Commit 04570bd7 authored by Simon Morlat's avatar Simon Morlat

fix zrtp and srtp bugs

parent 99cbcd90
......@@ -34,15 +34,15 @@
#include "ortp/b64.h"
#define SRTP_PAD_BYTES 64 /*?? */
#define SRTP_PAD_BYTES (SRTP_MAX_TRAILER_LEN + 4)
static int srtp_sendto(RtpTransport *t, mblk_t *m, int flags, const struct sockaddr *to, socklen_t tolen){
srtp_t srtp=(srtp_t)t->data;
int slen;
err_status_t err;
/* enlarge the buffer for srtp to write its data */
msgpullup(m,msgdsize(m)+SRTP_PAD_BYTES);
slen=m->b_wptr-m->b_rptr;
slen=msgdsize(m);
msgpullup(m,slen+SRTP_PAD_BYTES);
err=srtp_protect(srtp,m->b_rptr,&slen);
if (err==err_status_ok){
return sendto(t->session->rtp.socket,(void*)m->b_rptr,slen,flags,to,tolen);
......@@ -85,9 +85,9 @@ static int srtcp_sendto(RtpTransport *t, mblk_t *m, int flags, const struct soc
srtp_t srtp=(srtp_t)t->data;
int slen;
err_status_t srtp_err;
slen=msgdsize(m);
/* enlarge the buffer for srtp to write its data */
msgpullup(m,msgdsize(m)+SRTP_PAD_BYTES);
slen=m->b_wptr-m->b_rptr;
msgpullup(m,slen+SRTP_PAD_BYTES);
srtp_err=srtp_protect_rtcp(srtp,m->b_rptr,&slen);
if (srtp_err==err_status_ok){
return sendto(t->session->rtcp.socket,(void*)m->b_rptr,slen,flags,to,tolen);
......@@ -214,10 +214,10 @@ static bool_t ortp_init_srtp_policy(srtp_t srtp, srtp_policy_t* policy, enum ort
policy->rtp.cipher_key_len);
return FALSE;
}
key = (uint8_t*) malloc(key_size);
if (b64_decode((const char*)b64_key, b64_key_length, key, key_size) != key_size) {
key = (uint8_t*) ortp_malloc0(key_size+2); /*srtp uses padding*/
if (b64_decode(b64_key, b64_key_length, key, key_size) != key_size) {
ortp_error("Error decoding key");
free(key);
ortp_free(key);
return FALSE;
}
......@@ -228,11 +228,11 @@ static bool_t ortp_init_srtp_policy(srtp_t srtp, srtp_policy_t* policy, enum ort
err = ortp_srtp_add_stream(srtp, policy);
if (err != err_status_ok) {
ortp_error("Failed to add incoming stream to srtp session (%d)", err);
free(key);
ortp_free(key);
return FALSE;
}
free(key);
ortp_free(key);
return TRUE;
}
......
......@@ -41,7 +41,7 @@
// ZRTP message is prefixed by RTP header
#define ZRTP_MESSAGE_OFFSET 12
#define SRTP_PAD_BYTES 64 /*?? */
#define SRTP_PAD_BYTES (SRTP_MAX_TRAILER_LEN + 4)
// 1234567890123456
static const char userAgentStr[] = "LINPHONE-ZRTPCPP"; // 16 chars max.
......@@ -407,7 +407,8 @@ static int32_t ozrtp_srtpSecretsReady (ZrtpContext* ctx, C_SrtpSecret_t* secrets
err_status_t addStreamStatus;
OrtpZrtpContext *userData = user_data(ctx);
ortp_message("ZRTP secrets for %s are ready", (part == ForSender) ? "sender" : "receiver");
ortp_message("ZRTP secrets for %s are ready; auth tag len is %i",
(part == ForSender) ? "sender" : "receiver",secrets->srtpAuthTagLen);
// Get authentication and cipher algorithms in srtp format
if (secrets->authAlgorithm != zrtp_Sha1) {
......@@ -417,27 +418,31 @@ static int32_t ozrtp_srtpSecretsReady (ZrtpContext* ctx, C_SrtpSecret_t* secrets
if (secrets->symEncAlgorithm != zrtp_Aes) {
ortp_fatal("unsupported cipher algorithm by srtp");
}
memset(&policy,0,sizeof(policy));
policy.ssrc.type=ssrc_specific;
crypto_policy_t cryptoPolicyRtp;
crypto_policy_set_from_profile_for_rtp(&cryptoPolicyRtp, srtp_profile_aes128_cm_sha1_32);
policy.rtp=cryptoPolicyRtp;
crypto_policy_t cryptoPolicyRtcp;
crypto_policy_set_from_profile_for_rtcp(&cryptoPolicyRtcp, srtp_profile_aes128_cm_sha1_32);
policy.rtcp=cryptoPolicyRtcp;
/*
* Don't use crypto_policy_set_from_profile_for_rtp(), it is totally buggy.
*/
memset(&policy,0,sizeof(policy));
if (secrets->srtpAuthTagLen == 32){
crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtcp);
}else if (secrets->srtpAuthTagLen == 80){
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
}else{
ortp_fatal("unsupported auth tag len");
}
if (part == ForSender) {
srtpCreateStatus=srtp_create(&userData->srtpSend, NULL);
policy.ssrc.type=ssrc_specific;
policy.ssrc.value=userData->session->snd.ssrc; // us
policy.key=key_with_salt(secrets, secrets->role);
addStreamStatus=srtp_add_stream(userData->srtpSend, &policy);
} else { //if (part == ForReceiver)
srtpCreateStatus=srtp_create(&userData->srtpRecv, NULL);
policy.ssrc.type = ssrc_any_inbound; /*we don't know the incoming ssrc will be */
policy.ssrc.value=userData->session->rcv.ssrc; // peer
int32_t peerRole=secrets->role == Initiator ? Responder : Initiator;
policy.key=key_with_salt(secrets,peerRole);
addStreamStatus=srtp_add_stream(userData->srtpRecv, &policy);
......@@ -622,11 +627,10 @@ static int ozrtp_generic_sendto(stream_type stream, RtpTransport *t, mblk_t *m,
size=msgdsize(m);
return sendto(socket,(void*)m->b_rptr,size,flags,to,tolen);
}
slen=msgdsize(m);
// Protect with srtp
/* enlarge the buffer for srtp to write its data */
msgpullup(m,msgdsize(m)+SRTP_PAD_BYTES);
slen=m->b_wptr-m->b_rptr;
if (stream == rtp_stream) {
err=srtp_protect(userData->srtpSend,m->b_rptr,&slen);
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment