From: RĂ©mi Denis-Courmont Date: Sun, 11 Mar 2007 13:18:05 +0000 (+0000) Subject: API cleanup X-Git-Tag: 0.9.0-test0~8154 X-Git-Url: https://git.sesse.net/?p=vlc;a=commitdiff_plain;h=263b77a37a173ae8ed008b959ae54d1d48f09f77 API cleanup --- diff --git a/libs/srtp/recv.c b/libs/srtp/recv.c index e0546a912d..2e2a27951f 100644 --- a/libs/srtp/recv.c +++ b/libs/srtp/recv.c @@ -51,7 +51,8 @@ int main (void) static const uint8_t salt[14] = "\x12\x34\x56\x78\x90" "\x12\x34\x56\x78\x90" "\x12\x34\x56\x78"; - srtp_session_t *s = srtp_create ("AES_CM_128_HMAC_SHA1_80", 0, 0); + srtp_session_t *s = srtp_create (SRTP_ENCR_AES_CM, SRTP_AUTH_HMAC_SHA1, 10, + SRTP_PRF_AES_CM, 0); if (s == NULL) return 1; if (srtp_setkey (s, key, 16, salt, 14)) diff --git a/libs/srtp/srtp.c b/libs/srtp/srtp.c index 8643b8163c..9978ff44d5 100644 --- a/libs/srtp/srtp.c +++ b/libs/srtp/srtp.c @@ -61,6 +61,7 @@ struct srtp_session_t uint32_t rtcp_index; uint32_t rtp_roc; uint16_t rtp_seq; + uint16_t rtp_rcc; uint8_t tag_len; }; @@ -74,6 +75,7 @@ enum SRTCP_SALT }; + #ifdef WIN32 # include #else @@ -159,33 +161,52 @@ static int proto_create (srtp_proto_t *p, int gcipher, int gmd) * internal cryptographic counters; it is however of course feasible to open * multiple simultaneous sessions with the same master key. * - * @param name cipher-suite name - * @param kdr key derivation rate + * @param encr encryption algorithm number + * @param auth authentication algortihm number + * @param tag_len authentication tag byte length (NOT including RCC) * @param flags OR'ed optional flags. * * @return NULL in case of error */ srtp_session_t * -srtp_create (const char *name, unsigned flags, unsigned kdr) +srtp_create (int encr, int auth, unsigned tag_len, int prf, unsigned flags) { - assert (name != NULL); + if ((flags & ~SRTP_FLAGS_MASK) || init_libgcrypt ()) + return NULL; - if (kdr != 0) - return NULL; // FIXME: KDR not implemented yet + int cipher, md; + switch (encr) + { + case SRTP_ENCR_NULL: + cipher = GCRY_CIPHER_NONE; + break; - uint8_t tag_len; - int cipher = GCRY_CIPHER_AES, md = GCRY_MD_SHA1; + case SRTP_ENCR_AES_CM: + cipher = GCRY_CIPHER_AES; + break; - if (strcmp (name, "AES_CM_128_HMAC_SHA1_80") == 0) - tag_len = 10; - else - if (strcmp (name, "AES_CM_128_HMAC_SHA1_32") == 0) - tag_len = 4; - else - // F8_128_HMAC_SHA1_80 is not implemented + default: + return NULL; + } + + switch (auth) + { + case SRTP_AUTH_NULL: + md = GCRY_MD_NONE; + break; + + case SRTP_AUTH_HMAC_SHA1: + md = GCRY_MD_SHA1; + break; + + default: + return NULL; + } + + if (tag_len > gcry_md_get_algo_dlen (auth)) return NULL; - if ((flags & ~SRTP_FLAGS_MASK) || init_libgcrypt ()) + if (prf != SRTP_PRF_AES_CM) return NULL; srtp_session_t *s = malloc (sizeof (*s)); @@ -194,7 +215,6 @@ srtp_create (const char *name, unsigned flags, unsigned kdr) memset (s, 0, sizeof (*s)); s->flags = flags; - s->kdr = kdr; s->tag_len = tag_len; if (proto_create (&s->rtp, cipher, md) == 0) @@ -336,6 +356,33 @@ srtp_setkey (srtp_session_t *s, const void *key, size_t keylen, } +/** + * Sets Roll-over-Counter Carry (RCC) rate for the SRTP session. If not + * specified (through this function), the default rate of ONE is assumed + * (i.e. every RTP packets will carry the RoC). RCC rate is ignored if none + * of the RCC mode has been selected. + * + * The RCC mode is selected through one of these flags for srtp_create(): + * SRTP_RCC_MODE1: integrity protection only for RoC carrying packets + * SRTP_RCC_MODE2: integrity protection for all packets + * SRTP_RCC_MODE3: no integrity protection + * + * RCC mode 3 is insecure. Compared to plain RTP, it provides confidentiality + * (through encryption) but is much more prone to DoS. It can only be used if + * anti-spoofing protection is provided by lower network layers (e.g. IPsec, + * or trusted routers and proper source address filtering). + * + * If RCC rate is 1, RCC mode 1 and 2 are functionally identical. + * + * @param rate RoC Carry rate (MUST NOT be zero) + */ +void srtp_setrcc_rate (srtp_session_t *s, uint16_t rate) +{ + assert (rate != 0); + s->rtp_rcc = rate; +} + + /** AES-CM encryption/decryption (ctr length = 16 bytes) */ static int ctr_crypt (gcry_cipher_hd_t hd, uint32_t *ctr, uint8_t *data, size_t len) diff --git a/libs/srtp/srtp.h b/libs/srtp/srtp.h index 9ead86431f..7d92d8b9ee 100644 --- a/libs/srtp/srtp.h +++ b/libs/srtp/srtp.h @@ -24,22 +24,49 @@ typedef struct srtp_session_t srtp_session_t; enum { - SRTP_UNENCRYPTED=0x1, // do not encrypt SRTP packets - SRTCP_UNENCRYPTED=0x2, // do not encrypt SRTCP packets - SRTP_NULL_CIPHER=0x3, // use NULL cipher (encrypt nothing) - SRTP_UNAUTHENTICATED=0x4, // do not authenticated SRTP packets - SRTP_FLAGS_MASK=0x7 + SRTP_UNENCRYPTED=0x1, // do not encrypt SRTP packets + SRTCP_UNENCRYPTED=0x2, // do not encrypt SRTCP packets + SRTP_UNAUTHENTICATED=0x4, // authenticate only SRTCP packets + + SRTP_RCC_MODE1=0x10, // use Roll-over-Counter Carry mode 1 + SRTP_RCC_MODE2=0x20, // use Roll-over-Counter Carry mode 2 + SRTP_RCC_MODE3=0x30, // use Roll-over-Counter Carry mode 3 (insecure) + + SRTP_FLAGS_MASK=0x38 +}; + +/* SRTP encryption algorithms (ciphers); same values as MIKEY */ +enum +{ + SRTP_ENCR_NULL=0, + SRTP_ENCR_AES_CM=1, + SRTP_ENCR_AES_F8=2 // not implemented +}; + +/* SRTP authenticaton algorithms; same values as MIKEY */ +enum +{ + SRTP_AUTH_NULL=0, + SRTP_AUTH_HMAC_SHA1=1 }; +/* SRTP pseudo random function; same values as MIKEY */ +enum +{ + SRTP_PRF_AES_CM=0 +}; # ifdef __cplusplus extern "C" { # endif -srtp_session_t *srtp_create (const char *name, unsigned flags, unsigned kdr); +srtp_session_t *srtp_create (int encr, int auth, unsigned tag_len, int prf, + unsigned flags); void srtp_destroy (srtp_session_t *s); + int srtp_setkey (srtp_session_t *s, const void *key, size_t keylen, const void *salt, size_t saltlen); +void srtp_setrcc_rate (srtp_session_t *s, uint16_t rate); int srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t maxsize); int srtp_recv (srtp_session_t *s, uint8_t *buf, size_t *lenp);