Permalink
Browse files

Add support for [draft-ietf-avtcore-srtp-aes-gcm-07]

  • Loading branch information...
jfigus
jfigus committed Oct 1, 2013
1 parent 7882dd9 commit 8c36da24a48b6a22ab23139c0afb75d118179d44
Showing with 1,416 additions and 51 deletions.
  1. +5 −1 Makefile.in
  2. +12 −22 README
  3. +131 −0 include/srtp.h
  4. +2 −0 include/srtp_priv.h
  5. +902 −10 srtp/srtp.c
  6. +83 −15 test/rtpw.c
  7. +50 −1 test/rtpw_test.sh
  8. +119 −0 test/rtpw_test_gcm.sh
  9. +112 −2 test/srtp_driver.c
View
@@ -13,6 +13,8 @@
# distribution cleans and builds a .tgz
# tags builds etags file from all .c and .h files
+USE_OPENSSL = @USE_OPENSSL@
+
.PHONY: all test build_table_apps
all: test
@@ -27,6 +29,9 @@ runtest: build_table_apps test
test/replay_driver$(EXE) -v >/dev/null
test/dtls_srtp_driver$(EXE) >/dev/null
cd test; $(abspath $(srcdir))/test/rtpw_test.sh >/dev/null
+ifeq (1, $(USE_OPENSSL))
+ cd test; $(abspath $(srcdir))/test/rtpw_test_gcm.sh >/dev/null
+endif
@echo "libsrtp test applications passed."
$(MAKE) -C crypto runtest
@@ -58,7 +63,6 @@ RNG_OBJS = @RNG_OBJS@
HMAC_OBJS = @HMAC_OBJS@
RNG_EXTRA_OBJS = @RNG_EXTRA_OBJS@
AES_ICM_OBJS = @AES_ICM_OBJS@
-USE_OPENSSL = @USE_OPENSSL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
View
34 README
@@ -78,7 +78,7 @@ Applications
Manual srtp keying uses the -k option; automated key management
using gdoi will be added later.
-usage: rtpw [-d <debug>]* [-k <key> [-a][-e]] [-s | -r] dest_ip dest_port
+usage: rtpw [-d <debug>]* [-k <key> [-a][-e <key size>][-g]] [-s | -r] dest_ip dest_port
or rtpw -l
Either the -s (sender) or -r (receiver) option must be chosen.
@@ -87,25 +87,15 @@ or rtpw -l
which the dictionary will be sent, respectively.
options:
-
- -s (s)rtp sender - causes app to send words
-
- -r (s)rtp receive - causes app to receve words
-
- -k <key> use srtp master key <key>, where the
- key is a hexadecimal value (without the
- leading "0x")
-
- -e encrypt/decrypt (for data confidentiality)
- (requires use of -k option as well)
-
- -a message authentication
- (requires use of -k option as well)
-
- -l list debug modules
-
- -d <debug> turn on debugging for module <debug>
-
+ -a use message authentication
+ -e <key size> use encryption (use 128, 192, or 256 for key size)
+ -g Use AES-GCM mode (must be used with -e)
+ -k <key> sets the srtp master key
+ -s act as rtp sender
+ -r act as rtp receiver
+ -l list debug modules
+ -d <debug> turn on debugging for module <debug>
+ -i specify input/output file
In order to get random 30-byte values for use as key/salt pairs , you
can use the following bash function to format the output of
@@ -120,7 +110,7 @@ An example of an SRTP session using two rtpw programs follows:
set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451
-[sh1]$ test/rtpw -s -k $k -ea 0.0.0.0 9999
+[sh1]$ test/rtpw -s -k $k -e 128 -a 0.0.0.0 9999
Security services: confidentiality message authentication
set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
setting SSRC to 2078917053
@@ -130,7 +120,7 @@ sending word: aa
sending word: aal
...
-[sh2]$ test/rtpw -r -k $k -ea 0.0.0.0 9999
+[sh2]$ test/rtpw -r -k $k -e 128 -a 0.0.0.0 9999
security services: confidentiality message authentication
set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
19 octets received from SSRC 2078917053 word: A
View
@@ -88,6 +88,13 @@ extern "C" {
*/
#define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN
+/*
+ * SRTP_AEAD_SALT_LEN is the length of the SALT values used with
+ * GCM mode. GCM mode requires an IV. The SALT value is used
+ * as part of the IV formation logic applied to each RTP packet.
+ */
+#define SRTP_AEAD_SALT_LEN 12
+
/*
* nota bene: since libSRTP doesn't support the use of the MKI, the
* SRTP_MAX_TRAILER_LEN value is just the maximum tag length
@@ -663,6 +670,130 @@ void crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p);
void
crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p);
+/**
+ * @brief crypto_policy_set_aes_cm_256_null_auth() sets a crypto
+ * policy structure to an encryption-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_cm_256_null_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Counter Mode), but to use no authentication method. This
+ * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
+ * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless it is
+ * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
+ * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_cm_256_null_auth(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_gcm_128_8_auth() sets a crypto
+ * policy structure to an AEAD encryption policy.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_gcm_128_8_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-128 Galois Counter Mode) with 8 octet auth tag. This
+ * policy applies confidentiality and authentication to both the
+ * RTP and RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_gcm_256_8_auth() sets a crypto
+ * policy structure to an AEAD encryption policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_gcm_256_8_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Galois Counter Mode) with 8 octet auth tag. This
+ * policy applies confidentiality and authentication to both the
+ * RTP and RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto
+ * policy structure to an AEAD authentication-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy
+ * applies confidentiality and authentication to the RTP packets,
+ * but only authentication to the RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto
+ * policy structure to an AEAD authentication-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy
+ * applies confidentiality and authentication to the RTP packets,
+ * but only authentication to the RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p);
+
/**
* @brief srtp_dealloc() deallocates storage for an SRTP session
View
@@ -220,6 +220,8 @@ typedef struct srtp_stream_ctx_t {
direction_t direction;
int allow_repeat_tx;
ekt_stream_t ekt;
+ uint8_t salt[SRTP_AEAD_SALT_LEN]; /* used with GCM mode for SRTP */
+ uint8_t c_salt[SRTP_AEAD_SALT_LEN]; /* used with GCM mode for SRTCP */
struct srtp_stream_ctx_t *next; /* linked list of streams */
} srtp_stream_ctx_t;
Oops, something went wrong.

0 comments on commit 8c36da2

Please sign in to comment.