Skip to content

Commit

Permalink
Fix srtp_unprotect_rtcp_mki when RTP auth != RTCP
Browse files Browse the repository at this point in the history
srtp_get_session_keys, which is used by both srtp_unprotect_mki and
srtp_unprotect_rtcp_mki, determines the tag len from rtp_auth.

This fails when rtp_auth differ from rtcp_auth. E.g. when SRTP is used
with weak authentication but SRTCP must not (RFC 3711).

This commit splits the function in two:
srtp_get_session_keys_rtp
srtp_get_session_keys_rtcp

And adds a short auth policy test to test/srtp_driver.

(cherry picked from commit 63a19f4)
  • Loading branch information
vopatek authored and pabuhler committed Dec 11, 2024
1 parent 74a68ee commit d7ed43a
Show file tree
Hide file tree
Showing 2 changed files with 81 additions and 15 deletions.
60 changes: 46 additions & 14 deletions srtp/srtp.c
Original file line number Diff line number Diff line change
Expand Up @@ -1744,10 +1744,11 @@ static void srtp_calc_aead_iv(srtp_session_keys_t *session_keys,
v128_xor(iv, &in, &salt);
}

srtp_err_status_t srtp_get_session_keys_for_packet(
static srtp_err_status_t srtp_get_session_keys_for_packet(
srtp_stream_ctx_t *stream,
const uint8_t *hdr,
size_t pkt_octet_len,
size_t tag_len,
srtp_session_keys_t **session_keys)
{
if (!stream->use_mki) {
Expand All @@ -1756,15 +1757,6 @@ srtp_err_status_t srtp_get_session_keys_for_packet(
}

size_t mki_start_location = pkt_octet_len;
size_t tag_len = 0;

// Determine the authentication tag size
if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) {
tag_len = 0;
} else {
tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth);
}

if (tag_len > mki_start_location) {
return srtp_err_status_bad_mki;
Expand All @@ -1789,6 +1781,46 @@ srtp_err_status_t srtp_get_session_keys_for_packet(
return srtp_err_status_bad_mki;
}

static srtp_err_status_t srtp_get_session_keys_for_rtp_packet(
srtp_stream_ctx_t *stream,
const uint8_t *hdr,
size_t pkt_octet_len,
srtp_session_keys_t **session_keys)
{
size_t tag_len = 0;

// Determine the authentication tag size
if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) {
tag_len = 0;
} else {
tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth);
}

return srtp_get_session_keys_for_packet(stream, hdr, pkt_octet_len, tag_len,
session_keys);
}

static srtp_err_status_t srtp_get_session_keys_for_rtcp_packet(
srtp_stream_ctx_t *stream,
const uint8_t *hdr,
size_t pkt_octet_len,
srtp_session_keys_t **session_keys)
{
size_t tag_len = 0;

// Determine the authentication tag size
if (stream->session_keys[0].rtcp_cipher->algorithm == SRTP_AES_GCM_128 ||
stream->session_keys[0].rtcp_cipher->algorithm == SRTP_AES_GCM_256) {
tag_len = 0;
} else {
tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtcp_auth);
}

return srtp_get_session_keys_for_packet(stream, hdr, pkt_octet_len, tag_len,
session_keys);
}

static srtp_err_status_t srtp_estimate_index(srtp_rdbx_t *rdbx,
uint32_t roc,
srtp_xtd_seq_num_t *est,
Expand Down Expand Up @@ -2590,8 +2622,8 @@ srtp_err_status_t srtp_unprotect(srtp_t ctx,
debug_print(mod_srtp, "estimated u_packet index: %016" PRIx64, est);

/* Determine if MKI is being used and what session keys should be used */
status =
srtp_get_session_keys_for_packet(stream, srtp, srtp_len, &session_keys);
status = srtp_get_session_keys_for_rtp_packet(stream, srtp, srtp_len,
&session_keys);
if (status) {
return status;
}
Expand Down Expand Up @@ -4267,8 +4299,8 @@ srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx,
/*
* Determine if MKI is being used and what session keys should be used
*/
status = srtp_get_session_keys_for_packet(stream, srtcp, srtcp_len,
&session_keys);
status = srtp_get_session_keys_for_rtcp_packet(stream, srtcp, srtcp_len,
&session_keys);
if (status) {
return status;
}
Expand Down
36 changes: 35 additions & 1 deletion test/srtp_driver.c
Original file line number Diff line number Diff line change
Expand Up @@ -5122,7 +5122,40 @@ const srtp_policy_t aes_256_hmac_policy = {
true, /* no mki */
TEST_MKI_ID_SIZE, /* mki size */
128, /* replay window size */
0, /* retransmission not allowed */
false, /* retransmission not allowed */
NULL, /* no encrypted extension headers */
0, /* list of encrypted extension headers is empty */
NULL
};

const srtp_policy_t aes_256_hmac_32_policy = {
{ ssrc_any_outbound, 0 }, /* SSRC */
{
/* SRTP policy */
SRTP_AES_ICM_256, /* cipher type */
SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
SRTP_HMAC_SHA1, /* authentication func type */
20, /* auth key length in octets */
4, /* auth tag length in octets */
sec_serv_conf_and_auth /* security services flag */
},
{
/* SRTCP policy */
SRTP_AES_ICM_256, /* cipher type */
SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
SRTP_HMAC_SHA1, /* authentication func type */
20, /* auth key length in octets */
10, /* auth tag length in octets.
80 bits per RFC 3711. */
sec_serv_conf_and_auth /* security services flag */
},
NULL,
(srtp_master_key_t **)test_256_keys,
2, /* indicates the number of Master keys */
true, /* no mki */
TEST_MKI_ID_SIZE, /* mki size */
128, /* replay window size */
false, /* retransmission not allowed */
NULL, /* no encrypted extension headers */
0, /* list of encrypted extension headers is empty */
NULL
Expand Down Expand Up @@ -5181,6 +5214,7 @@ const srtp_policy_t *policy_array[] = {
#endif
&null_policy,
&aes_256_hmac_policy,
&aes_256_hmac_32_policy,
NULL
};
// clang-format on
Expand Down

0 comments on commit d7ed43a

Please sign in to comment.