err_status_t srtp_validate() { unsigned char test_key[30] = { 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 }; uint8_t srtp_plaintext_ref[28] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab }; uint8_t srtp_plaintext[38] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t srtp_ciphertext[38] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c, 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15, 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc, 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb }; srtp_t srtp_snd, srtp_recv; err_status_t status; int len; srtp_policy_t policy; /* * create a session with a single stream using the default srtp * policy and with the SSRC value 0xcafebabe */ crypto_policy_set_rtp_default(&policy.rtp); crypto_policy_set_rtcp_default(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key; policy.next = NULL; status = srtp_create(&srtp_snd, &policy); if (status) return status; /* * protect plaintext, then compare with ciphertext */ len = 28; status = srtp_protect(srtp_snd, srtp_plaintext, &len); if (status || (len != 38)) return err_status_fail; debug_print(mod_driver, "ciphertext:\n %s", octet_string_hex_string(srtp_plaintext, len)); debug_print(mod_driver, "ciphertext reference:\n %s", octet_string_hex_string(srtp_ciphertext, len)); if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) return err_status_fail; /* * create a receiver session context comparable to the one created * above - we need to do this so that the replay checking doesn't * complain */ status = srtp_create(&srtp_recv, &policy); if (status) return status; /* * unprotect ciphertext, then compare with plaintext */ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); if (status || (len != 28)) return status; if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) return err_status_fail; return err_status_ok; }
static pj_status_t transport_send_rtp( pjmedia_transport *tp, const void *pkt, pj_size_t size) { pj_status_t status; transport_srtp *srtp = (transport_srtp*) tp; int len = size; err_status_t err; if (srtp->bypass_srtp) return pjmedia_transport_send_rtp(srtp->member_tp, pkt, size); if (!srtp->session_inited) return PJ_SUCCESS; if (size > sizeof(srtp->rtp_tx_buffer)) return PJ_ETOOBIG; pj_memcpy(srtp->rtp_tx_buffer, pkt, size); pj_lock_acquire(srtp->mutex); err = srtp_protect(srtp->srtp_tx_ctx, srtp->rtp_tx_buffer, &len); pj_lock_release(srtp->mutex); if (err == err_status_ok) { status = pjmedia_transport_send_rtp(srtp->member_tp, srtp->rtp_tx_buffer, len); } else { status = PJMEDIA_ERRNO_FROM_LIBSRTP(err); } return status; }
double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) { srtp_t srtp; srtp_hdr_t *mesg; int i; clock_t timer; int num_trials = 100000; int len; uint32_t ssrc; err_status_t status; /* * allocate and initialize an srtp session */ status = srtp_create(&srtp, policy); if (status) { printf("error: srtp_create() failed with error code %d\n", status); exit(1); } /* * if the ssrc is unspecified, use a predetermined one */ if (policy->ssrc.type != ssrc_specific) { ssrc = 0xdeadbeef; } else { ssrc = policy->ssrc.value; } /* * create a test packet */ mesg = srtp_create_test_packet(msg_len_octets, ssrc); if (mesg == NULL) return 0.0; /* indicate failure by returning zero */ timer = clock(); for (i=0; i < num_trials; i++) { err_status_t status; len = msg_len_octets + 12; /* add in rtp header length */ /* srtp protect message */ status = srtp_protect(srtp, mesg, &len); if (status) { printf("error: srtp_protect() failed with error code %d\n", status); exit(1); } /* increment message number */ mesg->seq = htons(ntohs(mesg->seq) + 1); } timer = clock() - timer; free(mesg); return (double) (msg_len_octets) * 8 * num_trials * CLOCKS_PER_SEC / timer; }
srtpw_err_status_t srtpw_srtp_protect(srtpw_srtp_policy *p, srtpw_srtp *srtp, void *buf, int *len,int rtcp) { int res; #ifdef DEBUG srtpw_log(err_level_debug,"reference packet before protection:\n%s", octet_string_hex_string((uint8_t *)buf, *len)); #endif return (res = rtcp ? srtp_protect_rtcp((srtp_t)srtp, buf, len) : srtp_protect((srtp_t)srtp, buf, len)); }
void rtp_p(srtp_t srtp, struct mbuf *mb) { int err, len; if(srtp) { len = (int)mbuf_get_left(mb); err = srtp_protect(srtp, mbuf_buf(mb), &len); if(err) printf("srtp failed %d\n", err); mb->end = len; } }
static int srtp_sendto(RtpTransport *t, mblk_t *m, int flags, const struct sockaddr *to, socklen_t tolen){ srtp_t srtp=(srtp_t)t->data; int slen; err_status_t err; /* enlarge the buffer for srtp to write its data */ msgpullup(m,msgdsize(m)+SRTP_PAD_BYTES); slen=m->b_wptr-m->b_rptr; err=srtp_protect(srtp,m->b_rptr,&slen); if (err==err_status_ok){ return sendto(t->session->rtp.socket,m->b_rptr,slen,flags,to,tolen); } ortp_error("srtp_protect() failed"); return -1; }
JNIEXPORT jint JNICALL Java_org_theonionphone_protocol_SrtpWrapper_wrapPayloadNative (JNIEnv *env, jobject obj, jbyteArray packet) { jbyte* packetNative = (*env)->GetPrimitiveArrayCritical(env, packet, NULL); if(packetNative == NULL) { return 1; } getNextPacketHeader(rtpContext, packetNative); int packetLength = rtpPacketSize; err_status_t status = srtp_protect((*srtpContextSend), packetNative, &packetLength); (*env)->ReleasePrimitiveArrayCritical(env, packet, packetNative, 0); return status; }
int SrtpChannel::protectRtp(char* buffer, int *len) { if (!active_) return 0; int val = srtp_protect(send_session_, buffer, len); if (val == 0) { return 0; } else { rtcpheader* head = reinterpret_cast<rtcpheader*>(buffer); rtpheader* headrtp = reinterpret_cast<rtpheader*>(buffer); ELOG_WARN("Error SrtpChannel::protectRtp %u packettype %d pt %d seqnum %u", val,head->packettype, headrtp->payloadtype, headrtp->seqnum); return -1; } }
int evrb_encrypt(void* local_ctx, void* data, size_t* len) { #ifdef USE_SRTP int i; if (local_ctx == NULL || ((EVRB_CRYPTO*)local_ctx)->srtp_session == NULL) return -1; if(i=srtp_protect(((EVRB_CRYPTO*)local_ctx)->srtp_session, data, (int*)len)) { #ifndef NDEBUG fprintf(stdout,"-srtp_protect-%i--\n",i);fflush(stdout); #endif return -1; } #endif return 0; }
nsresult SrtpFlow::ProtectRtp(void *in, int in_len, int max_len, int *out_len) { nsresult res = CheckInputs(true, in, in_len, max_len, out_len); if (NS_FAILED(res)) return res; int len = in_len; err_status_t r = srtp_protect(session_, in, &len); if (r != err_status_ok) { MOZ_MTLOG(PR_LOG_ERROR, "Error protecting SRTP packet"); return NS_ERROR_FAILURE; } MOZ_ASSERT(len <= max_len); *out_len = len; MOZ_MTLOG(PR_LOG_DEBUG, "Successfully protected an SRTP packet of len " << *out_len); return NS_OK; }
static int our_srtp_encrypt (void *foo, unsigned char *buffer, unsigned int *len) { err_status_t err; int retdata; srtp_ctx_t *srtp_ctx = (srtp_ctx_t *)foo; int i; // our_srtp = (bills_srtp_t *)foo; retdata = *len; if (dump_pak) { printf("rtp encrypt len = %d\n", *len); for (i = 0; i < retdata; i++) { printf("%02x ", buffer[i]); if (((i + 1) % 12) == 0) printf("\n"); } printf("\n"); } err = srtp_protect(srtp_ctx, (void *)buffer, &retdata); if (err != 0) { printf("return from srtp_protect - value is %d", err); return FALSE; } *len = retdata; if (dump_pak) { printf("\nprotected value\n"); for (i = 0; i < retdata; i++) { printf("%02x ", buffer[i]); if (((i + 1) % 12) == 0) printf("\n"); } printf("\n"); } return TRUE; }
int rtp_sendto(rtp_sender_t sender, const void* msg, int len) { int octets_sent; err_status_t stat; int pkt_len = len + RTP_HEADER_LEN; /* marshal data */ strncpy(sender->message.body, msg, len); /* update header */ sender->message.header.seq = ntohs(sender->message.header.seq) + 1; sender->message.header.seq = htons(sender->message.header.seq); sender->message.header.ts = ntohl(sender->message.header.ts) + 1; sender->message.header.ts = htonl(sender->message.header.ts); /* apply srtp */ stat = srtp_protect(sender->srtp_ctx, &sender->message.header, &pkt_len); if (stat) { #if PRINT_DEBUG fprintf(stderr, "error: srtp protection failed with code %d\n", stat); #endif return -1; } #if VERBOSE_DEBUG srtp_print_packet(&sender->message.header, pkt_len); #endif octets_sent = sendto(sender->socket, (void*)&sender->message, pkt_len, 0, (struct sockaddr *)&sender->addr, sizeof (struct sockaddr_in)); if (octets_sent != pkt_len) { #if PRINT_DEBUG fprintf(stderr, "error: couldn't send message %s", (char *)msg); perror(""); #endif } return octets_sent; }
double srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy) { srtp_ctx_t *srtp; srtp_hdr_t *mesg; int i; int len; clock_t timer; int num_trials = 1000000; uint32_t ssrc = policy->ssrc.value; err_status_t status; /* * allocate and initialize an srtp session */ status = srtp_create(&srtp, policy); if (status) { printf("error: srtp_create() failed with error code %d\n", status); exit(1); } mesg = srtp_create_test_packet(msg_len_octets, ssrc); if (mesg == NULL) return 0.0; /* indicate failure by returning zero */ len = msg_len_octets; srtp_protect(srtp, (srtp_hdr_t *)mesg, &len); timer = clock(); for (i=0; i < num_trials; i++) { len = msg_len_octets; srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len); } timer = clock() - timer; free(mesg); return (double) num_trials * CLOCKS_PER_SEC / timer; }
nsresult SrtpFlow::ProtectRtp(void *in, int in_len, int max_len, int *out_len) { nsresult res = CheckInputs(true, in, in_len, max_len, out_len); if (NS_FAILED(res)) return res; int len = in_len; srtp_err_status_t r = srtp_protect(session_, in, &len); if (r != srtp_err_status_ok) { CSFLogError(LOGTAG, "Error protecting SRTP packet"); return NS_ERROR_FAILURE; } MOZ_ASSERT(len <= max_len); *out_len = len; CSFLogDebug(LOGTAG, "Successfully protected an SRTP packet of len %d", *out_len); return NS_OK; }
static int ozrtp_generic_sendto(stream_type stream, RtpTransport *t, mblk_t *m, int flags, const struct sockaddr *to, socklen_t tolen){ int slen; err_status_t err; ortp_socket_t socket; ZrtpContext *zrtpContext = (ZrtpContext*) t->data; OrtpZrtpContext *userData = (OrtpZrtpContext*) zrtpContext->userData; if (stream == rtp_stream) { socket= t->session->rtp.socket; } else { socket= t->session->rtcp.socket; } if (userData->srtpSend == NULL || !zrtp_inState(zrtpContext, SecureState)) { int size; msgpullup(m,-1); size=msgdsize(m); return sendto(socket,(void*)m->b_rptr,size,flags,to,tolen); } slen=msgdsize(m); // Protect with srtp /* enlarge the buffer for srtp to write its data */ msgpullup(m,msgdsize(m)+SRTP_PAD_BYTES); if (stream == rtp_stream) { err=srtp_protect(userData->srtpSend,m->b_rptr,&slen); } else { err=srtp_protect_rtcp(userData->srtpSend,m->b_rptr,&slen); } if (err==err_status_ok){ return sendto(socket,(void*)m->b_rptr,slen,flags,to,tolen); } else { ortp_error("srtp_protect() failed with status %d", err); } return -1; }
static bool send_handler(int *err, struct sa *dst, struct mbuf *mb, void *arg) { struct menc_st *st = arg; err_status_t e; int len; (void)dst; if (!st->use_srtp || !is_rtp_or_rtcp(mb)) return false; len = (int)mbuf_get_left(mb); if (mbuf_get_space(mb) < ((size_t)len + SRTP_MAX_TRAILER_LEN)) { mbuf_resize(mb, mb->pos + len + SRTP_MAX_TRAILER_LEN); } if (is_rtcp_packet(mb)) { e = srtp_protect_rtcp(st->srtp_tx, mbuf_buf(mb), &len); } else { e = srtp_protect(st->srtp_tx, mbuf_buf(mb), &len); } if (err_status_ok != e) { DEBUG_WARNING("send: failed to protect %s-packet" " with %d bytes (%H)\n", is_rtcp_packet(mb) ? "RTCP" : "RTP", len, errstatus_print, e); *err = EPROTO; return false; } mbuf_set_end(mb, mb->pos + len); return false; /* continue processing */ }
static void send(struct RTK_TRAP_profile *ptr, const void *ptr_data, uint32 data_len) { uint8 *tmp; uint32 tos; Tsudphdr *udphdr; Tsiphdr *iphdr; struct sk_buff *skb; struct rtable *rt = NULL; int rst; //int i; //struct dst_entry *dst = skb->dst; //struct hh_cache *hh; //struct neighbour *n; #ifdef SUPPORT_VOICE_QOS tos = ptr->tos; #endif #ifdef SUPPORT_DSCP tos = rtp_tos; #endif // printk("enter send function\n"); //printk("profile: ip_dst = %x, ip_src = %x\n", ptr->ip_dst_addr, ptr->ip_src_addr); /* ip_src_addr is destination address */ #ifdef CONFIG_RTK_VOIP_SRTP err_status_t stat = 0; #ifdef FEATURE_COP3_PROFILE unsigned long flags; save_flags(flags); cli(); ProfileEnterPoint(PROFILE_INDEX_TEMP); #endif /* apply srtp */ if (ptr->applySRTP){ #ifndef AUDIOCODES_VOIP extern int rtcp_sid_offset; //if((ptr->udp_dst_port == 9001) || (ptr->udp_dst_port == 9003) || (ptr->udp_dst_port == 9005) || (ptr->udp_dst_port == 9007)){ if(ptr->s_id >= rtcp_sid_offset){ #else if(((ptr->s_id)%2) == 1 ){ // ACMW RTP sid = 2*CH, RTCP sid = 2*CH + 1 #endif stat = srtp_protect_rtcp(ptr->tx_srtp_ctx, ptr_data, &data_len); } else{ stat = srtp_protect(ptr->tx_srtp_ctx, ptr_data, &data_len); } } #ifdef FEATURE_COP3_PROFILE ProfileExitPoint(PROFILE_INDEX_TEMP); restore_flags(flags); ProfilePerDump(PROFILE_INDEX_TEMP, 1000); #endif if (stat) { printk("error: srtp protection failed with code %d\n", stat); return; } #endif // I: .7960 (.6416) // D: .7806 (.2803) { #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)) struct flowi key = { .oif = 0, .flags = FLOWI_FLAG_ANYSRC, .nl_u = { .ip4_u = { .daddr = ptr->ip_src_addr, .saddr = ptr->ip_dst_addr, .tos = (uint32)(RT_TOS(tos)) }}}; extern struct net init_net; if((rst = ip_route_output_key(&init_net, &rt, &key))) #else if((rst = ip_route_output(&rt, ptr->ip_src_addr, ptr->ip_dst_addr,(uint32)(RT_TOS(tos)), 0))) #endif // if(rst = ip_route_output(&rt, ptr->ip_src_addr, 0,(Tuint32)(RT_TOS(tos)), 0)) { //printk("ip_route_output failed rst = %d\n", rst); //printk("**rt = %x\n", *rt); //printk("RTK_TRAP info: ip_dst_addr = %x, ip_src_addr = %x \n", ptr->ip_dst_addr, ptr->ip_src_addr); printk("NR "); //printk("TX err: %x->%x\n", ptr->ip_dst_addr, ptr->ip_src_addr); return; } } // pkshih: avoid compiler warning // I: .6438 (.4964) // D: .6290 (.1713) //skb = dev_alloc_skb(data_len + 20 + 8); skb = alloc_skb(data_len+4+16 + 20 + 8, GFP_ATOMIC); if (skb == NULL){ #if 1 printk("%s-%s(): alloc_skb failed:(%d)\n", __FILE__, __FUNCTION__, tx_skb_cnt); #else printk("send skb_alloc return NULL. Drop it.\n"); printk("final [%d] ", tx_skb_cnt); cli(); while(1); #endif return ; } #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)) skb->sk = (void*)1; // for NAT #endif #if 0 skb_reserve(skb,4); if(skb->data - skb->head >=4){ tx_skb_cnt+=1; (*(int*)(skb->head)) = 0x81868711; //printk("[%d] ", tx_skb_cnt); #if 0 if(tx_skb_cnt > 127) printk("[%d] ", tx_skb_cnt); if(tx_skb_cnt ==500) { printk("while(1) due to tx_skb_cnt > 500\n"); while(1); } #endif } #endif skb_reserve(skb,16); //printk("skb_put before\n"); tmp = skb_put(skb, data_len + 20 + 8); //tmp = skb->data //printk("******skb_put ok\n"); iphdr = (Tsiphdr *)tmp; udphdr = (Tsudphdr *)(tmp+20); /* ip */ iphdr->version = 4; iphdr->ihl = 5; iphdr->tos = tos; // TOS iphdr->tot_len = htons(data_len + 8 + 20); iphdr->id = 0; iphdr->frag_off = 0; iphdr->ttl = 0x40; iphdr->protocol = 0x11; iphdr->check = 0; iphdr->saddr = ptr->ip_dst_addr; iphdr->daddr = ptr->ip_src_addr; iphdr->check = ip_fast_csum((uint8 *)(iphdr), 5); /* udp */ udphdr->source = ptr->udp_dst_port; udphdr->dest = ptr->udp_src_port; udphdr->len = htons(data_len + 8); udphdr->check = 0; /* rtp */ memcpy(tmp+28, ptr_data, data_len); #ifdef USE_DST_OUTPUT //shlee, for 2.6.32 #if (LINUX_VERSION_CODE > KERNEL_VERSION(2,6,30)) skb_dst_set(skb, dst_clone(&rt->u.dst)); skb->dev = skb_dst(skb)->dev; #else skb->dst = dst_clone(&rt->u.dst); skb->dev = (skb->dst)->dev; #endif #if (LINUX_VERSION_CODE > KERNEL_VERSION(2,6,21)) skb_reset_network_header(skb); #else skb->nh.iph = (struct iphdr*)(skb->data); #endif // Linux default qdisc pfifo has 3 queue (0,1,2). q0 is the highest priority, // and skb->priority 6 and 7 will be put into queue 0. skb->priority = 7; //skb->dst->output(skb); #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)) #define NF_IP_LOCAL_OUT 3 #endif // I: 4.6239 (3.4241) // D: 4.6088 (1.2092) //shlee, for 2.6.32 #if (LINUX_VERSION_CODE > KERNEL_VERSION(2,6,30)) NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, skb_dst(skb)->output); #else NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, skb->dst->output); #endif #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ip_rt_put(rt); #endif return; #else skb->dst = &rt->u.dst; skb->dev = (skb->dst)->dev; /* ethernet */ dst = skb->dst; hh = (skb->dst)->hh; #if (LINUX_VERSION_CODE > KERNEL_VERSION(2,6,21)) skb_reset_network_header(skb); #else skb->nh.raw = skb->data; #endif /* printk("neigh_lookup start\n"); printk("dst->neighbour->tbl = %x\n",(dst->neighbour)->tbl); n = neigh_lookup(dst->neighbour->tbl, ptr->ip_src_addr, skb->dev); printk("n = %x\n", n); */ #if 1 //printk("hh = %x\n", hh); if (hh) { read_lock_bh(&hh->hh_lock); //for(i = 0;i<4;i++) //printk("hh->hh_data[%d] = %08x\n", i, hh->hh_data[i] ); //printk("hh->hh_len =%d\n", hh->hh_len); memcpy(skb->data - 16, hh->hh_data, 16); read_unlock_bh(&hh->hh_lock); skb_push(skb, hh->hh_len); //printk("skb->dev = %x\n", skb->dev); //printk("skb->dev->name = %s\n", skb->dev->name); //printk("hh_output = %x\n", hh->hh_output); //hh->hh_output(skb); skb->dev->hard_start_xmit(skb, skb->dev); //printk("hh_output\n"); //return hh->hh_output(skb); } else if (dst->neighbour) { //printk("arp\n"); #if 0 printk("dst->neighbour->output = %x\n",dst->neighbour->output); printk("skb->len = %x\n",skb->len); printk("skb->dev = %x\n", skb->dev); printk("skb->dev->name = %s\n", skb->dev->name); #endif dst->neighbour->output(skb); //printk("dst->neighbour->output\n"); //return dst->neighbour->output(skb); } #endif #if 0 printk("(skb->dst)->hh = %x\n", (skb->dst)->hh); memcpy(tmp - 2, ((skb->dst)->hh)->hh_data, 16); dev_queue_xmit (skb); #endif //printk("finidsh send\n"); return; #endif /* USE_DST_OUTPUT */ } #if defined (AUDIOCODES_VOIP) void rtp_send_aux(uint32 ip_src_addr, uint32 ip_dst_addr, uint16 udp_src_port, uint16 udp_dst_port, void *ptr_data, uint32 data_len) { struct RTK_TRAP_profile rtkTrapPrf; rtkTrapPrf.ip_dst_addr = ip_dst_addr; rtkTrapPrf.ip_src_addr = ip_src_addr; rtkTrapPrf.udp_dst_port = udp_dst_port; rtkTrapPrf.udp_src_port = udp_src_port; rtkTrapPrf.rtk_trap_callback = NULL; rtkTrapPrf.next = NULL; send(&rtkTrapPrf, ptr_data, data_len); } #endif //====================================================================================// #ifdef RTP_SNED_TASKLET void rtp_send_2(unsigned long *dummy) { unsigned char chid; unsigned long flags; //unsigned char rtp_w_now[MAX_VOIP_CH_NUM], pload_w_now[MAX_VOIP_CH_NUM]; //static unsigned char cnt=0; for (chid=0; chid < DSP_CH_NUM; chid++) { //rtp_w_now[chid]= rtp_w[chid]; //pload_w_now[chid]=pload_w[chid]; //printk("%s-%d\n",__FUNCTION__, __LINE__); //if ( (rtp_r[chid] == rtp_w_now[chid]) && (pload_r[chid] == pload_w_now[chid]) ) // printk("RTP SNED & Payload FIFO Empty\n"); //else //{ //while (!((rtp_r[chid] == rtp_w_now[chid]) && ( pload_r[chid] == pload_w_now[chid]))) while (!((rtp_r[chid] == rtp_w[chid]) && ( pload_r[chid] == pload_w[chid]))) { //printk("%s-%d\n",__FUNCTION__, __LINE__); send(&Rtp_send[chid][rtp_r[chid]], &Rtp_fifo[chid][pload_r[chid] * 512], pload_len); //printk("%s-%d\n",__FUNCTION__, __LINE__); save_flags(flags); cli(); rtp_r[chid] = (rtp_r[chid] + 1)%FIFO_NUM; pload_r[chid] = (pload_r[chid] + 1)%FIFO_NUM; restore_flags(flags); if (rtp_r[chid]!=pload_r[chid]) printk("Error!! rtp_r!=pload_r\n"); } //if (cnt >= 2) //printk("%d ", cnt); //cnt=0; //} } }
srtp_err_status_t test_dtls_srtp(void) { srtp_hdr_t *test_packet; int test_packet_len = 80; srtp_t s; srtp_policy_t policy; uint8_t key[SRTP_MAX_KEY_LEN]; uint8_t salt[SRTP_MAX_KEY_LEN]; unsigned int key_len, salt_len; srtp_profile_t profile; srtp_err_status_t err; /* create a 'null' SRTP session */ err = srtp_create(&s, NULL); if (err) return err; /* * verify that packet-processing functions behave properly - we * expect that these functions will return srtp_err_status_no_ctx */ test_packet = srtp_create_test_packet(80, 0xa5a5a5a5); if (test_packet == NULL) return srtp_err_status_alloc_fail; err = srtp_protect(s, test_packet, &test_packet_len); if (err != srtp_err_status_no_ctx) { printf("wrong return value from srtp_protect() (got code %d)\n", err); return srtp_err_status_fail; } err = srtp_unprotect(s, test_packet, &test_packet_len); if (err != srtp_err_status_no_ctx) { printf("wrong return value from srtp_unprotect() (got code %d)\n", err); return srtp_err_status_fail; } err = srtp_protect_rtcp(s, test_packet, &test_packet_len); if (err != srtp_err_status_no_ctx) { printf("wrong return value from srtp_protect_rtcp() (got code %d)\n", err); return srtp_err_status_fail; } err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len); if (err != srtp_err_status_no_ctx) { printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n", err); return srtp_err_status_fail; } /* * set keys to known values for testing */ profile = srtp_profile_aes128_cm_sha1_80; key_len = srtp_profile_get_master_key_length(profile); salt_len = srtp_profile_get_master_salt_length(profile); memset(key, 0xff, key_len); memset(salt, 0xee, salt_len); srtp_append_salt_to_key(key, key_len, salt, salt_len); policy.key = key; /* initialize SRTP policy from profile */ err = srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile); if (err) return err; err = srtp_crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile); if (err) return err; policy.ssrc.type = ssrc_any_inbound; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; err = srtp_add_stream(s, &policy); if (err) return err; err = srtp_dealloc(s); if (err) return err; free(test_packet); return srtp_err_status_ok; }
err_status_t srtp_test(const srtp_policy_t *policy) { int i; srtp_t srtp_sender; srtp_t srtp_rcvr; err_status_t status = err_status_ok; srtp_hdr_t *hdr, *hdr2; uint8_t hdr_enc[64]; uint8_t *pkt_end; int msg_len_octets, msg_len_enc; int len; int tag_length = policy->rtp.auth_tag_len; uint32_t ssrc; srtp_policy_t *rcvr_policy; err_check(srtp_create(&srtp_sender, policy)); /* print out policy */ err_check(srtp_session_print_policy(srtp_sender)); /* * initialize data buffer, using the ssrc in the policy unless that * value is a wildcard, in which case we'll just use an arbitrary * one */ if (policy->ssrc.type != ssrc_specific) ssrc = 0xdecafbad; else ssrc = policy->ssrc.value; msg_len_octets = 28; hdr = srtp_create_test_packet(msg_len_octets, ssrc); if (hdr == NULL) return err_status_alloc_fail; hdr2 = srtp_create_test_packet(msg_len_octets, ssrc); if (hdr2 == NULL) { free(hdr); return err_status_alloc_fail; } /* set message length */ len = msg_len_octets; debug_print(mod_driver, "before protection:\n%s", srtp_packet_to_string(hdr, len)); #if PRINT_REFERENCE_PACKET debug_print(mod_driver, "reference packet before protection:\n%s", octet_string_hex_string((uint8_t *)hdr, len)); #endif err_check(srtp_protect(srtp_sender, hdr, &len)); debug_print(mod_driver, "after protection:\n%s", srtp_packet_to_string(hdr, len)); #if PRINT_REFERENCE_PACKET debug_print(mod_driver, "after protection:\n%s", octet_string_hex_string((uint8_t *)hdr, len)); #endif /* save protected message and length */ memcpy(hdr_enc, hdr, len); msg_len_enc = len; /* * check for overrun of the srtp_protect() function * * The packet is followed by a value of 0xfffff; if the value of the * data following the packet is different, then we know that the * protect function is overwriting the end of the packet. */ pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t) + msg_len_octets + tag_length; for (i = 0; i < 4; i++) if (pkt_end[i] != 0xff) { fprintf(stdout, "overwrite in srtp_protect() function " "(expected %x, found %x in trailing octet %d)\n", 0xff, ((uint8_t *)hdr)[i], i); free(hdr); free(hdr2); return err_status_algo_fail; } /* * if the policy includes confidentiality, check that ciphertext is * different than plaintext * * Note that this check will give false negatives, with some small * probability, especially if the packets are short. For that * reason, we skip this check if the plaintext is less than four * octets long. */ if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) { printf("testing that ciphertext is distinct from plaintext..."); status = err_status_algo_fail; for (i=12; i < msg_len_octets+12; i++) if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { status = err_status_ok; } if (status) { printf("failed\n"); free(hdr); free(hdr2); return status; } printf("passed\n"); } /* * if the policy uses a 'wildcard' ssrc, then we need to make a copy * of the policy that changes the direction to inbound * * we always copy the policy into the rcvr_policy, since otherwise * the compiler would fret about the constness of the policy */ rcvr_policy = malloc(sizeof(srtp_policy_t)); if (rcvr_policy == NULL) return err_status_alloc_fail; memcpy(rcvr_policy, policy, sizeof(srtp_policy_t)); if (policy->ssrc.type == ssrc_any_outbound) { rcvr_policy->ssrc.type = ssrc_any_inbound; } err_check(srtp_create(&srtp_rcvr, rcvr_policy)); err_check(srtp_unprotect(srtp_rcvr, hdr, &len)); debug_print(mod_driver, "after unprotection:\n%s", srtp_packet_to_string(hdr, len)); /* verify that the unprotected packet matches the origial one */ for (i=0; i < msg_len_octets; i++) if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { fprintf(stdout, "mismatch at octet %d\n", i); status = err_status_algo_fail; } if (status) { free(hdr); free(hdr2); return status; } /* * if the policy includes authentication, then test for false positives */ if (policy->rtp.sec_serv & sec_serv_auth) { char *data = ((char *)hdr) + 12; printf("testing for false positives in replay check..."); /* set message length */ len = msg_len_enc; /* unprotect a second time - should fail with a replay error */ status = srtp_unprotect(srtp_rcvr, hdr_enc, &len); if (status != err_status_replay_fail) { printf("failed with error code %d\n", status); free(hdr); free(hdr2); return status; } else { printf("passed\n"); } printf("testing for false positives in auth check..."); /* increment sequence number in header */ hdr->seq++; /* set message length */ len = msg_len_octets; /* apply protection */ err_check(srtp_protect(srtp_sender, hdr, &len)); /* flip bits in packet */ data[0] ^= 0xff; /* unprotect, and check for authentication failure */ status = srtp_unprotect(srtp_rcvr, hdr, &len); if (status != err_status_auth_fail) { printf("failed\n"); free(hdr); free(hdr2); return status; } else { printf("passed\n"); } } err_check(srtp_dealloc(srtp_sender)); err_check(srtp_dealloc(srtp_rcvr)); free(hdr); free(hdr2); return err_status_ok; }