1 /*
2 * srtp_driver.c
3 *
4 * a test driver for libSRTP
5 *
6 * David A. McGrew
7 * Cisco Systems, Inc.
8 */
9 /*
10 *
11 * Copyright (c) 2001-2017, Cisco Systems, Inc.
12 * All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 *
18 * Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 *
21 * Redistributions in binary form must reproduce the above
22 * copyright notice, this list of conditions and the following
23 * disclaimer in the documentation and/or other materials provided
24 * with the distribution.
25 *
26 * Neither the name of the Cisco Systems, Inc. nor the names of its
27 * contributors may be used to endorse or promote products derived
28 * from this software without specific prior written permission.
29 *
30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41 * OF THE POSSIBILITY OF SUCH DAMAGE.
42 *
43 */
44
45 #include <string.h> /* for memcpy() */
46 #include <time.h> /* for clock() */
47 #include <stdlib.h> /* for malloc(), free() */
48 #include <stdio.h> /* for print(), fflush() */
49 #include "getopt_s.h" /* for local getopt() */
50
51 #include "srtp_priv.h"
52 #include "util.h"
53
54 #ifdef HAVE_NETINET_IN_H
55 #include <netinet/in.h>
56 #elif defined HAVE_WINSOCK2_H
57 #include <winsock2.h>
58 #endif
59
60 #define PRINT_REFERENCE_PACKET 1
61
62 srtp_err_status_t srtp_validate(void);
63
64 #ifdef GCM
65 srtp_err_status_t srtp_validate_gcm(void);
66 #endif
67
68 srtp_err_status_t srtp_validate_encrypted_extensions_headers(void);
69
70 #ifdef GCM
71 srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void);
72 #endif
73
74 srtp_err_status_t srtp_validate_aes_256(void);
75
76 srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list);
77
78 srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list);
79
80 srtp_err_status_t srtp_test_empty_payload(void);
81
82 #ifdef GCM
83 srtp_err_status_t srtp_test_empty_payload_gcm(void);
84 #endif
85
86 srtp_err_status_t srtp_test_remove_stream(void);
87
88 srtp_err_status_t srtp_test_update(void);
89
90 srtp_err_status_t srtp_test_protect_trailer_length(void);
91
92 srtp_err_status_t srtp_test_protect_rtcp_trailer_length(void);
93
94 srtp_err_status_t srtp_test_get_roc(void);
95
96 srtp_err_status_t srtp_test_set_receiver_roc(void);
97
98 srtp_err_status_t srtp_test_set_sender_roc(void);
99
100 double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy);
101
102 double srtp_rejections_per_second(int msg_len_octets,
103 const srtp_policy_t *policy);
104
105 void srtp_do_timing(const srtp_policy_t *policy);
106
107 void srtp_do_rejection_timing(const srtp_policy_t *policy);
108
109 srtp_err_status_t srtp_test(const srtp_policy_t *policy,
110 int extension_header,
111 int mki_index);
112
113 srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index);
114
115 srtp_err_status_t srtp_session_print_policy(srtp_t srtp);
116
117 srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy);
118
119 char *srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len);
120
121 double mips_estimate(int num_trials, int *ignore);
122
123 #define TEST_MKI_ID_SIZE 4
124
125 extern uint8_t test_key[46];
126 extern uint8_t test_key_2[46];
127 extern uint8_t test_mki_id[TEST_MKI_ID_SIZE];
128 extern uint8_t test_mki_id_2[TEST_MKI_ID_SIZE];
129
130 // clang-format off
131 srtp_master_key_t master_key_1 = {
132 test_key,
133 test_mki_id,
134 TEST_MKI_ID_SIZE
135 };
136
137 srtp_master_key_t master_key_2 = {
138 test_key_2,
139 test_mki_id_2,
140 TEST_MKI_ID_SIZE
141 };
142
143 srtp_master_key_t *test_keys[2] = {
144 &master_key_1,
145 &master_key_2
146 };
147 // clang-format on
148
usage(char * prog_name)149 void usage(char *prog_name)
150 {
151 printf("usage: %s [ -t ][ -c ][ -v ][ -o ][-d <debug_module> ]* [ -l ]\n"
152 " -t run timing test\n"
153 " -r run rejection timing test\n"
154 " -c run codec timing test\n"
155 " -v run validation tests\n"
156 " -o output logging to stdout\n"
157 " -d <mod> turn on debugging module <mod>\n"
158 " -l list debugging modules\n",
159 prog_name);
160 exit(1);
161 }
162
log_handler(srtp_log_level_t level,const char * msg,void * data)163 void log_handler(srtp_log_level_t level, const char *msg, void *data)
164 {
165 char level_char = '?';
166 switch (level) {
167 case srtp_log_level_error:
168 level_char = 'e';
169 break;
170 case srtp_log_level_warning:
171 level_char = 'w';
172 break;
173 case srtp_log_level_info:
174 level_char = 'i';
175 break;
176 case srtp_log_level_debug:
177 level_char = 'd';
178 break;
179 }
180 printf("SRTP-LOG [%c]: %s\n", level_char, msg);
181 }
182
183 /*
184 * The policy_array is a null-terminated array of policy structs. it
185 * is declared at the end of this file
186 */
187
188 extern const srtp_policy_t *policy_array[];
189
190 /* the wildcard_policy is declared below; it has a wildcard ssrc */
191
192 extern const srtp_policy_t wildcard_policy;
193
194 /*
195 * mod_driver debug module - debugging module for this test driver
196 *
197 * we use the crypto_kernel debugging system in this driver, which
198 * makes the interface uniform and increases portability
199 */
200
201 srtp_debug_module_t mod_driver = {
202 0, /* debugging is off by default */
203 "driver" /* printable name for module */
204 };
205
main(int argc,char * argv[])206 int main(int argc, char *argv[])
207 {
208 int q;
209 unsigned do_timing_test = 0;
210 unsigned do_rejection_test = 0;
211 unsigned do_codec_timing = 0;
212 unsigned do_validation = 0;
213 unsigned do_list_mods = 0;
214 unsigned do_log_stdout = 0;
215 srtp_err_status_t status;
216
217 /*
218 * verify that the compiler has interpreted the header data
219 * structure srtp_hdr_t correctly
220 */
221 if (sizeof(srtp_hdr_t) != 12) {
222 printf("error: srtp_hdr_t has incorrect size"
223 "(size is %ld bytes, expected 12)\n",
224 (long)sizeof(srtp_hdr_t));
225 exit(1);
226 }
227
228 /* initialize srtp library */
229 status = srtp_init();
230 if (status) {
231 printf("error: srtp init failed with error code %d\n", status);
232 exit(1);
233 }
234
235 /* load srtp_driver debug module */
236 status = srtp_crypto_kernel_load_debug_module(&mod_driver);
237 if (status) {
238 printf("error: load of srtp_driver debug module failed "
239 "with error code %d\n",
240 status);
241 exit(1);
242 }
243
244 /* process input arguments */
245 while (1) {
246 q = getopt_s(argc, argv, "trcvold:");
247 if (q == -1) {
248 break;
249 }
250 switch (q) {
251 case 't':
252 do_timing_test = 1;
253 break;
254 case 'r':
255 do_rejection_test = 1;
256 break;
257 case 'c':
258 do_codec_timing = 1;
259 break;
260 case 'v':
261 do_validation = 1;
262 break;
263 case 'o':
264 do_log_stdout = 1;
265 break;
266 case 'l':
267 do_list_mods = 1;
268 break;
269 case 'd':
270 status = srtp_set_debug_module(optarg_s, 1);
271 if (status) {
272 printf("error: set debug module (%s) failed\n", optarg_s);
273 exit(1);
274 }
275 break;
276 default:
277 usage(argv[0]);
278 }
279 }
280
281 if (!do_validation && !do_timing_test && !do_codec_timing &&
282 !do_list_mods && !do_rejection_test) {
283 usage(argv[0]);
284 }
285
286 if (do_log_stdout) {
287 status = srtp_install_log_handler(log_handler, NULL);
288 if (status) {
289 printf("error: install log handler failed\n");
290 exit(1);
291 }
292 }
293
294 if (do_list_mods) {
295 status = srtp_list_debug_modules();
296 if (status) {
297 printf("error: list of debug modules failed\n");
298 exit(1);
299 }
300 }
301
302 if (do_validation) {
303 const srtp_policy_t **policy = policy_array;
304 srtp_policy_t *big_policy;
305
306 /* loop over policy array, testing srtp and srtcp for each policy */
307 while (*policy != NULL) {
308 printf("testing srtp_protect and srtp_unprotect\n");
309 if (srtp_test(*policy, 0, -1) == srtp_err_status_ok) {
310 printf("passed\n\n");
311 } else {
312 printf("failed\n");
313 exit(1);
314 }
315
316 printf("testing srtp_protect and srtp_unprotect with encrypted "
317 "extensions headers\n");
318 if (srtp_test(*policy, 1, -1) == srtp_err_status_ok) {
319 printf("passed\n\n");
320 } else {
321 printf("failed\n");
322 exit(1);
323 }
324 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
325 if (srtcp_test(*policy, -1) == srtp_err_status_ok) {
326 printf("passed\n\n");
327 } else {
328 printf("failed\n");
329 exit(1);
330 }
331 printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI "
332 "index set to 0\n");
333 if (srtp_test(*policy, 0, 0) == srtp_err_status_ok) {
334 printf("passed\n\n");
335 } else {
336 printf("failed\n");
337 exit(1);
338 }
339 printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI "
340 "index set to 1\n");
341 if (srtp_test(*policy, 0, 1) == srtp_err_status_ok) {
342 printf("passed\n\n");
343 } else {
344 printf("failed\n");
345 exit(1);
346 }
347
348 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI "
349 "index set to 0\n");
350 if (srtcp_test(*policy, 0) == srtp_err_status_ok) {
351 printf("passed\n\n");
352 } else {
353 printf("failed\n");
354 exit(1);
355 }
356 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI "
357 "index set to 1\n");
358 if (srtcp_test(*policy, 1) == srtp_err_status_ok) {
359 printf("passed\n\n");
360 } else {
361 printf("failed\n");
362 exit(1);
363 }
364 policy++;
365 }
366
367 /* create a big policy list and run tests on it */
368 status = srtp_create_big_policy(&big_policy);
369 if (status) {
370 printf("unexpected failure with error code %d\n", status);
371 exit(1);
372 }
373 printf("testing srtp_protect and srtp_unprotect with big policy\n");
374 if (srtp_test(big_policy, 0, -1) == srtp_err_status_ok) {
375 printf("passed\n\n");
376 } else {
377 printf("failed\n");
378 exit(1);
379 }
380 printf("testing srtp_protect and srtp_unprotect with big policy and "
381 "encrypted extensions headers\n");
382 if (srtp_test(big_policy, 1, -1) == srtp_err_status_ok) {
383 printf("passed\n\n");
384 } else {
385 printf("failed\n");
386 exit(1);
387 }
388 status = srtp_dealloc_big_policy(big_policy);
389 if (status) {
390 printf("unexpected failure with error code %d\n", status);
391 exit(1);
392 }
393
394 /* run test on wildcard policy */
395 printf("testing srtp_protect and srtp_unprotect on "
396 "wildcard ssrc policy\n");
397 if (srtp_test(&wildcard_policy, 0, -1) == srtp_err_status_ok) {
398 printf("passed\n\n");
399 } else {
400 printf("failed\n");
401 exit(1);
402 }
403 printf("testing srtp_protect and srtp_unprotect on "
404 "wildcard ssrc policy and encrypted extensions headers\n");
405 if (srtp_test(&wildcard_policy, 1, -1) == srtp_err_status_ok) {
406 printf("passed\n\n");
407 } else {
408 printf("failed\n");
409 exit(1);
410 }
411
412 /*
413 * run validation test against the reference packets - note
414 * that this test only covers the default policy
415 */
416 printf("testing srtp_protect and srtp_unprotect against "
417 "reference packet\n");
418 if (srtp_validate() == srtp_err_status_ok) {
419 printf("passed\n\n");
420 } else {
421 printf("failed\n");
422 exit(1);
423 }
424
425 #ifdef GCM
426 printf("testing srtp_protect and srtp_unprotect against "
427 "reference packet using GCM\n");
428 if (srtp_validate_gcm() == srtp_err_status_ok) {
429 printf("passed\n\n");
430 } else {
431 printf("failed\n");
432 exit(1);
433 }
434 #endif
435
436 printf("testing srtp_protect and srtp_unprotect against "
437 "reference packet with encrypted extensions headers\n");
438 if (srtp_validate_encrypted_extensions_headers() == srtp_err_status_ok)
439 printf("passed\n\n");
440 else {
441 printf("failed\n");
442 exit(1);
443 }
444
445 #ifdef GCM
446 printf("testing srtp_protect and srtp_unprotect against "
447 "reference packet with encrypted extension headers (GCM)\n");
448 if (srtp_validate_encrypted_extensions_headers_gcm() ==
449 srtp_err_status_ok) {
450 printf("passed\n\n");
451 } else {
452 printf("failed\n");
453 exit(1);
454 }
455 #endif
456
457 /*
458 * run validation test against the reference packets for
459 * AES-256
460 */
461 printf("testing srtp_protect and srtp_unprotect against "
462 "reference packet (AES-256)\n");
463 if (srtp_validate_aes_256() == srtp_err_status_ok) {
464 printf("passed\n\n");
465 } else {
466 printf("failed\n");
467 exit(1);
468 }
469
470 /*
471 * test packets with empty payload
472 */
473 printf("testing srtp_protect and srtp_unprotect against "
474 "packet with empty payload\n");
475 if (srtp_test_empty_payload() == srtp_err_status_ok) {
476 printf("passed\n");
477 } else {
478 printf("failed\n");
479 exit(1);
480 }
481 #ifdef GCM
482 printf("testing srtp_protect and srtp_unprotect against "
483 "packet with empty payload (GCM)\n");
484 if (srtp_test_empty_payload_gcm() == srtp_err_status_ok) {
485 printf("passed\n");
486 } else {
487 printf("failed\n");
488 exit(1);
489 }
490 #endif
491
492 /*
493 * test the function srtp_remove_stream()
494 */
495 printf("testing srtp_remove_stream()...");
496 if (srtp_test_remove_stream() == srtp_err_status_ok) {
497 printf("passed\n");
498 } else {
499 printf("failed\n");
500 exit(1);
501 }
502
503 /*
504 * test the function srtp_update()
505 */
506 printf("testing srtp_update()...");
507 if (srtp_test_update() == srtp_err_status_ok) {
508 printf("passed\n");
509 } else {
510 printf("failed\n");
511 exit(1);
512 }
513
514 /*
515 * test the functions srtp_get_protect_trailer_length
516 * and srtp_get_protect_rtcp_trailer_length
517 */
518 printf("testing srtp_get_protect_trailer_length()...");
519 if (srtp_test_protect_trailer_length() == srtp_err_status_ok) {
520 printf("passed\n");
521 } else {
522 printf("failed\n");
523 exit(1);
524 }
525
526 printf("testing srtp_get_protect_rtcp_trailer_length()...");
527 if (srtp_test_protect_rtcp_trailer_length() == srtp_err_status_ok) {
528 printf("passed\n");
529 } else {
530 printf("failed\n");
531 exit(1);
532 }
533
534 printf("testing srtp_test_get_roc()...");
535 if (srtp_test_get_roc() == srtp_err_status_ok) {
536 printf("passed\n");
537 } else {
538 printf("failed\n");
539 exit(1);
540 }
541
542 printf("testing srtp_test_set_receiver_roc()...");
543 if (srtp_test_set_receiver_roc() == srtp_err_status_ok) {
544 printf("passed\n");
545 } else {
546 printf("failed\n");
547 exit(1);
548 }
549
550 printf("testing srtp_test_set_sender_roc()...");
551 if (srtp_test_set_sender_roc() == srtp_err_status_ok) {
552 printf("passed\n");
553 } else {
554 printf("failed\n");
555 exit(1);
556 }
557 }
558
559 if (do_timing_test) {
560 const srtp_policy_t **policy = policy_array;
561
562 /* loop over policies, run timing test for each */
563 while (*policy != NULL) {
564 srtp_print_policy(*policy);
565 srtp_do_timing(*policy);
566 policy++;
567 }
568 }
569
570 if (do_rejection_test) {
571 const srtp_policy_t **policy = policy_array;
572
573 /* loop over policies, run rejection timing test for each */
574 while (*policy != NULL) {
575 srtp_print_policy(*policy);
576 srtp_do_rejection_timing(*policy);
577 policy++;
578 }
579 }
580
581 if (do_codec_timing) {
582 srtp_policy_t policy;
583 int ignore;
584 double mips_value = mips_estimate(1000000000, &ignore);
585
586 memset(&policy, 0, sizeof(policy));
587 srtp_crypto_policy_set_rtp_default(&policy.rtp);
588 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
589 policy.ssrc.type = ssrc_specific;
590 policy.ssrc.value = 0xdecafbad;
591 policy.key = test_key;
592 policy.ekt = NULL;
593 policy.window_size = 128;
594 policy.allow_repeat_tx = 0;
595 policy.next = NULL;
596
597 printf("mips estimate: %e\n", mips_value);
598
599 printf("testing srtp processing time for voice codecs:\n");
600 printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
601 printf("G.711\t\t%d\t\t\t%e\n", 80,
602 (double)mips_value * (80 * 8) /
603 srtp_bits_per_second(80, &policy) / .01);
604 printf("G.711\t\t%d\t\t\t%e\n", 160,
605 (double)mips_value * (160 * 8) /
606 srtp_bits_per_second(160, &policy) / .02);
607 printf("G.726-32\t%d\t\t\t%e\n", 40,
608 (double)mips_value * (40 * 8) /
609 srtp_bits_per_second(40, &policy) / .01);
610 printf("G.726-32\t%d\t\t\t%e\n", 80,
611 (double)mips_value * (80 * 8) /
612 srtp_bits_per_second(80, &policy) / .02);
613 printf("G.729\t\t%d\t\t\t%e\n", 10,
614 (double)mips_value * (10 * 8) /
615 srtp_bits_per_second(10, &policy) / .01);
616 printf("G.729\t\t%d\t\t\t%e\n", 20,
617 (double)mips_value * (20 * 8) /
618 srtp_bits_per_second(20, &policy) / .02);
619 printf("Wideband\t%d\t\t\t%e\n", 320,
620 (double)mips_value * (320 * 8) /
621 srtp_bits_per_second(320, &policy) / .01);
622 printf("Wideband\t%d\t\t\t%e\n", 640,
623 (double)mips_value * (640 * 8) /
624 srtp_bits_per_second(640, &policy) / .02);
625 }
626
627 status = srtp_shutdown();
628 if (status) {
629 printf("error: srtp shutdown failed with error code %d\n", status);
630 exit(1);
631 }
632
633 return 0;
634 }
635
636 /*
637 * srtp_create_test_packet(len, ssrc) returns a pointer to a
638 * (malloced) example RTP packet whose data field has the length given
639 * by pkt_octet_len and the SSRC value ssrc. The total length of the
640 * packet is twelve octets longer, since the header is at the
641 * beginning. There is room at the end of the packet for a trailer,
642 * and the four octets following the packet are filled with 0xff
643 * values to enable testing for overwrites.
644 *
645 * note that the location of the test packet can (and should) be
646 * deallocated with the free() call once it is no longer needed.
647 */
648
srtp_create_test_packet(int pkt_octet_len,uint32_t ssrc,int * pkt_len)649 srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len,
650 uint32_t ssrc,
651 int *pkt_len)
652 {
653 int i;
654 uint8_t *buffer;
655 srtp_hdr_t *hdr;
656 int bytes_in_hdr = 12;
657
658 /* allocate memory for test packet */
659 hdr = (srtp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr +
660 SRTP_MAX_TRAILER_LEN + 4);
661 if (!hdr) {
662 return NULL;
663 }
664
665 hdr->version = 2; /* RTP version two */
666 hdr->p = 0; /* no padding needed */
667 hdr->x = 0; /* no header extension */
668 hdr->cc = 0; /* no CSRCs */
669 hdr->m = 0; /* marker bit */
670 hdr->pt = 0xf; /* payload type */
671 hdr->seq = htons(0x1234); /* sequence number */
672 hdr->ts = htonl(0xdecafbad); /* timestamp */
673 hdr->ssrc = htonl(ssrc); /* synch. source */
674
675 buffer = (uint8_t *)hdr;
676 buffer += bytes_in_hdr;
677
678 /* set RTP data to 0xab */
679 for (i = 0; i < pkt_octet_len; i++) {
680 *buffer++ = 0xab;
681 }
682
683 /* set post-data value to 0xffff to enable overrun checking */
684 for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) {
685 *buffer++ = 0xff;
686 }
687
688 *pkt_len = bytes_in_hdr + pkt_octet_len;
689
690 return hdr;
691 }
692
srtp_create_test_packet_extended(int pkt_octet_len,uint32_t ssrc,uint16_t seq,uint32_t ts,int * pkt_len)693 static srtp_hdr_t *srtp_create_test_packet_extended(int pkt_octet_len,
694 uint32_t ssrc,
695 uint16_t seq,
696 uint32_t ts,
697 int *pkt_len)
698 {
699 srtp_hdr_t *hdr;
700
701 hdr = srtp_create_test_packet(pkt_octet_len, ssrc, pkt_len);
702 if (hdr == NULL)
703 return hdr;
704
705 hdr->seq = htons(seq);
706 hdr->ts = htonl(ts);
707 return hdr;
708 }
709
srtp_create_test_packet_ext_hdr(int pkt_octet_len,uint32_t ssrc,int * pkt_len)710 srtp_hdr_t *srtp_create_test_packet_ext_hdr(int pkt_octet_len,
711 uint32_t ssrc,
712 int *pkt_len)
713 {
714 int i;
715 uint8_t *buffer;
716 srtp_hdr_t *hdr;
717 int bytes_in_hdr = 12;
718 uint8_t extension_header[12] = { /* one-byte header */
719 0xbe, 0xde,
720 /* size */
721 0x00, 0x02,
722 /* id 1, length 1 (i.e. 2 bytes) */
723 0x11,
724 /* payload */
725 0xca, 0xfe,
726 /* padding */
727 0x00,
728 /* id 2, length 0 (i.e. 1 byte) */
729 0x20,
730 /* payload */
731 0xba,
732 /* padding */
733 0x00, 0x00
734 };
735
736 /* allocate memory for test packet */
737 hdr = (srtp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr +
738 sizeof(extension_header) + SRTP_MAX_TRAILER_LEN +
739 4);
740 if (!hdr)
741 return NULL;
742
743 hdr->version = 2; /* RTP version two */
744 hdr->p = 0; /* no padding needed */
745 hdr->x = 1; /* no header extension */
746 hdr->cc = 0; /* no CSRCs */
747 hdr->m = 0; /* marker bit */
748 hdr->pt = 0xf; /* payload type */
749 hdr->seq = htons(0x1234); /* sequence number */
750 hdr->ts = htonl(0xdecafbad); /* timestamp */
751 hdr->ssrc = htonl(ssrc); /* synch. source */
752
753 buffer = (uint8_t *)hdr;
754 buffer += bytes_in_hdr;
755
756 memcpy(buffer, extension_header, sizeof(extension_header));
757 buffer += sizeof(extension_header);
758
759 /* set RTP data to 0xab */
760 for (i = 0; i < pkt_octet_len; i++)
761 *buffer++ = 0xab;
762
763 /* set post-data value to 0xffff to enable overrun checking */
764 for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++)
765 *buffer++ = 0xff;
766
767 *pkt_len = bytes_in_hdr + sizeof(extension_header) + pkt_octet_len;
768
769 return hdr;
770 }
771
srtp_do_timing(const srtp_policy_t * policy)772 void srtp_do_timing(const srtp_policy_t *policy)
773 {
774 int len;
775
776 /*
777 * note: the output of this function is formatted so that it
778 * can be used in gnuplot. '#' indicates a comment, and "\r\n"
779 * terminates a record
780 */
781
782 printf("# testing srtp throughput:\r\n");
783 printf("# mesg length (octets)\tthroughput (megabits per second)\r\n");
784
785 for (len = 16; len <= 2048; len *= 2) {
786 printf("%d\t\t\t%f\r\n", len,
787 srtp_bits_per_second(len, policy) / 1.0E6);
788 }
789
790 /* these extra linefeeds let gnuplot know that a dataset is done */
791 printf("\r\n\r\n");
792 }
793
srtp_do_rejection_timing(const srtp_policy_t * policy)794 void srtp_do_rejection_timing(const srtp_policy_t *policy)
795 {
796 int len;
797
798 /*
799 * note: the output of this function is formatted so that it
800 * can be used in gnuplot. '#' indicates a comment, and "\r\n"
801 * terminates a record
802 */
803
804 printf("# testing srtp rejection throughput:\r\n");
805 printf("# mesg length (octets)\trejections per second\r\n");
806
807 for (len = 8; len <= 2048; len *= 2) {
808 printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy));
809 }
810
811 /* these extra linefeeds let gnuplot know that a dataset is done */
812 printf("\r\n\r\n");
813 }
814
815 #define MAX_MSG_LEN 1024
816
srtp_bits_per_second(int msg_len_octets,const srtp_policy_t * policy)817 double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy)
818 {
819 srtp_t srtp;
820 srtp_hdr_t *mesg;
821 int i;
822 clock_t timer;
823 int num_trials = 100000;
824 int input_len, len;
825 uint32_t ssrc;
826 srtp_err_status_t status;
827
828 /*
829 * allocate and initialize an srtp session
830 */
831 status = srtp_create(&srtp, policy);
832 if (status) {
833 printf("error: srtp_create() failed with error code %d\n", status);
834 exit(1);
835 }
836
837 /*
838 * if the ssrc is unspecified, use a predetermined one
839 */
840 if (policy->ssrc.type != ssrc_specific) {
841 ssrc = 0xdeadbeef;
842 } else {
843 ssrc = policy->ssrc.value;
844 }
845
846 /*
847 * create a test packet
848 */
849 mesg = srtp_create_test_packet(msg_len_octets, ssrc, &input_len);
850 if (mesg == NULL) {
851 return 0.0; /* indicate failure by returning zero */
852 }
853 timer = clock();
854 for (i = 0; i < num_trials; i++) {
855 len = input_len;
856 /* srtp protect message */
857 status = srtp_protect(srtp, mesg, &len);
858 if (status) {
859 printf("error: srtp_protect() failed with error code %d\n", status);
860 exit(1);
861 }
862
863 /* increment message number */
864 {
865 /* hack sequence to avoid problems with macros for htons/ntohs on
866 * some systems */
867 short new_seq = ntohs(mesg->seq) + 1;
868 mesg->seq = htons(new_seq);
869 }
870 }
871 timer = clock() - timer;
872
873 free(mesg);
874
875 status = srtp_dealloc(srtp);
876 if (status) {
877 printf("error: srtp_dealloc() failed with error code %d\n", status);
878 exit(1);
879 }
880
881 return (double)(msg_len_octets)*8 * num_trials * CLOCKS_PER_SEC / timer;
882 }
883
srtp_rejections_per_second(int msg_len_octets,const srtp_policy_t * policy)884 double srtp_rejections_per_second(int msg_len_octets,
885 const srtp_policy_t *policy)
886 {
887 srtp_ctx_t *srtp;
888 srtp_hdr_t *mesg;
889 int i;
890 int len;
891 clock_t timer;
892 int num_trials = 1000000;
893 uint32_t ssrc = policy->ssrc.value;
894 srtp_err_status_t status;
895
896 /*
897 * allocate and initialize an srtp session
898 */
899 status = srtp_create(&srtp, policy);
900 if (status) {
901 printf("error: srtp_create() failed with error code %d\n", status);
902 exit(1);
903 }
904
905 mesg = srtp_create_test_packet(msg_len_octets, ssrc, &len);
906 if (mesg == NULL) {
907 return 0.0; /* indicate failure by returning zero */
908 }
909 srtp_protect(srtp, (srtp_hdr_t *)mesg, &len);
910
911 timer = clock();
912 for (i = 0; i < num_trials; i++) {
913 len = msg_len_octets;
914 srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len);
915 }
916 timer = clock() - timer;
917
918 free(mesg);
919
920 status = srtp_dealloc(srtp);
921 if (status) {
922 printf("error: srtp_dealloc() failed with error code %d\n", status);
923 exit(1);
924 }
925
926 return (double)num_trials * CLOCKS_PER_SEC / timer;
927 }
928
err_check(srtp_err_status_t s)929 void err_check(srtp_err_status_t s)
930 {
931 if (s == srtp_err_status_ok) {
932 return;
933 } else {
934 fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
935 }
936 exit(1);
937 }
938
srtp_test_call_protect(srtp_t srtp_sender,srtp_hdr_t * hdr,int * len,int mki_index)939 srtp_err_status_t srtp_test_call_protect(srtp_t srtp_sender,
940 srtp_hdr_t *hdr,
941 int *len,
942 int mki_index)
943 {
944 if (mki_index == -1) {
945 return srtp_protect(srtp_sender, hdr, len);
946 } else {
947 return srtp_protect_mki(srtp_sender, hdr, len, 1, mki_index);
948 }
949 }
950
srtp_test_call_protect_rtcp(srtp_t srtp_sender,srtp_hdr_t * hdr,int * len,int mki_index)951 srtp_err_status_t srtp_test_call_protect_rtcp(srtp_t srtp_sender,
952 srtp_hdr_t *hdr,
953 int *len,
954 int mki_index)
955 {
956 if (mki_index == -1) {
957 return srtp_protect_rtcp(srtp_sender, hdr, len);
958 } else {
959 return srtp_protect_rtcp_mki(srtp_sender, hdr, len, 1, mki_index);
960 }
961 }
962
srtp_test_call_unprotect(srtp_t srtp_sender,srtp_hdr_t * hdr,int * len,int use_mki)963 srtp_err_status_t srtp_test_call_unprotect(srtp_t srtp_sender,
964 srtp_hdr_t *hdr,
965 int *len,
966 int use_mki)
967 {
968 if (use_mki == -1) {
969 return srtp_unprotect(srtp_sender, hdr, len);
970 } else {
971 return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki);
972 }
973 }
974
srtp_test_call_unprotect_rtcp(srtp_t srtp_sender,srtp_hdr_t * hdr,int * len,int use_mki)975 srtp_err_status_t srtp_test_call_unprotect_rtcp(srtp_t srtp_sender,
976 srtp_hdr_t *hdr,
977 int *len,
978 int use_mki)
979 {
980 if (use_mki == -1) {
981 return srtp_unprotect_rtcp(srtp_sender, hdr, len);
982 } else {
983 return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki);
984 }
985 }
986
srtp_test(const srtp_policy_t * policy,int extension_header,int mki_index)987 srtp_err_status_t srtp_test(const srtp_policy_t *policy,
988 int extension_header,
989 int mki_index)
990 {
991 int i;
992 srtp_t srtp_sender;
993 srtp_t srtp_rcvr;
994 srtp_err_status_t status = srtp_err_status_ok;
995 srtp_hdr_t *hdr, *hdr2;
996 uint8_t hdr_enc[64];
997 uint8_t *pkt_end;
998 int msg_len_octets, msg_len_enc, msg_len;
999 int len, len2;
1000 uint32_t tag_length;
1001 uint32_t ssrc;
1002 srtp_policy_t *rcvr_policy;
1003 srtp_policy_t tmp_policy;
1004 int header = 1;
1005 int use_mki = 0;
1006
1007 if (mki_index >= 0)
1008 use_mki = 1;
1009
1010 if (extension_header) {
1011 memcpy(&tmp_policy, policy, sizeof(srtp_policy_t));
1012 tmp_policy.enc_xtn_hdr = &header;
1013 tmp_policy.enc_xtn_hdr_count = 1;
1014 err_check(srtp_create(&srtp_sender, &tmp_policy));
1015 } else {
1016 err_check(srtp_create(&srtp_sender, policy));
1017 }
1018
1019 /* print out policy */
1020 err_check(srtp_session_print_policy(srtp_sender));
1021
1022 /*
1023 * initialize data buffer, using the ssrc in the policy unless that
1024 * value is a wildcard, in which case we'll just use an arbitrary
1025 * one
1026 */
1027 if (policy->ssrc.type != ssrc_specific) {
1028 ssrc = 0xdecafbad;
1029 } else {
1030 ssrc = policy->ssrc.value;
1031 }
1032 msg_len_octets = 28;
1033 if (extension_header) {
1034 hdr = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc, &len);
1035 hdr2 = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc, &len2);
1036 } else {
1037 hdr = srtp_create_test_packet(msg_len_octets, ssrc, &len);
1038 hdr2 = srtp_create_test_packet(msg_len_octets, ssrc, &len2);
1039 }
1040
1041 /* save original msg len */
1042 msg_len = len;
1043
1044 if (hdr == NULL) {
1045 free(hdr2);
1046 return srtp_err_status_alloc_fail;
1047 }
1048 if (hdr2 == NULL) {
1049 free(hdr);
1050 return srtp_err_status_alloc_fail;
1051 }
1052
1053 debug_print(mod_driver, "before protection:\n%s",
1054 srtp_packet_to_string(hdr, len));
1055
1056 #if PRINT_REFERENCE_PACKET
1057 debug_print(mod_driver, "reference packet before protection:\n%s",
1058 octet_string_hex_string((uint8_t *)hdr, len));
1059 #endif
1060 err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index));
1061
1062 debug_print(mod_driver, "after protection:\n%s",
1063 srtp_packet_to_string(hdr, len));
1064 #if PRINT_REFERENCE_PACKET
1065 debug_print(mod_driver, "after protection:\n%s",
1066 octet_string_hex_string((uint8_t *)hdr, len));
1067 #endif
1068
1069 /* save protected message and length */
1070 memcpy(hdr_enc, hdr, len);
1071 msg_len_enc = len;
1072
1073 /*
1074 * check for overrun of the srtp_protect() function
1075 *
1076 * The packet is followed by a value of 0xfffff; if the value of the
1077 * data following the packet is different, then we know that the
1078 * protect function is overwriting the end of the packet.
1079 */
1080 err_check(srtp_get_protect_trailer_length(srtp_sender, use_mki, mki_index,
1081 &tag_length));
1082 pkt_end = (uint8_t *)hdr + msg_len + tag_length;
1083 for (i = 0; i < 4; i++) {
1084 if (pkt_end[i] != 0xff) {
1085 fprintf(stdout, "overwrite in srtp_protect() function "
1086 "(expected %x, found %x in trailing octet %d)\n",
1087 0xff, ((uint8_t *)hdr)[i], i);
1088 free(hdr);
1089 free(hdr2);
1090 return srtp_err_status_algo_fail;
1091 }
1092 }
1093
1094 /*
1095 * if the policy includes confidentiality, check that ciphertext is
1096 * different than plaintext
1097 *
1098 * Note that this check will give false negatives, with some small
1099 * probability, especially if the packets are short. For that
1100 * reason, we skip this check if the plaintext is less than four
1101 * octets long.
1102 */
1103 if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
1104 printf("testing that ciphertext is distinct from plaintext...");
1105 status = srtp_err_status_algo_fail;
1106 for (i = 12; i < msg_len_octets + 12; i++) {
1107 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
1108 status = srtp_err_status_ok;
1109 }
1110 }
1111 if (status) {
1112 printf("failed\n");
1113 free(hdr);
1114 free(hdr2);
1115 return status;
1116 }
1117 printf("passed\n");
1118 }
1119
1120 /*
1121 * if the policy uses a 'wildcard' ssrc, then we need to make a copy
1122 * of the policy that changes the direction to inbound
1123 *
1124 * we always copy the policy into the rcvr_policy, since otherwise
1125 * the compiler would fret about the constness of the policy
1126 */
1127 rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t));
1128 if (rcvr_policy == NULL) {
1129 free(hdr);
1130 free(hdr2);
1131 return srtp_err_status_alloc_fail;
1132 }
1133 if (extension_header) {
1134 memcpy(rcvr_policy, &tmp_policy, sizeof(srtp_policy_t));
1135 if (tmp_policy.ssrc.type == ssrc_any_outbound) {
1136 rcvr_policy->ssrc.type = ssrc_any_inbound;
1137 }
1138 } else {
1139 memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
1140 if (policy->ssrc.type == ssrc_any_outbound) {
1141 rcvr_policy->ssrc.type = ssrc_any_inbound;
1142 }
1143 }
1144
1145 err_check(srtp_create(&srtp_rcvr, rcvr_policy));
1146
1147 err_check(srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki));
1148
1149 debug_print(mod_driver, "after unprotection:\n%s",
1150 srtp_packet_to_string(hdr, len));
1151
1152 /* verify that the unprotected packet matches the origial one */
1153 for (i = 0; i < len; i++) {
1154 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
1155 fprintf(stdout, "mismatch at octet %d\n", i);
1156 status = srtp_err_status_algo_fail;
1157 }
1158 }
1159 if (status) {
1160 free(hdr);
1161 free(hdr2);
1162 free(rcvr_policy);
1163 return status;
1164 }
1165
1166 /*
1167 * if the policy includes authentication, then test for false positives
1168 */
1169 if (policy->rtp.sec_serv & sec_serv_auth) {
1170 char *data = ((char *)hdr) + (extension_header ? 24 : 12);
1171
1172 printf("testing for false positives in replay check...");
1173
1174 /* unprotect a second time - should fail with a replay error */
1175 status =
1176 srtp_test_call_unprotect(srtp_rcvr, hdr, &msg_len_enc, use_mki);
1177 if (status != srtp_err_status_replay_fail) {
1178 printf("failed with error code %d\n", status);
1179 free(hdr);
1180 free(hdr2);
1181 free(rcvr_policy);
1182 return status;
1183 } else {
1184 printf("passed\n");
1185 }
1186
1187 printf("testing for false positives in auth check...");
1188
1189 /* increment sequence number in header */
1190 hdr->seq++;
1191
1192 /* apply protection */
1193 err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index));
1194
1195 /* flip bits in packet */
1196 data[0] ^= 0xff;
1197
1198 /* unprotect, and check for authentication failure */
1199 status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki);
1200 if (status != srtp_err_status_auth_fail) {
1201 printf("failed\n");
1202 free(hdr);
1203 free(hdr2);
1204 free(rcvr_policy);
1205 return status;
1206 } else {
1207 printf("passed\n");
1208 }
1209 }
1210
1211 err_check(srtp_dealloc(srtp_sender));
1212 err_check(srtp_dealloc(srtp_rcvr));
1213
1214 free(hdr);
1215 free(hdr2);
1216 free(rcvr_policy);
1217 return srtp_err_status_ok;
1218 }
1219
srtcp_test(const srtp_policy_t * policy,int mki_index)1220 srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index)
1221 {
1222 int i;
1223 srtp_t srtcp_sender;
1224 srtp_t srtcp_rcvr;
1225 srtp_err_status_t status = srtp_err_status_ok;
1226 srtp_hdr_t *hdr, *hdr2;
1227 uint8_t hdr_enc[64];
1228 uint8_t *pkt_end;
1229 int msg_len_octets, msg_len_enc, msg_len;
1230 int len, len2;
1231 uint32_t tag_length;
1232 uint32_t ssrc;
1233 srtp_policy_t *rcvr_policy;
1234 int use_mki = 0;
1235
1236 if (mki_index >= 0)
1237 use_mki = 1;
1238
1239 err_check(srtp_create(&srtcp_sender, policy));
1240
1241 /* print out policy */
1242 err_check(srtp_session_print_policy(srtcp_sender));
1243
1244 /*
1245 * initialize data buffer, using the ssrc in the policy unless that
1246 * value is a wildcard, in which case we'll just use an arbitrary
1247 * one
1248 */
1249 if (policy->ssrc.type != ssrc_specific) {
1250 ssrc = 0xdecafbad;
1251 } else {
1252 ssrc = policy->ssrc.value;
1253 }
1254 msg_len_octets = 28;
1255 hdr = srtp_create_test_packet(msg_len_octets, ssrc, &len);
1256 /* save message len */
1257 msg_len = len;
1258
1259 if (hdr == NULL) {
1260 return srtp_err_status_alloc_fail;
1261 }
1262 hdr2 = srtp_create_test_packet(msg_len_octets, ssrc, &len2);
1263 if (hdr2 == NULL) {
1264 free(hdr);
1265 return srtp_err_status_alloc_fail;
1266 }
1267
1268 debug_print(mod_driver, "before protection:\n%s",
1269 srtp_packet_to_string(hdr, len));
1270
1271 #if PRINT_REFERENCE_PACKET
1272 debug_print(mod_driver, "reference packet before protection:\n%s",
1273 octet_string_hex_string((uint8_t *)hdr, len));
1274 #endif
1275 err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index));
1276
1277 debug_print(mod_driver, "after protection:\n%s",
1278 srtp_packet_to_string(hdr, len));
1279 #if PRINT_REFERENCE_PACKET
1280 debug_print(mod_driver, "after protection:\n%s",
1281 octet_string_hex_string((uint8_t *)hdr, len));
1282 #endif
1283
1284 /* save protected message and length */
1285 memcpy(hdr_enc, hdr, len);
1286 msg_len_enc = len;
1287
1288 /*
1289 * check for overrun of the srtp_protect() function
1290 *
1291 * The packet is followed by a value of 0xfffff; if the value of the
1292 * data following the packet is different, then we know that the
1293 * protect function is overwriting the end of the packet.
1294 */
1295 srtp_get_protect_rtcp_trailer_length(srtcp_sender, use_mki, mki_index,
1296 &tag_length);
1297 pkt_end = (uint8_t *)hdr + msg_len + tag_length;
1298 for (i = 0; i < 4; i++) {
1299 if (pkt_end[i] != 0xff) {
1300 fprintf(stdout, "overwrite in srtp_protect_rtcp() function "
1301 "(expected %x, found %x in trailing octet %d)\n",
1302 0xff, ((uint8_t *)hdr)[i], i);
1303 free(hdr);
1304 free(hdr2);
1305 return srtp_err_status_algo_fail;
1306 }
1307 }
1308
1309 /*
1310 * if the policy includes confidentiality, check that ciphertext is
1311 * different than plaintext
1312 *
1313 * Note that this check will give false negatives, with some small
1314 * probability, especially if the packets are short. For that
1315 * reason, we skip this check if the plaintext is less than four
1316 * octets long.
1317 */
1318 if ((policy->rtcp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
1319 printf("testing that ciphertext is distinct from plaintext...");
1320 status = srtp_err_status_algo_fail;
1321 for (i = 12; i < msg_len_octets + 12; i++) {
1322 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
1323 status = srtp_err_status_ok;
1324 }
1325 }
1326 if (status) {
1327 printf("failed\n");
1328 free(hdr);
1329 free(hdr2);
1330 return status;
1331 }
1332 printf("passed\n");
1333 }
1334
1335 /*
1336 * if the policy uses a 'wildcard' ssrc, then we need to make a copy
1337 * of the policy that changes the direction to inbound
1338 *
1339 * we always copy the policy into the rcvr_policy, since otherwise
1340 * the compiler would fret about the constness of the policy
1341 */
1342 rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t));
1343 if (rcvr_policy == NULL) {
1344 free(hdr);
1345 free(hdr2);
1346 return srtp_err_status_alloc_fail;
1347 }
1348 memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
1349 if (policy->ssrc.type == ssrc_any_outbound) {
1350 rcvr_policy->ssrc.type = ssrc_any_inbound;
1351 }
1352
1353 err_check(srtp_create(&srtcp_rcvr, rcvr_policy));
1354
1355 err_check(srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki));
1356
1357 debug_print(mod_driver, "after unprotection:\n%s",
1358 srtp_packet_to_string(hdr, len));
1359
1360 /* verify that the unprotected packet matches the origial one */
1361 for (i = 0; i < len; i++) {
1362 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
1363 fprintf(stdout, "mismatch at octet %d\n", i);
1364 status = srtp_err_status_algo_fail;
1365 }
1366 }
1367 if (status) {
1368 free(hdr);
1369 free(hdr2);
1370 free(rcvr_policy);
1371 return status;
1372 }
1373
1374 /*
1375 * if the policy includes authentication, then test for false positives
1376 */
1377 if (policy->rtp.sec_serv & sec_serv_auth) {
1378 char *data = ((char *)hdr) + 12;
1379
1380 printf("testing for false positives in replay check...");
1381
1382 /* unprotect a second time - should fail with a replay error */
1383 status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &msg_len_enc,
1384 use_mki);
1385 if (status != srtp_err_status_replay_fail) {
1386 printf("failed with error code %d\n", status);
1387 free(hdr);
1388 free(hdr2);
1389 free(rcvr_policy);
1390 return status;
1391 } else {
1392 printf("passed\n");
1393 }
1394
1395 printf("testing for false positives in auth check...");
1396
1397 /* increment sequence number in header */
1398 hdr->seq++;
1399
1400 /* apply protection */
1401 err_check(
1402 srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index));
1403
1404 /* flip bits in packet */
1405 data[0] ^= 0xff;
1406
1407 /* unprotect, and check for authentication failure */
1408 status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki);
1409 if (status != srtp_err_status_auth_fail) {
1410 printf("failed\n");
1411 free(hdr);
1412 free(hdr2);
1413 free(rcvr_policy);
1414 return status;
1415 } else {
1416 printf("passed\n");
1417 }
1418 }
1419
1420 err_check(srtp_dealloc(srtcp_sender));
1421 err_check(srtp_dealloc(srtcp_rcvr));
1422
1423 free(hdr);
1424 free(hdr2);
1425 free(rcvr_policy);
1426 return srtp_err_status_ok;
1427 }
1428
srtp_session_print_policy(srtp_t srtp)1429 srtp_err_status_t srtp_session_print_policy(srtp_t srtp)
1430 {
1431 char *serv_descr[4] = { "none", "confidentiality", "authentication",
1432 "confidentiality and authentication" };
1433 char *direction[3] = { "unknown", "outbound", "inbound" };
1434 srtp_stream_t stream;
1435 srtp_session_keys_t *session_keys = NULL;
1436
1437 /* sanity checking */
1438 if (srtp == NULL) {
1439 return srtp_err_status_fail;
1440 }
1441
1442 /* if there's a template stream, print it out */
1443 if (srtp->stream_template != NULL) {
1444 stream = srtp->stream_template;
1445 session_keys = &stream->session_keys[0];
1446 printf("# SSRC: any %s\r\n"
1447 "# rtp cipher: %s\r\n"
1448 "# rtp auth: %s\r\n"
1449 "# rtp services: %s\r\n"
1450 "# rtcp cipher: %s\r\n"
1451 "# rtcp auth: %s\r\n"
1452 "# rtcp services: %s\r\n"
1453 "# window size: %lu\r\n"
1454 "# tx rtx allowed:%s\r\n",
1455 direction[stream->direction],
1456 session_keys->rtp_cipher->type->description,
1457 session_keys->rtp_auth->type->description,
1458 serv_descr[stream->rtp_services],
1459 session_keys->rtcp_cipher->type->description,
1460 session_keys->rtcp_auth->type->description,
1461 serv_descr[stream->rtcp_services],
1462 srtp_rdbx_get_window_size(&stream->rtp_rdbx),
1463 stream->allow_repeat_tx ? "true" : "false");
1464
1465 printf("# Encrypted extension headers: ");
1466 if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) {
1467 int *enc_xtn_hdr = stream->enc_xtn_hdr;
1468 int count = stream->enc_xtn_hdr_count;
1469 while (count > 0) {
1470 printf("%d ", *enc_xtn_hdr);
1471 enc_xtn_hdr++;
1472 count--;
1473 }
1474 printf("\n");
1475 } else {
1476 printf("none\n");
1477 }
1478 }
1479
1480 /* loop over streams in session, printing the policy of each */
1481 stream = srtp->stream_list;
1482 while (stream != NULL) {
1483 if (stream->rtp_services > sec_serv_conf_and_auth) {
1484 return srtp_err_status_bad_param;
1485 }
1486 session_keys = &stream->session_keys[0];
1487
1488 printf("# SSRC: 0x%08x\r\n"
1489 "# rtp cipher: %s\r\n"
1490 "# rtp auth: %s\r\n"
1491 "# rtp services: %s\r\n"
1492 "# rtcp cipher: %s\r\n"
1493 "# rtcp auth: %s\r\n"
1494 "# rtcp services: %s\r\n"
1495 "# window size: %lu\r\n"
1496 "# tx rtx allowed:%s\r\n",
1497 stream->ssrc, session_keys->rtp_cipher->type->description,
1498 session_keys->rtp_auth->type->description,
1499 serv_descr[stream->rtp_services],
1500 session_keys->rtcp_cipher->type->description,
1501 session_keys->rtcp_auth->type->description,
1502 serv_descr[stream->rtcp_services],
1503 srtp_rdbx_get_window_size(&stream->rtp_rdbx),
1504 stream->allow_repeat_tx ? "true" : "false");
1505
1506 printf("# Encrypted extension headers: ");
1507 if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) {
1508 int *enc_xtn_hdr = stream->enc_xtn_hdr;
1509 int count = stream->enc_xtn_hdr_count;
1510 while (count > 0) {
1511 printf("%d ", *enc_xtn_hdr);
1512 enc_xtn_hdr++;
1513 count--;
1514 }
1515 printf("\n");
1516 } else {
1517 printf("none\n");
1518 }
1519
1520 /* advance to next stream in the list */
1521 stream = stream->next;
1522 }
1523 return srtp_err_status_ok;
1524 }
1525
srtp_print_policy(const srtp_policy_t * policy)1526 srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy)
1527 {
1528 srtp_err_status_t status;
1529 srtp_t session;
1530
1531 status = srtp_create(&session, policy);
1532 if (status) {
1533 return status;
1534 }
1535 status = srtp_session_print_policy(session);
1536 if (status) {
1537 return status;
1538 }
1539 status = srtp_dealloc(session);
1540 if (status) {
1541 return status;
1542 }
1543 return srtp_err_status_ok;
1544 }
1545
1546 /*
1547 * srtp_print_packet(...) is for debugging only
1548 * it prints an RTP packet to the stdout
1549 *
1550 * note that this function is *not* threadsafe
1551 */
1552
1553 #include <stdio.h>
1554
1555 #define MTU 2048
1556
1557 char packet_string[MTU];
1558
srtp_packet_to_string(srtp_hdr_t * hdr,int pkt_octet_len)1559 char *srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len)
1560 {
1561 int octets_in_rtp_header = 12;
1562 uint8_t *data = ((uint8_t *)hdr) + octets_in_rtp_header;
1563 int hex_len = pkt_octet_len - octets_in_rtp_header;
1564
1565 /* sanity checking */
1566 if ((hdr == NULL) || (pkt_octet_len > MTU)) {
1567 return NULL;
1568 }
1569
1570 /* write packet into string */
1571 sprintf(packet_string, "(s)rtp packet: {\n"
1572 " version:\t%d\n"
1573 " p:\t\t%d\n"
1574 " x:\t\t%d\n"
1575 " cc:\t\t%d\n"
1576 " m:\t\t%d\n"
1577 " pt:\t\t%x\n"
1578 " seq:\t\t%x\n"
1579 " ts:\t\t%x\n"
1580 " ssrc:\t%x\n"
1581 " data:\t%s\n"
1582 "} (%d octets in total)\n",
1583 hdr->version, hdr->p, hdr->x, hdr->cc, hdr->m, hdr->pt, hdr->seq,
1584 hdr->ts, hdr->ssrc, octet_string_hex_string(data, hex_len),
1585 pkt_octet_len);
1586
1587 return packet_string;
1588 }
1589
1590 /*
1591 * mips_estimate() is a simple function to estimate the number of
1592 * instructions per second that the host can perform. note that this
1593 * function can be grossly wrong; you may want to have a manual sanity
1594 * check of its output!
1595 *
1596 * the 'ignore' pointer is there to convince the compiler to not just
1597 * optimize away the function
1598 */
1599
mips_estimate(int num_trials,int * ignore)1600 double mips_estimate(int num_trials, int *ignore)
1601 {
1602 clock_t t;
1603 volatile int i, sum;
1604
1605 sum = 0;
1606 t = clock();
1607 for (i = 0; i < num_trials; i++) {
1608 sum += i;
1609 }
1610 t = clock() - t;
1611 if (t < 1) {
1612 t = 1;
1613 }
1614
1615 /* printf("%d\n", sum); */
1616 *ignore = sum;
1617
1618 return (double)num_trials * CLOCKS_PER_SEC / t;
1619 }
1620
1621 /*
1622 * srtp_validate() verifies the correctness of libsrtp by comparing
1623 * some computed packets against some pre-computed reference values.
1624 * These packets were made with the default SRTP policy.
1625 */
1626
srtp_validate()1627 srtp_err_status_t srtp_validate()
1628 {
1629 // clang-format off
1630 uint8_t srtp_plaintext_ref[28] = {
1631 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1632 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1633 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1634 0xab, 0xab, 0xab, 0xab
1635 };
1636 uint8_t srtp_plaintext[38] = {
1637 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1638 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1639 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1640 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
1641 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1642 };
1643 uint8_t srtp_ciphertext[38] = {
1644 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1645 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
1646 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
1647 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
1648 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
1649 };
1650 uint8_t rtcp_plaintext_ref[24] = {
1651 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1652 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1653 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1654 };
1655 uint8_t rtcp_plaintext[38] = {
1656 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1657 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1658 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1659 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1660 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1661 };
1662 uint8_t srtcp_ciphertext[38] = {
1663 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1664 0x71, 0x28, 0x03, 0x5b, 0xe4, 0x87, 0xb9, 0xbd,
1665 0xbe, 0xf8, 0x90, 0x41, 0xf9, 0x77, 0xa5, 0xa8,
1666 0x80, 0x00, 0x00, 0x01, 0x99, 0x3e, 0x08, 0xcd,
1667 0x54, 0xd6, 0xc1, 0x23, 0x07, 0x98
1668 };
1669 // clang-format on
1670
1671 srtp_t srtp_snd, srtp_recv;
1672 srtp_err_status_t status;
1673 int len;
1674 srtp_policy_t policy;
1675
1676 /*
1677 * create a session with a single stream using the default srtp
1678 * policy and with the SSRC value 0xcafebabe
1679 */
1680 memset(&policy, 0, sizeof(policy));
1681 srtp_crypto_policy_set_rtp_default(&policy.rtp);
1682 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
1683 policy.ssrc.type = ssrc_specific;
1684 policy.ssrc.value = 0xcafebabe;
1685 policy.key = test_key;
1686 policy.ekt = NULL;
1687 policy.window_size = 128;
1688 policy.allow_repeat_tx = 0;
1689 policy.next = NULL;
1690
1691 status = srtp_create(&srtp_snd, &policy);
1692 if (status) {
1693 return status;
1694 }
1695
1696 /*
1697 * protect plaintext, then compare with ciphertext
1698 */
1699 len = 28;
1700 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
1701 if (status || (len != 38)) {
1702 return srtp_err_status_fail;
1703 }
1704
1705 debug_print(mod_driver, "ciphertext:\n %s",
1706 octet_string_hex_string(srtp_plaintext, len));
1707 debug_print(mod_driver, "ciphertext reference:\n %s",
1708 octet_string_hex_string(srtp_ciphertext, len));
1709
1710 if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) {
1711 return srtp_err_status_fail;
1712 }
1713
1714 /*
1715 * protect plaintext rtcp, then compare with srtcp ciphertext
1716 */
1717 len = 24;
1718 status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len);
1719 if (status || (len != 38)) {
1720 return srtp_err_status_fail;
1721 }
1722
1723 debug_print(mod_driver, "srtcp ciphertext:\n %s",
1724 octet_string_hex_string(rtcp_plaintext, len));
1725 debug_print(mod_driver, "srtcp ciphertext reference:\n %s",
1726 octet_string_hex_string(srtcp_ciphertext, len));
1727
1728 if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) {
1729 return srtp_err_status_fail;
1730 }
1731
1732 /*
1733 * create a receiver session context comparable to the one created
1734 * above - we need to do this so that the replay checking doesn't
1735 * complain
1736 */
1737 status = srtp_create(&srtp_recv, &policy);
1738 if (status) {
1739 return status;
1740 }
1741
1742 /*
1743 * unprotect ciphertext, then compare with plaintext
1744 */
1745 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
1746 if (status || (len != 28)) {
1747 return status;
1748 }
1749
1750 if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) {
1751 return srtp_err_status_fail;
1752 }
1753
1754 /*
1755 * unprotect srtcp ciphertext, then compare with rtcp plaintext
1756 */
1757 len = 38;
1758 status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len);
1759 if (status || (len != 24)) {
1760 return status;
1761 }
1762
1763 if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) {
1764 return srtp_err_status_fail;
1765 }
1766
1767 status = srtp_dealloc(srtp_snd);
1768 if (status) {
1769 return status;
1770 }
1771
1772 status = srtp_dealloc(srtp_recv);
1773 if (status) {
1774 return status;
1775 }
1776
1777 return srtp_err_status_ok;
1778 }
1779
1780 #ifdef GCM
1781 /*
1782 * srtp_validate_gcm() verifies the correctness of libsrtp by comparing
1783 * an computed packet against the known ciphertext for the plaintext.
1784 */
srtp_validate_gcm()1785 srtp_err_status_t srtp_validate_gcm()
1786 {
1787 // clang-format off
1788 unsigned char test_key_gcm[28] = {
1789 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1790 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1791 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
1792 0xa8, 0xa9, 0xaa, 0xab
1793 };
1794 uint8_t rtp_plaintext_ref[28] = {
1795 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1796 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1797 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1798 0xab, 0xab, 0xab, 0xab
1799 };
1800 uint8_t rtp_plaintext[44] = {
1801 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1802 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1803 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1804 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
1805 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1806 0x00, 0x00, 0x00, 0x00
1807 };
1808 uint8_t srtp_ciphertext[44] = {
1809 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1810 0xca, 0xfe, 0xba, 0xbe, 0xc5, 0x00, 0x2e, 0xde,
1811 0x04, 0xcf, 0xdd, 0x2e, 0xb9, 0x11, 0x59, 0xe0,
1812 0x88, 0x0a, 0xa0, 0x6e, 0xd2, 0x97, 0x68, 0x26,
1813 0xf7, 0x96, 0xb2, 0x01, 0xdf, 0x31, 0x31, 0xa1,
1814 0x27, 0xe8, 0xa3, 0x92
1815 };
1816 uint8_t rtcp_plaintext_ref[24] = {
1817 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1818 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1819 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1820 };
1821 uint8_t rtcp_plaintext[44] = {
1822 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1823 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1824 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1825 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1826 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1827 0x00, 0x00, 0x00, 0x00
1828 };
1829 uint8_t srtcp_ciphertext[44] = {
1830 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
1831 0xc9, 0x8b, 0x8b, 0x5d, 0xf0, 0x39, 0x2a, 0x55,
1832 0x85, 0x2b, 0x6c, 0x21, 0xac, 0x8e, 0x70, 0x25,
1833 0xc5, 0x2c, 0x6f, 0xbe, 0xa2, 0xb3, 0xb4, 0x46,
1834 0xea, 0x31, 0x12, 0x3b, 0xa8, 0x8c, 0xe6, 0x1e,
1835 0x80, 0x00, 0x00, 0x01
1836 };
1837 // clang-format on
1838
1839 srtp_t srtp_snd, srtp_recv;
1840 srtp_err_status_t status;
1841 int len;
1842 srtp_policy_t policy;
1843
1844 /*
1845 * create a session with a single stream using the default srtp
1846 * policy and with the SSRC value 0xcafebabe
1847 */
1848 memset(&policy, 0, sizeof(policy));
1849 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
1850 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
1851 policy.ssrc.type = ssrc_specific;
1852 policy.ssrc.value = 0xcafebabe;
1853 policy.key = test_key_gcm;
1854 policy.ekt = NULL;
1855 policy.window_size = 128;
1856 policy.allow_repeat_tx = 0;
1857 policy.next = NULL;
1858
1859 status = srtp_create(&srtp_snd, &policy);
1860 if (status) {
1861 return status;
1862 }
1863
1864 /*
1865 * protect plaintext rtp, then compare with srtp ciphertext
1866 */
1867 len = 28;
1868 status = srtp_protect(srtp_snd, rtp_plaintext, &len);
1869 if (status || (len != 44)) {
1870 return srtp_err_status_fail;
1871 }
1872
1873 debug_print(mod_driver, "srtp ciphertext:\n %s",
1874 octet_string_hex_string(rtp_plaintext, len));
1875 debug_print(mod_driver, "srtp ciphertext reference:\n %s",
1876 octet_string_hex_string(srtp_ciphertext, len));
1877
1878 if (srtp_octet_string_is_eq(rtp_plaintext, srtp_ciphertext, len)) {
1879 return srtp_err_status_fail;
1880 }
1881
1882 /*
1883 * protect plaintext rtcp, then compare with srtcp ciphertext
1884 */
1885 len = 24;
1886 status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len);
1887 if (status || (len != 44)) {
1888 return srtp_err_status_fail;
1889 }
1890
1891 debug_print(mod_driver, "srtcp ciphertext:\n %s",
1892 octet_string_hex_string(rtcp_plaintext, len));
1893 debug_print(mod_driver, "srtcp ciphertext reference:\n %s",
1894 octet_string_hex_string(srtcp_ciphertext, len));
1895
1896 if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) {
1897 return srtp_err_status_fail;
1898 }
1899
1900 /*
1901 * create a receiver session context comparable to the one created
1902 * above - we need to do this so that the replay checking doesn't
1903 * complain
1904 */
1905 status = srtp_create(&srtp_recv, &policy);
1906 if (status) {
1907 return status;
1908 }
1909
1910 /*
1911 * unprotect srtp ciphertext, then compare with rtp plaintext
1912 */
1913 len = 44;
1914 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
1915 if (status || (len != 28)) {
1916 return status;
1917 }
1918
1919 if (srtp_octet_string_is_eq(srtp_ciphertext, rtp_plaintext_ref, len)) {
1920 return srtp_err_status_fail;
1921 }
1922
1923 /*
1924 * unprotect srtcp ciphertext, then compare with rtcp plaintext
1925 */
1926 len = 44;
1927 status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len);
1928 if (status || (len != 24)) {
1929 return status;
1930 }
1931
1932 if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) {
1933 return srtp_err_status_fail;
1934 }
1935
1936 status = srtp_dealloc(srtp_snd);
1937 if (status) {
1938 return status;
1939 }
1940
1941 status = srtp_dealloc(srtp_recv);
1942 if (status) {
1943 return status;
1944 }
1945
1946 return srtp_err_status_ok;
1947 }
1948 #endif
1949
1950 /*
1951 * Test vectors taken from RFC 6904, Appendix A
1952 */
srtp_validate_encrypted_extensions_headers()1953 srtp_err_status_t srtp_validate_encrypted_extensions_headers()
1954 {
1955 // clang-format off
1956 unsigned char test_key_ext_headers[30] = {
1957 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
1958 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
1959 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
1960 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
1961 };
1962 uint8_t srtp_plaintext_ref[56] = {
1963 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1964 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
1965 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
1966 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
1967 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
1968 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1969 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
1970 };
1971 uint8_t srtp_plaintext[66] = {
1972 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1973 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
1974 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
1975 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
1976 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
1977 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1978 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1979 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1980 0x00, 0x00
1981 };
1982 uint8_t srtp_ciphertext[66] = {
1983 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1984 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
1985 0x17, 0x58, 0x8A, 0x92, 0x70, 0xF4, 0xE1, 0x5E,
1986 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x95, 0x46,
1987 0xA9, 0x94, 0xF0, 0xBC, 0x54, 0x78, 0x97, 0x00,
1988 0x4e, 0x55, 0xdc, 0x4c, 0xe7, 0x99, 0x78, 0xd8,
1989 0x8c, 0xa4, 0xd2, 0x15, 0x94, 0x9d, 0x24, 0x02,
1990 0x5a, 0x46, 0xb3, 0xca, 0x35, 0xc5, 0x35, 0xa8,
1991 0x91, 0xc7
1992 };
1993 // clang-format on
1994
1995 srtp_t srtp_snd, srtp_recv;
1996 srtp_err_status_t status;
1997 int len;
1998 srtp_policy_t policy;
1999 int headers[3] = { 1, 3, 4 };
2000
2001 /*
2002 * create a session with a single stream using the default srtp
2003 * policy and with the SSRC value 0xcafebabe
2004 */
2005 memset(&policy, 0, sizeof(policy));
2006 srtp_crypto_policy_set_rtp_default(&policy.rtp);
2007 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
2008 policy.ssrc.type = ssrc_specific;
2009 policy.ssrc.value = 0xcafebabe;
2010 policy.key = test_key_ext_headers;
2011 policy.ekt = NULL;
2012 policy.window_size = 128;
2013 policy.allow_repeat_tx = 0;
2014 policy.enc_xtn_hdr = headers;
2015 policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]);
2016 policy.next = NULL;
2017
2018 status = srtp_create(&srtp_snd, &policy);
2019 if (status)
2020 return status;
2021
2022 /*
2023 * protect plaintext, then compare with ciphertext
2024 */
2025 len = sizeof(srtp_plaintext_ref);
2026 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
2027 if (status || (len != sizeof(srtp_plaintext)))
2028 return srtp_err_status_fail;
2029
2030 debug_print(mod_driver, "ciphertext:\n %s",
2031 srtp_octet_string_hex_string(srtp_plaintext, len));
2032 debug_print(mod_driver, "ciphertext reference:\n %s",
2033 srtp_octet_string_hex_string(srtp_ciphertext, len));
2034
2035 if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
2036 return srtp_err_status_fail;
2037
2038 /*
2039 * create a receiver session context comparable to the one created
2040 * above - we need to do this so that the replay checking doesn't
2041 * complain
2042 */
2043 status = srtp_create(&srtp_recv, &policy);
2044 if (status)
2045 return status;
2046
2047 /*
2048 * unprotect ciphertext, then compare with plaintext
2049 */
2050 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
2051 if (status) {
2052 return status;
2053 } else if (len != sizeof(srtp_plaintext_ref)) {
2054 return srtp_err_status_fail;
2055 }
2056
2057 if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
2058 return srtp_err_status_fail;
2059
2060 status = srtp_dealloc(srtp_snd);
2061 if (status)
2062 return status;
2063
2064 status = srtp_dealloc(srtp_recv);
2065 if (status)
2066 return status;
2067
2068 return srtp_err_status_ok;
2069 }
2070
2071 #ifdef GCM
2072
2073 /*
2074 * Headers of test vectors taken from RFC 6904, Appendix A
2075 */
srtp_validate_encrypted_extensions_headers_gcm()2076 srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm()
2077 {
2078 // clang-format off
2079 unsigned char test_key_ext_headers[30] = {
2080 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
2081 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
2082 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
2083 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
2084 };
2085 uint8_t srtp_plaintext_ref[56] = {
2086 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2087 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
2088 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
2089 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
2090 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
2091 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
2092 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
2093 };
2094 uint8_t srtp_plaintext[64] = {
2095 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2096 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
2097 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
2098 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
2099 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
2100 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
2101 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
2102 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
2103 };
2104 uint8_t srtp_ciphertext[64] = {
2105 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2106 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
2107 0x17, 0x12, 0xe0, 0x20, 0x5b, 0xfa, 0x94, 0x9b,
2108 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0xbb, 0x46,
2109 0x73, 0x27, 0x78, 0xd9, 0x92, 0x9a, 0xab, 0x00,
2110 0x0e, 0xca, 0x0c, 0xf9, 0x5e, 0xe9, 0x55, 0xb2,
2111 0x6c, 0xd3, 0xd2, 0x88, 0xb4, 0x9f, 0x6c, 0xa9,
2112 0xf4, 0xb1, 0xb7, 0x59, 0x71, 0x9e, 0xb5, 0xbc
2113 };
2114 // clang-format on
2115
2116 srtp_t srtp_snd, srtp_recv;
2117 srtp_err_status_t status;
2118 int len;
2119 srtp_policy_t policy;
2120 int headers[3] = { 1, 3, 4 };
2121
2122 /*
2123 * create a session with a single stream using the default srtp
2124 * policy and with the SSRC value 0xcafebabe
2125 */
2126 memset(&policy, 0, sizeof(policy));
2127 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
2128 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
2129 policy.ssrc.type = ssrc_specific;
2130 policy.ssrc.value = 0xcafebabe;
2131 policy.key = test_key_ext_headers;
2132 policy.ekt = NULL;
2133 policy.window_size = 128;
2134 policy.allow_repeat_tx = 0;
2135 policy.enc_xtn_hdr = headers;
2136 policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]);
2137 policy.next = NULL;
2138
2139 status = srtp_create(&srtp_snd, &policy);
2140 if (status)
2141 return status;
2142
2143 /*
2144 * protect plaintext, then compare with ciphertext
2145 */
2146 len = sizeof(srtp_plaintext_ref);
2147 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
2148 if (status || (len != sizeof(srtp_plaintext)))
2149 return srtp_err_status_fail;
2150
2151 debug_print(mod_driver, "ciphertext:\n %s",
2152 srtp_octet_string_hex_string(srtp_plaintext, len));
2153 debug_print(mod_driver, "ciphertext reference:\n %s",
2154 srtp_octet_string_hex_string(srtp_ciphertext, len));
2155
2156 if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
2157 return srtp_err_status_fail;
2158
2159 /*
2160 * create a receiver session context comparable to the one created
2161 * above - we need to do this so that the replay checking doesn't
2162 * complain
2163 */
2164 status = srtp_create(&srtp_recv, &policy);
2165 if (status)
2166 return status;
2167
2168 /*
2169 * unprotect ciphertext, then compare with plaintext
2170 */
2171 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
2172 if (status) {
2173 return status;
2174 } else if (len != sizeof(srtp_plaintext_ref)) {
2175 return srtp_err_status_fail;
2176 }
2177
2178 if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
2179 return srtp_err_status_fail;
2180
2181 status = srtp_dealloc(srtp_snd);
2182 if (status)
2183 return status;
2184
2185 status = srtp_dealloc(srtp_recv);
2186 if (status)
2187 return status;
2188
2189 return srtp_err_status_ok;
2190 }
2191 #endif
2192
2193 /*
2194 * srtp_validate_aes_256() verifies the correctness of libsrtp by comparing
2195 * some computed packets against some pre-computed reference values.
2196 * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy.
2197 */
2198
srtp_validate_aes_256()2199 srtp_err_status_t srtp_validate_aes_256()
2200 {
2201 // clang-format off
2202 unsigned char aes_256_test_key[46] = {
2203 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
2204 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
2205 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
2206 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
2207
2208 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
2209 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
2210 };
2211 uint8_t srtp_plaintext_ref[28] = {
2212 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2213 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
2214 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
2215 0xab, 0xab, 0xab, 0xab
2216 };
2217 uint8_t srtp_plaintext[38] = {
2218 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2219 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
2220 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
2221 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
2222 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
2223 };
2224 uint8_t srtp_ciphertext[38] = {
2225 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
2226 0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17,
2227 0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74,
2228 0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a,
2229 0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b
2230 };
2231 // clang-format on
2232
2233 srtp_t srtp_snd, srtp_recv;
2234 srtp_err_status_t status;
2235 int len;
2236 srtp_policy_t policy;
2237
2238 /*
2239 * create a session with a single stream using the default srtp
2240 * policy and with the SSRC value 0xcafebabe
2241 */
2242 memset(&policy, 0, sizeof(policy));
2243 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
2244 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp);
2245 policy.ssrc.type = ssrc_specific;
2246 policy.ssrc.value = 0xcafebabe;
2247 policy.key = aes_256_test_key;
2248 policy.ekt = NULL;
2249 policy.window_size = 128;
2250 policy.allow_repeat_tx = 0;
2251 policy.next = NULL;
2252
2253 status = srtp_create(&srtp_snd, &policy);
2254 if (status) {
2255 return status;
2256 }
2257
2258 /*
2259 * protect plaintext, then compare with ciphertext
2260 */
2261 len = 28;
2262 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
2263 if (status || (len != 38)) {
2264 return srtp_err_status_fail;
2265 }
2266
2267 debug_print(mod_driver, "ciphertext:\n %s",
2268 octet_string_hex_string(srtp_plaintext, len));
2269 debug_print(mod_driver, "ciphertext reference:\n %s",
2270 octet_string_hex_string(srtp_ciphertext, len));
2271
2272 if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) {
2273 return srtp_err_status_fail;
2274 }
2275
2276 /*
2277 * create a receiver session context comparable to the one created
2278 * above - we need to do this so that the replay checking doesn't
2279 * complain
2280 */
2281 status = srtp_create(&srtp_recv, &policy);
2282 if (status) {
2283 return status;
2284 }
2285
2286 /*
2287 * unprotect ciphertext, then compare with plaintext
2288 */
2289 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
2290 if (status || (len != 28)) {
2291 return status;
2292 }
2293
2294 if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) {
2295 return srtp_err_status_fail;
2296 }
2297
2298 status = srtp_dealloc(srtp_snd);
2299 if (status) {
2300 return status;
2301 }
2302
2303 status = srtp_dealloc(srtp_recv);
2304 if (status) {
2305 return status;
2306 }
2307
2308 return srtp_err_status_ok;
2309 }
2310
srtp_create_big_policy(srtp_policy_t ** list)2311 srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list)
2312 {
2313 extern const srtp_policy_t *policy_array[];
2314 srtp_policy_t *p, *tmp;
2315 int i = 0;
2316 uint32_t ssrc = 0;
2317
2318 /* sanity checking */
2319 if ((list == NULL) || (policy_array[0] == NULL)) {
2320 return srtp_err_status_bad_param;
2321 }
2322
2323 /*
2324 * loop over policy list, mallocing a new list and copying values
2325 * into it (and incrementing the SSRC value as we go along)
2326 */
2327 tmp = NULL;
2328 while (policy_array[i] != NULL) {
2329 p = (srtp_policy_t *)malloc(sizeof(srtp_policy_t));
2330 if (p == NULL) {
2331 return srtp_err_status_bad_param;
2332 }
2333 memcpy(p, policy_array[i], sizeof(srtp_policy_t));
2334 p->ssrc.type = ssrc_specific;
2335 p->ssrc.value = ssrc++;
2336 p->next = tmp;
2337 tmp = p;
2338 i++;
2339 }
2340 *list = p;
2341
2342 return srtp_err_status_ok;
2343 }
2344
srtp_dealloc_big_policy(srtp_policy_t * list)2345 srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list)
2346 {
2347 srtp_policy_t *p, *next;
2348
2349 for (p = list; p != NULL; p = next) {
2350 next = p->next;
2351 free(p);
2352 }
2353
2354 return srtp_err_status_ok;
2355 }
2356
srtp_test_empty_payload()2357 srtp_err_status_t srtp_test_empty_payload()
2358 {
2359 srtp_t srtp_snd, srtp_recv;
2360 srtp_err_status_t status;
2361 int len;
2362 srtp_policy_t policy;
2363 srtp_hdr_t *mesg;
2364
2365 /*
2366 * create a session with a single stream using the default srtp
2367 * policy and with the SSRC value 0xcafebabe
2368 */
2369 memset(&policy, 0, sizeof(policy));
2370 srtp_crypto_policy_set_rtp_default(&policy.rtp);
2371 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
2372 policy.ssrc.type = ssrc_specific;
2373 policy.ssrc.value = 0xcafebabe;
2374 policy.key = test_key;
2375 policy.ekt = NULL;
2376 policy.window_size = 128;
2377 policy.allow_repeat_tx = 0;
2378 policy.next = NULL;
2379
2380 status = srtp_create(&srtp_snd, &policy);
2381 if (status) {
2382 return status;
2383 }
2384
2385 mesg = srtp_create_test_packet(0, policy.ssrc.value, &len);
2386 if (mesg == NULL) {
2387 return srtp_err_status_fail;
2388 }
2389
2390 status = srtp_protect(srtp_snd, mesg, &len);
2391 if (status) {
2392 return status;
2393 } else if (len != 12 + 10) {
2394 return srtp_err_status_fail;
2395 }
2396
2397 /*
2398 * create a receiver session context comparable to the one created
2399 * above - we need to do this so that the replay checking doesn't
2400 * complain
2401 */
2402 status = srtp_create(&srtp_recv, &policy);
2403 if (status) {
2404 return status;
2405 }
2406
2407 /*
2408 * unprotect ciphertext, then compare with plaintext
2409 */
2410 status = srtp_unprotect(srtp_recv, mesg, &len);
2411 if (status) {
2412 return status;
2413 } else if (len != 12) {
2414 return srtp_err_status_fail;
2415 }
2416
2417 status = srtp_dealloc(srtp_snd);
2418 if (status) {
2419 return status;
2420 }
2421
2422 status = srtp_dealloc(srtp_recv);
2423 if (status) {
2424 return status;
2425 }
2426
2427 free(mesg);
2428
2429 return srtp_err_status_ok;
2430 }
2431
2432 #ifdef GCM
srtp_test_empty_payload_gcm()2433 srtp_err_status_t srtp_test_empty_payload_gcm()
2434 {
2435 srtp_t srtp_snd, srtp_recv;
2436 srtp_err_status_t status;
2437 int len;
2438 srtp_policy_t policy;
2439 srtp_hdr_t *mesg;
2440
2441 /*
2442 * create a session with a single stream using the default srtp
2443 * policy and with the SSRC value 0xcafebabe
2444 */
2445 memset(&policy, 0, sizeof(policy));
2446 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
2447 srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
2448 policy.ssrc.type = ssrc_specific;
2449 policy.ssrc.value = 0xcafebabe;
2450 policy.key = test_key;
2451 policy.ekt = NULL;
2452 policy.window_size = 128;
2453 policy.allow_repeat_tx = 0;
2454 policy.next = NULL;
2455
2456 status = srtp_create(&srtp_snd, &policy);
2457 if (status) {
2458 return status;
2459 }
2460
2461 mesg = srtp_create_test_packet(0, policy.ssrc.value, &len);
2462 if (mesg == NULL) {
2463 return srtp_err_status_fail;
2464 }
2465
2466 status = srtp_protect(srtp_snd, mesg, &len);
2467 if (status) {
2468 return status;
2469 } else if (len != 12 + 8) {
2470 return srtp_err_status_fail;
2471 }
2472
2473 /*
2474 * create a receiver session context comparable to the one created
2475 * above - we need to do this so that the replay checking doesn't
2476 * complain
2477 */
2478 status = srtp_create(&srtp_recv, &policy);
2479 if (status) {
2480 return status;
2481 }
2482
2483 /*
2484 * unprotect ciphertext, then compare with plaintext
2485 */
2486 status = srtp_unprotect(srtp_recv, mesg, &len);
2487 if (status) {
2488 return status;
2489 } else if (len != 12) {
2490 return srtp_err_status_fail;
2491 }
2492
2493 status = srtp_dealloc(srtp_snd);
2494 if (status) {
2495 return status;
2496 }
2497
2498 status = srtp_dealloc(srtp_recv);
2499 if (status) {
2500 return status;
2501 }
2502
2503 free(mesg);
2504
2505 return srtp_err_status_ok;
2506 }
2507 #endif // GCM
2508
srtp_test_remove_stream()2509 srtp_err_status_t srtp_test_remove_stream()
2510 {
2511 srtp_err_status_t status;
2512 srtp_policy_t *policy_list, policy;
2513 srtp_t session;
2514 srtp_stream_t stream;
2515
2516 /*
2517 * srtp_get_stream() is a libSRTP internal function that we declare
2518 * here so that we can use it to verify the correct operation of the
2519 * library
2520 */
2521 extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
2522
2523 status = srtp_create_big_policy(&policy_list);
2524 if (status) {
2525 return status;
2526 }
2527
2528 status = srtp_create(&session, policy_list);
2529 if (status) {
2530 return status;
2531 }
2532
2533 /*
2534 * check for false positives by trying to remove a stream that's not
2535 * in the session
2536 */
2537 status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
2538 if (status != srtp_err_status_no_ctx) {
2539 return srtp_err_status_fail;
2540 }
2541
2542 /*
2543 * check for false negatives by removing stream 0x1, then
2544 * searching for streams 0x0 and 0x2
2545 */
2546 status = srtp_remove_stream(session, htonl(0x1));
2547 if (status != srtp_err_status_ok) {
2548 return srtp_err_status_fail;
2549 }
2550 stream = srtp_get_stream(session, htonl(0x0));
2551 if (stream == NULL) {
2552 return srtp_err_status_fail;
2553 }
2554 stream = srtp_get_stream(session, htonl(0x2));
2555 if (stream == NULL) {
2556 return srtp_err_status_fail;
2557 }
2558
2559 status = srtp_dealloc(session);
2560 if (status != srtp_err_status_ok) {
2561 return status;
2562 }
2563
2564 status = srtp_dealloc_big_policy(policy_list);
2565 if (status != srtp_err_status_ok) {
2566 return status;
2567 }
2568
2569 /* Now test adding and removing a single stream */
2570 memset(&policy, 0, sizeof(policy));
2571 srtp_crypto_policy_set_rtp_default(&policy.rtp);
2572 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
2573 policy.ssrc.type = ssrc_specific;
2574 policy.ssrc.value = 0xcafebabe;
2575 policy.key = test_key;
2576 policy.ekt = NULL;
2577 policy.window_size = 128;
2578 policy.allow_repeat_tx = 0;
2579 policy.next = NULL;
2580
2581 status = srtp_create(&session, NULL);
2582 if (status != srtp_err_status_ok) {
2583 return status;
2584 }
2585
2586 status = srtp_add_stream(session, &policy);
2587 if (status != srtp_err_status_ok) {
2588 return status;
2589 }
2590
2591 status = srtp_remove_stream(session, htonl(0xcafebabe));
2592 if (status != srtp_err_status_ok) {
2593 return status;
2594 }
2595
2596 status = srtp_dealloc(session);
2597 if (status != srtp_err_status_ok) {
2598 return status;
2599 }
2600
2601 return srtp_err_status_ok;
2602 }
2603
2604 // clang-format off
2605 unsigned char test_alt_key[46] = {
2606 0xe5, 0x19, 0x6f, 0x01, 0x5e, 0xf1, 0x9b, 0xe1,
2607 0xd7, 0x47, 0xa7, 0x27, 0x07, 0xd7, 0x47, 0x33,
2608 0x01, 0xc2, 0x35, 0x4d, 0x59, 0x6a, 0xf7, 0x84,
2609 0x96, 0x98, 0xeb, 0xaa, 0xac, 0xf6, 0xa1, 0x45,
2610 0xc7, 0x15, 0xe2, 0xea, 0xfe, 0x55, 0x67, 0x96,
2611 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
2612 };
2613 // clang-format on
2614
2615 /*
2616 * srtp_test_update() verifies updating/rekeying exsisting streams.
2617 * As stated in https://tools.ietf.org/html/rfc3711#section-3.3.1
2618 * the value of the ROC must not be reset after a rekey, this test
2619 * atempts to prove that srtp_update does not reset the ROC.
2620 */
2621
srtp_test_update()2622 srtp_err_status_t srtp_test_update()
2623 {
2624 srtp_err_status_t status;
2625 uint32_t ssrc = 0x12121212;
2626 int msg_len_octets = 32;
2627 int protected_msg_len_octets;
2628 srtp_hdr_t *msg;
2629 srtp_t srtp_snd, srtp_recv;
2630 srtp_policy_t policy;
2631
2632 memset(&policy, 0, sizeof(policy));
2633 srtp_crypto_policy_set_rtp_default(&policy.rtp);
2634 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
2635 policy.ekt = NULL;
2636 policy.window_size = 128;
2637 policy.allow_repeat_tx = 0;
2638 policy.next = NULL;
2639 policy.ssrc.type = ssrc_any_outbound;
2640 policy.key = test_key;
2641
2642 /* create a send and recive ctx with defualt profile and test_key */
2643 status = srtp_create(&srtp_recv, &policy);
2644 if (status)
2645 return status;
2646
2647 policy.ssrc.type = ssrc_any_inbound;
2648 status = srtp_create(&srtp_snd, &policy);
2649 if (status)
2650 return status;
2651
2652 /* protect and unprotect two msg's that will cause the ROC to be equal to 1
2653 */
2654 msg = srtp_create_test_packet(msg_len_octets, ssrc,
2655 &protected_msg_len_octets);
2656 if (msg == NULL)
2657 return srtp_err_status_alloc_fail;
2658 msg->seq = htons(65535);
2659
2660 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
2661 if (status)
2662 return srtp_err_status_fail;
2663
2664 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
2665 if (status)
2666 return status;
2667
2668 free(msg);
2669
2670 msg = srtp_create_test_packet(msg_len_octets, ssrc,
2671 &protected_msg_len_octets);
2672 if (msg == NULL)
2673 return srtp_err_status_alloc_fail;
2674 msg->seq = htons(1);
2675
2676 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
2677 if (status)
2678 return srtp_err_status_fail;
2679
2680 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
2681 if (status)
2682 return status;
2683
2684 free(msg);
2685
2686 /* update send ctx with same test_key t verify update works*/
2687 policy.ssrc.type = ssrc_any_outbound;
2688 policy.key = test_key;
2689 status = srtp_update(srtp_snd, &policy);
2690 if (status)
2691 return status;
2692
2693 msg = srtp_create_test_packet(msg_len_octets, ssrc,
2694 &protected_msg_len_octets);
2695 if (msg == NULL)
2696 return srtp_err_status_alloc_fail;
2697 msg->seq = htons(2);
2698
2699 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
2700 if (status)
2701 return srtp_err_status_fail;
2702
2703 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
2704 if (status)
2705 return status;
2706
2707 free(msg);
2708
2709 /* update send ctx to use test_alt_key */
2710 policy.ssrc.type = ssrc_any_outbound;
2711 policy.key = test_alt_key;
2712 status = srtp_update(srtp_snd, &policy);
2713 if (status)
2714 return status;
2715
2716 /* create and protect msg with new key and ROC still equal to 1 */
2717 msg = srtp_create_test_packet(msg_len_octets, ssrc,
2718 &protected_msg_len_octets);
2719 if (msg == NULL)
2720 return srtp_err_status_alloc_fail;
2721 msg->seq = htons(3);
2722
2723 status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
2724 if (status)
2725 return srtp_err_status_fail;
2726
2727 /* verify that recive ctx will fail to unprotect as it still uses test_key
2728 */
2729 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
2730 if (status == srtp_err_status_ok)
2731 return srtp_err_status_fail;
2732
2733 /* create a new recvieve ctx with test_alt_key but since it is new it will
2734 * have ROC equal to 1
2735 * and therefore should fail to unprotected */
2736 {
2737 srtp_t srtp_recv_roc_0;
2738
2739 policy.ssrc.type = ssrc_any_inbound;
2740 policy.key = test_alt_key;
2741 status = srtp_create(&srtp_recv_roc_0, &policy);
2742 if (status)
2743 return status;
2744
2745 status =
2746 srtp_unprotect(srtp_recv_roc_0, msg, &protected_msg_len_octets);
2747 if (status == srtp_err_status_ok)
2748 return srtp_err_status_fail;
2749
2750 status = srtp_dealloc(srtp_recv_roc_0);
2751 if (status)
2752 return status;
2753 }
2754
2755 /* update recive ctx to use test_alt_key */
2756 policy.ssrc.type = ssrc_any_inbound;
2757 policy.key = test_alt_key;
2758 status = srtp_update(srtp_recv, &policy);
2759 if (status)
2760 return status;
2761
2762 /* verify that can still unprotect, therfore key is updated and ROC value is
2763 * preserved */
2764 status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
2765 if (status)
2766 return status;
2767
2768 free(msg);
2769
2770 status = srtp_dealloc(srtp_snd);
2771 if (status)
2772 return status;
2773
2774 status = srtp_dealloc(srtp_recv);
2775 if (status)
2776 return status;
2777
2778 return srtp_err_status_ok;
2779 }
2780
srtp_test_setup_protect_trailer_streams(srtp_t * srtp_send,srtp_t * srtp_send_mki,srtp_t * srtp_send_aes_gcm,srtp_t * srtp_send_aes_gcm_mki)2781 srtp_err_status_t srtp_test_setup_protect_trailer_streams(
2782 srtp_t *srtp_send,
2783 srtp_t *srtp_send_mki,
2784 srtp_t *srtp_send_aes_gcm,
2785 srtp_t *srtp_send_aes_gcm_mki)
2786 {
2787 srtp_err_status_t status;
2788 srtp_policy_t policy;
2789 srtp_policy_t policy_mki;
2790
2791 #ifdef GCM
2792 srtp_policy_t policy_aes_gcm;
2793 srtp_policy_t policy_aes_gcm_mki;
2794 #endif // GCM
2795
2796 memset(&policy, 0, sizeof(policy));
2797 srtp_crypto_policy_set_rtp_default(&policy.rtp);
2798 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
2799 policy.ekt = NULL;
2800 policy.window_size = 128;
2801 policy.allow_repeat_tx = 0;
2802 policy.next = NULL;
2803 policy.ssrc.type = ssrc_any_outbound;
2804 policy.key = test_key;
2805
2806 memset(&policy_mki, 0, sizeof(policy_mki));
2807 srtp_crypto_policy_set_rtp_default(&policy_mki.rtp);
2808 srtp_crypto_policy_set_rtcp_default(&policy_mki.rtcp);
2809 policy_mki.ekt = NULL;
2810 policy_mki.window_size = 128;
2811 policy_mki.allow_repeat_tx = 0;
2812 policy_mki.next = NULL;
2813 policy_mki.ssrc.type = ssrc_any_outbound;
2814 policy_mki.key = NULL;
2815 policy_mki.keys = test_keys;
2816 policy_mki.num_master_keys = 2;
2817
2818 #ifdef GCM
2819 memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm));
2820 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp);
2821 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp);
2822 policy_aes_gcm.ekt = NULL;
2823 policy_aes_gcm.window_size = 128;
2824 policy_aes_gcm.allow_repeat_tx = 0;
2825 policy_aes_gcm.next = NULL;
2826 policy_aes_gcm.ssrc.type = ssrc_any_outbound;
2827 policy_aes_gcm.key = test_key;
2828
2829 memset(&policy_aes_gcm_mki, 0, sizeof(policy_aes_gcm_mki));
2830 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtp);
2831 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtcp);
2832 policy_aes_gcm_mki.ekt = NULL;
2833 policy_aes_gcm_mki.window_size = 128;
2834 policy_aes_gcm_mki.allow_repeat_tx = 0;
2835 policy_aes_gcm_mki.next = NULL;
2836 policy_aes_gcm_mki.ssrc.type = ssrc_any_outbound;
2837 policy_aes_gcm_mki.key = NULL;
2838 policy_aes_gcm_mki.keys = test_keys;
2839 policy_aes_gcm_mki.num_master_keys = 2;
2840 #endif // GCM
2841
2842 /* create a send ctx with defualt profile and test_key */
2843 status = srtp_create(srtp_send, &policy);
2844 if (status)
2845 return status;
2846
2847 status = srtp_create(srtp_send_mki, &policy_mki);
2848 if (status)
2849 return status;
2850
2851 #ifdef GCM
2852 status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm);
2853 if (status)
2854 return status;
2855
2856 status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki);
2857 if (status)
2858 return status;
2859 #endif // GCM
2860
2861 return srtp_err_status_ok;
2862 }
2863
srtp_test_protect_trailer_length()2864 srtp_err_status_t srtp_test_protect_trailer_length()
2865 {
2866 srtp_t srtp_send;
2867 srtp_t srtp_send_mki;
2868 srtp_t srtp_send_aes_gcm;
2869 srtp_t srtp_send_aes_gcm_mki;
2870 uint32_t length = 0;
2871 srtp_err_status_t status;
2872
2873 srtp_test_setup_protect_trailer_streams(
2874 &srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki);
2875
2876 status = srtp_get_protect_trailer_length(srtp_send, 0, 0, &length);
2877 if (status)
2878 return status;
2879
2880 /* TAG Length: 10 bytes */
2881 if (length != 10)
2882 return srtp_err_status_fail;
2883
2884 status = srtp_get_protect_trailer_length(srtp_send_mki, 1, 1, &length);
2885 if (status)
2886 return status;
2887
2888 /* TAG Length: 10 bytes + MKI length: 4 bytes*/
2889 if (length != 14)
2890 return srtp_err_status_fail;
2891
2892 #ifdef GCM
2893 status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
2894 if (status)
2895 return status;
2896
2897 /* TAG Length: 16 bytes */
2898 if (length != 16)
2899 return srtp_err_status_fail;
2900
2901 status =
2902 srtp_get_protect_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length);
2903 if (status)
2904 return status;
2905
2906 /* TAG Length: 16 bytes + MKI length: 4 bytes*/
2907 if (length != 20)
2908 return srtp_err_status_fail;
2909 #endif // GCM
2910
2911 srtp_dealloc(srtp_send);
2912 srtp_dealloc(srtp_send_mki);
2913 #ifdef GCM
2914 srtp_dealloc(srtp_send_aes_gcm);
2915 srtp_dealloc(srtp_send_aes_gcm_mki);
2916 #endif
2917
2918 return srtp_err_status_ok;
2919 }
2920
srtp_test_protect_rtcp_trailer_length()2921 srtp_err_status_t srtp_test_protect_rtcp_trailer_length()
2922 {
2923 srtp_t srtp_send;
2924 srtp_t srtp_send_mki;
2925 srtp_t srtp_send_aes_gcm;
2926 srtp_t srtp_send_aes_gcm_mki;
2927 uint32_t length = 0;
2928 srtp_err_status_t status;
2929
2930 srtp_test_setup_protect_trailer_streams(
2931 &srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki);
2932
2933 status = srtp_get_protect_rtcp_trailer_length(srtp_send, 0, 0, &length);
2934 if (status)
2935 return status;
2936
2937 /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes*/
2938 if (length != 14)
2939 return srtp_err_status_fail;
2940
2941 status = srtp_get_protect_rtcp_trailer_length(srtp_send_mki, 1, 1, &length);
2942 if (status)
2943 return status;
2944
2945 /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
2946 if (length != 18)
2947 return srtp_err_status_fail;
2948
2949 #ifdef GCM
2950 status =
2951 srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
2952 if (status)
2953 return status;
2954
2955 /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes*/
2956 if (length != 20)
2957 return srtp_err_status_fail;
2958
2959 status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm_mki, 1, 1,
2960 &length);
2961 if (status)
2962 return status;
2963
2964 /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
2965 if (length != 24)
2966 return srtp_err_status_fail;
2967 #endif // GCM
2968
2969 srtp_dealloc(srtp_send);
2970 srtp_dealloc(srtp_send_mki);
2971 #ifdef GCM
2972 srtp_dealloc(srtp_send_aes_gcm);
2973 srtp_dealloc(srtp_send_aes_gcm_mki);
2974 #endif
2975
2976 return srtp_err_status_ok;
2977 }
2978
srtp_test_get_roc()2979 srtp_err_status_t srtp_test_get_roc()
2980 {
2981 srtp_err_status_t status;
2982 srtp_policy_t policy;
2983 srtp_t session;
2984 srtp_hdr_t *pkt;
2985 uint32_t i;
2986 uint32_t roc;
2987 uint32_t ts;
2988 uint16_t seq;
2989
2990 int msg_len_octets = 32;
2991 int protected_msg_len_octets;
2992
2993 memset(&policy, 0, sizeof(policy));
2994 srtp_crypto_policy_set_rtp_default(&policy.rtp);
2995 srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
2996 policy.ssrc.type = ssrc_specific;
2997 policy.ssrc.value = 0xcafebabe;
2998 policy.key = test_key;
2999 policy.window_size = 128;
3000
3001 /* Create a sender session */
3002 status = srtp_create(&session, &policy);
3003 if (status) {
3004 return status;
3005 }
3006
3007 /* Set start sequence so we roll over */
3008 seq = 65535;
3009 ts = 0;
3010
3011 for (i = 0; i < 2; i++) {
3012 pkt = srtp_create_test_packet_extended(msg_len_octets,
3013 policy.ssrc.value, seq, ts,
3014 &protected_msg_len_octets);
3015 status = srtp_protect(session, pkt, &protected_msg_len_octets);
3016 free(pkt);
3017 if (status) {
3018 return status;
3019 }
3020
3021 status = srtp_get_stream_roc(session, policy.ssrc.value, &roc);
3022 if (status) {
3023 return status;
3024 }
3025
3026 if (roc != i) {
3027 return srtp_err_status_fail;
3028 }
3029
3030 seq++;
3031 ts++;
3032 }
3033
3034 /* Cleanup */
3035 status = srtp_dealloc(session);
3036 if (status) {
3037 return status;
3038 }
3039
3040 return srtp_err_status_ok;
3041 }
3042
test_set_receiver_roc(uint32_t packets,uint32_t roc_to_set)3043 static srtp_err_status_t test_set_receiver_roc(uint32_t packets,
3044 uint32_t roc_to_set)
3045 {
3046 srtp_err_status_t status;
3047
3048 srtp_policy_t sender_policy;
3049 srtp_t sender_session;
3050
3051 srtp_policy_t receiver_policy;
3052 srtp_t receiver_session;
3053
3054 srtp_hdr_t *pkt_1;
3055 unsigned char *recv_pkt_1;
3056
3057 srtp_hdr_t *pkt_2;
3058 unsigned char *recv_pkt_2;
3059
3060 uint32_t i;
3061 uint32_t ts;
3062 uint16_t seq;
3063
3064 int msg_len_octets = 32;
3065 int protected_msg_len_octets_1;
3066 int protected_msg_len_octets_2;
3067
3068 /* Create sender */
3069 memset(&sender_policy, 0, sizeof(sender_policy));
3070 srtp_crypto_policy_set_rtp_default(&sender_policy.rtp);
3071 srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp);
3072 sender_policy.ssrc.type = ssrc_specific;
3073 sender_policy.ssrc.value = 0xcafebabe;
3074 sender_policy.key = test_key;
3075 sender_policy.window_size = 128;
3076
3077 status = srtp_create(&sender_session, &sender_policy);
3078 if (status) {
3079 return status;
3080 }
3081
3082 /* Create and protect packets */
3083 seq = 0;
3084 ts = 0;
3085 for (i = 0; i < packets; i++) {
3086 srtp_hdr_t *tmp_pkt;
3087 int tmp_len;
3088
3089 tmp_pkt = srtp_create_test_packet_extended(
3090 msg_len_octets, sender_policy.ssrc.value, seq, ts, &tmp_len);
3091 status = srtp_protect(sender_session, tmp_pkt, &tmp_len);
3092 free(tmp_pkt);
3093 if (status) {
3094 return status;
3095 }
3096
3097 seq++;
3098 ts++;
3099 }
3100
3101 /* Create the first packet to decrypt and test for ROC change */
3102 pkt_1 = srtp_create_test_packet_extended(msg_len_octets,
3103 sender_policy.ssrc.value, seq, ts,
3104 &protected_msg_len_octets_1);
3105 status = srtp_protect(sender_session, pkt_1, &protected_msg_len_octets_1);
3106 if (status) {
3107 return status;
3108 }
3109
3110 /* Create the second packet to decrypt and test for ROC change */
3111 seq++;
3112 ts++;
3113 pkt_2 = srtp_create_test_packet_extended(msg_len_octets,
3114 sender_policy.ssrc.value, seq, ts,
3115 &protected_msg_len_octets_2);
3116 status = srtp_protect(sender_session, pkt_2, &protected_msg_len_octets_2);
3117 if (status) {
3118 return status;
3119 }
3120
3121 /* Create the receiver */
3122 memset(&receiver_policy, 0, sizeof(receiver_policy));
3123 srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp);
3124 srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp);
3125 receiver_policy.ssrc.type = ssrc_specific;
3126 receiver_policy.ssrc.value = sender_policy.ssrc.value;
3127 receiver_policy.key = test_key;
3128 receiver_policy.window_size = 128;
3129
3130 status = srtp_create(&receiver_session, &receiver_policy);
3131 if (status) {
3132 return status;
3133 }
3134
3135 /* Make a copy of the first sent protected packet */
3136 recv_pkt_1 = malloc(protected_msg_len_octets_1);
3137 if (recv_pkt_1 == NULL) {
3138 return srtp_err_status_fail;
3139 }
3140 memcpy(recv_pkt_1, pkt_1, protected_msg_len_octets_1);
3141
3142 /* Make a copy of the second sent protected packet */
3143 recv_pkt_2 = malloc(protected_msg_len_octets_2);
3144 if (recv_pkt_2 == NULL) {
3145 return srtp_err_status_fail;
3146 }
3147 memcpy(recv_pkt_2, pkt_2, protected_msg_len_octets_2);
3148
3149 /* Set the ROC to the wanted value */
3150 status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value,
3151 roc_to_set);
3152 if (status) {
3153 return status;
3154 }
3155
3156 /* Unprotect the first packet */
3157 status = srtp_unprotect(receiver_session, recv_pkt_1,
3158 &protected_msg_len_octets_1);
3159 if (status) {
3160 return status;
3161 }
3162
3163 /* Unprotect the second packet */
3164 status = srtp_unprotect(receiver_session, recv_pkt_2,
3165 &protected_msg_len_octets_2);
3166 if (status) {
3167 return status;
3168 }
3169
3170 /* Cleanup */
3171 status = srtp_dealloc(sender_session);
3172 if (status) {
3173 return status;
3174 }
3175
3176 status = srtp_dealloc(receiver_session);
3177 if (status) {
3178 return status;
3179 }
3180
3181 free(pkt_1);
3182 free(recv_pkt_1);
3183 free(pkt_2);
3184 free(recv_pkt_2);
3185
3186 return srtp_err_status_ok;
3187 }
3188
test_set_sender_roc(uint16_t seq,uint32_t roc_to_set)3189 static srtp_err_status_t test_set_sender_roc(uint16_t seq, uint32_t roc_to_set)
3190 {
3191 srtp_err_status_t status;
3192
3193 srtp_policy_t sender_policy;
3194 srtp_t sender_session;
3195
3196 srtp_policy_t receiver_policy;
3197 srtp_t receiver_session;
3198
3199 srtp_hdr_t *pkt;
3200 unsigned char *recv_pkt;
3201
3202 uint32_t ts;
3203
3204 int msg_len_octets = 32;
3205 int protected_msg_len_octets;
3206
3207 /* Create sender */
3208 memset(&sender_policy, 0, sizeof(sender_policy));
3209 srtp_crypto_policy_set_rtp_default(&sender_policy.rtp);
3210 srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp);
3211 sender_policy.ssrc.type = ssrc_specific;
3212 sender_policy.ssrc.value = 0xcafebabe;
3213 sender_policy.key = test_key;
3214 sender_policy.window_size = 128;
3215
3216 status = srtp_create(&sender_session, &sender_policy);
3217 if (status) {
3218 return status;
3219 }
3220
3221 /* Set the ROC before encrypting the first packet */
3222 status = srtp_set_stream_roc(sender_session, sender_policy.ssrc.value,
3223 roc_to_set);
3224 if (status != srtp_err_status_ok) {
3225 return status;
3226 }
3227
3228 /* Create the packet to decrypt */
3229 ts = 0;
3230 pkt = srtp_create_test_packet_extended(msg_len_octets,
3231 sender_policy.ssrc.value, seq, ts,
3232 &protected_msg_len_octets);
3233 status = srtp_protect(sender_session, pkt, &protected_msg_len_octets);
3234 if (status) {
3235 return status;
3236 }
3237
3238 /* Create the receiver */
3239 memset(&receiver_policy, 0, sizeof(receiver_policy));
3240 srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp);
3241 srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp);
3242 receiver_policy.ssrc.type = ssrc_specific;
3243 receiver_policy.ssrc.value = sender_policy.ssrc.value;
3244 receiver_policy.key = test_key;
3245 receiver_policy.window_size = 128;
3246
3247 status = srtp_create(&receiver_session, &receiver_policy);
3248 if (status) {
3249 return status;
3250 }
3251
3252 /* Make a copy of the sent protected packet */
3253 recv_pkt = malloc(protected_msg_len_octets);
3254 if (recv_pkt == NULL) {
3255 return srtp_err_status_fail;
3256 }
3257 memcpy(recv_pkt, pkt, protected_msg_len_octets);
3258
3259 /* Set the ROC to the wanted value */
3260 status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value,
3261 roc_to_set);
3262 if (status) {
3263 return status;
3264 }
3265
3266 status =
3267 srtp_unprotect(receiver_session, recv_pkt, &protected_msg_len_octets);
3268 if (status) {
3269 return status;
3270 }
3271
3272 /* Cleanup */
3273 status = srtp_dealloc(sender_session);
3274 if (status) {
3275 return status;
3276 }
3277
3278 status = srtp_dealloc(receiver_session);
3279 if (status) {
3280 return status;
3281 }
3282
3283 free(pkt);
3284 free(recv_pkt);
3285
3286 return srtp_err_status_ok;
3287 }
3288
srtp_test_set_receiver_roc()3289 srtp_err_status_t srtp_test_set_receiver_roc()
3290 {
3291 int packets;
3292 uint32_t roc;
3293 srtp_err_status_t status;
3294
3295 /* First test does not rollover */
3296 packets = 1;
3297 roc = 0;
3298
3299 status = test_set_receiver_roc(packets - 1, roc);
3300 if (status) {
3301 return status;
3302 }
3303
3304 status = test_set_receiver_roc(packets, roc);
3305 if (status) {
3306 return status;
3307 }
3308
3309 status = test_set_receiver_roc(packets + 1, roc);
3310 if (status) {
3311 return status;
3312 }
3313
3314 status = test_set_receiver_roc(packets + 60000, roc);
3315 if (status) {
3316 return status;
3317 }
3318
3319 /* Second test should rollover */
3320 packets = 65535;
3321 roc = 0;
3322
3323 status = test_set_receiver_roc(packets - 1, roc);
3324 if (status) {
3325 return status;
3326 }
3327
3328 status = test_set_receiver_roc(packets, roc);
3329 if (status) {
3330 return status;
3331 }
3332
3333 /* Now the rollover counter should be 1 */
3334 roc = 1;
3335 status = test_set_receiver_roc(packets + 1, roc);
3336 if (status) {
3337 return status;
3338 }
3339
3340 status = test_set_receiver_roc(packets + 60000, roc);
3341 if (status) {
3342 return status;
3343 }
3344
3345 return srtp_err_status_ok;
3346 }
3347
srtp_test_set_sender_roc()3348 srtp_err_status_t srtp_test_set_sender_roc()
3349 {
3350 uint32_t roc;
3351 uint16_t seq;
3352 srtp_err_status_t status;
3353
3354 seq = 43210;
3355 roc = 0;
3356 status = test_set_sender_roc(seq, roc);
3357 if (status) {
3358 return status;
3359 }
3360
3361 roc = 65535;
3362 status = test_set_sender_roc(seq, roc);
3363 if (status) {
3364 return status;
3365 }
3366
3367 roc = 0xffff;
3368 status = test_set_sender_roc(seq, roc);
3369 if (status) {
3370 return status;
3371 }
3372
3373 roc = 0xffff00;
3374 status = test_set_sender_roc(seq, roc);
3375 if (status) {
3376 return status;
3377 }
3378
3379 roc = 0xfffffff0;
3380 status = test_set_sender_roc(seq, roc);
3381 if (status) {
3382 return status;
3383 }
3384
3385 return srtp_err_status_ok;
3386 }
3387
3388 /*
3389 * srtp policy definitions - these definitions are used above
3390 */
3391
3392 // clang-format off
3393 unsigned char test_key[46] = {
3394 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
3395 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
3396 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
3397 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
3398 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
3399 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
3400 };
3401
3402 unsigned char test_key_2[46] = {
3403 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
3404 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
3405 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
3406 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
3407 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
3408 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
3409 };
3410
3411 unsigned char test_mki_id[TEST_MKI_ID_SIZE] = {
3412 0xe1, 0xf9, 0x7a, 0x0d
3413 };
3414
3415 unsigned char test_mki_id_2[TEST_MKI_ID_SIZE] = {
3416 0xf3, 0xa1, 0x46, 0x71
3417 };
3418 // clang-format on
3419
3420 const srtp_policy_t default_policy = {
3421 { ssrc_any_outbound, 0 }, /* SSRC */
3422 {
3423 /* SRTP policy */
3424 SRTP_AES_ICM_128, /* cipher type */
3425 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
3426 SRTP_HMAC_SHA1, /* authentication func type */
3427 16, /* auth key length in octets */
3428 10, /* auth tag length in octets */
3429 sec_serv_conf_and_auth /* security services flag */
3430 },
3431 {
3432 /* SRTCP policy */
3433 SRTP_AES_ICM_128, /* cipher type */
3434 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
3435 SRTP_HMAC_SHA1, /* authentication func type */
3436 16, /* auth key length in octets */
3437 10, /* auth tag length in octets */
3438 sec_serv_conf_and_auth /* security services flag */
3439 },
3440 NULL,
3441 (srtp_master_key_t **)test_keys,
3442 2, /* indicates the number of Master keys */
3443 NULL, /* indicates that EKT is not in use */
3444 128, /* replay window size */
3445 0, /* retransmission not allowed */
3446 NULL, /* no encrypted extension headers */
3447 0, /* list of encrypted extension headers is empty */
3448 NULL
3449 };
3450
3451 const srtp_policy_t aes_only_policy = {
3452 { ssrc_any_outbound, 0 }, /* SSRC */
3453 {
3454 SRTP_AES_ICM_128, /* cipher type */
3455 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
3456 SRTP_NULL_AUTH, /* authentication func type */
3457 0, /* auth key length in octets */
3458 0, /* auth tag length in octets */
3459 sec_serv_conf /* security services flag */
3460 },
3461 {
3462 SRTP_AES_ICM_128, /* cipher type */
3463 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
3464 SRTP_NULL_AUTH, /* authentication func type */
3465 0, /* auth key length in octets */
3466 0, /* auth tag length in octets */
3467 sec_serv_conf /* security services flag */
3468 },
3469 NULL,
3470 (srtp_master_key_t **)test_keys,
3471 2, /* indicates the number of Master keys */
3472 NULL, /* indicates that EKT is not in use */
3473 128, /* replay window size */
3474 0, /* retransmission not allowed */
3475 NULL, /* no encrypted extension headers */
3476 0, /* list of encrypted extension headers is empty */
3477 NULL
3478 };
3479
3480 const srtp_policy_t hmac_only_policy = {
3481 { ssrc_any_outbound, 0 }, /* SSRC */
3482 {
3483 SRTP_NULL_CIPHER, /* cipher type */
3484 0, /* cipher key length in octets */
3485 SRTP_HMAC_SHA1, /* authentication func type */
3486 20, /* auth key length in octets */
3487 4, /* auth tag length in octets */
3488 sec_serv_auth /* security services flag */
3489 },
3490 {
3491 SRTP_NULL_CIPHER, /* cipher type */
3492 0, /* cipher key length in octets */
3493 SRTP_HMAC_SHA1, /* authentication func type */
3494 20, /* auth key length in octets */
3495 4, /* auth tag length in octets */
3496 sec_serv_auth /* security services flag */
3497 },
3498 NULL,
3499 (srtp_master_key_t **)test_keys,
3500 2, /* Number of Master keys associated with the policy */
3501 NULL, /* indicates that EKT is not in use */
3502 128, /* replay window size */
3503 0, /* retransmission not allowed */
3504 NULL, /* no encrypted extension headers */
3505 0, /* list of encrypted extension headers is empty */
3506 NULL
3507 };
3508
3509 #ifdef GCM
3510 const srtp_policy_t aes128_gcm_8_policy = {
3511 { ssrc_any_outbound, 0 }, /* SSRC */
3512 {
3513 /* SRTP policy */
3514 SRTP_AES_GCM_128, /* cipher type */
3515 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
3516 SRTP_NULL_AUTH, /* authentication func type */
3517 0, /* auth key length in octets */
3518 8, /* auth tag length in octets */
3519 sec_serv_conf_and_auth /* security services flag */
3520 },
3521 {
3522 /* SRTCP policy */
3523 SRTP_AES_GCM_128, /* cipher type */
3524 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
3525 SRTP_NULL_AUTH, /* authentication func type */
3526 0, /* auth key length in octets */
3527 8, /* auth tag length in octets */
3528 sec_serv_conf_and_auth /* security services flag */
3529 },
3530 NULL,
3531 (srtp_master_key_t **)test_keys,
3532 2, /* indicates the number of Master keys */
3533 NULL, /* indicates that EKT is not in use */
3534 128, /* replay window size */
3535 0, /* retransmission not allowed */
3536 NULL, /* no encrypted extension headers */
3537 0, /* list of encrypted extension headers is empty */
3538 NULL
3539 };
3540
3541 const srtp_policy_t aes128_gcm_8_cauth_policy = {
3542 { ssrc_any_outbound, 0 }, /* SSRC */
3543 {
3544 /* SRTP policy */
3545 SRTP_AES_GCM_128, /* cipher type */
3546 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
3547 SRTP_NULL_AUTH, /* authentication func type */
3548 0, /* auth key length in octets */
3549 8, /* auth tag length in octets */
3550 sec_serv_conf_and_auth /* security services flag */
3551 },
3552 {
3553 /* SRTCP policy */
3554 SRTP_AES_GCM_128, /* cipher type */
3555 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
3556 SRTP_NULL_AUTH, /* authentication func type */
3557 0, /* auth key length in octets */
3558 8, /* auth tag length in octets */
3559 sec_serv_auth /* security services flag */
3560 },
3561 NULL,
3562 (srtp_master_key_t **)test_keys,
3563 2, /* indicates the number of Master keys */
3564 NULL, /* indicates that EKT is not in use */
3565 128, /* replay window size */
3566 0, /* retransmission not allowed */
3567 NULL, /* no encrypted extension headers */
3568 0, /* list of encrypted extension headers is empty */
3569 NULL
3570 };
3571
3572 const srtp_policy_t aes256_gcm_8_policy = {
3573 { ssrc_any_outbound, 0 }, /* SSRC */
3574 {
3575 /* SRTP policy */
3576 SRTP_AES_GCM_256, /* cipher type */
3577 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
3578 SRTP_NULL_AUTH, /* authentication func type */
3579 0, /* auth key length in octets */
3580 8, /* auth tag length in octets */
3581 sec_serv_conf_and_auth /* security services flag */
3582 },
3583 {
3584 /* SRTCP policy */
3585 SRTP_AES_GCM_256, /* cipher type */
3586 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
3587 SRTP_NULL_AUTH, /* authentication func type */
3588 0, /* auth key length in octets */
3589 8, /* auth tag length in octets */
3590 sec_serv_conf_and_auth /* security services flag */
3591 },
3592 NULL,
3593 (srtp_master_key_t **)test_keys,
3594 2, /* indicates the number of Master keys */
3595 NULL, /* indicates that EKT is not in use */
3596 128, /* replay window size */
3597 0, /* retransmission not allowed */
3598 NULL, /* no encrypted extension headers */
3599 0, /* list of encrypted extension headers is empty */
3600 NULL
3601 };
3602
3603 const srtp_policy_t aes256_gcm_8_cauth_policy = {
3604 { ssrc_any_outbound, 0 }, /* SSRC */
3605 {
3606 /* SRTP policy */
3607 SRTP_AES_GCM_256, /* cipher type */
3608 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
3609 SRTP_NULL_AUTH, /* authentication func type */
3610 0, /* auth key length in octets */
3611 8, /* auth tag length in octets */
3612 sec_serv_conf_and_auth /* security services flag */
3613 },
3614 {
3615 /* SRTCP policy */
3616 SRTP_AES_GCM_256, /* cipher type */
3617 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
3618 SRTP_NULL_AUTH, /* authentication func type */
3619 0, /* auth key length in octets */
3620 8, /* auth tag length in octets */
3621 sec_serv_auth /* security services flag */
3622 },
3623 NULL,
3624 (srtp_master_key_t **)test_keys,
3625 2, /* indicates the number of Master keys */
3626 NULL, /* indicates that EKT is not in use */
3627 128, /* replay window size */
3628 0, /* retransmission not allowed */
3629 NULL, /* no encrypted extension headers */
3630 0, /* list of encrypted extension headers is empty */
3631 NULL
3632 };
3633 #endif
3634
3635 const srtp_policy_t null_policy = {
3636 { ssrc_any_outbound, 0 }, /* SSRC */
3637 {
3638 SRTP_NULL_CIPHER, /* cipher type */
3639 0, /* cipher key length in octets */
3640 SRTP_NULL_AUTH, /* authentication func type */
3641 0, /* auth key length in octets */
3642 0, /* auth tag length in octets */
3643 sec_serv_none /* security services flag */
3644 },
3645 {
3646 SRTP_NULL_CIPHER, /* cipher type */
3647 0, /* cipher key length in octets */
3648 SRTP_NULL_AUTH, /* authentication func type */
3649 0, /* auth key length in octets */
3650 0, /* auth tag length in octets */
3651 sec_serv_none /* security services flag */
3652 },
3653 NULL,
3654 (srtp_master_key_t **)test_keys,
3655 2, /* indicates the number of Master keys */
3656 NULL, /* indicates that EKT is not in use */
3657 128, /* replay window size */
3658 0, /* retransmission not allowed */
3659 NULL, /* no encrypted extension headers */
3660 0, /* list of encrypted extension headers is empty */
3661 NULL
3662 };
3663
3664 // clang-format off
3665 unsigned char test_256_key[46] = {
3666 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
3667 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
3668 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
3669 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
3670
3671 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
3672 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
3673 };
3674
3675 unsigned char test_256_key_2[46] = {
3676 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
3677 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
3678 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
3679 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
3680 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
3681 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
3682 };
3683
3684 srtp_master_key_t master_256_key_1 = {
3685 test_256_key,
3686 test_mki_id,
3687 TEST_MKI_ID_SIZE
3688 };
3689
3690 srtp_master_key_t master_256_key_2 = {
3691 test_256_key_2,
3692 test_mki_id_2,
3693 TEST_MKI_ID_SIZE
3694 };
3695
3696 srtp_master_key_t *test_256_keys[2] = {
3697 &master_key_1,
3698 &master_key_2
3699 };
3700 // clang-format on
3701
3702 const srtp_policy_t aes_256_hmac_policy = {
3703 { ssrc_any_outbound, 0 }, /* SSRC */
3704 {
3705 /* SRTP policy */
3706 SRTP_AES_ICM_256, /* cipher type */
3707 SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
3708 SRTP_HMAC_SHA1, /* authentication func type */
3709 20, /* auth key length in octets */
3710 10, /* auth tag length in octets */
3711 sec_serv_conf_and_auth /* security services flag */
3712 },
3713 {
3714 /* SRTCP policy */
3715 SRTP_AES_ICM_256, /* cipher type */
3716 SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
3717 SRTP_HMAC_SHA1, /* authentication func type */
3718 20, /* auth key length in octets */
3719 10, /* auth tag length in octets */
3720 sec_serv_conf_and_auth /* security services flag */
3721 },
3722 NULL,
3723 (srtp_master_key_t **)test_256_keys,
3724 2, /* indicates the number of Master keys */
3725 NULL, /* indicates that EKT is not in use */
3726 128, /* replay window size */
3727 0, /* retransmission not allowed */
3728 NULL, /* no encrypted extension headers */
3729 0, /* list of encrypted extension headers is empty */
3730 NULL
3731 };
3732
3733 // clang-format off
3734 uint8_t ekt_test_key[16] = {
3735 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca,
3736 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b
3737 };
3738 // clang-format on
3739
3740 #include "ekt.h"
3741
3742 // clang-format off
3743 srtp_ekt_policy_ctx_t ekt_test_policy = {
3744 0xa5a5, /* SPI */
3745 SRTP_EKT_CIPHER_AES_128_ECB,
3746 ekt_test_key,
3747 NULL
3748 };
3749 // clang-format on
3750
3751 const srtp_policy_t hmac_only_with_ekt_policy = {
3752 { ssrc_any_outbound, 0 }, /* SSRC */
3753 {
3754 SRTP_NULL_CIPHER, /* cipher type */
3755 0, /* cipher key length in octets */
3756 SRTP_HMAC_SHA1, /* authentication func type */
3757 20, /* auth key length in octets */
3758 4, /* auth tag length in octets */
3759 sec_serv_auth /* security services flag */
3760 },
3761 {
3762 SRTP_NULL_CIPHER, /* cipher type */
3763 0, /* cipher key length in octets */
3764 SRTP_HMAC_SHA1, /* authentication func type */
3765 20, /* auth key length in octets */
3766 4, /* auth tag length in octets */
3767 sec_serv_auth /* security services flag */
3768 },
3769 NULL,
3770 (srtp_master_key_t **)test_keys,
3771 2, /* indicates the number of Master keys */
3772 &ekt_test_policy, /* indicates that EKT is not in use */
3773 128, /* replay window size */
3774 0, /* retransmission not allowed */
3775 NULL, /* no encrypted extension headers */
3776 0, /* list of encrypted extension headers is empty */
3777 NULL
3778 };
3779
3780 /*
3781 * an array of pointers to the policies listed above
3782 *
3783 * This array is used to test various aspects of libSRTP for
3784 * different cryptographic policies. The order of the elements
3785 * matters - the timing test generates output that can be used
3786 * in a plot (see the gnuplot script file 'timing'). If you
3787 * add to this list, you should do it at the end.
3788 */
3789
3790 // clang-format off
3791 const srtp_policy_t *policy_array[] = {
3792 &hmac_only_policy,
3793 &aes_only_policy,
3794 &default_policy,
3795 #ifdef GCM
3796 &aes128_gcm_8_policy,
3797 &aes128_gcm_8_cauth_policy,
3798 &aes256_gcm_8_policy,
3799 &aes256_gcm_8_cauth_policy,
3800 #endif
3801 &null_policy,
3802 &aes_256_hmac_policy,
3803 &hmac_only_with_ekt_policy,
3804 NULL
3805 };
3806 // clang-format on
3807
3808 const srtp_policy_t wildcard_policy = {
3809 { ssrc_any_outbound, 0 }, /* SSRC */
3810 {
3811 /* SRTP policy */
3812 SRTP_AES_ICM_128, /* cipher type */
3813 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
3814 SRTP_HMAC_SHA1, /* authentication func type */
3815 16, /* auth key length in octets */
3816 10, /* auth tag length in octets */
3817 sec_serv_conf_and_auth /* security services flag */
3818 },
3819 {
3820 /* SRTCP policy */
3821 SRTP_AES_ICM_128, /* cipher type */
3822 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
3823 SRTP_HMAC_SHA1, /* authentication func type */
3824 16, /* auth key length in octets */
3825 10, /* auth tag length in octets */
3826 sec_serv_conf_and_auth /* security services flag */
3827 },
3828 test_key,
3829 NULL,
3830 0,
3831 NULL,
3832 128, /* replay window size */
3833 0, /* retransmission not allowed */
3834 NULL, /* no encrypted extension headers */
3835 0, /* list of encrypted extension headers is empty */
3836 NULL
3837 };
3838