Home | History | Annotate | Download | only in srtp
      1 /*
      2  * ekt.c
      3  *
      4  * Encrypted Key Transport for SRTP
      5  *
      6  * David McGrew
      7  * Cisco Systems, Inc.
      8  */
      9 /*
     10  *
     11  * Copyright (c) 2001-2006 Cisco Systems, Inc.
     12  * All rights reserved.
     13  *
     14  * Redistribution and use in source and binary forms, with or without
     15  * modification, are permitted provided that the following conditions
     16  * are met:
     17  *
     18  *   Redistributions of source code must retain the above copyright
     19  *   notice, this list of conditions and the following disclaimer.
     20  *
     21  *   Redistributions in binary form must reproduce the above
     22  *   copyright notice, this list of conditions and the following
     23  *   disclaimer in the documentation and/or other materials provided
     24  *   with the distribution.
     25  *
     26  *   Neither the name of the Cisco Systems, Inc. nor the names of its
     27  *   contributors may be used to endorse or promote products derived
     28  *   from this software without specific prior written permission.
     29  *
     30  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     31  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     32  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
     33  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
     34  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
     35  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
     36  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
     37  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     38  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
     39  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     40  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
     41  * OF THE POSSIBILITY OF SUCH DAMAGE.
     42  *
     43  */
     44 
     45 
     46 #include "err.h"
     47 #include "srtp_priv.h"
     48 #include "ekt.h"
     49 
     50 extern debug_module_t mod_srtp;
     51 
     52 /*
     53  *  The EKT Authentication Tag format.
     54  *
     55  *    0                   1                   2                   3
     56  *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     57  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     58  *   :                   Base Authentication Tag                     :
     59  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     60  *   :                     Encrypted Master Key                      :
     61  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     62  *   |                       Rollover Counter                        |
     63  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     64  *   |    Initial Sequence Number    |   Security Parameter Index    |
     65  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     66  *
     67  */
     68 
     69 #define EKT_OCTETS_AFTER_BASE_TAG 24
     70 #define EKT_OCTETS_AFTER_EMK       8
     71 #define EKT_OCTETS_AFTER_ROC       4
     72 #define EKT_SPI_LEN                2
     73 
     74 unsigned
     75 ekt_octets_after_base_tag(ekt_stream_t ekt) {
     76   /*
     77    * if the pointer ekt is NULL, then EKT is not in effect, so we
     78    * indicate this by returning zero
     79    */
     80   if (!ekt)
     81     return 0;
     82 
     83   switch(ekt->data->ekt_cipher_type) {
     84   case EKT_CIPHER_AES_128_ECB:
     85     return 16 + EKT_OCTETS_AFTER_EMK;
     86     break;
     87   default:
     88     break;
     89   }
     90   return 0;
     91 }
     92 
     93 static INLINE ekt_spi_t
     94 srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) {
     95   const uint8_t *spi_location;
     96 
     97   spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN);
     98 
     99   return *((const ekt_spi_t *)spi_location);
    100 }
    101 
    102 static INLINE uint32_t
    103 srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) {
    104   const uint8_t *roc_location;
    105 
    106   roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC);
    107 
    108   return *((const uint32_t *)roc_location);
    109 }
    110 
    111 static INLINE const uint8_t *
    112 srtcp_packet_get_emk_location(const uint8_t *packet_start,
    113 			      unsigned pkt_octet_len) {
    114   const uint8_t *location;
    115 
    116   location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG);
    117 
    118   return location;
    119 }
    120 
    121 
    122 err_status_t
    123 ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy) {
    124 
    125   /*
    126    * if the policy pointer is NULL, then EKT is not in use
    127    * so we just set the EKT stream data pointer to NULL
    128    */
    129   if (!policy) {
    130     *stream_data = NULL;
    131     return err_status_ok;
    132   }
    133 
    134   /* TODO */
    135   *stream_data = NULL;
    136 
    137   return err_status_ok;
    138 }
    139 
    140 err_status_t
    141 ekt_stream_init_from_policy(ekt_stream_t stream_data, ekt_policy_t policy) {
    142   if (!stream_data)
    143     return err_status_ok;
    144 
    145   return err_status_ok;
    146 }
    147 
    148 
    149 void
    150 aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) {
    151   aes_expanded_key_t expanded_key;
    152 
    153   aes_expand_decryption_key(key, key_len, &expanded_key);
    154   aes_decrypt(ciphertext, &expanded_key);
    155 }
    156 
    157 /*
    158  * The function srtp_stream_init_from_ekt() initializes a stream using
    159  * the EKT data from an SRTCP trailer.
    160  */
    161 
    162 err_status_t
    163 srtp_stream_init_from_ekt(srtp_stream_t stream,
    164 			  const void *srtcp_hdr,
    165 			  unsigned pkt_octet_len) {
    166   err_status_t err;
    167   const uint8_t *master_key;
    168   srtp_policy_t srtp_policy;
    169   unsigned master_key_len;
    170   uint32_t roc;
    171 
    172   /*
    173    * NOTE: at present, we only support a single ekt_policy at a time.
    174    */
    175   if (stream->ekt->data->spi !=
    176       srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len))
    177     return err_status_no_ctx;
    178 
    179   if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB)
    180     return err_status_bad_param;
    181   master_key_len = 16;
    182 
    183   /* decrypt the Encrypted Master Key field */
    184   master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len);
    185   /* FIX!? This decrypts the master key in-place, and never uses it */
    186   /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t)
    187    * to a function which expects a raw (unexpanded) key */
    188   aes_decrypt_with_raw_key((void*)master_key, &stream->ekt->data->ekt_dec_key, 16);
    189 
    190   /* set the SRTP ROC */
    191   roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len);
    192   err = rdbx_set_roc(&stream->rtp_rdbx, roc);
    193   if (err) return err;
    194 
    195   err = srtp_stream_init(stream, &srtp_policy);
    196   if (err) return err;
    197 
    198   return err_status_ok;
    199 }
    200 
    201 void
    202 ekt_write_data(ekt_stream_t ekt,
    203 	       uint8_t *base_tag,
    204 	       unsigned base_tag_len,
    205 	       int *packet_len,
    206 	       xtd_seq_num_t pkt_index) {
    207   uint32_t roc;
    208   uint16_t isn;
    209   unsigned emk_len;
    210   uint8_t *packet;
    211 
    212   /* if the pointer ekt is NULL, then EKT is not in effect */
    213   if (!ekt) {
    214     debug_print(mod_srtp, "EKT not in use", NULL);
    215     return;
    216   }
    217 
    218   /* write zeros into the location of the base tag */
    219   octet_string_set_to_zero(base_tag, base_tag_len);
    220   packet = base_tag + base_tag_len;
    221 
    222   /* copy encrypted master key into packet */
    223   emk_len = ekt_octets_after_base_tag(ekt);
    224   memcpy(packet, ekt->encrypted_master_key, emk_len);
    225   debug_print(mod_srtp, "writing EKT EMK: %s,",
    226 	      octet_string_hex_string(packet, emk_len));
    227   packet += emk_len;
    228 
    229   /* copy ROC into packet */
    230   roc = (uint32_t)(pkt_index >> 16);
    231   *((uint32_t *)packet) = be32_to_cpu(roc);
    232   debug_print(mod_srtp, "writing EKT ROC: %s,",
    233 	      octet_string_hex_string(packet, sizeof(roc)));
    234   packet += sizeof(roc);
    235 
    236   /* copy ISN into packet */
    237   isn = (uint16_t)pkt_index;
    238   *((uint16_t *)packet) = htons(isn);
    239   debug_print(mod_srtp, "writing EKT ISN: %s,",
    240 	      octet_string_hex_string(packet, sizeof(isn)));
    241   packet += sizeof(isn);
    242 
    243   /* copy SPI into packet */
    244   *((uint16_t *)packet) = htons(ekt->data->spi);
    245   debug_print(mod_srtp, "writing EKT SPI: %s,",
    246 	      octet_string_hex_string(packet, sizeof(ekt->data->spi)));
    247 
    248   /* increase packet length appropriately */
    249   *packet_len += EKT_OCTETS_AFTER_EMK + emk_len;
    250 }
    251 
    252 
    253 /*
    254  * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag   )
    255  *
    256  * If the pointer ekt is NULL, then the other inputs are unaffected.
    257  *
    258  * auth_tag is a pointer to the pointer to the location of the
    259  * authentication tag in the packet.  If EKT is in effect, then the
    260  * auth_tag pointer is set to the location
    261  */
    262 
    263 void
    264 srtcp_ekt_trailer(ekt_stream_t ekt,
    265 		  unsigned *auth_len,
    266 		  void **auth_tag,
    267 		  void *tag_copy) {
    268 
    269   /*
    270    * if there is no EKT policy, then the other inputs are unaffected
    271    */
    272   if (!ekt)
    273     return;
    274 
    275   /* copy auth_tag into temporary location */
    276 
    277 }
    278 
    279