netwerk/srtp/src/include/ekt.h@6474c204b198 (annotated)
netwerk/srtp/src/include/ekt.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* |
| michael@0 | 2 | * ekt.h |
| michael@0 | 3 | * |
| michael@0 | 4 | * interface to Encrypted Key Transport for SRTP |
| michael@0 | 5 | * |
| michael@0 | 6 | * David McGrew |
| michael@0 | 7 | * Cisco Systems, Inc. |
| michael@0 | 8 | */ |
| michael@0 | 9 | /* |
| michael@0 | 10 | * |
| michael@0 | 11 | * Copyright (c) 2001-2005 Cisco Systems, Inc. |
| michael@0 | 12 | * All rights reserved. |
| michael@0 | 13 | * |
| michael@0 | 14 | * Redistribution and use in source and binary forms, with or without |
| michael@0 | 15 | * modification, are permitted provided that the following conditions |
| michael@0 | 16 | * are met: |
| michael@0 | 17 | * |
| michael@0 | 18 | * Redistributions of source code must retain the above copyright |
| michael@0 | 19 | * notice, this list of conditions and the following disclaimer. |
| michael@0 | 20 | * |
| michael@0 | 21 | * Redistributions in binary form must reproduce the above |
| michael@0 | 22 | * copyright notice, this list of conditions and the following |
| michael@0 | 23 | * disclaimer in the documentation and/or other materials provided |
| michael@0 | 24 | * with the distribution. |
| michael@0 | 25 | * |
| michael@0 | 26 | * Neither the name of the Cisco Systems, Inc. nor the names of its |
| michael@0 | 27 | * contributors may be used to endorse or promote products derived |
| michael@0 | 28 | * from this software without specific prior written permission. |
| michael@0 | 29 | * |
| michael@0 | 30 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| michael@0 | 31 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| michael@0 | 32 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| michael@0 | 33 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| michael@0 | 34 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| michael@0 | 35 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| michael@0 | 36 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| michael@0 | 37 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| michael@0 | 38 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| michael@0 | 39 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| michael@0 | 40 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| michael@0 | 41 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
| michael@0 | 42 | * |
| michael@0 | 43 | */ |
| michael@0 | 44 | |
| michael@0 | 45 | |
| michael@0 | 46 | |
| michael@0 | 47 | /* |
| michael@0 | 48 | * EKT implementation strategy |
| michael@0 | 49 | * |
| michael@0 | 50 | * use stream_template approach |
| michael@0 | 51 | * |
| michael@0 | 52 | * in srtp_unprotect, when a new stream appears, check if template has |
| michael@0 | 53 | * EKT defined, and if it does, then apply EKT processing |
| michael@0 | 54 | * |
| michael@0 | 55 | * question: will we want to allow key-sharing templates in addition |
| michael@0 | 56 | * to EKT templates? could define a new ssrc_type_t that's associated |
| michael@0 | 57 | * with an EKT, e.g. ssrc_any_ekt. |
| michael@0 | 58 | * |
| michael@0 | 59 | * |
| michael@0 | 60 | */ |
| michael@0 | 61 | |
| michael@0 | 62 | #ifndef EKT_H |
| michael@0 | 63 | #define EKT_H |
| michael@0 | 64 | |
| michael@0 | 65 | #ifdef __cplusplus |
| michael@0 | 66 | extern "C" { |
| michael@0 | 67 | #endif |
| michael@0 | 68 | |
| michael@0 | 69 | #include "srtp_priv.h" |
| michael@0 | 70 | |
| michael@0 | 71 | #define EKT_CIPHER_DEFAULT 1 |
| michael@0 | 72 | #define EKT_CIPHER_AES_128_ECB 1 |
| michael@0 | 73 | #define EKT_CIPHER_AES_192_KEY_WRAP 2 |
| michael@0 | 74 | #define EKT_CIPHER_AES_256_KEY_WRAP 3 |
| michael@0 | 75 | |
| michael@0 | 76 | typedef uint16_t ekt_spi_t; |
| michael@0 | 77 | |
| michael@0 | 78 | |
| michael@0 | 79 | unsigned |
| michael@0 | 80 | ekt_octets_after_base_tag(ekt_stream_t ekt); |
| michael@0 | 81 | |
| michael@0 | 82 | /* |
| michael@0 | 83 | * an srtp_policy_t structure can contain a pointer to an |
| michael@0 | 84 | * ekt_policy_t structure |
| michael@0 | 85 | * |
| michael@0 | 86 | * this structure holds all of the high level EKT information, and it |
| michael@0 | 87 | * is passed into libsrtp to indicate what policy should be in effect |
| michael@0 | 88 | */ |
| michael@0 | 89 | |
| michael@0 | 90 | typedef struct ekt_policy_ctx_t { |
| michael@0 | 91 | ekt_spi_t spi; /* security parameter index */ |
| michael@0 | 92 | uint8_t ekt_cipher_type; |
| michael@0 | 93 | uint8_t *ekt_key; |
| michael@0 | 94 | struct ekt_policy_ctx_t *next_ekt_policy; |
| michael@0 | 95 | } ekt_policy_ctx_t; |
| michael@0 | 96 | |
| michael@0 | 97 | |
| michael@0 | 98 | /* |
| michael@0 | 99 | * an ekt_data_t structure holds the data corresponding to an ekt key, |
| michael@0 | 100 | * spi, and so on |
| michael@0 | 101 | */ |
| michael@0 | 102 | |
| michael@0 | 103 | typedef struct ekt_data_t { |
| michael@0 | 104 | ekt_spi_t spi; |
| michael@0 | 105 | uint8_t ekt_cipher_type; |
| michael@0 | 106 | aes_expanded_key_t ekt_enc_key; |
| michael@0 | 107 | aes_expanded_key_t ekt_dec_key; |
| michael@0 | 108 | struct ekt_data_t *next_ekt_data; |
| michael@0 | 109 | } ekt_data_t; |
| michael@0 | 110 | |
| michael@0 | 111 | /* |
| michael@0 | 112 | * an srtp_stream_ctx_t can contain an ekt_stream_ctx_t |
| michael@0 | 113 | * |
| michael@0 | 114 | * an ekt_stream_ctx_t structure holds all of the EKT information for |
| michael@0 | 115 | * a specific SRTP stream |
| michael@0 | 116 | */ |
| michael@0 | 117 | |
| michael@0 | 118 | typedef struct ekt_stream_ctx_t { |
| michael@0 | 119 | ekt_data_t *data; |
| michael@0 | 120 | uint16_t isn; /* initial sequence number */ |
| michael@0 | 121 | uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; |
| michael@0 | 122 | } ekt_stream_ctx_t; |
| michael@0 | 123 | |
| michael@0 | 124 | |
| michael@0 | 125 | |
| michael@0 | 126 | err_status_t |
| michael@0 | 127 | ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy); |
| michael@0 | 128 | |
| michael@0 | 129 | err_status_t |
| michael@0 | 130 | ekt_stream_init(ekt_stream_t e, |
| michael@0 | 131 | ekt_spi_t spi, |
| michael@0 | 132 | void *ekt_key, |
| michael@0 | 133 | unsigned ekt_cipher_type); |
| michael@0 | 134 | |
| michael@0 | 135 | err_status_t |
| michael@0 | 136 | ekt_stream_init_from_policy(ekt_stream_t e, ekt_policy_t p); |
| michael@0 | 137 | |
| michael@0 | 138 | |
| michael@0 | 139 | |
| michael@0 | 140 | err_status_t |
| michael@0 | 141 | srtp_stream_init_from_ekt(srtp_stream_t stream, |
| michael@0 | 142 | const void *srtcp_hdr, |
| michael@0 | 143 | unsigned pkt_octet_len); |
| michael@0 | 144 | |
| michael@0 | 145 | |
| michael@0 | 146 | void |
| michael@0 | 147 | ekt_write_data(ekt_stream_t ekt, |
| michael@0 | 148 | uint8_t *base_tag, |
| michael@0 | 149 | unsigned base_tag_len, |
| michael@0 | 150 | int *packet_len, |
| michael@0 | 151 | xtd_seq_num_t pkt_index); |
| michael@0 | 152 | |
| michael@0 | 153 | /* |
| michael@0 | 154 | * We handle EKT by performing some additional steps before |
| michael@0 | 155 | * authentication (copying the auth tag into a temporary location, |
| michael@0 | 156 | * zeroizing the "base tag" field in the packet) |
| michael@0 | 157 | * |
| michael@0 | 158 | * With EKT, the tag_len parameter is actually the base tag |
| michael@0 | 159 | * length |
| michael@0 | 160 | */ |
| michael@0 | 161 | |
| michael@0 | 162 | err_status_t |
| michael@0 | 163 | ekt_tag_verification_preproces(uint8_t *pkt_tag, |
| michael@0 | 164 | uint8_t *pkt_tag_copy, |
| michael@0 | 165 | unsigned tag_len); |
| michael@0 | 166 | |
| michael@0 | 167 | err_status_t |
| michael@0 | 168 | ekt_tag_verification_postproces(uint8_t *pkt_tag, |
| michael@0 | 169 | uint8_t *pkt_tag_copy, |
| michael@0 | 170 | unsigned tag_len); |
| michael@0 | 171 | |
| michael@0 | 172 | |
| michael@0 | 173 | /* |
| michael@0 | 174 | * @brief EKT pre-processing for srtcp tag generation |
| michael@0 | 175 | * |
| michael@0 | 176 | * This function does the pre-processing of the SRTCP authentication |
| michael@0 | 177 | * tag format. When EKT is used, it consists of writing the Encrypted |
| michael@0 | 178 | * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI |
| michael@0 | 179 | * fields. The Base Authentication Tag field is set to the all-zero |
| michael@0 | 180 | * value |
| michael@0 | 181 | * |
| michael@0 | 182 | * When EKT is not used, this function is a no-op. |
| michael@0 | 183 | * |
| michael@0 | 184 | */ |
| michael@0 | 185 | |
| michael@0 | 186 | err_status_t |
| michael@0 | 187 | srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, |
| michael@0 | 188 | uint8_t *pkt_tag, |
| michael@0 | 189 | unsigned pkt_octet_len); |
| michael@0 | 190 | |
| michael@0 | 191 | /* it's not clear that a tag_generation_postprocess function is needed */ |
| michael@0 | 192 | |
| michael@0 | 193 | err_status_t |
| michael@0 | 194 | srtcp_auth_tag_generation_postprocess(void); |
| michael@0 | 195 | |
| michael@0 | 196 | |
| michael@0 | 197 | #ifdef __cplusplus |
| michael@0 | 198 | } |
| michael@0 | 199 | #endif |
| michael@0 | 200 | |
| michael@0 | 201 | #endif /* EKT_H */ |
