--- /dev/null
+/*
+ * Secure RTP with libgcrypt
+ * Copyright (C) 2007 Rémi Denis-Courmont <rdenis # simphalempin , com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdint.h>
+#include <stddef.h>
+#include "srtp.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#include <unistd.h>
+#include <netinet/in.h>
+
+int main (void)
+{
+ int fd = socket (AF_INET, SOCK_DGRAM, 0);
+ struct sockaddr_in addr;
+ memset (&addr, 0, sizeof (addr));
+ addr.sin_family = AF_INET;
+#ifdef HAVE_SA_LEN
+ addr.sin_len = sizeof (addr);
+#endif
+ addr.sin_port = htons (10000);
+ addr.sin_addr.s_addr = htonl (0x7f000001);
+ if (bind (fd, (struct sockaddr *)&addr, sizeof (addr)))
+ return 1;
+
+ static const uint8_t key[16] =
+ "\x12\x34\x56\x78\x9A\xBC\xDE\xF0"
+ "\x12\x34\x56\x78\x9A\xBC\xDE\xF0";
+ static const uint8_t salt[14] =
+ "\x12\x34\x56\x78\x90" "\x12\x34\x56\x78\x90" "\x12\x34\x56\x78";
+
+ srtp_session_t *s = srtp_create ("AES_CM_128_HMAC_SHA1_80", 0, 0, 0);
+ if (s == NULL)
+ return 1;
+ if (srtp_setkey (s, key, 16, salt, 14))
+ goto error;
+
+ uint8_t buf[1500];
+ size_t len;
+#if 0
+ memset (buf, 0, sizeof (buf));
+ buf[0] = 2 << 6;
+ buf[1] = 1;
+ memcpy (buf + 2, &(uint16_t){ htons (9527) }, 2);
+ memcpy (buf + 8, "\xde\xad\xbe\xef", 4);
+ memcpy (buf + 4, &(uint32_t){ htonl (1) }, 4);
+ strcpy ((char *)buf + 12, "a\n");
+ len = 12 + strlen ((char *)buf + 12) + 1;
+#endif
+ for (;;)
+ {
+ len = read (fd, buf, sizeof (buf));
+ if (srtp_recv (s, buf, &len))
+ fputs ("Cannot decrypt!\n", stderr);
+ puts ((char *)buf + 12);
+ if (srtp_send (s, buf, &len, sizeof (buf)) || srtp_recv (s, buf, &len))
+ break;
+ puts ((char *)buf + 12);
+ }
+
+error:
+ srtp_destroy (s);
+ close (fd);
+ return 0;
+}
--- /dev/null
+/*
+ * Secure RTP with libgcrypt
+ * Copyright (C) 2007 Rémi Denis-Courmont <rdenis # simphalempin , com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "srtp.h"
+
+#include <stdbool.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+
+#include <gcrypt.h>
+
+#include <netinet/in.h>
+#include <pthread.h>
+
+/* TODO:
+ * Useful stuff:
+ * - ROC profil thingy (multicast really needs this)
+ * - replay protection
+ *
+ * Requirements for conformance:
+ * - suites with NULL cipher
+ * - SRTCP
+ *
+ * Useless stuff (because nothing depends on it):
+ * - non-nul key derivation rate
+ * - MKI payload
+ */
+
+typedef struct srtp_proto_t
+{
+ gcry_cipher_hd_t cipher;
+ gcry_md_hd_t mac;
+ uint32_t salt[4];
+ uint8_t mac_len;
+} srtp_proto_t;
+
+struct srtp_session_t
+{
+ srtp_proto_t rtp;
+ srtp_proto_t rtcp;
+ unsigned flags;
+ unsigned kdr;
+ uint32_t rtcp_index;
+ uint32_t rtp_roc;
+ uint16_t rtp_seq;
+};
+
+enum
+{
+ SRTP_CRYPT,
+ SRTP_AUTH,
+ SRTP_SALT,
+ SRTCP_CRYPT,
+ SRTCP_AUTH,
+ SRTCP_SALT
+};
+
+#ifndef WIN32
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
+
+static bool libgcrypt_usable = false;
+
+static void initonce_libgcrypt (void)
+{
+ if ((gcry_check_version ("1.1.94") == NULL)
+ || gcry_control (GCRYCTL_DISABLE_SECMEM, 0)
+ || gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0)
+#ifndef WIN32
+ || gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread)
+#endif
+ )
+ return;
+
+ libgcrypt_usable = true;
+}
+
+static int init_libgcrypt (void)
+{
+ int retval;
+#ifndef WIN32
+ static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
+ static pthread_once_t once = PTHREAD_ONCE_INIT;
+
+ pthread_mutex_lock (&mutex);
+ pthread_once (&once, initonce_libgcrypt);
+ retval = -libgcrypt_usable;
+ pthread_mutex_unlock (&mutex);
+#else
+# warning FIXME: This is not thread-safe.
+ if (!libgcrypt_usable)
+ initonce_libgcrypt ();
+ retval = -libgcrypt_usable;
+#endif
+
+ return retval;
+
+}
+
+
+static void proto_destroy (srtp_proto_t *p)
+{
+ gcry_md_close (p->mac);
+ gcry_cipher_close (p->cipher);
+}
+
+
+/**
+ * Releases all resources associated with a Secure RTP session.
+ */
+void srtp_destroy (srtp_session_t *s)
+{
+ assert (s != NULL);
+
+ proto_destroy (&s->rtcp);
+ proto_destroy (&s->rtp);
+ free (s);
+}
+
+
+static int proto_create (srtp_proto_t *p, int gcipher, int gmd)
+{
+ if (gcry_cipher_open (&p->cipher, gcipher, GCRY_CIPHER_MODE_CTR, 0) == 0)
+ {
+ if (gcry_md_open (&p->mac, gmd, GCRY_MD_FLAG_HMAC) == 0)
+ return 0;
+ gcry_cipher_close (p->cipher);
+ }
+ return -1;
+}
+
+
+/**
+ * Allocates a Secure RTP session.
+ *
+ * @param name cipher-suite name
+ * @param kdr key derivation rate
+ * @param winsize anti-replay windows size (between 64 and 32767 inclusive)
+ * 0 disable replay attack protection (OK for send only)
+ * @param flags OR'ed optional flags.
+ *
+ * @return NULL in case of error
+ */
+srtp_session_t *
+srtp_create (const char *name, unsigned flags, unsigned kdr, uint16_t winsize)
+{
+ assert (name != NULL);
+
+ if (kdr != 0)
+ return NULL; // FIXME: KDR not implemented yet
+ if (winsize != 0)
+ return NULL; // FIXME: replay protection not implemented yet
+
+ uint8_t mac_len;
+ int cipher = GCRY_CIPHER_AES, md = GCRY_MD_SHA1;
+
+ if (strcmp (name, "AES_CM_128_HMAC_SHA1_80") == 0)
+ mac_len = 80;
+ else
+ if (strcmp (name, "AES_CM_128_HMAC_SHA1_32") == 0)
+ mac_len = 32;
+ else
+ // F8_128_HMAC_SHA1_80 is not implemented
+ return NULL;
+
+ if ((flags & ~SRTP_FLAGS_MASK) || (winsize > 32767) || init_libgcrypt ())
+ return NULL;
+
+ srtp_session_t *s = malloc (sizeof (*s));
+ if (s == NULL)
+ return NULL;
+
+ memset (s, 0, sizeof (*s));
+ s->flags = flags;
+ s->kdr = kdr;
+
+ if (proto_create (&s->rtp, cipher, md) == 0)
+ {
+ if (proto_create (&s->rtcp, cipher, md) == 0)
+ return s;
+ proto_destroy (&s->rtp);
+ }
+
+ free (s);
+ return NULL;
+}
+
+
+/**
+ * AES-CM key derivation (saltlen = 14 bytes)
+ */
+static int
+derive (gcry_cipher_hd_t prf, const void *salt,
+ const uint8_t *r, size_t rlen, uint8_t label,
+ void *out, size_t outlen)
+{
+ uint8_t iv[16];
+
+ memcpy (iv, salt, 14);
+ iv[14] = iv[15] = 0;
+
+ assert (rlen < 14);
+ iv[13 - rlen] ^= label;
+ for (size_t i = 0; i < rlen; i++)
+ iv[sizeof (iv) - rlen + i] ^= r[i];
+
+ /* TODO: retry with CTR mode */
+ while (outlen >= sizeof (iv))
+ {
+ /* AES */
+ if (gcry_cipher_encrypt (prf, out, sizeof (iv), iv, sizeof (iv)))
+ return EINVAL;
+ outlen -= sizeof (iv);
+ out = ((uint8_t *)out) + sizeof (iv);
+
+ /* Increment IV in network byte order */
+ if (++iv[sizeof (iv) - 1] == 0)
+ ++iv[sizeof (iv) -2];
+ }
+
+ if (outlen > 0)
+ {
+ /* Truncated last AES output block */
+ if (gcry_cipher_encrypt (prf, iv, sizeof (iv), NULL, 0))
+ return -1;
+ memcpy (out, iv, outlen);
+ }
+
+ return 0;
+}
+
+
+static int
+proto_derive (srtp_proto_t *p, gcry_cipher_hd_t prf,
+ const void *salt, size_t saltlen,
+ const uint8_t *r, size_t rlen, bool rtcp)
+{
+ if (saltlen != 14)
+ return -1;
+
+ uint8_t cipherkey[16];
+ uint8_t label = rtcp ? SRTCP_CRYPT : SRTP_CRYPT;
+
+ if (derive (prf, salt, r, rlen, label++, cipherkey, 16)
+ || gcry_cipher_setkey (p->cipher, cipherkey, 16)
+ || derive (prf, salt, r, rlen, label++, NULL, 0) /* FIXME HMAC */
+ || derive (prf, salt, r, rlen, label++, p->salt, 14))
+ return -1;
+
+ return 0;
+}
+
+
+/**
+ * SRTP/SRTCP cipher/salt/MAC keys derivation.
+ */
+static int
+srtp_derive (srtp_session_t *s, const void *key, size_t keylen,
+ const void *salt, size_t saltlen)
+{
+ gcry_cipher_hd_t prf;
+ uint8_t r[6];
+
+ /* TODO: retry with CTR mode */
+ if (gcry_cipher_open (&prf, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)
+ || gcry_cipher_setkey (prf, key, keylen))
+ return -1;
+
+ /* RTP key derivation */
+ if (s->kdr != 0)
+ {
+ uint64_t index = (((uint64_t)s->rtp_roc) << 16) | s->rtp_seq;
+ index /= s->kdr;
+
+ for (int i = sizeof (r) - 1; i >= 0; i--)
+ {
+ r[i] = index & 0xff;
+ index = index >> 8;
+ }
+ }
+ else
+ memset (r, 0, sizeof (r));
+
+ if (proto_derive (&s->rtp, prf, salt, saltlen, r, 6, false))
+ return -1;
+
+ /* RTCP key derivation */
+ memcpy (r, &(uint32_t){ htonl (s->rtcp_index) }, 4);
+ if (proto_derive (&s->rtcp, prf, salt, saltlen, r, 4, true))
+ return -1;
+
+ (void)gcry_cipher_close (prf);
+ return 0;
+}
+
+
+
+/**
+ * Sets (or resets) the master key and master salt for a SRTP session.
+ * This must be done at least once before using rtp_send(), rtp_recv(),
+ * rtcp_send() or rtcp_recv(). Also, rekeying is required every
+ * 2^48 RTP packets or 2^31 RTCP packets (whichever comes first),
+ * otherwise the protocol security might be broken.
+ *
+ * @return 0 on success, in case of error:
+ * EINVAL invalid or unsupported key/salt sizes combination
+ */
+int
+srtp_setkey (srtp_session_t *s, const void *key, size_t keylen,
+ const void *salt, size_t saltlen)
+{
+ return srtp_derive (s, key, keylen, salt, saltlen) ? EINVAL : 0;
+}
+
+
+/** AES-CM encryption/decryption (ctr length = 16 bytes) */
+static int
+encrypt (gcry_cipher_hd_t hd, uint32_t *ctr, uint8_t *data, size_t len)
+{
+ const size_t ctrlen = 16;
+ while (len >= ctrlen)
+ {
+ if (gcry_cipher_setctr (hd, ctr, ctrlen)
+ || gcry_cipher_encrypt (hd, data, ctrlen, NULL, 0))
+ return -1;
+
+ data += ctrlen;
+ len -= ctrlen;
+ ctr[3] = htonl (ntohl (ctr[3]) + 1);
+ }
+
+ if (len > 0)
+ {
+ /* Truncated last block */
+ uint8_t dummy[ctrlen];
+ memcpy (dummy, data, len);
+ memset (dummy + len, 0, ctrlen - len);
+
+ if (gcry_cipher_setctr (hd, ctr, ctrlen)
+ || gcry_cipher_encrypt (hd, dummy, ctrlen, data, ctrlen))
+ return -1;
+ memcpy (data, dummy, len);
+ }
+
+ return 0;
+}
+
+
+/** AES-CM for RTP (salt = 14 bytes + 2 nul bytes) */
+static inline int
+rtp_encrypt (gcry_cipher_hd_t hd, uint32_t ssrc, uint32_t roc, uint16_t seq,
+ const uint32_t *salt, uint8_t *data, size_t len)
+{
+ /* Determines cryptographic counter (IV) */
+ uint32_t counter[4];
+ counter[0] = salt[0];
+ counter[1] = salt[1] ^ ssrc;
+ counter[2] = salt[2] ^ htonl (roc);
+ counter[3] = salt[3] ^ htonl (seq << 16);
+
+ /* Encryption */
+ return encrypt (hd, counter, data, len);
+}
+
+
+/**
+ * Encrypts/decrypts a RTP packet and updates SRTP context
+ * (CTR block cypher mode of operation has identical encryption and
+ * decryption function).
+ *
+ * @param buf RTP packet to be encrypted/digested
+ * @param len RTP packet length
+ *
+ * @return 0 on success, in case of error:
+ * EINVAL malformatted RTP packet
+ */
+static int srtp_encrypt (srtp_session_t *s, uint8_t *buf, size_t len)
+{
+ assert (s != NULL);
+
+ if ((len < 12) || ((buf[0] >> 6) != 2))
+ return EINVAL;
+
+ /* Computes encryption offset */
+ uint16_t offset = 12;
+ offset += (buf[0] & 0xf) * 4; // skips CSRC
+
+ if (buf[0] & 0x10)
+ {
+ uint16_t extlen;
+
+ offset += 4;
+ if (len < offset)
+ return EINVAL;
+
+ memcpy (&extlen, buf + offset - 2, 2);
+ offset += htons (extlen);
+ }
+
+ if (len < offset)
+ return EINVAL;
+
+ /* Determines RTP 48-bits counter and SSRC */
+ uint32_t ssrc;
+ memcpy (&ssrc, buf + 8, 4);
+
+ uint16_t seq = (buf[2] << 8) | buf[3];
+ if (((seq - s->rtp_seq) & 0xffff) < 32768)
+ {
+ if (seq < s->rtp_seq)
+ s->rtp_roc++; /* Sequence number wrap */
+ }
+ else
+ {
+ if (seq > s->rtp_seq)
+ s->rtp_roc--;
+ }
+
+ s->rtp_seq = seq;
+
+ if (s->flags & SRTP_UNENCRYPTED)
+ return 0;
+
+ if (rtp_encrypt (s->rtp.cipher, ssrc, s->rtp_roc, seq, s->rtp.salt,
+ buf + offset, len - offset))
+ return EINVAL;
+
+ return 0;
+}
+
+
+/**
+ * Turns a RTP packet into a SRTP packet: encrypt it, then computes
+ * the authentication tag and appends it.
+ * Note that you can encrypt packet in disorder.
+ *
+ * @param buf RTP packet to be encrypted/digested
+ * @param lenp pointer to the RTP packet length on entry,
+ * set to the SRTP length on exit (undefined in case of error)
+ * @param bufsize size (bytes) of the packet buffer
+ *
+ * @return 0 on success, in case of error:
+ * EINVAL malformatted RTP packet
+ * ENOBUFS bufsize is too small
+ */
+int
+srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t bufsize)
+{
+ size_t len = *lenp;
+ int val = srtp_encrypt (s, buf, len);
+ if (val)
+ return val;
+
+ if (bufsize < (len + s->rtp.mac_len))
+ return ENOBUFS;
+
+ /* FIXME: HMAC and anti-replay */
+ return 0;
+}
+
+
+/**
+ * Turns a RTP packet into a SRTP packet: encrypt it, then computes
+ * the authentication tag and appends it.
+ * Note that you can encrypt packet in disorder.
+ *
+ * @param buf RTP packet to be decrypted/digested
+ * @param lenp pointer to the RTP packet length on entry,
+ * set to the SRTP length on exit (undefined in case of error)
+ *
+ * @return 0 on success, in case of error:
+ * EINVAL malformatted RTP packet
+ * EACCES authentication failed (spoofed packet or out-of-sync)
+ */
+int
+srtp_recv (srtp_session_t *s, uint8_t *buf, size_t *lenp)
+{
+ size_t len = *lenp;
+ int val = srtp_encrypt (s, buf, len);
+ if (val)
+ return val;
+
+ /* FIXME: HMAC and anti-replay */
+ return 0;
+}
+
--- /dev/null
+/*
+ * Secure RTP with libgcrypt
+ * Copyright (C) 2007 Rémi Denis-Courmont <rdenis # simphalempin , com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <stdio.h>
+#include "srtp.c"
+
+static void printhex (const void *buf, size_t len)
+{
+ for (size_t i = 0; i < len; i++)
+ printf ("%02X", ((uint8_t *)buf)[i]);
+ fputc ('\n', stdout);
+}
+
+static void fatal (const char *msg)
+{
+ puts (msg);
+ exit (1);
+}
+
+/** AES-CM key derivation test vectors */
+static void test_derivation (void)
+{
+ static const uint8_t key[16] =
+ "\xE1\xF9\x7A\x0D\x3E\x01\x8B\xE0\xD6\x4F\xA3\x2C\x06\xDE\x41\x39";
+ static const uint8_t salt[14] =
+ "\x0E\xC6\x75\xAD\x49\x8A\xFE\xEB\xB6\x96\x0B\x3A\xAB\xE6";
+
+ static const uint8_t good_cipher[16] =
+ "\xC6\x1E\x7A\x93\x74\x4F\x39\xEE\x10\x73\x4A\xFE\x3F\xF7\xA0\x87";
+ static const uint8_t good_salt[14] =
+ "\x30\xCB\xBC\x08\x86\x3D\x8C\x85\xD4\x9D\xB3\x4A\x9A\xE1";
+ static const uint8_t good_auth[94] =
+ "\xCE\xBE\x32\x1F\x6F\xF7\x71\x6B\x6F\xD4\xAB\x49\xAF\x25\x6A\x15"
+ "\x6D\x38\xBA\xA4\x8F\x0A\x0A\xCF\x3C\x34\xE2\x35\x9E\x6C\xDB\xCE"
+ "\xE0\x49\x64\x6C\x43\xD9\x32\x7A\xD1\x75\x57\x8E\xF7\x22\x70\x98"
+ "\x63\x71\xC1\x0C\x9A\x36\x9A\xC2\xF9\x4A\x8C\x5F\xBC\xDD\xDC\x25"
+ "\x6D\x6E\x91\x9A\x48\xB6\x10\xEF\x17\xC2\x04\x1E\x47\x40\x35\x76"
+ "\x6B\x68\x64\x2C\x59\xBB\xFC\x2F\x34\xDB\x60\xDB\xDF\xB2";
+
+ static const uint8_t r[6] = { 0, 0, 0, 0, 0, 0 };
+ gcry_cipher_hd_t prf;
+ uint8_t out[94];
+
+ puts ("AES-CM key derivation test...");
+ printf (" master key: ");
+ printhex (key, sizeof (key));
+ printf (" master salt: ");
+ printhex (salt, sizeof (salt));
+
+ if (gcry_cipher_open (&prf, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)
+ || gcry_cipher_setkey (prf, key, sizeof (key)))
+ fatal ("Internal PRF error");
+
+ if (derive (prf, salt, r, sizeof (r), SRTP_CRYPT, out, 16))
+ fatal ("Internal cipher derivation error");
+ printf (" cipher key: ");
+ printhex (out, 16);
+ if (memcmp (out, good_cipher, 16))
+ fatal ("Test failed");
+
+ if (derive (prf, salt, r, sizeof (r), SRTP_SALT, out, 14))
+ fatal ("Internal salt derivation error");
+ printf (" cipher salt: ");
+ printhex (out, 14);
+ if (memcmp (out, good_salt, 14))
+ fatal ("Test failed");
+
+ if (derive (prf, salt, r, sizeof (r), SRTP_AUTH, out, 94))
+ fatal ("Internal auth key derivation error");
+ printf (" auth key: ");
+ printhex (out, 94);
+ if (memcmp (out, good_auth, 94))
+ fatal ("Test failed");
+
+ gcry_cipher_close (prf);
+}
+
+/** AES-CM key derivation test vectors */
+static void test_keystream (void)
+{
+ static const uint8_t key[16] =
+ "\x2B\x7E\x15\x16\x28\xAE\xD2\xA6\xAB\xF7\x15\x88\x09\xCF\x4F\x3C";
+ const uint32_t salt[4]=
+ { htonl (0xf0f1f2f3), htonl (0xf4f5f6f7),
+ htonl (0xf8f9fafb), htonl (0xfcfd0000) };
+
+ puts ("AES-CM key stream test...");
+ uint8_t *buf = calloc (0xff02, 16);
+ if (buf == NULL)
+ {
+ fputs ("Not enough memory for test\n", stderr);
+ return;
+ }
+
+ printf (" session key: ");
+ printhex (key, sizeof (key));
+
+ gcry_cipher_hd_t hd;
+ if (gcry_cipher_open (&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR, 0))
+ fatal ("Cipher initialization error");
+ if (gcry_cipher_setkey (hd, key, sizeof (key)))
+ fatal ("Cipher key error");
+
+ if (rtp_encrypt (hd, 0, 0, 0, salt, buf, 0xff020))
+ fatal ("Encryption failure");
+ gcry_cipher_close (hd);
+
+ static const uint8_t good_start[48] =
+ "\xE0\x3E\xAD\x09\x35\xC9\x5E\x80\xE1\x66\xB1\x6D\xD9\x2B\x4E\xB4"
+ "\xD2\x35\x13\x16\x2B\x02\xD0\xF7\x2A\x43\xA2\xFE\x4A\x5F\x97\xAB"
+ "\x41\xE9\x5B\x3B\xB0\xA2\xE8\xDD\x47\x79\x01\xE4\xFC\xA8\x94\xC0";
+ static const uint8_t good_end[48] =
+ "\xEC\x8C\xDF\x73\x98\x60\x7C\xB0\xF2\xD2\x16\x75\xEA\x9E\xA1\xE4"
+ "\x36\x2B\x7C\x3C\x67\x73\x51\x63\x18\xA0\x77\xD7\xFC\x50\x73\xAE"
+ "\x6A\x2C\xC3\x78\x78\x89\x37\x4F\xBE\xB4\xC8\x1B\x17\xBA\x6C\x44";
+
+ printf (" key stream: ");
+ printhex (buf, sizeof (good_start));
+ printf (" ... cont'd : ");
+ printhex (buf + 0xff020 - sizeof (good_end), sizeof (good_end));
+ if (memcmp (buf, good_start, sizeof (good_start))
+ || memcmp (buf + 0xff020 - sizeof (good_end), good_end,
+ sizeof (good_end)))
+ fatal ("Key stream test failed");
+ free (buf);
+}
+
+static void srtp_test (void)
+{
+ if (init_libgcrypt ())
+ fatal ("Libgcrypt initialization error");
+ test_derivation ();
+ test_keystream ();
+}
+
+int main (void)
+{
+ srtp_test ();
+ return 0;
+}
projects / vlc / commitdiff