aboutsummaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/aes_calc.c111
-rw-r--r--test/auth_driver.c201
-rw-r--r--test/cipher_driver.c484
-rw-r--r--test/cutest.h713
-rw-r--r--test/datatypes_driver.c237
-rw-r--r--test/dtls_srtp_driver.c261
-rw-r--r--test/getopt_s.c109
-rw-r--r--test/kernel_driver.c126
-rw-r--r--test/lfsr.c310
-rw-r--r--test/rand_gen.c140
-rw-r--r--test/rdbx_driver.c504
-rw-r--r--test/replay_driver.c328
-rw-r--r--test/roc_driver.c203
-rw-r--r--test/rtp.c295
-rw-r--r--test/rtp.h155
-rw-r--r--test/rtp_decoder.c764
-rw-r--r--test/rtp_decoder.h121
-rwxr-xr-xtest/rtpwbin88372 -> 0 bytes
-rw-r--r--test/rtpw.c942
-rwxr-xr-xtest/rtpw_test.sh176
-rwxr-xr-xtest/rtpw_test_gcm.sh260
-rw-r--r--test/sha1_driver.c98
-rw-r--r--test/srtp_driver.c4638
-rw-r--r--test/stat_driver.c101
-rw-r--r--test/test_srtp.c185
-rw-r--r--test/util.c212
-rw-r--r--test/util.h53
-rw-r--r--test/words.txt250
28 files changed, 8252 insertions, 3725 deletions
diff --git a/test/aes_calc.c b/test/aes_calc.c
deleted file mode 100644
index 56b0323..0000000
--- a/test/aes_calc.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * aes_calc.c
- *
- * A simple AES calculator for generating AES encryption values
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
-
- Example usage (with first NIST FIPS 197 test case):
-
-[sh]$ test/aes_calc 000102030405060708090a0b0c0d0e0f 00112233445566778899aabbccddeeff -v
- plaintext: 00112233445566778899aabbccddeeff
- key: 000102030405060708090a0b0c0d0e0f
- ciphertext: 69c4e0d86a7b0430d8cdb78070b4c55a
-
- */
-
-#include "aes.h"
-#include <stdio.h>
-#include <string.h>
-
-void
-usage(char *prog_name) {
- printf("usage: %s <key> <plaintext> [-v]\n", prog_name);
- exit(255);
-}
-
-#define AES_KEY_LEN 16
-
-int
-main (int argc, char *argv[]) {
- v128_t data, key;
- aes_expanded_key_t exp_key;
- int len;
- int verbose;
-
- if (argc == 3) {
- /* we're not in verbose mode */
- verbose = 0;
- } else if (argc == 4) {
- if (strncmp(argv[3], "-v", 2) == 0) {
- /* we're in verbose mode */
- verbose = 1;
- } else {
- /* unrecognized flag, complain and exit */
- usage(argv[0]);
- }
- } else {
- /* we've been fed the wrong number of arguments - compain and exit */
- usage(argv[0]);
- }
-
- /* read in key, checking length */
- if (strlen(argv[1]) > AES_KEY_LEN*2) {
- fprintf(stderr,
- "error: too many digits in key "
- "(should be %d hexadecimal digits, found %u)\n",
- AES_KEY_LEN*2, (unsigned)strlen(argv[1]));
- exit(1);
- }
- len = hex_string_to_octet_string((octet_t *)&key, argv[1], AES_KEY_LEN*2);
- /* check that hex string is the right length */
- if (len < AES_KEY_LEN*2) {
- fprintf(stderr,
- "error: too few digits in key "
- "(should be %d hexadecimal digits, found %d)\n",
- AES_KEY_LEN*2, len);
- exit(1);
- }
-
- /* read in plaintext, checking length */
- if (strlen(argv[2]) > 16*2) {
- fprintf(stderr,
- "error: too many digits in plaintext "
- "(should be %d hexadecimal digits, found %u)\n",
- 16*2, (unsigned)strlen(argv[2]));
- exit(1);
- }
- len = hex_string_to_octet_string((octet_t *)(&data), argv[2], 16*2);
- /* check that hex string is the right length */
- if (len < 16*2) {
- fprintf(stderr,
- "error: too few digits in plaintext "
- "(should be %d hexadecimal digits, found %d)\n",
- 16*2, len);
- exit(1);
- }
-
- if (verbose) {
- /* print out plaintext */
- printf("plaintext:\t%s\n", octet_string_hex_string((octet_t *)&data, 16));
- }
-
- /* encrypt plaintext */
- aes_expand_encryption_key(key, exp_key);
-
- aes_encrypt(&data, exp_key);
-
- /* write ciphertext to output */
- if (verbose) {
- printf("key:\t\t%s\n", v128_hex_string(&key));
- printf("ciphertext:\t");
- }
- printf("%s\n", v128_hex_string(&data));
-
- return 0;
-}
-
diff --git a/test/auth_driver.c b/test/auth_driver.c
deleted file mode 100644
index 071f127..0000000
--- a/test/auth_driver.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/*
- * auth_driver.c
- *
- * a driver for auth functions
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2005, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include <stdio.h> /* for printf() */
-#include <stdlib.h> /* for crypto_alloc() */
-#include <unistd.h> /* for getopt() */
-
-#include "auth.h"
-#include "tmmhv2.h"
-#include "null_auth.h"
-
-#define PRINT_DEBUG_DATA 0
-
-extern auth_type_t tmmhv2;
-
-const uint16_t msg0[9] = {
- 0x6015, 0xf141, 0x5ba1, 0x29a0, 0xf604, 0xd1c, 0x2d9, 0xaa8a, 0x7931
-};
-
-/* key1 is for TAG_WORDS = 2 */
-
-const uint16_t key1[47] = {
- 0xe627, 0x6a01, 0x5ea7, 0xf27a, 0xc536, 0x2192, 0x11be, 0xea35,
- 0xdb9d, 0x63d6, 0xfa8a, 0xfc45, 0xe08b, 0xd216, 0xced2, 0x7853,
- 0x1a82, 0x22f5, 0x90fb, 0x1c29, 0x708e, 0xd06f, 0x82c3, 0xbee6,
- 0x4f21, 0x6f33, 0x65c0, 0xd211, 0xc25e, 0x9138, 0x4fa3, 0x7c1f,
- 0x61ac, 0x3489, 0x2976, 0x8c19, 0x8252, 0xddbf, 0xcad3, 0xc28f,
- 0x68d6, 0x58dd, 0x504f, 0x2bbf, 0x0278, 0x70b7, 0xcfca
-};
-
-double
-auth_bits_per_second(auth_t *h, int msg_len);
-
-
-void
-usage(char *prog_name) {
- printf("usage: %s [ -t | -v ]\n", prog_name);
- exit(255);
-}
-
-#define MAX_MSG_LEN 2048
-
-int
-main (int argc, char *argv[]) {
- auth_t *a = NULL;
- err_status_t status;
- int i;
- char c;
- unsigned do_timing_test = 0;
- unsigned do_validation = 0;
-
- /* process input arguments */
- while (1) {
- c = getopt(argc, argv, "tv");
- if (c == -1)
- break;
- switch (c) {
- case 't':
- do_timing_test = 1;
- break;
- case 'v':
- do_validation = 1;
- break;
- default:
- usage(argv[0]);
- }
- }
-
- printf("auth driver\nDavid A. McGrew\nCisco Systems, Inc.\n");
-
- if (!do_validation && !do_timing_test)
- usage(argv[0]);
-
- if (do_validation) {
- printf("running self-test for %s...", tmmhv2.description);
- status = tmmhv2_add_big_test();
- if (status) {
- printf("tmmhv2_add_big_test failed with error code %d\n", status);
- exit(status);
- }
- status = auth_type_self_test(&tmmhv2);
- if (status) {
- printf("failed with error code %d\n", status);
- exit(status);
- }
- printf("passed\n");
- }
-
- if (do_timing_test) {
-
- /* tmmhv2 timing test */
- status = auth_type_alloc(&tmmhv2, &a, 94, 4);
- if (status) {
- fprintf(stderr, "can't allocate tmmhv2\n");
- exit(status);
- }
- status = auth_init(a, (octet_t *)key1);
- if (status) {
- printf("error initializaing auth function\n");
- exit(status);
- }
-
- printf("timing %s (tag length %d)\n",
- tmmhv2.description, auth_get_tag_length(a));
- for (i=8; i <= MAX_MSG_LEN; i *= 2)
- printf("msg len: %d\tgigabits per second: %f\n",
- i, auth_bits_per_second(a, i) / 1E9);
-
- status = auth_dealloc(a);
- if (status) {
- printf("error deallocating auth function\n");
- exit(status);
- }
-
- }
-
- return 0;
-}
-
-#define NUM_TRIALS 100000
-
-#include <time.h>
-
-double
-auth_bits_per_second(auth_t *a, int msg_len_octets) {
- int i;
- clock_t timer;
- octet_t *result;
- int msg_len = (msg_len_octets + 1)/2;
- uint16_t *msg_string;
-
- /* create random message */
- msg_string = (uint16_t *) crypto_alloc(msg_len_octets);
- if (msg_string == NULL)
- return 0.0; /* indicate failure */
- for (i=0; i < msg_len; i++)
- msg_string[i] = (uint16_t) random();
-
- /* allocate temporary storage for authentication tag */
- result = crypto_alloc(auth_get_tag_length(a));
- if (result == NULL) {
- free(msg_string);
- return 0.0; /* indicate failure */
- }
-
- timer = clock();
- for (i=0; i < NUM_TRIALS; i++) {
- auth_compute(a, (octet_t *)msg_string, msg_len_octets, (octet_t *)result);
- }
- timer = clock() - timer;
-
- free(msg_string);
- free(result);
-
- return (double) NUM_TRIALS * 8 * msg_len_octets * CLOCKS_PER_SEC / timer;
-}
-
-
diff --git a/test/cipher_driver.c b/test/cipher_driver.c
deleted file mode 100644
index b1aed21..0000000
--- a/test/cipher_driver.c
+++ /dev/null
@@ -1,484 +0,0 @@
-/*
- * cipher_driver.c
- *
- * A driver for the generic cipher type
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2005, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <stdio.h> /* for printf() */
-#include <stdlib.h> /* for random() */
-#include <string.h> /* for memset() */
-#include <unistd.h> /* for getopt() */
-#include "cipher.h"
-#include "aes_icm.h"
-#include "null_cipher.h"
-
-#define PRINT_DEBUG 0
-
-void
-cipher_driver_test_throughput(cipher_t *c);
-
-err_status_t
-cipher_driver_self_test(cipher_type_t *ct);
-
-
-/*
- * cipher_driver_test_buffering(ct) tests the cipher's output
- * buffering for correctness by checking the consistency of succesive
- * calls
- */
-
-err_status_t
-cipher_driver_test_buffering(cipher_t *c);
-
-
-/*
- * functions for testing cipher cache thrash
- */
-err_status_t
-cipher_driver_test_array_throughput(cipher_type_t *ct,
- int klen, int num_cipher);
-
-void
-cipher_array_test_throughput(cipher_t *ca[], int num_cipher);
-
-double
-cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
- int octets_in_buffer, int num_trials);
-
-err_status_t
-cipher_array_delete(cipher_t *cipher_array[], int num_cipher);
-
-err_status_t
-cipher_array_alloc_init(cipher_t ***cipher_array, int num_ciphers,
- cipher_type_t *ctype, int klen);
-
-void
-usage(char *prog_name) {
- printf("usage: %s [ -t | -v | -a ]\n", prog_name);
- exit(255);
-}
-
-void
-check_status(err_status_t s) {
- if (s) {
- printf("error (code %d)\n", s);
- exit(s);
- }
- return;
-}
-
-/*
- * null_cipher and aes_icm are the cipher meta-objects defined
- * in the files in crypto/cipher subdirectory. these are declared
- * external so that we can use these cipher types here
- */
-
-extern cipher_type_t null_cipher;
-extern cipher_type_t aes_icm;
-
-int
-main(int argc, char *argv[]) {
- cipher_t *c = NULL;
- err_status_t status;
- unsigned char test_key[20] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13
- };
- char q;
- unsigned do_timing_test = 0;
- unsigned do_validation = 0;
- unsigned do_array_timing_test = 0;
-
- /* process input arguments */
- while (1) {
- q = getopt(argc, argv, "tva");
- if (q == -1)
- break;
- switch (q) {
- case 't':
- do_timing_test = 1;
- break;
- case 'v':
- do_validation = 1;
- break;
- case 'a':
- do_array_timing_test = 1;
- break;
- default:
- usage(argv[0]);
- }
- }
-
- printf("cipher test driver\n"
- "David A. McGrew\n"
- "Cisco Systems, Inc.\n");
-
- if (!do_validation && !do_timing_test && !do_array_timing_test)
- usage(argv[0]);
-
- /* arry timing (cache thrash) test */
- if (do_array_timing_test) {
- int max_num_cipher = 1 << 16; /* number of ciphers in cipher_array */
- int num_cipher;
-
- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&null_cipher, 0, num_cipher);
-
- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_icm, 30, num_cipher);
-
- }
-
- if (do_validation) {
- cipher_driver_self_test(&null_cipher);
- cipher_driver_self_test(&aes_icm);
- }
-
- /* do timing and/or buffer_test on null_cipher */
- status = cipher_type_alloc(&null_cipher, &c, 0);
- check_status(status);
-
- status = cipher_init(c, NULL, direction_any);
- check_status(status);
-
- if (do_timing_test)
- cipher_driver_test_throughput(c);
- if (do_validation) {
- status = cipher_driver_test_buffering(c);
- check_status(status);
- }
- status = cipher_dealloc(c);
- check_status(status);
-
-
- /* run the throughput test on the aes_icm cipher */
- status = cipher_type_alloc(&aes_icm, &c, 30);
- if (status) {
- fprintf(stderr, "error: can't allocate cipher\n");
- exit(status);
- }
-
- status = cipher_init(c, test_key, direction_any);
- check_status(status);
-
- if (do_timing_test)
- cipher_driver_test_throughput(c);
-
- if (do_validation) {
- status = cipher_driver_test_buffering(c);
- check_status(status);
- }
-
- status = cipher_dealloc(c);
- check_status(status);
-
- return 0;
-}
-
-void
-cipher_driver_test_throughput(cipher_t *c) {
- int i;
- int min_enc_len = 32;
- int max_enc_len = 2048; /* should be a power of two */
- int num_trials = 100000;
-
- printf("timing %s throughput:\n", c->type->description);
- fflush(stdout);
- for (i=min_enc_len; i <= max_enc_len; i = i * 2)
- printf("msg len: %d\tgigabits per second: %f\n",
- i, cipher_bits_per_second(c, i, num_trials) / 1e9);
-
-}
-
-err_status_t
-cipher_driver_self_test(cipher_type_t *ct) {
- err_status_t status;
-
- printf("running cipher self-test for %s...", ct->description);
- status = cipher_type_self_test(ct);
- if (status) {
- printf("failed with error code %d\n", status);
- exit(status);
- }
- printf("passed\n");
-
- return err_status_ok;
-}
-
-/*
- * cipher_driver_test_buffering(ct) tests the cipher's output
- * buffering for correctness by checking the consistency of succesive
- * calls
- */
-
-err_status_t
-cipher_driver_test_buffering(cipher_t *c) {
- int i, j, len, num_trials = 1000;
- int buflen = 1024;
- octet_t buffer0[buflen], buffer1[buflen], *current, *end;
- octet_t idx[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34
- };
- err_status_t status;
-
- printf("testing output buffering for cipher %s...",
- c->type->description);
-
- for (i=0; i < num_trials; i++) {
-
- /* set buffers to zero */
- for (j=0; j < buflen; j++)
- buffer0[j] = buffer1[j] = 0;
-
- /* initialize cipher */
- status = cipher_set_iv(c, idx);
- if (status)
- return status;
-
- /* generate 'reference' value by encrypting all at once */
- status = cipher_encrypt(c, buffer0, &buflen);
- if (status)
- return status;
-
- /* re-initialize cipher */
- status = cipher_set_iv(c, idx);
- if (status)
- return status;
-
- /* now loop over short lengths until buffer1 is encrypted */
- current = buffer1;
- end = buffer1 + buflen;
- while (current < end) {
-
- /* choose a short length */
- len = random() & 0x01f;
-
- /* make sure that len doesn't cause us to overreach the buffer */
- if (current + len > end)
- len = end - current;
-
- status = cipher_encrypt(c, current, &len);
- if (status)
- return status;
-
- /* advance pointer into buffer1 to reflect encryption */
- current += len;
-
- /* if buffer1 is all encrypted, break out of loop */
- if (current == end)
- break;
- }
-
- /* compare buffers */
- for (j=0; j < buflen; j++)
- if (buffer0[j] != buffer1[j]) {
-#if PRINT_DEBUG
- printf("test case %d failed at byte %d\n", i, j);
- printf("computed: %s\n", octet_string_hex_string(buffer1, buflen));
- printf("expected: %s\n", octet_string_hex_string(buffer0, buflen));
-#endif
- return err_status_algo_fail;
- }
- }
-
- printf("passed\n");
-
- return err_status_ok;
-}
-
-
-/*
- * The function cipher_test_throughput_array() tests the effect of CPU
- * cache thrash on cipher throughput.
- *
- * cipher_array_alloc_init(ctype, array, num_ciphers) creates an array
- * of cipher_t of type ctype
- */
-
-err_status_t
-cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
- cipher_type_t *ctype, int klen) {
- int i, j;
- err_status_t status;
- octet_t *key;
- cipher_t **cipher_array;
-
- /* allocate array of pointers to ciphers */
- cipher_array = (cipher_t **) malloc(sizeof(cipher_t *) * num_ciphers);
- if (cipher_array == NULL)
- return err_status_alloc_fail;
-
- /* set ca to location of cipher_array */
- *ca = cipher_array;
-
- /* allocate key */
- key = crypto_alloc(klen);
- if (key == NULL) {
- free(cipher_array);
- return err_status_alloc_fail;
- }
-
- /* allocate and initialize an array of ciphers */
- for (i=0; i < num_ciphers; i++) {
-
- /* allocate cipher */
- status = cipher_type_alloc(ctype, cipher_array, klen);
- if (status)
- return status;
-
- /* generate random key and initialize cipher */
- for (j=0; j < klen; j++)
- key[j] = (octet_t) random();
- status = cipher_init(*cipher_array, key, direction_any);
- if (status)
- return status;
-
-/* printf("%dth cipher is at %p\n", i, *cipher_array); */
-/* printf("%dth cipher description: %s\n", i, */
-/* (*cipher_array)->type->description); */
-
- /* advance cipher array pointer */
- cipher_array++;
- }
-
- return err_status_ok;
-}
-
-err_status_t
-cipher_array_delete(cipher_t *cipher_array[], int num_cipher) {
- int i;
-
- for (i=0; i < num_cipher; i++) {
- cipher_dealloc(cipher_array[i]);
- }
-
- free(cipher_array);
-
- return err_status_ok;
-}
-
-
-/*
- * cipher_array_bits_per_second(c, l, t) computes (an estimate of) the
- * number of bits that a cipher implementation can encrypt in a second
- * when distinct keys are used to encrypt distinct messages
- *
- * c is a cipher (which MUST be allocated an initialized already), l
- * is the length in octets of the test data to be encrypted, and t is
- * the number of trials
- *
- * if an error is encountered, the value 0.0 is returned
- */
-
-#include <time.h>
-
-double
-cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
- int octets_in_buffer, int num_trials) {
- int i;
- v128_t nonce;
- clock_t timer;
- unsigned char *enc_buf;
- int cipher_index = 0;
-
-
- enc_buf = crypto_alloc(octets_in_buffer);
- if (enc_buf == NULL)
- return 0.0; /* indicate bad parameters by returning null */
-
- /* time repeated trials */
- v128_set_to_zero(&nonce);
- timer = clock();
- for(i=0; i < num_trials; i++, nonce.v32[3] = i) {
-
- /* choose a cipher at random from the array*/
- cipher_index = (*((uint32_t *)enc_buf)) % num_cipher;
-
- /* encrypt buffer with cipher */
- cipher_set_iv(cipher_array[cipher_index], &nonce);
- cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_in_buffer);
- }
- timer = clock() - timer;
-
- free(enc_buf);
-
- return (double) CLOCKS_PER_SEC * num_trials
- * 8 * octets_in_buffer / timer;
-}
-
-void
-cipher_array_test_throughput(cipher_t *ca[], int num_cipher) {
- int i;
- int min_enc_len = 16;
- int max_enc_len = 2048; /* should be a power of two */
- int num_trials = 10000;
-
- printf("timing %s throughput with array size %d:\n",
- (ca[0])->type->description, num_cipher);
- fflush(stdout);
- for (i=min_enc_len; i <= max_enc_len; i = i * 4)
- printf("msg len: %d\tgigabits per second: %f\n", i,
- cipher_array_bits_per_second(ca, num_cipher, i, num_trials) / 1e9);
-
-}
-
-err_status_t
-cipher_driver_test_array_throughput(cipher_type_t *ct,
- int klen, int num_cipher) {
- cipher_t **ca = NULL;
- err_status_t status;
-
- status = cipher_array_alloc_init(&ca, num_cipher, ct, klen);
- if (status) {
- printf("error: cipher_array_alloc_init() failed with error code %d\n",
- status);
- return status;
- }
-
- cipher_array_test_throughput(ca, num_cipher);
-
- cipher_array_delete(ca, num_cipher);
-
- return err_status_ok;
-}
diff --git a/test/cutest.h b/test/cutest.h
new file mode 100644
index 0000000..f46626d
--- /dev/null
+++ b/test/cutest.h
@@ -0,0 +1,713 @@
+/*
+ * CUTest -- C/C++ Unit Test facility
+ * <http://github.com/mity/cutest>
+ *
+ * Copyright (c) 2013-2017 Martin Mitas
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#ifndef CUTEST_H__
+#define CUTEST_H__
+
+/************************
+ *** Public interface ***
+ ************************/
+
+/* By default, <cutest.h> provides the main program entry point (function
+ * main()). However, if the test suite is composed of multiple source files
+ * which include <cutest.h>, then this causes a problem of multiple main()
+ * definitions. To avoid this problem, #define macro TEST_NO_MAIN in all
+ * compilation units but one.
+ */
+
+/* Macro to specify list of unit tests in the suite.
+ * The unit test implementation MUST provide list of unit tests it implements
+ * with this macro:
+ *
+ * TEST_LIST = {
+ * { "test1_name", test1_func_ptr },
+ * { "test2_name", test2_func_ptr },
+ * ...
+ * { 0 }
+ * };
+ *
+ * The list specifies names of each test (must be unique) and pointer to
+ * a function implementing it. The function does not take any arguments
+ * and has no return values, i.e. every test function has tp be compatible
+ * with this prototype:
+ *
+ * void test_func(void);
+ */
+#define TEST_LIST const struct test__ test_list__[]
+
+/* Macros for testing whether an unit test succeeds or fails. These macros
+ * can be used arbitrarily in functions implementing the unit tests.
+ *
+ * If any condition fails throughout execution of a test, the test fails.
+ *
+ * TEST_CHECK takes only one argument (the condition), TEST_CHECK_ allows
+ * also to specify an error message to print out if the condition fails.
+ * (It expects printf-like format string and its parameters). The macros
+ * return non-zero (condition passes) or 0 (condition fails).
+ *
+ * That can be useful when more conditions should be checked only if some
+ * preceding condition passes, as illustrated in this code snippet:
+ *
+ * SomeStruct* ptr = allocate_some_struct();
+ * if(TEST_CHECK(ptr != NULL)) {
+ * TEST_CHECK(ptr->member1 < 100);
+ * TEST_CHECK(ptr->member2 > 200);
+ * }
+ */
+#define TEST_CHECK_(cond, ...) \
+ test_check__((cond), __FILE__, __LINE__, __VA_ARGS__)
+#define TEST_CHECK(cond) test_check__((cond), __FILE__, __LINE__, "%s", #cond)
+
+/**********************
+ *** Implementation ***
+ **********************/
+
+/* The unit test files should not rely on anything below. */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__)
+#define CUTEST_UNIX__ 1
+#include <errno.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <signal.h>
+#endif
+
+#if defined(_WIN32) || defined(__WIN32__) || defined(__WINDOWS__)
+#define CUTEST_WIN__ 1
+#include <windows.h>
+#include <io.h>
+#endif
+
+#ifdef __cplusplus
+#include <exception>
+#endif
+
+/* Note our global private identifiers end with '__' to mitigate risk of clash
+ * with the unit tests implementation. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct test__ {
+ const char *name;
+ void (*func)(void);
+};
+
+extern const struct test__ test_list__[];
+
+int test_check__(int cond, const char *file, int line, const char *fmt, ...);
+
+#ifndef TEST_NO_MAIN
+
+static char *test_argv0__ = NULL;
+static int test_count__ = 0;
+static int test_no_exec__ = 0;
+static int test_no_summary__ = 0;
+static int test_skip_mode__ = 0;
+
+static int test_stat_failed_units__ = 0;
+static int test_stat_run_units__ = 0;
+
+static const struct test__ *test_current_unit__ = NULL;
+static int test_current_already_logged__ = 0;
+static int test_verbose_level__ = 2;
+static int test_current_failures__ = 0;
+static int test_colorize__ = 0;
+
+#define CUTEST_COLOR_DEFAULT__ 0
+#define CUTEST_COLOR_GREEN__ 1
+#define CUTEST_COLOR_RED__ 2
+#define CUTEST_COLOR_DEFAULT_INTENSIVE__ 3
+#define CUTEST_COLOR_GREEN_INTENSIVE__ 4
+#define CUTEST_COLOR_RED_INTENSIVE__ 5
+
+static size_t test_print_in_color__(int color, const char *fmt, ...)
+{
+ va_list args;
+ char buffer[256];
+ size_t n;
+
+ va_start(args, fmt);
+ vsnprintf(buffer, sizeof(buffer), fmt, args);
+ va_end(args);
+ buffer[sizeof(buffer) - 1] = '\0';
+
+ if (!test_colorize__) {
+ return printf("%s", buffer);
+ }
+
+#if defined CUTEST_UNIX__
+ {
+ const char *col_str;
+ switch (color) {
+ case CUTEST_COLOR_GREEN__:
+ col_str = "\033[0;32m";
+ break;
+ case CUTEST_COLOR_RED__:
+ col_str = "\033[0;31m";
+ break;
+ case CUTEST_COLOR_GREEN_INTENSIVE__:
+ col_str = "\033[1;32m";
+ break;
+ case CUTEST_COLOR_RED_INTENSIVE__:
+ col_str = "\033[1;30m";
+ break;
+ case CUTEST_COLOR_DEFAULT_INTENSIVE__:
+ col_str = "\033[1m";
+ break;
+ default:
+ col_str = "\033[0m";
+ break;
+ }
+ printf("%s", col_str);
+ n = printf("%s", buffer);
+ printf("\033[0m");
+ return n;
+ }
+#elif defined CUTEST_WIN__
+ {
+ HANDLE h;
+ CONSOLE_SCREEN_BUFFER_INFO info;
+ WORD attr;
+
+ h = GetStdHandle(STD_OUTPUT_HANDLE);
+ GetConsoleScreenBufferInfo(h, &info);
+
+ switch (color) {
+ case CUTEST_COLOR_GREEN__:
+ attr = FOREGROUND_GREEN;
+ break;
+ case CUTEST_COLOR_RED__:
+ attr = FOREGROUND_RED;
+ break;
+ case CUTEST_COLOR_GREEN_INTENSIVE__:
+ attr = FOREGROUND_GREEN | FOREGROUND_INTENSITY;
+ break;
+ case CUTEST_COLOR_RED_INTENSIVE__:
+ attr = FOREGROUND_RED | FOREGROUND_INTENSITY;
+ break;
+ case CUTEST_COLOR_DEFAULT_INTENSIVE__:
+ attr = FOREGROUND_BLUE | FOREGROUND_GREEN | FOREGROUND_RED |
+ FOREGROUND_INTENSITY;
+ break;
+ default:
+ attr = 0;
+ break;
+ }
+ if (attr != 0)
+ SetConsoleTextAttribute(h, attr);
+ n = printf("%s", buffer);
+ SetConsoleTextAttribute(h, info.wAttributes);
+ return n;
+ }
+#else
+ n = printf("%s", buffer);
+ return n;
+#endif
+}
+
+int test_check__(int cond, const char *file, int line, const char *fmt, ...)
+{
+ const char *result_str;
+ int result_color;
+ int verbose_level;
+
+ if (cond) {
+ result_str = "ok";
+ result_color = CUTEST_COLOR_GREEN__;
+ verbose_level = 3;
+ } else {
+ if (!test_current_already_logged__ && test_current_unit__ != NULL) {
+ printf("[ ");
+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "FAILED");
+ printf(" ]\n");
+ }
+ result_str = "failed";
+ result_color = CUTEST_COLOR_RED__;
+ verbose_level = 2;
+ test_current_failures__++;
+ test_current_already_logged__++;
+ }
+
+ if (test_verbose_level__ >= verbose_level) {
+ size_t n = 0;
+ va_list args;
+
+ printf(" ");
+
+ if (file != NULL)
+ n += printf("%s:%d: Check ", file, line);
+
+ va_start(args, fmt);
+ n += vprintf(fmt, args);
+ va_end(args);
+
+ printf("... ");
+ test_print_in_color__(result_color, result_str);
+ printf("\n");
+ test_current_already_logged__++;
+ }
+
+ return (cond != 0);
+}
+
+static void test_list_names__(void)
+{
+ const struct test__ *test;
+
+ printf("Unit tests:\n");
+ for (test = &test_list__[0]; test->func != NULL; test++)
+ printf(" %s\n", test->name);
+}
+
+static const struct test__ *test_by_name__(const char *name)
+{
+ const struct test__ *test;
+
+ for (test = &test_list__[0]; test->func != NULL; test++) {
+ if (strcmp(test->name, name) == 0)
+ return test;
+ }
+
+ return NULL;
+}
+
+/* Call directly the given test unit function. */
+static int test_do_run__(const struct test__ *test)
+{
+ test_current_unit__ = test;
+ test_current_failures__ = 0;
+ test_current_already_logged__ = 0;
+
+ if (test_verbose_level__ >= 3) {
+ test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "Test %s:\n",
+ test->name);
+ test_current_already_logged__++;
+ } else if (test_verbose_level__ >= 1) {
+ size_t n;
+ char spaces[32];
+
+ n = test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__,
+ "Test %s... ", test->name);
+ memset(spaces, ' ', sizeof(spaces));
+ if (n < sizeof(spaces))
+ printf("%.*s", (int)(sizeof(spaces) - n), spaces);
+ } else {
+ test_current_already_logged__ = 1;
+ }
+
+#ifdef __cplusplus
+ try {
+#endif
+
+ /* This is good to do for case the test unit e.g. crashes. */
+ fflush(stdout);
+ fflush(stderr);
+
+ test->func();
+
+#ifdef __cplusplus
+ } catch (std::exception &e) {
+ const char *what = e.what();
+ if (what != NULL)
+ test_check__(0, NULL, 0, "Threw std::exception: %s", what);
+ else
+ test_check__(0, NULL, 0, "Threw std::exception");
+ } catch (...) {
+ test_check__(0, NULL, 0, "Threw an exception");
+ }
+#endif
+
+ if (test_verbose_level__ >= 3) {
+ switch (test_current_failures__) {
+ case 0:
+ test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__,
+ " All conditions have passed.\n\n");
+ break;
+ case 1:
+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__,
+ " One condition has FAILED.\n\n");
+ break;
+ default:
+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__,
+ " %d conditions have FAILED.\n\n",
+ test_current_failures__);
+ break;
+ }
+ } else if (test_verbose_level__ >= 1 && test_current_failures__ == 0) {
+ printf("[ ");
+ test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, "OK");
+ printf(" ]\n");
+ }
+
+ test_current_unit__ = NULL;
+ return (test_current_failures__ == 0) ? 0 : -1;
+}
+
+#if defined(CUTEST_UNIX__) || defined(CUTEST_WIN__)
+/* Called if anything goes bad in cutest, or if the unit test ends in other
+ * way then by normal returning from its function (e.g. exception or some
+ * abnormal child process termination). */
+static void test_error__(const char *fmt, ...)
+{
+ va_list args;
+
+ if (test_verbose_level__ == 0)
+ return;
+
+ if (test_verbose_level__ <= 2 && !test_current_already_logged__ &&
+ test_current_unit__ != NULL) {
+ printf("[ ");
+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "FAILED");
+ printf(" ]\n");
+ }
+
+ if (test_verbose_level__ >= 2) {
+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " Error: ");
+ va_start(args, fmt);
+ vprintf(fmt, args);
+ va_end(args);
+ printf("\n");
+ }
+}
+#endif
+
+/* Trigger the unit test. If possible (and not suppressed) it starts a child
+ * process who calls test_do_run__(), otherwise it calls test_do_run__()
+ * directly. */
+static void test_run__(const struct test__ *test)
+{
+ int failed = 1;
+
+ test_current_unit__ = test;
+ test_current_already_logged__ = 0;
+
+ if (!test_no_exec__) {
+#if defined(CUTEST_UNIX__)
+
+ pid_t pid;
+ int exit_code;
+
+ pid = fork();
+ if (pid == (pid_t)-1) {
+ test_error__("Cannot fork. %s [%d]", strerror(errno), errno);
+ failed = 1;
+ } else if (pid == 0) {
+ /* Child: Do the test. */
+ failed = (test_do_run__(test) != 0);
+ exit(failed ? 1 : 0);
+ } else {
+ /* Parent: Wait until child terminates and analyze its exit code. */
+ waitpid(pid, &exit_code, 0);
+ if (WIFEXITED(exit_code)) {
+ switch (WEXITSTATUS(exit_code)) {
+ case 0:
+ failed = 0;
+ break; /* test has passed. */
+ case 1: /* noop */
+ break; /* "normal" failure. */
+ default:
+ test_error__("Unexpected exit code [%d]",
+ WEXITSTATUS(exit_code));
+ }
+ } else if (WIFSIGNALED(exit_code)) {
+ char tmp[32];
+ const char *signame;
+ switch (WTERMSIG(exit_code)) {
+ case SIGINT:
+ signame = "SIGINT";
+ break;
+ case SIGHUP:
+ signame = "SIGHUP";
+ break;
+ case SIGQUIT:
+ signame = "SIGQUIT";
+ break;
+ case SIGABRT:
+ signame = "SIGABRT";
+ break;
+ case SIGKILL:
+ signame = "SIGKILL";
+ break;
+ case SIGSEGV:
+ signame = "SIGSEGV";
+ break;
+ case SIGILL:
+ signame = "SIGILL";
+ break;
+ case SIGTERM:
+ signame = "SIGTERM";
+ break;
+ default:
+ sprintf(tmp, "signal %d", WTERMSIG(exit_code));
+ signame = tmp;
+ break;
+ }
+ test_error__("Test interrupted by %s", signame);
+ } else {
+ test_error__("Test ended in an unexpected way [%d]", exit_code);
+ }
+ }
+
+#elif defined(CUTEST_WIN__)
+
+ char buffer[512] = { 0 };
+ STARTUPINFOA startupInfo = { 0 };
+ PROCESS_INFORMATION processInfo;
+ DWORD exitCode;
+
+ /* Windows has no fork(). So we propagate all info into the child
+ * through a command line arguments. */
+ _snprintf(buffer, sizeof(buffer) - 1,
+ "%s --no-exec --no-summary --verbose=%d --color=%s -- \"%s\"",
+ test_argv0__, test_verbose_level__,
+ test_colorize__ ? "always" : "never", test->name);
+ startupInfo.cb = sizeof(STARTUPINFO);
+ if (CreateProcessA(NULL, buffer, NULL, NULL, FALSE, 0, NULL, NULL,
+ &startupInfo, &processInfo)) {
+ WaitForSingleObject(processInfo.hProcess, INFINITE);
+ GetExitCodeProcess(processInfo.hProcess, &exitCode);
+ CloseHandle(processInfo.hThread);
+ CloseHandle(processInfo.hProcess);
+ failed = (exitCode != 0);
+ } else {
+ test_error__("Cannot create unit test subprocess [%ld].",
+ GetLastError());
+ failed = 1;
+ }
+
+#else
+
+ /* A platform where we don't know how to run child process. */
+ failed = (test_do_run__(test) != 0);
+
+#endif
+
+ } else {
+ /* Child processes suppressed through --no-exec. */
+ failed = (test_do_run__(test) != 0);
+ }
+
+ test_current_unit__ = NULL;
+
+ test_stat_run_units__++;
+ if (failed)
+ test_stat_failed_units__++;
+}
+
+#if defined(CUTEST_WIN__)
+/* Callback for SEH events. */
+static LONG CALLBACK test_exception_filter__(EXCEPTION_POINTERS *ptrs)
+{
+ test_error__("Unhandled SEH exception %08lx at %p.",
+ ptrs->ExceptionRecord->ExceptionCode,
+ ptrs->ExceptionRecord->ExceptionAddress);
+ fflush(stdout);
+ fflush(stderr);
+ return EXCEPTION_EXECUTE_HANDLER;
+}
+#endif
+
+static void test_help__(void)
+{
+ printf("Usage: %s [options] [test...]\n", test_argv0__);
+ printf("Run the specified unit tests; or if the option '--skip' is used, "
+ "run all\n");
+ printf("tests in the suite but those listed. By default, if no tests are "
+ "specified\n");
+ printf("on the command line, all unit tests in the suite are run.\n");
+ printf("\n");
+ printf("Options:\n");
+ printf(
+ " -s, --skip Execute all unit tests but the listed ones\n");
+ printf(" --no-exec Do not execute unit tests as child "
+ "processes\n");
+ printf(
+ " --no-summary Suppress printing of test results summary\n");
+ printf(" -l, --list List unit tests in the suite and exit\n");
+ printf(" -v, --verbose Enable more verbose output\n");
+ printf(" --verbose=LEVEL Set verbose level to LEVEL:\n");
+ printf(" 0 ... Be silent\n");
+ printf(" 1 ... Output one line per test (and "
+ "summary)\n");
+ printf(" 2 ... As 1 and failed conditions (this "
+ "is default)\n");
+ printf(" 3 ... As 1 and all conditions (and "
+ "extended summary)\n");
+ printf(" --color=WHEN Enable colorized output (WHEN is one of "
+ "'auto', 'always', 'never')\n");
+ printf(" -h, --help Display this help and exit\n");
+ printf("\n");
+ test_list_names__();
+}
+
+int main(int argc, char **argv)
+{
+ const struct test__ **tests = NULL;
+ int i, j, n = 0;
+ int seen_double_dash = 0;
+
+ test_argv0__ = argv[0];
+
+#if defined CUTEST_UNIX__
+ test_colorize__ = isatty(STDOUT_FILENO);
+#elif defined CUTEST_WIN__
+ test_colorize__ = _isatty(_fileno(stdout));
+#else
+ test_colorize__ = 0;
+#endif
+
+ /* Parse options */
+ for (i = 1; i < argc; i++) {
+ if (seen_double_dash || argv[i][0] != '-') {
+ tests = (const struct test__ **)realloc(
+ (void *)tests, (n + 1) * sizeof(const struct test__ *));
+ if (tests == NULL) {
+ fprintf(stderr, "Out of memory.\n");
+ exit(2);
+ }
+ tests[n] = test_by_name__(argv[i]);
+ if (tests[n] == NULL) {
+ fprintf(stderr, "%s: Unrecognized unit test '%s'\n", argv[0],
+ argv[i]);
+ fprintf(stderr, "Try '%s --list' for list of unit tests.\n",
+ argv[0]);
+ exit(2);
+ }
+ n++;
+ } else if (strcmp(argv[i], "--") == 0) {
+ seen_double_dash = 1;
+ } else if (strcmp(argv[i], "--help") == 0 ||
+ strcmp(argv[i], "-h") == 0) {
+ test_help__();
+ exit(0);
+ } else if (strcmp(argv[i], "--verbose") == 0 ||
+ strcmp(argv[i], "-v") == 0) {
+ test_verbose_level__++;
+ } else if (strncmp(argv[i], "--verbose=", 10) == 0) {
+ test_verbose_level__ = atoi(argv[i] + 10);
+ } else if (strcmp(argv[i], "--color=auto") == 0) {
+ /* noop (set from above) */
+ } else if (strcmp(argv[i], "--color=always") == 0 ||
+ strcmp(argv[i], "--color") == 0) {
+ test_colorize__ = 1;
+ } else if (strcmp(argv[i], "--color=never") == 0) {
+ test_colorize__ = 0;
+ } else if (strcmp(argv[i], "--skip") == 0 ||
+ strcmp(argv[i], "-s") == 0) {
+ test_skip_mode__ = 1;
+ } else if (strcmp(argv[i], "--no-exec") == 0) {
+ test_no_exec__ = 1;
+ } else if (strcmp(argv[i], "--no-summary") == 0) {
+ test_no_summary__ = 1;
+ } else if (strcmp(argv[i], "--list") == 0 ||
+ strcmp(argv[i], "-l") == 0) {
+ test_list_names__();
+ exit(0);
+ } else {
+ fprintf(stderr, "%s: Unrecognized option '%s'\n", argv[0], argv[i]);
+ fprintf(stderr, "Try '%s --help' for more information.\n", argv[0]);
+ exit(2);
+ }
+ }
+
+#if defined(CUTEST_WIN__)
+ SetUnhandledExceptionFilter(test_exception_filter__);
+#endif
+
+ /* Count all test units */
+ test_count__ = 0;
+ for (i = 0; test_list__[i].func != NULL; i++)
+ test_count__++;
+
+ /* Run the tests */
+ if (n == 0) {
+ /* Run all tests */
+ for (i = 0; test_list__[i].func != NULL; i++)
+ test_run__(&test_list__[i]);
+ } else if (!test_skip_mode__) {
+ /* Run the listed tests */
+ for (i = 0; i < n; i++)
+ test_run__(tests[i]);
+ } else {
+ /* Run all tests except those listed */
+ for (i = 0; test_list__[i].func != NULL; i++) {
+ int want_skip = 0;
+ for (j = 0; j < n; j++) {
+ if (tests[j] == &test_list__[i]) {
+ want_skip = 1;
+ break;
+ }
+ }
+ if (!want_skip)
+ test_run__(&test_list__[i]);
+ }
+ }
+
+ /* Write a summary */
+ if (!test_no_summary__ && test_verbose_level__ >= 1) {
+ test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "\nSummary:\n");
+
+ if (test_verbose_level__ >= 3) {
+ printf(" Count of all unit tests: %4d\n", test_count__);
+ printf(" Count of run unit tests: %4d\n",
+ test_stat_run_units__);
+ printf(" Count of failed unit tests: %4d\n",
+ test_stat_failed_units__);
+ printf(" Count of skipped unit tests: %4d\n",
+ test_count__ - test_stat_run_units__);
+ }
+
+ if (test_stat_failed_units__ == 0) {
+ test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__,
+ " SUCCESS: All unit tests have passed.\n");
+ } else {
+ test_print_in_color__(
+ CUTEST_COLOR_RED_INTENSIVE__,
+ " FAILED: %d of %d unit tests have failed.\n",
+ test_stat_failed_units__, test_stat_run_units__);
+ }
+ }
+
+ if (tests != NULL)
+ free((void *)tests);
+
+ return (test_stat_failed_units__ == 0) ? 0 : 1;
+}
+
+#endif /* #ifndef TEST_NO_MAIN */
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* #ifndef CUTEST_H__ */
diff --git a/test/datatypes_driver.c b/test/datatypes_driver.c
deleted file mode 100644
index 1e315b6..0000000
--- a/test/datatypes_driver.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/*
- * datatypes_driver.c
- *
- * a test driver for crypto/math datatypes
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2005, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include <stdio.h> /* for printf() */
-#include <string.h> /* for strlen() */
-#include "datatypes.h"
-
-void
-byte_order();
-
-void
-test_hex_string_funcs();
-
-void
-print_string(octet_t *s);
-
-void
-test_bswap();
-
-int
-main () {
-
- /*
- * this program includes various and sundry tests for fundamental
- * datatypes. it's a grab-bag of throwaway code, retained only in
- * case of future problems
- */
-
- int i, j;
- v128_t x;
- octet_t *r =
- "The Moving Finger writes; and, having writ,\n"
- "Moves on: nor all thy Piety nor Wit\n"
- "Shall lure it back to cancel half a Line,\n"
- "Nor all thy Tears wash out a Word of it.";
- octet_t *s = "incomplet";
-
- print_string(r);
- print_string(s);
-
- byte_order();
- test_hex_string_funcs();
-
- for (j=0; j < 128; j++) {
- v128_set_to_zero(&x);
- /* x.v32[0] = (1 << j); */
- v128_set_bit(&x, j);
- printf("%s\n", v128_bit_string(&x));
- v128_clear_bit(&x, j);
- printf("%s\n", v128_bit_string(&x));
-
- }
-
- printf("----------------------------------------------\n");
- v128_set_to_zero(&x);
- for (i=0; i < 128; i++) {
- v128_set_bit(&x, i);
- }
- printf("%s\n", v128_bit_string(&x));
-
- printf("----------------------------------------------\n");
- v128_set_to_zero(&x);
- v128_set_bit(&x, 0);
- for (i=0; i < 128; i++) {
- printf("%s\n", v128_bit_string(&x));
- v128_right_shift(&x, 1);
- }
- printf("----------------------------------------------\n");
- v128_set_to_zero(&x);
- v128_set_bit(&x, 127);
- for (i=0; i < 128; i++) {
- printf("%s\n", v128_bit_string(&x));
- v128_left_shift(&x, 1);
- }
- printf("----------------------------------------------\n");
- for (i=0; i < 128; i++) {
- v128_set_to_zero(&x);
- v128_set_bit(&x, 127);
- v128_left_shift(&x, i);
- printf("%s\n", v128_bit_string(&x));
- }
- printf("----------------------------------------------\n");
- v128_set_to_zero(&x);
- for (i=0; i < 128; i+=2) {
- v128_set_bit(&x, i);
- }
- printf("bit_string: { %s }\n", v128_bit_string(&x));
- printf("get_bit: { ");
- for (i=0; i < 128; i++) {
- if (v128_get_bit(&x, i) == 1)
- printf("1");
- else
- printf("0");
- }
- printf(" } \n");
-
- test_bswap();
-
- return 0;
-}
-
-
-/* byte_order() prints out byte ordering of datatypes */
-
-void
-byte_order() {
- int i;
- v128_t e;
-#if 0
- v16_t b;
- v32_t c;
- v64_t d;
-
- for (i=0; i < sizeof(b); i++)
- b.octet[i] = i;
- for (i=0; i < sizeof(c); i++)
- c.octet[i] = i;
- for (i=0; i < sizeof(d); i++)
- d.octet[i] = i;
-
- printf("v128_t:\t%s\n", v128_hex_string(&e));
- printf("v64_t:\t%s\n", v64_hex_string(&d));
- printf("v32_t:\t%s\n", v32_hex_string(c));
- printf("v16_t:\t%s\n", v16_hex_string(b));
-
- c.value = 0x01020304;
- printf("v32_t:\t%s\n", v32_hex_string(c));
- b.value = 0x0102;
- printf("v16_t:\t%s\n", v16_hex_string(b));
-
- printf("uint16_t ordering:\n");
-
- c.value = 0x00010002;
- printf("v32_t:\t%x%x\n", c.v16[0], c.v16[1]);
-#endif
-
- printf("byte ordering of crypto/math datatypes:\n");
- for (i=0; i < sizeof(e); i++)
- e.octet[i] = i;
- printf("v128_t: %s\n", v128_hex_string(&e));
-
-}
-
-void
-test_hex_string_funcs() {
- octet_t hex1[] = "abadcafe";
- octet_t hex2[] = "0123456789abcdefqqqqq";
- octet_t raw[10];
- int len;
-
- len = hex_string_to_octet_string(raw, hex1, strlen(hex1));
- printf("computed length: %d\tstring: %s\n", len,
- octet_string_hex_string(raw, len));
- printf("expected length: %u\tstring: %s\n", (unsigned)strlen(hex1), hex1);
-
- len = hex_string_to_octet_string(raw, hex2, strlen(hex2));
- printf("computed length: %d\tstring: %s\n", len,
- octet_string_hex_string(raw, len));
- printf("expected length: %d\tstring: %s\n", 16, "0123456789abcdef");
-
-}
-
-void
-print_string(octet_t *s) {
- int i;
- printf("%s\n", s);
- printf("strlen(s) = %u\n", (unsigned)strlen(s));
- printf("{ ");
- for (i=0; i < strlen(s); i++) {
- printf("0x%x, ", s[i]);
- if (((i+1) % 8) == 0)
- printf("\n ");
- }
- printf("}\n");
-}
-
-void
-test_bswap() {
- uint32_t x = 0x11223344;
- uint64_t y = 0x1122334455667788LL;
-
- printf("before: %0x\nafter: %0x\n", x, bswap_32(x));
- printf("before: %0llx\nafter: %0llx\n", y, bswap_64(y));
-
- y = 1234;
-
- printf("1234: %0llx\n", y);
- printf("as octet string: %s\n",
- octet_string_hex_string((octet_t *) &y, 8));
- y = bswap_64(y);
- printf("bswapped octet string: %s\n",
- octet_string_hex_string((octet_t *) &y, 8));
-
-}
diff --git a/test/dtls_srtp_driver.c b/test/dtls_srtp_driver.c
new file mode 100644
index 0000000..4f4d0a3
--- /dev/null
+++ b/test/dtls_srtp_driver.c
@@ -0,0 +1,261 @@
+/*
+ * dtls_srtp_driver.c
+ *
+ * test driver for DTLS-SRTP functions
+ *
+ * David McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h> /* for printf() */
+#include "getopt_s.h" /* for local getopt() */
+#include "srtp_priv.h"
+
+srtp_err_status_t test_dtls_srtp(void);
+
+srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc);
+
+void usage(char *prog_name)
+{
+ printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n"
+ " -d <mod> turn on debugging module <mod>\n"
+ " -l list debugging modules\n",
+ prog_name);
+ exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+ unsigned do_list_mods = 0;
+ int q;
+ srtp_err_status_t err;
+
+ printf("dtls_srtp_driver\n");
+
+ /* initialize srtp library */
+ err = srtp_init();
+ if (err) {
+ printf("error: srtp init failed with error code %d\n", err);
+ exit(1);
+ }
+
+ /* process input arguments */
+ while (1) {
+ q = getopt_s(argc, argv, "ld:");
+ if (q == -1)
+ break;
+ switch (q) {
+ case 'l':
+ do_list_mods = 1;
+ break;
+ case 'd':
+ err = srtp_crypto_kernel_set_debug_module(optarg_s, 1);
+ if (err) {
+ printf("error: set debug module (%s) failed\n", optarg_s);
+ exit(1);
+ }
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (do_list_mods) {
+ err = srtp_crypto_kernel_list_debug_modules();
+ if (err) {
+ printf("error: list of debug modules failed\n");
+ exit(1);
+ }
+ }
+
+ printf("testing dtls_srtp...");
+ err = test_dtls_srtp();
+ if (err) {
+ printf("\nerror (code %d)\n", err);
+ exit(1);
+ }
+ printf("passed\n");
+
+ /* shut down srtp library */
+ err = srtp_shutdown();
+ if (err) {
+ printf("error: srtp shutdown failed with error code %d\n", err);
+ exit(1);
+ }
+
+ return 0;
+}
+
+srtp_err_status_t test_dtls_srtp(void)
+{
+ srtp_hdr_t *test_packet;
+ int test_packet_len = 80;
+ srtp_t s;
+ srtp_policy_t policy;
+ uint8_t key[SRTP_MAX_KEY_LEN];
+ uint8_t salt[SRTP_MAX_KEY_LEN];
+ unsigned int key_len, salt_len;
+ srtp_profile_t profile;
+ srtp_err_status_t err;
+
+ memset(&policy, 0x0, sizeof(srtp_policy_t));
+
+ /* create a 'null' SRTP session */
+ err = srtp_create(&s, NULL);
+ if (err)
+ return err;
+
+ /*
+ * verify that packet-processing functions behave properly - we
+ * expect that these functions will return srtp_err_status_no_ctx
+ */
+ test_packet = srtp_create_test_packet(80, 0xa5a5a5a5);
+ if (test_packet == NULL)
+ return srtp_err_status_alloc_fail;
+
+ err = srtp_protect(s, test_packet, &test_packet_len);
+ if (err != srtp_err_status_no_ctx) {
+ printf("wrong return value from srtp_protect() (got code %d)\n", err);
+ return srtp_err_status_fail;
+ }
+
+ err = srtp_unprotect(s, test_packet, &test_packet_len);
+ if (err != srtp_err_status_no_ctx) {
+ printf("wrong return value from srtp_unprotect() (got code %d)\n", err);
+ return srtp_err_status_fail;
+ }
+
+ err = srtp_protect_rtcp(s, test_packet, &test_packet_len);
+ if (err != srtp_err_status_no_ctx) {
+ printf("wrong return value from srtp_protect_rtcp() (got code %d)\n",
+ err);
+ return srtp_err_status_fail;
+ }
+
+ err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len);
+ if (err != srtp_err_status_no_ctx) {
+ printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n",
+ err);
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * set keys to known values for testing
+ */
+ profile = srtp_profile_aes128_cm_sha1_80;
+ key_len = srtp_profile_get_master_key_length(profile);
+ salt_len = srtp_profile_get_master_salt_length(profile);
+ memset(key, 0xff, key_len);
+ memset(salt, 0xee, salt_len);
+ srtp_append_salt_to_key(key, key_len, salt, salt_len);
+ policy.key = key;
+
+ /* initialize SRTP policy from profile */
+ err = srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile);
+ if (err)
+ return err;
+ err = srtp_crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile);
+ if (err)
+ return err;
+ policy.ssrc.type = ssrc_any_inbound;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ err = srtp_add_stream(s, &policy);
+ if (err)
+ return err;
+
+ err = srtp_dealloc(s);
+ if (err)
+ return err;
+
+ free(test_packet);
+
+ return srtp_err_status_ok;
+}
+
+/*
+ * srtp_create_test_packet(len, ssrc) returns a pointer to a
+ * (malloced) example RTP packet whose data field has the length given
+ * by pkt_octet_len and the SSRC value ssrc. The total length of the
+ * packet is twelve octets longer, since the header is at the
+ * beginning. There is room at the end of the packet for a trailer,
+ * and the four octets following the packet are filled with 0xff
+ * values to enable testing for overwrites.
+ *
+ * note that the location of the test packet can (and should) be
+ * deallocated with the free() call once it is no longer needed.
+ */
+
+srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc)
+{
+ int i;
+ uint8_t *buffer;
+ srtp_hdr_t *hdr;
+ int bytes_in_hdr = 12;
+
+ /* allocate memory for test packet */
+ hdr = malloc(pkt_octet_len + bytes_in_hdr + SRTP_MAX_TRAILER_LEN + 4);
+ if (!hdr)
+ return NULL;
+
+ hdr->version = 2; /* RTP version two */
+ hdr->p = 0; /* no padding needed */
+ hdr->x = 0; /* no header extension */
+ hdr->cc = 0; /* no CSRCs */
+ hdr->m = 0; /* marker bit */
+ hdr->pt = 0xf; /* payload type */
+ hdr->seq = htons(0x1234); /* sequence number */
+ hdr->ts = htonl(0xdecafbad); /* timestamp */
+ hdr->ssrc = htonl(ssrc); /* synch. source */
+
+ buffer = (uint8_t *)hdr;
+ buffer += bytes_in_hdr;
+
+ /* set RTP data to 0xab */
+ for (i = 0; i < pkt_octet_len; i++)
+ *buffer++ = 0xab;
+
+ /* set post-data value to 0xffff to enable overrun checking */
+ for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++)
+ *buffer++ = 0xff;
+
+ return hdr;
+}
diff --git a/test/getopt_s.c b/test/getopt_s.c
new file mode 100644
index 0000000..e0bd7f7
--- /dev/null
+++ b/test/getopt_s.c
@@ -0,0 +1,109 @@
+/*
+ * getopt.c
+ *
+ * a minimal implementation of the getopt() function, written so that
+ * test applications that use that function can run on non-POSIX
+ * platforms
+ *
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdlib.h> /* for NULL */
+
+int optind_s = 0;
+
+char *optarg_s;
+
+#define GETOPT_FOUND_WITHOUT_ARGUMENT 2
+#define GETOPT_FOUND_WITH_ARGUMENT 1
+#define GETOPT_NOT_FOUND 0
+
+static int getopt_check_character(char c, const char *string)
+{
+ unsigned int max_string_len = 128;
+
+ while (*string != 0) {
+ if (max_string_len == 0) {
+ return GETOPT_NOT_FOUND;
+ }
+ max_string_len--;
+ if (*string++ == c) {
+ if (*string == ':') {
+ return GETOPT_FOUND_WITH_ARGUMENT;
+ } else {
+ return GETOPT_FOUND_WITHOUT_ARGUMENT;
+ }
+ }
+ }
+ return GETOPT_NOT_FOUND;
+}
+
+int getopt_s(int argc, char *const argv[], const char *optstring)
+{
+ while (optind_s + 1 < argc) {
+ char *string;
+
+ /* move 'string' on to next argument */
+ optind_s++;
+ string = argv[optind_s];
+
+ if (string == NULL)
+ return '?'; /* NULL argument string */
+
+ if (string[0] != '-')
+ return -1; /* found an unexpected character */
+
+ switch (getopt_check_character(string[1], optstring)) {
+ case GETOPT_FOUND_WITH_ARGUMENT:
+ if (optind_s + 1 < argc) {
+ optind_s++;
+ optarg_s = argv[optind_s];
+ return string[1];
+ } else {
+ return '?'; /* argument missing */
+ }
+ case GETOPT_FOUND_WITHOUT_ARGUMENT:
+ return string[1];
+ case GETOPT_NOT_FOUND:
+ default:
+ return '?'; /* didn't find expected character */
+ break;
+ }
+ }
+
+ return -1;
+}
diff --git a/test/kernel_driver.c b/test/kernel_driver.c
deleted file mode 100644
index d26d4c5..0000000
--- a/test/kernel_driver.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * kernel_driver.c
- *
- * a test driver for the crypto_kernel
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2005 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include <stdio.h> /* for printf() */
-#include <unistd.h> /* for getopt() */
-#include "crypto_kernel.h"
-
-void
-usage(char *prog_name) {
- printf("usage: %s [ -v ][ -d debug_module ]*\n", prog_name);
- exit(255);
-}
-
-int
-main (int argc, char *argv[]) {
- extern char *optarg;
- char q;
- int do_validation = 0;
- err_status_t status;
-
- if (argc == 1)
- usage(argv[0]);
-
- /* initialize kernel - we need to do this before anything else */
- status = crypto_kernel_init();
- if (status) {
- printf("error: crypto_kernel init failed\n");
- exit(1);
- }
- printf("crypto_kernel successfully initalized\n");
-
- /* process input arguments */
- while (1) {
- q = getopt(argc, argv, "vd:");
- if (q == -1)
- break;
- switch (q) {
- case 'v':
- do_validation = 1;
- break;
- case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
- if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
- exit(1);
- }
- break;
- default:
- usage(argv[0]);
- }
- }
-
- if (do_validation) {
- printf("checking crypto_kernel status...\n");
- status = crypto_kernel_status();
- if (status) {
- printf("failed\n");
- exit(1);
- }
- printf("crypto_kernel passed self-tests\n");
- }
-
- status = crypto_kernel_shutdown();
- if (status) {
- printf("error: crypto_kernel shutdown failed\n");
- exit(1);
- }
- printf("crypto_kernel successfully shut down\n");
-
- return 0;
-}
-
-/*
- * crypto_kernel_cipher_test() is a test of the cipher interface
- * of the crypto_kernel
- */
-
-err_status_t
-crypto_kernel_cipher_test() {
-
- /* not implemented yet! */
-
- return err_status_ok;
-}
diff --git a/test/lfsr.c b/test/lfsr.c
deleted file mode 100644
index 28ea02e..0000000
--- a/test/lfsr.c
+++ /dev/null
@@ -1,310 +0,0 @@
-/*
- * lfsr.c
- *
- */
-
-
-#include <stdio.h>
-#include "datatypes.h"
-
-uint32_t
-parity(uint32_t x) {
-
- x ^= (x >> 16);
- x ^= (x >> 8);
- x ^= (x >> 4);
- x ^= (x >> 2);
- x ^= (x >> 1);
-
- return x & 1;
-}
-
-
-/* typedef struct { */
-/* uint32_t register[8]; */
-/* } lfsr_t; */
-
-void
-compute_period(uint32_t feedback_polynomial) {
- int i;
- v32_t lfsr;
- v32_t mask;
-
- mask.value = feedback_polynomial;
- lfsr.value = 1;
-
- printf("polynomial: %s\t", v32_bit_string(mask));
-
- for (i=0; i < 256; i++) {
-/* printf("%s\n", v32_bit_string(lfsr)); */
- if (parity(mask.value & lfsr.value))
- lfsr.value = ((lfsr.value << 1) | 1) & 0xff;
- else
- lfsr.value = (lfsr.value << 1) & 0xff;
-
- /* now halt if we're back at the initial state */
- if (lfsr.value == 1) {
- printf("period: %d\n", i);
- break;
- }
- }
-}
-
-uint32_t poly0 = 223;
-
-
-uint32_t polynomials[39] = {
-31,
-47,
-55,
-59,
-61,
-79,
-87,
-91,
-103,
-107,
-109,
-115,
-117,
-121,
-143,
-151,
-157,
-167,
-171,
-173,
-179,
-181,
-185,
-199,
-203,
-205,
-211,
-213,
-227,
-229,
-233,
-241,
-127,
-191,
-223,
-239,
-247,
-251,
-253
-};
-
-char binary_string[32];
-
-char *
-u32_bit_string(uint32_t x, unsigned int length) {
- unsigned int mask;
- int index;
-
- mask = 1 << length;
- index = 0;
- for (; mask > 0; mask >>= 1)
- if ((x & mask) == 0)
- binary_string[index++] = '0';
- else
- binary_string[index++] = '1';
-
- binary_string[index++] = 0; /* NULL terminate string */
- return binary_string;
-}
-
-extern int octet_weight[256];
-
-unsigned int
-weight(uint32_t poly) {
- int wt = 0;
-
- /* note: endian-ness makes no difference */
- wt += octet_weight[poly & 0xff];
- wt += octet_weight[(poly >> 8) & 0xff];
- wt += octet_weight[(poly >> 16) & 0xff];
- wt += octet_weight[(poly >> 24)];
-
- return wt;
-}
-
-#define MAX_PERIOD 65535
-
-#define debug_print 0
-
-int
-period(uint32_t poly) {
- int i;
- uint32_t x;
-
-
- /* set lfsr to 1 */
- x = 1;
-#if debug_print
- printf("%d:\t%s\n", 0, u32_bit_string(x,8));
-#endif
- for (i=1; i < MAX_PERIOD; i++) {
- if (x & 1)
- x = (x >> 1) ^ poly;
- else
- x = (x >> 1);
-
-#if debug_print
- /* print for a sanity check */
- printf("%d:\t%s\n", i, u32_bit_string(x,8));
-#endif
-
- /* check for return to original value */
- if (x == 1)
- return i;
- }
- return i;
-}
-
-/*
- * weight distribution computes the weight distribution of the
- * code generated by the polynomial poly
- */
-
-#define MAX_LEN 8
-#define MAX_WEIGHT (1 << MAX_LEN)
-
-int A[MAX_WEIGHT+1];
-
-void
-weight_distribution2(uint32_t poly, int *A) {
- int i;
- uint32_t x;
-
- /* zeroize array */
- for (i=0; i < MAX_WEIGHT+1; i++)
- A[i] = 0;
-
- /* loop over all input sequences */
-
-
- /* set lfsr to 1 */
- x = 1;
-#if debug_print
- printf("%d:\t%s\n", 0, u32_bit_string(x,8));
-#endif
- for (i=1; i < MAX_PERIOD; i++) {
- if (x & 1)
- x = (x >> 1) ^ poly;
- else
- x = (x >> 1);
-
-#if debug_print
- /* print for a sanity check */
- printf("%d:\t%s\n", i, u32_bit_string(x,8));
-#endif
-
- /* increment weight */
- wt += (x & 1);
-
- /* check for return to original value */
- if (x == 1)
- break;
- }
-
- /* set zero */
- A[0] = 0;
-}
-
-
-void
-weight_distribution(uint32_t poly, int *A) {
- int i;
- uint32_t x;
-
- /* zeroize array */
- for (i=0; i < MAX_WEIGHT+1; i++)
- A[i] = 0;
-
- /* set lfsr to 1 */
- x = 1;
-#if debug_print
- printf("%d:\t%s\n", 0, u32_bit_string(x,8));
-#endif
- for (i=1; i < MAX_PERIOD; i++) {
- if (x & 1)
- x = (x >> 1) ^ poly;
- else
- x = (x >> 1);
-
-#if debug_print
- /* print for a sanity check */
- printf("%d:\t%s\n", i, u32_bit_string(x,8));
-#endif
-
- /* compute weight, increment proper element */
- A[weight(x)]++;
-
- /* check for return to original value */
- if (x == 1)
- break;
- }
-
- /* set zero */
- A[0] = 0;
-}
-
-
-
-
-int
-main () {
-
- int i,j;
- v32_t x;
- v32_t p;
-
- /* originally 0xaf */
- p.value = 0x9;
-
- printf("polynomial: %s\tperiod: %d\n",
- u32_bit_string(p.value,8), period(p.value));
-
- /* compute weight distribution */
- weight_distribution(p.value, A);
-
- /* print weight distribution */
- for (i=0; i <= 8; i++) {
- printf("A[%d]: %d\n", i, A[i]);
- }
-
-#if 0
- for (i=0; i < 39; i++) {
- printf("polynomial: %s\tperiod: %d\n",
- u32_bit_string(polynomials[i],8), period(polynomials[i]));
-
- /* compute weight distribution */
- weight_distribution(p.value, A);
-
- /* print weight distribution */
- for (j=0; j <= 8; j++) {
- printf("A[%d]: %d\n", j, A[j]);
- }
- }
-#endif
-
- {
- int bits = 8;
- uint32_t y;
- for (y=0; y < (1 << bits); y++) {
- printf("polynomial: %s\tweight: %d\tperiod: %d\n",
- u32_bit_string(y,bits), weight(y), period(y));
-
- /* compute weight distribution */
- weight_distribution(y, A);
-
- /* print weight distribution */
- for (j=0; j <= 8; j++) {
- printf("A[%d]: %d\n", j, A[j]);
- }
- }
- }
-
- return 0;
-}
diff --git a/test/rand_gen.c b/test/rand_gen.c
deleted file mode 100644
index c8fc4f3..0000000
--- a/test/rand_gen.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * rand_gen.c
- *
- * a random source (random number generator)
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2005 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include <stdio.h> /* for printf() */
-#include <unistd.h> /* for getopt() */
-#include "crypto_kernel.h"
-
-/*
- * MAX_PRINT_STRING_LEN is defined in datatypes.h, and is the length
- * of the largest hexadecimal string that can be generated by the
- * function octet_string_hex_string().
- */
-
-#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
-
-void
-usage(char *prog_name) {
- printf("usage: %s -n <num_bytes> [-l][ -d debug_module ]*\n"
- " -n <num> output <num> random bytes, where <num>"
- " is between zero and %d\n"
- " -l list the avaliable debug modules\n"
- " -d <mod> turn on debugging module <mod>\n",
- prog_name, BUF_LEN);
- exit(255);
-}
-
-int
-main (int argc, char *argv[]) {
- extern char *optarg;
- char q;
- int num_octets = 0;
- unsigned do_list_mods = 0;
- err_status_t status;
-
- if (argc == 1)
- usage(argv[0]);
-
- /* initialize kernel - we need to do this before anything else */
- status = crypto_kernel_init();
- if (status) {
- printf("error: crypto_kernel init failed\n");
- exit(1);
- }
-
- /* process input arguments */
- while (1) {
- q = getopt(argc, argv, "ld:n:");
- if (q == -1)
- break;
- switch (q) {
- case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
- if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
- exit(1);
- }
- break;
- case 'l':
- do_list_mods = 1;
- break;
- case 'n':
- num_octets = atoi(optarg);
- if (num_octets < 0 || num_octets > BUF_LEN)
- usage(argv[0]);
- break;
- default:
- usage(argv[0]);
- }
- }
-
- if (do_list_mods) {
- status = crypto_kernel_list_debug_modules();
- if (status) {
- printf("error: list of debug modules failed\n");
- exit(1);
- }
- }
-
- if (num_octets > 0) {
- octet_t buffer[BUF_LEN];
-
- status = crypto_get_random(buffer, num_octets);
- if (status) {
- printf("error: failure in random source\n");
- } else {
- printf("%s\n", octet_string_hex_string(buffer, num_octets));
- }
- }
-
- status = crypto_kernel_shutdown();
- if (status) {
- printf("error: crypto_kernel shutdown failed\n");
- exit(1);
- }
-
- return 0;
-}
-
diff --git a/test/rdbx_driver.c b/test/rdbx_driver.c
index 36639ea..df434a0 100644
--- a/test/rdbx_driver.c
+++ b/test/rdbx_driver.c
@@ -6,28 +6,27 @@
* David A. McGrew
* Cisco Systems, Inc.
*/
-
/*
- *
- * Copyright (c) 2001-2005, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,264 +42,319 @@
*
*/
-#include <stdio.h> /* for printf() */
-#include <unistd.h> /* for getopt() */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h> /* for printf() */
+#include "getopt_s.h" /* for local getopt() */
#include "rdbx.h"
+#include "cipher_priv.h"
#ifdef ROC_TEST
-#error "rdbx_t won't work with ROC_TEST - bitmask same size as seq_median"
+#error "srtp_rdbx_t won't work with ROC_TEST - bitmask same size as seq_median"
#endif
#include "ut_sim.h"
-err_status_t
-test_replay_dbx(int num_trials);
+srtp_err_status_t test_replay_dbx(int num_trials, unsigned long ws);
-double
-rdbx_check_adds_per_second(int num_trials);
+double rdbx_check_adds_per_second(int num_trials, unsigned long ws);
-void
-usage(char *prog_name) {
- printf("usage: %s [ -t | -v ]\n", prog_name);
- exit(255);
+void usage(char *prog_name)
+{
+ printf("usage: %s [ -t | -v ]\n", prog_name);
+ exit(255);
}
-int
-main (int argc, char *argv[]) {
- double rate;
- err_status_t status;
- char q;
- unsigned do_timing_test = 0;
- unsigned do_validation = 0;
-
- /* process input arguments */
- while (1) {
- q = getopt(argc, argv, "tv");
- if (q == -1)
- break;
- switch (q) {
- case 't':
- do_timing_test = 1;
- break;
- case 'v':
- do_validation = 1;
- break;
- default:
- usage(argv[0]);
- }
- }
-
- printf("rdbx (replay database w/ extended range) test driver\n"
- "David A. McGrew\n"
- "Cisco Systems, Inc.\n");
-
- if (!do_validation && !do_timing_test)
- usage(argv[0]);
-
- if (do_validation) {
- printf("testing rdbx_t...\n");
-
- status = test_replay_dbx(1 << 12);
- if (status) {
- printf("failed\n");
- exit(1);
+int main(int argc, char *argv[])
+{
+ double rate;
+ srtp_err_status_t status;
+ int q;
+ unsigned do_timing_test = 0;
+ unsigned do_validation = 0;
+
+ /* process input arguments */
+ while (1) {
+ q = getopt_s(argc, argv, "tv");
+ if (q == -1)
+ break;
+ switch (q) {
+ case 't':
+ do_timing_test = 1;
+ break;
+ case 'v':
+ do_validation = 1;
+ break;
+ default:
+ usage(argv[0]);
+ }
}
- printf("passed\n");
- }
-
- if (do_timing_test) {
- rate = rdbx_check_adds_per_second(1 << 18);
- printf("rdbx_check/replay_adds per second: %e\n", rate);
- }
-
- return 0;
-}
-void
-print_rdbx(rdbx_t *rdbx) {
- printf("rdbx: {%llu, %s}\n",
- (rdbx->index), v128_bit_string(&rdbx->bitmask));
+ printf("rdbx (replay database w/ extended range) test driver\n"
+ "David A. McGrew\n"
+ "Cisco Systems, Inc.\n");
+
+ if (!do_validation && !do_timing_test)
+ usage(argv[0]);
+
+ if (do_validation) {
+ printf("testing srtp_rdbx_t (ws=128)...\n");
+
+ status = test_replay_dbx(1 << 12, 128);
+ if (status) {
+ printf("failed\n");
+ exit(1);
+ }
+ printf("passed\n");
+
+ printf("testing srtp_rdbx_t (ws=1024)...\n");
+
+ status = test_replay_dbx(1 << 12, 1024);
+ if (status) {
+ printf("failed\n");
+ exit(1);
+ }
+ printf("passed\n");
+ }
+
+ if (do_timing_test) {
+ rate = rdbx_check_adds_per_second(1 << 18, 128);
+ printf("rdbx_check/replay_adds per second (ws=128): %e\n", rate);
+ rate = rdbx_check_adds_per_second(1 << 18, 1024);
+ printf("rdbx_check/replay_adds per second (ws=1024): %e\n", rate);
+ }
+
+ return 0;
}
+void print_rdbx(srtp_rdbx_t *rdbx)
+{
+ char buf[2048];
+ printf("rdbx: {%llu, %s}\n", (unsigned long long)(rdbx->index),
+ bitvector_bit_string(&rdbx->bitmask, buf, sizeof(buf)));
+}
/*
* rdbx_check_add(rdbx, idx) checks a known-to-be-good idx against
* rdbx, then adds it. if a failure is detected (i.e., the check
* indicates that the value is already in rdbx) then
- * err_status_algo_fail is returned.
+ * srtp_err_status_algo_fail is returned.
*
*/
-err_status_t
-rdbx_check_add(rdbx_t *rdbx, uint32_t idx) {
- int delta;
- xtd_seq_num_t est;
-
- delta = index_guess(&rdbx->index, &est, idx);
-
- if (rdbx_check(rdbx, delta) != err_status_ok) {
- printf("replay_check failed at index %u\n", idx);
- return err_status_algo_fail;
- }
-
- /*
- * in practice, we'd authenticate the packet containing idx, using
- * the estimated value est, at this point
- */
-
- if (rdbx_add_index(rdbx, delta) != err_status_ok) {
- printf("rdbx_add_index failed at index %u\n", idx);
- return err_status_algo_fail;
- }
-
- return err_status_ok;
+srtp_err_status_t rdbx_check_add(srtp_rdbx_t *rdbx, uint32_t idx)
+{
+ int delta;
+ srtp_xtd_seq_num_t est;
+
+ delta = srtp_index_guess(&rdbx->index, &est, idx);
+
+ if (srtp_rdbx_check(rdbx, delta) != srtp_err_status_ok) {
+ printf("replay_check failed at index %u\n", idx);
+ return srtp_err_status_algo_fail;
+ }
+
+ /*
+ * in practice, we'd authenticate the packet containing idx, using
+ * the estimated value est, at this point
+ */
+
+ if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) {
+ printf("rdbx_add_index failed at index %u\n", idx);
+ return srtp_err_status_algo_fail;
+ }
+
+ return srtp_err_status_ok;
}
/*
- * rdbx_check_expect_failure(rdbx_t *rdbx, uint32_t idx)
- *
+ * rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx)
+ *
* checks that a sequence number idx is in the replay database
* and thus will be rejected
*/
-err_status_t
-rdbx_check_expect_failure(rdbx_t *rdbx, uint32_t idx) {
- int delta;
- xtd_seq_num_t est;
- err_status_t status;
+srtp_err_status_t rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx)
+{
+ int delta;
+ srtp_xtd_seq_num_t est;
+ srtp_err_status_t status;
- delta = index_guess(&rdbx->index, &est, idx);
+ delta = srtp_index_guess(&rdbx->index, &est, idx);
- status = rdbx_check(rdbx, delta);
- if (status == err_status_ok) {
- printf("delta: %d ", delta);
- printf("replay_check failed at index %u (false positive)\n", idx);
- return err_status_algo_fail;
- }
+ status = srtp_rdbx_check(rdbx, delta);
+ if (status == srtp_err_status_ok) {
+ printf("delta: %d ", delta);
+ printf("replay_check failed at index %u (false positive)\n", idx);
+ return srtp_err_status_algo_fail;
+ }
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-rdbx_check_unordered(rdbx_t *rdbx, uint32_t idx) {
- err_status_t rstat;
+srtp_err_status_t rdbx_check_add_unordered(srtp_rdbx_t *rdbx, uint32_t idx)
+{
+ int delta;
+ srtp_xtd_seq_num_t est;
+ srtp_err_status_t rstat;
- rstat = rdbx_check(rdbx, idx);
- if ((rstat != err_status_ok) && (rstat != err_status_replay_old)) {
- printf("replay_check_unordered failed at index %u\n", idx);
- return err_status_algo_fail;
- }
- return err_status_ok;
-}
+ delta = srtp_index_guess(&rdbx->index, &est, idx);
-#define MAX_IDX 160
-
-err_status_t
-test_replay_dbx(int num_trials) {
- rdbx_t rdbx;
- uint32_t idx, ircvd;
- ut_connection utc;
- err_status_t status;
- int num_fp_trials;
-
- status = rdbx_init(&rdbx);
- if (status) {
- printf("replay_init failed with error code %d\n", status);
- exit(1);
- }
-
- /*
- * test sequential insertion
- */
- printf("\ttesting sequential insertion...");
- for (idx=0; idx < num_trials; idx++) {
- status = rdbx_check_add(&rdbx, idx);
- if (status)
- return status;
- }
- printf("passed\n");
-
- /*
- * test for false positives by checking all of the index
- * values which we've just added
- *
- * note that we limit the number of trials here, since allowing the
- * rollover counter to roll over would defeat this test
- */
- num_fp_trials = num_trials % 0x10000;
- if (num_fp_trials == 0) {
- printf("warning: no false positive tests performed\n");
- }
- printf("\ttesting for false positives...");
- for (idx=0; idx < num_fp_trials; idx++) {
- status = rdbx_check_expect_failure(&rdbx, idx);
- if (status)
- return status;
- }
- printf("passed\n");
-
- /* re-initialize */
- if (rdbx_init(&rdbx) != err_status_ok) {
- printf("replay_init failed\n");
- return err_status_init_fail;
- }
-
- /*
- * test non-sequential insertion
- *
- * this test covers only fase negatives, since the values returned
- * by ut_next_index(...) are distinct
- */
- ut_init(&utc);
-
- printf("\ttesting non-sequential insertion...");
- for (idx=0; idx < num_trials; idx++) {
- ircvd = ut_next_index(&utc);
- status = rdbx_check_unordered(&rdbx, ircvd);
- if (status)
- return status;
- }
- printf("passed\n");
-
- return err_status_ok;
+ rstat = srtp_rdbx_check(rdbx, delta);
+ if ((rstat != srtp_err_status_ok) &&
+ (rstat != srtp_err_status_replay_old)) {
+ printf("replay_check_add_unordered failed at index %u\n", idx);
+ return srtp_err_status_algo_fail;
+ }
+ if (rstat == srtp_err_status_replay_old) {
+ return srtp_err_status_ok;
+ }
+ if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) {
+ printf("rdbx_add_index failed at index %u\n", idx);
+ return srtp_err_status_algo_fail;
+ }
+
+ return srtp_err_status_ok;
}
+srtp_err_status_t test_replay_dbx(int num_trials, unsigned long ws)
+{
+ srtp_rdbx_t rdbx;
+ uint32_t idx, ircvd;
+ ut_connection utc;
+ srtp_err_status_t status;
+ int num_fp_trials;
+
+ status = srtp_rdbx_init(&rdbx, ws);
+ if (status) {
+ printf("replay_init failed with error code %d\n", status);
+ exit(1);
+ }
+
+ /*
+ * test sequential insertion
+ */
+ printf("\ttesting sequential insertion...");
+ for (idx = 0; (int)idx < num_trials; idx++) {
+ status = rdbx_check_add(&rdbx, idx);
+ if (status)
+ return status;
+ }
+ printf("passed\n");
+
+ /*
+ * test for false positives by checking all of the index
+ * values which we've just added
+ *
+ * note that we limit the number of trials here, since allowing the
+ * rollover counter to roll over would defeat this test
+ */
+ num_fp_trials = num_trials % 0x10000;
+ if (num_fp_trials == 0) {
+ printf("warning: no false positive tests performed\n");
+ }
+ printf("\ttesting for false positives...");
+ for (idx = 0; (int)idx < num_fp_trials; idx++) {
+ status = rdbx_check_expect_failure(&rdbx, idx);
+ if (status)
+ return status;
+ }
+ printf("passed\n");
+
+ /* re-initialize */
+ srtp_rdbx_dealloc(&rdbx);
+
+ if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
+ printf("replay_init failed\n");
+ return srtp_err_status_init_fail;
+ }
+
+ /*
+ * test non-sequential insertion
+ *
+ * this test covers only fase negatives, since the values returned
+ * by ut_next_index(...) are distinct
+ */
+ ut_init(&utc);
+
+ printf("\ttesting non-sequential insertion...");
+ for (idx = 0; (int)idx < num_trials; idx++) {
+ ircvd = ut_next_index(&utc);
+ status = rdbx_check_add_unordered(&rdbx, ircvd);
+ if (status)
+ return status;
+ status = rdbx_check_expect_failure(&rdbx, ircvd);
+ if (status)
+ return status;
+ }
+ printf("passed\n");
+
+ /* re-initialize */
+ srtp_rdbx_dealloc(&rdbx);
+
+ if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
+ printf("replay_init failed\n");
+ return srtp_err_status_init_fail;
+ }
+ /*
+ * test insertion with large gaps.
+ * check for false positives for each insertion.
+ */
+ printf("\ttesting insertion with large gaps...");
+ for (idx = 0, ircvd = 0; (int)idx < num_trials;
+ idx++, ircvd += (1 << (srtp_cipher_rand_u32_for_tests() % 12))) {
+ status = rdbx_check_add(&rdbx, ircvd);
+ if (status)
+ return status;
+ status = rdbx_check_expect_failure(&rdbx, ircvd);
+ if (status)
+ return status;
+ }
+ printf("passed\n");
-#include <time.h> /* for clock() */
-#include <stdlib.h> /* for random() */
-
-double
-rdbx_check_adds_per_second(int num_trials) {
- uint32_t i;
- int delta;
- rdbx_t rdbx;
- xtd_seq_num_t est;
- clock_t timer;
- int failures; /* count number of failures */
-
- if (rdbx_init(&rdbx) != err_status_ok) {
- printf("replay_init failed\n");
- exit(1);
- }
-
- failures = 0;
- timer = clock();
- for(i=0; i < num_trials; i++) {
-
- delta = index_guess(&rdbx.index, &est, i);
-
- if (rdbx_check(&rdbx, delta) != err_status_ok)
- ++failures;
- else
- if (rdbx_add_index(&rdbx, delta) != err_status_ok)
- ++failures;
- }
- timer = clock() - timer;
-
- printf("number of failures: %d \n", failures);
-
- return (double) CLOCKS_PER_SEC * num_trials / timer;
+ srtp_rdbx_dealloc(&rdbx);
+
+ return srtp_err_status_ok;
}
+#include <time.h> /* for clock() */
+
+double rdbx_check_adds_per_second(int num_trials, unsigned long ws)
+{
+ uint32_t i;
+ int delta;
+ srtp_rdbx_t rdbx;
+ srtp_xtd_seq_num_t est;
+ clock_t timer;
+ int failures; /* count number of failures */
+
+ if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
+ printf("replay_init failed\n");
+ exit(1);
+ }
+
+ failures = 0;
+ timer = clock();
+ for (i = 0; (int)i < num_trials; i++) {
+ delta = srtp_index_guess(&rdbx.index, &est, i);
+
+ if (srtp_rdbx_check(&rdbx, delta) != srtp_err_status_ok)
+ ++failures;
+ else if (srtp_rdbx_add_index(&rdbx, delta) != srtp_err_status_ok)
+ ++failures;
+ }
+ timer = clock() - timer;
+ if (timer < 1) {
+ timer = 1;
+ }
+
+ printf("number of failures: %d \n", failures);
+
+ srtp_rdbx_dealloc(&rdbx);
+
+ return (double)CLOCKS_PER_SEC * num_trials / timer;
+}
diff --git a/test/replay_driver.c b/test/replay_driver.c
index dc403b1..e0808b6 100644
--- a/test/replay_driver.c
+++ b/test/replay_driver.c
@@ -8,26 +8,26 @@
*/
/*
- *
- * Copyright (c) 2001-2005, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,139 +43,243 @@
*
*/
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
#include <stdio.h>
#include "rdb.h"
#include "ut_sim.h"
-void
-test_rdb_db();
+#include "cipher_priv.h"
-double
-rdb_check_adds_per_second();
+/*
+ * num_trials defines the number of trials that are used in the
+ * validation functions below
+ */
-int
-main () {
+unsigned num_trials = 1 << 16;
- printf("testing anti-replay database (rdb_t)...\n");
- test_rdb_db();
- printf("done\n");
+srtp_err_status_t test_rdb_db(void);
- printf("rdb_check/rdb_adds per second: %e\n",
- rdb_check_adds_per_second());
-
- return 0;
-}
+double rdb_check_adds_per_second(void);
+
+int main(void)
+{
+ srtp_err_status_t err;
+
+ printf("testing anti-replay database (srtp_rdb_t)...\n");
+ err = test_rdb_db();
+ if (err) {
+ printf("failed\n");
+ exit(1);
+ }
+ printf("done\n");
+ printf("rdb_check/rdb_adds per second: %e\n", rdb_check_adds_per_second());
-void
-print_rdb(rdb_t *rdb) {
- printf("rdb: {%u, %s}\n", rdb->window_start,
- v128_bit_string(&rdb->bitmask));
+ return 0;
}
-void
-rdb_check_add(rdb_t *rdb, uint32_t idx) {
+void print_rdb(srtp_rdb_t *rdb)
+{
+ printf("rdb: {%u, %s}\n", rdb->window_start,
+ v128_bit_string(&rdb->bitmask));
+}
- if (rdb_check(rdb, idx) != err_status_ok) {
- printf("rdb_check failed at index %u\n", idx);
- return;
- }
- if (rdb_add_index(rdb, idx) != err_status_ok)
- printf("rdb_add_index failed at index %u\n", idx);
+srtp_err_status_t rdb_check_add(srtp_rdb_t *rdb, uint32_t idx)
+{
+ if (srtp_rdb_check(rdb, idx) != srtp_err_status_ok) {
+ printf("rdb_check failed at index %u\n", idx);
+ return srtp_err_status_fail;
+ }
+ if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) {
+ printf("rdb_add_index failed at index %u\n", idx);
+ return srtp_err_status_fail;
+ }
+ return srtp_err_status_ok;
}
-void
-rdb_check_expect_failure(rdb_t *rdb, uint32_t idx) {
+srtp_err_status_t rdb_check_expect_failure(srtp_rdb_t *rdb, uint32_t idx)
+{
+ srtp_err_status_t err;
+
+ err = srtp_rdb_check(rdb, idx);
+ if ((err != srtp_err_status_replay_old) &&
+ (err != srtp_err_status_replay_fail)) {
+ printf("rdb_check failed at index %u (false positive)\n", idx);
+ return srtp_err_status_fail;
+ }
- if (rdb_check(rdb, idx) != err_status_fail)
- printf("rdb_check failed at index %u (false positive)\n", idx);
+ return srtp_err_status_ok;
}
-void
-rdb_check_unordered(rdb_t *rdb, uint32_t idx) {
- err_status_t rstat;
+srtp_err_status_t rdb_check_add_unordered(srtp_rdb_t *rdb, uint32_t idx)
+{
+ srtp_err_status_t rstat;
+
+ /* printf("index: %u\n", idx); */
+ rstat = srtp_rdb_check(rdb, idx);
+ if ((rstat != srtp_err_status_ok) &&
+ (rstat != srtp_err_status_replay_old)) {
+ printf("rdb_check_add_unordered failed at index %u\n", idx);
+ return rstat;
+ }
+ if (rstat == srtp_err_status_replay_old) {
+ return srtp_err_status_ok;
+ }
+ if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) {
+ printf("rdb_add_index failed at index %u\n", idx);
+ return srtp_err_status_fail;
+ }
- rstat = rdb_check(rdb, idx);
- if ((rstat != err_status_ok) && (rstat != err_status_replay_old))
- printf("rdb_check_unordered failed at index %u\n", idx);
+ return srtp_err_status_ok;
}
+srtp_err_status_t test_rdb_db()
+{
+ srtp_rdb_t rdb;
+ uint32_t idx, ircvd;
+ ut_connection utc;
+ srtp_err_status_t err;
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+ printf("rdb_init failed\n");
+ return srtp_err_status_init_fail;
+ }
-#define MAX_IDX 160
-
-void
-test_rdb_db() {
- rdb_t rdb;
- uint32_t idx, ircvd;
- ut_connection utc;
-
- if (rdb_init(&rdb) != err_status_ok) {
- printf("rdb_init failed\n");
- exit(1);
- }
-
- /* test sequential insertion */
- for (idx=0; idx < MAX_IDX; idx++) {
- rdb_check_add(&rdb, idx);
- }
-
- /* test for false positives */
- for (idx=0; idx < MAX_IDX; idx++) {
- rdb_check_expect_failure(&rdb, idx);
- }
-
- /* re-initialize */
- if (rdb_init(&rdb) != err_status_ok) {
- printf("rdb_init failed\n");
- exit(1);
- }
-
- /* test non-sequential insertion */
- ut_init(&utc);
-
- for (idx=0; idx < MAX_IDX; idx++) {
- ircvd = ut_next_index(&utc);
- rdb_check_unordered(&rdb, ircvd);
- }
-
+ /* test sequential insertion */
+ for (idx = 0; idx < num_trials; idx++) {
+ err = rdb_check_add(&rdb, idx);
+ if (err)
+ return err;
+ }
+
+ /* test for false positives */
+ for (idx = 0; idx < num_trials; idx++) {
+ err = rdb_check_expect_failure(&rdb, idx);
+ if (err)
+ return err;
+ }
+
+ /* re-initialize */
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+ printf("rdb_init failed\n");
+ return srtp_err_status_fail;
+ }
+
+ /* test non-sequential insertion */
+ ut_init(&utc);
+
+ for (idx = 0; idx < num_trials; idx++) {
+ ircvd = ut_next_index(&utc);
+ err = rdb_check_add_unordered(&rdb, ircvd);
+ if (err)
+ return err;
+ err = rdb_check_expect_failure(&rdb, ircvd);
+ if (err)
+ return err;
+ }
+
+ /* re-initialize */
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+ printf("rdb_init failed\n");
+ return srtp_err_status_fail;
+ }
+
+ /* test insertion with large gaps */
+ for (idx = 0, ircvd = 0; idx < num_trials;
+ idx++, ircvd += (1 << (srtp_cipher_rand_u32_for_tests() % 10))) {
+ err = rdb_check_add(&rdb, ircvd);
+ if (err)
+ return err;
+ err = rdb_check_expect_failure(&rdb, ircvd);
+ if (err)
+ return err;
+ }
+
+ /* re-initialize */
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+ printf("rdb_init failed\n");
+ return srtp_err_status_fail;
+ }
+
+ /* test loss of first 513 packets */
+ for (idx = 0; idx < num_trials; idx++) {
+ err = rdb_check_add(&rdb, idx + 513);
+ if (err)
+ return err;
+ }
+
+ /* test for false positives */
+ for (idx = 0; idx < num_trials + 513; idx++) {
+ err = rdb_check_expect_failure(&rdb, idx);
+ if (err)
+ return err;
+ }
+
+ /* test for key expired */
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+ printf("rdb_init failed\n");
+ return srtp_err_status_fail;
+ }
+ rdb.window_start = 0x7ffffffe;
+ if (srtp_rdb_increment(&rdb) != srtp_err_status_ok) {
+ printf("srtp_rdb_increment of 0x7ffffffe failed\n");
+ return srtp_err_status_fail;
+ }
+ if (srtp_rdb_get_value(&rdb) != 0x7fffffff) {
+ printf("rdb valiue was not 0x7fffffff\n");
+ return srtp_err_status_fail;
+ }
+ if (srtp_rdb_increment(&rdb) != srtp_err_status_key_expired) {
+ printf("srtp_rdb_increment of 0x7fffffff did not return "
+ "srtp_err_status_key_expired\n");
+ return srtp_err_status_fail;
+ }
+ if (srtp_rdb_get_value(&rdb) != 0x7fffffff) {
+ printf("rdb valiue was not 0x7fffffff\n");
+ return srtp_err_status_fail;
+ }
+
+ return srtp_err_status_ok;
}
-#include <time.h> /* for clock() */
-#include <stdlib.h> /* for random() */
+#include <time.h> /* for clock() */
+#include <stdlib.h> /* for random() */
#define REPLAY_NUM_TRIALS 10000000
-double
-rdb_check_adds_per_second() {
- uint32_t i;
- rdb_t rdb;
- clock_t timer;
- int failures; /* count number of failures */
-
- if (rdb_init(&rdb) != err_status_ok) {
- printf("rdb_init failed\n");
- exit(1);
- }
-
- timer = clock();
- for(i=0; i < REPLAY_NUM_TRIALS; i+=3) {
- if (rdb_check(&rdb, i+2) != err_status_ok)
- ++failures;
- if (rdb_add_index(&rdb, i+2) != err_status_ok)
- ++failures;
- if (rdb_check(&rdb, i+1) != err_status_ok)
- ++failures;
- if (rdb_add_index(&rdb, i+1) != err_status_ok)
- ++failures;
- if (rdb_check(&rdb, i) != err_status_ok)
- ++failures;
- if (rdb_add_index(&rdb, i) != err_status_ok)
- ++failures;
- }
- timer = clock() - timer;
-
- return (double) CLOCKS_PER_SEC * REPLAY_NUM_TRIALS / timer;
+double rdb_check_adds_per_second(void)
+{
+ uint32_t i;
+ srtp_rdb_t rdb;
+ clock_t timer;
+ int failures = 0; /* count number of failures */
+
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+ printf("rdb_init failed\n");
+ exit(1);
+ }
+
+ timer = clock();
+ for (i = 0; i < REPLAY_NUM_TRIALS; i += 3) {
+ if (srtp_rdb_check(&rdb, i + 2) != srtp_err_status_ok)
+ ++failures;
+ if (srtp_rdb_add_index(&rdb, i + 2) != srtp_err_status_ok)
+ ++failures;
+ if (srtp_rdb_check(&rdb, i + 1) != srtp_err_status_ok)
+ ++failures;
+ if (srtp_rdb_add_index(&rdb, i + 1) != srtp_err_status_ok)
+ ++failures;
+ if (srtp_rdb_check(&rdb, i) != srtp_err_status_ok)
+ ++failures;
+ if (srtp_rdb_add_index(&rdb, i) != srtp_err_status_ok)
+ ++failures;
+ }
+ timer = clock() - timer;
+
+ return (double)CLOCKS_PER_SEC * REPLAY_NUM_TRIALS / timer;
}
diff --git a/test/roc_driver.c b/test/roc_driver.c
index 10e5488..4398620 100644
--- a/test/roc_driver.c
+++ b/test/roc_driver.c
@@ -8,26 +8,26 @@
*/
/*
- *
- * Copyright (c) 2001-2005, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,123 +43,128 @@
*
*/
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
#include <stdio.h>
/*
* defining ROC_TEST causes small datatypes to be used in
- * xtd_seq_num_t - this allows the functions to be exhaustively tested.
+ * srtp_xtd_seq_num_t - this allows the functions to be exhaustively tested.
*/
#if ROC_NEEDS_TO_BE_TESTED
-#define ROC_TEST
+#define ROC_TEST
#endif
#include "rdbx.h"
#include "ut_sim.h"
-err_status_t
-roc_test(int num_trials);
-
-int
-main () {
- err_status_t status;
-
- printf("rollover counter test driver\n"
- "David A. McGrew\n"
- "Cisco Systems, Inc.\n");
-
- printf("testing index functions...");
- status = roc_test(1 << 18);
- if (status) {
- printf("failed\n");
- exit(status);
- }
- printf("passed\n");
- return 0;
-}
+srtp_err_status_t roc_test(int num_trials);
+
+int main(void)
+{
+ srtp_err_status_t status;
+ printf("rollover counter test driver\n"
+ "David A. McGrew\n"
+ "Cisco Systems, Inc.\n");
+
+ printf("testing index functions...");
+ status = roc_test(1 << 18);
+ if (status) {
+ printf("failed\n");
+ exit(status);
+ }
+ printf("passed\n");
+ return 0;
+}
#define ROC_VERBOSE 0
-err_status_t
-roc_test(int num_trials) {
- xtd_seq_num_t local, est, ref;
- ut_connection utc;
- int i, num_bad_est = 0;
- int delta;
- uint32_t ircvd;
- double failure_rate;
-
- index_init(&local);
- index_init(&ref);
- index_init(&est);
-
- printf("\n\ttesting sequential insertion...");
- for (i=0; i < 2048; i++) {
- delta = index_guess(&local, &est, (uint16_t) ref);
+srtp_err_status_t roc_test(int num_trials)
+{
+ srtp_xtd_seq_num_t local, est, ref;
+ ut_connection utc;
+ int i, num_bad_est = 0;
+ int delta;
+ uint32_t ircvd;
+ double failure_rate;
+
+ srtp_index_init(&local);
+ srtp_index_init(&ref);
+ srtp_index_init(&est);
+
+ printf("\n\ttesting sequential insertion...");
+ for (i = 0; i < 2048; i++) {
+ srtp_index_guess(&local, &est, (uint16_t)ref);
#if ROC_VERBOSE
- printf("%lld, %lld, %d\n", ref, est, i);
+ printf("%lld, %lld, %d\n", ref, est, i);
#endif
- if (ref != est) {
+ if (ref != est) {
#if ROC_VERBOSE
- printf(" *bad estimate*\n");
+ printf(" *bad estimate*\n");
#endif
- ++num_bad_est;
+ ++num_bad_est;
+ }
+ srtp_index_advance(&ref, 1);
+ }
+ failure_rate = (double)num_bad_est / num_trials;
+ if (failure_rate > 0.01) {
+ printf("error: failure rate too high (%d bad estimates in %d trials)\n",
+ num_bad_est, num_trials);
+ return srtp_err_status_algo_fail;
}
- index_advance(&ref, 1);
- }
- failure_rate = (double) num_bad_est / num_trials;
- if (failure_rate > 0.01) {
- printf("error: failure rate too high (%d bad estimates in %d trials)\n",
- num_bad_est, num_trials);
- return err_status_algo_fail;
- }
- printf("done\n");
-
-
- printf("\ttesting non-sequential insertion...");
- index_init(&local);
- index_init(&ref);
- index_init(&est);
- ut_init(&utc);
-
- for (i=0; i < num_trials; i++) {
-
- /* get next seq num from unreliable transport simulator */
- ircvd = ut_next_index(&utc);
-
- /* set ref to value of ircvd */
- ref = ircvd;
-
- /* estimate index based on low bits of ircvd */
- delta = index_guess(&local, &est, (uint16_t) ref);
+ printf("done\n");
+
+ printf("\ttesting non-sequential insertion...");
+ srtp_index_init(&local);
+ srtp_index_init(&ref);
+ srtp_index_init(&est);
+ ut_init(&utc);
+
+ for (i = 0; i < num_trials; i++) {
+ /* get next seq num from unreliable transport simulator */
+ ircvd = ut_next_index(&utc);
+
+ /* set ref to value of ircvd */
+ ref = ircvd;
+
+ /* estimate index based on low bits of ircvd */
+ delta = srtp_index_guess(&local, &est, (uint16_t)ref);
#if ROC_VERBOSE
- printf("ref: %lld, local: %lld, est: %lld, ircvd: %d, delta: %d\n",
- ref, local, est, ircvd, delta);
+ printf("ref: %lld, local: %lld, est: %lld, ircvd: %d, delta: %d\n", ref,
+ local, est, ircvd, delta);
#endif
-
- /* now update local xtd_seq_num_t as necessary */
- if (delta > 0)
- index_advance(&local, delta);
- if (ref != est) {
+ if (local + delta != est) {
+ printf(" *bad delta*: local %llu + delta %d != est %llu\n",
+ (unsigned long long)local, delta, (unsigned long long)est);
+ return srtp_err_status_algo_fail;
+ }
+
+ /* now update local srtp_xtd_seq_num_t as necessary */
+ if (delta > 0)
+ srtp_index_advance(&local, delta);
+
+ if (ref != est) {
#if ROC_VERBOSE
- printf(" *bad estimate*\n");
+ printf(" *bad estimate*\n");
#endif
- /* record failure event */
- ++num_bad_est;
-
- /* reset local value to correct value */
- local = ref;
+ /* record failure event */
+ ++num_bad_est;
+
+ /* reset local value to correct value */
+ local = ref;
+ }
}
- }
- failure_rate = (double) num_bad_est / num_trials;
- if (failure_rate > 0.01) {
- printf("error: failure rate too high (%d bad estimates in %d trials)\n",
- num_bad_est, num_trials);
- return err_status_algo_fail;
- }
- printf("done\n");
-
- return err_status_ok;
+ failure_rate = (double)num_bad_est / num_trials;
+ if (failure_rate > 0.01) {
+ printf("error: failure rate too high (%d bad estimates in %d trials)\n",
+ num_bad_est, num_trials);
+ return srtp_err_status_algo_fail;
+ }
+ printf("done\n");
+
+ return srtp_err_status_ok;
}
diff --git a/test/rtp.c b/test/rtp.c
index 94628e1..70248ee 100644
--- a/test/rtp.c
+++ b/test/rtp.c
@@ -7,6 +7,41 @@
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
#include "rtp.h"
@@ -14,139 +49,181 @@
#include <string.h>
#include <sys/types.h>
+#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
+#endif
+
+#include "cipher_priv.h"
+
+#define PRINT_DEBUG 0 /* set to 1 to print out debugging data */
+#define VERBOSE_DEBUG 0 /* set to 1 to print out more data */
-#define PRINT_DEBUG 0 /* set to 1 to print out debugging data */
-#define VERBOSE_DEBUG 0 /* set to 1 to print out more data */
-
-ssize_t
-rtp_sendto(rtp_sender_t *sender, const void* msg, int len) {
- int octets_sent;
- err_status_t stat;
- int pkt_len = len + rtp_header_len;
-
- /* marshal data */
- strncpy(sender->message.body, msg, len);
-
- /* update header */
- sender->message.header.seq = ntohs(sender->message.header.seq) + 1;
- sender->message.header.seq = htons(sender->message.header.seq);
- sender->message.header.ts = ntohl(sender->message.header.ts) + 1;
- sender->message.header.ts = htonl(sender->message.header.ts);
-
- /* apply srtp */
- stat = srtp_protect(sender->srtp_ctx, &sender->message.header, &pkt_len);
- if (stat) {
+int rtp_sendto(rtp_sender_t sender, const void *msg, int len)
+{
+ int octets_sent;
+ srtp_err_status_t stat;
+ int pkt_len = len + RTP_HEADER_LEN;
+
+ /* marshal data */
+ strncpy(sender->message.body, msg, len);
+
+ /* update header */
+ sender->message.header.seq = ntohs(sender->message.header.seq) + 1;
+ sender->message.header.seq = htons(sender->message.header.seq);
+ sender->message.header.ts = ntohl(sender->message.header.ts) + 1;
+ sender->message.header.ts = htonl(sender->message.header.ts);
+
+ /* apply srtp */
+ stat = srtp_protect(sender->srtp_ctx, &sender->message.header, &pkt_len);
+ if (stat) {
#if PRINT_DEBUG
- fprintf(stderr, "error: srtp protection failed with code %d\n", stat);
+ fprintf(stderr, "error: srtp protection failed with code %d\n", stat);
#endif
- return -1;
- }
+ return -1;
+ }
#if VERBOSE_DEBUG
- srtp_print_packet(&sender->message.header, pkt_len);
+ srtp_print_packet(&sender->message.header, pkt_len);
#endif
- octets_sent = sendto(sender->socket, &sender->message,
- pkt_len, 0, (struct sockaddr *)&sender->addr,
- sizeof (struct sockaddr_in));
+ octets_sent =
+ sendto(sender->socket, (void *)&sender->message, pkt_len, 0,
+ (struct sockaddr *)&sender->addr, sizeof(struct sockaddr_in));
- if (octets_sent != pkt_len) {
+ if (octets_sent != pkt_len) {
#if PRINT_DEBUG
- fprintf(stderr, "error: couldn't send message %s", (char *)msg);
- perror("");
+ fprintf(stderr, "error: couldn't send message %s", (char *)msg);
+ perror("");
#endif
- }
+ }
- return octets_sent;
+ return octets_sent;
}
-ssize_t
-rtp_recvfrom(rtp_receiver_t *receiver, void *msg, int *len) {
- int octets_recvd;
- err_status_t stat;
-
- octets_recvd = recvfrom(receiver->socket, (void *)&receiver->message,
- *len, 0, (struct sockaddr *) NULL, 0);
+int rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len)
+{
+ int octets_recvd;
+ srtp_err_status_t stat;
+
+ octets_recvd = recvfrom(receiver->socket, (void *)&receiver->message, *len,
+ 0, (struct sockaddr *)NULL, 0);
- /* verify rtp header */
- if (receiver->message.header.version != 2) {
- *len = 0;
- return -1;
- }
+ if (octets_recvd == -1) {
+ *len = 0;
+ return -1;
+ }
+
+ /* verify rtp header */
+ if (receiver->message.header.version != 2) {
+ *len = 0;
+ return -1;
+ }
#if PRINT_DEBUG
- fprintf(stderr, "%d octets received from SSRC %u",
- octets_recvd, receiver->message.header.ssrc);
+ fprintf(stderr, "%d octets received from SSRC %u\n", octets_recvd,
+ receiver->message.header.ssrc);
#endif
#if VERBOSE_DEBUG
- srtp_print_packet(&receiver->message.header, octets_recvd);
+ srtp_print_packet(&receiver->message.header, octets_recvd);
#endif
- /* apply srtp */
- stat = srtp_unprotect(receiver->srtp_ctx,
- &receiver->message.header, &octets_recvd);
- if (stat) {
-#if PRINT_DEBUG
- fprintf(stderr,
- "\nerror: srtp unprotection failed with code %d", stat);
- if (stat == err_status_replay_fail)
- fprintf(stderr, " (replay check failed)\n");
- if (stat == err_status_auth_fail)
- fprintf(stderr, " (auth check failed)\n");
-#endif
- return -1;
- }
- strncpy(msg, receiver->message.body, octets_recvd);
-
- return octets_recvd;
+ /* apply srtp */
+ stat = srtp_unprotect(receiver->srtp_ctx, &receiver->message.header,
+ &octets_recvd);
+ if (stat) {
+ fprintf(stderr, "error: srtp unprotection failed with code %d%s\n",
+ stat,
+ stat == srtp_err_status_replay_fail
+ ? " (replay check failed)"
+ : stat == srtp_err_status_auth_fail ? " (auth check failed)"
+ : "");
+ return -1;
+ }
+ strncpy(msg, receiver->message.body, octets_recvd);
+
+ return octets_recvd;
+}
+
+int rtp_sender_init(rtp_sender_t sender,
+ int sock,
+ struct sockaddr_in addr,
+ unsigned int ssrc)
+{
+ /* set header values */
+ sender->message.header.ssrc = htonl(ssrc);
+ sender->message.header.ts = 0;
+ sender->message.header.seq = (uint16_t)srtp_cipher_rand_u32_for_tests();
+ sender->message.header.m = 0;
+ sender->message.header.pt = 0x1;
+ sender->message.header.version = 2;
+ sender->message.header.p = 0;
+ sender->message.header.x = 0;
+ sender->message.header.cc = 0;
+
+ /* set other stuff */
+ sender->socket = sock;
+ sender->addr = addr;
+
+ return 0;
+}
+
+int rtp_receiver_init(rtp_receiver_t rcvr,
+ int sock,
+ struct sockaddr_in addr,
+ unsigned int ssrc)
+{
+ /* set header values */
+ rcvr->message.header.ssrc = htonl(ssrc);
+ rcvr->message.header.ts = 0;
+ rcvr->message.header.seq = 0;
+ rcvr->message.header.m = 0;
+ rcvr->message.header.pt = 0x1;
+ rcvr->message.header.version = 2;
+ rcvr->message.header.p = 0;
+ rcvr->message.header.x = 0;
+ rcvr->message.header.cc = 0;
+
+ /* set other stuff */
+ rcvr->socket = sock;
+ rcvr->addr = addr;
+
+ return 0;
+}
+
+int rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy)
+{
+ return srtp_create(&sender->srtp_ctx, policy);
+}
+
+int rtp_sender_deinit_srtp(rtp_sender_t sender)
+{
+ return srtp_dealloc(sender->srtp_ctx);
+}
+
+int rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy)
+{
+ return srtp_create(&sender->srtp_ctx, policy);
}
-int
-rtp_sender_init(rtp_sender_t *sender,
- int socket,
- struct sockaddr_in addr,
- uint32_t ssrc) {
-
- /* set header values */
- sender->message.header.ssrc = htonl(ssrc);
- sender->message.header.ts = 0;
- sender->message.header.seq = (uint16_t) random();
- sender->message.header.m = 0;
- sender->message.header.pt = 0x8f;
- sender->message.header.version = 2;
- sender->message.header.p = 0;
- sender->message.header.x = 0;
- sender->message.header.cc = 0;
-
- /* set other stuff */
- sender->socket = socket;
- sender->addr = addr;
-
- return 0;
+int rtp_receiver_deinit_srtp(rtp_receiver_t sender)
+{
+ return srtp_dealloc(sender->srtp_ctx);
}
-int
-rtp_receiver_init(rtp_receiver_t *rcvr,
- int socket,
- struct sockaddr_in addr,
- uint32_t ssrc) {
-
- /* set header values */
- rcvr->message.header.ssrc = htonl(ssrc);
- rcvr->message.header.ts = 0;
- rcvr->message.header.seq = 0;
- rcvr->message.header.m = 0;
- rcvr->message.header.pt = 0x8f;
- rcvr->message.header.version = 2;
- rcvr->message.header.p = 0;
- rcvr->message.header.x = 0;
- rcvr->message.header.cc = 0;
-
- /* set other stuff */
- rcvr->socket = socket;
- rcvr->addr = addr;
-
- return 0;
+rtp_sender_t rtp_sender_alloc(void)
+{
+ return (rtp_sender_t)malloc(sizeof(rtp_sender_ctx_t));
}
+void rtp_sender_dealloc(rtp_sender_t rtp_ctx)
+{
+ free(rtp_ctx);
+}
+rtp_receiver_t rtp_receiver_alloc(void)
+{
+ return (rtp_receiver_t)malloc(sizeof(rtp_receiver_ctx_t));
+}
+void rtp_receiver_dealloc(rtp_receiver_t rtp_ctx)
+{
+ free(rtp_ctx);
+}
diff --git a/test/rtp.h b/test/rtp.h
new file mode 100644
index 0000000..37921a6
--- /dev/null
+++ b/test/rtp.h
@@ -0,0 +1,155 @@
+/*
+ * rtp.h
+ *
+ * rtp interface for srtp reference implementation
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ * data types:
+ *
+ * rtp_msg_t an rtp message (the data that goes on the wire)
+ * rtp_sender_t sender side socket and rtp info
+ * rtp_receiver_t receiver side socket and rtp info
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef SRTP_RTP_H
+#define SRTP_RTP_H
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#elif defined HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif
+
+#include "srtp_priv.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * RTP_HEADER_LEN indicates the size of an RTP header
+ */
+#define RTP_HEADER_LEN 12
+
+/*
+ * RTP_MAX_BUF_LEN defines the largest RTP packet in the rtp.c implementation
+ */
+#define RTP_MAX_BUF_LEN 16384
+
+typedef srtp_hdr_t rtp_hdr_t;
+
+typedef struct {
+ srtp_hdr_t header;
+ char body[RTP_MAX_BUF_LEN];
+} rtp_msg_t;
+
+typedef struct rtp_sender_ctx_t {
+ rtp_msg_t message;
+ int socket;
+ srtp_ctx_t *srtp_ctx;
+ struct sockaddr_in addr; /* reciever's address */
+} rtp_sender_ctx_t;
+
+typedef struct rtp_receiver_ctx_t {
+ rtp_msg_t message;
+ int socket;
+ srtp_ctx_t *srtp_ctx;
+ struct sockaddr_in addr; /* receiver's address */
+} rtp_receiver_ctx_t;
+
+typedef struct rtp_sender_ctx_t *rtp_sender_t;
+
+typedef struct rtp_receiver_ctx_t *rtp_receiver_t;
+
+int rtp_sendto(rtp_sender_t sender, const void *msg, int len);
+
+int rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len);
+
+int rtp_receiver_init(rtp_receiver_t rcvr,
+ int sock,
+ struct sockaddr_in addr,
+ unsigned int ssrc);
+
+int rtp_sender_init(rtp_sender_t sender,
+ int sock,
+ struct sockaddr_in addr,
+ unsigned int ssrc);
+
+/*
+ * srtp_sender_init(...) initializes an rtp_sender_t
+ */
+
+int srtp_sender_init(
+ rtp_sender_t rtp_ctx, /* structure to be init'ed */
+ struct sockaddr_in name, /* socket name */
+ srtp_sec_serv_t security_services, /* sec. servs. to be used */
+ unsigned char *input_key /* master key/salt in hex */
+ );
+
+int srtp_receiver_init(
+ rtp_receiver_t rtp_ctx, /* structure to be init'ed */
+ struct sockaddr_in name, /* socket name */
+ srtp_sec_serv_t security_services, /* sec. servs. to be used */
+ unsigned char *input_key /* master key/salt in hex */
+ );
+
+int rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy);
+
+int rtp_sender_deinit_srtp(rtp_sender_t sender);
+
+int rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy);
+
+int rtp_receiver_deinit_srtp(rtp_receiver_t sender);
+
+rtp_sender_t rtp_sender_alloc(void);
+
+void rtp_sender_dealloc(rtp_sender_t rtp_ctx);
+
+rtp_receiver_t rtp_receiver_alloc(void);
+
+void rtp_receiver_dealloc(rtp_receiver_t rtp_ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_RTP_H */
diff --git a/test/rtp_decoder.c b/test/rtp_decoder.c
new file mode 100644
index 0000000..6f4ed04
--- /dev/null
+++ b/test/rtp_decoder.c
@@ -0,0 +1,764 @@
+/*
+ * rtp_decoder.c
+ *
+ * decoder structures and functions for SRTP pcap decoder
+ *
+ * Example:
+ * $ wget --no-check-certificate \
+ * https://raw.githubusercontent.com/gteissier/srtp-decrypt/master/marseillaise-srtp.pcap
+ * $ ./test/rtp_decoder -a -t 10 -e 128 -b \
+ * aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz \
+ * < ~/marseillaise-srtp.pcap \
+ * | text2pcap -t "%M:%S." -u 10000,10000 - - \
+ * > ./marseillaise-rtp.pcap
+ *
+ * There is also a different way of setting up key size and tag size
+ * based upon RFC 4568 crypto suite specification, i.e.:
+ *
+ * $ ./test/rtp_decoder -s AES_CM_128_HMAC_SHA1_80 -b \
+ * aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz ...
+ *
+ * Audio can be extracted using extractaudio utility from the RTPproxy
+ * package:
+ *
+ * $ extractaudio -A ./marseillaise-rtp.pcap ./marseillaise-out.wav
+ *
+ * Bernardo Torres <bernardo@torresautomacao.com.br>
+ *
+ * Some structure and code from https://github.com/gteissier/srtp-decrypt
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#include "getopt_s.h" /* for local getopt() */
+#include <assert.h> /* for assert() */
+
+#include <pcap.h>
+#include "rtp_decoder.h"
+#include "util.h"
+
+#ifndef timersub
+#define timersub(a, b, result) \
+ do { \
+ (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
+ (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
+ if ((result)->tv_usec < 0) { \
+ --(result)->tv_sec; \
+ (result)->tv_usec += 1000000; \
+ } \
+ } while (0)
+#endif
+
+#define MAX_KEY_LEN 96
+#define MAX_FILTER 256
+
+struct srtp_crypto_suite {
+ const char *can_name;
+ int gcm_on;
+ int key_size;
+ int tag_size;
+};
+
+static struct srtp_crypto_suite srtp_crypto_suites[] = {
+#if 0
+ {.can_name = "F8_128_HMAC_SHA1_32", .gcm_on = 0, .key_size = 128, .tag_size = 4},
+#endif
+ {.can_name = "AES_CM_128_HMAC_SHA1_32",
+ .gcm_on = 0,
+ .key_size = 128,
+ .tag_size = 4 },
+ {.can_name = "AES_CM_128_HMAC_SHA1_80",
+ .gcm_on = 0,
+ .key_size = 128,
+ .tag_size = 10 },
+ {.can_name = "AES_192_CM_HMAC_SHA1_32",
+ .gcm_on = 0,
+ .key_size = 192,
+ .tag_size = 4 },
+ {.can_name = "AES_192_CM_HMAC_SHA1_80",
+ .gcm_on = 0,
+ .key_size = 192,
+ .tag_size = 10 },
+ {.can_name = "AES_256_CM_HMAC_SHA1_32",
+ .gcm_on = 0,
+ .key_size = 256,
+ .tag_size = 4 },
+ {.can_name = "AES_256_CM_HMAC_SHA1_80",
+ .gcm_on = 0,
+ .key_size = 256,
+ .tag_size = 10 },
+ {.can_name = "AEAD_AES_128_GCM",
+ .gcm_on = 1,
+ .key_size = 128,
+ .tag_size = 16 },
+ {.can_name = "AEAD_AES_256_GCM",
+ .gcm_on = 1,
+ .key_size = 256,
+ .tag_size = 16 },
+ {.can_name = NULL }
+};
+
+void rtp_decoder_srtp_log_handler(srtp_log_level_t level,
+ const char *msg,
+ void *data)
+{
+ char level_char = '?';
+ switch (level) {
+ case srtp_log_level_error:
+ level_char = 'e';
+ break;
+ case srtp_log_level_warning:
+ level_char = 'w';
+ break;
+ case srtp_log_level_info:
+ level_char = 'i';
+ break;
+ case srtp_log_level_debug:
+ level_char = 'd';
+ break;
+ }
+ fprintf(stderr, "SRTP-LOG [%c]: %s\n", level_char, msg);
+}
+
+int main(int argc, char *argv[])
+{
+ char errbuf[PCAP_ERRBUF_SIZE];
+ bpf_u_int32 pcap_net = 0;
+ pcap_t *pcap_handle;
+#if BEW
+ struct sockaddr_in local;
+#endif
+ srtp_sec_serv_t sec_servs = sec_serv_none;
+ int c;
+ struct srtp_crypto_suite scs, *i_scsp;
+ scs.key_size = 128;
+ scs.tag_size = 0;
+ int gcm_on = 0;
+ char *input_key = NULL;
+ int b64_input = 0;
+ char key[MAX_KEY_LEN];
+ struct bpf_program fp;
+ char filter_exp[MAX_FILTER] = "";
+ rtp_decoder_t dec;
+ srtp_policy_t policy = { { 0 } };
+ rtp_decoder_mode_t mode = mode_rtp;
+ srtp_err_status_t status;
+ int len;
+ int expected_len;
+ int do_list_mods = 0;
+
+ fprintf(stderr, "Using %s [0x%x]\n", srtp_get_version_string(),
+ srtp_get_version());
+
+ /* initialize srtp library */
+ status = srtp_init();
+ if (status) {
+ fprintf(stderr,
+ "error: srtp initialization failed with error code %d\n",
+ status);
+ exit(1);
+ }
+
+ status = srtp_install_log_handler(rtp_decoder_srtp_log_handler, NULL);
+ if (status) {
+ fprintf(stderr, "error: install log handler failed\n");
+ exit(1);
+ }
+
+ /* check args */
+ while (1) {
+ c = getopt_s(argc, argv, "b:k:gt:ae:ld:f:s:m:");
+ if (c == -1) {
+ break;
+ }
+ switch (c) {
+ case 'b':
+ b64_input = 1;
+ /* fall thru */
+ case 'k':
+ input_key = optarg_s;
+ break;
+ case 'e':
+ scs.key_size = atoi(optarg_s);
+ if (scs.key_size != 128 && scs.key_size != 192 &&
+ scs.key_size != 256) {
+ fprintf(
+ stderr,
+ "error: encryption key size must be 128, 192 or 256 (%d)\n",
+ scs.key_size);
+ exit(1);
+ }
+ input_key = malloc(scs.key_size);
+ sec_servs |= sec_serv_conf;
+ break;
+ case 't':
+ scs.tag_size = atoi(optarg_s);
+ break;
+ case 'a':
+ sec_servs |= sec_serv_auth;
+ break;
+ case 'g':
+ gcm_on = 1;
+ sec_servs |= sec_serv_auth;
+ break;
+ case 'd':
+ status = srtp_set_debug_module(optarg_s, 1);
+ if (status) {
+ fprintf(stderr, "error: set debug module (%s) failed\n",
+ optarg_s);
+ exit(1);
+ }
+ break;
+ case 'f':
+ if (strlen(optarg_s) > MAX_FILTER) {
+ fprintf(stderr, "error: filter bigger than %d characters\n",
+ MAX_FILTER);
+ exit(1);
+ }
+ fprintf(stderr, "Setting filter as %s\n", optarg_s);
+ strcpy(filter_exp, optarg_s);
+ break;
+ case 'l':
+ do_list_mods = 1;
+ break;
+ case 's':
+ for (i_scsp = &srtp_crypto_suites[0]; i_scsp->can_name != NULL;
+ i_scsp++) {
+ if (strcasecmp(i_scsp->can_name, optarg_s) == 0) {
+ break;
+ }
+ }
+ if (i_scsp->can_name == NULL) {
+ fprintf(stderr, "Unknown/unsupported crypto suite name %s\n",
+ optarg_s);
+ exit(1);
+ }
+ scs = *i_scsp;
+ input_key = malloc(scs.key_size);
+ sec_servs |= sec_serv_conf | sec_serv_auth;
+ gcm_on = scs.gcm_on;
+ break;
+ case 'm':
+ if (strcasecmp("rtp", optarg_s) == 0) {
+ mode = mode_rtp;
+ } else if (strcasecmp("rtcp", optarg_s) == 0) {
+ mode = mode_rtcp;
+ } else if (strcasecmp("rtcp-mux", optarg_s) == 0) {
+ mode = mode_rtcp_mux;
+ } else {
+ fprintf(stderr, "Unknown/unsupported mode %s\n", optarg_s);
+ exit(1);
+ }
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (scs.tag_size == 0) {
+ if (gcm_on) {
+ scs.tag_size = 16;
+ } else {
+ scs.tag_size = 10;
+ }
+ }
+
+ if (gcm_on && scs.tag_size != 8 && scs.tag_size != 16) {
+ fprintf(stderr, "error: GCM tag size must be 8 or 16 (%d)\n",
+ scs.tag_size);
+ exit(1);
+ }
+
+ if (!gcm_on && scs.tag_size != 4 && scs.tag_size != 10) {
+ fprintf(stderr, "error: non GCM tag size must be 4 or 10 (%d)\n",
+ scs.tag_size);
+ exit(1);
+ }
+
+ if (do_list_mods) {
+ status = srtp_list_debug_modules();
+ if (status) {
+ fprintf(stderr, "error: list of debug modules failed\n");
+ exit(1);
+ }
+ return 0;
+ }
+
+ if ((sec_servs && !input_key) || (!sec_servs && input_key)) {
+ /*
+ * a key must be provided if and only if security services have
+ * been requested
+ */
+ if (input_key == NULL) {
+ fprintf(stderr, "key not provided\n");
+ }
+ if (!sec_servs) {
+ fprintf(stderr, "no secservs\n");
+ }
+ fprintf(stderr, "provided\n");
+ usage(argv[0]);
+ }
+
+ /* report security services selected on the command line */
+ fprintf(stderr, "security services: ");
+ if (sec_servs & sec_serv_conf)
+ fprintf(stderr, "confidentiality ");
+ if (sec_servs & sec_serv_auth)
+ fprintf(stderr, "message authentication");
+ if (sec_servs == sec_serv_none)
+ fprintf(stderr, "none");
+ fprintf(stderr, "\n");
+
+ /* set up the srtp policy and master key */
+ if (sec_servs) {
+ /*
+ * create policy structure, using the default mechanisms but
+ * with only the security services requested on the command line,
+ * using the right SSRC value
+ */
+ switch (sec_servs) {
+ case sec_serv_conf_and_auth:
+ if (gcm_on) {
+#ifdef OPENSSL
+ switch (scs.key_size) {
+ case 128:
+ if (scs.tag_size == 16) {
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(
+ &policy.rtcp);
+ } else {
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ }
+ break;
+ case 256:
+ if (scs.tag_size == 16) {
+ srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_16_auth(
+ &policy.rtcp);
+ } else {
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+ }
+ break;
+ }
+#else
+ fprintf(stderr, "error: GCM mode only supported when using the "
+ "OpenSSL crypto engine.\n");
+ return 0;
+#endif
+ } else {
+ switch (scs.key_size) {
+ case 128:
+ if (scs.tag_size == 4) {
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(
+ &policy.rtp);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(
+ &policy.rtcp);
+ } else {
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(
+ &policy.rtp);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(
+ &policy.rtcp);
+ }
+ break;
+ case 192:
+#ifdef OPENSSL
+ if (scs.tag_size == 4) {
+ srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(
+ &policy.rtp);
+ srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(
+ &policy.rtcp);
+ } else {
+ srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(
+ &policy.rtp);
+ srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(
+ &policy.rtcp);
+ }
+#else
+ fprintf(stderr,
+ "error: AES 192 mode only supported when using the "
+ "OpenSSL crypto engine.\n");
+ return 0;
+
+#endif
+ break;
+ case 256:
+ if (scs.tag_size == 4) {
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(
+ &policy.rtp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(
+ &policy.rtcp);
+ } else {
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(
+ &policy.rtp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(
+ &policy.rtcp);
+ }
+ break;
+ }
+ }
+ break;
+ case sec_serv_conf:
+ if (gcm_on) {
+ fprintf(
+ stderr,
+ "error: GCM mode must always be used with auth enabled\n");
+ return -1;
+ } else {
+ switch (scs.key_size) {
+ case 128:
+ srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(
+ &policy.rtcp);
+ break;
+ case 192:
+#ifdef OPENSSL
+ srtp_crypto_policy_set_aes_cm_192_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(
+ &policy.rtcp);
+#else
+ fprintf(stderr,
+ "error: AES 192 mode only supported when using the "
+ "OpenSSL crypto engine.\n");
+ return 0;
+
+#endif
+ break;
+ case 256:
+ srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(
+ &policy.rtcp);
+ break;
+ }
+ }
+ break;
+ case sec_serv_auth:
+ if (gcm_on) {
+#ifdef OPENSSL
+ switch (scs.key_size) {
+ case 128:
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(
+ &policy.rtcp);
+ break;
+ case 256:
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(
+ &policy.rtcp);
+ break;
+ }
+#else
+ printf("error: GCM mode only supported when using the OpenSSL "
+ "crypto engine.\n");
+ return 0;
+#endif
+ } else {
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ }
+ break;
+ default:
+ fprintf(stderr, "error: unknown security service requested\n");
+ return -1;
+ }
+
+ policy.key = (uint8_t *)key;
+ policy.ekt = NULL;
+ policy.next = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.rtp.sec_serv = sec_servs;
+ policy.rtcp.sec_serv =
+ sec_servs; // sec_serv_none; /* we don't do RTCP anyway */
+ fprintf(stderr, "setting tag len %d\n", scs.tag_size);
+ policy.rtp.auth_tag_len = scs.tag_size;
+
+ if (gcm_on && scs.tag_size != 8) {
+ fprintf(stderr, "setted tag len %d\n", scs.tag_size);
+ policy.rtp.auth_tag_len = scs.tag_size;
+ }
+
+ /*
+ * read key from hexadecimal or base64 on command line into an octet
+ * string
+ */
+ if (b64_input) {
+ int pad;
+ expected_len = policy.rtp.cipher_key_len * 4 / 3;
+ len = base64_string_to_octet_string(key, &pad, input_key,
+ strlen(input_key));
+ } else {
+ expected_len = policy.rtp.cipher_key_len * 2;
+ len = hex_string_to_octet_string(key, input_key, expected_len);
+ }
+ /* check that hex string is the right length */
+ if (len < expected_len) {
+ fprintf(stderr, "error: too few digits in key/salt "
+ "(should be %d digits, found %d)\n",
+ expected_len, len);
+ exit(1);
+ }
+ if (strlen(input_key) > policy.rtp.cipher_key_len * 2) {
+ fprintf(stderr, "error: too many digits in key/salt "
+ "(should be %d hexadecimal digits, found %u)\n",
+ policy.rtp.cipher_key_len * 2, (unsigned)strlen(input_key));
+ exit(1);
+ }
+
+ fprintf(stderr, "set master key/salt to %s/",
+ octet_string_hex_string(key, 16));
+ fprintf(stderr, "%s\n", octet_string_hex_string(key + 16, 14));
+
+ } else {
+ fprintf(stderr,
+ "error: neither encryption or authentication were selected\n");
+ exit(1);
+ }
+
+ pcap_handle = pcap_open_offline("-", errbuf);
+
+ if (!pcap_handle) {
+ fprintf(stderr, "libpcap failed to open file '%s'\n", errbuf);
+ exit(1);
+ }
+ assert(pcap_handle != NULL);
+ if ((pcap_compile(pcap_handle, &fp, filter_exp, 1, pcap_net)) == -1) {
+ fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp,
+ pcap_geterr(pcap_handle));
+ return (2);
+ }
+ if (pcap_setfilter(pcap_handle, &fp) == -1) {
+ fprintf(stderr, "couldn't install filter %s: %s\n", filter_exp,
+ pcap_geterr(pcap_handle));
+ return (2);
+ }
+ dec = rtp_decoder_alloc();
+ if (dec == NULL) {
+ fprintf(stderr, "error: malloc() failed\n");
+ exit(1);
+ }
+ fprintf(stderr, "Starting decoder\n");
+ if (rtp_decoder_init(dec, policy, mode)) {
+ fprintf(stderr, "error: init failed\n");
+ exit(1);
+ }
+
+ pcap_loop(pcap_handle, 0, rtp_decoder_handle_pkt, (u_char *)dec);
+
+ if (dec->mode == mode_rtp || dec->mode == mode_rtcp_mux) {
+ fprintf(stderr, "RTP packets decoded: %d\n", dec->rtp_cnt);
+ }
+ if (dec->mode == mode_rtcp || dec->mode == mode_rtcp_mux) {
+ fprintf(stderr, "RTCP packets decoded: %d\n", dec->rtcp_cnt);
+ }
+ fprintf(stderr, "Packet decode errors: %d\n", dec->error_cnt);
+
+ rtp_decoder_deinit(dec);
+ rtp_decoder_dealloc(dec);
+
+ status = srtp_shutdown();
+ if (status) {
+ fprintf(stderr, "error: srtp shutdown failed with error code %d\n",
+ status);
+ exit(1);
+ }
+
+ return 0;
+}
+
+void usage(char *string)
+{
+ fprintf(
+ stderr,
+ "usage: %s [-d <debug>]* [[-k][-b] <key>] [-a][-t][-e] [-s "
+ "<srtp-crypto-suite>] [-m <mode>]\n"
+ "or %s -l\n"
+ "where -a use message authentication\n"
+ " -e <key size> use encryption (use 128 or 256 for key size)\n"
+ " -g Use AES-GCM mode (must be used with -e)\n"
+ " -t <tag size> Tag size to use (in GCM mode use 8 or 16)\n"
+ " -k <key> sets the srtp master key given in hexadecimal\n"
+ " -b <key> sets the srtp master key given in base64\n"
+ " -l list debug modules\n"
+ " -f \"<pcap filter>\" to filter only the desired SRTP packets\n"
+ " -d <debug> turn on debugging for module <debug>\n"
+ " -s \"<srtp-crypto-suite>\" to set both key and tag size based\n"
+ " on RFC4568-style crypto suite specification\n"
+ " -m <mode> set the mode to be one of [rtp]|rtcp|rtcp-mux\n",
+ string, string);
+ exit(1);
+}
+
+rtp_decoder_t rtp_decoder_alloc(void)
+{
+ return (rtp_decoder_t)malloc(sizeof(rtp_decoder_ctx_t));
+}
+
+void rtp_decoder_dealloc(rtp_decoder_t rtp_ctx)
+{
+ free(rtp_ctx);
+}
+
+int rtp_decoder_deinit(rtp_decoder_t decoder)
+{
+ if (decoder->srtp_ctx) {
+ return srtp_dealloc(decoder->srtp_ctx);
+ }
+ return 0;
+}
+
+int rtp_decoder_init(rtp_decoder_t dcdr,
+ srtp_policy_t policy,
+ rtp_decoder_mode_t mode)
+{
+ dcdr->rtp_offset = DEFAULT_RTP_OFFSET;
+ dcdr->srtp_ctx = NULL;
+ dcdr->start_tv.tv_usec = 0;
+ dcdr->start_tv.tv_sec = 0;
+ dcdr->frame_nr = -1;
+ dcdr->error_cnt = 0;
+ dcdr->rtp_cnt = 0;
+ dcdr->rtcp_cnt = 0;
+ dcdr->mode = mode;
+ dcdr->policy = policy;
+ dcdr->policy.ssrc.type = ssrc_any_inbound;
+
+ if (srtp_create(&dcdr->srtp_ctx, &dcdr->policy)) {
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * decodes key as base64
+ */
+
+void hexdump(const void *ptr, size_t size)
+{
+ int i, j;
+ const unsigned char *cptr = ptr;
+
+ for (i = 0; i < size; i += 16) {
+ fprintf(stdout, "%04x ", i);
+ for (j = 0; j < 16 && i + j < size; j++) {
+ fprintf(stdout, "%02x ", cptr[i + j]);
+ }
+ fprintf(stdout, "\n");
+ }
+}
+
+void rtp_decoder_handle_pkt(u_char *arg,
+ const struct pcap_pkthdr *hdr,
+ const u_char *bytes)
+{
+ rtp_decoder_t dcdr = (rtp_decoder_t)arg;
+ rtp_msg_t message;
+ int rtp;
+ int pktsize;
+ struct timeval delta;
+ int octets_recvd;
+ srtp_err_status_t status;
+ dcdr->frame_nr++;
+
+ if ((dcdr->start_tv.tv_sec == 0) && (dcdr->start_tv.tv_usec == 0)) {
+ dcdr->start_tv = hdr->ts;
+ }
+
+ if (hdr->caplen < dcdr->rtp_offset) {
+ return;
+ }
+ const void *rtp_packet = bytes + dcdr->rtp_offset;
+
+ memcpy((void *)&message, rtp_packet, hdr->caplen - dcdr->rtp_offset);
+ pktsize = hdr->caplen - dcdr->rtp_offset;
+ octets_recvd = pktsize;
+
+ if (octets_recvd == -1) {
+ return;
+ }
+
+ if (dcdr->mode == mode_rtp) {
+ rtp = 1;
+ } else if (dcdr->mode == mode_rtcp) {
+ rtp = 0;
+ } else {
+ rtp = 1;
+ if (octets_recvd >= 2) {
+ /* rfc5761 */
+ u_char payload_type = *(bytes + dcdr->rtp_offset + 1) & 0x7f;
+ rtp = payload_type < 64 || payload_type > 95;
+ }
+ }
+
+ if (rtp) {
+ /* verify rtp header */
+ if (message.header.version != 2) {
+ return;
+ }
+
+ status = srtp_unprotect(dcdr->srtp_ctx, &message, &octets_recvd);
+ if (status) {
+ dcdr->error_cnt++;
+ return;
+ }
+ dcdr->rtp_cnt++;
+ } else {
+ status = srtp_unprotect_rtcp(dcdr->srtp_ctx, &message, &octets_recvd);
+ if (status) {
+ dcdr->error_cnt++;
+ return;
+ }
+ dcdr->rtcp_cnt++;
+ }
+ timersub(&hdr->ts, &dcdr->start_tv, &delta);
+ fprintf(stdout, "%02ld:%02ld.%06ld\n", delta.tv_sec / 60, delta.tv_sec % 60,
+ (long)delta.tv_usec);
+ hexdump(&message, octets_recvd);
+}
+
+void rtp_print_error(srtp_err_status_t status, char *message)
+{
+ // clang-format off
+ fprintf(stderr,
+ "error: %s %d%s\n", message, status,
+ status == srtp_err_status_replay_fail ? " (replay check failed)" :
+ status == srtp_err_status_bad_param ? " (bad param)" :
+ status == srtp_err_status_no_ctx ? " (no context)" :
+ status == srtp_err_status_cipher_fail ? " (cipher failed)" :
+ status == srtp_err_status_key_expired ? " (key expired)" :
+ status == srtp_err_status_auth_fail ? " (auth check failed)" : "");
+ // clang-format on
+}
diff --git a/test/rtp_decoder.h b/test/rtp_decoder.h
new file mode 100644
index 0000000..30a51d8
--- /dev/null
+++ b/test/rtp_decoder.h
@@ -0,0 +1,121 @@
+/*
+ * rtp_decoder.h
+ *
+ * decoder structures and functions for SRTP pcap decoder
+ *
+ * Bernardo Torres <bernardo@torresautomacao.com.br>
+ *
+ * Some structure and code from https://github.com/gteissier/srtp-decrypt
+ *
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef RTP_DECODER_H
+#define RTP_DECODER_H
+
+#include "srtp_priv.h"
+#include "rtp.h"
+
+#define DEFAULT_RTP_OFFSET 42
+
+typedef enum {
+ mode_rtp = 0,
+ mode_rtcp,
+ mode_rtcp_mux,
+} rtp_decoder_mode_t;
+
+typedef struct rtp_decoder_ctx_t {
+ srtp_policy_t policy;
+ srtp_ctx_t *srtp_ctx;
+ rtp_decoder_mode_t mode;
+ int rtp_offset;
+ struct timeval start_tv;
+ int frame_nr;
+ int error_cnt;
+ int rtp_cnt;
+ int rtcp_cnt;
+} rtp_decoder_ctx_t;
+
+typedef struct rtp_decoder_ctx_t *rtp_decoder_t;
+
+/*
+ * error to string
+ */
+void rtp_print_error(srtp_err_status_t status, char *message);
+
+/*
+ * prints the output of a random buffer in hexadecimal
+ */
+void hexdump(const void *ptr, size_t size);
+
+/*
+ * the function usage() prints an error message describing how this
+ * program should be called, then calls exit()
+ */
+void usage(char *prog_name);
+
+/*
+ * transforms base64 key into octet
+ */
+char *decode_sdes(char *in, char *out);
+
+/*
+ * pcap handling
+ */
+void rtp_decoder_handle_pkt(u_char *arg,
+ const struct pcap_pkthdr *hdr,
+ const u_char *bytes);
+
+rtp_decoder_t rtp_decoder_alloc(void);
+
+void rtp_decoder_dealloc(rtp_decoder_t rtp_ctx);
+
+int rtp_decoder_init(rtp_decoder_t dcdr,
+ srtp_policy_t policy,
+ rtp_decoder_mode_t mode);
+
+int rtp_decoder_deinit(rtp_decoder_t decoder);
+
+void rtp_decoder_srtp_log_handler(srtp_log_level_t level,
+ const char *msg,
+ void *data);
+
+void rtp_decoder_srtp_log_handler(srtp_log_level_t level,
+ const char *msg,
+ void *data);
+
+#endif /* RTP_DECODER_H */
diff --git a/test/rtpw b/test/rtpw
deleted file mode 100755
index 08950dd..0000000
--- a/test/rtpw
+++ /dev/null
Binary files differ
diff --git a/test/rtpw.c b/test/rtpw.c
index 63736fc..901816e 100644
--- a/test/rtpw.c
+++ b/test/rtpw.c
@@ -7,34 +7,34 @@
* Cisco Systems, Inc.
*
* This app is a simple RTP application intended only for testing
- * libsrtp. It reads one word at a time from /usr/dict/words (or
- * whatever file is specified as DICT_FILE), and sends one word out
+ * libsrtp. It reads one word at a time from words.txt (or
+ * whatever file is specified as DICT_FILE or with -w), and sends one word out
* each USEC_RATE microseconds. Secure RTP protections can be
* applied. See the usage() function for more details.
*
*/
/*
- *
- * Copyright (c) 2001-2005, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -50,43 +50,82 @@
*
*/
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
-#include <stdio.h> /* for printf, fprintf */
-#include <stdlib.h> /* for atoi() */
-#include <sys/types.h>
+#include "getopt_s.h" /* for local getopt() */
+
+#include <stdio.h> /* for printf, fprintf */
+#include <stdlib.h> /* for atoi() */
+#include <errno.h>
+#include <signal.h> /* for signal() */
+
+#include <string.h> /* for strncpy() */
+#include <time.h> /* for usleep() */
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h> /* for close() */
+#elif defined(_MSC_VER)
+#include <io.h> /* for _close() */
+#define close _close
+#endif
+#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
-#include <netinet/in.h> /* openbsd wants this */
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#elif defined HAVE_WINSOCK2_H
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#define RTPW_USE_WINSOCK2 1
+#endif
+#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
-#include <errno.h>
-#include <unistd.h> /* for close() */
-#include <string.h> /* for strncpy() */
-#include <time.h> /* for usleep() */
+#endif
-#include "srtp.h"
+#include "srtp.h"
#include "rtp.h"
+#include "util.h"
-#define DICT_FILE "/usr/share/dict/words"
-#define USEC_RATE (5e5)
-#define MAX_WORD_LEN 128
+#define DICT_FILE "words.txt"
+#define USEC_RATE (5e5)
+#define MAX_WORD_LEN 128
#define ADDR_IS_MULTICAST(a) IN_MULTICAST(htonl(a))
-#define MAX_KEY_LEN 64
-#define MASTER_KEY_LEN 30
+#define MAX_KEY_LEN 96
+
+#ifndef HAVE_USLEEP
+#ifdef HAVE_WINDOWS_H
+#define usleep(us) Sleep((us) / 1000)
+#else
+#define usleep(us) sleep((us) / 1000000)
+#endif
+#endif
/*
* the function usage() prints an error message describing how this
* program should be called, then calls exit()
*/
-void
-usage(char *prog_name);
+void usage(char *prog_name);
/*
* leave_group(...) de-registers from a multicast group
*/
-void
-leave_group(int sock, struct ip_mreq mreq, char *name);
+void leave_group(int sock, struct ip_mreq mreq, char *name);
+
+/*
+ * setup_signal_handler() sets up a signal handler to trigger
+ * cleanups after an interrupt
+ */
+int setup_signal_handler(char *name);
+
+/*
+ * handle_signal(...) handles interrupt signal to trigger cleanups
+ */
+volatile int interrupted = 0;
/*
* program_type distinguishes the [s]rtp sender and receiver cases
@@ -94,352 +133,569 @@ leave_group(int sock, struct ip_mreq mreq, char *name);
typedef enum { sender, receiver, unknown } program_type;
-int
-main (int argc, char *argv[]) {
- char *dictfile = DICT_FILE;
- FILE *dict;
- char word[MAX_WORD_LEN];
- int sock, ret;
- struct in_addr rcvr_addr;
- struct sockaddr_in name;
- struct ip_mreq mreq;
+int main(int argc, char *argv[])
+{
+ char *dictfile = DICT_FILE;
+ FILE *dict;
+ char word[MAX_WORD_LEN];
+ int sock, ret;
+ struct in_addr rcvr_addr;
+ struct sockaddr_in name;
+ struct ip_mreq mreq;
#if BEW
- struct sockaddr_in local;
-#endif
- program_type prog_type = unknown;
- sec_serv_t sec_servs = sec_serv_none;
- unsigned char ttl = 5;
- int c;
- unsigned char *input_key = NULL;
- unsigned char *address = NULL;
- octet_t key[MAX_KEY_LEN];
- unsigned short port = 0;
- rtp_sender_t snd;
- srtp_policy_t policy;
- err_status_t status;
- int len;
- int do_list_mods = 0;
- uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */
-
- /* initialize srtp library */
- status = srtp_init();
- if (status) {
- printf("error: srtp initialization failed with error code %d\n", status);
- exit(1);
- }
+ struct sockaddr_in local;
+#endif
+ program_type prog_type = unknown;
+ srtp_sec_serv_t sec_servs = sec_serv_none;
+ unsigned char ttl = 5;
+ int c;
+ int key_size = 128;
+ int tag_size = 8;
+ int gcm_on = 0;
+ char *input_key = NULL;
+ int b64_input = 0;
+ char *address = NULL;
+ char key[MAX_KEY_LEN];
+ unsigned short port = 0;
+ rtp_sender_t snd;
+ srtp_policy_t policy;
+ srtp_err_status_t status;
+ int len;
+ int expected_len;
+ int do_list_mods = 0;
+ uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */
+#ifdef RTPW_USE_WINSOCK2
+ WORD wVersionRequested = MAKEWORD(2, 0);
+ WSADATA wsaData;
+
+ ret = WSAStartup(wVersionRequested, &wsaData);
+ if (ret != 0) {
+ fprintf(stderr, "error: WSAStartup() failed: %d\n", ret);
+ exit(1);
+ }
+#endif
+
+ memset(&policy, 0x0, sizeof(srtp_policy_t));
- /* check args */
- while (1) {
- c = getopt(argc, argv, "k:rsaeld:");
- if (c == -1) {
- break;
+ printf("Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version());
+
+ if (setup_signal_handler(argv[0]) != 0) {
+ exit(1);
}
- switch (c) {
- case 'k':
- input_key = optarg;
- break;
- case 'e':
- sec_servs |= sec_serv_conf;
- break;
- case 'a':
- sec_servs |= sec_serv_auth;
- break;
- case 'r':
- prog_type = receiver;
- break;
- case 's':
- prog_type = sender;
- break;
- case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
- if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
+
+ /* initialize srtp library */
+ status = srtp_init();
+ if (status) {
+ printf("error: srtp initialization failed with error code %d\n",
+ status);
exit(1);
- }
- break;
- case 'l':
- do_list_mods = 1;
- break;
- default:
- usage(argv[0]);
}
- }
-
- if (prog_type == unknown) {
- if (do_list_mods) {
- status = crypto_kernel_list_debug_modules();
- if (status) {
- printf("error: list of debug modules failed\n");
- exit(1);
- }
- return 0;
- } else {
- printf("error: neither sender [-s] nor receiver [-r] specified\n");
- usage(argv[0]);
+
+ /* check args */
+ while (1) {
+ c = getopt_s(argc, argv, "b:k:rsgt:ae:ld:w:");
+ if (c == -1) {
+ break;
+ }
+ switch (c) {
+ case 'b':
+ b64_input = 1;
+ /* fall thru */
+ case 'k':
+ input_key = optarg_s;
+ break;
+ case 'e':
+ key_size = atoi(optarg_s);
+ if (key_size != 128 && key_size != 256) {
+ printf("error: encryption key size must be 128 or 256 (%d)\n",
+ key_size);
+ exit(1);
+ }
+ sec_servs |= sec_serv_conf;
+ break;
+ case 't':
+ tag_size = atoi(optarg_s);
+ if (tag_size != 8 && tag_size != 16) {
+ printf("error: GCM tag size must be 8 or 16 (%d)\n", tag_size);
+ exit(1);
+ }
+ break;
+ case 'a':
+ sec_servs |= sec_serv_auth;
+ break;
+ case 'g':
+ gcm_on = 1;
+ sec_servs |= sec_serv_auth;
+ break;
+ case 'r':
+ prog_type = receiver;
+ break;
+ case 's':
+ prog_type = sender;
+ break;
+ case 'd':
+ status = srtp_set_debug_module(optarg_s, 1);
+ if (status) {
+ printf("error: set debug module (%s) failed\n", optarg_s);
+ exit(1);
+ }
+ break;
+ case 'l':
+ do_list_mods = 1;
+ break;
+ case 'w':
+ dictfile = optarg_s;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (prog_type == unknown) {
+ if (do_list_mods) {
+ status = srtp_list_debug_modules();
+ if (status) {
+ printf("error: list of debug modules failed\n");
+ exit(1);
+ }
+ return 0;
+ } else {
+ printf("error: neither sender [-s] nor receiver [-r] specified\n");
+ usage(argv[0]);
+ }
+ }
+
+ if ((sec_servs && !input_key) || (!sec_servs && input_key)) {
+ /*
+ * a key must be provided if and only if security services have
+ * been requested
+ */
+ usage(argv[0]);
+ }
+
+ if (argc != optind_s + 2) {
+ /* wrong number of arguments */
+ usage(argv[0]);
+ }
+
+ /* get address from arg */
+ address = argv[optind_s++];
+
+ /* get port from arg */
+ port = atoi(argv[optind_s++]);
+
+/* set address */
+#ifdef HAVE_INET_ATON
+ if (0 == inet_aton(address, &rcvr_addr)) {
+ fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0],
+ address);
+ exit(1);
+ }
+ if (rcvr_addr.s_addr == INADDR_NONE) {
+ fprintf(stderr, "%s: address error", argv[0]);
+ exit(1);
}
- }
-
- if ((sec_servs && !input_key) || (!sec_servs && input_key)) {
- /*
- * a key must be provided if and only if security services have
- * been requested
- */
- usage(argv[0]);
- }
-
- if (argc != optind + 2) {
- /* wrong number of arguments */
- usage(argv[0]);
- }
-
- /* get address from arg */
- address = argv[optind++];
-
- /* get port from arg */
- port = atoi(argv[optind++]);
-
- /* set address */
-#if HAVE_INET_ATON
- if (0 == inet_aton(address, &rcvr_addr)) {
- fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address);
- exit(1);
- }
- if (rcvr_addr.s_addr == INADDR_NONE) {
- fprintf(stderr, "%s: address error", argv[0]);
- exit(1);
- }
#else
- rcvr_addr.s_addr = inet_addr(address);
- if (0xffffffff == rcvr_addr.s_addr) {
- fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address);
- exit(1);
- }
+ rcvr_addr.s_addr = inet_addr(address);
+ if (0xffffffff == rcvr_addr.s_addr) {
+ fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0],
+ address);
+ exit(1);
+ }
#endif
- /* open socket */
- sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
- if (sock < 0) {
- fprintf(stderr, "%s: couldn't open socket\n", argv[0]);
- exit(1);
- }
-
- name.sin_addr = rcvr_addr;
- name.sin_family = PF_INET;
- name.sin_port = htons(port);
-
- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
- if (prog_type == sender) {
- ret = setsockopt(sock, IPPROTO_IP, IP_MULTICAST_TTL, &ttl,
- sizeof(ttl));
- if (ret < 0) {
- fprintf(stderr, "%s: Failed to set TTL for multicast group", argv[0]);
- perror("");
- exit(1);
- }
+ /* open socket */
+ sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ if (sock < 0) {
+ int err;
+#ifdef RTPW_USE_WINSOCK2
+ err = WSAGetLastError();
+#else
+ err = errno;
+#endif
+ fprintf(stderr, "%s: couldn't open socket: %d\n", argv[0], err);
+ exit(1);
}
- mreq.imr_multiaddr.s_addr = rcvr_addr.s_addr;
- mreq.imr_interface.s_addr = htonl(INADDR_ANY);
- ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
- if (ret < 0) {
- fprintf(stderr, "%s: Failed to join multicast group", argv[0]);
- perror("");
- exit(1);
+ memset(&name, 0, sizeof(struct sockaddr_in));
+ name.sin_addr = rcvr_addr;
+ name.sin_family = PF_INET;
+ name.sin_port = htons(port);
+
+ if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
+ if (prog_type == sender) {
+ ret = setsockopt(sock, IPPROTO_IP, IP_MULTICAST_TTL, &ttl,
+ sizeof(ttl));
+ if (ret < 0) {
+ fprintf(stderr, "%s: Failed to set TTL for multicast group",
+ argv[0]);
+ perror("");
+ exit(1);
+ }
+ }
+
+ mreq.imr_multiaddr.s_addr = rcvr_addr.s_addr;
+ mreq.imr_interface.s_addr = htonl(INADDR_ANY);
+ ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, (void *)&mreq,
+ sizeof(mreq));
+ if (ret < 0) {
+ fprintf(stderr, "%s: Failed to join multicast group", argv[0]);
+ perror("");
+ exit(1);
+ }
}
- }
-
- /* report security services selected on the command line */
- printf("security services: ");
- if (sec_servs & sec_serv_conf)
- printf("confidentiality ");
- if (sec_servs & sec_serv_auth)
- printf("message authentication");
- if (sec_servs == sec_serv_none)
- printf("none");
- printf("\n");
-
- /* set up the srtp policy and master key */
- if (sec_servs) {
- /*
- * create policy structure, using the default mechanisms but
- * with only the security services requested on the command line,
- * using the right SSRC value
- */
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- policy.ssrc.type = ssrc_specific;
- policy.ssrc.value = ssrc;
- policy.key = key;
- policy.next = NULL;
- policy.rtp.sec_serv = sec_servs;
- policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */
-
- /*
- * read key from hexadecimal on command line into an octet string
- */
- len = hex_string_to_octet_string(key, input_key, MASTER_KEY_LEN*2);
-
- /* check that hex string is the right length */
- if (len < MASTER_KEY_LEN*2) {
- fprintf(stderr,
- "error: too few digits in key/salt "
- "(should be %d hexadecimal digits, found %d)\n",
- MASTER_KEY_LEN*2, len);
- exit(1);
- }
- if (strlen(input_key) > MASTER_KEY_LEN*2) {
- fprintf(stderr,
- "error: too many digits in key/salt "
- "(should be %d hexadecimal digits, found %u)\n",
- MASTER_KEY_LEN*2, (unsigned)strlen(input_key));
- exit(1);
+
+ /* report security services selected on the command line */
+ printf("security services: ");
+ if (sec_servs & sec_serv_conf)
+ printf("confidentiality ");
+ if (sec_servs & sec_serv_auth)
+ printf("message authentication");
+ if (sec_servs == sec_serv_none)
+ printf("none");
+ printf("\n");
+
+ /* set up the srtp policy and master key */
+ if (sec_servs) {
+ /*
+ * create policy structure, using the default mechanisms but
+ * with only the security services requested on the command line,
+ * using the right SSRC value
+ */
+ switch (sec_servs) {
+ case sec_serv_conf_and_auth:
+ if (gcm_on) {
+#ifdef GCM
+ switch (key_size) {
+ case 128:
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ break;
+ case 256:
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+ break;
+ }
+#else
+ printf("error: GCM mode only supported when using the OpenSSL "
+ "or NSS crypto engine.\n");
+ return 0;
+#endif
+ } else {
+ switch (key_size) {
+ case 128:
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ case 256:
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ }
+ }
+ break;
+ case sec_serv_conf:
+ if (gcm_on) {
+ printf(
+ "error: GCM mode must always be used with auth enabled\n");
+ return -1;
+ } else {
+ switch (key_size) {
+ case 128:
+ srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ case 256:
+ srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ }
+ }
+ break;
+ case sec_serv_auth:
+ if (gcm_on) {
+#ifdef GCM
+ switch (key_size) {
+ case 128:
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(
+ &policy.rtcp);
+ break;
+ case 256:
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(
+ &policy.rtcp);
+ break;
+ }
+#else
+ printf("error: GCM mode only supported when using the OpenSSL "
+ "crypto engine.\n");
+ return 0;
+#endif
+ } else {
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ }
+ break;
+ default:
+ printf("error: unknown security service requested\n");
+ return -1;
+ }
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = ssrc;
+ policy.key = (uint8_t *)key;
+ policy.ekt = NULL;
+ policy.next = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.rtp.sec_serv = sec_servs;
+ policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */
+
+ if (gcm_on && tag_size != 8) {
+ policy.rtp.auth_tag_len = tag_size;
+ }
+
+ /*
+ * read key from hexadecimal or base64 on command line into an octet
+ * string
+ */
+ if (b64_input) {
+ int pad;
+ expected_len = (policy.rtp.cipher_key_len * 4) / 3;
+ len = base64_string_to_octet_string(key, &pad, input_key,
+ expected_len);
+ if (pad != 0) {
+ fprintf(stderr, "error: padding in base64 unexpected\n");
+ exit(1);
+ }
+ } else {
+ expected_len = policy.rtp.cipher_key_len * 2;
+ len = hex_string_to_octet_string(key, input_key, expected_len);
+ }
+ /* check that hex string is the right length */
+ if (len < expected_len) {
+ fprintf(stderr, "error: too few digits in key/salt "
+ "(should be %d digits, found %d)\n",
+ expected_len, len);
+ exit(1);
+ }
+ if ((int)strlen(input_key) > policy.rtp.cipher_key_len * 2) {
+ fprintf(stderr, "error: too many digits in key/salt "
+ "(should be %d hexadecimal digits, found %u)\n",
+ policy.rtp.cipher_key_len * 2, (unsigned)strlen(input_key));
+ exit(1);
+ }
+
+ printf("set master key/salt to %s/", octet_string_hex_string(key, 16));
+ printf("%s\n", octet_string_hex_string(key + 16, 14));
+
+ } else {
+ /*
+ * we're not providing security services, so set the policy to the
+ * null policy
+ *
+ * Note that this policy does not conform to the SRTP
+ * specification, since RTCP authentication is required. However,
+ * the effect of this policy is to turn off SRTP, so that this
+ * application is now a vanilla-flavored RTP application.
+ */
+ srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtp);
+ srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtcp);
+ policy.key = (uint8_t *)key;
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = ssrc;
+ policy.window_size = 0;
+ policy.allow_repeat_tx = 0;
+ policy.ekt = NULL;
+ policy.next = NULL;
}
-
- printf("set master key/salt to %s/", octet_string_hex_string(key, 16));
- printf("%s\n", octet_string_hex_string(key+16, 14));
-
- } else {
- /*
- * we're not providing security services, so set the policy to the
- * null policy
- *
- * Note that this policy does not conform to the SRTP
- * specification, since RTCP authentication is required. However,
- * the effect of this policy is to turn off SRTP, so that this
- * application is now a vanilla-flavored RTP application.
- */
- policy.ssrc.type = ssrc_specific;
- policy.ssrc.value = ssrc;
- policy.rtp.cipher_type = NULL_CIPHER;
- policy.rtp.cipher_key_len = 0;
- policy.rtp.auth_type = NULL_AUTH;
- policy.rtp.auth_key_len = 0;
- policy.rtp.auth_tag_len = 0;
- policy.rtp.sec_serv = sec_serv_none;
- policy.rtcp.cipher_type = NULL_CIPHER;
- policy.rtcp.cipher_key_len = 0;
- policy.rtcp.auth_type = NULL_AUTH;
- policy.rtcp.auth_key_len = 0;
- policy.rtcp.auth_tag_len = 0;
- policy.rtcp.sec_serv = sec_serv_none;
- policy.next = NULL;
- }
-
- if (prog_type == sender) {
+ if (prog_type == sender) {
#if BEW
- /* bind to local socket (to match crypto policy, if need be) */
- memset(&local, 0, sizeof(struct sockaddr_in));
- local.sin_addr.s_addr = htonl(INADDR_ANY);
- local.sin_port = htons(port);
- ret = bind(sock, (struct sockaddr *) &local, sizeof(struct sockaddr_in));
- if (ret < 0) {
- fprintf(stderr, "%s: bind failed\n", argv[0]);
- perror("");
- exit(1);
- }
+ /* bind to local socket (to match crypto policy, if need be) */
+ memset(&local, 0, sizeof(struct sockaddr_in));
+ local.sin_addr.s_addr = htonl(INADDR_ANY);
+ local.sin_port = htons(port);
+ ret = bind(sock, (struct sockaddr *)&local, sizeof(struct sockaddr_in));
+ if (ret < 0) {
+ fprintf(stderr, "%s: bind failed\n", argv[0]);
+ perror("");
+ exit(1);
+ }
#endif /* BEW */
- /* initialize sender's rtp and srtp contexts */
- rtp_sender_init(&snd, sock, name, ssrc);
- status = srtp_create(&snd.srtp_ctx, &policy);
- if (status) {
- fprintf(stderr,
- "error: srtp_create() failed with code %d\n",
- status);
- exit(1);
+ /* initialize sender's rtp and srtp contexts */
+ snd = rtp_sender_alloc();
+ if (snd == NULL) {
+ fprintf(stderr, "error: malloc() failed\n");
+ exit(1);
+ }
+ rtp_sender_init(snd, sock, name, ssrc);
+ status = rtp_sender_init_srtp(snd, &policy);
+ if (status) {
+ fprintf(stderr, "error: srtp_create() failed with code %d\n",
+ status);
+ exit(1);
+ }
+
+ /* open dictionary */
+ dict = fopen(dictfile, "r");
+ if (dict == NULL) {
+ fprintf(stderr, "%s: couldn't open file %s\n", argv[0], dictfile);
+ if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
+ leave_group(sock, mreq, argv[0]);
+ }
+ exit(1);
+ }
+
+ /* read words from dictionary, then send them off */
+ while (!interrupted && fgets(word, MAX_WORD_LEN, dict) != NULL) {
+ len = strlen(word) + 1; /* plus one for null */
+
+ if (len > MAX_WORD_LEN)
+ printf("error: word %s too large to send\n", word);
+ else {
+ rtp_sendto(snd, word, len);
+ printf("sending word: %s", word);
+ }
+ usleep(USEC_RATE);
+ }
+
+ rtp_sender_deinit_srtp(snd);
+ rtp_sender_dealloc(snd);
+
+ fclose(dict);
+ } else { /* prog_type == receiver */
+ rtp_receiver_t rcvr;
+
+ if (bind(sock, (struct sockaddr *)&name, sizeof(name)) < 0) {
+ close(sock);
+ fprintf(stderr, "%s: socket bind error\n", argv[0]);
+ perror(NULL);
+ if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
+ leave_group(sock, mreq, argv[0]);
+ }
+ exit(1);
+ }
+
+ rcvr = rtp_receiver_alloc();
+ if (rcvr == NULL) {
+ fprintf(stderr, "error: malloc() failed\n");
+ exit(1);
+ }
+ rtp_receiver_init(rcvr, sock, name, ssrc);
+ status = rtp_receiver_init_srtp(rcvr, &policy);
+ if (status) {
+ fprintf(stderr, "error: srtp_create() failed with code %d\n",
+ status);
+ exit(1);
+ }
+
+ /* get next word and loop */
+ while (!interrupted) {
+ len = MAX_WORD_LEN;
+ if (rtp_recvfrom(rcvr, word, &len) > -1)
+ printf("\tword: %s\n", word);
+ }
+
+ rtp_receiver_deinit_srtp(rcvr);
+ rtp_receiver_dealloc(rcvr);
}
-
- /* open dictionary */
- dict = fopen (dictfile, "r");
- if (dict == NULL) {
- fprintf(stderr, "%s: couldn't open file %s\n", argv[0], dictfile);
- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
- leave_group(sock, mreq, argv[0]);
- }
- exit(1);
- }
-
- /* read words from dictionary, then send them off */
- while (fgets(word, MAX_WORD_LEN, dict) != NULL) {
- len = strlen(word) + 1; /* plus one for null */
-
- if (len > MAX_WORD_LEN)
- printf("error: word %s too large to send\n", word);
- else {
- rtp_sendto(&snd, word, len);
- printf("sending word: %s", word);
- }
- usleep(USEC_RATE);
+
+ if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
+ leave_group(sock, mreq, argv[0]);
}
-
- } else { /* prog_type == receiver */
- rtp_receiver_t rcvr;
-
- if (bind(sock, (struct sockaddr *)&name, sizeof(name)) < 0) {
- close(sock);
- fprintf(stderr, "%s: socket bind error\n", argv[0]);
- perror(NULL);
- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
- leave_group(sock, mreq, argv[0]);
- }
- exit(1);
+
+#ifdef RTPW_USE_WINSOCK2
+ ret = closesocket(sock);
+#else
+ ret = close(sock);
+#endif
+ if (ret < 0) {
+ fprintf(stderr, "%s: Failed to close socket", argv[0]);
+ perror("");
}
- rtp_receiver_init(&rcvr, sock, name, ssrc);
- status = srtp_create(&rcvr.srtp_ctx, &policy);
+ status = srtp_shutdown();
if (status) {
- fprintf(stderr,
- "error: srtp_create() failed with code %d\n",
- status);
- exit(1);
+ printf("error: srtp shutdown failed with error code %d\n", status);
+ exit(1);
}
- /* get next word and loop */
- while (1) {
- len = MAX_WORD_LEN;
- if (rtp_recvfrom(&rcvr, word, &len) > -1)
- printf("\tword: %s", word);
- else
- printf("error receiving data\n");
- }
-
- }
+#ifdef RTPW_USE_WINSOCK2
+ WSACleanup();
+#endif
- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
- leave_group(sock, mreq, argv[0]);
- }
- return 0;
+ return 0;
}
-
-void
-usage(char *string) {
-
- printf("usage: %s [-d <debug>]* [-k <key> [-a][-e]] "
- "[-s | -r] dest_ip dest_port\n"
- "or %s -l\n"
- "where -a use message authentication\n"
- " -e use encryption\n"
- " -k <key> sets the srtp master key\n"
- " -s act as rtp sender\n"
- " -r act as rtp receiver\n"
- " -l list debug modules\n"
- " -d <debug> turn on debugging for module <debug>\n",
- string, string);
- exit(1);
-
+void usage(char *string)
+{
+ printf("usage: %s [-d <debug>]* [-k <key> [-a][-e]] "
+ "[-s | -r] dest_ip dest_port\n"
+ "or %s -l\n"
+ "where -a use message authentication\n"
+ " -e <key size> use encryption (use 128 or 256 for key size)\n"
+ " -g Use AES-GCM mode (must be used with -e)\n"
+ " -t <tag size> Tag size to use in GCM mode (use 8 or 16)\n"
+ " -k <key> sets the srtp master key given in hexadecimal\n"
+ " -b <key> sets the srtp master key given in base64\n"
+ " -s act as rtp sender\n"
+ " -r act as rtp receiver\n"
+ " -l list debug modules\n"
+ " -d <debug> turn on debugging for module <debug>\n"
+ " -w <wordsfile> use <wordsfile> for input, rather than %s\n",
+ string, string, DICT_FILE);
+ exit(1);
}
+void leave_group(int sock, struct ip_mreq mreq, char *name)
+{
+ int ret;
-void
-leave_group(int sock, struct ip_mreq mreq, char *name) {
- int ret;
+ ret = setsockopt(sock, IPPROTO_IP, IP_DROP_MEMBERSHIP, (void *)&mreq,
+ sizeof(mreq));
+ if (ret < 0) {
+ fprintf(stderr, "%s: Failed to leave multicast group", name);
+ perror("");
+ }
+}
- ret = setsockopt(sock, IPPROTO_IP, IP_DROP_MEMBERSHIP, &mreq, sizeof(mreq));
- if (ret < 0) {
- fprintf(stderr, "%s: Failed to leave multicast group", name);
- perror("");
- }
+void handle_signal(int signum)
+{
+ interrupted = 1;
+ /* Reset handler explicitly, in case we don't have sigaction() (and signal()
+ has BSD semantics), or we don't have SA_RESETHAND */
+ signal(signum, SIG_DFL);
}
+int setup_signal_handler(char *name)
+{
+#if HAVE_SIGACTION
+ struct sigaction act;
+ memset(&act, 0, sizeof(act));
+
+ act.sa_handler = handle_signal;
+ sigemptyset(&act.sa_mask);
+#if defined(SA_RESETHAND)
+ act.sa_flags = SA_RESETHAND;
+#else
+ act.sa_flags = 0;
+#endif
+ /* Note that we're not setting SA_RESTART; we want recvfrom to return
+ * EINTR when we signal the receiver. */
+
+ if (sigaction(SIGTERM, &act, NULL) != 0) {
+ fprintf(stderr, "%s: error setting up signal handler", name);
+ perror("");
+ return -1;
+ }
+#else
+ if (signal(SIGTERM, handle_signal) == SIG_ERR) {
+ fprintf(stderr, "%s: error setting up signal handler", name);
+ perror("");
+ return -1;
+ }
+#endif
+ return 0;
+}
diff --git a/test/rtpw_test.sh b/test/rtpw_test.sh
new file mode 100755
index 0000000..158a393
--- /dev/null
+++ b/test/rtpw_test.sh
@@ -0,0 +1,176 @@
+#!/bin/sh
+#
+# usage: rtpw_test <rtpw_commands>
+#
+# tests the rtpw sender and receiver functions
+#
+# Copyright (c) 2001-2017, Cisco Systems, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# Neither the name of the Cisco Systems, Inc. nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+case $(uname -s) in
+ *CYGWIN*|*MINGW*)
+ EXE=".exe"
+ ;;
+ *Linux*)
+ EXE=""
+ export LD_LIBRARY_PATH=$CRYPTO_LIBDIR
+ ;;
+ *Darwin*)
+ EXE=""
+ export DYLD_LIBRARY_PATH=$CRYPTO_LIBDIR
+ ;;
+esac
+
+RTPW=./rtpw$EXE
+DEST_PORT=9999
+DURATION=3
+
+key=Ky7cUDT2GnI0XKWYbXv9AYmqbcLsqzL9mvdN9t/G
+
+ARGS="-b $key -a -e 128"
+
+# First, we run "killall" to get rid of all existing rtpw processes.
+# This step also enables this script to clean up after itself; if this
+# script is interrupted after the rtpw processes are started but before
+# they are killed, those processes will linger. Re-running the script
+# will get rid of them.
+
+killall rtpw 2>/dev/null
+
+if test -x $RTPW; then
+
+echo $0 ": starting rtpw receiver process... "
+
+$RTPW $* $ARGS -r 0.0.0.0 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting rtpw sender process..."
+
+$RTPW $* $ARGS -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+
+key=033490ba9e82994fc21013395739038992b2edc5034f61a72345ca598d7bfd0189aa6dc2ecab32fd9af74df6dfc6
+
+ARGS="-k $key -a -e 256"
+
+echo $0 ": starting rtpw receiver process... "
+
+$RTPW $* $ARGS -r 0.0.0.0 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting rtpw sender process..."
+
+$RTPW $* $ARGS -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+echo $0 ": done (test passed)"
+
+else
+
+echo "error: can't find executable" $RTPW
+exit 1
+
+fi
+
+# EOF
+
+
diff --git a/test/rtpw_test_gcm.sh b/test/rtpw_test_gcm.sh
new file mode 100755
index 0000000..644255e
--- /dev/null
+++ b/test/rtpw_test_gcm.sh
@@ -0,0 +1,260 @@
+#!/bin/sh
+#
+# usage: rtpw_test <rtpw_commands>
+#
+# tests the rtpw sender and receiver functions
+#
+# Copyright (c) 2001-2017, Cisco Systems, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# Neither the name of the Cisco Systems, Inc. nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+case $(uname -s) in
+ *CYGWIN*|*MINGW*)
+ EXE=".exe"
+ ;;
+ *Linux*)
+ EXE=""
+ export LD_LIBRARY_PATH=$CRYPTO_LIBDIR
+ ;;
+ *Darwin*)
+ EXE=""
+ export DYLD_LIBRARY_PATH=$CRYPTO_LIBDIR
+ ;;
+esac
+
+RTPW=./rtpw$EXE
+DEST_PORT=9999
+DURATION=3
+
+# First, we run "killall" to get rid of all existing rtpw processes.
+# This step also enables this script to clean up after itself; if this
+# script is interrupted after the rtpw processes are started but before
+# they are killed, those processes will linger. Re-running the script
+# will get rid of them.
+
+killall rtpw 2>/dev/null
+
+if test -x $RTPW; then
+
+GCMARGS128="-k 01234567890123456789012345678901234567890123456789012345 -g -e 128"
+echo $0 ": starting GCM mode 128-bit rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS128 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting GCM 128-bit rtpw sender process..."
+
+exec $RTPW $* $GCMARGS128 -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+GCMARGS128="-k 01234567890123456789012345678901234567890123456789012345 -g -t 16 -e 128"
+echo $0 ": starting GCM mode 128-bit (16 byte tag) rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS128 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting GCM 128-bit (16 byte tag) rtpw sender process..."
+
+exec $RTPW $* $GCMARGS128 -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+
+GCMARGS256="-k 0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 -g -e 256"
+echo $0 ": starting GCM mode 256-bit rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS256 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting GCM 256-bit rtpw sender process..."
+
+exec $RTPW $* $GCMARGS256 -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+GCMARGS256="-k a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 -g -t 16 -e 256"
+echo $0 ": starting GCM mode 256-bit (16 byte tag) rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS256 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting GCM 256-bit (16 byte tag) rtpw sender process..."
+
+exec $RTPW $* $GCMARGS256 -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+echo $0 ": done (test passed)"
+
+else
+
+echo "error: can't find executable" $RTPW
+exit 1
+
+fi
+
+# EOF
+
+
diff --git a/test/sha1_driver.c b/test/sha1_driver.c
deleted file mode 100644
index d9bfa8b..0000000
--- a/test/sha1_driver.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * sha1_driver.c
- *
- * a test driver for SHA-1
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2005, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <stdio.h>
-#include "sha1.h"
-
-int
-hmac_sha1_test();
-
-int
-main () {
- uint32_t hash_value[5];
- octet_t msg_ref[3] = { 0x61, 0x62, 0x63 };
- octet_t hash_ref[20] = {
- 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
- 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
- 0x9c, 0xd0, 0xd8, 0x9d
- };
- octet_t msg_ref2[56] = {
- 0x61, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65,
- 0x63, 0x64, 0x65, 0x66, 0x64, 0x65, 0x66, 0x67,
- 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69,
- 0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b,
- 0x69, 0x6a, 0x6b, 0x6c, 0x6a, 0x6b, 0x6c, 0x6d,
- 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f,
- 0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71
- };
- octet_t hash_ref2[20] = {
- 0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e,
- 0xba, 0xae, 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5,
- 0xe5, 0x46, 0x70, 0xf1
- };
- sha1_ctx_t ctx;
-
- printf("sha1 test driver\n"
- "David A. McGrew\n"
- "Cisco Systems, Inc.\n");
-
- sha1_init(&ctx);
- sha1_update(&ctx, msg_ref, 3);
- sha1_final(&ctx, hash_value);
- printf("reference value: %s\n",
- octet_string_hex_string((octet_t *)hash_ref, 20));
- printf("computed value: %s\n",
- octet_string_hex_string((octet_t *)hash_value, 20));
-
- sha1_init(&ctx);
- sha1_update(&ctx, msg_ref2, 56);
- sha1_final(&ctx, hash_value);
- printf("reference value: %s\n",
- octet_string_hex_string((octet_t *)hash_ref2, 20));
- printf("computed value: %s\n",
- octet_string_hex_string((octet_t *)hash_value, 20));
-
- return 0;
-}
diff --git a/test/srtp_driver.c b/test/srtp_driver.c
index a8a14e7..1335540 100644
--- a/test/srtp_driver.c
+++ b/test/srtp_driver.c
@@ -1,32 +1,32 @@
/*
* srtp_driver.c
- *
+ *
* a test driver for libSRTP
*
* David A. McGrew
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright (c) 2001-2005, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -42,65 +42,142 @@
*
*/
-
#include <string.h> /* for memcpy() */
#include <time.h> /* for clock() */
#include <stdlib.h> /* for malloc(), free() */
#include <stdio.h> /* for print(), fflush() */
-#include <unistd.h> /* for getopt() */
+#include "getopt_s.h" /* for local getopt() */
+
+#include "srtp_priv.h"
+#include "util.h"
-#include "srtp.h"
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#elif defined HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif
#define PRINT_REFERENCE_PACKET 1
-err_status_t
-srtp_validate();
+srtp_err_status_t srtp_validate(void);
+
+#ifdef GCM
+srtp_err_status_t srtp_validate_gcm(void);
+#endif
+
+srtp_err_status_t srtp_validate_encrypted_extensions_headers(void);
+
+#ifdef GCM
+srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void);
+#endif
+
+srtp_err_status_t srtp_validate_aes_256(void);
+
+srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list);
+
+srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list);
+
+srtp_err_status_t srtp_test_empty_payload(void);
+
+#ifdef GCM
+srtp_err_status_t srtp_test_empty_payload_gcm(void);
+#endif
+
+srtp_err_status_t srtp_test_remove_stream(void);
+
+srtp_err_status_t srtp_test_update(void);
+
+srtp_err_status_t srtp_test_protect_trailer_length(void);
+
+srtp_err_status_t srtp_test_protect_rtcp_trailer_length(void);
-err_status_t
-srtp_create_big_policy(srtp_policy_t **list);
+srtp_err_status_t srtp_test_get_roc(void);
-err_status_t
-srtp_test_remove_stream();
+srtp_err_status_t srtp_test_set_receiver_roc(void);
-double
-srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy);
+srtp_err_status_t srtp_test_set_sender_roc(void);
-double
-srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy);
+double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy);
-void
-srtp_do_timing(const srtp_policy_t *policy);
+double srtp_rejections_per_second(int msg_len_octets,
+ const srtp_policy_t *policy);
-void
-srtp_do_rejection_timing(const srtp_policy_t *policy);
+void srtp_do_timing(const srtp_policy_t *policy);
-err_status_t
-srtp_test();
+void srtp_do_rejection_timing(const srtp_policy_t *policy);
-err_status_t
-srtp_session_print_policy(srtp_t srtp);
+srtp_err_status_t srtp_test(const srtp_policy_t *policy,
+ int extension_header,
+ int mki_index);
-err_status_t
-srtp_print_policy(const srtp_policy_t *policy);
+srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index);
-char *
-srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len);
+srtp_err_status_t srtp_session_print_policy(srtp_t srtp);
-double
-mips_estimate(int num_trials, int *ignore);
+srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy);
-extern octet_t test_key[30];
+char *srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len);
-void
-usage(char *prog_name) {
- printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n"
- " -t run timing test\n"
- " -r run rejection timing test\n"
- " -c run codec timing test\n"
- " -v run validation tests\n"
- " -d <mod> turn on debugging module <mod>\n"
- " -l list debugging modules\n", prog_name);
- exit(1);
+double mips_estimate(int num_trials, int *ignore);
+
+#define TEST_MKI_ID_SIZE 4
+
+extern uint8_t test_key[46];
+extern uint8_t test_key_2[46];
+extern uint8_t test_mki_id[TEST_MKI_ID_SIZE];
+extern uint8_t test_mki_id_2[TEST_MKI_ID_SIZE];
+
+// clang-format off
+srtp_master_key_t master_key_1 = {
+ test_key,
+ test_mki_id,
+ TEST_MKI_ID_SIZE
+};
+
+srtp_master_key_t master_key_2 = {
+ test_key_2,
+ test_mki_id_2,
+ TEST_MKI_ID_SIZE
+};
+
+srtp_master_key_t *test_keys[2] = {
+ &master_key_1,
+ &master_key_2
+};
+// clang-format on
+
+void usage(char *prog_name)
+{
+ printf("usage: %s [ -t ][ -c ][ -v ][ -o ][-d <debug_module> ]* [ -l ]\n"
+ " -t run timing test\n"
+ " -r run rejection timing test\n"
+ " -c run codec timing test\n"
+ " -v run validation tests\n"
+ " -o output logging to stdout\n"
+ " -d <mod> turn on debugging module <mod>\n"
+ " -l list debugging modules\n",
+ prog_name);
+ exit(1);
+}
+
+void log_handler(srtp_log_level_t level, const char *msg, void *data)
+{
+ char level_char = '?';
+ switch (level) {
+ case srtp_log_level_error:
+ level_char = 'e';
+ break;
+ case srtp_log_level_warning:
+ level_char = 'w';
+ break;
+ case srtp_log_level_info:
+ level_char = 'i';
+ break;
+ case srtp_log_level_debug:
+ level_char = 'd';
+ break;
+ }
+ printf("SRTP-LOG [%c]: %s\n", level_char, msg);
}
/*
@@ -110,7 +187,6 @@ usage(char *prog_name) {
extern const srtp_policy_t *policy_array[];
-
/* the wildcard_policy is declared below; it has a wildcard ssrc */
extern const srtp_policy_t wildcard_policy;
@@ -118,221 +194,444 @@ extern const srtp_policy_t wildcard_policy;
/*
* mod_driver debug module - debugging module for this test driver
*
- * we use the crypto_kernel debugging system in this driver, which
+ * we use the crypto_kernel debugging system in this driver, which
* makes the interface uniform and increases portability
- */
+ */
-debug_module_t mod_driver = {
- 0, /* debugging is off by default */
- "driver" /* printable name for module */
+srtp_debug_module_t mod_driver = {
+ 0, /* debugging is off by default */
+ "driver" /* printable name for module */
};
-int
-main (int argc, char *argv[]) {
- char q;
- unsigned do_timing_test = 0;
- unsigned do_rejection_test = 0;
- unsigned do_codec_timing = 0;
- unsigned do_validation = 0;
- unsigned do_list_mods = 0;
- err_status_t status;
-
- /*
- * verify that the compiler has interpreted the header data
- * structure srtp_hdr_t correctly
- */
- if (sizeof(srtp_hdr_t) != 12) {
- printf("error: srtp_hdr_t has incorrect size\n");
- exit(1);
- }
-
- /* initialize srtp library */
- status = srtp_init();
- if (status) {
- printf("error: srtp init failed with error code %d\n", status);
- exit(1);
- }
-
- /* load srtp_driver debug module */
- status = crypto_kernel_load_debug_module(&mod_driver);
- if (status) {
- printf("error: load of srtp_driver debug module failed "
- "with error code %d\n", status);
- exit(1);
- }
-
- /* process input arguments */
- while (1) {
- q = getopt(argc, argv, "trcvld:");
- if (q == -1)
- break;
- switch (q) {
- case 't':
- do_timing_test = 1;
- break;
- case 'r':
- do_rejection_test = 1;
- break;
- case 'c':
- do_codec_timing = 1;
- break;
- case 'v':
- do_validation = 1;
- break;
- case 'l':
- do_list_mods = 1;
- break;
- case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
- if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
- exit(1);
- }
- break;
- default:
- usage(argv[0]);
- }
- }
-
- if (!do_validation && !do_timing_test && !do_codec_timing
- && !do_list_mods && !do_rejection_test)
- usage(argv[0]);
-
- if (do_list_mods) {
- status = crypto_kernel_list_debug_modules();
- if (status) {
- printf("error: list of debug modules failed\n");
- exit(1);
- }
- }
-
- if (do_validation) {
- const srtp_policy_t **policy = policy_array;
- srtp_policy_t *big_policy;
-
- /* loop over policy array, testing srtp for each policy */
- while (*policy != NULL) {
- printf("testing srtp_protect and srtp_unprotect\n");
- if (srtp_test(*policy) == err_status_ok)
- printf("passed\n\n");
- else {
- printf("failed\n");
- exit(1);
- }
- policy++;
- }
-
- /* create a big policy list and run tests on it */
- status = srtp_create_big_policy(&big_policy);
- if (status) {
- printf("unexpected failure with error code %d\n", status);
- exit(1);
- }
- printf("testing srtp_protect and srtp_unprotect with big policy\n");
- if (srtp_test(big_policy) == err_status_ok)
- printf("passed\n\n");
- else {
- printf("failed\n");
- exit(1);
- }
-
- /* run test on wildcard policy */
- printf("testing srtp_protect and srtp_unprotect on "
- "wildcard ssrc policy\n");
- if (srtp_test(&wildcard_policy) == err_status_ok)
- printf("passed\n\n");
- else {
- printf("failed\n");
- exit(1);
- }
+int main(int argc, char *argv[])
+{
+ int q;
+ unsigned do_timing_test = 0;
+ unsigned do_rejection_test = 0;
+ unsigned do_codec_timing = 0;
+ unsigned do_validation = 0;
+ unsigned do_list_mods = 0;
+ unsigned do_log_stdout = 0;
+ srtp_err_status_t status;
/*
- * run validation test against the reference packets - note
- * that this test only covers the default policy
+ * verify that the compiler has interpreted the header data
+ * structure srtp_hdr_t correctly
*/
- printf("testing srtp_protect and srtp_unprotect against "
- "reference packets\n");
- if (srtp_validate() == err_status_ok)
- printf("passed\n\n");
- else {
- printf("failed\n");
- exit(1);
+ if (sizeof(srtp_hdr_t) != 12) {
+ printf("error: srtp_hdr_t has incorrect size"
+ "(size is %ld bytes, expected 12)\n",
+ (long)sizeof(srtp_hdr_t));
+ exit(1);
}
- /*
- * test the function srtp_remove_stream()
- */
- printf("testing srtp_remove_stream()...");
- if (srtp_test_remove_stream() == err_status_ok)
- printf("passed\n");
- else {
- printf("failed\n");
- exit(1);
- }
- }
-
- if (do_timing_test) {
- const srtp_policy_t **policy = policy_array;
-
- /* loop over policies, run timing test for each */
- while (*policy != NULL) {
- srtp_print_policy(*policy);
- srtp_do_timing(*policy);
- policy++;
- }
- }
-
- if (do_rejection_test) {
- const srtp_policy_t **policy = policy_array;
-
- /* loop over policies, run rejection timing test for each */
- while (*policy != NULL) {
- srtp_print_policy(*policy);
- srtp_do_rejection_timing(*policy);
- policy++;
- }
- }
-
- if (do_codec_timing) {
- srtp_policy_t policy;
- int ignore;
- double mips = mips_estimate(1000000000, &ignore);
-
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- policy.ssrc.type = ssrc_specific;
- policy.ssrc.value = 0xdecafbad;
- policy.key = test_key;
- policy.next = NULL;
+ /* initialize srtp library */
+ status = srtp_init();
+ if (status) {
+ printf("error: srtp init failed with error code %d\n", status);
+ exit(1);
+ }
- printf("mips estimate: %e\n", mips);
-
- printf("testing srtp processing time for voice codecs:\n");
- printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
- printf("G.711\t\t%d\t\t\t%e\n", 80,
- (double) mips * (80 * 8) /
- srtp_bits_per_second(80, &policy) / .01 );
- printf("G.711\t\t%d\t\t\t%e\n", 160,
- (double) mips * (160 * 8) /
- srtp_bits_per_second(160, &policy) / .02);
- printf("G.726-32\t%d\t\t\t%e\n", 40,
- (double) mips * (40 * 8) /
- srtp_bits_per_second(40, &policy) / .01 );
- printf("G.726-32\t%d\t\t\t%e\n", 80,
- (double) mips * (80 * 8) /
- srtp_bits_per_second(80, &policy) / .02);
- printf("G.729\t\t%d\t\t\t%e\n", 10,
- (double) mips * (10 * 8) /
- srtp_bits_per_second(10, &policy) / .01 );
- printf("G.729\t\t%d\t\t\t%e\n", 20,
- (double) mips * (20 * 8) /
- srtp_bits_per_second(20, &policy) / .02 );
- }
-
- return 0;
-}
+ /* load srtp_driver debug module */
+ status = srtp_crypto_kernel_load_debug_module(&mod_driver);
+ if (status) {
+ printf("error: load of srtp_driver debug module failed "
+ "with error code %d\n",
+ status);
+ exit(1);
+ }
+
+ /* process input arguments */
+ while (1) {
+ q = getopt_s(argc, argv, "trcvold:");
+ if (q == -1) {
+ break;
+ }
+ switch (q) {
+ case 't':
+ do_timing_test = 1;
+ break;
+ case 'r':
+ do_rejection_test = 1;
+ break;
+ case 'c':
+ do_codec_timing = 1;
+ break;
+ case 'v':
+ do_validation = 1;
+ break;
+ case 'o':
+ do_log_stdout = 1;
+ break;
+ case 'l':
+ do_list_mods = 1;
+ break;
+ case 'd':
+ status = srtp_set_debug_module(optarg_s, 1);
+ if (status) {
+ printf("error: set debug module (%s) failed\n", optarg_s);
+ exit(1);
+ }
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (!do_validation && !do_timing_test && !do_codec_timing &&
+ !do_list_mods && !do_rejection_test) {
+ usage(argv[0]);
+ }
+
+ if (do_log_stdout) {
+ status = srtp_install_log_handler(log_handler, NULL);
+ if (status) {
+ printf("error: install log handler failed\n");
+ exit(1);
+ }
+ }
+
+ if (do_list_mods) {
+ status = srtp_list_debug_modules();
+ if (status) {
+ printf("error: list of debug modules failed\n");
+ exit(1);
+ }
+ }
+
+ if (do_validation) {
+ const srtp_policy_t **policy = policy_array;
+ srtp_policy_t *big_policy;
+
+ /* loop over policy array, testing srtp and srtcp for each policy */
+ while (*policy != NULL) {
+ printf("testing srtp_protect and srtp_unprotect\n");
+ if (srtp_test(*policy, 0, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_protect and srtp_unprotect with encrypted "
+ "extensions headers\n");
+ if (srtp_test(*policy, 1, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
+ if (srtcp_test(*policy, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI "
+ "index set to 0\n");
+ if (srtp_test(*policy, 0, 0) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI "
+ "index set to 1\n");
+ if (srtp_test(*policy, 0, 1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI "
+ "index set to 0\n");
+ if (srtcp_test(*policy, 0) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI "
+ "index set to 1\n");
+ if (srtcp_test(*policy, 1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+ policy++;
+ }
+
+ /* create a big policy list and run tests on it */
+ status = srtp_create_big_policy(&big_policy);
+ if (status) {
+ printf("unexpected failure with error code %d\n", status);
+ exit(1);
+ }
+ printf("testing srtp_protect and srtp_unprotect with big policy\n");
+ if (srtp_test(big_policy, 0, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect and srtp_unprotect with big policy and "
+ "encrypted extensions headers\n");
+ if (srtp_test(big_policy, 1, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+ status = srtp_dealloc_big_policy(big_policy);
+ if (status) {
+ printf("unexpected failure with error code %d\n", status);
+ exit(1);
+ }
+
+ /* run test on wildcard policy */
+ printf("testing srtp_protect and srtp_unprotect on "
+ "wildcard ssrc policy\n");
+ if (srtp_test(&wildcard_policy, 0, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect and srtp_unprotect on "
+ "wildcard ssrc policy and encrypted extensions headers\n");
+ if (srtp_test(&wildcard_policy, 1, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ /*
+ * run validation test against the reference packets - note
+ * that this test only covers the default policy
+ */
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packet\n");
+ if (srtp_validate() == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+#ifdef GCM
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packet using GCM\n");
+ if (srtp_validate_gcm() == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+#endif
+
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packet with encrypted extensions headers\n");
+ if (srtp_validate_encrypted_extensions_headers() == srtp_err_status_ok)
+ printf("passed\n\n");
+ else {
+ printf("failed\n");
+ exit(1);
+ }
+
+#ifdef GCM
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packet with encrypted extension headers (GCM)\n");
+ if (srtp_validate_encrypted_extensions_headers_gcm() ==
+ srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+#endif
+
+ /*
+ * run validation test against the reference packets for
+ * AES-256
+ */
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packet (AES-256)\n");
+ if (srtp_validate_aes_256() == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ /*
+ * test packets with empty payload
+ */
+ printf("testing srtp_protect and srtp_unprotect against "
+ "packet with empty payload\n");
+ if (srtp_test_empty_payload() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+#ifdef GCM
+ printf("testing srtp_protect and srtp_unprotect against "
+ "packet with empty payload (GCM)\n");
+ if (srtp_test_empty_payload_gcm() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+#endif
+
+ /*
+ * test the function srtp_remove_stream()
+ */
+ printf("testing srtp_remove_stream()...");
+ if (srtp_test_remove_stream() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ /*
+ * test the function srtp_update()
+ */
+ printf("testing srtp_update()...");
+ if (srtp_test_update() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ /*
+ * test the functions srtp_get_protect_trailer_length
+ * and srtp_get_protect_rtcp_trailer_length
+ */
+ printf("testing srtp_get_protect_trailer_length()...");
+ if (srtp_test_protect_trailer_length() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_get_protect_rtcp_trailer_length()...");
+ if (srtp_test_protect_rtcp_trailer_length() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_test_get_roc()...");
+ if (srtp_test_get_roc() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_test_set_receiver_roc()...");
+ if (srtp_test_set_receiver_roc() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_test_set_sender_roc()...");
+ if (srtp_test_set_sender_roc() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+ }
+
+ if (do_timing_test) {
+ const srtp_policy_t **policy = policy_array;
+
+ /* loop over policies, run timing test for each */
+ while (*policy != NULL) {
+ srtp_print_policy(*policy);
+ srtp_do_timing(*policy);
+ policy++;
+ }
+ }
+
+ if (do_rejection_test) {
+ const srtp_policy_t **policy = policy_array;
+
+ /* loop over policies, run rejection timing test for each */
+ while (*policy != NULL) {
+ srtp_print_policy(*policy);
+ srtp_do_rejection_timing(*policy);
+ policy++;
+ }
+ }
+
+ if (do_codec_timing) {
+ srtp_policy_t policy;
+ int ignore;
+ double mips_value = mips_estimate(1000000000, &ignore);
+
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xdecafbad;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ printf("mips estimate: %e\n", mips_value);
+
+ printf("testing srtp processing time for voice codecs:\n");
+ printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
+ printf("G.711\t\t%d\t\t\t%e\n", 80,
+ (double)mips_value * (80 * 8) /
+ srtp_bits_per_second(80, &policy) / .01);
+ printf("G.711\t\t%d\t\t\t%e\n", 160,
+ (double)mips_value * (160 * 8) /
+ srtp_bits_per_second(160, &policy) / .02);
+ printf("G.726-32\t%d\t\t\t%e\n", 40,
+ (double)mips_value * (40 * 8) /
+ srtp_bits_per_second(40, &policy) / .01);
+ printf("G.726-32\t%d\t\t\t%e\n", 80,
+ (double)mips_value * (80 * 8) /
+ srtp_bits_per_second(80, &policy) / .02);
+ printf("G.729\t\t%d\t\t\t%e\n", 10,
+ (double)mips_value * (10 * 8) /
+ srtp_bits_per_second(10, &policy) / .01);
+ printf("G.729\t\t%d\t\t\t%e\n", 20,
+ (double)mips_value * (20 * 8) /
+ srtp_bits_per_second(20, &policy) / .02);
+ printf("Wideband\t%d\t\t\t%e\n", 320,
+ (double)mips_value * (320 * 8) /
+ srtp_bits_per_second(320, &policy) / .01);
+ printf("Wideband\t%d\t\t\t%e\n", 640,
+ (double)mips_value * (640 * 8) /
+ srtp_bits_per_second(640, &policy) / .02);
+ }
+ status = srtp_shutdown();
+ if (status) {
+ printf("error: srtp shutdown failed with error code %d\n", status);
+ exit(1);
+ }
+ return 0;
+}
/*
* srtp_create_test_packet(len, ssrc) returns a pointer to a
@@ -347,470 +646,905 @@ main (int argc, char *argv[]) {
* deallocated with the free() call once it is no longer needed.
*/
-srtp_hdr_t *
-srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) {
- int i;
- octet_t *buffer;
- srtp_hdr_t *hdr;
- int bytes_in_hdr = 12;
-
- /* allocate memory for test packet */
- hdr = malloc(pkt_octet_len + bytes_in_hdr
- + SRTP_MAX_TRAILER_LEN + 4);
- if (!hdr)
- return NULL;
-
- hdr->version = 2; /* RTP version two */
- hdr->p = 0; /* no padding needed */
- hdr->x = 0; /* no header extension */
- hdr->cc = 0; /* no CSRCs */
- hdr->m = 0; /* marker bit */
- hdr->pt = 0xf; /* payload type */
- hdr->seq = htons(0x1234); /* sequence number */
- hdr->ts = htonl(0xdecafbad); /* timestamp */
- hdr->ssrc = htonl(ssrc); /* synch. source */
-
- buffer = (octet_t *)hdr;
- buffer += bytes_in_hdr;
-
- /* set RTP data to 0xab */
- for (i=0; i < pkt_octet_len; i++)
- *buffer++ = 0xab;
-
- /* set post-data value to 0xffff to enable overrun checking */
- for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++)
- *buffer++ = 0xff;
-
- return hdr;
+srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len,
+ uint32_t ssrc,
+ int *pkt_len)
+{
+ int i;
+ uint8_t *buffer;
+ srtp_hdr_t *hdr;
+ int bytes_in_hdr = 12;
+
+ /* allocate memory for test packet */
+ hdr = (srtp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr +
+ SRTP_MAX_TRAILER_LEN + 4);
+ if (!hdr) {
+ return NULL;
+ }
+
+ hdr->version = 2; /* RTP version two */
+ hdr->p = 0; /* no padding needed */
+ hdr->x = 0; /* no header extension */
+ hdr->cc = 0; /* no CSRCs */
+ hdr->m = 0; /* marker bit */
+ hdr->pt = 0xf; /* payload type */
+ hdr->seq = htons(0x1234); /* sequence number */
+ hdr->ts = htonl(0xdecafbad); /* timestamp */
+ hdr->ssrc = htonl(ssrc); /* synch. source */
+
+ buffer = (uint8_t *)hdr;
+ buffer += bytes_in_hdr;
+
+ /* set RTP data to 0xab */
+ for (i = 0; i < pkt_octet_len; i++) {
+ *buffer++ = 0xab;
+ }
+
+ /* set post-data value to 0xffff to enable overrun checking */
+ for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) {
+ *buffer++ = 0xff;
+ }
+
+ *pkt_len = bytes_in_hdr + pkt_octet_len;
+
+ return hdr;
}
-void
-srtp_do_timing(const srtp_policy_t *policy) {
- int len;
-
- /*
- * note: the output of this function is formatted so that it
- * can be used in gnuplot. '#' indicates a comment, and "\r\n"
- * terminates a record
- */
-
- printf("# testing srtp throughput:\r\n");
- printf("# mesg length (octets)\tthroughput (megabits per second)\r\n");
-
- for (len=16; len <= 2048; len *= 2)
- printf("%d\t\t\t%f\r\n", len,
- srtp_bits_per_second(len, policy) / 1.0E6);
-
- /* these extra linefeeds let gnuplot know that a dataset is done */
- printf("\r\n\r\n");
+static srtp_hdr_t *srtp_create_test_packet_extended(int pkt_octet_len,
+ uint32_t ssrc,
+ uint16_t seq,
+ uint32_t ts,
+ int *pkt_len)
+{
+ srtp_hdr_t *hdr;
+
+ hdr = srtp_create_test_packet(pkt_octet_len, ssrc, pkt_len);
+ if (hdr == NULL)
+ return hdr;
+
+ hdr->seq = htons(seq);
+ hdr->ts = htonl(ts);
+ return hdr;
+}
+srtp_hdr_t *srtp_create_test_packet_ext_hdr(int pkt_octet_len,
+ uint32_t ssrc,
+ int *pkt_len)
+{
+ int i;
+ uint8_t *buffer;
+ srtp_hdr_t *hdr;
+ int bytes_in_hdr = 12;
+ uint8_t extension_header[12] = { /* one-byte header */
+ 0xbe, 0xde,
+ /* size */
+ 0x00, 0x02,
+ /* id 1, length 1 (i.e. 2 bytes) */
+ 0x11,
+ /* payload */
+ 0xca, 0xfe,
+ /* padding */
+ 0x00,
+ /* id 2, length 0 (i.e. 1 byte) */
+ 0x20,
+ /* payload */
+ 0xba,
+ /* padding */
+ 0x00, 0x00
+ };
+
+ /* allocate memory for test packet */
+ hdr = (srtp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr +
+ sizeof(extension_header) + SRTP_MAX_TRAILER_LEN +
+ 4);
+ if (!hdr)
+ return NULL;
+
+ hdr->version = 2; /* RTP version two */
+ hdr->p = 0; /* no padding needed */
+ hdr->x = 1; /* no header extension */
+ hdr->cc = 0; /* no CSRCs */
+ hdr->m = 0; /* marker bit */
+ hdr->pt = 0xf; /* payload type */
+ hdr->seq = htons(0x1234); /* sequence number */
+ hdr->ts = htonl(0xdecafbad); /* timestamp */
+ hdr->ssrc = htonl(ssrc); /* synch. source */
+
+ buffer = (uint8_t *)hdr;
+ buffer += bytes_in_hdr;
+
+ memcpy(buffer, extension_header, sizeof(extension_header));
+ buffer += sizeof(extension_header);
+
+ /* set RTP data to 0xab */
+ for (i = 0; i < pkt_octet_len; i++)
+ *buffer++ = 0xab;
+
+ /* set post-data value to 0xffff to enable overrun checking */
+ for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++)
+ *buffer++ = 0xff;
+
+ *pkt_len = bytes_in_hdr + sizeof(extension_header) + pkt_octet_len;
+
+ return hdr;
}
-void
-srtp_do_rejection_timing(const srtp_policy_t *policy) {
- int len;
-
- /*
- * note: the output of this function is formatted so that it
- * can be used in gnuplot. '#' indicates a comment, and "\r\n"
- * terminates a record
- */
-
- printf("# testing srtp rejection throughput:\r\n");
- printf("# mesg length (octets)\trejections per second\r\n");
-
- for (len=8; len <= 2048; len *= 2)
- printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy));
-
- /* these extra linefeeds let gnuplot know that a dataset is done */
- printf("\r\n\r\n");
+void srtp_do_timing(const srtp_policy_t *policy)
+{
+ int len;
+
+ /*
+ * note: the output of this function is formatted so that it
+ * can be used in gnuplot. '#' indicates a comment, and "\r\n"
+ * terminates a record
+ */
+
+ printf("# testing srtp throughput:\r\n");
+ printf("# mesg length (octets)\tthroughput (megabits per second)\r\n");
+
+ for (len = 16; len <= 2048; len *= 2) {
+ printf("%d\t\t\t%f\r\n", len,
+ srtp_bits_per_second(len, policy) / 1.0E6);
+ }
+ /* these extra linefeeds let gnuplot know that a dataset is done */
+ printf("\r\n\r\n");
}
+void srtp_do_rejection_timing(const srtp_policy_t *policy)
+{
+ int len;
+
+ /*
+ * note: the output of this function is formatted so that it
+ * can be used in gnuplot. '#' indicates a comment, and "\r\n"
+ * terminates a record
+ */
+
+ printf("# testing srtp rejection throughput:\r\n");
+ printf("# mesg length (octets)\trejections per second\r\n");
+
+ for (len = 8; len <= 2048; len *= 2) {
+ printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy));
+ }
+
+ /* these extra linefeeds let gnuplot know that a dataset is done */
+ printf("\r\n\r\n");
+}
#define MAX_MSG_LEN 1024
-double
-srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) {
- srtp_t srtp;
- srtp_hdr_t *mesg;
- int i;
- clock_t timer;
- int num_trials = 100000;
- int len;
- uint32_t ssrc;
- err_status_t status;
-
- /*
- * allocate and initialize an srtp session
- */
- status = srtp_create(&srtp, policy);
- if (status) {
- printf("error: srtp_create() failed with error code %d\n", status);
- exit(1);
- }
-
- /*
- * if the ssrc is unspecified, use a predetermined one
- */
- if (policy->ssrc.type != ssrc_specific) {
- ssrc = 0xdeadbeef;
- } else {
- ssrc = policy->ssrc.value;
- }
-
- /*
- * create a test packet
- */
- mesg = srtp_create_test_packet(msg_len_octets, ssrc);
- if (mesg == NULL)
- return 0.0; /* indicate failure by returning zero */
-
- timer = clock();
- for (i=0; i < num_trials; i++) {
- err_status_t status;
- len = msg_len_octets;
-
- /* srtp protect message */
- status = srtp_protect(srtp, mesg, &len);
- if (status) {
- printf("error: srtp_protect() failed with error code %d\n", status);
- exit(1);
- }
-
- /* increment message number */
- mesg->seq = htons(ntohs(mesg->seq) + 1);
-
- }
- timer = clock() - timer;
-
- free(mesg);
-
- return (double) (msg_len_octets) * 8 *
- num_trials * CLOCKS_PER_SEC / timer;
+double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy)
+{
+ srtp_t srtp;
+ srtp_hdr_t *mesg;
+ int i;
+ clock_t timer;
+ int num_trials = 100000;
+ int input_len, len;
+ uint32_t ssrc;
+ srtp_err_status_t status;
+
+ /*
+ * allocate and initialize an srtp session
+ */
+ status = srtp_create(&srtp, policy);
+ if (status) {
+ printf("error: srtp_create() failed with error code %d\n", status);
+ exit(1);
+ }
+
+ /*
+ * if the ssrc is unspecified, use a predetermined one
+ */
+ if (policy->ssrc.type != ssrc_specific) {
+ ssrc = 0xdeadbeef;
+ } else {
+ ssrc = policy->ssrc.value;
+ }
+
+ /*
+ * create a test packet
+ */
+ mesg = srtp_create_test_packet(msg_len_octets, ssrc, &input_len);
+ if (mesg == NULL) {
+ return 0.0; /* indicate failure by returning zero */
+ }
+ timer = clock();
+ for (i = 0; i < num_trials; i++) {
+ len = input_len;
+ /* srtp protect message */
+ status = srtp_protect(srtp, mesg, &len);
+ if (status) {
+ printf("error: srtp_protect() failed with error code %d\n", status);
+ exit(1);
+ }
+
+ /* increment message number */
+ {
+ /* hack sequence to avoid problems with macros for htons/ntohs on
+ * some systems */
+ short new_seq = ntohs(mesg->seq) + 1;
+ mesg->seq = htons(new_seq);
+ }
+ }
+ timer = clock() - timer;
+
+ free(mesg);
+
+ status = srtp_dealloc(srtp);
+ if (status) {
+ printf("error: srtp_dealloc() failed with error code %d\n", status);
+ exit(1);
+ }
+
+ return (double)(msg_len_octets)*8 * num_trials * CLOCKS_PER_SEC / timer;
+}
+
+double srtp_rejections_per_second(int msg_len_octets,
+ const srtp_policy_t *policy)
+{
+ srtp_ctx_t *srtp;
+ srtp_hdr_t *mesg;
+ int i;
+ int len;
+ clock_t timer;
+ int num_trials = 1000000;
+ uint32_t ssrc = policy->ssrc.value;
+ srtp_err_status_t status;
+
+ /*
+ * allocate and initialize an srtp session
+ */
+ status = srtp_create(&srtp, policy);
+ if (status) {
+ printf("error: srtp_create() failed with error code %d\n", status);
+ exit(1);
+ }
+
+ mesg = srtp_create_test_packet(msg_len_octets, ssrc, &len);
+ if (mesg == NULL) {
+ return 0.0; /* indicate failure by returning zero */
+ }
+ srtp_protect(srtp, (srtp_hdr_t *)mesg, &len);
+
+ timer = clock();
+ for (i = 0; i < num_trials; i++) {
+ len = msg_len_octets;
+ srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len);
+ }
+ timer = clock() - timer;
+
+ free(mesg);
+
+ status = srtp_dealloc(srtp);
+ if (status) {
+ printf("error: srtp_dealloc() failed with error code %d\n", status);
+ exit(1);
+ }
+
+ return (double)num_trials * CLOCKS_PER_SEC / timer;
}
-double
-srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy) {
- srtp_ctx_t *srtp;
- srtp_hdr_t *mesg;
- int i;
- int len;
- clock_t timer;
- int num_trials = 1000000;
- uint32_t ssrc = policy->ssrc.value;
- err_status_t status;
-
- /*
- * allocate and initialize an srtp session
- */
- status = srtp_create(&srtp, policy);
- if (status) {
- printf("error: srtp_create() failed with error code %d\n", status);
+void err_check(srtp_err_status_t s)
+{
+ if (s == srtp_err_status_ok) {
+ return;
+ } else {
+ fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
+ }
exit(1);
- }
-
- mesg = srtp_create_test_packet(msg_len_octets, ssrc);
- if (mesg == NULL)
- return 0.0; /* indicate failure by returning zero */
-
- len = msg_len_octets;
- srtp_protect(srtp, (srtp_hdr_t *)mesg, &len);
-
- timer = clock();
- for (i=0; i < num_trials; i++) {
- len = msg_len_octets;
- srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len);
- }
- timer = clock() - timer;
-
- free(mesg);
-
- return (double) num_trials * CLOCKS_PER_SEC / timer;
}
+srtp_err_status_t srtp_test_call_protect(srtp_t srtp_sender,
+ srtp_hdr_t *hdr,
+ int *len,
+ int mki_index)
+{
+ if (mki_index == -1) {
+ return srtp_protect(srtp_sender, hdr, len);
+ } else {
+ return srtp_protect_mki(srtp_sender, hdr, len, 1, mki_index);
+ }
+}
-void
-err_check(err_status_t s) {
- if (s == err_status_ok)
- return;
- else
- fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
- exit (1);
+srtp_err_status_t srtp_test_call_protect_rtcp(srtp_t srtp_sender,
+ srtp_hdr_t *hdr,
+ int *len,
+ int mki_index)
+{
+ if (mki_index == -1) {
+ return srtp_protect_rtcp(srtp_sender, hdr, len);
+ } else {
+ return srtp_protect_rtcp_mki(srtp_sender, hdr, len, 1, mki_index);
+ }
}
-err_status_t
-srtp_test(const srtp_policy_t *policy) {
- int i;
- srtp_t srtp_sender;
- srtp_t srtp_rcvr;
- err_status_t status = err_status_ok;
- srtp_hdr_t *hdr, *hdr2;
- octet_t *pkt_end;
- int msg_len_octets;
- int len;
- int tag_length = policy->rtp.auth_tag_len;
- uint32_t ssrc;
- srtp_policy_t *rcvr_policy;
-
- err_check(srtp_create(&srtp_sender, policy));
-
- /* print out policy */
- err_check(srtp_session_print_policy(srtp_sender));
-
- /*
- * initialize data buffer, using the ssrc in the policy unless that
- * value is a wildcard, in which case we'll just use an arbitrary
- * one
- */
- if (policy->ssrc.type != ssrc_specific)
- ssrc = 0xdecafbad;
- else
- ssrc = policy->ssrc.value;
- msg_len_octets = 28;
- hdr = srtp_create_test_packet(msg_len_octets, ssrc);
-
- if (hdr == NULL)
- return err_status_alloc_fail;
- hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
- if (hdr2 == NULL) {
- free(hdr);
- return err_status_alloc_fail;
- }
+srtp_err_status_t srtp_test_call_unprotect(srtp_t srtp_sender,
+ srtp_hdr_t *hdr,
+ int *len,
+ int use_mki)
+{
+ if (use_mki == -1) {
+ return srtp_unprotect(srtp_sender, hdr, len);
+ } else {
+ return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki);
+ }
+}
+
+srtp_err_status_t srtp_test_call_unprotect_rtcp(srtp_t srtp_sender,
+ srtp_hdr_t *hdr,
+ int *len,
+ int use_mki)
+{
+ if (use_mki == -1) {
+ return srtp_unprotect_rtcp(srtp_sender, hdr, len);
+ } else {
+ return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki);
+ }
+}
+
+srtp_err_status_t srtp_test(const srtp_policy_t *policy,
+ int extension_header,
+ int mki_index)
+{
+ int i;
+ srtp_t srtp_sender;
+ srtp_t srtp_rcvr;
+ srtp_err_status_t status = srtp_err_status_ok;
+ srtp_hdr_t *hdr, *hdr2;
+ uint8_t hdr_enc[64];
+ uint8_t *pkt_end;
+ int msg_len_octets, msg_len_enc, msg_len;
+ int len, len2;
+ uint32_t tag_length;
+ uint32_t ssrc;
+ srtp_policy_t *rcvr_policy;
+ srtp_policy_t tmp_policy;
+ int header = 1;
+ int use_mki = 0;
+
+ if (mki_index >= 0)
+ use_mki = 1;
+
+ if (extension_header) {
+ memcpy(&tmp_policy, policy, sizeof(srtp_policy_t));
+ tmp_policy.enc_xtn_hdr = &header;
+ tmp_policy.enc_xtn_hdr_count = 1;
+ err_check(srtp_create(&srtp_sender, &tmp_policy));
+ } else {
+ err_check(srtp_create(&srtp_sender, policy));
+ }
+
+ /* print out policy */
+ err_check(srtp_session_print_policy(srtp_sender));
+
+ /*
+ * initialize data buffer, using the ssrc in the policy unless that
+ * value is a wildcard, in which case we'll just use an arbitrary
+ * one
+ */
+ if (policy->ssrc.type != ssrc_specific) {
+ ssrc = 0xdecafbad;
+ } else {
+ ssrc = policy->ssrc.value;
+ }
+ msg_len_octets = 28;
+ if (extension_header) {
+ hdr = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc, &len);
+ hdr2 = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc, &len2);
+ } else {
+ hdr = srtp_create_test_packet(msg_len_octets, ssrc, &len);
+ hdr2 = srtp_create_test_packet(msg_len_octets, ssrc, &len2);
+ }
- /* set message length */
- len = msg_len_octets;
+ /* save original msg len */
+ msg_len = len;
+
+ if (hdr == NULL) {
+ free(hdr2);
+ return srtp_err_status_alloc_fail;
+ }
+ if (hdr2 == NULL) {
+ free(hdr);
+ return srtp_err_status_alloc_fail;
+ }
- debug_print(mod_driver, "before protection:\n%s",
- srtp_packet_to_string(hdr, len));
+ debug_print(mod_driver, "before protection:\n%s",
+ srtp_packet_to_string(hdr, len));
#if PRINT_REFERENCE_PACKET
- debug_print(mod_driver, "reference packet before protection:\n%s",
- octet_string_hex_string((octet_t *)hdr, len));
+ debug_print(mod_driver, "reference packet before protection:\n%s",
+ octet_string_hex_string((uint8_t *)hdr, len));
#endif
- err_check(srtp_protect(srtp_sender, hdr, &len));
+ err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index));
- debug_print(mod_driver, "after protection:\n%s",
- srtp_packet_to_string(hdr, len));
+ debug_print(mod_driver, "after protection:\n%s",
+ srtp_packet_to_string(hdr, len));
#if PRINT_REFERENCE_PACKET
- debug_print(mod_driver, "after protection:\n%s",
- octet_string_hex_string((octet_t *)hdr, len));
+ debug_print(mod_driver, "after protection:\n%s",
+ octet_string_hex_string((uint8_t *)hdr, len));
#endif
- /*
- * check for overrun of the srtp_protect() function
- *
- * The packet is followed by a value of 0xfffff; if the value of the
- * data following the packet is different, then we know that the
- * protect function is overwriting the end of the packet.
- */
- pkt_end = (octet_t *)hdr + sizeof(srtp_hdr_t)
- + msg_len_octets + tag_length;
- for (i = 0; i < 4; i++)
- if (pkt_end[i] != 0xff) {
- fprintf(stdout, "overwrite in srtp_protect() function "
- "(expected %x, found %x in trailing octet %d)\n",
- 0xff, ((octet_t *)hdr)[i], i);
- free(hdr);
- free(hdr2);
- return err_status_algo_fail;
- }
-
- /*
- * if the policy includes confidentiality, check that ciphertext is
- * different than plaintext
- *
- * Note that this check will give false negatives, with some small
- * probability, especially if the packets are short. For that
- * reason, we skip this check if the plaintext is less than four
- * octets long.
- */
- if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
- printf("testing that ciphertext is distinct from plaintext...");
- status = err_status_algo_fail;
- for (i=12; i < msg_len_octets+12; i++)
- if (((octet_t *)hdr)[i] != ((octet_t *)hdr2)[i]) {
- status = err_status_ok;
- }
- if (status) {
- printf("failed\n");
- free(hdr);
- free(hdr2);
- return status;
- }
- printf("passed\n");
- }
-
- /*
- * if the policy uses a 'wildcard' ssrc, then we need to make a copy
- * of the policy that changes the direction to inbound
- *
- * we always copy the policy into the rcvr_policy, since otherwise
- * the compiler would fret about the constness of the policy
- */
- rcvr_policy = malloc(sizeof(srtp_policy_t));
- if (rcvr_policy == NULL)
- return err_status_alloc_fail;
- memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
- if (policy->ssrc.type == ssrc_any_outbound) {
- rcvr_policy->ssrc.type = ssrc_any_inbound;
- }
-
- err_check(srtp_create(&srtp_rcvr, rcvr_policy));
-
- err_check(srtp_unprotect(srtp_rcvr, hdr, &len));
-
- debug_print(mod_driver, "after unprotection:\n%s",
- srtp_packet_to_string(hdr, len));
-
- /* verify that the unprotected packet matches the origial one */
- for (i=0; i < msg_len_octets; i++)
- if (((octet_t *)hdr)[i] != ((octet_t *)hdr2)[i]) {
- fprintf(stdout, "mismatch at octet %d\n", i);
- status = err_status_algo_fail;
- }
- if (status) {
+ /* save protected message and length */
+ memcpy(hdr_enc, hdr, len);
+ msg_len_enc = len;
+
+ /*
+ * check for overrun of the srtp_protect() function
+ *
+ * The packet is followed by a value of 0xfffff; if the value of the
+ * data following the packet is different, then we know that the
+ * protect function is overwriting the end of the packet.
+ */
+ err_check(srtp_get_protect_trailer_length(srtp_sender, use_mki, mki_index,
+ &tag_length));
+ pkt_end = (uint8_t *)hdr + msg_len + tag_length;
+ for (i = 0; i < 4; i++) {
+ if (pkt_end[i] != 0xff) {
+ fprintf(stdout, "overwrite in srtp_protect() function "
+ "(expected %x, found %x in trailing octet %d)\n",
+ 0xff, ((uint8_t *)hdr)[i], i);
+ free(hdr);
+ free(hdr2);
+ return srtp_err_status_algo_fail;
+ }
+ }
+
+ /*
+ * if the policy includes confidentiality, check that ciphertext is
+ * different than plaintext
+ *
+ * Note that this check will give false negatives, with some small
+ * probability, especially if the packets are short. For that
+ * reason, we skip this check if the plaintext is less than four
+ * octets long.
+ */
+ if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
+ printf("testing that ciphertext is distinct from plaintext...");
+ status = srtp_err_status_algo_fail;
+ for (i = 12; i < msg_len_octets + 12; i++) {
+ if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
+ status = srtp_err_status_ok;
+ }
+ }
+ if (status) {
+ printf("failed\n");
+ free(hdr);
+ free(hdr2);
+ return status;
+ }
+ printf("passed\n");
+ }
+
+ /*
+ * if the policy uses a 'wildcard' ssrc, then we need to make a copy
+ * of the policy that changes the direction to inbound
+ *
+ * we always copy the policy into the rcvr_policy, since otherwise
+ * the compiler would fret about the constness of the policy
+ */
+ rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t));
+ if (rcvr_policy == NULL) {
+ free(hdr);
+ free(hdr2);
+ return srtp_err_status_alloc_fail;
+ }
+ if (extension_header) {
+ memcpy(rcvr_policy, &tmp_policy, sizeof(srtp_policy_t));
+ if (tmp_policy.ssrc.type == ssrc_any_outbound) {
+ rcvr_policy->ssrc.type = ssrc_any_inbound;
+ }
+ } else {
+ memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
+ if (policy->ssrc.type == ssrc_any_outbound) {
+ rcvr_policy->ssrc.type = ssrc_any_inbound;
+ }
+ }
+
+ err_check(srtp_create(&srtp_rcvr, rcvr_policy));
+
+ err_check(srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki));
+
+ debug_print(mod_driver, "after unprotection:\n%s",
+ srtp_packet_to_string(hdr, len));
+
+ /* verify that the unprotected packet matches the origial one */
+ for (i = 0; i < len; i++) {
+ if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
+ fprintf(stdout, "mismatch at octet %d\n", i);
+ status = srtp_err_status_algo_fail;
+ }
+ }
+ if (status) {
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ }
+
+ /*
+ * if the policy includes authentication, then test for false positives
+ */
+ if (policy->rtp.sec_serv & sec_serv_auth) {
+ char *data = ((char *)hdr) + (extension_header ? 24 : 12);
+
+ printf("testing for false positives in replay check...");
+
+ /* unprotect a second time - should fail with a replay error */
+ status =
+ srtp_test_call_unprotect(srtp_rcvr, hdr, &msg_len_enc, use_mki);
+ if (status != srtp_err_status_replay_fail) {
+ printf("failed with error code %d\n", status);
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ } else {
+ printf("passed\n");
+ }
+
+ printf("testing for false positives in auth check...");
+
+ /* increment sequence number in header */
+ hdr->seq++;
+
+ /* apply protection */
+ err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index));
+
+ /* flip bits in packet */
+ data[0] ^= 0xff;
+
+ /* unprotect, and check for authentication failure */
+ status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki);
+ if (status != srtp_err_status_auth_fail) {
+ printf("failed\n");
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ } else {
+ printf("passed\n");
+ }
+ }
+
+ err_check(srtp_dealloc(srtp_sender));
+ err_check(srtp_dealloc(srtp_rcvr));
+
free(hdr);
free(hdr2);
- return status;
- }
-
- /*
- * if the policy includes authentication, then test for false positives
- */
- if (policy->rtp.sec_serv & sec_serv_auth) {
- char *data = ((char *)hdr) + 12;
-
- printf("testing for false positives in replay check...");
-
- /* unprotect a second time - should fail with a replay error */
- status = srtp_unprotect(srtp_rcvr, hdr, &len);
- if (status != err_status_replay_fail) {
- printf("failed with error code %d\n", status);
- free(hdr);
- free(hdr2);
- return status;
+ free(rcvr_policy);
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index)
+{
+ int i;
+ srtp_t srtcp_sender;
+ srtp_t srtcp_rcvr;
+ srtp_err_status_t status = srtp_err_status_ok;
+ srtp_hdr_t *hdr, *hdr2;
+ uint8_t hdr_enc[64];
+ uint8_t *pkt_end;
+ int msg_len_octets, msg_len_enc, msg_len;
+ int len, len2;
+ uint32_t tag_length;
+ uint32_t ssrc;
+ srtp_policy_t *rcvr_policy;
+ int use_mki = 0;
+
+ if (mki_index >= 0)
+ use_mki = 1;
+
+ err_check(srtp_create(&srtcp_sender, policy));
+
+ /* print out policy */
+ err_check(srtp_session_print_policy(srtcp_sender));
+
+ /*
+ * initialize data buffer, using the ssrc in the policy unless that
+ * value is a wildcard, in which case we'll just use an arbitrary
+ * one
+ */
+ if (policy->ssrc.type != ssrc_specific) {
+ ssrc = 0xdecafbad;
} else {
- printf("passed\n");
+ ssrc = policy->ssrc.value;
}
+ msg_len_octets = 28;
+ hdr = srtp_create_test_packet(msg_len_octets, ssrc, &len);
+ /* save message len */
+ msg_len = len;
- printf("testing for false positives in auth check...");
+ if (hdr == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ hdr2 = srtp_create_test_packet(msg_len_octets, ssrc, &len2);
+ if (hdr2 == NULL) {
+ free(hdr);
+ return srtp_err_status_alloc_fail;
+ }
- /* increment sequence number in header */
- hdr->seq++;
+ debug_print(mod_driver, "before protection:\n%s",
+ srtp_packet_to_string(hdr, len));
- /* apply protection */
- err_check(srtp_protect(srtp_sender, hdr, &len));
-
- /* flip bits in packet */
- data[0] ^= 0xff;
+#if PRINT_REFERENCE_PACKET
+ debug_print(mod_driver, "reference packet before protection:\n%s",
+ octet_string_hex_string((uint8_t *)hdr, len));
+#endif
+ err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index));
- /* unprotect, and check for authentication failure */
- status = srtp_unprotect(srtp_rcvr, hdr, &len);
- if (status != err_status_auth_fail) {
- printf("failed\n");
- free(hdr);
- free(hdr2);
- return status;
- } else {
- printf("passed\n");
+ debug_print(mod_driver, "after protection:\n%s",
+ srtp_packet_to_string(hdr, len));
+#if PRINT_REFERENCE_PACKET
+ debug_print(mod_driver, "after protection:\n%s",
+ octet_string_hex_string((uint8_t *)hdr, len));
+#endif
+
+ /* save protected message and length */
+ memcpy(hdr_enc, hdr, len);
+ msg_len_enc = len;
+
+ /*
+ * check for overrun of the srtp_protect() function
+ *
+ * The packet is followed by a value of 0xfffff; if the value of the
+ * data following the packet is different, then we know that the
+ * protect function is overwriting the end of the packet.
+ */
+ srtp_get_protect_rtcp_trailer_length(srtcp_sender, use_mki, mki_index,
+ &tag_length);
+ pkt_end = (uint8_t *)hdr + msg_len + tag_length;
+ for (i = 0; i < 4; i++) {
+ if (pkt_end[i] != 0xff) {
+ fprintf(stdout, "overwrite in srtp_protect_rtcp() function "
+ "(expected %x, found %x in trailing octet %d)\n",
+ 0xff, ((uint8_t *)hdr)[i], i);
+ free(hdr);
+ free(hdr2);
+ return srtp_err_status_algo_fail;
+ }
}
-
- }
- err_check(srtp_dealloc(srtp_sender));
- err_check(srtp_dealloc(srtp_rcvr));
+ /*
+ * if the policy includes confidentiality, check that ciphertext is
+ * different than plaintext
+ *
+ * Note that this check will give false negatives, with some small
+ * probability, especially if the packets are short. For that
+ * reason, we skip this check if the plaintext is less than four
+ * octets long.
+ */
+ if ((policy->rtcp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
+ printf("testing that ciphertext is distinct from plaintext...");
+ status = srtp_err_status_algo_fail;
+ for (i = 12; i < msg_len_octets + 12; i++) {
+ if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
+ status = srtp_err_status_ok;
+ }
+ }
+ if (status) {
+ printf("failed\n");
+ free(hdr);
+ free(hdr2);
+ return status;
+ }
+ printf("passed\n");
+ }
+
+ /*
+ * if the policy uses a 'wildcard' ssrc, then we need to make a copy
+ * of the policy that changes the direction to inbound
+ *
+ * we always copy the policy into the rcvr_policy, since otherwise
+ * the compiler would fret about the constness of the policy
+ */
+ rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t));
+ if (rcvr_policy == NULL) {
+ free(hdr);
+ free(hdr2);
+ return srtp_err_status_alloc_fail;
+ }
+ memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
+ if (policy->ssrc.type == ssrc_any_outbound) {
+ rcvr_policy->ssrc.type = ssrc_any_inbound;
+ }
+
+ err_check(srtp_create(&srtcp_rcvr, rcvr_policy));
+
+ err_check(srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki));
+
+ debug_print(mod_driver, "after unprotection:\n%s",
+ srtp_packet_to_string(hdr, len));
+
+ /* verify that the unprotected packet matches the origial one */
+ for (i = 0; i < len; i++) {
+ if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
+ fprintf(stdout, "mismatch at octet %d\n", i);
+ status = srtp_err_status_algo_fail;
+ }
+ }
+ if (status) {
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ }
+
+ /*
+ * if the policy includes authentication, then test for false positives
+ */
+ if (policy->rtp.sec_serv & sec_serv_auth) {
+ char *data = ((char *)hdr) + 12;
+
+ printf("testing for false positives in replay check...");
+
+ /* unprotect a second time - should fail with a replay error */
+ status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &msg_len_enc,
+ use_mki);
+ if (status != srtp_err_status_replay_fail) {
+ printf("failed with error code %d\n", status);
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ } else {
+ printf("passed\n");
+ }
+
+ printf("testing for false positives in auth check...");
+
+ /* increment sequence number in header */
+ hdr->seq++;
+
+ /* apply protection */
+ err_check(
+ srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index));
+
+ /* flip bits in packet */
+ data[0] ^= 0xff;
+
+ /* unprotect, and check for authentication failure */
+ status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki);
+ if (status != srtp_err_status_auth_fail) {
+ printf("failed\n");
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ } else {
+ printf("passed\n");
+ }
+ }
+
+ err_check(srtp_dealloc(srtcp_sender));
+ err_check(srtp_dealloc(srtcp_rcvr));
- free(hdr);
- free(hdr2);
- return err_status_ok;
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return srtp_err_status_ok;
}
+srtp_err_status_t srtp_session_print_policy(srtp_t srtp)
+{
+ char *serv_descr[4] = { "none", "confidentiality", "authentication",
+ "confidentiality and authentication" };
+ char *direction[3] = { "unknown", "outbound", "inbound" };
+ srtp_stream_t stream;
+ srtp_session_keys_t *session_keys = NULL;
+
+ /* sanity checking */
+ if (srtp == NULL) {
+ return srtp_err_status_fail;
+ }
-err_status_t
-srtp_session_print_policy(srtp_t srtp) {
- char *serv_descr[4] = {
- "none",
- "confidentiality",
- "authentication",
- "confidentiality and authentication"
- };
- char *direction[3] = {
- "unknown",
- "outbound",
- "inbound"
- };
- srtp_stream_t stream;
-
- /* sanity checking */
- if (srtp == NULL)
- return err_status_fail;
-
- /* if there's a template stream, print it out */
- if (srtp->stream_template != NULL) {
- stream = srtp->stream_template;
- printf("# SSRC: any %s\r\n"
- "# rtp cipher: %s\r\n"
- "# rtp auth: %s\r\n"
- "# rtp services: %s\r\n"
- "# rtcp cipher: %s\r\n"
- "# rtcp auth: %s\r\n"
- "# rtcp services: %s\r\n",
- direction[stream->direction],
- stream->rtp_cipher->type->description,
- stream->rtp_auth->type->description,
- serv_descr[stream->rtp_services],
- stream->rtcp_cipher->type->description,
- stream->rtcp_auth->type->description,
- serv_descr[stream->rtcp_services]);
- }
-
- /* loop over streams in session, printing the policy of each */
- stream = srtp->stream_list;
- while (stream != NULL) {
- if (stream->rtp_services > sec_serv_conf_and_auth)
- return err_status_bad_param;
-
- printf("# SSRC: 0x%08x\r\n"
- "# rtp cipher: %s\r\n"
- "# rtp auth: %s\r\n"
- "# rtp services: %s\r\n"
- "# rtcp cipher: %s\r\n"
- "# rtcp auth: %s\r\n"
- "# rtcp services: %s\r\n",
- stream->ssrc,
- stream->rtp_cipher->type->description,
- stream->rtp_auth->type->description,
- serv_descr[stream->rtp_services],
- stream->rtcp_cipher->type->description,
- stream->rtcp_auth->type->description,
- serv_descr[stream->rtcp_services]);
-
- /* advance to next stream in the list */
- stream = stream->next;
- }
- return err_status_ok;
+ /* if there's a template stream, print it out */
+ if (srtp->stream_template != NULL) {
+ stream = srtp->stream_template;
+ session_keys = &stream->session_keys[0];
+ printf("# SSRC: any %s\r\n"
+ "# rtp cipher: %s\r\n"
+ "# rtp auth: %s\r\n"
+ "# rtp services: %s\r\n"
+ "# rtcp cipher: %s\r\n"
+ "# rtcp auth: %s\r\n"
+ "# rtcp services: %s\r\n"
+ "# window size: %lu\r\n"
+ "# tx rtx allowed:%s\r\n",
+ direction[stream->direction],
+ session_keys->rtp_cipher->type->description,
+ session_keys->rtp_auth->type->description,
+ serv_descr[stream->rtp_services],
+ session_keys->rtcp_cipher->type->description,
+ session_keys->rtcp_auth->type->description,
+ serv_descr[stream->rtcp_services],
+ srtp_rdbx_get_window_size(&stream->rtp_rdbx),
+ stream->allow_repeat_tx ? "true" : "false");
+
+ printf("# Encrypted extension headers: ");
+ if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) {
+ int *enc_xtn_hdr = stream->enc_xtn_hdr;
+ int count = stream->enc_xtn_hdr_count;
+ while (count > 0) {
+ printf("%d ", *enc_xtn_hdr);
+ enc_xtn_hdr++;
+ count--;
+ }
+ printf("\n");
+ } else {
+ printf("none\n");
+ }
+ }
+
+ /* loop over streams in session, printing the policy of each */
+ stream = srtp->stream_list;
+ while (stream != NULL) {
+ if (stream->rtp_services > sec_serv_conf_and_auth) {
+ return srtp_err_status_bad_param;
+ }
+ session_keys = &stream->session_keys[0];
+
+ printf("# SSRC: 0x%08x\r\n"
+ "# rtp cipher: %s\r\n"
+ "# rtp auth: %s\r\n"
+ "# rtp services: %s\r\n"
+ "# rtcp cipher: %s\r\n"
+ "# rtcp auth: %s\r\n"
+ "# rtcp services: %s\r\n"
+ "# window size: %lu\r\n"
+ "# tx rtx allowed:%s\r\n",
+ stream->ssrc, session_keys->rtp_cipher->type->description,
+ session_keys->rtp_auth->type->description,
+ serv_descr[stream->rtp_services],
+ session_keys->rtcp_cipher->type->description,
+ session_keys->rtcp_auth->type->description,
+ serv_descr[stream->rtcp_services],
+ srtp_rdbx_get_window_size(&stream->rtp_rdbx),
+ stream->allow_repeat_tx ? "true" : "false");
+
+ printf("# Encrypted extension headers: ");
+ if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) {
+ int *enc_xtn_hdr = stream->enc_xtn_hdr;
+ int count = stream->enc_xtn_hdr_count;
+ while (count > 0) {
+ printf("%d ", *enc_xtn_hdr);
+ enc_xtn_hdr++;
+ count--;
+ }
+ printf("\n");
+ } else {
+ printf("none\n");
+ }
+
+ /* advance to next stream in the list */
+ stream = stream->next;
+ }
+ return srtp_err_status_ok;
}
-err_status_t
-srtp_print_policy(const srtp_policy_t *policy) {
- err_status_t status;
- srtp_t session;
-
- status = srtp_create(&session, policy);
- if (status)
- return status;
- status = srtp_session_print_policy(session);
- if (status)
- return status;
- status = srtp_dealloc(session);
- if (status)
- return status;
- return err_status_ok;
+srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy)
+{
+ srtp_err_status_t status;
+ srtp_t session;
+
+ status = srtp_create(&session, policy);
+ if (status) {
+ return status;
+ }
+ status = srtp_session_print_policy(session);
+ if (status) {
+ return status;
+ }
+ status = srtp_dealloc(session);
+ if (status) {
+ return status;
+ }
+ return srtp_err_status_ok;
}
-/*
- * srtp_print_packet(...) is for debugging only
+/*
+ * srtp_print_packet(...) is for debugging only
* it prints an RTP packet to the stdout
*
* note that this function is *not* threadsafe
@@ -822,43 +1556,35 @@ srtp_print_policy(const srtp_policy_t *policy) {
char packet_string[MTU];
-char *
-srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len) {
- int octets_in_rtp_header = 12;
- octet_t *data = ((octet_t *)hdr)+octets_in_rtp_header;
- int hex_len = pkt_octet_len-octets_in_rtp_header;
-
- /* sanity checking */
- if ((hdr == NULL) || (pkt_octet_len > MTU))
- return NULL;
-
- /* write packet into string */
- sprintf(packet_string,
- "(s)rtp packet: {\n"
- " version:\t%d\n"
- " p:\t\t%d\n"
- " x:\t\t%d\n"
- " cc:\t\t%d\n"
- " m:\t\t%d\n"
- " pt:\t\t%x\n"
- " seq:\t\t%x\n"
- " ts:\t\t%x\n"
- " ssrc:\t%x\n"
- " data:\t%s\n"
- "} (%d octets in total)\n",
- hdr->version,
- hdr->p,
- hdr->x,
- hdr->cc,
- hdr->m,
- hdr->pt,
- hdr->seq,
- hdr->ts,
- hdr->ssrc,
- octet_string_hex_string(data, hex_len),
- pkt_octet_len);
-
- return packet_string;
+char *srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len)
+{
+ int octets_in_rtp_header = 12;
+ uint8_t *data = ((uint8_t *)hdr) + octets_in_rtp_header;
+ int hex_len = pkt_octet_len - octets_in_rtp_header;
+
+ /* sanity checking */
+ if ((hdr == NULL) || (pkt_octet_len > MTU)) {
+ return NULL;
+ }
+
+ /* write packet into string */
+ sprintf(packet_string, "(s)rtp packet: {\n"
+ " version:\t%d\n"
+ " p:\t\t%d\n"
+ " x:\t\t%d\n"
+ " cc:\t\t%d\n"
+ " m:\t\t%d\n"
+ " pt:\t\t%x\n"
+ " seq:\t\t%x\n"
+ " ts:\t\t%x\n"
+ " ssrc:\t%x\n"
+ " data:\t%s\n"
+ "} (%d octets in total)\n",
+ hdr->version, hdr->p, hdr->x, hdr->cc, hdr->m, hdr->pt, hdr->seq,
+ hdr->ts, hdr->ssrc, octet_string_hex_string(data, hex_len),
+ pkt_octet_len);
+
+ return packet_string;
}
/*
@@ -871,341 +1597,2185 @@ srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len) {
* optimize away the function
*/
-double
-mips_estimate(int num_trials, int *ignore) {
- clock_t t;
- int i, sum;
+double mips_estimate(int num_trials, int *ignore)
+{
+ clock_t t;
+ volatile int i, sum;
- sum = 0;
- t = clock();
- for (i=0; i<num_trials; i++)
- sum += i;
- t = clock() - t;
+ sum = 0;
+ t = clock();
+ for (i = 0; i < num_trials; i++) {
+ sum += i;
+ }
+ t = clock() - t;
+ if (t < 1) {
+ t = 1;
+ }
-/* printf("%d\n", sum); */
- *ignore = sum;
+ /* printf("%d\n", sum); */
+ *ignore = sum;
- return (double) num_trials * CLOCKS_PER_SEC / t;
+ return (double)num_trials * CLOCKS_PER_SEC / t;
}
-
/*
* srtp_validate() verifies the correctness of libsrtp by comparing
* some computed packets against some pre-computed reference values.
* These packets were made with the default SRTP policy.
*/
+srtp_err_status_t srtp_validate()
+{
+ // clang-format off
+ uint8_t srtp_plaintext_ref[28] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t srtp_plaintext[38] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[38] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
+ 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
+ 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
+ 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
+ };
+ uint8_t rtcp_plaintext_ref[24] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ };
+ uint8_t rtcp_plaintext[38] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtcp_ciphertext[38] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0x71, 0x28, 0x03, 0x5b, 0xe4, 0x87, 0xb9, 0xbd,
+ 0xbe, 0xf8, 0x90, 0x41, 0xf9, 0x77, 0xa5, 0xa8,
+ 0x80, 0x00, 0x00, 0x01, 0x99, 0x3e, 0x08, 0xcd,
+ 0x54, 0xd6, 0xc1, 0x23, 0x07, 0x98
+ };
+ // clang-format on
+
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
-err_status_t
-srtp_validate() {
- unsigned char test_key[30] = {
- 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
- 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
- 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
- 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
- };
- octet_t srtp_plaintext_ref[28] = {
- 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
- 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab
- };
- octet_t srtp_plaintext[38] = {
- 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
- 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- };
- octet_t srtp_ciphertext[38] = {
- 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
- 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
- 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
- 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
- 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
- };
- srtp_t srtp_snd, srtp_recv;
- err_status_t status;
- int len;
- srtp_policy_t policy;
-
- /*
- * create a session with a single stream using the default srtp
- * policy and with the SSRC value 0xcafebabe
- */
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- policy.ssrc.type = ssrc_specific;
- policy.ssrc.value = 0xcafebabe;
- policy.key = test_key;
- policy.next = NULL;
-
- status = srtp_create(&srtp_snd, &policy);
- if (status)
- return status;
-
- /*
- * protect plaintext, then compare with ciphertext
- */
- len = 28;
- status = srtp_protect(srtp_snd, srtp_plaintext, &len);
- if (status || (len != 38))
- return err_status_fail;
-
- debug_print(mod_driver, "ciphertext:\n %s",
- octet_string_hex_string(srtp_plaintext, len));
- debug_print(mod_driver, "ciphertext reference:\n %s",
- octet_string_hex_string(srtp_ciphertext, len));
-
- if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
- return err_status_fail;
-
- /*
- * create a receiver session context comparable to the one created
- * above - we need to do this so that the replay checking doesn't
- * complain
- */
- status = srtp_create(&srtp_recv, &policy);
- if (status)
- return status;
-
- /*
- * unprotect ciphertext, then compare with plaintext
- */
- status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
- if (status || (len != 28))
- return status;
-
- if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
- return err_status_fail;
-
- return err_status_ok;
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * protect plaintext, then compare with ciphertext
+ */
+ len = 28;
+ status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+ if (status || (len != 38)) {
+ return srtp_err_status_fail;
+ }
+
+ debug_print(mod_driver, "ciphertext:\n %s",
+ octet_string_hex_string(srtp_plaintext, len));
+ debug_print(mod_driver, "ciphertext reference:\n %s",
+ octet_string_hex_string(srtp_ciphertext, len));
+
+ if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * protect plaintext rtcp, then compare with srtcp ciphertext
+ */
+ len = 24;
+ status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len);
+ if (status || (len != 38)) {
+ return srtp_err_status_fail;
+ }
+
+ debug_print(mod_driver, "srtcp ciphertext:\n %s",
+ octet_string_hex_string(rtcp_plaintext, len));
+ debug_print(mod_driver, "srtcp ciphertext reference:\n %s",
+ octet_string_hex_string(srtcp_ciphertext, len));
+
+ if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status || (len != 28)) {
+ return status;
+ }
+
+ if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * unprotect srtcp ciphertext, then compare with rtcp plaintext
+ */
+ len = 38;
+ status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len);
+ if (status || (len != 24)) {
+ return status;
+ }
+
+ if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(srtp_snd);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(srtp_recv);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+
+#ifdef GCM
+/*
+ * srtp_validate_gcm() verifies the correctness of libsrtp by comparing
+ * an computed packet against the known ciphertext for the plaintext.
+ */
+srtp_err_status_t srtp_validate_gcm()
+{
+ // clang-format off
+ unsigned char test_key_gcm[28] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+ 0xa8, 0xa9, 0xaa, 0xab
+ };
+ uint8_t rtp_plaintext_ref[28] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t rtp_plaintext[44] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[44] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xc5, 0x00, 0x2e, 0xde,
+ 0x04, 0xcf, 0xdd, 0x2e, 0xb9, 0x11, 0x59, 0xe0,
+ 0x88, 0x0a, 0xa0, 0x6e, 0xd2, 0x97, 0x68, 0x26,
+ 0xf7, 0x96, 0xb2, 0x01, 0xdf, 0x31, 0x31, 0xa1,
+ 0x27, 0xe8, 0xa3, 0x92
+ };
+ uint8_t rtcp_plaintext_ref[24] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ };
+ uint8_t rtcp_plaintext[44] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtcp_ciphertext[44] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0xc9, 0x8b, 0x8b, 0x5d, 0xf0, 0x39, 0x2a, 0x55,
+ 0x85, 0x2b, 0x6c, 0x21, 0xac, 0x8e, 0x70, 0x25,
+ 0xc5, 0x2c, 0x6f, 0xbe, 0xa2, 0xb3, 0xb4, 0x46,
+ 0xea, 0x31, 0x12, 0x3b, 0xa8, 0x8c, 0xe6, 0x1e,
+ 0x80, 0x00, 0x00, 0x01
+ };
+ // clang-format on
+
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key_gcm;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * protect plaintext rtp, then compare with srtp ciphertext
+ */
+ len = 28;
+ status = srtp_protect(srtp_snd, rtp_plaintext, &len);
+ if (status || (len != 44)) {
+ return srtp_err_status_fail;
+ }
+
+ debug_print(mod_driver, "srtp ciphertext:\n %s",
+ octet_string_hex_string(rtp_plaintext, len));
+ debug_print(mod_driver, "srtp ciphertext reference:\n %s",
+ octet_string_hex_string(srtp_ciphertext, len));
+
+ if (srtp_octet_string_is_eq(rtp_plaintext, srtp_ciphertext, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * protect plaintext rtcp, then compare with srtcp ciphertext
+ */
+ len = 24;
+ status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len);
+ if (status || (len != 44)) {
+ return srtp_err_status_fail;
+ }
+
+ debug_print(mod_driver, "srtcp ciphertext:\n %s",
+ octet_string_hex_string(rtcp_plaintext, len));
+ debug_print(mod_driver, "srtcp ciphertext reference:\n %s",
+ octet_string_hex_string(srtcp_ciphertext, len));
+
+ if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * unprotect srtp ciphertext, then compare with rtp plaintext
+ */
+ len = 44;
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status || (len != 28)) {
+ return status;
+ }
+
+ if (srtp_octet_string_is_eq(srtp_ciphertext, rtp_plaintext_ref, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * unprotect srtcp ciphertext, then compare with rtcp plaintext
+ */
+ len = 44;
+ status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len);
+ if (status || (len != 24)) {
+ return status;
+ }
+
+ if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(srtp_snd);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(srtp_recv);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+#endif
+
+/*
+ * Test vectors taken from RFC 6904, Appendix A
+ */
+srtp_err_status_t srtp_validate_encrypted_extensions_headers()
+{
+ // clang-format off
+ unsigned char test_key_ext_headers[30] = {
+ 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
+ 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
+ 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+ };
+ uint8_t srtp_plaintext_ref[56] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+ 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+ 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t srtp_plaintext[66] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+ 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+ 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[66] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x58, 0x8A, 0x92, 0x70, 0xF4, 0xE1, 0x5E,
+ 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x95, 0x46,
+ 0xA9, 0x94, 0xF0, 0xBC, 0x54, 0x78, 0x97, 0x00,
+ 0x4e, 0x55, 0xdc, 0x4c, 0xe7, 0x99, 0x78, 0xd8,
+ 0x8c, 0xa4, 0xd2, 0x15, 0x94, 0x9d, 0x24, 0x02,
+ 0x5a, 0x46, 0xb3, 0xca, 0x35, 0xc5, 0x35, 0xa8,
+ 0x91, 0xc7
+ };
+ // clang-format on
+
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+ int headers[3] = { 1, 3, 4 };
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key_ext_headers;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.enc_xtn_hdr = headers;
+ policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]);
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status)
+ return status;
+
+ /*
+ * protect plaintext, then compare with ciphertext
+ */
+ len = sizeof(srtp_plaintext_ref);
+ status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+ if (status || (len != sizeof(srtp_plaintext)))
+ return srtp_err_status_fail;
+
+ debug_print(mod_driver, "ciphertext:\n %s",
+ srtp_octet_string_hex_string(srtp_plaintext, len));
+ debug_print(mod_driver, "ciphertext reference:\n %s",
+ srtp_octet_string_hex_string(srtp_ciphertext, len));
+
+ if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
+ return srtp_err_status_fail;
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status)
+ return status;
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status) {
+ return status;
+ } else if (len != sizeof(srtp_plaintext_ref)) {
+ return srtp_err_status_fail;
+ }
+
+ if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
+ return srtp_err_status_fail;
+
+ status = srtp_dealloc(srtp_snd);
+ if (status)
+ return status;
+
+ status = srtp_dealloc(srtp_recv);
+ if (status)
+ return status;
+
+ return srtp_err_status_ok;
+}
+
+#ifdef GCM
+
+/*
+ * Headers of test vectors taken from RFC 6904, Appendix A
+ */
+srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm()
+{
+ // clang-format off
+ unsigned char test_key_ext_headers[30] = {
+ 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
+ 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
+ 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+ };
+ uint8_t srtp_plaintext_ref[56] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+ 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+ 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t srtp_plaintext[64] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+ 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+ 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[64] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x12, 0xe0, 0x20, 0x5b, 0xfa, 0x94, 0x9b,
+ 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0xbb, 0x46,
+ 0x73, 0x27, 0x78, 0xd9, 0x92, 0x9a, 0xab, 0x00,
+ 0x0e, 0xca, 0x0c, 0xf9, 0x5e, 0xe9, 0x55, 0xb2,
+ 0x6c, 0xd3, 0xd2, 0x88, 0xb4, 0x9f, 0x6c, 0xa9,
+ 0xf4, 0xb1, 0xb7, 0x59, 0x71, 0x9e, 0xb5, 0xbc
+ };
+ // clang-format on
+
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+ int headers[3] = { 1, 3, 4 };
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key_ext_headers;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.enc_xtn_hdr = headers;
+ policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]);
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status)
+ return status;
+
+ /*
+ * protect plaintext, then compare with ciphertext
+ */
+ len = sizeof(srtp_plaintext_ref);
+ status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+ if (status || (len != sizeof(srtp_plaintext)))
+ return srtp_err_status_fail;
+
+ debug_print(mod_driver, "ciphertext:\n %s",
+ srtp_octet_string_hex_string(srtp_plaintext, len));
+ debug_print(mod_driver, "ciphertext reference:\n %s",
+ srtp_octet_string_hex_string(srtp_ciphertext, len));
+
+ if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
+ return srtp_err_status_fail;
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status)
+ return status;
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status) {
+ return status;
+ } else if (len != sizeof(srtp_plaintext_ref)) {
+ return srtp_err_status_fail;
+ }
+
+ if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
+ return srtp_err_status_fail;
+
+ status = srtp_dealloc(srtp_snd);
+ if (status)
+ return status;
+
+ status = srtp_dealloc(srtp_recv);
+ if (status)
+ return status;
+
+ return srtp_err_status_ok;
+}
+#endif
+
+/*
+ * srtp_validate_aes_256() verifies the correctness of libsrtp by comparing
+ * some computed packets against some pre-computed reference values.
+ * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy.
+ */
+
+srtp_err_status_t srtp_validate_aes_256()
+{
+ // clang-format off
+ unsigned char aes_256_test_key[46] = {
+ 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+ 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+ 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+ 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+
+ 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+ 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+ };
+ uint8_t srtp_plaintext_ref[28] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t srtp_plaintext[38] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[38] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17,
+ 0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74,
+ 0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a,
+ 0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b
+ };
+ // clang-format on
+
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = aes_256_test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * protect plaintext, then compare with ciphertext
+ */
+ len = 28;
+ status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+ if (status || (len != 38)) {
+ return srtp_err_status_fail;
+ }
+
+ debug_print(mod_driver, "ciphertext:\n %s",
+ octet_string_hex_string(srtp_plaintext, len));
+ debug_print(mod_driver, "ciphertext reference:\n %s",
+ octet_string_hex_string(srtp_ciphertext, len));
+
+ if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status || (len != 28)) {
+ return status;
+ }
+
+ if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(srtp_snd);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(srtp_recv);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list)
+{
+ extern const srtp_policy_t *policy_array[];
+ srtp_policy_t *p, *tmp;
+ int i = 0;
+ uint32_t ssrc = 0;
+
+ /* sanity checking */
+ if ((list == NULL) || (policy_array[0] == NULL)) {
+ return srtp_err_status_bad_param;
+ }
+
+ /*
+ * loop over policy list, mallocing a new list and copying values
+ * into it (and incrementing the SSRC value as we go along)
+ */
+ tmp = NULL;
+ while (policy_array[i] != NULL) {
+ p = (srtp_policy_t *)malloc(sizeof(srtp_policy_t));
+ if (p == NULL) {
+ return srtp_err_status_bad_param;
+ }
+ memcpy(p, policy_array[i], sizeof(srtp_policy_t));
+ p->ssrc.type = ssrc_specific;
+ p->ssrc.value = ssrc++;
+ p->next = tmp;
+ tmp = p;
+ i++;
+ }
+ *list = p;
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list)
+{
+ srtp_policy_t *p, *next;
+
+ for (p = list; p != NULL; p = next) {
+ next = p->next;
+ free(p);
+ }
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_empty_payload()
+{
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+ srtp_hdr_t *mesg;
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status) {
+ return status;
+ }
+
+ mesg = srtp_create_test_packet(0, policy.ssrc.value, &len);
+ if (mesg == NULL) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_protect(srtp_snd, mesg, &len);
+ if (status) {
+ return status;
+ } else if (len != 12 + 10) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, mesg, &len);
+ if (status) {
+ return status;
+ } else if (len != 12) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(srtp_snd);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(srtp_recv);
+ if (status) {
+ return status;
+ }
+
+ free(mesg);
+
+ return srtp_err_status_ok;
+}
+
+#ifdef GCM
+srtp_err_status_t srtp_test_empty_payload_gcm()
+{
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+ srtp_hdr_t *mesg;
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status) {
+ return status;
+ }
+
+ mesg = srtp_create_test_packet(0, policy.ssrc.value, &len);
+ if (mesg == NULL) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_protect(srtp_snd, mesg, &len);
+ if (status) {
+ return status;
+ } else if (len != 12 + 8) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, mesg, &len);
+ if (status) {
+ return status;
+ } else if (len != 12) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(srtp_snd);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(srtp_recv);
+ if (status) {
+ return status;
+ }
+
+ free(mesg);
+
+ return srtp_err_status_ok;
+}
+#endif // GCM
+
+srtp_err_status_t srtp_test_remove_stream()
+{
+ srtp_err_status_t status;
+ srtp_policy_t *policy_list, policy;
+ srtp_t session;
+ srtp_stream_t stream;
+
+ /*
+ * srtp_get_stream() is a libSRTP internal function that we declare
+ * here so that we can use it to verify the correct operation of the
+ * library
+ */
+ extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
+
+ status = srtp_create_big_policy(&policy_list);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_create(&session, policy_list);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * check for false positives by trying to remove a stream that's not
+ * in the session
+ */
+ status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
+ if (status != srtp_err_status_no_ctx) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * check for false negatives by removing stream 0x1, then
+ * searching for streams 0x0 and 0x2
+ */
+ status = srtp_remove_stream(session, htonl(0x1));
+ if (status != srtp_err_status_ok) {
+ return srtp_err_status_fail;
+ }
+ stream = srtp_get_stream(session, htonl(0x0));
+ if (stream == NULL) {
+ return srtp_err_status_fail;
+ }
+ stream = srtp_get_stream(session, htonl(0x2));
+ if (stream == NULL) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(session);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ status = srtp_dealloc_big_policy(policy_list);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ /* Now test adding and removing a single stream */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&session, NULL);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ status = srtp_add_stream(session, &policy);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ status = srtp_remove_stream(session, htonl(0xcafebabe));
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ status = srtp_dealloc(session);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+
+// clang-format off
+unsigned char test_alt_key[46] = {
+ 0xe5, 0x19, 0x6f, 0x01, 0x5e, 0xf1, 0x9b, 0xe1,
+ 0xd7, 0x47, 0xa7, 0x27, 0x07, 0xd7, 0x47, 0x33,
+ 0x01, 0xc2, 0x35, 0x4d, 0x59, 0x6a, 0xf7, 0x84,
+ 0x96, 0x98, 0xeb, 0xaa, 0xac, 0xf6, 0xa1, 0x45,
+ 0xc7, 0x15, 0xe2, 0xea, 0xfe, 0x55, 0x67, 0x96,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+};
+// clang-format on
+
+/*
+ * srtp_test_update() verifies updating/rekeying exsisting streams.
+ * As stated in https://tools.ietf.org/html/rfc3711#section-3.3.1
+ * the value of the ROC must not be reset after a rekey, this test
+ * atempts to prove that srtp_update does not reset the ROC.
+ */
+
+srtp_err_status_t srtp_test_update()
+{
+ srtp_err_status_t status;
+ uint32_t ssrc = 0x12121212;
+ int msg_len_octets = 32;
+ int protected_msg_len_octets;
+ srtp_hdr_t *msg;
+ srtp_t srtp_snd, srtp_recv;
+ srtp_policy_t policy;
+
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+ policy.ssrc.type = ssrc_any_outbound;
+ policy.key = test_key;
+
+ /* create a send and recive ctx with defualt profile and test_key */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status)
+ return status;
+
+ policy.ssrc.type = ssrc_any_inbound;
+ status = srtp_create(&srtp_snd, &policy);
+ if (status)
+ return status;
+
+ /* protect and unprotect two msg's that will cause the ROC to be equal to 1
+ */
+ msg = srtp_create_test_packet(msg_len_octets, ssrc,
+ &protected_msg_len_octets);
+ if (msg == NULL)
+ return srtp_err_status_alloc_fail;
+ msg->seq = htons(65535);
+
+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+ if (status)
+ return srtp_err_status_fail;
+
+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+ if (status)
+ return status;
+
+ free(msg);
+
+ msg = srtp_create_test_packet(msg_len_octets, ssrc,
+ &protected_msg_len_octets);
+ if (msg == NULL)
+ return srtp_err_status_alloc_fail;
+ msg->seq = htons(1);
+
+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+ if (status)
+ return srtp_err_status_fail;
+
+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+ if (status)
+ return status;
+
+ free(msg);
+
+ /* update send ctx with same test_key t verify update works*/
+ policy.ssrc.type = ssrc_any_outbound;
+ policy.key = test_key;
+ status = srtp_update(srtp_snd, &policy);
+ if (status)
+ return status;
+
+ msg = srtp_create_test_packet(msg_len_octets, ssrc,
+ &protected_msg_len_octets);
+ if (msg == NULL)
+ return srtp_err_status_alloc_fail;
+ msg->seq = htons(2);
+
+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+ if (status)
+ return srtp_err_status_fail;
+
+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+ if (status)
+ return status;
+
+ free(msg);
+
+ /* update send ctx to use test_alt_key */
+ policy.ssrc.type = ssrc_any_outbound;
+ policy.key = test_alt_key;
+ status = srtp_update(srtp_snd, &policy);
+ if (status)
+ return status;
+
+ /* create and protect msg with new key and ROC still equal to 1 */
+ msg = srtp_create_test_packet(msg_len_octets, ssrc,
+ &protected_msg_len_octets);
+ if (msg == NULL)
+ return srtp_err_status_alloc_fail;
+ msg->seq = htons(3);
+
+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+ if (status)
+ return srtp_err_status_fail;
+
+ /* verify that recive ctx will fail to unprotect as it still uses test_key
+ */
+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+ if (status == srtp_err_status_ok)
+ return srtp_err_status_fail;
+
+ /* create a new recvieve ctx with test_alt_key but since it is new it will
+ * have ROC equal to 1
+ * and therefore should fail to unprotected */
+ {
+ srtp_t srtp_recv_roc_0;
+
+ policy.ssrc.type = ssrc_any_inbound;
+ policy.key = test_alt_key;
+ status = srtp_create(&srtp_recv_roc_0, &policy);
+ if (status)
+ return status;
+
+ status =
+ srtp_unprotect(srtp_recv_roc_0, msg, &protected_msg_len_octets);
+ if (status == srtp_err_status_ok)
+ return srtp_err_status_fail;
+
+ status = srtp_dealloc(srtp_recv_roc_0);
+ if (status)
+ return status;
+ }
+
+ /* update recive ctx to use test_alt_key */
+ policy.ssrc.type = ssrc_any_inbound;
+ policy.key = test_alt_key;
+ status = srtp_update(srtp_recv, &policy);
+ if (status)
+ return status;
+
+ /* verify that can still unprotect, therfore key is updated and ROC value is
+ * preserved */
+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+ if (status)
+ return status;
+
+ free(msg);
+
+ status = srtp_dealloc(srtp_snd);
+ if (status)
+ return status;
+
+ status = srtp_dealloc(srtp_recv);
+ if (status)
+ return status;
+
+ return srtp_err_status_ok;
}
+srtp_err_status_t srtp_test_setup_protect_trailer_streams(
+ srtp_t *srtp_send,
+ srtp_t *srtp_send_mki,
+ srtp_t *srtp_send_aes_gcm,
+ srtp_t *srtp_send_aes_gcm_mki)
+{
+ srtp_err_status_t status;
+ srtp_policy_t policy;
+ srtp_policy_t policy_mki;
+
+#ifdef GCM
+ srtp_policy_t policy_aes_gcm;
+ srtp_policy_t policy_aes_gcm_mki;
+#endif // GCM
+
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+ policy.ssrc.type = ssrc_any_outbound;
+ policy.key = test_key;
+
+ memset(&policy_mki, 0, sizeof(policy_mki));
+ srtp_crypto_policy_set_rtp_default(&policy_mki.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy_mki.rtcp);
+ policy_mki.ekt = NULL;
+ policy_mki.window_size = 128;
+ policy_mki.allow_repeat_tx = 0;
+ policy_mki.next = NULL;
+ policy_mki.ssrc.type = ssrc_any_outbound;
+ policy_mki.key = NULL;
+ policy_mki.keys = test_keys;
+ policy_mki.num_master_keys = 2;
+
+#ifdef GCM
+ memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm));
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp);
+ policy_aes_gcm.ekt = NULL;
+ policy_aes_gcm.window_size = 128;
+ policy_aes_gcm.allow_repeat_tx = 0;
+ policy_aes_gcm.next = NULL;
+ policy_aes_gcm.ssrc.type = ssrc_any_outbound;
+ policy_aes_gcm.key = test_key;
+
+ memset(&policy_aes_gcm_mki, 0, sizeof(policy_aes_gcm_mki));
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtcp);
+ policy_aes_gcm_mki.ekt = NULL;
+ policy_aes_gcm_mki.window_size = 128;
+ policy_aes_gcm_mki.allow_repeat_tx = 0;
+ policy_aes_gcm_mki.next = NULL;
+ policy_aes_gcm_mki.ssrc.type = ssrc_any_outbound;
+ policy_aes_gcm_mki.key = NULL;
+ policy_aes_gcm_mki.keys = test_keys;
+ policy_aes_gcm_mki.num_master_keys = 2;
+#endif // GCM
+
+ /* create a send ctx with defualt profile and test_key */
+ status = srtp_create(srtp_send, &policy);
+ if (status)
+ return status;
+
+ status = srtp_create(srtp_send_mki, &policy_mki);
+ if (status)
+ return status;
+
+#ifdef GCM
+ status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm);
+ if (status)
+ return status;
+
+ status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki);
+ if (status)
+ return status;
+#endif // GCM
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_protect_trailer_length()
+{
+ srtp_t srtp_send;
+ srtp_t srtp_send_mki;
+ srtp_t srtp_send_aes_gcm;
+ srtp_t srtp_send_aes_gcm_mki;
+ uint32_t length = 0;
+ srtp_err_status_t status;
+
+ srtp_test_setup_protect_trailer_streams(
+ &srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki);
+
+ status = srtp_get_protect_trailer_length(srtp_send, 0, 0, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 10 bytes */
+ if (length != 10)
+ return srtp_err_status_fail;
+
+ status = srtp_get_protect_trailer_length(srtp_send_mki, 1, 1, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 10 bytes + MKI length: 4 bytes*/
+ if (length != 14)
+ return srtp_err_status_fail;
+
+#ifdef GCM
+ status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 16 bytes */
+ if (length != 16)
+ return srtp_err_status_fail;
+
+ status =
+ srtp_get_protect_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 16 bytes + MKI length: 4 bytes*/
+ if (length != 20)
+ return srtp_err_status_fail;
+#endif // GCM
+
+ srtp_dealloc(srtp_send);
+ srtp_dealloc(srtp_send_mki);
+#ifdef GCM
+ srtp_dealloc(srtp_send_aes_gcm);
+ srtp_dealloc(srtp_send_aes_gcm_mki);
+#endif
-err_status_t
-srtp_create_big_policy(srtp_policy_t **list) {
- extern const srtp_policy_t *policy_array[];
- srtp_policy_t *p, *tmp;
- int i = 0;
- uint32_t ssrc = 0;
-
- /* sanity checking */
- if ((list == NULL) || (policy_array[0] == NULL))
- return err_status_bad_param;
-
- /*
- * loop over policy list, mallocing a new list and copying values
- * into it (and incrementing the SSRC value as we go along)
- */
- tmp = NULL;
- while (policy_array[i] != NULL) {
- p = malloc(sizeof(srtp_policy_t));
- if (p == NULL)
- return err_status_bad_param;
- memcpy(p, policy_array[i], sizeof(srtp_policy_t));
- p->ssrc.type = ssrc_specific;
- p->ssrc.value = ssrc++;
- p->next = tmp;
- tmp = p;
- i++;
- }
- *list = p;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-srtp_test_remove_stream() {
- err_status_t status;
- srtp_policy_t *policy_list;
- srtp_t session;
- srtp_stream_t stream;
- /*
- * srtp_get_stream() is a libSRTP internal function that we declare
- * here so that we can use it to verify the correct operation of the
- * library
- */
- extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
-
-
- status = srtp_create_big_policy(&policy_list);
- if (status)
- return status;
-
- status = srtp_create(&session, policy_list);
- if (status)
- return status;
-
- /*
- * check for false positives by trying to remove a stream that's not
- * in the session
- */
- status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
- if (status != err_status_no_ctx)
- return err_status_fail;
-
- /*
- * check for false negatives by removing stream 0x1, then
- * searching for streams 0x0 and 0x2
- */
- status = srtp_remove_stream(session, htonl(0x1));
- if (status != err_status_ok)
- return err_status_fail;
- stream = srtp_get_stream(session, htonl(0x0));
- if (stream == NULL)
- return err_status_fail;
- stream = srtp_get_stream(session, htonl(0x2));
- if (stream == NULL)
- return err_status_fail;
-
- return err_status_ok;
+srtp_err_status_t srtp_test_protect_rtcp_trailer_length()
+{
+ srtp_t srtp_send;
+ srtp_t srtp_send_mki;
+ srtp_t srtp_send_aes_gcm;
+ srtp_t srtp_send_aes_gcm_mki;
+ uint32_t length = 0;
+ srtp_err_status_t status;
+
+ srtp_test_setup_protect_trailer_streams(
+ &srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki);
+
+ status = srtp_get_protect_rtcp_trailer_length(srtp_send, 0, 0, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes*/
+ if (length != 14)
+ return srtp_err_status_fail;
+
+ status = srtp_get_protect_rtcp_trailer_length(srtp_send_mki, 1, 1, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
+ if (length != 18)
+ return srtp_err_status_fail;
+
+#ifdef GCM
+ status =
+ srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes*/
+ if (length != 20)
+ return srtp_err_status_fail;
+
+ status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm_mki, 1, 1,
+ &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
+ if (length != 24)
+ return srtp_err_status_fail;
+#endif // GCM
+
+ srtp_dealloc(srtp_send);
+ srtp_dealloc(srtp_send_mki);
+#ifdef GCM
+ srtp_dealloc(srtp_send_aes_gcm);
+ srtp_dealloc(srtp_send_aes_gcm_mki);
+#endif
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_get_roc()
+{
+ srtp_err_status_t status;
+ srtp_policy_t policy;
+ srtp_t session;
+ srtp_hdr_t *pkt;
+ uint32_t i;
+ uint32_t roc;
+ uint32_t ts;
+ uint16_t seq;
+
+ int msg_len_octets = 32;
+ int protected_msg_len_octets;
+
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.window_size = 128;
+
+ /* Create a sender session */
+ status = srtp_create(&session, &policy);
+ if (status) {
+ return status;
+ }
+
+ /* Set start sequence so we roll over */
+ seq = 65535;
+ ts = 0;
+
+ for (i = 0; i < 2; i++) {
+ pkt = srtp_create_test_packet_extended(msg_len_octets,
+ policy.ssrc.value, seq, ts,
+ &protected_msg_len_octets);
+ status = srtp_protect(session, pkt, &protected_msg_len_octets);
+ free(pkt);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_get_stream_roc(session, policy.ssrc.value, &roc);
+ if (status) {
+ return status;
+ }
+
+ if (roc != i) {
+ return srtp_err_status_fail;
+ }
+
+ seq++;
+ ts++;
+ }
+
+ /* Cleanup */
+ status = srtp_dealloc(session);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+
+static srtp_err_status_t test_set_receiver_roc(uint32_t packets,
+ uint32_t roc_to_set)
+{
+ srtp_err_status_t status;
+
+ srtp_policy_t sender_policy;
+ srtp_t sender_session;
+
+ srtp_policy_t receiver_policy;
+ srtp_t receiver_session;
+
+ srtp_hdr_t *pkt_1;
+ unsigned char *recv_pkt_1;
+
+ srtp_hdr_t *pkt_2;
+ unsigned char *recv_pkt_2;
+
+ uint32_t i;
+ uint32_t ts;
+ uint16_t seq;
+
+ int msg_len_octets = 32;
+ int protected_msg_len_octets_1;
+ int protected_msg_len_octets_2;
+
+ /* Create sender */
+ memset(&sender_policy, 0, sizeof(sender_policy));
+ srtp_crypto_policy_set_rtp_default(&sender_policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp);
+ sender_policy.ssrc.type = ssrc_specific;
+ sender_policy.ssrc.value = 0xcafebabe;
+ sender_policy.key = test_key;
+ sender_policy.window_size = 128;
+
+ status = srtp_create(&sender_session, &sender_policy);
+ if (status) {
+ return status;
+ }
+
+ /* Create and protect packets */
+ seq = 0;
+ ts = 0;
+ for (i = 0; i < packets; i++) {
+ srtp_hdr_t *tmp_pkt;
+ int tmp_len;
+
+ tmp_pkt = srtp_create_test_packet_extended(
+ msg_len_octets, sender_policy.ssrc.value, seq, ts, &tmp_len);
+ status = srtp_protect(sender_session, tmp_pkt, &tmp_len);
+ free(tmp_pkt);
+ if (status) {
+ return status;
+ }
+
+ seq++;
+ ts++;
+ }
+
+ /* Create the first packet to decrypt and test for ROC change */
+ pkt_1 = srtp_create_test_packet_extended(msg_len_octets,
+ sender_policy.ssrc.value, seq, ts,
+ &protected_msg_len_octets_1);
+ status = srtp_protect(sender_session, pkt_1, &protected_msg_len_octets_1);
+ if (status) {
+ return status;
+ }
+
+ /* Create the second packet to decrypt and test for ROC change */
+ seq++;
+ ts++;
+ pkt_2 = srtp_create_test_packet_extended(msg_len_octets,
+ sender_policy.ssrc.value, seq, ts,
+ &protected_msg_len_octets_2);
+ status = srtp_protect(sender_session, pkt_2, &protected_msg_len_octets_2);
+ if (status) {
+ return status;
+ }
+
+ /* Create the receiver */
+ memset(&receiver_policy, 0, sizeof(receiver_policy));
+ srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp);
+ receiver_policy.ssrc.type = ssrc_specific;
+ receiver_policy.ssrc.value = sender_policy.ssrc.value;
+ receiver_policy.key = test_key;
+ receiver_policy.window_size = 128;
+
+ status = srtp_create(&receiver_session, &receiver_policy);
+ if (status) {
+ return status;
+ }
+
+ /* Make a copy of the first sent protected packet */
+ recv_pkt_1 = malloc(protected_msg_len_octets_1);
+ if (recv_pkt_1 == NULL) {
+ return srtp_err_status_fail;
+ }
+ memcpy(recv_pkt_1, pkt_1, protected_msg_len_octets_1);
+
+ /* Make a copy of the second sent protected packet */
+ recv_pkt_2 = malloc(protected_msg_len_octets_2);
+ if (recv_pkt_2 == NULL) {
+ return srtp_err_status_fail;
+ }
+ memcpy(recv_pkt_2, pkt_2, protected_msg_len_octets_2);
+
+ /* Set the ROC to the wanted value */
+ status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value,
+ roc_to_set);
+ if (status) {
+ return status;
+ }
+
+ /* Unprotect the first packet */
+ status = srtp_unprotect(receiver_session, recv_pkt_1,
+ &protected_msg_len_octets_1);
+ if (status) {
+ return status;
+ }
+
+ /* Unprotect the second packet */
+ status = srtp_unprotect(receiver_session, recv_pkt_2,
+ &protected_msg_len_octets_2);
+ if (status) {
+ return status;
+ }
+
+ /* Cleanup */
+ status = srtp_dealloc(sender_session);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(receiver_session);
+ if (status) {
+ return status;
+ }
+
+ free(pkt_1);
+ free(recv_pkt_1);
+ free(pkt_2);
+ free(recv_pkt_2);
+
+ return srtp_err_status_ok;
+}
+
+static srtp_err_status_t test_set_sender_roc(uint16_t seq, uint32_t roc_to_set)
+{
+ srtp_err_status_t status;
+
+ srtp_policy_t sender_policy;
+ srtp_t sender_session;
+
+ srtp_policy_t receiver_policy;
+ srtp_t receiver_session;
+
+ srtp_hdr_t *pkt;
+ unsigned char *recv_pkt;
+
+ uint32_t ts;
+
+ int msg_len_octets = 32;
+ int protected_msg_len_octets;
+
+ /* Create sender */
+ memset(&sender_policy, 0, sizeof(sender_policy));
+ srtp_crypto_policy_set_rtp_default(&sender_policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp);
+ sender_policy.ssrc.type = ssrc_specific;
+ sender_policy.ssrc.value = 0xcafebabe;
+ sender_policy.key = test_key;
+ sender_policy.window_size = 128;
+
+ status = srtp_create(&sender_session, &sender_policy);
+ if (status) {
+ return status;
+ }
+
+ /* Set the ROC before encrypting the first packet */
+ status = srtp_set_stream_roc(sender_session, sender_policy.ssrc.value,
+ roc_to_set);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ /* Create the packet to decrypt */
+ ts = 0;
+ pkt = srtp_create_test_packet_extended(msg_len_octets,
+ sender_policy.ssrc.value, seq, ts,
+ &protected_msg_len_octets);
+ status = srtp_protect(sender_session, pkt, &protected_msg_len_octets);
+ if (status) {
+ return status;
+ }
+
+ /* Create the receiver */
+ memset(&receiver_policy, 0, sizeof(receiver_policy));
+ srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp);
+ receiver_policy.ssrc.type = ssrc_specific;
+ receiver_policy.ssrc.value = sender_policy.ssrc.value;
+ receiver_policy.key = test_key;
+ receiver_policy.window_size = 128;
+
+ status = srtp_create(&receiver_session, &receiver_policy);
+ if (status) {
+ return status;
+ }
+
+ /* Make a copy of the sent protected packet */
+ recv_pkt = malloc(protected_msg_len_octets);
+ if (recv_pkt == NULL) {
+ return srtp_err_status_fail;
+ }
+ memcpy(recv_pkt, pkt, protected_msg_len_octets);
+
+ /* Set the ROC to the wanted value */
+ status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value,
+ roc_to_set);
+ if (status) {
+ return status;
+ }
+
+ status =
+ srtp_unprotect(receiver_session, recv_pkt, &protected_msg_len_octets);
+ if (status) {
+ return status;
+ }
+
+ /* Cleanup */
+ status = srtp_dealloc(sender_session);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(receiver_session);
+ if (status) {
+ return status;
+ }
+
+ free(pkt);
+ free(recv_pkt);
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_set_receiver_roc()
+{
+ int packets;
+ uint32_t roc;
+ srtp_err_status_t status;
+
+ /* First test does not rollover */
+ packets = 1;
+ roc = 0;
+
+ status = test_set_receiver_roc(packets - 1, roc);
+ if (status) {
+ return status;
+ }
+
+ status = test_set_receiver_roc(packets, roc);
+ if (status) {
+ return status;
+ }
+
+ status = test_set_receiver_roc(packets + 1, roc);
+ if (status) {
+ return status;
+ }
+
+ status = test_set_receiver_roc(packets + 60000, roc);
+ if (status) {
+ return status;
+ }
+
+ /* Second test should rollover */
+ packets = 65535;
+ roc = 0;
+
+ status = test_set_receiver_roc(packets - 1, roc);
+ if (status) {
+ return status;
+ }
+
+ status = test_set_receiver_roc(packets, roc);
+ if (status) {
+ return status;
+ }
+
+ /* Now the rollover counter should be 1 */
+ roc = 1;
+ status = test_set_receiver_roc(packets + 1, roc);
+ if (status) {
+ return status;
+ }
+
+ status = test_set_receiver_roc(packets + 60000, roc);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_set_sender_roc()
+{
+ uint32_t roc;
+ uint16_t seq;
+ srtp_err_status_t status;
+
+ seq = 43210;
+ roc = 0;
+ status = test_set_sender_roc(seq, roc);
+ if (status) {
+ return status;
+ }
+
+ roc = 65535;
+ status = test_set_sender_roc(seq, roc);
+ if (status) {
+ return status;
+ }
+
+ roc = 0xffff;
+ status = test_set_sender_roc(seq, roc);
+ if (status) {
+ return status;
+ }
+
+ roc = 0xffff00;
+ status = test_set_sender_roc(seq, roc);
+ if (status) {
+ return status;
+ }
+
+ roc = 0xfffffff0;
+ status = test_set_sender_roc(seq, roc);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
}
/*
* srtp policy definitions - these definitions are used above
*/
-unsigned char test_key[30] = {
+// clang-format off
+unsigned char test_key[46] = {
0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
+ 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
};
+unsigned char test_key_2[46] = {
+ 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+ 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+ 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+ 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+ 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+};
-const srtp_policy_t default_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- { /* SRTP policy */
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 16, /* auth key length in octets */
- 10, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- { /* SRTCP policy */
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 16, /* auth key length in octets */
- 10, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- test_key,
- NULL
+unsigned char test_mki_id[TEST_MKI_ID_SIZE] = {
+ 0xe1, 0xf9, 0x7a, 0x0d
};
-const srtp_policy_t aes_tmmh_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- UST_TMMHv2, /* authentication func type */
- 94, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- UST_TMMHv2, /* authentication func type */
- 94, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- test_key,
- NULL
+unsigned char test_mki_id_2[TEST_MKI_ID_SIZE] = {
+ 0xf3, 0xa1, 0x46, 0x71
};
+// clang-format on
-const srtp_policy_t tmmh_only_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- UST_TMMHv2, /* authentication func type */
- 94, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
- },
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- UST_TMMHv2, /* authentication func type */
- 94, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
- },
- test_key,
- NULL
+const srtp_policy_t default_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ /* SRTP policy */
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 16, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ {
+ /* SRTCP policy */
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 16, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
const srtp_policy_t aes_only_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 0, /* auth tag length in octets */
- sec_serv_conf /* security services flag */
- },
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 0, /* auth tag length in octets */
- sec_serv_conf /* security services flag */
- },
- test_key,
- NULL
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 0, /* auth tag length in octets */
+ sec_serv_conf /* security services flag */
+ },
+ {
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 0, /* auth tag length in octets */
+ sec_serv_conf /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
const srtp_policy_t hmac_only_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- NULL_CIPHER, /* cipher type */
- 0, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 20, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
- },
- {
- NULL_CIPHER, /* cipher type */
- 0, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 20, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
- },
- test_key,
- NULL
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 4, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 4, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* Number of Master keys associated with the policy */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
+};
+
+#ifdef GCM
+const srtp_policy_t aes128_gcm_8_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ /* SRTP policy */
+ SRTP_AES_GCM_128, /* cipher type */
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ {
+ /* SRTCP policy */
+ SRTP_AES_GCM_128, /* cipher type */
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
+};
+
+const srtp_policy_t aes128_gcm_8_cauth_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ /* SRTP policy */
+ SRTP_AES_GCM_128, /* cipher type */
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ {
+ /* SRTCP policy */
+ SRTP_AES_GCM_128, /* cipher type */
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
+};
+
+const srtp_policy_t aes256_gcm_8_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ /* SRTP policy */
+ SRTP_AES_GCM_256, /* cipher type */
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ {
+ /* SRTCP policy */
+ SRTP_AES_GCM_256, /* cipher type */
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
+};
+
+const srtp_policy_t aes256_gcm_8_cauth_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ /* SRTP policy */
+ SRTP_AES_GCM_256, /* cipher type */
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ {
+ /* SRTCP policy */
+ SRTP_AES_GCM_256, /* cipher type */
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
+#endif
const srtp_policy_t null_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- NULL_CIPHER, /* cipher type */
- 0, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 0, /* auth tag length in octets */
- sec_serv_none /* security services flag */
- },
- {
- NULL_CIPHER, /* cipher type */
- 0, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 0, /* auth tag length in octets */
- sec_serv_none /* security services flag */
- },
- test_key,
- NULL
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 0, /* auth tag length in octets */
+ sec_serv_none /* security services flag */
+ },
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 0, /* auth tag length in octets */
+ sec_serv_none /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
+};
+
+// clang-format off
+unsigned char test_256_key[46] = {
+ 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+ 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+ 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+ 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+
+ 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+ 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+};
+
+unsigned char test_256_key_2[46] = {
+ 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
+ 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
+ 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
+ 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+ 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+};
+
+srtp_master_key_t master_256_key_1 = {
+ test_256_key,
+ test_mki_id,
+ TEST_MKI_ID_SIZE
};
+srtp_master_key_t master_256_key_2 = {
+ test_256_key_2,
+ test_mki_id_2,
+ TEST_MKI_ID_SIZE
+};
+
+srtp_master_key_t *test_256_keys[2] = {
+ &master_key_1,
+ &master_key_2
+};
+// clang-format on
+
+const srtp_policy_t aes_256_hmac_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ /* SRTP policy */
+ SRTP_AES_ICM_256, /* cipher type */
+ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ {
+ /* SRTCP policy */
+ SRTP_AES_ICM_256, /* cipher type */
+ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_256_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
+};
+
+// clang-format off
+uint8_t ekt_test_key[16] = {
+ 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca,
+ 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b
+};
+// clang-format on
+
+#include "ekt.h"
+
+// clang-format off
+srtp_ekt_policy_ctx_t ekt_test_policy = {
+ 0xa5a5, /* SPI */
+ SRTP_EKT_CIPHER_AES_128_ECB,
+ ekt_test_key,
+ NULL
+};
+// clang-format on
+
+const srtp_policy_t hmac_only_with_ekt_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 4, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 4, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ &ekt_test_policy, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
+};
/*
* an array of pointers to the policies listed above
@@ -1213,45 +3783,55 @@ const srtp_policy_t null_policy = {
* This array is used to test various aspects of libSRTP for
* different cryptographic policies. The order of the elements
* matters - the timing test generates output that can be used
- * in a plot (see the gnuplot script file 'timing'). If you
+ * in a plot (see the gnuplot script file 'timing'). If you
* add to this list, you should do it at the end.
*/
-#define USE_TMMH 0
-
-const srtp_policy_t *
-policy_array[] = {
- &hmac_only_policy,
-#if USE_TMMH
- &tmmh_only_policy,
-#endif
- &aes_only_policy,
-#if USE_TMMH
- &aes_tmmh_policy,
+// clang-format off
+const srtp_policy_t *policy_array[] = {
+ &hmac_only_policy,
+ &aes_only_policy,
+ &default_policy,
+#ifdef GCM
+ &aes128_gcm_8_policy,
+ &aes128_gcm_8_cauth_policy,
+ &aes256_gcm_8_policy,
+ &aes256_gcm_8_cauth_policy,
#endif
- &default_policy,
- &null_policy,
- NULL
+ &null_policy,
+ &aes_256_hmac_policy,
+ &hmac_only_with_ekt_policy,
+ NULL
};
+// clang-format on
const srtp_policy_t wildcard_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- { /* SRTP policy */
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 16, /* auth key length in octets */
- 10, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- { /* SRTCP policy */
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 16, /* auth key length in octets */
- 10, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- test_key,
- NULL
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ /* SRTP policy */
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 16, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ {
+ /* SRTCP policy */
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 16, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ test_key,
+ NULL,
+ 0,
+ NULL,
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
diff --git a/test/stat_driver.c b/test/stat_driver.c
deleted file mode 100644
index b5e55ce..0000000
--- a/test/stat_driver.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * stat-driver.c
- *
- * test driver for the stat_test functions
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-
-#include <stdio.h> /* for printf() */
-
-#include "err.h"
-#include "stat.h"
-
-#include "cipher.h"
-
-typedef struct {
- void *state;
-} random_source_t;
-
-err_status_t
-random_source_alloc();
-
-void
-err_check(err_status_t s) {
- if (s) {
- printf("error (code %d)\n", s);
- exit(1);
- }
-}
-
-int
-main (int argc, char *argv[]) {
- octet_t buffer[2500];
- unsigned int buf_len = 2500;
- int i, j;
- extern cipher_type_t aes_icm;
- cipher_t *c;
- octet_t key[30] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05
- };
- v128_t nonce;
- int num_trials = 10000;
- int num_fail;
-
- printf("statistical tests driver\n");
-
- for (i=0; i < 2500; i++)
- buffer[i] = 0;
-
- /* run tests */
- printf("running stat_tests on all-null buffer, expecting failure\n");
- printf("monobit %d\n", stat_test_monobit(buffer));
- printf("poker %d\n", stat_test_poker(buffer));
- printf("runs %d\n", stat_test_runs(buffer));
-
- for (i=0; i < 2500; i++)
- buffer[i] = random();
- printf("running stat_tests on random(), expecting success\n");
- printf("monobit %d\n", stat_test_monobit(buffer));
- printf("poker %d\n", stat_test_poker(buffer));
- printf("runs %d\n", stat_test_runs(buffer));
-
- printf("running stat_tests on AES-128-ICM, expecting success\n");
- /* set buffer to cipher output */
- for (i=0; i < 2500; i++)
- buffer[i] = 0;
- err_check(cipher_type_alloc(&aes_icm, &c, 30));
- err_check(cipher_init(c, key, direction_any));
- err_check(cipher_set_iv(c, &nonce));
- err_check(cipher_encrypt(c, buffer, &buf_len));
- /* run tests on cipher outout */
- printf("monobit %d\n", stat_test_monobit(buffer));
- printf("poker %d\n", stat_test_poker(buffer));
- printf("runs %d\n", stat_test_runs(buffer));
-
- printf("runs test (please be patient): ");
- fflush(stdout);
- num_fail = 0;
- v128_set_to_zero(&nonce);
- for(j=0; j < num_trials; j++) {
- for (i=0; i < 2500; i++)
- buffer[i] = 0;
- nonce.v32[3] = i;
- err_check(cipher_set_iv(c, &nonce));
- err_check(cipher_encrypt(c, buffer, &buf_len));
- if (stat_test_runs(buffer)) {
- num_fail++;
- }
- }
-
- printf("%d failures in %d tests\n", num_fail, num_trials);
- printf("(nota bene: a small fraction of stat_test failures does not \n"
- "indicate that the random source is invalid)\n");
-
- return 0;
-}
diff --git a/test/test_srtp.c b/test/test_srtp.c
new file mode 100644
index 0000000..0cea1f3
--- /dev/null
+++ b/test/test_srtp.c
@@ -0,0 +1,185 @@
+/*
+ * test_srtp.c
+ *
+ * Unit tests for internal srtp functions
+ *
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * libSRTP specific.
+ */
+#include "../srtp/srtp.c" // Get access to static functions
+
+/*
+ * Test specific.
+ */
+#include "cutest.h"
+
+/*
+ * Standard library.
+ */
+
+/*
+ * Forward declarations for all tests.
+ */
+
+void srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output(void);
+void srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param(void);
+void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number(void);
+
+/*
+ * NULL terminated array of tests.
+ * The first item in the array is a char[] which give some information about
+ * what is being tested and is displayed to the user during runtime, the second
+ * item is the test function.
+ */
+
+TEST_LIST = { { "srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output()",
+ srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output },
+ { "srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param()",
+ srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param },
+ { "srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number()",
+ srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number },
+ { NULL } /* End of tests */ };
+
+/*
+ * Implementation.
+ */
+
+void srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output()
+{
+ // Preconditions
+ srtp_session_keys_t session_keys;
+ v128_t init_vector;
+ srtcp_hdr_t header;
+ uint32_t sequence_num;
+
+ // Postconditions
+ srtp_err_status_t status;
+ const v128_t zero_vector;
+ memset((v128_t *)&zero_vector, 0, sizeof(v128_t));
+
+ // Given
+ memset(&session_keys, 0, sizeof(srtp_session_keys_t));
+ memset(&init_vector, 0, sizeof(v128_t));
+ memset(&header, 0, sizeof(srtcp_hdr_t));
+ sequence_num = 0x0UL;
+
+ // When
+ status = srtp_calc_aead_iv_srtcp(&session_keys, &init_vector, sequence_num,
+ &header);
+
+ // Then
+ TEST_CHECK(status == srtp_err_status_ok);
+ TEST_CHECK(memcmp(&zero_vector, &init_vector, sizeof(v128_t)) == 0);
+}
+
+void srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param()
+{
+ // Preconditions
+ srtp_session_keys_t session_keys;
+ v128_t init_vector;
+ srtcp_hdr_t header;
+ uint32_t sequence_num;
+
+ // Postconditions
+ srtp_err_status_t status;
+
+ // Given
+ memset(&session_keys, 0, sizeof(srtp_session_keys_t));
+ memset(&init_vector, 0, sizeof(v128_t));
+ memset(&header, 0, sizeof(srtcp_hdr_t));
+ sequence_num = 0x7FFFFFFFUL + 0x1UL;
+
+ // When
+ status = srtp_calc_aead_iv_srtcp(&session_keys, &init_vector, sequence_num,
+ &header);
+
+ // Then
+ TEST_CHECK(status == srtp_err_status_bad_param);
+}
+
+/*
+ * Regression test for issue #256:
+ * Srtcp IV calculation incorrectly masks high bit of sequence number for
+ * little-endian platforms.
+ * Ensure that for each valid sequence number where the most significant bit is
+ * high that we get an expected and unique IV.
+ */
+void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number()
+{
+#define SAMPLE_COUNT (3)
+ // Preconditions
+ // Test each significant bit high in each full byte.
+ srtp_session_keys_t session_keys;
+ srtcp_hdr_t header;
+ v128_t output_iv[SAMPLE_COUNT];
+ uint32_t sequence_num[SAMPLE_COUNT];
+ v128_t final_iv[SAMPLE_COUNT];
+ size_t i = 0;
+ memset(&output_iv, 0, SAMPLE_COUNT * sizeof(v128_t));
+ sequence_num[0] = 0xFF;
+ sequence_num[1] = 0xFF00;
+ sequence_num[2] = 0xFF0000;
+
+ // Postconditions
+ memset(&final_iv, 0, SAMPLE_COUNT * sizeof(v128_t));
+ final_iv[0].v8[11] = 0xFF;
+ final_iv[1].v8[10] = 0xFF;
+ final_iv[2].v8[9] = 0xFF;
+
+ // Given
+ memset(&session_keys, 0, sizeof(srtp_session_keys_t));
+ memset(&header, 0, sizeof(srtcp_hdr_t));
+
+ // When
+ for (i = 0; i < SAMPLE_COUNT; i++) {
+ TEST_CHECK(srtp_calc_aead_iv_srtcp(&session_keys, &output_iv[i],
+ sequence_num[i],
+ &header) == srtp_err_status_ok);
+ }
+
+ // Then all IVs are as expected
+ for (i = 0; i < SAMPLE_COUNT; i++) {
+ TEST_CHECK(memcmp(&final_iv[i], &output_iv[i], sizeof(v128_t)) == 0);
+ }
+#undef SAMPLE_COUNT
+}
diff --git a/test/util.c b/test/util.c
new file mode 100644
index 0000000..2abc28e
--- /dev/null
+++ b/test/util.c
@@ -0,0 +1,212 @@
+/*
+ * util.c
+ *
+ * Utilities used by the test apps
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2014-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "config.h"
+#include "util.h"
+
+#include <string.h>
+#include <stdint.h>
+
+/* include space for null terminator */
+char bit_string[MAX_PRINT_STRING_LEN + 1];
+
+static inline int hex_char_to_nibble(uint8_t c)
+{
+ switch (c) {
+ case ('0'):
+ return 0x0;
+ case ('1'):
+ return 0x1;
+ case ('2'):
+ return 0x2;
+ case ('3'):
+ return 0x3;
+ case ('4'):
+ return 0x4;
+ case ('5'):
+ return 0x5;
+ case ('6'):
+ return 0x6;
+ case ('7'):
+ return 0x7;
+ case ('8'):
+ return 0x8;
+ case ('9'):
+ return 0x9;
+ case ('a'):
+ return 0xa;
+ case ('A'):
+ return 0xa;
+ case ('b'):
+ return 0xb;
+ case ('B'):
+ return 0xb;
+ case ('c'):
+ return 0xc;
+ case ('C'):
+ return 0xc;
+ case ('d'):
+ return 0xd;
+ case ('D'):
+ return 0xd;
+ case ('e'):
+ return 0xe;
+ case ('E'):
+ return 0xe;
+ case ('f'):
+ return 0xf;
+ case ('F'):
+ return 0xf;
+ default:
+ return -1; /* this flags an error */
+ }
+ /* NOTREACHED */
+ return -1; /* this keeps compilers from complaining */
+}
+
+uint8_t nibble_to_hex_char(uint8_t nibble)
+{
+ char buf[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
+ '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
+
+ return buf[nibble & 0xF];
+}
+
+/*
+ * hex_string_to_octet_string converts a hexadecimal string
+ * of length 2 * len to a raw octet string of length len
+ */
+int hex_string_to_octet_string(char *raw, char *hex, int len)
+{
+ uint8_t x;
+ int tmp;
+ int hex_len;
+
+ hex_len = 0;
+ while (hex_len < len) {
+ tmp = hex_char_to_nibble(hex[0]);
+ if (tmp == -1) {
+ return hex_len;
+ }
+ x = (tmp << 4);
+ hex_len++;
+ tmp = hex_char_to_nibble(hex[1]);
+ if (tmp == -1) {
+ return hex_len;
+ }
+ x |= (tmp & 0xff);
+ hex_len++;
+ *raw++ = x;
+ hex += 2;
+ }
+ return hex_len;
+}
+
+char *octet_string_hex_string(const void *s, int length)
+{
+ const uint8_t *str = (const uint8_t *)s;
+ int i;
+
+ /* double length, since one octet takes two hex characters */
+ length *= 2;
+
+ /* truncate string if it would be too long */
+ if (length > MAX_PRINT_STRING_LEN) {
+ length = MAX_PRINT_STRING_LEN;
+ }
+
+ for (i = 0; i < length; i += 2) {
+ bit_string[i] = nibble_to_hex_char(*str >> 4);
+ bit_string[i + 1] = nibble_to_hex_char(*str++ & 0xF);
+ }
+ bit_string[i] = 0; /* null terminate string */
+ return bit_string;
+}
+
+static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int base64_block_to_octet_triple(char *out, char *in)
+{
+ unsigned char sextets[4] = { 0 };
+ int j = 0;
+ int i;
+
+ for (i = 0; i < 4; i++) {
+ char *p = strchr(b64chars, in[i]);
+ if (p != NULL) {
+ sextets[i] = p - b64chars;
+ } else {
+ j++;
+ }
+ }
+
+ out[0] = (sextets[0] << 2) | (sextets[1] >> 4);
+ if (j < 2) {
+ out[1] = (sextets[1] << 4) | (sextets[2] >> 2);
+ }
+ if (j < 1) {
+ out[2] = (sextets[2] << 6) | sextets[3];
+ }
+ return j;
+}
+
+int base64_string_to_octet_string(char *out, int *pad, char *in, int len)
+{
+ int k = 0;
+ int i = 0;
+ int j = 0;
+
+ if (len % 4 != 0) {
+ return 0;
+ }
+
+ while (i < len && j == 0) {
+ j = base64_block_to_octet_triple(out + k, in + i);
+ k += 3;
+ i += 4;
+ }
+ *pad = j;
+ return i;
+}
diff --git a/test/util.h b/test/util.h
new file mode 100644
index 0000000..d04b279
--- /dev/null
+++ b/test/util.h
@@ -0,0 +1,53 @@
+/*
+ * util.h
+ *
+ * Utilities used by the test apps
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2014-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#ifndef SRTP_TEST_UTIL_H
+#define SRTP_TEST_UTIL_H
+
+#define MAX_PRINT_STRING_LEN 1024
+
+int hex_string_to_octet_string(char *raw, char *hex, int len);
+char *octet_string_hex_string(const void *s, int length);
+int base64_string_to_octet_string(char *raw, int *pad, char *base64, int len);
+
+#endif
diff --git a/test/words.txt b/test/words.txt
new file mode 100644
index 0000000..fe99c2d
--- /dev/null
+++ b/test/words.txt
@@ -0,0 +1,250 @@
+abducing
+acidheads
+acidness
+actons
+admixtures
+affidavit
+agelastic
+alated
+alimentary
+alleviated
+allseed
+annexure
+arragonite
+atonements
+autacoid
+axe
+axon
+ayres
+beathing
+blazonry
+bottom
+braising
+brehon
+brindisi
+broadcasts
+buds
+bulnbulns
+bushcraft
+calamander
+calipee
+casing
+caveat
+chaffings
+citifies
+clappers
+claques
+clavate
+colonial
+colonials
+commonalty
+compares
+consequent
+consumed
+contango
+courtierly
+creamery
+cruddiest
+cue
+cultish
+cumin
+cyclus
+dahlias
+dentitions
+derailers
+devitrify
+dibs
+diphysite
+disjunes
+drolleries
+dubitated
+dupion
+earliness
+eductor
+elenctic
+empresses
+entames
+epaulettes
+epicanthic
+epochal
+estated
+eurhythmic
+exfoliated
+extremity
+fayence
+figgery
+flaming
+foes
+forelays
+forewings
+forfeits
+fratches
+gardened
+gentile
+glumpish
+glyph
+goatherd
+grow
+gulden
+gumming
+hackling
+hanapers
+hared
+hatters
+hectare
+hedger
+heel
+heterodox
+hidden
+histologic
+howe
+inglobe
+inliers
+inuredness
+iotacism
+japed
+jelled
+jiffy
+jollies
+judgeship
+karite
+kart
+kenophobia
+kittens
+lactarian
+lancets
+leasable
+leep
+leming
+licorice
+listing
+lividly
+lobectomy
+lysosome
+madders
+maderizing
+manacle
+mangels
+marshiest
+maulstick
+meliorates
+mercy
+mikados
+monarchise
+moultings
+mucro
+munnions
+mystic
+myxoedemic
+nointing
+nong
+nonsense
+ochidore
+octuor
+officering
+opaqued
+oragious
+outtell
+oxeye
+pads
+palamae
+pansophy
+parazoa
+pepsines
+perimetric
+pheasant
+phonotypy
+pitarah
+plaintful
+poinders
+poke
+politer
+poonces
+populism
+pouty
+praedial
+presence
+prompter
+pummelled
+punishing
+quippish
+radicality
+radiuses
+rebuffing
+recorded
+redips
+regulators
+replay
+retrocedes
+rigors
+risen
+rootstocks
+rotenone
+rudenesses
+ruggedest
+runabout
+ruthfully
+sagacious
+scapes
+sclera
+sclerotium
+scumbering
+secondi
+serial
+shampoo
+showed
+sights
+sirenised
+sized
+slave
+socle
+solidness
+some
+spetches
+spiels
+squiring
+staminode
+stay
+stewpot
+stunsails
+subhumid
+subprogram
+supawn
+surplusage
+swimming
+swineherd
+tabun
+talliths
+taroks
+tensed
+thinnings
+three
+tipper
+toko
+tomahawks
+tombolos
+torpefy
+torulae
+touns
+travails
+tsarist
+unbeseems
+unblamably
+unbooked
+unnailed
+updates
+valorise
+viability
+virtue
+vulturns
+vulvate
+warran
+weakness
+westernise
+whingeings
+wrenching
+written
+yak
+yate
+yaupon
+zendiks
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-08 05:55:44 +0000