrypt(struct crypto_context *c, unsigned char *iv, str
 	u_int64_t *pi, *ki, *lki, *xi;
 	u_int32_t *xu;
 
-	k_e_len = c->crypto_suite->session_key_len / 8;
-	k_s_len = c->crypto_suite->session_salt_len / 8;
+	k_e_len = c->crypto_suite->session_key_len;
+	k_s_len = c->crypto_suite->session_salt_len;
 	key = (unsigned char *) c->session_key;
 
 	/* m = k_s || 0x555..5 */
@@ -409,15 +406,15 @@ static int hmac_sha1_rtp(struct crypto_context *c, char *out, str *in, u_int64_t
 	HMAC_CTX hc;
 	u_int32_t roc;
 
-	HMAC_Init(&hc, c->session_auth_key, c->crypto_suite->srtp_auth_key_len / 8, EVP_sha1());
+	HMAC_Init(&hc, c->session_auth_key, c->crypto_suite->srtp_auth_key_len, EVP_sha1());
 	HMAC_Update(&hc, (unsigned char *) in->s, in->len);
 	roc = htonl((index & 0xffffffff0000ULL) >> 16);
 	HMAC_Update(&hc, (unsigned char *) &roc, sizeof(roc));
 	HMAC_Final(&hc, hmac, NULL);
 	HMAC_CTX_cleanup(&hc);
 
-	assert(sizeof(hmac) >= c->crypto_suite->srtp_auth_tag / 8);
-	memcpy(out, hmac, c->crypto_suite->srtp_auth_tag / 8);
+	assert(sizeof(hmac) >= c->crypto_suite->srtp_auth_tag);
+	memcpy(out, hmac, c->crypto_suite->srtp_auth_tag);
 
 	return 0;
 }
@@ -426,11 +423,11 @@ static int hmac_sha1_rtp(struct crypto_context *c, char *out, str *in, u_int64_t
 static int hmac_sha1_rtcp(struct crypto_context *c, char *out, str *in) {
 	unsigned char hmac[20];
 
-	HMAC(EVP_sha1(), c->session_auth_key, c->crypto_suite->srtcp_auth_key_len / 8,
+	HMAC(EVP_sha1(), c->session_auth_key, c->crypto_suite->srtcp_auth_key_len,
 			(unsigned char *) in->s, in->len, hmac, NULL);
 
-	assert(sizeof(hmac) >= c->crypto_suite->srtcp_auth_tag / 8);
-	memcpy(out, hmac, c->crypto_suite->srtcp_auth_tag / 8);
+	assert(sizeof(hmac) >= c->crypto_suite->srtcp_auth_tag);
+	memcpy(out, hmac, c->crypto_suite->srtcp_auth_tag);
 
 	return 0;
 }

daemon/crypto.h

@@ -42,7 +42,6 @@ struct crypto_suite {
 		master_salt_len,
 		session_key_len,	/* n_e */
 		session_salt_len,	/* n_s */
-		encryption_key,
 		srtp_auth_tag,		/* n_a */
 		srtcp_auth_tag,
 		srtp_auth_key_len,	/* n_a */

daemon/rtcp.c

@@ -321,13 +321,13 @@ static inline int check_session_keys(struct crypto_context *c) {
 	if (!c->crypto_suite)
 		goto error;
 
-	str_init_len(&s, c->session_key, c->crypto_suite->session_key_len / 8);
+	str_init_len(&s, c->session_key, c->crypto_suite->session_key_len);
 	if (crypto_gen_session_key(c, &s, 0x03, 4))
 		goto error;
-	str_init_len(&s, c->session_auth_key, c->crypto_suite->srtcp_auth_key_len / 8);
+	str_init_len(&s, c->session_auth_key, c->crypto_suite->srtcp_auth_key_len);
 	if (crypto_gen_session_key(c, &s, 0x04, 4))
 		goto error;
-	str_init_len(&s, c->session_salt, c->crypto_suite->session_salt_len / 8);
+	str_init_len(&s, c->session_salt, c->crypto_suite->session_salt_len);
 	if (crypto_gen_session_key(c, &s, 0x05, 4))
 		goto error;
 
@@ -392,7 +392,7 @@ int rtcp_avp2savp(str *s, struct crypto_context *c) {
 	rtp_append_mki(s, c);
 
 	c->crypto_suite->hash_rtcp(c, s->s + s->len, &to_auth);
-	s->len += c->crypto_suite->srtp_auth_tag / 8;
+	s->len += c->crypto_suite->srtp_auth_tag;
 
 	return 0;
 }

daemon/rtp.c

@@ -19,13 +19,13 @@ static inline int check_session_keys(struct crypto_context *c) {
 	if (!c->crypto_suite)
 		goto error;
 
-	str_init_len(&s, c->session_key, c->crypto_suite->session_key_len / 8);
+	str_init_len(&s, c->session_key, c->crypto_suite->session_key_len);
 	if (crypto_gen_session_key(c, &s, 0x00, 6))
 		goto error;
-	str_init_len(&s, c->session_auth_key, c->crypto_suite->srtp_auth_key_len / 8);
+	str_init_len(&s, c->session_auth_key, c->crypto_suite->srtp_auth_key_len);
 	if (crypto_gen_session_key(c, &s, 0x01, 6))
 		goto error;
-	str_init_len(&s, c->session_salt, c->crypto_suite->session_salt_len / 8);
+	str_init_len(&s, c->session_salt, c->crypto_suite->session_salt_len);
 	if (crypto_gen_session_key(c, &s, 0x02, 6))
 		goto error;
 
@@ -165,7 +165,7 @@ int rtp_avp2savp(str *s, struct crypto_context *c) {
 
 	if (c->crypto_suite->srtp_auth_tag) {
 		c->crypto_suite->hash_rtp(c, s->s + s->len, &to_auth, index);
-		s->len += c->crypto_suite->srtp_auth_tag / 8;
+		s->len += c->crypto_suite->srtp_auth_tag;
 	}
 
 	return 0;
@@ -213,7 +213,6 @@ int srtp_payloads(str *to_auth, str *to_decrypt, str *auth_tag, str *mki,
 		int auth_len, int mki_len,
 		const str *packet, const str *payload)
 {
-	auth_len /= 8; /* given in bits */
 	*to_auth = *packet;
 	*to_decrypt = *payload;
 	/* packet and payload should be identical except for the respective header */

daemon/sdp.c

@@ -343,9 +343,8 @@ static int parse_attribute_crypto(struct sdp_attribute *output) {
 	c->crypto_suite = crypto_find_suite(&c->crypto_suite_str);
 	if (!c->crypto_suite)
 		return -1;
-	/* assume everything is a multiple of 8 */
-	salt_key_len = (c->crypto_suite->master_key_len
-			+ c->crypto_suite->master_salt_len) / 8;
+	salt_key_len = c->crypto_suite->master_key_len
+			+ c->crypto_suite->master_salt_len;
 	assert(sizeof(c->key_salt_buf) >= salt_key_len);
 	enc_salt_key_len = ceil((double) salt_key_len * 4.0/3.0);
 
@@ -361,9 +360,9 @@ static int parse_attribute_crypto(struct sdp_attribute *output) {
 		return -1;
 
 	c->master_key.s = c->key_salt_buf;
-	c->master_key.len = c->crypto_suite->master_key_len / 8;
+	c->master_key.len = c->crypto_suite->master_key_len;
 	c->salt.s = c->master_key.s + c->master_key.len;
-	c->salt.len = c->crypto_suite->master_salt_len / 8;
+	c->salt.len = c->crypto_suite->master_salt_len;
 
 	c->lifetime_str = c->key_params_str;
 	str_shift(&c->lifetime_str, 7 + enc_salt_key_len);
@@ -793,8 +792,8 @@ int sdp_streams(const GQueue *sessions, GQueue *streams, GHashTable *streamhash,
 				assert(sizeof(cctx.master_salt) >= attr->u.crypto.salt.len);
 				memcpy(cctx.master_key, attr->u.crypto.master_key.s, attr->u.crypto.master_key.len);
 				memcpy(cctx.master_salt, attr->u.crypto.salt.s, attr->u.crypto.salt.len);
-				assert(sizeof(cctx.session_key) >= cctx.crypto_suite->session_key_len / 8);
-				assert(sizeof(cctx.session_salt) >= cctx.crypto_suite->session_salt_len / 8);
+				assert(sizeof(cctx.session_key) >= cctx.crypto_suite->session_key_len);
+				assert(sizeof(cctx.session_salt) >= cctx.crypto_suite->session_salt_len);
 			}
 
 			si = NULL;
@@ -1320,9 +1319,9 @@ static int generate_crypto(struct sdp_media *media, struct sdp_ng_flags *flags,
 		if (!c->crypto_suite)
 			c->crypto_suite = &crypto_suites[0];
 		random_string((unsigned char *) c->master_key,
-				c->crypto_suite->master_key_len / 8);
+				c->crypto_suite->master_key_len);
 		random_string((unsigned char *) c->master_salt,
-				c->crypto_suite->master_salt_len / 8);
+				c->crypto_suite->master_salt_len);
 		/* mki = mki_len = 0 */
 		c->tag = rtp->crypto.in.tag;
 		if (!c->tag)
@@ -1332,14 +1331,14 @@ static int generate_crypto(struct sdp_media *media, struct sdp_ng_flags *flags,
 	mutex_unlock(&rtp->up->up->lock);
 
 	assert(sizeof(b64_buf) >= (((c->crypto_suite->master_key_len
-				+ c->crypto_suite->master_salt_len) / 8) / 3 + 1) * 4 + 4);
+				+ c->crypto_suite->master_salt_len)) / 3 + 1) * 4 + 4);
 
 	p = b64_buf;
 	p += g_base64_encode_step((unsigned char *) c->master_key,
-			c->crypto_suite->master_key_len / 8, 0,
+			c->crypto_suite->master_key_len, 0,
 			p, &state, &save);
 	p += g_base64_encode_step((unsigned char *) c->master_salt,
-			c->crypto_suite->master_salt_len / 8, 0,
+			c->crypto_suite->master_salt_len, 0,
 			p, &state, &save);
 	p += g_base64_encode_close(0, p, &state, &save);
 
@@ -1351,9 +1350,9 @@ static int generate_crypto(struct sdp_media *media, struct sdp_ng_flags *flags,
 	c->crypto_suite = src->crypto_suite;
 	c->tag = src->tag;
 	memcpy(c->master_key, src->master_key,
-			c->crypto_suite->master_key_len / 8);
+			c->crypto_suite->master_key_len);
 	memcpy(c->master_salt, src->master_salt,
-			c->crypto_suite->master_salt_len / 8);
+			c->crypto_suite->master_salt_len);
 
 	mutex_unlock(&rtcp->up->up->lock);