Skip to content

Commit ffaee7f

Browse files
yngrtcyngrtc
committed
add AeadAes256Gcm support
1 parent c69e4d6 commit ffaee7f

File tree

11 files changed

+143
-77
lines changed

11 files changed

+143
-77
lines changed

srtp/src/cipher/cipher_aead_aes_gcm.rs

Lines changed: 22 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,22 +8,35 @@ use util::marshal::*;
88
use super::Cipher;
99
use crate::error::{Error, Result};
1010
use crate::key_derivation::*;
11+
use crate::protection_profile::ProtectionProfile;
1112

1213
pub const CIPHER_AEAD_AES_GCM_AUTH_TAG_LEN: usize = 16;
1314

1415
const RTCP_ENCRYPTION_FLAG: u8 = 0x80;
1516

1617
/// AEAD Cipher based on AES.
1718
pub(crate) struct CipherAeadAesGcm {
19+
profile: ProtectionProfile,
1820
srtp_cipher: aes_gcm::Aes128Gcm,
1921
srtcp_cipher: aes_gcm::Aes128Gcm,
2022
srtp_session_salt: Vec<u8>,
2123
srtcp_session_salt: Vec<u8>,
2224
}
2325

2426
impl Cipher for CipherAeadAesGcm {
25-
fn auth_tag_len(&self) -> usize {
26-
CIPHER_AEAD_AES_GCM_AUTH_TAG_LEN
27+
/// Get RTP authenticated tag length.
28+
fn rtp_auth_tag_len(&self) -> usize {
29+
self.profile.rtp_auth_tag_len()
30+
}
31+
32+
/// Get RTCP authenticated tag length.
33+
fn rtcp_auth_tag_len(&self) -> usize {
34+
self.profile.rtcp_auth_tag_len()
35+
}
36+
37+
/// Get AEAD auth key length of the cipher.
38+
fn aead_auth_tag_len(&self) -> usize {
39+
self.profile.aead_auth_tag_len()
2740
}
2841

2942
fn encrypt_rtp(
@@ -34,7 +47,7 @@ impl Cipher for CipherAeadAesGcm {
3447
) -> Result<Bytes> {
3548
// Grow the given buffer to fit the output.
3649
let header_len = header.marshal_size();
37-
let mut writer = BytesMut::with_capacity(payload.len() + self.auth_tag_len());
50+
let mut writer = BytesMut::with_capacity(payload.len() + self.aead_auth_tag_len());
3851

3952
// Copy header unencrypted.
4053
writer.extend_from_slice(&payload[..header_len]);
@@ -59,7 +72,7 @@ impl Cipher for CipherAeadAesGcm {
5972
header: &rtp::header::Header,
6073
roc: u32,
6174
) -> Result<Bytes> {
62-
if ciphertext.len() < self.auth_tag_len() {
75+
if ciphertext.len() < self.aead_auth_tag_len() {
6376
return Err(Error::ErrFailedToVerifyAuthTag);
6477
}
6578

@@ -101,7 +114,7 @@ impl Cipher for CipherAeadAesGcm {
101114
}
102115

103116
fn decrypt_rtcp(&mut self, encrypted: &[u8], srtcp_index: usize, ssrc: u32) -> Result<Bytes> {
104-
if encrypted.len() < self.auth_tag_len() + SRTCP_INDEX_SIZE {
117+
if encrypted.len() < self.aead_auth_tag_len() + SRTCP_INDEX_SIZE {
105118
return Err(Error::ErrFailedToVerifyAuthTag);
106119
}
107120

@@ -133,7 +146,7 @@ impl Cipher for CipherAeadAesGcm {
133146

134147
impl CipherAeadAesGcm {
135148
/// Create a new AEAD instance.
136-
pub(crate) fn new(master_key: &[u8], master_salt: &[u8]) -> Result<CipherAeadAesGcm> {
149+
pub(crate) fn new(profile: ProtectionProfile, master_key: &[u8], master_salt: &[u8]) -> Result<CipherAeadAesGcm> {
137150
let srtp_session_key = aes_cm_key_derivation(
138151
LABEL_SRTP_ENCRYPTION,
139152
master_key,
@@ -163,18 +176,19 @@ impl CipherAeadAesGcm {
163176
master_key,
164177
master_salt,
165178
0,
166-
master_key.len(),
179+
master_salt.len(),
167180
)?;
168181

169182
let srtcp_session_salt = aes_cm_key_derivation(
170183
LABEL_SRTCP_SALT,
171184
master_key,
172185
master_salt,
173186
0,
174-
master_key.len(),
187+
master_salt.len(),
175188
)?;
176189

177190
Ok(CipherAeadAesGcm {
191+
profile,
178192
srtp_cipher,
179193
srtcp_cipher,
180194
srtp_session_salt,

srtp/src/cipher/cipher_aes_cm_hmac_sha1/ctrcipher.rs

Lines changed: 34 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ use util::marshal::*;
88
use super::{Cipher, CipherInner};
99
use crate::error::{Error, Result};
1010
use crate::key_derivation::*;
11+
use crate::protection_profile::ProtectionProfile;
1112

1213
type Aes128Ctr = ctr::Ctr128BE<aes::Aes128>;
1314

@@ -18,8 +19,8 @@ pub(crate) struct CipherAesCmHmacSha1 {
1819
}
1920

2021
impl CipherAesCmHmacSha1 {
21-
pub fn new(master_key: &[u8], master_salt: &[u8]) -> Result<Self> {
22-
let inner = CipherInner::new(master_key, master_salt)?;
22+
pub fn new(profile: ProtectionProfile, master_key: &[u8], master_salt: &[u8]) -> Result<Self> {
23+
let inner = CipherInner::new(profile, master_key, master_salt)?;
2324

2425
let srtp_session_key = aes_cm_key_derivation(
2526
LABEL_SRTP_ENCRYPTION,
@@ -45,8 +46,19 @@ impl CipherAesCmHmacSha1 {
4546
}
4647

4748
impl Cipher for CipherAesCmHmacSha1 {
48-
fn auth_tag_len(&self) -> usize {
49-
self.inner.auth_tag_len()
49+
/// Get RTP authenticated tag length.
50+
fn rtp_auth_tag_len(&self) -> usize {
51+
self.inner.profile.rtp_auth_tag_len()
52+
}
53+
54+
/// Get RTCP authenticated tag length.
55+
fn rtcp_auth_tag_len(&self) -> usize {
56+
self.inner.profile.rtcp_auth_tag_len()
57+
}
58+
59+
/// Get AEAD auth key length of the cipher.
60+
fn aead_auth_tag_len(&self) -> usize {
61+
self.inner.profile.aead_auth_tag_len()
5062
}
5163

5264
fn get_rtcp_index(&self, input: &[u8]) -> usize {
@@ -59,7 +71,7 @@ impl Cipher for CipherAesCmHmacSha1 {
5971
header: &rtp::header::Header,
6072
roc: u32,
6173
) -> Result<Bytes> {
62-
let mut writer = Vec::with_capacity(plaintext.len() + self.auth_tag_len());
74+
let mut writer = Vec::with_capacity(plaintext.len() + self.rtp_auth_tag_len());
6375

6476
// Write the plaintext to the destination buffer.
6577
writer.extend_from_slice(plaintext);
@@ -77,7 +89,7 @@ impl Cipher for CipherAesCmHmacSha1 {
7789
stream.apply_keystream(&mut writer[header.marshal_size()..]);
7890

7991
// Generate the auth tag.
80-
let auth_tag = &self.inner.generate_srtp_auth_tag(&writer, roc)[..self.auth_tag_len()];
92+
let auth_tag = &self.inner.generate_srtp_auth_tag(&writer, roc)[..self.rtp_auth_tag_len()];
8193
writer.extend(auth_tag);
8294

8395
Ok(Bytes::from(writer))
@@ -90,19 +102,19 @@ impl Cipher for CipherAesCmHmacSha1 {
90102
roc: u32,
91103
) -> Result<Bytes> {
92104
let encrypted_len = encrypted.len();
93-
if encrypted_len < self.auth_tag_len() {
94-
return Err(Error::SrtpTooSmall(encrypted_len, self.auth_tag_len()));
105+
if encrypted_len < self.rtp_auth_tag_len() {
106+
return Err(Error::SrtpTooSmall(encrypted_len, self.rtp_auth_tag_len()));
95107
}
96108

97-
let mut writer = Vec::with_capacity(encrypted_len - self.auth_tag_len());
109+
let mut writer = Vec::with_capacity(encrypted_len - self.rtp_auth_tag_len());
98110

99111
// Split the auth tag and the cipher text into two parts.
100-
let actual_tag = &encrypted[encrypted_len - self.auth_tag_len()..];
101-
let cipher_text = &encrypted[..encrypted_len - self.auth_tag_len()];
112+
let actual_tag = &encrypted[encrypted_len - self.rtp_auth_tag_len()..];
113+
let cipher_text = &encrypted[..encrypted_len - self.rtp_auth_tag_len()];
102114

103115
// Generate the auth tag we expect to see from the ciphertext.
104116
let expected_tag =
105-
&self.inner.generate_srtp_auth_tag(cipher_text, roc)[..self.auth_tag_len()];
117+
&self.inner.generate_srtp_auth_tag(cipher_text, roc)[..self.rtp_auth_tag_len()];
106118

107119
// See if the auth tag actually matches.
108120
// We use a constant time comparison to prevent timing attacks.
@@ -132,7 +144,7 @@ impl Cipher for CipherAesCmHmacSha1 {
132144

133145
fn encrypt_rtcp(&mut self, decrypted: &[u8], srtcp_index: usize, ssrc: u32) -> Result<Bytes> {
134146
let mut writer =
135-
Vec::with_capacity(decrypted.len() + SRTCP_INDEX_SIZE + self.auth_tag_len());
147+
Vec::with_capacity(decrypted.len() + SRTCP_INDEX_SIZE + self.rtcp_auth_tag_len());
136148

137149
// Write the decrypted to the destination buffer.
138150
writer.extend_from_slice(decrypted);
@@ -155,22 +167,22 @@ impl Cipher for CipherAesCmHmacSha1 {
155167
writer.put_u32(srtcp_index as u32 | (1u32 << 31));
156168

157169
// Generate the auth tag.
158-
let auth_tag = &self.inner.generate_srtcp_auth_tag(&writer)[..self.auth_tag_len()];
170+
let auth_tag = &self.inner.generate_srtcp_auth_tag(&writer)[..self.rtcp_auth_tag_len()];
159171
writer.extend(auth_tag);
160172

161173
Ok(Bytes::from(writer))
162174
}
163175

164176
fn decrypt_rtcp(&mut self, encrypted: &[u8], srtcp_index: usize, ssrc: u32) -> Result<Bytes> {
165177
let encrypted_len = encrypted.len();
166-
if encrypted_len < self.auth_tag_len() + SRTCP_INDEX_SIZE {
178+
if encrypted_len < self.rtcp_auth_tag_len() + SRTCP_INDEX_SIZE {
167179
return Err(Error::SrtcpTooSmall(
168180
encrypted_len,
169-
self.auth_tag_len() + SRTCP_INDEX_SIZE,
181+
self.rtcp_auth_tag_len() + SRTCP_INDEX_SIZE,
170182
));
171183
}
172184

173-
let tail_offset = encrypted_len - (self.auth_tag_len() + SRTCP_INDEX_SIZE);
185+
let tail_offset = encrypted_len - (self.rtcp_auth_tag_len() + SRTCP_INDEX_SIZE);
174186

175187
let mut writer = Vec::with_capacity(tail_offset);
176188

@@ -182,18 +194,18 @@ impl Cipher for CipherAesCmHmacSha1 {
182194
}
183195

184196
// Split the auth tag and the cipher text into two parts.
185-
let actual_tag = &encrypted[encrypted_len - self.auth_tag_len()..];
186-
if actual_tag.len() != self.auth_tag_len() {
197+
let actual_tag = &encrypted[encrypted_len - self.rtcp_auth_tag_len()..];
198+
if actual_tag.len() != self.rtcp_auth_tag_len() {
187199
return Err(Error::RtcpInvalidLengthAuthTag(
188200
actual_tag.len(),
189-
self.auth_tag_len(),
201+
self.rtcp_auth_tag_len(),
190202
));
191203
}
192204

193-
let cipher_text = &encrypted[..encrypted_len - self.auth_tag_len()];
205+
let cipher_text = &encrypted[..encrypted_len - self.rtcp_auth_tag_len()];
194206

195207
// Generate the auth tag we expect to see from the ciphertext.
196-
let expected_tag = &self.inner.generate_srtcp_auth_tag(cipher_text)[..self.auth_tag_len()];
208+
let expected_tag = &self.inner.generate_srtcp_auth_tag(cipher_text)[..self.rtcp_auth_tag_len()];
197209

198210
// See if the auth tag actually matches.
199211
// We use a constant time comparison to prevent timing attacks.

srtp/src/cipher/cipher_aes_cm_hmac_sha1/mod.rs

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,14 +24,15 @@ type HmacSha1 = Hmac<Sha1>;
2424
pub const CIPHER_AES_CM_HMAC_SHA1AUTH_TAG_LEN: usize = 10;
2525

2626
pub(crate) struct CipherInner {
27+
profile: ProtectionProfile,
2728
srtp_session_salt: Vec<u8>,
2829
srtp_session_auth: HmacSha1,
2930
srtcp_session_salt: Vec<u8>,
3031
srtcp_session_auth: HmacSha1,
3132
}
3233

3334
impl CipherInner {
34-
pub fn new(master_key: &[u8], master_salt: &[u8]) -> Result<Self> {
35+
pub fn new(profile: ProtectionProfile, master_key: &[u8], master_salt: &[u8]) -> Result<Self> {
3536
let srtp_session_salt = aes_cm_key_derivation(
3637
LABEL_SRTP_SALT,
3738
master_key,
@@ -70,6 +71,7 @@ impl CipherInner {
7071
.map_err(|e| Error::Other(e.to_string()))?;
7172

7273
Ok(Self {
74+
profile,
7375
srtp_session_salt,
7476
srtp_session_auth,
7577
srtcp_session_salt,
@@ -121,12 +123,8 @@ impl CipherInner {
121123
signer.finalize().into_bytes().into()
122124
}
123125

124-
fn auth_tag_len(&self) -> usize {
125-
CIPHER_AES_CM_HMAC_SHA1AUTH_TAG_LEN
126-
}
127-
128126
fn get_rtcp_index(&self, input: &[u8]) -> usize {
129-
let tail_offset = input.len() - (self.auth_tag_len() + SRTCP_INDEX_SIZE);
127+
let tail_offset = input.len() - (self.profile.rtcp_auth_tag_len() + SRTCP_INDEX_SIZE);
130128
(BigEndian::read_u32(&input[tail_offset..tail_offset + SRTCP_INDEX_SIZE]) & !(1 << 31))
131129
as usize
132130
}

0 commit comments

Comments
 (0)