srtp_driver.c (144711B)
1 /* 2 * srtp_driver.c 3 * 4 * a test driver for libSRTP 5 * 6 * David A. McGrew 7 * Cisco Systems, Inc. 8 */ 9 /* 10 * 11 * Copyright (c) 2001-2017, Cisco Systems, Inc. 12 * All rights reserved. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 18 * Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 21 * Redistributions in binary form must reproduce the above 22 * copyright notice, this list of conditions and the following 23 * disclaimer in the documentation and/or other materials provided 24 * with the distribution. 25 * 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 * contributors may be used to endorse or promote products derived 28 * from this software without specific prior written permission. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 41 * OF THE POSSIBILITY OF SUCH DAMAGE. 42 * 43 */ 44 45 #include <string.h> /* for memcpy() */ 46 #include <time.h> /* for clock() */ 47 #include <stdlib.h> /* for malloc(), free() */ 48 #include <stdio.h> /* for print(), fflush() */ 49 #include "getopt_s.h" /* for local getopt() */ 50 51 #include "srtp_priv.h" 52 #include "stream_list_priv.h" 53 #include "util.h" 54 55 #ifdef HAVE_NETINET_IN_H 56 #include <netinet/in.h> 57 #elif defined HAVE_WINSOCK2_H 58 #include <winsock2.h> 59 #endif 60 61 #define PRINT_REFERENCE_PACKET 1 62 63 srtp_err_status_t srtp_validate(void); 64 65 srtp_err_status_t srtp_validate_null(void); 66 67 #ifdef GCM 68 srtp_err_status_t srtp_validate_gcm(void); 69 #endif 70 71 srtp_err_status_t srtp_validate_encrypted_extensions_headers(void); 72 73 #ifdef GCM 74 srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void); 75 #endif 76 77 srtp_err_status_t srtp_validate_aes_256(void); 78 79 srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list); 80 81 srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list); 82 83 srtp_err_status_t srtp_test_empty_payload(void); 84 85 #ifdef GCM 86 srtp_err_status_t srtp_test_empty_payload_gcm(void); 87 #endif 88 89 srtp_err_status_t srtp_test_remove_stream(void); 90 91 srtp_err_status_t srtp_test_update(void); 92 93 srtp_err_status_t srtp_test_protect_trailer_length(void); 94 95 srtp_err_status_t srtp_test_protect_rtcp_trailer_length(void); 96 97 srtp_err_status_t srtp_test_out_of_order_after_rollover(void); 98 99 srtp_err_status_t srtp_test_get_roc(void); 100 101 srtp_err_status_t srtp_test_set_receiver_roc(void); 102 103 srtp_err_status_t srtp_test_set_sender_roc(void); 104 105 double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy); 106 107 double srtp_rejections_per_second(int msg_len_octets, 108 const srtp_policy_t *policy); 109 110 void srtp_do_timing(const srtp_policy_t *policy); 111 112 void srtp_do_rejection_timing(const srtp_policy_t *policy); 113 114 srtp_err_status_t srtp_test(const srtp_policy_t *policy, 115 int extension_header, 116 int mki_index); 117 118 srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index); 119 120 srtp_err_status_t srtp_session_print_policy(srtp_t srtp); 121 122 srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy); 123 124 char *srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len); 125 char *srtp_rtcp_packet_to_string(srtcp_hdr_t *hdr, int pkt_octet_len); 126 127 double mips_estimate(int num_trials, int *ignore); 128 129 srtp_err_status_t srtp_stream_list_test(void); 130 131 #define TEST_MKI_ID_SIZE 4 132 133 extern uint8_t test_key[46]; 134 extern uint8_t test_key_2[46]; 135 extern uint8_t test_mki_id[TEST_MKI_ID_SIZE]; 136 extern uint8_t test_mki_id_2[TEST_MKI_ID_SIZE]; 137 extern uint8_t test_key_gcm[28]; 138 139 // clang-format off 140 srtp_master_key_t master_key_1 = { 141 test_key, 142 test_mki_id, 143 TEST_MKI_ID_SIZE 144 }; 145 146 srtp_master_key_t master_key_2 = { 147 test_key_2, 148 test_mki_id_2, 149 TEST_MKI_ID_SIZE 150 }; 151 152 srtp_master_key_t *test_keys[2] = { 153 &master_key_1, 154 &master_key_2 155 }; 156 // clang-format on 157 158 void usage(char *prog_name) 159 { 160 printf( 161 "usage: %s [ -t ][ -c ][ -v ][ -s ][ -o ][-d <debug_module> ]* [ -l ]\n" 162 " -t run timing test\n" 163 " -r run rejection timing test\n" 164 " -c run codec timing test\n" 165 " -v run validation tests\n" 166 " -s run stream list tests only\n" 167 " -o output logging to stdout\n" 168 " -d <mod> turn on debugging module <mod>\n" 169 " -l list debugging modules\n", 170 prog_name); 171 exit(1); 172 } 173 174 void log_handler(srtp_log_level_t level, const char *msg, void *data) 175 { 176 char level_char = '?'; 177 (void)data; 178 switch (level) { 179 case srtp_log_level_error: 180 level_char = 'e'; 181 break; 182 case srtp_log_level_warning: 183 level_char = 'w'; 184 break; 185 case srtp_log_level_info: 186 level_char = 'i'; 187 break; 188 case srtp_log_level_debug: 189 level_char = 'd'; 190 break; 191 } 192 printf("SRTP-LOG [%c]: %s\n", level_char, msg); 193 } 194 195 /* 196 * The policy_array and invalid_policy_array are null-terminated arrays of 197 * policy structs. They is declared at the end of this file. 198 */ 199 200 extern const srtp_policy_t *policy_array[]; 201 extern const srtp_policy_t *invalid_policy_array[]; 202 203 /* the wildcard_policy is declared below; it has a wildcard ssrc */ 204 205 extern const srtp_policy_t wildcard_policy; 206 207 /* 208 * mod_driver debug module - debugging module for this test driver 209 * 210 * we use the crypto_kernel debugging system in this driver, which 211 * makes the interface uniform and increases portability 212 */ 213 214 srtp_debug_module_t mod_driver = { 215 0, /* debugging is off by default */ 216 "driver" /* printable name for module */ 217 }; 218 219 int main(int argc, char *argv[]) 220 { 221 int q; 222 unsigned do_timing_test = 0; 223 unsigned do_rejection_test = 0; 224 unsigned do_codec_timing = 0; 225 unsigned do_validation = 0; 226 unsigned do_stream_list = 0; 227 unsigned do_list_mods = 0; 228 unsigned do_log_stdout = 0; 229 srtp_err_status_t status; 230 const size_t hdr_size = 12; 231 232 /* 233 * verify that the compiler has interpreted the header data 234 * structure srtp_hdr_t correctly 235 */ 236 if (sizeof(srtp_hdr_t) != hdr_size) { 237 printf("error: srtp_hdr_t has incorrect size" 238 "(size is %ld bytes, expected %ld)\n", 239 (long)sizeof(srtp_hdr_t), (long)hdr_size); 240 exit(1); 241 } 242 243 /* initialize srtp library */ 244 status = srtp_init(); 245 if (status) { 246 printf("error: srtp init failed with error code %d\n", status); 247 exit(1); 248 } 249 250 /* load srtp_driver debug module */ 251 status = srtp_crypto_kernel_load_debug_module(&mod_driver); 252 if (status) { 253 printf("error: load of srtp_driver debug module failed " 254 "with error code %d\n", 255 status); 256 exit(1); 257 } 258 259 /* process input arguments */ 260 while (1) { 261 q = getopt_s(argc, argv, "trcvsold:"); 262 if (q == -1) { 263 break; 264 } 265 switch (q) { 266 case 't': 267 do_timing_test = 1; 268 break; 269 case 'r': 270 do_rejection_test = 1; 271 break; 272 case 'c': 273 do_codec_timing = 1; 274 break; 275 case 'v': 276 do_validation = 1; 277 do_stream_list = 1; 278 break; 279 case 's': 280 do_stream_list = 1; 281 break; 282 case 'o': 283 do_log_stdout = 1; 284 break; 285 case 'l': 286 do_list_mods = 1; 287 break; 288 case 'd': 289 status = srtp_set_debug_module(optarg_s, 1); 290 if (status) { 291 printf("error: set debug module (%s) failed\n", optarg_s); 292 exit(1); 293 } 294 break; 295 default: 296 usage(argv[0]); 297 } 298 } 299 300 if (!do_validation && !do_timing_test && !do_codec_timing && 301 !do_list_mods && !do_rejection_test && !do_stream_list) { 302 usage(argv[0]); 303 } 304 305 if (do_log_stdout) { 306 status = srtp_install_log_handler(log_handler, NULL); 307 if (status) { 308 printf("error: install log handler failed\n"); 309 exit(1); 310 } 311 } 312 313 if (do_list_mods) { 314 status = srtp_list_debug_modules(); 315 if (status) { 316 printf("error: list of debug modules failed\n"); 317 exit(1); 318 } 319 } 320 321 if (do_validation) { 322 const srtp_policy_t **policy = policy_array; 323 srtp_policy_t *big_policy; 324 srtp_t srtp_sender; 325 326 /* loop over policy array, testing srtp and srtcp for each policy */ 327 while (*policy != NULL) { 328 printf("testing srtp_protect and srtp_unprotect\n"); 329 if (srtp_test(*policy, 0, -1) == srtp_err_status_ok) { 330 printf("passed\n\n"); 331 } else { 332 printf("failed\n"); 333 exit(1); 334 } 335 336 printf("testing srtp_protect and srtp_unprotect with encrypted " 337 "extensions headers\n"); 338 if (srtp_test(*policy, 1, -1) == srtp_err_status_ok) { 339 printf("passed\n\n"); 340 } else { 341 printf("failed\n"); 342 exit(1); 343 } 344 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n"); 345 if (srtcp_test(*policy, -1) == srtp_err_status_ok) { 346 printf("passed\n\n"); 347 } else { 348 printf("failed\n"); 349 exit(1); 350 } 351 printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI " 352 "index set to 0\n"); 353 if (srtp_test(*policy, 0, 0) == srtp_err_status_ok) { 354 printf("passed\n\n"); 355 } else { 356 printf("failed\n"); 357 exit(1); 358 } 359 printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI " 360 "index set to 1\n"); 361 if (srtp_test(*policy, 0, 1) == srtp_err_status_ok) { 362 printf("passed\n\n"); 363 } else { 364 printf("failed\n"); 365 exit(1); 366 } 367 368 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI " 369 "index set to 0\n"); 370 if (srtcp_test(*policy, 0) == srtp_err_status_ok) { 371 printf("passed\n\n"); 372 } else { 373 printf("failed\n"); 374 exit(1); 375 } 376 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI " 377 "index set to 1\n"); 378 if (srtcp_test(*policy, 1) == srtp_err_status_ok) { 379 printf("passed\n\n"); 380 } else { 381 printf("failed\n"); 382 exit(1); 383 } 384 policy++; 385 } 386 387 /* loop over invalid policy array, testing that an SRTP context cannot 388 * be created with the policy */ 389 policy = invalid_policy_array; 390 while (*policy != NULL) { 391 printf("testing srtp_create fails with invalid policy\n"); 392 if (srtp_create(&srtp_sender, *policy) != srtp_err_status_ok) { 393 printf("passed\n\n"); 394 } else { 395 printf("failed\n"); 396 exit(1); 397 } 398 399 policy++; 400 } 401 402 /* create a big policy list and run tests on it */ 403 status = srtp_create_big_policy(&big_policy); 404 if (status) { 405 printf("unexpected failure with error code %d\n", status); 406 exit(1); 407 } 408 printf("testing srtp_protect and srtp_unprotect with big policy\n"); 409 if (srtp_test(big_policy, 0, -1) == srtp_err_status_ok) { 410 printf("passed\n\n"); 411 } else { 412 printf("failed\n"); 413 exit(1); 414 } 415 printf("testing srtp_protect and srtp_unprotect with big policy and " 416 "encrypted extensions headers\n"); 417 if (srtp_test(big_policy, 1, -1) == srtp_err_status_ok) { 418 printf("passed\n\n"); 419 } else { 420 printf("failed\n"); 421 exit(1); 422 } 423 status = srtp_dealloc_big_policy(big_policy); 424 if (status) { 425 printf("unexpected failure with error code %d\n", status); 426 exit(1); 427 } 428 429 /* run test on wildcard policy */ 430 printf("testing srtp_protect and srtp_unprotect on " 431 "wildcard ssrc policy\n"); 432 if (srtp_test(&wildcard_policy, 0, -1) == srtp_err_status_ok) { 433 printf("passed\n\n"); 434 } else { 435 printf("failed\n"); 436 exit(1); 437 } 438 printf("testing srtp_protect and srtp_unprotect on " 439 "wildcard ssrc policy and encrypted extensions headers\n"); 440 if (srtp_test(&wildcard_policy, 1, -1) == srtp_err_status_ok) { 441 printf("passed\n\n"); 442 } else { 443 printf("failed\n"); 444 exit(1); 445 } 446 447 /* 448 * run validation test against the reference packets - note 449 * that this test only covers the default policy 450 */ 451 printf("testing srtp_protect and srtp_unprotect against " 452 "reference packet\n"); 453 if (srtp_validate() == srtp_err_status_ok) { 454 printf("passed\n\n"); 455 } else { 456 printf("failed\n"); 457 exit(1); 458 } 459 460 printf("testing srtp_protect and srtp_unprotect against " 461 "reference packet using null cipher and HMAC\n"); 462 if (srtp_validate_null() == srtp_err_status_ok) { 463 printf("passed\n\n"); 464 } else { 465 printf("failed\n"); 466 exit(1); 467 } 468 469 #ifdef GCM 470 printf("testing srtp_protect and srtp_unprotect against " 471 "reference packet using GCM\n"); 472 if (srtp_validate_gcm() == srtp_err_status_ok) { 473 printf("passed\n\n"); 474 } else { 475 printf("failed\n"); 476 exit(1); 477 } 478 #endif 479 480 printf("testing srtp_protect and srtp_unprotect against " 481 "reference packet with encrypted extensions headers\n"); 482 if (srtp_validate_encrypted_extensions_headers() == srtp_err_status_ok) 483 printf("passed\n\n"); 484 else { 485 printf("failed\n"); 486 exit(1); 487 } 488 489 #ifdef GCM 490 printf("testing srtp_protect and srtp_unprotect against " 491 "reference packet with encrypted extension headers (GCM)\n"); 492 if (srtp_validate_encrypted_extensions_headers_gcm() == 493 srtp_err_status_ok) { 494 printf("passed\n\n"); 495 } else { 496 printf("failed\n"); 497 exit(1); 498 } 499 #endif 500 501 /* 502 * run validation test against the reference packets for 503 * AES-256 504 */ 505 printf("testing srtp_protect and srtp_unprotect against " 506 "reference packet (AES-256)\n"); 507 if (srtp_validate_aes_256() == srtp_err_status_ok) { 508 printf("passed\n\n"); 509 } else { 510 printf("failed\n"); 511 exit(1); 512 } 513 514 /* 515 * test packets with empty payload 516 */ 517 printf("testing srtp_protect and srtp_unprotect against " 518 "packet with empty payload\n"); 519 if (srtp_test_empty_payload() == srtp_err_status_ok) { 520 printf("passed\n"); 521 } else { 522 printf("failed\n"); 523 exit(1); 524 } 525 #ifdef GCM 526 printf("testing srtp_protect and srtp_unprotect against " 527 "packet with empty payload (GCM)\n"); 528 if (srtp_test_empty_payload_gcm() == srtp_err_status_ok) { 529 printf("passed\n"); 530 } else { 531 printf("failed\n"); 532 exit(1); 533 } 534 #endif 535 536 /* 537 * test the function srtp_remove_stream() 538 */ 539 printf("testing srtp_remove_stream()..."); 540 if (srtp_test_remove_stream() == srtp_err_status_ok) { 541 printf("passed\n"); 542 } else { 543 printf("failed\n"); 544 exit(1); 545 } 546 547 /* 548 * test the function srtp_update() 549 */ 550 printf("testing srtp_update()..."); 551 if (srtp_test_update() == srtp_err_status_ok) { 552 printf("passed\n"); 553 } else { 554 printf("failed\n"); 555 exit(1); 556 } 557 558 /* 559 * test the functions srtp_get_protect_trailer_length 560 * and srtp_get_protect_rtcp_trailer_length 561 */ 562 printf("testing srtp_get_protect_trailer_length()..."); 563 if (srtp_test_protect_trailer_length() == srtp_err_status_ok) { 564 printf("passed\n"); 565 } else { 566 printf("failed\n"); 567 exit(1); 568 } 569 570 printf("testing srtp_get_protect_rtcp_trailer_length()..."); 571 if (srtp_test_protect_rtcp_trailer_length() == srtp_err_status_ok) { 572 printf("passed\n"); 573 } else { 574 printf("failed\n"); 575 exit(1); 576 } 577 578 printf("testing srtp_test_out_of_order_after_rollover()..."); 579 if (srtp_test_out_of_order_after_rollover() == srtp_err_status_ok) { 580 printf("passed\n"); 581 } else { 582 printf("failed\n"); 583 exit(1); 584 } 585 586 printf("testing srtp_test_get_roc()..."); 587 if (srtp_test_get_roc() == srtp_err_status_ok) { 588 printf("passed\n"); 589 } else { 590 printf("failed\n"); 591 exit(1); 592 } 593 594 printf("testing srtp_test_set_receiver_roc()..."); 595 if (srtp_test_set_receiver_roc() == srtp_err_status_ok) { 596 printf("passed\n"); 597 } else { 598 printf("failed\n"); 599 exit(1); 600 } 601 602 printf("testing srtp_test_set_sender_roc()..."); 603 if (srtp_test_set_sender_roc() == srtp_err_status_ok) { 604 printf("passed\n"); 605 } else { 606 printf("failed\n"); 607 exit(1); 608 } 609 } 610 611 if (do_stream_list) { 612 printf("testing srtp_stream_list..."); 613 if (srtp_stream_list_test() == srtp_err_status_ok) { 614 printf("passed\n"); 615 } else { 616 printf("failed\n"); 617 exit(1); 618 } 619 } 620 621 if (do_timing_test) { 622 const srtp_policy_t **policy = policy_array; 623 624 /* loop over policies, run timing test for each */ 625 while (*policy != NULL) { 626 srtp_print_policy(*policy); 627 srtp_do_timing(*policy); 628 policy++; 629 } 630 } 631 632 if (do_rejection_test) { 633 const srtp_policy_t **policy = policy_array; 634 635 /* loop over policies, run rejection timing test for each */ 636 while (*policy != NULL) { 637 srtp_print_policy(*policy); 638 srtp_do_rejection_timing(*policy); 639 policy++; 640 } 641 } 642 643 if (do_codec_timing) { 644 srtp_policy_t policy; 645 int ignore; 646 double mips_value = mips_estimate(1000000000, &ignore); 647 648 memset(&policy, 0, sizeof(policy)); 649 srtp_crypto_policy_set_rtp_default(&policy.rtp); 650 srtp_crypto_policy_set_rtcp_default(&policy.rtcp); 651 policy.ssrc.type = ssrc_specific; 652 policy.ssrc.value = 0xdecafbad; 653 policy.key = test_key; 654 policy.deprecated_ekt = NULL; 655 policy.window_size = 128; 656 policy.allow_repeat_tx = 0; 657 policy.next = NULL; 658 659 printf("mips estimate: %e\n", mips_value); 660 661 printf("testing srtp processing time for voice codecs:\n"); 662 printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n"); 663 printf("G.711\t\t%d\t\t\t%e\n", 80, 664 (double)mips_value * (80 * 8) / 665 srtp_bits_per_second(80, &policy) / .01); 666 printf("G.711\t\t%d\t\t\t%e\n", 160, 667 (double)mips_value * (160 * 8) / 668 srtp_bits_per_second(160, &policy) / .02); 669 printf("G.726-32\t%d\t\t\t%e\n", 40, 670 (double)mips_value * (40 * 8) / 671 srtp_bits_per_second(40, &policy) / .01); 672 printf("G.726-32\t%d\t\t\t%e\n", 80, 673 (double)mips_value * (80 * 8) / 674 srtp_bits_per_second(80, &policy) / .02); 675 printf("G.729\t\t%d\t\t\t%e\n", 10, 676 (double)mips_value * (10 * 8) / 677 srtp_bits_per_second(10, &policy) / .01); 678 printf("G.729\t\t%d\t\t\t%e\n", 20, 679 (double)mips_value * (20 * 8) / 680 srtp_bits_per_second(20, &policy) / .02); 681 printf("Wideband\t%d\t\t\t%e\n", 320, 682 (double)mips_value * (320 * 8) / 683 srtp_bits_per_second(320, &policy) / .01); 684 printf("Wideband\t%d\t\t\t%e\n", 640, 685 (double)mips_value * (640 * 8) / 686 srtp_bits_per_second(640, &policy) / .02); 687 } 688 689 status = srtp_shutdown(); 690 if (status) { 691 printf("error: srtp shutdown failed with error code %d\n", status); 692 exit(1); 693 } 694 695 return 0; 696 } 697 698 /* 699 * srtp_create_test_packet(len, ssrc) returns a pointer to a 700 * (malloced) example RTP packet whose data field has the length given 701 * by pkt_octet_len and the SSRC value ssrc. The total length of the 702 * packet is twelve octets longer, since the header is at the 703 * beginning. There is room at the end of the packet for a trailer, 704 * and the four octets following the packet are filled with 0xff 705 * values to enable testing for overwrites. 706 * 707 * note that the location of the test packet can (and should) be 708 * deallocated with the free() call once it is no longer needed. 709 */ 710 711 srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len, 712 uint32_t ssrc, 713 int *pkt_len) 714 { 715 int i; 716 uint8_t *buffer; 717 srtp_hdr_t *hdr; 718 int bytes_in_hdr = 12; 719 720 /* allocate memory for test packet */ 721 hdr = (srtp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr + 722 SRTP_MAX_TRAILER_LEN + 4); 723 if (!hdr) { 724 return NULL; 725 } 726 727 hdr->version = 2; /* RTP version two */ 728 hdr->p = 0; /* no padding needed */ 729 hdr->x = 0; /* no header extension */ 730 hdr->cc = 0; /* no CSRCs */ 731 hdr->m = 0; /* marker bit */ 732 hdr->pt = 0xf; /* payload type */ 733 hdr->seq = htons(0x1234); /* sequence number */ 734 hdr->ts = htonl(0xdecafbad); /* timestamp */ 735 hdr->ssrc = htonl(ssrc); /* synch. source */ 736 737 buffer = (uint8_t *)hdr; 738 buffer += bytes_in_hdr; 739 740 /* set RTP data to 0xab */ 741 for (i = 0; i < pkt_octet_len; i++) { 742 *buffer++ = 0xab; 743 } 744 745 /* set post-data value to 0xffff to enable overrun checking */ 746 for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) { 747 *buffer++ = 0xff; 748 } 749 750 *pkt_len = bytes_in_hdr + pkt_octet_len; 751 752 return hdr; 753 } 754 755 srtcp_hdr_t *srtp_create_rtcp_test_packet(int pkt_octet_len, 756 uint32_t ssrc, 757 int *pkt_len) 758 { 759 int i; 760 uint8_t *buffer; 761 srtcp_hdr_t *hdr; 762 int bytes_in_hdr = 8; 763 764 /* allocate memory for test packet */ 765 hdr = (srtcp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr + 766 SRTP_MAX_SRTCP_TRAILER_LEN + 4); 767 if (!hdr) { 768 return NULL; 769 } 770 771 hdr->version = 2; /* RTP version two */ 772 hdr->p = 0; /* no padding needed */ 773 hdr->rc = 0; /* no reports */ 774 hdr->pt = 0xc8; /* sender report (200) */ 775 hdr->len = ((bytes_in_hdr + pkt_octet_len) % 4) - 1; 776 hdr->ssrc = htonl(ssrc); /* synch. source */ 777 778 buffer = (uint8_t *)hdr; 779 buffer += bytes_in_hdr; 780 781 /* set data to 0xab */ 782 for (i = 0; i < pkt_octet_len; i++) { 783 *buffer++ = 0xab; 784 } 785 786 /* set post-data value to 0xffff to enable overrun checking */ 787 for (i = 0; i < SRTP_MAX_SRTCP_TRAILER_LEN + 4; i++) { 788 *buffer++ = 0xff; 789 } 790 791 *pkt_len = bytes_in_hdr + pkt_octet_len; 792 793 return hdr; 794 } 795 796 static srtp_hdr_t *srtp_create_test_packet_extended(int pkt_octet_len, 797 uint32_t ssrc, 798 uint16_t seq, 799 uint32_t ts, 800 int *pkt_len) 801 { 802 srtp_hdr_t *hdr; 803 804 hdr = srtp_create_test_packet(pkt_octet_len, ssrc, pkt_len); 805 if (hdr == NULL) 806 return hdr; 807 808 hdr->seq = htons(seq); 809 hdr->ts = htonl(ts); 810 return hdr; 811 } 812 813 srtp_hdr_t *srtp_create_test_packet_ext_hdr(int pkt_octet_len, 814 uint32_t ssrc, 815 int *pkt_len) 816 { 817 int i; 818 uint8_t *buffer; 819 srtp_hdr_t *hdr; 820 int bytes_in_hdr = 12; 821 uint8_t extension_header[12] = { /* one-byte header */ 822 0xbe, 0xde, 823 /* size */ 824 0x00, 0x02, 825 /* id 1, length 1 (i.e. 2 bytes) */ 826 0x11, 827 /* payload */ 828 0xca, 0xfe, 829 /* padding */ 830 0x00, 831 /* id 2, length 0 (i.e. 1 byte) */ 832 0x20, 833 /* payload */ 834 0xba, 835 /* padding */ 836 0x00, 0x00 837 }; 838 839 /* allocate memory for test packet */ 840 hdr = (srtp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr + 841 sizeof(extension_header) + SRTP_MAX_TRAILER_LEN + 842 4); 843 if (!hdr) 844 return NULL; 845 846 hdr->version = 2; /* RTP version two */ 847 hdr->p = 0; /* no padding needed */ 848 hdr->x = 1; /* no header extension */ 849 hdr->cc = 0; /* no CSRCs */ 850 hdr->m = 0; /* marker bit */ 851 hdr->pt = 0xf; /* payload type */ 852 hdr->seq = htons(0x1234); /* sequence number */ 853 hdr->ts = htonl(0xdecafbad); /* timestamp */ 854 hdr->ssrc = htonl(ssrc); /* synch. source */ 855 856 buffer = (uint8_t *)hdr; 857 buffer += bytes_in_hdr; 858 859 memcpy(buffer, extension_header, sizeof(extension_header)); 860 buffer += sizeof(extension_header); 861 862 /* set RTP data to 0xab */ 863 for (i = 0; i < pkt_octet_len; i++) 864 *buffer++ = 0xab; 865 866 /* set post-data value to 0xffff to enable overrun checking */ 867 for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) 868 *buffer++ = 0xff; 869 870 *pkt_len = bytes_in_hdr + sizeof(extension_header) + pkt_octet_len; 871 872 return hdr; 873 } 874 875 void srtp_do_timing(const srtp_policy_t *policy) 876 { 877 int len; 878 879 /* 880 * note: the output of this function is formatted so that it 881 * can be used in gnuplot. '#' indicates a comment, and "\r\n" 882 * terminates a record 883 */ 884 885 printf("# testing srtp throughput:\r\n"); 886 printf("# mesg length (octets)\tthroughput (megabits per second)\r\n"); 887 888 for (len = 16; len <= 2048; len *= 2) { 889 printf("%d\t\t\t%f\r\n", len, 890 srtp_bits_per_second(len, policy) / 1.0E6); 891 } 892 893 /* these extra linefeeds let gnuplot know that a dataset is done */ 894 printf("\r\n\r\n"); 895 } 896 897 void srtp_do_rejection_timing(const srtp_policy_t *policy) 898 { 899 int len; 900 901 /* 902 * note: the output of this function is formatted so that it 903 * can be used in gnuplot. '#' indicates a comment, and "\r\n" 904 * terminates a record 905 */ 906 907 printf("# testing srtp rejection throughput:\r\n"); 908 printf("# mesg length (octets)\trejections per second\r\n"); 909 910 for (len = 8; len <= 2048; len *= 2) { 911 printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy)); 912 } 913 914 /* these extra linefeeds let gnuplot know that a dataset is done */ 915 printf("\r\n\r\n"); 916 } 917 918 #define MAX_MSG_LEN 1024 919 920 double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) 921 { 922 srtp_t srtp; 923 srtp_hdr_t *mesg; 924 int i; 925 clock_t timer; 926 int num_trials = 100000; 927 int input_len, len; 928 uint32_t ssrc; 929 srtp_err_status_t status; 930 931 /* 932 * allocate and initialize an srtp session 933 */ 934 status = srtp_create(&srtp, policy); 935 if (status) { 936 printf("error: srtp_create() failed with error code %d\n", status); 937 exit(1); 938 } 939 940 /* 941 * if the ssrc is unspecified, use a predetermined one 942 */ 943 if (policy->ssrc.type != ssrc_specific) { 944 ssrc = 0xdeadbeef; 945 } else { 946 ssrc = policy->ssrc.value; 947 } 948 949 /* 950 * create a test packet 951 */ 952 mesg = srtp_create_test_packet(msg_len_octets, ssrc, &input_len); 953 if (mesg == NULL) { 954 return 0.0; /* indicate failure by returning zero */ 955 } 956 timer = clock(); 957 for (i = 0; i < num_trials; i++) { 958 len = input_len; 959 /* srtp protect message */ 960 status = srtp_protect(srtp, mesg, &len); 961 if (status) { 962 printf("error: srtp_protect() failed with error code %d\n", status); 963 exit(1); 964 } 965 966 /* increment message number */ 967 { 968 /* hack sequence to avoid problems with macros for htons/ntohs on 969 * some systems */ 970 short new_seq = ntohs(mesg->seq) + 1; 971 mesg->seq = htons(new_seq); 972 } 973 } 974 timer = clock() - timer; 975 976 free(mesg); 977 978 status = srtp_dealloc(srtp); 979 if (status) { 980 printf("error: srtp_dealloc() failed with error code %d\n", status); 981 exit(1); 982 } 983 984 return (double)(msg_len_octets)*8 * num_trials * CLOCKS_PER_SEC / timer; 985 } 986 987 double srtp_rejections_per_second(int msg_len_octets, 988 const srtp_policy_t *policy) 989 { 990 srtp_ctx_t *srtp; 991 srtp_hdr_t *mesg; 992 int i; 993 int len; 994 clock_t timer; 995 int num_trials = 1000000; 996 uint32_t ssrc = policy->ssrc.value; 997 srtp_err_status_t status; 998 999 /* 1000 * allocate and initialize an srtp session 1001 */ 1002 status = srtp_create(&srtp, policy); 1003 if (status) { 1004 printf("error: srtp_create() failed with error code %d\n", status); 1005 exit(1); 1006 } 1007 1008 mesg = srtp_create_test_packet(msg_len_octets, ssrc, &len); 1009 if (mesg == NULL) { 1010 return 0.0; /* indicate failure by returning zero */ 1011 } 1012 srtp_protect(srtp, (srtp_hdr_t *)mesg, &len); 1013 1014 timer = clock(); 1015 for (i = 0; i < num_trials; i++) { 1016 len = msg_len_octets; 1017 srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len); 1018 } 1019 timer = clock() - timer; 1020 1021 free(mesg); 1022 1023 status = srtp_dealloc(srtp); 1024 if (status) { 1025 printf("error: srtp_dealloc() failed with error code %d\n", status); 1026 exit(1); 1027 } 1028 1029 return (double)num_trials * CLOCKS_PER_SEC / timer; 1030 } 1031 1032 void err_check(srtp_err_status_t s) 1033 { 1034 if (s != srtp_err_status_ok) { 1035 fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s); 1036 exit(1); 1037 } 1038 } 1039 1040 srtp_err_status_t srtp_test_call_protect(srtp_t srtp_sender, 1041 srtp_hdr_t *hdr, 1042 int *len, 1043 int mki_index) 1044 { 1045 if (mki_index == -1) { 1046 return srtp_protect(srtp_sender, hdr, len); 1047 } else { 1048 return srtp_protect_mki(srtp_sender, hdr, len, 1, mki_index); 1049 } 1050 } 1051 1052 srtp_err_status_t srtp_test_call_protect_rtcp(srtp_t srtp_sender, 1053 srtcp_hdr_t *hdr, 1054 int *len, 1055 int mki_index) 1056 { 1057 if (mki_index == -1) { 1058 return srtp_protect_rtcp(srtp_sender, hdr, len); 1059 } else { 1060 return srtp_protect_rtcp_mki(srtp_sender, hdr, len, 1, mki_index); 1061 } 1062 } 1063 1064 srtp_err_status_t srtp_test_call_unprotect(srtp_t srtp_sender, 1065 srtp_hdr_t *hdr, 1066 int *len, 1067 int use_mki) 1068 { 1069 if (use_mki == -1) { 1070 return srtp_unprotect(srtp_sender, hdr, len); 1071 } else { 1072 return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki); 1073 } 1074 } 1075 1076 srtp_err_status_t srtp_test_call_unprotect_rtcp(srtp_t srtp_sender, 1077 srtcp_hdr_t *hdr, 1078 int *len, 1079 int use_mki) 1080 { 1081 if (use_mki == -1) { 1082 return srtp_unprotect_rtcp(srtp_sender, hdr, len); 1083 } else { 1084 return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki); 1085 } 1086 } 1087 1088 srtp_err_status_t srtp_test(const srtp_policy_t *policy, 1089 int extension_header, 1090 int mki_index) 1091 { 1092 int i; 1093 srtp_t srtp_sender; 1094 srtp_t srtp_rcvr; 1095 srtp_err_status_t status = srtp_err_status_ok; 1096 srtp_hdr_t *hdr, *hdr2; 1097 uint8_t hdr_enc[64]; 1098 uint8_t *pkt_end; 1099 int msg_len_octets, msg_len_enc, msg_len; 1100 int len, len2; 1101 uint32_t tag_length; 1102 uint32_t ssrc; 1103 srtp_policy_t *rcvr_policy; 1104 srtp_policy_t tmp_policy; 1105 int header = 1; 1106 int use_mki = 0; 1107 1108 if (mki_index >= 0) 1109 use_mki = 1; 1110 1111 if (extension_header) { 1112 memcpy(&tmp_policy, policy, sizeof(srtp_policy_t)); 1113 tmp_policy.enc_xtn_hdr = &header; 1114 tmp_policy.enc_xtn_hdr_count = 1; 1115 err_check(srtp_create(&srtp_sender, &tmp_policy)); 1116 } else { 1117 err_check(srtp_create(&srtp_sender, policy)); 1118 } 1119 1120 /* print out policy */ 1121 err_check(srtp_session_print_policy(srtp_sender)); 1122 1123 /* 1124 * initialize data buffer, using the ssrc in the policy unless that 1125 * value is a wildcard, in which case we'll just use an arbitrary 1126 * one 1127 */ 1128 if (policy->ssrc.type != ssrc_specific) { 1129 ssrc = 0xdecafbad; 1130 } else { 1131 ssrc = policy->ssrc.value; 1132 } 1133 msg_len_octets = 28; 1134 if (extension_header) { 1135 hdr = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc, &len); 1136 hdr2 = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc, &len2); 1137 } else { 1138 hdr = srtp_create_test_packet(msg_len_octets, ssrc, &len); 1139 hdr2 = srtp_create_test_packet(msg_len_octets, ssrc, &len2); 1140 } 1141 1142 /* save original msg len */ 1143 msg_len = len; 1144 1145 if (hdr == NULL) { 1146 free(hdr2); 1147 return srtp_err_status_alloc_fail; 1148 } 1149 if (hdr2 == NULL) { 1150 free(hdr); 1151 return srtp_err_status_alloc_fail; 1152 } 1153 1154 debug_print(mod_driver, "before protection:\n%s", 1155 srtp_packet_to_string(hdr, len)); 1156 1157 #if PRINT_REFERENCE_PACKET 1158 debug_print(mod_driver, "reference packet before protection:\n%s", 1159 octet_string_hex_string((uint8_t *)hdr, len)); 1160 #endif 1161 err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index)); 1162 1163 debug_print(mod_driver, "after protection:\n%s", 1164 srtp_packet_to_string(hdr, len)); 1165 #if PRINT_REFERENCE_PACKET 1166 debug_print(mod_driver, "after protection:\n%s", 1167 octet_string_hex_string((uint8_t *)hdr, len)); 1168 #endif 1169 1170 /* save protected message and length */ 1171 memcpy(hdr_enc, hdr, len); 1172 msg_len_enc = len; 1173 1174 /* 1175 * check for overrun of the srtp_protect() function 1176 * 1177 * The packet is followed by a value of 0xfffff; if the value of the 1178 * data following the packet is different, then we know that the 1179 * protect function is overwriting the end of the packet. 1180 */ 1181 err_check(srtp_get_protect_trailer_length(srtp_sender, use_mki, mki_index, 1182 &tag_length)); 1183 pkt_end = (uint8_t *)hdr + msg_len + tag_length; 1184 for (i = 0; i < 4; i++) { 1185 if (pkt_end[i] != 0xff) { 1186 fprintf(stdout, 1187 "overwrite in srtp_protect() function " 1188 "(expected %x, found %x in trailing octet %d)\n", 1189 0xff, ((uint8_t *)hdr)[i], i); 1190 free(hdr); 1191 free(hdr2); 1192 return srtp_err_status_algo_fail; 1193 } 1194 } 1195 1196 /* 1197 * if the policy includes confidentiality, check that ciphertext is 1198 * different than plaintext 1199 * 1200 * Note that this check will give false negatives, with some small 1201 * probability, especially if the packets are short. For that 1202 * reason, we skip this check if the plaintext is less than four 1203 * octets long. 1204 */ 1205 if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) { 1206 printf("testing that ciphertext is distinct from plaintext..."); 1207 status = srtp_err_status_algo_fail; 1208 for (i = 12; i < msg_len_octets + 12; i++) { 1209 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { 1210 status = srtp_err_status_ok; 1211 } 1212 } 1213 if (status) { 1214 printf("failed\n"); 1215 free(hdr); 1216 free(hdr2); 1217 return status; 1218 } 1219 printf("passed\n"); 1220 } 1221 1222 /* 1223 * if the policy uses a 'wildcard' ssrc, then we need to make a copy 1224 * of the policy that changes the direction to inbound 1225 * 1226 * we always copy the policy into the rcvr_policy, since otherwise 1227 * the compiler would fret about the constness of the policy 1228 */ 1229 rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t)); 1230 if (rcvr_policy == NULL) { 1231 free(hdr); 1232 free(hdr2); 1233 return srtp_err_status_alloc_fail; 1234 } 1235 if (extension_header) { 1236 memcpy(rcvr_policy, &tmp_policy, sizeof(srtp_policy_t)); 1237 if (tmp_policy.ssrc.type == ssrc_any_outbound) { 1238 rcvr_policy->ssrc.type = ssrc_any_inbound; 1239 } 1240 } else { 1241 memcpy(rcvr_policy, policy, sizeof(srtp_policy_t)); 1242 if (policy->ssrc.type == ssrc_any_outbound) { 1243 rcvr_policy->ssrc.type = ssrc_any_inbound; 1244 } 1245 } 1246 1247 err_check(srtp_create(&srtp_rcvr, rcvr_policy)); 1248 1249 err_check(srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki)); 1250 1251 debug_print(mod_driver, "after unprotection:\n%s", 1252 srtp_packet_to_string(hdr, len)); 1253 1254 /* verify that the unprotected packet matches the origial one */ 1255 for (i = 0; i < len; i++) { 1256 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { 1257 fprintf(stdout, "mismatch at octet %d\n", i); 1258 status = srtp_err_status_algo_fail; 1259 } 1260 } 1261 if (status) { 1262 free(hdr); 1263 free(hdr2); 1264 free(rcvr_policy); 1265 return status; 1266 } 1267 1268 /* 1269 * if the policy includes authentication, then test for false positives 1270 */ 1271 if (policy->rtp.sec_serv & sec_serv_auth) { 1272 char *data = ((char *)hdr) + (extension_header ? 24 : 12); 1273 1274 printf("testing for false positives in replay check..."); 1275 1276 /* unprotect a second time - should fail with a replay error */ 1277 status = 1278 srtp_test_call_unprotect(srtp_rcvr, hdr, &msg_len_enc, use_mki); 1279 if (status != srtp_err_status_replay_fail) { 1280 printf("failed with error code %d\n", status); 1281 free(hdr); 1282 free(hdr2); 1283 free(rcvr_policy); 1284 return srtp_err_status_algo_fail; 1285 } else { 1286 printf("passed\n"); 1287 } 1288 1289 printf("testing for false positives in auth check..."); 1290 1291 /* increment sequence number in header */ 1292 hdr->seq++; 1293 1294 /* apply protection */ 1295 err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index)); 1296 1297 /* flip bits in packet */ 1298 data[0] ^= 0xff; 1299 1300 /* unprotect, and check for authentication failure */ 1301 status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki); 1302 if (status != srtp_err_status_auth_fail) { 1303 printf("failed with error code %d\n", status); 1304 printf("failed\n"); 1305 free(hdr); 1306 free(hdr2); 1307 free(rcvr_policy); 1308 return srtp_err_status_algo_fail; 1309 } else { 1310 printf("passed\n"); 1311 } 1312 } 1313 1314 err_check(srtp_dealloc(srtp_sender)); 1315 err_check(srtp_dealloc(srtp_rcvr)); 1316 1317 free(hdr); 1318 free(hdr2); 1319 free(rcvr_policy); 1320 return srtp_err_status_ok; 1321 } 1322 1323 srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index) 1324 { 1325 int i; 1326 srtp_t srtcp_sender; 1327 srtp_t srtcp_rcvr; 1328 srtp_err_status_t status = srtp_err_status_ok; 1329 srtcp_hdr_t *hdr, *hdr2; 1330 uint8_t hdr_enc[64]; 1331 uint8_t *pkt_end; 1332 int msg_len_octets, msg_len_enc, msg_len; 1333 int len, len2; 1334 uint32_t tag_length; 1335 uint32_t ssrc; 1336 srtp_policy_t *rcvr_policy; 1337 int use_mki = 0; 1338 1339 if (mki_index >= 0) 1340 use_mki = 1; 1341 1342 err_check(srtp_create(&srtcp_sender, policy)); 1343 1344 /* print out policy */ 1345 err_check(srtp_session_print_policy(srtcp_sender)); 1346 1347 /* 1348 * initialize data buffer, using the ssrc in the policy unless that 1349 * value is a wildcard, in which case we'll just use an arbitrary 1350 * one 1351 */ 1352 if (policy->ssrc.type != ssrc_specific) { 1353 ssrc = 0xdecafbad; 1354 } else { 1355 ssrc = policy->ssrc.value; 1356 } 1357 msg_len_octets = 28; 1358 hdr = srtp_create_rtcp_test_packet(msg_len_octets, ssrc, &len); 1359 /* save message len */ 1360 msg_len = len; 1361 1362 if (hdr == NULL) { 1363 return srtp_err_status_alloc_fail; 1364 } 1365 hdr2 = srtp_create_rtcp_test_packet(msg_len_octets, ssrc, &len2); 1366 if (hdr2 == NULL) { 1367 free(hdr); 1368 return srtp_err_status_alloc_fail; 1369 } 1370 1371 debug_print(mod_driver, "before protection:\n%s", 1372 srtp_rtcp_packet_to_string(hdr, len)); 1373 1374 #if PRINT_REFERENCE_PACKET 1375 debug_print(mod_driver, "reference packet before protection:\n%s", 1376 octet_string_hex_string((uint8_t *)hdr, len)); 1377 #endif 1378 err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index)); 1379 1380 debug_print(mod_driver, "after protection:\n%s", 1381 srtp_rtcp_packet_to_string(hdr, len)); 1382 #if PRINT_REFERENCE_PACKET 1383 debug_print(mod_driver, "after protection:\n%s", 1384 octet_string_hex_string((uint8_t *)hdr, len)); 1385 #endif 1386 1387 /* save protected message and length */ 1388 memcpy(hdr_enc, hdr, len); 1389 msg_len_enc = len; 1390 1391 /* 1392 * check for overrun of the srtp_protect_rtcp() function 1393 * 1394 * The packet is followed by a value of 0xfffff; if the value of the 1395 * data following the packet is different, then we know that the 1396 * protect function is overwriting the end of the packet. 1397 */ 1398 srtp_get_protect_rtcp_trailer_length(srtcp_sender, use_mki, mki_index, 1399 &tag_length); 1400 pkt_end = (uint8_t *)hdr + msg_len + tag_length; 1401 for (i = 0; i < 4; i++) { 1402 if (pkt_end[i] != 0xff) { 1403 fprintf(stdout, 1404 "overwrite in srtp_protect_rtcp() function " 1405 "(expected %x, found %x in trailing octet %d)\n", 1406 0xff, ((uint8_t *)hdr)[i], i); 1407 free(hdr); 1408 free(hdr2); 1409 return srtp_err_status_algo_fail; 1410 } 1411 } 1412 1413 /* 1414 * if the policy includes confidentiality, check that ciphertext is 1415 * different than plaintext 1416 * 1417 * Note that this check will give false negatives, with some small 1418 * probability, especially if the packets are short. For that 1419 * reason, we skip this check if the plaintext is less than four 1420 * octets long. 1421 */ 1422 if ((policy->rtcp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) { 1423 printf("testing that ciphertext is distinct from plaintext..."); 1424 status = srtp_err_status_algo_fail; 1425 for (i = 12; i < msg_len_octets + 12; i++) { 1426 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { 1427 status = srtp_err_status_ok; 1428 } 1429 } 1430 if (status) { 1431 printf("failed\n"); 1432 free(hdr); 1433 free(hdr2); 1434 return status; 1435 } 1436 printf("passed\n"); 1437 } 1438 1439 /* 1440 * if the policy uses a 'wildcard' ssrc, then we need to make a copy 1441 * of the policy that changes the direction to inbound 1442 * 1443 * we always copy the policy into the rcvr_policy, since otherwise 1444 * the compiler would fret about the constness of the policy 1445 */ 1446 rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t)); 1447 if (rcvr_policy == NULL) { 1448 free(hdr); 1449 free(hdr2); 1450 return srtp_err_status_alloc_fail; 1451 } 1452 memcpy(rcvr_policy, policy, sizeof(srtp_policy_t)); 1453 if (policy->ssrc.type == ssrc_any_outbound) { 1454 rcvr_policy->ssrc.type = ssrc_any_inbound; 1455 } 1456 1457 err_check(srtp_create(&srtcp_rcvr, rcvr_policy)); 1458 1459 err_check(srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki)); 1460 1461 debug_print(mod_driver, "after unprotection:\n%s", 1462 srtp_rtcp_packet_to_string(hdr, len)); 1463 1464 /* verify that the unprotected packet matches the original one */ 1465 for (i = 0; i < len; i++) { 1466 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { 1467 fprintf(stdout, "mismatch at octet %d\n", i); 1468 status = srtp_err_status_algo_fail; 1469 } 1470 } 1471 if (status) { 1472 free(hdr); 1473 free(hdr2); 1474 free(rcvr_policy); 1475 return status; 1476 } 1477 1478 /* 1479 * if the policy includes authentication, then test for false positives 1480 */ 1481 if (policy->rtp.sec_serv & sec_serv_auth) { 1482 char *data = ((char *)hdr) + 12; 1483 1484 printf("testing for false positives in replay check..."); 1485 1486 /* unprotect a second time - should fail with a replay error */ 1487 status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &msg_len_enc, 1488 use_mki); 1489 if (status != srtp_err_status_replay_fail) { 1490 printf("failed with error code %d\n", status); 1491 free(hdr); 1492 free(hdr2); 1493 free(rcvr_policy); 1494 return srtp_err_status_algo_fail; 1495 } else { 1496 printf("passed\n"); 1497 } 1498 1499 printf("testing for false positives in auth check..."); 1500 1501 /* apply protection */ 1502 err_check( 1503 srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index)); 1504 1505 /* flip bits in packet */ 1506 data[0] ^= 0xff; 1507 1508 /* unprotect, and check for authentication failure */ 1509 status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki); 1510 if (status != srtp_err_status_auth_fail) { 1511 printf("failed with error code %d\n", status); 1512 printf("failed\n"); 1513 free(hdr); 1514 free(hdr2); 1515 free(rcvr_policy); 1516 return srtp_err_status_algo_fail; 1517 } else { 1518 printf("passed\n"); 1519 } 1520 } 1521 1522 err_check(srtp_dealloc(srtcp_sender)); 1523 err_check(srtp_dealloc(srtcp_rcvr)); 1524 1525 free(hdr); 1526 free(hdr2); 1527 free(rcvr_policy); 1528 return srtp_err_status_ok; 1529 } 1530 1531 struct srtp_session_print_stream_data { 1532 // set by callback to indicate failure 1533 srtp_err_status_t status; 1534 // indicates if it is the template stream or a regular stream 1535 int is_template; 1536 }; 1537 1538 int srtp_session_print_stream(srtp_stream_t stream, void *raw_data) 1539 { 1540 static const char *serv_descr[4] = { "none", "confidentiality", 1541 "authentication", 1542 "confidentiality and authentication" }; 1543 static const char *direction[3] = { "unknown", "outbound", "inbound" }; 1544 1545 struct srtp_session_print_stream_data *data = 1546 (struct srtp_session_print_stream_data *)raw_data; 1547 srtp_session_keys_t *session_keys = &stream->session_keys[0]; 1548 char ssrc_text[32]; 1549 1550 if (!data->is_template && stream->rtp_services > sec_serv_conf_and_auth) { 1551 data->status = srtp_err_status_bad_param; 1552 return 1; 1553 } 1554 1555 if (data->is_template) { 1556 snprintf(ssrc_text, sizeof(ssrc_text), "any %s", 1557 direction[stream->direction]); 1558 } else { 1559 snprintf(ssrc_text, sizeof(ssrc_text), "0x%08x", stream->ssrc); 1560 } 1561 1562 printf("# SSRC: %s\r\n" 1563 "# rtp cipher: %s\r\n" 1564 "# rtp auth: %s\r\n" 1565 "# rtp services: %s\r\n" 1566 "# rtcp cipher: %s\r\n" 1567 "# rtcp auth: %s\r\n" 1568 "# rtcp services: %s\r\n" 1569 "# window size: %lu\r\n" 1570 "# tx rtx allowed:%s\r\n", 1571 ssrc_text, session_keys->rtp_cipher->type->description, 1572 session_keys->rtp_auth->type->description, 1573 serv_descr[stream->rtp_services], 1574 session_keys->rtcp_cipher->type->description, 1575 session_keys->rtcp_auth->type->description, 1576 serv_descr[stream->rtcp_services], 1577 srtp_rdbx_get_window_size(&stream->rtp_rdbx), 1578 stream->allow_repeat_tx ? "true" : "false"); 1579 1580 printf("# Encrypted extension headers: "); 1581 if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) { 1582 int *enc_xtn_hdr = stream->enc_xtn_hdr; 1583 int count = stream->enc_xtn_hdr_count; 1584 while (count > 0) { 1585 printf("%d ", *enc_xtn_hdr); 1586 enc_xtn_hdr++; 1587 count--; 1588 } 1589 printf("\n"); 1590 } else { 1591 printf("none\n"); 1592 } 1593 1594 return 0; 1595 } 1596 1597 srtp_err_status_t srtp_session_print_policy(srtp_t srtp) 1598 { 1599 struct srtp_session_print_stream_data data = { srtp_err_status_ok, 0 }; 1600 1601 /* sanity checking */ 1602 if (srtp == NULL) { 1603 return srtp_err_status_fail; 1604 } 1605 1606 /* if there's a template stream, print it out */ 1607 if (srtp->stream_template != NULL) { 1608 data.is_template = 1; 1609 srtp_session_print_stream(srtp->stream_template, &data); 1610 } 1611 1612 /* loop over streams in session, printing the policy of each */ 1613 data.is_template = 0; 1614 srtp_stream_list_for_each(srtp->stream_list, srtp_session_print_stream, 1615 &data); 1616 1617 return data.status; 1618 } 1619 1620 srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy) 1621 { 1622 srtp_err_status_t status; 1623 srtp_t session; 1624 1625 status = srtp_create(&session, policy); 1626 if (status) { 1627 return status; 1628 } 1629 status = srtp_session_print_policy(session); 1630 if (status) { 1631 return status; 1632 } 1633 status = srtp_dealloc(session); 1634 if (status) { 1635 return status; 1636 } 1637 return srtp_err_status_ok; 1638 } 1639 1640 /* 1641 * srtp_print_packet(...) is for debugging only 1642 * it prints an RTP packet to the stdout 1643 * 1644 * note that this function is *not* threadsafe 1645 */ 1646 1647 #include <stdio.h> 1648 1649 #define MTU 2048 1650 1651 char packet_string[MTU]; 1652 1653 char *srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len) 1654 { 1655 int octets_in_rtp_header = 12; 1656 uint8_t *data = ((uint8_t *)hdr) + octets_in_rtp_header; 1657 int hex_len = pkt_octet_len - octets_in_rtp_header; 1658 1659 /* sanity checking */ 1660 if ((hdr == NULL) || (pkt_octet_len > MTU)) { 1661 return NULL; 1662 } 1663 1664 /* write packet into string */ 1665 snprintf(packet_string, sizeof(packet_string), 1666 "(s)rtp packet: {\n" 1667 " version:\t%d\n" 1668 " p:\t\t%d\n" 1669 " x:\t\t%d\n" 1670 " cc:\t\t%d\n" 1671 " m:\t\t%d\n" 1672 " pt:\t\t%x\n" 1673 " seq:\t\t%x\n" 1674 " ts:\t\t%x\n" 1675 " ssrc:\t%x\n" 1676 " data:\t%s\n" 1677 "} (%d octets in total)\n", 1678 hdr->version, hdr->p, hdr->x, hdr->cc, hdr->m, hdr->pt, hdr->seq, 1679 hdr->ts, hdr->ssrc, octet_string_hex_string(data, hex_len), 1680 pkt_octet_len); 1681 1682 return packet_string; 1683 } 1684 1685 char *srtp_rtcp_packet_to_string(srtcp_hdr_t *hdr, int pkt_octet_len) 1686 { 1687 int octets_in_rtcp_header = 8; 1688 uint8_t *data = ((uint8_t *)hdr) + octets_in_rtcp_header; 1689 int hex_len = pkt_octet_len - octets_in_rtcp_header; 1690 1691 /* sanity checking */ 1692 if ((hdr == NULL) || (pkt_octet_len > MTU)) { 1693 return NULL; 1694 } 1695 1696 /* write packet into string */ 1697 snprintf(packet_string, sizeof(packet_string), 1698 "(s)rtcp packet: {\n" 1699 " version:\t%d\n" 1700 " p:\t\t%d\n" 1701 " rc:\t\t%d\n" 1702 " pt:\t\t%x\n" 1703 " len:\t\t%x\n" 1704 " ssrc:\t%x\n" 1705 " data:\t%s\n" 1706 "} (%d octets in total)\n", 1707 hdr->version, hdr->p, hdr->rc, hdr->pt, hdr->len, hdr->ssrc, 1708 octet_string_hex_string(data, hex_len), pkt_octet_len); 1709 1710 return packet_string; 1711 } 1712 1713 /* 1714 * mips_estimate() is a simple function to estimate the number of 1715 * instructions per second that the host can perform. note that this 1716 * function can be grossly wrong; you may want to have a manual sanity 1717 * check of its output! 1718 * 1719 * the 'ignore' pointer is there to convince the compiler to not just 1720 * optimize away the function 1721 */ 1722 1723 double mips_estimate(int num_trials, int *ignore) 1724 { 1725 clock_t t; 1726 volatile int i, sum; 1727 1728 sum = 0; 1729 t = clock(); 1730 for (i = 0; i < num_trials; i++) { 1731 sum += i; 1732 } 1733 t = clock() - t; 1734 if (t < 1) { 1735 t = 1; 1736 } 1737 1738 /* printf("%d\n", sum); */ 1739 *ignore = sum; 1740 1741 return (double)num_trials * CLOCKS_PER_SEC / t; 1742 } 1743 1744 /* 1745 * srtp_validate() verifies the correctness of libsrtp by comparing 1746 * some computed packets against some pre-computed reference values. 1747 * These packets were made with the default SRTP policy. 1748 */ 1749 1750 srtp_err_status_t srtp_validate(void) 1751 { 1752 // clang-format off 1753 uint8_t srtp_plaintext_ref[28] = { 1754 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 1755 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 1756 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1757 0xab, 0xab, 0xab, 0xab 1758 }; 1759 uint8_t srtp_plaintext[38] = { 1760 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 1761 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 1762 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1763 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 1764 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1765 }; 1766 uint8_t srtp_ciphertext[38] = { 1767 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 1768 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c, 1769 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15, 1770 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc, 1771 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb 1772 }; 1773 uint8_t rtcp_plaintext_ref[24] = { 1774 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 1775 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1776 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1777 }; 1778 uint8_t rtcp_plaintext[38] = { 1779 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 1780 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1781 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1782 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1783 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1784 }; 1785 uint8_t srtcp_ciphertext[38] = { 1786 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 1787 0x71, 0x28, 0x03, 0x5b, 0xe4, 0x87, 0xb9, 0xbd, 1788 0xbe, 0xf8, 0x90, 0x41, 0xf9, 0x77, 0xa5, 0xa8, 1789 0x80, 0x00, 0x00, 0x01, 0x99, 0x3e, 0x08, 0xcd, 1790 0x54, 0xd6, 0xc1, 0x23, 0x07, 0x98 1791 }; 1792 // clang-format on 1793 1794 srtp_t srtp_snd, srtp_recv; 1795 srtp_err_status_t status; 1796 int len; 1797 srtp_policy_t policy; 1798 1799 /* 1800 * create a session with a single stream using the default srtp 1801 * policy and with the SSRC value 0xcafebabe 1802 */ 1803 memset(&policy, 0, sizeof(policy)); 1804 srtp_crypto_policy_set_rtp_default(&policy.rtp); 1805 srtp_crypto_policy_set_rtcp_default(&policy.rtcp); 1806 policy.ssrc.type = ssrc_specific; 1807 policy.ssrc.value = 0xcafebabe; 1808 policy.key = test_key; 1809 policy.deprecated_ekt = NULL; 1810 policy.window_size = 128; 1811 policy.allow_repeat_tx = 0; 1812 policy.next = NULL; 1813 1814 status = srtp_create(&srtp_snd, &policy); 1815 if (status) { 1816 return status; 1817 } 1818 1819 /* 1820 * protect plaintext, then compare with ciphertext 1821 */ 1822 len = 28; 1823 status = srtp_protect(srtp_snd, srtp_plaintext, &len); 1824 if (status || (len != 38)) { 1825 return srtp_err_status_fail; 1826 } 1827 1828 debug_print(mod_driver, "ciphertext:\n %s", 1829 octet_string_hex_string(srtp_plaintext, len)); 1830 debug_print(mod_driver, "ciphertext reference:\n %s", 1831 octet_string_hex_string(srtp_ciphertext, len)); 1832 1833 if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) { 1834 return srtp_err_status_fail; 1835 } 1836 1837 /* 1838 * protect plaintext rtcp, then compare with srtcp ciphertext 1839 */ 1840 len = 24; 1841 status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len); 1842 if (status || (len != 38)) { 1843 return srtp_err_status_fail; 1844 } 1845 1846 debug_print(mod_driver, "srtcp ciphertext:\n %s", 1847 octet_string_hex_string(rtcp_plaintext, len)); 1848 debug_print(mod_driver, "srtcp ciphertext reference:\n %s", 1849 octet_string_hex_string(srtcp_ciphertext, len)); 1850 1851 if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) { 1852 return srtp_err_status_fail; 1853 } 1854 1855 /* 1856 * create a receiver session context comparable to the one created 1857 * above - we need to do this so that the replay checking doesn't 1858 * complain 1859 */ 1860 status = srtp_create(&srtp_recv, &policy); 1861 if (status) { 1862 return status; 1863 } 1864 1865 /* 1866 * unprotect ciphertext, then compare with plaintext 1867 */ 1868 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); 1869 if (status || (len != 28)) { 1870 return status; 1871 } 1872 1873 if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) { 1874 return srtp_err_status_fail; 1875 } 1876 1877 /* 1878 * unprotect srtcp ciphertext, then compare with rtcp plaintext 1879 */ 1880 len = 38; 1881 status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len); 1882 if (status || (len != 24)) { 1883 return status; 1884 } 1885 1886 if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) { 1887 return srtp_err_status_fail; 1888 } 1889 1890 status = srtp_dealloc(srtp_snd); 1891 if (status) { 1892 return status; 1893 } 1894 1895 status = srtp_dealloc(srtp_recv); 1896 if (status) { 1897 return status; 1898 } 1899 1900 return srtp_err_status_ok; 1901 } 1902 1903 /* 1904 * srtp_validate_null() verifies the correctness of libsrtp by comparing 1905 * some computed packets against some pre-computed reference values. 1906 * These packets were made with a policy that applies null encryption 1907 * and HMAC authentication. 1908 */ 1909 1910 srtp_err_status_t srtp_validate_null(void) 1911 { 1912 // clang-format off 1913 uint8_t srtp_plaintext_ref[28] = { 1914 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 1915 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 1916 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1917 0xab, 0xab, 0xab, 0xab 1918 }; 1919 uint8_t srtp_plaintext[38] = { 1920 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 1921 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 1922 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1923 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 1924 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1925 }; 1926 uint8_t srtp_ciphertext[38] = { 1927 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 1928 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 1929 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1930 0xab, 0xab, 0xab, 0xab, 0xab, 0xa1, 0x36, 0x27, 1931 0x0b, 0x67, 0x91, 0x34, 0xce, 0x9b 1932 }; 1933 uint8_t rtcp_plaintext_ref[24] = { 1934 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 1935 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1936 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1937 }; 1938 uint8_t rtcp_plaintext[38] = { 1939 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 1940 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1941 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1942 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1943 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1944 }; 1945 uint8_t srtcp_ciphertext[38] = { 1946 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 1947 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1948 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 1949 0x00, 0x00, 0x00, 0x01, 0xfe, 0x88, 0xc7, 0xfd, 1950 0xfd, 0x37, 0xeb, 0xce, 0x61, 0x5d, 1951 }; 1952 // clang-format on 1953 1954 srtp_t srtp_snd, srtp_recv; 1955 srtp_err_status_t status; 1956 int len; 1957 srtp_policy_t policy; 1958 1959 /* 1960 * create a session with a single stream using the default srtp 1961 * policy and with the SSRC value 0xcafebabe 1962 */ 1963 memset(&policy, 0, sizeof(policy)); 1964 srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp); 1965 srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtcp); 1966 policy.ssrc.type = ssrc_specific; 1967 policy.ssrc.value = 0xcafebabe; 1968 policy.key = test_key; 1969 policy.deprecated_ekt = NULL; 1970 policy.window_size = 128; 1971 policy.allow_repeat_tx = 0; 1972 policy.next = NULL; 1973 1974 status = srtp_create(&srtp_snd, &policy); 1975 if (status) { 1976 return status; 1977 } 1978 1979 /* 1980 * protect plaintext, then compare with ciphertext 1981 */ 1982 len = 28; 1983 status = srtp_protect(srtp_snd, srtp_plaintext, &len); 1984 if (status || (len != 38)) { 1985 return srtp_err_status_fail; 1986 } 1987 1988 debug_print(mod_driver, "ciphertext:\n %s", 1989 octet_string_hex_string(srtp_plaintext, len)); 1990 debug_print(mod_driver, "ciphertext reference:\n %s", 1991 octet_string_hex_string(srtp_ciphertext, len)); 1992 1993 if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) { 1994 return srtp_err_status_fail; 1995 } 1996 1997 /* 1998 * protect plaintext rtcp, then compare with srtcp ciphertext 1999 */ 2000 len = 24; 2001 status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len); 2002 if (status || (len != 38)) { 2003 return srtp_err_status_fail; 2004 } 2005 2006 debug_print(mod_driver, "srtcp ciphertext:\n %s", 2007 octet_string_hex_string(rtcp_plaintext, len)); 2008 debug_print(mod_driver, "srtcp ciphertext reference:\n %s", 2009 octet_string_hex_string(srtcp_ciphertext, len)); 2010 2011 if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) { 2012 return srtp_err_status_fail; 2013 } 2014 2015 /* 2016 * create a receiver session context comparable to the one created 2017 * above - we need to do this so that the replay checking doesn't 2018 * complain 2019 */ 2020 status = srtp_create(&srtp_recv, &policy); 2021 if (status) { 2022 return status; 2023 } 2024 2025 /* 2026 * unprotect ciphertext, then compare with plaintext 2027 */ 2028 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); 2029 if (status || (len != 28)) { 2030 return status; 2031 } 2032 2033 if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) { 2034 return srtp_err_status_fail; 2035 } 2036 2037 /* 2038 * unprotect srtcp ciphertext, then compare with rtcp plaintext 2039 */ 2040 len = 38; 2041 status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len); 2042 if (status || (len != 24)) { 2043 return status; 2044 } 2045 2046 if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) { 2047 return srtp_err_status_fail; 2048 } 2049 2050 status = srtp_dealloc(srtp_snd); 2051 if (status) { 2052 return status; 2053 } 2054 2055 status = srtp_dealloc(srtp_recv); 2056 if (status) { 2057 return status; 2058 } 2059 2060 return srtp_err_status_ok; 2061 } 2062 2063 #ifdef GCM 2064 /* 2065 * srtp_validate_gcm() verifies the correctness of libsrtp by comparing 2066 * an computed packet against the known ciphertext for the plaintext. 2067 */ 2068 srtp_err_status_t srtp_validate_gcm(void) 2069 { 2070 // clang-format off 2071 uint8_t rtp_plaintext_ref[28] = { 2072 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2073 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 2074 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2075 0xab, 0xab, 0xab, 0xab 2076 }; 2077 uint8_t rtp_plaintext[44] = { 2078 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2079 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 2080 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2081 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 2082 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2083 0x00, 0x00, 0x00, 0x00 2084 }; 2085 uint8_t srtp_ciphertext[44] = { 2086 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2087 0xca, 0xfe, 0xba, 0xbe, 0xc5, 0x00, 0x2e, 0xde, 2088 0x04, 0xcf, 0xdd, 0x2e, 0xb9, 0x11, 0x59, 0xe0, 2089 0x88, 0x0a, 0xa0, 0x6e, 0xd2, 0x97, 0x68, 0x26, 2090 0xf7, 0x96, 0xb2, 0x01, 0xdf, 0x31, 0x31, 0xa1, 2091 0x27, 0xe8, 0xa3, 0x92 2092 }; 2093 uint8_t rtcp_plaintext_ref[24] = { 2094 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 2095 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2096 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2097 }; 2098 uint8_t rtcp_plaintext[44] = { 2099 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 2100 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2101 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2102 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2103 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2104 0x00, 0x00, 0x00, 0x00 2105 }; 2106 uint8_t srtcp_ciphertext[44] = { 2107 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 2108 0xc9, 0x8b, 0x8b, 0x5d, 0xf0, 0x39, 0x2a, 0x55, 2109 0x85, 0x2b, 0x6c, 0x21, 0xac, 0x8e, 0x70, 0x25, 2110 0xc5, 0x2c, 0x6f, 0xbe, 0xa2, 0xb3, 0xb4, 0x46, 2111 0xea, 0x31, 0x12, 0x3b, 0xa8, 0x8c, 0xe6, 0x1e, 2112 0x80, 0x00, 0x00, 0x01 2113 }; 2114 // clang-format on 2115 2116 srtp_t srtp_snd, srtp_recv; 2117 srtp_err_status_t status; 2118 int len; 2119 srtp_policy_t policy; 2120 2121 /* 2122 * create a session with a single stream using the default srtp 2123 * policy and with the SSRC value 0xcafebabe 2124 */ 2125 memset(&policy, 0, sizeof(policy)); 2126 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); 2127 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp); 2128 policy.ssrc.type = ssrc_specific; 2129 policy.ssrc.value = 0xcafebabe; 2130 policy.key = test_key_gcm; 2131 policy.deprecated_ekt = NULL; 2132 policy.window_size = 128; 2133 policy.allow_repeat_tx = 0; 2134 policy.next = NULL; 2135 2136 status = srtp_create(&srtp_snd, &policy); 2137 if (status) { 2138 return status; 2139 } 2140 2141 /* 2142 * protect plaintext rtp, then compare with srtp ciphertext 2143 */ 2144 len = 28; 2145 status = srtp_protect(srtp_snd, rtp_plaintext, &len); 2146 if (status || (len != 44)) { 2147 return srtp_err_status_fail; 2148 } 2149 2150 debug_print(mod_driver, "srtp ciphertext:\n %s", 2151 octet_string_hex_string(rtp_plaintext, len)); 2152 debug_print(mod_driver, "srtp ciphertext reference:\n %s", 2153 octet_string_hex_string(srtp_ciphertext, len)); 2154 2155 if (srtp_octet_string_is_eq(rtp_plaintext, srtp_ciphertext, len)) { 2156 return srtp_err_status_fail; 2157 } 2158 2159 /* 2160 * protect plaintext rtcp, then compare with srtcp ciphertext 2161 */ 2162 len = 24; 2163 status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len); 2164 if (status || (len != 44)) { 2165 return srtp_err_status_fail; 2166 } 2167 2168 debug_print(mod_driver, "srtcp ciphertext:\n %s", 2169 octet_string_hex_string(rtcp_plaintext, len)); 2170 debug_print(mod_driver, "srtcp ciphertext reference:\n %s", 2171 octet_string_hex_string(srtcp_ciphertext, len)); 2172 2173 if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) { 2174 return srtp_err_status_fail; 2175 } 2176 2177 /* 2178 * create a receiver session context comparable to the one created 2179 * above - we need to do this so that the replay checking doesn't 2180 * complain 2181 */ 2182 status = srtp_create(&srtp_recv, &policy); 2183 if (status) { 2184 return status; 2185 } 2186 2187 /* 2188 * unprotect srtp ciphertext, then compare with rtp plaintext 2189 */ 2190 len = 44; 2191 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); 2192 if (status || (len != 28)) { 2193 return status; 2194 } 2195 2196 if (srtp_octet_string_is_eq(srtp_ciphertext, rtp_plaintext_ref, len)) { 2197 return srtp_err_status_fail; 2198 } 2199 2200 /* 2201 * unprotect srtcp ciphertext, then compare with rtcp plaintext 2202 */ 2203 len = 44; 2204 status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len); 2205 if (status || (len != 24)) { 2206 return status; 2207 } 2208 2209 debug_print(mod_driver, "srtcp plain:\n %s", 2210 octet_string_hex_string(srtcp_ciphertext, len)); 2211 debug_print(mod_driver, "srtcp plain reference:\n %s", 2212 octet_string_hex_string(rtcp_plaintext_ref, 2213 sizeof(rtcp_plaintext_ref))); 2214 2215 if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) { 2216 return srtp_err_status_fail; 2217 } 2218 2219 status = srtp_dealloc(srtp_snd); 2220 if (status) { 2221 return status; 2222 } 2223 2224 status = srtp_dealloc(srtp_recv); 2225 if (status) { 2226 return status; 2227 } 2228 2229 return srtp_err_status_ok; 2230 } 2231 #endif 2232 2233 /* 2234 * Test vectors taken from RFC 6904, Appendix A 2235 */ 2236 srtp_err_status_t srtp_validate_encrypted_extensions_headers(void) 2237 { 2238 // clang-format off 2239 unsigned char test_key_ext_headers[30] = { 2240 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, 2241 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, 2242 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, 2243 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 2244 }; 2245 uint8_t srtp_plaintext_ref[56] = { 2246 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2247 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 2248 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27, 2249 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46, 2250 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00, 2251 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2252 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab 2253 }; 2254 uint8_t srtp_plaintext[66] = { 2255 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2256 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 2257 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27, 2258 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46, 2259 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00, 2260 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2261 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2262 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2263 0x00, 0x00 2264 }; 2265 uint8_t srtp_ciphertext[66] = { 2266 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2267 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 2268 0x17, 0x58, 0x8A, 0x92, 0x70, 0xF4, 0xE1, 0x5E, 2269 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x95, 0x46, 2270 0xA9, 0x94, 0xF0, 0xBC, 0x54, 0x78, 0x97, 0x00, 2271 0x4e, 0x55, 0xdc, 0x4c, 0xe7, 0x99, 0x78, 0xd8, 2272 0x8c, 0xa4, 0xd2, 0x15, 0x94, 0x9d, 0x24, 0x02, 2273 0x5a, 0x46, 0xb3, 0xca, 0x35, 0xc5, 0x35, 0xa8, 2274 0x91, 0xc7 2275 }; 2276 // clang-format on 2277 2278 srtp_t srtp_snd, srtp_recv; 2279 srtp_err_status_t status; 2280 int len; 2281 srtp_policy_t policy; 2282 int headers[3] = { 1, 3, 4 }; 2283 2284 /* 2285 * create a session with a single stream using the default srtp 2286 * policy and with the SSRC value 0xcafebabe 2287 */ 2288 memset(&policy, 0, sizeof(policy)); 2289 srtp_crypto_policy_set_rtp_default(&policy.rtp); 2290 srtp_crypto_policy_set_rtcp_default(&policy.rtcp); 2291 policy.ssrc.type = ssrc_specific; 2292 policy.ssrc.value = 0xcafebabe; 2293 policy.key = test_key_ext_headers; 2294 policy.deprecated_ekt = NULL; 2295 policy.window_size = 128; 2296 policy.allow_repeat_tx = 0; 2297 policy.enc_xtn_hdr = headers; 2298 policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]); 2299 policy.next = NULL; 2300 2301 status = srtp_create(&srtp_snd, &policy); 2302 if (status) 2303 return status; 2304 2305 /* 2306 * protect plaintext, then compare with ciphertext 2307 */ 2308 len = sizeof(srtp_plaintext_ref); 2309 status = srtp_protect(srtp_snd, srtp_plaintext, &len); 2310 if (status || (len != sizeof(srtp_plaintext))) 2311 return srtp_err_status_fail; 2312 2313 debug_print(mod_driver, "ciphertext:\n %s", 2314 srtp_octet_string_hex_string(srtp_plaintext, len)); 2315 debug_print(mod_driver, "ciphertext reference:\n %s", 2316 srtp_octet_string_hex_string(srtp_ciphertext, len)); 2317 2318 if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) 2319 return srtp_err_status_fail; 2320 2321 /* 2322 * create a receiver session context comparable to the one created 2323 * above - we need to do this so that the replay checking doesn't 2324 * complain 2325 */ 2326 status = srtp_create(&srtp_recv, &policy); 2327 if (status) 2328 return status; 2329 2330 /* 2331 * unprotect ciphertext, then compare with plaintext 2332 */ 2333 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); 2334 if (status) { 2335 return status; 2336 } else if (len != sizeof(srtp_plaintext_ref)) { 2337 return srtp_err_status_fail; 2338 } 2339 2340 if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) 2341 return srtp_err_status_fail; 2342 2343 status = srtp_dealloc(srtp_snd); 2344 if (status) 2345 return status; 2346 2347 status = srtp_dealloc(srtp_recv); 2348 if (status) 2349 return status; 2350 2351 return srtp_err_status_ok; 2352 } 2353 2354 #ifdef GCM 2355 2356 /* 2357 * Headers of test vectors taken from RFC 6904, Appendix A 2358 */ 2359 srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void) 2360 { 2361 // clang-format off 2362 unsigned char test_key_ext_headers[30] = { 2363 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, 2364 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, 2365 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, 2366 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 2367 }; 2368 uint8_t srtp_plaintext_ref[56] = { 2369 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2370 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 2371 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27, 2372 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46, 2373 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00, 2374 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2375 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab 2376 }; 2377 uint8_t srtp_plaintext[64] = { 2378 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2379 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 2380 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27, 2381 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46, 2382 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00, 2383 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2384 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2385 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 2386 }; 2387 uint8_t srtp_ciphertext[64] = { 2388 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2389 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 2390 0x17, 0x12, 0xe0, 0x20, 0x5b, 0xfa, 0x94, 0x9b, 2391 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0xbb, 0x46, 2392 0x73, 0x27, 0x78, 0xd9, 0x92, 0x9a, 0xab, 0x00, 2393 0x0e, 0xca, 0x0c, 0xf9, 0x5e, 0xe9, 0x55, 0xb2, 2394 0x6c, 0xd3, 0xd2, 0x88, 0xb4, 0x9f, 0x6c, 0xa9, 2395 0xf4, 0xb1, 0xb7, 0x59, 0x71, 0x9e, 0xb5, 0xbc 2396 }; 2397 // clang-format on 2398 2399 srtp_t srtp_snd, srtp_recv; 2400 srtp_err_status_t status; 2401 int len; 2402 srtp_policy_t policy; 2403 int headers[3] = { 1, 3, 4 }; 2404 2405 /* 2406 * create a session with a single stream using the default srtp 2407 * policy and with the SSRC value 0xcafebabe 2408 */ 2409 memset(&policy, 0, sizeof(policy)); 2410 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); 2411 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); 2412 policy.ssrc.type = ssrc_specific; 2413 policy.ssrc.value = 0xcafebabe; 2414 policy.key = test_key_ext_headers; 2415 policy.deprecated_ekt = NULL; 2416 policy.window_size = 128; 2417 policy.allow_repeat_tx = 0; 2418 policy.enc_xtn_hdr = headers; 2419 policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]); 2420 policy.next = NULL; 2421 2422 status = srtp_create(&srtp_snd, &policy); 2423 if (status) 2424 return status; 2425 2426 /* 2427 * protect plaintext, then compare with ciphertext 2428 */ 2429 len = sizeof(srtp_plaintext_ref); 2430 status = srtp_protect(srtp_snd, srtp_plaintext, &len); 2431 if (status || (len != sizeof(srtp_plaintext))) 2432 return srtp_err_status_fail; 2433 2434 debug_print(mod_driver, "ciphertext:\n %s", 2435 srtp_octet_string_hex_string(srtp_plaintext, len)); 2436 debug_print(mod_driver, "ciphertext reference:\n %s", 2437 srtp_octet_string_hex_string(srtp_ciphertext, len)); 2438 2439 if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) 2440 return srtp_err_status_fail; 2441 2442 /* 2443 * create a receiver session context comparable to the one created 2444 * above - we need to do this so that the replay checking doesn't 2445 * complain 2446 */ 2447 status = srtp_create(&srtp_recv, &policy); 2448 if (status) 2449 return status; 2450 2451 /* 2452 * unprotect ciphertext, then compare with plaintext 2453 */ 2454 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); 2455 if (status) { 2456 return status; 2457 } else if (len != sizeof(srtp_plaintext_ref)) { 2458 return srtp_err_status_fail; 2459 } 2460 2461 if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) 2462 return srtp_err_status_fail; 2463 2464 status = srtp_dealloc(srtp_snd); 2465 if (status) 2466 return status; 2467 2468 status = srtp_dealloc(srtp_recv); 2469 if (status) 2470 return status; 2471 2472 return srtp_err_status_ok; 2473 } 2474 #endif 2475 2476 /* 2477 * srtp_validate_aes_256() verifies the correctness of libsrtp by comparing 2478 * some computed packets against some pre-computed reference values. 2479 * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy. 2480 */ 2481 2482 srtp_err_status_t srtp_validate_aes_256(void) 2483 { 2484 // clang-format off 2485 unsigned char aes_256_test_key[46] = { 2486 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76, 2487 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29, 2488 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1, 2489 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6, 2490 2491 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9, 2492 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2 2493 }; 2494 uint8_t srtp_plaintext_ref[28] = { 2495 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2496 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 2497 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2498 0xab, 0xab, 0xab, 0xab 2499 }; 2500 uint8_t srtp_plaintext[38] = { 2501 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2502 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 2503 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 2504 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 2505 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 2506 }; 2507 uint8_t srtp_ciphertext[38] = { 2508 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 2509 0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17, 2510 0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74, 2511 0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a, 2512 0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b 2513 }; 2514 // clang-format on 2515 2516 srtp_t srtp_snd, srtp_recv; 2517 srtp_err_status_t status; 2518 int len; 2519 srtp_policy_t policy; 2520 2521 /* 2522 * create a session with a single stream using the default srtp 2523 * policy and with the SSRC value 0xcafebabe 2524 */ 2525 memset(&policy, 0, sizeof(policy)); 2526 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp); 2527 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp); 2528 policy.ssrc.type = ssrc_specific; 2529 policy.ssrc.value = 0xcafebabe; 2530 policy.key = aes_256_test_key; 2531 policy.deprecated_ekt = NULL; 2532 policy.window_size = 128; 2533 policy.allow_repeat_tx = 0; 2534 policy.next = NULL; 2535 2536 status = srtp_create(&srtp_snd, &policy); 2537 if (status) { 2538 return status; 2539 } 2540 2541 /* 2542 * protect plaintext, then compare with ciphertext 2543 */ 2544 len = 28; 2545 status = srtp_protect(srtp_snd, srtp_plaintext, &len); 2546 if (status || (len != 38)) { 2547 return srtp_err_status_fail; 2548 } 2549 2550 debug_print(mod_driver, "ciphertext:\n %s", 2551 octet_string_hex_string(srtp_plaintext, len)); 2552 debug_print(mod_driver, "ciphertext reference:\n %s", 2553 octet_string_hex_string(srtp_ciphertext, len)); 2554 2555 if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) { 2556 return srtp_err_status_fail; 2557 } 2558 2559 /* 2560 * create a receiver session context comparable to the one created 2561 * above - we need to do this so that the replay checking doesn't 2562 * complain 2563 */ 2564 status = srtp_create(&srtp_recv, &policy); 2565 if (status) { 2566 return status; 2567 } 2568 2569 /* 2570 * unprotect ciphertext, then compare with plaintext 2571 */ 2572 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); 2573 if (status || (len != 28)) { 2574 return status; 2575 } 2576 2577 if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) { 2578 return srtp_err_status_fail; 2579 } 2580 2581 status = srtp_dealloc(srtp_snd); 2582 if (status) { 2583 return status; 2584 } 2585 2586 status = srtp_dealloc(srtp_recv); 2587 if (status) { 2588 return status; 2589 } 2590 2591 return srtp_err_status_ok; 2592 } 2593 2594 srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list) 2595 { 2596 extern const srtp_policy_t *policy_array[]; 2597 srtp_policy_t *p = NULL; 2598 srtp_policy_t *tmp; 2599 int i = 0; 2600 uint32_t ssrc = 0; 2601 2602 /* sanity checking */ 2603 if ((list == NULL) || (policy_array[0] == NULL)) { 2604 return srtp_err_status_bad_param; 2605 } 2606 2607 /* 2608 * loop over policy list, mallocing a new list and copying values 2609 * into it (and incrementing the SSRC value as we go along) 2610 */ 2611 tmp = NULL; 2612 while (policy_array[i] != NULL) { 2613 p = (srtp_policy_t *)malloc(sizeof(srtp_policy_t)); 2614 if (p == NULL) { 2615 return srtp_err_status_bad_param; 2616 } 2617 memcpy(p, policy_array[i], sizeof(srtp_policy_t)); 2618 p->ssrc.type = ssrc_specific; 2619 p->ssrc.value = ssrc++; 2620 p->next = tmp; 2621 tmp = p; 2622 i++; 2623 } 2624 *list = p; 2625 2626 return srtp_err_status_ok; 2627 } 2628 2629 srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list) 2630 { 2631 srtp_policy_t *p, *next; 2632 2633 for (p = list; p != NULL; p = next) { 2634 next = p->next; 2635 free(p); 2636 } 2637 2638 return srtp_err_status_ok; 2639 } 2640 2641 srtp_err_status_t srtp_test_empty_payload(void) 2642 { 2643 srtp_t srtp_snd, srtp_recv; 2644 srtp_err_status_t status; 2645 int len; 2646 srtp_policy_t policy; 2647 srtp_hdr_t *mesg; 2648 2649 /* 2650 * create a session with a single stream using the default srtp 2651 * policy and with the SSRC value 0xcafebabe 2652 */ 2653 memset(&policy, 0, sizeof(policy)); 2654 srtp_crypto_policy_set_rtp_default(&policy.rtp); 2655 srtp_crypto_policy_set_rtcp_default(&policy.rtcp); 2656 policy.ssrc.type = ssrc_specific; 2657 policy.ssrc.value = 0xcafebabe; 2658 policy.key = test_key; 2659 policy.deprecated_ekt = NULL; 2660 policy.window_size = 128; 2661 policy.allow_repeat_tx = 0; 2662 policy.next = NULL; 2663 2664 status = srtp_create(&srtp_snd, &policy); 2665 if (status) { 2666 return status; 2667 } 2668 2669 mesg = srtp_create_test_packet(0, policy.ssrc.value, &len); 2670 if (mesg == NULL) { 2671 return srtp_err_status_fail; 2672 } 2673 2674 status = srtp_protect(srtp_snd, mesg, &len); 2675 if (status) { 2676 return status; 2677 } else if (len != 12 + 10) { 2678 return srtp_err_status_fail; 2679 } 2680 2681 /* 2682 * create a receiver session context comparable to the one created 2683 * above - we need to do this so that the replay checking doesn't 2684 * complain 2685 */ 2686 status = srtp_create(&srtp_recv, &policy); 2687 if (status) { 2688 return status; 2689 } 2690 2691 /* 2692 * unprotect ciphertext, then compare with plaintext 2693 */ 2694 status = srtp_unprotect(srtp_recv, mesg, &len); 2695 if (status) { 2696 return status; 2697 } else if (len != 12) { 2698 return srtp_err_status_fail; 2699 } 2700 2701 status = srtp_dealloc(srtp_snd); 2702 if (status) { 2703 return status; 2704 } 2705 2706 status = srtp_dealloc(srtp_recv); 2707 if (status) { 2708 return status; 2709 } 2710 2711 free(mesg); 2712 2713 return srtp_err_status_ok; 2714 } 2715 2716 #ifdef GCM 2717 srtp_err_status_t srtp_test_empty_payload_gcm(void) 2718 { 2719 srtp_t srtp_snd, srtp_recv; 2720 srtp_err_status_t status; 2721 int len; 2722 srtp_policy_t policy; 2723 srtp_hdr_t *mesg; 2724 2725 /* 2726 * create a session with a single stream using the default srtp 2727 * policy and with the SSRC value 0xcafebabe 2728 */ 2729 memset(&policy, 0, sizeof(policy)); 2730 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); 2731 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); 2732 policy.ssrc.type = ssrc_specific; 2733 policy.ssrc.value = 0xcafebabe; 2734 policy.key = test_key; 2735 policy.deprecated_ekt = NULL; 2736 policy.window_size = 128; 2737 policy.allow_repeat_tx = 0; 2738 policy.next = NULL; 2739 2740 status = srtp_create(&srtp_snd, &policy); 2741 if (status) { 2742 return status; 2743 } 2744 2745 mesg = srtp_create_test_packet(0, policy.ssrc.value, &len); 2746 if (mesg == NULL) { 2747 return srtp_err_status_fail; 2748 } 2749 2750 status = srtp_protect(srtp_snd, mesg, &len); 2751 if (status) { 2752 return status; 2753 } else if (len != 12 + 8) { 2754 return srtp_err_status_fail; 2755 } 2756 2757 /* 2758 * create a receiver session context comparable to the one created 2759 * above - we need to do this so that the replay checking doesn't 2760 * complain 2761 */ 2762 status = srtp_create(&srtp_recv, &policy); 2763 if (status) { 2764 return status; 2765 } 2766 2767 /* 2768 * unprotect ciphertext, then compare with plaintext 2769 */ 2770 status = srtp_unprotect(srtp_recv, mesg, &len); 2771 if (status) { 2772 return status; 2773 } else if (len != 12) { 2774 return srtp_err_status_fail; 2775 } 2776 2777 status = srtp_dealloc(srtp_snd); 2778 if (status) { 2779 return status; 2780 } 2781 2782 status = srtp_dealloc(srtp_recv); 2783 if (status) { 2784 return status; 2785 } 2786 2787 free(mesg); 2788 2789 return srtp_err_status_ok; 2790 } 2791 #endif // GCM 2792 2793 srtp_err_status_t srtp_test_remove_stream(void) 2794 { 2795 srtp_err_status_t status; 2796 srtp_policy_t *policy_list, policy; 2797 srtp_t session; 2798 srtp_stream_t stream; 2799 2800 /* 2801 * srtp_get_stream() is a libSRTP internal function that we declare 2802 * here so that we can use it to verify the correct operation of the 2803 * library 2804 */ 2805 extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc); 2806 2807 status = srtp_create_big_policy(&policy_list); 2808 if (status) { 2809 return status; 2810 } 2811 2812 status = srtp_create(&session, policy_list); 2813 if (status) { 2814 return status; 2815 } 2816 2817 /* 2818 * check for false positives by trying to remove a stream that's not 2819 * in the session 2820 */ 2821 status = srtp_remove_stream(session, htonl(0xaaaaaaaa)); 2822 if (status != srtp_err_status_no_ctx) { 2823 return srtp_err_status_fail; 2824 } 2825 2826 /* 2827 * check for false negatives by removing stream 0x1, then 2828 * searching for streams 0x0 and 0x2 2829 */ 2830 status = srtp_remove_stream(session, htonl(0x1)); 2831 if (status != srtp_err_status_ok) { 2832 return srtp_err_status_fail; 2833 } 2834 stream = srtp_get_stream(session, htonl(0x0)); 2835 if (stream == NULL) { 2836 return srtp_err_status_fail; 2837 } 2838 stream = srtp_get_stream(session, htonl(0x2)); 2839 if (stream == NULL) { 2840 return srtp_err_status_fail; 2841 } 2842 2843 status = srtp_dealloc(session); 2844 if (status != srtp_err_status_ok) { 2845 return status; 2846 } 2847 2848 status = srtp_dealloc_big_policy(policy_list); 2849 if (status != srtp_err_status_ok) { 2850 return status; 2851 } 2852 2853 /* Now test adding and removing a single stream */ 2854 memset(&policy, 0, sizeof(policy)); 2855 srtp_crypto_policy_set_rtp_default(&policy.rtp); 2856 srtp_crypto_policy_set_rtcp_default(&policy.rtcp); 2857 policy.ssrc.type = ssrc_specific; 2858 policy.ssrc.value = 0xcafebabe; 2859 policy.key = test_key; 2860 policy.deprecated_ekt = NULL; 2861 policy.window_size = 128; 2862 policy.allow_repeat_tx = 0; 2863 policy.next = NULL; 2864 2865 status = srtp_create(&session, NULL); 2866 if (status != srtp_err_status_ok) { 2867 return status; 2868 } 2869 2870 status = srtp_add_stream(session, &policy); 2871 if (status != srtp_err_status_ok) { 2872 return status; 2873 } 2874 2875 status = srtp_remove_stream(session, htonl(0xcafebabe)); 2876 if (status != srtp_err_status_ok) { 2877 return status; 2878 } 2879 2880 status = srtp_dealloc(session); 2881 if (status != srtp_err_status_ok) { 2882 return status; 2883 } 2884 2885 return srtp_err_status_ok; 2886 } 2887 2888 // clang-format off 2889 unsigned char test_alt_key[46] = { 2890 0xe5, 0x19, 0x6f, 0x01, 0x5e, 0xf1, 0x9b, 0xe1, 2891 0xd7, 0x47, 0xa7, 0x27, 0x07, 0xd7, 0x47, 0x33, 2892 0x01, 0xc2, 0x35, 0x4d, 0x59, 0x6a, 0xf7, 0x84, 2893 0x96, 0x98, 0xeb, 0xaa, 0xac, 0xf6, 0xa1, 0x45, 2894 0xc7, 0x15, 0xe2, 0xea, 0xfe, 0x55, 0x67, 0x96, 2895 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 2896 }; 2897 // clang-format on 2898 2899 /* 2900 * srtp_test_update() verifies updating/rekeying exsisting streams. 2901 * As stated in https://tools.ietf.org/html/rfc3711#section-3.3.1 2902 * the value of the ROC must not be reset after a rekey, this test 2903 * atempts to prove that srtp_update does not reset the ROC. 2904 */ 2905 2906 srtp_err_status_t srtp_test_update(void) 2907 { 2908 srtp_err_status_t status; 2909 uint32_t ssrc = 0x12121212; 2910 int msg_len_octets = 32; 2911 int protected_msg_len_octets; 2912 srtp_hdr_t *msg; 2913 srtp_t srtp_snd, srtp_recv; 2914 srtp_policy_t policy; 2915 2916 memset(&policy, 0, sizeof(policy)); 2917 srtp_crypto_policy_set_rtp_default(&policy.rtp); 2918 srtp_crypto_policy_set_rtcp_default(&policy.rtcp); 2919 policy.deprecated_ekt = NULL; 2920 policy.window_size = 128; 2921 policy.allow_repeat_tx = 0; 2922 policy.next = NULL; 2923 policy.key = test_key; 2924 2925 /* create a send and recive ctx with defualt profile and test_key */ 2926 policy.ssrc.type = ssrc_any_outbound; 2927 status = srtp_create(&srtp_snd, &policy); 2928 if (status) 2929 return status; 2930 2931 policy.ssrc.type = ssrc_any_inbound; 2932 status = srtp_create(&srtp_recv, &policy); 2933 if (status) 2934 return status; 2935 2936 /* protect and unprotect two msg's that will cause the ROC to be equal to 1 2937 */ 2938 msg = srtp_create_test_packet(msg_len_octets, ssrc, 2939 &protected_msg_len_octets); 2940 if (msg == NULL) 2941 return srtp_err_status_alloc_fail; 2942 msg->seq = htons(65535); 2943 2944 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); 2945 if (status) 2946 return srtp_err_status_fail; 2947 2948 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); 2949 if (status) 2950 return status; 2951 2952 free(msg); 2953 2954 msg = srtp_create_test_packet(msg_len_octets, ssrc, 2955 &protected_msg_len_octets); 2956 if (msg == NULL) 2957 return srtp_err_status_alloc_fail; 2958 msg->seq = htons(1); 2959 2960 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); 2961 if (status) 2962 return srtp_err_status_fail; 2963 2964 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); 2965 if (status) 2966 return status; 2967 2968 free(msg); 2969 2970 /* update send ctx with same test_key t verify update works*/ 2971 policy.ssrc.type = ssrc_any_outbound; 2972 policy.key = test_key; 2973 status = srtp_update(srtp_snd, &policy); 2974 if (status) 2975 return status; 2976 2977 msg = srtp_create_test_packet(msg_len_octets, ssrc, 2978 &protected_msg_len_octets); 2979 if (msg == NULL) 2980 return srtp_err_status_alloc_fail; 2981 msg->seq = htons(2); 2982 2983 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); 2984 if (status) 2985 return srtp_err_status_fail; 2986 2987 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); 2988 if (status) 2989 return status; 2990 2991 free(msg); 2992 2993 /* update send ctx to use test_alt_key */ 2994 policy.ssrc.type = ssrc_any_outbound; 2995 policy.key = test_alt_key; 2996 status = srtp_update(srtp_snd, &policy); 2997 if (status) 2998 return status; 2999 3000 /* create and protect msg with new key and ROC still equal to 1 */ 3001 msg = srtp_create_test_packet(msg_len_octets, ssrc, 3002 &protected_msg_len_octets); 3003 if (msg == NULL) 3004 return srtp_err_status_alloc_fail; 3005 msg->seq = htons(3); 3006 3007 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); 3008 if (status) 3009 return srtp_err_status_fail; 3010 3011 /* verify that recive ctx will fail to unprotect as it still uses test_key 3012 */ 3013 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); 3014 if (status == srtp_err_status_ok) 3015 return srtp_err_status_fail; 3016 3017 /* create a new recvieve ctx with test_alt_key but since it is new it will 3018 * have ROC equal to 1 3019 * and therefore should fail to unprotected */ 3020 { 3021 srtp_t srtp_recv_roc_0; 3022 3023 policy.ssrc.type = ssrc_any_inbound; 3024 policy.key = test_alt_key; 3025 status = srtp_create(&srtp_recv_roc_0, &policy); 3026 if (status) 3027 return status; 3028 3029 status = 3030 srtp_unprotect(srtp_recv_roc_0, msg, &protected_msg_len_octets); 3031 if (status == srtp_err_status_ok) 3032 return srtp_err_status_fail; 3033 3034 status = srtp_dealloc(srtp_recv_roc_0); 3035 if (status) 3036 return status; 3037 } 3038 3039 /* update recive ctx to use test_alt_key */ 3040 policy.ssrc.type = ssrc_any_inbound; 3041 policy.key = test_alt_key; 3042 status = srtp_update(srtp_recv, &policy); 3043 if (status) 3044 return status; 3045 3046 /* verify that can still unprotect, therfore key is updated and ROC value is 3047 * preserved */ 3048 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); 3049 if (status) 3050 return status; 3051 3052 free(msg); 3053 3054 status = srtp_dealloc(srtp_snd); 3055 if (status) 3056 return status; 3057 3058 status = srtp_dealloc(srtp_recv); 3059 if (status) 3060 return status; 3061 3062 return srtp_err_status_ok; 3063 } 3064 3065 srtp_err_status_t srtp_test_setup_protect_trailer_streams( 3066 srtp_t *srtp_send, 3067 srtp_t *srtp_send_mki, 3068 srtp_t *srtp_send_aes_gcm, 3069 srtp_t *srtp_send_aes_gcm_mki) 3070 { 3071 srtp_err_status_t status; 3072 srtp_policy_t policy; 3073 srtp_policy_t policy_mki; 3074 3075 #ifdef GCM 3076 srtp_policy_t policy_aes_gcm; 3077 srtp_policy_t policy_aes_gcm_mki; 3078 #else 3079 (void)srtp_send_aes_gcm; 3080 (void)srtp_send_aes_gcm_mki; 3081 #endif // GCM 3082 3083 memset(&policy, 0, sizeof(policy)); 3084 srtp_crypto_policy_set_rtp_default(&policy.rtp); 3085 srtp_crypto_policy_set_rtcp_default(&policy.rtcp); 3086 policy.deprecated_ekt = NULL; 3087 policy.window_size = 128; 3088 policy.allow_repeat_tx = 0; 3089 policy.next = NULL; 3090 policy.ssrc.type = ssrc_any_outbound; 3091 policy.key = test_key; 3092 3093 memset(&policy_mki, 0, sizeof(policy_mki)); 3094 srtp_crypto_policy_set_rtp_default(&policy_mki.rtp); 3095 srtp_crypto_policy_set_rtcp_default(&policy_mki.rtcp); 3096 policy_mki.deprecated_ekt = NULL; 3097 policy_mki.window_size = 128; 3098 policy_mki.allow_repeat_tx = 0; 3099 policy_mki.next = NULL; 3100 policy_mki.ssrc.type = ssrc_any_outbound; 3101 policy_mki.key = NULL; 3102 policy_mki.keys = test_keys; 3103 policy_mki.num_master_keys = 2; 3104 3105 #ifdef GCM 3106 memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm)); 3107 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp); 3108 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp); 3109 policy_aes_gcm.deprecated_ekt = NULL; 3110 policy_aes_gcm.window_size = 128; 3111 policy_aes_gcm.allow_repeat_tx = 0; 3112 policy_aes_gcm.next = NULL; 3113 policy_aes_gcm.ssrc.type = ssrc_any_outbound; 3114 policy_aes_gcm.key = test_key; 3115 3116 memset(&policy_aes_gcm_mki, 0, sizeof(policy_aes_gcm_mki)); 3117 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtp); 3118 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtcp); 3119 policy_aes_gcm_mki.deprecated_ekt = NULL; 3120 policy_aes_gcm_mki.window_size = 128; 3121 policy_aes_gcm_mki.allow_repeat_tx = 0; 3122 policy_aes_gcm_mki.next = NULL; 3123 policy_aes_gcm_mki.ssrc.type = ssrc_any_outbound; 3124 policy_aes_gcm_mki.key = NULL; 3125 policy_aes_gcm_mki.keys = test_keys; 3126 policy_aes_gcm_mki.num_master_keys = 2; 3127 #endif // GCM 3128 3129 /* create a send ctx with defualt profile and test_key */ 3130 status = srtp_create(srtp_send, &policy); 3131 if (status) 3132 return status; 3133 3134 status = srtp_create(srtp_send_mki, &policy_mki); 3135 if (status) 3136 return status; 3137 3138 #ifdef GCM 3139 status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm); 3140 if (status) 3141 return status; 3142 3143 status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki); 3144 if (status) 3145 return status; 3146 #endif // GCM 3147 3148 return srtp_err_status_ok; 3149 } 3150 3151 srtp_err_status_t srtp_test_protect_trailer_length(void) 3152 { 3153 srtp_t srtp_send; 3154 srtp_t srtp_send_mki; 3155 srtp_t srtp_send_aes_gcm; 3156 srtp_t srtp_send_aes_gcm_mki; 3157 uint32_t length = 0; 3158 srtp_err_status_t status; 3159 3160 srtp_test_setup_protect_trailer_streams( 3161 &srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki); 3162 3163 status = srtp_get_protect_trailer_length(srtp_send, 0, 0, &length); 3164 if (status) 3165 return status; 3166 3167 /* TAG Length: 10 bytes */ 3168 if (length != 10) 3169 return srtp_err_status_fail; 3170 3171 status = srtp_get_protect_trailer_length(srtp_send_mki, 1, 1, &length); 3172 if (status) 3173 return status; 3174 3175 /* TAG Length: 10 bytes + MKI length: 4 bytes*/ 3176 if (length != 14) 3177 return srtp_err_status_fail; 3178 3179 #ifdef GCM 3180 status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length); 3181 if (status) 3182 return status; 3183 3184 /* TAG Length: 16 bytes */ 3185 if (length != 16) 3186 return srtp_err_status_fail; 3187 3188 status = 3189 srtp_get_protect_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length); 3190 if (status) 3191 return status; 3192 3193 /* TAG Length: 16 bytes + MKI length: 4 bytes*/ 3194 if (length != 20) 3195 return srtp_err_status_fail; 3196 #endif // GCM 3197 3198 srtp_dealloc(srtp_send); 3199 srtp_dealloc(srtp_send_mki); 3200 #ifdef GCM 3201 srtp_dealloc(srtp_send_aes_gcm); 3202 srtp_dealloc(srtp_send_aes_gcm_mki); 3203 #endif 3204 3205 return srtp_err_status_ok; 3206 } 3207 3208 srtp_err_status_t srtp_test_protect_rtcp_trailer_length(void) 3209 { 3210 srtp_t srtp_send; 3211 srtp_t srtp_send_mki; 3212 srtp_t srtp_send_aes_gcm; 3213 srtp_t srtp_send_aes_gcm_mki; 3214 uint32_t length = 0; 3215 srtp_err_status_t status; 3216 3217 srtp_test_setup_protect_trailer_streams( 3218 &srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki); 3219 3220 status = srtp_get_protect_rtcp_trailer_length(srtp_send, 0, 0, &length); 3221 if (status) 3222 return status; 3223 3224 /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes*/ 3225 if (length != 14) 3226 return srtp_err_status_fail; 3227 3228 status = srtp_get_protect_rtcp_trailer_length(srtp_send_mki, 1, 1, &length); 3229 if (status) 3230 return status; 3231 3232 /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/ 3233 if (length != 18) 3234 return srtp_err_status_fail; 3235 3236 #ifdef GCM 3237 status = 3238 srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length); 3239 if (status) 3240 return status; 3241 3242 /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes*/ 3243 if (length != 20) 3244 return srtp_err_status_fail; 3245 3246 status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm_mki, 1, 1, 3247 &length); 3248 if (status) 3249 return status; 3250 3251 /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/ 3252 if (length != 24) 3253 return srtp_err_status_fail; 3254 #endif // GCM 3255 3256 srtp_dealloc(srtp_send); 3257 srtp_dealloc(srtp_send_mki); 3258 #ifdef GCM 3259 srtp_dealloc(srtp_send_aes_gcm); 3260 srtp_dealloc(srtp_send_aes_gcm_mki); 3261 #endif 3262 3263 return srtp_err_status_ok; 3264 } 3265 3266 srtp_err_status_t srtp_test_out_of_order_after_rollover(void) 3267 { 3268 srtp_err_status_t status; 3269 3270 srtp_policy_t sender_policy; 3271 srtp_t sender_session; 3272 3273 srtp_policy_t receiver_policy; 3274 srtp_t receiver_session; 3275 3276 const uint32_t num_pkts = 5; 3277 srtp_hdr_t *pkts[5]; 3278 int pkt_len_octets[5]; 3279 3280 uint32_t i; 3281 uint32_t stream_roc; 3282 3283 /* Create sender */ 3284 memset(&sender_policy, 0, sizeof(sender_policy)); 3285 #ifdef GCM 3286 srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtp); 3287 srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtcp); 3288 sender_policy.key = test_key_gcm; 3289 #else 3290 srtp_crypto_policy_set_rtp_default(&sender_policy.rtp); 3291 srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp); 3292 sender_policy.key = test_key; 3293 #endif 3294 sender_policy.ssrc.type = ssrc_specific; 3295 sender_policy.ssrc.value = 0xcafebabe; 3296 sender_policy.window_size = 128; 3297 3298 status = srtp_create(&sender_session, &sender_policy); 3299 if (status) { 3300 return status; 3301 } 3302 3303 /* Create the receiver */ 3304 memset(&receiver_policy, 0, sizeof(receiver_policy)); 3305 #ifdef GCM 3306 srtp_crypto_policy_set_aes_gcm_128_16_auth(&receiver_policy.rtp); 3307 srtp_crypto_policy_set_aes_gcm_128_16_auth(&receiver_policy.rtcp); 3308 receiver_policy.key = test_key_gcm; 3309 #else 3310 srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp); 3311 srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp); 3312 receiver_policy.key = test_key; 3313 #endif 3314 receiver_policy.ssrc.type = ssrc_specific; 3315 receiver_policy.ssrc.value = sender_policy.ssrc.value; 3316 receiver_policy.window_size = 128; 3317 3318 status = srtp_create(&receiver_session, &receiver_policy); 3319 if (status) { 3320 return status; 3321 } 3322 3323 /* Create and protect packets to get to get roc == 1 */ 3324 pkts[0] = srtp_create_test_packet_extended(64, sender_policy.ssrc.value, 3325 65534, 0, &pkt_len_octets[0]); 3326 status = srtp_protect(sender_session, pkts[0], &pkt_len_octets[0]); 3327 if (status) { 3328 return status; 3329 } 3330 status = srtp_get_stream_roc(sender_session, sender_policy.ssrc.value, 3331 &stream_roc); 3332 if (status) { 3333 return status; 3334 } 3335 if (stream_roc != 0) { 3336 return srtp_err_status_fail; 3337 } 3338 3339 pkts[1] = srtp_create_test_packet_extended(64, sender_policy.ssrc.value, 3340 65535, 1, &pkt_len_octets[1]); 3341 status = srtp_protect(sender_session, pkts[1], &pkt_len_octets[1]); 3342 if (status) { 3343 return status; 3344 } 3345 status = srtp_get_stream_roc(sender_session, sender_policy.ssrc.value, 3346 &stream_roc); 3347 if (status) { 3348 return status; 3349 } 3350 if (stream_roc != 0) { 3351 return srtp_err_status_fail; 3352 } 3353 3354 pkts[2] = srtp_create_test_packet_extended(64, sender_policy.ssrc.value, 0, 3355 2, &pkt_len_octets[2]); 3356 status = srtp_protect(sender_session, pkts[2], &pkt_len_octets[2]); 3357 if (status) { 3358 return status; 3359 } 3360 status = srtp_get_stream_roc(sender_session, sender_policy.ssrc.value, 3361 &stream_roc); 3362 if (status) { 3363 return status; 3364 } 3365 if (stream_roc != 1) { 3366 return srtp_err_status_fail; 3367 } 3368 3369 pkts[3] = srtp_create_test_packet_extended(64, sender_policy.ssrc.value, 1, 3370 3, &pkt_len_octets[3]); 3371 status = srtp_protect(sender_session, pkts[3], &pkt_len_octets[3]); 3372 if (status) { 3373 return status; 3374 } 3375 status = srtp_get_stream_roc(sender_session, sender_policy.ssrc.value, 3376 &stream_roc); 3377 if (status) { 3378 return status; 3379 } 3380 if (stream_roc != 1) { 3381 return srtp_err_status_fail; 3382 } 3383 3384 pkts[4] = srtp_create_test_packet_extended(64, sender_policy.ssrc.value, 2, 3385 4, &pkt_len_octets[4]); 3386 status = srtp_protect(sender_session, pkts[4], &pkt_len_octets[4]); 3387 if (status) { 3388 return status; 3389 } 3390 status = srtp_get_stream_roc(sender_session, sender_policy.ssrc.value, 3391 &stream_roc); 3392 if (status) { 3393 return status; 3394 } 3395 if (stream_roc != 1) { 3396 return srtp_err_status_fail; 3397 } 3398 3399 /* Unprotect packets in this seq order 65534, 0, 2, 1, 65535 which is 3400 * equivalent to index 0, 2, 4, 3, 1*/ 3401 status = srtp_unprotect(receiver_session, pkts[0], &pkt_len_octets[0]); 3402 if (status) { 3403 return status; 3404 } 3405 status = srtp_get_stream_roc(receiver_session, receiver_policy.ssrc.value, 3406 &stream_roc); 3407 if (status) { 3408 return status; 3409 } 3410 if (stream_roc != 0) { 3411 return srtp_err_status_fail; 3412 } 3413 3414 status = srtp_unprotect(receiver_session, pkts[2], &pkt_len_octets[2]); 3415 if (status) { 3416 return status; 3417 } 3418 status = srtp_get_stream_roc(receiver_session, receiver_policy.ssrc.value, 3419 &stream_roc); 3420 if (status) { 3421 return status; 3422 } 3423 if (stream_roc != 1) { 3424 return srtp_err_status_fail; 3425 } 3426 3427 status = srtp_unprotect(receiver_session, pkts[4], &pkt_len_octets[4]); 3428 if (status) { 3429 return status; 3430 } 3431 status = srtp_get_stream_roc(receiver_session, receiver_policy.ssrc.value, 3432 &stream_roc); 3433 if (status) { 3434 return status; 3435 } 3436 if (stream_roc != 1) { 3437 return srtp_err_status_fail; 3438 } 3439 3440 status = srtp_unprotect(receiver_session, pkts[3], &pkt_len_octets[3]); 3441 if (status) { 3442 return status; 3443 } 3444 status = srtp_get_stream_roc(receiver_session, receiver_policy.ssrc.value, 3445 &stream_roc); 3446 if (status) { 3447 return status; 3448 } 3449 if (stream_roc != 1) { 3450 return srtp_err_status_fail; 3451 } 3452 3453 status = srtp_unprotect(receiver_session, pkts[1], &pkt_len_octets[1]); 3454 if (status) { 3455 return status; 3456 } 3457 status = srtp_get_stream_roc(receiver_session, receiver_policy.ssrc.value, 3458 &stream_roc); 3459 if (status) { 3460 return status; 3461 } 3462 if (stream_roc != 1) { 3463 return srtp_err_status_fail; 3464 } 3465 3466 /* Cleanup */ 3467 status = srtp_dealloc(sender_session); 3468 if (status) { 3469 return status; 3470 } 3471 3472 status = srtp_dealloc(receiver_session); 3473 if (status) { 3474 return status; 3475 } 3476 3477 for (i = 0; i < num_pkts; i++) { 3478 free(pkts[i]); 3479 } 3480 3481 return srtp_err_status_ok; 3482 } 3483 3484 srtp_err_status_t srtp_test_get_roc(void) 3485 { 3486 srtp_err_status_t status; 3487 srtp_policy_t policy; 3488 srtp_t session; 3489 srtp_hdr_t *pkt; 3490 uint32_t i; 3491 uint32_t roc; 3492 uint32_t ts; 3493 uint16_t seq; 3494 3495 int msg_len_octets = 32; 3496 int protected_msg_len_octets; 3497 3498 memset(&policy, 0, sizeof(policy)); 3499 srtp_crypto_policy_set_rtp_default(&policy.rtp); 3500 srtp_crypto_policy_set_rtcp_default(&policy.rtcp); 3501 policy.ssrc.type = ssrc_specific; 3502 policy.ssrc.value = 0xcafebabe; 3503 policy.key = test_key; 3504 policy.window_size = 128; 3505 3506 /* Create a sender session */ 3507 status = srtp_create(&session, &policy); 3508 if (status) { 3509 return status; 3510 } 3511 3512 /* Set start sequence so we roll over */ 3513 seq = 65535; 3514 ts = 0; 3515 3516 for (i = 0; i < 2; i++) { 3517 pkt = srtp_create_test_packet_extended(msg_len_octets, 3518 policy.ssrc.value, seq, ts, 3519 &protected_msg_len_octets); 3520 status = srtp_protect(session, pkt, &protected_msg_len_octets); 3521 free(pkt); 3522 if (status) { 3523 return status; 3524 } 3525 3526 status = srtp_get_stream_roc(session, policy.ssrc.value, &roc); 3527 if (status) { 3528 return status; 3529 } 3530 3531 if (roc != i) { 3532 return srtp_err_status_fail; 3533 } 3534 3535 seq++; 3536 ts++; 3537 } 3538 3539 /* Cleanup */ 3540 status = srtp_dealloc(session); 3541 if (status) { 3542 return status; 3543 } 3544 3545 return srtp_err_status_ok; 3546 } 3547 3548 static srtp_err_status_t test_set_receiver_roc(uint32_t packets, 3549 uint32_t roc_to_set) 3550 { 3551 srtp_err_status_t status; 3552 3553 srtp_policy_t sender_policy; 3554 srtp_t sender_session; 3555 3556 srtp_policy_t receiver_policy; 3557 srtp_t receiver_session; 3558 3559 srtp_hdr_t *pkt_1; 3560 unsigned char *recv_pkt_1; 3561 3562 srtp_hdr_t *pkt_2; 3563 unsigned char *recv_pkt_2; 3564 3565 uint32_t i; 3566 uint32_t ts; 3567 uint16_t seq; 3568 uint16_t stride; 3569 3570 int msg_len_octets = 32; 3571 int protected_msg_len_octets_1; 3572 int protected_msg_len_octets_2; 3573 3574 /* Create sender */ 3575 memset(&sender_policy, 0, sizeof(sender_policy)); 3576 #ifdef GCM 3577 srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtp); 3578 srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtcp); 3579 sender_policy.key = test_key_gcm; 3580 #else 3581 srtp_crypto_policy_set_rtp_default(&sender_policy.rtp); 3582 srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp); 3583 sender_policy.key = test_key; 3584 #endif 3585 sender_policy.ssrc.type = ssrc_specific; 3586 sender_policy.ssrc.value = 0xcafebabe; 3587 sender_policy.window_size = 128; 3588 3589 status = srtp_create(&sender_session, &sender_policy); 3590 if (status) { 3591 return status; 3592 } 3593 3594 /* Create and protect packets */ 3595 i = 0; 3596 seq = 0; 3597 ts = 0; 3598 stride = 0x4000; 3599 while (i < packets) { 3600 srtp_hdr_t *tmp_pkt; 3601 int tmp_len; 3602 3603 tmp_pkt = srtp_create_test_packet_extended( 3604 msg_len_octets, sender_policy.ssrc.value, seq, ts, &tmp_len); 3605 status = srtp_protect(sender_session, tmp_pkt, &tmp_len); 3606 free(tmp_pkt); 3607 if (status) { 3608 return status; 3609 } 3610 3611 while (stride > (packets - i) && stride > 1) { 3612 stride >>= 1; 3613 } 3614 3615 i += stride; 3616 seq += stride; 3617 ts++; 3618 } 3619 3620 /* Create the first packet to decrypt and test for ROC change */ 3621 pkt_1 = srtp_create_test_packet_extended(msg_len_octets, 3622 sender_policy.ssrc.value, seq, ts, 3623 &protected_msg_len_octets_1); 3624 status = srtp_protect(sender_session, pkt_1, &protected_msg_len_octets_1); 3625 if (status) { 3626 return status; 3627 } 3628 3629 /* Create the second packet to decrypt and test for ROC change */ 3630 seq++; 3631 ts++; 3632 pkt_2 = srtp_create_test_packet_extended(msg_len_octets, 3633 sender_policy.ssrc.value, seq, ts, 3634 &protected_msg_len_octets_2); 3635 status = srtp_protect(sender_session, pkt_2, &protected_msg_len_octets_2); 3636 if (status) { 3637 return status; 3638 } 3639 3640 /* Create the receiver */ 3641 memset(&receiver_policy, 0, sizeof(receiver_policy)); 3642 #ifdef GCM 3643 srtp_crypto_policy_set_aes_gcm_128_16_auth(&receiver_policy.rtp); 3644 srtp_crypto_policy_set_aes_gcm_128_16_auth(&receiver_policy.rtcp); 3645 receiver_policy.key = test_key_gcm; 3646 #else 3647 srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp); 3648 srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp); 3649 receiver_policy.key = test_key; 3650 #endif 3651 receiver_policy.ssrc.type = ssrc_specific; 3652 receiver_policy.ssrc.value = sender_policy.ssrc.value; 3653 receiver_policy.window_size = 128; 3654 3655 status = srtp_create(&receiver_session, &receiver_policy); 3656 if (status) { 3657 return status; 3658 } 3659 3660 /* Make a copy of the first sent protected packet */ 3661 recv_pkt_1 = malloc(protected_msg_len_octets_1); 3662 if (recv_pkt_1 == NULL) { 3663 return srtp_err_status_fail; 3664 } 3665 memcpy(recv_pkt_1, pkt_1, protected_msg_len_octets_1); 3666 3667 /* Make a copy of the second sent protected packet */ 3668 recv_pkt_2 = malloc(protected_msg_len_octets_2); 3669 if (recv_pkt_2 == NULL) { 3670 return srtp_err_status_fail; 3671 } 3672 memcpy(recv_pkt_2, pkt_2, protected_msg_len_octets_2); 3673 3674 /* Set the ROC to the wanted value */ 3675 status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value, 3676 roc_to_set); 3677 if (status) { 3678 return status; 3679 } 3680 3681 /* Unprotect the first packet */ 3682 status = srtp_unprotect(receiver_session, recv_pkt_1, 3683 &protected_msg_len_octets_1); 3684 if (status) { 3685 return status; 3686 } 3687 3688 /* Unprotect the second packet */ 3689 status = srtp_unprotect(receiver_session, recv_pkt_2, 3690 &protected_msg_len_octets_2); 3691 if (status) { 3692 return status; 3693 } 3694 3695 /* Cleanup */ 3696 status = srtp_dealloc(sender_session); 3697 if (status) { 3698 return status; 3699 } 3700 3701 status = srtp_dealloc(receiver_session); 3702 if (status) { 3703 return status; 3704 } 3705 3706 free(pkt_1); 3707 free(recv_pkt_1); 3708 free(pkt_2); 3709 free(recv_pkt_2); 3710 3711 return srtp_err_status_ok; 3712 } 3713 3714 static srtp_err_status_t test_set_sender_roc(uint16_t seq, uint32_t roc_to_set) 3715 { 3716 srtp_err_status_t status; 3717 3718 srtp_policy_t sender_policy; 3719 srtp_t sender_session; 3720 3721 srtp_policy_t receiver_policy; 3722 srtp_t receiver_session; 3723 3724 srtp_hdr_t *pkt; 3725 unsigned char *recv_pkt; 3726 3727 uint32_t ts; 3728 3729 int msg_len_octets = 32; 3730 int protected_msg_len_octets; 3731 3732 /* Create sender */ 3733 memset(&sender_policy, 0, sizeof(sender_policy)); 3734 #ifdef GCM 3735 srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtp); 3736 srtp_crypto_policy_set_aes_gcm_128_16_auth(&sender_policy.rtcp); 3737 sender_policy.key = test_key_gcm; 3738 #else 3739 srtp_crypto_policy_set_rtp_default(&sender_policy.rtp); 3740 srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp); 3741 sender_policy.key = test_key; 3742 #endif 3743 sender_policy.ssrc.type = ssrc_specific; 3744 sender_policy.ssrc.value = 0xcafebabe; 3745 sender_policy.window_size = 128; 3746 3747 status = srtp_create(&sender_session, &sender_policy); 3748 if (status) { 3749 return status; 3750 } 3751 3752 /* Set the ROC before encrypting the first packet */ 3753 status = srtp_set_stream_roc(sender_session, sender_policy.ssrc.value, 3754 roc_to_set); 3755 if (status != srtp_err_status_ok) { 3756 return status; 3757 } 3758 3759 /* Create the packet to decrypt */ 3760 ts = 0; 3761 pkt = srtp_create_test_packet_extended(msg_len_octets, 3762 sender_policy.ssrc.value, seq, ts, 3763 &protected_msg_len_octets); 3764 status = srtp_protect(sender_session, pkt, &protected_msg_len_octets); 3765 if (status) { 3766 return status; 3767 } 3768 3769 /* Create the receiver */ 3770 memset(&receiver_policy, 0, sizeof(receiver_policy)); 3771 #ifdef GCM 3772 srtp_crypto_policy_set_aes_gcm_128_16_auth(&receiver_policy.rtp); 3773 srtp_crypto_policy_set_aes_gcm_128_16_auth(&receiver_policy.rtcp); 3774 receiver_policy.key = test_key_gcm; 3775 #else 3776 srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp); 3777 srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp); 3778 receiver_policy.key = test_key; 3779 #endif 3780 receiver_policy.ssrc.type = ssrc_specific; 3781 receiver_policy.ssrc.value = sender_policy.ssrc.value; 3782 receiver_policy.window_size = 128; 3783 3784 status = srtp_create(&receiver_session, &receiver_policy); 3785 if (status) { 3786 return status; 3787 } 3788 3789 /* Make a copy of the sent protected packet */ 3790 recv_pkt = malloc(protected_msg_len_octets); 3791 if (recv_pkt == NULL) { 3792 return srtp_err_status_fail; 3793 } 3794 memcpy(recv_pkt, pkt, protected_msg_len_octets); 3795 3796 /* Set the ROC to the wanted value */ 3797 status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value, 3798 roc_to_set); 3799 if (status) { 3800 return status; 3801 } 3802 3803 status = 3804 srtp_unprotect(receiver_session, recv_pkt, &protected_msg_len_octets); 3805 if (status) { 3806 return status; 3807 } 3808 3809 /* Cleanup */ 3810 status = srtp_dealloc(sender_session); 3811 if (status) { 3812 return status; 3813 } 3814 3815 status = srtp_dealloc(receiver_session); 3816 if (status) { 3817 return status; 3818 } 3819 3820 free(pkt); 3821 free(recv_pkt); 3822 3823 return srtp_err_status_ok; 3824 } 3825 3826 srtp_err_status_t srtp_test_set_receiver_roc(void) 3827 { 3828 int packets; 3829 uint32_t roc; 3830 srtp_err_status_t status; 3831 3832 /* First test does not rollover */ 3833 packets = 1; 3834 roc = 0; 3835 3836 status = test_set_receiver_roc(packets - 1, roc); 3837 if (status) { 3838 return status; 3839 } 3840 3841 status = test_set_receiver_roc(packets, roc); 3842 if (status) { 3843 return status; 3844 } 3845 3846 status = test_set_receiver_roc(packets + 1, roc); 3847 if (status) { 3848 return status; 3849 } 3850 3851 status = test_set_receiver_roc(packets + 60000, roc); 3852 if (status) { 3853 return status; 3854 } 3855 3856 /* Second test should rollover */ 3857 packets = 65535; 3858 roc = 0; 3859 3860 status = test_set_receiver_roc(packets - 1, roc); 3861 if (status) { 3862 return status; 3863 } 3864 3865 status = test_set_receiver_roc(packets, roc); 3866 if (status) { 3867 return status; 3868 } 3869 3870 /* Now the rollover counter should be 1 */ 3871 roc = 1; 3872 status = test_set_receiver_roc(packets + 1, roc); 3873 if (status) { 3874 return status; 3875 } 3876 3877 status = test_set_receiver_roc(packets + 60000, roc); 3878 if (status) { 3879 return status; 3880 } 3881 3882 status = test_set_receiver_roc(packets + 65535, roc); 3883 if (status) { 3884 return status; 3885 } 3886 3887 return srtp_err_status_ok; 3888 } 3889 3890 srtp_err_status_t srtp_test_set_sender_roc(void) 3891 { 3892 uint32_t roc; 3893 uint16_t seq; 3894 srtp_err_status_t status; 3895 3896 seq = 43210; 3897 roc = 0; 3898 status = test_set_sender_roc(seq, roc); 3899 if (status) { 3900 return status; 3901 } 3902 3903 roc = 65535; 3904 status = test_set_sender_roc(seq, roc); 3905 if (status) { 3906 return status; 3907 } 3908 3909 roc = 0xffff; 3910 status = test_set_sender_roc(seq, roc); 3911 if (status) { 3912 return status; 3913 } 3914 3915 roc = 0xffff00; 3916 status = test_set_sender_roc(seq, roc); 3917 if (status) { 3918 return status; 3919 } 3920 3921 roc = 0xfffffff0; 3922 status = test_set_sender_roc(seq, roc); 3923 if (status) { 3924 return status; 3925 } 3926 3927 return srtp_err_status_ok; 3928 } 3929 3930 /* 3931 * srtp policy definitions - these definitions are used above 3932 */ 3933 3934 // clang-format off 3935 unsigned char test_key[46] = { 3936 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, 3937 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, 3938 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, 3939 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73, 3940 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93, 3941 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 3942 }; 3943 3944 unsigned char test_key_2[46] = { 3945 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76, 3946 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29, 3947 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1, 3948 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6, 3949 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93, 3950 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 3951 }; 3952 3953 unsigned char test_key_gcm[28] = { 3954 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 3955 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 3956 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 3957 0xa8, 0xa9, 0xaa, 0xab 3958 }; 3959 3960 unsigned char test_mki_id[TEST_MKI_ID_SIZE] = { 3961 0xe1, 0xf9, 0x7a, 0x0d 3962 }; 3963 3964 unsigned char test_mki_id_2[TEST_MKI_ID_SIZE] = { 3965 0xf3, 0xa1, 0x46, 0x71 3966 }; 3967 // clang-format on 3968 3969 const srtp_policy_t default_policy = { 3970 { ssrc_any_outbound, 0 }, /* SSRC */ 3971 { 3972 /* SRTP policy */ 3973 SRTP_AES_ICM_128, /* cipher type */ 3974 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 3975 SRTP_HMAC_SHA1, /* authentication func type */ 3976 16, /* auth key length in octets */ 3977 10, /* auth tag length in octets */ 3978 sec_serv_conf_and_auth /* security services flag */ 3979 }, 3980 { 3981 /* SRTCP policy */ 3982 SRTP_AES_ICM_128, /* cipher type */ 3983 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 3984 SRTP_HMAC_SHA1, /* authentication func type */ 3985 16, /* auth key length in octets */ 3986 10, /* auth tag length in octets */ 3987 sec_serv_conf_and_auth /* security services flag */ 3988 }, 3989 NULL, 3990 (srtp_master_key_t **)test_keys, 3991 2, /* indicates the number of Master keys */ 3992 NULL, /* indicates that EKT is not in use */ 3993 128, /* replay window size */ 3994 0, /* retransmission not allowed */ 3995 NULL, /* no encrypted extension headers */ 3996 0, /* list of encrypted extension headers is empty */ 3997 NULL 3998 }; 3999 4000 const srtp_policy_t aes_only_policy = { 4001 { ssrc_any_outbound, 0 }, /* SSRC */ 4002 { 4003 SRTP_AES_ICM_128, /* cipher type */ 4004 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 4005 SRTP_NULL_AUTH, /* authentication func type */ 4006 0, /* auth key length in octets */ 4007 0, /* auth tag length in octets */ 4008 sec_serv_conf /* security services flag */ 4009 }, 4010 { 4011 SRTP_AES_ICM_128, /* cipher type */ 4012 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 4013 SRTP_NULL_AUTH, /* authentication func type */ 4014 0, /* auth key length in octets */ 4015 0, /* auth tag length in octets */ 4016 sec_serv_conf /* security services flag */ 4017 }, 4018 NULL, 4019 (srtp_master_key_t **)test_keys, 4020 2, /* indicates the number of Master keys */ 4021 NULL, /* indicates that EKT is not in use */ 4022 128, /* replay window size */ 4023 0, /* retransmission not allowed */ 4024 NULL, /* no encrypted extension headers */ 4025 0, /* list of encrypted extension headers is empty */ 4026 NULL 4027 }; 4028 4029 const srtp_policy_t hmac_only_policy = { 4030 { ssrc_any_outbound, 0 }, /* SSRC */ 4031 { 4032 SRTP_NULL_CIPHER, /* cipher type */ 4033 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 4034 SRTP_HMAC_SHA1, /* authentication func type */ 4035 20, /* auth key length in octets */ 4036 4, /* auth tag length in octets */ 4037 sec_serv_auth /* security services flag */ 4038 }, 4039 { 4040 SRTP_NULL_CIPHER, /* cipher type */ 4041 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 4042 SRTP_HMAC_SHA1, /* authentication func type */ 4043 20, /* auth key length in octets */ 4044 4, /* auth tag length in octets */ 4045 sec_serv_auth /* security services flag */ 4046 }, 4047 NULL, 4048 (srtp_master_key_t **)test_keys, 4049 2, /* Number of Master keys associated with the policy */ 4050 NULL, /* indicates that EKT is not in use */ 4051 128, /* replay window size */ 4052 0, /* retransmission not allowed */ 4053 NULL, /* no encrypted extension headers */ 4054 0, /* list of encrypted extension headers is empty */ 4055 NULL 4056 }; 4057 4058 #ifdef GCM 4059 const srtp_policy_t aes128_gcm_8_policy = { 4060 { ssrc_any_outbound, 0 }, /* SSRC */ 4061 { 4062 /* SRTP policy */ 4063 SRTP_AES_GCM_128, /* cipher type */ 4064 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 4065 SRTP_NULL_AUTH, /* authentication func type */ 4066 0, /* auth key length in octets */ 4067 8, /* auth tag length in octets */ 4068 sec_serv_conf_and_auth /* security services flag */ 4069 }, 4070 { 4071 /* SRTCP policy */ 4072 SRTP_AES_GCM_128, /* cipher type */ 4073 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 4074 SRTP_NULL_AUTH, /* authentication func type */ 4075 0, /* auth key length in octets */ 4076 8, /* auth tag length in octets */ 4077 sec_serv_conf_and_auth /* security services flag */ 4078 }, 4079 NULL, 4080 (srtp_master_key_t **)test_keys, 4081 2, /* indicates the number of Master keys */ 4082 NULL, /* indicates that EKT is not in use */ 4083 128, /* replay window size */ 4084 0, /* retransmission not allowed */ 4085 NULL, /* no encrypted extension headers */ 4086 0, /* list of encrypted extension headers is empty */ 4087 NULL 4088 }; 4089 4090 const srtp_policy_t aes128_gcm_8_cauth_policy = { 4091 { ssrc_any_outbound, 0 }, /* SSRC */ 4092 { 4093 /* SRTP policy */ 4094 SRTP_AES_GCM_128, /* cipher type */ 4095 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 4096 SRTP_NULL_AUTH, /* authentication func type */ 4097 0, /* auth key length in octets */ 4098 8, /* auth tag length in octets */ 4099 sec_serv_conf_and_auth /* security services flag */ 4100 }, 4101 { 4102 /* SRTCP policy */ 4103 SRTP_AES_GCM_128, /* cipher type */ 4104 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 4105 SRTP_NULL_AUTH, /* authentication func type */ 4106 0, /* auth key length in octets */ 4107 8, /* auth tag length in octets */ 4108 sec_serv_auth /* security services flag */ 4109 }, 4110 NULL, 4111 (srtp_master_key_t **)test_keys, 4112 2, /* indicates the number of Master keys */ 4113 NULL, /* indicates that EKT is not in use */ 4114 128, /* replay window size */ 4115 0, /* retransmission not allowed */ 4116 NULL, /* no encrypted extension headers */ 4117 0, /* list of encrypted extension headers is empty */ 4118 NULL 4119 }; 4120 4121 const srtp_policy_t aes256_gcm_8_policy = { 4122 { ssrc_any_outbound, 0 }, /* SSRC */ 4123 { 4124 /* SRTP policy */ 4125 SRTP_AES_GCM_256, /* cipher type */ 4126 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ 4127 SRTP_NULL_AUTH, /* authentication func type */ 4128 0, /* auth key length in octets */ 4129 8, /* auth tag length in octets */ 4130 sec_serv_conf_and_auth /* security services flag */ 4131 }, 4132 { 4133 /* SRTCP policy */ 4134 SRTP_AES_GCM_256, /* cipher type */ 4135 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ 4136 SRTP_NULL_AUTH, /* authentication func type */ 4137 0, /* auth key length in octets */ 4138 8, /* auth tag length in octets */ 4139 sec_serv_conf_and_auth /* security services flag */ 4140 }, 4141 NULL, 4142 (srtp_master_key_t **)test_keys, 4143 2, /* indicates the number of Master keys */ 4144 NULL, /* indicates that EKT is not in use */ 4145 128, /* replay window size */ 4146 0, /* retransmission not allowed */ 4147 NULL, /* no encrypted extension headers */ 4148 0, /* list of encrypted extension headers is empty */ 4149 NULL 4150 }; 4151 4152 const srtp_policy_t aes256_gcm_8_cauth_policy = { 4153 { ssrc_any_outbound, 0 }, /* SSRC */ 4154 { 4155 /* SRTP policy */ 4156 SRTP_AES_GCM_256, /* cipher type */ 4157 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ 4158 SRTP_NULL_AUTH, /* authentication func type */ 4159 0, /* auth key length in octets */ 4160 8, /* auth tag length in octets */ 4161 sec_serv_conf_and_auth /* security services flag */ 4162 }, 4163 { 4164 /* SRTCP policy */ 4165 SRTP_AES_GCM_256, /* cipher type */ 4166 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ 4167 SRTP_NULL_AUTH, /* authentication func type */ 4168 0, /* auth key length in octets */ 4169 8, /* auth tag length in octets */ 4170 sec_serv_auth /* security services flag */ 4171 }, 4172 NULL, 4173 (srtp_master_key_t **)test_keys, 4174 2, /* indicates the number of Master keys */ 4175 NULL, /* indicates that EKT is not in use */ 4176 128, /* replay window size */ 4177 0, /* retransmission not allowed */ 4178 NULL, /* no encrypted extension headers */ 4179 0, /* list of encrypted extension headers is empty */ 4180 NULL 4181 }; 4182 #endif 4183 4184 const srtp_policy_t null_policy = { 4185 { ssrc_any_outbound, 0 }, /* SSRC */ 4186 { 4187 SRTP_NULL_CIPHER, /* cipher type */ 4188 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ 4189 SRTP_NULL_AUTH, /* authentication func type */ 4190 0, /* auth key length in octets */ 4191 0, /* auth tag length in octets */ 4192 sec_serv_none /* security services flag */ 4193 }, 4194 { 4195 SRTP_NULL_CIPHER, /* cipher type */ 4196 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ 4197 SRTP_NULL_AUTH, /* authentication func type */ 4198 0, /* auth key length in octets */ 4199 0, /* auth tag length in octets */ 4200 sec_serv_none /* security services flag */ 4201 }, 4202 NULL, 4203 (srtp_master_key_t **)test_keys, 4204 2, /* indicates the number of Master keys */ 4205 NULL, /* indicates that EKT is not in use */ 4206 128, /* replay window size */ 4207 0, /* retransmission not allowed */ 4208 NULL, /* no encrypted extension headers */ 4209 0, /* list of encrypted extension headers is empty */ 4210 NULL 4211 }; 4212 4213 // clang-format off 4214 unsigned char test_256_key[46] = { 4215 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76, 4216 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29, 4217 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1, 4218 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6, 4219 4220 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9, 4221 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2 4222 }; 4223 4224 unsigned char test_256_key_2[46] = { 4225 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, 4226 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, 4227 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, 4228 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73, 4229 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9, 4230 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2 4231 }; 4232 4233 srtp_master_key_t master_256_key_1 = { 4234 test_256_key, 4235 test_mki_id, 4236 TEST_MKI_ID_SIZE 4237 }; 4238 4239 srtp_master_key_t master_256_key_2 = { 4240 test_256_key_2, 4241 test_mki_id_2, 4242 TEST_MKI_ID_SIZE 4243 }; 4244 4245 srtp_master_key_t *test_256_keys[2] = { 4246 &master_key_1, 4247 &master_key_2 4248 }; 4249 // clang-format on 4250 4251 const srtp_policy_t aes_256_hmac_policy = { 4252 { ssrc_any_outbound, 0 }, /* SSRC */ 4253 { 4254 /* SRTP policy */ 4255 SRTP_AES_ICM_256, /* cipher type */ 4256 SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */ 4257 SRTP_HMAC_SHA1, /* authentication func type */ 4258 20, /* auth key length in octets */ 4259 10, /* auth tag length in octets */ 4260 sec_serv_conf_and_auth /* security services flag */ 4261 }, 4262 { 4263 /* SRTCP policy */ 4264 SRTP_AES_ICM_256, /* cipher type */ 4265 SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */ 4266 SRTP_HMAC_SHA1, /* authentication func type */ 4267 20, /* auth key length in octets */ 4268 10, /* auth tag length in octets */ 4269 sec_serv_conf_and_auth /* security services flag */ 4270 }, 4271 NULL, 4272 (srtp_master_key_t **)test_256_keys, 4273 2, /* indicates the number of Master keys */ 4274 NULL, /* indicates that EKT is not in use */ 4275 128, /* replay window size */ 4276 0, /* retransmission not allowed */ 4277 NULL, /* no encrypted extension headers */ 4278 0, /* list of encrypted extension headers is empty */ 4279 NULL 4280 }; 4281 4282 const srtp_policy_t aes_256_hmac_32_policy = { 4283 { ssrc_any_outbound, 0 }, /* SSRC */ 4284 { 4285 /* SRTP policy */ 4286 SRTP_AES_ICM_256, /* cipher type */ 4287 SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */ 4288 SRTP_HMAC_SHA1, /* authentication func type */ 4289 20, /* auth key length in octets */ 4290 4, /* auth tag length in octets */ 4291 sec_serv_conf_and_auth /* security services flag */ 4292 }, 4293 { 4294 /* SRTCP policy */ 4295 SRTP_AES_ICM_256, /* cipher type */ 4296 SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */ 4297 SRTP_HMAC_SHA1, /* authentication func type */ 4298 20, /* auth key length in octets */ 4299 10, /* auth tag length in octets. 4300 80 bits per RFC 3711. */ 4301 sec_serv_conf_and_auth /* security services flag */ 4302 }, 4303 NULL, 4304 (srtp_master_key_t **)test_256_keys, 4305 2, /* indicates the number of Master keys */ 4306 NULL, /* indicates that EKT is not in use */ 4307 128, /* replay window size */ 4308 0, /* retransmission not allowed */ 4309 NULL, /* no encrypted extension headers */ 4310 0, /* list of encrypted extension headers is empty */ 4311 NULL 4312 }; 4313 4314 char ekt_test_policy = 'x'; 4315 4316 const srtp_policy_t hmac_only_with_ekt_policy = { 4317 { ssrc_any_outbound, 0 }, /* SSRC */ 4318 { 4319 SRTP_NULL_CIPHER, /* cipher type */ 4320 0, /* cipher key length in octets */ 4321 SRTP_HMAC_SHA1, /* authentication func type */ 4322 20, /* auth key length in octets */ 4323 4, /* auth tag length in octets */ 4324 sec_serv_auth /* security services flag */ 4325 }, 4326 { 4327 SRTP_NULL_CIPHER, /* cipher type */ 4328 0, /* cipher key length in octets */ 4329 SRTP_HMAC_SHA1, /* authentication func type */ 4330 20, /* auth key length in octets */ 4331 4, /* auth tag length in octets */ 4332 sec_serv_auth /* security services flag */ 4333 }, 4334 NULL, 4335 (srtp_master_key_t **)test_keys, 4336 2, /* indicates the number of Master keys */ 4337 &ekt_test_policy, /* requests deprecated EKT functionality */ 4338 128, /* replay window size */ 4339 0, /* retransmission not allowed */ 4340 NULL, /* no encrypted extension headers */ 4341 0, /* list of encrypted extension headers is empty */ 4342 NULL 4343 }; 4344 4345 /* 4346 * an array of pointers to the policies listed above 4347 * 4348 * This array is used to test various aspects of libSRTP for 4349 * different cryptographic policies. The order of the elements 4350 * matters - the timing test generates output that can be used 4351 * in a plot (see the gnuplot script file 'timing'). If you 4352 * add to this list, you should do it at the end. 4353 */ 4354 4355 // clang-format off 4356 const srtp_policy_t *policy_array[] = { 4357 &hmac_only_policy, 4358 &aes_only_policy, 4359 &default_policy, 4360 #ifdef GCM 4361 &aes128_gcm_8_policy, 4362 &aes128_gcm_8_cauth_policy, 4363 &aes256_gcm_8_policy, 4364 &aes256_gcm_8_cauth_policy, 4365 #endif 4366 &null_policy, 4367 &aes_256_hmac_policy, 4368 &aes_256_hmac_32_policy, 4369 NULL 4370 }; 4371 // clang-format on 4372 4373 // clang-format off 4374 const srtp_policy_t *invalid_policy_array[] = { 4375 &hmac_only_with_ekt_policy, 4376 NULL 4377 }; 4378 // clang-format on 4379 4380 const srtp_policy_t wildcard_policy = { 4381 { ssrc_any_outbound, 0 }, /* SSRC */ 4382 { 4383 /* SRTP policy */ 4384 SRTP_AES_ICM_128, /* cipher type */ 4385 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 4386 SRTP_HMAC_SHA1, /* authentication func type */ 4387 16, /* auth key length in octets */ 4388 10, /* auth tag length in octets */ 4389 sec_serv_conf_and_auth /* security services flag */ 4390 }, 4391 { 4392 /* SRTCP policy */ 4393 SRTP_AES_ICM_128, /* cipher type */ 4394 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ 4395 SRTP_HMAC_SHA1, /* authentication func type */ 4396 16, /* auth key length in octets */ 4397 10, /* auth tag length in octets */ 4398 sec_serv_conf_and_auth /* security services flag */ 4399 }, 4400 test_key, 4401 NULL, 4402 0, 4403 NULL, 4404 128, /* replay window size */ 4405 0, /* retransmission not allowed */ 4406 NULL, /* no encrypted extension headers */ 4407 0, /* list of encrypted extension headers is empty */ 4408 NULL 4409 }; 4410 4411 static srtp_stream_t stream_list_test_create_stream(uint32_t ssrc) 4412 { 4413 srtp_stream_t stream = malloc(sizeof(srtp_stream_ctx_t)); 4414 stream->ssrc = ssrc; 4415 return stream; 4416 } 4417 4418 static void stream_list_test_free_stream(srtp_stream_t stream) 4419 { 4420 free(stream); 4421 } 4422 4423 int stream_list_test_count_cb(srtp_stream_t stream, void *data) 4424 { 4425 int *count = (int *)data; 4426 (*count)++; 4427 (void)stream; 4428 return 0; 4429 } 4430 4431 struct remove_one_data { 4432 uint32_t ssrc; 4433 srtp_stream_list_t list; 4434 }; 4435 4436 int stream_list_test_remove_one_cb(srtp_stream_t stream, void *data) 4437 { 4438 struct remove_one_data *d = (struct remove_one_data *)data; 4439 if (stream->ssrc == d->ssrc) { 4440 srtp_stream_list_remove(d->list, stream); 4441 stream_list_test_free_stream(stream); 4442 return 1; 4443 } 4444 return 0; 4445 } 4446 4447 int stream_list_test_remove_all_cb(srtp_stream_t stream, void *data) 4448 { 4449 srtp_stream_list_t *list = (srtp_stream_list_t *)data; 4450 srtp_stream_list_remove(*list, stream); 4451 stream_list_test_free_stream(stream); 4452 return 0; 4453 } 4454 4455 srtp_err_status_t srtp_stream_list_test(void) 4456 { 4457 srtp_stream_list_t list; 4458 4459 if (srtp_stream_list_alloc(&list)) { 4460 return srtp_err_status_fail; 4461 } 4462 4463 /* add 4 streams*/ 4464 if (srtp_stream_list_insert(list, stream_list_test_create_stream(1))) { 4465 return srtp_err_status_fail; 4466 } 4467 if (srtp_stream_list_insert(list, stream_list_test_create_stream(2))) { 4468 return srtp_err_status_fail; 4469 } 4470 if (srtp_stream_list_insert(list, stream_list_test_create_stream(3))) { 4471 return srtp_err_status_fail; 4472 } 4473 if (srtp_stream_list_insert(list, stream_list_test_create_stream(4))) { 4474 return srtp_err_status_fail; 4475 } 4476 4477 /* find */ 4478 if (srtp_stream_list_get(list, 3) == NULL) { 4479 return srtp_err_status_fail; 4480 } 4481 if (srtp_stream_list_get(list, 1) == NULL) { 4482 return srtp_err_status_fail; 4483 } 4484 if (srtp_stream_list_get(list, 2) == NULL) { 4485 return srtp_err_status_fail; 4486 } 4487 if (srtp_stream_list_get(list, 4) == NULL) { 4488 return srtp_err_status_fail; 4489 } 4490 4491 /* find not in list */ 4492 if (srtp_stream_list_get(list, 5)) { 4493 return srtp_err_status_fail; 4494 } 4495 4496 /* for each */ 4497 int count = 0; 4498 srtp_stream_list_for_each(list, stream_list_test_count_cb, &count); 4499 if (count != 4) { 4500 return srtp_err_status_fail; 4501 } 4502 4503 /* remove */ 4504 srtp_stream_t stream = srtp_stream_list_get(list, 3); 4505 if (stream == NULL) { 4506 return srtp_err_status_fail; 4507 } 4508 srtp_stream_list_remove(list, stream); 4509 stream_list_test_free_stream(stream); 4510 4511 /* find after remove */ 4512 if (srtp_stream_list_get(list, 3)) { 4513 return srtp_err_status_fail; 4514 } 4515 4516 /* recount */ 4517 count = 0; 4518 srtp_stream_list_for_each(list, stream_list_test_count_cb, &count); 4519 if (count != 3) { 4520 return srtp_err_status_fail; 4521 } 4522 4523 /* remove one in for each */ 4524 struct remove_one_data data = { 2, list }; 4525 srtp_stream_list_for_each(list, stream_list_test_remove_one_cb, &data); 4526 4527 /* find after remove */ 4528 if (srtp_stream_list_get(list, 2)) { 4529 return srtp_err_status_fail; 4530 } 4531 4532 /* recount */ 4533 count = 0; 4534 srtp_stream_list_for_each(list, stream_list_test_count_cb, &count); 4535 if (count != 2) { 4536 return srtp_err_status_fail; 4537 } 4538 4539 /* destroy non empty list */ 4540 if (srtp_stream_list_dealloc(list) == srtp_err_status_ok) { 4541 return srtp_err_status_fail; 4542 } 4543 4544 /* remove all in for each */ 4545 srtp_stream_list_for_each(list, stream_list_test_remove_all_cb, &list); 4546 4547 /* recount */ 4548 count = 0; 4549 srtp_stream_list_for_each(list, stream_list_test_count_cb, &count); 4550 if (count != 0) { 4551 return srtp_err_status_fail; 4552 } 4553 4554 /* destroy empty list */ 4555 if (srtp_stream_list_dealloc(list)) { 4556 return srtp_err_status_fail; 4557 } 4558 4559 return srtp_err_status_ok; 4560 } 4561 4562 #ifdef SRTP_USE_TEST_STREAM_LIST 4563 4564 /* 4565 * A srtp_stream_list_ctx_t implementation using a single linked list 4566 * that does not use the internal next / prev fields. 4567 */ 4568 4569 struct test_list_node { 4570 srtp_stream_t stream; 4571 struct test_list_node *next; 4572 }; 4573 struct srtp_stream_list_ctx_t_ { 4574 struct test_list_node *head; 4575 }; 4576 4577 srtp_err_status_t srtp_stream_list_alloc(srtp_stream_list_t *list_ptr) 4578 { 4579 struct srtp_stream_list_ctx_t_ *l = 4580 malloc(sizeof(struct srtp_stream_list_ctx_t_)); 4581 l->head = NULL; 4582 *list_ptr = l; 4583 return srtp_err_status_ok; 4584 } 4585 4586 srtp_err_status_t srtp_stream_list_dealloc(srtp_stream_list_t list) 4587 { 4588 struct test_list_node *node = list->head; 4589 if (node) { 4590 return srtp_err_status_fail; 4591 } 4592 free(list); 4593 4594 return srtp_err_status_ok; 4595 } 4596 4597 srtp_err_status_t srtp_stream_list_insert(srtp_stream_list_t list, 4598 srtp_stream_t stream) 4599 { 4600 struct test_list_node *node = malloc(sizeof(struct test_list_node)); 4601 node->stream = stream; 4602 node->next = list->head; 4603 list->head = node; 4604 4605 return srtp_err_status_ok; 4606 } 4607 4608 srtp_stream_t srtp_stream_list_get(srtp_stream_list_t list, uint32_t ssrc) 4609 { 4610 struct test_list_node *node = list->head; 4611 while (node != NULL) { 4612 if (node->stream->ssrc == ssrc) 4613 return node->stream; 4614 node = node->next; 4615 } 4616 return NULL; 4617 } 4618 4619 void srtp_stream_list_remove(srtp_stream_list_t list, srtp_stream_t stream) 4620 { 4621 struct test_list_node **node = &(list->head); 4622 while ((*node) != NULL) { 4623 if ((*node)->stream->ssrc == stream->ssrc) { 4624 struct test_list_node *tmp = (*node); 4625 (*node) = tmp->next; 4626 free(tmp); 4627 return; 4628 } 4629 node = &(*node)->next; 4630 } 4631 } 4632 4633 void srtp_stream_list_for_each(srtp_stream_list_t list, 4634 int (*callback)(srtp_stream_t, void *), 4635 void *data) 4636 { 4637 struct test_list_node *node = list->head; 4638 while (node != NULL) { 4639 struct test_list_node *tmp = node; 4640 node = node->next; 4641 if (callback(tmp->stream, data)) 4642 break; 4643 } 4644 } 4645 4646 #endif