123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686 |
- /*
- * rtpw.c
- *
- * rtp word sender/receiver
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- *
- * This app is a simple RTP application intended only for testing
- * libsrtp. It reads one word at a time from /usr/dict/words (or
- * whatever file is specified as DICT_FILE), and sends one word out
- * each USEC_RATE microseconds. Secure RTP protections can be
- * applied. See the usage() function for more details.
- *
- */
- /*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
- #include "datatypes.h"
- #include "getopt_s.h" /* for local getopt() */
- #include <stdio.h> /* for printf, fprintf */
- #include <stdlib.h> /* for atoi() */
- #include <errno.h>
- #include <signal.h> /* for signal() */
- #include <string.h> /* for strncpy() */
- #include <time.h> /* for usleep() */
- #ifdef HAVE_UNISTD_H
- #include <unistd.h> /* for close() */
- #endif
- #ifdef HAVE_SYS_SOCKET_H
- # include <sys/socket.h>
- #endif
- #ifdef HAVE_NETINET_IN_H
- # include <netinet/in.h>
- #elif defined HAVE_WINSOCK2_H
- # include <winsock2.h>
- # include <ws2tcpip.h>
- # define RTPW_USE_WINSOCK2 1
- #endif
- #ifdef HAVE_ARPA_INET_H
- # include <arpa/inet.h>
- #endif
- #include "srtp.h"
- #include "rtp.h"
- #ifdef RTPW_USE_WINSOCK2
- # define DICT_FILE "words.txt"
- #else
- # define DICT_FILE "/usr/share/dict/words"
- #endif
- #define USEC_RATE (5e5)
- #define MAX_WORD_LEN 128
- #define ADDR_IS_MULTICAST(a) IN_MULTICAST(htonl(a))
- #define MAX_KEY_LEN 96
- #ifndef HAVE_USLEEP
- # ifdef HAVE_WINDOWS_H
- # define usleep(us) Sleep((us)/1000)
- # else
- # define usleep(us) sleep((us)/1000000)
- # endif
- #endif
- /*
- * the function usage() prints an error message describing how this
- * program should be called, then calls exit()
- */
- void
- usage(char *prog_name);
- /*
- * leave_group(...) de-registers from a multicast group
- */
- void
- leave_group(int sock, struct ip_mreq mreq, char *name);
- /*
- * setup_signal_handler() sets up a signal handler to trigger
- * cleanups after an interrupt
- */
- int setup_signal_handler(char* name);
- /*
- * handle_signal(...) handles interrupt signal to trigger cleanups
- */
- volatile int interrupted = 0;
- /*
- * program_type distinguishes the [s]rtp sender and receiver cases
- */
- typedef enum { sender, receiver, unknown } program_type;
- int
- main (int argc, char *argv[]) {
- char *dictfile = DICT_FILE;
- FILE *dict;
- char word[MAX_WORD_LEN];
- int sock, ret;
- struct in_addr rcvr_addr;
- struct sockaddr_in name;
- struct ip_mreq mreq;
- #if BEW
- struct sockaddr_in local;
- #endif
- program_type prog_type = unknown;
- sec_serv_t sec_servs = sec_serv_none;
- unsigned char ttl = 5;
- int c;
- int key_size = 128;
- int tag_size = 8;
- int gcm_on = 0;
- char *input_key = NULL;
- char *address = NULL;
- char key[MAX_KEY_LEN];
- unsigned short port = 0;
- rtp_sender_t snd;
- srtp_policy_t policy;
- err_status_t status;
- int len;
- int do_list_mods = 0;
- uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */
- #ifdef RTPW_USE_WINSOCK2
- WORD wVersionRequested = MAKEWORD(2, 0);
- WSADATA wsaData;
- ret = WSAStartup(wVersionRequested, &wsaData);
- if (ret != 0) {
- fprintf(stderr, "error: WSAStartup() failed: %d\n", ret);
- exit(1);
- }
- #endif
- if (setup_signal_handler(argv[0]) != 0) {
- exit(1);
- }
- /* initialize srtp library */
- status = srtp_init();
- if (status) {
- printf("error: srtp initialization failed with error code %d\n", status);
- exit(1);
- }
- /* check args */
- while (1) {
- c = getopt_s(argc, argv, "k:rsgt:ae:ld:");
- if (c == -1) {
- break;
- }
- switch (c) {
- case 'k':
- input_key = optarg_s;
- break;
- case 'e':
- key_size = atoi(optarg_s);
- if (key_size != 128 && key_size != 256) {
- printf("error: encryption key size must be 128 or 256 (%d)\n", key_size);
- exit(1);
- }
- sec_servs |= sec_serv_conf;
- break;
- case 't':
- tag_size = atoi(optarg_s);
- if (tag_size != 8 && tag_size != 16) {
- printf("error: GCM tag size must be 8 or 16 (%d)\n", tag_size);
- exit(1);
- }
- break;
- case 'a':
- sec_servs |= sec_serv_auth;
- break;
- case 'g':
- gcm_on = 1;
- sec_servs |= sec_serv_auth;
- break;
- case 'r':
- prog_type = receiver;
- break;
- case 's':
- prog_type = sender;
- break;
- case 'd':
- status = crypto_kernel_set_debug_module(optarg_s, 1);
- if (status) {
- printf("error: set debug module (%s) failed\n", optarg_s);
- exit(1);
- }
- break;
- case 'l':
- do_list_mods = 1;
- break;
- default:
- usage(argv[0]);
- }
- }
- if (prog_type == unknown) {
- if (do_list_mods) {
- status = crypto_kernel_list_debug_modules();
- if (status) {
- printf("error: list of debug modules failed\n");
- exit(1);
- }
- return 0;
- } else {
- printf("error: neither sender [-s] nor receiver [-r] specified\n");
- usage(argv[0]);
- }
- }
-
- if ((sec_servs && !input_key) || (!sec_servs && input_key)) {
- /*
- * a key must be provided if and only if security services have
- * been requested
- */
- usage(argv[0]);
- }
-
- if (argc != optind_s + 2) {
- /* wrong number of arguments */
- usage(argv[0]);
- }
- /* get address from arg */
- address = argv[optind_s++];
- /* get port from arg */
- port = atoi(argv[optind_s++]);
- /* set address */
- #ifdef HAVE_INET_ATON
- if (0 == inet_aton(address, &rcvr_addr)) {
- fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address);
- exit(1);
- }
- if (rcvr_addr.s_addr == INADDR_NONE) {
- fprintf(stderr, "%s: address error", argv[0]);
- exit(1);
- }
- #else
- rcvr_addr.s_addr = inet_addr(address);
- if (0xffffffff == rcvr_addr.s_addr) {
- fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address);
- exit(1);
- }
- #endif
- /* open socket */
- sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
- if (sock < 0) {
- int err;
- #ifdef RTPW_USE_WINSOCK2
- err = WSAGetLastError();
- #else
- err = errno;
- #endif
- fprintf(stderr, "%s: couldn't open socket: %d\n", argv[0], err);
- exit(1);
- }
- name.sin_addr = rcvr_addr;
- name.sin_family = PF_INET;
- name.sin_port = htons(port);
-
- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
- if (prog_type == sender) {
- ret = setsockopt(sock, IPPROTO_IP, IP_MULTICAST_TTL, &ttl,
- sizeof(ttl));
- if (ret < 0) {
- fprintf(stderr, "%s: Failed to set TTL for multicast group", argv[0]);
- perror("");
- exit(1);
- }
- }
- mreq.imr_multiaddr.s_addr = rcvr_addr.s_addr;
- mreq.imr_interface.s_addr = htonl(INADDR_ANY);
- ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, (void*)&mreq,
- sizeof(mreq));
- if (ret < 0) {
- fprintf(stderr, "%s: Failed to join multicast group", argv[0]);
- perror("");
- exit(1);
- }
- }
- /* report security services selected on the command line */
- printf("security services: ");
- if (sec_servs & sec_serv_conf)
- printf("confidentiality ");
- if (sec_servs & sec_serv_auth)
- printf("message authentication");
- if (sec_servs == sec_serv_none)
- printf("none");
- printf("\n");
-
- /* set up the srtp policy and master key */
- if (sec_servs) {
- /*
- * create policy structure, using the default mechanisms but
- * with only the security services requested on the command line,
- * using the right SSRC value
- */
- switch (sec_servs) {
- case sec_serv_conf_and_auth:
- if (gcm_on) {
- #ifdef OPENSSL
- switch (key_size) {
- case 128:
- crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
- break;
- case 256:
- crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
- break;
- }
- #else
- printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
- return 0;
- #endif
- } else {
- switch (key_size) {
- case 128:
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- break;
- case 256:
- crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- break;
- }
- }
- break;
- case sec_serv_conf:
- if (gcm_on) {
- printf("error: GCM mode must always be used with auth enabled\n");
- return -1;
- } else {
- switch (key_size) {
- case 128:
- crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- break;
- case 256:
- crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- break;
- }
- }
- break;
- case sec_serv_auth:
- if (gcm_on) {
- #ifdef OPENSSL
- switch (key_size) {
- case 128:
- crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
- break;
- case 256:
- crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
- break;
- }
- #else
- printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
- return 0;
- #endif
- } else {
- crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- }
- break;
- default:
- printf("error: unknown security service requested\n");
- return -1;
- }
- policy.ssrc.type = ssrc_specific;
- policy.ssrc.value = ssrc;
- policy.key = (uint8_t *) key;
- policy.ekt = NULL;
- policy.next = NULL;
- policy.window_size = 128;
- policy.allow_repeat_tx = 0;
- policy.rtp.sec_serv = sec_servs;
- policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */
- if (gcm_on && tag_size != 8) {
- policy.rtp.auth_tag_len = tag_size;
- }
- /*
- * read key from hexadecimal on command line into an octet string
- */
- len = hex_string_to_octet_string(key, input_key, policy.rtp.cipher_key_len*2);
-
- /* check that hex string is the right length */
- if (len < policy.rtp.cipher_key_len*2) {
- fprintf(stderr,
- "error: too few digits in key/salt "
- "(should be %d hexadecimal digits, found %d)\n",
- policy.rtp.cipher_key_len*2, len);
- exit(1);
- }
- if (strlen(input_key) > policy.rtp.cipher_key_len*2) {
- fprintf(stderr,
- "error: too many digits in key/salt "
- "(should be %d hexadecimal digits, found %u)\n",
- policy.rtp.cipher_key_len*2, (unsigned)strlen(input_key));
- exit(1);
- }
-
- printf("set master key/salt to %s/", octet_string_hex_string(key, 16));
- printf("%s\n", octet_string_hex_string(key+16, 14));
-
- } else {
- /*
- * we're not providing security services, so set the policy to the
- * null policy
- *
- * Note that this policy does not conform to the SRTP
- * specification, since RTCP authentication is required. However,
- * the effect of this policy is to turn off SRTP, so that this
- * application is now a vanilla-flavored RTP application.
- */
- policy.key = (uint8_t *)key;
- policy.ssrc.type = ssrc_specific;
- policy.ssrc.value = ssrc;
- policy.rtp.cipher_type = NULL_CIPHER;
- policy.rtp.cipher_key_len = 0;
- policy.rtp.auth_type = NULL_AUTH;
- policy.rtp.auth_key_len = 0;
- policy.rtp.auth_tag_len = 0;
- policy.rtp.sec_serv = sec_serv_none;
- policy.rtcp.cipher_type = NULL_CIPHER;
- policy.rtcp.cipher_key_len = 0;
- policy.rtcp.auth_type = NULL_AUTH;
- policy.rtcp.auth_key_len = 0;
- policy.rtcp.auth_tag_len = 0;
- policy.rtcp.sec_serv = sec_serv_none;
- policy.window_size = 0;
- policy.allow_repeat_tx = 0;
- policy.ekt = NULL;
- policy.next = NULL;
- }
- if (prog_type == sender) {
- #if BEW
- /* bind to local socket (to match crypto policy, if need be) */
- memset(&local, 0, sizeof(struct sockaddr_in));
- local.sin_addr.s_addr = htonl(INADDR_ANY);
- local.sin_port = htons(port);
- ret = bind(sock, (struct sockaddr *) &local, sizeof(struct sockaddr_in));
- if (ret < 0) {
- fprintf(stderr, "%s: bind failed\n", argv[0]);
- perror("");
- exit(1);
- }
- #endif /* BEW */
- /* initialize sender's rtp and srtp contexts */
- snd = rtp_sender_alloc();
- if (snd == NULL) {
- fprintf(stderr, "error: malloc() failed\n");
- exit(1);
- }
- rtp_sender_init(snd, sock, name, ssrc);
- status = rtp_sender_init_srtp(snd, &policy);
- if (status) {
- fprintf(stderr,
- "error: srtp_create() failed with code %d\n",
- status);
- exit(1);
- }
-
- /* open dictionary */
- dict = fopen (dictfile, "r");
- if (dict == NULL) {
- fprintf(stderr, "%s: couldn't open file %s\n", argv[0], dictfile);
- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
- leave_group(sock, mreq, argv[0]);
- }
- exit(1);
- }
-
- /* read words from dictionary, then send them off */
- while (!interrupted && fgets(word, MAX_WORD_LEN, dict) != NULL) {
- len = strlen(word) + 1; /* plus one for null */
-
- if (len > MAX_WORD_LEN)
- printf("error: word %s too large to send\n", word);
- else {
- rtp_sendto(snd, word, len);
- printf("sending word: %s", word);
- }
- usleep(USEC_RATE);
- }
- rtp_sender_deinit_srtp(snd);
- rtp_sender_dealloc(snd);
- fclose(dict);
- } else { /* prog_type == receiver */
- rtp_receiver_t rcvr;
-
- if (bind(sock, (struct sockaddr *)&name, sizeof(name)) < 0) {
- close(sock);
- fprintf(stderr, "%s: socket bind error\n", argv[0]);
- perror(NULL);
- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
- leave_group(sock, mreq, argv[0]);
- }
- exit(1);
- }
- rcvr = rtp_receiver_alloc();
- if (rcvr == NULL) {
- fprintf(stderr, "error: malloc() failed\n");
- exit(1);
- }
- rtp_receiver_init(rcvr, sock, name, ssrc);
- status = rtp_receiver_init_srtp(rcvr, &policy);
- if (status) {
- fprintf(stderr,
- "error: srtp_create() failed with code %d\n",
- status);
- exit(1);
- }
- /* get next word and loop */
- while (!interrupted) {
- len = MAX_WORD_LEN;
- if (rtp_recvfrom(rcvr, word, &len) > -1)
- printf("\tword: %s\n", word);
- }
-
- rtp_receiver_deinit_srtp(rcvr);
- rtp_receiver_dealloc(rcvr);
- }
- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
- leave_group(sock, mreq, argv[0]);
- }
- #ifdef RTPW_USE_WINSOCK2
- ret = closesocket(sock);
- #else
- ret = close(sock);
- #endif
- if (ret < 0) {
- fprintf(stderr, "%s: Failed to close socket", argv[0]);
- perror("");
- }
- status = srtp_shutdown();
- if (status) {
- printf("error: srtp shutdown failed with error code %d\n", status);
- exit(1);
- }
- #ifdef RTPW_USE_WINSOCK2
- WSACleanup();
- #endif
- return 0;
- }
- void
- usage(char *string) {
- printf("usage: %s [-d <debug>]* [-k <key> [-a][-e]] "
- "[-s | -r] dest_ip dest_port\n"
- "or %s -l\n"
- "where -a use message authentication\n"
- " -e <key size> use encryption (use 128 or 256 for key size)\n"
- " -g Use AES-GCM mode (must be used with -e)\n"
- " -t <tag size> Tag size to use in GCM mode (use 8 or 16)\n"
- " -k <key> sets the srtp master key\n"
- " -s act as rtp sender\n"
- " -r act as rtp receiver\n"
- " -l list debug modules\n"
- " -d <debug> turn on debugging for module <debug>\n",
- string, string);
- exit(1);
-
- }
- void
- leave_group(int sock, struct ip_mreq mreq, char *name) {
- int ret;
- ret = setsockopt(sock, IPPROTO_IP, IP_DROP_MEMBERSHIP, (void*)&mreq,
- sizeof(mreq));
- if (ret < 0) {
- fprintf(stderr, "%s: Failed to leave multicast group", name);
- perror("");
- }
- }
- void handle_signal(int signum)
- {
- interrupted = 1;
- /* Reset handler explicitly, in case we don't have sigaction() (and signal()
- has BSD semantics), or we don't have SA_RESETHAND */
- signal(signum, SIG_DFL);
- }
- int setup_signal_handler(char* name)
- {
- #if HAVE_SIGACTION
- struct sigaction act;
- memset(&act, 0, sizeof(act));
- act.sa_handler = handle_signal;
- sigemptyset(&act.sa_mask);
- #if defined(SA_RESETHAND)
- act.sa_flags = SA_RESETHAND;
- #else
- act.sa_flags = 0;
- #endif
- /* Note that we're not setting SA_RESTART; we want recvfrom to return
- * EINTR when we signal the receiver. */
-
- if (sigaction(SIGTERM, &act, NULL) != 0) {
- fprintf(stderr, "%s: error setting up signal handler", name);
- perror("");
- return -1;
- }
- #else
- if (signal(SIGTERM, handle_signal) == SIG_ERR) {
- fprintf(stderr, "%s: error setting up signal handler", name);
- perror("");
- return -1;
- }
- #endif
- return 0;
- }
|