1 /* 2 * ekt.c 3 * 4 * Encrypted Key Transport for SRTP 5 * 6 * David McGrew 7 * Cisco Systems, Inc. 8 */ 9 /* 10 * 11 * Copyright (c) 2001-2006 Cisco Systems, Inc. 12 * All rights reserved. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 18 * Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 21 * Redistributions in binary form must reproduce the above 22 * copyright notice, this list of conditions and the following 23 * disclaimer in the documentation and/or other materials provided 24 * with the distribution. 25 * 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 * contributors may be used to endorse or promote products derived 28 * from this software without specific prior written permission. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 41 * OF THE POSSIBILITY OF SUCH DAMAGE. 42 * 43 */ 44 45 46 #include "err.h" 47 #include "srtp_priv.h" 48 #include "ekt.h" 49 50 extern debug_module_t mod_srtp; 51 52 /* 53 * The EKT Authentication Tag format. 54 * 55 * 0 1 2 3 56 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 57 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 58 * : Base Authentication Tag : 59 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 60 * : Encrypted Master Key : 61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 62 * | Rollover Counter | 63 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 64 * | Initial Sequence Number | Security Parameter Index | 65 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 66 * 67 */ 68 69 #define EKT_OCTETS_AFTER_BASE_TAG 24 70 #define EKT_OCTETS_AFTER_EMK 8 71 #define EKT_OCTETS_AFTER_ROC 4 72 #define EKT_SPI_LEN 2 73 74 unsigned 75 ekt_octets_after_base_tag(ekt_stream_t ekt) { 76 /* 77 * if the pointer ekt is NULL, then EKT is not in effect, so we 78 * indicate this by returning zero 79 */ 80 if (!ekt) 81 return 0; 82 83 switch(ekt->data->ekt_cipher_type) { 84 case EKT_CIPHER_AES_128_ECB: 85 return 16 + EKT_OCTETS_AFTER_EMK; 86 break; 87 default: 88 break; 89 } 90 return 0; 91 } 92 93 static inline ekt_spi_t 94 srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) { 95 const uint8_t *spi_location; 96 97 spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN); 98 99 return *((const ekt_spi_t *)spi_location); 100 } 101 102 static inline uint32_t 103 srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) { 104 const uint8_t *roc_location; 105 106 roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC); 107 108 return *((const uint32_t *)roc_location); 109 } 110 111 static inline const uint8_t * 112 srtcp_packet_get_emk_location(const uint8_t *packet_start, 113 unsigned pkt_octet_len) { 114 const uint8_t *location; 115 116 location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG); 117 118 return location; 119 } 120 121 122 err_status_t 123 ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy) { 124 125 /* 126 * if the policy pointer is NULL, then EKT is not in use 127 * so we just set the EKT stream data pointer to NULL 128 */ 129 if (!policy) { 130 *stream_data = NULL; 131 return err_status_ok; 132 } 133 134 /* TODO */ 135 *stream_data = NULL; 136 137 return err_status_ok; 138 } 139 140 err_status_t 141 ekt_stream_init_from_policy(ekt_stream_t stream_data, ekt_policy_t policy) { 142 if (!stream_data) 143 return err_status_ok; 144 145 return err_status_ok; 146 } 147 148 149 void 150 aes_decrypt_with_raw_key(void *ciphertext, const void *key) { 151 aes_expanded_key_t expanded_key; 152 153 aes_expand_decryption_key(key, expanded_key); 154 aes_decrypt(ciphertext, expanded_key); 155 } 156 157 /* 158 * The function srtp_stream_init_from_ekt() initializes a stream using 159 * the EKT data from an SRTCP trailer. 160 */ 161 162 err_status_t 163 srtp_stream_init_from_ekt(srtp_stream_t stream, 164 const void *srtcp_hdr, 165 unsigned pkt_octet_len) { 166 err_status_t err; 167 const uint8_t *master_key; 168 srtp_policy_t srtp_policy; 169 unsigned master_key_len; 170 uint32_t roc; 171 172 /* 173 * NOTE: at present, we only support a single ekt_policy at a time. 174 */ 175 if (stream->ekt->data->spi != 176 srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len)) 177 return err_status_no_ctx; 178 179 if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB) 180 return err_status_bad_param; 181 master_key_len = 16; 182 183 /* decrypt the Encrypted Master Key field */ 184 master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len); 185 aes_decrypt_with_raw_key((void*)master_key, stream->ekt->data->ekt_dec_key); 186 187 /* set the SRTP ROC */ 188 roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len); 189 err = rdbx_set_roc(&stream->rtp_rdbx, roc); 190 if (err) return err; 191 192 err = srtp_stream_init(stream, &srtp_policy); 193 if (err) return err; 194 195 return err_status_ok; 196 } 197 198 void 199 ekt_write_data(ekt_stream_t ekt, 200 void *base_tag, 201 unsigned base_tag_len, 202 int *packet_len, 203 xtd_seq_num_t pkt_index) { 204 uint32_t roc; 205 uint16_t isn; 206 unsigned emk_len; 207 uint8_t *packet; 208 209 /* if the pointer ekt is NULL, then EKT is not in effect */ 210 if (!ekt) { 211 debug_print(mod_srtp, "EKT not in use", NULL); 212 return; 213 } 214 215 /* write zeros into the location of the base tag */ 216 octet_string_set_to_zero(base_tag, base_tag_len); 217 packet = (uint8_t*)base_tag + base_tag_len; 218 219 /* copy encrypted master key into packet */ 220 emk_len = ekt_octets_after_base_tag(ekt); 221 memcpy(packet, ekt->encrypted_master_key, emk_len); 222 debug_print(mod_srtp, "writing EKT EMK: %s,", 223 octet_string_hex_string(packet, emk_len)); 224 packet += emk_len; 225 226 /* copy ROC into packet */ 227 roc = (uint32_t)(pkt_index >> 16); 228 *((uint32_t *)packet) = be32_to_cpu(roc); 229 debug_print(mod_srtp, "writing EKT ROC: %s,", 230 octet_string_hex_string(packet, sizeof(roc))); 231 packet += sizeof(roc); 232 233 /* copy ISN into packet */ 234 isn = (uint16_t)pkt_index; 235 *((uint16_t *)packet) = htons(isn); 236 debug_print(mod_srtp, "writing EKT ISN: %s,", 237 octet_string_hex_string(packet, sizeof(isn))); 238 packet += sizeof(isn); 239 240 /* copy SPI into packet */ 241 *((uint16_t *)packet) = htons(ekt->data->spi); 242 debug_print(mod_srtp, "writing EKT SPI: %s,", 243 octet_string_hex_string(packet, sizeof(ekt->data->spi))); 244 245 /* increase packet length appropriately */ 246 *packet_len += EKT_OCTETS_AFTER_EMK + emk_len; 247 } 248 249 250 /* 251 * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag ) 252 * 253 * If the pointer ekt is NULL, then the other inputs are unaffected. 254 * 255 * auth_tag is a pointer to the pointer to the location of the 256 * authentication tag in the packet. If EKT is in effect, then the 257 * auth_tag pointer is set to the location 258 */ 259 260 void 261 srtcp_ekt_trailer(ekt_stream_t ekt, 262 unsigned *auth_len, 263 void **auth_tag, 264 void *tag_copy) { 265 266 /* 267 * if there is no EKT policy, then the other inputs are unaffected 268 */ 269 if (!ekt) 270 return; 271 272 /* copy auth_tag into temporary location */ 273 274 } 275 276
