int
main (int argc, char *argv[]) {
char errbuf[PCAP_ERRBUF_SIZE];
bpf_u_int32 pcap_net = 0;
pcap_t *pcap_handle;
#if BEW
struct sockaddr_in local;
#endif
srtp_sec_serv_t sec_servs = sec_serv_none;
int c;
int key_size = 128;
int tag_size = 8;
int gcm_on = 0;
char *input_key = NULL;
int b64_input = 0;
char key[MAX_KEY_LEN];
struct bpf_program fp;
char filter_exp[MAX_FILTER] = "";
rtp_decoder_t dec;
srtp_policy_t policy;
srtp_err_status_t status;
int len;
int expected_len;
int do_list_mods = 0;
fprintf(stderr, "Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version());
/* initialize srtp library */
status = srtp_init();
if (status) {
fprintf(stderr, "error: srtp initialization failed with error code %d\n", status);
exit(1);
}
/* check args */
while (1) {
c = getopt_s(argc, argv, "b:k:gt:ae:ld:f:");
if (c == -1) {
break;
}
switch (c) {
case 'b':
b64_input = 1;
/* fall thru */
case 'k':
input_key = optarg_s;
break;
case 'e':
key_size = atoi(optarg_s);
if (key_size != 128 && key_size != 256) {
fprintf(stderr, "error: encryption key size must be 128 or 256 (%d)\n", key_size);
exit(1);
}
input_key = malloc(key_size);
sec_servs |= sec_serv_conf;
break;
case 't':
tag_size = atoi(optarg_s);
if (tag_size != 8 && tag_size != 16) {
fprintf(stderr, "error: GCM tag size must be 8 or 16 (%d)\n", tag_size);
//exit(1);
}
break;
case 'a':
sec_servs |= sec_serv_auth;
break;
case 'g':
gcm_on = 1;
sec_servs |= sec_serv_auth;
break;
case 'd':
status = srtp_crypto_kernel_set_debug_module(optarg_s, 1);
if (status) {
fprintf(stderr, "error: set debug module (%s) failed\n", optarg_s);
exit(1);
}
break;
case 'f':
if(strlen(optarg_s) > MAX_FILTER){
fprintf(stderr, "error: filter bigger than %d characters\n", MAX_FILTER);
exit(1);
}
fprintf(stderr, "Setting filter as %s\n", optarg_s);
strcpy(filter_exp, optarg_s);
break;
case 'l':
do_list_mods = 1;
break;
default:
usage(argv[0]);
}
}
if (do_list_mods) {
status = srtp_crypto_kernel_list_debug_modules();
if (status) {
fprintf(stderr, "error: list of debug modules failed\n");
exit(1);
}
return 0;
}
if ((sec_servs && !input_key) || (!sec_servs && input_key)) {
/*
* a key must be provided if and only if security services have
* been requested
*/
if(input_key == NULL){
fprintf(stderr, "key not provided\n");
}
if(!sec_servs){
fprintf(stderr, "no secservs\n");
}
fprintf(stderr, "provided\n");
usage(argv[0]);
}
/* report security services selected on the command line */
fprintf(stderr, "security services: ");
if (sec_servs & sec_serv_conf)
fprintf(stderr, "confidentiality ");
if (sec_servs & sec_serv_auth)
fprintf(stderr, "message authentication");
if (sec_servs == sec_serv_none)
fprintf(stderr, "none");
fprintf(stderr, "\n");
/* set up the srtp policy and master key */
if (sec_servs) {
/*
* create policy structure, using the default mechanisms but
* with only the security services requested on the command line,
* using the right SSRC value
*/
switch (sec_servs) {
case sec_serv_conf_and_auth:
if (gcm_on) {
#ifdef OPENSSL
switch (key_size) {
case 128:
srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
break;
case 256:
srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
break;
}
#else
fprintf(stderr, "error: GCM mode only supported when using the OpenSSL crypto engine.\n");
return 0;
#endif
} else {
switch (key_size) {
case 128:
srtp_crypto_policy_set_rtp_default(&policy.rtp);
srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
case 256:
srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
}
}
break;
case sec_serv_conf:
if (gcm_on) {
fprintf(stderr, "error: GCM mode must always be used with auth enabled\n");
return -1;
} else {
switch (key_size) {
case 128:
srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
case 256:
srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
}
}
break;
case sec_serv_auth:
if (gcm_on) {
#ifdef OPENSSL
switch (key_size) {
case 128:
srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
break;
case 256:
srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
break;
}
#else
printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
return 0;
#endif
} else {
srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
}
break;
default:
fprintf(stderr, "error: unknown security service requested\n");
return -1;
}
policy.key = (uint8_t *) key;
policy.ekt = NULL;
policy.next = NULL;
policy.window_size = 128;
policy.allow_repeat_tx = 0;
policy.rtp.sec_serv = sec_servs;
policy.rtcp.sec_serv = sec_servs; //sec_serv_none; /* we don't do RTCP anyway */
fprintf(stderr, "setting tag len %d\n", tag_size);
policy.rtp.auth_tag_len = tag_size;
if (gcm_on && tag_size != 8) {
fprintf(stderr, "setted tag len %d\n", tag_size);
policy.rtp.auth_tag_len = tag_size;
}
/*
* read key from hexadecimal or base64 on command line into an octet string
*/
if (b64_input) {
int pad;
expected_len = policy.rtp.cipher_key_len*4/3;
len = base64_string_to_octet_string(key, &pad, input_key, expected_len);
if (pad != 0) {
fprintf(stderr, "error: padding in base64 unexpected\n");
exit(1);
}
} else {
expected_len = policy.rtp.cipher_key_len*2;
len = hex_string_to_octet_string(key, input_key, expected_len);
}
/* check that hex string is the right length */
if (len < expected_len) {
fprintf(stderr,
"error: too few digits in key/salt "
"(should be %d digits, found %d)\n",
expected_len, len);
exit(1);
}
if (strlen(input_key) > policy.rtp.cipher_key_len*2) {
fprintf(stderr,
"error: too many digits in key/salt "
"(should be %d hexadecimal digits, found %u)\n",
policy.rtp.cipher_key_len*2, (unsigned)strlen(input_key));
exit(1);
}
fprintf(stderr, "set master key/salt to %s/", octet_string_hex_string(key, 16));
fprintf(stderr, "%s\n", octet_string_hex_string(key+16, 14));
} else {
fprintf(stderr, "error: neither encryption or authentication were selected");
exit(1);
}
pcap_handle = pcap_open_offline("-", errbuf);
if (!pcap_handle) {
fprintf(stderr, "libpcap failed to open file '%s'\n", errbuf);
exit(1);
}
assert(pcap_handle != NULL);
if ((pcap_compile(pcap_handle, &fp, filter_exp, 1, pcap_net)) == -1){
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp,
pcap_geterr(pcap_handle));
return (2);
}
if (pcap_setfilter(pcap_handle, &fp) == -1){
fprintf(stderr, "couldn't install filter %s: %s\n", filter_exp,
pcap_geterr(pcap_handle));
return (2);
}
dec = rtp_decoder_alloc();
if (dec == NULL) {
fprintf(stderr, "error: malloc() failed\n");
exit(1);
}
fprintf(stderr, "Starting decoder\n");
rtp_decoder_init(dec, policy);
pcap_loop(pcap_handle, 0, rtp_decoder_handle_pkt, (u_char *)dec);
rtp_decoder_deinit_srtp(dec);
rtp_decoder_dealloc(dec);
status = srtp_shutdown();
if (status) {
fprintf(stderr, "error: srtp shutdown failed with error code %d\n", status);
exit(1);
}
return 0;
}
int
main (int argc, char *argv[]) {
char *dictfile = DICT_FILE;
FILE *dict;
char word[MAX_WORD_LEN];
int sock, ret;
struct in_addr rcvr_addr;
struct sockaddr_in name;
struct ip_mreq mreq;
#if BEW
struct sockaddr_in local;
#endif
program_type prog_type = unknown;
srtp_sec_serv_t sec_servs = sec_serv_none;
unsigned char ttl = 5;
int c;
int key_size = 128;
int tag_size = 8;
int gcm_on = 0;
char *input_key = NULL;
int b64_input = 0;
char *address = NULL;
char key[MAX_KEY_LEN];
unsigned short port = 0;
rtp_sender_t snd;
srtp_policy_t policy;
srtp_err_status_t status;
int len;
int expected_len;
int do_list_mods = 0;
uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */
#ifdef RTPW_USE_WINSOCK2
WORD wVersionRequested = MAKEWORD(2, 0);
WSADATA wsaData;
ret = WSAStartup(wVersionRequested, &wsaData);
if (ret != 0) {
fprintf(stderr, "error: WSAStartup() failed: %d\n", ret);
exit(1);
}
#endif
printf("Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version());
if (setup_signal_handler(argv[0]) != 0) {
exit(1);
}
/* initialize srtp library */
status = srtp_init();
if (status) {
printf("error: srtp initialization failed with error code %d\n", status);
exit(1);
}
/* check args */
while (1) {
c = getopt_s(argc, argv, "b:k:rsgt:ae:ld:");
if (c == -1) {
break;
}
switch (c) {
case 'b':
b64_input = 1;
/* fall thru */
case 'k':
input_key = optarg_s;
break;
case 'e':
key_size = atoi(optarg_s);
if (key_size != 128 && key_size != 256) {
printf("error: encryption key size must be 128 or 256 (%d)\n", key_size);
exit(1);
}
sec_servs |= sec_serv_conf;
break;
case 't':
tag_size = atoi(optarg_s);
if (tag_size != 8 && tag_size != 16) {
printf("error: GCM tag size must be 8 or 16 (%d)\n", tag_size);
exit(1);
}
break;
case 'a':
sec_servs |= sec_serv_auth;
break;
case 'g':
gcm_on = 1;
sec_servs |= sec_serv_auth;
break;
case 'r':
prog_type = receiver;
break;
case 's':
prog_type = sender;
break;
case 'd':
status = srtp_set_debug_module(optarg_s, 1);
if (status) {
printf("error: set debug module (%s) failed\n", optarg_s);
exit(1);
}
break;
case 'l':
do_list_mods = 1;
break;
default:
usage(argv[0]);
}
}
if (prog_type == unknown) {
if (do_list_mods) {
status = srtp_list_debug_modules();
if (status) {
printf("error: list of debug modules failed\n");
exit(1);
}
return 0;
} else {
printf("error: neither sender [-s] nor receiver [-r] specified\n");
usage(argv[0]);
}
}
if ((sec_servs && !input_key) || (!sec_servs && input_key)) {
/*
* a key must be provided if and only if security services have
* been requested
*/
usage(argv[0]);
}
if (argc != optind_s + 2) {
/* wrong number of arguments */
usage(argv[0]);
}
/* get address from arg */
address = argv[optind_s++];
/* get port from arg */
port = atoi(argv[optind_s++]);
/* set address */
#ifdef HAVE_INET_ATON
if (0 == inet_aton(address, &rcvr_addr)) {
fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address);
exit(1);
}
if (rcvr_addr.s_addr == INADDR_NONE) {
fprintf(stderr, "%s: address error", argv[0]);
exit(1);
}
#else
rcvr_addr.s_addr = inet_addr(address);
if (0xffffffff == rcvr_addr.s_addr) {
fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address);
exit(1);
}
#endif
/* open socket */
sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (sock < 0) {
int err;
#ifdef RTPW_USE_WINSOCK2
err = WSAGetLastError();
#else
err = errno;
#endif
fprintf(stderr, "%s: couldn't open socket: %d\n", argv[0], err);
exit(1);
}
name.sin_addr = rcvr_addr;
name.sin_family = PF_INET;
name.sin_port = htons(port);
if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
if (prog_type == sender) {
ret = setsockopt(sock, IPPROTO_IP, IP_MULTICAST_TTL, &ttl,
sizeof(ttl));
if (ret < 0) {
fprintf(stderr, "%s: Failed to set TTL for multicast group", argv[0]);
perror("");
exit(1);
}
}
mreq.imr_multiaddr.s_addr = rcvr_addr.s_addr;
mreq.imr_interface.s_addr = htonl(INADDR_ANY);
ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, (void*)&mreq,
sizeof(mreq));
if (ret < 0) {
fprintf(stderr, "%s: Failed to join multicast group", argv[0]);
perror("");
exit(1);
}
}
/* report security services selected on the command line */
printf("security services: ");
if (sec_servs & sec_serv_conf)
printf("confidentiality ");
if (sec_servs & sec_serv_auth)
printf("message authentication");
if (sec_servs == sec_serv_none)
printf("none");
printf("\n");
/* set up the srtp policy and master key */
if (sec_servs) {
/*
* create policy structure, using the default mechanisms but
* with only the security services requested on the command line,
* using the right SSRC value
*/
switch (sec_servs) {
case sec_serv_conf_and_auth:
if (gcm_on) {
#ifdef OPENSSL
switch (key_size) {
case 128:
srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
break;
case 256:
srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
break;
}
#else
printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
return 0;
#endif
} else {
switch (key_size) {
case 128:
srtp_crypto_policy_set_rtp_default(&policy.rtp);
srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
case 256:
srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
}
}
break;
case sec_serv_conf:
if (gcm_on) {
printf("error: GCM mode must always be used with auth enabled\n");
return -1;
} else {
switch (key_size) {
case 128:
srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
case 256:
srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
}
}
break;
case sec_serv_auth:
if (gcm_on) {
#ifdef OPENSSL
switch (key_size) {
case 128:
srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
break;
case 256:
srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
break;
}
#else
printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
return 0;
#endif
} else {
srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
}
break;
default:
printf("error: unknown security service requested\n");
return -1;
}
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = ssrc;
policy.key = (uint8_t *) key;
policy.ekt = NULL;
policy.next = NULL;
policy.window_size = 128;
policy.allow_repeat_tx = 0;
policy.rtp.sec_serv = sec_servs;
policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */
if (gcm_on && tag_size != 8) {
policy.rtp.auth_tag_len = tag_size;
}
/*
* read key from hexadecimal or base64 on command line into an octet string
*/
if (b64_input) {
int pad;
expected_len = (policy.rtp.cipher_key_len*4)/3;
len = base64_string_to_octet_string(key, &pad, input_key, expected_len);
if (pad != 0) {
fprintf(stderr, "error: padding in base64 unexpected\n");
exit(1);
}
} else {
expected_len = policy.rtp.cipher_key_len*2;
len = hex_string_to_octet_string(key, input_key, expected_len);
}
/* check that hex string is the right length */
if (len < expected_len) {
fprintf(stderr,
"error: too few digits in key/salt "
"(should be %d digits, found %d)\n",
expected_len, len);
exit(1);
}
if ((int) strlen(input_key) > policy.rtp.cipher_key_len*2) {
fprintf(stderr,
"error: too many digits in key/salt "
"(should be %d hexadecimal digits, found %u)\n",
policy.rtp.cipher_key_len*2, (unsigned)strlen(input_key));
exit(1);
}
printf("set master key/salt to %s/", octet_string_hex_string(key, 16));
printf("%s\n", octet_string_hex_string(key+16, 14));
} else {
/*
* we're not providing security services, so set the policy to the
* null policy
*
* Note that this policy does not conform to the SRTP
* specification, since RTCP authentication is required. However,
* the effect of this policy is to turn off SRTP, so that this
* application is now a vanilla-flavored RTP application.
*/
srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtp);
srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtcp);
policy.key = (uint8_t *)key;
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = ssrc;
policy.window_size = 0;
policy.allow_repeat_tx = 0;
policy.ekt = NULL;
policy.next = NULL;
}
if (prog_type == sender) {
#if BEW
/* bind to local socket (to match crypto policy, if need be) */
memset(&local, 0, sizeof(struct sockaddr_in));
local.sin_addr.s_addr = htonl(INADDR_ANY);
local.sin_port = htons(port);
ret = bind(sock, (struct sockaddr *) &local, sizeof(struct sockaddr_in));
if (ret < 0) {
fprintf(stderr, "%s: bind failed\n", argv[0]);
perror("");
exit(1);
}
#endif /* BEW */
/* initialize sender's rtp and srtp contexts */
snd = rtp_sender_alloc();
if (snd == NULL) {
fprintf(stderr, "error: malloc() failed\n");
exit(1);
}
rtp_sender_init(snd, sock, name, ssrc);
status = rtp_sender_init_srtp(snd, &policy);
if (status) {
fprintf(stderr,
"error: srtp_create() failed with code %d\n",
status);
exit(1);
}
/* open dictionary */
dict = fopen (dictfile, "r");
if (dict == NULL) {
fprintf(stderr, "%s: couldn't open file %s\n", argv[0], dictfile);
if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
leave_group(sock, mreq, argv[0]);
}
exit(1);
}
/* read words from dictionary, then send them off */
while (!interrupted && fgets(word, MAX_WORD_LEN, dict) != NULL) {
len = strlen(word) + 1; /* plus one for null */
if (len > MAX_WORD_LEN)
printf("error: word %s too large to send\n", word);
else {
rtp_sendto(snd, word, len);
printf("sending word: %s", word);
}
usleep(USEC_RATE);
}
rtp_sender_deinit_srtp(snd);
rtp_sender_dealloc(snd);
fclose(dict);
} else { /* prog_type == receiver */
rtp_receiver_t rcvr;
if (bind(sock, (struct sockaddr *)&name, sizeof(name)) < 0) {
close(sock);
fprintf(stderr, "%s: socket bind error\n", argv[0]);
perror(NULL);
if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
leave_group(sock, mreq, argv[0]);
}
exit(1);
}
rcvr = rtp_receiver_alloc();
if (rcvr == NULL) {
fprintf(stderr, "error: malloc() failed\n");
exit(1);
}
rtp_receiver_init(rcvr, sock, name, ssrc);
status = rtp_receiver_init_srtp(rcvr, &policy);
if (status) {
fprintf(stderr,
"error: srtp_create() failed with code %d\n",
status);
exit(1);
}
/* get next word and loop */
while (!interrupted) {
len = MAX_WORD_LEN;
if (rtp_recvfrom(rcvr, word, &len) > -1)
printf("\tword: %s\n", word);
}
rtp_receiver_deinit_srtp(rcvr);
rtp_receiver_dealloc(rcvr);
}
if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
leave_group(sock, mreq, argv[0]);
}
#ifdef RTPW_USE_WINSOCK2
ret = closesocket(sock);
#else
ret = close(sock);
#endif
if (ret < 0) {
fprintf(stderr, "%s: Failed to close socket", argv[0]);
perror("");
}
status = srtp_shutdown();
if (status) {
printf("error: srtp shutdown failed with error code %d\n", status);
exit(1);
}
#ifdef RTPW_USE_WINSOCK2
WSACleanup();
#endif
return 0;
}