sipwise
/
rtpengine
mirror of https://github.com/sipwise/rtpengine.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'aes256' of https://github.com/aalba6675/rtpengine into aalba6675-aes256

Browse Source
pull/337/head
Richard Fuchs 9 years ago
parent 305fbeddee 74b2559b04
commit e8d197a08c
9 changed files with 563 additions and 48 deletions
Show Stats Download Patch File Download Diff File

143
daemon/crypto.c
Unescape View File

@ -35,7 +35,7 @@ static int null_crypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s
static int null_crypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, u_int64_t idx);
/* all lengths are in bytes */
const struct crypto_suite crypto_suites[] = {
struct crypto_suite __crypto_suites[] = {
{
.name = "AES_CM_128_HMAC_SHA1_80",
.dtls_name = "SRTP_AES128_CM_SHA1_80",
@ -45,7 +45,7 @@ const struct crypto_suite crypto_suites[] = {
.session_salt_len = 14,
.srtp_lifetime = 1ULL << 48,
.srtcp_lifetime = 1ULL << 31,
.kernel_cipher = REC_AES_CM,
.kernel_cipher = REC_AES_CM_128,
.kernel_hmac = REH_HMAC_SHA1,
.srtp_auth_tag = 10,
.srtcp_auth_tag = 10,
@ -69,7 +69,103 @@ const struct crypto_suite crypto_suites[] = {
.session_salt_len = 14,
.srtp_lifetime = 1ULL << 48,
.srtcp_lifetime = 1ULL << 31,
.kernel_cipher = REC_AES_CM,
.kernel_cipher = REC_AES_CM_128,
.kernel_hmac = REH_HMAC_SHA1,
.srtp_auth_tag = 4,
.srtcp_auth_tag = 10,
.srtp_auth_key_len = 20,
.srtcp_auth_key_len = 20,
.encrypt_rtp = aes_cm_encrypt_rtp,
.decrypt_rtp = aes_cm_encrypt_rtp,
.encrypt_rtcp = aes_cm_encrypt_rtcp,
.decrypt_rtcp = aes_cm_encrypt_rtcp,
.hash_rtp = hmac_sha1_rtp,
.hash_rtcp = hmac_sha1_rtcp,
.session_key_init = aes_cm_session_key_init,
.session_key_cleanup = evp_session_key_cleanup,
},
{
.name = "AES_CM_192_HMAC_SHA1_80",
//.dtls_name = "SRTP_AES128_CM_SHA1_80",
.master_key_len = 24,
.master_salt_len = 14,
.session_key_len = 24,
.session_salt_len = 14,
.srtp_lifetime = 1ULL << 48,
.srtcp_lifetime = 1ULL << 31,
.kernel_cipher = REC_AES_CM_192,
.kernel_hmac = REH_HMAC_SHA1,
.srtp_auth_tag = 10,
.srtcp_auth_tag = 10,
.srtp_auth_key_len = 20,
.srtcp_auth_key_len = 20,
.encrypt_rtp = aes_cm_encrypt_rtp,
.decrypt_rtp = aes_cm_encrypt_rtp,
.encrypt_rtcp = aes_cm_encrypt_rtcp,
.decrypt_rtcp = aes_cm_encrypt_rtcp,
.hash_rtp = hmac_sha1_rtp,
.hash_rtcp = hmac_sha1_rtcp,
.session_key_init = aes_cm_session_key_init,
.session_key_cleanup = evp_session_key_cleanup,
},
{
.name = "AES_CM_192_HMAC_SHA1_32",
//.dtls_name = "SRTP_AES128_CM_SHA1_32",
.master_key_len = 24,
.master_salt_len = 14,
.session_key_len = 24,
.session_salt_len = 14,
.srtp_lifetime = 1ULL << 48,
.srtcp_lifetime = 1ULL << 31,
.kernel_cipher = REC_AES_CM_192,
.kernel_hmac = REH_HMAC_SHA1,
.srtp_auth_tag = 4,
.srtcp_auth_tag = 10,
.srtp_auth_key_len = 20,
.srtcp_auth_key_len = 20,
.encrypt_rtp = aes_cm_encrypt_rtp,
.decrypt_rtp = aes_cm_encrypt_rtp,
.encrypt_rtcp = aes_cm_encrypt_rtcp,
.decrypt_rtcp = aes_cm_encrypt_rtcp,
.hash_rtp = hmac_sha1_rtp,
.hash_rtcp = hmac_sha1_rtcp,
.session_key_init = aes_cm_session_key_init,
.session_key_cleanup = evp_session_key_cleanup,
},
{
.name = "AES_CM_256_HMAC_SHA1_80",
//.dtls_name = "SRTP_AES128_CM_SHA1_80",
.master_key_len = 32,
.master_salt_len = 14,
.session_key_len = 32,
.session_salt_len = 14,
.srtp_lifetime = 1ULL << 48,
.srtcp_lifetime = 1ULL << 31,
.kernel_cipher = REC_AES_CM_256,
.kernel_hmac = REH_HMAC_SHA1,
.srtp_auth_tag = 10,
.srtcp_auth_tag = 10,
.srtp_auth_key_len = 20,
.srtcp_auth_key_len = 20,
.encrypt_rtp = aes_cm_encrypt_rtp,
.decrypt_rtp = aes_cm_encrypt_rtp,
.encrypt_rtcp = aes_cm_encrypt_rtcp,
.decrypt_rtcp = aes_cm_encrypt_rtcp,
.hash_rtp = hmac_sha1_rtp,
.hash_rtcp = hmac_sha1_rtcp,
.session_key_init = aes_cm_session_key_init,
.session_key_cleanup = evp_session_key_cleanup,
},
{
.name = "AES_CM_256_HMAC_SHA1_32",
//.dtls_name = "SRTP_AES128_CM_SHA1_32",
.master_key_len = 32,
.master_salt_len = 14,
.session_key_len = 32,
.session_salt_len = 14,
.srtp_lifetime = 1ULL << 48,
.srtcp_lifetime = 1ULL << 31,
.kernel_cipher = REC_AES_CM_256,
.kernel_hmac = REH_HMAC_SHA1,
.srtp_auth_tag = 4,
.srtcp_auth_tag = 10,
@ -180,7 +276,8 @@ const struct crypto_suite crypto_suites[] = {
},
};
const int num_crypto_suites = G_N_ELEMENTS(crypto_suites);
const struct crypto_suite *crypto_suites = __crypto_suites;
const int num_crypto_suites = G_N_ELEMENTS(__crypto_suites);
@ -211,7 +308,7 @@ const struct crypto_suite *crypto_find_suite(const str *s) {
/* rfc 3711 section 4.1 and 4.1.1
* "in" and "out" MAY point to the same buffer */
static void aes_ctr_128(unsigned char *out, str *in, EVP_CIPHER_CTX *ecc, const unsigned char *iv) {
static void aes_ctr(unsigned char *out, str *in, EVP_CIPHER_CTX *ecc, const unsigned char *iv) {
unsigned char ivx[16];
unsigned char key_block[16];
unsigned char *p, *q;
@ -259,7 +356,9 @@ done:
;
}
static void aes_ctr_128_no_ctx(unsigned char *out, str *in, const unsigned char *key, const unsigned char *iv) {
static void aes_ctr_no_ctx(unsigned char *out, str *in, const unsigned char *key, const EVP_CIPHER *ciph,
const unsigned char *iv)
{
EVP_CIPHER_CTX *ctx;
unsigned char block[16];
int len;
@ -271,8 +370,8 @@ static void aes_ctr_128_no_ctx(unsigned char *out, str *in, const unsigned char
ctx = &ctx_s;
EVP_CIPHER_CTX_init(ctx);
#endif
EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, key, NULL);
aes_ctr_128(out, in, ctx, iv);
EVP_EncryptInit_ex(ctx, ciph, NULL, key, NULL);
aes_ctr(out, in, ctx, iv);
EVP_EncryptFinal_ex(ctx, block, &len);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
@ -287,7 +386,7 @@ static void aes_ctr_128_no_ctx(unsigned char *out, str *in, const unsigned char
* x: 112 bits
* n <= 256
* out->len := n / 8 */
static void prf_n(str *out, const unsigned char *key, const unsigned char *x) {
static void prf_n(str *out, const unsigned char *key, const EVP_CIPHER *ciph, const unsigned char *x) {
unsigned char iv[16];
unsigned char o[32];
unsigned char in[32];
@ -300,7 +399,7 @@ static void prf_n(str *out, const unsigned char *key, const unsigned char *x) {
/* iv[14] = iv[15] = 0; := x << 16 */
ZERO(in); /* outputs the key stream */
str_init_len(&in_s, (void *) in, out->len > 16 ? 32 : 16);
aes_ctr_128_no_ctx(o, &in_s, key, iv);
aes_ctr_no_ctx(o, &in_s, key, ciph, iv);
memcpy(out->s, o, out->len);
}
@ -322,7 +421,7 @@ int crypto_gen_session_key(struct crypto_context *c, str *out, unsigned char lab
for (i = 13 - index_len; i < 14; i++)
x[i] = key_id[i - (13 - index_len)] ^ x[i];
prf_n(out, c->params.master_key, x);
prf_n(out, c->params.master_key, c->params.crypto_suite->lib_cipher_ptr, x);
#if CRYPTO_DEBUG
ilog(LOG_DEBUG, "Generated session key: master key "
@ -366,7 +465,7 @@ static int aes_cm_encrypt(struct crypto_context *c, u_int32_t ssrc, str *s, u_in
ivi[2] ^= idxh;
ivi[3] ^= idxl;
aes_ctr_128((void *) s->s, s, c->session_key_ctx[0], iv);
aes_ctr((void *) s->s, s, c->session_key_ctx[0], iv);
return 0;
}
@ -524,7 +623,7 @@ static int aes_cm_session_key_init(struct crypto_context *c) {
c->session_key_ctx[0] = g_slice_alloc(sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(c->session_key_ctx[0]);
#endif
EVP_EncryptInit_ex(c->session_key_ctx[0], EVP_aes_128_ecb(), NULL,
EVP_EncryptInit_ex(c->session_key_ctx[0], c->params.crypto_suite->lib_cipher_ptr, NULL,
(unsigned char *) c->session_key, NULL);
return 0;
}
@ -609,3 +708,21 @@ void crypto_dump_keys(struct crypto_context *in, struct crypto_context *out) {
ilog(LOG_DEBUG, "SRTP keys, outgoing:");
dump_key(out);
}
void crypto_init_main() {
struct crypto_suite *cs;
for (int i = 0; i < num_crypto_suites; i++) {
cs = &__crypto_suites[i];
switch(cs->master_key_len) {
case 16:
cs->lib_cipher_ptr = EVP_aes_128_ecb();
break;
case 24:
cs->lib_cipher_ptr = EVP_aes_192_ecb();
break;
case 32:
cs->lib_cipher_ptr = EVP_aes_256_ecb();
break;
}
}
}

9
daemon/crypto.h
Unescape View File

@ -11,9 +11,9 @@
#define SRTP_MAX_MASTER_KEY_LEN 16
#define SRTP_MAX_MASTER_KEY_LEN 32
#define SRTP_MAX_MASTER_SALT_LEN 14
#define SRTP_MAX_SESSION_KEY_LEN 16
#define SRTP_MAX_SESSION_KEY_LEN 32
#define SRTP_MAX_SESSION_SALT_LEN 14
#define SRTP_MAX_SESSION_AUTH_LEN 20
@ -56,6 +56,7 @@ struct crypto_suite {
session_key_init_func session_key_init;
session_key_cleanup_func session_key_cleanup;
const char *dtls_profile_code;
const void *lib_cipher_ptr;
};
struct crypto_session_params {
@ -97,11 +98,13 @@ struct rtp_ssrc_entry {
u_int64_t index;
};
extern const struct crypto_suite crypto_suites[];
extern const struct crypto_suite *crypto_suites;
extern const int num_crypto_suites;
void crypto_init_main();
const struct crypto_suite *crypto_find_suite(const str *);
int crypto_gen_session_key(struct crypto_context *, str *, unsigned char, int);
void crypto_dump_keys(struct crypto_context *in, struct crypto_context *out);

1
daemon/main.c
Unescape View File

@ -514,6 +514,7 @@ static void init_everything() {
sdp_init();
dtls_init();
ice_init();
crypto_init_main();
interfaces_init(&interfaces);
}

2
daemon/media_socket.c
Unescape View File

@ -826,6 +826,8 @@ static int __k_srtp_crypt(struct rtpengine_srtp *s, struct crypto_context *c) {
if (c->params.mki_len)
memcpy(s->mki, c->params.mki, c->params.mki_len);
memcpy(s->master_key, c->params.master_key, c->params.crypto_suite->master_key_len);
s->master_key_len = c->params.crypto_suite->master_key_len;
s->session_key_len = c->params.crypto_suite->session_key_len;
memcpy(s->master_salt, c->params.master_salt, c->params.crypto_suite->master_salt_len);
if (c->params.session_params.unencrypted_srtp)

10
daemon/sdp.c
Unescape View File

@ -1,8 +1,8 @@
#include "sdp.h"
#include <glib.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <arpa/inet.h>
#include <math.h>
@ -274,7 +274,7 @@ INLINE int extract_token(char **sp, char *end, str *out) {
*sp = space + 1;
}
return 0;
}
#define EXTRACT_TOKEN(field) if (extract_token(&start, end, &output->field)) return -1
#define EXTRACT_NETWORK_ADDRESS_NP(field) \
@ -978,10 +978,10 @@ int sdp_parse(str *body, GQueue *sessions) {
if (line_end - value < 4)
break;
if (!memcmp(value, "RR:", 3))
*(media ? &media->rr : &session->rr) =
*(media ? &media->rr : &session->rr) =
(line_end - value == 4 && value[3] == '0') ? 0 : 1;
else if (!memcmp(value, "RS:", 3))
*(media ? &media->rs : &session->rs) =
*(media ? &media->rs : &session->rs) =
(line_end - value == 4 && value[3] == '0') ? 0 : 1;
break;

112
kernel-module/xt_RTPENGINE.c
Unescape View File

@ -231,7 +231,7 @@ static inline int bitfield_clear(unsigned long *bf, unsigned int i);
struct re_crypto_context {
spinlock_t lock; /* protects roc and last_index */
unsigned char session_key[16];
unsigned char session_key[32];
unsigned char session_salt[14];
unsigned char session_auth_key[20];
u_int32_t roc;
@ -338,7 +338,7 @@ struct re_stream {
int eof;
};
#define HASH_BITS 8 /* make configurable? */
#define RE_HASH_BITS 8 /* make configurable? */
struct rtpengine_table {
atomic_t refcnt;
rwlock_t target_lock;
@ -358,10 +358,10 @@ struct rtpengine_table {
struct list_head calls; /* protected by calls.lock */
spinlock_t calls_hash_lock[1 << HASH_BITS];
struct hlist_head calls_hash[1 << HASH_BITS];
spinlock_t streams_hash_lock[1 << HASH_BITS];
struct hlist_head streams_hash[1 << HASH_BITS];
spinlock_t calls_hash_lock[1 << RE_HASH_BITS];
struct hlist_head calls_hash[1 << RE_HASH_BITS];
spinlock_t streams_hash_lock[1 << RE_HASH_BITS];
struct hlist_head streams_hash[1 << RE_HASH_BITS];
};
struct re_cipher {
@ -501,9 +501,9 @@ static const struct re_cipher re_ciphers[] = {
.id = REC_NULL,
.name = "NULL",
},
[REC_AES_CM] = {
.id = REC_AES_CM,
.name = "AES-CM",
[REC_AES_CM_128] = {
.id = REC_AES_CM_128,
.name = "AES-CM-128",
.tfm_name = "aes",
.decrypt = srtp_encrypt_aes_cm,
.encrypt = srtp_encrypt_aes_cm,
@ -516,6 +516,20 @@ static const struct re_cipher re_ciphers[] = {
.encrypt = srtp_encrypt_aes_f8,
.session_key_init = aes_f8_session_key_init,
},
[REC_AES_CM_192] = {
.id = REC_AES_CM_192,
.name = "AES-CM-192",
.tfm_name = "aes",
.decrypt = srtp_encrypt_aes_cm,
.encrypt = srtp_encrypt_aes_cm,
},
[REC_AES_CM_256] = {
.id = REC_AES_CM_256,
.name = "AES-CM-256",
.tfm_name = "aes",
.decrypt = srtp_encrypt_aes_cm,
.encrypt = srtp_encrypt_aes_cm,
},
};
static const struct re_hmac re_hmacs[] = {
@ -1637,7 +1651,7 @@ static int validate_srtp(struct rtpengine_srtp *s) {
/* XXX shared code */
static void aes_ctr_128(unsigned char *out, const unsigned char *in, int in_len,
static void aes_ctr(unsigned char *out, const unsigned char *in, int in_len,
struct crypto_cipher *tfm, const unsigned char *iv)
{
unsigned char ivx[16];
@ -1700,7 +1714,7 @@ static void aes_f8(unsigned char *in_out, int in_len,
u_int32_t *xu;
crypto_cipher_encrypt_one(iv_tfm, ivx, iv);
pi = (void *) in_out;
ki = (void *) key_block;
lki = (void *) last_key_block;
@ -1747,7 +1761,7 @@ done:
}
static int aes_ctr_128_no_ctx(unsigned char *out, const char *in, int in_len,
const unsigned char *key, const unsigned char *iv)
const unsigned char *key, unsigned int key_len, const unsigned char *iv)
{
struct crypto_cipher *tfm;
@ -1755,14 +1769,14 @@ static int aes_ctr_128_no_ctx(unsigned char *out, const char *in, int in_len,
if (IS_ERR(tfm))
return PTR_ERR(tfm);
crypto_cipher_setkey(tfm, key, 16);
aes_ctr_128(out, in, in_len, tfm, iv);
crypto_cipher_setkey(tfm, key, key_len);
aes_ctr(out, in, in_len, tfm, iv);
crypto_free_cipher(tfm);
return 0;
}
static int prf_n(unsigned char *out, int len, const unsigned char *key, const unsigned char *x) {
static int prf_n(unsigned char *out, int len, const unsigned char *key, unsigned int key_len, const unsigned char *x) {
unsigned char iv[16];
unsigned char o[32];
unsigned char in[32];
@ -1773,7 +1787,7 @@ static int prf_n(unsigned char *out, int len, const unsigned char *key, const un
in_len = len > 16 ? 32 : 16;
memset(in, 0, in_len);
ret = aes_ctr_128_no_ctx(o, in, in_len, key, iv);
ret = aes_ctr_128_no_ctx(o, in, in_len, key, key_len, iv);
if (ret)
return ret;
@ -1795,7 +1809,7 @@ static int gen_session_key(unsigned char *out, int len, struct rtpengine_srtp *s
for (i = 13 - 6; i < 14; i++)
x[i] = key_id[i - (13 - 6)] ^ x[i];
ret = prf_n(out, len, s->master_key, x);
ret = prf_n(out, len, s->master_key, s->master_key_len, x);
if (ret)
return ret;
return 0;
@ -1836,7 +1850,7 @@ static int gen_session_keys(struct re_crypto_context *c, struct rtpengine_srtp *
if (s->cipher == REC_NULL && s->hmac == REH_NULL)
return 0;
err = "failed to generate session key";
ret = gen_session_key(c->session_key, 16, s, 0x00);
ret = gen_session_key(c->session_key, s->session_key_len, s, 0x00);
if (ret)
goto error;
ret = gen_session_key(c->session_auth_key, 20, s, 0x01);
@ -1854,7 +1868,7 @@ static int gen_session_keys(struct re_crypto_context *c, struct rtpengine_srtp *
c->tfm[0] = NULL;
goto error;
}
crypto_cipher_setkey(c->tfm[0], c->session_key, 16);
crypto_cipher_setkey(c->tfm[0], c->session_key, s->session_key_len);
}
if (c->cipher->session_key_init) {
@ -1874,21 +1888,69 @@ static int gen_session_keys(struct re_crypto_context *c, struct rtpengine_srtp *
crypto_shash_setkey(c->shash, c->session_auth_key, 20);
}
DBG("master key %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
switch(s->master_key_len) {
case 16:
DBG("master key %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
s->master_key[0], s->master_key[1], s->master_key[2], s->master_key[3],
s->master_key[4], s->master_key[5], s->master_key[6], s->master_key[7],
s->master_key[8], s->master_key[9], s->master_key[10], s->master_key[11],
s->master_key[12], s->master_key[13], s->master_key[14], s->master_key[15]);
break;
case 24:
DBG("master key %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
s->master_key[0], s->master_key[1], s->master_key[2], s->master_key[3],
s->master_key[4], s->master_key[5], s->master_key[6], s->master_key[7],
s->master_key[8], s->master_key[9], s->master_key[10], s->master_key[11],
s->master_key[12], s->master_key[13], s->master_key[14], s->master_key[15],
s->master_key[16], s->master_key[17], s->master_key[18], s->master_key[19],
s->master_key[20], s->master_key[21], s->master_key[22], s->master_key[23]);
break;
case 32:
DBG("master key %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
s->master_key[0], s->master_key[1], s->master_key[2], s->master_key[3],
s->master_key[4], s->master_key[5], s->master_key[6], s->master_key[7],
s->master_key[8], s->master_key[9], s->master_key[10], s->master_key[11],
s->master_key[12], s->master_key[13], s->master_key[14], s->master_key[15],
s->master_key[16], s->master_key[17], s->master_key[18], s->master_key[19],
s->master_key[20], s->master_key[21], s->master_key[22], s->master_key[23],
s->master_key[24], s->master_key[25], s->master_key[26], s->master_key[27],
s->master_key[28], s->master_key[29], s->master_key[30], s->master_key[31]);
break;
}
DBG("master salt %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
s->master_salt[0], s->master_salt[1], s->master_salt[2], s->master_salt[3],
s->master_salt[4], s->master_salt[5], s->master_salt[6], s->master_salt[7],
s->master_salt[8], s->master_salt[9], s->master_salt[10], s->master_salt[11],
s->master_salt[12], s->master_salt[13]);
DBG("session key %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
switch(s->session_key_len) {
case 16:
DBG("session key %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
c->session_key[0], c->session_key[1], c->session_key[2], c->session_key[3],
c->session_key[4], c->session_key[5], c->session_key[6], c->session_key[7],
c->session_key[8], c->session_key[9], c->session_key[10], c->session_key[11],
c->session_key[12], c->session_key[13], c->session_key[14], c->session_key[15]);
break;
case 24:
DBG("session key %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
c->session_key[0], c->session_key[1], c->session_key[2], c->session_key[3],
c->session_key[4], c->session_key[5], c->session_key[6], c->session_key[7],
c->session_key[8], c->session_key[9], c->session_key[10], c->session_key[11],
c->session_key[12], c->session_key[13], c->session_key[14], c->session_key[15],
c->session_key[16], c->session_key[17], c->session_key[18], c->session_key[19],
c->session_key[20], c->session_key[21], c->session_key[22], c->session_key[23]);
break;
case 32:
DBG("session key %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
c->session_key[0], c->session_key[1], c->session_key[2], c->session_key[3],
c->session_key[4], c->session_key[5], c->session_key[6], c->session_key[7],
c->session_key[8], c->session_key[9], c->session_key[10], c->session_key[11],
c->session_key[12], c->session_key[13], c->session_key[14], c->session_key[15],
c->session_key[16], c->session_key[17], c->session_key[18], c->session_key[19],
c->session_key[20], c->session_key[21], c->session_key[22], c->session_key[23],
c->session_key[24], c->session_key[25], c->session_key[26], c->session_key[27],
c->session_key[28], c->session_key[29], c->session_key[30], c->session_key[31]);
break;
}
DBG("session salt %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
c->session_salt[0], c->session_salt[1], c->session_salt[2], c->session_salt[3],
c->session_salt[4], c->session_salt[5], c->session_salt[6], c->session_salt[7],
@ -2014,7 +2076,7 @@ retry:
kfree(rda);
goto retry;
}
t->dest_addr_hash.addrs[rh_it] = rda;
re_bitfield_set(&t->dest_addr_hash.addrs_bf, rh_it);
@ -2417,7 +2479,7 @@ static int table_new_call(struct rtpengine_table *table, struct rtpengine_call_i
/* check for name collisions */
call->hash_bucket = crc32_le(0x52342, info->call_id, strlen(info->call_id));
call->hash_bucket = call->hash_bucket & ((1 << HASH_BITS) - 1);
call->hash_bucket = call->hash_bucket & ((1 << RE_HASH_BITS) - 1);
spin_lock_irqsave(&table->calls_hash_lock[call->hash_bucket], flags);
@ -2593,7 +2655,7 @@ static int table_new_stream(struct rtpengine_table *table, struct rtpengine_stre
/* check for name collisions */
stream->hash_bucket = crc32_le(0x52342 ^ info->call_idx, info->stream_name, strlen(info->stream_name));
stream->hash_bucket = stream->hash_bucket & ((1 << HASH_BITS) - 1);
stream->hash_bucket = stream->hash_bucket & ((1 << RE_HASH_BITS) - 1);
spin_lock_irqsave(&table->streams_hash_lock[stream->hash_bucket], flags);
@ -3501,7 +3563,7 @@ static int srtp_encrypt_aes_cm(struct re_crypto_context *c,
ivi[2] ^= idxh;
ivi[3] ^= idxl;
aes_ctr_128(r->payload, r->payload, r->payload_len, c->tfm[0], iv);
aes_ctr(r->payload, r->payload, r->payload_len, c->tfm[0], iv);
return 0;
}

8
kernel-module/xt_RTPENGINE.h
Unescape View File

@ -41,8 +41,10 @@ struct re_address {
enum rtpengine_cipher {
REC_INVALID = 0,
REC_NULL,
REC_AES_CM,
REC_AES_CM_128,
REC_AES_F8,
REC_AES_CM_192,
REC_AES_CM_256,
__REC_LAST
};
@ -59,8 +61,10 @@ enum rtpengine_hmac {
struct rtpengine_srtp {
enum rtpengine_cipher cipher;
enum rtpengine_hmac hmac;
unsigned char master_key[16];
unsigned char master_key[32];
unsigned int master_key_len;
unsigned char master_salt[14];
unsigned int session_key_len;
unsigned char mki[256]; /* XXX uses too much memory? */
u_int64_t last_index;
unsigned int auth_tag_len; /* in bytes */

38
tests/Makefile.aes
Unescape View File

@ -0,0 +1,38 @@
##
## Build daemon/
## cd tests/
## make -f Makefile.aes, output is binary t_crypt
## run: ./t_crypt
CC = gcc
CPPFLAGS = -I../daemon -I../lib
OBJS_DIR = ../daemon/
OBJS = crypto.o log.o loglib.o
LDFLAGS = $(shell pkg-config --libs glib-2.0)
LDFLAGS += $(shell pkg-config --libs openssl)
CFLAGS = -g $(shell pkg-config --cflags glib-2.0) -D_GNU_SOURCE
%.d: %.c
@set -e; rm -f $@; \
$(CC) -M $(CPPFLAGS) $(shell pkg-config --cflags glib-2.0) -D_GNU_SOURCE $< > $@.$$$$; \
sed 's,\($*\)\.o[ :]*,\1.o $@ : ,g' < $@.$$$$ > $@; \
rm -f $@.$$$$
all: t_crypt
sources = t_crypt.c
include $(sources:.c=.d)
t_crypt: t_crypt.o
gcc -o $@ $< $(addprefix $(OBJS_DIR), $(OBJS)) $(LDFLAGS)
.PHONY: clean
clean:
-rm -f t_crypt t_crypt.o

288
tests/t_crypt.c
Unescape View File

@ -0,0 +1,288 @@
#include <assert.h>
#include <stdio.h>
#include "crypto.h"
#include "rtplib.h"
uint8_t test_key[46] = {
0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
};
uint8_t rtp_plaintext_ref[28] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab
};
uint8_t rtcp_plaintext_ref[24] = {
0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
};
// SRTP Test Vectors
// ROC = 0, SSRC = 0xcafebabe, SEQ_NUM = 0x1234
uint8_t srtp_ciphertext_128[38] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
};
uint8_t srtp_ciphertext_192[38] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0x01, 0x57, 0x81, 0x89,
0x44, 0x62, 0x52, 0x9d, 0x91, 0xcf, 0x36, 0x59,
0xd2, 0x46, 0x2d, 0xb3, 0x08, 0xd9, 0xa0, 0x44,
0xc5, 0xd7, 0xd6, 0x8b, 0x26, 0xba
};
uint8_t srtp_ciphertext_256[38] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0x00, 0x98, 0x21, 0x9f,
0x7e, 0xbd, 0xba, 0x1c, 0x3d, 0x22, 0xf4, 0x93,
0x6f, 0x1e, 0xac, 0x99, 0x06, 0xf6, 0xb2, 0x27,
0xc8, 0x49, 0x61, 0xa7, 0xb4, 0x28
};
// SRTCP Test Vectors
// SSRC = 0xcafebabe
uint8_t srtcp_ciphertext_128[38] = {
0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
0x71, 0x28, 0x03, 0x5b, 0xe4, 0x87, 0xb9, 0xbd,
0xbe, 0xf8, 0x90, 0x41, 0xf9, 0x77, 0xa5, 0xa8,
0x80, 0x00, 0x00, 0x01, 0x99, 0x3e, 0x08, 0xcd,
0x54, 0xd6, 0xc1, 0x23, 0x07, 0x98
};
uint8_t srtcp_ciphertext_192[38] = {
0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
0x96, 0x6d, 0x60, 0x3e, 0x71, 0xf9, 0xaf, 0x33,
0x5c, 0xf9, 0x09, 0x1a, 0x50, 0xca, 0x4d, 0x3a,
0x80, 0x00, 0x00, 0x01, 0xd4, 0x2b, 0x40, 0x21,
0x8d, 0xde, 0x49, 0x90, 0xbd, 0xef
};
uint8_t srtcp_ciphertext_256[38] = {
0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
0x0a, 0x86, 0x5d, 0x33, 0x9e, 0x31, 0x26, 0x93,
0x59, 0x23, 0x87, 0xd4, 0x5b, 0x99, 0xa5, 0x57,
0x80, 0x00, 0x00, 0x01, 0x84, 0xf3, 0xb4, 0xf2,
0xb5, 0x95, 0x61, 0x5a, 0xf9, 0xb5
};
// Another set of AES-256 test vectors from libsrtp
uint8_t aes_256_test_key[46] = {
0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
};
uint8_t aes_256_rtp_plaintext_ref[28] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab
};
uint8_t aes_256_srtp_ciphertext[38] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17,
0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74,
0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a,
0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b
};
#define RTP_HEADER_LEN 12
#define RTCP_HEADER_LEN 8
// Test: AES-128 CM
void srtp_validate (struct crypto_context *c, struct crypto_context *c2, char* message, uint8_t *plaintext, uint8_t *ciphertext,
uint8_t *rtcp_plaintext, uint8_t *rtcp_ciphertext)
{
str payload, hash;
uint8_t o_hash[10];
uint8_t srtp_plaintext[38];
uint8_t srtp_ciphertext[38];
uint8_t srtcp_plaintext[38];
uint8_t srtcp_ciphertext[38];
memcpy(srtp_plaintext, plaintext, 28);
memcpy(srtp_ciphertext, ciphertext, 38);
// in-place crypto so we must encrypt first
payload.len = 16;
payload.s = srtp_plaintext+RTP_HEADER_LEN;
crypto_encrypt_rtp(c, (struct rtp_header *)srtp_plaintext, &payload, ntohs(((struct rtp_header *)srtp_plaintext)->seq_num));
hash.len = 28;
hash.s = srtp_plaintext;
c->params.crypto_suite->hash_rtp(c, srtp_plaintext+28, &hash, ntohs(((struct rtp_header *)srtp_plaintext)->seq_num));
assert( memcmp(payload.s, srtp_ciphertext+RTP_HEADER_LEN, 26) == 0 );
printf("%s RTP encrypt: PASS\n", message);
hash.s = srtp_ciphertext;
c->params.crypto_suite->hash_rtp(c, o_hash, &hash, ntohs(((struct rtp_header *)srtp_plaintext)->seq_num));
payload.len = 16;
payload.s = srtp_ciphertext+RTP_HEADER_LEN;
crypto_decrypt_rtp(c, (struct rtp_header *)srtp_ciphertext, &payload, ntohs(((struct rtp_header *)srtp_ciphertext)->seq_num));
assert( memcmp(payload.s, rtp_plaintext_ref+RTP_HEADER_LEN, 16) == 0 );
assert( memcmp(o_hash, srtp_ciphertext+RTP_HEADER_LEN+16, 10) == 0 );
printf("%s RTP decrypt: PASS\n", message);
// in-place crypto so we must encrypt first
if (!c2) return;
memcpy(srtcp_plaintext, rtcp_plaintext, 24);
memcpy(srtcp_ciphertext, rtcp_ciphertext, 38);
memcpy(srtcp_plaintext+24, srtcp_ciphertext+24, 4);
payload.len = 16;
payload.s = srtcp_plaintext+RTCP_HEADER_LEN;
crypto_encrypt_rtcp(c2, (struct rtcp_packet *)srtcp_plaintext, &payload, 1);
hash.len = 28;
hash.s = srtcp_plaintext;
c->params.crypto_suite->hash_rtcp(c2, srtcp_plaintext+28, &hash);
assert( memcmp(payload.s, srtcp_ciphertext+RTCP_HEADER_LEN, 30) == 0 );
printf("%s RTCP encrypt: PASS\n", message);
hash.s = srtcp_ciphertext;
c->params.crypto_suite->hash_rtcp(c2, o_hash, &hash);
payload.len = 16;
payload.s = srtcp_ciphertext+RTCP_HEADER_LEN;
crypto_decrypt_rtcp(c2, (struct rtcp_packet *)srtcp_ciphertext, &payload, 1);
assert( memcmp(payload.s, rtcp_plaintext_ref+RTCP_HEADER_LEN, 16) == 0 );
assert( memcmp(o_hash, srtcp_ciphertext+RTCP_HEADER_LEN+16+4, 10) == 0 );
printf("%s RTCP decrypt: PASS\n", message);
}
extern void crypto_init_main();
void check_session_keys(struct crypto_context *c, int i) {
str s;
str_init_len_assert(&s, c->session_key, c->params.crypto_suite->session_key_len);
if (crypto_gen_session_key(c, &s, i++, 6))
goto error;
str_init_len_assert(&s, c->session_auth_key, c->params.crypto_suite->srtp_auth_key_len);
if (crypto_gen_session_key(c, &s, i++, 6))
goto error;
str_init_len_assert(&s, c->session_salt, c->params.crypto_suite->session_salt_len);
if (crypto_gen_session_key(c, &s, i, 6))
goto error;
c->have_session_key = 1;
crypto_init_session_key(c);
error:
return;
}
int main(int argc, char** argv) {
str suite;
str s;
const struct crypto_suite *c;
struct crypto_context ctx, ctx2;
crypto_init_main();
str_init(&suite, "AES_CM_128_HMAC_SHA1_80");
c = crypto_find_suite(&suite);
assert(c);
memset(&ctx, 0, sizeof(ctx));
ctx.params.crypto_suite = c;
memcpy(ctx.params.master_key, test_key, 16);
memcpy(ctx.params.master_salt, (uint8_t*)test_key+16, 14);
ctx.params.mki_len = 0;
check_session_keys(&ctx, 0);
memset(&ctx2, 0, sizeof(ctx2));
ctx2.params.crypto_suite = c;
memcpy(ctx2.params.master_key, test_key, 16);
memcpy(ctx2.params.master_salt, (uint8_t*)test_key+16, 14);
ctx2.params.mki_len = 0;
check_session_keys(&ctx2, 3);
srtp_validate(&ctx, &ctx2, "SRTP AES-CM-128", rtp_plaintext_ref, srtp_ciphertext_128,
rtcp_plaintext_ref, srtcp_ciphertext_128);
str_init(&suite, "AES_CM_192_HMAC_SHA1_80");
c = crypto_find_suite(&suite);
assert(c);
memset(&ctx, 0, sizeof(ctx));
ctx.params.crypto_suite = c;
memcpy(ctx.params.master_key, test_key, 24);
memcpy(ctx.params.master_salt, (uint8_t*)test_key+24, 14);
ctx.params.mki_len = 0;
check_session_keys(&ctx, 0);
memset(&ctx2, 0, sizeof(ctx2));
ctx2.params.crypto_suite = c;
memcpy(ctx2.params.master_key, test_key, 24);
memcpy(ctx2.params.master_salt, (uint8_t*)test_key+24, 14);
ctx2.params.mki_len = 0;
check_session_keys(&ctx2, 3);
srtp_validate(&ctx, &ctx2, "SRTP AES-CM-192", rtp_plaintext_ref, srtp_ciphertext_192,
rtcp_plaintext_ref, srtcp_ciphertext_192);
str_init(&suite, "AES_CM_256_HMAC_SHA1_80");
c = crypto_find_suite(&suite);
assert(c);
memset(&ctx, 0, sizeof(ctx));
ctx.params.crypto_suite = c;
memcpy(ctx.params.master_key, test_key, 32);
memcpy(ctx.params.master_salt, (uint8_t*)test_key+32, 14);
ctx.params.mki_len = 0;
check_session_keys(&ctx, 0);
memset(&ctx2, 0, sizeof(ctx2));
ctx2.params.crypto_suite = c;
memcpy(ctx2.params.master_key, test_key, 32);
memcpy(ctx2.params.master_salt, (uint8_t*)test_key+32, 14);
ctx2.params.mki_len = 0;
check_session_keys(&ctx2, 3);
srtp_validate(&ctx, &ctx2, "SRTP AES-CM-256", rtp_plaintext_ref, srtp_ciphertext_256,
rtcp_plaintext_ref, srtcp_ciphertext_256);
memset(&ctx, 0, sizeof(ctx));
ctx.params.crypto_suite = c;
memcpy(ctx.params.master_key, aes_256_test_key, 32);
memcpy(ctx.params.master_salt, (uint8_t*)aes_256_test_key+32, 14);
ctx.params.mki_len = 0;
check_session_keys(&ctx, 0);
srtp_validate(&ctx, NULL, "extra AES-CM-256", aes_256_rtp_plaintext_ref, aes_256_srtp_ciphertext,
NULL, NULL);
}
Write Preview
Loading…
Cancel
Save