diff options
Diffstat (limited to 'tinyRTP/src/trtp_srtp.c')
-rwxr-xr-x | tinyRTP/src/trtp_srtp.c | 208 |
1 files changed, 101 insertions, 107 deletions
diff --git a/tinyRTP/src/trtp_srtp.c b/tinyRTP/src/trtp_srtp.c index 5e2d033..e754a59 100755 --- a/tinyRTP/src/trtp_srtp.c +++ b/tinyRTP/src/trtp_srtp.c @@ -33,16 +33,16 @@ int trtp_srtp_ctx_internal_init(struct trtp_srtp_ctx_internal_xs* ctx, int32_t t char* key_str = ctx->key_str; err_status_t srtp_err; tsk_size_t size; - + if (!ctx) { TSK_DEBUG_ERROR("Invalid parameter"); return -1; } - + if (ctx->initialized) { trtp_srtp_ctx_internal_deinit(ctx); } - + ctx->tag = tag; ctx->crypto_type = type; if (!ctx->have_valid_key) { // use same key to avoid unseless SRTP re-negs (also fix interop-issues against buggy clients -reINVITEs-) @@ -54,23 +54,21 @@ int trtp_srtp_ctx_internal_init(struct trtp_srtp_ctx_internal_xs* ctx, int32_t t key_str[size] = '\0'; ctx->have_valid_key = tsk_true; } - - switch(ctx->crypto_type){ - case HMAC_SHA1_80: - { - crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtp); - crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtcp); - break; - } - case HMAC_SHA1_32: - default: - { - crypto_policy_set_aes_cm_128_hmac_sha1_32(&ctx->policy.rtp); - crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtcp); // RTCP always 80 - break; - } + + switch(ctx->crypto_type) { + case HMAC_SHA1_80: { + crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtp); + crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtcp); + break; + } + case HMAC_SHA1_32: + default: { + crypto_policy_set_aes_cm_128_hmac_sha1_32(&ctx->policy.rtp); + crypto_policy_set_aes_cm_128_hmac_sha1_80(&ctx->policy.rtcp); // RTCP always 80 + break; } - + } + ctx->policy.key = (unsigned char*)ctx->key_bin; ctx->policy.ssrc.type = ssrc_any_outbound; ctx->policy.ssrc.value = ssrc; @@ -86,11 +84,11 @@ int trtp_srtp_ctx_internal_init(struct trtp_srtp_ctx_internal_xs* ctx, int32_t t int trtp_srtp_ctx_internal_deinit(struct trtp_srtp_ctx_internal_xs* ctx) { - if(!ctx){ + if(!ctx) { TSK_DEBUG_ERROR("Invalid parameter"); return -1; } - if(ctx->initialized){ + if(ctx->initialized) { /*err_status_t srtp_err =*/ srtp_dealloc(ctx->session); memset(&ctx->policy, 0, sizeof(ctx->policy)); ctx->initialized = tsk_false; @@ -101,11 +99,11 @@ int trtp_srtp_ctx_internal_deinit(struct trtp_srtp_ctx_internal_xs* ctx) int trtp_srtp_ctx_init(trtp_srtp_ctx_xt* ctx, int32_t tag, trtp_srtp_crypto_type_t type, uint32_t ssrc) { int ret; - if(!ctx){ + if(!ctx) { TSK_DEBUG_ERROR("Invalid parameter"); return -1; } - if((ret = trtp_srtp_ctx_internal_init(&ctx->rtp, tag, type, ssrc))){ + if((ret = trtp_srtp_ctx_internal_init(&ctx->rtp, tag, type, ssrc))) { return ret; } return trtp_srtp_ctx_internal_init(&ctx->rtcp, tag, type, ssrc); @@ -114,11 +112,11 @@ int trtp_srtp_ctx_init(trtp_srtp_ctx_xt* ctx, int32_t tag, trtp_srtp_crypto_type int trtp_srtp_ctx_deinit(trtp_srtp_ctx_xt* ctx) { int ret; - if(!ctx){ + if(!ctx) { TSK_DEBUG_ERROR("Invalid parameter"); return -1; } - if((ret = trtp_srtp_ctx_internal_deinit(&ctx->rtp))){ + if((ret = trtp_srtp_ctx_internal_deinit(&ctx->rtp))) { return ret; } return trtp_srtp_ctx_internal_deinit(&ctx->rtcp); @@ -131,47 +129,46 @@ int trtp_srtp_match_line(const char* crypto_line, int32_t* tag, int32_t* crypto_ char* v = tsk_strtok_r(copyptr, " :|;", &saveptr); int32_t k = 0; int ret = -0xF0; - while(v){ - switch(k){ - case 0: - { - if(tag){ - *tag = atoi(v); - } - break; + while(v) { + switch(k) { + case 0: { + if(tag) { + *tag = atoi(v); } - case 1: - { - if(tsk_striequals(v, TRTP_SRTP_AES_CM_128_HMAC_SHA1_80)){ - if(crypto_type){ - *crypto_type = HMAC_SHA1_80; - } - } - else if(tsk_striequals(v, TRTP_SRTP_AES_CM_128_HMAC_SHA1_32)){ - if(crypto_type){ - *crypto_type = HMAC_SHA1_32; - } - } - else { - ret = -0xFF; goto bail; + break; + } + case 1: { + if(tsk_striequals(v, TRTP_SRTP_AES_CM_128_HMAC_SHA1_80)) { + if(crypto_type) { + *crypto_type = HMAC_SHA1_80; } - break; } - case 2: - { - if(!tsk_striequals(v, "inline")){ - ret = -0xFF; goto bail; + else if(tsk_striequals(v, TRTP_SRTP_AES_CM_128_HMAC_SHA1_32)) { + if(crypto_type) { + *crypto_type = HMAC_SHA1_32; } - break; } - case 3: - { - if(key && key_size){ - memset(key, 0, key_size); - memcpy(key, v, TSK_MIN(key_size, tsk_strlen(v))); - } - ret = 0; goto bail; + else { + ret = -0xFF; + goto bail; + } + break; + } + case 2: { + if(!tsk_striequals(v, "inline")) { + ret = -0xFF; + goto bail; + } + break; + } + case 3: { + if(key && key_size) { + memset(key, 0, key_size); + memcpy(key, v, TSK_MIN(key_size, tsk_strlen(v))); } + ret = 0; + goto bail; + } } ++k; v = tsk_strtok_r(tsk_null, " :|;", &saveptr); @@ -184,11 +181,11 @@ bail: tsk_size_t trtp_srtp_get_local_contexts(trtp_manager_t* rtp_mgr, const struct trtp_srtp_ctx_xs ** contexts, tsk_size_t contexts_count) { tsk_size_t ret = 0; - if(!rtp_mgr || !contexts){ + if(!rtp_mgr || !contexts) { TSK_DEBUG_ERROR("Invalid parameter"); return 0; } - + if (contexts_count > ret && rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_80].rtp.initialized) { contexts[ret++] = &rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_80]; } @@ -207,46 +204,45 @@ int trtp_srtp_set_crypto(struct trtp_manager_s* rtp_mgr, const char* crypto_line err_status_t srtp_err; int32_t tag, crypto_type; char key_str[SRTP_MAX_KEY_LEN + 1]; - + memset(key_str, 0, sizeof(key_str)); - + if ((ret = trtp_srtp_match_line(crypto_line, &tag, &crypto_type, key_str, sizeof(key_str) - 1))) { return ret; } - + srtp_ctx = &rtp_mgr->srtp_contexts[idx][crypto_type]; ret = trtp_srtp_ctx_deinit(srtp_ctx); - + srtp_ctx->rtp.tag = tag; srtp_ctx->rtp.crypto_type = (trtp_srtp_crypto_type_t)crypto_type; memcpy(srtp_ctx->rtp.key_str, key_str, sizeof(srtp_ctx->rtp.key_str)); - - switch(srtp_ctx->rtp.crypto_type){ - case HMAC_SHA1_80: - { - crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->rtp.policy.rtp); - crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->rtp.policy.rtcp); - if (idx == TRTP_SRTP_LINE_IDX_REMOTE) { - trtp_srtp_ctx_deinit(&rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_32]); - rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_80].rtp.tag = + + switch(srtp_ctx->rtp.crypto_type) { + case HMAC_SHA1_80: { + crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->rtp.policy.rtp); + crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->rtp.policy.rtcp); + if (idx == TRTP_SRTP_LINE_IDX_REMOTE) { + trtp_srtp_ctx_deinit(&rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_32]); + rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_80].rtp.tag = rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_80].rtcp.tag = srtp_ctx->rtp.tag; - } - break; } - case HMAC_SHA1_32: - { - crypto_policy_set_aes_cm_128_hmac_sha1_32(&srtp_ctx->rtp.policy.rtp); - crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->rtp.policy.rtcp); // RTCP always 80 - if (idx == TRTP_SRTP_LINE_IDX_REMOTE) { - trtp_srtp_ctx_deinit(&rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_80]); - rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_32].rtp.tag = + break; + } + case HMAC_SHA1_32: { + crypto_policy_set_aes_cm_128_hmac_sha1_32(&srtp_ctx->rtp.policy.rtp); + crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->rtp.policy.rtcp); // RTCP always 80 + if (idx == TRTP_SRTP_LINE_IDX_REMOTE) { + trtp_srtp_ctx_deinit(&rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_80]); + rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_32].rtp.tag = rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][HMAC_SHA1_32].rtcp.tag = srtp_ctx->rtp.tag; - } - break; } - default: break; + break; + } + default: + break; } - + key_bin = (unsigned char*)srtp_ctx->rtp.key_bin; tsk_base64_decode((const uint8_t*)srtp_ctx->rtp.key_str, (tsk_size_t)tsk_strlen(srtp_ctx->rtp.key_str), (char**)&key_bin); srtp_ctx->rtp.policy.key = key_bin; @@ -270,40 +266,38 @@ int trtp_srtp_set_key_and_salt(trtp_manager_t* rtp_mgr, trtp_srtp_crypto_type_t TSK_DEBUG_ERROR("Invalid parameter"); return -1; } - + srtp_ctx = is_rtp ? &rtp_mgr->srtp_contexts[idx][crypto_type].rtp : &rtp_mgr->srtp_contexts[idx][crypto_type].rtcp; if ((ret = trtp_srtp_ctx_internal_deinit(srtp_ctx))) { return ret; } - + switch ((srtp_ctx->crypto_type = crypto_type)) { - case HMAC_SHA1_80: - default: - { - crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->policy.rtp); - crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->policy.rtcp); - break; - } - case HMAC_SHA1_32: - { - crypto_policy_set_aes_cm_128_hmac_sha1_32(&srtp_ctx->policy.rtp); - crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->policy.rtcp); // always 80 - break; - } + case HMAC_SHA1_80: + default: { + crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->policy.rtp); + crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->policy.rtcp); + break; + } + case HMAC_SHA1_32: { + crypto_policy_set_aes_cm_128_hmac_sha1_32(&srtp_ctx->policy.rtp); + crypto_policy_set_aes_cm_128_hmac_sha1_80(&srtp_ctx->policy.rtcp); // always 80 + break; + } } - + memcpy(srtp_ctx->key_bin, key, key_size); #if HAVE_APPEND_SALT_TO_KEY append_salt_to_key(srtp_ctx->key_bin, key_size, (void*)salt, salt_size); #else memcpy(&srtp_ctx->key_bin[key_size], salt, salt_size); #endif - + srtp_ctx->policy.key = (unsigned char *)srtp_ctx->key_bin; srtp_ctx->policy.ssrc.type = idx == TRTP_SRTP_LINE_IDX_REMOTE ? ssrc_any_inbound : ssrc_any_outbound; srtp_ctx->policy.window_size = 2048; srtp_ctx->policy.allow_repeat_tx = 1; - if((srtp_err = srtp_create(&srtp_ctx->session, &srtp_ctx->policy)) != err_status_ok){ + if((srtp_err = srtp_create(&srtp_ctx->session, &srtp_ctx->policy)) != err_status_ok) { TSK_DEBUG_ERROR("srtp_create() failed: %d", srtp_err); return -3; } @@ -316,7 +310,7 @@ tsk_bool_t trtp_srtp_is_initialized(trtp_manager_t* rtp_mgr) if (!rtp_mgr) { return tsk_false; } - return ((rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][0].rtp.initialized || rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][1].rtp.initialized) + return ((rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][0].rtp.initialized || rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_LOCAL][1].rtp.initialized) && rtp_mgr->srtp_contexts[TRTP_SRTP_LINE_IDX_REMOTE][0].rtp.initialized); } |