retronetworking
/
freeswitch
12
0
Fork 0
Code Pull Requests Releases Activity

FS-9785: upgrade libsrtp to 2.1

v1.8
Mike Jerris 2017-06-26 12:11:02 -05:00
parent 19e8621682
commit 3bcf5b7ff8
129 changed files with 21084 additions and 21652 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Makefile.am
View File

@ -584,14 +584,11 @@ libs/apr-util/libaprutil-1.la: libs/apr/libapr-1.la libs/apr-util libs/apr-util/
SRTP_SRC = libs/srtp/srtp/srtp.c libs/srtp/srtp/ekt.c libs/srtp/crypto/cipher/cipher.c libs/srtp/crypto/cipher/null_cipher.c \
libs/srtp/crypto/cipher/aes.c libs/srtp/crypto/cipher/aes_icm.c \
libs/srtp/crypto/cipher/aes_cbc.c \
libs/srtp/crypto/hash/null_auth.c libs/srtp/crypto/hash/sha1.c \
libs/srtp/crypto/hash/hmac.c libs/srtp/crypto/hash/auth.c \
libs/srtp/crypto/math/datatypes.c libs/srtp/crypto/math/stat.c \
libs/srtp/crypto/kernel/crypto_kernel.c libs/srtp/crypto/kernel/alloc.c \
libs/srtp/crypto/kernel/key.c \
libs/srtp/crypto/rng/prng.c libs/srtp/crypto/rng/ctr_prng.c \
libs/srtp/crypto/kernel/err.c libs/srtp/crypto/rng/rand_source.c \
libs/srtp/crypto/kernel/key.c libs/srtp/crypto/kernel/err.c \
libs/srtp/crypto/replay/rdb.c libs/srtp/crypto/replay/rdbx.c libs/srtp/crypto/replay/ut_sim.c
libs/srtp/libsrtp.la: libs/srtp libs/srtp/.update $(SRTP_SRC)

252
libs/srtp/CHANGES
View File

@ -1,223 +1,167 @@
Changelog
1.3.20
2.1.0
Lots of changes. Thanks to Jeff Chan for catching a memory leak and
helping track down the endian issues with the SSRCs.
Compatibility changes
1.3.8
PR #253 - Cipher type cleanup for AES
When libSRTP is compiled with OpenSSL and the AES 256 ICM cipher is used
with RTCP an incorrect initialization vector is formed.
This change will break backwards compatibility with older versions (1.5,
2.0) of libSRTP when using the AES 256 ICM cipher with OpenSSL for RTCP.
This is an interim release. Several little-endian bugs were identified
and fixed; this means that we can use intel/linux for development again.
PR #259 - Sequence number incorrectly masked for AES GCM IV
The initialization vector for AES GCM encryption was incorrectly formed on
little endian machines.
This change will break backwards compatibility with older versions (1.5,
2.0) of libSRTP when using the AES GCM cipher for RTCP.
Cleaned up sha1 and hmac code significantly, got rid of some excess
functions and properly documented the fuctions in the .h files.
PR #287 - Fix OOB read in key generation for encrypted headers with GCM ciphers
Adds padding of GCM salt to the corresponding ICM length used for header
encryption.
This change will break backwards compatibility with version 2.0 of libSRTP
when using the header encryption extension with the AES GCM cipher.
Eliminated some vestigial files.
Major changes
There is a SIGBUS error in the AES encrypt function on sparc
(observed on both solaris and openbsd) with gcc 2.95. Was unable to
find bad pointer anywhere, so I'm wondering if it isn't a compiler
problem (there's a known problem whose profile it fits). It doesn't
appear on any other platform, even in the cipher_driver stress
tests.
PR #204 - OpenSSL performance improvements
Changed key expansion to occur once per key instead of once per packet.
Planned changes
PR #209 - Restore AES-192 under BoringSSL
BoringSSL supports AES-192 and is now enabled in libSRTP.
Change interface to nonces (xtd_seq_num_t) so that it uses
network byte ordering, and is consistent with other arguments.
PR #224 - Master Key Identifiers (MKI) Support patch
Adds MKI support with up to 4 keys.
PR #234 - Report SSRC instead of srtp_stream_t in srtp_event_data_t
srtp_stream_t is an opaque type making the event framework almost useless.
Now the SSRC is returned instead for use as a key in the public API.
1.3.6
PR #238 - Configure changes and improvements
CFLAGS check more shell neutral, quotation fixes, always generate and
install pkg-config file, improved OpenSSL discovery and linking, remove
-fPIC flag on Windows, fix shared library generation under Cygwin, replace
hardcoded CFLAGS with compiler checks, and regenerate configure after
configure.in changes.
Changed /dev/random (in configure.in and crypto/rng/rand_source.c) to
/dev/urandom; the latter is non-blocking on all known platforms (which
corrects some programs that seem to hang) and is actually present on
Open BSD (unlike /dev/random, which only works in the presence of
hardware supported random number generation).
PR #241 & PR #261 - Improved logging API to receive log messages from libSRTP
Provides a logging API and the ability to enable logging to stdout and a
file, as well as a switch to enable all internal debug modules.
Added machine/types.h case in include/integers.h.
PR #289 - Added support for set and get the roll-over-counter
Adds an API to set and get the ROC in an (S)RTP session.
1.3.5
PR #304 - Fix (S)RTP and (S)RTCP for big endian machines
The structures srtp_hdr_t, srtcp_hdr_t and srtcp_trailer_t were defined
incorrectly on big endian systems.
Removing srtp_t::template and stream_clone().
Other changes
Adding a new policy structure, which will reflect a complete SRTP
policy (including SRTCP).
PR #149 - Don't create a symlink if there is no $(SHAREDLIBVERSION)
This version is *incomplete* and will undergo more changes. It is
provided only as a basis for discussion.
PR #151 - Make srtp_driver compile for MIPS
1.3.4
PR #160 - Use PKG_PROG_PKG_CONFIG to find correct pkg-config
Removed tmmh.c and tmmh.h, which implemented version one of TMMH.
PR #167 - Additional RTCP and SRTCP tests
Changed srtp_get_trailer_length() to act on streams rather than
sessions, and documented the macro SRTP_MAX_TRAILER_LEN, which should
usually be used rather than that function.
PR #169 - Identified merge conflict created by commit 6b71fb9
Removed 'salt' from cipher input.
PR #173 - Avoid error 'possibly undefined macro: AM_PROG_AR'
Changed rdbx to use err.h error codes.
PR #174 - Avoid warning 'The macro AC_TRY_LINK is obsolete.'
Changed malloc() and free() to xalloc() and xfree; these functions
are defined in crypto/kernel/alloc.c and declared in
include/alloc.h.
PR #175 - Remove 2nd -fPIC
Added 'output' functions to cipher, in addition to 'encrypt'
functions. It is no longer necessary to zeroize a buffer before
encrypting in order to get keystream.
PR #182 - Add a length check before reading packet data
Changed octet_string_hex_string() so that "times two" isn't needed
in its input.
PR #191 - On debug, output correct endianness of SSRC
Added crypto_kernel_init() prior to command-line parsing, so that
kernel can be passed command-line arguments, such as "-d
debug_module". This was done to for the applications
test/srtp-driver, test/kernel-driver, and test/ust-driver.
PR #192 - Replace octet_string_is_eq with a constant-time implementation
Improved srtp_init_aes_128_prf - wrote key derivation function
(srtp_kdf_t).
PR #195 - Add missing __cplusplus header guards
Add the tag_len as an argument to the auth_compute() function, but
not the corresponding macro. This change allows the tag length for
a given auth func to be set to different values at initialization
time. Previously, the structure auth_t contained the
output_length, but that value was inaccessible from hmac_compute()
and other functions.
PR #198 - Update sha1_driver.c to avoid memory leaks
Re-named files from a-b.c to a_b.c. in order to help portability.
PR #202 - Add an explicit cast to avoid a printf format warning on macOS
Re-named rijndael to aes (or aes_128 as appropriate).
PR #205 - Update Windows build files to Visual Studio 2015
PR #207 - Fix to install-win.bat syntax, and add installation of x64 libraries
1.2.1
PR #208 - Make replace_cipher and replace_auth public again
Changes so that 1.2.0 compiles on cygwin-win2k.
PR #211 - Changes for OpenSSL 1.1.0 compatibility
Added better error reporting system. If syslog is present on the
OS, then it is used.
PR #213 - Add cast to `unsigned int` in call to printf in test
PR #214 - Avoid empty initializer braces
1.2.0 Many improvements and additions, and a fex fixes
PR #222 - Fix issue: No consistency when use some srtp_* functions
Fixed endian issues in RTP header construction in the function
rtp_sendto() in srtp/rtp.c.
PR #231 - Advance version on master in preparation for 2.1 release
Implemented RIJNDAEL decryption operation, adding the functions
rijndael_decrypt() and rijndael_expand_decryption_key(). Also
re-named rijndael_expand_key() to rijndael_expand_encryption_key()
for consistency.
PR #232 - Update Travis, do not build with OpenSSL on OSX
Implemented random number source using /dev/random, in the files
crypto/rng/rand_source.c and include/rand_source.h.
PR #233 - crypto/replay/rdbx.c: Return type of srtp_index_guess from int to
int32_t
Added index check to SEAL cipher (only values less than 2^32 are
allowed)
PR #236 - test/rtp_decoder.c: Removed superfluous conditional
Added test case for null_auth authentication function.
PR #237 - test/rtp_decoder.c: spring cleaning
Added a timing test which tests the effect of CPU cache thrash on
cipher throughput. The test is done by the function
cipher_test_throughput_array(); the function
cipher_array_alloc_init() creates an array of ciphers for use in
this test. This test can be accessed by using the -a flag to
the application cipher-driver in the test subdirectory.
Added argument processing to ust-driver.c, and added that app to
the 'runtest' target in Makefile.in.
PR #239 - octet_string_set_to_zero() delegates to OPENSSL_cleanse() if
available, if not it will use srtp_cleanse() to zero memory
A minor auth_t API change: last argument of auth_init() eliminated.
PR #243 - EKT is not really supported yet, remove from install
PR #244 - Add simple error checking in timing test to avoid false results
1.0.6 A small but important fix
PR #245 - Add missing srtp_cipher_dealloc calls when test fails
Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero()
after buffer allocation.
PR #246 - test/rtp_decoder: Add missing conditional
Eliminated references to no-longer-existing variables in debugging
code in srtp/srtp.c. This fixes the compilation failure that
occured when using PRINT_DEBUG in that file.
PR #248 - New README.md that integrates intro, credits and references from
/doc/ and is used to generate documentation
Corrected spelling of Richard Priestley's name in credits. Sorry
Richard!
PR #249 - Remove support for generic aesicm from configure.in
PR #250 - Update README.md, incorrect tag for link
1.0.5 Many little fixes
PR #255 - Cleanup outdated comment related to MKI
Fixed octet_string_set_to_zero(), which was writing one
more zero octet than it should. This bug caused srtp_protect()
and srtp_unprotect() to overwrite the byte that followed the
srtp packet.
PR #258 - Add AES-GCM to DTLS-SRTP Protection Profiles
Changed sizeof(uint32_t) to srtp_get_trailer_length() in
srtp-driver.c. This is just defensive coding.
PR #263 - Cleaning up and removing duplicated and outdated code
Added NULL check to malloc in srtp_alloc().
PR #265 - Introduction of unit test framework: CUTest
PR #267 - crypto/kernel/err.c: Include datatypes.h
1.0.4 Many minor fixes and two big ones (thanks for the bug reports!)
PR #272 - Reduce literal constants
Removed 'ssrc' from the srtp_init_aes_128_prf() function argument
list. This is so that applications which do not a priori know the
ssrc which they will be receiving can still use libsrtp. Now the
SSRC value is gleaned from the rtp header and exored into the
counter mode offset in the srtp_protect() and srtp_unprotect()
functions, if that cipher is used. This change cascaed through
many other functions, including srtp_init_from_hex(),
srtp_sender_init() and srtp_receiver_init() in rtp.c, and also
changing the CLI to test/rtpw. In the future, another function
call will be added to the library that enables multiple ssrc/key
pairs to be installed into the same srtp session, so that libsrtp
works with multiple srtp senders. For now, this functionality is
lacking.
PR #273 - SRTP AEAD SRTCP initialization vector regression tests
Removed the GDOI interface to the rtpw demo program. This will be
added again at a later date, after the SRTP and GDOI distributions
stabilize. For now, I've left in the GDOI #defines and autoconf
definitions so that they'll be in place when needed.
PR #274 - Update Travis build - add ccache
Updated tmmhv2_compute() so that it didn't assume any particular
alginment of the output tag.
PR #276 - Reference and docs updates
Changed bit field variables in srtp.h to unsigned char from
unsigned int in order to avoid a potential endianness issue.
PR #278 - Removed crypto/test/auth_driver.c and test/lfsr.c
Fixed rdbx_estimate_index() to handle all input cases. This solves
the now notorious "abaft" bug in the rtpw demo app on linux/intel,
in which spurious replay protection failures happen after that word
is received.
PR #279 - Bump copyright year
Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed
from rijndael_icm_set_segment().
PR #283 - Add missing docs in srtp.h
Added error checking and handling to srtp_sender_init() and
srtp_receiver_init().
PR #284 - Add strict-prototypes warning if supported
Changed srtp_alloc() so that it does what you'd expect: allocate an
srtp_ctx_t structure. This hides the library internals.
PR #291 - Use const char * for srtp_set_debug_module()
PR #294 - Fix incorrect result of rdb_increment on overflow
1.0.1 Many minor fixes
PR #300 - Standalone tests
Added cipher_driver_buffer_test(...) to test/cipher-driver.c. This
function checks that the byte-buffering functions used by a cipher
are correct.
PR #301 - Configure fixes
Fixed SunOS/Solaris build problems: added HAVE_SYS_INT_TYPES_H and
changed index_t to xtd_seq_num_t (see include/rdbx.h).
Fixed SEAL3.0 output byte buffering, added byte-buffering test to
cipher/cipher-driver.c.
Fixed roc-driver so that the non-sequential insertion test
automatically recovers from bad estimates. This was required to
prevent spurious failures.
Made rdbx_estimate_index(...) function smarter, so that initial RTP
sequence numbers greater than 32,768 don't cause it to estimate the
rollover counter of 0xffffffff.
1.0.0 Initial release
PR #302 - Fix warning regarding unused variable
PR #303 - Makefile.in: Add gnu as match for shared lib suffix

2
libs/srtp/LICENSE
View File

@ -1,6 +1,6 @@
/*
*
* Copyright (c) 2001-2006 Cisco Systems, Inc.
* Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without

34
libs/srtp/Makefile.am
View File

@ -1,4 +1,4 @@
AUTOMAKE_OPTIONS = gnu
AUTOMAKE_OPTIONS = gnu subdir-objects
NAME=srtp
AM_CFLAGS = $(new_AM_CFLAGS) -I./src -Icrypto/include -I$(srcdir)/include -I$(srcdir)/crypto/include
@ -6,10 +6,9 @@ AM_CPPFLAGS = $(AM_CFLAGS)
AM_LDFLAGS = $(new_AM_LDFLAGS) -L.
HMAC_OBJS = @HMAC_OBJS@
RNG_EXTRA_OBJS = @RNG_EXTRA_OBJS@
AES_ICM_OBJS = @AES_ICM_OBJS@
lib_LTLIBRARIES = libsrtp.la libcryptomath.la
lib_LTLIBRARIES = libsrtp.la
libsrtp_la_SOURCES = srtp/srtp.c srtp/ekt.c crypto/cipher/cipher.c crypto/cipher/null_cipher.c \
crypto/hash/null_auth.c crypto/hash/auth.c \
crypto/math/datatypes.c crypto/math/stat.c \
@ -24,39 +23,24 @@ EXTRA_DIST=
if ENABLE_OPENSSL
libsrtp_la_SOURCES += crypto/cipher/aes_icm_ossl.c crypto/cipher/aes_gcm_ossl.c
libsrtp_la_SOURCES += crypto/rng/rand_source_ossl.c
libsrtp_la_SOURCES += crypto/hash/hmac_ossl.c
else
libsrtp_la_SOURCES += crypto/hash/sha1.c crypto/hash/hmac.c
libsrtp_la_SOURCES += crypto/cipher/aes_icm.c crypto/cipher/aes.c crypto/cipher/aes_cbc.c
libsrtp_la_SOURCES += crypto/rng/prng.c crypto/rng/ctr_prng.c
if RNG_OBJS_LINUX
libsrtp_la_SOURCES += crypto/rng/rand_linux_kernel.c
EXTRA_DIST += crypto/rng/rand_source.c
else
libsrtp_la_SOURCES += crypto/rng/rand_source.c
endif
libsrtp_la_SOURCES += crypto/cipher/aes_icm.c crypto/cipher/aes.c
endif
if GDOI
libsrtp_la_SOURCES += gdoi/srtp+gdoi.c
endif
libcryptomath_la_SOURCES = crypto/math/math.c crypto/math/gf2_8.c
libcryptomath_la_LDFLAGS = -version-info 1:42:1
library_includedir = $(prefix)/include/srtp
library_include_HEADERS = include/rtp.h include/srtp.h include/ut_sim.h crypto/include/aes_cbc.h crypto/include/auth.h \
crypto/include/crypto_math.h crypto/include/datatypes.h crypto/include/integers.h crypto/include/null_cipher.h \
library_include_HEADERS = include/rtp.h include/srtp.h include/ut_sim.h crypto/include/auth.h \
crypto/include/datatypes.h crypto/include/integers.h crypto/include/null_cipher.h \
crypto/include/rdbx.h crypto/include/aes_icm.h crypto/include/cipher.h crypto/include/crypto_types.h \
crypto/include/err.h crypto/include/kernel_compat.h crypto/include/prng.h crypto/include/sha1.h \
crypto/include/aes.h crypto/include/config.h crypto/include/crypto.h crypto/include/gf2_8.h crypto/include/key.h \
crypto/include/rand_source.h crypto/include/stat.h crypto/include/alloc.h crypto/include/crypto_kernel.h \
crypto/include/cryptoalg.h crypto/include/hmac.h crypto/include/null_auth.h crypto/include/rdb.h crypto/include/xfm.h
noinst_PROGRAMS = aes_tables
aes_tables_SOURCES = tables/aes_tables.c
aes_tables_LDADD = libcryptomath.la
crypto/include/err.h crypto/include/sha1.h \
crypto/include/aes.h crypto/include/config.h crypto/include/key.h \
crypto/include/stat.h crypto/include/alloc.h crypto/include/crypto_kernel.h \
crypto/include/hmac.h crypto/include/null_auth.h crypto/include/rdb.h
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = srtp-1.42.pc

460
libs/srtp/README.md Normal file
View File

@ -0,0 +1,460 @@
<a name="introduction-to-libsrtp"></a>
# Introduction to libSRTP
This package provides an implementation of the Secure Real-time
Transport Protocol (SRTP), the Universal Security Transform (UST), and
a supporting cryptographic kernel. The SRTP API is documented in include/srtp.h,
and the library is in libsrtp2.a (after compilation).
This document describes libSRTP, the Open Source Secure RTP library
from Cisco Systems, Inc. RTP is the Real-time Transport Protocol, an
IETF standard for the transport of real-time data such as telephony,
audio, and video, defined by [RFC 3550](https://www.ietf.org/rfc/rfc3550.txt).
Secure RTP (SRTP) is an RTP profile for providing confidentiality to RTP data
and authentication to the RTP header and payload. SRTP is an IETF Standard,
defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt), and was developed
in the IETF Audio/Video Transport (AVT) Working Group. This library supports
all of the mandatory features of SRTP, but not all of the optional features. See
the [Supported Features](#supported-features) section for more detailed information.
This document is also used to generate the documentation files in the /doc/
folder where a more detailed reference to the libSRTP API and related functions
can be created (requires installing doxygen.). The reference material is created
automatically from comments embedded in some of the C header files. The
documentation is organized into modules in order to improve its clarity. These
modules do not directly correspond to files. An underlying cryptographic kernel
provides much of the basic functionality of libSRTP but is mostly undocumented
because it does its work behind the scenes.
--------------------------------------------------------------------------------
<a name="contact"></a>
# Contact Us
- [libsrtp@lists.packetizer.com](mailto:libsrtp@lists.packetizer.com) general mailing list for news / announcements / discussions. This is an open list, see
[https://lists.packetizer.com/mailman/listinfo/libsrtp](https://lists.packetizer.com/mailman/listinfo/libsrtp) for singing up.
- [libsrtp-security@lists.packetizer.com](mailto:libsrtp-security@lists.packetizer.com) for disclosing security issues to the libsrtp maintenance team. This is a closed list but anyone can send to it.
--------------------------------------------------------------------------------
<a name="contents"></a>
## Contents
- [Introduction to libSRTP](#introduction-to-libsrtp)
- [Contact Us](#contact)
- [Contents](#contents)
- [License and Disclaimer](#license-and-disclaimer)
- [libSRTP Overview](#libsrtp-overview)
- [Secure RTP Background](#secure-rtp-background)
- [Supported Features](#supported-features)
- [Implementation Notes](#implementation-notes)
- [Installing and Building libSRTP](#installing-and-building-libsrtp)
- [Applications](#applications)
- [Example Code](#example-code)
- [Credits](#credits)
- [References](#references)
--------------------------------------------------------------------------------
<a name="license-and-disclaimer"></a>
# License and Disclaimer
libSRTP is distributed under the following license, which is included
in the source code distribution. It is reproduced in the manual in
case you got the library from another source.
> Copyright (c) 2001-2017 Cisco Systems, Inc. All rights reserved.
>
> Redistribution and use in source and binary forms, with or without
> modification, are permitted provided that the following conditions
> are met:
>
> - Redistributions of source code must retain the above copyright
> notice, this list of conditions and the following disclaimer.
> - Redistributions in binary form must reproduce the above copyright
> notice, this list of conditions and the following disclaimer in
> the documentation and/or other materials provided with the distribution.
> - Neither the name of the Cisco Systems, Inc. nor the names of its
> contributors may be used to endorse or promote products derived
> from this software without specific prior written permission.
>
> THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
> FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
> COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
> INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
> (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
> SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
> STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
> ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
> OF THE POSSIBILITY OF SUCH DAMAGE.
--------------------------------------------------------------------------------
<a name="libsrtp-overview"></a>
# libSRTP Overview
libSRTP provides functions for protecting RTP and RTCP. RTP packets
can be encrypted and authenticated (using the `srtp_protect()`
function), turning them into SRTP packets. Similarly, SRTP packets
can be decrypted and have their authentication verified (using the
`srtp_unprotect()` function), turning them into RTP packets. Similar
functions apply security to RTCP packets.
The typedef `srtp_stream_t` points to a structure holding all of the
state associated with an SRTP stream, including the keys and
parameters for cipher and message authentication functions and the
anti-replay data. A particular `srtp_stream_t` holds the information
needed to protect a particular RTP and RTCP stream. This datatype
is intentionally opaque in order to better seperate the libSRTP
API from its implementation.
Within an SRTP session, there can be multiple streams, each
originating from a particular sender. Each source uses a distinct
stream context to protect the RTP and RTCP stream that it is
originating. The typedef `srtp_t` points to a structure holding all of
the state associated with an SRTP session. There can be multiple
stream contexts associated with a single `srtp_t`. A stream context
cannot exist indepent from an `srtp_t`, though of course an `srtp_t` can
be created that contains only a single stream context. A device
participating in an SRTP session must have a stream context for each
source in that session, so that it can process the data that it
receives from each sender.
In libSRTP, a session is created using the function `srtp_create()`.
The policy to be implemented in the session is passed into this
function as an `srtp_policy_t` structure. A single one of these
structures describes the policy of a single stream. These structures
can also be linked together to form an entire session policy. A linked
list of `srtp_policy_t` structures is equivalent to a session policy.
In such a policy, we refer to a single `srtp_policy_t` as an *element*.
An `srtp_policy_t` strucutre contains two `crypto_policy_t` structures
that describe the cryptograhic policies for RTP and RTCP, as well as
the SRTP master key and the SSRC value. The SSRC describes what to
protect (e.g. which stream), and the `crypto_policy_t` structures
describe how to protect it. The key is contained in a policy element
because it simplifies the interface to the library. In many cases, it
is desirable to use the same cryptographic policies across all of the
streams in a session, but to use a distinct key for each stream. A
`crypto_policy_t` structure can be initialized by using either the
`crypto_policy_set_rtp_default()` or `crypto_policy_set_rtcp_default()`
functions, which set a crypto policy structure to the default policies
for RTP and RTCP protection, respectively.
--------------------------------------------------------------------------------
<a name="secure-rtp-background"></a>
## Secure RTP Background
In this section we review SRTP and introduce some terms that are used
in libSRTP. An RTP session is defined by a pair of destination
transport addresses, that is, a network address plus a pair of UDP
ports for RTP and RTCP. RTCP, the RTP control protocol, is used to
coordinate between the participants in an RTP session, e.g. to provide
feedback from receivers to senders. An *SRTP session* is
similarly defined; it is just an RTP session for which the SRTP
profile is being used. An SRTP session consists of the traffic sent
to the SRTP or SRTCP destination transport addresses. Each
participant in a session is identified by a synchronization source
(SSRC) identifier. Some participants may not send any SRTP traffic;
they are called receivers, even though they send out SRTCP traffic,
such as receiver reports.
RTP allows multiple sources to send RTP and RTCP traffic during the
same session. The synchronization source identifier (SSRC) is used to
distinguish these sources. In libSRTP, we call the SRTP and SRTCP
traffic from a particular source a *stream*. Each stream has its own
SSRC, sequence number, rollover counter, and other data. A particular
choice of options, cryptographic mechanisms, and keys is called a
*policy*. Each stream within a session can have a distinct policy
applied to it. A session policy is a collection of stream policies.
A single policy can be used for all of the streams in a given session,
though the case in which a single *key* is shared across multiple
streams requires care. When key sharing is used, the SSRC values that
identify the streams **must** be distinct. This requirement can be
enforced by using the convention that each SRTP and SRTCP key is used
for encryption by only a single sender. In other words, the key is
shared only across streams that originate from a particular device (of
course, other SRTP participants will need to use the key for
decryption). libSRTP supports this enforcement by detecting the case
in which a key is used for both inbound and outbound data.
--------------------------------------------------------------------------------
<a name="supported-features"></a>
## Supported Features
This library supports all of the mandatory-to-implement features of
SRTP (as defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt)). Some of these
features can be selected (or de-selected) at run time by setting an
appropriate policy; this is done using the structure `srtp_policy_t`.
Some other behaviors of the protocol can be adapted by defining an
approriate event handler for the exceptional events; see the SRTPevents
section in the generated documentation.
Some options that are described in the SRTP specification are not
supported. This includes
- key derivation rates other than zero,
- the cipher F8,
- the use of the packet index to select between master keys.
The user should be aware that it is possible to misuse this libary,
and that the result may be that the security level it provides is
inadequate. If you are implementing a feature using this library, you
will want to read the Security Considerations section of [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt).
In addition, it is important that you read and understand the
terms outlined in the [License and Disclaimer](#license-and-disclaimer) section.
--------------------------------------------------------------------------------
<a name="implementation-notes"></a>
## Implementation Notes
* The `srtp_protect()` function assumes that the buffer holding the
rtp packet has enough storage allocated that the authentication
tag can be written to the end of that packet. If this assumption
is not valid, memory corruption will ensue.
* Automated tests for the crypto functions are provided through
the `cipher_type_self_test()` and `auth_type_self_test()` functions.
These functions should be used to test each port of this code
to a new platform.
* Replay protection is contained in the crypto engine, and
tests for it are provided.
* This implementation provides calls to initialize, protect, and
unprotect RTP packets, and makes as few as possible assumptions
about how these functions will be called. For example, the
caller is not expected to provide packets in order (though if
they're called more than 65k out of sequence, synchronization
will be lost).
* The sequence number in the rtp packet is used as the low 16 bits
of the sender's local packet index. Note that RTP will start its
sequence number in a random place, and the SRTP layer just jumps
forward to that number at its first invocation. An earlier
version of this library used initial sequence numbers that are
less than 32,768; this trick is no longer required as the
`rdbx_estimate_index(...)` function has been made smarter.
* The replay window for (S)RTCP is hardcoded to 128 bits in length.
--------------------------------------------------------------------------------
<a name="installing-and-building-libsrtp"></a>
# Installing and Building libSRTP
To install libSRTP, download the latest release of the distribution
from [https://github.com/cisco/libsrtp/releases](https://github.com/cisco/libsrtp/releases).
You probably want to get the most recent release. Unpack the distribution and
extract the source files; the directory into which the source files
will go is named `libsrtp-A-B-C` where `A` is the version number, `B` is the
major release number and `C` is the minor release number.
libSRTP uses the GNU `autoconf` and `make` utilities (BSD make will not work; if
both versions of make are on your platform, you can invoke GNU make as
`gmake`.). In the `libsrtp` directory, run the configure script and then
make:
~~~.txt
./configure [ options ]
make
~~~
The configure script accepts the following options:
Option | Description
-------------------------------|--------------------
\-\-help \-h | Display help
\-\-enable-debug-logging | Enable debug logging in all modules
\-\-enable-log-stdout | Enable logging to stdout
\-\-enable-openssl | Enable OpenSSL crypto engine
\-\-enable-openssl-kdf | Enable OpenSSL KDF algorithm
\-\-with-log-file | Use file for logging
\-\-with-openssl-dir | Location of OpenSSL installation
By default there is no log output, logging can be enabled to be output to stdout
or a given file using the configure options.
This package has been tested on the following platforms: Mac OS X
(powerpc-apple-darwin1.4), Cygwin (i686-pc-cygwin), Solaris
(sparc-sun-solaris2.6), RedHat Linux 7.1 and 9 (i686-pc-linux), and
OpenBSD (sparc-unknown-openbsd2.7).
--------------------------------------------------------------------------------
<a name="applications"></a>
# Applications
Several test drivers and a simple and portable srtp application are
included in the `test/` subdirectory.
Test driver | Function tested
--------- | -------
kernel_driver | crypto kernel (ciphers, auth funcs, rng)
srtp_driver | srtp in-memory tests (does not use the network)
rdbx_driver | rdbx (extended replay database)
roc_driver | extended sequence number functions
replay_driver | replay database
cipher_driver | ciphers
auth_driver | hash functions
The app `rtpw` is a simple rtp application which reads words from
`/usr/dict/words` and then sends them out one at a time using [s]rtp.
Manual srtp keying uses the -k option; automated key management
using gdoi will be added later.
usage:
~~~.txt
rtpw [[-d <debug>]* [-k|b <key> [-a][-e <key size>][-g]] [-s | -r] dest_ip dest_port] | [-l]
~~~
Either the -s (sender) or -r (receiver) option must be chosen. The
values `dest_ip`, `dest_port` are the IP address and UDP port to which
the dictionary will be sent, respectively.
The options are:
Option | Description
--------- | -------
-s | (S)RTP sender - causes app to send words
-r | (S)RTP receive - causes app to receive words
-k <key> | use SRTP master key <key>, where the key is a hexadecimal (without the leading "0x")
-b <key> | same as -k but with base64 encoded key
-e <keysize> | encrypt/decrypt (for data confidentiality) (requires use of -k option as well) (use 128, 192, or 256 for keysize)
-g | use AES-GCM mode (must be used with -e)
-a | message authentication (requires use of -k option as well)
-l | list the available debug modules
-d <debug> | turn on debugging for module <debug>
In order to get random 30-byte values for use as key/salt pairs , you
can use the following bash function to format the output of
`/dev/random` (where that device is available).
~~~.txt
function randhex() {
cat /dev/random | od --read-bytes=32 --width=32 -x | awk '{ print $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 }'
}
~~~
An example of an SRTP session using two rtpw programs follows:
~~~.txt
set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451
[sh1]$ test/rtpw -s -k $k -e 128 -a 0.0.0.0 9999
Security services: confidentiality message authentication
set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
setting SSRC to 2078917053
sending word: A
sending word: a
sending word: aa
sending word: aal
...
[sh2]$ test/rtpw -r -k $k -e 128 -a 0.0.0.0 9999
security services: confidentiality message authentication
set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
19 octets received from SSRC 2078917053 word: A
19 octets received from SSRC 2078917053 word: a
20 octets received from SSRC 2078917053 word: aa
21 octets received from SSRC 2078917053 word: aal
...
~~~
--------------------------------------------------------------------------------
<a name="example-code"></a>
## Example Code
This section provides a simple example of how to use libSRTP. The
example code lacks error checking, but is functional. Here we assume
that the value ssrc is already set to describe the SSRC of the stream
that we are sending, and that the functions `get_rtp_packet()` and
`send_srtp_packet()` are available to us. The former puts an RTP packet
into the buffer and returns the number of octets written to that
buffer. The latter sends the RTP packet in the buffer, given the
length as its second argument.
~~~.c
srtp_t session;
srtp_policy_t policy;
// Set key to predetermined value
uint8_t key[30] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D};
// initialize libSRTP
srtp_init();
// set policy to describe a policy for an SRTP stream
crypto_policy_set_rtp_default(&policy.rtp);
crypto_policy_set_rtcp_default(&policy.rtcp);
policy.ssrc = ssrc;
policy.key = key;
policy.next = NULL;
// allocate and initialize the SRTP session
srtp_create(&session, &policy);
// main loop: get rtp packets, send srtp packets
while (1) {
char rtp_buffer[2048];
unsigned len;
len = get_rtp_packet(rtp_buffer);
srtp_protect(session, rtp_buffer, &len);
send_srtp_packet(rtp_buffer, len);
}
~~~
--------------------------------------------------------------------------------
<a name="credits"></a>
# Credits
The original implementation and documentation of libSRTP was written
by David McGrew of Cisco Systems, Inc. in order to promote the use,
understanding, and interoperability of Secure RTP. Michael Jerris
contributed support for building under MSVC. Andris Pavenis
contributed many important fixes. Brian West contributed changes to
enable dynamic linking. Yves Shumann reported documentation bugs.
Randell Jesup contributed a working SRTCP implementation and other
fixes. Steve Underwood contributed x86_64 portability changes. We also give
thanks to Fredrik Thulin, Brian Weis, Mark Baugher, Jeff Chan, Bill
Simon, Douglas Smith, Bill May, Richard Preistley, Joe Tardo and
others for contributions, comments, and corrections.
This reference material, when applicable, in this documenation was generated
using the doxygen utility for automatic documentation of source code.
Copyright 2001-2005 by David A. McGrew, Cisco Systems, Inc.
--------------------------------------------------------------------------------
<a name="references"></a>
# References
SRTP and ICM References
September, 2005
Secure RTP is defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt).
The counter mode definition is in Section 4.1.1.
SHA-1 is defined in [FIPS PUB 180-4](http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf).
HMAC is defined in [RFC 2104](https://www.ietf.org/rfc/rfc2104.txt)
and HMAC-SHA1 test vectors are available
in [RFC 2202](https://www.ietf.org/rfc/rfc2202.txt).
AES-GCM usage in SRTP is defined in [RFC 7714](https://www.ietf.org/html/rfc7714)

2
libs/srtp/VERSION
View File

@ -1 +1 @@
1.4.5
2.1.0-pre

162
libs/srtp/config.h_win32vc7 Normal file
View File

@ -0,0 +1,162 @@
/* Hacked config.h for Windows XP 32-bit & VC7 */
#ifdef (_MSC_VER >= 1400)
# define HAVE_RAND_S 1
#endif
/* Define if building for a CISC machine (e.g. Intel). */
#define CPU_CISC 1
/* Define if building for a RISC machine (assume slow byte access). */
#undef CPU_RISC
/* Path to random device */
#undef DEV_URANDOM
/* Define to enabled debug logging for all mudules. */
#undef ENABLE_DEBUG_LOGGING
/* Logging statments will be writen to this file. */
#undef ERR_REPORTING_FILE
/* Define to redirect logging to stdout. */
#undef ERR_REPORTING_STDOUT
/* Define to 1 if you have the <arpa/inet.h> header file. */
#undef HAVE_ARPA_INET_H
/* Define to 1 if you have the <byteswap.h> header file. */
#undef HAVE_BYTESWAP_H
/* Define to 1 if you have the `inet_aton' function. */
#define HAVE_INET_ATON 1
/* Define to 1 if the system has the type `int16_t'. */
#undef HAVE_INT16_T
/* Define to 1 if the system has the type `int32_t'. */
#undef HAVE_INT32_T
/* Define to 1 if the system has the type `int8_t'. */
#undef HAVE_INT8_T
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if you have the `socket' library (-lsocket). */
#undef HAVE_LIBSOCKET
/* Define to 1 if you have the <machine/types.h> header file. */
#undef HAVE_MACHINE_TYPES_H
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the <netinet/in.h> header file. */
#undef HAVE_NETINET_IN_H
/* Define to 1 if you have the `socket' function. */
#define HAVE_SOCKET 1
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the <sys/int_types.h> header file. */
#undef HAVE_SYS_INT_TYPES_H
/* Define to 1 if you have the <sys/socket.h> header file. */
#undef HAVE_SYS_SOCKET_H
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the <sys/uio.h> header file. */
#undef HAVE_SYS_UIO_H
/* Define to 1 if the system has the type `uint16_t'. */
#undef HAVE_UINT16_T
/* Define to 1 if the system has the type `uint32_t'. */
#undef HAVE_UINT32_T
/* Define to 1 if the system has the type `uint64_t'. */
#undef HAVE_UINT64_T
/* Define to 1 if the system has the type `uint8_t'. */
#undef HAVE_UINT8_T
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
/* Define to 1 if you have the `usleep' function. */
#define HAVE_USLEEP 1
/* Define to 1 if you have the <windows.h> header file. */
#define HAVE_WINDOWS_H 1
/* Define to 1 if you have the <winsock2.h> header file. */
#define HAVE_WINSOCK2_H 1
/* Define to use X86 inlined assembly code */
#undef HAVE_X86
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */
#undef PACKAGE_STRING
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* The size of a `unsigned long', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG 4
/* The size of a `unsigned long long', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG_LONG 8
/* Define to use GDOI. */
#undef SRTP_GDOI
/* Define to compile for kernel contexts. */
#undef SRTP_KERNEL
/* Define to compile for Linux kernel context. */
#undef SRTP_KERNEL_LINUX
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
/* Define to empty if `const' does not conform to ANSI C. */
//#undef const
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
//#ifndef __cplusplus
//#undef inline
//#endif
#define inline __inline
/* Define to `unsigned' if <sys/types.h> does not define. */
//#undef size_t

26
libs/srtp/config.hw
View File

@ -3,6 +3,7 @@
#if (_MSC_VER >= 1400)
# define HAVE_RAND_S 1
# define _CRT_RAND_S
#endif
/* Define if building for a CISC machine (e.g. Intel). */
@ -11,20 +12,14 @@
/* Define if building for a RISC machine (assume slow byte access). */
/* #undef CPU_RISC */
/* Path to random device */
/* #define DEV_URANDOM "/dev/urandom" */
/* Define to enabled debug logging for all mudules. */
#undef ENABLE_DEBUG_LOGGING
/* Define to compile in dynamic debugging system. */
#define ENABLE_DEBUGGING 1
/* Report errors to this file. */
/* Logging statments will be writen to this file. */
/* #undef ERR_REPORTING_FILE */
/* Define to use logging to stdout. */
#define ERR_REPORTING_STDOUT 1
/* Define this to use ISMAcryp code. */
/* #undef GENERIC_AESICM */
/* Define to redirect logging to stdout. */
#undef ERR_REPORTING_STDOUT
/* Define to 1 if you have the <arpa/inet.h> header file. */
/* #undef HAVE_ARPA_INET_H */
@ -74,9 +69,6 @@
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the <syslog.h> header file. */
/* #undef HAVE_SYSLOG_H */
/* Define to 1 if you have the <sys/int_types.h> header file. */
/* #undef HAVE_SYS_INT_TYPES_H */
@ -152,12 +144,6 @@
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Write errors to this file */
/* #undef USE_ERR_REPORTING_FILE */
/* Define to use syslog logging. */
/* #undef USE_SYSLOG */
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
/* #undef WORDS_BIGENDIAN */

182
libs/srtp/config.hw.orig Normal file
View File

@ -0,0 +1,182 @@
/* crypto/include/config.h. Generated by configure. */
/* config_in.h. Generated from configure.in by autoheader. */
#if (_MSC_VER >= 1400)
# define HAVE_RAND_S 1
# define _CRT_RAND_S
#endif
/* Define if building for a CISC machine (e.g. Intel). */
#define CPU_CISC 1
/* Define if building for a RISC machine (assume slow byte access). */
/* #undef CPU_RISC */
/* Define to enabled debug logging for all mudules. */
#undef ENABLE_DEBUG_LOGGING
/* Logging statments will be writen to this file. */
/* #undef ERR_REPORTING_FILE */
/* Define to redirect logging to stdout. */
#undef ERR_REPORTING_STDOUT
/* Define to 1 if you have the <arpa/inet.h> header file. */
/* #undef HAVE_ARPA_INET_H */
/* Define to 1 if you have the <byteswap.h> header file. */
/* #undef HAVE_BYTESWAP_H */
/* Define to 1 if you have the `inet_aton' function. */
/* #undef HAVE_INET_ATON */
/* Define to 1 if the system has the type `int16_t'. */
#define HAVE_INT16_T 1
/* Define to 1 if the system has the type `int32_t'. */
#define HAVE_INT32_T 1
/* Define to 1 if the system has the type `int8_t'. */
#define HAVE_INT8_T 1
/* Define to 1 if you have the <inttypes.h> header file. */
/* #undef HAVE_INTTYPES_H */
/* Define to 1 if you have the `socket' library (-lsocket). */
/* #undef HAVE_LIBSOCKET */
/* Define to 1 if you have the <machine/types.h> header file. */
/* #undef HAVE_MACHINE_TYPES_H */
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the <netinet/in.h> header file. */
/* #undef HAVE_NETINET_IN_H */
/* Define to 1 if you have the `socket' function. */
/* #undef HAVE_SOCKET */
/* Define to 1 if you have the <stdint.h> header file. */
/* #undef HAVE_STDINT_H */
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the <sys/int_types.h> header file. */
/* #undef HAVE_SYS_INT_TYPES_H */
/* Define to 1 if you have the <sys/socket.h> header file. */
/* #undef HAVE_SYS_SOCKET_H */
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the <sys/uio.h> header file. */
/* #undef HAVE_SYS_UIO_H */
/* Define to 1 if the system has the type `uint16_t'. */
#define HAVE_UINT16_T 1
/* Define to 1 if the system has the type `uint32_t'. */
#define HAVE_UINT32_T 1
/* Define to 1 if the system has the type `uint64_t'. */
#define HAVE_UINT64_T 1
/* Define to 1 if the system has the type `uint8_t'. */
#define HAVE_UINT8_T 1
/* Define to 1 if you have the <unistd.h> header file. */
/* #undef HAVE_UNISTD_H */
/* Define to 1 if you have the `usleep' function. */
/* #undef HAVE_USLEEP */
/* Define to 1 if you have the <windows.h> header file. */
#define HAVE_WINDOWS_H 1
/* Define to 1 if you have the <winsock2.h> header file. */
#define HAVE_WINSOCK2_H 1
/* Define to use X86 inlined assembly code */
/* #undef HAVE_X86 */
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT ""
/* Define to the full name of this package. */
#define PACKAGE_NAME ""
/* Define to the full name and version of this package. */
#define PACKAGE_STRING ""
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME ""
/* Define to the version of this package. */
#define PACKAGE_VERSION ""
/* The size of a `unsigned long', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG 4
/* The size of a `unsigned long long', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG_LONG 8
/* Define to use GDOI. */
/* #undef SRTP_GDOI */
/* Define to compile for kernel contexts. */
/* #undef SRTP_KERNEL */
/* Define to compile for Linux kernel context. */
/* #undef SRTP_KERNEL_LINUX */
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
/* #undef WORDS_BIGENDIAN */
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
/* Define 'inline' to nothing, since the MSVC compiler doesn't support it. */
#define inline
/* Define to `unsigned' if <sys/types.h> does not define. */
/* #undef size_t */
#if (_MSC_VER >= 1400) // VC8+
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE
#endif
#ifndef _CRT_NONSTDC_NO_DEPRECATE
#define _CRT_NONSTDC_NO_DEPRECATE
#endif
#endif // VC8+
#ifndef uint32_t
typedef unsigned __int8 uint8_t;
typedef unsigned __int16 uint16_t;
typedef unsigned __int32 uint32_t;
typedef unsigned __int64 uint64_t;
typedef __int8 int8_t;
typedef __int16 int16_t;
typedef __int32 int32_t;
typedef __int64 int64_t;
#endif
#ifdef _MSC_VER
#pragma warning(disable:4311)
#endif

9
libs/srtp/configure.ac
View File

@ -266,7 +266,6 @@ if test "$enable_openssl" = "yes"; then
[AC_MSG_FAILURE([can't find openssl >1.0.1 crypto lib])])
AC_DEFINE(OPENSSL, 1, [Define this to use OpenSSL crypto.])
AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o"
RNG_OBJS=rand_source_ossl.o
HMAC_OBJS=crypto/hash/hmac_ossl.o
USE_OPENSSL=1
AC_SUBST(USE_OPENSSL)
@ -275,10 +274,8 @@ else
AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o crypto/cipher/aes_cbc.o"
AC_MSG_CHECKING(which random device to use)
if test "$enable_kernel_linux" = "yes"; then
RNG_OBJS=rand_linux_kernel.o
AC_MSG_RESULT([Linux kernel builtin])
else
RNG_OBJS=rand_source.o
if test -n "$DEV_URANDOM"; then
AC_DEFINE_UNQUOTED(DEV_URANDOM, "$DEV_URANDOM",[Path to random device])
AC_MSG_RESULT([$DEV_URANDOM])
@ -286,15 +283,11 @@ else
AC_MSG_RESULT([standard rand() function...])
fi
fi
RNG_EXTRA_OBJS="crypto/rng/prng.o crypto/rng/ctr_prng.o"
HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
fi
AM_CONDITIONAL([ENABLE_OPENSSL],[test "${enable_openssl}" = "yes"])
AM_CONDITIONAL([RNG_OBJS_LINUX], test x$enable_kernel_linux = xyes)
AC_SUBST(AES_ICM_OBJS)
AC_SUBST(RNG_OBJS)
AC_SUBST(RNG_EXTRA_OBJS)
AC_SUBST(HMAC_OBJS)
AC_MSG_RESULT($enable_openssl)
@ -343,13 +336,11 @@ AC_CONFIG_HEADERS(crypto/include/config.h:config_in.h)
AC_OUTPUT(Makefile crypto/Makefile doc/Makefile test/Makefile srtp-1.42.pc)
# This is needed when building outside the source dir.
AS_MKDIR_P(crypto/ae_xfm)
AS_MKDIR_P(crypto/cipher)
AS_MKDIR_P(crypto/hash)
AS_MKDIR_P(crypto/kernel)
AS_MKDIR_P(crypto/math)
AS_MKDIR_P(crypto/replay)
AS_MKDIR_P(crypto/rng)
AS_MKDIR_P(crypto/test)
AS_MKDIR_P(doc)
AS_MKDIR_P(srtp)

1
libs/srtp/crypto/.cvsignore
View File

@ -1 +0,0 @@
Makefile

1
libs/srtp/crypto/VERSION
View File

@ -1 +0,0 @@
1.0.0

570
libs/srtp/crypto/ae_xfm/xfm.c
View File

@ -1,570 +0,0 @@
/*
* xfm.c
*
* Crypto transform implementation
*
* David A. McGrew
* Cisco Systems, Inc.
*/
#include "cryptoalg.h"
#include "aes_cbc.h"
#include "hmac.h"
#include "crypto_kernel.h" /* for crypto_get_random() */
#define KEY_LEN 16
#define ENC_KEY_LEN 16
#define MAC_KEY_LEN 16
#define IV_LEN 16
#define TAG_LEN 12
#define MAX_EXPAND 27
err_status_t
aes_128_cbc_hmac_sha1_96_func(void *key,
void *clear,
unsigned clear_len,
void *iv,
void *opaque,
unsigned *opaque_len,
void *auth_tag) {
aes_cbc_ctx_t aes_ctx;
hmac_ctx_t hmac_ctx;
unsigned char enc_key[ENC_KEY_LEN];
unsigned char mac_key[MAC_KEY_LEN];
err_status_t status;
/* check if we're doing authentication only */
if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
/* perform authentication only */
} else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
/*
* bad parameter - we expect either all three pointers to be NULL,
* or none of those pointers to be NULL
*/
return err_status_fail;
} else {
/* derive encryption and authentication keys from the input key */
status = hmac_init(&hmac_ctx, key, KEY_LEN);
if (status) return status;
status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
if (status) return status;
status = hmac_init(&hmac_ctx, key, KEY_LEN);
if (status) return status;
status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
if (status) return status;
/* perform encryption and authentication */
/* set aes key */
status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt);
if (status) return status;
/* set iv */
status = crypto_get_random(iv, IV_LEN);
if (status) return status;
status = aes_cbc_set_iv(&aes_ctx, iv);
/* encrypt the opaque data */
status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
if (status) return status;
/* authenticate clear and opaque data */
status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
if (status) return status;
status = hmac_start(&hmac_ctx);
if (status) return status;
status = hmac_update(&hmac_ctx, clear, clear_len);
if (status) return status;
status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
if (status) return status;
}
return err_status_ok;
}
err_status_t
aes_128_cbc_hmac_sha1_96_inv(void *key,
void *clear,
unsigned clear_len,
void *iv,
void *opaque,
unsigned *opaque_len,
void *auth_tag) {
aes_cbc_ctx_t aes_ctx;
hmac_ctx_t hmac_ctx;
unsigned char enc_key[ENC_KEY_LEN];
unsigned char mac_key[MAC_KEY_LEN];
unsigned char tmp_tag[TAG_LEN];
unsigned char *tag = auth_tag;
err_status_t status;
int i;
/* check if we're doing authentication only */
if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
/* perform authentication only */
} else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
/*
* bad parameter - we expect either all three pointers to be NULL,
* or none of those pointers to be NULL
*/
return err_status_fail;
} else {
/* derive encryption and authentication keys from the input key */
status = hmac_init(&hmac_ctx, key, KEY_LEN);
if (status) return status;
status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
if (status) return status;
status = hmac_init(&hmac_ctx, key, KEY_LEN);
if (status) return status;
status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
if (status) return status;
/* perform encryption and authentication */
/* set aes key */
status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt);
if (status) return status;
/* set iv */
status = rand_source_get_octet_string(iv, IV_LEN);
if (status) return status;
status = aes_cbc_set_iv(&aes_ctx, iv);
/* encrypt the opaque data */
status = aes_cbc_nist_decrypt(&aes_ctx, opaque, opaque_len);
if (status) return status;
/* authenticate clear and opaque data */
status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
if (status) return status;
status = hmac_start(&hmac_ctx);
if (status) return status;
status = hmac_update(&hmac_ctx, clear, clear_len);
if (status) return status;
status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, tmp_tag);
if (status) return status;
/* compare the computed tag with the one provided as input */
for (i=0; i < TAG_LEN; i++)
if (tmp_tag[i] != tag[i])
return err_status_auth_fail;
}
return err_status_ok;
}
#define ENC 1
#define DEBUG_PRINT 0
err_status_t
aes_128_cbc_hmac_sha1_96_enc(void *key,
const void *clear,
unsigned clear_len,
void *iv,
void *opaque,
unsigned *opaque_len) {
aes_cbc_ctx_t aes_ctx;
hmac_ctx_t hmac_ctx;
unsigned char enc_key[ENC_KEY_LEN];
unsigned char mac_key[MAC_KEY_LEN];
unsigned char *auth_tag;
err_status_t status;
/* check if we're doing authentication only */
if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
/* perform authentication only */
} else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
/*
* bad parameter - we expect either all three pointers to be NULL,
* or none of those pointers to be NULL
*/
return err_status_fail;
} else {
#if DEBUG_PRINT
printf("ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
#endif
/* derive encryption and authentication keys from the input key */
status = hmac_init(&hmac_ctx, key, KEY_LEN);
if (status) return status;
status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
if (status) return status;
status = hmac_init(&hmac_ctx, key, KEY_LEN);
if (status) return status;
status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
if (status) return status;
/* perform encryption and authentication */
/* set aes key */
status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt);
if (status) return status;
/* set iv */
status = rand_source_get_octet_string(iv, IV_LEN);
if (status) return status;
status = aes_cbc_set_iv(&aes_ctx, iv);
if (status) return status;
#if DEBUG_PRINT
printf("plaintext len: %d\n", *opaque_len);
printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
printf("plaintext: %s\n", octet_string_hex_string(opaque, *opaque_len));
#endif
#if ENC
/* encrypt the opaque data */
status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
if (status) return status;
#endif
#if DEBUG_PRINT
printf("ciphertext len: %d\n", *opaque_len);
printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
#endif
/*
* authenticate clear and opaque data, then write the
* authentication tag to the location immediately following the
* ciphertext
*/
status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
if (status) return status;
status = hmac_start(&hmac_ctx);
if (status) return status;
status = hmac_update(&hmac_ctx, clear, clear_len);
if (status) return status;
#if DEBUG_PRINT
printf("hmac input: %s\n",
octet_string_hex_string(clear, clear_len));
#endif
auth_tag = (unsigned char *)opaque;
auth_tag += *opaque_len;
status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
if (status) return status;
#if DEBUG_PRINT
printf("hmac input: %s\n",
octet_string_hex_string(opaque, *opaque_len));
#endif
/* bump up the opaque_len to reflect the authentication tag */
*opaque_len += TAG_LEN;
#if DEBUG_PRINT
printf("prot data len: %d\n", *opaque_len);
printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
#endif
}
return err_status_ok;
}
err_status_t
aes_128_cbc_hmac_sha1_96_dec(void *key,
const void *clear,
unsigned clear_len,
void *iv,
void *opaque,
unsigned *opaque_len) {
aes_cbc_ctx_t aes_ctx;
hmac_ctx_t hmac_ctx;
unsigned char enc_key[ENC_KEY_LEN];
unsigned char mac_key[MAC_KEY_LEN];
unsigned char tmp_tag[TAG_LEN];
unsigned char *auth_tag;
unsigned ciphertext_len;
err_status_t status;
int i;
/* check if we're doing authentication only */
if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
/* perform authentication only */