From 609f5798341a65e161b51a848a737689036103f7 Mon Sep 17 00:00:00 2001 From: Philipp Hancke Date: Fri, 27 Sep 2024 15:26:23 -0700 Subject: [PATCH 01/15] =?UTF-8?q?add=20test=20for=20ROC=20m=D1=96smatch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit illustrating the reason why one should carefully pick the initial sequence number low enough to avoid a rollover. See https://webrtc-review.googlesource.com/c/src/+/358360 --- format.sh | 2 +- test/srtp_driver.c | 108 +++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 106 insertions(+), 4 deletions(-) diff --git a/format.sh b/format.sh index b67828c93..cc8bb90ff 100755 --- a/format.sh +++ b/format.sh @@ -20,7 +20,7 @@ done m=`git ls-files -m` if [ -n "$m" ]; then v=`$CLANG_FORMAT -version` - echo "Fromatting required when checking with $v" + echo "Formatting required when checking with $v" echo echo "The following files required formatting:" for f in $m; do diff --git a/test/srtp_driver.c b/test/srtp_driver.c index 04f8ca964..519c1e3fb 100644 --- a/test/srtp_driver.c +++ b/test/srtp_driver.c @@ -104,6 +104,8 @@ srtp_err_status_t srtp_test_get_roc(void); srtp_err_status_t srtp_test_set_receiver_roc(void); +srtp_err_status_t srtp_test_roc_mismatch(void); + srtp_err_status_t srtp_test_set_sender_roc(void); double srtp_bits_per_second(size_t msg_len_octets, const srtp_policy_t *policy); @@ -841,6 +843,14 @@ int main(int argc, char *argv[]) exit(1); } + printf("testing srtp_test_roc_mismatch()..."); + if (srtp_test_roc_mismatch() == srtp_err_status_ok) { + printf("passed\n"); + } else { + printf("failed\n"); + exit(1); + } + printf("testing srtp_test_set_sender_roc()..."); if (srtp_test_set_sender_roc() == srtp_err_status_ok) { printf("passed\n"); @@ -4021,7 +4031,7 @@ srtp_err_status_t srtp_test_out_of_order_after_rollover(void) uint32_t i; uint32_t stream_roc; - /* Create sender */ + /* Create the sender */ memset(&sender_policy, 0, sizeof(sender_policy)); #ifdef GCM srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtp); @@ -4311,7 +4321,7 @@ static srtp_err_status_t test_set_receiver_roc(uint32_t packets, size_t protected_msg_len_octets_1; size_t protected_msg_len_octets_2; - /* Create sender */ + /* Create the sender */ memset(&sender_policy, 0, sizeof(sender_policy)); #ifdef GCM srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtp); @@ -4472,7 +4482,7 @@ static srtp_err_status_t test_set_sender_roc(uint16_t seq, uint32_t roc_to_set) size_t msg_len_octets = 32; size_t protected_msg_len_octets; - /* Create sender */ + /* Create the sender */ memset(&sender_policy, 0, sizeof(sender_policy)); #ifdef GCM srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtp); @@ -4670,6 +4680,98 @@ srtp_err_status_t srtp_test_set_sender_roc(void) return srtp_err_status_ok; } +/* This test illustrates how the ROC can be mismatched between + * sender and receiver when a packets are lost before the initial + * sequence number wraparound. In a nutshell: + * - Sender encrypts sequence numbers 65535, 0, 1, ... + * - Receiver only receives 1 initially. + * In that state the receiver will assume the sender used ROC=0 to + * encrypt the packet with sequence number 0. + * This is a long-standing problem that is best avoided by a choice + * of initial sequence number in the lower half of the sequence number + * space. + */ +srtp_err_status_t srtp_test_roc_mismatch(void) +{ + srtp_policy_t sender_policy; + srtp_t sender_session; + + srtp_policy_t receiver_policy; + srtp_t receiver_session; + + const uint32_t num_pkts = 3; + uint8_t *pkts[3]; + size_t pkt_len_octets[3]; + + const uint16_t seq = 0xffff; + uint32_t i; + + /* Create the sender */ + memset(&sender_policy, 0, sizeof(sender_policy)); +#ifdef GCM + srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtp); + srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtcp); + sender_policy.key = test_key_gcm; +#else + srtp_crypto_policy_set_rtp_default(&sender_policy.rtp); + srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp); + sender_policy.key = test_key; +#endif + sender_policy.ssrc.type = ssrc_specific; + sender_policy.ssrc.value = 0xcafebabe; + sender_policy.window_size = 128; + + CHECK_OK(srtp_create(&sender_session, &sender_policy)); + + /* Create the receiver */ + memset(&receiver_policy, 0, sizeof(receiver_policy)); +#ifdef GCM + srtp_crypto_policy_set_aes_gcm_128_16_auth(&receiver_policy.rtp); + srtp_crypto_policy_set_aes_gcm_128_16_auth(&receiver_policy.rtcp); + receiver_policy.key = test_key_gcm; +#else + srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp); + srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp); + receiver_policy.key = test_key; +#endif + receiver_policy.ssrc.type = ssrc_specific; + receiver_policy.ssrc.value = sender_policy.ssrc.value; + receiver_policy.window_size = 128; + + CHECK_OK(srtp_create(&receiver_session, &receiver_policy)); + + /* Create and protect packets to get to get ROC == 1 */ + for (i = 0; i < num_pkts; i++) { + pkts[i] = create_rtp_test_packet(64, sender_policy.ssrc.value, + (uint16_t)(seq + i), 0, false, + &pkt_len_octets[i], NULL); + CHECK_OK( + call_srtp_protect(sender_session, pkts[i], &pkt_len_octets[i], 0)); + } + + /* Decrypt in reverse order (1, 0, 65535) */ + CHECK_RETURN( + call_srtp_unprotect(receiver_session, pkts[2], &pkt_len_octets[2]), + srtp_err_status_auth_fail); + CHECK_RETURN( + call_srtp_unprotect(receiver_session, pkts[1], &pkt_len_octets[1]), + srtp_err_status_auth_fail); + CHECK_OK( + call_srtp_unprotect(receiver_session, pkts[0], &pkt_len_octets[0])); + /* After decryption of the previous ROC rollover will work as expected */ + CHECK_OK( + call_srtp_unprotect(receiver_session, pkts[1], &pkt_len_octets[1])); + CHECK_OK( + call_srtp_unprotect(receiver_session, pkts[2], &pkt_len_octets[2])); + + for (i = 0; i < num_pkts; i++) { + free(pkts[i]); + } + CHECK_OK(srtp_dealloc(sender_session)); + CHECK_OK(srtp_dealloc(receiver_session)); + return srtp_err_status_ok; +} + /* * srtp policy definitions - these definitions are used above */ From ba6a14f409de8d23edb1571f80d409a6c46b8b7b Mon Sep 17 00:00:00 2001 From: Philipp Hancke Date: Sun, 29 Sep 2024 19:49:02 -0700 Subject: [PATCH 02/15] tweak test to avoid failure --- test/srtp_driver.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/test/srtp_driver.c b/test/srtp_driver.c index 519c1e3fb..8012c0bf7 100644 --- a/test/srtp_driver.c +++ b/test/srtp_driver.c @@ -4749,20 +4749,17 @@ srtp_err_status_t srtp_test_roc_mismatch(void) call_srtp_protect(sender_session, pkts[i], &pkt_len_octets[i], 0)); } - /* Decrypt in reverse order (1, 0, 65535) */ + /* Decrypt in reverse order (1, 65535) */ CHECK_RETURN( call_srtp_unprotect(receiver_session, pkts[2], &pkt_len_octets[2]), srtp_err_status_auth_fail); - CHECK_RETURN( - call_srtp_unprotect(receiver_session, pkts[1], &pkt_len_octets[1]), - srtp_err_status_auth_fail); CHECK_OK( call_srtp_unprotect(receiver_session, pkts[0], &pkt_len_octets[0])); /* After decryption of the previous ROC rollover will work as expected */ + /* Only pkts[1] is checked since that is not modified by the attempt to + * decryption. */ CHECK_OK( call_srtp_unprotect(receiver_session, pkts[1], &pkt_len_octets[1])); - CHECK_OK( - call_srtp_unprotect(receiver_session, pkts[2], &pkt_len_octets[2])); for (i = 0; i < num_pkts; i++) { free(pkts[i]); From 81b5a866bd6ed14662f8b0898906517e90ea7e60 Mon Sep 17 00:00:00 2001 From: Sean Bright Date: Mon, 7 Oct 2024 12:03:18 -0400 Subject: [PATCH 03/15] README.md: Note the version when `rdbx_estimate_index` was made smarter. --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f770ec5e8..0b2b8dc7a 100644 --- a/README.md +++ b/README.md @@ -261,7 +261,8 @@ described in [RFC 7714](https://tools.ietf.org/html/rfc7714) forward to that number at its first invocation. An earlier version of this library used initial sequence numbers that are less than 32,768; this trick is no longer required as the - `rdbx_estimate_index(...)` function has been made smarter. + `rdbx_estimate_index(...)` function has been made smarter as of + version 1.0.1. * The replay window for (S)RTCP is hardcoded to 128 bits in length. From def120171bb4006eccd940ad69449b0f16714abf Mon Sep 17 00:00:00 2001 From: Hazem Ali Date: Sat, 9 Nov 2024 12:19:53 +0200 Subject: [PATCH 04/15] Fix for Memory Safety Issue --- srtp/srtp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/srtp/srtp.c b/srtp/srtp.c index 5236a525f..709dbeb45 100644 --- a/srtp/srtp.c +++ b/srtp/srtp.c @@ -4899,8 +4899,12 @@ srtp_err_status_t srtp_stream_list_insert(srtp_stream_list_t list, size_t new_capacity = list->capacity * 2; // check for capacity overflow. - if ((sizeof(list_entry) * new_capacity) <= - (sizeof(list_entry) * list->capacity)) { + // Fix: Ensure new_capacity does not regress below current capacity + // and prevent integer overflow during memory allocation. + // The multiplication (sizeof(list_entry) * new_capacity) is validated + // by checking that new_capacity is less than SIZE_MAX / sizeof(list_entry). + if (new_capacity < list->capacity || + new_capacity > SIZE_MAX / sizeof(list_entry)) { return srtp_err_status_alloc_fail; } From ab6d06362d4cab57016c80046b4633db19a119c8 Mon Sep 17 00:00:00 2001 From: Hazem Ali Date: Sun, 10 Nov 2024 09:46:14 +0200 Subject: [PATCH 05/15] Update srtp.c --- srtp/srtp.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/srtp/srtp.c b/srtp/srtp.c index 709dbeb45..88cdf165c 100644 --- a/srtp/srtp.c +++ b/srtp/srtp.c @@ -4899,12 +4899,7 @@ srtp_err_status_t srtp_stream_list_insert(srtp_stream_list_t list, size_t new_capacity = list->capacity * 2; // check for capacity overflow. - // Fix: Ensure new_capacity does not regress below current capacity - // and prevent integer overflow during memory allocation. - // The multiplication (sizeof(list_entry) * new_capacity) is validated - // by checking that new_capacity is less than SIZE_MAX / sizeof(list_entry). - if (new_capacity < list->capacity || - new_capacity > SIZE_MAX / sizeof(list_entry)) { + if (new_capacity < list->capacity || new_capacity > SIZE_MAX / sizeof(list_entry)) { return srtp_err_status_alloc_fail; } From 9bb05f1d8606a10034d866b8da2d409100c5892b Mon Sep 17 00:00:00 2001 From: Hazem Ali Date: Wed, 13 Nov 2024 11:06:06 +0200 Subject: [PATCH 06/15] Update srtp.c --- srtp/srtp.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/srtp/srtp.c b/srtp/srtp.c index 88cdf165c..2406cce01 100644 --- a/srtp/srtp.c +++ b/srtp/srtp.c @@ -4897,28 +4897,33 @@ srtp_err_status_t srtp_stream_list_insert(srtp_stream_list_t list, */ if (list->size == list->capacity) { size_t new_capacity = list->capacity * 2; - - // check for capacity overflow. - if (new_capacity < list->capacity || new_capacity > SIZE_MAX / sizeof(list_entry)) { + + // Check for capacity overflow. + if (new_capacity < list->capacity || + new_capacity > SIZE_MAX / sizeof(list_entry)) { return srtp_err_status_alloc_fail; } - + list_entry *new_entries = srtp_crypto_alloc(sizeof(list_entry) * new_capacity); if (new_entries == NULL) { return srtp_err_status_alloc_fail; } - - // copy previous entries into the new buffer + + // Copy previous entries into the new buffer. memcpy(new_entries, list->entries, sizeof(list_entry) * list->capacity); - // release previous entries + + // Release previous entries. srtp_crypto_free(list->entries); - // assign new entries to the list + + // Assign new entries to the list. list->entries = new_entries; - // update list capacity + + // Update list capacity. list->capacity = new_capacity; } + // fill the first available entry size_t next_index = list->size; list->entries[next_index].ssrc = stream->ssrc; From e16da020a98bc8ef87b0bd044cabbe82aaefcf7c Mon Sep 17 00:00:00 2001 From: Hazem Ali Date: Wed, 13 Nov 2024 11:16:44 +0200 Subject: [PATCH 07/15] clang-formatted srtp.c --- srtp/srtp.c | 2666 +++++++++++++++++++++++++-------------------------- 1 file changed, 1302 insertions(+), 1364 deletions(-) diff --git a/srtp/srtp.c b/srtp/srtp.c index 2406cce01..6b1134ce9 100644 --- a/srtp/srtp.c +++ b/srtp/srtp.c @@ -46,53 +46,62 @@ #include "config.h" #include "srtp_priv.h" + #include "stream_list_priv.h" + #include "crypto_types.h" + #include "err.h" + #include "alloc.h" /* for srtp_crypto_alloc() */ -#ifdef GCM -#include "aes_gcm.h" /* for AES GCM mode */ +#ifdef GCM#include "aes_gcm.h" /* for AES GCM mode */ + #endif -#ifdef OPENSSL_KDF -#include +#ifdef OPENSSL_KDF#include + #include "aes_icm_ext.h" + #endif #ifdef WOLFSSL -#ifdef HAVE_CONFIG_H -#include -#endif -#ifndef WOLFSSL_USER_SETTINGS -#include +#ifdef HAVE_CONFIG_H#include + #endif -#include -#ifdef WOLFSSL_KDF -#include +#ifndef WOLFSSL_USER_SETTINGS#include + +#endif#include + +#ifdef WOLFSSL_KDF#include + #endif #endif #include -#ifdef HAVE_NETINET_IN_H -#include -#elif defined(HAVE_WINSOCK2_H) -#include + +#ifdef HAVE_NETINET_IN_H#include + +#elif defined(HAVE_WINSOCK2_H)#include + #endif /* the debug module for srtp */ srtp_debug_module_t mod_srtp = { - false, /* debugging is off by default */ + false, + /* debugging is off by default */ "srtp" /* printable name for module */ }; -static const size_t octets_in_rtp_header = 12; -static const size_t octets_in_rtcp_header = 8; -static const size_t octets_in_rtp_xtn_hdr = 4; +static +const size_t octets_in_rtp_header = 12; +static +const size_t octets_in_rtcp_header = 8; +static +const size_t octets_in_rtp_xtn_hdr = 4; -static size_t srtp_get_rtp_hdr_len(const srtp_hdr_t *hdr) -{ - return octets_in_rtp_header + 4 * hdr->cc; +static size_t srtp_get_rtp_hdr_len(const srtp_hdr_t * hdr) { + return octets_in_rtp_header + 4 * hdr -> cc; } /* @@ -101,10 +110,9 @@ static size_t srtp_get_rtp_hdr_len(const srtp_hdr_t *hdr) * verified that a header extension is present by checking the x bit of * srtp_hdr_t. */ -static srtp_hdr_xtnd_t *srtp_get_rtp_xtn_hdr(const srtp_hdr_t *hdr, - uint8_t *rtp) -{ - return (srtp_hdr_xtnd_t *)(rtp + srtp_get_rtp_hdr_len(hdr)); +static srtp_hdr_xtnd_t * srtp_get_rtp_xtn_hdr(const srtp_hdr_t * hdr, + uint8_t * rtp) { + return (srtp_hdr_xtnd_t * )(rtp + srtp_get_rtp_hdr_len(hdr)); } /* @@ -113,18 +121,16 @@ static srtp_hdr_xtnd_t *srtp_get_rtp_xtn_hdr(const srtp_hdr_t *hdr, * pointer and that the caller has already verified that a header extension is * valid by checking the x bit of the RTP header. */ -static size_t srtp_get_rtp_xtn_hdr_len(const srtp_hdr_t *hdr, - const uint8_t *rtp) -{ - const srtp_hdr_xtnd_t *xtn_hdr = - (const srtp_hdr_xtnd_t *)(rtp + srtp_get_rtp_hdr_len(hdr)); - return (ntohs(xtn_hdr->length) + 1u) * 4u; +static size_t srtp_get_rtp_xtn_hdr_len(const srtp_hdr_t * hdr, + const uint8_t * rtp) { + const srtp_hdr_xtnd_t * xtn_hdr = + (const srtp_hdr_xtnd_t * )(rtp + srtp_get_rtp_hdr_len(hdr)); + return (ntohs(xtn_hdr -> length) + 1 u) * 4 u; } -static srtp_err_status_t srtp_validate_rtp_header(const uint8_t *rtp, - size_t pkt_octet_len) -{ - const srtp_hdr_t *hdr = (const srtp_hdr_t *)rtp; +static srtp_err_status_t srtp_validate_rtp_header(const uint8_t * rtp, + size_t pkt_octet_len) { + const srtp_hdr_t * hdr = (const srtp_hdr_t * ) rtp; size_t rtp_header_len; if (pkt_octet_len < octets_in_rtp_header) { @@ -138,7 +144,7 @@ static srtp_err_status_t srtp_validate_rtp_header(const uint8_t *rtp, } /* Verifying profile length. */ - if (hdr->x == 1) { + if (hdr -> x == 1) { if (pkt_octet_len < rtp_header_len + octets_in_rtp_xtn_hdr) { return srtp_err_status_bad_param; } @@ -152,16 +158,14 @@ static srtp_err_status_t srtp_validate_rtp_header(const uint8_t *rtp, return srtp_err_status_ok; } -const char *srtp_get_version_string(void) -{ +const char * srtp_get_version_string(void) { /* * Simply return the autotools generated string */ return SRTP_VER_STRING; } -unsigned int srtp_get_version(void) -{ +unsigned int srtp_get_version(void) { unsigned int major = 0, minor = 0, micro = 0; unsigned int rv = 0; int parse_rv; @@ -169,7 +173,7 @@ unsigned int srtp_get_version(void) /* * Parse the autotools generated version */ - parse_rv = sscanf(SRTP_VERSION, "%u.%u.%u", &major, &minor, µ); + parse_rv = sscanf(SRTP_VERSION, "%u.%u.%u", & major, & minor, & micro); if (parse_rv != 3) { /* * We're expected to parse all 3 version levels. @@ -192,25 +196,24 @@ unsigned int srtp_get_version(void) } static srtp_err_status_t srtp_stream_dealloc( - srtp_stream_ctx_t *stream, - const srtp_stream_ctx_t *stream_template) -{ + srtp_stream_ctx_t * stream, + const srtp_stream_ctx_t * stream_template) { srtp_err_status_t status; - srtp_session_keys_t *session_keys = NULL; - srtp_session_keys_t *template_session_keys = NULL; + srtp_session_keys_t * session_keys = NULL; + srtp_session_keys_t * template_session_keys = NULL; /* * we use a conservative deallocation strategy - if any deallocation * fails, then we report that fact without trying to deallocate * anything else */ - if (stream->session_keys) { - for (size_t i = 0; i < stream->num_master_keys; i++) { - session_keys = &stream->session_keys[i]; + if (stream -> session_keys) { + for (size_t i = 0; i < stream -> num_master_keys; i++) { + session_keys = & stream -> session_keys[i]; if (stream_template && - stream->num_master_keys == stream_template->num_master_keys) { - template_session_keys = &stream_template->session_keys[i]; + stream -> num_master_keys == stream_template -> num_master_keys) { + template_session_keys = & stream_template -> session_keys[i]; } else { template_session_keys = NULL; } @@ -219,10 +222,10 @@ static srtp_err_status_t srtp_stream_dealloc( * deallocate cipher, if it is not the same as that in template */ if (template_session_keys && - session_keys->rtp_cipher == template_session_keys->rtp_cipher) { + session_keys -> rtp_cipher == template_session_keys -> rtp_cipher) { /* do nothing */ - } else if (session_keys->rtp_cipher) { - status = srtp_cipher_dealloc(session_keys->rtp_cipher); + } else if (session_keys -> rtp_cipher) { + status = srtp_cipher_dealloc(session_keys -> rtp_cipher); if (status) { return status; } @@ -233,21 +236,21 @@ static srtp_err_status_t srtp_stream_dealloc( * template */ if (template_session_keys && - session_keys->rtp_auth == template_session_keys->rtp_auth) { + session_keys -> rtp_auth == template_session_keys -> rtp_auth) { /* do nothing */ - } else if (session_keys->rtp_auth) { - status = srtp_auth_dealloc(session_keys->rtp_auth); + } else if (session_keys -> rtp_auth) { + status = srtp_auth_dealloc(session_keys -> rtp_auth); if (status) { return status; } } if (template_session_keys && - session_keys->rtp_xtn_hdr_cipher == - template_session_keys->rtp_xtn_hdr_cipher) { + session_keys -> rtp_xtn_hdr_cipher == + template_session_keys -> rtp_xtn_hdr_cipher) { /* do nothing */ - } else if (session_keys->rtp_xtn_hdr_cipher) { - status = srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher); + } else if (session_keys -> rtp_xtn_hdr_cipher) { + status = srtp_cipher_dealloc(session_keys -> rtp_xtn_hdr_cipher); if (status) { return status; } @@ -258,11 +261,11 @@ static srtp_err_status_t srtp_stream_dealloc( * template */ if (template_session_keys && - session_keys->rtcp_cipher == - template_session_keys->rtcp_cipher) { + session_keys -> rtcp_cipher == + template_session_keys -> rtcp_cipher) { /* do nothing */ - } else if (session_keys->rtcp_cipher) { - status = srtp_cipher_dealloc(session_keys->rtcp_cipher); + } else if (session_keys -> rtcp_cipher) { + status = srtp_cipher_dealloc(session_keys -> rtcp_cipher); if (status) { return status; } @@ -273,10 +276,10 @@ static srtp_err_status_t srtp_stream_dealloc( * template */ if (template_session_keys && - session_keys->rtcp_auth == template_session_keys->rtcp_auth) { + session_keys -> rtcp_auth == template_session_keys -> rtcp_auth) { /* do nothing */ - } else if (session_keys->rtcp_auth) { - status = srtp_auth_dealloc(session_keys->rtcp_auth); + } else if (session_keys -> rtcp_auth) { + status = srtp_auth_dealloc(session_keys -> rtcp_auth); if (status) { return status; } @@ -285,14 +288,14 @@ static srtp_err_status_t srtp_stream_dealloc( /* * zeroize the salt value */ - octet_string_set_to_zero(session_keys->salt, SRTP_AEAD_SALT_LEN); - octet_string_set_to_zero(session_keys->c_salt, SRTP_AEAD_SALT_LEN); - - if (session_keys->mki_id) { - octet_string_set_to_zero(session_keys->mki_id, - stream->mki_size); - srtp_crypto_free(session_keys->mki_id); - session_keys->mki_id = NULL; + octet_string_set_to_zero(session_keys -> salt, SRTP_AEAD_SALT_LEN); + octet_string_set_to_zero(session_keys -> c_salt, SRTP_AEAD_SALT_LEN); + + if (session_keys -> mki_id) { + octet_string_set_to_zero(session_keys -> mki_id, + stream -> mki_size); + srtp_crypto_free(session_keys -> mki_id); + session_keys -> mki_id = NULL; } /* @@ -300,25 +303,25 @@ static srtp_err_status_t srtp_stream_dealloc( * template */ if (template_session_keys && - session_keys->limit == template_session_keys->limit) { + session_keys -> limit == template_session_keys -> limit) { /* do nothing */ - } else if (session_keys->limit) { - srtp_crypto_free(session_keys->limit); + } else if (session_keys -> limit) { + srtp_crypto_free(session_keys -> limit); } } - srtp_crypto_free(stream->session_keys); + srtp_crypto_free(stream -> session_keys); } - status = srtp_rdbx_dealloc(&stream->rtp_rdbx); + status = srtp_rdbx_dealloc( & stream -> rtp_rdbx); if (status) { return status; } if (stream_template && - stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) { + stream -> enc_xtn_hdr == stream_template -> enc_xtn_hdr) { /* do nothing */ - } else if (stream->enc_xtn_hdr) { - srtp_crypto_free(stream->enc_xtn_hdr); + } else if (stream -> enc_xtn_hdr) { + srtp_crypto_free(stream -> enc_xtn_hdr); } /* deallocate srtp stream context */ @@ -329,9 +332,8 @@ static srtp_err_status_t srtp_stream_dealloc( /* try to insert stream in list or deallocate it */ static srtp_err_status_t srtp_insert_or_dealloc_stream(srtp_stream_list_t list, - srtp_stream_t stream, - srtp_stream_t template) -{ + srtp_stream_t stream, + srtp_stream_t template) { srtp_err_status_t status = srtp_stream_list_insert(list, stream); /* on failure, ownership wasn't transferred and we need to deallocate */ if (status) { @@ -346,13 +348,12 @@ struct remove_and_dealloc_streams_data { srtp_stream_t template; }; -static bool remove_and_dealloc_streams_cb(srtp_stream_t stream, void *data) -{ - struct remove_and_dealloc_streams_data *d = - (struct remove_and_dealloc_streams_data *)data; - srtp_stream_list_remove(d->list, stream); - d->status = srtp_stream_dealloc(stream, d->template); - if (d->status) { +static bool remove_and_dealloc_streams_cb(srtp_stream_t stream, void * data) { + struct remove_and_dealloc_streams_data * d = + (struct remove_and_dealloc_streams_data * ) data; + srtp_stream_list_remove(d -> list, stream); + d -> status = srtp_stream_dealloc(stream, d -> template); + if (d -> status) { return false; } return true; @@ -360,47 +361,48 @@ static bool remove_and_dealloc_streams_cb(srtp_stream_t stream, void *data) static srtp_err_status_t srtp_remove_and_dealloc_streams( srtp_stream_list_t list, - srtp_stream_t template) -{ - struct remove_and_dealloc_streams_data data = { srtp_err_status_ok, list, - template }; - srtp_stream_list_for_each(list, remove_and_dealloc_streams_cb, &data); + srtp_stream_t template) { + struct remove_and_dealloc_streams_data data = { + srtp_err_status_ok, + list, + template + }; + srtp_stream_list_for_each(list, remove_and_dealloc_streams_cb, & data); return data.status; } -static srtp_err_status_t srtp_valid_policy(const srtp_policy_t *policy) -{ +static srtp_err_status_t srtp_valid_policy(const srtp_policy_t * policy) { if (policy == NULL) { return srtp_err_status_bad_param; } - if (policy->key == NULL) { - if (policy->num_master_keys <= 0) { + if (policy -> key == NULL) { + if (policy -> num_master_keys <= 0) { return srtp_err_status_bad_param; } - if (policy->num_master_keys > SRTP_MAX_NUM_MASTER_KEYS) { + if (policy -> num_master_keys > SRTP_MAX_NUM_MASTER_KEYS) { return srtp_err_status_bad_param; } - if (policy->use_mki) { - if (policy->mki_size == 0 || policy->mki_size > SRTP_MAX_MKI_LEN) { + if (policy -> use_mki) { + if (policy -> mki_size == 0 || policy -> mki_size > SRTP_MAX_MKI_LEN) { return srtp_err_status_bad_param; } - } else if (policy->mki_size != 0) { + } else if (policy -> mki_size != 0) { return srtp_err_status_bad_param; } - for (size_t i = 0; i < policy->num_master_keys; i++) { - if (policy->keys[i]->key == NULL) { + for (size_t i = 0; i < policy -> num_master_keys; i++) { + if (policy -> keys[i] -> key == NULL) { return srtp_err_status_bad_param; } - if (policy->use_mki && policy->keys[i]->mki_id == NULL) { + if (policy -> use_mki && policy -> keys[i] -> mki_id == NULL) { return srtp_err_status_bad_param; } } } else { - if (policy->use_mki || policy->mki_size != 0) { + if (policy -> use_mki || policy -> mki_size != 0) { return srtp_err_status_bad_param; } } @@ -408,13 +410,12 @@ static srtp_err_status_t srtp_valid_policy(const srtp_policy_t *policy) return srtp_err_status_ok; } -static srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, - const srtp_policy_t *p) -{ - srtp_stream_ctx_t *str; +static srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t ** str_ptr, + const srtp_policy_t * p) { + srtp_stream_ctx_t * str; srtp_err_status_t stat; size_t i = 0; - srtp_session_keys_t *session_keys = NULL; + srtp_session_keys_t * session_keys = NULL; stat = srtp_valid_policy(p); if (stat != srtp_err_status_ok) { @@ -430,38 +431,38 @@ static srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, */ /* allocate srtp stream and set str_ptr */ - str = (srtp_stream_ctx_t *)srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); + str = (srtp_stream_ctx_t * ) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); if (str == NULL) { return srtp_err_status_alloc_fail; } - *str_ptr = str; + * str_ptr = str; /* *To keep backwards API compatible if someone is using multiple master * keys then key should be set to NULL */ - if (p->key != NULL) { - str->num_master_keys = 1; + if (p -> key != NULL) { + str -> num_master_keys = 1; } else { - str->num_master_keys = p->num_master_keys; + str -> num_master_keys = p -> num_master_keys; } - str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc( - sizeof(srtp_session_keys_t) * str->num_master_keys); + str -> session_keys = (srtp_session_keys_t * ) srtp_crypto_alloc( + sizeof(srtp_session_keys_t) * str -> num_master_keys); - if (str->session_keys == NULL) { + if (str -> session_keys == NULL) { srtp_stream_dealloc(str, NULL); return srtp_err_status_alloc_fail; } - for (i = 0; i < str->num_master_keys; i++) { - session_keys = &str->session_keys[i]; + for (i = 0; i < str -> num_master_keys; i++) { + session_keys = & str -> session_keys[i]; /* allocate cipher */ stat = srtp_crypto_kernel_alloc_cipher( - p->rtp.cipher_type, &session_keys->rtp_cipher, - p->rtp.cipher_key_len, p->rtp.auth_tag_len); + p -> rtp.cipher_type, & session_keys -> rtp_cipher, + p -> rtp.cipher_key_len, p -> rtp.auth_tag_len); if (stat) { srtp_stream_dealloc(str, NULL); return stat; @@ -469,8 +470,8 @@ static srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, /* allocate auth function */ stat = srtp_crypto_kernel_alloc_auth( - p->rtp.auth_type, &session_keys->rtp_auth, p->rtp.auth_key_len, - p->rtp.auth_tag_len); + p -> rtp.auth_type, & session_keys -> rtp_auth, p -> rtp.auth_key_len, + p -> rtp.auth_tag_len); if (stat) { srtp_stream_dealloc(str, NULL); return stat; @@ -481,8 +482,8 @@ static srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, * the cipher */ stat = srtp_crypto_kernel_alloc_cipher( - p->rtcp.cipher_type, &session_keys->rtcp_cipher, - p->rtcp.cipher_key_len, p->rtcp.auth_tag_len); + p -> rtcp.cipher_type, & session_keys -> rtcp_cipher, + p -> rtcp.cipher_key_len, p -> rtcp.auth_tag_len); if (stat) { srtp_stream_dealloc(str, NULL); return stat; @@ -490,43 +491,43 @@ static srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, /* allocate auth function */ stat = srtp_crypto_kernel_alloc_auth( - p->rtcp.auth_type, &session_keys->rtcp_auth, p->rtcp.auth_key_len, - p->rtcp.auth_tag_len); + p -> rtcp.auth_type, & session_keys -> rtcp_auth, p -> rtcp.auth_key_len, + p -> rtcp.auth_tag_len); if (stat) { srtp_stream_dealloc(str, NULL); return stat; } - session_keys->mki_id = NULL; + session_keys -> mki_id = NULL; /* allocate key limit structure */ - session_keys->limit = (srtp_key_limit_ctx_t *)srtp_crypto_alloc( + session_keys -> limit = (srtp_key_limit_ctx_t * ) srtp_crypto_alloc( sizeof(srtp_key_limit_ctx_t)); - if (session_keys->limit == NULL) { + if (session_keys -> limit == NULL) { srtp_stream_dealloc(str, NULL); return srtp_err_status_alloc_fail; } } - if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) { + if (p -> enc_xtn_hdr && p -> enc_xtn_hdr_count > 0) { srtp_cipher_type_id_t enc_xtn_hdr_cipher_type; size_t enc_xtn_hdr_cipher_key_len; - str->enc_xtn_hdr = (uint8_t *)srtp_crypto_alloc( - p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); - if (!str->enc_xtn_hdr) { + str -> enc_xtn_hdr = (uint8_t * ) srtp_crypto_alloc( + p -> enc_xtn_hdr_count * sizeof(p -> enc_xtn_hdr[0])); + if (!str -> enc_xtn_hdr) { srtp_stream_dealloc(str, NULL); return srtp_err_status_alloc_fail; } - memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr, - p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); - str->enc_xtn_hdr_count = p->enc_xtn_hdr_count; + memcpy(str -> enc_xtn_hdr, p -> enc_xtn_hdr, + p -> enc_xtn_hdr_count * sizeof(p -> enc_xtn_hdr[0])); + str -> enc_xtn_hdr_count = p -> enc_xtn_hdr_count; /* * For GCM ciphers, the corresponding ICM cipher is used for header * extensions encryption. */ - switch (p->rtp.cipher_type) { + switch (p -> rtp.cipher_type) { case SRTP_AES_GCM_128: enc_xtn_hdr_cipher_type = SRTP_AES_ICM_128; enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; @@ -536,17 +537,17 @@ static srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; break; default: - enc_xtn_hdr_cipher_type = p->rtp.cipher_type; - enc_xtn_hdr_cipher_key_len = p->rtp.cipher_key_len; + enc_xtn_hdr_cipher_type = p -> rtp.cipher_type; + enc_xtn_hdr_cipher_key_len = p -> rtp.cipher_key_len; break; } - for (i = 0; i < str->num_master_keys; i++) { - session_keys = &str->session_keys[i]; + for (i = 0; i < str -> num_master_keys; i++) { + session_keys = & str -> session_keys[i]; /* allocate cipher for extensions header encryption */ stat = srtp_crypto_kernel_alloc_cipher( - enc_xtn_hdr_cipher_type, &session_keys->rtp_xtn_hdr_cipher, + enc_xtn_hdr_cipher_type, & session_keys -> rtp_xtn_hdr_cipher, enc_xtn_hdr_cipher_key_len, 0); if (stat) { srtp_stream_dealloc(str, NULL); @@ -554,13 +555,13 @@ static srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, } } } else { - for (i = 0; i < str->num_master_keys; i++) { - session_keys = &str->session_keys[i]; - session_keys->rtp_xtn_hdr_cipher = NULL; + for (i = 0; i < str -> num_master_keys; i++) { + session_keys = & str -> session_keys[i]; + session_keys -> rtp_xtn_hdr_cipher = NULL; } - str->enc_xtn_hdr = NULL; - str->enc_xtn_hdr_count = 0; + str -> enc_xtn_hdr = NULL; + str -> enc_xtn_hdr_count = 0; } return srtp_err_status_ok; @@ -575,104 +576,103 @@ static srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, */ static srtp_err_status_t srtp_stream_clone( - const srtp_stream_ctx_t *stream_template, - uint32_t ssrc, - srtp_stream_ctx_t **str_ptr) -{ + const srtp_stream_ctx_t * stream_template, + uint32_t ssrc, + srtp_stream_ctx_t ** str_ptr) { srtp_err_status_t status; - srtp_stream_ctx_t *str; - srtp_session_keys_t *session_keys = NULL; - const srtp_session_keys_t *template_session_keys = NULL; + srtp_stream_ctx_t * str; + srtp_session_keys_t * session_keys = NULL; + const srtp_session_keys_t * template_session_keys = NULL; debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", - (unsigned int)ntohl(ssrc)); + (unsigned int) ntohl(ssrc)); /* allocate srtp stream and set str_ptr */ - str = (srtp_stream_ctx_t *)srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); + str = (srtp_stream_ctx_t * ) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); if (str == NULL) { return srtp_err_status_alloc_fail; } - *str_ptr = str; + * str_ptr = str; - str->num_master_keys = stream_template->num_master_keys; - str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc( - sizeof(srtp_session_keys_t) * str->num_master_keys); + str -> num_master_keys = stream_template -> num_master_keys; + str -> session_keys = (srtp_session_keys_t * ) srtp_crypto_alloc( + sizeof(srtp_session_keys_t) * str -> num_master_keys); - if (str->session_keys == NULL) { - srtp_stream_dealloc(*str_ptr, stream_template); - *str_ptr = NULL; + if (str -> session_keys == NULL) { + srtp_stream_dealloc( * str_ptr, stream_template); + * str_ptr = NULL; return srtp_err_status_alloc_fail; } - for (size_t i = 0; i < stream_template->num_master_keys; i++) { - session_keys = &str->session_keys[i]; - template_session_keys = &stream_template->session_keys[i]; + for (size_t i = 0; i < stream_template -> num_master_keys; i++) { + session_keys = & str -> session_keys[i]; + template_session_keys = & stream_template -> session_keys[i]; /* set cipher and auth pointers to those of the template */ - session_keys->rtp_cipher = template_session_keys->rtp_cipher; - session_keys->rtp_auth = template_session_keys->rtp_auth; - session_keys->rtp_xtn_hdr_cipher = - template_session_keys->rtp_xtn_hdr_cipher; - session_keys->rtcp_cipher = template_session_keys->rtcp_cipher; - session_keys->rtcp_auth = template_session_keys->rtcp_auth; - - if (stream_template->mki_size == 0) { - session_keys->mki_id = NULL; + session_keys -> rtp_cipher = template_session_keys -> rtp_cipher; + session_keys -> rtp_auth = template_session_keys -> rtp_auth; + session_keys -> rtp_xtn_hdr_cipher = + template_session_keys -> rtp_xtn_hdr_cipher; + session_keys -> rtcp_cipher = template_session_keys -> rtcp_cipher; + session_keys -> rtcp_auth = template_session_keys -> rtcp_auth; + + if (stream_template -> mki_size == 0) { + session_keys -> mki_id = NULL; } else { - session_keys->mki_id = srtp_crypto_alloc(stream_template->mki_size); + session_keys -> mki_id = srtp_crypto_alloc(stream_template -> mki_size); - if (session_keys->mki_id == NULL) { - srtp_stream_dealloc(*str_ptr, stream_template); - *str_ptr = NULL; + if (session_keys -> mki_id == NULL) { + srtp_stream_dealloc( * str_ptr, stream_template); + * str_ptr = NULL; return srtp_err_status_init_fail; } - memcpy(session_keys->mki_id, template_session_keys->mki_id, - stream_template->mki_size); + memcpy(session_keys -> mki_id, template_session_keys -> mki_id, + stream_template -> mki_size); } /* Copy the salt values */ - memcpy(session_keys->salt, template_session_keys->salt, - SRTP_AEAD_SALT_LEN); - memcpy(session_keys->c_salt, template_session_keys->c_salt, - SRTP_AEAD_SALT_LEN); + memcpy(session_keys -> salt, template_session_keys -> salt, + SRTP_AEAD_SALT_LEN); + memcpy(session_keys -> c_salt, template_session_keys -> c_salt, + SRTP_AEAD_SALT_LEN); /* set key limit to point to that of the template */ - status = srtp_key_limit_clone(template_session_keys->limit, - &session_keys->limit); + status = srtp_key_limit_clone(template_session_keys -> limit, & + session_keys -> limit); if (status) { - srtp_stream_dealloc(*str_ptr, stream_template); - *str_ptr = NULL; + srtp_stream_dealloc( * str_ptr, stream_template); + * str_ptr = NULL; return status; } } - str->use_mki = stream_template->use_mki; - str->mki_size = stream_template->mki_size; + str -> use_mki = stream_template -> use_mki; + str -> mki_size = stream_template -> mki_size; /* initialize replay databases */ - status = srtp_rdbx_init( - &str->rtp_rdbx, srtp_rdbx_get_window_size(&stream_template->rtp_rdbx)); + status = srtp_rdbx_init( & + str -> rtp_rdbx, srtp_rdbx_get_window_size( & stream_template -> rtp_rdbx)); if (status) { - srtp_stream_dealloc(*str_ptr, stream_template); - *str_ptr = NULL; + srtp_stream_dealloc( * str_ptr, stream_template); + * str_ptr = NULL; return status; } - srtp_rdb_init(&str->rtcp_rdb); - str->allow_repeat_tx = stream_template->allow_repeat_tx; + srtp_rdb_init( & str -> rtcp_rdb); + str -> allow_repeat_tx = stream_template -> allow_repeat_tx; /* set ssrc to that provided */ - str->ssrc = ssrc; + str -> ssrc = ssrc; /* reset pending ROC */ - str->pending_roc = 0; + str -> pending_roc = 0; /* set direction and security services */ - str->direction = stream_template->direction; - str->rtp_services = stream_template->rtp_services; - str->rtcp_services = stream_template->rtcp_services; + str -> direction = stream_template -> direction; + str -> rtp_services = stream_template -> rtp_services; + str -> rtcp_services = stream_template -> rtcp_services; /* copy information about extensions header encryption */ - str->enc_xtn_hdr = stream_template->enc_xtn_hdr; - str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count; + str -> enc_xtn_hdr = stream_template -> enc_xtn_hdr; + str -> enc_xtn_hdr_count = stream_template -> enc_xtn_hdr_count; return srtp_err_status_ok; } @@ -695,14 +695,15 @@ static srtp_err_status_t srtp_stream_clone( typedef enum { label_rtp_encryption = 0x00, - label_rtp_msg_auth = 0x01, - label_rtp_salt = 0x02, - label_rtcp_encryption = 0x03, - label_rtcp_msg_auth = 0x04, - label_rtcp_salt = 0x05, - label_rtp_header_encryption = 0x06, - label_rtp_header_salt = 0x07 -} srtp_prf_label; + label_rtp_msg_auth = 0x01, + label_rtp_salt = 0x02, + label_rtcp_encryption = 0x03, + label_rtcp_msg_auth = 0x04, + label_rtcp_salt = 0x05, + label_rtp_header_encryption = 0x06, + label_rtp_header_salt = 0x07 +} +srtp_prf_label; #define MAX_SRTP_KEY_LEN 256 @@ -717,14 +718,14 @@ typedef enum { typedef struct { uint8_t master_key[MAX_SRTP_AESKEY_LEN]; uint8_t master_salt[MAX_SRTP_SALT_LEN]; - const EVP_CIPHER *evp; -} srtp_kdf_t; - -static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, - const uint8_t *key, - size_t key_len, - size_t salt_len) -{ + const EVP_CIPHER * evp; +} +srtp_kdf_t; + +static srtp_err_status_t srtp_kdf_init(srtp_kdf_t * kdf, + const uint8_t * key, + size_t key_len, + size_t salt_len) { memset(kdf, 0x0, sizeof(srtp_kdf_t)); /* The NULL cipher has zero key length */ @@ -737,32 +738,31 @@ static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, } switch (key_len) { case SRTP_AES_256_KEYSIZE: - kdf->evp = EVP_aes_256_ctr(); + kdf -> evp = EVP_aes_256_ctr(); break; case SRTP_AES_192_KEYSIZE: - kdf->evp = EVP_aes_192_ctr(); + kdf -> evp = EVP_aes_192_ctr(); break; case SRTP_AES_128_KEYSIZE: - kdf->evp = EVP_aes_128_ctr(); + kdf -> evp = EVP_aes_128_ctr(); break; default: return srtp_err_status_bad_param; break; } - memcpy(kdf->master_key, key, key_len); - memcpy(kdf->master_salt, key + key_len, salt_len); + memcpy(kdf -> master_key, key, key_len); + memcpy(kdf -> master_salt, key + key_len, salt_len); return srtp_err_status_ok; } -static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, - srtp_prf_label label, - uint8_t *key, - size_t length) -{ +static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t * kdf, + srtp_prf_label label, + uint8_t * key, + size_t length) { int ret; /* The NULL cipher will not have an EVP */ - if (!kdf->evp) { + if (!kdf -> evp) { return srtp_err_status_ok; } octet_string_set_to_zero(key, length); @@ -772,8 +772,8 @@ static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, * This is useful if OpenSSL is in FIPS mode and FIP * compliance is required for SRTP. */ - ret = kdf_srtp(kdf->evp, (char *)&kdf->master_key, &kdf->master_salt, NULL, - NULL, label, key); + ret = kdf_srtp(kdf -> evp, (char * ) & kdf -> master_key, & kdf -> master_salt, NULL, + NULL, label, key); if (ret == -1) { return (srtp_err_status_algo_fail); } @@ -781,11 +781,10 @@ static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, return srtp_err_status_ok; } -static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) -{ - octet_string_set_to_zero(kdf->master_key, MAX_SRTP_AESKEY_LEN); - octet_string_set_to_zero(kdf->master_salt, MAX_SRTP_SALT_LEN); - kdf->evp = NULL; +static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t * kdf) { + octet_string_set_to_zero(kdf -> master_key, MAX_SRTP_AESKEY_LEN); + octet_string_set_to_zero(kdf -> master_salt, MAX_SRTP_SALT_LEN); + kdf -> evp = NULL; return srtp_err_status_ok; } @@ -802,58 +801,57 @@ typedef struct { uint8_t master_key[MAX_SRTP_AESKEY_LEN]; int master_key_len; uint8_t master_salt[MAX_SRTP_SALT_LEN]; -} srtp_kdf_t; +} +srtp_kdf_t; -static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, - const uint8_t *key, - size_t key_len) -{ +static srtp_err_status_t srtp_kdf_init(srtp_kdf_t * kdf, + const uint8_t * key, + size_t key_len) { size_t salt_len; memset(kdf, 0x0, sizeof(srtp_kdf_t)); switch (key_len) { case SRTP_AES_ICM_256_KEY_LEN_WSALT: - kdf->master_key_len = AES_256_KEY_SIZE; + kdf -> master_key_len = AES_256_KEY_SIZE; break; case SRTP_AES_ICM_192_KEY_LEN_WSALT: - kdf->master_key_len = AES_192_KEY_SIZE; + kdf -> master_key_len = AES_192_KEY_SIZE; break; case SRTP_AES_ICM_128_KEY_LEN_WSALT: - kdf->master_key_len = AES_128_KEY_SIZE; + kdf -> master_key_len = AES_128_KEY_SIZE; break; default: return srtp_err_status_bad_param; break; } - memcpy(kdf->master_key, key, kdf->master_key_len); - salt_len = key_len - kdf->master_key_len; - memcpy(kdf->master_salt, key + kdf->master_key_len, salt_len); - memset(kdf->master_salt + salt_len, 0, MAX_SRTP_SALT_LEN - salt_len); + memcpy(kdf -> master_key, key, kdf -> master_key_len); + salt_len = key_len - kdf -> master_key_len; + memcpy(kdf -> master_salt, key + kdf -> master_key_len, salt_len); + memset(kdf -> master_salt + salt_len, 0, MAX_SRTP_SALT_LEN - salt_len); return srtp_err_status_ok; } -static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, - srtp_prf_label label, - uint8_t *key, - size_t length) -{ +static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t * kdf, + srtp_prf_label label, + uint8_t * key, + size_t length) { int err; if (length == 0) { return srtp_err_status_ok; } - if (kdf->master_key_len == 0) { + if (kdf -> master_key_len == 0) { return srtp_err_status_ok; } octet_string_set_to_zero(key, length); PRIVATE_KEY_UNLOCK(); - err = wc_SRTP_KDF_label(kdf->master_key, kdf->master_key_len, - kdf->master_salt, MAX_SRTP_SALT_LEN, -1, NULL, - label, key, length); + err = wc_SRTP_KDF_label(kdf -> master_key, kdf -> master_key_len, + kdf -> master_salt, MAX_SRTP_SALT_LEN, -1, NULL, + label, key, length); PRIVATE_KEY_LOCK(); if (err < 0) { debug_print(mod_srtp, "wolfSSL SRTP KDF error: %d", err); @@ -863,29 +861,28 @@ static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, return srtp_err_status_ok; } -static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) -{ - octet_string_set_to_zero(kdf->master_key, MAX_SRTP_AESKEY_LEN); - kdf->master_key_len = 0; - octet_string_set_to_zero(kdf->master_salt, MAX_SRTP_SALT_LEN); +static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t * kdf) { + octet_string_set_to_zero(kdf -> master_key, MAX_SRTP_AESKEY_LEN); + kdf -> master_key_len = 0; + octet_string_set_to_zero(kdf -> master_salt, MAX_SRTP_SALT_LEN); return srtp_err_status_ok; } -#else /* if OPENSSL_KDF || WOLFSSL_KDF */ +#else /* if OPENSSL_KDF || WOLFSSL_KDF */ /* * srtp_kdf_t represents a key derivation function. The SRTP * default KDF is the only one implemented at present. */ typedef struct { - srtp_cipher_t *cipher; /* cipher used for key derivation */ -} srtp_kdf_t; + srtp_cipher_t * cipher; /* cipher used for key derivation */ +} +srtp_kdf_t; -static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, - const uint8_t *key, - size_t key_len) -{ +static srtp_err_status_t srtp_kdf_init(srtp_kdf_t * kdf, + const uint8_t * key, + size_t key_len) { srtp_cipher_type_id_t cipher_id; srtp_err_status_t stat; @@ -904,40 +901,39 @@ static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, break; } - stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, key_len, 0); + stat = srtp_crypto_kernel_alloc_cipher(cipher_id, & kdf -> cipher, key_len, 0); if (stat) { return stat; } - stat = srtp_cipher_init(kdf->cipher, key); + stat = srtp_cipher_init(kdf -> cipher, key); if (stat) { - srtp_cipher_dealloc(kdf->cipher); + srtp_cipher_dealloc(kdf -> cipher); return stat; } return srtp_err_status_ok; } -static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, - srtp_prf_label label, - uint8_t *key, - size_t length) -{ +static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t * kdf, + srtp_prf_label label, + uint8_t * key, + size_t length) { srtp_err_status_t status; v128_t nonce; /* set eigth octet of nonce to