1 diff -purN -x CVS -x '*~' -x '.*' -x 'obj-*' srtp-ws/include/srtp.h srtp/include/srtp.h 2 --- srtp-ws/include/srtp.h 2009-04-22 19:06:22.000000000 -0400 3 +++ srtp/include/srtp.h 2009-04-23 15:17:49.000000000 -0400 4 @@ -225,6 +225,12 @@ typedef struct srtp_policy_t { 5 * for this stream (if any) */ 6 unsigned long window_size; /**< The window size to use for replay 7 * protection. */ 8 + int allow_repeat_tx; /**< Whether retransmissions of 9 + * packets with the same sequence number 10 + * are allowed. (Note that such repeated 11 + * transmissions must have the same RTP 12 + * payload, or a severe security weakness 13 + * is introduced!) */ 14 struct srtp_policy_t *next; /**< Pointer to next stream policy. */ 15 } srtp_policy_t; 16 17 diff -purN -x CVS -x '*~' -x '.*' -x 'obj-*' srtp-ws/include/srtp_priv.h srtp/include/srtp_priv.h 18 --- srtp-ws/include/srtp_priv.h 2007-06-15 14:17:40.000000000 -0400 19 +++ srtp/include/srtp_priv.h 2009-04-22 19:27:10.000000000 -0400 20 @@ -218,6 +218,7 @@ typedef struct srtp_stream_ctx_t { 21 sec_serv_t rtcp_services; 22 key_limit_ctx_t *limit; 23 direction_t direction; 24 + int allow_repeat_tx; 25 ekt_stream_t ekt; 26 struct srtp_stream_ctx_t *next; /* linked list of streams */ 27 } srtp_stream_ctx_t; 28 diff -purN -x CVS -x '*~' -x '.*' -x 'obj-*' srtp-ws/srtp/srtp.c srtp/srtp/srtp.c 29 --- srtp-ws/srtp/srtp.c 2009-04-22 19:18:43.000000000 -0400 30 +++ srtp/srtp/srtp.c 2009-04-22 19:30:23.000000000 -0400 31 @@ -280,6 +280,7 @@ srtp_stream_clone(const srtp_stream_ctx_ 32 if (status) 33 return status; 34 rdb_init(&str->rtcp_rdb); 35 + str->allow_repeat_tx = stream_template->allow_repeat_tx; 36 37 /* set ssrc to that provided */ 38 str->ssrc = ssrc; 39 @@ -525,6 +526,9 @@ srtp_stream_init(srtp_stream_ctx_t *srtp 40 /* initialize SRTCP replay database */ 41 rdb_init(&srtp->rtcp_rdb); 42 43 + /* initialize allow_repeat_tx */ 44 + srtp->allow_repeat_tx = p->allow_repeat_tx; 45 + 46 /* DAM - no RTCP key limit at present */ 47 48 /* initialize keys */ 49 @@ -732,9 +736,12 @@ srtp_stream_init(srtp_stream_ctx_t *srtp 50 */ 51 delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); 52 status = rdbx_check(&stream->rtp_rdbx, delta); 53 - if (status) 54 - return status; /* we've been asked to reuse an index */ 55 - rdbx_add_index(&stream->rtp_rdbx, delta); 56 + if (status) { 57 + if (status != err_status_replay_fail || !stream->allow_repeat_tx) 58 + return status; /* we've been asked to reuse an index */ 59 + } 60 + else 61 + rdbx_add_index(&stream->rtp_rdbx, delta); 62 63 #ifdef NO_64BIT_MATH 64 debug_print2(mod_srtp, "estimated packet index: %08x%08x", 65 diff -purN -x CVS -x '*~' -x '.*' -x 'obj-*' srtp-ws/test/dtls_srtp_driver.c srtp/test/dtls_srtp_driver.c 66 --- srtp-ws/test/dtls_srtp_driver.c 2009-04-23 15:50:48.000000000 -0400 67 +++ srtp/test/dtls_srtp_driver.c 2009-04-23 15:51:11.000000000 -0400 68 @@ -185,6 +185,7 @@ test_dtls_srtp() { 69 policy.ssrc.type = ssrc_any_inbound; 70 policy.ekt = NULL; 71 policy.window_size = 128; 72 + policy.allow_repeat_tx = 0; 73 policy.next = NULL; 74 75 err = srtp_add_stream(s, &policy); 76 diff -purN -x CVS -x '*~' -x '.*' -x 'obj-*' srtp-ws/test/rtpw.c srtp/test/rtpw.c 77 --- srtp-ws/test/rtpw.c 2009-04-22 19:16:52.000000000 -0400 78 +++ srtp/test/rtpw.c 2009-04-23 15:16:18.000000000 -0400 79 @@ -331,6 +331,7 @@ main (int argc, char *argv[]) { 80 policy.key = (uint8_t *) key; 81 policy.next = NULL; 82 policy.window_size = 128; 83 + policy.allow_repeat_tx = 0; 84 policy.rtp.sec_serv = sec_servs; 85 policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */ 86 87 @@ -384,6 +385,7 @@ main (int argc, char *argv[]) { 88 policy.rtcp.auth_tag_len = 0; 89 policy.rtcp.sec_serv = sec_serv_none; 90 policy.window_size = 0; 91 + policy.allow_repeat_tx = 0; 92 policy.next = NULL; 93 } 94 95 diff -purN -x CVS -x '*~' -x '.*' -x 'obj-*' srtp-ws/test/srtp_driver.c srtp/test/srtp_driver.c 96 --- srtp-ws/test/srtp_driver.c 2009-04-22 19:16:52.000000000 -0400 97 +++ srtp/test/srtp_driver.c 2009-04-23 15:16:18.000000000 -0400 98 @@ -323,6 +323,7 @@ main (int argc, char *argv[]) { 99 policy.key = test_key; 100 policy.ekt = NULL; 101 policy.window_size = 128; 102 + policy.allow_repeat_tx = 0; 103 policy.next = NULL; 104 105 printf("mips estimate: %e\n", mips); 106 @@ -992,7 +993,8 @@ srtp_session_print_policy(srtp_t srtp) { 107 "# rtcp cipher: %s\r\n" 108 "# rtcp auth: %s\r\n" 109 "# rtcp services: %s\r\n" 110 - "# window size: %lu\r\n", 111 + "# window size: %lu\r\n" 112 + "# tx rtx allowed:%s\r\n", 113 direction[stream->direction], 114 stream->rtp_cipher->type->description, 115 stream->rtp_auth->type->description, 116 @@ -1000,7 +1002,8 @@ srtp_session_print_policy(srtp_t srtp) { 117 stream->rtcp_cipher->type->description, 118 stream->rtcp_auth->type->description, 119 serv_descr[stream->rtcp_services], 120 - rdbx_get_window_size(&stream->rtp_rdbx)); 121 + rdbx_get_window_size(&stream->rtp_rdbx), 122 + stream->allow_repeat_tx ? "true" : "false"); 123 } 124 125 /* loop over streams in session, printing the policy of each */ 126 @@ -1016,7 +1019,8 @@ srtp_session_print_policy(srtp_t srtp) { 127 "# rtcp cipher: %s\r\n" 128 "# rtcp auth: %s\r\n" 129 "# rtcp services: %s\r\n" 130 - "# window size: %lu\r\n", 131 + "# window size: %lu\r\n" 132 + "# tx rtx allowed:%s\r\n", 133 stream->ssrc, 134 stream->rtp_cipher->type->description, 135 stream->rtp_auth->type->description, 136 @@ -1024,7 +1028,8 @@ srtp_session_print_policy(srtp_t srtp) { 137 stream->rtcp_cipher->type->description, 138 stream->rtcp_auth->type->description, 139 serv_descr[stream->rtcp_services], 140 - rdbx_get_window_size(&stream->rtp_rdbx)); 141 + rdbx_get_window_size(&stream->rtp_rdbx), 142 + stream->allow_repeat_tx ? "true" : "false"); 143 144 /* advance to next stream in the list */ 145 stream = stream->next; 146 @@ -1180,6 +1185,7 @@ srtp_validate() { 147 policy.key = test_key; 148 policy.ekt = NULL; 149 policy.window_size = 128; 150 + policy.allow_repeat_tx = 0; 151 policy.next = NULL; 152 153 status = srtp_create(&srtp_snd, &policy); 154 @@ -1337,6 +1343,7 @@ const srtp_policy_t default_policy = { 155 test_key, 156 NULL, /* indicates that EKT is not in use */ 157 128, /* replay window size */ 158 + 0, /* retransmission not allowed */ 159 NULL 160 }; 161 162 @@ -1361,6 +1368,7 @@ const srtp_policy_t aes_tmmh_policy = { 163 test_key, 164 NULL, /* indicates that EKT is not in use */ 165 128, /* replay window size */ 166 + 0, /* retransmission not allowed */ 167 NULL 168 }; 169 170 @@ -1385,6 +1393,7 @@ const srtp_policy_t tmmh_only_policy = { 171 test_key, 172 NULL, /* indicates that EKT is not in use */ 173 128, /* replay window size */ 174 + 0, /* retransmission not allowed */ 175 NULL 176 }; 177 178 @@ -1409,6 +1418,7 @@ const srtp_policy_t aes_only_policy = { 179 test_key, 180 NULL, /* indicates that EKT is not in use */ 181 128, /* replay window size */ 182 + 0, /* retransmission not allowed */ 183 NULL 184 }; 185 186 @@ -1433,6 +1443,7 @@ const srtp_policy_t hmac_only_policy = { 187 test_key, 188 NULL, /* indicates that EKT is not in use */ 189 128, /* replay window size */ 190 + 0, /* retransmission not allowed */ 191 NULL 192 }; 193 194 @@ -1457,6 +1468,7 @@ const srtp_policy_t null_policy = { 195 test_key, 196 NULL, /* indicates that EKT is not in use */ 197 128, /* replay window size */ 198 + 0, /* retransmission not allowed */ 199 NULL 200 }; 201 202 @@ -1495,6 +1507,7 @@ const srtp_policy_t hmac_only_with_ekt_p 203 test_key, 204 &ekt_test_policy, /* indicates that EKT is not in use */ 205 128, /* replay window size */ 206 + 0, /* retransmission not allowed */ 207 NULL 208 }; 209 210 @@ -1548,5 +1561,6 @@ const srtp_policy_t wildcard_policy = { 211 test_key, 212 NULL, 213 128, /* replay window size */ 214 + 0, /* retransmission not allowed */ 215 NULL 216 }; 217
