err_status_t
srtp_validate() {
unsigned char test_key[30] = {
0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
};
uint8_t srtp_plaintext_ref[28] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab
};
uint8_t srtp_plaintext[38] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
uint8_t srtp_ciphertext[38] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
};
srtp_t srtp_snd, srtp_recv;
err_status_t status;
int len;
srtp_policy_t policy;
/*
* create a session with a single stream using the default srtp
* policy and with the SSRC value 0xcafebabe
*/
crypto_policy_set_rtp_default(&policy.rtp);
crypto_policy_set_rtcp_default(&policy.rtcp);
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = 0xcafebabe;
policy.key = test_key;
policy.next = NULL;
status = srtp_create(&srtp_snd, &policy);
if (status)
return status;
/*
* protect plaintext, then compare with ciphertext
*/
len = 28;
status = srtp_protect(srtp_snd, srtp_plaintext, &len);
if (status || (len != 38))
return err_status_fail;
debug_print(mod_driver, "ciphertext:\n %s",
octet_string_hex_string(srtp_plaintext, len));
debug_print(mod_driver, "ciphertext reference:\n %s",
octet_string_hex_string(srtp_ciphertext, len));
if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
return err_status_fail;
/*
* create a receiver session context comparable to the one created
* above - we need to do this so that the replay checking doesn't
* complain
*/
status = srtp_create(&srtp_recv, &policy);
if (status)
return status;
/*
* unprotect ciphertext, then compare with plaintext
*/
status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
if (status || (len != 28))
return status;
if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
return err_status_fail;
return err_status_ok;
}
static pj_status_t transport_send_rtp( pjmedia_transport *tp,
const void *pkt,
pj_size_t size)
{
pj_status_t status;
transport_srtp *srtp = (transport_srtp*) tp;
int len = size;
err_status_t err;
if (srtp->bypass_srtp)
return pjmedia_transport_send_rtp(srtp->member_tp, pkt, size);
if (!srtp->session_inited)
return PJ_SUCCESS;
if (size > sizeof(srtp->rtp_tx_buffer))
return PJ_ETOOBIG;
pj_memcpy(srtp->rtp_tx_buffer, pkt, size);
pj_lock_acquire(srtp->mutex);
err = srtp_protect(srtp->srtp_tx_ctx, srtp->rtp_tx_buffer, &len);
pj_lock_release(srtp->mutex);
if (err == err_status_ok) {
status = pjmedia_transport_send_rtp(srtp->member_tp, srtp->rtp_tx_buffer, len);
} else {
status = PJMEDIA_ERRNO_FROM_LIBSRTP(err);
}
return status;
}
double
srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) {
srtp_t srtp;
srtp_hdr_t *mesg;
int i;
clock_t timer;
int num_trials = 100000;
int len;
uint32_t ssrc;
err_status_t status;
/*
* allocate and initialize an srtp session
*/
status = srtp_create(&srtp, policy);
if (status) {
printf("error: srtp_create() failed with error code %d\n", status);
exit(1);
}
/*
* if the ssrc is unspecified, use a predetermined one
*/
if (policy->ssrc.type != ssrc_specific) {
ssrc = 0xdeadbeef;
} else {
ssrc = policy->ssrc.value;
}
/*
* create a test packet
*/
mesg = srtp_create_test_packet(msg_len_octets, ssrc);
if (mesg == NULL)
return 0.0; /* indicate failure by returning zero */
timer = clock();
for (i=0; i < num_trials; i++) {
err_status_t status;
len = msg_len_octets + 12; /* add in rtp header length */
/* srtp protect message */
status = srtp_protect(srtp, mesg, &len);
if (status) {
printf("error: srtp_protect() failed with error code %d\n", status);
exit(1);
}
/* increment message number */
mesg->seq = htons(ntohs(mesg->seq) + 1);
}
timer = clock() - timer;
free(mesg);
return (double) (msg_len_octets) * 8 *
num_trials * CLOCKS_PER_SEC / timer;
}
srtpw_err_status_t srtpw_srtp_protect(srtpw_srtp_policy *p, srtpw_srtp *srtp, void *buf, int *len,int rtcp)
{
int res;
#ifdef DEBUG
srtpw_log(err_level_debug,"reference packet before protection:\n%s",
octet_string_hex_string((uint8_t *)buf, *len));
#endif
return (res = rtcp ? srtp_protect_rtcp((srtp_t)srtp, buf, len) : srtp_protect((srtp_t)srtp, buf, len));
}
void rtp_p(srtp_t srtp, struct mbuf *mb)
{
int err, len;
if(srtp) {
len = (int)mbuf_get_left(mb);
err = srtp_protect(srtp, mbuf_buf(mb), &len);
if(err)
printf("srtp failed %d\n", err);
mb->end = len;
}
}
static int srtp_sendto(RtpTransport *t, mblk_t *m, int flags, const struct sockaddr *to, socklen_t tolen){
srtp_t srtp=(srtp_t)t->data;
int slen;
err_status_t err;
/* enlarge the buffer for srtp to write its data */
msgpullup(m,msgdsize(m)+SRTP_PAD_BYTES);
slen=m->b_wptr-m->b_rptr;
err=srtp_protect(srtp,m->b_rptr,&slen);
if (err==err_status_ok){
return sendto(t->session->rtp.socket,m->b_rptr,slen,flags,to,tolen);
}
ortp_error("srtp_protect() failed");
return -1;
}
JNIEXPORT jint JNICALL Java_org_theonionphone_protocol_SrtpWrapper_wrapPayloadNative
(JNIEnv *env, jobject obj, jbyteArray packet) {
jbyte* packetNative = (*env)->GetPrimitiveArrayCritical(env, packet, NULL);
if(packetNative == NULL) {
return 1;
}
getNextPacketHeader(rtpContext, packetNative);
int packetLength = rtpPacketSize;
err_status_t status = srtp_protect((*srtpContextSend), packetNative, &packetLength);
(*env)->ReleasePrimitiveArrayCritical(env, packet, packetNative, 0);
return status;
}
int SrtpChannel::protectRtp(char* buffer, int *len) {
if (!active_)
return 0;
int val = srtp_protect(send_session_, buffer, len);
if (val == 0) {
return 0;
} else {
rtcpheader* head = reinterpret_cast<rtcpheader*>(buffer);
rtpheader* headrtp = reinterpret_cast<rtpheader*>(buffer);
ELOG_WARN("Error SrtpChannel::protectRtp %u packettype %d pt %d seqnum %u", val,head->packettype, headrtp->payloadtype, headrtp->seqnum);
return -1;
}
}
int
evrb_encrypt(void* local_ctx, void* data, size_t* len)
{
#ifdef USE_SRTP
int i;
if (local_ctx == NULL || ((EVRB_CRYPTO*)local_ctx)->srtp_session == NULL)
return -1;
if(i=srtp_protect(((EVRB_CRYPTO*)local_ctx)->srtp_session, data, (int*)len)) {
#ifndef NDEBUG
fprintf(stdout,"-srtp_protect-%i--\n",i);fflush(stdout);
#endif
return -1;
}
#endif
return 0;
}
nsresult SrtpFlow::ProtectRtp(void *in, int in_len,
int max_len, int *out_len) {
nsresult res = CheckInputs(true, in, in_len, max_len, out_len);
if (NS_FAILED(res))
return res;
int len = in_len;
err_status_t r = srtp_protect(session_, in, &len);
if (r != err_status_ok) {
MOZ_MTLOG(PR_LOG_ERROR, "Error protecting SRTP packet");
return NS_ERROR_FAILURE;
}
MOZ_ASSERT(len <= max_len);
*out_len = len;
MOZ_MTLOG(PR_LOG_DEBUG, "Successfully protected an SRTP packet of len " << *out_len);
return NS_OK;
}
static int our_srtp_encrypt (void *foo,
unsigned char *buffer,
unsigned int *len)
{
err_status_t err;
int retdata;
srtp_ctx_t *srtp_ctx = (srtp_ctx_t *)foo;
int i;
// our_srtp = (bills_srtp_t *)foo;
retdata = *len;
if (dump_pak) {
printf("rtp encrypt len = %d\n", *len);
for (i = 0; i < retdata; i++) {
printf("%02x ", buffer[i]);
if (((i + 1) % 12) == 0) printf("\n");
}
printf("\n");
}
err = srtp_protect(srtp_ctx,
(void *)buffer,
&retdata);
if (err != 0) {
printf("return from srtp_protect - value is %d", err);
return FALSE;
}
*len = retdata;
if (dump_pak) {
printf("\nprotected value\n");
for (i = 0; i < retdata; i++) {
printf("%02x ", buffer[i]);
if (((i + 1) % 12) == 0) printf("\n");
}
printf("\n");
}
return TRUE;
}
int
rtp_sendto(rtp_sender_t sender, const void* msg, int len) {
int octets_sent;
err_status_t stat;
int pkt_len = len + RTP_HEADER_LEN;
/* marshal data */
strncpy(sender->message.body, msg, len);
/* update header */
sender->message.header.seq = ntohs(sender->message.header.seq) + 1;
sender->message.header.seq = htons(sender->message.header.seq);
sender->message.header.ts = ntohl(sender->message.header.ts) + 1;
sender->message.header.ts = htonl(sender->message.header.ts);
/* apply srtp */
stat = srtp_protect(sender->srtp_ctx, &sender->message.header, &pkt_len);
if (stat) {
#if PRINT_DEBUG
fprintf(stderr, "error: srtp protection failed with code %d\n", stat);
#endif
return -1;
}
#if VERBOSE_DEBUG
srtp_print_packet(&sender->message.header, pkt_len);
#endif
octets_sent = sendto(sender->socket, (void*)&sender->message,
pkt_len, 0, (struct sockaddr *)&sender->addr,
sizeof (struct sockaddr_in));
if (octets_sent != pkt_len) {
#if PRINT_DEBUG
fprintf(stderr, "error: couldn't send message %s", (char *)msg);
perror("");
#endif
}
return octets_sent;
}
double
srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy) {
srtp_ctx_t *srtp;
srtp_hdr_t *mesg;
int i;
int len;
clock_t timer;
int num_trials = 1000000;
uint32_t ssrc = policy->ssrc.value;
err_status_t status;
/*
* allocate and initialize an srtp session
*/
status = srtp_create(&srtp, policy);
if (status) {
printf("error: srtp_create() failed with error code %d\n", status);
exit(1);
}
mesg = srtp_create_test_packet(msg_len_octets, ssrc);
if (mesg == NULL)
return 0.0; /* indicate failure by returning zero */
len = msg_len_octets;
srtp_protect(srtp, (srtp_hdr_t *)mesg, &len);
timer = clock();
for (i=0; i < num_trials; i++) {
len = msg_len_octets;
srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len);
}
timer = clock() - timer;
free(mesg);
return (double) num_trials * CLOCKS_PER_SEC / timer;
}
nsresult SrtpFlow::ProtectRtp(void *in, int in_len,
int max_len, int *out_len) {
nsresult res = CheckInputs(true, in, in_len, max_len, out_len);
if (NS_FAILED(res))
return res;
int len = in_len;
srtp_err_status_t r = srtp_protect(session_, in, &len);
if (r != srtp_err_status_ok) {
CSFLogError(LOGTAG, "Error protecting SRTP packet");
return NS_ERROR_FAILURE;
}
MOZ_ASSERT(len <= max_len);
*out_len = len;
CSFLogDebug(LOGTAG, "Successfully protected an SRTP packet of len %d",
*out_len);
return NS_OK;
}
static int ozrtp_generic_sendto(stream_type stream, RtpTransport *t, mblk_t *m, int flags, const struct sockaddr *to, socklen_t tolen){
int slen;
err_status_t err;
ortp_socket_t socket;
ZrtpContext *zrtpContext = (ZrtpContext*) t->data;
OrtpZrtpContext *userData = (OrtpZrtpContext*) zrtpContext->userData;
if (stream == rtp_stream) {
socket= t->session->rtp.socket;
} else {
socket= t->session->rtcp.socket;
}
if (userData->srtpSend == NULL || !zrtp_inState(zrtpContext, SecureState)) {
int size;
msgpullup(m,-1);
size=msgdsize(m);
return sendto(socket,(void*)m->b_rptr,size,flags,to,tolen);
}
slen=msgdsize(m);
// Protect with srtp
/* enlarge the buffer for srtp to write its data */
msgpullup(m,msgdsize(m)+SRTP_PAD_BYTES);
if (stream == rtp_stream) {
err=srtp_protect(userData->srtpSend,m->b_rptr,&slen);
} else {
err=srtp_protect_rtcp(userData->srtpSend,m->b_rptr,&slen);
}
if (err==err_status_ok){
return sendto(socket,(void*)m->b_rptr,slen,flags,to,tolen);
} else {
ortp_error("srtp_protect() failed with status %d", err);
}
return -1;
}
static bool send_handler(int *err, struct sa *dst, struct mbuf *mb, void *arg)
{
struct menc_st *st = arg;
err_status_t e;
int len;
(void)dst;
if (!st->use_srtp || !is_rtp_or_rtcp(mb))
return false;
len = (int)mbuf_get_left(mb);
if (mbuf_get_space(mb) < ((size_t)len + SRTP_MAX_TRAILER_LEN)) {
mbuf_resize(mb, mb->pos + len + SRTP_MAX_TRAILER_LEN);
}
if (is_rtcp_packet(mb)) {
e = srtp_protect_rtcp(st->srtp_tx, mbuf_buf(mb), &len);
}
else {
e = srtp_protect(st->srtp_tx, mbuf_buf(mb), &len);
}
if (err_status_ok != e) {
DEBUG_WARNING("send: failed to protect %s-packet"
" with %d bytes (%H)\n",
is_rtcp_packet(mb) ? "RTCP" : "RTP",
len, errstatus_print, e);
*err = EPROTO;
return false;
}
mbuf_set_end(mb, mb->pos + len);
return false; /* continue processing */
}
static void send(struct RTK_TRAP_profile *ptr, const void *ptr_data, uint32 data_len)
{
uint8 *tmp;
uint32 tos;
Tsudphdr *udphdr;
Tsiphdr *iphdr;
struct sk_buff *skb;
struct rtable *rt = NULL;
int rst;
//int i;
//struct dst_entry *dst = skb->dst;
//struct hh_cache *hh;
//struct neighbour *n;
#ifdef SUPPORT_VOICE_QOS
tos = ptr->tos;
#endif
#ifdef SUPPORT_DSCP
tos = rtp_tos;
#endif
// printk("enter send function\n");
//printk("profile: ip_dst = %x, ip_src = %x\n", ptr->ip_dst_addr, ptr->ip_src_addr);
/* ip_src_addr is destination address */
#ifdef CONFIG_RTK_VOIP_SRTP
err_status_t stat = 0;
#ifdef FEATURE_COP3_PROFILE
unsigned long flags;
save_flags(flags); cli();
ProfileEnterPoint(PROFILE_INDEX_TEMP);
#endif
/* apply srtp */
if (ptr->applySRTP){
#ifndef AUDIOCODES_VOIP
extern int rtcp_sid_offset;
//if((ptr->udp_dst_port == 9001) || (ptr->udp_dst_port == 9003) || (ptr->udp_dst_port == 9005) || (ptr->udp_dst_port == 9007)){
if(ptr->s_id >= rtcp_sid_offset){
#else
if(((ptr->s_id)%2) == 1 ){ // ACMW RTP sid = 2*CH, RTCP sid = 2*CH + 1
#endif
stat = srtp_protect_rtcp(ptr->tx_srtp_ctx, ptr_data, &data_len);
}
else{
stat = srtp_protect(ptr->tx_srtp_ctx, ptr_data, &data_len);
}
}
#ifdef FEATURE_COP3_PROFILE
ProfileExitPoint(PROFILE_INDEX_TEMP);
restore_flags(flags);
ProfilePerDump(PROFILE_INDEX_TEMP, 1000);
#endif
if (stat) {
printk("error: srtp protection failed with code %d\n", stat);
return;
}
#endif
// I: .7960 (.6416)
// D: .7806 (.2803)
{
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30))
struct flowi key = { .oif = 0, .flags = FLOWI_FLAG_ANYSRC, .nl_u = { .ip4_u = { .daddr = ptr->ip_src_addr,
.saddr = ptr->ip_dst_addr,
.tos = (uint32)(RT_TOS(tos)) }}};
extern struct net init_net;
if((rst = ip_route_output_key(&init_net, &rt, &key)))
#else
if((rst = ip_route_output(&rt, ptr->ip_src_addr, ptr->ip_dst_addr,(uint32)(RT_TOS(tos)), 0)))
#endif
// if(rst = ip_route_output(&rt, ptr->ip_src_addr, 0,(Tuint32)(RT_TOS(tos)), 0))
{
//printk("ip_route_output failed rst = %d\n", rst);
//printk("**rt = %x\n", *rt);
//printk("RTK_TRAP info: ip_dst_addr = %x, ip_src_addr = %x \n", ptr->ip_dst_addr, ptr->ip_src_addr);
printk("NR ");
//printk("TX err: %x->%x\n", ptr->ip_dst_addr, ptr->ip_src_addr);
return;
}
} // pkshih: avoid compiler warning
// I: .6438 (.4964)
// D: .6290 (.1713)
//skb = dev_alloc_skb(data_len + 20 + 8);
skb = alloc_skb(data_len+4+16 + 20 + 8, GFP_ATOMIC);
if (skb == NULL){
#if 1
printk("%s-%s(): alloc_skb failed:(%d)\n", __FILE__, __FUNCTION__, tx_skb_cnt);
#else
printk("send skb_alloc return NULL. Drop it.\n");
printk("final [%d] ", tx_skb_cnt);
cli();
while(1);
#endif
return ;
}
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0))
skb->sk = (void*)1; // for NAT
#endif
#if 0
skb_reserve(skb,4);
if(skb->data - skb->head >=4){
tx_skb_cnt+=1;
(*(int*)(skb->head)) = 0x81868711;
//printk("[%d] ", tx_skb_cnt);
#if 0
if(tx_skb_cnt > 127)
printk("[%d] ", tx_skb_cnt);
if(tx_skb_cnt ==500)
{
printk("while(1) due to tx_skb_cnt > 500\n");
while(1);
}
#endif
}
#endif
skb_reserve(skb,16);
//printk("skb_put before\n");
tmp = skb_put(skb, data_len + 20 + 8); //tmp = skb->data
//printk("******skb_put ok\n");
iphdr = (Tsiphdr *)tmp;
udphdr = (Tsudphdr *)(tmp+20);
/* ip */
iphdr->version = 4;
iphdr->ihl = 5;
iphdr->tos = tos; // TOS
iphdr->tot_len = htons(data_len + 8 + 20);
iphdr->id = 0;
iphdr->frag_off = 0;
iphdr->ttl = 0x40;
iphdr->protocol = 0x11;
iphdr->check = 0;
iphdr->saddr = ptr->ip_dst_addr;
iphdr->daddr = ptr->ip_src_addr;
iphdr->check = ip_fast_csum((uint8 *)(iphdr), 5);
/* udp */
udphdr->source = ptr->udp_dst_port;
udphdr->dest = ptr->udp_src_port;
udphdr->len = htons(data_len + 8);
udphdr->check = 0;
/* rtp */
memcpy(tmp+28, ptr_data, data_len);
#ifdef USE_DST_OUTPUT
//shlee, for 2.6.32
#if (LINUX_VERSION_CODE > KERNEL_VERSION(2,6,30))
skb_dst_set(skb, dst_clone(&rt->u.dst));
skb->dev = skb_dst(skb)->dev;
#else
skb->dst = dst_clone(&rt->u.dst);
skb->dev = (skb->dst)->dev;
#endif
#if (LINUX_VERSION_CODE > KERNEL_VERSION(2,6,21))
skb_reset_network_header(skb);
#else
skb->nh.iph = (struct iphdr*)(skb->data);
#endif
// Linux default qdisc pfifo has 3 queue (0,1,2). q0 is the highest priority,
// and skb->priority 6 and 7 will be put into queue 0.
skb->priority = 7;
//skb->dst->output(skb);
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30))
#define NF_IP_LOCAL_OUT 3
#endif
// I: 4.6239 (3.4241)
// D: 4.6088 (1.2092)
//shlee, for 2.6.32
#if (LINUX_VERSION_CODE > KERNEL_VERSION(2,6,30))
NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
skb_dst(skb)->output);
#else
NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
skb->dst->output);
#endif
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
ip_rt_put(rt);
#endif
return;
#else
skb->dst = &rt->u.dst;
skb->dev = (skb->dst)->dev;
/* ethernet */
dst = skb->dst;
hh = (skb->dst)->hh;
#if (LINUX_VERSION_CODE > KERNEL_VERSION(2,6,21))
skb_reset_network_header(skb);
#else
skb->nh.raw = skb->data;
#endif
/*
printk("neigh_lookup start\n");
printk("dst->neighbour->tbl = %x\n",(dst->neighbour)->tbl);
n = neigh_lookup(dst->neighbour->tbl, ptr->ip_src_addr, skb->dev);
printk("n = %x\n", n);
*/
#if 1
//printk("hh = %x\n", hh);
if (hh) {
read_lock_bh(&hh->hh_lock);
//for(i = 0;i<4;i++)
//printk("hh->hh_data[%d] = %08x\n", i, hh->hh_data[i] );
//printk("hh->hh_len =%d\n", hh->hh_len);
memcpy(skb->data - 16, hh->hh_data, 16);
read_unlock_bh(&hh->hh_lock);
skb_push(skb, hh->hh_len);
//printk("skb->dev = %x\n", skb->dev);
//printk("skb->dev->name = %s\n", skb->dev->name);
//printk("hh_output = %x\n", hh->hh_output);
//hh->hh_output(skb);
skb->dev->hard_start_xmit(skb, skb->dev);
//printk("hh_output\n");
//return hh->hh_output(skb);
} else if (dst->neighbour) {
//printk("arp\n");
#if 0
printk("dst->neighbour->output = %x\n",dst->neighbour->output);
printk("skb->len = %x\n",skb->len);
printk("skb->dev = %x\n", skb->dev);
printk("skb->dev->name = %s\n", skb->dev->name);
#endif
dst->neighbour->output(skb);
//printk("dst->neighbour->output\n");
//return dst->neighbour->output(skb);
}
#endif
#if 0
printk("(skb->dst)->hh = %x\n", (skb->dst)->hh);
memcpy(tmp - 2, ((skb->dst)->hh)->hh_data, 16);
dev_queue_xmit (skb);
#endif
//printk("finidsh send\n");
return;
#endif /* USE_DST_OUTPUT */
}
#if defined (AUDIOCODES_VOIP)
void rtp_send_aux(uint32 ip_src_addr, uint32 ip_dst_addr, uint16 udp_src_port, uint16 udp_dst_port, void *ptr_data, uint32 data_len)
{
struct RTK_TRAP_profile rtkTrapPrf;
rtkTrapPrf.ip_dst_addr = ip_dst_addr;
rtkTrapPrf.ip_src_addr = ip_src_addr;
rtkTrapPrf.udp_dst_port = udp_dst_port;
rtkTrapPrf.udp_src_port = udp_src_port;
rtkTrapPrf.rtk_trap_callback = NULL;
rtkTrapPrf.next = NULL;
send(&rtkTrapPrf, ptr_data, data_len);
}
#endif
//====================================================================================//
#ifdef RTP_SNED_TASKLET
void rtp_send_2(unsigned long *dummy)
{
unsigned char chid;
unsigned long flags;
//unsigned char rtp_w_now[MAX_VOIP_CH_NUM], pload_w_now[MAX_VOIP_CH_NUM];
//static unsigned char cnt=0;
for (chid=0; chid < DSP_CH_NUM; chid++)
{
//rtp_w_now[chid]= rtp_w[chid];
//pload_w_now[chid]=pload_w[chid];
//printk("%s-%d\n",__FUNCTION__, __LINE__);
//if ( (rtp_r[chid] == rtp_w_now[chid]) && (pload_r[chid] == pload_w_now[chid]) )
// printk("RTP SNED & Payload FIFO Empty\n");
//else
//{
//while (!((rtp_r[chid] == rtp_w_now[chid]) && ( pload_r[chid] == pload_w_now[chid])))
while (!((rtp_r[chid] == rtp_w[chid]) && ( pload_r[chid] == pload_w[chid])))
{
//printk("%s-%d\n",__FUNCTION__, __LINE__);
send(&Rtp_send[chid][rtp_r[chid]], &Rtp_fifo[chid][pload_r[chid] * 512], pload_len);
//printk("%s-%d\n",__FUNCTION__, __LINE__);
save_flags(flags); cli();
rtp_r[chid] = (rtp_r[chid] + 1)%FIFO_NUM;
pload_r[chid] = (pload_r[chid] + 1)%FIFO_NUM;
restore_flags(flags);
if (rtp_r[chid]!=pload_r[chid])
printk("Error!! rtp_r!=pload_r\n");
}
//if (cnt >= 2)
//printk("%d ", cnt);
//cnt=0;
//}
}
}
srtp_err_status_t
test_dtls_srtp(void) {
srtp_hdr_t *test_packet;
int test_packet_len = 80;
srtp_t s;
srtp_policy_t policy;
uint8_t key[SRTP_MAX_KEY_LEN];
uint8_t salt[SRTP_MAX_KEY_LEN];
unsigned int key_len, salt_len;
srtp_profile_t profile;
srtp_err_status_t err;
/* create a 'null' SRTP session */
err = srtp_create(&s, NULL);
if (err)
return err;
/*
* verify that packet-processing functions behave properly - we
* expect that these functions will return srtp_err_status_no_ctx
*/
test_packet = srtp_create_test_packet(80, 0xa5a5a5a5);
if (test_packet == NULL)
return srtp_err_status_alloc_fail;
err = srtp_protect(s, test_packet, &test_packet_len);
if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_protect() (got code %d)\n",
err);
return srtp_err_status_fail;
}
err = srtp_unprotect(s, test_packet, &test_packet_len);
if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_unprotect() (got code %d)\n",
err);
return srtp_err_status_fail;
}
err = srtp_protect_rtcp(s, test_packet, &test_packet_len);
if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_protect_rtcp() (got code %d)\n",
err);
return srtp_err_status_fail;
}
err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len);
if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n",
err);
return srtp_err_status_fail;
}
/*
* set keys to known values for testing
*/
profile = srtp_profile_aes128_cm_sha1_80;
key_len = srtp_profile_get_master_key_length(profile);
salt_len = srtp_profile_get_master_salt_length(profile);
memset(key, 0xff, key_len);
memset(salt, 0xee, salt_len);
srtp_append_salt_to_key(key, key_len, salt, salt_len);
policy.key = key;
/* initialize SRTP policy from profile */
err = srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile);
if (err) return err;
err = srtp_crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile);
if (err) return err;
policy.ssrc.type = ssrc_any_inbound;
policy.ekt = NULL;
policy.window_size = 128;
policy.allow_repeat_tx = 0;
policy.next = NULL;
err = srtp_add_stream(s, &policy);
if (err)
return err;
err = srtp_dealloc(s);
if (err)
return err;
free(test_packet);
return srtp_err_status_ok;
}
err_status_t
srtp_test(const srtp_policy_t *policy) {
int i;
srtp_t srtp_sender;
srtp_t srtp_rcvr;
err_status_t status = err_status_ok;
srtp_hdr_t *hdr, *hdr2;
uint8_t hdr_enc[64];
uint8_t *pkt_end;
int msg_len_octets, msg_len_enc;
int len;
int tag_length = policy->rtp.auth_tag_len;
uint32_t ssrc;
srtp_policy_t *rcvr_policy;
err_check(srtp_create(&srtp_sender, policy));
/* print out policy */
err_check(srtp_session_print_policy(srtp_sender));
/*
* initialize data buffer, using the ssrc in the policy unless that
* value is a wildcard, in which case we'll just use an arbitrary
* one
*/
if (policy->ssrc.type != ssrc_specific)
ssrc = 0xdecafbad;
else
ssrc = policy->ssrc.value;
msg_len_octets = 28;
hdr = srtp_create_test_packet(msg_len_octets, ssrc);
if (hdr == NULL)
return err_status_alloc_fail;
hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
if (hdr2 == NULL) {
free(hdr);
return err_status_alloc_fail;
}
/* set message length */
len = msg_len_octets;
debug_print(mod_driver, "before protection:\n%s",
srtp_packet_to_string(hdr, len));
#if PRINT_REFERENCE_PACKET
debug_print(mod_driver, "reference packet before protection:\n%s",
octet_string_hex_string((uint8_t *)hdr, len));
#endif
err_check(srtp_protect(srtp_sender, hdr, &len));
debug_print(mod_driver, "after protection:\n%s",
srtp_packet_to_string(hdr, len));
#if PRINT_REFERENCE_PACKET
debug_print(mod_driver, "after protection:\n%s",
octet_string_hex_string((uint8_t *)hdr, len));
#endif
/* save protected message and length */
memcpy(hdr_enc, hdr, len);
msg_len_enc = len;
/*
* check for overrun of the srtp_protect() function
*
* The packet is followed by a value of 0xfffff; if the value of the
* data following the packet is different, then we know that the
* protect function is overwriting the end of the packet.
*/
pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t)
+ msg_len_octets + tag_length;
for (i = 0; i < 4; i++)
if (pkt_end[i] != 0xff) {
fprintf(stdout, "overwrite in srtp_protect() function "
"(expected %x, found %x in trailing octet %d)\n",
0xff, ((uint8_t *)hdr)[i], i);
free(hdr);
free(hdr2);
return err_status_algo_fail;
}
/*
* if the policy includes confidentiality, check that ciphertext is
* different than plaintext
*
* Note that this check will give false negatives, with some small
* probability, especially if the packets are short. For that
* reason, we skip this check if the plaintext is less than four
* octets long.
*/
if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
printf("testing that ciphertext is distinct from plaintext...");
status = err_status_algo_fail;
for (i=12; i < msg_len_octets+12; i++)
if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
status = err_status_ok;
}
if (status) {
printf("failed\n");
free(hdr);
free(hdr2);
return status;
}
printf("passed\n");
}
/*
* if the policy uses a 'wildcard' ssrc, then we need to make a copy
* of the policy that changes the direction to inbound
*
* we always copy the policy into the rcvr_policy, since otherwise
* the compiler would fret about the constness of the policy
*/
rcvr_policy = malloc(sizeof(srtp_policy_t));
if (rcvr_policy == NULL)
return err_status_alloc_fail;
memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
if (policy->ssrc.type == ssrc_any_outbound) {
rcvr_policy->ssrc.type = ssrc_any_inbound;
}
err_check(srtp_create(&srtp_rcvr, rcvr_policy));
err_check(srtp_unprotect(srtp_rcvr, hdr, &len));
debug_print(mod_driver, "after unprotection:\n%s",
srtp_packet_to_string(hdr, len));
/* verify that the unprotected packet matches the origial one */
for (i=0; i < msg_len_octets; i++)
if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
fprintf(stdout, "mismatch at octet %d\n", i);
status = err_status_algo_fail;
}
if (status) {
free(hdr);
free(hdr2);
return status;
}
/*
* if the policy includes authentication, then test for false positives
*/
if (policy->rtp.sec_serv & sec_serv_auth) {
char *data = ((char *)hdr) + 12;
printf("testing for false positives in replay check...");
/* set message length */
len = msg_len_enc;
/* unprotect a second time - should fail with a replay error */
status = srtp_unprotect(srtp_rcvr, hdr_enc, &len);
if (status != err_status_replay_fail) {
printf("failed with error code %d\n", status);
free(hdr);
free(hdr2);
return status;
} else {
printf("passed\n");
}
printf("testing for false positives in auth check...");
/* increment sequence number in header */
hdr->seq++;
/* set message length */
len = msg_len_octets;
/* apply protection */
err_check(srtp_protect(srtp_sender, hdr, &len));
/* flip bits in packet */
data[0] ^= 0xff;
/* unprotect, and check for authentication failure */
status = srtp_unprotect(srtp_rcvr, hdr, &len);
if (status != err_status_auth_fail) {
printf("failed\n");
free(hdr);
free(hdr2);
return status;
} else {
printf("passed\n");
}
}
err_check(srtp_dealloc(srtp_sender));
err_check(srtp_dealloc(srtp_rcvr));
free(hdr);
free(hdr2);
return err_status_ok;
}
