1 /*
2  * ekt.c
3  *
4  * Encrypted Key Transport for SRTP
5  *
6  * David McGrew
7  * Cisco Systems, Inc.
8  */
9 /*
10  *
11  * Copyright (c) 2001-2006 Cisco Systems, Inc.
12  * All rights reserved.
13  *
14  * Redistribution and use in source and binary forms, with or without
15  * modification, are permitted provided that the following conditions
16  * are met:
17  *
18  *   Redistributions of source code must retain the above copyright
19  *   notice, this list of conditions and the following disclaimer.
20  *
21  *   Redistributions in binary form must reproduce the above
22  *   copyright notice, this list of conditions and the following
23  *   disclaimer in the documentation and/or other materials provided
24  *   with the distribution.
25  *
26  *   Neither the name of the Cisco Systems, Inc. nor the names of its
27  *   contributors may be used to endorse or promote products derived
28  *   from this software without specific prior written permission.
29  *
30  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41  * OF THE POSSIBILITY OF SUCH DAMAGE.
42  *
43  */
44 
45 
46 #include "err.h"
47 #include "srtp_priv.h"
48 #include "ekt.h"
49 
50 extern debug_module_t mod_srtp;
51 
52 /*
53  *  The EKT Authentication Tag format.
54  *
55  *    0                   1                   2                   3
56  *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
57  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
58  *   :                   Base Authentication Tag                     :
59  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
60  *   :                     Encrypted Master Key                      :
61  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
62  *   |                       Rollover Counter                        |
63  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
64  *   |    Initial Sequence Number    |   Security Parameter Index    |
65  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
66  *
67  */
68 
69 #define EKT_OCTETS_AFTER_BASE_TAG 24
70 #define EKT_OCTETS_AFTER_EMK       8
71 #define EKT_OCTETS_AFTER_ROC       4
72 #define EKT_SPI_LEN                2
73 
74 unsigned
ekt_octets_after_base_tag(ekt_stream_t ekt)75 ekt_octets_after_base_tag(ekt_stream_t ekt) {
76   /*
77    * if the pointer ekt is NULL, then EKT is not in effect, so we
78    * indicate this by returning zero
79    */
80   if (!ekt)
81     return 0;
82 
83   switch(ekt->data->ekt_cipher_type) {
84   case EKT_CIPHER_AES_128_ECB:
85     return 16 + EKT_OCTETS_AFTER_EMK;
86     break;
87   default:
88     break;
89   }
90   return 0;
91 }
92 
93 static inline ekt_spi_t
srtcp_packet_get_ekt_spi(const uint8_t * packet_start,unsigned pkt_octet_len)94 srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) {
95   const uint8_t *spi_location;
96 
97   spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN);
98 
99   return *((const ekt_spi_t *)spi_location);
100 }
101 
102 static inline uint32_t
srtcp_packet_get_ekt_roc(const uint8_t * packet_start,unsigned pkt_octet_len)103 srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) {
104   const uint8_t *roc_location;
105 
106   roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC);
107 
108   return *((const uint32_t *)roc_location);
109 }
110 
111 static inline const uint8_t *
srtcp_packet_get_emk_location(const uint8_t * packet_start,unsigned pkt_octet_len)112 srtcp_packet_get_emk_location(const uint8_t *packet_start,
113 			      unsigned pkt_octet_len) {
114   const uint8_t *location;
115 
116   location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG);
117 
118   return location;
119 }
120 
121 
122 err_status_t
ekt_alloc(ekt_stream_t * stream_data,ekt_policy_t policy)123 ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy) {
124 
125   /*
126    * if the policy pointer is NULL, then EKT is not in use
127    * so we just set the EKT stream data pointer to NULL
128    */
129   if (!policy) {
130     *stream_data = NULL;
131     return err_status_ok;
132   }
133 
134   /* TODO */
135   *stream_data = NULL;
136 
137   return err_status_ok;
138 }
139 
140 err_status_t
ekt_stream_init_from_policy(ekt_stream_t stream_data,ekt_policy_t policy)141 ekt_stream_init_from_policy(ekt_stream_t stream_data, ekt_policy_t policy) {
142   if (!stream_data)
143     return err_status_ok;
144 
145   return err_status_ok;
146 }
147 
148 
149 void
aes_decrypt_with_raw_key(void * ciphertext,const void * key)150 aes_decrypt_with_raw_key(void *ciphertext, const void *key) {
151   aes_expanded_key_t expanded_key;
152 
153   aes_expand_decryption_key(key, expanded_key);
154   aes_decrypt(ciphertext, expanded_key);
155 }
156 
157 /*
158  * The function srtp_stream_init_from_ekt() initializes a stream using
159  * the EKT data from an SRTCP trailer.
160  */
161 
162 err_status_t
srtp_stream_init_from_ekt(srtp_stream_t stream,const void * srtcp_hdr,unsigned pkt_octet_len)163 srtp_stream_init_from_ekt(srtp_stream_t stream,
164 			  const void *srtcp_hdr,
165 			  unsigned pkt_octet_len) {
166   err_status_t err;
167   const uint8_t *master_key;
168   srtp_policy_t srtp_policy;
169   unsigned master_key_len;
170   uint32_t roc;
171 
172   /*
173    * NOTE: at present, we only support a single ekt_policy at a time.
174    */
175   if (stream->ekt->data->spi !=
176       srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len))
177     return err_status_no_ctx;
178 
179   if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB)
180     return err_status_bad_param;
181   master_key_len = 16;
182 
183   /* decrypt the Encrypted Master Key field */
184   master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len);
185   aes_decrypt_with_raw_key((void*)master_key, stream->ekt->data->ekt_dec_key);
186 
187   /* set the SRTP ROC */
188   roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len);
189   err = rdbx_set_roc(&stream->rtp_rdbx, roc);
190   if (err) return err;
191 
192   err = srtp_stream_init(stream, &srtp_policy);
193   if (err) return err;
194 
195   return err_status_ok;
196 }
197 
198 void
ekt_write_data(ekt_stream_t ekt,void * base_tag,unsigned base_tag_len,int * packet_len,xtd_seq_num_t pkt_index)199 ekt_write_data(ekt_stream_t ekt,
200 	       void *base_tag,
201 	       unsigned base_tag_len,
202 	       int *packet_len,
203 	       xtd_seq_num_t pkt_index) {
204   uint32_t roc;
205   uint16_t isn;
206   unsigned emk_len;
207   uint8_t *packet;
208 
209   /* if the pointer ekt is NULL, then EKT is not in effect */
210   if (!ekt) {
211     debug_print(mod_srtp, "EKT not in use", NULL);
212     return;
213   }
214 
215   /* write zeros into the location of the base tag */
216   octet_string_set_to_zero(base_tag, base_tag_len);
217   packet = (uint8_t*)base_tag + base_tag_len;
218 
219   /* copy encrypted master key into packet */
220   emk_len = ekt_octets_after_base_tag(ekt);
221   memcpy(packet, ekt->encrypted_master_key, emk_len);
222   debug_print(mod_srtp, "writing EKT EMK: %s,",
223 	      octet_string_hex_string(packet, emk_len));
224   packet += emk_len;
225 
226   /* copy ROC into packet */
227   roc = (uint32_t)(pkt_index >> 16);
228   *((uint32_t *)packet) = be32_to_cpu(roc);
229   debug_print(mod_srtp, "writing EKT ROC: %s,",
230 	      octet_string_hex_string(packet, sizeof(roc)));
231   packet += sizeof(roc);
232 
233   /* copy ISN into packet */
234   isn = (uint16_t)pkt_index;
235   *((uint16_t *)packet) = htons(isn);
236   debug_print(mod_srtp, "writing EKT ISN: %s,",
237 	      octet_string_hex_string(packet, sizeof(isn)));
238   packet += sizeof(isn);
239 
240   /* copy SPI into packet */
241   *((uint16_t *)packet) = htons(ekt->data->spi);
242   debug_print(mod_srtp, "writing EKT SPI: %s,",
243 	      octet_string_hex_string(packet, sizeof(ekt->data->spi)));
244 
245   /* increase packet length appropriately */
246   *packet_len += EKT_OCTETS_AFTER_EMK + emk_len;
247 }
248 
249 
250 /*
251  * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag   )
252  *
253  * If the pointer ekt is NULL, then the other inputs are unaffected.
254  *
255  * auth_tag is a pointer to the pointer to the location of the
256  * authentication tag in the packet.  If EKT is in effect, then the
257  * auth_tag pointer is set to the location
258  */
259 
260 void
srtcp_ekt_trailer(ekt_stream_t ekt,unsigned * auth_len,void ** auth_tag,void * tag_copy)261 srtcp_ekt_trailer(ekt_stream_t ekt,
262 		  unsigned *auth_len,
263 		  void **auth_tag,
264 		  void *tag_copy) {
265 
266   /*
267    * if there is no EKT policy, then the other inputs are unaffected
268    */
269   if (!ekt)
270     return;
271 
272   /* copy auth_tag into temporary location */
273 
274 }
275 
276