third
/
srs
mirror of https://github.com/ossrs/srs


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
							/*
 * ekt.c
 *
 * Encrypted Key Transport for SRTP
 *
 * David McGrew
 * Cisco Systems, Inc.
 */
/*
 *
 * Copyright (c) 2001-2017 Cisco Systems, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 *
 *   Redistributions in binary form must reproduce the above
 *   copyright notice, this list of conditions and the following
 *   disclaimer in the documentation and/or other materials provided
 *   with the distribution.
 *
 *   Neither the name of the Cisco Systems, Inc. nor the names of its
 *   contributors may be used to endorse or promote products derived
 *   from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include "srtp_priv.h"
#include "err.h"
#include "ekt.h"

extern srtp_debug_module_t mod_srtp;

/*
 *  The EKT Authentication Tag format.
 *
 *    0                   1                   2                   3
 *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 *   :                   Base Authentication Tag                     :
 *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 *   :                     Encrypted Master Key                      :
 *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 *   |                       Rollover Counter                        |
 *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 *   |    Initial Sequence Number    |   Security Parameter Index    |
 *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 *
 */

#define EKT_OCTETS_AFTER_BASE_TAG 24
#define EKT_OCTETS_AFTER_EMK 8
#define EKT_OCTETS_AFTER_ROC 4
#define EKT_SPI_LEN 2

unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt)
{
    /*
     * if the pointer ekt is NULL, then EKT is not in effect, so we
     * indicate this by returning zero
     */
    if (!ekt)
        return 0;

    switch (ekt->data->ekt_cipher_type) {
    case SRTP_EKT_CIPHER_AES_128_ECB:
        return 16 + EKT_OCTETS_AFTER_EMK;
        break;
    default:
        break;
    }
    return 0;
}

static inline srtp_ekt_spi_t srtcp_packet_get_ekt_spi(
    const uint8_t *packet_start,
    unsigned pkt_octet_len)
{
    const uint8_t *spi_location;

    spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN);

    return *((const srtp_ekt_spi_t *)spi_location);
}

static inline uint32_t srtcp_packet_get_ekt_roc(const uint8_t *packet_start,
                                                unsigned pkt_octet_len)
{
    const uint8_t *roc_location;

    roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC);

    return *((const uint32_t *)roc_location);
}

static inline const uint8_t *srtcp_packet_get_emk_location(
    const uint8_t *packet_start,
    unsigned pkt_octet_len)
{
    const uint8_t *location;

    location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG);

    return location;
}

srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data,
                                 srtp_ekt_policy_t policy)
{
    /*
     * if the policy pointer is NULL, then EKT is not in use
     * so we just set the EKT stream data pointer to NULL
     */
    if (!policy) {
        *stream_data = NULL;
        return srtp_err_status_ok;
    }

    /* TODO */
    *stream_data = NULL;

    return srtp_err_status_ok;
}

srtp_err_status_t srtp_ekt_stream_init_from_policy(
    srtp_ekt_stream_t stream_data,
    srtp_ekt_policy_t policy)
{
    if (!stream_data)
        return srtp_err_status_ok;

    return srtp_err_status_ok;
}

void aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len)
{
#ifndef GCM
    // FIXME: need to get this working through the crypto module interface
    srtp_aes_expanded_key_t expanded_key;

    srtp_aes_expand_decryption_key(key, key_len, &expanded_key);
    srtp_aes_decrypt(ciphertext, &expanded_key);
#endif
}

/*
 * The function srtp_stream_init_from_ekt() initializes a stream using
 * the EKT data from an SRTCP trailer.
 */

srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream,
                                            const void *srtcp_hdr,
                                            unsigned pkt_octet_len)
{
    srtp_err_status_t err;
    const uint8_t *master_key;
    srtp_policy_t srtp_policy;
    uint32_t roc;

    /*
     * NOTE: at present, we only support a single ekt_policy at a time.
     */
    if (stream->ekt->data->spi !=
        srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len))
        return srtp_err_status_no_ctx;

    if (stream->ekt->data->ekt_cipher_type != SRTP_EKT_CIPHER_AES_128_ECB)
        return srtp_err_status_bad_param;

    /* decrypt the Encrypted Master Key field */
    master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len);
    /* FIX!? This decrypts the master key in-place, and never uses it */
    /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t)
     * to a function which expects a raw (unexpanded) key */
    aes_decrypt_with_raw_key((void *)master_key,
                             &stream->ekt->data->ekt_dec_key, 16);

    /* set the SRTP ROC */
    roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len);
    err = srtp_rdbx_set_roc(&stream->rtp_rdbx, roc);
    if (err)
        return err;

    err = srtp_stream_init(stream, &srtp_policy);
    if (err)
        return err;

    return srtp_err_status_ok;
}

void srtp_ekt_write_data(srtp_ekt_stream_t ekt,
                         uint8_t *base_tag,
                         unsigned base_tag_len,
                         int *packet_len,
                         srtp_xtd_seq_num_t pkt_index)
{
    uint32_t roc;
    uint16_t isn;
    unsigned emk_len;
    uint8_t *packet;

    /* if the pointer ekt is NULL, then EKT is not in effect */
    if (!ekt) {
        debug_print0(mod_srtp, "EKT not in use");
        return;
    }

    /* write zeros into the location of the base tag */
    octet_string_set_to_zero(base_tag, base_tag_len);
    packet = base_tag + base_tag_len;

    /* copy encrypted master key into packet */
    emk_len = srtp_ekt_octets_after_base_tag(ekt);
    memcpy(packet, ekt->encrypted_master_key, emk_len);
    debug_print(mod_srtp, "writing EKT EMK: %s,",
                srtp_octet_string_hex_string(packet, emk_len));
    packet += emk_len;

    /* copy ROC into packet */
    roc = (uint32_t)(pkt_index >> 16);
    *((uint32_t *)packet) = be32_to_cpu(roc);
    debug_print(mod_srtp, "writing EKT ROC: %s,",
                srtp_octet_string_hex_string(packet, sizeof(roc)));
    packet += sizeof(roc);

    /* copy ISN into packet */
    isn = (uint16_t)pkt_index;
    *((uint16_t *)packet) = htons(isn);
    debug_print(mod_srtp, "writing EKT ISN: %s,",
                srtp_octet_string_hex_string(packet, sizeof(isn)));
    packet += sizeof(isn);

    /* copy SPI into packet */
    *((uint16_t *)packet) = htons(ekt->data->spi);
    debug_print(mod_srtp, "writing EKT SPI: %s,",
                srtp_octet_string_hex_string(packet, sizeof(ekt->data->spi)));

    /* increase packet length appropriately */
    *packet_len += EKT_OCTETS_AFTER_EMK + emk_len;
}

/*
 * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag   )
 *
 * If the pointer ekt is NULL, then the other inputs are unaffected.
 *
 * auth_tag is a pointer to the pointer to the location of the
 * authentication tag in the packet.  If EKT is in effect, then the
 * auth_tag pointer is set to the location
 */

void srtcp_ekt_trailer(srtp_ekt_stream_t ekt,
                       unsigned *auth_len,
                       void **auth_tag,
                       void *tag_copy)
{
    /*
     * if there is no EKT policy, then the other inputs are unaffected
     */
    if (!ekt)
        return;

    /* copy auth_tag into temporary location */
}