The main difference to the existing suites from RFC 4568 is
that the version with a 32 bit HMAC still uses 80 bit HMAC
for RTCP packets.
Signed-off-by: Martin Storsjö <martin@martin.st>
... | ... |
@@ -69,10 +69,15 @@ int ff_srtp_set_crypto(struct SRTPContext *s, const char *suite, |
69 | 69 |
ff_srtp_free(s); |
70 | 70 |
|
71 | 71 |
// RFC 4568 |
72 |
- if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80")) { |
|
73 |
- s->hmac_size = 10; |
|
72 |
+ if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80") || |
|
73 |
+ !strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_80")) { |
|
74 |
+ s->rtp_hmac_size = s->rtcp_hmac_size = 10; |
|
74 | 75 |
} else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_32")) { |
75 |
- s->hmac_size = 4; |
|
76 |
+ s->rtp_hmac_size = s->rtcp_hmac_size = 4; |
|
77 |
+ } else if (!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_32")) { |
|
78 |
+ // RFC 5764 section 4.1.2 |
|
79 |
+ s->rtp_hmac_size = 4; |
|
80 |
+ s->rtcp_hmac_size = 10; |
|
76 | 81 |
} else { |
77 | 82 |
av_log(NULL, AV_LOG_WARNING, "SRTP Crypto suite %s not supported\n", |
78 | 83 |
suite); |
... | ... |
@@ -124,19 +129,23 @@ int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr) |
124 | 124 |
int ext, av_uninit(seq_largest); |
125 | 125 |
uint32_t ssrc, av_uninit(roc); |
126 | 126 |
uint64_t index; |
127 |
- int rtcp; |
|
127 |
+ int rtcp, hmac_size; |
|
128 | 128 |
|
129 | 129 |
// TODO: Missing replay protection |
130 | 130 |
|
131 |
- if (len < s->hmac_size) |
|
131 |
+ if (len < 2) |
|
132 | 132 |
return AVERROR_INVALIDDATA; |
133 | 133 |
|
134 | 134 |
rtcp = RTP_PT_IS_RTCP(buf[1]); |
135 |
+ hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size; |
|
136 |
+ |
|
137 |
+ if (len < hmac_size) |
|
138 |
+ return AVERROR_INVALIDDATA; |
|
135 | 139 |
|
136 | 140 |
// Authentication HMAC |
137 | 141 |
av_hmac_init(s->hmac, rtcp ? s->rtcp_auth : s->rtp_auth, sizeof(s->rtp_auth)); |
138 | 142 |
// If MKI is used, this should exclude the MKI as well |
139 |
- av_hmac_update(s->hmac, buf, len - s->hmac_size); |
|
143 |
+ av_hmac_update(s->hmac, buf, len - hmac_size); |
|
140 | 144 |
|
141 | 145 |
if (!rtcp) { |
142 | 146 |
int seq = AV_RB16(buf + 2); |
... | ... |
@@ -166,12 +175,12 @@ int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr) |
166 | 166 |
} |
167 | 167 |
|
168 | 168 |
av_hmac_final(s->hmac, hmac, sizeof(hmac)); |
169 |
- if (memcmp(hmac, buf + len - s->hmac_size, s->hmac_size)) { |
|
169 |
+ if (memcmp(hmac, buf + len - hmac_size, hmac_size)) { |
|
170 | 170 |
av_log(NULL, AV_LOG_WARNING, "HMAC mismatch\n"); |
171 | 171 |
return AVERROR_INVALIDDATA; |
172 | 172 |
} |
173 | 173 |
|
174 |
- len -= s->hmac_size; |
|
174 |
+ len -= hmac_size; |
|
175 | 175 |
*lenptr = len; |
176 | 176 |
|
177 | 177 |
if (len < 12) |
... | ... |
@@ -231,7 +240,7 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len, |
231 | 231 |
uint8_t iv[16] = { 0 }, hmac[20]; |
232 | 232 |
uint64_t index; |
233 | 233 |
uint32_t ssrc; |
234 |
- int rtcp; |
|
234 |
+ int rtcp, hmac_size; |
|
235 | 235 |
uint8_t *buf; |
236 | 236 |
|
237 | 237 |
if (len + 14 > outlen) |
... | ... |
@@ -243,6 +252,7 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len, |
243 | 243 |
buf = out; |
244 | 244 |
|
245 | 245 |
rtcp = RTP_PT_IS_RTCP(buf[1]); |
246 |
+ hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size; |
|
246 | 247 |
|
247 | 248 |
if (rtcp) { |
248 | 249 |
ssrc = AV_RB32(buf + 4); |
... | ... |
@@ -300,8 +310,8 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len, |
300 | 300 |
} |
301 | 301 |
av_hmac_final(s->hmac, hmac, sizeof(hmac)); |
302 | 302 |
|
303 |
- memcpy(buf + len, hmac, s->hmac_size); |
|
304 |
- len += s->hmac_size; |
|
303 |
+ memcpy(buf + len, hmac, hmac_size); |
|
304 |
+ len += hmac_size; |
|
305 | 305 |
return buf + len - out; |
306 | 306 |
} |
307 | 307 |
|
... | ... |
@@ -31,7 +31,7 @@ |
31 | 31 |
|
32 | 32 |
#define LIBAVFORMAT_VERSION_MAJOR 54 |
33 | 33 |
#define LIBAVFORMAT_VERSION_MINOR 21 |
34 |
-#define LIBAVFORMAT_VERSION_MICRO 0 |
|
34 |
+#define LIBAVFORMAT_VERSION_MICRO 1 |
|
35 | 35 |
|
36 | 36 |
#define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \ |
37 | 37 |
LIBAVFORMAT_VERSION_MINOR, \ |