falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

srtp: Add support for a few DTLS-SRTP related crypto suites 

The main difference to the existing suites from RFC 4568 is
that the version with a 32 bit HMAC still uses 80 bit HMAC
for RTCP packets.

Signed-off-by: Martin Storsjö <martin@martin.st>
tags/n1.2
Martin Storsjö 12 years ago
parent
f53490cc0c
commit
e1d0b3d875
3 changed files with 23 additions and 13 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +21
    -11
      libavformat/srtp.c
  2. +1
    -1
      libavformat/srtp.h
  3. +1
    -1
      libavformat/version.h

+ 21
- 11
libavformat/srtp.c View File

@@ -69,10 +69,15 @@ int ff_srtp_set_crypto(struct SRTPContext *s, const char *suite,
ff_srtp_free(s);

// RFC 4568
if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80")) {
s->hmac_size = 10;
if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80") ||
!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_80")) {
s->rtp_hmac_size = s->rtcp_hmac_size = 10;
} else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_32")) {
s->hmac_size = 4;
s->rtp_hmac_size = s->rtcp_hmac_size = 4;
} else if (!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_32")) {
// RFC 5764 section 4.1.2
s->rtp_hmac_size = 4;
s->rtcp_hmac_size = 10;
} else {
av_log(NULL, AV_LOG_WARNING, "SRTP Crypto suite %s not supported\n",
suite);
@@ -124,19 +129,23 @@ int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr)
int ext, av_uninit(seq_largest);
uint32_t ssrc, av_uninit(roc);
uint64_t index;
int rtcp;
int rtcp, hmac_size;

// TODO: Missing replay protection

if (len < s->hmac_size)
if (len < 2)
return AVERROR_INVALIDDATA;

rtcp = RTP_PT_IS_RTCP(buf[1]);
hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;

if (len < hmac_size)
return AVERROR_INVALIDDATA;

// Authentication HMAC
av_hmac_init(s->hmac, rtcp ? s->rtcp_auth : s->rtp_auth, sizeof(s->rtp_auth));
// If MKI is used, this should exclude the MKI as well
av_hmac_update(s->hmac, buf, len - s->hmac_size);
av_hmac_update(s->hmac, buf, len - hmac_size);

if (!rtcp) {
int seq = AV_RB16(buf + 2);
@@ -166,12 +175,12 @@ int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr)
}

av_hmac_final(s->hmac, hmac, sizeof(hmac));
if (memcmp(hmac, buf + len - s->hmac_size, s->hmac_size)) {
if (memcmp(hmac, buf + len - hmac_size, hmac_size)) {
av_log(NULL, AV_LOG_WARNING, "HMAC mismatch\n");
return AVERROR_INVALIDDATA;
}

len -= s->hmac_size;
len -= hmac_size;
*lenptr = len;

if (len < 12)
@@ -231,7 +240,7 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
uint8_t iv[16] = { 0 }, hmac[20];
uint64_t index;
uint32_t ssrc;
int rtcp;
int rtcp, hmac_size;
uint8_t *buf;

if (len + 14 > outlen)
@@ -243,6 +252,7 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
buf = out;

rtcp = RTP_PT_IS_RTCP(buf[1]);
hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;

if (rtcp) {
ssrc = AV_RB32(buf + 4);
@@ -300,8 +310,8 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
}
av_hmac_final(s->hmac, hmac, sizeof(hmac));

memcpy(buf + len, hmac, s->hmac_size);
len += s->hmac_size;
memcpy(buf + len, hmac, hmac_size);
len += hmac_size;
return buf + len - out;
}



+ 1
- 1
libavformat/srtp.h View File

@@ -30,7 +30,7 @@ struct AVHMAC;
struct SRTPContext {
struct AVAES *aes;
struct AVHMAC *hmac;
int hmac_size;
int rtp_hmac_size, rtcp_hmac_size;
uint8_t master_key[16];
uint8_t master_salt[14];
uint8_t rtp_key[16], rtcp_key[16];


+ 1
- 1
libavformat/version.h View File

@@ -31,7 +31,7 @@

#define LIBAVFORMAT_VERSION_MAJOR 54
#define LIBAVFORMAT_VERSION_MINOR 21
#define LIBAVFORMAT_VERSION_MICRO 0
#define LIBAVFORMAT_VERSION_MICRO 1

#define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \
LIBAVFORMAT_VERSION_MINOR, \


Write Preview
Loading…
Cancel
Save