Merge pull request #737 from pabuhler/cherry-pick-pr-773-to-main

pabuhler · web-flow · commit 7d20c514f99d · 2024-12-11T15:40:38.000+01:00
Fix srtp_unprotect_rtcp_mki when RTP auth != RTCP
diff --git a/srtp/srtp.c b/srtp/srtp.c
@@ -1744,10 +1744,11 @@ static void srtp_calc_aead_iv(srtp_session_keys_t *session_keys,
     v128_xor(iv, &in, &salt);
 }
 
-srtp_err_status_t srtp_get_session_keys_for_packet(
+static srtp_err_status_t srtp_get_session_keys_for_packet(
     srtp_stream_ctx_t *stream,
     const uint8_t *hdr,
     size_t pkt_octet_len,
+    size_t tag_len,
     srtp_session_keys_t **session_keys)
 {
     if (!stream->use_mki) {
@@ -1756,15 +1757,6 @@ srtp_err_status_t srtp_get_session_keys_for_packet(
     }
 
     size_t mki_start_location = pkt_octet_len;
-    size_t tag_len = 0;
-
-    // Determine the authentication tag size
-    if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
-        stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) {
-        tag_len = 0;
-    } else {
-        tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth);
-    }
 
     if (tag_len > mki_start_location) {
         return srtp_err_status_bad_mki;
@@ -1789,6 +1781,46 @@ srtp_err_status_t srtp_get_session_keys_for_packet(
     return srtp_err_status_bad_mki;
 }
 
+static srtp_err_status_t srtp_get_session_keys_for_rtp_packet(
+    srtp_stream_ctx_t *stream,
+    const uint8_t *hdr,
+    size_t pkt_octet_len,
+    srtp_session_keys_t **session_keys)
+{
+    size_t tag_len = 0;
+
+    // Determine the authentication tag size
+    if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+        stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+        tag_len = 0;
+    } else {
+        tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth);
+    }
+
+    return srtp_get_session_keys_for_packet(stream, hdr, pkt_octet_len, tag_len,
+                                            session_keys);
+}
+
+static srtp_err_status_t srtp_get_session_keys_for_rtcp_packet(
+    srtp_stream_ctx_t *stream,
+    const uint8_t *hdr,
+    size_t pkt_octet_len,
+    srtp_session_keys_t **session_keys)
+{
+    size_t tag_len = 0;
+
+    // Determine the authentication tag size
+    if (stream->session_keys[0].rtcp_cipher->algorithm == SRTP_AES_GCM_128 ||
+        stream->session_keys[0].rtcp_cipher->algorithm == SRTP_AES_GCM_256) {
+        tag_len = 0;
+    } else {
+        tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtcp_auth);
+    }
+
+    return srtp_get_session_keys_for_packet(stream, hdr, pkt_octet_len, tag_len,
+                                            session_keys);
+}
+
 static srtp_err_status_t srtp_estimate_index(srtp_rdbx_t *rdbx,
                                              uint32_t roc,
                                              srtp_xtd_seq_num_t *est,
@@ -2590,8 +2622,8 @@ srtp_err_status_t srtp_unprotect(srtp_t ctx,
     debug_print(mod_srtp, "estimated u_packet index: %016" PRIx64, est);
 
     /* Determine if MKI is being used and what session keys should be used */
-    status =
-        srtp_get_session_keys_for_packet(stream, srtp, srtp_len, &session_keys);
+    status = srtp_get_session_keys_for_rtp_packet(stream, srtp, srtp_len,
+                                                  &session_keys);
     if (status) {
         return status;
     }
@@ -4267,8 +4299,8 @@ srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx,
     /*
      * Determine if MKI is being used and what session keys should be used
      */
-    status = srtp_get_session_keys_for_packet(stream, srtcp, srtcp_len,
-                                              &session_keys);
+    status = srtp_get_session_keys_for_rtcp_packet(stream, srtcp, srtcp_len,
+                                                   &session_keys);
     if (status) {
         return status;
     }
diff --git a/test/srtp_driver.c b/test/srtp_driver.c
@@ -5122,7 +5122,40 @@ const srtp_policy_t aes_256_hmac_policy = {
     true,             /* no mki */
     TEST_MKI_ID_SIZE, /* mki size */
     128,              /* replay window size                           */
-    0,                /* retransmission not allowed                   */
+    false,            /* retransmission not allowed                   */
+    NULL,             /* no encrypted extension headers               */
+    0,                /* list of encrypted extension headers is empty */
+    NULL
+};
+
+const srtp_policy_t aes_256_hmac_32_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        /* SRTP policy */
+        SRTP_AES_ICM_256,               /* cipher type                 */
+        SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_HMAC_SHA1,                 /* authentication func type    */
+        20,                             /* auth key length in octets   */
+        4,                              /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    {
+        /* SRTCP policy */
+        SRTP_AES_ICM_256,               /* cipher type                 */
+        SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_HMAC_SHA1,                 /* authentication func type    */
+        20,                             /* auth key length in octets   */
+        10,                             /* auth tag length in octets.
+                                           80 bits per RFC 3711. */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_256_keys,
+    2,                /* indicates the number of Master keys          */
+    true,             /* no mki */
+    TEST_MKI_ID_SIZE, /* mki size */
+    128,              /* replay window size                           */
+    false,            /* retransmission not allowed                   */
     NULL,             /* no encrypted extension headers               */
     0,                /* list of encrypted extension headers is empty */
     NULL
@@ -5181,6 +5214,7 @@ const srtp_policy_t *policy_array[] = {
 #endif
     &null_policy,
     &aes_256_hmac_policy,
+    &aes_256_hmac_32_policy,
     NULL
 };
 // clang-format on
