Commit 55626f32 authored by Pascal Buhler's avatar Pascal Buhler

Ensure returned trailer length is sufficient

The srtp_get_protect_trailer_length needs to ensure
that the returned value is large enough for any of
the streams in the session.

When a session is initialized with multiple polices
it is possible to have different tag lengths for each
policy. This function provides no way to specify which
policy to use, so for now loop over all and find largest.

The current function now has limited use so suggest to make
two functions, one that takes ssrc or packet header so
correct stream can be used, second function that takes a
policy.

# Conflicts:
#	srtp/srtp.c
parent 253ac269
......@@ -4540,84 +4540,95 @@ unsigned int srtp_profile_get_master_salt_length(srtp_profile_t profile)
}
}
srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session,
uint32_t use_mki,
uint32_t mki_index,
uint32_t *length)
srtp_err_status_t stream_get_protect_trailer_length(srtp_stream_ctx_t *stream,
uint32_t is_rtp,
uint32_t use_mki,
uint32_t mki_index,
uint32_t *length)
{
srtp_stream_ctx_t *stream;
if (session == NULL)
return srtp_err_status_bad_param;
*length = 0;
/* Try obtaining stream from stream_list */
stream = session->stream_list;
if (stream == NULL) {
/* Try obtaining the template stream */
stream = session->stream_template;
}
if (stream == NULL) {
return srtp_err_status_bad_param;
}
srtp_session_keys_t *session_key;
if (use_mki) {
if (mki_index >= stream->num_master_keys)
if (mki_index >= stream->num_master_keys) {
return srtp_err_status_bad_mki;
}
session_key = &stream->session_keys[mki_index];
*length += session_key->mki_size;
*length += stream->session_keys[mki_index].mki_size;
*length +=
srtp_auth_get_tag_length(stream->session_keys[mki_index].rtp_auth);
} else {
*length += srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth);
session_key = &stream->session_keys[0];
}
if (is_rtp) {
*length += srtp_auth_get_tag_length(session_key->rtp_auth);
} else {
*length += srtp_auth_get_tag_length(session_key->rtcp_auth);
*length += sizeof(srtcp_trailer_t);
}
return srtp_err_status_ok;
}
srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session,
uint32_t use_mki,
uint32_t mki_index,
uint32_t *length)
srtp_err_status_t get_protect_trailer_length(srtp_t session,
uint32_t is_rtp,
uint32_t use_mki,
uint32_t mki_index,
uint32_t *length)
{
srtp_stream_ctx_t *stream;
if (session == NULL)
if (session == NULL) {
return srtp_err_status_bad_param;
*length = 0;
/* Try obtaining stream from stream_list */
stream = session->stream_list;
if (stream == NULL) {
/* Try obtaining the template stream */
stream = session->stream_template;
}
if (stream == NULL) {
if (session->stream_template == NULL && session->stream_list == NULL) {
return srtp_err_status_bad_param;
}
if (use_mki) {
if (mki_index >= stream->num_master_keys)
return srtp_err_status_bad_mki;
*length = 0;
*length += stream->session_keys[mki_index].mki_size;
*length +=
srtp_auth_get_tag_length(stream->session_keys[mki_index].rtcp_auth);
} else {
*length += srtp_auth_get_tag_length(stream->session_keys[0].rtcp_auth);
stream = session->stream_template;
if (stream != NULL) {
stream_get_protect_trailer_length(stream, is_rtp, use_mki, mki_index,
length);
}
*length += sizeof(srtcp_trailer_t);
stream = session->stream_list;
while (stream != NULL) {
uint32_t temp_length;
if (stream_get_protect_trailer_length(stream, is_rtp, use_mki,
mki_index, &temp_length) ==
srtp_err_status_ok) {
if (temp_length > *length) {
*length = temp_length;
}
}
stream = stream->next;
}
return srtp_err_status_ok;
}
srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session,
uint32_t use_mki,
uint32_t mki_index,
uint32_t *length)
{
return get_protect_trailer_length(session, 1, use_mki, mki_index, length);
}
srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session,
uint32_t use_mki,
uint32_t mki_index,
uint32_t *length)
{
return get_protect_trailer_length(session, 0, use_mki, mki_index, length);
}
/*
* SRTP debug interface
*/
......
......@@ -1077,8 +1077,8 @@ srtp_err_status_t srtp_test(const srtp_policy_t *policy,
* data following the packet is different, then we know that the
* protect function is overwriting the end of the packet.
*/
srtp_get_protect_trailer_length(srtp_sender, use_mki, mki_index,
&tag_length);
err_check(srtp_get_protect_trailer_length(srtp_sender, use_mki, mki_index,
&tag_length));
pkt_end = (uint8_t *)hdr + msg_len + tag_length;
for (i = 0; i < 4; i++) {
if (pkt_end[i] != 0xff) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment