/* Generate crypto attribute, including crypto key.
* If crypto-suite chosen is crypto NULL, just return PJ_SUCCESS,
* and set buffer_len = 0.
*/
static pj_status_t generate_crypto_attr_value(pj_pool_t *pool,
char *buffer, int *buffer_len,
pjmedia_srtp_crypto *crypto,
int tag)
{
pj_status_t status;
int cs_idx = get_crypto_idx(&crypto->name);
char b64_key[PJ_BASE256_TO_BASE64_LEN(MAX_KEY_LEN)+1];
int b64_key_len = sizeof(b64_key);
if (cs_idx == -1)
return PJMEDIA_SRTP_ENOTSUPCRYPTO;
/* Crypto-suite NULL. */
if (cs_idx == 0) {
*buffer_len = 0;
return PJ_SUCCESS;
}
/* Generate key if not specified. */
if (crypto->key.slen == 0) {
pj_bool_t key_ok;
char key[MAX_KEY_LEN];
err_status_t err;
unsigned i;
PJ_ASSERT_RETURN(MAX_KEY_LEN >= crypto_suites[cs_idx].cipher_key_len,
PJ_ETOOSMALL);
do {
key_ok = PJ_TRUE;
err = crypto_get_random((unsigned char*)key,
crypto_suites[cs_idx].cipher_key_len);
if (err != err_status_ok) {
PJ_LOG(5,(THIS_FILE, "Failed generating random key: %s",
get_libsrtp_errstr(err)));
return PJMEDIA_ERRNO_FROM_LIBSRTP(err);
}
for (i=0; i<crypto_suites[cs_idx].cipher_key_len && key_ok; ++i)
if (key[i] == 0) key_ok = PJ_FALSE;
} while (!key_ok);
crypto->key.ptr = (char*)
pj_pool_zalloc(pool,
crypto_suites[cs_idx].cipher_key_len);
pj_memcpy(crypto->key.ptr, key, crypto_suites[cs_idx].cipher_key_len);
crypto->key.slen = crypto_suites[cs_idx].cipher_key_len;
}
if (crypto->key.slen != (pj_ssize_t)crypto_suites[cs_idx].cipher_key_len)
return PJMEDIA_SRTP_EINKEYLEN;
/* Key transmitted via SDP should be base64 encoded. */
status = pj_base64_encode((pj_uint8_t*)crypto->key.ptr, crypto->key.slen,
b64_key, &b64_key_len);
if (status != PJ_SUCCESS) {
PJ_LOG(5,(THIS_FILE, "Failed encoding plain key to base64"));
return status;
}
b64_key[b64_key_len] = '\0';
PJ_ASSERT_RETURN(*buffer_len >= (crypto->name.slen + \
b64_key_len + 16), PJ_ETOOSMALL);
/* Print the crypto attribute value. */
*buffer_len = pj_ansi_snprintf(buffer, *buffer_len, "%d %s inline:%s",
tag,
crypto_suites[cs_idx].name,
b64_key);
return PJ_SUCCESS;
}
/*
* Create MD5-AKA1 digest response.
*/
PJ_DEF(pj_status_t) pjsip_auth_create_aka_response(
pj_pool_t *pool,
const pjsip_digest_challenge*chal,
const pjsip_cred_info *cred,
const pj_str_t *method,
pjsip_digest_credential *auth)
{
pj_str_t nonce_bin;
int aka_version;
const pj_str_t pjsip_AKAv1_MD5 = { "AKAv1-MD5", 9 };
const pj_str_t pjsip_AKAv2_MD5 = { "AKAv2-MD5", 9 };
pj_uint8_t *chal_rand, *chal_sqnxoraka, *chal_mac;
pj_uint8_t k[PJSIP_AKA_KLEN];
pj_uint8_t op[PJSIP_AKA_OPLEN];
pj_uint8_t amf[PJSIP_AKA_AMFLEN];
pj_uint8_t res[PJSIP_AKA_RESLEN];
pj_uint8_t ck[PJSIP_AKA_CKLEN];
pj_uint8_t ik[PJSIP_AKA_IKLEN];
pj_uint8_t ak[PJSIP_AKA_AKLEN];
pj_uint8_t sqn[PJSIP_AKA_SQNLEN];
pj_uint8_t xmac[PJSIP_AKA_MACLEN];
pjsip_cred_info aka_cred;
int i, len;
pj_status_t status;
/* Check the algorithm is supported. */
if (chal->algorithm.slen==0 || pj_stricmp2(&chal->algorithm, "md5") == 0) {
/*
* A normal MD5 authentication is requested. Fallbackt to the usual
* MD5 digest creation.
*/
pjsip_auth_create_digest(&auth->response, &auth->nonce, &auth->nc,
&auth->cnonce, &auth->qop, &auth->uri,
&auth->realm, cred, method);
return PJ_SUCCESS;
} else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv1_MD5) == 0) {
/*
* AKA version 1 is requested.
*/
aka_version = 1;
} else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv2_MD5) == 0) {
/*
* AKA version 2 is requested.
*/
aka_version = 2;
} else {
/* Unsupported algorithm */
return PJSIP_EINVALIDALGORITHM;
}
/* Decode nonce */
nonce_bin.slen = len = PJ_BASE64_TO_BASE256_LEN(chal->nonce.slen);
nonce_bin.ptr = pj_pool_alloc(pool, nonce_bin.slen + 1);
status = pj_base64_decode(&chal->nonce, (pj_uint8_t*)nonce_bin.ptr, &len);
nonce_bin.slen = len;
if (status != PJ_SUCCESS)
return PJSIP_EAUTHINNONCE;
if (nonce_bin.slen < PJSIP_AKA_RANDLEN + PJSIP_AKA_AUTNLEN)
return PJSIP_EAUTHINNONCE;
/* Get RAND, AUTN, and MAC */
chal_rand = (pj_uint8_t*)(nonce_bin.ptr + 0);
chal_sqnxoraka = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN);
chal_mac = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN +
PJSIP_AKA_SQNLEN + PJSIP_AKA_AMFLEN);
/* Copy k. op, and amf */
pj_bzero(k, sizeof(k));
pj_bzero(op, sizeof(op));
pj_bzero(amf, sizeof(amf));
if (cred->ext.aka.k.slen)
pj_memcpy(k, cred->ext.aka.k.ptr, cred->ext.aka.k.slen);
if (cred->ext.aka.op.slen)
pj_memcpy(op, cred->ext.aka.op.ptr, cred->ext.aka.op.slen);
if (cred->ext.aka.amf.slen)
pj_memcpy(amf, cred->ext.aka.amf.ptr, cred->ext.aka.amf.slen);
/* Given key K and random challenge RAND, compute response RES,
* confidentiality key CK, integrity key IK and anonymity key AK.
*/
f2345(k, chal_rand, res, ck, ik, ak, op);
/* Compute sequence number SQN */
for (i=0; i<PJSIP_AKA_SQNLEN; ++i)
sqn[i] = (pj_uint8_t) (chal_sqnxoraka[i] ^ ak[i]);
/* Verify MAC in the challenge */
/* Compute XMAC */
f1(k, chal_rand, sqn, amf, xmac, op);
if (pj_memcmp(chal_mac, xmac, PJSIP_AKA_MACLEN) != 0) {
return PJSIP_EAUTHINNONCE;
}
/* Build a temporary credential info to create MD5 digest, using
* "res" as the password.
*/
pj_memcpy(&aka_cred, cred, sizeof(aka_cred));
aka_cred.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
/* Create a response */
if (aka_version == 1) {
/*
* For AKAv1, the password is RES
*/
aka_cred.data.ptr = (char*)res;
aka_cred.data.slen = PJSIP_AKA_RESLEN;
pjsip_auth_create_digest(&auth->response, &chal->nonce,
&auth->nc, &auth->cnonce, &auth->qop,
&auth->uri, &chal->realm, &aka_cred, method);
} else if (aka_version == 2) {
/*
* For AKAv2, password is base64 encoded [1] parameters:
* PRF(RES||IK||CK,"http-digest-akav2-password")
*
* The pseudo-random function (PRF) is HMAC-MD5 in this case.
*/
pj_str_t resikck;
const pj_str_t AKAv2_Passwd = { "http-digest-akav2-password", 26 };
pj_uint8_t hmac_digest[16];
char tmp_buf[48];
int hmac64_len;
resikck.slen = PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN + PJSIP_AKA_CKLEN;
pj_assert(resikck.slen <= PJ_ARRAY_SIZE(tmp_buf));
resikck.ptr = tmp_buf;
pj_memcpy(resikck.ptr + 0, res, PJSIP_AKA_RESLEN);
pj_memcpy(resikck.ptr + PJSIP_AKA_RESLEN, ik, PJSIP_AKA_IKLEN);
pj_memcpy(resikck.ptr + PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN,
ck, PJSIP_AKA_CKLEN);
pj_hmac_md5((const pj_uint8_t*)AKAv2_Passwd.ptr, AKAv2_Passwd.slen,
(const pj_uint8_t*)resikck.ptr, resikck.slen,
hmac_digest);
aka_cred.data.slen = hmac64_len =
PJ_BASE256_TO_BASE64_LEN(PJ_ARRAY_SIZE(hmac_digest));
pj_assert(aka_cred.data.slen+1 <= PJ_ARRAY_SIZE(tmp_buf));
aka_cred.data.ptr = tmp_buf;
pj_base64_encode(hmac_digest, PJ_ARRAY_SIZE(hmac_digest),
aka_cred.data.ptr, &len);
aka_cred.data.slen = hmac64_len;
pjsip_auth_create_digest(&auth->response, &chal->nonce,
&auth->nc, &auth->cnonce, &auth->qop,
&auth->uri, &chal->realm, &aka_cred, method);
} else {
pj_assert(!"Bug!");
return PJ_EBUG;
}
/* Done */
return PJ_SUCCESS;
}
/*
* Initialize and start SRTP session with the given parameters.
*/
PJ_DEF(pj_status_t) pjmedia_transport_srtp_start(
pjmedia_transport *tp,
const pjmedia_srtp_crypto *tx,
const pjmedia_srtp_crypto *rx)
{
transport_srtp *srtp = (transport_srtp*) tp;
srtp_policy_t tx_;
srtp_policy_t rx_;
err_status_t err;
int cr_tx_idx = 0;
int au_tx_idx = 0;
int cr_rx_idx = 0;
int au_rx_idx = 0;
pj_status_t status = PJ_SUCCESS;
PJ_ASSERT_RETURN(tp && tx && rx, PJ_EINVAL);
pj_lock_acquire(srtp->mutex);
if (srtp->session_inited) {
pjmedia_transport_srtp_stop(tp);
}
/* Get encryption and authentication method */
cr_tx_idx = au_tx_idx = get_crypto_idx(&tx->name);
if (tx->flags & PJMEDIA_SRTP_NO_ENCRYPTION)
cr_tx_idx = 0;
if (tx->flags & PJMEDIA_SRTP_NO_AUTHENTICATION)
au_tx_idx = 0;
cr_rx_idx = au_rx_idx = get_crypto_idx(&rx->name);
if (rx->flags & PJMEDIA_SRTP_NO_ENCRYPTION)
cr_rx_idx = 0;
if (rx->flags & PJMEDIA_SRTP_NO_AUTHENTICATION)
au_rx_idx = 0;
/* Check whether the crypto-suite requested is supported */
if (cr_tx_idx == -1 || cr_rx_idx == -1 || au_tx_idx == -1 ||
au_rx_idx == -1)
{
status = PJMEDIA_SRTP_ENOTSUPCRYPTO;
goto on_return;
}
/* If all options points to 'NULL' method, just bypass SRTP */
if (cr_tx_idx == 0 && cr_rx_idx == 0 && au_tx_idx == 0 && au_rx_idx == 0) {
srtp->bypass_srtp = PJ_TRUE;
goto on_return;
}
/* Check key length */
if (tx->key.slen != (pj_ssize_t)crypto_suites[cr_tx_idx].cipher_key_len ||
rx->key.slen != (pj_ssize_t)crypto_suites[cr_rx_idx].cipher_key_len)
{
status = PJMEDIA_SRTP_EINKEYLEN;
goto on_return;
}
/* Init transmit direction */
pj_bzero(&tx_, sizeof(srtp_policy_t));
pj_memmove(srtp->tx_key, tx->key.ptr, tx->key.slen);
if (cr_tx_idx && au_tx_idx)
tx_.rtp.sec_serv = sec_serv_conf_and_auth;
else if (cr_tx_idx)
tx_.rtp.sec_serv = sec_serv_conf;
else if (au_tx_idx)
tx_.rtp.sec_serv = sec_serv_auth;
else
tx_.rtp.sec_serv = sec_serv_none;
tx_.key = (uint8_t*)srtp->tx_key;
tx_.ssrc.type = ssrc_any_outbound;
tx_.ssrc.value = 0;
tx_.rtp.cipher_type = crypto_suites[cr_tx_idx].cipher_type;
tx_.rtp.cipher_key_len = crypto_suites[cr_tx_idx].cipher_key_len;
tx_.rtp.auth_type = crypto_suites[au_tx_idx].auth_type;
tx_.rtp.auth_key_len = crypto_suites[au_tx_idx].auth_key_len;
tx_.rtp.auth_tag_len = crypto_suites[au_tx_idx].srtp_auth_tag_len;
tx_.rtcp = tx_.rtp;
tx_.rtcp.auth_tag_len = crypto_suites[au_tx_idx].srtcp_auth_tag_len;
tx_.next = NULL;
err = srtp_create(&srtp->srtp_tx_ctx, &tx_);
if (err != err_status_ok) {
status = PJMEDIA_ERRNO_FROM_LIBSRTP(err);
goto on_return;
}
srtp->tx_policy = *tx;
pj_strset(&srtp->tx_policy.key, srtp->tx_key, tx->key.slen);
srtp->tx_policy.name=pj_str(crypto_suites[get_crypto_idx(&tx->name)].name);
/* Init receive direction */
pj_bzero(&rx_, sizeof(srtp_policy_t));
pj_memmove(srtp->rx_key, rx->key.ptr, rx->key.slen);
if (cr_rx_idx && au_rx_idx)
rx_.rtp.sec_serv = sec_serv_conf_and_auth;
else if (cr_rx_idx)
rx_.rtp.sec_serv = sec_serv_conf;
else if (au_rx_idx)
rx_.rtp.sec_serv = sec_serv_auth;
else
rx_.rtp.sec_serv = sec_serv_none;
rx_.key = (uint8_t*)srtp->rx_key;
rx_.ssrc.type = ssrc_any_inbound;
rx_.ssrc.value = 0;
rx_.rtp.sec_serv = crypto_suites[cr_rx_idx].service;
rx_.rtp.cipher_type = crypto_suites[cr_rx_idx].cipher_type;
rx_.rtp.cipher_key_len = crypto_suites[cr_rx_idx].cipher_key_len;
rx_.rtp.auth_type = crypto_suites[au_rx_idx].auth_type;
rx_.rtp.auth_key_len = crypto_suites[au_rx_idx].auth_key_len;
rx_.rtp.auth_tag_len = crypto_suites[au_rx_idx].srtp_auth_tag_len;
rx_.rtcp = rx_.rtp;
rx_.rtcp.auth_tag_len = crypto_suites[au_rx_idx].srtcp_auth_tag_len;
rx_.next = NULL;
err = srtp_create(&srtp->srtp_rx_ctx, &rx_);
if (err != err_status_ok) {
srtp_dealloc(srtp->srtp_tx_ctx);
status = PJMEDIA_ERRNO_FROM_LIBSRTP(err);
goto on_return;
}
srtp->rx_policy = *rx;
pj_strset(&srtp->rx_policy.key, srtp->rx_key, rx->key.slen);
srtp->rx_policy.name=pj_str(crypto_suites[get_crypto_idx(&rx->name)].name);
/* Declare SRTP session initialized */
srtp->session_inited = PJ_TRUE;
/* Logging stuffs */
#if PJ_LOG_MAX_LEVEL >= 5
{
char b64[PJ_BASE256_TO_BASE64_LEN(MAX_KEY_LEN)];
int b64_len;
/* TX crypto and key */
b64_len = sizeof(b64);
status = pj_base64_encode((pj_uint8_t*)tx->key.ptr, tx->key.slen,
b64, &b64_len);
if (status != PJ_SUCCESS)
b64_len = pj_ansi_sprintf(b64, "--key too long--");
else
b64[b64_len] = '\0';
PJ_LOG(5, (srtp->pool->obj_name, "TX: %s key=%s",
srtp->tx_policy.name.ptr, b64));
if (srtp->tx_policy.flags) {
PJ_LOG(5,(srtp->pool->obj_name, "TX: disable%s%s",
(cr_tx_idx?"":" enc"),
(au_tx_idx?"":" auth")));
}
/* RX crypto and key */
b64_len = sizeof(b64);
status = pj_base64_encode((pj_uint8_t*)rx->key.ptr, rx->key.slen,
b64, &b64_len);
if (status != PJ_SUCCESS)
b64_len = pj_ansi_sprintf(b64, "--key too long--");
else
b64[b64_len] = '\0';
PJ_LOG(5, (srtp->pool->obj_name, "RX: %s key=%s",
srtp->rx_policy.name.ptr, b64));
if (srtp->rx_policy.flags) {
PJ_LOG(5,(srtp->pool->obj_name,"RX: disable%s%s",
(cr_rx_idx?"":" enc"),
(au_rx_idx?"":" auth")));
}
}
#endif
on_return:
pj_lock_release(srtp->mutex);
return status;
}
