Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libsrtp2 / a958398d02230f44db9787719f79c68673652be9 / . / test / srtp_driver.c
blob: e8034646c55b279d33fce29e22318e942c1bb0cd [file] [log] [blame]
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]1
Ryan Hooperab0345b2017-02-07 16:07:59 -0500[diff] [blame]2
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]3/*
4 * srtp_driver.c
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]5 *
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]6 * a test driver for libSRTP
7 *
8 * David A. McGrew
9 * Cisco Systems, Inc.
10 */
11/*
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]12 *
David McGrew7629bf22006-06-08 17:00:25 +0000[diff] [blame]13 * Copyright (c) 2001-2006, Cisco Systems, Inc.
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]14 * All rights reserved.
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]15 *
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions
18 * are met:
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]19 *
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]20 * Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]22 *
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]23 * Redistributions in binary form must reproduce the above
24 * copyright notice, this list of conditions and the following
25 * disclaimer in the documentation and/or other materials provided
26 * with the distribution.
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]27 *
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]28 * Neither the name of the Cisco Systems, Inc. nor the names of its
29 * contributors may be used to endorse or promote products derived
30 * from this software without specific prior written permission.
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]31 *
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
34 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
35 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
36 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
37 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
38 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
39 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
41 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
42 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
43 * OF THE POSSIBILITY OF SUCH DAMAGE.
44 *
45 */
46
47
48#include <string.h> /* for memcpy() */
49#include <time.h> /* for clock() */
50#include <stdlib.h> /* for malloc(), free() */
51#include <stdio.h> /* for print(), fflush() */
David McGrew79bd3012006-07-17 20:41:21 +0000[diff] [blame]52#include "getopt_s.h" /* for local getopt() */
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]53
David McGrew3c45e0c2006-07-12 00:50:56 +0000[diff] [blame]54#include "srtp_priv.h"
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]55#include "util.h"
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]56
Marcus Sundberg1cbca882005-10-02 20:50:06 +0000[diff] [blame]57#ifdef HAVE_NETINET_IN_H
58# include <netinet/in.h>
59#elif defined HAVE_WINSOCK2_H
60# include <winsock2.h>
61#endif
62
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]63#define PRINT_REFERENCE_PACKET 1
64
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]65srtp_err_status_t
Marcus Sundberga3f95fe2005-09-29 12:48:41 +0000[diff] [blame]66srtp_validate(void);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]67
Paul E. Jones9fc018c2016-06-03 02:56:56 -0400[diff] [blame]68#ifdef OPENSSL
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]69srtp_err_status_t
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]70srtp_validate_gcm(void);
Paul E. Jones9fc018c2016-06-03 02:56:56 -0400[diff] [blame]71#endif
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]72
73srtp_err_status_t
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]74srtp_validate_encrypted_extensions_headers(void);
75
Joachim Bauch80a45b52015-12-06 22:57:58 +0100[diff] [blame]76#ifdef OPENSSL
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]77srtp_err_status_t
Joachim Bauchfa1e8c22015-11-24 23:38:48 +0100[diff] [blame]78srtp_validate_encrypted_extensions_headers_gcm(void);
Joachim Bauch80a45b52015-12-06 22:57:58 +0100[diff] [blame]79#endif
Joachim Bauchfa1e8c22015-11-24 23:38:48 +0100[diff] [blame]80
81srtp_err_status_t
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]82srtp_validate_aes_256(void);
83
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]84srtp_err_status_t
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]85srtp_create_big_policy(srtp_policy_t **list);
86
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]87srtp_err_status_t
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]88srtp_dealloc_big_policy(srtp_policy_t *list);
89
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]90srtp_err_status_t
Joachim Bauchc8a19ae2015-12-14 22:50:36 +0100[diff] [blame]91srtp_test_empty_payload(void);
92
93#ifdef OPENSSL
94srtp_err_status_t
95srtp_test_empty_payload_gcm(void);
96#endif
97
98srtp_err_status_t
Marcus Sundberga3f95fe2005-09-29 12:48:41 +0000[diff] [blame]99srtp_test_remove_stream(void);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]100
Pascal Bühlerbd3112a2015-11-06 20:29:15 +0100[diff] [blame]101srtp_err_status_t
102srtp_test_update(void);
103
Ryan Hooperab0345b2017-02-07 16:07:59 -0500[diff] [blame]104srtp_err_status_t
105srtp_test_protect_trailer_length(void);
106
107srtp_err_status_t
108srtp_test_protect_rtcp_trailer_length(void);
109
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]110double
111srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy);
112
113double
114srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy);
115
116void
117srtp_do_timing(const srtp_policy_t *policy);
118
119void
120srtp_do_rejection_timing(const srtp_policy_t *policy);
121
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]122srtp_err_status_t
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]123srtp_test(const srtp_policy_t *policy, int extension_header, int mki_index);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]124
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]125srtp_err_status_t
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]126srtcp_test(const srtp_policy_t *policy, int mki_index);
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]127
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]128srtp_err_status_t
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]129srtp_session_print_policy(srtp_t srtp);
130
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]131srtp_err_status_t
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]132srtp_print_policy(const srtp_policy_t *policy);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]133
134char *
135srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len);
136
137double
138mips_estimate(int num_trials, int *ignore);
139
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]140#define TEST_MKI_ID_SIZE 4
141
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]142extern uint8_t test_key[46];
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]143extern uint8_t test_key_2[46];
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]144extern uint8_t test_mki_id[TEST_MKI_ID_SIZE];
145extern uint8_t test_mki_id_2[TEST_MKI_ID_SIZE];
146
147srtp_master_key_t master_key_1 = {
148 test_key,
149 test_mki_id,
150 TEST_MKI_ID_SIZE
151};
152
153srtp_master_key_t master_key_2 = {
154 test_key_2,
155 test_mki_id_2,
156 TEST_MKI_ID_SIZE
157};
158
159srtp_master_key_t *test_keys[2] = {
160 &master_key_1,
161 &master_key_2
162};
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]163
164void
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]165usage (char *prog_name)
166{
167 printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n"
168 " -t run timing test\n"
169 " -r run rejection timing test\n"
170 " -c run codec timing test\n"
171 " -v run validation tests\n"
172 " -d <mod> turn on debugging module <mod>\n"
173 " -l list debugging modules\n", prog_name);
174 exit(1);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]175}
176
177/*
178 * The policy_array is a null-terminated array of policy structs. it
179 * is declared at the end of this file
180 */
181
182extern const srtp_policy_t *policy_array[];
183
184
185/* the wildcard_policy is declared below; it has a wildcard ssrc */
186
187extern const srtp_policy_t wildcard_policy;
188
189/*
190 * mod_driver debug module - debugging module for this test driver
191 *
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]192 * we use the crypto_kernel debugging system in this driver, which
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]193 * makes the interface uniform and increases portability
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]194 */
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]195
jfigus02d6f032014-11-21 10:56:42 -0500[diff] [blame]196srtp_debug_module_t mod_driver = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]197 0, /* debugging is off by default */
198 "driver" /* printable name for module */
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]199};
200
201int
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]202main (int argc, char *argv[])
203{
204 int q;
205 unsigned do_timing_test = 0;
206 unsigned do_rejection_test = 0;
207 unsigned do_codec_timing = 0;
208 unsigned do_validation = 0;
209 unsigned do_list_mods = 0;
210 srtp_err_status_t status;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]211
212 /*
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]213 * verify that the compiler has interpreted the header data
214 * structure srtp_hdr_t correctly
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]215 */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]216 if (sizeof(srtp_hdr_t) != 12) {
217 printf("error: srtp_hdr_t has incorrect size"
218 "(size is %ld bytes, expected 12)\n",
219 (long)sizeof(srtp_hdr_t));
220 exit(1);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]221 }
222
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]223 /* initialize srtp library */
224 status = srtp_init();
225 if (status) {
226 printf("error: srtp init failed with error code %d\n", status);
227 exit(1);
228 }
229
230 /* load srtp_driver debug module */
jfigus92736bc2014-11-21 10:30:54 -0500[diff] [blame]231 status = srtp_crypto_kernel_load_debug_module(&mod_driver);
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]232 if (status) {
233 printf("error: load of srtp_driver debug module failed "
234 "with error code %d\n", status);
235 exit(1);
236 }
237
238 /* process input arguments */
239 while (1) {
240 q = getopt_s(argc, argv, "trcvld:");
241 if (q == -1) {
242 break;
243 }
244 switch (q) {
245 case 't':
246 do_timing_test = 1;
247 break;
248 case 'r':
249 do_rejection_test = 1;
250 break;
251 case 'c':
252 do_codec_timing = 1;
253 break;
254 case 'v':
255 do_validation = 1;
256 break;
257 case 'l':
258 do_list_mods = 1;
259 break;
260 case 'd':
jfigus92736bc2014-11-21 10:30:54 -0500[diff] [blame]261 status = srtp_crypto_kernel_set_debug_module(optarg_s, 1);
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]262 if (status) {
263 printf("error: set debug module (%s) failed\n", optarg_s);
264 exit(1);
265 }
266 break;
267 default:
268 usage(argv[0]);
269 }
270 }
271
272 if (!do_validation && !do_timing_test && !do_codec_timing
273 && !do_list_mods && !do_rejection_test) {
274 usage(argv[0]);
275 }
276
277 if (do_list_mods) {
jfigus92736bc2014-11-21 10:30:54 -0500[diff] [blame]278 status = srtp_crypto_kernel_list_debug_modules();
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]279 if (status) {
280 printf("error: list of debug modules failed\n");
281 exit(1);
282 }
283 }
284
285 if (do_validation) {
286 const srtp_policy_t **policy = policy_array;
287 srtp_policy_t *big_policy;
288
289 /* loop over policy array, testing srtp and srtcp for each policy */
290 while (*policy != NULL) {
291 printf("testing srtp_protect and srtp_unprotect\n");
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]292 if (srtp_test(*policy, 0, -1) == srtp_err_status_ok) {
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]293 printf("passed\n\n");
294 } else{
295 printf("failed\n");
296 exit(1);
297 }
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]298
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]299 printf("testing srtp_protect and srtp_unprotect with encrypted extensions headers\n");
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]300 if (srtp_test(*policy, 1, -1) == srtp_err_status_ok) {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]301 printf("passed\n\n");
302 } else{
303 printf("failed\n");
304 exit(1);
305 }
306 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]307 if (srtcp_test(*policy, -1) == srtp_err_status_ok) {
308 printf("passed\n\n");
309 } else{
310 printf("failed\n");
311 exit(1);
312 }
313 printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI index set to 0\n");
314 if (srtp_test(*policy, 0, 0) == srtp_err_status_ok) {
315 printf("passed\n\n");
316 } else{
317 printf("failed\n");
318 exit(1);
319 }
320 printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI index set to 1\n");
321 if (srtp_test(*policy, 0, 1) == srtp_err_status_ok) {
322 printf("passed\n\n");
323 } else{
324 printf("failed\n");
325 exit(1);
326 }
327
328 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI index set to 0\n");
329 if (srtcp_test(*policy, 0) == srtp_err_status_ok) {
330 printf("passed\n\n");
331 } else{
332 printf("failed\n");
333 exit(1);
334 }
335 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI index set to 1\n");
336 if (srtcp_test(*policy, 1) == srtp_err_status_ok) {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]337 printf("passed\n\n");
338 } else{
339 printf("failed\n");
340 exit(1);
341 }
342 policy++;
343 }
344
345 /* create a big policy list and run tests on it */
346 status = srtp_create_big_policy(&big_policy);
347 if (status) {
348 printf("unexpected failure with error code %d\n", status);
349 exit(1);
350 }
351 printf("testing srtp_protect and srtp_unprotect with big policy\n");
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]352 if (srtp_test(big_policy, 0, -1) == srtp_err_status_ok) {
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]353 printf("passed\n\n");
354 } else{
355 printf("failed\n");
356 exit(1);
357 }
358 printf("testing srtp_protect and srtp_unprotect with big policy and encrypted extensions headers\n");
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]359 if (srtp_test(big_policy, 1, -1) == srtp_err_status_ok) {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]360 printf("passed\n\n");
361 } else{
362 printf("failed\n");
363 exit(1);
364 }
365 status = srtp_dealloc_big_policy(big_policy);
366 if (status) {
367 printf("unexpected failure with error code %d\n", status);
368 exit(1);
369 }
370
371 /* run test on wildcard policy */
372 printf("testing srtp_protect and srtp_unprotect on "
373 "wildcard ssrc policy\n");
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]374 if (srtp_test(&wildcard_policy, 0, -1) == srtp_err_status_ok) {
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]375 printf("passed\n\n");
376 } else{
377 printf("failed\n");
378 exit(1);
379 }
380 printf("testing srtp_protect and srtp_unprotect on "
381 "wildcard ssrc policy and encrypted extensions headers\n");
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]382 if (srtp_test(&wildcard_policy, 1, -1) == srtp_err_status_ok) {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]383 printf("passed\n\n");
384 } else{
385 printf("failed\n");
386 exit(1);
387 }
388
389 /*
390 * run validation test against the reference packets - note
391 * that this test only covers the default policy
392 */
393 printf("testing srtp_protect and srtp_unprotect against "
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]394 "reference packet\n");
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]395 if (srtp_validate() == srtp_err_status_ok) {
396 printf("passed\n\n");
397 } else{
398 printf("failed\n");
399 exit(1);
400 }
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]401
402#ifdef OPENSSL
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]403 printf("testing srtp_protect and srtp_unprotect against "
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]404 "reference packet using GCM\n");
405 if (srtp_validate_gcm() == srtp_err_status_ok) {
406 printf("passed\n\n");
407 } else{
408 printf("failed\n");
409 exit(1);
410 }
411#endif
412
413 printf("testing srtp_protect and srtp_unprotect against "
414 "reference packet with encrypted extensions headers\n");
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]415 if (srtp_validate_encrypted_extensions_headers() == srtp_err_status_ok)
416 printf("passed\n\n");
417 else {
418 printf("failed\n");
419 exit(1);
420 }
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]421
Joachim Bauchb8cb5772015-11-24 21:46:25 +0100[diff] [blame]422#ifdef OPENSSL
Joachim Bauchfa1e8c22015-11-24 23:38:48 +0100[diff] [blame]423 printf("testing srtp_protect and srtp_unprotect against "
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]424 "reference packet with encrypted extension headers (GCM)\n");
Joachim Bauchfa1e8c22015-11-24 23:38:48 +0100[diff] [blame]425 if (srtp_validate_encrypted_extensions_headers_gcm() == srtp_err_status_ok) {
426 printf("passed\n\n");
427 } else{
428 printf("failed\n");
429 exit(1);
430 }
Joachim Bauch80a45b52015-12-06 22:57:58 +0100[diff] [blame]431#endif
Joachim Bauchfa1e8c22015-11-24 23:38:48 +0100[diff] [blame]432
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]433 /*
434 * run validation test against the reference packets for
435 * AES-256
436 */
437 printf("testing srtp_protect and srtp_unprotect against "
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]438 "reference packet (AES-256)\n");
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]439 if (srtp_validate_aes_256() == srtp_err_status_ok) {
440 printf("passed\n\n");
441 } else{
442 printf("failed\n");
443 exit(1);
444 }
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]445
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]446 /*
Joachim Bauchc8a19ae2015-12-14 22:50:36 +0100[diff] [blame]447 * test packets with empty payload
448 */
449 printf("testing srtp_protect and srtp_unprotect against "
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]450 "packet with empty payload\n");
Joachim Bauchc8a19ae2015-12-14 22:50:36 +0100[diff] [blame]451 if (srtp_test_empty_payload() == srtp_err_status_ok) {
452 printf("passed\n");
453 } else{
454 printf("failed\n");
455 exit(1);
456 }
457#ifdef OPENSSL
458 printf("testing srtp_protect and srtp_unprotect against "
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]459 "packet with empty payload (GCM)\n");
Joachim Bauchc8a19ae2015-12-14 22:50:36 +0100[diff] [blame]460 if (srtp_test_empty_payload_gcm() == srtp_err_status_ok) {
461 printf("passed\n");
462 } else{
463 printf("failed\n");
464 exit(1);
465 }
466#endif
467
468 /*
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]469 * test the function srtp_remove_stream()
470 */
471 printf("testing srtp_remove_stream()...");
472 if (srtp_test_remove_stream() == srtp_err_status_ok) {
473 printf("passed\n");
474 } else{
475 printf("failed\n");
476 exit(1);
477 }
Pascal Bühlerbd3112a2015-11-06 20:29:15 +0100[diff] [blame]478
479 /*
480 * test the function srtp_update()
481 */
482 printf("testing srtp_update()...");
483 if (srtp_test_update() == srtp_err_status_ok) {
484 printf("passed\n");
485 } else {
486 printf("failed\n");
487 exit(1);
488 }
Ryan Hooperab0345b2017-02-07 16:07:59 -0500[diff] [blame]489
490 /*
491 * test the functions srtp_get_protect_trailer_length
492 * and srtp_get_protect_rtcp_trailer_length
493 */
494 printf("testing srtp_get_protect_trailer_length()...");
495 if (srtp_test_protect_trailer_length() == srtp_err_status_ok) {
496 printf("passed\n");
497 } else {
498 printf("failed\n");
499 exit(1);
500 }
501
502 printf("testing srtp_get_protect_rtcp_trailer_length()...");
503 if (srtp_test_protect_rtcp_trailer_length() == srtp_err_status_ok) {
504 printf("passed\n");
505 } else {
506 printf("failed\n");
507 exit(1);
508 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]509 }
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]510
511 if (do_timing_test) {
512 const srtp_policy_t **policy = policy_array;
513
514 /* loop over policies, run timing test for each */
515 while (*policy != NULL) {
516 srtp_print_policy(*policy);
517 srtp_do_timing(*policy);
518 policy++;
519 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]520 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]521
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]522 if (do_rejection_test) {
523 const srtp_policy_t **policy = policy_array;
524
525 /* loop over policies, run rejection timing test for each */
526 while (*policy != NULL) {
527 srtp_print_policy(*policy);
528 srtp_do_rejection_timing(*policy);
529 policy++;
530 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]531 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]532
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]533 if (do_codec_timing) {
534 srtp_policy_t policy;
535 int ignore;
Joachim Bauchdc53dcb2016-03-10 20:32:44 +0100[diff] [blame]536 double mips_value = mips_estimate(1000000000, &ignore);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]537
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]538 memset(&policy, 0, sizeof(policy));
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]539 srtp_crypto_policy_set_rtp_default(&policy.rtp);
540 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
541 policy.ssrc.type = ssrc_specific;
542 policy.ssrc.value = 0xdecafbad;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]543 policy.key = test_key;
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]544 policy.ekt = NULL;
545 policy.window_size = 128;
546 policy.allow_repeat_tx = 0;
547 policy.next = NULL;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]548
Joachim Bauchdc53dcb2016-03-10 20:32:44 +0100[diff] [blame]549 printf("mips estimate: %e\n", mips_value);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]550
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]551 printf("testing srtp processing time for voice codecs:\n");
552 printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
553 printf("G.711\t\t%d\t\t\t%e\n", 80,
Joachim Bauchdc53dcb2016-03-10 20:32:44 +0100[diff] [blame]554 (double)mips_value * (80 * 8) /
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]555 srtp_bits_per_second(80, &policy) / .01 );
556 printf("G.711\t\t%d\t\t\t%e\n", 160,
Joachim Bauchdc53dcb2016-03-10 20:32:44 +0100[diff] [blame]557 (double)mips_value * (160 * 8) /
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]558 srtp_bits_per_second(160, &policy) / .02);
559 printf("G.726-32\t%d\t\t\t%e\n", 40,
Joachim Bauchdc53dcb2016-03-10 20:32:44 +0100[diff] [blame]560 (double)mips_value * (40 * 8) /
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]561 srtp_bits_per_second(40, &policy) / .01 );
562 printf("G.726-32\t%d\t\t\t%e\n", 80,
Joachim Bauchdc53dcb2016-03-10 20:32:44 +0100[diff] [blame]563 (double)mips_value * (80 * 8) /
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]564 srtp_bits_per_second(80, &policy) / .02);
565 printf("G.729\t\t%d\t\t\t%e\n", 10,
Joachim Bauchdc53dcb2016-03-10 20:32:44 +0100[diff] [blame]566 (double)mips_value * (10 * 8) /
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]567 srtp_bits_per_second(10, &policy) / .01 );
568 printf("G.729\t\t%d\t\t\t%e\n", 20,
Joachim Bauchdc53dcb2016-03-10 20:32:44 +0100[diff] [blame]569 (double)mips_value * (20 * 8) /
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]570 srtp_bits_per_second(20, &policy) / .02 );
571 printf("Wideband\t%d\t\t\t%e\n", 320,
Joachim Bauchdc53dcb2016-03-10 20:32:44 +0100[diff] [blame]572 (double)mips_value * (320 * 8) /
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]573 srtp_bits_per_second(320, &policy) / .01 );
574 printf("Wideband\t%d\t\t\t%e\n", 640,
Joachim Bauchdc53dcb2016-03-10 20:32:44 +0100[diff] [blame]575 (double)mips_value * (640 * 8) /
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]576 srtp_bits_per_second(640, &policy) / .02 );
577 }
Jonathan Lennoxdfb30842010-05-15 04:52:01 +0000[diff] [blame]578
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]579 status = srtp_shutdown();
580 if (status) {
581 printf("error: srtp shutdown failed with error code %d\n", status);
582 exit(1);
583 }
584
585 return 0;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]586}
587
588
589
590/*
591 * srtp_create_test_packet(len, ssrc) returns a pointer to a
592 * (malloced) example RTP packet whose data field has the length given
593 * by pkt_octet_len and the SSRC value ssrc. The total length of the
594 * packet is twelve octets longer, since the header is at the
595 * beginning. There is room at the end of the packet for a trailer,
596 * and the four octets following the packet are filled with 0xff
597 * values to enable testing for overwrites.
598 *
599 * note that the location of the test packet can (and should) be
600 * deallocated with the free() call once it is no longer needed.
601 */
602
603srtp_hdr_t *
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]604srtp_create_test_packet (int pkt_octet_len, uint32_t ssrc)
605{
606 int i;
607 uint8_t *buffer;
608 srtp_hdr_t *hdr;
609 int bytes_in_hdr = 12;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]610
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]611 /* allocate memory for test packet */
612 hdr = (srtp_hdr_t*)malloc(pkt_octet_len + bytes_in_hdr
613 + SRTP_MAX_TRAILER_LEN + 4);
614 if (!hdr) {
615 return NULL;
616 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]617
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]618 hdr->version = 2; /* RTP version two */
619 hdr->p = 0; /* no padding needed */
620 hdr->x = 0; /* no header extension */
621 hdr->cc = 0; /* no CSRCs */
622 hdr->m = 0; /* marker bit */
623 hdr->pt = 0xf; /* payload type */
624 hdr->seq = htons(0x1234); /* sequence number */
625 hdr->ts = htonl(0xdecafbad); /* timestamp */
626 hdr->ssrc = htonl(ssrc); /* synch. source */
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]627
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]628 buffer = (uint8_t*)hdr;
629 buffer += bytes_in_hdr;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]630
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]631 /* set RTP data to 0xab */
632 for (i = 0; i < pkt_octet_len; i++) {
633 *buffer++ = 0xab;
634 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]635
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]636 /* set post-data value to 0xffff to enable overrun checking */
637 for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) {
638 *buffer++ = 0xff;
639 }
640
641 return hdr;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]642}
643
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]644srtp_hdr_t *
645srtp_create_test_packet_ext_hdr(int pkt_octet_len, uint32_t ssrc) {
646 int i;
647 uint8_t *buffer;
648 srtp_hdr_t *hdr;
649 int bytes_in_hdr = 12;
650 uint8_t extension_header[12] = {
651 /* one-byte header */
652 0xbe, 0xde,
653 /* size */
654 0x00, 0x02,
655 /* id 1, length 1 (i.e. 2 bytes) */
656 0x11,
657 /* payload */
658 0xca,
659 0xfe,
660 /* padding */
661 0x00,
662 /* id 2, length 0 (i.e. 1 byte) */
663 0x20,
664 /* payload */
665 0xba,
666 /* padding */
667 0x00,
668 0x00
669 };
670
671 /* allocate memory for test packet */
672 hdr = (srtp_hdr_t*) malloc(pkt_octet_len + bytes_in_hdr
673 + sizeof(extension_header) + SRTP_MAX_TRAILER_LEN + 4);
674 if (!hdr)
675 return NULL;
676
677 hdr->version = 2; /* RTP version two */
678 hdr->p = 0; /* no padding needed */
679 hdr->x = 1; /* no header extension */
680 hdr->cc = 0; /* no CSRCs */
681 hdr->m = 0; /* marker bit */
682 hdr->pt = 0xf; /* payload type */
683 hdr->seq = htons(0x1234); /* sequence number */
684 hdr->ts = htonl(0xdecafbad); /* timestamp */
685 hdr->ssrc = htonl(ssrc); /* synch. source */
686
687 buffer = (uint8_t *)hdr;
688 buffer += bytes_in_hdr;
689
690 memcpy(buffer, extension_header, sizeof(extension_header));
691 buffer += sizeof(extension_header);
692
693 /* set RTP data to 0xab */
694 for (i=0; i < pkt_octet_len; i++)
695 *buffer++ = 0xab;
696
697 /* set post-data value to 0xffff to enable overrun checking */
698 for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++)
699 *buffer++ = 0xff;
700
701 return hdr;
702}
703
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]704void
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]705srtp_do_timing (const srtp_policy_t *policy)
706{
707 int len;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]708
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]709 /*
710 * note: the output of this function is formatted so that it
711 * can be used in gnuplot. '#' indicates a comment, and "\r\n"
712 * terminates a record
713 */
714
715 printf("# testing srtp throughput:\r\n");
716 printf("# mesg length (octets)\tthroughput (megabits per second)\r\n");
717
718 for (len = 16; len <= 2048; len *= 2) {
719 printf("%d\t\t\t%f\r\n", len,
720 srtp_bits_per_second(len, policy) / 1.0E6);
721 }
722
723 /* these extra linefeeds let gnuplot know that a dataset is done */
724 printf("\r\n\r\n");
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]725
726}
727
728void
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]729srtp_do_rejection_timing (const srtp_policy_t *policy)
730{
731 int len;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]732
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]733 /*
734 * note: the output of this function is formatted so that it
735 * can be used in gnuplot. '#' indicates a comment, and "\r\n"
736 * terminates a record
737 */
738
739 printf("# testing srtp rejection throughput:\r\n");
740 printf("# mesg length (octets)\trejections per second\r\n");
741
742 for (len = 8; len <= 2048; len *= 2) {
743 printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy));
744 }
745
746 /* these extra linefeeds let gnuplot know that a dataset is done */
747 printf("\r\n\r\n");
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]748
749}
750
751
752#define MAX_MSG_LEN 1024
753
754double
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]755srtp_bits_per_second (int msg_len_octets, const srtp_policy_t *policy)
756{
757 srtp_t srtp;
758 srtp_hdr_t *mesg;
759 int i;
760 clock_t timer;
761 int num_trials = 100000;
762 int len;
763 uint32_t ssrc;
764 srtp_err_status_t status;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]765
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]766 /*
767 * allocate and initialize an srtp session
768 */
769 status = srtp_create(&srtp, policy);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]770 if (status) {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]771 printf("error: srtp_create() failed with error code %d\n", status);
772 exit(1);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]773 }
774
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]775 /*
776 * if the ssrc is unspecified, use a predetermined one
777 */
778 if (policy->ssrc.type != ssrc_specific) {
779 ssrc = 0xdeadbeef;
780 } else {
781 ssrc = policy->ssrc.value;
Jonathan Lennox75b36872010-05-21 00:30:21 +0000[diff] [blame]782 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]783
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]784 /*
785 * create a test packet
786 */
787 mesg = srtp_create_test_packet(msg_len_octets, ssrc);
788 if (mesg == NULL) {
789 return 0.0; /* indicate failure by returning zero */
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]790
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]791 }
792 timer = clock();
793 for (i = 0; i < num_trials; i++) {
794 len = msg_len_octets + 12; /* add in rtp header length */
795
796 /* srtp protect message */
797 status = srtp_protect(srtp, mesg, &len);
798 if (status) {
799 printf("error: srtp_protect() failed with error code %d\n", status);
800 exit(1);
801 }
802
803 /* increment message number */
804 {
805 /* hack sequence to avoid problems with macros for htons/ntohs on some systems */
806 short new_seq = ntohs(mesg->seq) + 1;
807 mesg->seq = htons(new_seq);
808 }
809 }
810 timer = clock() - timer;
811
812 free(mesg);
813
814 status = srtp_dealloc(srtp);
815 if (status) {
816 printf("error: srtp_dealloc() failed with error code %d\n", status);
817 exit(1);
818 }
819
820 return (double)(msg_len_octets) * 8 *
821 num_trials * CLOCKS_PER_SEC / timer;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]822}
823
824double
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]825srtp_rejections_per_second (int msg_len_octets, const srtp_policy_t *policy)
826{
827 srtp_ctx_t *srtp;
828 srtp_hdr_t *mesg;
829 int i;
830 int len;
831 clock_t timer;
832 int num_trials = 1000000;
833 uint32_t ssrc = policy->ssrc.value;
834 srtp_err_status_t status;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]835
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]836 /*
837 * allocate and initialize an srtp session
838 */
839 status = srtp_create(&srtp, policy);
840 if (status) {
841 printf("error: srtp_create() failed with error code %d\n", status);
842 exit(1);
843 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]844
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]845 mesg = srtp_create_test_packet(msg_len_octets, ssrc);
846 if (mesg == NULL) {
847 return 0.0; /* indicate failure by returning zero */
848
849 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]850 len = msg_len_octets;
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]851 srtp_protect(srtp, (srtp_hdr_t*)mesg, &len);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]852
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]853 timer = clock();
854 for (i = 0; i < num_trials; i++) {
855 len = msg_len_octets;
856 srtp_unprotect(srtp, (srtp_hdr_t*)mesg, &len);
857 }
858 timer = clock() - timer;
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]859
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]860 free(mesg);
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]861
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]862 status = srtp_dealloc(srtp);
863 if (status) {
864 printf("error: srtp_dealloc() failed with error code %d\n", status);
865 exit(1);
866 }
867
868 return (double)num_trials * CLOCKS_PER_SEC / timer;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]869}
870
871
872void
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]873err_check (srtp_err_status_t s)
874{
875 if (s == srtp_err_status_ok) {
876 return;
877 } else{
878 fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
879 }
880 exit(1);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]881}
882
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]883srtp_err_status_t
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]884srtp_test_call_protect(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int mki_index) {
885 if (mki_index == -1) {
886 return srtp_protect(srtp_sender, hdr, len);
887 } else {
888 return srtp_protect_mki(srtp_sender, hdr, len, 1, mki_index);
889 }
890}
891
892srtp_err_status_t
893srtp_test_call_protect_rtcp(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int mki_index) {
894 if (mki_index == -1) {
895 return srtp_protect_rtcp(srtp_sender, hdr, len);
896 } else {
897 return srtp_protect_rtcp_mki(srtp_sender, hdr, len, 1, mki_index);
898 }
899}
900
901srtp_err_status_t
902srtp_test_call_unprotect(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int use_mki) {
903 if (use_mki == -1) {
904 return srtp_unprotect(srtp_sender, hdr, len);
905 } else {
906 return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki);
907 }
908}
909
910srtp_err_status_t
911srtp_test_call_unprotect_rtcp(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int use_mki) {
912 if (use_mki == -1) {
913 return srtp_unprotect_rtcp(srtp_sender, hdr, len);
914 } else {
915 return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki);
916 }
917}
918
919srtp_err_status_t
920srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index)
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]921{
922 int i;
923 srtp_t srtp_sender;
924 srtp_t srtp_rcvr;
925 srtp_err_status_t status = srtp_err_status_ok;
926 srtp_hdr_t *hdr, *hdr2;
927 uint8_t hdr_enc[64];
928 uint8_t *pkt_end;
929 int msg_len_octets, msg_len_enc;
930 int len;
931 int tag_length = policy->rtp.auth_tag_len;
932 uint32_t ssrc;
933 srtp_policy_t *rcvr_policy;
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]934 srtp_policy_t tmp_policy;
935 int header = 1;
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]936 int use_mki = 0;
937
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]938 if (mki_index >= 0)
939 use_mki = 1;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]940
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]941 if (extension_header) {
942 memcpy(&tmp_policy, policy, sizeof(srtp_policy_t));
943 tmp_policy.enc_xtn_hdr = &header;
944 tmp_policy.enc_xtn_hdr_count = 1;
945 err_check(srtp_create(&srtp_sender, &tmp_policy));
946 } else {
947 err_check(srtp_create(&srtp_sender, policy));
948 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]949
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]950 /* print out policy */
951 err_check(srtp_session_print_policy(srtp_sender));
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]952
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]953 /*
954 * initialize data buffer, using the ssrc in the policy unless that
955 * value is a wildcard, in which case we'll just use an arbitrary
956 * one
957 */
958 if (policy->ssrc.type != ssrc_specific) {
959 ssrc = 0xdecafbad;
960 } else{
961 ssrc = policy->ssrc.value;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]962 }
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]963 msg_len_octets = 28;
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]964 if (extension_header) {
965 hdr = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc);
966 hdr2 = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc);
967 } else {
968 hdr = srtp_create_test_packet(msg_len_octets, ssrc);
969 hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
970 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]971
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]972 if (hdr == NULL) {
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]973 free(hdr2);
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]974 return srtp_err_status_alloc_fail;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]975 }
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]976 if (hdr2 == NULL) {
977 free(hdr);
978 return srtp_err_status_alloc_fail;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]979 }
980
Marcus Sundberg5c40da82005-10-08 18:15:00 +0000[diff] [blame]981 /* set message length */
982 len = msg_len_octets;
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]983 if (extension_header) {
984 len += 12;
985 }
Marcus Sundberg5c40da82005-10-08 18:15:00 +0000[diff] [blame]986
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]987 debug_print(mod_driver, "before protection:\n%s",
988 srtp_packet_to_string(hdr, len));
989
990#if PRINT_REFERENCE_PACKET
991 debug_print(mod_driver, "reference packet before protection:\n%s",
992 octet_string_hex_string((uint8_t*)hdr, len));
993#endif
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]994 err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index));
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]995
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]996 debug_print(mod_driver, "after protection:\n%s",
997 srtp_packet_to_string(hdr, len));
998#if PRINT_REFERENCE_PACKET
999 debug_print(mod_driver, "after protection:\n%s",
1000 octet_string_hex_string((uint8_t*)hdr, len));
1001#endif
1002
1003 /* save protected message and length */
1004 memcpy(hdr_enc, hdr, len);
1005 msg_len_enc = len;
1006
1007 /*
1008 * check for overrun of the srtp_protect() function
1009 *
1010 * The packet is followed by a value of 0xfffff; if the value of the
1011 * data following the packet is different, then we know that the
1012 * protect function is overwriting the end of the packet.
1013 */
1014 pkt_end = (uint8_t*)hdr + sizeof(srtp_hdr_t)
1015 + msg_len_octets + tag_length;
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]1016 if (extension_header) {
1017 pkt_end += 12;
1018 }
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1019 for (i = 0; i < 4; i++) {
1020 if (pkt_end[i] != 0xff) {
1021 fprintf(stdout, "overwrite in srtp_protect() function "
1022 "(expected %x, found %x in trailing octet %d)\n",
1023 0xff, ((uint8_t*)hdr)[i], i);
1024 free(hdr);
1025 free(hdr2);
1026 return srtp_err_status_algo_fail;
1027 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1028 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1029
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1030 /*
1031 * if the policy includes confidentiality, check that ciphertext is
1032 * different than plaintext
1033 *
1034 * Note that this check will give false negatives, with some small
1035 * probability, especially if the packets are short. For that
1036 * reason, we skip this check if the plaintext is less than four
1037 * octets long.
1038 */
1039 if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
1040 printf("testing that ciphertext is distinct from plaintext...");
1041 status = srtp_err_status_algo_fail;
1042 for (i = 12; i < msg_len_octets + 12; i++) {
1043 if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) {
1044 status = srtp_err_status_ok;
1045 }
1046 }
1047 if (status) {
1048 printf("failed\n");
1049 free(hdr);
1050 free(hdr2);
1051 return status;
1052 }
1053 printf("passed\n");
1054 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1055
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1056 /*
1057 * if the policy uses a 'wildcard' ssrc, then we need to make a copy
1058 * of the policy that changes the direction to inbound
1059 *
1060 * we always copy the policy into the rcvr_policy, since otherwise
1061 * the compiler would fret about the constness of the policy
1062 */
1063 rcvr_policy = (srtp_policy_t*)malloc(sizeof(srtp_policy_t));
1064 if (rcvr_policy == NULL) {
1065 free(hdr);
1066 free(hdr2);
1067 return srtp_err_status_alloc_fail;
1068 }
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]1069 if (extension_header) {
1070 memcpy(rcvr_policy, &tmp_policy, sizeof(srtp_policy_t));
1071 if (tmp_policy.ssrc.type == ssrc_any_outbound) {
1072 rcvr_policy->ssrc.type = ssrc_any_inbound;
1073 }
1074 } else {
1075 memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
1076 if (policy->ssrc.type == ssrc_any_outbound) {
1077 rcvr_policy->ssrc.type = ssrc_any_inbound;
1078 }
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1079 }
1080
1081 err_check(srtp_create(&srtp_rcvr, rcvr_policy));
1082
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1083 err_check(srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki));
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1084
1085 debug_print(mod_driver, "after unprotection:\n%s",
1086 srtp_packet_to_string(hdr, len));
1087
1088 /* verify that the unprotected packet matches the origial one */
1089 for (i = 0; i < msg_len_octets; i++) {
1090 if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) {
1091 fprintf(stdout, "mismatch at octet %d\n", i);
1092 status = srtp_err_status_algo_fail;
1093 }
1094 }
1095 if (status) {
1096 free(hdr);
1097 free(hdr2);
1098 free(rcvr_policy);
1099 return status;
1100 }
1101
1102 /*
1103 * if the policy includes authentication, then test for false positives
1104 */
1105 if (policy->rtp.sec_serv & sec_serv_auth) {
1106 char *data = ((char*)hdr) + 12;
1107
1108 printf("testing for false positives in replay check...");
1109
1110 /* set message length */
1111 len = msg_len_enc;
1112
1113 /* unprotect a second time - should fail with a replay error */
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1114 status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki);
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1115 if (status != srtp_err_status_replay_fail) {
1116 printf("failed with error code %d\n", status);
1117 free(hdr);
1118 free(hdr2);
1119 free(rcvr_policy);
1120 return status;
1121 } else {
1122 printf("passed\n");
1123 }
1124
1125 printf("testing for false positives in auth check...");
1126
1127 /* increment sequence number in header */
1128 hdr->seq++;
1129
1130 /* set message length */
1131 len = msg_len_octets;
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]1132 if (extension_header) {
1133 len += 12;
1134 }
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1135
1136 /* apply protection */
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1137 err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index));
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1138
1139 /* flip bits in packet */
Joachim Bauchfa1e8c22015-11-24 23:38:48 +0100[diff] [blame]1140 data[extension_header ? 12 : 0] ^= 0xff;
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1141
1142 /* unprotect, and check for authentication failure */
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1143 status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki);
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1144 if (status != srtp_err_status_auth_fail) {
1145 printf("failed\n");
1146 free(hdr);
1147 free(hdr2);
1148 free(rcvr_policy);
1149 return status;
1150 } else {
1151 printf("passed\n");
1152 }
1153
1154 }
1155
1156 err_check(srtp_dealloc(srtp_sender));
1157 err_check(srtp_dealloc(srtp_rcvr));
1158
1159 free(hdr);
1160 free(hdr2);
1161 free(rcvr_policy);
1162 return srtp_err_status_ok;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1163}
1164
1165
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]1166srtp_err_status_t
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1167srtcp_test (const srtp_policy_t *policy, int mki_index)
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1168{
1169 int i;
1170 srtp_t srtcp_sender;
1171 srtp_t srtcp_rcvr;
1172 srtp_err_status_t status = srtp_err_status_ok;
1173 srtp_hdr_t *hdr, *hdr2;
1174 uint8_t hdr_enc[64];
1175 uint8_t *pkt_end;
1176 int msg_len_octets, msg_len_enc;
1177 int len;
1178 int tag_length = policy->rtp.auth_tag_len;
1179 uint32_t ssrc;
1180 srtp_policy_t *rcvr_policy;
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1181 int use_mki = 0;
1182
1183 if (mki_index >= 0)
1184 use_mki = 1;
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1185
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1186 err_check(srtp_create(&srtcp_sender, policy));
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1187
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1188 /* print out policy */
1189 err_check(srtp_session_print_policy(srtcp_sender));
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1190
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1191 /*
1192 * initialize data buffer, using the ssrc in the policy unless that
1193 * value is a wildcard, in which case we'll just use an arbitrary
1194 * one
1195 */
1196 if (policy->ssrc.type != ssrc_specific) {
1197 ssrc = 0xdecafbad;
1198 } else{
1199 ssrc = policy->ssrc.value;
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1200 }
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1201 msg_len_octets = 28;
1202 hdr = srtp_create_test_packet(msg_len_octets, ssrc);
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1203
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1204 if (hdr == NULL) {
1205 return srtp_err_status_alloc_fail;
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1206 }
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1207 hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
1208 if (hdr2 == NULL) {
1209 free(hdr);
1210 return srtp_err_status_alloc_fail;
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1211 }
1212
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1213 /* set message length */
1214 len = msg_len_octets;
1215
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1216 debug_print(mod_driver, "before protection:\n%s",
1217 srtp_packet_to_string(hdr, len));
1218
1219#if PRINT_REFERENCE_PACKET
1220 debug_print(mod_driver, "reference packet before protection:\n%s",
1221 octet_string_hex_string((uint8_t*)hdr, len));
1222#endif
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1223 err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index));
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1224
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1225 debug_print(mod_driver, "after protection:\n%s",
1226 srtp_packet_to_string(hdr, len));
1227#if PRINT_REFERENCE_PACKET
1228 debug_print(mod_driver, "after protection:\n%s",
1229 octet_string_hex_string((uint8_t*)hdr, len));
1230#endif
1231
1232 /* save protected message and length */
1233 memcpy(hdr_enc, hdr, len);
1234 msg_len_enc = len;
1235
1236 /*
1237 * check for overrun of the srtp_protect() function
1238 *
1239 * The packet is followed by a value of 0xfffff; if the value of the
1240 * data following the packet is different, then we know that the
1241 * protect function is overwriting the end of the packet.
1242 */
1243 pkt_end = (uint8_t*)hdr + sizeof(srtp_hdr_t)
1244 + msg_len_octets + tag_length;
1245 for (i = 0; i < 4; i++) {
1246 if (pkt_end[i] != 0xff) {
1247 fprintf(stdout, "overwrite in srtp_protect_rtcp() function "
1248 "(expected %x, found %x in trailing octet %d)\n",
1249 0xff, ((uint8_t*)hdr)[i], i);
1250 free(hdr);
1251 free(hdr2);
1252 return srtp_err_status_algo_fail;
1253 }
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1254 }
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1255
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1256 /*
1257 * if the policy includes confidentiality, check that ciphertext is
1258 * different than plaintext
1259 *
1260 * Note that this check will give false negatives, with some small
1261 * probability, especially if the packets are short. For that
1262 * reason, we skip this check if the plaintext is less than four
1263 * octets long.
1264 */
1265 if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
1266 printf("testing that ciphertext is distinct from plaintext...");
1267 status = srtp_err_status_algo_fail;
1268 for (i = 12; i < msg_len_octets + 12; i++) {
1269 if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) {
1270 status = srtp_err_status_ok;
1271 }
1272 }
1273 if (status) {
1274 printf("failed\n");
1275 free(hdr);
1276 free(hdr2);
1277 return status;
1278 }
1279 printf("passed\n");
1280 }
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1281
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1282 /*
1283 * if the policy uses a 'wildcard' ssrc, then we need to make a copy
1284 * of the policy that changes the direction to inbound
1285 *
1286 * we always copy the policy into the rcvr_policy, since otherwise
1287 * the compiler would fret about the constness of the policy
1288 */
1289 rcvr_policy = (srtp_policy_t*)malloc(sizeof(srtp_policy_t));
1290 if (rcvr_policy == NULL) {
1291 return srtp_err_status_alloc_fail;
1292 }
1293 memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
1294 if (policy->ssrc.type == ssrc_any_outbound) {
1295 rcvr_policy->ssrc.type = ssrc_any_inbound;
1296 }
1297
1298 err_check(srtp_create(&srtcp_rcvr, rcvr_policy));
1299
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1300 err_check(srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki));
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1301
1302 debug_print(mod_driver, "after unprotection:\n%s",
1303 srtp_packet_to_string(hdr, len));
1304
1305 /* verify that the unprotected packet matches the origial one */
1306 for (i = 0; i < msg_len_octets; i++) {
1307 if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) {
1308 fprintf(stdout, "mismatch at octet %d\n", i);
1309 status = srtp_err_status_algo_fail;
1310 }
1311 }
1312 if (status) {
1313 free(hdr);
1314 free(hdr2);
1315 free(rcvr_policy);
1316 return status;
1317 }
1318
1319 /*
1320 * if the policy includes authentication, then test for false positives
1321 */
1322 if (policy->rtp.sec_serv & sec_serv_auth) {
1323 char *data = ((char*)hdr) + 12;
1324
1325 printf("testing for false positives in replay check...");
1326
1327 /* set message length */
1328 len = msg_len_enc;
1329
1330 /* unprotect a second time - should fail with a replay error */
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1331 status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki);
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1332 if (status != srtp_err_status_replay_fail) {
1333 printf("failed with error code %d\n", status);
1334 free(hdr);
1335 free(hdr2);
1336 free(rcvr_policy);
1337 return status;
1338 } else {
1339 printf("passed\n");
1340 }
1341
1342 printf("testing for false positives in auth check...");
1343
1344 /* increment sequence number in header */
1345 hdr->seq++;
1346
1347 /* set message length */
1348 len = msg_len_octets;
1349
1350 /* apply protection */
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1351 err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index));
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1352
1353 /* flip bits in packet */
1354 data[0] ^= 0xff;
1355
1356 /* unprotect, and check for authentication failure */
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1357 status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki);
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1358 if (status != srtp_err_status_auth_fail) {
1359 printf("failed\n");
1360 free(hdr);
1361 free(hdr2);
1362 free(rcvr_policy);
1363 return status;
1364 } else {
1365 printf("passed\n");
1366 }
1367
1368 }
1369
1370 err_check(srtp_dealloc(srtcp_sender));
1371 err_check(srtp_dealloc(srtcp_rcvr));
1372
1373 free(hdr);
1374 free(hdr2);
1375 free(rcvr_policy);
1376 return srtp_err_status_ok;
David McGrew9c70f292006-05-03 19:38:38 +0000[diff] [blame]1377}
1378
1379
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]1380srtp_err_status_t
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1381srtp_session_print_policy (srtp_t srtp)
1382{
1383 char *serv_descr[4] = {
1384 "none",
1385 "confidentiality",
1386 "authentication",
1387 "confidentiality and authentication"
1388 };
1389 char *direction[3] = {
1390 "unknown",
1391 "outbound",
1392 "inbound"
1393 };
1394 srtp_stream_t stream;
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1395 srtp_session_keys_t *session_keys = NULL;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1396
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1397 /* sanity checking */
1398 if (srtp == NULL) {
1399 return srtp_err_status_fail;
1400 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1401
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1402 /* if there's a template stream, print it out */
1403 if (srtp->stream_template != NULL) {
1404 stream = srtp->stream_template;
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1405 session_keys = &stream->session_keys[0];
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1406 printf("# SSRC: any %s\r\n"
1407 "# rtp cipher: %s\r\n"
1408 "# rtp auth: %s\r\n"
1409 "# rtp services: %s\r\n"
1410 "# rtcp cipher: %s\r\n"
1411 "# rtcp auth: %s\r\n"
1412 "# rtcp services: %s\r\n"
1413 "# window size: %lu\r\n"
1414 "# tx rtx allowed:%s\r\n",
1415 direction[stream->direction],
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1416 session_keys->rtp_cipher->type->description,
1417 session_keys->rtp_auth->type->description,
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1418 serv_descr[stream->rtp_services],
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1419 session_keys->rtcp_cipher->type->description,
1420 session_keys->rtcp_auth->type->description,
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1421 serv_descr[stream->rtcp_services],
jfigusde8deb32014-11-25 12:58:11 -0500[diff] [blame]1422 srtp_rdbx_get_window_size(&stream->rtp_rdbx),
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1423 stream->allow_repeat_tx ? "true" : "false");
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]1424
1425 printf("# Encrypted extension headers: ");
1426 if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) {
1427 int* enc_xtn_hdr = stream->enc_xtn_hdr;
1428 int count = stream->enc_xtn_hdr_count;
1429 while (count > 0) {
1430 printf("%d ", *enc_xtn_hdr);
1431 enc_xtn_hdr++;
1432 count--;
1433 }
1434 printf("\n");
1435 } else {
1436 printf("none\n");
1437 }
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1438 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1439
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1440 /* loop over streams in session, printing the policy of each */
1441 stream = srtp->stream_list;
1442 while (stream != NULL) {
1443 if (stream->rtp_services > sec_serv_conf_and_auth) {
1444 return srtp_err_status_bad_param;
1445 }
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1446 session_keys = &stream->session_keys[0];
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1447
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1448 printf("# SSRC: 0x%08x\r\n"
1449 "# rtp cipher: %s\r\n"
1450 "# rtp auth: %s\r\n"
1451 "# rtp services: %s\r\n"
1452 "# rtcp cipher: %s\r\n"
1453 "# rtcp auth: %s\r\n"
1454 "# rtcp services: %s\r\n"
1455 "# window size: %lu\r\n"
1456 "# tx rtx allowed:%s\r\n",
1457 stream->ssrc,
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1458 session_keys->rtp_cipher->type->description,
1459 session_keys->rtp_auth->type->description,
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1460 serv_descr[stream->rtp_services],
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]1461 session_keys->rtcp_cipher->type->description,
1462 session_keys->rtcp_auth->type->description,
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1463 serv_descr[stream->rtcp_services],
jfigusde8deb32014-11-25 12:58:11 -0500[diff] [blame]1464 srtp_rdbx_get_window_size(&stream->rtp_rdbx),
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1465 stream->allow_repeat_tx ? "true" : "false");
1466
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]1467 printf("# Encrypted extension headers: ");
1468 if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) {
1469 int* enc_xtn_hdr = stream->enc_xtn_hdr;
1470 int count = stream->enc_xtn_hdr_count;
1471 while (count > 0) {
1472 printf("%d ", *enc_xtn_hdr);
1473 enc_xtn_hdr++;
1474 count--;
1475 }
1476 printf("\n");
1477 } else {
1478 printf("none\n");
1479 }
1480
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1481 /* advance to next stream in the list */
1482 stream = stream->next;
1483 }
1484 return srtp_err_status_ok;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1485}
1486
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]1487srtp_err_status_t
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1488srtp_print_policy (const srtp_policy_t *policy)
1489{
1490 srtp_err_status_t status;
1491 srtp_t session;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1492
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1493 status = srtp_create(&session, policy);
1494 if (status) {
1495 return status;
1496 }
1497 status = srtp_session_print_policy(session);
1498 if (status) {
1499 return status;
1500 }
1501 status = srtp_dealloc(session);
1502 if (status) {
1503 return status;
1504 }
1505 return srtp_err_status_ok;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1506}
1507
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1508/*
1509 * srtp_print_packet(...) is for debugging only
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1510 * it prints an RTP packet to the stdout
1511 *
1512 * note that this function is *not* threadsafe
1513 */
1514
1515#include <stdio.h>
1516
1517#define MTU 2048
1518
1519char packet_string[MTU];
1520
1521char *
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1522srtp_packet_to_string (srtp_hdr_t *hdr, int pkt_octet_len)
1523{
1524 int octets_in_rtp_header = 12;
1525 uint8_t *data = ((uint8_t*)hdr) + octets_in_rtp_header;
1526 int hex_len = pkt_octet_len - octets_in_rtp_header;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1527
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1528 /* sanity checking */
1529 if ((hdr == NULL) || (pkt_octet_len > MTU)) {
1530 return NULL;
1531 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1532
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1533 /* write packet into string */
1534 sprintf(packet_string,
1535 "(s)rtp packet: {\n"
1536 " version:\t%d\n"
1537 " p:\t\t%d\n"
1538 " x:\t\t%d\n"
1539 " cc:\t\t%d\n"
1540 " m:\t\t%d\n"
1541 " pt:\t\t%x\n"
1542 " seq:\t\t%x\n"
1543 " ts:\t\t%x\n"
1544 " ssrc:\t%x\n"
1545 " data:\t%s\n"
1546 "} (%d octets in total)\n",
1547 hdr->version,
1548 hdr->p,
1549 hdr->x,
1550 hdr->cc,
1551 hdr->m,
1552 hdr->pt,
1553 hdr->seq,
1554 hdr->ts,
1555 hdr->ssrc,
1556 octet_string_hex_string(data, hex_len),
1557 pkt_octet_len);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1558
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1559 return packet_string;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1560}
1561
1562/*
1563 * mips_estimate() is a simple function to estimate the number of
1564 * instructions per second that the host can perform. note that this
1565 * function can be grossly wrong; you may want to have a manual sanity
1566 * check of its output!
1567 *
1568 * the 'ignore' pointer is there to convince the compiler to not just
1569 * optimize away the function
1570 */
1571
1572double
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1573mips_estimate (int num_trials, int *ignore)
1574{
1575 clock_t t;
1576 volatile int i, sum;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1577
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1578 sum = 0;
1579 t = clock();
1580 for (i = 0; i < num_trials; i++) {
1581 sum += i;
1582 }
1583 t = clock() - t;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1584
1585/* printf("%d\n", sum); */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1586 *ignore = sum;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1587
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1588 return (double)num_trials * CLOCKS_PER_SEC / t;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1589}
1590
1591
1592/*
1593 * srtp_validate() verifies the correctness of libsrtp by comparing
1594 * some computed packets against some pre-computed reference values.
1595 * These packets were made with the default SRTP policy.
1596 */
1597
1598
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]1599srtp_err_status_t
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1600srtp_validate ()
1601{
1602 uint8_t srtp_plaintext_ref[28] = {
1603 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1604 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1605 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1606 0xab, 0xab, 0xab, 0xab
1607 };
1608 uint8_t srtp_plaintext[38] = {
1609 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1610 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1611 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1612 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
1613 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1614 };
1615 uint8_t srtp_ciphertext[38] = {
1616 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1617 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
1618 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
1619 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
1620 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
1621 };
Pascal Bühler941cf122016-06-10 09:30:52 +0200[diff] [blame]1622 uint8_t rtcp_plaintext_ref[24] = {
1623 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1624 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1625 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1626 };
1627 uint8_t rtcp_plaintext[38] = {
1628 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1629 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1630 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1631 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1632 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1633 };
1634 uint8_t srtcp_ciphertext[38] = {
1635 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1636 0x71, 0x28, 0x03, 0x5b, 0xe4, 0x87, 0xb9, 0xbd,
1637 0xbe, 0xf8, 0x90, 0x41, 0xf9, 0x77, 0xa5, 0xa8,
1638 0x80, 0x00, 0x00, 0x01, 0x99, 0x3e, 0x08, 0xcd,
1639 0x54, 0xd6, 0xc1, 0x23, 0x07, 0x98
1640 };
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1641 srtp_t srtp_snd, srtp_recv;
1642 srtp_err_status_t status;
1643 int len;
1644 srtp_policy_t policy;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1645
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1646 /*
1647 * create a session with a single stream using the default srtp
1648 * policy and with the SSRC value 0xcafebabe
1649 */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]1650 memset(&policy, 0, sizeof(policy));
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1651 srtp_crypto_policy_set_rtp_default(&policy.rtp);
1652 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
1653 policy.ssrc.type = ssrc_specific;
1654 policy.ssrc.value = 0xcafebabe;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]1655 policy.key = test_key;
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1656 policy.ekt = NULL;
1657 policy.window_size = 128;
1658 policy.allow_repeat_tx = 0;
1659 policy.next = NULL;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1660
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1661 status = srtp_create(&srtp_snd, &policy);
1662 if (status) {
1663 return status;
1664 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1665
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1666 /*
1667 * protect plaintext, then compare with ciphertext
1668 */
1669 len = 28;
1670 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
1671 if (status || (len != 38)) {
1672 return srtp_err_status_fail;
1673 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1674
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1675 debug_print(mod_driver, "ciphertext:\n %s",
1676 octet_string_hex_string(srtp_plaintext, len));
1677 debug_print(mod_driver, "ciphertext reference:\n %s",
1678 octet_string_hex_string(srtp_ciphertext, len));
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1679
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1680 if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) {
1681 return srtp_err_status_fail;
1682 }
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]1683
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1684 /*
Pascal Bühler941cf122016-06-10 09:30:52 +0200[diff] [blame]1685 * protect plaintext rtcp, then compare with srtcp ciphertext
1686 */
1687 len = 24;
1688 status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len);
1689 if (status || (len != 38)) {
1690 return srtp_err_status_fail;
1691 }
1692
1693 debug_print(mod_driver, "srtcp ciphertext:\n %s",
1694 octet_string_hex_string(rtcp_plaintext, len));
1695 debug_print(mod_driver, "srtcp ciphertext reference:\n %s",
1696 octet_string_hex_string(srtcp_ciphertext, len));
1697
1698 if (octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) {
1699 return srtp_err_status_fail;
1700 }
1701
1702 /*
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1703 * create a receiver session context comparable to the one created
1704 * above - we need to do this so that the replay checking doesn't
1705 * complain
1706 */
1707 status = srtp_create(&srtp_recv, &policy);
1708 if (status) {
1709 return status;
1710 }
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]1711
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1712 /*
1713 * unprotect ciphertext, then compare with plaintext
1714 */
1715 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
1716 if (status || (len != 28)) {
1717 return status;
1718 }
1719
1720 if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) {
1721 return srtp_err_status_fail;
1722 }
1723
Pascal Bühler941cf122016-06-10 09:30:52 +0200[diff] [blame]1724 /*
1725 * unprotect srtcp ciphertext, then compare with rtcp plaintext
1726 */
1727 len = 38;
1728 status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len);
1729 if (status || (len != 24)) {
1730 return status;
1731 }
1732
1733 if (octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) {
1734 return srtp_err_status_fail;
1735 }
1736
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]1737 status = srtp_dealloc(srtp_snd);
1738 if (status) {
1739 return status;
1740 }
1741
1742 status = srtp_dealloc(srtp_recv);
1743 if (status) {
1744 return status;
1745 }
1746
1747 return srtp_err_status_ok;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]1748}
1749
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1750#ifdef OPENSSL
1751/*
1752 * srtp_validate_gcm() verifies the correctness of libsrtp by comparing
1753 * an computed packet against the known ciphertext for the plaintext.
1754 */
1755srtp_err_status_t
1756srtp_validate_gcm ()
1757{
1758 unsigned char test_key_gcm[28] = {
1759 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1760 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1761 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
1762 0xa8, 0xa9, 0xaa, 0xab
1763 };
Pascal Bühler45019ae2016-06-10 08:35:12 +0200[diff] [blame]1764 uint8_t rtp_plaintext_ref[28] = {
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1765 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1766 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1767 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1768 0xab, 0xab, 0xab, 0xab
1769 };
Pascal Bühler45019ae2016-06-10 08:35:12 +0200[diff] [blame]1770 uint8_t rtp_plaintext[44] = {
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1771 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1772 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1773 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1774 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
1775 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1776 0x00, 0x00, 0x00, 0x00
1777 };
1778 uint8_t srtp_ciphertext[44] = {
1779 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1780 0xca, 0xfe, 0xba, 0xbe, 0xc5, 0x00, 0x2e, 0xde,
1781 0x04, 0xcf, 0xdd, 0x2e, 0xb9, 0x11, 0x59, 0xe0,
1782 0x88, 0x0a, 0xa0, 0x6e, 0xd2, 0x97, 0x68, 0x26,
1783 0xf7, 0x96, 0xb2, 0x01, 0xdf, 0x31, 0x31, 0xa1,
1784 0x27, 0xe8, 0xa3, 0x92
1785 };
Pascal Bühler45019ae2016-06-10 08:35:12 +0200[diff] [blame]1786 uint8_t rtcp_plaintext_ref[24] = {
1787 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1788 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1789 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1790 };
1791 uint8_t rtcp_plaintext[44] = {
1792 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1793 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1794 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1795 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1796 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1797 0x00, 0x00, 0x00, 0x00
1798 };
1799 uint8_t srtcp_ciphertext[44] = {
1800 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1801 0xc9, 0x8b, 0x8b, 0x5d, 0xf0, 0x39, 0x2a, 0x55,
1802 0x85, 0x2b, 0x6c, 0x21, 0xac, 0x8e, 0x70, 0x25,
1803 0xc5, 0x2c, 0x6f, 0xbe, 0xa2, 0xb3, 0xb4, 0x46,
1804 0xea, 0x31, 0x12, 0x3b, 0xa8, 0x8c, 0xe6, 0x1e,
1805 0x80, 0x00, 0x00, 0x01
1806 };
1807
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1808 srtp_t srtp_snd, srtp_recv;
1809 srtp_err_status_t status;
1810 int len;
1811 srtp_policy_t policy;
1812
1813 /*
1814 * create a session with a single stream using the default srtp
1815 * policy and with the SSRC value 0xcafebabe
1816 */
1817 memset(&policy, 0, sizeof(policy));
1818 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
1819 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
1820 policy.ssrc.type = ssrc_specific;
1821 policy.ssrc.value = 0xcafebabe;
1822 policy.key = test_key_gcm;
1823 policy.ekt = NULL;
1824 policy.window_size = 128;
1825 policy.allow_repeat_tx = 0;
1826 policy.next = NULL;
1827
1828 status = srtp_create(&srtp_snd, &policy);
1829 if (status) {
1830 return status;
1831 }
1832
1833 /*
Pascal Bühler45019ae2016-06-10 08:35:12 +0200[diff] [blame]1834 * protect plaintext rtp, then compare with srtp ciphertext
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1835 */
1836 len = 28;
Pascal Bühler45019ae2016-06-10 08:35:12 +0200[diff] [blame]1837 status = srtp_protect(srtp_snd, rtp_plaintext, &len);
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1838 if (status || (len != 44)) {
1839 return srtp_err_status_fail;
1840 }
1841
Pascal Bühler45019ae2016-06-10 08:35:12 +0200[diff] [blame]1842 debug_print(mod_driver, "srtp ciphertext:\n %s",
1843 octet_string_hex_string(rtp_plaintext, len));
1844 debug_print(mod_driver, "srtp ciphertext reference:\n %s",
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1845 octet_string_hex_string(srtp_ciphertext, len));
1846
Pascal Bühler45019ae2016-06-10 08:35:12 +0200[diff] [blame]1847 if (octet_string_is_eq(rtp_plaintext, srtp_ciphertext, len)) {
1848 return srtp_err_status_fail;
1849 }
1850
1851 /*
1852 * protect plaintext rtcp, then compare with srtcp ciphertext
1853 */
1854 len = 24;
1855 status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len);
1856 if (status || (len != 44)) {
1857 return srtp_err_status_fail;
1858 }
1859
1860 debug_print(mod_driver, "srtcp ciphertext:\n %s",
1861 octet_string_hex_string(rtcp_plaintext, len));
1862 debug_print(mod_driver, "srtcp ciphertext reference:\n %s",
1863 octet_string_hex_string(srtcp_ciphertext, len));
1864
1865 if (octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) {
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1866 return srtp_err_status_fail;
1867 }
1868
1869 /*
1870 * create a receiver session context comparable to the one created
1871 * above - we need to do this so that the replay checking doesn't
1872 * complain
1873 */
1874 status = srtp_create(&srtp_recv, &policy);
1875 if (status) {
1876 return status;
1877 }
1878
1879 /*
Pascal Bühler45019ae2016-06-10 08:35:12 +0200[diff] [blame]1880 * unprotect srtp ciphertext, then compare with rtp plaintext
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1881 */
Pascal Bühler45019ae2016-06-10 08:35:12 +0200[diff] [blame]1882 len = 44;
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1883 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
1884 if (status || (len != 28)) {
1885 return status;
1886 }
1887
Pascal Bühler45019ae2016-06-10 08:35:12 +0200[diff] [blame]1888 if (octet_string_is_eq(srtp_ciphertext, rtp_plaintext_ref, len)) {
1889 return srtp_err_status_fail;
1890 }
1891
1892 /*
1893 * unprotect srtcp ciphertext, then compare with rtcp plaintext
1894 */
1895 len = 44;
1896 status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len);
1897 if (status || (len != 24)) {
1898 return status;
1899 }
1900
1901 if (octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) {
Paul E. Jonese2ab5f22016-05-29 16:18:24 -0400[diff] [blame]1902 return srtp_err_status_fail;
1903 }
1904
1905 status = srtp_dealloc(srtp_snd);
1906 if (status) {
1907 return status;
1908 }
1909
1910 status = srtp_dealloc(srtp_recv);
1911 if (status) {
1912 return status;
1913 }
1914
1915 return srtp_err_status_ok;
1916}
1917#endif
1918
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]1919/*
1920 * Test vectors taken from RFC 6904, Appendix A
1921 */
1922srtp_err_status_t
1923srtp_validate_encrypted_extensions_headers() {
1924 unsigned char test_key_ext_headers[30] = {
1925 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
1926 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
1927 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
1928 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
1929 };
1930 uint8_t srtp_plaintext_ref[56] = {
1931 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1932 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
1933 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
1934 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
1935 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
1936 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1937 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
1938 };
1939 uint8_t srtp_plaintext[66] = {
1940 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1941 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
1942 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
1943 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
1944 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
1945 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1946 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1947 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1948 0x00, 0x00
1949 };
1950 uint8_t srtp_ciphertext[66] = {
1951 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1952 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
1953 0x17, 0x58, 0x8A, 0x92, 0x70, 0xF4, 0xE1, 0x5E,
1954 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x95, 0x46,
1955 0xA9, 0x94, 0xF0, 0xBC, 0x54, 0x78, 0x97, 0x00,
1956 0x4e, 0x55, 0xdc, 0x4c, 0xe7, 0x99, 0x78, 0xd8,
1957 0x8c, 0xa4, 0xd2, 0x15, 0x94, 0x9d, 0x24, 0x02,
1958 0x5a, 0x46, 0xb3, 0xca, 0x35, 0xc5, 0x35, 0xa8,
1959 0x91, 0xc7
1960 };
1961 srtp_t srtp_snd, srtp_recv;
1962 srtp_err_status_t status;
1963 int len;
1964 srtp_policy_t policy;
1965 int headers[3] = {1, 3, 4};
1966
1967 /*
1968 * create a session with a single stream using the default srtp
1969 * policy and with the SSRC value 0xcafebabe
1970 */
1971 memset(&policy, 0, sizeof(policy));
1972 srtp_crypto_policy_set_rtp_default(&policy.rtp);
1973 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
1974 policy.ssrc.type = ssrc_specific;
1975 policy.ssrc.value = 0xcafebabe;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]1976 policy.key = test_key_ext_headers;
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]1977 policy.ekt = NULL;
1978 policy.window_size = 128;
1979 policy.allow_repeat_tx = 0;
1980 policy.enc_xtn_hdr = headers;
1981 policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]);
1982 policy.next = NULL;
1983
1984 status = srtp_create(&srtp_snd, &policy);
1985 if (status)
1986 return status;
1987
1988 /*
1989 * protect plaintext, then compare with ciphertext
1990 */
1991 len = sizeof(srtp_plaintext_ref);
1992 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
1993 if (status || (len != sizeof(srtp_plaintext)))
1994 return srtp_err_status_fail;
1995
1996 debug_print(mod_driver, "ciphertext:\n %s",
1997 srtp_octet_string_hex_string(srtp_plaintext, len));
1998 debug_print(mod_driver, "ciphertext reference:\n %s",
1999 srtp_octet_string_hex_string(srtp_ciphertext, len));
2000
2001 if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
2002 return srtp_err_status_fail;
2003
2004 /*
2005 * create a receiver session context comparable to the one created
2006 * above - we need to do this so that the replay checking doesn't
2007 * complain
2008 */
2009 status = srtp_create(&srtp_recv, &policy);
2010 if (status)
2011 return status;
2012
2013 /*
2014 * unprotect ciphertext, then compare with plaintext
2015 */
2016 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
Joachim Baucha9ecefe2015-12-14 21:40:42 +0100[diff] [blame]2017 if (status) {
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]2018 return status;
Joachim Baucha9ecefe2015-12-14 21:40:42 +0100[diff] [blame]2019 } else if (len != sizeof(srtp_plaintext_ref)) {
2020 return srtp_err_status_fail;
2021 }
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]2022
2023 if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
2024 return srtp_err_status_fail;
2025
2026 status = srtp_dealloc(srtp_snd);
2027 if (status)
2028 return status;
2029
2030 status = srtp_dealloc(srtp_recv);
2031 if (status)
2032 return status;
2033
2034 return srtp_err_status_ok;
2035}
2036
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2037
Joachim Bauch80a45b52015-12-06 22:57:58 +0100[diff] [blame]2038#ifdef OPENSSL
Joachim Baucha9ecefe2015-12-14 21:40:42 +0100[diff] [blame]2039
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2040/*
Joachim Bauchfa1e8c22015-11-24 23:38:48 +0100[diff] [blame]2041 * Headers of test vectors taken from RFC 6904, Appendix A
2042 */
2043srtp_err_status_t
2044srtp_validate_encrypted_extensions_headers_gcm() {
2045 unsigned char test_key_ext_headers[30] = {
2046 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
2047 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
2048 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
2049 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
2050 };
2051 uint8_t srtp_plaintext_ref[56] = {
2052 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2053 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
2054 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
2055 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
2056 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
2057 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
2058 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
2059 };
2060 uint8_t srtp_plaintext[64] = {
2061 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2062 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
2063 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
2064 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
2065 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
2066 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
2067 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
2068 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
2069 };
2070 uint8_t srtp_ciphertext[64] = {
2071 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2072 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
2073 0x17, 0x58, 0x8A, 0x92, 0x70, 0xF4, 0xE1, 0x5E,
2074 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x95, 0x46,
2075 0xA9, 0x94, 0xF0, 0xBC, 0x54, 0x78, 0x97, 0x00,
2076 0x0e, 0xca, 0x0c, 0xf9, 0x5e, 0xe9, 0x55, 0xb2,
2077 0x6c, 0xd3, 0xd2, 0x88, 0xb4, 0x9f, 0x6c, 0xa9,
2078 0xbb, 0x4e, 0x15, 0xc2, 0xe9, 0xf2, 0x66, 0x78
2079 };
2080 srtp_t srtp_snd, srtp_recv;
2081 srtp_err_status_t status;
2082 int len;
2083 srtp_policy_t policy;
2084 int headers[3] = {1, 3, 4};
2085
2086 /*
2087 * create a session with a single stream using the default srtp
2088 * policy and with the SSRC value 0xcafebabe
2089 */
2090 memset(&policy, 0, sizeof(policy));
2091 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
2092 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
2093 policy.ssrc.type = ssrc_specific;
2094 policy.ssrc.value = 0xcafebabe;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2095 policy.key = test_key_ext_headers;
Joachim Bauchfa1e8c22015-11-24 23:38:48 +0100[diff] [blame]2096 policy.ekt = NULL;
2097 policy.window_size = 128;
2098 policy.allow_repeat_tx = 0;
2099 policy.enc_xtn_hdr = headers;
2100 policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]);
2101 policy.next = NULL;
2102
2103 status = srtp_create(&srtp_snd, &policy);
2104 if (status)
2105 return status;
2106
2107 /*
2108 * protect plaintext, then compare with ciphertext
2109 */
2110 len = sizeof(srtp_plaintext_ref);
2111 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
2112 if (status || (len != sizeof(srtp_plaintext)))
2113 return srtp_err_status_fail;
2114
2115 debug_print(mod_driver, "ciphertext:\n %s",
2116 srtp_octet_string_hex_string(srtp_plaintext, len));
2117 debug_print(mod_driver, "ciphertext reference:\n %s",
2118 srtp_octet_string_hex_string(srtp_ciphertext, len));
2119
2120 if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
2121 return srtp_err_status_fail;
2122
2123 /*
2124 * create a receiver session context comparable to the one created
2125 * above - we need to do this so that the replay checking doesn't
2126 * complain
2127 */
2128 status = srtp_create(&srtp_recv, &policy);
2129 if (status)
2130 return status;
2131
2132 /*
2133 * unprotect ciphertext, then compare with plaintext
2134 */
2135 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
Joachim Baucha9ecefe2015-12-14 21:40:42 +0100[diff] [blame]2136 if (status) {
Joachim Bauchfa1e8c22015-11-24 23:38:48 +0100[diff] [blame]2137 return status;
Joachim Baucha9ecefe2015-12-14 21:40:42 +0100[diff] [blame]2138 } else if (len != sizeof(srtp_plaintext_ref)) {
2139 return srtp_err_status_fail;
2140 }
Joachim Bauchfa1e8c22015-11-24 23:38:48 +0100[diff] [blame]2141
2142 if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
2143 return srtp_err_status_fail;
2144
2145 status = srtp_dealloc(srtp_snd);
2146 if (status)
2147 return status;
2148
2149 status = srtp_dealloc(srtp_recv);
2150 if (status)
2151 return status;
2152
2153 return srtp_err_status_ok;
2154}
Joachim Bauch80a45b52015-12-06 22:57:58 +0100[diff] [blame]2155#endif
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2156
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2157/*
2158 * srtp_validate_aes_256() verifies the correctness of libsrtp by comparing
2159 * some computed packets against some pre-computed reference values.
2160 * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy.
2161 */
2162
2163
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]2164srtp_err_status_t
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2165srtp_validate_aes_256 ()
2166{
2167 unsigned char aes_256_test_key[46] = {
2168 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
2169 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
2170 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
2171 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2172
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2173 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
2174 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
2175 };
2176 uint8_t srtp_plaintext_ref[28] = {
2177 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2178 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
2179 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
2180 0xab, 0xab, 0xab, 0xab
2181 };
2182 uint8_t srtp_plaintext[38] = {
2183 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2184 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
2185 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
2186 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
2187 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
2188 };
2189 uint8_t srtp_ciphertext[38] = {
2190 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2191 0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17,
2192 0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74,
2193 0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a,
2194 0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b
2195 };
2196 srtp_t srtp_snd, srtp_recv;
2197 srtp_err_status_t status;
2198 int len;
2199 srtp_policy_t policy;
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2200
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2201 /*
2202 * create a session with a single stream using the default srtp
2203 * policy and with the SSRC value 0xcafebabe
2204 */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]2205 memset(&policy, 0, sizeof(policy));
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2206 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
2207 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp);
2208 policy.ssrc.type = ssrc_specific;
2209 policy.ssrc.value = 0xcafebabe;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2210 policy.key = aes_256_test_key;
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2211 policy.ekt = NULL;
2212 policy.window_size = 128;
2213 policy.allow_repeat_tx = 0;
2214 policy.next = NULL;
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2215
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2216 status = srtp_create(&srtp_snd, &policy);
2217 if (status) {
2218 return status;
2219 }
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2220
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2221 /*
2222 * protect plaintext, then compare with ciphertext
2223 */
2224 len = 28;
2225 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
2226 if (status || (len != 38)) {
2227 return srtp_err_status_fail;
2228 }
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2229
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2230 debug_print(mod_driver, "ciphertext:\n %s",
2231 octet_string_hex_string(srtp_plaintext, len));
2232 debug_print(mod_driver, "ciphertext reference:\n %s",
2233 octet_string_hex_string(srtp_ciphertext, len));
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2234
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2235 if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) {
2236 return srtp_err_status_fail;
2237 }
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2238
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2239 /*
2240 * create a receiver session context comparable to the one created
2241 * above - we need to do this so that the replay checking doesn't
2242 * complain
2243 */
2244 status = srtp_create(&srtp_recv, &policy);
2245 if (status) {
2246 return status;
2247 }
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2248
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2249 /*
2250 * unprotect ciphertext, then compare with plaintext
2251 */
2252 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
2253 if (status || (len != 28)) {
2254 return status;
2255 }
2256
2257 if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) {
2258 return srtp_err_status_fail;
2259 }
2260
2261 status = srtp_dealloc(srtp_snd);
2262 if (status) {
2263 return status;
2264 }
2265
2266 status = srtp_dealloc(srtp_recv);
2267 if (status) {
2268 return status;
2269 }
2270
2271 return srtp_err_status_ok;
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]2272}
2273
2274
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]2275srtp_err_status_t
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2276srtp_create_big_policy (srtp_policy_t **list)
2277{
2278 extern const srtp_policy_t *policy_array[];
2279 srtp_policy_t *p, *tmp;
2280 int i = 0;
2281 uint32_t ssrc = 0;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2282
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2283 /* sanity checking */
2284 if ((list == NULL) || (policy_array[0] == NULL)) {
2285 return srtp_err_status_bad_param;
2286 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2287
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2288 /*
2289 * loop over policy list, mallocing a new list and copying values
2290 * into it (and incrementing the SSRC value as we go along)
2291 */
2292 tmp = NULL;
2293 while (policy_array[i] != NULL) {
2294 p = (srtp_policy_t*)malloc(sizeof(srtp_policy_t));
2295 if (p == NULL) {
2296 return srtp_err_status_bad_param;
2297 }
2298 memcpy(p, policy_array[i], sizeof(srtp_policy_t));
2299 p->ssrc.type = ssrc_specific;
2300 p->ssrc.value = ssrc++;
2301 p->next = tmp;
2302 tmp = p;
2303 i++;
2304 }
2305 *list = p;
2306
2307 return srtp_err_status_ok;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2308}
2309
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]2310srtp_err_status_t
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2311srtp_dealloc_big_policy (srtp_policy_t *list)
2312{
2313 srtp_policy_t *p, *next;
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]2314
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2315 for (p = list; p != NULL; p = next) {
2316 next = p->next;
2317 free(p);
2318 }
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]2319
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2320 return srtp_err_status_ok;
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]2321}
2322
Joachim Bauchc8a19ae2015-12-14 22:50:36 +0100[diff] [blame]2323srtp_err_status_t
2324srtp_test_empty_payload()
2325{
2326 srtp_t srtp_snd, srtp_recv;
2327 srtp_err_status_t status;
2328 int len;
2329 srtp_policy_t policy;
2330 srtp_hdr_t *mesg;
2331
2332 /*
2333 * create a session with a single stream using the default srtp
2334 * policy and with the SSRC value 0xcafebabe
2335 */
2336 memset(&policy, 0, sizeof(policy));
2337 srtp_crypto_policy_set_rtp_default(&policy.rtp);
2338 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
2339 policy.ssrc.type = ssrc_specific;
2340 policy.ssrc.value = 0xcafebabe;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2341 policy.key = test_key;
Joachim Bauchc8a19ae2015-12-14 22:50:36 +0100[diff] [blame]2342 policy.ekt = NULL;
2343 policy.window_size = 128;
2344 policy.allow_repeat_tx = 0;
2345 policy.next = NULL;
2346
2347 status = srtp_create(&srtp_snd, &policy);
2348 if (status) {
2349 return status;
2350 }
2351
2352 mesg = srtp_create_test_packet(0, policy.ssrc.value);
2353 if (mesg == NULL) {
2354 return srtp_err_status_fail;
2355 }
2356
2357 len = 12; /* only the header */
2358 status = srtp_protect(srtp_snd, mesg, &len);
2359 if (status) {
2360 return status;
2361 } else if (len != 12 + 10) {
2362 return srtp_err_status_fail;
2363 }
2364
2365 /*
2366 * create a receiver session context comparable to the one created
2367 * above - we need to do this so that the replay checking doesn't
2368 * complain
2369 */
2370 status = srtp_create(&srtp_recv, &policy);
2371 if (status) {
2372 return status;
2373 }
2374
2375 /*
2376 * unprotect ciphertext, then compare with plaintext
2377 */
2378 status = srtp_unprotect(srtp_recv, mesg, &len);
2379 if (status) {
2380 return status;
2381 } else if (len != 12) {
2382 return srtp_err_status_fail;
2383 }
2384
2385 status = srtp_dealloc(srtp_snd);
2386 if (status) {
2387 return status;
2388 }
2389
2390 status = srtp_dealloc(srtp_recv);
2391 if (status) {
2392 return status;
2393 }
2394
2395 free(mesg);
2396
2397 return srtp_err_status_ok;
2398}
2399
2400#ifdef OPENSSL
2401srtp_err_status_t
2402srtp_test_empty_payload_gcm()
2403{
2404 srtp_t srtp_snd, srtp_recv;
2405 srtp_err_status_t status;
2406 int len;
2407 srtp_policy_t policy;
2408 srtp_hdr_t *mesg;
2409
2410 /*
2411 * create a session with a single stream using the default srtp
2412 * policy and with the SSRC value 0xcafebabe
2413 */
2414 memset(&policy, 0, sizeof(policy));
2415 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
2416 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
2417 policy.ssrc.type = ssrc_specific;
2418 policy.ssrc.value = 0xcafebabe;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2419 policy.key = test_key;
Joachim Bauchc8a19ae2015-12-14 22:50:36 +0100[diff] [blame]2420 policy.ekt = NULL;
2421 policy.window_size = 128;
2422 policy.allow_repeat_tx = 0;
2423 policy.next = NULL;
2424
2425 status = srtp_create(&srtp_snd, &policy);
2426 if (status) {
2427 return status;
2428 }
2429
2430 mesg = srtp_create_test_packet(0, policy.ssrc.value);
2431 if (mesg == NULL) {
2432 return srtp_err_status_fail;
2433 }
2434
2435 len = 12; /* only the header */
2436 status = srtp_protect(srtp_snd, mesg, &len);
2437 if (status) {
2438 return status;
2439 } else if (len != 12 + 8) {
2440 return srtp_err_status_fail;
2441 }
2442
2443 /*
2444 * create a receiver session context comparable to the one created
2445 * above - we need to do this so that the replay checking doesn't
2446 * complain
2447 */
2448 status = srtp_create(&srtp_recv, &policy);
2449 if (status) {
2450 return status;
2451 }
2452
2453 /*
2454 * unprotect ciphertext, then compare with plaintext
2455 */
2456 status = srtp_unprotect(srtp_recv, mesg, &len);
2457 if (status) {
2458 return status;
2459 } else if (len != 12) {
2460 return srtp_err_status_fail;
2461 }
2462
2463 status = srtp_dealloc(srtp_snd);
2464 if (status) {
2465 return status;
2466 }
2467
2468 status = srtp_dealloc(srtp_recv);
2469 if (status) {
2470 return status;
2471 }
2472
2473 free(mesg);
2474
2475 return srtp_err_status_ok;
2476}
2477#endif // OPENSSL
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]2478
jfigus857009c2014-11-05 11:17:43 -0500[diff] [blame]2479srtp_err_status_t
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2480srtp_test_remove_stream ()
2481{
2482 srtp_err_status_t status;
2483 srtp_policy_t *policy_list, policy;
2484 srtp_t session;
2485 srtp_stream_t stream;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2486
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2487 /*
2488 * srtp_get_stream() is a libSRTP internal function that we declare
2489 * here so that we can use it to verify the correct operation of the
2490 * library
2491 */
2492 extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2493
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2494
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2495 status = srtp_create_big_policy(&policy_list);
2496 if (status) {
2497 return status;
2498 }
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2499
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2500 status = srtp_create(&session, policy_list);
2501 if (status) {
2502 return status;
2503 }
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]2504
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2505 /*
2506 * check for false positives by trying to remove a stream that's not
2507 * in the session
2508 */
2509 status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
2510 if (status != srtp_err_status_no_ctx) {
2511 return srtp_err_status_fail;
2512 }
Jonathan Lennox80c4c832010-05-17 19:30:28 +0000[diff] [blame]2513
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2514 /*
2515 * check for false negatives by removing stream 0x1, then
2516 * searching for streams 0x0 and 0x2
2517 */
2518 status = srtp_remove_stream(session, htonl(0x1));
2519 if (status != srtp_err_status_ok) {
2520 return srtp_err_status_fail;
2521 }
2522 stream = srtp_get_stream(session, htonl(0x0));
2523 if (stream == NULL) {
2524 return srtp_err_status_fail;
2525 }
2526 stream = srtp_get_stream(session, htonl(0x2));
2527 if (stream == NULL) {
2528 return srtp_err_status_fail;
2529 }
Jonathan Lennoxad741b22010-05-27 19:23:05 +0000[diff] [blame]2530
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2531 status = srtp_dealloc(session);
2532 if (status != srtp_err_status_ok) {
2533 return status;
2534 }
Jonathan Lennoxad741b22010-05-27 19:23:05 +0000[diff] [blame]2535
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2536 status = srtp_dealloc_big_policy(policy_list);
2537 if (status != srtp_err_status_ok) {
2538 return status;
2539 }
Jonathan Lennoxad741b22010-05-27 19:23:05 +0000[diff] [blame]2540
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2541 /* Now test adding and removing a single stream */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]2542 memset(&policy, 0, sizeof(policy));
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2543 srtp_crypto_policy_set_rtp_default(&policy.rtp);
2544 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
2545 policy.ssrc.type = ssrc_specific;
2546 policy.ssrc.value = 0xcafebabe;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2547 policy.key = test_key;
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2548 policy.ekt = NULL;
2549 policy.window_size = 128;
2550 policy.allow_repeat_tx = 0;
2551 policy.next = NULL;
Jonathan Lennoxad741b22010-05-27 19:23:05 +0000[diff] [blame]2552
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2553 status = srtp_create(&session, NULL);
2554 if (status != srtp_err_status_ok) {
2555 return status;
2556 }
2557
2558 status = srtp_add_stream(session, &policy);
2559 if (status != srtp_err_status_ok) {
2560 return status;
2561 }
2562
2563 status = srtp_remove_stream(session, htonl(0xcafebabe));
2564 if (status != srtp_err_status_ok) {
2565 return status;
2566 }
2567
2568 status = srtp_dealloc(session);
2569 if (status != srtp_err_status_ok) {
2570 return status;
2571 }
2572
2573 return srtp_err_status_ok;
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2574}
2575
Pascal Bühlerbd3112a2015-11-06 20:29:15 +0100[diff] [blame]2576
2577unsigned char test_alt_key[46] = {
2578 0xe5, 0x19, 0x6f, 0x01, 0x5e, 0xf1, 0x9b, 0xe1,
2579 0xd7, 0x47, 0xa7, 0x27, 0x07, 0xd7, 0x47, 0x33,
2580 0x01, 0xc2, 0x35, 0x4d, 0x59, 0x6a, 0xf7, 0x84,
2581 0x96, 0x98, 0xeb, 0xaa, 0xac, 0xf6, 0xa1, 0x45,
2582 0xc7, 0x15, 0xe2, 0xea, 0xfe, 0x55, 0x67, 0x96,
2583 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
2584};
2585
2586/*
2587 * srtp_test_update() verifies updating/rekeying exsisting streams.
2588 * As stated in https://tools.ietf.org/html/rfc3711#section-3.3.1
2589 * the value of the ROC must not be reset after a rekey, this test
2590 * atempts to prove that srtp_update does not reset the ROC.
2591 */
2592
2593srtp_err_status_t
2594srtp_test_update() {
2595
2596 srtp_err_status_t status;
2597 uint32_t ssrc = 0x12121212;
2598 int msg_len_octets = 32;
2599 int protected_msg_len_octets;
2600 srtp_hdr_t * msg;
2601 srtp_t srtp_snd, srtp_recv;
2602 srtp_policy_t policy;
2603
Joachim Bauch1b793352015-12-14 21:30:44 +0100[diff] [blame]2604 memset(&policy, 0, sizeof(policy));
Pascal Bühlerbd3112a2015-11-06 20:29:15 +0100[diff] [blame]2605 srtp_crypto_policy_set_rtp_default(&policy.rtp);
2606 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
2607 policy.ekt = NULL;
2608 policy.window_size = 128;
2609 policy.allow_repeat_tx = 0;
2610 policy.next = NULL;
2611 policy.ssrc.type = ssrc_any_outbound;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2612 policy.key = test_key;
Pascal Bühlerbd3112a2015-11-06 20:29:15 +0100[diff] [blame]2613
2614 /* create a send and recive ctx with defualt profile and test_key */
2615 status = srtp_create(&srtp_recv, &policy);
2616 if (status)
2617 return status;
2618
2619 policy.ssrc.type = ssrc_any_inbound;
2620 status = srtp_create(&srtp_snd, &policy);
2621 if (status)
2622 return status;
2623
2624 /* protect and unprotect two msg's that will cause the ROC to be equal to 1 */
2625 msg = srtp_create_test_packet(msg_len_octets, ssrc);
2626 if (msg == NULL)
2627 return srtp_err_status_alloc_fail;
2628 msg->seq = htons(65535);
2629
2630 protected_msg_len_octets = msg_len_octets;
2631 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
2632 if (status)
2633 return srtp_err_status_fail;
2634
2635 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
2636 if (status)
2637 return status;
2638
2639 free(msg);
2640
2641 msg = srtp_create_test_packet(msg_len_octets, ssrc);
2642 if (msg == NULL)
2643 return srtp_err_status_alloc_fail;
2644 msg->seq = htons(1);
2645
2646 protected_msg_len_octets = msg_len_octets;
2647 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
2648 if (status)
2649 return srtp_err_status_fail;
2650
2651 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
2652 if (status)
2653 return status;
2654
2655 free(msg);
2656
Pascal Bühlerb095e7e2016-06-09 13:46:28 +0200[diff] [blame]2657 /* update send ctx with same test_key t verify update works*/
2658 policy.ssrc.type = ssrc_any_outbound;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2659 policy.key = test_key;
Pascal Bühlerb095e7e2016-06-09 13:46:28 +0200[diff] [blame]2660 status = srtp_update(srtp_snd, &policy);
2661 if (status)
2662 return status;
2663
2664 msg = srtp_create_test_packet(msg_len_octets, ssrc);
2665 if (msg == NULL)
2666 return srtp_err_status_alloc_fail;
2667 msg->seq = htons(2);
2668
2669 protected_msg_len_octets = msg_len_octets;
2670 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
2671 if (status)
2672 return srtp_err_status_fail;
2673
2674 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
2675 if (status)
2676 return status;
2677
2678 free(msg);
2679
2680
Pascal Bühlerbd3112a2015-11-06 20:29:15 +0100[diff] [blame]2681 /* update send ctx to use test_alt_key */
2682 policy.ssrc.type = ssrc_any_outbound;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2683 policy.key = test_alt_key;
Pascal Bühlerbd3112a2015-11-06 20:29:15 +0100[diff] [blame]2684 status = srtp_update(srtp_snd, &policy);
2685 if (status)
2686 return status;
2687
2688 /* create and protect msg with new key and ROC still equal to 1 */
2689 msg = srtp_create_test_packet(msg_len_octets, ssrc);
2690 if (msg == NULL)
2691 return srtp_err_status_alloc_fail;
Pascal Bühlerb095e7e2016-06-09 13:46:28 +0200[diff] [blame]2692 msg->seq = htons(3);
Pascal Bühlerbd3112a2015-11-06 20:29:15 +0100[diff] [blame]2693
2694 protected_msg_len_octets = msg_len_octets;
2695 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
2696 if (status)
2697 return srtp_err_status_fail;
2698
2699 /* verify that recive ctx will fail to unprotect as it still uses test_key */
2700 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
2701 if (status == srtp_err_status_ok)
2702 return srtp_err_status_fail;
2703
2704 /* create a new recvieve ctx with test_alt_key but since it is new it will have ROC equal to 1
2705 * and therefore should fail to unprotected */
2706 {
2707 srtp_t srtp_recv_roc_0;
2708
2709 policy.ssrc.type = ssrc_any_inbound;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2710 policy.key = test_alt_key;
Pascal Bühlerbd3112a2015-11-06 20:29:15 +0100[diff] [blame]2711 status = srtp_create(&srtp_recv_roc_0, &policy);
2712 if (status)
2713 return status;
2714
2715 status = srtp_unprotect(srtp_recv_roc_0, msg, &protected_msg_len_octets);
2716 if (status == srtp_err_status_ok)
2717 return srtp_err_status_fail;
2718
2719 status = srtp_dealloc(srtp_recv_roc_0);
2720 if (status)
2721 return status;
2722 }
2723
2724 /* update recive ctx to use test_alt_key */
2725 policy.ssrc.type = ssrc_any_inbound;
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2726 policy.key = test_alt_key;
Pascal Bühlerbd3112a2015-11-06 20:29:15 +0100[diff] [blame]2727 status = srtp_update(srtp_recv, &policy);
2728 if (status)
2729 return status;
2730
2731 /* verify that can still unprotect, therfore key is updated and ROC value is preserved */
2732 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
2733 if (status)
2734 return status;
2735
2736 free(msg);
2737
2738 status = srtp_dealloc(srtp_snd);
2739 if (status)
2740 return status;
2741
2742 status = srtp_dealloc(srtp_recv);
2743 if (status)
2744 return status;
2745
2746 return srtp_err_status_ok;
2747}
2748
Ryan Hooperab0345b2017-02-07 16:07:59 -0500[diff] [blame]2749srtp_err_status_t
2750srtp_test_setup_protect_trailer_streams(srtp_t *srtp_send, srtp_t *srtp_send_mki,
2751 srtp_t *srtp_send_aes_gcm, srtp_t *srtp_send_aes_gcm_mki) {
2752
2753 srtp_err_status_t status;
2754 srtp_policy_t policy;
2755 srtp_policy_t policy_mki;
2756#ifdef OPENSSL
2757 srtp_policy_t policy_aes_gcm;
2758 srtp_policy_t policy_aes_gcm_mki;
2759#endif // OPENSSL
2760
2761 memset(&policy, 0, sizeof(policy));
2762 srtp_crypto_policy_set_rtp_default(&policy.rtp);
2763 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
2764 policy.ekt = NULL;
2765 policy.window_size = 128;
2766 policy.allow_repeat_tx = 0;
2767 policy.next = NULL;
2768 policy.ssrc.type = ssrc_any_outbound;
2769 policy.key = test_key;
2770
2771 memset(&policy_mki, 0, sizeof(policy_mki));
2772 srtp_crypto_policy_set_rtp_default(&policy_mki.rtp);
2773 srtp_crypto_policy_set_rtcp_default(&policy_mki.rtcp);
2774 policy_mki.ekt = NULL;
2775 policy_mki.window_size = 128;
2776 policy_mki.allow_repeat_tx = 0;
2777 policy_mki.next = NULL;
2778 policy_mki.ssrc.type = ssrc_any_outbound;
2779 policy_mki.key = NULL;
2780 policy_mki.keys = test_keys;
2781 policy_mki.num_master_keys = 2;
2782
2783#ifdef OPENSSL
2784 memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm));
2785 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp);
2786 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp);
2787 policy_aes_gcm.ekt = NULL;
2788 policy_aes_gcm.window_size = 128;
2789 policy_aes_gcm.allow_repeat_tx = 0;
2790 policy_aes_gcm.next = NULL;
2791 policy_aes_gcm.ssrc.type = ssrc_any_outbound;
2792 policy_aes_gcm.key = test_key;
2793
2794 memset(&policy_aes_gcm_mki, 0, sizeof(policy_aes_gcm_mki));
2795 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtp);
2796 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtcp);
2797 policy_aes_gcm_mki.ekt = NULL;
2798 policy_aes_gcm_mki.window_size = 128;
2799 policy_aes_gcm_mki.allow_repeat_tx = 0;
2800 policy_aes_gcm_mki.next = NULL;
2801 policy_aes_gcm_mki.ssrc.type = ssrc_any_outbound;
2802 policy_aes_gcm_mki.key = NULL;
2803 policy_aes_gcm_mki.keys = test_keys;
2804 policy_aes_gcm_mki.num_master_keys = 2;
2805
2806#endif
2807
2808 /* create a send ctx with defualt profile and test_key */
2809 status = srtp_create(srtp_send, &policy);
2810 if (status)
2811 return status;
2812
2813 status = srtp_create(srtp_send_mki, &policy_mki);
2814 if (status)
2815 return status;
2816
2817#ifdef OPENSSL
2818 status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm);
2819 if (status)
2820 return status;
2821
2822 status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki);
2823 if (status)
2824 return status;
2825#endif //OPENSSL
2826
2827 return srtp_err_status_ok;
2828}
2829
2830srtp_err_status_t
2831srtp_test_protect_trailer_length() {
2832
2833 srtp_t srtp_send;
2834 srtp_t srtp_send_mki;
2835 srtp_t srtp_send_aes_gcm;
2836 srtp_t srtp_send_aes_gcm_mki;
2837 uint32_t length = 0;
2838 srtp_err_status_t status;
2839
2840 srtp_test_setup_protect_trailer_streams(&srtp_send, &srtp_send_mki,
2841 &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki);
2842
2843 status = srtp_get_protect_trailer_length(srtp_send, 0, 0, &length);
2844 if (status)
2845 return status;
2846
2847 /* TAG Length: 10 bytes */
2848 if (length != 10)
2849 return srtp_err_status_fail;
2850
2851 status = srtp_get_protect_trailer_length(srtp_send_mki, 1, 1, &length);
2852 if (status)
2853 return status;
2854
2855 /* TAG Length: 10 bytes + MKI length: 4 bytes*/
2856 if (length != 14)
2857 return srtp_err_status_fail;
2858
2859#ifdef OPENSSL
2860 status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
2861 if (status)
2862 return status;
2863
2864 /* TAG Length: 16 bytes */
2865 if (length != 16)
2866 return srtp_err_status_fail;
2867
2868
2869 status = srtp_get_protect_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length);
2870 if (status)
2871 return status;
2872
2873 /* TAG Length: 16 bytes + MKI length: 4 bytes*/
2874 if (length != 20)
2875 return srtp_err_status_fail;
2876
2877#endif //OPENSSL
2878
2879 return srtp_err_status_ok;
2880}
2881
2882srtp_err_status_t
2883srtp_test_protect_rtcp_trailer_length() {
2884
2885 srtp_t srtp_send;
2886 srtp_t srtp_send_mki;
2887 srtp_t srtp_send_aes_gcm;
2888 srtp_t srtp_send_aes_gcm_mki;
2889 uint32_t length = 0;
2890 srtp_err_status_t status;
2891
2892 srtp_test_setup_protect_trailer_streams(&srtp_send, &srtp_send_mki,
2893 &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki);
2894
2895 status = srtp_get_protect_rtcp_trailer_length(srtp_send, 0, 0, &length);
2896 if (status)
2897 return status;
2898
2899 /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes*/
2900 if (length != 14)
2901 return srtp_err_status_fail;
2902
2903 status = srtp_get_protect_rtcp_trailer_length(srtp_send_mki, 1, 1, &length);
2904 if (status)
2905 return status;
2906
2907 /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
2908 if (length != 18)
2909 return srtp_err_status_fail;
2910
2911#ifdef OPENSSL
2912 status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
2913 if (status)
2914 return status;
2915
2916 /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes*/
2917 if (length != 20)
2918 return srtp_err_status_fail;
2919
2920
2921 status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length);
2922 if (status)
2923 return status;
2924
2925 /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
2926 if (length != 24)
2927 return srtp_err_status_fail;
2928
2929#endif //OPENSSL
2930
2931 return srtp_err_status_ok;
2932}
2933
2934
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2935/*
2936 * srtp policy definitions - these definitions are used above
2937 */
2938
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]2939unsigned char test_key[46] = {
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2940 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
2941 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
2942 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]2943 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
2944 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2945 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
2946};
2947
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]2948unsigned char test_key_2[46] = {
2949 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
2950 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
2951 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
2952 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
2953 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
2954 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
2955};
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2956
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2957unsigned char test_mki_id[TEST_MKI_ID_SIZE] = {
2958 0xe1, 0xf9, 0x7a, 0x0d
2959};
2960
2961unsigned char test_mki_id_2[TEST_MKI_ID_SIZE] = {
2962 0xf3, 0xa1, 0x46, 0x71
2963};
2964
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2965const srtp_policy_t default_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2966 { ssrc_any_outbound, 0 }, /* SSRC */
2967 { /* SRTP policy */
2968 SRTP_AES_128_ICM, /* cipher type */
2969 30, /* cipher key length in octets */
2970 SRTP_HMAC_SHA1, /* authentication func type */
2971 16, /* auth key length in octets */
2972 10, /* auth tag length in octets */
2973 sec_serv_conf_and_auth /* security services flag */
2974 },
2975 { /* SRTCP policy */
2976 SRTP_AES_128_ICM, /* cipher type */
2977 30, /* cipher key length in octets */
2978 SRTP_HMAC_SHA1, /* authentication func type */
2979 16, /* auth key length in octets */
2980 10, /* auth tag length in octets */
2981 sec_serv_conf_and_auth /* security services flag */
2982 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]2983 NULL,
2984 (srtp_master_key_t **)test_keys,
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]2985 2, /* indicates the number of Master keys */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2986 NULL, /* indicates that EKT is not in use */
2987 128, /* replay window size */
2988 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]2989 NULL, /* no encrypted extension headers */
2990 0, /* list of encrypted extension headers is empty */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2991 NULL
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]2992};
2993
2994const srtp_policy_t aes_only_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]2995 { ssrc_any_outbound, 0 }, /* SSRC */
2996 {
2997 SRTP_AES_128_ICM, /* cipher type */
2998 30, /* cipher key length in octets */
2999 SRTP_NULL_AUTH, /* authentication func type */
3000 0, /* auth key length in octets */
3001 0, /* auth tag length in octets */
3002 sec_serv_conf /* security services flag */
3003 },
3004 {
3005 SRTP_AES_128_ICM, /* cipher type */
3006 30, /* cipher key length in octets */
3007 SRTP_NULL_AUTH, /* authentication func type */
3008 0, /* auth key length in octets */
3009 0, /* auth tag length in octets */
3010 sec_serv_conf /* security services flag */
3011 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3012 NULL,
3013 (srtp_master_key_t **)test_keys,
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]3014 2, /* indicates the number of Master keys */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3015 NULL, /* indicates that EKT is not in use */
3016 128, /* replay window size */
3017 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]3018 NULL, /* no encrypted extension headers */
3019 0, /* list of encrypted extension headers is empty */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3020 NULL
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]3021};
3022
3023const srtp_policy_t hmac_only_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3024 { ssrc_any_outbound, 0 }, /* SSRC */
3025 {
3026 SRTP_NULL_CIPHER, /* cipher type */
3027 0, /* cipher key length in octets */
3028 SRTP_HMAC_SHA1, /* authentication func type */
3029 20, /* auth key length in octets */
3030 4, /* auth tag length in octets */
3031 sec_serv_auth /* security services flag */
3032 },
3033 {
3034 SRTP_NULL_CIPHER, /* cipher type */
3035 0, /* cipher key length in octets */
3036 SRTP_HMAC_SHA1, /* authentication func type */
3037 20, /* auth key length in octets */
3038 4, /* auth tag length in octets */
3039 sec_serv_auth /* security services flag */
3040 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3041 NULL,
3042 (srtp_master_key_t **)test_keys,
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]3043 2, /* Number of Master keys associated with the policy */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3044 NULL, /* indicates that EKT is not in use */
3045 128, /* replay window size */
3046 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]3047 NULL, /* no encrypted extension headers */
3048 0, /* list of encrypted extension headers is empty */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3049 NULL
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]3050};
3051
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3052#ifdef OPENSSL
3053const srtp_policy_t aes128_gcm_8_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3054 { ssrc_any_outbound, 0 }, /* SSRC */
3055 { /* SRTP policy */
3056 SRTP_AES_128_GCM, /* cipher type */
3057 SRTP_AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
3058 SRTP_NULL_AUTH, /* authentication func type */
3059 0, /* auth key length in octets */
3060 8, /* auth tag length in octets */
3061 sec_serv_conf_and_auth /* security services flag */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3062 },
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3063 { /* SRTCP policy */
3064 SRTP_AES_128_GCM, /* cipher type */
3065 SRTP_AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
3066 SRTP_NULL_AUTH, /* authentication func type */
3067 0, /* auth key length in octets */
3068 8, /* auth tag length in octets */
3069 sec_serv_conf_and_auth /* security services flag */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3070 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3071 NULL,
3072 (srtp_master_key_t **)test_keys,
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]3073 2, /* indicates the number of Master keys */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3074 NULL, /* indicates that EKT is not in use */
3075 128, /* replay window size */
3076 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]3077 NULL, /* no encrypted extension headers */
3078 0, /* list of encrypted extension headers is empty */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3079 NULL
3080};
3081
3082const srtp_policy_t aes128_gcm_8_cauth_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3083 { ssrc_any_outbound, 0 }, /* SSRC */
3084 { /* SRTP policy */
3085 SRTP_AES_128_GCM, /* cipher type */
3086 SRTP_AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
3087 SRTP_NULL_AUTH, /* authentication func type */
3088 0, /* auth key length in octets */
3089 8, /* auth tag length in octets */
3090 sec_serv_conf_and_auth /* security services flag */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3091 },
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3092 { /* SRTCP policy */
3093 SRTP_AES_128_GCM, /* cipher type */
3094 SRTP_AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
3095 SRTP_NULL_AUTH, /* authentication func type */
3096 0, /* auth key length in octets */
3097 8, /* auth tag length in octets */
3098 sec_serv_auth /* security services flag */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3099 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3100 NULL,
Ryan Hooper6c339f72017-01-03 13:45:18 -0500[diff] [blame]3101 (srtp_master_key_t **)test_keys,
3102 2, /* indicates the number of Master keys */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3103 NULL, /* indicates that EKT is not in use */
3104 128, /* replay window size */
3105 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]3106 NULL, /* no encrypted extension headers */
3107 0, /* list of encrypted extension headers is empty */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3108 NULL
3109};
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3110
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3111const srtp_policy_t aes256_gcm_8_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3112 { ssrc_any_outbound, 0 }, /* SSRC */
3113 { /* SRTP policy */
3114 SRTP_AES_256_GCM, /* cipher type */
3115 SRTP_AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
3116 SRTP_NULL_AUTH, /* authentication func type */
3117 0, /* auth key length in octets */
3118 8, /* auth tag length in octets */
3119 sec_serv_conf_and_auth /* security services flag */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3120 },
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3121 { /* SRTCP policy */
3122 SRTP_AES_256_GCM, /* cipher type */
3123 SRTP_AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
3124 SRTP_NULL_AUTH, /* authentication func type */
3125 0, /* auth key length in octets */
3126 8, /* auth tag length in octets */
3127 sec_serv_conf_and_auth /* security services flag */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3128 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3129 NULL,
3130 (srtp_master_key_t **)test_keys,
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]3131 2, /* indicates the number of Master keys */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3132 NULL, /* indicates that EKT is not in use */
3133 128, /* replay window size */
3134 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]3135 NULL, /* no encrypted extension headers */
3136 0, /* list of encrypted extension headers is empty */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3137 NULL
3138};
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3139
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3140const srtp_policy_t aes256_gcm_8_cauth_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3141 { ssrc_any_outbound, 0 }, /* SSRC */
3142 { /* SRTP policy */
3143 SRTP_AES_256_GCM, /* cipher type */
3144 SRTP_AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
3145 SRTP_NULL_AUTH, /* authentication func type */
3146 0, /* auth key length in octets */
3147 8, /* auth tag length in octets */
3148 sec_serv_conf_and_auth /* security services flag */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3149 },
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3150 { /* SRTCP policy */
3151 SRTP_AES_256_GCM, /* cipher type */
3152 SRTP_AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
3153 SRTP_NULL_AUTH, /* authentication func type */
3154 0, /* auth key length in octets */
3155 8, /* auth tag length in octets */
3156 sec_serv_auth /* security services flag */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3157 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3158 NULL,
3159 (srtp_master_key_t **)test_keys,
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]3160 2, /* indicates the number of Master keys */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3161 NULL, /* indicates that EKT is not in use */
3162 128, /* replay window size */
3163 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]3164 NULL, /* no encrypted extension headers */
3165 0, /* list of encrypted extension headers is empty */
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3166 NULL
3167};
3168#endif
3169
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]3170const srtp_policy_t null_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3171 { ssrc_any_outbound, 0 }, /* SSRC */
3172 {
3173 SRTP_NULL_CIPHER, /* cipher type */
3174 0, /* cipher key length in octets */
3175 SRTP_NULL_AUTH, /* authentication func type */
3176 0, /* auth key length in octets */
3177 0, /* auth tag length in octets */
3178 sec_serv_none /* security services flag */
3179 },
3180 {
3181 SRTP_NULL_CIPHER, /* cipher type */
3182 0, /* cipher key length in octets */
3183 SRTP_NULL_AUTH, /* authentication func type */
3184 0, /* auth key length in octets */
3185 0, /* auth tag length in octets */
3186 sec_serv_none /* security services flag */
3187 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3188 NULL,
3189 (srtp_master_key_t **)test_keys,
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]3190 2, /* indicates the number of Master keys */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3191 NULL, /* indicates that EKT is not in use */
3192 128, /* replay window size */
3193 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]3194 NULL, /* no encrypted extension headers */
3195 0, /* list of encrypted extension headers is empty */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3196 NULL
David McGrew79870d62007-06-15 18:17:39 +0000[diff] [blame]3197};
3198
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]3199unsigned char test_256_key[46] = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3200 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
3201 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
3202 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
3203 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]3204
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3205 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
3206 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]3207};
3208
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]3209unsigned char test_256_key_2[46] = {
3210 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
3211 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
3212 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
3213 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
3214 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
3215 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
3216};
3217
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3218srtp_master_key_t master_256_key_1 = {
3219 test_256_key,
3220 test_mki_id,
3221 TEST_MKI_ID_SIZE
3222};
3223
3224srtp_master_key_t master_256_key_2 = {
3225 test_256_key_2,
3226 test_mki_id_2,
3227 TEST_MKI_ID_SIZE
3228};
3229
3230srtp_master_key_t *test_256_keys[2] = {
3231 &master_key_1,
3232 &master_key_2
3233};
3234
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]3235const srtp_policy_t aes_256_hmac_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3236 { ssrc_any_outbound, 0 }, /* SSRC */
3237 { /* SRTP policy */
3238 SRTP_AES_ICM, /* cipher type */
3239 46, /* cipher key length in octets */
3240 SRTP_HMAC_SHA1, /* authentication func type */
3241 20, /* auth key length in octets */
3242 10, /* auth tag length in octets */
3243 sec_serv_conf_and_auth /* security services flag */
3244 },
3245 { /* SRTCP policy */
3246 SRTP_AES_ICM, /* cipher type */
3247 46, /* cipher key length in octets */
3248 SRTP_HMAC_SHA1, /* authentication func type */
3249 20, /* auth key length in octets */
3250 10, /* auth tag length in octets */
3251 sec_serv_conf_and_auth /* security services flag */
3252 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3253 NULL,
3254 (srtp_master_key_t **)test_256_keys,
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]3255 2, /* indicates the number of Master keys */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3256 NULL, /* indicates that EKT is not in use */
3257 128, /* replay window size */
3258 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]3259 NULL, /* no encrypted extension headers */
3260 0, /* list of encrypted extension headers is empty */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3261 NULL
Jonathan Lennox5df951a2010-05-20 20:55:54 +0000[diff] [blame]3262};
3263
David McGrew79870d62007-06-15 18:17:39 +0000[diff] [blame]3264uint8_t ekt_test_key[16] = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3265 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca,
3266 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b
David McGrew79870d62007-06-15 18:17:39 +0000[diff] [blame]3267};
3268
3269#include "ekt.h"
3270
jfigusc5887e72014-11-06 09:46:18 -0500[diff] [blame]3271srtp_ekt_policy_ctx_t ekt_test_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3272 0xa5a5, /* SPI */
3273 SRTP_EKT_CIPHER_AES_128_ECB,
3274 ekt_test_key,
3275 NULL
David McGrew79870d62007-06-15 18:17:39 +0000[diff] [blame]3276};
3277
3278const srtp_policy_t hmac_only_with_ekt_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3279 { ssrc_any_outbound, 0 }, /* SSRC */
3280 {
3281 SRTP_NULL_CIPHER, /* cipher type */
3282 0, /* cipher key length in octets */
3283 SRTP_HMAC_SHA1, /* authentication func type */
3284 20, /* auth key length in octets */
3285 4, /* auth tag length in octets */
3286 sec_serv_auth /* security services flag */
3287 },
3288 {
3289 SRTP_NULL_CIPHER, /* cipher type */
3290 0, /* cipher key length in octets */
3291 SRTP_HMAC_SHA1, /* authentication func type */
3292 20, /* auth key length in octets */
3293 4, /* auth tag length in octets */
3294 sec_serv_auth /* security services flag */
3295 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3296 NULL,
3297 (srtp_master_key_t **)test_keys,
Ryan Hooperfe5d8b82016-12-15 14:53:58 -0500[diff] [blame]3298 2, /* indicates the number of Master keys */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3299 &ekt_test_policy, /* indicates that EKT is not in use */
3300 128, /* replay window size */
3301 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]3302 NULL, /* no encrypted extension headers */
3303 0, /* list of encrypted extension headers is empty */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3304 NULL
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]3305};
3306
3307
3308/*
3309 * an array of pointers to the policies listed above
3310 *
3311 * This array is used to test various aspects of libSRTP for
3312 * different cryptographic policies. The order of the elements
3313 * matters - the timing test generates output that can be used
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3314 * in a plot (see the gnuplot script file 'timing'). If you
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]3315 * add to this list, you should do it at the end.
3316 */
3317
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]3318const srtp_policy_t *
3319policy_array[] = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3320 &hmac_only_policy,
3321 &aes_only_policy,
3322 &default_policy,
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3323#ifdef OPENSSL
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3324 &aes128_gcm_8_policy,
3325 &aes128_gcm_8_cauth_policy,
3326 &aes256_gcm_8_policy,
3327 &aes256_gcm_8_cauth_policy,
jfigus8c36da22013-10-01 16:41:19 -0400[diff] [blame]3328#endif
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3329 &null_policy,
3330 &aes_256_hmac_policy,
3331 &hmac_only_with_ekt_policy,
3332 NULL
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]3333};
3334
3335const srtp_policy_t wildcard_policy = {
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3336 { ssrc_any_outbound, 0 }, /* SSRC */
3337 { /* SRTP policy */
3338 SRTP_AES_128_ICM, /* cipher type */
3339 30, /* cipher key length in octets */
3340 SRTP_HMAC_SHA1, /* authentication func type */
3341 16, /* auth key length in octets */
3342 10, /* auth tag length in octets */
3343 sec_serv_conf_and_auth /* security services flag */
3344 },
3345 { /* SRTCP policy */
3346 SRTP_AES_128_ICM, /* cipher type */
3347 30, /* cipher key length in octets */
3348 SRTP_HMAC_SHA1, /* authentication func type */
3349 16, /* auth key length in octets */
3350 10, /* auth tag length in octets */
3351 sec_serv_conf_and_auth /* security services flag */
3352 },
Ryan Hooper89a288b2016-12-22 16:22:47 -0500[diff] [blame]3353 test_key,
3354 NULL,
3355 0,
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3356 NULL,
3357 128, /* replay window size */
3358 0, /* retransmission not allowed */
Joachim Bauch99a74822015-11-17 00:08:19 +0100[diff] [blame]3359 NULL, /* no encrypted extension headers */
3360 0, /* list of encrypted extension headers is empty */
jfigus67b9c732014-11-20 10:17:21 -0500[diff] [blame]3361 NULL
Cullen Jennings235513a2005-09-21 22:51:36 +0000[diff] [blame]3362};