aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat/srtp.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2013-01-21 15:00:45 +0100
committerMichael Niedermayer <michaelni@gmx.at>2013-01-21 15:00:45 +0100
commitbc639dbd9b835622b2b0713f24cacbdbf464d065 (patch)
treed3fe834f5af17e65041349384872a1f981a16e9c /libavformat/srtp.c
parentacc0c0190bd6144d921397d53e928532a8d86de0 (diff)
parenta2a991b2ddf951454ffceb7bcedc9db93e26c610 (diff)
downloadffmpeg-bc639dbd9b835622b2b0713f24cacbdbf464d065.tar.gz
Merge commit 'a2a991b2ddf951454ffceb7bcedc9db93e26c610'
* commit 'a2a991b2ddf951454ffceb7bcedc9db93e26c610': srtp: Improve the minimum encryption buffer size check srtp: Add support for a few DTLS-SRTP related crypto suites Conflicts: libavformat/version.h Merged-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavformat/srtp.c')
-rw-r--r--libavformat/srtp.c44
1 files changed, 29 insertions, 15 deletions
diff --git a/libavformat/srtp.c b/libavformat/srtp.c
index 993a3b6a4a..1f068d4c9c 100644
--- a/libavformat/srtp.c
+++ b/libavformat/srtp.c
@@ -69,10 +69,15 @@ int ff_srtp_set_crypto(struct SRTPContext *s, const char *suite,
ff_srtp_free(s);
// RFC 4568
- if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80")) {
- s->hmac_size = 10;
+ if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80") ||
+ !strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_80")) {
+ s->rtp_hmac_size = s->rtcp_hmac_size = 10;
} else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_32")) {
- s->hmac_size = 4;
+ s->rtp_hmac_size = s->rtcp_hmac_size = 4;
+ } else if (!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_32")) {
+ // RFC 5764 section 4.1.2
+ s->rtp_hmac_size = 4;
+ s->rtcp_hmac_size = 10;
} else {
av_log(NULL, AV_LOG_WARNING, "SRTP Crypto suite %s not supported\n",
suite);
@@ -124,19 +129,23 @@ int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr)
int ext, av_uninit(seq_largest);
uint32_t ssrc, av_uninit(roc);
uint64_t index;
- int rtcp;
+ int rtcp, hmac_size;
// TODO: Missing replay protection
- if (len < s->hmac_size)
+ if (len < 2)
return AVERROR_INVALIDDATA;
rtcp = RTP_PT_IS_RTCP(buf[1]);
+ hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
+
+ if (len < hmac_size)
+ return AVERROR_INVALIDDATA;
// Authentication HMAC
av_hmac_init(s->hmac, rtcp ? s->rtcp_auth : s->rtp_auth, sizeof(s->rtp_auth));
// If MKI is used, this should exclude the MKI as well
- av_hmac_update(s->hmac, buf, len - s->hmac_size);
+ av_hmac_update(s->hmac, buf, len - hmac_size);
if (!rtcp) {
int seq = AV_RB16(buf + 2);
@@ -166,12 +175,12 @@ int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr)
}
av_hmac_final(s->hmac, hmac, sizeof(hmac));
- if (memcmp(hmac, buf + len - s->hmac_size, s->hmac_size)) {
+ if (memcmp(hmac, buf + len - hmac_size, hmac_size)) {
av_log(NULL, AV_LOG_WARNING, "HMAC mismatch\n");
return AVERROR_INVALIDDATA;
}
- len -= s->hmac_size;
+ len -= hmac_size;
*lenptr = len;
if (len < 12)
@@ -231,19 +240,24 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
uint8_t iv[16] = { 0 }, hmac[20];
uint64_t index;
uint32_t ssrc;
- int rtcp;
+ int rtcp, hmac_size, padding;
uint8_t *buf;
- if (len + 14 > outlen)
- return 0;
if (len < 12)
return 0;
+ rtcp = RTP_PT_IS_RTCP(in[1]);
+ hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
+ padding = hmac_size;
+ if (rtcp)
+ padding += 4; // For the RTCP index
+
+ if (len + padding > outlen)
+ return 0;
+
memcpy(out, in, len);
buf = out;
- rtcp = RTP_PT_IS_RTCP(buf[1]);
-
if (rtcp) {
ssrc = AV_RB32(buf + 4);
index = s->rtcp_index++;
@@ -300,8 +314,8 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
}
av_hmac_final(s->hmac, hmac, sizeof(hmac));
- memcpy(buf + len, hmac, s->hmac_size);
- len += s->hmac_size;
+ memcpy(buf + len, hmac, hmac_size);
+ len += hmac_size;
return buf + len - out;
}