sipwise
/
rtpengine
mirror of https://github.com/sipwise/rtpengine.git
1
0
Fork 0
Code Issues Releases Wiki Activity

crypto.c: handle 12 bytes master salt length of AEAD

Browse Source 
AEAD RFC7714 specifies 12 bytes master salt length
(section 12) but the KDF expects 14 bytes.

The erratum to RFC7714 specifies to pad on the right
by 16 bits to be compliant with the KDF.

https://www.rfc-editor.org/errata_search.php?rfc=7714
pull/1133/head
SPChan 6 years ago
parent 30ba71f10c
commit b5009eff0b
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File

11
daemon/crypto.c
Unescape View File

@ -190,7 +190,7 @@ struct crypto_suite __crypto_suites[] = {
.name = "AEAD_AES_128_GCM", .name = "AEAD_AES_128_GCM",
.dtls_name = "SRTP_AEAD_AES_128_GCM", .dtls_name = "SRTP_AEAD_AES_128_GCM",
.master_key_len = 16, .master_key_len = 16,
.master_salt_len = 14, .master_salt_len = 12,
.session_key_len = 16, .session_key_len = 16,
.session_salt_len = 12, .session_salt_len = 12,
.srtp_lifetime = 1ULL << 48, .srtp_lifetime = 1ULL << 48,
@ -214,7 +214,7 @@ struct crypto_suite __crypto_suites[] = {
.name = "AEAD_AES_256_GCM", .name = "AEAD_AES_256_GCM",
.dtls_name = "SRTP_AEAD_AES_256_GCM", .dtls_name = "SRTP_AEAD_AES_256_GCM",
.master_key_len = 32, .master_key_len = 32,
.master_salt_len = 14, .master_salt_len = 12,
.session_key_len = 32, .session_key_len = 32,
.session_salt_len = 12, .session_salt_len = 12,
.srtp_lifetime = 1ULL << 48, .srtp_lifetime = 1ULL << 48,
@ -471,7 +471,14 @@ int crypto_gen_session_key(struct crypto_context *c, str *out, unsigned char lab
* key_derivation_rate == 0 --> r == 0 */ * key_derivation_rate == 0 --> r == 0 */
key_id[0] = label; key_id[0] = label;
// AEAD uses 12 bytes master salt; pad on the right to get 14
// Errata: https://www.rfc-editor.org/errata_search.php?rfc=7714
if (c->params.crypto_suite->master_salt_len == 12) {
memcpy(x, c->params.master_salt, 12);
x[12] = x[13] = '\x00';
} else {
memcpy(x, c->params.master_salt, 14); memcpy(x, c->params.master_salt, 14);
}
for (i = 13 - index_len; i < 14; i++) for (i = 13 - index_len; i < 14; i++)
x[i] = key_id[i - (13 - index_len)] ^ x[i]; x[i] = key_id[i - (13 - index_len)] ^ x[i];

Write Preview
Loading…
Cancel
Save