srth: 192/256 bits AES

funman · Nov 24, 2023 · 9794a6b · 9794a6b
1 parent 5d3c6a7
commit 9794a6b
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 13 deletions.
diff --git a/examples/rist_rx.c b/examples/rist_rx.c
@@ -170,6 +170,7 @@ static struct uprobe *logger;
 static char *dirpath;
 static char *srcpath;
 static char *password;
+static int key_length = 128;
 static char *latency;
 
 static bool restart;
@@ -213,7 +214,7 @@ static int start(void)
     if (!ubase_check(upipe_set_option(upipe_srth, "latency", latency)))
         return EXIT_FAILURE;
 
-    upipe_srt_handshake_set_password(upipe_srth, password);
+    upipe_srt_handshake_set_password(upipe_srth, password, key_length / 8);
     upipe_mgr_release(upipe_srt_handshake_mgr);
 
     upipe_srth_sub = upipe_void_alloc_sub(upipe_srth,
@@ -335,10 +336,11 @@ static int catch_udp(struct uprobe *uprobe, struct upipe *upipe,
 }
 
 static void usage(const char *argv0) {
-    fprintf(stdout, "Usage: %s [-d] [-k password] <udp source> <udp dest> <latency>", argv0);
+    fprintf(stdout, "Usage: %s [-d] [-k password] [-l 128] <udp source> <udp dest> <latency>", argv0);
     fprintf(stdout, "   -d: more verbose\n");
     fprintf(stdout, "   -q: more quiet\n");
     fprintf(stdout, "   -k encryption password\n");
+    fprintf(stdout, "   -l key length in bits\n");
     exit(EXIT_FAILURE);
 }
 
@@ -347,7 +349,7 @@ int main(int argc, char *argv[])
     int opt;
 
     /* parse options */
-    while ((opt = getopt(argc, argv, "qdk:")) != -1) {
+    while ((opt = getopt(argc, argv, "qdk:l:")) != -1) {
         switch (opt) {
             case 'd':
                 loglevel--;
@@ -358,6 +360,9 @@ int main(int argc, char *argv[])
             case 'k':
                 password = optarg;
                 break;
+            case 'l':
+                key_length = atoi(optarg);
+                break;
             default:
                 usage(argv[0]);
         }

diff --git a/examples/rist_tx.c b/examples/rist_tx.c
@@ -75,6 +75,7 @@ static void usage(const char *argv0) {
     fprintf(stdout, "   -d: more verbose\n");
     fprintf(stdout, "   -q: more quiet\n");
     fprintf(stdout, "   -k encryption password\n");
+    fprintf(stdout, "   -l key length in bits\n");
     exit(EXIT_FAILURE);
 }
 
@@ -92,6 +93,7 @@ static char *srcpath;
 static char *dirpath;
 static char *latency;
 static char *password;
+static int key_length = 128;
 
 static enum uprobe_log_level loglevel = UPROBE_LOG_DEBUG;
 
@@ -213,7 +215,7 @@ static int start(void)
     struct upipe *upipe_srt_handshake = upipe_void_alloc_output(upipe_udpsrc_srt, upipe_srt_handshake_mgr,
             uprobe_pfx_alloc_va(uprobe_use(&uprobe_hs), loglevel, "srt handshake %u", z));
     upipe_set_option(upipe_srt_handshake, "listener", listener ? "1" : "0");
-    upipe_srt_handshake_set_password(upipe_srt_handshake, password);
+    upipe_srt_handshake_set_password(upipe_srt_handshake, password, key_length / 8);
 
     upipe_mgr_release(upipe_srt_handshake_mgr);
 
@@ -303,7 +305,7 @@ int main(int argc, char *argv[])
     int opt;
 
     /* parse options */
-    while ((opt = getopt(argc, argv, "qdk:")) != -1) {
+    while ((opt = getopt(argc, argv, "qdk:l:")) != -1) {
         switch (opt) {
             case 'q':
                 loglevel++;
@@ -315,6 +317,9 @@ int main(int argc, char *argv[])
             case 'k':
                 password = optarg;
                 break;
+            case 'l':
+                key_length = atoi(optarg);
+                break;
             default:
                 usage(argv[0]);
         }

diff --git a/include/upipe-srt/upipe_srt_handshake.h b/include/upipe-srt/upipe_srt_handshake.h
@@ -48,7 +48,7 @@ enum upipe_srt_handshake_command {
     /** set our peer address (const struct sockaddr *, socklen_t) **/
     UPIPE_SRT_HANDSHAKE_SET_PEER,
 
-    /** set the encryption password (const char *) */
+    /** set the encryption password (const char *, int) */
     UPIPE_SRT_HANDSHAKE_SET_PASSWORD,
 };
 
@@ -69,15 +69,15 @@ static inline int upipe_srt_handshake_set_peer(struct upipe *upipe,
 /** @This sets the encryption key
  *
  * @param upipe description structure of the pipe
- * @param even key
- * @param odd key
+ * @param password passphrase
+ * @param key_len key length in bytes
  * @return false in case of error
  */
 static inline int upipe_srt_handshake_set_password(struct upipe *upipe,
-        const char *password)
+        const char *password, int key_len)
 {
     return upipe_control(upipe, UPIPE_SRT_HANDSHAKE_SET_PASSWORD, UPIPE_SRT_HANDSHAKE_SIGNATURE,
-            password);
+            password, key_len);
 }
 
 /** @This returns the management structure for all srt handshakes sources.

diff --git a/lib/upipe-srt/upipe_srt_handshake.c b/lib/upipe-srt/upipe_srt_handshake.c
@@ -729,8 +729,18 @@ static int _upipe_srt_handshake_control(struct upipe *upipe,
         case UPIPE_SRT_HANDSHAKE_SET_PASSWORD: {
             UBASE_SIGNATURE_CHECK(args, UPIPE_SRT_HANDSHAKE_SIGNATURE)
             const char *password = va_arg(args, const char*);
+            upipe_srt_handshake->sek_len = va_arg(args, int);
             free(upipe_srt_handshake->password);
             upipe_srt_handshake->password = password ? strdup(password) : NULL;
+            switch (upipe_srt_handshake->sek_len) {
+            case 128/8:
+            case 192/8:
+            case 256/8:
+                break;
+            default:
+                upipe_err_va(upipe, "Invalid key length %d, using 128 bits", 8*upipe_srt_handshake->sek_len);
+                upipe_srt_handshake->sek_len = 128/8;
+            }
             return UBASE_ERR_NONE;
         }
 
@@ -881,7 +891,9 @@ static bool upipe_srt_handshake_parse_kmreq(struct upipe *upipe, const uint8_t *
     }
 
     uint8_t klen = 4 * srt_km_get_klen(ext);
-    // FIXME: check key length
+    if (upipe_srt_handshake->sek_len != klen)
+        upipe_warn_va(upipe, "Requested key length %u, got %u. Proceeding.",
+                8*upipe_srt_handshake->sek_len, 8*klen);
 
     memcpy(upipe_srt_handshake->salt, srt_km_get_salt(ext), 16);
 
@@ -923,6 +935,7 @@ static bool upipe_srt_handshake_parse_kmreq(struct upipe *upipe, const uint8_t *
     gcry_cipher_close(aes);
 
     upipe_srt_handshake->sek_len = klen;
+
     memcpy(upipe_srt_handshake->sek[0], osek, klen);
 
     return true;
@@ -1048,7 +1061,7 @@ static struct uref *upipe_srt_handshake_handle_hs(struct upipe *upipe, const uin
         size_t size = ext_size + SRT_HANDSHAKE_CIF_EXTENSION_MIN_SIZE;
         uint16_t extension = SRT_HANDSHAKE_EXT_HSREQ;
 
-        uint8_t klen = 128/8; // FIXME: 192 and 256
+        const uint8_t klen = upipe_srt_handshake->sek_len;
         if (upipe_srt_handshake->password) {
             size += SRT_HANDSHAKE_CIF_EXTENSION_MIN_SIZE + SRT_KMREQ_COMMON_SIZE + (8+klen);
             extension |= SRT_HANDSHAKE_EXT_KMREQ;
@@ -1116,7 +1129,6 @@ static struct uref *upipe_srt_handshake_handle_hs(struct upipe *upipe, const uin
             gcry_randomize(upipe_srt_handshake->sek[0], klen, GCRY_STRONG_RANDOM);
             gcry_randomize(upipe_srt_handshake->salt, 16, GCRY_STRONG_RANDOM);
 
-            upipe_srt_handshake->sek_len = klen;
             srt_km_set_klen(out_ext, upipe_srt_handshake->sek_len / 4);
             memcpy(&out_ext[SRT_KMREQ_COMMON_SIZE-16], upipe_srt_handshake->salt, 16);