diff --git a/srtp/srtp.c b/srtp/srtp.c index 686b8cfc7..b0df1bee0 100644 --- a/srtp/srtp.c +++ b/srtp/srtp.c @@ -1744,10 +1744,11 @@ static void srtp_calc_aead_iv(srtp_session_keys_t *session_keys, v128_xor(iv, &in, &salt); } -srtp_err_status_t srtp_get_session_keys_for_packet( +static srtp_err_status_t srtp_get_session_keys_for_packet( srtp_stream_ctx_t *stream, const uint8_t *hdr, size_t pkt_octet_len, + size_t tag_len, srtp_session_keys_t **session_keys) { if (!stream->use_mki) { @@ -1756,15 +1757,6 @@ srtp_err_status_t srtp_get_session_keys_for_packet( } size_t mki_start_location = pkt_octet_len; - size_t tag_len = 0; - - // Determine the authentication tag size - if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 || - stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) { - tag_len = 0; - } else { - tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth); - } if (tag_len > mki_start_location) { return srtp_err_status_bad_mki; @@ -1789,6 +1781,46 @@ srtp_err_status_t srtp_get_session_keys_for_packet( return srtp_err_status_bad_mki; } +static srtp_err_status_t srtp_get_session_keys_for_rtp_packet( + srtp_stream_ctx_t *stream, + const uint8_t *hdr, + size_t pkt_octet_len, + srtp_session_keys_t **session_keys) +{ + size_t tag_len = 0; + + // Determine the authentication tag size + if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 || + stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) { + tag_len = 0; + } else { + tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth); + } + + return srtp_get_session_keys_for_packet(stream, hdr, pkt_octet_len, tag_len, + session_keys); +} + +static srtp_err_status_t srtp_get_session_keys_for_rtcp_packet( + srtp_stream_ctx_t *stream, + const uint8_t *hdr, + size_t pkt_octet_len, + srtp_session_keys_t **session_keys) +{ + size_t tag_len = 0; + + // Determine the authentication tag size + if (stream->session_keys[0].rtcp_cipher->algorithm == SRTP_AES_GCM_128 || + stream->session_keys[0].rtcp_cipher->algorithm == SRTP_AES_GCM_256) { + tag_len = 0; + } else { + tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtcp_auth); + } + + return srtp_get_session_keys_for_packet(stream, hdr, pkt_octet_len, tag_len, + session_keys); +} + static srtp_err_status_t srtp_estimate_index(srtp_rdbx_t *rdbx, uint32_t roc, srtp_xtd_seq_num_t *est, @@ -2590,8 +2622,8 @@ srtp_err_status_t srtp_unprotect(srtp_t ctx, debug_print(mod_srtp, "estimated u_packet index: %016" PRIx64, est); /* Determine if MKI is being used and what session keys should be used */ - status = - srtp_get_session_keys_for_packet(stream, srtp, srtp_len, &session_keys); + status = srtp_get_session_keys_for_rtp_packet(stream, srtp, srtp_len, + &session_keys); if (status) { return status; } @@ -4267,8 +4299,8 @@ srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, /* * Determine if MKI is being used and what session keys should be used */ - status = srtp_get_session_keys_for_packet(stream, srtcp, srtcp_len, - &session_keys); + status = srtp_get_session_keys_for_rtcp_packet(stream, srtcp, srtcp_len, + &session_keys); if (status) { return status; } diff --git a/test/srtp_driver.c b/test/srtp_driver.c index 8012c0bf7..b486c9845 100644 --- a/test/srtp_driver.c +++ b/test/srtp_driver.c @@ -5122,7 +5122,40 @@ const srtp_policy_t aes_256_hmac_policy = { true, /* no mki */ TEST_MKI_ID_SIZE, /* mki size */ 128, /* replay window size */ - 0, /* retransmission not allowed */ + false, /* retransmission not allowed */ + NULL, /* no encrypted extension headers */ + 0, /* list of encrypted extension headers is empty */ + NULL +}; + +const srtp_policy_t aes_256_hmac_32_policy = { + { ssrc_any_outbound, 0 }, /* SSRC */ + { + /* SRTP policy */ + SRTP_AES_ICM_256, /* cipher type */ + SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */ + SRTP_HMAC_SHA1, /* authentication func type */ + 20, /* auth key length in octets */ + 4, /* auth tag length in octets */ + sec_serv_conf_and_auth /* security services flag */ + }, + { + /* SRTCP policy */ + SRTP_AES_ICM_256, /* cipher type */ + SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */ + SRTP_HMAC_SHA1, /* authentication func type */ + 20, /* auth key length in octets */ + 10, /* auth tag length in octets. + 80 bits per RFC 3711. */ + sec_serv_conf_and_auth /* security services flag */ + }, + NULL, + (srtp_master_key_t **)test_256_keys, + 2, /* indicates the number of Master keys */ + true, /* no mki */ + TEST_MKI_ID_SIZE, /* mki size */ + 128, /* replay window size */ + false, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL @@ -5181,6 +5214,7 @@ const srtp_policy_t *policy_array[] = { #endif &null_policy, &aes_256_hmac_policy, + &aes_256_hmac_32_policy, NULL }; // clang-format on