1 /*
2 * srtp_driver.c
3 *
4 * a test driver for libSRTP
5 *
6 * David A. McGrew
7 * Cisco Systems, Inc.
8 */
9 /*
10 *
11 * Copyright (c) 2001-2006, Cisco Systems, Inc.
12 * All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 *
18 * Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 *
21 * Redistributions in binary form must reproduce the above
22 * copyright notice, this list of conditions and the following
23 * disclaimer in the documentation and/or other materials provided
24 * with the distribution.
25 *
26 * Neither the name of the Cisco Systems, Inc. nor the names of its
27 * contributors may be used to endorse or promote products derived
28 * from this software without specific prior written permission.
29 *
30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41 * OF THE POSSIBILITY OF SUCH DAMAGE.
42 *
43 */
44
45
46 #include <string.h> /* for memcpy() */
47 #include <time.h> /* for clock() */
48 #include <stdlib.h> /* for malloc(), free() */
49 #include <stdio.h> /* for print(), fflush() */
50 #include "getopt_s.h" /* for local getopt() */
51
52 #include "srtp_priv.h"
53
54 #ifdef HAVE_NETINET_IN_H
55 # include <netinet/in.h>
56 #elif defined HAVE_WINSOCK2_H
57 # include <winsock2.h>
58 #endif
59
60 #define PRINT_REFERENCE_PACKET 1
61
62 err_status_t
63 srtp_validate(void);
64
65 err_status_t
66 srtp_create_big_policy(srtp_policy_t **list);
67
68 err_status_t
69 srtp_test_remove_stream(void);
70
71 double
72 srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy);
73
74 double
75 srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy);
76
77 void
78 srtp_do_timing(const srtp_policy_t *policy);
79
80 void
81 srtp_do_rejection_timing(const srtp_policy_t *policy);
82
83 err_status_t
84 srtp_test(const srtp_policy_t *policy);
85
86 err_status_t
87 srtcp_test(const srtp_policy_t *policy);
88
89 err_status_t
90 srtp_session_print_policy(srtp_t srtp);
91
92 err_status_t
93 srtp_print_policy(const srtp_policy_t *policy);
94
95 char *
96 srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len);
97
98 double
99 mips_estimate(int num_trials, int *ignore);
100
101 extern uint8_t test_key[30];
102
103 void
usage(char * prog_name)104 usage(char *prog_name) {
105 printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n"
106 " -t run timing test\n"
107 " -r run rejection timing test\n"
108 " -c run codec timing test\n"
109 " -v run validation tests\n"
110 " -d <mod> turn on debugging module <mod>\n"
111 " -l list debugging modules\n", prog_name);
112 exit(1);
113 }
114
115 /*
116 * The policy_array is a null-terminated array of policy structs. it
117 * is declared at the end of this file
118 */
119
120 extern const srtp_policy_t *policy_array[];
121
122
123 /* the wildcard_policy is declared below; it has a wildcard ssrc */
124
125 extern const srtp_policy_t wildcard_policy;
126
127 /*
128 * mod_driver debug module - debugging module for this test driver
129 *
130 * we use the crypto_kernel debugging system in this driver, which
131 * makes the interface uniform and increases portability
132 */
133
134 debug_module_t mod_driver = {
135 0, /* debugging is off by default */
136 "driver" /* printable name for module */
137 };
138
139 int
main(int argc,char * argv[])140 main (int argc, char *argv[]) {
141 int q;
142 unsigned do_timing_test = 0;
143 unsigned do_rejection_test = 0;
144 unsigned do_codec_timing = 0;
145 unsigned do_validation = 0;
146 unsigned do_list_mods = 0;
147 err_status_t status;
148
149 /*
150 * verify that the compiler has interpreted the header data
151 * structure srtp_hdr_t correctly
152 */
153 if (sizeof(srtp_hdr_t) != 12) {
154 printf("error: srtp_hdr_t has incorrect size"
155 "(size is %ld bytes, expected 12)\n",
156 (long)sizeof(srtp_hdr_t));
157 exit(1);
158 }
159
160 /* initialize srtp library */
161 status = srtp_init();
162 if (status) {
163 printf("error: srtp init failed with error code %d\n", status);
164 exit(1);
165 }
166
167 /* load srtp_driver debug module */
168 status = crypto_kernel_load_debug_module(&mod_driver);
169 if (status) {
170 printf("error: load of srtp_driver debug module failed "
171 "with error code %d\n", status);
172 exit(1);
173 }
174
175 /* process input arguments */
176 while (1) {
177 q = getopt_s(argc, argv, "trcvld:");
178 if (q == -1)
179 break;
180 switch (q) {
181 case 't':
182 do_timing_test = 1;
183 break;
184 case 'r':
185 do_rejection_test = 1;
186 break;
187 case 'c':
188 do_codec_timing = 1;
189 break;
190 case 'v':
191 do_validation = 1;
192 break;
193 case 'l':
194 do_list_mods = 1;
195 break;
196 case 'd':
197 status = crypto_kernel_set_debug_module(optarg_s, 1);
198 if (status) {
199 printf("error: set debug module (%s) failed\n", optarg_s);
200 exit(1);
201 }
202 break;
203 default:
204 usage(argv[0]);
205 }
206 }
207
208 if (!do_validation && !do_timing_test && !do_codec_timing
209 && !do_list_mods && !do_rejection_test)
210 usage(argv[0]);
211
212 if (do_list_mods) {
213 status = crypto_kernel_list_debug_modules();
214 if (status) {
215 printf("error: list of debug modules failed\n");
216 exit(1);
217 }
218 }
219
220 if (do_validation) {
221 const srtp_policy_t **policy = policy_array;
222 srtp_policy_t *big_policy;
223
224 /* loop over policy array, testing srtp and srtcp for each policy */
225 while (*policy != NULL) {
226 printf("testing srtp_protect and srtp_unprotect\n");
227 if (srtp_test(*policy) == err_status_ok)
228 printf("passed\n\n");
229 else {
230 printf("failed\n");
231 exit(1);
232 }
233 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
234 if (srtcp_test(*policy) == err_status_ok)
235 printf("passed\n\n");
236 else {
237 printf("failed\n");
238 exit(1);
239 }
240 policy++;
241 }
242
243 /* create a big policy list and run tests on it */
244 status = srtp_create_big_policy(&big_policy);
245 if (status) {
246 printf("unexpected failure with error code %d\n", status);
247 exit(1);
248 }
249 printf("testing srtp_protect and srtp_unprotect with big policy\n");
250 if (srtp_test(big_policy) == err_status_ok)
251 printf("passed\n\n");
252 else {
253 printf("failed\n");
254 exit(1);
255 }
256
257 /* run test on wildcard policy */
258 printf("testing srtp_protect and srtp_unprotect on "
259 "wildcard ssrc policy\n");
260 if (srtp_test(&wildcard_policy) == err_status_ok)
261 printf("passed\n\n");
262 else {
263 printf("failed\n");
264 exit(1);
265 }
266
267 /*
268 * run validation test against the reference packets - note
269 * that this test only covers the default policy
270 */
271 printf("testing srtp_protect and srtp_unprotect against "
272 "reference packets\n");
273 if (srtp_validate() == err_status_ok)
274 printf("passed\n\n");
275 else {
276 printf("failed\n");
277 exit(1);
278 }
279
280 /*
281 * test the function srtp_remove_stream()
282 */
283 printf("testing srtp_remove_stream()...");
284 if (srtp_test_remove_stream() == err_status_ok)
285 printf("passed\n");
286 else {
287 printf("failed\n");
288 exit(1);
289 }
290 }
291
292 if (do_timing_test) {
293 const srtp_policy_t **policy = policy_array;
294
295 /* loop over policies, run timing test for each */
296 while (*policy != NULL) {
297 srtp_print_policy(*policy);
298 srtp_do_timing(*policy);
299 policy++;
300 }
301 }
302
303 if (do_rejection_test) {
304 const srtp_policy_t **policy = policy_array;
305
306 /* loop over policies, run rejection timing test for each */
307 while (*policy != NULL) {
308 srtp_print_policy(*policy);
309 srtp_do_rejection_timing(*policy);
310 policy++;
311 }
312 }
313
314 if (do_codec_timing) {
315 srtp_policy_t policy;
316 int ignore;
317 double mips = mips_estimate(1000000000, &ignore);
318
319 crypto_policy_set_rtp_default(&policy.rtp);
320 crypto_policy_set_rtcp_default(&policy.rtcp);
321 policy.ssrc.type = ssrc_specific;
322 policy.ssrc.value = 0xdecafbad;
323 policy.key = test_key;
324 policy.ekt = NULL;
325 policy.window_size = 128;
326 policy.allow_repeat_tx = 0;
327 policy.next = NULL;
328
329 printf("mips estimate: %e\n", mips);
330
331 printf("testing srtp processing time for voice codecs:\n");
332 printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
333 printf("G.711\t\t%d\t\t\t%e\n", 80,
334 (double) mips * (80 * 8) /
335 srtp_bits_per_second(80, &policy) / .01 );
336 printf("G.711\t\t%d\t\t\t%e\n", 160,
337 (double) mips * (160 * 8) /
338 srtp_bits_per_second(160, &policy) / .02);
339 printf("G.726-32\t%d\t\t\t%e\n", 40,
340 (double) mips * (40 * 8) /
341 srtp_bits_per_second(40, &policy) / .01 );
342 printf("G.726-32\t%d\t\t\t%e\n", 80,
343 (double) mips * (80 * 8) /
344 srtp_bits_per_second(80, &policy) / .02);
345 printf("G.729\t\t%d\t\t\t%e\n", 10,
346 (double) mips * (10 * 8) /
347 srtp_bits_per_second(10, &policy) / .01 );
348 printf("G.729\t\t%d\t\t\t%e\n", 20,
349 (double) mips * (20 * 8) /
350 srtp_bits_per_second(20, &policy) / .02 );
351 printf("Wideband\t%d\t\t\t%e\n", 320,
352 (double) mips * (320 * 8) /
353 srtp_bits_per_second(320, &policy) / .01 );
354 printf("Wideband\t%d\t\t\t%e\n", 640,
355 (double) mips * (640 * 8) /
356 srtp_bits_per_second(640, &policy) / .02 );
357 }
358
359 return 0;
360 }
361
362
363
364 /*
365 * srtp_create_test_packet(len, ssrc) returns a pointer to a
366 * (malloced) example RTP packet whose data field has the length given
367 * by pkt_octet_len and the SSRC value ssrc. The total length of the
368 * packet is twelve octets longer, since the header is at the
369 * beginning. There is room at the end of the packet for a trailer,
370 * and the four octets following the packet are filled with 0xff
371 * values to enable testing for overwrites.
372 *
373 * note that the location of the test packet can (and should) be
374 * deallocated with the free() call once it is no longer needed.
375 */
376
377 srtp_hdr_t *
srtp_create_test_packet(int pkt_octet_len,uint32_t ssrc)378 srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) {
379 int i;
380 uint8_t *buffer;
381 srtp_hdr_t *hdr;
382 int bytes_in_hdr = 12;
383
384 /* allocate memory for test packet */
385 hdr = (srtp_hdr_t*) malloc(pkt_octet_len + bytes_in_hdr
386 + SRTP_MAX_TRAILER_LEN + 4);
387 if (!hdr)
388 return NULL;
389
390 hdr->version = 2; /* RTP version two */
391 hdr->p = 0; /* no padding needed */
392 hdr->x = 0; /* no header extension */
393 hdr->cc = 0; /* no CSRCs */
394 hdr->m = 0; /* marker bit */
395 hdr->pt = 0xf; /* payload type */
396 hdr->seq = htons(0x1234); /* sequence number */
397 hdr->ts = htonl(0xdecafbad); /* timestamp */
398 hdr->ssrc = htonl(ssrc); /* synch. source */
399
400 buffer = (uint8_t *)hdr;
401 buffer += bytes_in_hdr;
402
403 /* set RTP data to 0xab */
404 for (i=0; i < pkt_octet_len; i++)
405 *buffer++ = 0xab;
406
407 /* set post-data value to 0xffff to enable overrun checking */
408 for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++)
409 *buffer++ = 0xff;
410
411 return hdr;
412 }
413
414 void
srtp_do_timing(const srtp_policy_t * policy)415 srtp_do_timing(const srtp_policy_t *policy) {
416 int len;
417
418 /*
419 * note: the output of this function is formatted so that it
420 * can be used in gnuplot. '#' indicates a comment, and "\r\n"
421 * terminates a record
422 */
423
424 printf("# testing srtp throughput:\r\n");
425 printf("# mesg length (octets)\tthroughput (megabits per second)\r\n");
426
427 for (len=16; len <= 2048; len *= 2)
428 printf("%d\t\t\t%f\r\n", len,
429 srtp_bits_per_second(len, policy) / 1.0E6);
430
431 /* these extra linefeeds let gnuplot know that a dataset is done */
432 printf("\r\n\r\n");
433
434 }
435
436 void
srtp_do_rejection_timing(const srtp_policy_t * policy)437 srtp_do_rejection_timing(const srtp_policy_t *policy) {
438 int len;
439
440 /*
441 * note: the output of this function is formatted so that it
442 * can be used in gnuplot. '#' indicates a comment, and "\r\n"
443 * terminates a record
444 */
445
446 printf("# testing srtp rejection throughput:\r\n");
447 printf("# mesg length (octets)\trejections per second\r\n");
448
449 for (len=8; len <= 2048; len *= 2)
450 printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy));
451
452 /* these extra linefeeds let gnuplot know that a dataset is done */
453 printf("\r\n\r\n");
454
455 }
456
457
458 #define MAX_MSG_LEN 1024
459
460 double
srtp_bits_per_second(int msg_len_octets,const srtp_policy_t * policy)461 srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) {
462 srtp_t srtp;
463 srtp_hdr_t *mesg;
464 int i;
465 clock_t timer;
466 int num_trials = 100000;
467 int len;
468 uint32_t ssrc;
469 err_status_t status;
470
471 /*
472 * allocate and initialize an srtp session
473 */
474 status = srtp_create(&srtp, policy);
475 if (status) {
476 printf("error: srtp_create() failed with error code %d\n", status);
477 exit(1);
478 }
479
480 /*
481 * if the ssrc is unspecified, use a predetermined one
482 */
483 if (policy->ssrc.type != ssrc_specific) {
484 ssrc = 0xdeadbeef;
485 } else {
486 ssrc = policy->ssrc.value;
487 }
488
489 /*
490 * create a test packet
491 */
492 mesg = srtp_create_test_packet(msg_len_octets, ssrc);
493 if (mesg == NULL)
494 return 0.0; /* indicate failure by returning zero */
495
496 timer = clock();
497 for (i=0; i < num_trials; i++) {
498 err_status_t status;
499 len = msg_len_octets + 12; /* add in rtp header length */
500
501 /* srtp protect message */
502 status = srtp_protect(srtp, mesg, &len);
503 if (status) {
504 printf("error: srtp_protect() failed with error code %d\n", status);
505 exit(1);
506 }
507
508 /* increment message number */
509 mesg->seq = htons(ntohs(mesg->seq) + 1);
510
511 }
512 timer = clock() - timer;
513
514 free(mesg);
515
516 return (double) (msg_len_octets) * 8 *
517 num_trials * CLOCKS_PER_SEC / timer;
518 }
519
520 double
srtp_rejections_per_second(int msg_len_octets,const srtp_policy_t * policy)521 srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy) {
522 srtp_ctx_t *srtp;
523 srtp_hdr_t *mesg;
524 int i;
525 int len;
526 clock_t timer;
527 int num_trials = 1000000;
528 uint32_t ssrc = policy->ssrc.value;
529 err_status_t status;
530
531 /*
532 * allocate and initialize an srtp session
533 */
534 status = srtp_create(&srtp, policy);
535 if (status) {
536 printf("error: srtp_create() failed with error code %d\n", status);
537 exit(1);
538 }
539
540 mesg = srtp_create_test_packet(msg_len_octets, ssrc);
541 if (mesg == NULL)
542 return 0.0; /* indicate failure by returning zero */
543
544 len = msg_len_octets;
545 srtp_protect(srtp, (srtp_hdr_t *)mesg, &len);
546
547 timer = clock();
548 for (i=0; i < num_trials; i++) {
549 len = msg_len_octets;
550 srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len);
551 }
552 timer = clock() - timer;
553
554 free(mesg);
555
556 return (double) num_trials * CLOCKS_PER_SEC / timer;
557 }
558
559
560 void
err_check(err_status_t s)561 err_check(err_status_t s) {
562 if (s == err_status_ok)
563 return;
564 else
565 fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
566 exit (1);
567 }
568
569 err_status_t
srtp_test(const srtp_policy_t * policy)570 srtp_test(const srtp_policy_t *policy) {
571 int i;
572 srtp_t srtp_sender;
573 srtp_t srtp_rcvr;
574 err_status_t status = err_status_ok;
575 srtp_hdr_t *hdr, *hdr2;
576 uint8_t hdr_enc[64];
577 uint8_t *pkt_end;
578 int msg_len_octets, msg_len_enc;
579 int len;
580 int tag_length = policy->rtp.auth_tag_len;
581 uint32_t ssrc;
582 srtp_policy_t *rcvr_policy;
583
584 err_check(srtp_create(&srtp_sender, policy));
585
586 /* print out policy */
587 err_check(srtp_session_print_policy(srtp_sender));
588
589 /*
590 * initialize data buffer, using the ssrc in the policy unless that
591 * value is a wildcard, in which case we'll just use an arbitrary
592 * one
593 */
594 if (policy->ssrc.type != ssrc_specific)
595 ssrc = 0xdecafbad;
596 else
597 ssrc = policy->ssrc.value;
598 msg_len_octets = 28;
599 hdr = srtp_create_test_packet(msg_len_octets, ssrc);
600
601 if (hdr == NULL)
602 return err_status_alloc_fail;
603 hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
604 if (hdr2 == NULL) {
605 free(hdr);
606 return err_status_alloc_fail;
607 }
608
609 /* set message length */
610 len = msg_len_octets;
611
612 debug_print(mod_driver, "before protection:\n%s",
613 srtp_packet_to_string(hdr, len));
614
615 #if PRINT_REFERENCE_PACKET
616 debug_print(mod_driver, "reference packet before protection:\n%s",
617 octet_string_hex_string((uint8_t *)hdr, len));
618 #endif
619 err_check(srtp_protect(srtp_sender, hdr, &len));
620
621 debug_print(mod_driver, "after protection:\n%s",
622 srtp_packet_to_string(hdr, len));
623 #if PRINT_REFERENCE_PACKET
624 debug_print(mod_driver, "after protection:\n%s",
625 octet_string_hex_string((uint8_t *)hdr, len));
626 #endif
627
628 /* save protected message and length */
629 memcpy(hdr_enc, hdr, len);
630 msg_len_enc = len;
631
632 /*
633 * check for overrun of the srtp_protect() function
634 *
635 * The packet is followed by a value of 0xfffff; if the value of the
636 * data following the packet is different, then we know that the
637 * protect function is overwriting the end of the packet.
638 */
639 pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t)
640 + msg_len_octets + tag_length;
641 for (i = 0; i < 4; i++)
642 if (pkt_end[i] != 0xff) {
643 fprintf(stdout, "overwrite in srtp_protect() function "
644 "(expected %x, found %x in trailing octet %d)\n",
645 0xff, ((uint8_t *)hdr)[i], i);
646 free(hdr);
647 free(hdr2);
648 return err_status_algo_fail;
649 }
650
651 /*
652 * if the policy includes confidentiality, check that ciphertext is
653 * different than plaintext
654 *
655 * Note that this check will give false negatives, with some small
656 * probability, especially if the packets are short. For that
657 * reason, we skip this check if the plaintext is less than four
658 * octets long.
659 */
660 if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
661 printf("testing that ciphertext is distinct from plaintext...");
662 status = err_status_algo_fail;
663 for (i=12; i < msg_len_octets+12; i++)
664 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
665 status = err_status_ok;
666 }
667 if (status) {
668 printf("failed\n");
669 free(hdr);
670 free(hdr2);
671 return status;
672 }
673 printf("passed\n");
674 }
675
676 /*
677 * if the policy uses a 'wildcard' ssrc, then we need to make a copy
678 * of the policy that changes the direction to inbound
679 *
680 * we always copy the policy into the rcvr_policy, since otherwise
681 * the compiler would fret about the constness of the policy
682 */
683 rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
684 if (rcvr_policy == NULL)
685 return err_status_alloc_fail;
686 memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
687 if (policy->ssrc.type == ssrc_any_outbound) {
688 rcvr_policy->ssrc.type = ssrc_any_inbound;
689 }
690
691 err_check(srtp_create(&srtp_rcvr, rcvr_policy));
692
693 err_check(srtp_unprotect(srtp_rcvr, hdr, &len));
694
695 debug_print(mod_driver, "after unprotection:\n%s",
696 srtp_packet_to_string(hdr, len));
697
698 /* verify that the unprotected packet matches the origial one */
699 for (i=0; i < msg_len_octets; i++)
700 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
701 fprintf(stdout, "mismatch at octet %d\n", i);
702 status = err_status_algo_fail;
703 }
704 if (status) {
705 free(hdr);
706 free(hdr2);
707 return status;
708 }
709
710 /*
711 * if the policy includes authentication, then test for false positives
712 */
713 if (policy->rtp.sec_serv & sec_serv_auth) {
714 char *data = ((char *)hdr) + 12;
715
716 printf("testing for false positives in replay check...");
717
718 /* set message length */
719 len = msg_len_enc;
720
721 /* unprotect a second time - should fail with a replay error */
722 status = srtp_unprotect(srtp_rcvr, hdr_enc, &len);
723 if (status != err_status_replay_fail) {
724 printf("failed with error code %d\n", status);
725 free(hdr);
726 free(hdr2);
727 return status;
728 } else {
729 printf("passed\n");
730 }
731
732 printf("testing for false positives in auth check...");
733
734 /* increment sequence number in header */
735 hdr->seq++;
736
737 /* set message length */
738 len = msg_len_octets;
739
740 /* apply protection */
741 err_check(srtp_protect(srtp_sender, hdr, &len));
742
743 /* flip bits in packet */
744 data[0] ^= 0xff;
745
746 /* unprotect, and check for authentication failure */
747 status = srtp_unprotect(srtp_rcvr, hdr, &len);
748 if (status != err_status_auth_fail) {
749 printf("failed\n");
750 free(hdr);
751 free(hdr2);
752 return status;
753 } else {
754 printf("passed\n");
755 }
756
757 }
758
759 err_check(srtp_dealloc(srtp_sender));
760 err_check(srtp_dealloc(srtp_rcvr));
761
762 free(hdr);
763 free(hdr2);
764 return err_status_ok;
765 }
766
767
768 err_status_t
srtcp_test(const srtp_policy_t * policy)769 srtcp_test(const srtp_policy_t *policy) {
770 int i;
771 srtp_t srtcp_sender;
772 srtp_t srtcp_rcvr;
773 err_status_t status = err_status_ok;
774 srtp_hdr_t *hdr, *hdr2;
775 uint8_t hdr_enc[64];
776 uint8_t *pkt_end;
777 int msg_len_octets, msg_len_enc;
778 int len;
779 int tag_length = policy->rtp.auth_tag_len;
780 uint32_t ssrc;
781 srtp_policy_t *rcvr_policy;
782
783 err_check(srtp_create(&srtcp_sender, policy));
784
785 /* print out policy */
786 err_check(srtp_session_print_policy(srtcp_sender));
787
788 /*
789 * initialize data buffer, using the ssrc in the policy unless that
790 * value is a wildcard, in which case we'll just use an arbitrary
791 * one
792 */
793 if (policy->ssrc.type != ssrc_specific)
794 ssrc = 0xdecafbad;
795 else
796 ssrc = policy->ssrc.value;
797 msg_len_octets = 28;
798 hdr = srtp_create_test_packet(msg_len_octets, ssrc);
799
800 if (hdr == NULL)
801 return err_status_alloc_fail;
802 hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
803 if (hdr2 == NULL) {
804 free(hdr);
805 return err_status_alloc_fail;
806 }
807
808 /* set message length */
809 len = msg_len_octets;
810
811 debug_print(mod_driver, "before protection:\n%s",
812 srtp_packet_to_string(hdr, len));
813
814 #if PRINT_REFERENCE_PACKET
815 debug_print(mod_driver, "reference packet before protection:\n%s",
816 octet_string_hex_string((uint8_t *)hdr, len));
817 #endif
818 err_check(srtp_protect_rtcp(srtcp_sender, hdr, &len));
819
820 debug_print(mod_driver, "after protection:\n%s",
821 srtp_packet_to_string(hdr, len));
822 #if PRINT_REFERENCE_PACKET
823 debug_print(mod_driver, "after protection:\n%s",
824 octet_string_hex_string((uint8_t *)hdr, len));
825 #endif
826
827 /* save protected message and length */
828 memcpy(hdr_enc, hdr, len);
829 msg_len_enc = len;
830
831 /*
832 * check for overrun of the srtp_protect() function
833 *
834 * The packet is followed by a value of 0xfffff; if the value of the
835 * data following the packet is different, then we know that the
836 * protect function is overwriting the end of the packet.
837 */
838 pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t)
839 + msg_len_octets + tag_length;
840 for (i = 0; i < 4; i++)
841 if (pkt_end[i] != 0xff) {
842 fprintf(stdout, "overwrite in srtp_protect_rtcp() function "
843 "(expected %x, found %x in trailing octet %d)\n",
844 0xff, ((uint8_t *)hdr)[i], i);
845 free(hdr);
846 free(hdr2);
847 return err_status_algo_fail;
848 }
849
850 /*
851 * if the policy includes confidentiality, check that ciphertext is
852 * different than plaintext
853 *
854 * Note that this check will give false negatives, with some small
855 * probability, especially if the packets are short. For that
856 * reason, we skip this check if the plaintext is less than four
857 * octets long.
858 */
859 if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
860 printf("testing that ciphertext is distinct from plaintext...");
861 status = err_status_algo_fail;
862 for (i=12; i < msg_len_octets+12; i++)
863 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
864 status = err_status_ok;
865 }
866 if (status) {
867 printf("failed\n");
868 free(hdr);
869 free(hdr2);
870 return status;
871 }
872 printf("passed\n");
873 }
874
875 /*
876 * if the policy uses a 'wildcard' ssrc, then we need to make a copy
877 * of the policy that changes the direction to inbound
878 *
879 * we always copy the policy into the rcvr_policy, since otherwise
880 * the compiler would fret about the constness of the policy
881 */
882 rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
883 if (rcvr_policy == NULL)
884 return err_status_alloc_fail;
885 memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
886 if (policy->ssrc.type == ssrc_any_outbound) {
887 rcvr_policy->ssrc.type = ssrc_any_inbound;
888 }
889
890 err_check(srtp_create(&srtcp_rcvr, rcvr_policy));
891
892 err_check(srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len));
893
894 debug_print(mod_driver, "after unprotection:\n%s",
895 srtp_packet_to_string(hdr, len));
896
897 /* verify that the unprotected packet matches the origial one */
898 for (i=0; i < msg_len_octets; i++)
899 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
900 fprintf(stdout, "mismatch at octet %d\n", i);
901 status = err_status_algo_fail;
902 }
903 if (status) {
904 free(hdr);
905 free(hdr2);
906 return status;
907 }
908
909 /*
910 * if the policy includes authentication, then test for false positives
911 */
912 if (policy->rtp.sec_serv & sec_serv_auth) {
913 char *data = ((char *)hdr) + 12;
914
915 printf("testing for false positives in replay check...");
916
917 /* set message length */
918 len = msg_len_enc;
919
920 /* unprotect a second time - should fail with a replay error */
921 status = srtp_unprotect_rtcp(srtcp_rcvr, hdr_enc, &len);
922 if (status != err_status_replay_fail) {
923 printf("failed with error code %d\n", status);
924 free(hdr);
925 free(hdr2);
926 return status;
927 } else {
928 printf("passed\n");
929 }
930
931 printf("testing for false positives in auth check...");
932
933 /* increment sequence number in header */
934 hdr->seq++;
935
936 /* set message length */
937 len = msg_len_octets;
938
939 /* apply protection */
940 err_check(srtp_protect_rtcp(srtcp_sender, hdr, &len));
941
942 /* flip bits in packet */
943 data[0] ^= 0xff;
944
945 /* unprotect, and check for authentication failure */
946 status = srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len);
947 if (status != err_status_auth_fail) {
948 printf("failed\n");
949 free(hdr);
950 free(hdr2);
951 return status;
952 } else {
953 printf("passed\n");
954 }
955
956 }
957
958 err_check(srtp_dealloc(srtcp_sender));
959 err_check(srtp_dealloc(srtcp_rcvr));
960
961 free(hdr);
962 free(hdr2);
963 return err_status_ok;
964 }
965
966
967 err_status_t
srtp_session_print_policy(srtp_t srtp)968 srtp_session_print_policy(srtp_t srtp) {
969 char *serv_descr[4] = {
970 "none",
971 "confidentiality",
972 "authentication",
973 "confidentiality and authentication"
974 };
975 char *direction[3] = {
976 "unknown",
977 "outbound",
978 "inbound"
979 };
980 srtp_stream_t stream;
981
982 /* sanity checking */
983 if (srtp == NULL)
984 return err_status_fail;
985
986 /* if there's a template stream, print it out */
987 if (srtp->stream_template != NULL) {
988 stream = srtp->stream_template;
989 printf("# SSRC: any %s\r\n"
990 "# rtp cipher: %s\r\n"
991 "# rtp auth: %s\r\n"
992 "# rtp services: %s\r\n"
993 "# rtcp cipher: %s\r\n"
994 "# rtcp auth: %s\r\n"
995 "# rtcp services: %s\r\n"
996 "# window size: %lu\r\n"
997 "# tx rtx allowed:%s\r\n",
998 direction[stream->direction],
999 stream->rtp_cipher->type->description,
1000 stream->rtp_auth->type->description,
1001 serv_descr[stream->rtp_services],
1002 stream->rtcp_cipher->type->description,
1003 stream->rtcp_auth->type->description,
1004 serv_descr[stream->rtcp_services],
1005 rdbx_get_window_size(&stream->rtp_rdbx),
1006 stream->allow_repeat_tx ? "true" : "false");
1007 }
1008
1009 /* loop over streams in session, printing the policy of each */
1010 stream = srtp->stream_list;
1011 while (stream != NULL) {
1012 if (stream->rtp_services > sec_serv_conf_and_auth)
1013 return err_status_bad_param;
1014
1015 printf("# SSRC: 0x%08x\r\n"
1016 "# rtp cipher: %s\r\n"
1017 "# rtp auth: %s\r\n"
1018 "# rtp services: %s\r\n"
1019 "# rtcp cipher: %s\r\n"
1020 "# rtcp auth: %s\r\n"
1021 "# rtcp services: %s\r\n"
1022 "# window size: %lu\r\n"
1023 "# tx rtx allowed:%s\r\n",
1024 stream->ssrc,
1025 stream->rtp_cipher->type->description,
1026 stream->rtp_auth->type->description,
1027 serv_descr[stream->rtp_services],
1028 stream->rtcp_cipher->type->description,
1029 stream->rtcp_auth->type->description,
1030 serv_descr[stream->rtcp_services],
1031 rdbx_get_window_size(&stream->rtp_rdbx),
1032 stream->allow_repeat_tx ? "true" : "false");
1033
1034 /* advance to next stream in the list */
1035 stream = stream->next;
1036 }
1037 return err_status_ok;
1038 }
1039
1040 err_status_t
srtp_print_policy(const srtp_policy_t * policy)1041 srtp_print_policy(const srtp_policy_t *policy) {
1042 err_status_t status;
1043 srtp_t session;
1044
1045 status = srtp_create(&session, policy);
1046 if (status)
1047 return status;
1048 status = srtp_session_print_policy(session);
1049 if (status)
1050 return status;
1051 status = srtp_dealloc(session);
1052 if (status)
1053 return status;
1054 return err_status_ok;
1055 }
1056
1057 /*
1058 * srtp_print_packet(...) is for debugging only
1059 * it prints an RTP packet to the stdout
1060 *
1061 * note that this function is *not* threadsafe
1062 */
1063
1064 #include <stdio.h>
1065
1066 #define MTU 2048
1067
1068 char packet_string[MTU];
1069
1070 char *
srtp_packet_to_string(srtp_hdr_t * hdr,int pkt_octet_len)1071 srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len) {
1072 int octets_in_rtp_header = 12;
1073 uint8_t *data = ((uint8_t *)hdr)+octets_in_rtp_header;
1074 int hex_len = pkt_octet_len-octets_in_rtp_header;
1075
1076 /* sanity checking */
1077 if ((hdr == NULL) || (pkt_octet_len > MTU))
1078 return NULL;
1079
1080 /* write packet into string */
1081 sprintf(packet_string,
1082 "(s)rtp packet: {\n"
1083 " version:\t%d\n"
1084 " p:\t\t%d\n"
1085 " x:\t\t%d\n"
1086 " cc:\t\t%d\n"
1087 " m:\t\t%d\n"
1088 " pt:\t\t%x\n"
1089 " seq:\t\t%x\n"
1090 " ts:\t\t%x\n"
1091 " ssrc:\t%x\n"
1092 " data:\t%s\n"
1093 "} (%d octets in total)\n",
1094 hdr->version,
1095 hdr->p,
1096 hdr->x,
1097 hdr->cc,
1098 hdr->m,
1099 hdr->pt,
1100 hdr->seq,
1101 hdr->ts,
1102 hdr->ssrc,
1103 octet_string_hex_string(data, hex_len),
1104 pkt_octet_len);
1105
1106 return packet_string;
1107 }
1108
1109 /*
1110 * mips_estimate() is a simple function to estimate the number of
1111 * instructions per second that the host can perform. note that this
1112 * function can be grossly wrong; you may want to have a manual sanity
1113 * check of its output!
1114 *
1115 * the 'ignore' pointer is there to convince the compiler to not just
1116 * optimize away the function
1117 */
1118
1119 double
mips_estimate(int num_trials,int * ignore)1120 mips_estimate(int num_trials, int *ignore) {
1121 clock_t t;
1122 int i, sum;
1123
1124 sum = 0;
1125 t = clock();
1126 for (i=0; i<num_trials; i++)
1127 sum += i;
1128 t = clock() - t;
1129
1130 /* printf("%d\n", sum); */
1131 *ignore = sum;
1132
1133 return (double) num_trials * CLOCKS_PER_SEC / t;
1134 }
1135
1136
1137 /*
1138 * srtp_validate() verifies the correctness of libsrtp by comparing
1139 * some computed packets against some pre-computed reference values.
1140 * These packets were made with the default SRTP policy.
1141 */
1142
1143
1144 err_status_t
srtp_validate()1145 srtp_validate() {
1146 unsigned char test_key[30] = {
1147 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
1148 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
1149 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
1150 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
1151 };
1152 uint8_t srtp_plaintext_ref[28] = {
1153 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1154 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1155 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1156 0xab, 0xab, 0xab, 0xab
1157 };
1158 uint8_t srtp_plaintext[38] = {
1159 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1160 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1161 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1162 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
1163 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1164 };
1165 uint8_t srtp_ciphertext[38] = {
1166 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1167 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
1168 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
1169 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
1170 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
1171 };
1172 srtp_t srtp_snd, srtp_recv;
1173 err_status_t status;
1174 int len;
1175 srtp_policy_t policy;
1176
1177 /*
1178 * create a session with a single stream using the default srtp
1179 * policy and with the SSRC value 0xcafebabe
1180 */
1181 crypto_policy_set_rtp_default(&policy.rtp);
1182 crypto_policy_set_rtcp_default(&policy.rtcp);
1183 policy.ssrc.type = ssrc_specific;
1184 policy.ssrc.value = 0xcafebabe;
1185 policy.key = test_key;
1186 policy.ekt = NULL;
1187 policy.window_size = 128;
1188 policy.allow_repeat_tx = 0;
1189 policy.next = NULL;
1190
1191 status = srtp_create(&srtp_snd, &policy);
1192 if (status)
1193 return status;
1194
1195 /*
1196 * protect plaintext, then compare with ciphertext
1197 */
1198 len = 28;
1199 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
1200 if (status || (len != 38))
1201 return err_status_fail;
1202
1203 debug_print(mod_driver, "ciphertext:\n %s",
1204 octet_string_hex_string(srtp_plaintext, len));
1205 debug_print(mod_driver, "ciphertext reference:\n %s",
1206 octet_string_hex_string(srtp_ciphertext, len));
1207
1208 if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
1209 return err_status_fail;
1210
1211 /*
1212 * create a receiver session context comparable to the one created
1213 * above - we need to do this so that the replay checking doesn't
1214 * complain
1215 */
1216 status = srtp_create(&srtp_recv, &policy);
1217 if (status)
1218 return status;
1219
1220 /*
1221 * unprotect ciphertext, then compare with plaintext
1222 */
1223 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
1224 if (status || (len != 28))
1225 return status;
1226
1227 if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
1228 return err_status_fail;
1229
1230 return err_status_ok;
1231 }
1232
1233
1234 err_status_t
srtp_create_big_policy(srtp_policy_t ** list)1235 srtp_create_big_policy(srtp_policy_t **list) {
1236 extern const srtp_policy_t *policy_array[];
1237 srtp_policy_t *p, *tmp;
1238 int i = 0;
1239 uint32_t ssrc = 0;
1240
1241 /* sanity checking */
1242 if ((list == NULL) || (policy_array[0] == NULL))
1243 return err_status_bad_param;
1244
1245 /*
1246 * loop over policy list, mallocing a new list and copying values
1247 * into it (and incrementing the SSRC value as we go along)
1248 */
1249 tmp = p = NULL;
1250 while (policy_array[i] != NULL) {
1251 p = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
1252 if (p == NULL)
1253 return err_status_bad_param;
1254 memcpy(p, policy_array[i], sizeof(srtp_policy_t));
1255 p->ssrc.type = ssrc_specific;
1256 p->ssrc.value = ssrc++;
1257 p->next = tmp;
1258 tmp = p;
1259 i++;
1260 }
1261 *list = p;
1262
1263 return err_status_ok;
1264 }
1265
1266 err_status_t
srtp_test_remove_stream()1267 srtp_test_remove_stream() {
1268 err_status_t status;
1269 srtp_policy_t *policy_list;
1270 srtp_t session;
1271 srtp_stream_t stream;
1272 /*
1273 * srtp_get_stream() is a libSRTP internal function that we declare
1274 * here so that we can use it to verify the correct operation of the
1275 * library
1276 */
1277 extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
1278
1279
1280 status = srtp_create_big_policy(&policy_list);
1281 if (status)
1282 return status;
1283
1284 status = srtp_create(&session, policy_list);
1285 if (status)
1286 return status;
1287
1288 /*
1289 * check for false positives by trying to remove a stream that's not
1290 * in the session
1291 */
1292 status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
1293 if (status != err_status_no_ctx)
1294 return err_status_fail;
1295
1296 /*
1297 * check for false negatives by removing stream 0x1, then
1298 * searching for streams 0x0 and 0x2
1299 */
1300 status = srtp_remove_stream(session, htonl(0x1));
1301 if (status != err_status_ok)
1302 return err_status_fail;
1303 stream = srtp_get_stream(session, htonl(0x0));
1304 if (stream == NULL)
1305 return err_status_fail;
1306 stream = srtp_get_stream(session, htonl(0x2));
1307 if (stream == NULL)
1308 return err_status_fail;
1309
1310 return err_status_ok;
1311 }
1312
1313 /*
1314 * srtp policy definitions - these definitions are used above
1315 */
1316
1317 unsigned char test_key[30] = {
1318 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
1319 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
1320 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
1321 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
1322 };
1323
1324
1325 const srtp_policy_t default_policy = {
1326 { ssrc_any_outbound, 0 }, /* SSRC */
1327 { /* SRTP policy */
1328 AES_128_ICM, /* cipher type */
1329 30, /* cipher key length in octets */
1330 HMAC_SHA1, /* authentication func type */
1331 16, /* auth key length in octets */
1332 10, /* auth tag length in octets */
1333 sec_serv_conf_and_auth /* security services flag */
1334 },
1335 { /* SRTCP policy */
1336 AES_128_ICM, /* cipher type */
1337 30, /* cipher key length in octets */
1338 HMAC_SHA1, /* authentication func type */
1339 16, /* auth key length in octets */
1340 10, /* auth tag length in octets */
1341 sec_serv_conf_and_auth /* security services flag */
1342 },
1343 test_key,
1344 NULL, /* indicates that EKT is not in use */
1345 128, /* replay window size */
1346 0, /* retransmission not allowed */
1347 NULL
1348 };
1349
1350 const srtp_policy_t aes_tmmh_policy = {
1351 { ssrc_any_outbound, 0 }, /* SSRC */
1352 {
1353 AES_128_ICM, /* cipher type */
1354 30, /* cipher key length in octets */
1355 UST_TMMHv2, /* authentication func type */
1356 94, /* auth key length in octets */
1357 4, /* auth tag length in octets */
1358 sec_serv_conf_and_auth /* security services flag */
1359 },
1360 {
1361 AES_128_ICM, /* cipher type */
1362 30, /* cipher key length in octets */
1363 UST_TMMHv2, /* authentication func type */
1364 94, /* auth key length in octets */
1365 4, /* auth tag length in octets */
1366 sec_serv_conf_and_auth /* security services flag */
1367 },
1368 test_key,
1369 NULL, /* indicates that EKT is not in use */
1370 128, /* replay window size */
1371 0, /* retransmission not allowed */
1372 NULL
1373 };
1374
1375 const srtp_policy_t tmmh_only_policy = {
1376 { ssrc_any_outbound, 0 }, /* SSRC */
1377 {
1378 AES_128_ICM, /* cipher type */
1379 30, /* cipher key length in octets */
1380 UST_TMMHv2, /* authentication func type */
1381 94, /* auth key length in octets */
1382 4, /* auth tag length in octets */
1383 sec_serv_auth /* security services flag */
1384 },
1385 {
1386 AES_128_ICM, /* cipher type */
1387 30, /* cipher key length in octets */
1388 UST_TMMHv2, /* authentication func type */
1389 94, /* auth key length in octets */
1390 4, /* auth tag length in octets */
1391 sec_serv_auth /* security services flag */
1392 },
1393 test_key,
1394 NULL, /* indicates that EKT is not in use */
1395 128, /* replay window size */
1396 0, /* retransmission not allowed */
1397 NULL
1398 };
1399
1400 const srtp_policy_t aes_only_policy = {
1401 { ssrc_any_outbound, 0 }, /* SSRC */
1402 {
1403 AES_128_ICM, /* cipher type */
1404 30, /* cipher key length in octets */
1405 NULL_AUTH, /* authentication func type */
1406 0, /* auth key length in octets */
1407 0, /* auth tag length in octets */
1408 sec_serv_conf /* security services flag */
1409 },
1410 {
1411 AES_128_ICM, /* cipher type */
1412 30, /* cipher key length in octets */
1413 NULL_AUTH, /* authentication func type */
1414 0, /* auth key length in octets */
1415 0, /* auth tag length in octets */
1416 sec_serv_conf /* security services flag */
1417 },
1418 test_key,
1419 NULL, /* indicates that EKT is not in use */
1420 128, /* replay window size */
1421 0, /* retransmission not allowed */
1422 NULL
1423 };
1424
1425 const srtp_policy_t hmac_only_policy = {
1426 { ssrc_any_outbound, 0 }, /* SSRC */
1427 {
1428 NULL_CIPHER, /* cipher type */
1429 0, /* cipher key length in octets */
1430 HMAC_SHA1, /* authentication func type */
1431 20, /* auth key length in octets */
1432 4, /* auth tag length in octets */
1433 sec_serv_auth /* security services flag */
1434 },
1435 {
1436 NULL_CIPHER, /* cipher type */
1437 0, /* cipher key length in octets */
1438 HMAC_SHA1, /* authentication func type */
1439 20, /* auth key length in octets */
1440 4, /* auth tag length in octets */
1441 sec_serv_auth /* security services flag */
1442 },
1443 test_key,
1444 NULL, /* indicates that EKT is not in use */
1445 128, /* replay window size */
1446 0, /* retransmission not allowed */
1447 NULL
1448 };
1449
1450 const srtp_policy_t null_policy = {
1451 { ssrc_any_outbound, 0 }, /* SSRC */
1452 {
1453 NULL_CIPHER, /* cipher type */
1454 0, /* cipher key length in octets */
1455 NULL_AUTH, /* authentication func type */
1456 0, /* auth key length in octets */
1457 0, /* auth tag length in octets */
1458 sec_serv_none /* security services flag */
1459 },
1460 {
1461 NULL_CIPHER, /* cipher type */
1462 0, /* cipher key length in octets */
1463 NULL_AUTH, /* authentication func type */
1464 0, /* auth key length in octets */
1465 0, /* auth tag length in octets */
1466 sec_serv_none /* security services flag */
1467 },
1468 test_key,
1469 NULL, /* indicates that EKT is not in use */
1470 128, /* replay window size */
1471 0, /* retransmission not allowed */
1472 NULL
1473 };
1474
1475 uint8_t ekt_test_key[16] = {
1476 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca,
1477 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b
1478 };
1479
1480 #include "ekt.h"
1481
1482 ekt_policy_ctx_t ekt_test_policy = {
1483 0xa5a5, /* SPI */
1484 EKT_CIPHER_AES_128_ECB,
1485 ekt_test_key,
1486 NULL
1487 };
1488
1489 const srtp_policy_t hmac_only_with_ekt_policy = {
1490 { ssrc_any_outbound, 0 }, /* SSRC */
1491 {
1492 NULL_CIPHER, /* cipher type */
1493 0, /* cipher key length in octets */
1494 HMAC_SHA1, /* authentication func type */
1495 20, /* auth key length in octets */
1496 4, /* auth tag length in octets */
1497 sec_serv_auth /* security services flag */
1498 },
1499 {
1500 NULL_CIPHER, /* cipher type */
1501 0, /* cipher key length in octets */
1502 HMAC_SHA1, /* authentication func type */
1503 20, /* auth key length in octets */
1504 4, /* auth tag length in octets */
1505 sec_serv_auth /* security services flag */
1506 },
1507 test_key,
1508 &ekt_test_policy, /* indicates that EKT is not in use */
1509 128, /* replay window size */
1510 0, /* retransmission not allowed */
1511 NULL
1512 };
1513
1514
1515 /*
1516 * an array of pointers to the policies listed above
1517 *
1518 * This array is used to test various aspects of libSRTP for
1519 * different cryptographic policies. The order of the elements
1520 * matters - the timing test generates output that can be used
1521 * in a plot (see the gnuplot script file 'timing'). If you
1522 * add to this list, you should do it at the end.
1523 */
1524
1525 #define USE_TMMH 0
1526
1527 const srtp_policy_t *
1528 policy_array[] = {
1529 &hmac_only_policy,
1530 #if USE_TMMH
1531 &tmmh_only_policy,
1532 #endif
1533 &aes_only_policy,
1534 #if USE_TMMH
1535 &aes_tmmh_policy,
1536 #endif
1537 &default_policy,
1538 &null_policy,
1539 &hmac_only_with_ekt_policy,
1540 NULL
1541 };
1542
1543 const srtp_policy_t wildcard_policy = {
1544 { ssrc_any_outbound, 0 }, /* SSRC */
1545 { /* SRTP policy */
1546 AES_128_ICM, /* cipher type */
1547 30, /* cipher key length in octets */
1548 HMAC_SHA1, /* authentication func type */
1549 16, /* auth key length in octets */
1550 10, /* auth tag length in octets */
1551 sec_serv_conf_and_auth /* security services flag */
1552 },
1553 { /* SRTCP policy */
1554 AES_128_ICM, /* cipher type */
1555 30, /* cipher key length in octets */
1556 HMAC_SHA1, /* authentication func type */
1557 16, /* auth key length in octets */
1558 10, /* auth tag length in octets */
1559 sec_serv_conf_and_auth /* security services flag */
1560 },
1561 test_key,
1562 NULL,
1563 128, /* replay window size */
1564 0, /* retransmission not allowed */
1565 NULL
1566 };
1567