Line data Source code
1 : /*
2 : * ekt.c
3 : *
4 : * Encrypted Key Transport for SRTP
5 : *
6 : * David McGrew
7 : * Cisco Systems, Inc.
8 : */
9 : /*
10 : *
11 : * Copyright (c) 2001-2006 Cisco Systems, Inc.
12 : * All rights reserved.
13 : *
14 : * Redistribution and use in source and binary forms, with or without
15 : * modification, are permitted provided that the following conditions
16 : * are met:
17 : *
18 : * Redistributions of source code must retain the above copyright
19 : * notice, this list of conditions and the following disclaimer.
20 : *
21 : * Redistributions in binary form must reproduce the above
22 : * copyright notice, this list of conditions and the following
23 : * disclaimer in the documentation and/or other materials provided
24 : * with the distribution.
25 : *
26 : * Neither the name of the Cisco Systems, Inc. nor the names of its
27 : * contributors may be used to endorse or promote products derived
28 : * from this software without specific prior written permission.
29 : *
30 : * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31 : * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32 : * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33 : * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34 : * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35 : * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36 : * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37 : * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39 : * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40 : * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41 : * OF THE POSSIBILITY OF SUCH DAMAGE.
42 : *
43 : */
44 :
45 :
46 : #include "err.h"
47 : #include "srtp_priv.h"
48 : #include "ekt.h"
49 :
50 : extern debug_module_t mod_srtp;
51 :
52 : /*
53 : * The EKT Authentication Tag format.
54 : *
55 : * 0 1 2 3
56 : * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
57 : * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
58 : * : Base Authentication Tag :
59 : * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
60 : * : Encrypted Master Key :
61 : * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
62 : * | Rollover Counter |
63 : * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
64 : * | Initial Sequence Number | Security Parameter Index |
65 : * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
66 : *
67 : */
68 :
69 : #define EKT_OCTETS_AFTER_BASE_TAG 24
70 : #define EKT_OCTETS_AFTER_EMK 8
71 : #define EKT_OCTETS_AFTER_ROC 4
72 : #define EKT_SPI_LEN 2
73 :
74 : unsigned
75 0 : ekt_octets_after_base_tag(ekt_stream_t ekt) {
76 : /*
77 : * if the pointer ekt is NULL, then EKT is not in effect, so we
78 : * indicate this by returning zero
79 : */
80 0 : if (!ekt)
81 0 : return 0;
82 :
83 0 : switch(ekt->data->ekt_cipher_type) {
84 : case EKT_CIPHER_AES_128_ECB:
85 0 : return 16 + EKT_OCTETS_AFTER_EMK;
86 : break;
87 : default:
88 0 : break;
89 : }
90 0 : return 0;
91 : }
92 :
93 : static inline ekt_spi_t
94 0 : srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) {
95 : const uint8_t *spi_location;
96 :
97 0 : spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN);
98 :
99 0 : return *((const ekt_spi_t *)spi_location);
100 : }
101 :
102 : static inline uint32_t
103 0 : srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) {
104 : const uint8_t *roc_location;
105 :
106 0 : roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC);
107 :
108 0 : return *((const uint32_t *)roc_location);
109 : }
110 :
111 : static inline const uint8_t *
112 0 : srtcp_packet_get_emk_location(const uint8_t *packet_start,
113 : unsigned pkt_octet_len) {
114 : const uint8_t *location;
115 :
116 0 : location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG);
117 :
118 0 : return location;
119 : }
120 :
121 :
122 : err_status_t
123 0 : ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy) {
124 :
125 : /*
126 : * if the policy pointer is NULL, then EKT is not in use
127 : * so we just set the EKT stream data pointer to NULL
128 : */
129 0 : if (!policy) {
130 0 : *stream_data = NULL;
131 0 : return err_status_ok;
132 : }
133 :
134 : /* TODO */
135 0 : *stream_data = NULL;
136 :
137 0 : return err_status_ok;
138 : }
139 :
140 : err_status_t
141 0 : ekt_stream_init_from_policy(ekt_stream_t stream_data, ekt_policy_t policy) {
142 0 : if (!stream_data)
143 0 : return err_status_ok;
144 :
145 0 : return err_status_ok;
146 : }
147 :
148 :
149 : void
150 0 : aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) {
151 : aes_expanded_key_t expanded_key;
152 :
153 0 : aes_expand_decryption_key(key, key_len, &expanded_key);
154 0 : aes_decrypt(ciphertext, &expanded_key);
155 0 : }
156 :
157 : /*
158 : * The function srtp_stream_init_from_ekt() initializes a stream using
159 : * the EKT data from an SRTCP trailer.
160 : */
161 :
162 : err_status_t
163 0 : srtp_stream_init_from_ekt(srtp_stream_t stream,
164 : const void *srtcp_hdr,
165 : unsigned pkt_octet_len) {
166 : err_status_t err;
167 : const uint8_t *master_key;
168 : srtp_policy_t srtp_policy;
169 : uint32_t roc;
170 :
171 : /*
172 : * NOTE: at present, we only support a single ekt_policy at a time.
173 : */
174 0 : if (stream->ekt->data->spi !=
175 0 : srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len))
176 0 : return err_status_no_ctx;
177 :
178 0 : if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB)
179 0 : return err_status_bad_param;
180 :
181 : /* decrypt the Encrypted Master Key field */
182 0 : master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len);
183 : /* FIX!? This decrypts the master key in-place, and never uses it */
184 : /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t)
185 : * to a function which expects a raw (unexpanded) key */
186 0 : aes_decrypt_with_raw_key((void*)master_key, &stream->ekt->data->ekt_dec_key, 16);
187 :
188 : /* set the SRTP ROC */
189 0 : roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len);
190 0 : err = rdbx_set_roc(&stream->rtp_rdbx, roc);
191 0 : if (err) return err;
192 :
193 0 : err = srtp_stream_init(stream, &srtp_policy);
194 0 : if (err) return err;
195 :
196 0 : return err_status_ok;
197 : }
198 :
199 : void
200 0 : ekt_write_data(ekt_stream_t ekt,
201 : uint8_t *base_tag,
202 : unsigned base_tag_len,
203 : int *packet_len,
204 : xtd_seq_num_t pkt_index) {
205 : uint32_t roc;
206 : uint16_t isn;
207 : unsigned emk_len;
208 : uint8_t *packet;
209 :
210 : /* if the pointer ekt is NULL, then EKT is not in effect */
211 0 : if (!ekt) {
212 : debug_print(mod_srtp, "EKT not in use", NULL);
213 0 : return;
214 : }
215 :
216 : /* write zeros into the location of the base tag */
217 0 : octet_string_set_to_zero(base_tag, base_tag_len);
218 0 : packet = base_tag + base_tag_len;
219 :
220 : /* copy encrypted master key into packet */
221 0 : emk_len = ekt_octets_after_base_tag(ekt);
222 0 : memcpy(packet, ekt->encrypted_master_key, emk_len);
223 : debug_print(mod_srtp, "writing EKT EMK: %s,",
224 : octet_string_hex_string(packet, emk_len));
225 0 : packet += emk_len;
226 :
227 : /* copy ROC into packet */
228 0 : roc = (uint32_t)(pkt_index >> 16);
229 0 : *((uint32_t *)packet) = be32_to_cpu(roc);
230 : debug_print(mod_srtp, "writing EKT ROC: %s,",
231 : octet_string_hex_string(packet, sizeof(roc)));
232 0 : packet += sizeof(roc);
233 :
234 : /* copy ISN into packet */
235 0 : isn = (uint16_t)pkt_index;
236 0 : *((uint16_t *)packet) = htons(isn);
237 : debug_print(mod_srtp, "writing EKT ISN: %s,",
238 : octet_string_hex_string(packet, sizeof(isn)));
239 0 : packet += sizeof(isn);
240 :
241 : /* copy SPI into packet */
242 0 : *((uint16_t *)packet) = htons(ekt->data->spi);
243 : debug_print(mod_srtp, "writing EKT SPI: %s,",
244 : octet_string_hex_string(packet, sizeof(ekt->data->spi)));
245 :
246 : /* increase packet length appropriately */
247 0 : *packet_len += EKT_OCTETS_AFTER_EMK + emk_len;
248 : }
249 :
250 :
251 : /*
252 : * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag )
253 : *
254 : * If the pointer ekt is NULL, then the other inputs are unaffected.
255 : *
256 : * auth_tag is a pointer to the pointer to the location of the
257 : * authentication tag in the packet. If EKT is in effect, then the
258 : * auth_tag pointer is set to the location
259 : */
260 :
261 : void
262 0 : srtcp_ekt_trailer(ekt_stream_t ekt,
263 : unsigned *auth_len,
264 : void **auth_tag,
265 : void *tag_copy) {
266 :
267 : /*
268 : * if there is no EKT policy, then the other inputs are unaffected
269 : */
270 0 : if (!ekt)
271 0 : return;
272 :
273 : /* copy auth_tag into temporary location */
274 :
275 : }
276 :
|