Commit 10ee356e authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Initial support for Secure Real-Time Protocol (RFC3711) - refs #321

Uses libgcrypt, as we have it in our deps/contrib already for GnuTLS.

This could be used in both "UDP"[1] access and access output plugins,
though they should really be called "RTP" instead nowadays.

Done:
 - AES(-128) Counter Mode key derivation and RTP en-/decryption
 - test vectors for AES-CM
 - NULL cipher (with the *_UNENCRYPTED flags) - untested

To do (missing mandatory features):
 - RTCP en-/decryption
 - HMAC-SHA1 authentication
 - replay attack protection

Also to probably do:
 - integrate with udp access and access output plugins
 - integrate with RTSP server (err, I won't do that myself)
 - support for Transform Carrying ROC for SRTP (RFC4771)
   so we can use it easily for multicast streaming
parent 066e58dd
...@@ -5235,6 +5235,9 @@ AS_IF([test "${enable_gnutls}" != "no"], [ ...@@ -5235,6 +5235,9 @@ AS_IF([test "${enable_gnutls}" != "no"], [
]) ])
]) ])
AM_PATH_LIBGCRYPT([1:1.1.94], [have_libgcrypt="yes"], [have_libgcrypt="no"])
AM_CONDITIONAL([HAVE_LIBGCRYPT], [test "${have_libgcrypt}" = "yes"])
dnl dnl
dnl Endianness check, AC_C_BIGENDIAN doesn't work if we are cross-compiling dnl Endianness check, AC_C_BIGENDIAN doesn't work if we are cross-compiling
...@@ -5773,6 +5776,7 @@ AC_CONFIG_FILES([ ...@@ -5773,6 +5776,7 @@ AC_CONFIG_FILES([
ipkg/Makefile ipkg/Makefile
libs/Makefile libs/Makefile
libs/loader/Makefile libs/loader/Makefile
libs/srtp/Makefile
modules/Makefile modules/Makefile
mozilla/Makefile mozilla/Makefile
m4/Makefile m4/Makefile
......
SUBDIRS = loader SUBDIRS = loader srtp
# Secure RTP with libgcrypt
# Copyright (C) 2007 Rémi Denis-Courmont <rdenis # simphalempin , com>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
AM_CPPFLAGS = @LIBGCRYPT_CFLAGS@
AM_LDFLAGS = @LIBGCRYPT_LIBS@
if !HAVE_WIN32
AM_LDFLAGS += -lpthread
endif
noinst_HEADERS = srtp.h
EXTRA_PROGRAMS = srtp
if HAVE_LIBGCRYPT
noinst_LTLIBRARIES = libvlc_srtp.la
check_PROGRAMS = test-aes
TESTS = test-aes
endif
libvlc_srtp_la_SOURCES = srtp.c
test_aes_SOURCES = test-aes.c
srtp_SOURCES = recv.c
srtp_LDADD = libvlc_srtp.la
/*
* Secure RTP with libgcrypt
* Copyright (C) 2007 Rémi Denis-Courmont <rdenis # simphalempin , com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include <stdint.h>
#include <stddef.h>
#include "srtp.h"
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <netinet/in.h>
int main (void)
{
int fd = socket (AF_INET, SOCK_DGRAM, 0);
struct sockaddr_in addr;
memset (&addr, 0, sizeof (addr));
addr.sin_family = AF_INET;
#ifdef HAVE_SA_LEN
addr.sin_len = sizeof (addr);
#endif
addr.sin_port = htons (10000);
addr.sin_addr.s_addr = htonl (0x7f000001);
if (bind (fd, (struct sockaddr *)&addr, sizeof (addr)))
return 1;
static const uint8_t key[16] =
"\x12\x34\x56\x78\x9A\xBC\xDE\xF0"
"\x12\x34\x56\x78\x9A\xBC\xDE\xF0";
static const uint8_t salt[14] =
"\x12\x34\x56\x78\x90" "\x12\x34\x56\x78\x90" "\x12\x34\x56\x78";
srtp_session_t *s = srtp_create ("AES_CM_128_HMAC_SHA1_80", 0, 0, 0);
if (s == NULL)
return 1;
if (srtp_setkey (s, key, 16, salt, 14))
goto error;
uint8_t buf[1500];
size_t len;
#if 0
memset (buf, 0, sizeof (buf));
buf[0] = 2 << 6;
buf[1] = 1;
memcpy (buf + 2, &(uint16_t){ htons (9527) }, 2);
memcpy (buf + 8, "\xde\xad\xbe\xef", 4);
memcpy (buf + 4, &(uint32_t){ htonl (1) }, 4);
strcpy ((char *)buf + 12, "a\n");
len = 12 + strlen ((char *)buf + 12) + 1;
#endif
for (;;)
{
len = read (fd, buf, sizeof (buf));
if (srtp_recv (s, buf, &len))
fputs ("Cannot decrypt!\n", stderr);
puts ((char *)buf + 12);
if (srtp_send (s, buf, &len, sizeof (buf)) || srtp_recv (s, buf, &len))
break;
puts ((char *)buf + 12);
}
error:
srtp_destroy (s);
close (fd);
return 0;
}
This diff is collapsed.
/*
* Secure RTP with libgcrypt
* Copyright (C) 2007 Rémi Denis-Courmont <rdenis # simphalempin , com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef LIBVLC_SRTP_H
# define LIBVLC_SRTP_H 1
typedef struct srtp_session_t srtp_session_t;
enum
{
SRTP_UNENCRYPTED=0x1, // do not encrypt SRTP packets
SRTCP_UNENCRYPTED=0x2, // do not encrypt SRTCP packets
SRTP_NULL_CIPHER=0x3, // use NULL cipher (encrypt nothing)
SRTP_UNAUTHENTICATED=0x4, // do not authenticated SRTP packets
SRTP_FLAGS_MASK=0x7
};
# ifdef __cplusplus
extern "C" {
# endif
srtp_session_t *srtp_create (const char *name, unsigned flags, unsigned kdr,
uint16_t winsize);
void srtp_destroy (srtp_session_t *s);
int srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t maxsize);
int srtp_recv (srtp_session_t *s, uint8_t *buf, size_t *lenp);
int srtp_setkey (srtp_session_t *s, const void *key, size_t keylen,
const void *salt, size_t saltlen);
# ifdef __cplusplus
}
# endif
#endif
/*
* Secure RTP with libgcrypt
* Copyright (C) 2007 Rémi Denis-Courmont <rdenis # simphalempin , com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <stdio.h>
#include "srtp.c"
static void printhex (const void *buf, size_t len)
{
for (size_t i = 0; i < len; i++)
printf ("%02X", ((uint8_t *)buf)[i]);
fputc ('\n', stdout);
}
static void fatal (const char *msg)
{
puts (msg);
exit (1);
}
/** AES-CM key derivation test vectors */
static void test_derivation (void)
{
static const uint8_t key[16] =
"\xE1\xF9\x7A\x0D\x3E\x01\x8B\xE0\xD6\x4F\xA3\x2C\x06\xDE\x41\x39";
static const uint8_t salt[14] =
"\x0E\xC6\x75\xAD\x49\x8A\xFE\xEB\xB6\x96\x0B\x3A\xAB\xE6";
static const uint8_t good_cipher[16] =
"\xC6\x1E\x7A\x93\x74\x4F\x39\xEE\x10\x73\x4A\xFE\x3F\xF7\xA0\x87";
static const uint8_t good_salt[14] =
"\x30\xCB\xBC\x08\x86\x3D\x8C\x85\xD4\x9D\xB3\x4A\x9A\xE1";
static const uint8_t good_auth[94] =
"\xCE\xBE\x32\x1F\x6F\xF7\x71\x6B\x6F\xD4\xAB\x49\xAF\x25\x6A\x15"
"\x6D\x38\xBA\xA4\x8F\x0A\x0A\xCF\x3C\x34\xE2\x35\x9E\x6C\xDB\xCE"
"\xE0\x49\x64\x6C\x43\xD9\x32\x7A\xD1\x75\x57\x8E\xF7\x22\x70\x98"
"\x63\x71\xC1\x0C\x9A\x36\x9A\xC2\xF9\x4A\x8C\x5F\xBC\xDD\xDC\x25"
"\x6D\x6E\x91\x9A\x48\xB6\x10\xEF\x17\xC2\x04\x1E\x47\x40\x35\x76"
"\x6B\x68\x64\x2C\x59\xBB\xFC\x2F\x34\xDB\x60\xDB\xDF\xB2";
static const uint8_t r[6] = { 0, 0, 0, 0, 0, 0 };
gcry_cipher_hd_t prf;
uint8_t out[94];
puts ("AES-CM key derivation test...");
printf (" master key: ");
printhex (key, sizeof (key));
printf (" master salt: ");
printhex (salt, sizeof (salt));
if (gcry_cipher_open (&prf, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)
|| gcry_cipher_setkey (prf, key, sizeof (key)))
fatal ("Internal PRF error");
if (derive (prf, salt, r, sizeof (r), SRTP_CRYPT, out, 16))
fatal ("Internal cipher derivation error");
printf (" cipher key: ");
printhex (out, 16);
if (memcmp (out, good_cipher, 16))
fatal ("Test failed");
if (derive (prf, salt, r, sizeof (r), SRTP_SALT, out, 14))
fatal ("Internal salt derivation error");
printf (" cipher salt: ");
printhex (out, 14);
if (memcmp (out, good_salt, 14))
fatal ("Test failed");
if (derive (prf, salt, r, sizeof (r), SRTP_AUTH, out, 94))
fatal ("Internal auth key derivation error");
printf (" auth key: ");
printhex (out, 94);
if (memcmp (out, good_auth, 94))
fatal ("Test failed");
gcry_cipher_close (prf);
}
/** AES-CM key derivation test vectors */
static void test_keystream (void)
{
static const uint8_t key[16] =
"\x2B\x7E\x15\x16\x28\xAE\xD2\xA6\xAB\xF7\x15\x88\x09\xCF\x4F\x3C";
const uint32_t salt[4]=
{ htonl (0xf0f1f2f3), htonl (0xf4f5f6f7),
htonl (0xf8f9fafb), htonl (0xfcfd0000) };
puts ("AES-CM key stream test...");
uint8_t *buf = calloc (0xff02, 16);
if (buf == NULL)
{
fputs ("Not enough memory for test\n", stderr);
return;
}
printf (" session key: ");
printhex (key, sizeof (key));
gcry_cipher_hd_t hd;
if (gcry_cipher_open (&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR, 0))
fatal ("Cipher initialization error");
if (gcry_cipher_setkey (hd, key, sizeof (key)))
fatal ("Cipher key error");
if (rtp_encrypt (hd, 0, 0, 0, salt, buf, 0xff020))
fatal ("Encryption failure");
gcry_cipher_close (hd);
static const uint8_t good_start[48] =
"\xE0\x3E\xAD\x09\x35\xC9\x5E\x80\xE1\x66\xB1\x6D\xD9\x2B\x4E\xB4"
"\xD2\x35\x13\x16\x2B\x02\xD0\xF7\x2A\x43\xA2\xFE\x4A\x5F\x97\xAB"
"\x41\xE9\x5B\x3B\xB0\xA2\xE8\xDD\x47\x79\x01\xE4\xFC\xA8\x94\xC0";
static const uint8_t good_end[48] =
"\xEC\x8C\xDF\x73\x98\x60\x7C\xB0\xF2\xD2\x16\x75\xEA\x9E\xA1\xE4"
"\x36\x2B\x7C\x3C\x67\x73\x51\x63\x18\xA0\x77\xD7\xFC\x50\x73\xAE"
"\x6A\x2C\xC3\x78\x78\x89\x37\x4F\xBE\xB4\xC8\x1B\x17\xBA\x6C\x44";
printf (" key stream: ");
printhex (buf, sizeof (good_start));
printf (" ... cont'd : ");
printhex (buf + 0xff020 - sizeof (good_end), sizeof (good_end));
if (memcmp (buf, good_start, sizeof (good_start))
|| memcmp (buf + 0xff020 - sizeof (good_end), good_end,
sizeof (good_end)))
fatal ("Key stream test failed");
free (buf);
}
static void srtp_test (void)
{
if (init_libgcrypt ())
fatal ("Libgcrypt initialization error");
test_derivation ();
test_keystream ();
}
int main (void)
{
srtp_test ();
return 0;
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment