WebKit Bugzilla
Attachment 357890 Details for
Bug 192861
: Resync libsrtp to M72
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-192861-20181220160256.patch (text/plain), 944.26 KB, created by
youenn fablet
on 2018-12-20 16:02:59 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-12-20 16:02:59 PST
Size:
944.26 KB
patch
obsolete
>Subversion Revision: 239467 >diff --git a/Source/ThirdParty/libwebrtc/ChangeLog b/Source/ThirdParty/libwebrtc/ChangeLog >index 07b520d86be6802dcd84b3790c60c703557c02ee..e55dc3ac6aafe17966f741905485ec777295e563 100644 >--- a/Source/ThirdParty/libwebrtc/ChangeLog >+++ b/Source/ThirdParty/libwebrtc/ChangeLog >@@ -1,3 +1,12 @@ >+2018-12-20 Youenn Fablet <youenn@apple.com> >+ >+ Resync libsrtp to M72 >+ https://bugs.webkit.org/show_bug.cgi?id=192861 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * Source/third_party/libsrtp/: Resynced to Chrome M72 branch. >+ > 2018-12-19 Youenn Fablet <youenn@apple.com> > > Refresh usrsctplib to M72 >diff --git a/Source/ThirdParty/libwebrtc/CMakeLists.txt b/Source/ThirdParty/libwebrtc/CMakeLists.txt >index b7a4e52cbef7464945a7e27fa0e990858ae83964..430969610a29281a49d1b8bf8bc593b8adaaebaf 100644 >--- a/Source/ThirdParty/libwebrtc/CMakeLists.txt >+++ b/Source/ThirdParty/libwebrtc/CMakeLists.txt >@@ -1357,6 +1357,7 @@ target_compile_definitions(webrtc PRIVATE > EXPAT_RELATIVE_PATH > HAVE_LRINT > HAVE_LRINTF >+ HAVE_NETINET_IN_H > HAVE_SCTP > HAVE_WEBRTC_VIDEO > HAVE_WEBRTC_VOICE >diff --git a/Source/ThirdParty/libwebrtc/Configurations/libwebrtcpcrtc.xcconfig b/Source/ThirdParty/libwebrtc/Configurations/libwebrtcpcrtc.xcconfig >index 9af9b1f5f36e3a1d5e849669b5121aa4ac0e2bab..5a82c13b7dae31862715d678f1a11fbec3684093 100644 >--- a/Source/ThirdParty/libwebrtc/Configurations/libwebrtcpcrtc.xcconfig >+++ b/Source/ThirdParty/libwebrtc/Configurations/libwebrtcpcrtc.xcconfig >@@ -12,7 +12,7 @@ INSTALL_PATH = /usr/local/lib; > PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/libwebrtc; > USE_HEADERMAP = NO; > >-GCC_PREPROCESSOR_DEFINITIONS = WEBRTC_POSIX WEBRTC_MAC SSL_USE_OPENSSL FEATURE_ENABLE_SSL HAVE_SRTP HAVE_OPENSSL_SSL_H SCTP_PROCESS_LEVEL_LOCKS SCTP_SIMPLE_ALLOCATOR SCTP_USE_OPENSSL_SHA1 __Userspace__ HAVE_SA_LEN HAVE_SCONN_LEN __APPLE_USE_RFC_2292 __Userspace_os_Darwin NON_WINDOWS_DEFINE HAVE_WEBRTC_VIDEO HAVE_WEBRTC_VOICE WEBRTC_INTELLIGIBILITY_ENHANCER=0 WEBRTC_APM_DEBUG_DUMP=0 WEBRTC_NS_FLOAT WEBRTC_USE_BUILTIN_ILBC WEBRTC_CODEC_ILBC WEBRTC_USE_BUILTIN_OPUS WEBRTC_CODEC_OPUS WEBRTC_CODEC_ISAC WEBRTC_CODEC_RED RTC_DISABLE_VP9 HAVE_STDINT_H HAVE_STDLIB_H HAVE_UINT64_T OPENSSL HAVE_CONFIG_H WEBRTC_WEBKIT_BUILD HAVE_PTHREAD_COND_TIMEDWAIT_RELATIVE HAVE_SCTP $(inherited); >+GCC_PREPROCESSOR_DEFINITIONS = WEBRTC_POSIX WEBRTC_MAC SSL_USE_OPENSSL FEATURE_ENABLE_SSL HAVE_SRTP HAVE_OPENSSL_SSL_H SCTP_PROCESS_LEVEL_LOCKS SCTP_SIMPLE_ALLOCATOR SCTP_USE_OPENSSL_SHA1 __Userspace__ HAVE_SA_LEN HAVE_SCONN_LEN __APPLE_USE_RFC_2292 __Userspace_os_Darwin NON_WINDOWS_DEFINE HAVE_WEBRTC_VIDEO HAVE_WEBRTC_VOICE WEBRTC_INTELLIGIBILITY_ENHANCER=0 WEBRTC_APM_DEBUG_DUMP=0 WEBRTC_NS_FLOAT WEBRTC_USE_BUILTIN_ILBC WEBRTC_CODEC_ILBC WEBRTC_USE_BUILTIN_OPUS WEBRTC_CODEC_OPUS WEBRTC_CODEC_ISAC WEBRTC_CODEC_RED RTC_DISABLE_VP9 HAVE_STDINT_H HAVE_STDLIB_H HAVE_UINT64_T OPENSSL HAVE_CONFIG_H WEBRTC_WEBKIT_BUILD HAVE_PTHREAD_COND_TIMEDWAIT_RELATIVE HAVE_NETINET_IN_H HAVE_SCTP $(inherited); > > GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*] = $(inherited); > GCC_PREPROCESSOR_DEFINITIONS[sdk=iphoneos*] = $(inherited) WEBRTC_IOS; >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/BUILD.gn b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/BUILD.gn >index 5d386d6ca0f22ac4ef57ae8fbb092ad83737ff2e..63595857f0e5ad85c03fca0807b5f589998d5e07 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/BUILD.gn >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/BUILD.gn >@@ -33,7 +33,7 @@ config("libsrtp_config") { > "HAVE_UINT64_T", > "HAVE_UINT8_T", > ] >- if (is_posix) { >+ if (is_posix || is_fuchsia) { > defines += [ > "HAVE_ARPA_INET_H", > "HAVE_NETINET_IN_H", >@@ -80,6 +80,7 @@ static_library("libsrtp") { > "crypto/include/alloc.h", > "crypto/include/auth.h", > "crypto/include/cipher.h", >+ "crypto/include/cipher_types.h", > "crypto/include/crypto_kernel.h", > "crypto/include/crypto_types.h", > "crypto/include/datatypes.h", >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/CHANGES b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/CHANGES >index a323af1965dd0169b4fda7f6323a6436f541d828..caa2b61139c688fa69e82522c5a4fd14234938ee 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/CHANGES >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/CHANGES >@@ -1,5 +1,65 @@ > Changelog > >+2.2.0-pre (This version) >+ >+Major changes >+ >+All code has been reformatted to be consistent. A .clang-format file and format.sh script has been added that can be use to verify and enforce consistent formatting. An automated check on code formatting is now part of travis build. >+ >+Other changes >+ >+PR #409 - Compatibilty with LibreSSL >+ >+PR #406 - Fix unprotect when pktlen < (2*mki_size + tag_len) >+ >+PR #405 - Prevent potential double free >+ >+PR #404 - Add back extern to global variables >+ >+PR #403 - Set gcm IV directly with EVP_CipherInit_ex >+ >+PR #401 - Fix memory access issue in srtp_get_session_keys() >+ >+PR #398 - Fix memory access fixes when invalid profiles where used >+ >+PR #391 - Return NULL when allocating memory of size zero >+ >+PR #390 - Bitvector of length zero is not valid >+ >+PR #385 - Treat warnings as errors on travis builds >+ >+PR #388 - Moved externs from crypto_kernel into its own header >+ >+PR #379 - Fixed several compiler warnings from Firefox builds >+ >+PR #377 - Removed variable init code in rdbx which never gets used >+ >+PR #381 - Added error in case the platform is not detected >+ >+PR #376 - Add coverity scan to travis builds >+ >+PR #374 - Add a big endian build on travis >+ >+PR #373 - Fixed buffer size issue in test/srtp_driver.c >+ >+PR #372 - Make rtp_decoder compile on MinGW >+ >+PR #367 - Rename configure.in to configure.ac >+ >+PR #365 - Replace calls to free() with srtp_crypto_free() >+ >+PR #364 - Add valgrind to travis and fix leaks in tests >+ >+PR #363 - Change smtp_crypto_alloc to initialize memory to zero >+ >+PR #354 - Fix potential leak if cloning of stream fails >+ >+PR #340 - Fix potential leak in srtp_add_stream() >+ >+PR #323 - Fix running test in out of source builds >+ >+Issue #316 - Remove VERSION file >+ > 2.1.0 > > Compatibility changes >@@ -164,4 +224,4 @@ Other changes > > PR #302 - Fix warning regarding unused variable > >- PR #303 - Makefile.in: Add gnu as match for shared lib suffix >\ No newline at end of file >+ PR #303 - Makefile.in: Add gnu as match for shared lib suffix >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/LIBSRTP_VERSION b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/LIBSRTP_VERSION >new file mode 100644 >index 0000000000000000000000000000000000000000..5432261487f5cb04f849e3b8d4532a67dc770ea6 >--- /dev/null >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/LIBSRTP_VERSION >@@ -0,0 +1 @@ >+2.2.0-pre >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/OWNERS b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/OWNERS >index fd643efd1fd4f437351e7041bca1899d88f1ec2e..a5586786737789228ad3353195db19c33e90ec03 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/OWNERS >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/OWNERS >@@ -1,3 +1,2 @@ > mattdr@chromium.org >-kjellander@chromium.org > phoglund@chromium.org >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/README b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/README >deleted file mode 100644 >index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/README.chromium b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/README.chromium >index 754ddcd38595a6c76cc290412e53da124e768618..4a673c6a49012ebb82c770f89341d89bdc3c98d7 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/README.chromium >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/README.chromium >@@ -1,6 +1,6 @@ > Name: libsrtp > URL: https://github.com/cisco/libsrtp >-Version: 93aba3e767502343c255fad8962dbf0ff29c4ca6 >+Version: 94ac00d5ac6409e3f6409e4a5edfcdbdaa7fdabe > License: 3-clause BSD > License File: LICENSE > Security Critical: Yes >@@ -12,3 +12,4 @@ Description: > > Local Modifications: > Removed many unused files, e.g. all non-OpenSSL cipher implementations. >+ Renamed VERSION to LIBSRTP_VERSION. >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/README.md b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/README.md >index b63267ac50b476b44b296579dc5779ba69f26aaf..3f1e5bbfdebb2e3472cfc9fdcedbf821f6624c84 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/README.md >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/README.md >@@ -1,3 +1,6 @@ >+[](https://travis-ci.org/cisco/libsrtp) >+[](https://scan.coverity.com/projects/cisco-libsrtp) >+ > <a name="introduction-to-libsrtp"></a> > # Introduction to libSRTP > >@@ -51,6 +54,7 @@ because it does its work behind the scenes. > - [Supported Features](#supported-features) > - [Implementation Notes](#implementation-notes) > - [Installing and Building libSRTP](#installing-and-building-libsrtp) >+ - [Changing Build Configuration](#changing-build-configuration) > - [Applications](#applications) > - [Example Code](#example-code) > - [Credits](#credits) >@@ -291,6 +295,26 @@ OpenBSD (sparc-unknown-openbsd2.7). > > -------------------------------------------------------------------------------- > >+<a name="changing-build-configuration"></a> >+## Changing Build Configuration >+ >+To build the `./configure` script mentioned above, libSRTP relies on the >+[automake](https://www.gnu.org/software/automake/) toolchain. Since >+`./configure` is built from `configure.in` by automake, if you make changes in >+how `./configure` works (e.g., to add a new library dependency), you will need >+to rebuild `./configure` and commit the updated version. In addition to >+automake itself, you will need to have the `pkgconfig` tools installed as well. >+ >+For example, on macOS: >+ >+``` >+brew install automake pkgconfig >+# Edit configure.in >+autoremake -ivf >+``` >+ >+-------------------------------------------------------------------------------- >+ > <a name="applications"></a> > # Applications > >@@ -397,6 +421,9 @@ uint8_t key[30] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > // initialize libSRTP > srtp_init(); > >+// default policy values >+memset(&policy, 0x0, sizeof(srtp_policy_t)); >+ > // set policy to describe a policy for an SRTP stream > crypto_policy_set_rtp_default(&policy.rtp); > crypto_policy_set_rtcp_default(&policy.rtcp); >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/TODO b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/TODO >deleted file mode 100644 >index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/VERSION b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/VERSION >deleted file mode 100644 >index 44e5be2f08d40e5596e5bc79fcc9535ea1627712..0000000000000000000000000000000000000000 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/VERSION >+++ /dev/null >@@ -1 +0,0 @@ >-2.1.0-pre >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/codereview.settings b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/codereview.settings >index b0f4e570ebb594133bfecf51036d4fbe82532d9e..de620c815b070d70f9a1ac47d604095a1018fcb1 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/codereview.settings >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/codereview.settings >@@ -1,9 +1,7 @@ >-CODE_REVIEW_SERVER: codereview.chromium.org >+# This file is used by git-cl to get repository specific information. > CC_LIST: chromium-reviews@chromium.org >-VIEW_VC: https://chromium.googlesource.com/chromium/deps/libsrtp/+/ >+CODE_REVIEW_SERVER: codereview.chromium.org >+GERRIT_HOST: True >+PROJECT: libsrtp > STATUS: http://chromium-status.appspot.com/status >-TRY_ON_UPLOAD: False >-TRYSERVER_SVN_URL: svn://svn.chromium.org/chrome-try/try >-GITCL_PREUPLOAD: http://src.chromium.org/viewvc/chrome/trunk/tools/depot_tools/git-cl-upload-hook?revision=HEAD >-GITCL_PREDCOMMIT: http://src.chromium.org/viewvc/chrome/trunk/tools/depot_tools/git-cl-upload-hook?revision=HEAD >-PROJECT: chromium_deps >+VIEW_VC: https://chromium.googlesource.com/chromium/deps/libsrtp/+/ >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/aes_gcm_ossl.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/aes_gcm_ossl.c >index 416582aacc274ea7d8a07810de3188f1b99ab210..ef13a782404837757df5b5b147fe0a796dab5836 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/aes_gcm_ossl.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/aes_gcm_ossl.c >@@ -45,36 +45,28 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include <openssl/evp.h> > #include "aes_icm_ossl.h" > #include "aes_gcm_ossl.h" > #include "alloc.h" >-#include "err.h" /* for srtp_debug */ >+#include "err.h" /* for srtp_debug */ > #include "crypto_types.h" >- >+#include "cipher_types.h" > > srtp_debug_module_t srtp_mod_aes_gcm = { >- 0, /* debugging is off by default */ >- "aes gcm" /* printable module name */ >+ 0, /* debugging is off by default */ >+ "aes gcm" /* printable module name */ > }; > >-/* >- * The following are the global singleton instances for the >- * 128-bit and 256-bit GCM ciphers. >- */ >-extern const srtp_cipher_type_t srtp_aes_gcm_128_openssl; >-extern const srtp_cipher_type_t srtp_aes_gcm_256_openssl; >- > /* > * For now we only support 8 and 16 octet tags. The spec allows for > * optional 12 byte tag, which may be supported in the future. > */ >-#define GCM_AUTH_TAG_LEN 16 >-#define GCM_AUTH_TAG_LEN_8 8 >- >+#define GCM_AUTH_TAG_LEN 16 >+#define GCM_AUTH_TAG_LEN_8 8 > > /* > * This function allocates a new instance of this crypto engine. >@@ -83,11 +75,14 @@ extern const srtp_cipher_type_t srtp_aes_gcm_256_openssl; > * key length includes the 14 byte salt value that is used when > * initializing the KDF. > */ >-static srtp_err_status_t srtp_aes_gcm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen) >+static srtp_err_status_t srtp_aes_gcm_openssl_alloc(srtp_cipher_t **c, >+ int key_len, >+ int tlen) > { > srtp_aes_gcm_ctx_t *gcm; > >- debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d", key_len); >+ debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d", >+ key_len); > debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen); > > /* >@@ -98,8 +93,7 @@ static srtp_err_status_t srtp_aes_gcm_openssl_alloc (srtp_cipher_t **c, int key_ > return (srtp_err_status_bad_param); > } > >- if (tlen != GCM_AUTH_TAG_LEN && >- tlen != GCM_AUTH_TAG_LEN_8) { >+ if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) { > return (srtp_err_status_bad_param); > } > >@@ -108,15 +102,13 @@ static srtp_err_status_t srtp_aes_gcm_openssl_alloc (srtp_cipher_t **c, int key_ > if (*c == NULL) { > return (srtp_err_status_alloc_fail); > } >- memset(*c, 0x0, sizeof(srtp_cipher_t)); > > gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t)); > if (gcm == NULL) { >- srtp_crypto_free(*c); >- *c = NULL; >+ srtp_crypto_free(*c); >+ *c = NULL; > return (srtp_err_status_alloc_fail); > } >- memset(gcm, 0x0, sizeof(srtp_aes_gcm_ctx_t)); > > gcm->ctx = EVP_CIPHER_CTX_new(); > if (gcm->ctx == NULL) { >@@ -151,15 +143,14 @@ static srtp_err_status_t srtp_aes_gcm_openssl_alloc (srtp_cipher_t **c, int key_ > return (srtp_err_status_ok); > } > >- > /* > * This function deallocates a GCM session > */ >-static srtp_err_status_t srtp_aes_gcm_openssl_dealloc (srtp_cipher_t *c) >+static srtp_err_status_t srtp_aes_gcm_openssl_dealloc(srtp_cipher_t *c) > { > srtp_aes_gcm_ctx_t *ctx; > >- ctx = (srtp_aes_gcm_ctx_t*)c->state; >+ ctx = (srtp_aes_gcm_ctx_t *)c->state; > if (ctx) { > EVP_CIPHER_CTX_free(ctx->ctx); > /* zeroize the key material */ >@@ -179,14 +170,16 @@ static srtp_err_status_t srtp_aes_gcm_openssl_dealloc (srtp_cipher_t *c) > * > * the key is the secret key > */ >-static srtp_err_status_t srtp_aes_gcm_openssl_context_init (void* cv, const uint8_t *key) >+static srtp_err_status_t srtp_aes_gcm_openssl_context_init(void *cv, >+ const uint8_t *key) > { > srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; > const EVP_CIPHER *evp; > > c->dir = srtp_direction_any; > >- debug_print(srtp_mod_aes_gcm, "key: %s", srtp_octet_string_hex_string(key, c->key_size)); >+ debug_print(srtp_mod_aes_gcm, "key: %s", >+ srtp_octet_string_hex_string(key, c->key_size)); > > switch (c->key_size) { > case SRTP_AES_256_KEY_LEN: >@@ -207,35 +200,32 @@ static srtp_err_status_t srtp_aes_gcm_openssl_context_init (void* cv, const uint > return (srtp_err_status_ok); > } > >- > /* > * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with > * the offset > */ >-static srtp_err_status_t srtp_aes_gcm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t direction) >+static srtp_err_status_t srtp_aes_gcm_openssl_set_iv( >+ void *cv, >+ uint8_t *iv, >+ srtp_cipher_direction_t direction) > { > srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; > >- if (direction != srtp_direction_encrypt && direction != srtp_direction_decrypt) { >+ if (direction != srtp_direction_encrypt && >+ direction != srtp_direction_decrypt) { > return (srtp_err_status_bad_param); > } > c->dir = direction; > >- debug_print(srtp_mod_aes_gcm, "setting iv: %s", v128_hex_string((v128_t*)iv)); >+ debug_print(srtp_mod_aes_gcm, "setting iv: %s", >+ v128_hex_string((v128_t *)iv)); > >- if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL, >- NULL, (c->dir == srtp_direction_encrypt ? 1 : 0))) { >- return (srtp_err_status_init_fail); >- } >- >- /* set IV len and the IV value, the followiong 3 calls are required */ > if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { > return (srtp_err_status_init_fail); > } >- if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void*)iv)) { >- return (srtp_err_status_init_fail); >- } >- if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, (void*)iv)) { >+ >+ if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL, iv, >+ (c->dir == srtp_direction_encrypt ? 1 : 0))) { > return (srtp_err_status_init_fail); > } > >@@ -250,7 +240,9 @@ static srtp_err_status_t srtp_aes_gcm_openssl_set_iv (void *cv, uint8_t *iv, srt > * aad Additional data to process for AEAD cipher suites > * aad_len length of aad buffer > */ >-static srtp_err_status_t srtp_aes_gcm_openssl_set_aad (void *cv, const uint8_t *aad, uint32_t aad_len) >+static srtp_err_status_t srtp_aes_gcm_openssl_set_aad(void *cv, >+ const uint8_t *aad, >+ uint32_t aad_len) > { > srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; > int rv; >@@ -262,8 +254,8 @@ static srtp_err_status_t srtp_aes_gcm_openssl_set_aad (void *cv, const uint8_t * > > /* > * OpenSSL never write to address pointed by the last parameter of >- * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality, >- * OpenSSL copy its content to the context), so we can make >+ * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality, >+ * OpenSSL copy its content to the context), so we can make > * aad read-only in this function and all its wrappers. > */ > unsigned char dummy_tag[GCM_AUTH_TAG_LEN]; >@@ -286,7 +278,9 @@ static srtp_err_status_t srtp_aes_gcm_openssl_set_aad (void *cv, const uint8_t * > * buf data to encrypt > * enc_len length of encrypt buffer > */ >-static srtp_err_status_t srtp_aes_gcm_openssl_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len) >+static srtp_err_status_t srtp_aes_gcm_openssl_encrypt(void *cv, >+ unsigned char *buf, >+ unsigned int *enc_len) > { > srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; > if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) { >@@ -312,7 +306,9 @@ static srtp_err_status_t srtp_aes_gcm_openssl_encrypt (void *cv, unsigned char * > * buf data to encrypt > * len length of encrypt buffer > */ >-static srtp_err_status_t srtp_aes_gcm_openssl_get_tag (void *cv, uint8_t *buf, uint32_t *len) >+static srtp_err_status_t srtp_aes_gcm_openssl_get_tag(void *cv, >+ uint8_t *buf, >+ uint32_t *len) > { > srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; > /* >@@ -333,7 +329,6 @@ static srtp_err_status_t srtp_aes_gcm_openssl_get_tag (void *cv, uint8_t *buf, u > return (srtp_err_status_ok); > } > >- > /* > * This function decrypts a buffer using AES GCM mode > * >@@ -342,7 +337,9 @@ static srtp_err_status_t srtp_aes_gcm_openssl_get_tag (void *cv, uint8_t *buf, u > * buf data to encrypt > * enc_len length of encrypt buffer > */ >-static srtp_err_status_t srtp_aes_gcm_openssl_decrypt (void *cv, unsigned char *buf, unsigned int *enc_len) >+static srtp_err_status_t srtp_aes_gcm_openssl_decrypt(void *cv, >+ unsigned char *buf, >+ unsigned int *enc_len) > { > srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; > if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) { >@@ -372,32 +369,36 @@ static srtp_err_status_t srtp_aes_gcm_openssl_decrypt (void *cv, unsigned char * > return (srtp_err_status_ok); > } > >- >- > /* > * Name of this crypto engine > */ >-static const char srtp_aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl"; >-static const char srtp_aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl"; >- >+static const char srtp_aes_gcm_128_openssl_description[] = >+ "AES-128 GCM using openssl"; >+static const char srtp_aes_gcm_256_openssl_description[] = >+ "AES-256 GCM using openssl"; > > /* > * KAT values for AES self-test. These > * values we're derived from independent test code > * using OpenSSL. > */ >+/* clang-format off */ > static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = { > 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, > 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, > 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, > 0x09, 0x0a, 0x0b, 0x0c, > }; >+/* clang-format on */ > >+/* clang-format off */ > static uint8_t srtp_aes_gcm_test_case_0_iv[12] = { > 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, > 0xde, 0xca, 0xf8, 0x88 > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = { > 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, > 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, >@@ -409,12 +410,15 @@ static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = { > 0xba, 0x63, 0x7b, 0x39 > }; > >+/* clang-format off */ > static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = { > 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, > 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, > 0xab, 0xad, 0xda, 0xd2 > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = { > 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, > 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, >@@ -428,6 +432,7 @@ static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = { > 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, > 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, > }; >+/* clang-format on */ > > static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = { > SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */ >@@ -439,7 +444,7 @@ static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = { > srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ > 20, /* octets in AAD */ > srtp_aes_gcm_test_case_0_aad, /* AAD */ >- GCM_AUTH_TAG_LEN_8, >+ GCM_AUTH_TAG_LEN_8, /* */ > NULL /* pointer to next testcase */ > }; > >@@ -453,10 +458,11 @@ static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = { > srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ > 20, /* octets in AAD */ > srtp_aes_gcm_test_case_0_aad, /* AAD */ >- GCM_AUTH_TAG_LEN, >+ GCM_AUTH_TAG_LEN, /* */ > &srtp_aes_gcm_test_case_0a /* pointer to next testcase */ > }; > >+/* clang-format off */ > static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = { > 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, > 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c, >@@ -464,14 +470,17 @@ static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT > 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, > 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, > 0x09, 0x0a, 0x0b, 0x0c, >- > }; >+/* clang-format on */ > >+/* clang-format off */ > static uint8_t srtp_aes_gcm_test_case_1_iv[12] = { > 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, > 0xde, 0xca, 0xf8, 0x88 > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = { > 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, > 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, >@@ -482,13 +491,17 @@ static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = { > 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, > 0xba, 0x63, 0x7b, 0x39 > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = { > 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, > 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, > 0xab, 0xad, 0xda, 0xd2 > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = { > 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46, > 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a, >@@ -502,6 +515,7 @@ static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = { > 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f, > 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d, > }; >+/* clang-format on */ > > static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = { > SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */ >@@ -513,7 +527,7 @@ static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = { > srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ > 20, /* octets in AAD */ > srtp_aes_gcm_test_case_1_aad, /* AAD */ >- GCM_AUTH_TAG_LEN_8, >+ GCM_AUTH_TAG_LEN_8, /* */ > NULL /* pointer to next testcase */ > }; > >@@ -527,7 +541,7 @@ static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = { > srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ > 20, /* octets in AAD */ > srtp_aes_gcm_test_case_1_aad, /* AAD */ >- GCM_AUTH_TAG_LEN, >+ GCM_AUTH_TAG_LEN, /* */ > &srtp_aes_gcm_test_case_1a /* pointer to next testcase */ > }; > >@@ -564,4 +578,3 @@ const srtp_cipher_type_t srtp_aes_gcm_256_openssl = { > &srtp_aes_gcm_test_case_1, > SRTP_AES_GCM_256 > }; >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/aes_icm_ossl.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/aes_icm_ossl.c >index 25b431fadd064f78f99baee566e9991b0288fecd..b591897623bb167b1b9a935ae86cc2edd86bee15 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/aes_icm_ossl.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/aes_icm_ossl.c >@@ -49,23 +49,20 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include <openssl/evp.h> > #include "aes_icm_ossl.h" > #include "crypto_types.h" >-#include "err.h" /* for srtp_debug */ >+#include "err.h" /* for srtp_debug */ > #include "alloc.h" >- >+#include "cipher_types.h" > > srtp_debug_module_t srtp_mod_aes_icm = { >- 0, /* debugging is off by default */ >- "aes icm ossl" /* printable module name */ >+ 0, /* debugging is off by default */ >+ "aes icm ossl" /* printable module name */ > }; >-extern const srtp_cipher_type_t srtp_aes_icm_128; >-extern const srtp_cipher_type_t srtp_aes_icm_192; >-extern const srtp_cipher_type_t srtp_aes_icm_256; > > /* > * integer counter mode works as follows: >@@ -109,16 +106,20 @@ extern const srtp_cipher_type_t srtp_aes_icm_256; > * value. The tlen argument is for the AEAD tag length, which > * isn't used in counter mode. > */ >-static srtp_err_status_t srtp_aes_icm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen) >+static srtp_err_status_t srtp_aes_icm_openssl_alloc(srtp_cipher_t **c, >+ int key_len, >+ int tlen) > { > srtp_aes_icm_ctx_t *icm; > >- debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", key_len); >+ debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", >+ key_len); > > /* > * Verify the key_len is valid for one of: AES-128/192/256 > */ >- if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT && >+ if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && >+ key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT && > key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) { > return srtp_err_status_bad_param; > } >@@ -128,15 +129,13 @@ static srtp_err_status_t srtp_aes_icm_openssl_alloc (srtp_cipher_t **c, int key_ > if (*c == NULL) { > return srtp_err_status_alloc_fail; > } >- memset(*c, 0x0, sizeof(srtp_cipher_t)); > > icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t)); > if (icm == NULL) { >- srtp_crypto_free(*c); >- *c = NULL; >+ srtp_crypto_free(*c); >+ *c = NULL; > return srtp_err_status_alloc_fail; > } >- memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t)); > > icm->ctx = EVP_CIPHER_CTX_new(); > if (icm->ctx == NULL) { >@@ -174,11 +173,10 @@ static srtp_err_status_t srtp_aes_icm_openssl_alloc (srtp_cipher_t **c, int key_ > return srtp_err_status_ok; > } > >- > /* > * This function deallocates an instance of this engine > */ >-static srtp_err_status_t srtp_aes_icm_openssl_dealloc (srtp_cipher_t *c) >+static srtp_err_status_t srtp_aes_icm_openssl_dealloc(srtp_cipher_t *c) > { > srtp_aes_icm_ctx_t *ctx; > >@@ -189,7 +187,7 @@ static srtp_err_status_t srtp_aes_icm_openssl_dealloc (srtp_cipher_t *c) > /* > * Free the EVP context > */ >- ctx = (srtp_aes_icm_ctx_t*)c->state; >+ ctx = (srtp_aes_icm_ctx_t *)c->state; > if (ctx != NULL) { > EVP_CIPHER_CTX_free(ctx->ctx); > /* zeroize the key material */ >@@ -212,7 +210,8 @@ static srtp_err_status_t srtp_aes_icm_openssl_dealloc (srtp_cipher_t *c) > * the salt is unpredictable (but not necessarily secret) data which > * randomizes the starting point in the keystream > */ >-static srtp_err_status_t srtp_aes_icm_openssl_context_init (void* cv, const uint8_t *key) >+static srtp_err_status_t srtp_aes_icm_openssl_context_init(void *cv, >+ const uint8_t *key) > { > srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; > const EVP_CIPHER *evp; >@@ -230,7 +229,8 @@ static srtp_err_status_t srtp_aes_icm_openssl_context_init (void* cv, const uint > c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0; > c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0; > >- debug_print(srtp_mod_aes_icm, "key: %s", srtp_octet_string_hex_string(key, c->key_size)); >+ debug_print(srtp_mod_aes_icm, "key: %s", >+ srtp_octet_string_hex_string(key, c->key_size)); > debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); > > switch (c->key_size) { >@@ -248,8 +248,7 @@ static srtp_err_status_t srtp_aes_icm_openssl_context_init (void* cv, const uint > break; > } > >- if (!EVP_EncryptInit_ex(c->ctx, evp, >- NULL, key, NULL)) { >+ if (!EVP_EncryptInit_ex(c->ctx, evp, NULL, key, NULL)) { > return srtp_err_status_fail; > } else { > return srtp_err_status_ok; >@@ -258,12 +257,14 @@ static srtp_err_status_t srtp_aes_icm_openssl_context_init (void* cv, const uint > return srtp_err_status_ok; > } > >- > /* > * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with > * the offset > */ >-static srtp_err_status_t srtp_aes_icm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir) >+static srtp_err_status_t srtp_aes_icm_openssl_set_iv( >+ void *cv, >+ uint8_t *iv, >+ srtp_cipher_direction_t dir) > { > srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; > v128_t nonce; >@@ -275,10 +276,10 @@ static srtp_err_status_t srtp_aes_icm_openssl_set_iv (void *cv, uint8_t *iv, srt > > v128_xor(&c->counter, &c->offset, &nonce); > >- debug_print(srtp_mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); >+ debug_print(srtp_mod_aes_icm, "set_counter: %s", >+ v128_hex_string(&c->counter)); > >- if (!EVP_EncryptInit_ex(c->ctx, NULL, >- NULL, NULL, c->counter.v8)) { >+ if (!EVP_EncryptInit_ex(c->ctx, NULL, NULL, NULL, c->counter.v8)) { > return srtp_err_status_fail; > } else { > return srtp_err_status_ok; >@@ -293,7 +294,9 @@ static srtp_err_status_t srtp_aes_icm_openssl_set_iv (void *cv, uint8_t *iv, srt > * buf data to encrypt > * enc_len length of encrypt buffer > */ >-static srtp_err_status_t srtp_aes_icm_openssl_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len) >+static srtp_err_status_t srtp_aes_icm_openssl_encrypt(void *cv, >+ unsigned char *buf, >+ unsigned int *enc_len) > { > srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; > int len = 0; >@@ -316,59 +319,70 @@ static srtp_err_status_t srtp_aes_icm_openssl_encrypt (void *cv, unsigned char * > /* > * Name of this crypto engine > */ >-static const char srtp_aes_icm_128_openssl_description[] = "AES-128 counter mode using openssl"; >-static const char srtp_aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl"; >-static const char srtp_aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl"; >- >+static const char srtp_aes_icm_128_openssl_description[] = >+ "AES-128 counter mode using openssl"; >+static const char srtp_aes_icm_192_openssl_description[] = >+ "AES-192 counter mode using openssl"; >+static const char srtp_aes_icm_256_openssl_description[] = >+ "AES-256 counter mode using openssl"; > > /* > * KAT values for AES self-test. These > * values came from the legacy libsrtp code. > */ >+/* clang-format off */ > static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = { > 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, > 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, > 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, > 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd > }; >+/* clang-format on */ > >+/* clang-format off */ > static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = { > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = { > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = { > 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, > 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, > 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, > 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab > }; >+/* clang-format on */ > > static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = { >- SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */ >- srtp_aes_icm_128_test_case_0_key, /* key */ >- srtp_aes_icm_128_test_case_0_nonce, /* packet index */ >- 32, /* octets in plaintext */ >- srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */ >- 32, /* octets in ciphertext */ >- srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */ >- 0, >- NULL, >- 0, >- NULL /* pointer to next testcase */ >+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */ >+ srtp_aes_icm_128_test_case_0_key, /* key */ >+ srtp_aes_icm_128_test_case_0_nonce, /* packet index */ >+ 32, /* octets in plaintext */ >+ srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */ >+ 32, /* octets in ciphertext */ >+ srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */ >+ 0, /* */ >+ NULL, /* */ >+ 0, /* */ >+ NULL /* pointer to next testcase */ > }; > > /* > * KAT values for AES-192-CTR self-test. These > * values came from section 7 of RFC 6188. > */ >+/* clang-format off */ > static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = { > 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d, > 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21, >@@ -376,44 +390,52 @@ static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_W > 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, > 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd > }; >+/* clang-format on */ > >+/* clang-format off */ > static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = { > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] = { > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = { > 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d, > 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c, > 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61, > 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a > }; >+/* clang-format on */ > > static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = { >- SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */ >- srtp_aes_icm_192_test_case_0_key, /* key */ >- srtp_aes_icm_192_test_case_0_nonce, /* packet index */ >- 32, /* octets in plaintext */ >- srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */ >- 32, /* octets in ciphertext */ >- srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */ >- 0, >- NULL, >- 0, >- NULL /* pointer to next testcase */ >+ SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */ >+ srtp_aes_icm_192_test_case_0_key, /* key */ >+ srtp_aes_icm_192_test_case_0_nonce, /* packet index */ >+ 32, /* octets in plaintext */ >+ srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */ >+ 32, /* octets in ciphertext */ >+ srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */ >+ 0, /* */ >+ NULL, /* */ >+ 0, /* */ >+ NULL /* pointer to next testcase */ > }; > > /* > * KAT values for AES-256-CTR self-test. These > * values came from section 7 of RFC 6188. > */ >+/* clang-format off */ > static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = { > 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, > 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, >@@ -422,38 +444,45 @@ static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_W > 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, > 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd > }; >+/* clang-format on */ > >+/* clang-format off */ > static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = { > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = { > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = { > 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, > 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, > 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, > 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac > }; >+/* clang-format on */ > > static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = { >- SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */ >- srtp_aes_icm_256_test_case_0_key, /* key */ >- srtp_aes_icm_256_test_case_0_nonce, /* packet index */ >- 32, /* octets in plaintext */ >- srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */ >- 32, /* octets in ciphertext */ >- srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */ >- 0, >- NULL, >- 0, >- NULL /* pointer to next testcase */ >+ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */ >+ srtp_aes_icm_256_test_case_0_key, /* key */ >+ srtp_aes_icm_256_test_case_0_nonce, /* packet index */ >+ 32, /* octets in plaintext */ >+ srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */ >+ 32, /* octets in ciphertext */ >+ srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */ >+ 0, /* */ >+ NULL, /* */ >+ 0, /* */ >+ NULL /* pointer to next testcase */ > }; > > /* >@@ -461,17 +490,17 @@ static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = { > * note: the encrypt function is identical to the decrypt function > */ > const srtp_cipher_type_t srtp_aes_icm_128 = { >- srtp_aes_icm_openssl_alloc, >- srtp_aes_icm_openssl_dealloc, >- srtp_aes_icm_openssl_context_init, >- 0, /* set_aad */ >- srtp_aes_icm_openssl_encrypt, >- srtp_aes_icm_openssl_encrypt, >- srtp_aes_icm_openssl_set_iv, >- 0, /* get_tag */ >- srtp_aes_icm_128_openssl_description, >- &srtp_aes_icm_128_test_case_0, >- SRTP_AES_ICM_128 >+ srtp_aes_icm_openssl_alloc, /* */ >+ srtp_aes_icm_openssl_dealloc, /* */ >+ srtp_aes_icm_openssl_context_init, /* */ >+ 0, /* set_aad */ >+ srtp_aes_icm_openssl_encrypt, /* */ >+ srtp_aes_icm_openssl_encrypt, /* */ >+ srtp_aes_icm_openssl_set_iv, /* */ >+ 0, /* get_tag */ >+ srtp_aes_icm_128_openssl_description, /* */ >+ &srtp_aes_icm_128_test_case_0, /* */ >+ SRTP_AES_ICM_128 /* */ > }; > > /* >@@ -479,17 +508,17 @@ const srtp_cipher_type_t srtp_aes_icm_128 = { > * note: the encrypt function is identical to the decrypt function > */ > const srtp_cipher_type_t srtp_aes_icm_192 = { >- srtp_aes_icm_openssl_alloc, >- srtp_aes_icm_openssl_dealloc, >- srtp_aes_icm_openssl_context_init, >- 0, /* set_aad */ >- srtp_aes_icm_openssl_encrypt, >- srtp_aes_icm_openssl_encrypt, >- srtp_aes_icm_openssl_set_iv, >- 0, /* get_tag */ >- srtp_aes_icm_192_openssl_description, >- &srtp_aes_icm_192_test_case_0, >- SRTP_AES_ICM_192 >+ srtp_aes_icm_openssl_alloc, /* */ >+ srtp_aes_icm_openssl_dealloc, /* */ >+ srtp_aes_icm_openssl_context_init, /* */ >+ 0, /* set_aad */ >+ srtp_aes_icm_openssl_encrypt, /* */ >+ srtp_aes_icm_openssl_encrypt, /* */ >+ srtp_aes_icm_openssl_set_iv, /* */ >+ 0, /* get_tag */ >+ srtp_aes_icm_192_openssl_description, /* */ >+ &srtp_aes_icm_192_test_case_0, /* */ >+ SRTP_AES_ICM_192 /* */ > }; > > /* >@@ -497,16 +526,15 @@ const srtp_cipher_type_t srtp_aes_icm_192 = { > * note: the encrypt function is identical to the decrypt function > */ > const srtp_cipher_type_t srtp_aes_icm_256 = { >- srtp_aes_icm_openssl_alloc, >- srtp_aes_icm_openssl_dealloc, >- srtp_aes_icm_openssl_context_init, >- 0, /* set_aad */ >- srtp_aes_icm_openssl_encrypt, >- srtp_aes_icm_openssl_encrypt, >- srtp_aes_icm_openssl_set_iv, >- 0, /* get_tag */ >- srtp_aes_icm_256_openssl_description, >- &srtp_aes_icm_256_test_case_0, >- SRTP_AES_ICM_256 >+ srtp_aes_icm_openssl_alloc, /* */ >+ srtp_aes_icm_openssl_dealloc, /* */ >+ srtp_aes_icm_openssl_context_init, /* */ >+ 0, /* set_aad */ >+ srtp_aes_icm_openssl_encrypt, /* */ >+ srtp_aes_icm_openssl_encrypt, /* */ >+ srtp_aes_icm_openssl_set_iv, /* */ >+ 0, /* get_tag */ >+ srtp_aes_icm_256_openssl_description, /* */ >+ &srtp_aes_icm_256_test_case_0, /* */ >+ SRTP_AES_ICM_256 /* */ > }; >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/cipher.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/cipher.c >index 3c67790888d0aaf2d826f847666ba7325fda2830..19f00abc55be66d6075863dc9ce50d2e4863e45c 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/cipher.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/cipher.c >@@ -45,56 +45,61 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "cipher.h" > #include "crypto_types.h" >-#include "err.h" /* for srtp_debug */ >-#include "alloc.h" /* for crypto_alloc(), crypto_free() */ >+#include "err.h" /* for srtp_debug */ >+#include "alloc.h" /* for crypto_alloc(), crypto_free() */ > > srtp_debug_module_t srtp_mod_cipher = { >- 0, /* debugging is off by default */ >- "cipher" /* printable module name */ >+ 0, /* debugging is off by default */ >+ "cipher" /* printable module name */ > }; > >-srtp_err_status_t srtp_cipher_type_alloc (const srtp_cipher_type_t *ct, srtp_cipher_t **c, int key_len, int tlen) >+srtp_err_status_t srtp_cipher_type_alloc(const srtp_cipher_type_t *ct, >+ srtp_cipher_t **c, >+ int key_len, >+ int tlen) > { > if (!ct || !ct->alloc) { >- return (srtp_err_status_bad_param); >+ return (srtp_err_status_bad_param); > } > return ((ct)->alloc((c), (key_len), (tlen))); > } > >-srtp_err_status_t srtp_cipher_dealloc (srtp_cipher_t *c) >+srtp_err_status_t srtp_cipher_dealloc(srtp_cipher_t *c) > { > if (!c || !c->type) { >- return (srtp_err_status_bad_param); >+ return (srtp_err_status_bad_param); > } > return (((c)->type)->dealloc(c)); > } > >-srtp_err_status_t srtp_cipher_init (srtp_cipher_t *c, const uint8_t *key) >+srtp_err_status_t srtp_cipher_init(srtp_cipher_t *c, const uint8_t *key) > { > if (!c || !c->type || !c->state) { >- return (srtp_err_status_bad_param); >+ return (srtp_err_status_bad_param); > } > return (((c)->type)->init(((c)->state), (key))); > } > >- >-srtp_err_status_t srtp_cipher_set_iv (srtp_cipher_t *c, uint8_t *iv, int direction) >+srtp_err_status_t srtp_cipher_set_iv(srtp_cipher_t *c, >+ uint8_t *iv, >+ int direction) > { > if (!c || !c->type || !c->state) { >- return (srtp_err_status_bad_param); >+ return (srtp_err_status_bad_param); > } > >- return (((c)->type)->set_iv(((c)->state), iv, direction)); >+ return (((c)->type)->set_iv(((c)->state), iv, direction)); > } > >-srtp_err_status_t srtp_cipher_output (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output) >+srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, >+ uint8_t *buffer, >+ uint32_t *num_octets_to_output) > { >- > /* zeroize the buffer */ > octet_string_set_to_zero(buffer, *num_octets_to_output); > >@@ -102,43 +107,51 @@ srtp_err_status_t srtp_cipher_output (srtp_cipher_t *c, uint8_t *buffer, uint32_ > return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output)); > } > >-srtp_err_status_t srtp_cipher_encrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output) >+srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c, >+ uint8_t *buffer, >+ uint32_t *num_octets_to_output) > { > if (!c || !c->type || !c->state) { >- return (srtp_err_status_bad_param); >+ return (srtp_err_status_bad_param); > } > > return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output)); > } > >-srtp_err_status_t srtp_cipher_decrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output) >+srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c, >+ uint8_t *buffer, >+ uint32_t *num_octets_to_output) > { > if (!c || !c->type || !c->state) { >- return (srtp_err_status_bad_param); >+ return (srtp_err_status_bad_param); > } > > return (((c)->type)->decrypt(((c)->state), buffer, num_octets_to_output)); > } > >-srtp_err_status_t srtp_cipher_get_tag (srtp_cipher_t *c, uint8_t *buffer, uint32_t *tag_len) >+srtp_err_status_t srtp_cipher_get_tag(srtp_cipher_t *c, >+ uint8_t *buffer, >+ uint32_t *tag_len) > { > if (!c || !c->type || !c->state) { >- return (srtp_err_status_bad_param); >+ return (srtp_err_status_bad_param); > } > if (!((c)->type)->get_tag) { >- return (srtp_err_status_no_such_op); >+ return (srtp_err_status_no_such_op); > } > > return (((c)->type)->get_tag(((c)->state), buffer, tag_len)); > } > >-srtp_err_status_t srtp_cipher_set_aad (srtp_cipher_t *c, const uint8_t *aad, uint32_t aad_len) >+srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c, >+ const uint8_t *aad, >+ uint32_t aad_len) > { > if (!c || !c->type || !c->state) { >- return (srtp_err_status_bad_param); >+ return (srtp_err_status_bad_param); > } > if (!((c)->type)->set_aad) { >- return (srtp_err_status_no_such_op); >+ return (srtp_err_status_no_such_op); > } > > return (((c)->type)->set_aad(((c)->state), aad, aad_len)); >@@ -146,57 +159,56 @@ srtp_err_status_t srtp_cipher_set_aad (srtp_cipher_t *c, const uint8_t *aad, uin > > /* some bookkeeping functions */ > >-int srtp_cipher_get_key_length (const srtp_cipher_t *c) >+int srtp_cipher_get_key_length(const srtp_cipher_t *c) > { > return c->key_len; > } > >- > /* > * A trivial platform independent random source. The random > * data is used for some of the cipher self-tests. > */ >-static srtp_err_status_t srtp_cipher_rand (void *dest, uint32_t len) >+static srtp_err_status_t srtp_cipher_rand(void *dest, uint32_t len) > { > #if defined(HAVE_RAND_S) >- uint8_t *dst = (uint8_t *)dest; >- while (len) >- { >- unsigned int val; >- errno_t err = rand_s(&val); >- >- if (err != 0) >- return srtp_err_status_fail; >- >- *dst++ = val & 0xff; >- len--; >- } >+ uint8_t *dst = (uint8_t *)dest; >+ while (len) { >+ unsigned int val; >+ errno_t err = rand_s(&val); >+ >+ if (err != 0) >+ return srtp_err_status_fail; >+ >+ *dst++ = val & 0xff; >+ len--; >+ } > #else >- /* Generic C-library (rand()) version */ >- /* This is a random source of last resort */ >- uint8_t *dst = (uint8_t *)dest; >- while (len) >- { >- int val = rand(); >- /* rand() returns 0-32767 (ugh) */ >- /* Is this a good enough way to get random bytes? >- It is if it passes FIPS-140... */ >- *dst++ = val & 0xff; >- len--; >- } >+ /* Generic C-library (rand()) version */ >+ /* This is a random source of last resort */ >+ uint8_t *dst = (uint8_t *)dest; >+ while (len) { >+ int val = rand(); >+ /* rand() returns 0-32767 (ugh) */ >+ /* Is this a good enough way to get random bytes? >+ It is if it passes FIPS-140... */ >+ *dst++ = val & 0xff; >+ len--; >+ } > #endif >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } >- >+ > #define SELF_TEST_BUF_OCTETS 128 >-#define NUM_RAND_TESTS 128 >-#define MAX_KEY_LEN 64 >+#define NUM_RAND_TESTS 128 >+#define MAX_KEY_LEN 64 > /* > * srtp_cipher_type_test(ct, test_data) tests a cipher of type ct against > * test cases provided in a list test_data of values of key, salt, iv, > * plaintext, and ciphertext that is known to be good > */ >-srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srtp_cipher_test_case_t *test_data) >+srtp_err_status_t srtp_cipher_type_test( >+ const srtp_cipher_type_t *ct, >+ const srtp_cipher_test_case_t *test_data) > { > const srtp_cipher_test_case_t *test_case = test_data; > srtp_cipher_t *c; >@@ -206,6 +218,7 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > uint32_t tag_len; > unsigned int len; > int i, j, case_num = 0; >+ unsigned k = 0; > > debug_print(srtp_mod_cipher, "running self-test for cipher %s", > ct->description); >@@ -224,7 +237,8 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > */ > while (test_case != NULL) { > /* allocate cipher */ >- status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets); >+ status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, >+ test_case->tag_length_octets); > if (status) { > return status; > } >@@ -246,36 +260,39 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > srtp_cipher_dealloc(c); > return srtp_err_status_bad_param; > } >- for (i = 0; i < test_case->plaintext_length_octets; i++) { >- buffer[i] = test_case->plaintext[i]; >+ for (k = 0; k < test_case->plaintext_length_octets; k++) { >+ buffer[k] = test_case->plaintext[k]; > } > > debug_print(srtp_mod_cipher, "plaintext: %s", >- srtp_octet_string_hex_string(buffer, >- test_case->plaintext_length_octets)); >+ srtp_octet_string_hex_string( >+ buffer, test_case->plaintext_length_octets)); > > /* set the initialization vector */ >- status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_encrypt); >+ status = srtp_cipher_set_iv(c, (uint8_t *)test_case->idx, >+ srtp_direction_encrypt); > if (status) { > srtp_cipher_dealloc(c); > return status; > } > >- if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { >+ if (c->algorithm == SRTP_AES_GCM_128 || >+ c->algorithm == SRTP_AES_GCM_256) { > debug_print(srtp_mod_cipher, "IV: %s", > srtp_octet_string_hex_string(test_case->idx, 12)); > > /* > * Set the AAD > */ >- status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); >+ status = srtp_cipher_set_aad(c, test_case->aad, >+ test_case->aad_length_octets); > if (status) { > srtp_cipher_dealloc(c); > return status; > } > debug_print(srtp_mod_cipher, "AAD: %s", >- srtp_octet_string_hex_string(test_case->aad, >- test_case->aad_length_octets)); >+ srtp_octet_string_hex_string( >+ test_case->aad, test_case->aad_length_octets)); > } > > /* encrypt */ >@@ -286,7 +303,8 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > return status; > } > >- if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { >+ if (c->algorithm == SRTP_AES_GCM_128 || >+ c->algorithm == SRTP_AES_GCM_256) { > /* > * Get the GCM tag > */ >@@ -299,8 +317,8 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > } > > debug_print(srtp_mod_cipher, "ciphertext: %s", >- srtp_octet_string_hex_string(buffer, >- test_case->ciphertext_length_octets)); >+ srtp_octet_string_hex_string( >+ buffer, test_case->ciphertext_length_octets)); > > /* compare the resulting ciphertext with that in the test case */ > if (len != test_case->ciphertext_length_octets) { >@@ -308,22 +326,22 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > return srtp_err_status_algo_fail; > } > status = srtp_err_status_ok; >- for (i = 0; i < test_case->ciphertext_length_octets; i++) { >- if (buffer[i] != test_case->ciphertext[i]) { >+ for (k = 0; k < test_case->ciphertext_length_octets; k++) { >+ if (buffer[k] != test_case->ciphertext[k]) { > status = srtp_err_status_algo_fail; > debug_print(srtp_mod_cipher, "test case %d failed", case_num); >- debug_print(srtp_mod_cipher, "(failure at byte %d)", i); >+ debug_print(srtp_mod_cipher, "(failure at byte %u)", k); > break; > } > } > if (status) { >- > debug_print(srtp_mod_cipher, "c computed: %s", >- srtp_octet_string_hex_string(buffer, >- 2 * test_case->plaintext_length_octets)); >+ srtp_octet_string_hex_string( >+ buffer, 2 * test_case->plaintext_length_octets)); > debug_print(srtp_mod_cipher, "c expected: %s", >- srtp_octet_string_hex_string(test_case->ciphertext, >- 2 * test_case->plaintext_length_octets)); >+ srtp_octet_string_hex_string( >+ test_case->ciphertext, >+ 2 * test_case->plaintext_length_octets)); > > srtp_cipher_dealloc(c); > return srtp_err_status_algo_fail; >@@ -346,33 +364,36 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > srtp_cipher_dealloc(c); > return srtp_err_status_bad_param; > } >- for (i = 0; i < test_case->ciphertext_length_octets; i++) { >- buffer[i] = test_case->ciphertext[i]; >+ for (k = 0; k < test_case->ciphertext_length_octets; k++) { >+ buffer[k] = test_case->ciphertext[k]; > } > > debug_print(srtp_mod_cipher, "ciphertext: %s", >- srtp_octet_string_hex_string(buffer, >- test_case->plaintext_length_octets)); >+ srtp_octet_string_hex_string( >+ buffer, test_case->plaintext_length_octets)); > > /* set the initialization vector */ >- status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_decrypt); >+ status = srtp_cipher_set_iv(c, (uint8_t *)test_case->idx, >+ srtp_direction_decrypt); > if (status) { > srtp_cipher_dealloc(c); > return status; > } > >- if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { >+ if (c->algorithm == SRTP_AES_GCM_128 || >+ c->algorithm == SRTP_AES_GCM_256) { > /* > * Set the AAD > */ >- status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); >+ status = srtp_cipher_set_aad(c, test_case->aad, >+ test_case->aad_length_octets); > if (status) { > srtp_cipher_dealloc(c); > return status; > } > debug_print(srtp_mod_cipher, "AAD: %s", >- srtp_octet_string_hex_string(test_case->aad, >- test_case->aad_length_octets)); >+ srtp_octet_string_hex_string( >+ test_case->aad, test_case->aad_length_octets)); > } > > /* decrypt */ >@@ -384,8 +405,8 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > } > > debug_print(srtp_mod_cipher, "plaintext: %s", >- srtp_octet_string_hex_string(buffer, >- test_case->plaintext_length_octets)); >+ srtp_octet_string_hex_string( >+ buffer, test_case->plaintext_length_octets)); > > /* compare the resulting plaintext with that in the test case */ > if (len != test_case->plaintext_length_octets) { >@@ -393,21 +414,21 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > return srtp_err_status_algo_fail; > } > status = srtp_err_status_ok; >- for (i = 0; i < test_case->plaintext_length_octets; i++) { >- if (buffer[i] != test_case->plaintext[i]) { >+ for (k = 0; k < test_case->plaintext_length_octets; k++) { >+ if (buffer[k] != test_case->plaintext[k]) { > status = srtp_err_status_algo_fail; > debug_print(srtp_mod_cipher, "test case %d failed", case_num); >- debug_print(srtp_mod_cipher, "(failure at byte %d)", i); >+ debug_print(srtp_mod_cipher, "(failure at byte %u)", k); > } > } > if (status) { >- > debug_print(srtp_mod_cipher, "p computed: %s", >- srtp_octet_string_hex_string(buffer, >- 2 * test_case->plaintext_length_octets)); >+ srtp_octet_string_hex_string( >+ buffer, 2 * test_case->plaintext_length_octets)); > debug_print(srtp_mod_cipher, "p expected: %s", >- srtp_octet_string_hex_string(test_case->plaintext, >- 2 * test_case->plaintext_length_octets)); >+ srtp_octet_string_hex_string( >+ test_case->plaintext, >+ 2 * test_case->plaintext_length_octets)); > > srtp_cipher_dealloc(c); > return srtp_err_status_algo_fail; >@@ -431,14 +452,15 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > > /* allocate cipher, using paramaters from the first test case */ > test_case = test_data; >- status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets); >+ status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, >+ test_case->tag_length_octets); > if (status) { > return status; > } > > for (j = 0; j < NUM_RAND_TESTS; j++) { >- unsigned length; >- int plaintext_len; >+ unsigned int length; >+ unsigned int plaintext_len; > uint8_t key[MAX_KEY_LEN]; > uint8_t iv[MAX_KEY_LEN]; > >@@ -485,24 +507,27 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > } > > /* set initialization vector */ >- status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_encrypt); >+ status = srtp_cipher_set_iv(c, (uint8_t *)test_case->idx, >+ srtp_direction_encrypt); > if (status) { > srtp_cipher_dealloc(c); > return status; > } > >- if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { >+ if (c->algorithm == SRTP_AES_GCM_128 || >+ c->algorithm == SRTP_AES_GCM_256) { > /* > * Set the AAD > */ >- status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); >+ status = srtp_cipher_set_aad(c, test_case->aad, >+ test_case->aad_length_octets); > if (status) { > srtp_cipher_dealloc(c); > return status; > } > debug_print(srtp_mod_cipher, "AAD: %s", >- srtp_octet_string_hex_string(test_case->aad, >- test_case->aad_length_octets)); >+ srtp_octet_string_hex_string( >+ test_case->aad, test_case->aad_length_octets)); > } > > /* encrypt buffer with cipher */ >@@ -512,7 +537,8 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > srtp_cipher_dealloc(c); > return status; > } >- if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { >+ if (c->algorithm == SRTP_AES_GCM_128 || >+ c->algorithm == SRTP_AES_GCM_256) { > /* > * Get the GCM tag > */ >@@ -535,23 +561,26 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > srtp_cipher_dealloc(c); > return status; > } >- status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_decrypt); >+ status = srtp_cipher_set_iv(c, (uint8_t *)test_case->idx, >+ srtp_direction_decrypt); > if (status) { > srtp_cipher_dealloc(c); > return status; > } >- if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { >+ if (c->algorithm == SRTP_AES_GCM_128 || >+ c->algorithm == SRTP_AES_GCM_256) { > /* > * Set the AAD > */ >- status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); >+ status = srtp_cipher_set_aad(c, test_case->aad, >+ test_case->aad_length_octets); > if (status) { > srtp_cipher_dealloc(c); > return status; > } > debug_print(srtp_mod_cipher, "AAD: %s", >- srtp_octet_string_hex_string(test_case->aad, >- test_case->aad_length_octets)); >+ srtp_octet_string_hex_string( >+ test_case->aad, test_case->aad_length_octets)); > } > status = srtp_cipher_decrypt(c, buffer, &length); > if (status) { >@@ -568,18 +597,18 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > return srtp_err_status_algo_fail; > } > status = srtp_err_status_ok; >- for (i = 0; i < plaintext_len; i++) { >- if (buffer[i] != buffer2[i]) { >+ for (k = 0; k < plaintext_len; k++) { >+ if (buffer[k] != buffer2[k]) { > status = srtp_err_status_algo_fail; >- debug_print(srtp_mod_cipher, "random test case %d failed", case_num); >- debug_print(srtp_mod_cipher, "(failure at byte %d)", i); >+ debug_print(srtp_mod_cipher, "random test case %d failed", >+ case_num); >+ debug_print(srtp_mod_cipher, "(failure at byte %u)", k); > } > } > if (status) { > srtp_cipher_dealloc(c); > return srtp_err_status_algo_fail; > } >- > } > > status = srtp_cipher_dealloc(c); >@@ -590,12 +619,11 @@ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srt > return srtp_err_status_ok; > } > >- > /* >- * srtp_cipher_type_self_test(ct) performs srtp_cipher_type_test on ct's internal >- * list of test data. >+ * srtp_cipher_type_self_test(ct) performs srtp_cipher_type_test on ct's >+ * internal list of test data. > */ >-srtp_err_status_t srtp_cipher_type_self_test (const srtp_cipher_type_t *ct) >+srtp_err_status_t srtp_cipher_type_self_test(const srtp_cipher_type_t *ct) > { > return srtp_cipher_type_test(ct, ct->test_data); > } >@@ -610,7 +638,9 @@ srtp_err_status_t srtp_cipher_type_self_test (const srtp_cipher_type_t *ct) > * > * if an error is encountered, the value 0 is returned > */ >-uint64_t srtp_cipher_bits_per_second (srtp_cipher_t *c, int octets_in_buffer, int num_trials) >+uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c, >+ int octets_in_buffer, >+ int num_trials) > { > int i; > v128_t nonce; >@@ -618,16 +648,16 @@ uint64_t srtp_cipher_bits_per_second (srtp_cipher_t *c, int octets_in_buffer, in > unsigned char *enc_buf; > unsigned int len = octets_in_buffer; > >- enc_buf = (unsigned char*)srtp_crypto_alloc(octets_in_buffer); >+ enc_buf = (unsigned char *)srtp_crypto_alloc(octets_in_buffer); > if (enc_buf == NULL) { > return 0; /* indicate bad parameters by returning null */ >- > } > /* time repeated trials */ > v128_set_to_zero(&nonce); > timer = clock(); > for (i = 0; i < num_trials; i++, nonce.v32[3] = i) { >- if (srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt) != srtp_err_status_ok) { >+ if (srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt) != >+ srtp_err_status_ok) { > srtp_crypto_free(enc_buf); > return 0; > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/null_cipher.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/null_cipher.c >index 46bf1126da30cc1be44ad9209696c87494c515a6..659add0d476d46b3a3aff5e0295c1c32218e9b4d 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/null_cipher.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/cipher/null_cipher.c >@@ -45,45 +45,42 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "datatypes.h" > #include "null_cipher.h" >-#include "err.h" /* for srtp_debug */ >+#include "err.h" /* for srtp_debug */ > #include "alloc.h" >+#include "cipher_types.h" > >-/* the null_cipher uses the cipher debug module */ >- >-extern srtp_debug_module_t srtp_mod_cipher; >- >-static srtp_err_status_t srtp_null_cipher_alloc (srtp_cipher_t **c, int key_len, int tlen) >+static srtp_err_status_t srtp_null_cipher_alloc(srtp_cipher_t **c, >+ int key_len, >+ int tlen) > { > extern const srtp_cipher_type_t srtp_null_cipher; > >- debug_print(srtp_mod_cipher, >- "allocating cipher with key length %d", key_len); >+ debug_print(srtp_mod_cipher, "allocating cipher with key length %d", >+ key_len); > > /* allocate memory a cipher of type null_cipher */ > *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); > if (*c == NULL) { > return srtp_err_status_alloc_fail; > } >- memset(*c, 0x0, sizeof(srtp_cipher_t)); > > /* set pointers */ > (*c)->algorithm = SRTP_NULL_CIPHER; > (*c)->type = &srtp_null_cipher; >- (*c)->state = (void *) 0x1; /* The null cipher does not maintain state */ >+ (*c)->state = (void *)0x1; /* The null cipher does not maintain state */ > > /* set key size */ > (*c)->key_len = key_len; > > return srtp_err_status_ok; >- > } > >-static srtp_err_status_t srtp_null_cipher_dealloc (srtp_cipher_t *c) >+static srtp_err_status_t srtp_null_cipher_dealloc(srtp_cipher_t *c) > { > extern const srtp_cipher_type_t srtp_null_cipher; > >@@ -94,28 +91,30 @@ static srtp_err_status_t srtp_null_cipher_dealloc (srtp_cipher_t *c) > srtp_crypto_free(c); > > return srtp_err_status_ok; >- > } > >-static srtp_err_status_t srtp_null_cipher_init (void *cv, const uint8_t *key) >+static srtp_err_status_t srtp_null_cipher_init(void *cv, const uint8_t *key) > { >- /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ >+ /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ > > debug_print(srtp_mod_cipher, "initializing null cipher", NULL); > > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_null_cipher_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir) >+static srtp_err_status_t srtp_null_cipher_set_iv(void *cv, >+ uint8_t *iv, >+ srtp_cipher_direction_t dir) > { >- /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ >+ /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_null_cipher_encrypt (void *cv, >- unsigned char *buf, unsigned int *bytes_to_encr) >+static srtp_err_status_t srtp_null_cipher_encrypt(void *cv, >+ unsigned char *buf, >+ unsigned int *bytes_to_encr) > { >- /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ >+ /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ > return srtp_err_status_ok; > } > >@@ -129,28 +128,26 @@ static const srtp_cipher_test_case_t srtp_null_cipher_test_0 = { > NULL, /* plaintext */ > 0, /* octets in plaintext */ > NULL, /* ciphertext */ >- 0, >- NULL, >- 0, >- NULL /* pointer to next testcase */ >+ 0, /* */ >+ NULL, /* */ >+ 0, /* */ >+ NULL /* pointer to next testcase */ > }; > >- > /* > * note: the decrypt function is idential to the encrypt function > */ > > const srtp_cipher_type_t srtp_null_cipher = { >- srtp_null_cipher_alloc, >- srtp_null_cipher_dealloc, >- srtp_null_cipher_init, >- 0, /* set_aad */ >- srtp_null_cipher_encrypt, >- srtp_null_cipher_encrypt, >- srtp_null_cipher_set_iv, >- 0, /* get_tag */ >- srtp_null_cipher_description, >- &srtp_null_cipher_test_0, >- SRTP_NULL_CIPHER >+ srtp_null_cipher_alloc, /* */ >+ srtp_null_cipher_dealloc, /* */ >+ srtp_null_cipher_init, /* */ >+ 0, /* set_aad */ >+ srtp_null_cipher_encrypt, /* */ >+ srtp_null_cipher_encrypt, /* */ >+ srtp_null_cipher_set_iv, /* */ >+ 0, /* get_tag */ >+ srtp_null_cipher_description, /* */ >+ &srtp_null_cipher_test_0, /* */ >+ SRTP_NULL_CIPHER /* */ > }; >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/auth.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/auth.c >index c6ce3576f7dd5e3d72fbebfb608cde9cdca9253c..f19327dc8e994a098f881deb0ed72a5c4c53bb94 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/auth.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/auth.c >@@ -44,32 +44,31 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "auth.h" >-#include "err.h" /* for srtp_debug */ >-#include "datatypes.h" /* for octet_string */ >+#include "err.h" /* for srtp_debug */ >+#include "datatypes.h" /* for octet_string */ > > /* the debug module for authentiation */ > > srtp_debug_module_t srtp_mod_auth = { >- 0, /* debugging is off by default */ >- "auth func" /* printable name for module */ >+ 0, /* debugging is off by default */ >+ "auth func" /* printable name for module */ > }; > >- >-int srtp_auth_get_key_length (const srtp_auth_t *a) >+int srtp_auth_get_key_length(const srtp_auth_t *a) > { > return a->key_len; > } > >-int srtp_auth_get_tag_length (const srtp_auth_t *a) >+int srtp_auth_get_tag_length(const srtp_auth_t *a) > { > return a->out_len; > } > >-int srtp_auth_get_prefix_length (const srtp_auth_t *a) >+int srtp_auth_get_prefix_length(const srtp_auth_t *a) > { > return a->prefix_len; > } >@@ -83,8 +82,8 @@ int srtp_auth_get_prefix_length (const srtp_auth_t *a) > /* should be big enough for most occasions */ > #define SELF_TEST_TAG_BUF_OCTETS 32 > >-srtp_err_status_t >-srtp_auth_type_test (const srtp_auth_type_t *at, const srtp_auth_test_case_t *test_data) >+srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at, >+ const srtp_auth_test_case_t *test_data) > { > const srtp_auth_test_case_t *test_case = test_data; > srtp_auth_t *a; >@@ -105,7 +104,6 @@ srtp_auth_type_test (const srtp_auth_type_t *at, const srtp_auth_test_case_t *te > > /* loop over all test cases */ > while (test_case != NULL) { >- > /* check test case parameters */ > if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) { > return srtp_err_status_bad_param; >@@ -113,7 +111,7 @@ srtp_auth_type_test (const srtp_auth_type_t *at, const srtp_auth_test_case_t *te > > /* allocate auth */ > status = srtp_auth_type_alloc(at, &a, test_case->key_length_octets, >- test_case->tag_length_octets); >+ test_case->tag_length_octets); > if (status) { > return status; > } >@@ -128,7 +126,7 @@ srtp_auth_type_test (const srtp_auth_type_t *at, const srtp_auth_test_case_t *te > /* zeroize tag then compute */ > octet_string_set_to_zero(tag, test_case->tag_length_octets); > status = srtp_auth_compute(a, test_case->data, >- test_case->data_length_octets, tag); >+ test_case->data_length_octets, tag); > if (status) { > srtp_auth_dealloc(a); > return status; >@@ -138,10 +136,11 @@ srtp_auth_type_test (const srtp_auth_type_t *at, const srtp_auth_test_case_t *te > srtp_octet_string_hex_string(test_case->key, > test_case->key_length_octets)); > debug_print(srtp_mod_auth, "data: %s", >- srtp_octet_string_hex_string(test_case->data, >- test_case->data_length_octets)); >- debug_print(srtp_mod_auth, "tag computed: %s", >- srtp_octet_string_hex_string(tag, test_case->tag_length_octets)); >+ srtp_octet_string_hex_string( >+ test_case->data, test_case->data_length_octets)); >+ debug_print( >+ srtp_mod_auth, "tag computed: %s", >+ srtp_octet_string_hex_string(tag, test_case->tag_length_octets)); > debug_print(srtp_mod_auth, "tag expected: %s", > srtp_octet_string_hex_string(test_case->tag, > test_case->tag_length_octets)); >@@ -177,14 +176,12 @@ srtp_auth_type_test (const srtp_auth_type_t *at, const srtp_auth_test_case_t *te > return srtp_err_status_ok; > } > >- > /* >- * auth_type_self_test(at) performs srtp_auth_type_test on at's internal >+ * srtp_auth_type_self_test(at) performs srtp_auth_type_test on at's internal > * list of test data. > */ > >-srtp_err_status_t srtp_auth_type_self_test (const srtp_auth_type_t *at) >+srtp_err_status_t srtp_auth_type_self_test(const srtp_auth_type_t *at) > { > return srtp_auth_type_test(at, at->test_data); > } >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/hmac_ossl.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/hmac_ossl.c >index f99646b58fc417c0b2dada3e40de7999ddd5464d..8146438b051babb1b360318ed7a9678bd1a956d0 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/hmac_ossl.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/hmac_ossl.c >@@ -43,31 +43,34 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "auth.h" > #include "alloc.h" >-#include "err.h" /* for srtp_debug */ >+#include "err.h" /* for srtp_debug */ > #include <openssl/evp.h> > #include <openssl/hmac.h> > >-#define SHA1_DIGEST_SIZE 20 >+#define SHA1_DIGEST_SIZE 20 > > /* the debug module for authentiation */ > > srtp_debug_module_t srtp_mod_hmac = { >- 0, /* debugging is off by default */ >- "hmac sha-1 openssl" /* printable name for module */ >+ 0, /* debugging is off by default */ >+ "hmac sha-1 openssl" /* printable name for module */ > }; > >- >-static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len) >+static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a, >+ int key_len, >+ int out_len) > { > extern const srtp_auth_type_t srtp_hmac; > >- debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len); >- debug_print(srtp_mod_hmac, " tag length %d", out_len); >+ debug_print(srtp_mod_hmac, "allocating auth func with key length %d", >+ key_len); >+ debug_print(srtp_mod_hmac, " tag length %d", >+ out_len); > > /* check output length - should be less than 20 bytes */ > if (out_len > SHA1_DIGEST_SIZE) { >@@ -76,24 +79,25 @@ static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_ > > /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated > using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ >-#if OPENSSL_VERSION_NUMBER < 0x10100000L >+#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER > { > /* allocate memory for auth and HMAC_CTX structures */ >- uint8_t* pointer; >+ uint8_t *pointer; > HMAC_CTX *new_hmac_ctx; >- pointer = (uint8_t*)srtp_crypto_alloc(sizeof(HMAC_CTX) + sizeof(srtp_auth_t)); >+ pointer = (uint8_t *)srtp_crypto_alloc(sizeof(HMAC_CTX) + >+ sizeof(srtp_auth_t)); > if (pointer == NULL) { > return srtp_err_status_alloc_fail; > } >- *a = (srtp_auth_t*)pointer; >+ *a = (srtp_auth_t *)pointer; > (*a)->state = pointer + sizeof(srtp_auth_t); >- new_hmac_ctx = (HMAC_CTX*)((*a)->state); >+ new_hmac_ctx = (HMAC_CTX *)((*a)->state); > > HMAC_CTX_init(new_hmac_ctx); > } > > #else >- *a = (srtp_auth_t*)srtp_crypto_alloc(sizeof(srtp_auth_t)); >+ *a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t)); > if (*a == NULL) { > return srtp_err_status_alloc_fail; > } >@@ -115,13 +119,13 @@ static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_ > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a) >+static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a) > { > HMAC_CTX *hmac_ctx; > >- hmac_ctx = (HMAC_CTX*)a->state; >+ hmac_ctx = (HMAC_CTX *)a->state; > >-#if OPENSSL_VERSION_NUMBER < 0x10100000L >+#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER > HMAC_CTX_cleanup(hmac_ctx); > > /* zeroize entire state*/ >@@ -140,7 +144,7 @@ static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a) > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_hmac_start (void *statev) >+static srtp_err_status_t srtp_hmac_start(void *statev) > { > HMAC_CTX *state = (HMAC_CTX *)statev; > >@@ -150,7 +154,9 @@ static srtp_err_status_t srtp_hmac_start (void *statev) > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int key_len) >+static srtp_err_status_t srtp_hmac_init(void *statev, >+ const uint8_t *key, >+ int key_len) > { > HMAC_CTX *state = (HMAC_CTX *)statev; > >@@ -160,7 +166,9 @@ static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int k > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message, int msg_octets) >+static srtp_err_status_t srtp_hmac_update(void *statev, >+ const uint8_t *message, >+ int msg_octets) > { > HMAC_CTX *state = (HMAC_CTX *)statev; > >@@ -173,8 +181,11 @@ static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message, > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message, >- int msg_octets, int tag_len, uint8_t *result) >+static srtp_err_status_t srtp_hmac_compute(void *statev, >+ const uint8_t *message, >+ int msg_octets, >+ int tag_len, >+ uint8_t *result) > { > HMAC_CTX *state = (HMAC_CTX *)statev; > uint8_t hash_value[SHA1_DIGEST_SIZE]; >@@ -207,52 +218,56 @@ static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message > return srtp_err_status_ok; > } > >- > /* begin test case 0 */ >- >+/* clang-format off */ > static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = { > 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, > 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, > 0x0b, 0x0b, 0x0b, 0x0b > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_hmac_test_case_0_data[8] = { > 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ > }; >+/* clang-format on */ > >+/* clang-format off */ > static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = { > 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, > 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, > 0xf1, 0x46, 0xbe, 0x00 > }; >+/* clang-format on */ > > static const srtp_auth_test_case_t srtp_hmac_test_case_0 = { >- sizeof(srtp_hmac_test_case_0_key), /* octets in key */ >- srtp_hmac_test_case_0_key, /* key */ >- sizeof(srtp_hmac_test_case_0_data), /* octets in data */ >- srtp_hmac_test_case_0_data, /* data */ >- sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */ >- srtp_hmac_test_case_0_tag, /* tag */ >- NULL /* pointer to next testcase */ >+ sizeof(srtp_hmac_test_case_0_key), /* octets in key */ >+ srtp_hmac_test_case_0_key, /* key */ >+ sizeof(srtp_hmac_test_case_0_data), /* octets in data */ >+ srtp_hmac_test_case_0_data, /* data */ >+ sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */ >+ srtp_hmac_test_case_0_tag, /* tag */ >+ NULL /* pointer to next testcase */ > }; > > /* end test case 0 */ > >-static const char srtp_hmac_description[] = "hmac sha-1 authentication function"; >+static const char srtp_hmac_description[] = >+ "hmac sha-1 authentication function"; > > /* > * srtp_auth_type_t hmac is the hmac metaobject > */ > >-const srtp_auth_type_t srtp_hmac = { >- srtp_hmac_alloc, >- srtp_hmac_dealloc, >- srtp_hmac_init, >- srtp_hmac_compute, >- srtp_hmac_update, >- srtp_hmac_start, >- srtp_hmac_description, >- &srtp_hmac_test_case_0, >- SRTP_HMAC_SHA1 >+const srtp_auth_type_t srtp_hmac = { >+ srtp_hmac_alloc, /* */ >+ srtp_hmac_dealloc, /* */ >+ srtp_hmac_init, /* */ >+ srtp_hmac_compute, /* */ >+ srtp_hmac_update, /* */ >+ srtp_hmac_start, /* */ >+ srtp_hmac_description, /* */ >+ &srtp_hmac_test_case_0, /* */ >+ SRTP_HMAC_SHA1 /* */ > }; >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/null_auth.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/null_auth.c >index 2d99027caaeed50928f9b254082f68abc187e44c..5194417caf2e324b2017143bc0fa4cda97b728fe 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/null_auth.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/hash/null_auth.c >@@ -45,33 +45,35 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "null_auth.h" >-#include "err.h" /* for srtp_debug */ >+#include "err.h" /* for srtp_debug */ > #include "alloc.h" >+#include "cipher_types.h" > >-/* null_auth uses the auth debug module */ >- >-extern srtp_debug_module_t srtp_mod_auth; >- >-static srtp_err_status_t srtp_null_auth_alloc (srtp_auth_t **a, int key_len, int out_len) >+static srtp_err_status_t srtp_null_auth_alloc(srtp_auth_t **a, >+ int key_len, >+ int out_len) > { > extern const srtp_auth_type_t srtp_null_auth; > uint8_t *pointer; > >- debug_print(srtp_mod_auth, "allocating auth func with key length %d", key_len); >- debug_print(srtp_mod_auth, " tag length %d", out_len); >+ debug_print(srtp_mod_auth, "allocating auth func with key length %d", >+ key_len); >+ debug_print(srtp_mod_auth, " tag length %d", >+ out_len); > > /* allocate memory for auth and srtp_null_auth_ctx_t structures */ >- pointer = (uint8_t*)srtp_crypto_alloc(sizeof(srtp_null_auth_ctx_t) + sizeof(srtp_auth_t)); >+ pointer = (uint8_t *)srtp_crypto_alloc(sizeof(srtp_null_auth_ctx_t) + >+ sizeof(srtp_auth_t)); > if (pointer == NULL) { > return srtp_err_status_alloc_fail; > } > > /* set pointers */ >- *a = (srtp_auth_t*)pointer; >+ *a = (srtp_auth_t *)pointer; > (*a)->type = &srtp_null_auth; > (*a)->state = pointer + sizeof(srtp_auth_t); > (*a)->out_len = out_len; >@@ -81,12 +83,13 @@ static srtp_err_status_t srtp_null_auth_alloc (srtp_auth_t **a, int key_len, int > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_null_auth_dealloc (srtp_auth_t *a) >+static srtp_err_status_t srtp_null_auth_dealloc(srtp_auth_t *a) > { > extern const srtp_auth_type_t srtp_null_auth; > > /* zeroize entire state*/ >- octet_string_set_to_zero(a, sizeof(srtp_null_auth_ctx_t) + sizeof(srtp_auth_t)); >+ octet_string_set_to_zero(a, sizeof(srtp_null_auth_ctx_t) + >+ sizeof(srtp_auth_t)); > > /* free memory */ > srtp_crypto_free(a); >@@ -94,7 +97,9 @@ static srtp_err_status_t srtp_null_auth_dealloc (srtp_auth_t *a) > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_null_auth_init (void *statev, const uint8_t *key, int key_len) >+static srtp_err_status_t srtp_null_auth_init(void *statev, >+ const uint8_t *key, >+ int key_len) > { > /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ > /* accept any length of key, and do nothing */ >@@ -102,23 +107,27 @@ static srtp_err_status_t srtp_null_auth_init (void *statev, const uint8_t *key, > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_null_auth_compute (void *statev, const uint8_t *message, >- int msg_octets, int tag_len, uint8_t *result) >+static srtp_err_status_t srtp_null_auth_compute(void *statev, >+ const uint8_t *message, >+ int msg_octets, >+ int tag_len, >+ uint8_t *result) > { > /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ > > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_null_auth_update (void *statev, const uint8_t *message, >- int msg_octets) >+static srtp_err_status_t srtp_null_auth_update(void *statev, >+ const uint8_t *message, >+ int msg_octets) > { > /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ > > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_null_auth_start (void *statev) >+static srtp_err_status_t srtp_null_auth_start(void *statev) > { > /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ > >@@ -133,28 +142,27 @@ static srtp_err_status_t srtp_null_auth_start (void *statev) > /* begin test case 0 */ > > static const srtp_auth_test_case_t srtp_null_auth_test_case_0 = { >- 0, /* octets in key */ >- NULL, /* key */ >- 0, /* octets in data */ >- NULL, /* data */ >- 0, /* octets in tag */ >- NULL, /* tag */ >- NULL /* pointer to next testcase */ >+ 0, /* octets in key */ >+ NULL, /* key */ >+ 0, /* octets in data */ >+ NULL, /* data */ >+ 0, /* octets in tag */ >+ NULL, /* tag */ >+ NULL /* pointer to next testcase */ > }; > > /* end test case 0 */ > > static const char srtp_null_auth_description[] = "null authentication function"; > >-const srtp_auth_type_t srtp_null_auth = { >- srtp_null_auth_alloc, >- srtp_null_auth_dealloc, >- srtp_null_auth_init, >- srtp_null_auth_compute, >- srtp_null_auth_update, >- srtp_null_auth_start, >- srtp_null_auth_description, >- &srtp_null_auth_test_case_0, >- SRTP_NULL_AUTH >+const srtp_auth_type_t srtp_null_auth = { >+ srtp_null_auth_alloc, /* */ >+ srtp_null_auth_dealloc, /* */ >+ srtp_null_auth_init, /* */ >+ srtp_null_auth_compute, /* */ >+ srtp_null_auth_update, /* */ >+ srtp_null_auth_start, /* */ >+ srtp_null_auth_description, /* */ >+ &srtp_null_auth_test_case_0, /* */ >+ SRTP_NULL_AUTH /* */ > }; >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes.h >index 007163c5341687f668e65ebc26570a566a34675c..779c3ac744ffa0129a35acb0934bc3731b402d41 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes.h >@@ -70,9 +70,11 @@ srtp_err_status_t srtp_aes_expand_decryption_key( > int key_len, > srtp_aes_expanded_key_t *expanded_key); > >-void srtp_aes_encrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key); >+void srtp_aes_encrypt(v128_t *plaintext, >+ const srtp_aes_expanded_key_t *exp_key); > >-void srtp_aes_decrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key); >+void srtp_aes_decrypt(v128_t *plaintext, >+ const srtp_aes_expanded_key_t *exp_key); > > #ifdef __cplusplus > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_gcm_ossl.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_gcm_ossl.h >index 8b0d7a0264a6a91e2391f969e4523ce81eff6966..d5b83eeeb07fa7f870871e592cd9dc09e70d00a1 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_gcm_ossl.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_gcm_ossl.h >@@ -55,9 +55,8 @@ > typedef struct { > int key_size; > int tag_len; >- EVP_CIPHER_CTX* ctx; >+ EVP_CIPHER_CTX *ctx; > srtp_cipher_direction_t dir; > } srtp_aes_gcm_ctx_t; > > #endif /* AES_GCM_OSSL_H */ >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_icm.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_icm.h >index 90fbd5e35d9fc7d79d0e7bda123bff6eb709718b..8ded156a2969c4fa1d6d1b05e186080138b56302 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_icm.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_icm.h >@@ -9,26 +9,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -60,4 +60,3 @@ typedef struct { > } srtp_aes_icm_ctx_t; > > #endif /* AES_ICM_H */ >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_icm_ossl.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_icm_ossl.h >index 1dddd755fca1281f97d0791c579fed138ec2cd4b..c4aae376e6d73c6ec4cd724b98a24accfe1d1cc1 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_icm_ossl.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/aes_icm_ossl.h >@@ -52,11 +52,10 @@ > #include <openssl/aes.h> > > typedef struct { >- v128_t counter; /* holds the counter value */ >- v128_t offset; /* initial offset value */ >+ v128_t counter; /* holds the counter value */ >+ v128_t offset; /* initial offset value */ > int key_size; >- EVP_CIPHER_CTX* ctx; >+ EVP_CIPHER_CTX *ctx; > } srtp_aes_icm_ctx_t; > > #endif /* AES_ICM_H */ >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/alloc.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/alloc.h >index 0bd2a90820f984b3bc203b70fcf9187a93210682..1fc041014d8f8c5e0a7bf6d624df88d5878d3fd2 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/alloc.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/alloc.h >@@ -1,32 +1,32 @@ > /* > * alloc.h > * >- * interface to memory allocation and deallocation, with optional debugging >+ * interface to memory allocation and deallocation, with optional debugging > * > * David A. McGrew > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright (c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -42,7 +42,6 @@ > * > */ > >- > #ifndef CRYPTO_ALLOC_H > #define CRYPTO_ALLOC_H > >@@ -52,8 +51,22 @@ > extern "C" { > #endif > >-void * srtp_crypto_alloc(size_t size); >+/* >+ * srtp_crypto_alloc >+ * >+ * Allocates a block of memory of given size. The memory will be >+ * initialized to zero's. Free the memory with a call to srtp_crypto_free. >+ * >+ * returns pointer to memory on success or else NULL >+ */ >+void *srtp_crypto_alloc(size_t size); > >+/* >+ * srtp_crypto_free >+ * >+ * Frees the block of memory ptr previously allocated with >+ * srtp_crypto_alloc >+ */ > void srtp_crypto_free(void *ptr); > > #ifdef __cplusplus >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/auth.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/auth.h >index 7870b29450f9ade98d86df81a1d3e862f2a47b4d..774ea1687bb8dee025b78211400cfdbae43d832e 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/auth.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/auth.h >@@ -47,46 +47,51 @@ > #define SRTP_AUTH_H > > #include "srtp.h" >-#include "crypto_types.h" /* for values of auth_type_id_t */ >+#include "crypto_types.h" /* for values of auth_type_id_t */ > > #ifdef __cplusplus > extern "C" { > #endif > > typedef const struct srtp_auth_type_t *srtp_auth_type_pointer; >-typedef struct srtp_auth_t *srtp_auth_pointer_t; >+typedef struct srtp_auth_t *srtp_auth_pointer_t; > >-typedef srtp_err_status_t (*srtp_auth_alloc_func) >- (srtp_auth_pointer_t *ap, int key_len, int out_len); >+typedef srtp_err_status_t (*srtp_auth_alloc_func)(srtp_auth_pointer_t *ap, >+ int key_len, >+ int out_len); > >-typedef srtp_err_status_t (*srtp_auth_init_func) >- (void *state, const uint8_t *key, int key_len); >+typedef srtp_err_status_t (*srtp_auth_init_func)(void *state, >+ const uint8_t *key, >+ int key_len); > > typedef srtp_err_status_t (*srtp_auth_dealloc_func)(srtp_auth_pointer_t ap); > >-typedef srtp_err_status_t (*srtp_auth_compute_func) >- (void *state, const uint8_t *buffer, int octets_to_auth, >- int tag_len, uint8_t *tag); >+typedef srtp_err_status_t (*srtp_auth_compute_func)(void *state, >+ const uint8_t *buffer, >+ int octets_to_auth, >+ int tag_len, >+ uint8_t *tag); > >-typedef srtp_err_status_t (*srtp_auth_update_func) >- (void *state, const uint8_t *buffer, int octets_to_auth); >+typedef srtp_err_status_t (*srtp_auth_update_func)(void *state, >+ const uint8_t *buffer, >+ int octets_to_auth); > > typedef srtp_err_status_t (*srtp_auth_start_func)(void *state); > > /* some syntactic sugar on these function types */ >-#define srtp_auth_type_alloc(at, a, klen, outlen) \ >+#define srtp_auth_type_alloc(at, a, klen, outlen) \ > ((at)->alloc((a), (klen), (outlen))) > >-#define srtp_auth_init(a, key) \ >+#define srtp_auth_init(a, key) \ > (((a)->type)->init((a)->state, (key), ((a)->key_len))) > >-#define srtp_auth_compute(a, buf, len, res) \ >+#define srtp_auth_compute(a, buf, len, res) \ > (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res))) > >-#define srtp_auth_update(a, buf, len) \ >+#define srtp_auth_update(a, buf, len) \ > (((a)->type)->update((a)->state, (buf), (len))) > >-#define srtp_auth_start(a)(((a)->type)->start((a)->state)) >+#define srtp_auth_start(a) (((a)->type)->start((a)->state)) > > #define srtp_auth_dealloc(c) (((c)->type)->dealloc(c)) > >@@ -105,13 +110,14 @@ int srtp_auth_get_prefix_length(const struct srtp_auth_t *a); > * function below) > */ > typedef struct srtp_auth_test_case_t { >- int key_length_octets; /* octets in key */ >- const uint8_t *key; /* key */ >- int data_length_octets; /* octets in data */ >- const uint8_t *data; /* data */ >- int tag_length_octets; /* octets in tag */ >- const uint8_t *tag; /* tag */ >- const struct srtp_auth_test_case_t *next_test_case; /* pointer to next testcase */ >+ int key_length_octets; /* octets in key */ >+ const uint8_t *key; /* key */ >+ int data_length_octets; /* octets in data */ >+ const uint8_t *data; /* data */ >+ int tag_length_octets; /* octets in tag */ >+ const uint8_t *tag; /* tag */ >+ const struct srtp_auth_test_case_t >+ *next_test_case; /* pointer to next testcase */ > } srtp_auth_test_case_t; > > /* srtp_auth_type_t */ >@@ -122,17 +128,17 @@ typedef struct srtp_auth_type_t { > srtp_auth_compute_func compute; > srtp_auth_update_func update; > srtp_auth_start_func start; >- const char *description; >- const srtp_auth_test_case_t *test_data; >+ const char *description; >+ const srtp_auth_test_case_t *test_data; > srtp_auth_type_id_t id; > } srtp_auth_type_t; > > typedef struct srtp_auth_t { > const srtp_auth_type_t *type; >- void *state; >- int out_len; /* length of output tag in octets */ >- int key_len; /* length of key in octets */ >- int prefix_len; /* length of keystream prefix */ >+ void *state; >+ int out_len; /* length of output tag in octets */ >+ int key_len; /* length of key in octets */ >+ int prefix_len; /* length of keystream prefix */ > } srtp_auth_t; > > /* >@@ -147,8 +153,8 @@ srtp_err_status_t srtp_auth_type_self_test(const srtp_auth_type_t *at); > * provided in an array of values of key/message/tag that is known to > * be good > */ >-srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at, >- const srtp_auth_test_case_t *test_data); >+srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at, >+ const srtp_auth_test_case_t *test_data); > > /* > * srtp_replace_auth_type(ct, id) >@@ -157,7 +163,8 @@ srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at, > * with a new one passed in externally. The new auth type must pass all the > * existing auth_type's self tests as well as its own. > */ >-srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *ct, srtp_auth_type_id_t id); >+srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *ct, >+ srtp_auth_type_id_t id); > > #ifdef __cplusplus > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/cipher.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/cipher.h >index d544b12045ccb4150d506d9591d750426d2c2123..4f14e3560fdd03d7dfb1944a1f16c76974f91934 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/cipher.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/cipher.h >@@ -42,13 +42,11 @@ > * > */ > >- > #ifndef SRTP_CIPHER_H > #define SRTP_CIPHER_H > > #include "srtp.h" >-#include "crypto_types.h" /* for values of cipher_type_id_t */ >- >+#include "crypto_types.h" /* for values of cipher_type_id_t */ > > #ifdef __cplusplus > extern "C" { >@@ -71,51 +69,60 @@ typedef enum { > * the srtp_cipher_pointer_t definition is needed > * as srtp_cipher_t is not yet defined > */ >-typedef struct srtp_cipher_t *srtp_cipher_pointer_t; >+typedef struct srtp_cipher_t *srtp_cipher_pointer_t; > > /* >- * a srtp_cipher_alloc_func_t allocates (but does not initialize) a srtp_cipher_t >+ * a srtp_cipher_alloc_func_t allocates (but does not initialize) a >+ * srtp_cipher_t > */ >-typedef srtp_err_status_t (*srtp_cipher_alloc_func_t) >- (srtp_cipher_pointer_t *cp, int key_len, int tag_len); >+typedef srtp_err_status_t (*srtp_cipher_alloc_func_t)(srtp_cipher_pointer_t *cp, >+ int key_len, >+ int tag_len); > > /* > * a srtp_cipher_init_func_t [re-]initializes a cipher_t with a given key > */ >-typedef srtp_err_status_t (*srtp_cipher_init_func_t) >- (void *state, const uint8_t *key); >+typedef srtp_err_status_t (*srtp_cipher_init_func_t)(void *state, >+ const uint8_t *key); > > /* a srtp_cipher_dealloc_func_t de-allocates a cipher_t */ >-typedef srtp_err_status_t (*srtp_cipher_dealloc_func_t)(srtp_cipher_pointer_t cp); >+typedef srtp_err_status_t (*srtp_cipher_dealloc_func_t)( >+ srtp_cipher_pointer_t cp); > > /* > * a srtp_cipher_set_aad_func_t processes the AAD data for AEAD ciphers > */ >-typedef srtp_err_status_t (*srtp_cipher_set_aad_func_t) >- (void *state, const uint8_t *aad, uint32_t aad_len); >- >+typedef srtp_err_status_t (*srtp_cipher_set_aad_func_t)(void *state, >+ const uint8_t *aad, >+ uint32_t aad_len); > > /* a srtp_cipher_encrypt_func_t encrypts data in-place */ >-typedef srtp_err_status_t (*srtp_cipher_encrypt_func_t) >- (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt); >+typedef srtp_err_status_t (*srtp_cipher_encrypt_func_t)( >+ void *state, >+ uint8_t *buffer, >+ unsigned int *octets_to_encrypt); > > /* a srtp_cipher_decrypt_func_t decrypts data in-place */ >-typedef srtp_err_status_t (*srtp_cipher_decrypt_func_t) >- (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt); >+typedef srtp_err_status_t (*srtp_cipher_decrypt_func_t)( >+ void *state, >+ uint8_t *buffer, >+ unsigned int *octets_to_decrypt); > > /* > * a srtp_cipher_set_iv_func_t function sets the current initialization vector > */ >-typedef srtp_err_status_t (*srtp_cipher_set_iv_func_t) >- (void *state, uint8_t *iv, srtp_cipher_direction_t direction); >+typedef srtp_err_status_t (*srtp_cipher_set_iv_func_t)( >+ void *state, >+ uint8_t *iv, >+ srtp_cipher_direction_t direction); > > /* > * a cipher_get_tag_func_t function is used to get the authentication > * tag that was calculated by an AEAD cipher. > */ >-typedef srtp_err_status_t (*srtp_cipher_get_tag_func_t) >- (void *state, uint8_t *tag, uint32_t *len); >- >+typedef srtp_err_status_t (*srtp_cipher_get_tag_func_t)(void *state, >+ uint8_t *tag, >+ uint32_t *len); > > /* > * srtp_cipher_test_case_t is a (list of) key, salt, plaintext, ciphertext, >@@ -125,17 +132,18 @@ typedef srtp_err_status_t (*srtp_cipher_get_tag_func_t) > * (see the srtp_cipher_type_self_test() function below) > */ > typedef struct srtp_cipher_test_case_t { >- int key_length_octets; /* octets in key */ >- const uint8_t *key; /* key */ >- uint8_t *idx; /* packet index */ >- int plaintext_length_octets; /* octets in plaintext */ >- const uint8_t *plaintext; /* plaintext */ >- int ciphertext_length_octets; /* octets in plaintext */ >- const uint8_t *ciphertext; /* ciphertext */ >- int aad_length_octets; /* octets in AAD */ >- const uint8_t *aad; /* AAD */ >- int tag_length_octets; /* Length of AEAD tag */ >- const struct srtp_cipher_test_case_t *next_test_case; /* pointer to next testcase */ >+ int key_length_octets; /* octets in key */ >+ const uint8_t *key; /* key */ >+ uint8_t *idx; /* packet index */ >+ unsigned int plaintext_length_octets; /* octets in plaintext */ >+ const uint8_t *plaintext; /* plaintext */ >+ unsigned int ciphertext_length_octets; /* octets in plaintext */ >+ const uint8_t *ciphertext; /* ciphertext */ >+ int aad_length_octets; /* octets in AAD */ >+ const uint8_t *aad; /* AAD */ >+ int tag_length_octets; /* Length of AEAD tag */ >+ const struct srtp_cipher_test_case_t >+ *next_test_case; /* pointer to next testcase */ > } srtp_cipher_test_case_t; > > /* srtp_cipher_type_t defines the 'metadata' for a particular cipher type */ >@@ -148,8 +156,8 @@ typedef struct srtp_cipher_type_t { > srtp_cipher_encrypt_func_t decrypt; > srtp_cipher_set_iv_func_t set_iv; > srtp_cipher_get_tag_func_t get_tag; >- const char *description; >- const srtp_cipher_test_case_t *test_data; >+ const char *description; >+ const srtp_cipher_test_case_t *test_data; > srtp_cipher_type_id_t id; > } srtp_cipher_type_t; > >@@ -159,7 +167,7 @@ typedef struct srtp_cipher_type_t { > */ > typedef struct srtp_cipher_t { > const srtp_cipher_type_t *type; >- void *state; >+ void *state; > int key_len; > int algorithm; > } srtp_cipher_t; >@@ -167,7 +175,6 @@ typedef struct srtp_cipher_t { > /* some bookkeeping functions */ > int srtp_cipher_get_key_length(const srtp_cipher_t *c); > >- > /* > * srtp_cipher_type_self_test() tests a cipher against test cases provided in > * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext >@@ -175,14 +182,15 @@ int srtp_cipher_get_key_length(const srtp_cipher_t *c); > */ > srtp_err_status_t srtp_cipher_type_self_test(const srtp_cipher_type_t *ct); > >- > /* >- * srtp_cipher_type_test() tests a cipher against external test cases provided in >+ * srtp_cipher_type_test() tests a cipher against external test cases provided >+ * in > * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext > * that is known to be good > */ >-srtp_err_status_t srtp_cipher_type_test(const srtp_cipher_type_t *ct, const srtp_cipher_test_case_t *test_data); >- >+srtp_err_status_t srtp_cipher_type_test( >+ const srtp_cipher_type_t *ct, >+ const srtp_cipher_test_case_t *test_data); > > /* > * srtp_cipher_bits_per_second(c, l, t) computes (an estimate of) the >@@ -194,17 +202,34 @@ srtp_err_status_t srtp_cipher_type_test(const srtp_cipher_type_t *ct, const srtp > * > * if an error is encountered, then the value 0 is returned > */ >-uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c, int octets_in_buffer, int num_trials); >- >-srtp_err_status_t srtp_cipher_type_alloc(const srtp_cipher_type_t *ct, srtp_cipher_t **c, int key_len, int tlen); >+uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c, >+ int octets_in_buffer, >+ int num_trials); >+ >+srtp_err_status_t srtp_cipher_type_alloc(const srtp_cipher_type_t *ct, >+ srtp_cipher_t **c, >+ int key_len, >+ int tlen); > srtp_err_status_t srtp_cipher_dealloc(srtp_cipher_t *c); > srtp_err_status_t srtp_cipher_init(srtp_cipher_t *c, const uint8_t *key); >-srtp_err_status_t srtp_cipher_set_iv(srtp_cipher_t *c, uint8_t *iv, int direction); >-srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output); >-srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output); >-srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output); >-srtp_err_status_t srtp_cipher_get_tag(srtp_cipher_t *c, uint8_t *buffer, uint32_t *tag_len); >-srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c, const uint8_t *aad, uint32_t aad_len); >+srtp_err_status_t srtp_cipher_set_iv(srtp_cipher_t *c, >+ uint8_t *iv, >+ int direction); >+srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, >+ uint8_t *buffer, >+ uint32_t *num_octets_to_output); >+srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c, >+ uint8_t *buffer, >+ uint32_t *num_octets_to_output); >+srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c, >+ uint8_t *buffer, >+ uint32_t *num_octets_to_output); >+srtp_err_status_t srtp_cipher_get_tag(srtp_cipher_t *c, >+ uint8_t *buffer, >+ uint32_t *tag_len); >+srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c, >+ const uint8_t *aad, >+ uint32_t aad_len); > > /* > * srtp_replace_cipher_type(ct, id) >@@ -213,7 +238,8 @@ srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c, const uint8_t *aad, uint > * with a new one passed in externally. The new cipher must pass all the > * existing cipher_type's self tests as well as its own. > */ >-srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *ct, srtp_cipher_type_id_t id); >+srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *ct, >+ srtp_cipher_type_id_t id); > > #ifdef __cplusplus > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/cipher_types.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/cipher_types.h >new file mode 100644 >index 0000000000000000000000000000000000000000..a543b5478ba2d65a6b1d2b002332d9124ea1a90c >--- /dev/null >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/cipher_types.h >@@ -0,0 +1,81 @@ >+/* >+ * >+ * Copyright(c) 2001-2017 Cisco Systems, Inc. >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * >+ * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * >+ * Redistributions in binary form must reproduce the above >+ * copyright notice, this list of conditions and the following >+ * disclaimer in the documentation and/or other materials provided >+ * with the distribution. >+ * >+ * Neither the name of the Cisco Systems, Inc. nor the names of its >+ * contributors may be used to endorse or promote products derived >+ * from this software without specific prior written permission. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, >+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES >+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR >+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) >+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, >+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED >+ * OF THE POSSIBILITY OF SUCH DAMAGE. >+ * >+ */ >+ >+#ifndef CIHPER_TYPES_H >+#define CIHPER_TYPES_H >+ >+#include "cipher.h" >+#include "auth.h" >+ >+/* >+ * cipher types that can be included in the kernel >+ */ >+ >+extern const srtp_cipher_type_t srtp_null_cipher; >+extern const srtp_cipher_type_t srtp_aes_icm_128; >+extern const srtp_cipher_type_t srtp_aes_icm_256; >+#ifdef OPENSSL >+extern const srtp_cipher_type_t srtp_aes_icm_192; >+extern const srtp_cipher_type_t srtp_aes_gcm_128_openssl; >+extern const srtp_cipher_type_t srtp_aes_gcm_256_openssl; >+#endif >+ >+/* >+ * auth func types that can be included in the kernel >+ */ >+ >+extern const srtp_auth_type_t srtp_null_auth; >+extern const srtp_auth_type_t srtp_hmac; >+ >+/* >+ * other generic debug modules that can be included in the kernel >+ */ >+ >+extern srtp_debug_module_t srtp_mod_auth; >+extern srtp_debug_module_t srtp_mod_cipher; >+extern srtp_debug_module_t srtp_mod_stat; >+extern srtp_debug_module_t srtp_mod_alloc; >+ >+/* debug modules for cipher types */ >+extern srtp_debug_module_t srtp_mod_aes_icm; >+#ifdef OPENSSL >+extern srtp_debug_module_t srtp_mod_aes_gcm; >+#endif >+ >+/* debug modules for auth types */ >+extern srtp_debug_module_t srtp_mod_hmac; >+ >+#endif >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/crypto_kernel.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/crypto_kernel.h >index 1abf383f5a4f3d4e15e37b2c2a16fc4d06cc1801..1f8dfa77128effa01dc1c717c67d703e87108161 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/crypto_kernel.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/crypto_kernel.h >@@ -42,7 +42,6 @@ > * > */ > >- > #ifndef CRYPTO_KERNEL > #define CRYPTO_KERNEL > >@@ -72,7 +71,7 @@ typedef enum { > */ > typedef struct srtp_kernel_cipher_type { > srtp_cipher_type_id_t id; >- const srtp_cipher_type_t *cipher_type; >+ const srtp_cipher_type_t *cipher_type; > struct srtp_kernel_cipher_type *next; > } srtp_kernel_cipher_type_t; > >@@ -81,7 +80,7 @@ typedef struct srtp_kernel_cipher_type { > */ > typedef struct srtp_kernel_auth_type { > srtp_auth_type_id_t id; >- const srtp_auth_type_t *auth_type; >+ const srtp_auth_type_t *auth_type; > struct srtp_kernel_auth_type *next; > } srtp_kernel_auth_type_t; > >@@ -93,7 +92,6 @@ typedef struct srtp_kernel_debug_module { > struct srtp_kernel_debug_module *next; > } srtp_kernel_debug_module_t; > >- > /* > * crypto_kernel_t is the data structure for the crypto kernel > * >@@ -101,18 +99,17 @@ typedef struct srtp_kernel_debug_module { > * a global variable defined in crypto_kernel.c > */ > typedef struct { >- srtp_crypto_kernel_state_t state; /* current state of kernel */ >- srtp_kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ >- srtp_kernel_auth_type_t *auth_type_list; /* list of all auth func types */ >- srtp_kernel_debug_module_t *debug_module_list; /* list of all debug modules */ >+ srtp_crypto_kernel_state_t state; /* current state of kernel */ >+ srtp_kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ >+ srtp_kernel_auth_type_t *auth_type_list; /* list of all auth func types */ >+ srtp_kernel_debug_module_t >+ *debug_module_list; /* list of all debug modules */ > } srtp_crypto_kernel_t; > >- > /* > * srtp_crypto_kernel_t external api > */ > >- > /* > * The function srtp_crypto_kernel_init() initialized the crypto kernel and > * runs the self-test operations on the random number generators and >@@ -126,7 +123,6 @@ typedef struct { > */ > srtp_err_status_t srtp_crypto_kernel_init(void); > >- > /* > * The function srtp_crypto_kernel_shutdown() de-initializes the > * crypto_kernel, zeroizes keys and other cryptographic material, and >@@ -150,7 +146,6 @@ srtp_err_status_t srtp_crypto_kernel_shutdown(void); > */ > srtp_err_status_t srtp_crypto_kernel_status(void); > >- > /* > * srtp_crypto_kernel_list_debug_modules() outputs a list of debugging modules > * >@@ -161,11 +156,15 @@ srtp_err_status_t srtp_crypto_kernel_list_debug_modules(void); > * srtp_crypto_kernel_load_cipher_type() > * > */ >-srtp_err_status_t srtp_crypto_kernel_load_cipher_type(const srtp_cipher_type_t *ct, srtp_cipher_type_id_t id); >+srtp_err_status_t srtp_crypto_kernel_load_cipher_type( >+ const srtp_cipher_type_t *ct, >+ srtp_cipher_type_id_t id); > >-srtp_err_status_t srtp_crypto_kernel_load_auth_type(const srtp_auth_type_t *ct, srtp_auth_type_id_t id); >+srtp_err_status_t srtp_crypto_kernel_load_auth_type(const srtp_auth_type_t *ct, >+ srtp_auth_type_id_t id); > >-srtp_err_status_t srtp_crypto_kernel_load_debug_module(srtp_debug_module_t *new_dm); >+srtp_err_status_t srtp_crypto_kernel_load_debug_module( >+ srtp_debug_module_t *new_dm); > > /* > * srtp_crypto_kernel_alloc_cipher(id, cp, key_len); >@@ -177,7 +176,10 @@ srtp_err_status_t srtp_crypto_kernel_load_debug_module(srtp_debug_module_t *new_ > * srtp_err_status_alloc_fail an allocation failure occured > * srtp_err_status_fail couldn't find cipher with identifier 'id' > */ >-srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id, srtp_cipher_pointer_t *cp, int key_len, int tag_len); >+srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id, >+ srtp_cipher_pointer_t *cp, >+ int key_len, >+ int tag_len); > > /* > * srtp_crypto_kernel_alloc_auth(id, ap, key_len, tag_len); >@@ -190,8 +192,10 @@ srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id, srtp > * srtp_err_status_alloc_fail an allocation failure occured > * srtp_err_status_fail couldn't find auth with identifier 'id' > */ >-srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id, srtp_auth_pointer_t *ap, int key_len, int tag_len); >- >+srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id, >+ srtp_auth_pointer_t *ap, >+ int key_len, >+ int tag_len); > > /* > * srtp_crypto_kernel_set_debug_module(mod_name, v) >@@ -201,7 +205,8 @@ srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id, srtp_aut > * > * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise > */ >-srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *mod_name, int v); >+srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *mod_name, >+ int v); > > #ifdef __cplusplus > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/crypto_types.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/crypto_types.h >index 329d60dbd1d47e25a9f6c48fca2d5662fe1acd76..7fd3178b0b04d2d560110673d23138dd49da0936 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/crypto_types.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/crypto_types.h >@@ -7,26 +7,26 @@ > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright(c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -48,62 +48,62 @@ > /* > * The null cipher performs no encryption. > * >- * The SRTP_NULL_CIPHER leaves its inputs unaltered, during both the >+ * The SRTP_NULL_CIPHER leaves its inputs unaltered, during both the > * encryption and decryption operations. This cipher can be chosen > * to indicate that no encryption is to be performed. > */ >-#define SRTP_NULL_CIPHER 0 >+#define SRTP_NULL_CIPHER 0 > >-/* >+/* > * AES-128 Integer Counter Mode (AES ICM) > * > * AES-128 ICM is the variant of counter mode that is used by > * Secure RTP. This cipher uses a 16-octet key concatenated with a > * 14-octet offset (or salt) value. > */ >-#define SRTP_AES_ICM_128 1 >+#define SRTP_AES_ICM_128 1 > >-/* >+/* > * AES-192 Integer Counter Mode (AES ICM) > * > * AES-128 ICM is the variant of counter mode that is used by > * Secure RTP. This cipher uses a 24-octet key concatenated with a > * 14-octet offset (or salt) value. > */ >-#define SRTP_AES_ICM_192 4 >+#define SRTP_AES_ICM_192 4 > >-/* >+/* > * AES-256 Integer Counter Mode (AES ICM) > * > * AES-128 ICM is the variant of counter mode that is used by > * Secure RTP. This cipher uses a 32-octet key concatenated with a > * 14-octet offset (or salt) value. > */ >-#define SRTP_AES_ICM_256 5 >+#define SRTP_AES_ICM_256 5 > >-/* >- * AES-128_GCM Galois Counter Mode (AES GCM) >+/* >+ * AES-128_GCM Galois Counter Mode (AES GCM) > * >- * AES-128 GCM is the variant of galois counter mode that is used by >+ * AES-128 GCM is the variant of galois counter mode that is used by > * Secure RTP. This cipher uses a 16-octet key. > */ >-#define SRTP_AES_GCM_128 6 >+#define SRTP_AES_GCM_128 6 > >-/* >- * AES-256_GCM Galois Counter Mode (AES GCM) >+/* >+ * AES-256_GCM Galois Counter Mode (AES GCM) > * >- * AES-256 GCM is the variant of galois counter mode that is used by >+ * AES-256 GCM is the variant of galois counter mode that is used by > * Secure RTP. This cipher uses a 32-octet key. > */ >-#define SRTP_AES_GCM_256 7 >+#define SRTP_AES_GCM_256 7 > > /* > * The null authentication function performs no authentication. > * > * The NULL_AUTH function does nothing, and can be selected to indicate > * that authentication should not be performed. >- */ >-#define SRTP_NULL_AUTH 0 >+ */ >+#define SRTP_NULL_AUTH 0 > > /* > * HMAC-SHA1 >@@ -111,6 +111,6 @@ > * SRTP_HMAC_SHA1 implements the Hash-based MAC using the NIST Secure > * Hash Algorithm version 1 (SHA1). > */ >-#define SRTP_HMAC_SHA1 3 >+#define SRTP_HMAC_SHA1 3 > >-#endif /* SRTP_CRYPTO_TYPES_H */ >+#endif /* SRTP_CRYPTO_TYPES_H */ >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/datatypes.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/datatypes.h >index d20b9e6f8cafa2fe26e229bdf88589ce2526fab0..182cca25b9d1bf76019861e540b53e9e3f9c3fbd 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/datatypes.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/datatypes.h >@@ -1,6 +1,6 @@ > /* > * datatypes.h >- * >+ * > * data types for bit vectors and finite fields > * > * David A. McGrew >@@ -8,26 +8,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -43,11 +43,10 @@ > * > */ > >- > #ifndef DATATYPES_H > #define DATATYPES_H > >-#include "integers.h" /* definitions of uint32_t, et cetera */ >+#include "integers.h" /* definitions of uint32_t, et cetera */ > #include "alloc.h" > > #include <stdarg.h> >@@ -56,42 +55,43 @@ > #include <string.h> > #include <time.h> > #ifdef HAVE_NETINET_IN_H >-# include <netinet/in.h> >+#include <netinet/in.h> > #elif defined HAVE_WINSOCK2_H >-# include <winsock2.h> >+#include <winsock2.h> >+#else >+#error "Platform not recognized" > #endif > > #ifdef __cplusplus > extern "C" { > #endif > >- > /* if DATATYPES_USE_MACROS is defined, then little functions are macros */ >-#define DATATYPES_USE_MACROS >+#define DATATYPES_USE_MACROS > > typedef union { >- uint8_t v8[2]; >- uint16_t value; >+ uint8_t v8[2]; >+ uint16_t value; > } v16_t; > > typedef union { >- uint8_t v8[4]; >- uint16_t v16[2]; >- uint32_t value; >+ uint8_t v8[4]; >+ uint16_t v16[2]; >+ uint32_t value; > } v32_t; > > typedef union { >- uint8_t v8[8]; >- uint16_t v16[4]; >- uint32_t v32[2]; >- uint64_t value; >+ uint8_t v8[8]; >+ uint16_t v16[4]; >+ uint32_t v32[2]; >+ uint64_t value; > } v64_t; > > typedef union { >- uint8_t v8[16]; >- uint16_t v16[8]; >- uint32_t v32[4]; >- uint64_t v64[2]; >+ uint8_t v8[16]; >+ uint16_t v16[8]; >+ uint32_t v32[4]; >+ uint64_t v64[2]; > } v128_t; > > typedef union { >@@ -101,118 +101,82 @@ typedef union { > uint64_t v64[4]; > } v256_t; > >- > /* some useful and simple math functions */ > >-#define pow_2(X) ( (unsigned int)1 << (X) ) /* 2^X */ >- >-#define pow_minus_one(X) ( (X) ? -1 : 1 ) /* (-1)^X */ >+#define pow_2(X) ((unsigned int)1 << (X)) /* 2^X */ > >+#define pow_minus_one(X) ((X) ? -1 : 1) /* (-1)^X */ > > /* > * octet_get_weight(x) returns the hamming weight (number of bits equal to > * one) in the octet x > */ > >-int >-octet_get_weight(uint8_t octet); >+int octet_get_weight(uint8_t octet); > > #define MAX_PRINT_STRING_LEN 1024 > >-char * >-srtp_octet_string_hex_string(const void *str, int length); >+char *srtp_octet_string_hex_string(const void *str, int length); > >-char * >-v128_bit_string(v128_t *x); >+char *v128_bit_string(v128_t *x); > >-char * >-v128_hex_string(v128_t *x); >+char *v128_hex_string(v128_t *x); > >-void >-v128_copy_octet_string(v128_t *x, const uint8_t s[16]); >+void v128_copy_octet_string(v128_t *x, const uint8_t s[16]); > >-void >-v128_left_shift(v128_t *x, int shift_index); >+void v128_left_shift(v128_t *x, int shift_index); > >-void >-v128_right_shift(v128_t *x, int shift_index); >+void v128_right_shift(v128_t *x, int shift_index); > > /* > * the following macros define the data manipulation functions >- * >+ * > * If DATATYPES_USE_MACROS is defined, then these macros are used > * directly (and function call overhead is avoided). Otherwise, > * the macros are used through the functions defined in datatypes.c > * (and the compiler provides better warnings). > */ > >-#define _v128_set_to_zero(x) \ >-( \ >- (x)->v32[0] = 0, \ >- (x)->v32[1] = 0, \ >- (x)->v32[2] = 0, \ >- (x)->v32[3] = 0 \ >-) >- >-#define _v128_copy(x, y) \ >-( \ >- (x)->v32[0] = (y)->v32[0], \ >- (x)->v32[1] = (y)->v32[1], \ >- (x)->v32[2] = (y)->v32[2], \ >- (x)->v32[3] = (y)->v32[3] \ >-) >- >-#define _v128_xor(z, x, y) \ >-( \ >- (z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \ >- (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \ >- (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \ >- (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3] \ >-) >- >-#define _v128_and(z, x, y) \ >-( \ >- (z)->v32[0] = (x)->v32[0] & (y)->v32[0], \ >- (z)->v32[1] = (x)->v32[1] & (y)->v32[1], \ >- (z)->v32[2] = (x)->v32[2] & (y)->v32[2], \ >- (z)->v32[3] = (x)->v32[3] & (y)->v32[3] \ >-) >- >-#define _v128_or(z, x, y) \ >-( \ >- (z)->v32[0] = (x)->v32[0] | (y)->v32[0], \ >- (z)->v32[1] = (x)->v32[1] | (y)->v32[1], \ >- (z)->v32[2] = (x)->v32[2] | (y)->v32[2], \ >- (z)->v32[3] = (x)->v32[3] | (y)->v32[3] \ >-) >- >-#define _v128_complement(x) \ >-( \ >- (x)->v32[0] = ~(x)->v32[0], \ >- (x)->v32[1] = ~(x)->v32[1], \ >- (x)->v32[2] = ~(x)->v32[2], \ >- (x)->v32[3] = ~(x)->v32[3] \ >-) >+#define _v128_set_to_zero(x) \ >+ ((x)->v32[0] = 0, (x)->v32[1] = 0, (x)->v32[2] = 0, (x)->v32[3] = 0) > >-/* ok for NO_64BIT_MATH if it can compare uint64_t's (even as structures) */ >-#define _v128_is_eq(x, y) \ >- (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1])) >+#define _v128_copy(x, y) \ >+ ((x)->v32[0] = (y)->v32[0], (x)->v32[1] = (y)->v32[1], \ >+ (x)->v32[2] = (y)->v32[2], (x)->v32[3] = (y)->v32[3]) > >+#define _v128_xor(z, x, y) \ >+ ((z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \ >+ (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \ >+ (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \ >+ (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3]) >+ >+#define _v128_and(z, x, y) \ >+ ((z)->v32[0] = (x)->v32[0] & (y)->v32[0], \ >+ (z)->v32[1] = (x)->v32[1] & (y)->v32[1], \ >+ (z)->v32[2] = (x)->v32[2] & (y)->v32[2], \ >+ (z)->v32[3] = (x)->v32[3] & (y)->v32[3]) >+ >+#define _v128_or(z, x, y) \ >+ ((z)->v32[0] = (x)->v32[0] | (y)->v32[0], \ >+ (z)->v32[1] = (x)->v32[1] | (y)->v32[1], \ >+ (z)->v32[2] = (x)->v32[2] | (y)->v32[2], \ >+ (z)->v32[3] = (x)->v32[3] | (y)->v32[3]) >+ >+#define _v128_complement(x) \ >+ ((x)->v32[0] = ~(x)->v32[0], (x)->v32[1] = ~(x)->v32[1], \ >+ (x)->v32[2] = ~(x)->v32[2], (x)->v32[3] = ~(x)->v32[3]) >+ >+/* ok for NO_64BIT_MATH if it can compare uint64_t's (even as structures) */ >+#define _v128_is_eq(x, y) \ >+ (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1])) > > #ifdef NO_64BIT_MATH >-#define _v128_xor_eq(z, x) \ >-( \ >- (z)->v32[0] ^= (x)->v32[0], \ >- (z)->v32[1] ^= (x)->v32[1], \ >- (z)->v32[2] ^= (x)->v32[2], \ >- (z)->v32[3] ^= (x)->v32[3] \ >-) >+#define _v128_xor_eq(z, x) \ >+ ((z)->v32[0] ^= (x)->v32[0], (z)->v32[1] ^= (x)->v32[1], \ >+ (z)->v32[2] ^= (x)->v32[2], (z)->v32[3] ^= (x)->v32[3]) > #else >-#define _v128_xor_eq(z, x) \ >-( \ >- (z)->v64[0] ^= (x)->v64[0], \ >- (z)->v64[1] ^= (x)->v64[1] \ >-) >+#define _v128_xor_eq(z, x) \ >+ ((z)->v64[0] ^= (x)->v64[0], (z)->v64[1] ^= (x)->v64[1]) > #endif > > /* NOTE! This assumes an odd ordering! */ >@@ -224,76 +188,55 @@ v128_right_shift(v128_t *x, int shift_index); > really care which bit is which. AES does care which bit is which, but > doesn't use the 128-bit get/set or 128-bit shifts */ > >-#define _v128_get_bit(x, bit) \ >-( \ >- ((((x)->v32[(bit) >> 5]) >> ((bit) & 31)) & 1) \ >-) >- >-#define _v128_set_bit(x, bit) \ >-( \ >- (((x)->v32[(bit) >> 5]) |= ((uint32_t)1 << ((bit) & 31))) \ >-) >- >-#define _v128_clear_bit(x, bit) \ >-( \ >- (((x)->v32[(bit) >> 5]) &= ~((uint32_t)1 << ((bit) & 31))) \ >-) >- >-#define _v128_set_bit_to(x, bit, value) \ >-( \ >- (value) ? _v128_set_bit(x, bit) : \ >- _v128_clear_bit(x, bit) \ >-) >- >-#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ >- >-#define v128_set_to_zero(z) _v128_set_to_zero(z) >-#define v128_copy(z, x) _v128_copy(z, x) >-#define v128_xor(z, x, y) _v128_xor(z, x, y) >-#define v128_and(z, x, y) _v128_and(z, x, y) >-#define v128_or(z, x, y) _v128_or(z, x, y) >-#define v128_complement(x) _v128_complement(x) >-#define v128_is_eq(x, y) _v128_is_eq(x, y) >-#define v128_xor_eq(x, y) _v128_xor_eq(x, y) >-#define v128_get_bit(x, i) _v128_get_bit(x, i) >-#define v128_set_bit(x, i) _v128_set_bit(x, i) >-#define v128_clear_bit(x, i) _v128_clear_bit(x, i) >-#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) >+#define _v128_get_bit(x, bit) (((((x)->v32[(bit) >> 5]) >> ((bit)&31)) & 1)) >+ >+#define _v128_set_bit(x, bit) \ >+ ((((x)->v32[(bit) >> 5]) |= ((uint32_t)1 << ((bit)&31)))) >+ >+#define _v128_clear_bit(x, bit) \ >+ ((((x)->v32[(bit) >> 5]) &= ~((uint32_t)1 << ((bit)&31)))) >+ >+#define _v128_set_bit_to(x, bit, value) \ >+ ((value) ? _v128_set_bit(x, bit) : _v128_clear_bit(x, bit)) >+ >+#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ >+ >+#define v128_set_to_zero(z) _v128_set_to_zero(z) >+#define v128_copy(z, x) _v128_copy(z, x) >+#define v128_xor(z, x, y) _v128_xor(z, x, y) >+#define v128_and(z, x, y) _v128_and(z, x, y) >+#define v128_or(z, x, y) _v128_or(z, x, y) >+#define v128_complement(x) _v128_complement(x) >+#define v128_is_eq(x, y) _v128_is_eq(x, y) >+#define v128_xor_eq(x, y) _v128_xor_eq(x, y) >+#define v128_get_bit(x, i) _v128_get_bit(x, i) >+#define v128_set_bit(x, i) _v128_set_bit(x, i) >+#define v128_clear_bit(x, i) _v128_clear_bit(x, i) >+#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) > > #else > >-void >-v128_set_to_zero(v128_t *x); >+void v128_set_to_zero(v128_t *x); > >-int >-v128_is_eq(const v128_t *x, const v128_t *y); >+int v128_is_eq(const v128_t *x, const v128_t *y); > >-void >-v128_copy(v128_t *x, const v128_t *y); >+void v128_copy(v128_t *x, const v128_t *y); > >-void >-v128_xor(v128_t *z, v128_t *x, v128_t *y); >+void v128_xor(v128_t *z, v128_t *x, v128_t *y); > >-void >-v128_and(v128_t *z, v128_t *x, v128_t *y); >+void v128_and(v128_t *z, v128_t *x, v128_t *y); > >-void >-v128_or(v128_t *z, v128_t *x, v128_t *y); >+void v128_or(v128_t *z, v128_t *x, v128_t *y); > >-void >-v128_complement(v128_t *x); >+void v128_complement(v128_t *x); > >-int >-v128_get_bit(const v128_t *x, int i); >+int v128_get_bit(const v128_t *x, int i); > >-void >-v128_set_bit(v128_t *x, int i) ; >+void v128_set_bit(v128_t *x, int i); > >-void >-v128_clear_bit(v128_t *x, int i); >+void v128_clear_bit(v128_t *x, int i); > >-void >-v128_set_bit_to(v128_t *x, int i, int y); >+void v128_set_bit_to(v128_t *x, int i, int y); > > #endif /* DATATYPES_USE_MACROS */ > >@@ -304,113 +247,102 @@ v128_set_bit_to(v128_t *x, int i, int y); > * verifying authentication tags. > */ > >-int >-octet_string_is_eq(uint8_t *a, uint8_t *b, int len); >+int octet_string_is_eq(uint8_t *a, uint8_t *b, int len); > > /* > * A portable way to zero out memory as recommended by > * https://cryptocoding.net/index.php/Coding_rules#Clean_memory_of_secret_data > * This is used to zero memory when OPENSSL_cleanse() is not available. > */ >-void >-srtp_cleanse(void *s, size_t len); >+void srtp_cleanse(void *s, size_t len); > > /* > * Functions as a wrapper that delegates to either srtp_cleanse() or > * OPENSSL_cleanse() if available to zero memory. > */ >-void >-octet_string_set_to_zero(void *s, size_t len); >+void octet_string_set_to_zero(void *s, size_t len); > >-#if defined(HAVE_CONFIG_H) >+#if defined(HAVE_CONFIG_H) > >-/* >+/* > * Convert big endian integers to CPU byte order. > */ > #ifdef WORDS_BIGENDIAN > /* Nothing to do. */ >-# define be32_to_cpu(x) (x) >-# define be64_to_cpu(x) (x) >+#define be32_to_cpu(x) (x) >+#define be64_to_cpu(x) (x) > #elif defined(HAVE_BYTESWAP_H) > /* We have (hopefully) optimized versions in byteswap.h */ >-# include <byteswap.h> >-# define be32_to_cpu(x) bswap_32((x)) >-# define be64_to_cpu(x) bswap_64((x)) >-#else >+#include <byteswap.h> >+#define be32_to_cpu(x) bswap_32((x)) >+#define be64_to_cpu(x) bswap_64((x)) >+#else /* WORDS_BIGENDIAN */ > > #if defined(__GNUC__) && defined(HAVE_X86) > /* Fall back. */ >-static inline uint32_t be32_to_cpu(uint32_t v) { >- /* optimized for x86. */ >- asm("bswap %0" : "=r" (v) : "0" (v)); >- return v; >-} >-# else /* HAVE_X86 */ >-# ifdef HAVE_NETINET_IN_H >-# include <netinet/in.h> >-# elif defined HAVE_WINSOCK2_H >-# include <winsock2.h> >-# endif >-# define be32_to_cpu(x) ntohl((x)) >-# endif /* HAVE_X86 */ >- >-static inline uint64_t be64_to_cpu(uint64_t v) { >-# ifdef NO_64BIT_MATH >- /* use the make64 functions to do 64-bit math */ >- v = make64(htonl(low32(v)),htonl(high32(v))); >-# else >- /* use the native 64-bit math */ >- v= (uint64_t)((be32_to_cpu((uint32_t)(v >> 32))) | (((uint64_t)be32_to_cpu((uint32_t)v)) << 32)); >-# endif >- return v; >+static inline uint32_t be32_to_cpu(uint32_t v) >+{ >+ /* optimized for x86. */ >+ asm("bswap %0" : "=r"(v) : "0"(v)); >+ return v; > } >+#else /* HAVE_X86 */ >+#ifdef HAVE_NETINET_IN_H >+#include <netinet/in.h> >+#elif defined HAVE_WINSOCK2_H >+#include <winsock2.h> >+#endif /* HAVE_NETINET_IN_H */ >+#define be32_to_cpu(x) ntohl((x)) >+#endif /* HAVE_X86 */ > >-#endif >+static inline uint64_t be64_to_cpu(uint64_t v) >+{ >+#ifdef NO_64BIT_MATH >+ /* use the make64 functions to do 64-bit math */ >+ v = make64(htonl(low32(v)), htonl(high32(v))); >+#else /* NO_64BIT_MATH */ >+ /* use the native 64-bit math */ >+ v = (uint64_t)((be32_to_cpu((uint32_t)(v >> 32))) | >+ (((uint64_t)be32_to_cpu((uint32_t)v)) << 32)); >+#endif /* NO_64BIT_MATH */ >+ return v; >+} > > #endif /* WORDS_BIGENDIAN */ > >+#endif /* HAVE_CONFIG_H */ >+ > /* >- * functions manipulating bitvector_t >+ * functions manipulating bitvector_t > * > * A bitvector_t consists of an array of words and an integer > * representing the number of significant bits stored in the array. > * The bits are packed as follows: the least significant bit is that > * of word[0], while the most significant bit is the nth most > * significant bit of word[m], where length = bits_per_word * m + n. >- * >+ * > */ > >-#define bits_per_word 32 >+#define bits_per_word 32 > #define bytes_per_word 4 > > typedef struct { >- uint32_t length; >- uint32_t *word; >+ uint32_t length; >+ uint32_t *word; > } bitvector_t; > >+#define _bitvector_get_bit(v, bit_index) \ >+ (((((v)->word[((bit_index) >> 5)]) >> ((bit_index)&31)) & 1)) > >-#define _bitvector_get_bit(v, bit_index) \ >-( \ >- ((((v)->word[((bit_index) >> 5)]) >> ((bit_index) & 31)) & 1) \ >-) >- >- >-#define _bitvector_set_bit(v, bit_index) \ >-( \ >- (((v)->word[((bit_index) >> 5)] |= ((uint32_t)1 << ((bit_index) & 31)))) \ >-) >+#define _bitvector_set_bit(v, bit_index) \ >+ ((((v)->word[((bit_index) >> 5)] |= ((uint32_t)1 << ((bit_index)&31))))) > >-#define _bitvector_clear_bit(v, bit_index) \ >-( \ >- (((v)->word[((bit_index) >> 5)] &= ~((uint32_t)1 << ((bit_index) & 31)))) \ >-) >+#define _bitvector_clear_bit(v, bit_index) \ >+ ((((v)->word[((bit_index) >> 5)] &= ~((uint32_t)1 << ((bit_index)&31))))) > >-#define _bitvector_get_length(v) \ >-( \ >- ((v)->length) \ >-) >+#define _bitvector_get_length(v) (((v)->length)) > >-#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ >+#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ > > #define bitvector_get_bit(v, bit_index) _bitvector_get_bit(v, bit_index) > #define bitvector_set_bit(v, bit_index) _bitvector_set_bit(v, bit_index) >@@ -419,34 +351,25 @@ typedef struct { > > #else > >-int >-bitvector_get_bit(const bitvector_t *v, int bit_index); >+int bitvector_get_bit(const bitvector_t *v, int bit_index); > >-void >-bitvector_set_bit(bitvector_t *v, int bit_index); >+void bitvector_set_bit(bitvector_t *v, int bit_index); > >-void >-bitvector_clear_bit(bitvector_t *v, int bit_index); >+void bitvector_clear_bit(bitvector_t *v, int bit_index); > >-unsigned long >-bitvector_get_length(const bitvector_t *v); >+unsigned long bitvector_get_length(const bitvector_t *v); > > #endif > >-int >-bitvector_alloc(bitvector_t *v, unsigned long length); >+int bitvector_alloc(bitvector_t *v, unsigned long length); > >-void >-bitvector_dealloc(bitvector_t *v); >+void bitvector_dealloc(bitvector_t *v); > >-void >-bitvector_set_to_zero(bitvector_t *x); >+void bitvector_set_to_zero(bitvector_t *x); > >-void >-bitvector_left_shift(bitvector_t *x, int index); >+void bitvector_left_shift(bitvector_t *x, int index); > >-char * >-bitvector_bit_string(bitvector_t *x, char* buf, int len); >+char *bitvector_bit_string(bitvector_t *x, char *buf, int len); > > #ifdef __cplusplus > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/err.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/err.h >index b6f196da843c14a9a7ea121223503ff28633c1d3..66a1023ec8691dca3f180ff05f0c13f8195bf85c 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/err.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/err.h >@@ -42,7 +42,6 @@ > * > */ > >- > #ifndef ERR_H > #define ERR_H > >@@ -62,7 +61,6 @@ extern "C" { > * @{ > */ > >- > /** > * @} > */ >@@ -82,9 +80,11 @@ typedef enum { > > srtp_err_status_t srtp_err_reporting_init(void); > >-typedef void (srtp_err_report_handler_func_t)(srtp_err_reporting_level_t level, const char * msg); >+typedef void(srtp_err_report_handler_func_t)(srtp_err_reporting_level_t level, >+ const char *msg); > >-srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func); >+srtp_err_status_t srtp_install_err_report_handler( >+ srtp_err_report_handler_func_t func); > > /* > * srtp_err_report reports a 'printf' formatted error >@@ -96,9 +96,7 @@ srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t > * > */ > >-void >-srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...); >- >+void srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...); > > /* > * debug_module_t defines a debug module >@@ -111,17 +109,21 @@ typedef struct { > > #ifdef ENABLE_DEBUG_LOGGING > >-#define debug_print(mod, format, arg) \ >+#define debug_print(mod, format, arg) \ > srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) >-#define debug_print2(mod, format, arg1, arg2) \ >- srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg1, arg2) >+#define debug_print2(mod, format, arg1, arg2) \ >+ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, \ >+ arg1, arg2) > > #else > >-#define debug_print(mod, format, arg) \ >- if (mod.on) srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) >-#define debug_print2(mod, format, arg1, arg2) \ >- if (mod.on) srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg1, arg2) >+#define debug_print(mod, format, arg) \ >+ if (mod.on) \ >+ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) >+#define debug_print2(mod, format, arg1, arg2) \ >+ if (mod.on) \ >+ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, \ >+ arg1, arg2) > > #endif > >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/integers.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/integers.h >index 4a871c7085028cfd54b07729454ed534d449585c..f2cd7c064d719dbbc4a6c0ef0e4c4da0b98d6a5b 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/integers.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/integers.h >@@ -8,26 +8,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -43,29 +43,27 @@ > * > */ > >- > #ifndef INTEGERS_H > #define INTEGERS_H > >- > /* use standard integer definitions, if they're available */ > #ifdef HAVE_STDLIB_H >-# include <stdlib.h> >+#include <stdlib.h> > #endif > #ifdef HAVE_STDINT_H >-# include <stdint.h> >+#include <stdint.h> > #endif > #ifdef HAVE_INTTYPES_H >-# include <inttypes.h> >+#include <inttypes.h> > #endif > #ifdef HAVE_SYS_TYPES_H >-# include <sys/types.h> >+#include <sys/types.h> > #endif > #ifdef HAVE_SYS_INT_TYPES_H >-# include <sys/int_types.h> /* this exists on Sun OS */ >+#include <sys/int_types.h> /* this exists on Sun OS */ > #endif > #ifdef HAVE_MACHINE_TYPES_H >-# include <machine/types.h> >+#include <machine/types.h> > #endif > > #ifdef __cplusplus >@@ -74,31 +72,30 @@ extern "C" { > > /* Can we do 64 bit integers? */ > #if !defined(HAVE_UINT64_T) >-# if SIZEOF_UNSIGNED_LONG == 8 >-typedef unsigned long uint64_t; >-# elif SIZEOF_UNSIGNED_LONG_LONG == 8 >-typedef unsigned long long uint64_t; >-# else >-# define NO_64BIT_MATH 1 >-# endif >+#if SIZEOF_UNSIGNED_LONG == 8 >+typedef unsigned long uint64_t; >+#elif SIZEOF_UNSIGNED_LONG_LONG == 8 >+typedef unsigned long long uint64_t; >+#else >+#define NO_64BIT_MATH 1 >+#endif > #endif > > /* Reasonable defaults for 32 bit machines - you may need to > * edit these definitions for your own machine. */ > #ifndef HAVE_UINT8_T >-typedef unsigned char uint8_t; >+typedef unsigned char uint8_t; > #endif > #ifndef HAVE_UINT16_T >-typedef unsigned short int uint16_t; >+typedef unsigned short int uint16_t; > #endif > #ifndef HAVE_UINT32_T >-typedef unsigned int uint32_t; >+typedef unsigned int uint32_t; > #endif > #ifndef HAVE_INT32_T > typedef int int32_t; > #endif > >- > #if defined(NO_64BIT_MATH) && defined(HAVE_CONFIG_H) > typedef double uint64_t; > /* assert that sizeof(double) == 8 */ >@@ -107,39 +104,38 @@ extern uint32_t high32(uint64_t value); > extern uint32_t low32(uint64_t value); > #endif > >- > /* These macros are to load and store 32-bit values from un-aligned > addresses. This is required for processors that do not allow unaligned > loads. */ > #ifdef ALIGNMENT_32BIT_REQUIRED > /* Note that if it's in a variable, you can memcpy it */ > #ifdef WORDS_BIGENDIAN >-#define PUT_32(addr,value) \ >- { \ >- ((unsigned char *) (addr))[0] = (value >> 24); \ >- ((unsigned char *) (addr))[1] = (value >> 16) & 0xff; \ >- ((unsigned char *) (addr))[2] = (value >> 8) & 0xff; \ >- ((unsigned char *) (addr))[3] = (value) & 0xff; \ >+#define PUT_32(addr, value) \ >+ { \ >+ ((unsigned char *)(addr))[0] = (value >> 24); \ >+ ((unsigned char *)(addr))[1] = (value >> 16) & 0xff; \ >+ ((unsigned char *)(addr))[2] = (value >> 8) & 0xff; \ >+ ((unsigned char *)(addr))[3] = (value)&0xff; \ > } >-#define GET_32(addr) ((((unsigned char *) (addr))[0] << 24) | \ >- (((unsigned char *) (addr))[1] << 16) | \ >- (((unsigned char *) (addr))[2] << 8) | \ >- (((unsigned char *) (addr))[3])) >+#define GET_32(addr) \ >+ ((((unsigned char *)(addr))[0] << 24) | \ >+ (((unsigned char *)(addr))[1] << 16) | \ >+ (((unsigned char *)(addr))[2] << 8) | (((unsigned char *)(addr))[3])) > #else >-#define PUT_32(addr,value) \ >- { \ >- ((unsigned char *) (addr))[3] = (value >> 24); \ >- ((unsigned char *) (addr))[2] = (value >> 16) & 0xff; \ >- ((unsigned char *) (addr))[1] = (value >> 8) & 0xff; \ >- ((unsigned char *) (addr))[0] = (value) & 0xff; \ >+#define PUT_32(addr, value) \ >+ { \ >+ ((unsigned char *)(addr))[3] = (value >> 24); \ >+ ((unsigned char *)(addr))[2] = (value >> 16) & 0xff; \ >+ ((unsigned char *)(addr))[1] = (value >> 8) & 0xff; \ >+ ((unsigned char *)(addr))[0] = (value)&0xff; \ > } >-#define GET_32(addr) ((((unsigned char *) (addr))[3] << 24) | \ >- (((unsigned char *) (addr))[2] << 16) | \ >- (((unsigned char *) (addr))[1] << 8) | \ >- (((unsigned char *) (addr))[0])) >+#define GET_32(addr) \ >+ ((((unsigned char *)(addr))[3] << 24) | \ >+ (((unsigned char *)(addr))[2] << 16) | \ >+ (((unsigned char *)(addr))[1] << 8) | (((unsigned char *)(addr))[0])) > #endif // WORDS_BIGENDIAN > #else >-#define PUT_32(addr,value) *(((uint32_t *) (addr)) = (value) >+#define PUT_32(addr, value) *(((uint32_t *) (addr)) = (value) > #define GET_32(addr) (*(((uint32_t *) (addr))) > #endif > >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/key.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/key.h >index 55ba126435d73335f109405a180cdead8b5be3fc..3498114b0502a556cb5df720e09e9c84cc4d40ce 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/key.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/key.h >@@ -45,7 +45,7 @@ > #ifndef KEY_H > #define KEY_H > >-#include "rdbx.h" /* for srtp_xtd_seq_num_t */ >+#include "rdbx.h" /* for srtp_xtd_seq_num_t */ > #include "err.h" > > #ifdef __cplusplus >@@ -60,9 +60,11 @@ typedef enum { > srtp_key_event_hard_limit > } srtp_key_event_t; > >-srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key, const srtp_xtd_seq_num_t s); >+srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key, >+ const srtp_xtd_seq_num_t s); > >-srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original, srtp_key_limit_t *new_key); >+srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original, >+ srtp_key_limit_t *new_key); > > srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key); > >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/null_cipher.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/null_cipher.h >index 4e168f1a772f44eebf758a628eff22f30e6af2f2..5e8c91c1349139a004b533ab3bafe0a40aba012e 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/null_cipher.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/null_cipher.h >@@ -44,7 +44,6 @@ > * > */ > >- > #ifndef NULL_CIPHER_H > #define NULL_CIPHER_H > >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/rdb.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/rdb.h >index 4671a0a0d98b5e3f436b95242d580bb636e51709..98314c1f3ee04922201787758512c4b53f270fe0 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/rdb.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/rdb.h >@@ -7,28 +7,27 @@ > * Cisco Systems, Inc. > */ > >- > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -47,9 +46,9 @@ > #ifndef REPLAY_DB_H > #define REPLAY_DB_H > >-#include "integers.h" /* for uint32_t */ >-#include "datatypes.h" /* for v128_t */ >-#include "err.h" /* for srtp_err_status_t */ >+#include "integers.h" /* for uint32_t */ >+#include "datatypes.h" /* for v128_t */ >+#include "err.h" /* for srtp_err_status_t */ > > #ifdef __cplusplus > extern "C" { >@@ -76,7 +75,6 @@ typedef struct { > */ > srtp_err_status_t srtp_rdb_init(srtp_rdb_t *rdb); > >- > /* > * srtp_rdb_check > * >@@ -103,7 +101,6 @@ srtp_err_status_t srtp_rdb_add_index(srtp_rdb_t *rdb, uint32_t rdb_index); > * srtp_rdb_t upon which srtp_rdb_add_index is used! > */ > >- > /* > * srtp_rdb_increment(db) increments the sequence number in db, if it is > * not too high >@@ -121,7 +118,6 @@ srtp_err_status_t srtp_rdb_increment(srtp_rdb_t *rdb); > */ > uint32_t srtp_rdb_get_value(const srtp_rdb_t *rdb); > >- > #ifdef __cplusplus > } > #endif >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/rdbx.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/rdbx.h >index 010eb012d7747b7012bd7e3bea01dd4ca76719ab..2194178ee2ab3f4cc980a0af81c375d32879ce88 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/rdbx.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/rdbx.h >@@ -9,26 +9,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -58,10 +58,10 @@ extern "C" { > > #ifndef ROC_TEST > >-typedef uint16_t srtp_sequence_number_t; /* 16 bit sequence number */ >-typedef uint32_t srtp_rollover_counter_t; /* 32 bit rollover counter */ >+typedef uint16_t srtp_sequence_number_t; /* 16 bit sequence number */ >+typedef uint32_t srtp_rollover_counter_t; /* 32 bit rollover counter */ > >-#else /* use small seq_num and roc datatypes for testing purposes */ >+#else /* use small seq_num and roc datatypes for testing purposes */ > > typedef unsigned char srtp_sequence_number_t; /* 8 bit sequence number */ > typedef uint16_t srtp_rollover_counter_t; /* 16 bit rollover counter */ >@@ -69,7 +69,7 @@ typedef uint16_t srtp_rollover_counter_t; /* 16 bit rollover counter */ > #endif > > #define seq_num_median (1 << (8 * sizeof(srtp_sequence_number_t) - 1)) >-#define seq_num_max (1 << (8 * sizeof(srtp_sequence_number_t))) >+#define seq_num_max (1 << (8 * sizeof(srtp_sequence_number_t))) > > /* > * An rtp_xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended' >@@ -77,7 +77,6 @@ typedef uint16_t srtp_rollover_counter_t; /* 16 bit rollover counter */ > */ > typedef uint64_t srtp_xtd_seq_num_t; > >- > /* > * An srtp_rdbx_t is a replay database with extended range; it uses an > * xtd_seq_num_t and a bitmask of recently received indices. >@@ -87,7 +86,6 @@ typedef struct { > bitvector_t bitmask; > } srtp_rdbx_t; > >- > /* > * srtp_rdbx_init(rdbx_ptr, ws) > * >@@ -96,7 +94,6 @@ typedef struct { > */ > srtp_err_status_t srtp_rdbx_init(srtp_rdbx_t *rdbx, unsigned long ws); > >- > /* > * srtp_rdbx_dealloc(rdbx_ptr) > * >@@ -104,7 +101,6 @@ srtp_err_status_t srtp_rdbx_init(srtp_rdbx_t *rdbx, unsigned long ws); > */ > srtp_err_status_t srtp_rdbx_dealloc(srtp_rdbx_t *rdbx); > >- > /* > * srtp_rdbx_estimate_index(rdbx, guess, s) > * >@@ -113,7 +109,9 @@ srtp_err_status_t srtp_rdbx_dealloc(srtp_rdbx_t *rdbx); > * index to which s corresponds, and returns the difference between > * *guess and the locally stored synch info > */ >-int32_t srtp_rdbx_estimate_index(const srtp_rdbx_t *rdbx, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s); >+int32_t srtp_rdbx_estimate_index(const srtp_rdbx_t *rdbx, >+ srtp_xtd_seq_num_t *guess, >+ srtp_sequence_number_t s); > > /* > * srtp_rdbx_check(rdbx, delta); >@@ -136,7 +134,6 @@ srtp_err_status_t srtp_rdbx_check(const srtp_rdbx_t *rdbx, int difference); > */ > srtp_err_status_t srtp_rdbx_add_index(srtp_rdbx_t *rdbx, int delta); > >- > /* > * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx > * to have the rollover counter value roc. If that value is less than >@@ -147,7 +144,8 @@ srtp_err_status_t srtp_rdbx_add_index(srtp_rdbx_t *rdbx, int delta); > srtp_err_status_t srtp_rdbx_set_roc(srtp_rdbx_t *rdbx, uint32_t roc); > > /* >- * srtp_rdbx_get_packet_index(rdbx) returns the value of the rollover counter for >+ * srtp_rdbx_get_packet_index(rdbx) returns the value of the rollover counter >+ * for > * the srtp_rdbx_t pointed to by rdbx > * > */ >@@ -166,14 +164,12 @@ srtp_xtd_seq_num_t srtp_rdbx_get_packet_index(const srtp_rdbx_t *rdbx); > */ > unsigned long srtp_rdbx_get_window_size(const srtp_rdbx_t *rdbx); > >- > /* index_init(&pi) initializes a packet index pi (sets it to zero) */ > void srtp_index_init(srtp_xtd_seq_num_t *pi); > > /* index_advance(&pi, s) advances a xtd_seq_num_t forward by s */ > void srtp_index_advance(srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s); > >- > /* > * srtp_index_guess(local, guess, s) > * >@@ -183,7 +179,9 @@ void srtp_index_advance(srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s); > * guess of the packet index to which s corresponds, and returns the > * difference between *guess and *local > */ >-int32_t srtp_index_guess(const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s); >+int32_t srtp_index_guess(const srtp_xtd_seq_num_t *local, >+ srtp_xtd_seq_num_t *guess, >+ srtp_sequence_number_t s); > > /* > * srtp_rdbx_get_roc(rdbx) >@@ -200,9 +198,9 @@ uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx); > * rollover counter value, then the function returns > * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned. > */ >-srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx, >- uint32_t roc, >- uint16_t seq); >+srtp_err_status_t srtp_rdbx_set_roc_seq(srtp_rdbx_t *rdbx, >+ uint32_t roc, >+ uint16_t seq); > > #ifdef __cplusplus > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/stat.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/stat.h >index e8cf3605a86018021348a62f720e483734727734..1894e041aa7c342c04f19899aa3102b54e451aaa 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/stat.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/include/stat.h >@@ -1,6 +1,6 @@ > /* > * stats.h >- * >+ * > * interface to statistical test functions > * > * David A. McGrew >@@ -8,26 +8,26 @@ > */ > > /* >- * >+ * > * Copyright(c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -43,12 +43,11 @@ > * > */ > >- > #ifndef STAT_H > #define STAT_H > >-#include "datatypes.h" /* for uint8_t */ >-#include "err.h" /* for srtp_err_status_t */ >+#include "datatypes.h" /* for uint8_t */ >+#include "err.h" /* for srtp_err_status_t */ > > #ifdef __cplusplus > extern "C" { >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/alloc.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/alloc.c >index cbd8877c87f051caebdc0e52712903121fc95b81..dbe58266f43a6849ed965ac7f787affd0e2a8221 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/alloc.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/alloc.c >@@ -1,32 +1,32 @@ > /* > * alloc.c > * >- * memory allocation and deallocation >+ * memory allocation and deallocation > * > * David A. McGrew > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright (c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -43,7 +43,7 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "alloc.h" >@@ -51,9 +51,9 @@ > > /* the debug module for memory allocation */ > >-srtp_debug_module_t mod_alloc = { >- 0, /* debugging is off by default */ >- "alloc" /* printable name for module */ >+srtp_debug_module_t srtp_mod_alloc = { >+ 0, /* debugging is off by default */ >+ "alloc" /* printable name for module */ > }; > > /* >@@ -67,29 +67,35 @@ srtp_debug_module_t mod_alloc = { > > #if defined(HAVE_STDLIB_H) > >-void * srtp_crypto_alloc(size_t size) { >- void *ptr; >+void *srtp_crypto_alloc(size_t size) >+{ >+ void *ptr; > >- ptr = malloc(size); >- >- if (ptr) { >- debug_print(mod_alloc, "(location: %p) allocated", ptr); >- } else { >- debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size); >- } >+ if (!size) { >+ return NULL; >+ } > >- return ptr; >-} >+ ptr = calloc(1, size); > >-void srtp_crypto_free(void *ptr) { >+ if (ptr) { >+ debug_print(srtp_mod_alloc, "(location: %p) allocated", ptr); >+ } else { >+ debug_print(srtp_mod_alloc, "allocation failed (asked for %d bytes)\n", >+ size); >+ } >+ >+ return ptr; >+} > >- debug_print(mod_alloc, "(location: %p) freed", ptr); >+void srtp_crypto_free(void *ptr) >+{ >+ debug_print(srtp_mod_alloc, "(location: %p) freed", ptr); > >- free(ptr); >+ free(ptr); > } > >-#else /* we need to define our own memory allocation routines */ >+#else /* we need to define our own memory allocation routines */ > >-#error no memory allocation defined yet >+#error no memory allocation defined yet > > #endif >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/crypto_kernel.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/crypto_kernel.c >index 3caff0e123ce9655b937fe8a8ea1c1c0c4200a94..ab4492e8a6447808d2b55e0b87ffb14b81ca2e63 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/crypto_kernel.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/crypto_kernel.c >@@ -42,60 +42,22 @@ > * > */ > >- > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "alloc.h" > > #include "crypto_kernel.h" >+#include "cipher_types.h" > > /* the debug module for the crypto_kernel */ > > srtp_debug_module_t srtp_mod_crypto_kernel = { >- 0, /* debugging is off by default */ >- "crypto kernel" /* printable name for module */ >+ 0, /* debugging is off by default */ >+ "crypto kernel" /* printable name for module */ > }; > >-/* >- * other generic debug modules that can be included in the kernel >- */ >- >-extern srtp_debug_module_t srtp_mod_auth; >-extern srtp_debug_module_t srtp_mod_cipher; >-extern srtp_debug_module_t mod_stat; >-extern srtp_debug_module_t mod_alloc; >- >-/* >- * cipher types that can be included in the kernel >- */ >- >-extern srtp_cipher_type_t srtp_null_cipher; >-extern srtp_cipher_type_t srtp_aes_icm_128; >-extern srtp_cipher_type_t srtp_aes_icm_256; >-#ifdef OPENSSL >-extern srtp_cipher_type_t srtp_aes_icm_192; >-extern srtp_cipher_type_t srtp_aes_gcm_128_openssl; >-extern srtp_cipher_type_t srtp_aes_gcm_256_openssl; >-#endif >- >-/* debug modules for cipher types */ >-extern srtp_debug_module_t srtp_mod_aes_icm; >-#ifdef OPENSSL >-extern srtp_debug_module_t srtp_mod_aes_gcm; >-#endif >- >-/* >- * auth func types that can be included in the kernel >- */ >- >-extern srtp_auth_type_t srtp_null_auth; >-extern srtp_auth_type_t srtp_hmac; >- >-/* debug modules for auth types */ >-extern srtp_debug_module_t srtp_mod_hmac; >- > /* crypto_kernel is a global variable, the only one of its datatype */ > > srtp_crypto_kernel_t crypto_kernel = { >@@ -107,13 +69,12 @@ srtp_crypto_kernel_t crypto_kernel = { > > #define MAX_RNG_TRIALS 25 > >-srtp_err_status_t srtp_crypto_kernel_init () >+srtp_err_status_t srtp_crypto_kernel_init() > { > srtp_err_status_t status; > > /* check the security state */ > if (crypto_kernel.state == srtp_crypto_kernel_state_secure) { >- > /* > * we're already in the secure state, but we've been asked to > * re-initialize, so we just re-run the self-tests and then return >@@ -140,25 +101,28 @@ srtp_err_status_t srtp_crypto_kernel_init () > if (status) { > return status; > } >- status = srtp_crypto_kernel_load_debug_module(&mod_stat); >+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_stat); > if (status) { > return status; > } >- status = srtp_crypto_kernel_load_debug_module(&mod_alloc); >+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_alloc); > if (status) { > return status; > } > > /* load cipher types */ >- status = srtp_crypto_kernel_load_cipher_type(&srtp_null_cipher, SRTP_NULL_CIPHER); >+ status = srtp_crypto_kernel_load_cipher_type(&srtp_null_cipher, >+ SRTP_NULL_CIPHER); > if (status) { > return status; > } >- status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_128, SRTP_AES_ICM_128); >+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_128, >+ SRTP_AES_ICM_128); > if (status) { > return status; > } >- status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_256, SRTP_AES_ICM_256); >+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_256, >+ SRTP_AES_ICM_256); > if (status) { > return status; > } >@@ -167,15 +131,18 @@ srtp_err_status_t srtp_crypto_kernel_init () > return status; > } > #ifdef OPENSSL >- status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_192, SRTP_AES_ICM_192); >+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_192, >+ SRTP_AES_ICM_192); > if (status) { > return status; > } >- status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128_openssl, SRTP_AES_GCM_128); >+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128_openssl, >+ SRTP_AES_GCM_128); > if (status) { > return status; > } >- status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256_openssl, SRTP_AES_GCM_256); >+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256_openssl, >+ SRTP_AES_GCM_256); > if (status) { > return status; > } >@@ -205,19 +172,21 @@ srtp_err_status_t srtp_crypto_kernel_init () > return srtp_err_status_ok; > } > >-srtp_err_status_t srtp_crypto_kernel_status () >+srtp_err_status_t srtp_crypto_kernel_status() > { > srtp_err_status_t status; >- srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; >- srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list; >+ srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; >+ srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list; > > /* for each cipher type, describe and test */ > while (ctype != NULL) { >- srtp_err_report(srtp_err_level_info, "cipher: %s\n", ctype->cipher_type->description); >+ srtp_err_report(srtp_err_level_info, "cipher: %s\n", >+ ctype->cipher_type->description); > srtp_err_report(srtp_err_level_info, " self-test: "); > status = srtp_cipher_type_self_test(ctype->cipher_type); > if (status) { >- srtp_err_report(srtp_err_level_error, "failed with error code %d\n", status); >+ srtp_err_report(srtp_err_level_error, "failed with error code %d\n", >+ status); > exit(status); > } > srtp_err_report(srtp_err_level_info, "passed\n"); >@@ -226,11 +195,13 @@ srtp_err_status_t srtp_crypto_kernel_status () > > /* for each auth type, describe and test */ > while (atype != NULL) { >- srtp_err_report(srtp_err_level_info, "auth func: %s\n", atype->auth_type->description); >+ srtp_err_report(srtp_err_level_info, "auth func: %s\n", >+ atype->auth_type->description); > srtp_err_report(srtp_err_level_info, " self-test: "); > status = srtp_auth_type_self_test(atype->auth_type); > if (status) { >- srtp_err_report(srtp_err_level_error, "failed with error code %d\n", status); >+ srtp_err_report(srtp_err_level_error, "failed with error code %d\n", >+ status); > exit(status); > } > srtp_err_report(srtp_err_level_info, "passed\n"); >@@ -242,7 +213,7 @@ srtp_err_status_t srtp_crypto_kernel_status () > return srtp_err_status_ok; > } > >-srtp_err_status_t srtp_crypto_kernel_list_debug_modules () >+srtp_err_status_t srtp_crypto_kernel_list_debug_modules() > { > srtp_kernel_debug_module_t *dm = crypto_kernel.debug_module_list; > >@@ -252,7 +223,7 @@ srtp_err_status_t srtp_crypto_kernel_list_debug_modules () > srtp_err_report(srtp_err_level_info, " %s ", dm->mod->name); > if (dm->mod->on) { > srtp_err_report(srtp_err_level_info, "(on)\n"); >- } else{ >+ } else { > srtp_err_report(srtp_err_level_info, "(off)\n"); > } > dm = dm->next; >@@ -261,7 +232,7 @@ srtp_err_status_t srtp_crypto_kernel_list_debug_modules () > return srtp_err_status_ok; > } > >-srtp_err_status_t srtp_crypto_kernel_shutdown () >+srtp_err_status_t srtp_crypto_kernel_shutdown() > { > /* > * free dynamic memory used in crypto_kernel at present >@@ -271,8 +242,7 @@ srtp_err_status_t srtp_crypto_kernel_shutdown () > while (crypto_kernel.cipher_type_list != NULL) { > srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; > crypto_kernel.cipher_type_list = ctype->next; >- debug_print(srtp_mod_crypto_kernel, >- "freeing memory for cipher %s", >+ debug_print(srtp_mod_crypto_kernel, "freeing memory for cipher %s", > ctype->cipher_type->description); > srtp_crypto_free(ctype); > } >@@ -292,8 +262,7 @@ srtp_err_status_t srtp_crypto_kernel_shutdown () > srtp_kernel_debug_module_t *kdm = crypto_kernel.debug_module_list; > crypto_kernel.debug_module_list = kdm->next; > debug_print(srtp_mod_crypto_kernel, >- "freeing memory for debug module %s", >- kdm->mod->name); >+ "freeing memory for debug module %s", kdm->mod->name); > srtp_crypto_free(kdm); > } > >@@ -303,7 +272,10 @@ srtp_err_status_t srtp_crypto_kernel_shutdown () > return srtp_err_status_ok; > } > >-static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id, int replace) >+static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type( >+ const srtp_cipher_type_t *new_ct, >+ srtp_cipher_type_id_t id, >+ int replace) > { > srtp_kernel_cipher_type_t *ctype, *new_ctype; > srtp_err_status_t status; >@@ -330,13 +302,14 @@ static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type (const sr > if (!replace) { > return srtp_err_status_bad_param; > } >- status = srtp_cipher_type_test(new_ct, ctype->cipher_type->test_data); >+ status = >+ srtp_cipher_type_test(new_ct, ctype->cipher_type->test_data); > if (status) { > return status; > } > new_ctype = ctype; > break; >- }else if (new_ct == ctype->cipher_type) { >+ } else if (new_ct == ctype->cipher_type) { > return srtp_err_status_bad_param; > } > ctype = ctype->next; >@@ -345,7 +318,8 @@ static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type (const sr > /* if not found, put new_ct at the head of the list */ > if (ctype == NULL) { > /* allocate memory */ >- new_ctype = (srtp_kernel_cipher_type_t*)srtp_crypto_alloc(sizeof(srtp_kernel_cipher_type_t)); >+ new_ctype = (srtp_kernel_cipher_type_t *)srtp_crypto_alloc( >+ sizeof(srtp_kernel_cipher_type_t)); > if (new_ctype == NULL) { > return srtp_err_status_alloc_fail; > } >@@ -362,17 +336,23 @@ static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type (const sr > return srtp_err_status_ok; > } > >-srtp_err_status_t srtp_crypto_kernel_load_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id) >+srtp_err_status_t srtp_crypto_kernel_load_cipher_type( >+ const srtp_cipher_type_t *new_ct, >+ srtp_cipher_type_id_t id) > { > return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 0); > } > >-srtp_err_status_t srtp_replace_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id) >+srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *new_ct, >+ srtp_cipher_type_id_t id) > { > return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 1); > } > >-srtp_err_status_t srtp_crypto_kernel_do_load_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id, int replace) >+srtp_err_status_t srtp_crypto_kernel_do_load_auth_type( >+ const srtp_auth_type_t *new_at, >+ srtp_auth_type_id_t id, >+ int replace) > { > srtp_kernel_auth_type_t *atype, *new_atype; > srtp_err_status_t status; >@@ -405,7 +385,7 @@ srtp_err_status_t srtp_crypto_kernel_do_load_auth_type (const srtp_auth_type_t * > } > new_atype = atype; > break; >- }else if (new_at == atype->auth_type) { >+ } else if (new_at == atype->auth_type) { > return srtp_err_status_bad_param; > } > atype = atype->next; >@@ -414,7 +394,8 @@ srtp_err_status_t srtp_crypto_kernel_do_load_auth_type (const srtp_auth_type_t * > /* if not found, put new_at at the head of the list */ > if (atype == NULL) { > /* allocate memory */ >- new_atype = (srtp_kernel_auth_type_t*)srtp_crypto_alloc(sizeof(srtp_kernel_auth_type_t)); >+ new_atype = (srtp_kernel_auth_type_t *)srtp_crypto_alloc( >+ sizeof(srtp_kernel_auth_type_t)); > if (new_atype == NULL) { > return srtp_err_status_alloc_fail; > } >@@ -429,21 +410,23 @@ srtp_err_status_t srtp_crypto_kernel_do_load_auth_type (const srtp_auth_type_t * > new_atype->id = id; > > return srtp_err_status_ok; >- > } > >-srtp_err_status_t srtp_crypto_kernel_load_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id) >+srtp_err_status_t srtp_crypto_kernel_load_auth_type( >+ const srtp_auth_type_t *new_at, >+ srtp_auth_type_id_t id) > { > return srtp_crypto_kernel_do_load_auth_type(new_at, id, 0); > } > >-srtp_err_status_t srtp_replace_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id) >+srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *new_at, >+ srtp_auth_type_id_t id) > { > return srtp_crypto_kernel_do_load_auth_type(new_at, id, 1); > } > >- >-const srtp_cipher_type_t * srtp_crypto_kernel_get_cipher_type (srtp_cipher_type_id_t id) >+const srtp_cipher_type_t *srtp_crypto_kernel_get_cipher_type( >+ srtp_cipher_type_id_t id) > { > srtp_kernel_cipher_type_t *ctype; > >@@ -460,8 +443,10 @@ const srtp_cipher_type_t * srtp_crypto_kernel_get_cipher_type (srtp_cipher_type_ > return NULL; > } > >- >-srtp_err_status_t srtp_crypto_kernel_alloc_cipher (srtp_cipher_type_id_t id, srtp_cipher_pointer_t *cp, int key_len, int tag_len) >+srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id, >+ srtp_cipher_pointer_t *cp, >+ int key_len, >+ int tag_len) > { > const srtp_cipher_type_t *ct; > >@@ -481,9 +466,7 @@ srtp_err_status_t srtp_crypto_kernel_alloc_cipher (srtp_cipher_type_id_t id, srt > return ((ct)->alloc(cp, key_len, tag_len)); > } > >- >- >-const srtp_auth_type_t * srtp_crypto_kernel_get_auth_type (srtp_auth_type_id_t id) >+const srtp_auth_type_t *srtp_crypto_kernel_get_auth_type(srtp_auth_type_id_t id) > { > srtp_kernel_auth_type_t *atype; > >@@ -500,7 +483,10 @@ const srtp_auth_type_t * srtp_crypto_kernel_get_auth_type (srtp_auth_type_id_t i > return NULL; > } > >-srtp_err_status_t srtp_crypto_kernel_alloc_auth (srtp_auth_type_id_t id, srtp_auth_pointer_t *ap, int key_len, int tag_len) >+srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id, >+ srtp_auth_pointer_t *ap, >+ int key_len, >+ int tag_len) > { > const srtp_auth_type_t *at; > >@@ -520,12 +506,13 @@ srtp_err_status_t srtp_crypto_kernel_alloc_auth (srtp_auth_type_id_t id, srtp_au > return ((at)->alloc(ap, key_len, tag_len)); > } > >-srtp_err_status_t srtp_crypto_kernel_load_debug_module (srtp_debug_module_t *new_dm) >+srtp_err_status_t srtp_crypto_kernel_load_debug_module( >+ srtp_debug_module_t *new_dm) > { > srtp_kernel_debug_module_t *kdm, *new; > > /* defensive coding */ >- if (new_dm == NULL) { >+ if (new_dm == NULL || new_dm->name == NULL) { > return srtp_err_status_bad_param; > } > >@@ -540,7 +527,8 @@ srtp_err_status_t srtp_crypto_kernel_load_debug_module (srtp_debug_module_t *new > > /* put new_dm at the head of the list */ > /* allocate memory */ >- new = (srtp_kernel_debug_module_t*)srtp_crypto_alloc(sizeof(srtp_kernel_debug_module_t)); >+ new = (srtp_kernel_debug_module_t *)srtp_crypto_alloc( >+ sizeof(srtp_kernel_debug_module_t)); > if (new == NULL) { > return srtp_err_status_alloc_fail; > } >@@ -555,7 +543,7 @@ srtp_err_status_t srtp_crypto_kernel_load_debug_module (srtp_debug_module_t *new > return srtp_err_status_ok; > } > >-srtp_err_status_t srtp_crypto_kernel_set_debug_module (const char *name, int on) >+srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *name, int on) > { > srtp_kernel_debug_module_t *kdm; > >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/err.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/err.c >index 9dcecbadd5af8740f7bc1da9c37b933f8de4ec5d..f443549e5a44136ef2a014189ae67d0f06d3e7cf 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/err.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/err.c >@@ -43,7 +43,7 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "err.h" >@@ -54,7 +54,7 @@ > > static FILE *srtp_err_file = NULL; > >-srtp_err_status_t srtp_err_reporting_init () >+srtp_err_status_t srtp_err_reporting_init() > { > #ifdef ERR_REPORTING_STDOUT > srtp_err_file = stdout; >@@ -69,15 +69,16 @@ srtp_err_status_t srtp_err_reporting_init () > return srtp_err_status_ok; > } > >-static srtp_err_report_handler_func_t * srtp_err_report_handler = NULL; >+static srtp_err_report_handler_func_t *srtp_err_report_handler = NULL; > >-srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func) >+srtp_err_status_t srtp_install_err_report_handler( >+ srtp_err_report_handler_func_t func) > { > srtp_err_report_handler = func; > return srtp_err_status_ok; > } > >-void srtp_err_report (srtp_err_reporting_level_t level, const char *format, ...) >+void srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...) > { > va_list args; > if (srtp_err_file != NULL) { >@@ -91,12 +92,13 @@ void srtp_err_report (srtp_err_reporting_level_t level, const char *format, ...) > if (vsnprintf(msg, sizeof(msg), format, args) > 0) { > /* strip trailing \n, callback should not have one */ > size_t l = strlen(msg); >- if (l && msg[l-1] == '\n') { >- msg[l-1] = '\0'; >+ if (l && msg[l - 1] == '\n') { >+ msg[l - 1] = '\0'; > } > srtp_err_report_handler(level, msg); > /* >- * NOTE, need to be carefull, there is a potential that octet_string_set_to_zero() could >+ * NOTE, need to be carefull, there is a potential that >+ * octet_string_set_to_zero() could > * call srtp_err_report() in the future, leading to recursion > */ > octet_string_set_to_zero(msg, sizeof(msg)); >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/key.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/key.c >index 1430f0df6706166dd3b21105fc2f58ff52800e2b..04661950461f72b949b813b37914b67c008757f2 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/key.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/kernel/key.c >@@ -43,14 +43,15 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "key.h" > > #define soft_limit 0x10000 > >-srtp_err_status_t srtp_key_limit_set (srtp_key_limit_t key, const srtp_xtd_seq_num_t s) >+srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key, >+ const srtp_xtd_seq_num_t s) > { > #ifdef NO_64BIT_MATH > if (high32(s) == 0 && low32(s) < soft_limit) { >@@ -66,7 +67,8 @@ srtp_err_status_t srtp_key_limit_set (srtp_key_limit_t key, const srtp_xtd_seq_n > return srtp_err_status_ok; > } > >-srtp_err_status_t srtp_key_limit_clone (srtp_key_limit_t original, srtp_key_limit_t *new_key) >+srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original, >+ srtp_key_limit_t *new_key) > { > if (original == NULL) { > return srtp_err_status_bad_param; >@@ -75,7 +77,7 @@ srtp_err_status_t srtp_key_limit_clone (srtp_key_limit_t original, srtp_key_limi > return srtp_err_status_ok; > } > >-srtp_err_status_t srtp_key_limit_check (const srtp_key_limit_t key) >+srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key) > { > if (key->state == srtp_key_state_expired) { > return srtp_err_status_key_expired; >@@ -83,13 +85,14 @@ srtp_err_status_t srtp_key_limit_check (const srtp_key_limit_t key) > return srtp_err_status_ok; > } > >-srtp_key_event_t srtp_key_limit_update (srtp_key_limit_t key) >+srtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key) > { > #ifdef NO_64BIT_MATH > if (low32(key->num_left) == 0) { > // carry >- key->num_left = make64(high32(key->num_left) - 1, low32(key->num_left) - 1); >- }else { >+ key->num_left = >+ make64(high32(key->num_left) - 1, low32(key->num_left) - 1); >+ } else { > // no carry > key->num_left = make64(high32(key->num_left), low32(key->num_left) - 1); > } >@@ -111,10 +114,9 @@ srtp_key_event_t srtp_key_limit_update (srtp_key_limit_t key) > #else > if (key->num_left < 1) > #endif >- { /* we just hit the hard limit */ >+ { /* we just hit the hard limit */ > key->state = srtp_key_state_expired; > return srtp_key_event_hard_limit; > } > return srtp_key_event_soft_limit; > } >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/math/datatypes.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/math/datatypes.c >index bb4b56e307da022e2f2a507215fec0ea9b2c6150..c0dfece659d774bbdd8d0648483ebbf214fce821 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/math/datatypes.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/math/datatypes.c >@@ -8,26 +8,26 @@ > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright (c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -44,7 +44,7 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #ifdef OPENSSL >@@ -53,48 +53,24 @@ > > #include "datatypes.h" > >-int >-octet_weight[256] = { >- 0, 1, 1, 2, 1, 2, 2, 3, >- 1, 2, 2, 3, 2, 3, 3, 4, >- 1, 2, 2, 3, 2, 3, 3, 4, >- 2, 3, 3, 4, 3, 4, 4, 5, >- 1, 2, 2, 3, 2, 3, 3, 4, >- 2, 3, 3, 4, 3, 4, 4, 5, >- 2, 3, 3, 4, 3, 4, 4, 5, >- 3, 4, 4, 5, 4, 5, 5, 6, >- 1, 2, 2, 3, 2, 3, 3, 4, >- 2, 3, 3, 4, 3, 4, 4, 5, >- 2, 3, 3, 4, 3, 4, 4, 5, >- 3, 4, 4, 5, 4, 5, 5, 6, >- 2, 3, 3, 4, 3, 4, 4, 5, >- 3, 4, 4, 5, 4, 5, 5, 6, >- 3, 4, 4, 5, 4, 5, 5, 6, >- 4, 5, 5, 6, 5, 6, 6, 7, >- 1, 2, 2, 3, 2, 3, 3, 4, >- 2, 3, 3, 4, 3, 4, 4, 5, >- 2, 3, 3, 4, 3, 4, 4, 5, >- 3, 4, 4, 5, 4, 5, 5, 6, >- 2, 3, 3, 4, 3, 4, 4, 5, >- 3, 4, 4, 5, 4, 5, 5, 6, >- 3, 4, 4, 5, 4, 5, 5, 6, >- 4, 5, 5, 6, 5, 6, 6, 7, >- 2, 3, 3, 4, 3, 4, 4, 5, >- 3, 4, 4, 5, 4, 5, 5, 6, >- 3, 4, 4, 5, 4, 5, 5, 6, >- 4, 5, 5, 6, 5, 6, 6, 7, >- 3, 4, 4, 5, 4, 5, 5, 6, >- 4, 5, 5, 6, 5, 6, 6, 7, >- 4, 5, 5, 6, 5, 6, 6, 7, >- 5, 6, 6, 7, 6, 7, 7, 8 >+static const int8_t octet_weight[256] = { >+ 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4, 1, 2, 2, 3, 2, 3, 3, 4, >+ 2, 3, 3, 4, 3, 4, 4, 5, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, >+ 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 1, 2, 2, 3, 2, 3, 3, 4, >+ 2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, >+ 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, >+ 4, 5, 5, 6, 5, 6, 6, 7, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, >+ 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 2, 3, 3, 4, 3, 4, 4, 5, >+ 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, >+ 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, >+ 4, 5, 5, 6, 5, 6, 6, 7, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, >+ 4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8 > }; > >-int >-octet_get_weight(uint8_t octet) { >- extern int octet_weight[256]; >- >- return octet_weight[octet]; >-} >+int octet_get_weight(uint8_t octet) >+{ >+ return (int)octet_weight[octet]; >+} > > /* > * bit_string is a buffer that is used to hold output strings, e.g. >@@ -105,414 +81,410 @@ octet_get_weight(uint8_t octet) { > > char bit_string[MAX_PRINT_STRING_LEN]; > >-uint8_t >-srtp_nibble_to_hex_char(uint8_t nibble) { >- char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7', >- '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; >- return buf[nibble & 0xF]; >-} >- >-char * srtp_octet_string_hex_string(const void *s, int length) { >- const uint8_t *str = (const uint8_t *)s; >- int i; >- >- /* double length, since one octet takes two hex characters */ >- length *= 2; >- >- /* truncate string if it would be too long */ >- if (length > MAX_PRINT_STRING_LEN) >- length = MAX_PRINT_STRING_LEN-2; >- >- for (i=0; i < length; i+=2) { >- bit_string[i] = srtp_nibble_to_hex_char(*str >> 4); >- bit_string[i+1] = srtp_nibble_to_hex_char(*str++ & 0xF); >- } >- bit_string[i] = 0; /* null terminate string */ >- return bit_string; >-} >- >-char * >-v128_hex_string(v128_t *x) { >- int i, j; >- >- for (i=j=0; i < 16; i++) { >- bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] >> 4); >- bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] & 0xF); >- } >- >- bit_string[j] = 0; /* null terminate string */ >- return bit_string; >-} >- >-char * >-v128_bit_string(v128_t *x) { >- int j, i; >- uint32_t mask; >- >- for (j=i=0; j < 4; j++) { >- for (mask=0x80000000; mask > 0; mask >>= 1) { >- if (x->v32[j] & mask) >- bit_string[i] = '1'; >- else >- bit_string[i] = '0'; >- ++i; >+uint8_t srtp_nibble_to_hex_char(uint8_t nibble) >+{ >+ char buf[16] = { '0', '1', '2', '3', '4', '5', '6', '7', >+ '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; >+ return buf[nibble & 0xF]; >+} >+ >+char *srtp_octet_string_hex_string(const void *s, int length) >+{ >+ const uint8_t *str = (const uint8_t *)s; >+ int i; >+ >+ /* double length, since one octet takes two hex characters */ >+ length *= 2; >+ >+ /* truncate string if it would be too long */ >+ if (length > MAX_PRINT_STRING_LEN) >+ length = MAX_PRINT_STRING_LEN - 2; >+ >+ for (i = 0; i < length; i += 2) { >+ bit_string[i] = srtp_nibble_to_hex_char(*str >> 4); >+ bit_string[i + 1] = srtp_nibble_to_hex_char(*str++ & 0xF); >+ } >+ bit_string[i] = 0; /* null terminate string */ >+ return bit_string; >+} >+ >+char *v128_hex_string(v128_t *x) >+{ >+ int i, j; >+ >+ for (i = j = 0; i < 16; i++) { >+ bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] >> 4); >+ bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] & 0xF); > } >- } >- bit_string[128] = 0; /* null terminate string */ > >- return bit_string; >+ bit_string[j] = 0; /* null terminate string */ >+ return bit_string; > } > >-void >-v128_copy_octet_string(v128_t *x, const uint8_t s[16]) { >+char *v128_bit_string(v128_t *x) >+{ >+ int j, i; >+ uint32_t mask; >+ >+ for (j = i = 0; j < 4; j++) { >+ for (mask = 0x80000000; mask > 0; mask >>= 1) { >+ if (x->v32[j] & mask) >+ bit_string[i] = '1'; >+ else >+ bit_string[i] = '0'; >+ ++i; >+ } >+ } >+ bit_string[128] = 0; /* null terminate string */ >+ >+ return bit_string; >+} >+ >+void v128_copy_octet_string(v128_t *x, const uint8_t s[16]) >+{ > #ifdef ALIGNMENT_32BIT_REQUIRED >- if ((((uint32_t) &s[0]) & 0x3) != 0) >+ if ((((uint32_t)&s[0]) & 0x3) != 0) > #endif >- { >- x->v8[0] = s[0]; >- x->v8[1] = s[1]; >- x->v8[2] = s[2]; >- x->v8[3] = s[3]; >- x->v8[4] = s[4]; >- x->v8[5] = s[5]; >- x->v8[6] = s[6]; >- x->v8[7] = s[7]; >- x->v8[8] = s[8]; >- x->v8[9] = s[9]; >- x->v8[10] = s[10]; >- x->v8[11] = s[11]; >- x->v8[12] = s[12]; >- x->v8[13] = s[13]; >- x->v8[14] = s[14]; >- x->v8[15] = s[15]; >- } >+ { >+ x->v8[0] = s[0]; >+ x->v8[1] = s[1]; >+ x->v8[2] = s[2]; >+ x->v8[3] = s[3]; >+ x->v8[4] = s[4]; >+ x->v8[5] = s[5]; >+ x->v8[6] = s[6]; >+ x->v8[7] = s[7]; >+ x->v8[8] = s[8]; >+ x->v8[9] = s[9]; >+ x->v8[10] = s[10]; >+ x->v8[11] = s[11]; >+ x->v8[12] = s[12]; >+ x->v8[13] = s[13]; >+ x->v8[14] = s[14]; >+ x->v8[15] = s[15]; >+ } > #ifdef ALIGNMENT_32BIT_REQUIRED >- else >- { >- v128_t *v = (v128_t *) &s[0]; >+ else { >+ v128_t *v = (v128_t *)&s[0]; > >- v128_copy(x,v); >- } >+ v128_copy(x, v); >+ } > #endif > } > > #ifndef DATATYPES_USE_MACROS /* little functions are not macros */ > >-void >-v128_set_to_zero(v128_t *x) { >- _v128_set_to_zero(x); >+void v128_set_to_zero(v128_t *x) >+{ >+ _v128_set_to_zero(x); > } > >-void >-v128_copy(v128_t *x, const v128_t *y) { >- _v128_copy(x, y); >+void v128_copy(v128_t *x, const v128_t *y) >+{ >+ _v128_copy(x, y); > } > >-void >-v128_xor(v128_t *z, v128_t *x, v128_t *y) { >- _v128_xor(z, x, y); >-} >- >-void >-v128_and(v128_t *z, v128_t *x, v128_t *y) { >- _v128_and(z, x, y); >+void v128_xor(v128_t *z, v128_t *x, v128_t *y) >+{ >+ _v128_xor(z, x, y); > } > >-void >-v128_or(v128_t *z, v128_t *x, v128_t *y) { >- _v128_or(z, x, y); >+void v128_and(v128_t *z, v128_t *x, v128_t *y) >+{ >+ _v128_and(z, x, y); > } > >-void >-v128_complement(v128_t *x) { >- _v128_complement(x); >+void v128_or(v128_t *z, v128_t *x, v128_t *y) >+{ >+ _v128_or(z, x, y); > } > >-int >-v128_is_eq(const v128_t *x, const v128_t *y) { >- return _v128_is_eq(x, y); >+void v128_complement(v128_t *x) >+{ >+ _v128_complement(x); > } > >-int >-v128_xor_eq(v128_t *x, const v128_t *y) { >- return _v128_xor_eq(x, y); >+int v128_is_eq(const v128_t *x, const v128_t *y) >+{ >+ return _v128_is_eq(x, y); > } > >-int >-v128_get_bit(const v128_t *x, int i) { >- return _v128_get_bit(x, i); >+int v128_xor_eq(v128_t *x, const v128_t *y) >+{ >+ return _v128_xor_eq(x, y); > } > >-void >-v128_set_bit(v128_t *x, int i) { >- _v128_set_bit(x, i); >-} >+int v128_get_bit(const v128_t *x, int i) >+{ >+ return _v128_get_bit(x, i); >+} > >-void >-v128_clear_bit(v128_t *x, int i){ >- _v128_clear_bit(x, i); >-} >+void v128_set_bit(v128_t *x, int i) >+{ >+ _v128_set_bit(x, i); >+} > >-void >-v128_set_bit_to(v128_t *x, int i, int y){ >- _v128_set_bit_to(x, i, y); >+void v128_clear_bit(v128_t *x, int i) >+{ >+ _v128_clear_bit(x, i); > } > >+void v128_set_bit_to(v128_t *x, int i, int y) >+{ >+ _v128_set_bit_to(x, i, y); >+} > > #endif /* DATATYPES_USE_MACROS */ > >-void >-v128_right_shift(v128_t *x, int shift) { >- const int base_index = shift >> 5; >- const int bit_index = shift & 31; >- int i, from; >- uint32_t b; >- >- if (shift > 127) { >- v128_set_to_zero(x); >- return; >- } >- >- if (bit_index == 0) { >- >- /* copy each word from left size to right side */ >- x->v32[4-1] = x->v32[4-1-base_index]; >- for (i=4-1; i > base_index; i--) >- x->v32[i-1] = x->v32[i-1-base_index]; >- >- } else { >- >- /* set each word to the "or" of the two bit-shifted words */ >- for (i = 4; i > base_index; i--) { >- from = i-1 - base_index; >- b = x->v32[from] << bit_index; >- if (from > 0) >- b |= x->v32[from-1] >> (32-bit_index); >- x->v32[i-1] = b; >+void v128_right_shift(v128_t *x, int shift) >+{ >+ const int base_index = shift >> 5; >+ const int bit_index = shift & 31; >+ int i, from; >+ uint32_t b; >+ >+ if (shift > 127) { >+ v128_set_to_zero(x); >+ return; >+ } >+ >+ if (bit_index == 0) { >+ /* copy each word from left size to right side */ >+ x->v32[4 - 1] = x->v32[4 - 1 - base_index]; >+ for (i = 4 - 1; i > base_index; i--) >+ x->v32[i - 1] = x->v32[i - 1 - base_index]; >+ >+ } else { >+ /* set each word to the "or" of the two bit-shifted words */ >+ for (i = 4; i > base_index; i--) { >+ from = i - 1 - base_index; >+ b = x->v32[from] << bit_index; >+ if (from > 0) >+ b |= x->v32[from - 1] >> (32 - bit_index); >+ x->v32[i - 1] = b; >+ } >+ } >+ >+ /* now wrap up the final portion */ >+ for (i = 0; i < base_index; i++) >+ x->v32[i] = 0; >+} >+ >+void v128_left_shift(v128_t *x, int shift) >+{ >+ int i; >+ const int base_index = shift >> 5; >+ const int bit_index = shift & 31; >+ >+ if (shift > 127) { >+ v128_set_to_zero(x); >+ return; >+ } >+ >+ if (bit_index == 0) { >+ for (i = 0; i < 4 - base_index; i++) >+ x->v32[i] = x->v32[i + base_index]; >+ } else { >+ for (i = 0; i < 4 - base_index - 1; i++) >+ x->v32[i] = (x->v32[i + base_index] >> bit_index) ^ >+ (x->v32[i + base_index + 1] << (32 - bit_index)); >+ x->v32[4 - base_index - 1] = x->v32[4 - 1] >> bit_index; > } >- >- } >- >- /* now wrap up the final portion */ >- for (i=0; i < base_index; i++) >- x->v32[i] = 0; >- >-} >- >-void >-v128_left_shift(v128_t *x, int shift) { >- int i; >- const int base_index = shift >> 5; >- const int bit_index = shift & 31; >- >- if (shift > 127) { >- v128_set_to_zero(x); >- return; >- } >- >- if (bit_index == 0) { >- for (i=0; i < 4 - base_index; i++) >- x->v32[i] = x->v32[i+base_index]; >- } else { >- for (i=0; i < 4 - base_index - 1; i++) >- x->v32[i] = (x->v32[i+base_index] >> bit_index) ^ >- (x->v32[i+base_index+1] << (32 - bit_index)); >- x->v32[4 - base_index-1] = x->v32[4-1] >> bit_index; >- } >- >- /* now wrap up the final portion */ >- for (i = 4 - base_index; i < 4; i++) >- x->v32[i] = 0; > >+ /* now wrap up the final portion */ >+ for (i = 4 - base_index; i < 4; i++) >+ x->v32[i] = 0; > } > > /* functions manipulating bitvector_t */ > > #ifndef DATATYPES_USE_MACROS /* little functions are not macros */ > >-int >-bitvector_get_bit(const bitvector_t *v, int bit_index) >+int bitvector_get_bit(const bitvector_t *v, int bit_index) > { >- return _bitvector_get_bit(v, bit_index); >+ return _bitvector_get_bit(v, bit_index); > } > >-void >-bitvector_set_bit(bitvector_t *v, int bit_index) >+void bitvector_set_bit(bitvector_t *v, int bit_index) > { >- _bitvector_set_bit(v, bit_index); >+ _bitvector_set_bit(v, bit_index); > } > >-void >-bitvector_clear_bit(bitvector_t *v, int bit_index) >+void bitvector_clear_bit(bitvector_t *v, int bit_index) > { >- _bitvector_clear_bit(v, bit_index); >+ _bitvector_clear_bit(v, bit_index); > } > >- > #endif /* DATATYPES_USE_MACROS */ > >-int >-bitvector_alloc(bitvector_t *v, unsigned long length) { >- unsigned long l; >- >- /* Round length up to a multiple of bits_per_word */ >- length = (length + bits_per_word - 1) & ~(unsigned long)((bits_per_word - 1)); >- >- l = length / bits_per_word * bytes_per_word; >- >- /* allocate memory, then set parameters */ >- if (l == 0) >- v->word = NULL; >- else { >- v->word = (uint32_t*)srtp_crypto_alloc(l); >- if (v->word == NULL) { >- v->word = NULL; >- v->length = 0; >- return -1; >+int bitvector_alloc(bitvector_t *v, unsigned long length) >+{ >+ unsigned long l; >+ >+ /* Round length up to a multiple of bits_per_word */ >+ length = >+ (length + bits_per_word - 1) & ~(unsigned long)((bits_per_word - 1)); >+ >+ l = length / bits_per_word * bytes_per_word; >+ >+ /* allocate memory, then set parameters */ >+ if (l == 0) { >+ v->word = NULL; >+ v->length = 0; >+ return -1; >+ } else { >+ v->word = (uint32_t *)srtp_crypto_alloc(l); >+ if (v->word == NULL) { >+ v->length = 0; >+ return -1; >+ } > } >- } >- v->length = length; >+ v->length = length; > >- /* initialize bitvector to zero */ >- bitvector_set_to_zero(v); >+ /* initialize bitvector to zero */ >+ bitvector_set_to_zero(v); > >- return 0; >+ return 0; > } > >- >-void >-bitvector_dealloc(bitvector_t *v) { >- if (v->word != NULL) >- srtp_crypto_free(v->word); >- v->word = NULL; >- v->length = 0; >+void bitvector_dealloc(bitvector_t *v) >+{ >+ if (v->word != NULL) >+ srtp_crypto_free(v->word); >+ v->word = NULL; >+ v->length = 0; > } > >-void >-bitvector_set_to_zero(bitvector_t *x) >+void bitvector_set_to_zero(bitvector_t *x) > { >- /* C99 guarantees that memset(0) will set the value 0 for uint32_t */ >- memset(x->word, 0, x->length >> 3); >+ /* C99 guarantees that memset(0) will set the value 0 for uint32_t */ >+ memset(x->word, 0, x->length >> 3); > } > >-char * >-bitvector_bit_string(bitvector_t *x, char* buf, int len) { >- int j, i; >- uint32_t mask; >- >- for (j=i=0; j < (int)(x->length>>5) && i < len-1; j++) { >- for (mask=0x80000000; mask > 0; mask >>= 1) { >- if (x->word[j] & mask) >- buf[i] = '1'; >- else >- buf[i] = '0'; >- ++i; >- if (i >= len-1) >- break; >+char *bitvector_bit_string(bitvector_t *x, char *buf, int len) >+{ >+ int j, i; >+ uint32_t mask; >+ >+ for (j = i = 0; j < (int)(x->length >> 5) && i < len - 1; j++) { >+ for (mask = 0x80000000; mask > 0; mask >>= 1) { >+ if (x->word[j] & mask) >+ buf[i] = '1'; >+ else >+ buf[i] = '0'; >+ ++i; >+ if (i >= len - 1) >+ break; >+ } > } >- } >- buf[i] = 0; /* null terminate string */ >+ buf[i] = 0; /* null terminate string */ > >- return buf; >+ return buf; > } > >-void >-bitvector_left_shift(bitvector_t *x, int shift) { >- int i; >- const int base_index = shift >> 5; >- const int bit_index = shift & 31; >- const int word_length = x->length >> 5; >- >- if (shift >= (int)x->length) { >- bitvector_set_to_zero(x); >- return; >- } >- >- if (bit_index == 0) { >- for (i=0; i < word_length - base_index; i++) >- x->word[i] = x->word[i+base_index]; >- } else { >- for (i=0; i < word_length - base_index - 1; i++) >- x->word[i] = (x->word[i+base_index] >> bit_index) ^ >- (x->word[i+base_index+1] << (32 - bit_index)); >- x->word[word_length - base_index-1] = x->word[word_length-1] >> bit_index; >- } >+void bitvector_left_shift(bitvector_t *x, int shift) >+{ >+ int i; >+ const int base_index = shift >> 5; >+ const int bit_index = shift & 31; >+ const int word_length = x->length >> 5; >+ >+ if (shift >= (int)x->length) { >+ bitvector_set_to_zero(x); >+ return; >+ } > >- /* now wrap up the final portion */ >- for (i = word_length - base_index; i < word_length; i++) >- x->word[i] = 0; >+ if (bit_index == 0) { >+ for (i = 0; i < word_length - base_index; i++) >+ x->word[i] = x->word[i + base_index]; >+ } else { >+ for (i = 0; i < word_length - base_index - 1; i++) >+ x->word[i] = (x->word[i + base_index] >> bit_index) ^ >+ (x->word[i + base_index + 1] << (32 - bit_index)); >+ x->word[word_length - base_index - 1] = >+ x->word[word_length - 1] >> bit_index; >+ } > >+ /* now wrap up the final portion */ >+ for (i = word_length - base_index; i < word_length; i++) >+ x->word[i] = 0; > } > >-int >-octet_string_is_eq(uint8_t *a, uint8_t *b, int len) { >- uint8_t *end = b + len; >- uint8_t accumulator = 0; >- >- /* >- * We use this somewhat obscure implementation to try to ensure the running >- * time only depends on len, even accounting for compiler optimizations. >- * The accumulator ends up zero iff the strings are equal. >- */ >- while (b < end) >- accumulator |= (*a++ ^ *b++); >- >- /* Return 1 if *not* equal. */ >- return accumulator != 0; >+int octet_string_is_eq(uint8_t *a, uint8_t *b, int len) >+{ >+ uint8_t *end = b + len; >+ uint8_t accumulator = 0; >+ >+ /* >+ * We use this somewhat obscure implementation to try to ensure the running >+ * time only depends on len, even accounting for compiler optimizations. >+ * The accumulator ends up zero iff the strings are equal. >+ */ >+ while (b < end) >+ accumulator |= (*a++ ^ *b++); >+ >+ /* Return 1 if *not* equal. */ >+ return accumulator != 0; > } > >-void >-srtp_cleanse(void *s, size_t len) >+void srtp_cleanse(void *s, size_t len) > { >- volatile unsigned char *p = (volatile unsigned char *)s; >- while(len--) *p++ = 0; >+ volatile unsigned char *p = (volatile unsigned char *)s; >+ while (len--) >+ *p++ = 0; > } > >-void >-octet_string_set_to_zero(void *s, size_t len) >+void octet_string_set_to_zero(void *s, size_t len) > { > #ifdef OPENSSL >- OPENSSL_cleanse(s, len); >+ OPENSSL_cleanse(s, len); > #else >- srtp_cleanse(s, len); >+ srtp_cleanse(s, len); > #endif > } > > #ifdef TESTAPP_SOURCE > > static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" >- "abcdefghijklmnopqrstuvwxyz0123456789+/"; >- >-static int base64_block_to_octet_triple(char *out, char *in) { >- unsigned char sextets[4] = {0}; >- int j = 0; >- int i; >- >- for (i = 0; i < 4; i++) { >- char *p = strchr(b64chars, in[i]); >- if (p != NULL) sextets[i] = p - b64chars; >- else j++; >- } >- >- out[0] = (sextets[0]<<2)|(sextets[1]>>4); >- if (j < 2) out[1] = (sextets[1]<<4)|(sextets[2]>>2); >- if (j < 1) out[2] = (sextets[2]<<6)|sextets[3]; >- return j; >-} >- >-int base64_string_to_octet_string(char *out, int *pad, char *in, int len) { >- int k = 0; >- int i = 0; >- int j = 0; >- if (len % 4 != 0) return 0; >- >- while (i < len && j == 0) { >- j = base64_block_to_octet_triple(out + k, in + i); >- k += 3; >- i += 4; >- } >- *pad = j; >- return i; >+ "abcdefghijklmnopqrstuvwxyz0123456789+/"; >+ >+static int base64_block_to_octet_triple(char *out, char *in) >+{ >+ unsigned char sextets[4] = { 0 }; >+ int j = 0; >+ int i; >+ >+ for (i = 0; i < 4; i++) { >+ char *p = strchr(b64chars, in[i]); >+ if (p != NULL) >+ sextets[i] = p - b64chars; >+ else >+ j++; >+ } >+ >+ out[0] = (sextets[0] << 2) | (sextets[1] >> 4); >+ if (j < 2) >+ out[1] = (sextets[1] << 4) | (sextets[2] >> 2); >+ if (j < 1) >+ out[2] = (sextets[2] << 6) | sextets[3]; >+ return j; >+} >+ >+int base64_string_to_octet_string(char *out, int *pad, char *in, int len) >+{ >+ int k = 0; >+ int i = 0; >+ int j = 0; >+ if (len % 4 != 0) >+ return 0; >+ >+ while (i < len && j == 0) { >+ j = base64_block_to_octet_triple(out + k, in + i); >+ k += 3; >+ i += 4; >+ } >+ *pad = j; >+ return i; > } > > #endif >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/math/stat.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/math/stat.c >index 0b4aec37649fc40c2c416bc3b996badf0191fee8..6dd332b0cf536c53a14e3e7cb6e26fd62a40b76b 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/math/stat.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/math/stat.c >@@ -1,33 +1,33 @@ > /* > * stats.c > * >- * statistical tests >- * >+ * statistical tests >+ * > * David A. McGrew > * Cisco Systems, Inc. > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -44,14 +44,14 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "stat.h" > >-srtp_debug_module_t mod_stat = { >- 0, /* debugging is off by default */ >- (char *)"stat test" /* printable module name */ >+srtp_debug_module_t srtp_mod_stat = { >+ 0, /* debugging is off by default */ >+ (char *)"stat test" /* printable module name */ > }; > > /* >@@ -61,166 +61,153 @@ srtp_debug_module_t mod_stat = { > > #define STAT_TEST_DATA_LEN 2500 > >-srtp_err_status_t >-stat_test_monobit(uint8_t *data) { >- uint8_t *data_end = data + STAT_TEST_DATA_LEN; >- uint16_t ones_count; >+srtp_err_status_t stat_test_monobit(uint8_t *data) >+{ >+ uint8_t *data_end = data + STAT_TEST_DATA_LEN; >+ uint16_t ones_count; > >- ones_count = 0; >- while (data < data_end) { >- ones_count += octet_get_weight(*data); >- data++; >- } >+ ones_count = 0; >+ while (data < data_end) { >+ ones_count += octet_get_weight(*data); >+ data++; >+ } > >- debug_print(mod_stat, "bit count: %d", ones_count); >- >- if ((ones_count < 9725) || (ones_count > 10275)) >- return srtp_err_status_algo_fail; >+ debug_print(srtp_mod_stat, "bit count: %d", ones_count); > >- return srtp_err_status_ok; >-} >+ if ((ones_count < 9725) || (ones_count > 10275)) >+ return srtp_err_status_algo_fail; > >-srtp_err_status_t >-stat_test_poker(uint8_t *data) { >- int i; >- uint8_t *data_end = data + STAT_TEST_DATA_LEN; >- double poker; >- uint16_t f[16] = { >- 0, 0, 0, 0, 0, 0, 0, 0, >- 0, 0, 0, 0, 0, 0, 0, 0 >- }; >- >- while (data < data_end) { >- f[*data & 0x0f]++; /* increment freq. count for low nibble */ >- f[(*data) >> 4]++; /* increment freq. count for high nibble */ >- data++; >- } >- >- poker = 0.0; >- for (i=0; i < 16; i++) >- poker += (double) f[i] * f[i]; >- >- poker *= (16.0 / 5000.0); >- poker -= 5000.0; >- >- debug_print(mod_stat, "poker test: %f\n", poker); >- >- if ((poker < 2.16) || (poker > 46.17)) >- return srtp_err_status_algo_fail; >- >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >+srtp_err_status_t stat_test_poker(uint8_t *data) >+{ >+ int i; >+ uint8_t *data_end = data + STAT_TEST_DATA_LEN; >+ double poker; >+ uint16_t f[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; >+ >+ while (data < data_end) { >+ f[*data & 0x0f]++; /* increment freq. count for low nibble */ >+ f[(*data) >> 4]++; /* increment freq. count for high nibble */ >+ data++; >+ } >+ >+ poker = 0.0; >+ for (i = 0; i < 16; i++) >+ poker += (double)f[i] * f[i]; >+ >+ poker *= (16.0 / 5000.0); >+ poker -= 5000.0; >+ >+ debug_print(srtp_mod_stat, "poker test: %f\n", poker); >+ >+ if ((poker < 2.16) || (poker > 46.17)) >+ return srtp_err_status_algo_fail; >+ >+ return srtp_err_status_ok; >+} > > /* > * runs[i] holds the number of runs of size (i-1) > */ > >-srtp_err_status_t >-stat_test_runs(uint8_t *data) { >- uint8_t *data_end = data + STAT_TEST_DATA_LEN; >- uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 }; >- uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 }; >- uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 }; >- uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 }; >- int state = 0; >- uint16_t mask; >- int i; >- >- /* >- * the state variable holds the number of bits in the >- * current run (or gap, if negative) >- */ >- >- while (data < data_end) { >- >- /* loop over the bits of this byte */ >- for (mask = 1; mask < 256; mask <<= 1) { >- if (*data & mask) { >- >- /* next bit is a one */ >- if (state > 0) { >- >- /* prefix is a run, so increment the run-count */ >- state++; >- >- /* check for long runs */ >- if (state > 25) { >- debug_print(mod_stat, ">25 runs: %d", state); >- return srtp_err_status_algo_fail; >- } >- >- } else if (state < 0) { >- >- /* prefix is a gap */ >- if (state < -25) { >- debug_print(mod_stat, ">25 gaps: %d", state); >- return srtp_err_status_algo_fail; /* long-runs test failed */ >- } >- if (state < -6) { >- state = -6; /* group together gaps > 5 */ >- } >- gaps[-1-state]++; /* increment gap count */ >- state = 1; /* set state at one set bit */ >- } else { >- >- /* state is zero; this happens only at initialization */ >- state = 1; >- } >- } else { >- >- /* next bit is a zero */ >- if (state > 0) { >- >- /* prefix is a run */ >- if (state > 25) { >- debug_print(mod_stat, ">25 runs (2): %d", state); >- return srtp_err_status_algo_fail; /* long-runs test failed */ >- } >- if (state > 6) { >- state = 6; /* group together runs > 5 */ >- } >- runs[state-1]++; /* increment run count */ >- state = -1; /* set state at one zero bit */ >- } else if (state < 0) { >- >- /* prefix is a gap, so increment gap-count (decrement state) */ >- state--; >- >- /* check for long gaps */ >- if (state < -25) { >- debug_print(mod_stat, ">25 gaps (2): %d", state); >- return srtp_err_status_algo_fail; >- } >- >- } else { >- >- /* state is zero; this happens only at initialization */ >- state = -1; >- } >- } >+srtp_err_status_t stat_test_runs(uint8_t *data) >+{ >+ uint8_t *data_end = data + STAT_TEST_DATA_LEN; >+ uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 }; >+ uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 }; >+ uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 }; >+ uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 }; >+ int state = 0; >+ uint16_t mask; >+ int i; >+ >+ /* >+ * the state variable holds the number of bits in the >+ * current run (or gap, if negative) >+ */ >+ >+ while (data < data_end) { >+ /* loop over the bits of this byte */ >+ for (mask = 1; mask < 256; mask <<= 1) { >+ if (*data & mask) { >+ /* next bit is a one */ >+ if (state > 0) { >+ /* prefix is a run, so increment the run-count */ >+ state++; >+ >+ /* check for long runs */ >+ if (state > 25) { >+ debug_print(srtp_mod_stat, ">25 runs: %d", state); >+ return srtp_err_status_algo_fail; >+ } >+ >+ } else if (state < 0) { >+ /* prefix is a gap */ >+ if (state < -25) { >+ debug_print(srtp_mod_stat, ">25 gaps: %d", state); >+ return srtp_err_status_algo_fail; /* long-runs test >+ failed */ >+ } >+ if (state < -6) { >+ state = -6; /* group together gaps > 5 */ >+ } >+ gaps[-1 - state]++; /* increment gap count */ >+ state = 1; /* set state at one set bit */ >+ } else { >+ /* state is zero; this happens only at initialization */ >+ state = 1; >+ } >+ } else { >+ /* next bit is a zero */ >+ if (state > 0) { >+ /* prefix is a run */ >+ if (state > 25) { >+ debug_print(srtp_mod_stat, ">25 runs (2): %d", state); >+ return srtp_err_status_algo_fail; /* long-runs test >+ failed */ >+ } >+ if (state > 6) { >+ state = 6; /* group together runs > 5 */ >+ } >+ runs[state - 1]++; /* increment run count */ >+ state = -1; /* set state at one zero bit */ >+ } else if (state < 0) { >+ /* prefix is a gap, so increment gap-count (decrement state) >+ */ >+ state--; >+ >+ /* check for long gaps */ >+ if (state < -25) { >+ debug_print(srtp_mod_stat, ">25 gaps (2): %d", state); >+ return srtp_err_status_algo_fail; >+ } >+ >+ } else { >+ /* state is zero; this happens only at initialization */ >+ state = -1; >+ } >+ } >+ } >+ >+ /* move along to next octet */ >+ data++; > } > >- /* move along to next octet */ >- data++; >- } >- >- if (mod_stat.on) { >- debug_print(mod_stat, "runs test", NULL); >- for (i=0; i < 6; i++) >- debug_print(mod_stat, " runs[]: %d", runs[i]); >- for (i=0; i < 6; i++) >- debug_print(mod_stat, " gaps[]: %d", gaps[i]); >- } >- >- /* check run and gap counts against the fixed limits */ >- for (i=0; i < 6; i++) >- if ( (runs[i] < lo_value[i] ) || (runs[i] > hi_value[i]) >- || (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) >- return srtp_err_status_algo_fail; >- >- >- return srtp_err_status_ok; >-} >+ if (srtp_mod_stat.on) { >+ debug_print(srtp_mod_stat, "runs test", NULL); >+ for (i = 0; i < 6; i++) >+ debug_print(srtp_mod_stat, " runs[]: %d", runs[i]); >+ for (i = 0; i < 6; i++) >+ debug_print(srtp_mod_stat, " gaps[]: %d", gaps[i]); >+ } > >+ /* check run and gap counts against the fixed limits */ >+ for (i = 0; i < 6; i++) >+ if ((runs[i] < lo_value[i]) || (runs[i] > hi_value[i]) || >+ (gaps[i] < lo_value[i]) || (gaps[i] > hi_value[i])) >+ return srtp_err_status_algo_fail; > >+ return srtp_err_status_ok; >+} >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/rdb.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/rdb.c >index 3741367f68077250e3b69e1885565b9652c29e22..ab1c7b55b6d8f47eafe4fcd2f87c173620e10a12 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/rdb.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/rdb.c >@@ -43,14 +43,12 @@ > * > */ > >- > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "rdb.h" > >- > /* > * this implementation of a replay database works as follows: > * >@@ -61,7 +59,7 @@ > */ > > /* srtp_rdb_init initalizes rdb */ >-srtp_err_status_t srtp_rdb_init (srtp_rdb_t *rdb) >+srtp_err_status_t srtp_rdb_init(srtp_rdb_t *rdb) > { > v128_set_to_zero(&rdb->bitmask); > rdb->window_start = 0; >@@ -71,9 +69,8 @@ srtp_err_status_t srtp_rdb_init (srtp_rdb_t *rdb) > /* > * srtp_rdb_check checks to see if index appears in rdb > */ >-srtp_err_status_t srtp_rdb_check (const srtp_rdb_t *rdb, uint32_t p_index) >+srtp_err_status_t srtp_rdb_check(const srtp_rdb_t *rdb, uint32_t p_index) > { >- > /* if the index appears after (or at very end of) the window, its good */ > if (p_index >= rdb->window_start + rdb_bits_in_bitmask) { > return srtp_err_status_ok; >@@ -101,35 +98,32 @@ srtp_err_status_t srtp_rdb_check (const srtp_rdb_t *rdb, uint32_t p_index) > * indicated that the index does not appear in the rdb, e.g., a mutex > * should protect the rdb between these calls > */ >-srtp_err_status_t srtp_rdb_add_index (srtp_rdb_t *rdb, uint32_t p_index) >+srtp_err_status_t srtp_rdb_add_index(srtp_rdb_t *rdb, uint32_t p_index) > { >- int delta; >+ unsigned int delta; > >- /* here we *assume* that p_index > rdb->window_start */ >+ if (p_index < rdb->window_start) >+ return srtp_err_status_replay_fail; > > delta = (p_index - rdb->window_start); > if (delta < rdb_bits_in_bitmask) { >- > /* if the p_index is within the window, set the appropriate bit */ > v128_set_bit(&rdb->bitmask, delta); > > } else { >- > delta -= rdb_bits_in_bitmask - 1; > > /* shift the window forward by delta bits*/ > v128_left_shift(&rdb->bitmask, delta); > v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask - 1); > rdb->window_start += delta; >- > } > > return srtp_err_status_ok; > } > >-srtp_err_status_t srtp_rdb_increment (srtp_rdb_t *rdb) >+srtp_err_status_t srtp_rdb_increment(srtp_rdb_t *rdb) > { >- > if (rdb->window_start >= 0x7fffffff) { > return srtp_err_status_key_expired; > } >@@ -137,7 +131,7 @@ srtp_err_status_t srtp_rdb_increment (srtp_rdb_t *rdb) > return srtp_err_status_ok; > } > >-uint32_t srtp_rdb_get_value (const srtp_rdb_t *rdb) >+uint32_t srtp_rdb_get_value(const srtp_rdb_t *rdb) > { > return rdb->window_start; > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/rdbx.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/rdbx.c >index 63f66ff024e4608b86e881be9d1d1855088d2a39..40cba01a1f5db439470d5de0b9b5a38e61cb538a 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/rdbx.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/rdbx.c >@@ -44,12 +44,11 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "rdbx.h" > >- > /* > * from RFC 3711: > * >@@ -64,8 +63,6 @@ > * incremented by one (if the packet containing s is authentic). > */ > >- >- > /* > * rdbx implementation notes > * >@@ -83,14 +80,13 @@ > * srtp_index_advance(&guess, delta), where delta is the difference. > * > * >- * A srtp_rdbx_t consists of a srtp_xtd_seq_num_t and a bitmask. The index is highest >- * sequence number that has been received, and the bitmask indicates >+ * A srtp_rdbx_t consists of a srtp_xtd_seq_num_t and a bitmask. The index is >+ * highest sequence number that has been received, and the bitmask indicates > * which of the recent indicies have been received as well. The > * highest bit in the bitmask corresponds to the index in the bitmask. > */ > >- >-void srtp_index_init (srtp_xtd_seq_num_t *pi) >+void srtp_index_init(srtp_xtd_seq_num_t *pi) > { > #ifdef NO_64BIT_MATH > *pi = make64(0, 0); >@@ -99,7 +95,7 @@ void srtp_index_init (srtp_xtd_seq_num_t *pi) > #endif > } > >-void srtp_index_advance (srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s) >+void srtp_index_advance(srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s) > { > #ifdef NO_64BIT_MATH > /* a > ~b means a+b will generate a carry */ >@@ -110,7 +106,6 @@ void srtp_index_advance (srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s) > #endif > } > >- > /* > * srtp_index_guess(local, guess, s) > * >@@ -124,24 +119,19 @@ void srtp_index_advance (srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s) > * unsigned integer! > */ > >-int32_t srtp_index_guess (const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s) >+int32_t srtp_index_guess(const srtp_xtd_seq_num_t *local, >+ srtp_xtd_seq_num_t *guess, >+ srtp_sequence_number_t s) > { > #ifdef NO_64BIT_MATH >- uint32_t local_roc = ((high32(*local) << 16) | >- (low32(*local) >> 16)); >+ uint32_t local_roc = ((high32(*local) << 16) | (low32(*local) >> 16)); > uint16_t local_seq = (uint16_t)(low32(*local)); > #else > uint32_t local_roc = (uint32_t)(*local >> 16); > uint16_t local_seq = (uint16_t)*local; > #endif >-#ifdef NO_64BIT_MATH >- uint32_t guess_roc = ((high32(*guess) << 16) | >- (low32(*guess) >> 16)); >- uint16_t guess_seq = (uint16_t)(low32(*guess)); >-#else >- uint32_t guess_roc = (uint32_t)(*guess >> 16); >- uint16_t guess_seq = (uint16_t)*guess; >-#endif >+ uint32_t guess_roc; >+ uint16_t guess_seq; > int32_t difference; > > if (local_seq < seq_num_median) { >@@ -163,10 +153,9 @@ int32_t srtp_index_guess (const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *g > } > guess_seq = s; > >- /* Note: guess_roc is 32 bits, so this generates a 48-bit result! */ >+/* Note: guess_roc is 32 bits, so this generates a 48-bit result! */ > #ifdef NO_64BIT_MATH >- *guess = make64(guess_roc >> 16, >- (guess_roc << 16) | guess_seq); >+ *guess = make64(guess_roc >> 16, (guess_roc << 16) | guess_seq); > #else > *guess = (((uint64_t)guess_roc) << 16) | guess_seq; > #endif >@@ -179,11 +168,11 @@ int32_t srtp_index_guess (const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *g > * > */ > >- > /* >- * srtp_rdbx_init(&r, ws) initializes the srtp_rdbx_t pointed to by r with window size ws >+ * srtp_rdbx_init(&r, ws) initializes the srtp_rdbx_t pointed to by r with >+ * window size ws > */ >-srtp_err_status_t srtp_rdbx_init (srtp_rdbx_t *rdbx, unsigned long ws) >+srtp_err_status_t srtp_rdbx_init(srtp_rdbx_t *rdbx, unsigned long ws) > { > if (ws == 0) { > return srtp_err_status_bad_param; >@@ -201,7 +190,7 @@ srtp_err_status_t srtp_rdbx_init (srtp_rdbx_t *rdbx, unsigned long ws) > /* > * srtp_rdbx_dealloc(&r) frees memory for the srtp_rdbx_t pointed to by r > */ >-srtp_err_status_t srtp_rdbx_dealloc (srtp_rdbx_t *rdbx) >+srtp_err_status_t srtp_rdbx_dealloc(srtp_rdbx_t *rdbx) > { > bitvector_dealloc(&rdbx->bitmask); > >@@ -215,12 +204,12 @@ srtp_err_status_t srtp_rdbx_dealloc (srtp_rdbx_t *rdbx) > * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned. > * > */ >-srtp_err_status_t srtp_rdbx_set_roc (srtp_rdbx_t *rdbx, uint32_t roc) >+srtp_err_status_t srtp_rdbx_set_roc(srtp_rdbx_t *rdbx, uint32_t roc) > { > bitvector_set_to_zero(&rdbx->bitmask); > > #ifdef NO_64BIT_MATH >- #error not yet implemented >+#error not yet implemented > #else > > /* make sure that we're not moving backwards */ >@@ -240,7 +229,7 @@ srtp_err_status_t srtp_rdbx_set_roc (srtp_rdbx_t *rdbx, uint32_t roc) > * for the srtp_rdbx_t pointed to by rdbx > * > */ >-srtp_xtd_seq_num_t srtp_rdbx_get_packet_index (const srtp_rdbx_t *rdbx) >+srtp_xtd_seq_num_t srtp_rdbx_get_packet_index(const srtp_rdbx_t *rdbx) > { > return rdbx->index; > } >@@ -250,7 +239,7 @@ srtp_xtd_seq_num_t srtp_rdbx_get_packet_index (const srtp_rdbx_t *rdbx) > * for the srtp_rdbx_t pointed to by rdbx > * > */ >-unsigned long srtp_rdbx_get_window_size (const srtp_rdbx_t *rdbx) >+unsigned long srtp_rdbx_get_window_size(const srtp_rdbx_t *rdbx) > { > return bitvector_get_length(&rdbx->bitmask); > } >@@ -259,16 +248,17 @@ unsigned long srtp_rdbx_get_window_size (const srtp_rdbx_t *rdbx) > * srtp_rdbx_check(&r, delta) checks to see if the srtp_xtd_seq_num_t > * which is at rdbx->index + delta is in the rdb > */ >-srtp_err_status_t srtp_rdbx_check (const srtp_rdbx_t *rdbx, int delta) >+srtp_err_status_t srtp_rdbx_check(const srtp_rdbx_t *rdbx, int delta) > { >- >- if (delta > 0) { /* if delta is positive, it's good */ >+ if (delta > 0) { /* if delta is positive, it's good */ > return srtp_err_status_ok; > } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) { > /* if delta is lower than the bitmask, it's bad */ > return srtp_err_status_replay_old; >- } else if (bitvector_get_bit(&rdbx->bitmask, >- (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) { >+ } else if (bitvector_get_bit( >+ &rdbx->bitmask, >+ (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == >+ 1) { > /* delta is within the window, so check the bitmask */ > return srtp_err_status_replay_fail; > } >@@ -285,17 +275,18 @@ srtp_err_status_t srtp_rdbx_check (const srtp_rdbx_t *rdbx, int delta) > * indicated that the index does not appear in the rdbx, e.g., a mutex > * should protect the rdbx between these calls if need be > */ >-srtp_err_status_t srtp_rdbx_add_index (srtp_rdbx_t *rdbx, int delta) >+srtp_err_status_t srtp_rdbx_add_index(srtp_rdbx_t *rdbx, int delta) > { >- > if (delta > 0) { > /* shift forward by delta */ > srtp_index_advance(&rdbx->index, delta); > bitvector_left_shift(&rdbx->bitmask, delta); >- bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1); >+ bitvector_set_bit(&rdbx->bitmask, >+ bitvector_get_length(&rdbx->bitmask) - 1); > } else { > /* delta is in window */ >- bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1 + delta); >+ bitvector_set_bit(&rdbx->bitmask, >+ bitvector_get_length(&rdbx->bitmask) - 1 + delta); > } > > /* note that we need not consider the case that delta == 0 */ >@@ -303,8 +294,6 @@ srtp_err_status_t srtp_rdbx_add_index (srtp_rdbx_t *rdbx, int delta) > return srtp_err_status_ok; > } > >- >- > /* > * srtp_rdbx_estimate_index(rdbx, guess, s) > * >@@ -313,25 +302,27 @@ srtp_err_status_t srtp_rdbx_add_index (srtp_rdbx_t *rdbx, int delta) > * index to which s corresponds, and returns the difference between > * *guess and the locally stored synch info > */ >-int32_t srtp_rdbx_estimate_index (const srtp_rdbx_t *rdbx, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s) >+int32_t srtp_rdbx_estimate_index(const srtp_rdbx_t *rdbx, >+ srtp_xtd_seq_num_t *guess, >+ srtp_sequence_number_t s) > { >- >- /* >- * if the sequence number and rollover counter in the rdbx are >- * non-zero, then use the srtp_index_guess(...) function, otherwise, just >- * set the rollover counter to zero (since the srtp_index_guess(...) >- * function might incorrectly guess that the rollover counter is >- * 0xffffffff) >- */ >+/* >+ * if the sequence number and rollover counter in the rdbx are >+ * non-zero, then use the srtp_index_guess(...) function, otherwise, just >+ * set the rollover counter to zero (since the srtp_index_guess(...) >+ * function might incorrectly guess that the rollover counter is >+ * 0xffffffff) >+ */ > > #ifdef NO_64BIT_MATH > /* seq_num_median = 0x8000 */ >- if (high32(rdbx->index) > 0 || >- low32(rdbx->index) > seq_num_median) >+ if (high32(rdbx->index) > 0 || low32(rdbx->index) > seq_num_median) > #else > if (rdbx->index > seq_num_median) > #endif >- { return srtp_index_guess(&rdbx->index, guess, s); } >+ { >+ return srtp_index_guess(&rdbx->index, guess, s); >+ } > > #ifdef NO_64BIT_MATH > *guess = make64(0, (uint32_t)s); >@@ -372,12 +363,12 @@ uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx) > * rollover counter value, then the function returns > * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned. > */ >-srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx, >- uint32_t roc, >- uint16_t seq) >+srtp_err_status_t srtp_rdbx_set_roc_seq(srtp_rdbx_t *rdbx, >+ uint32_t roc, >+ uint16_t seq) > { > #ifdef NO_64BIT_MATH >- #error not yet implemented >+#error not yet implemented > #else > > /* make sure that we're not moving backwards */ >@@ -393,4 +384,3 @@ srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx, > > return srtp_err_status_ok; > } >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/ut_sim.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/ut_sim.c >index b50164ced1d9e54ea9269dc191396f8eb96c0ff4..c621c0e9f2259c1540817b0ddf7c17df903b5292 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/ut_sim.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/replay/ut_sim.c >@@ -3,32 +3,32 @@ > * > * an unreliable transport simulator > * (for testing replay databases and suchlike) >- * >+ * > * David A. McGrew > * Cisco Systems, Inc. > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -44,66 +44,61 @@ > * > */ > >- > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include "ut_sim.h" > >- >-int >-ut_compar(const void *a, const void *b) { >- return rand() > (RAND_MAX/2) ? -1 : 1; >+int ut_compar(const void *a, const void *b) >+{ >+ return rand() > (RAND_MAX / 2) ? -1 : 1; > } > >-void >-ut_init(ut_connection *utc) { >- int i; >- utc->index = 0; >+void ut_init(ut_connection *utc) >+{ >+ int i; >+ utc->index = 0; > >- for (i=0; i < UT_BUF; i++) >- utc->buffer[i] = i; >- >- qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar); >+ for (i = 0; i < UT_BUF; i++) >+ utc->buffer[i] = i; > >- utc->index = UT_BUF - 1; >-} >+ qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar); > >-uint32_t >-ut_next_index(ut_connection *utc) { >- uint32_t tmp; >+ utc->index = UT_BUF - 1; >+} > >- tmp = utc->buffer[0]; >- utc->index++; >- utc->buffer[0] = utc->index; >+uint32_t ut_next_index(ut_connection *utc) >+{ >+ uint32_t tmp; > >- qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar); >- >- return tmp; >-} >+ tmp = utc->buffer[0]; >+ utc->index++; >+ utc->buffer[0] = utc->index; > >+ qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar); > >+ return tmp; >+} > > #ifdef UT_TEST > > #include <stdio.h> > >-int >-main() { >- uint32_t i, irecvd, idiff; >- ut_connection utc; >+int main() >+{ >+ uint32_t i, irecvd, idiff; >+ ut_connection utc; > >- ut_init(&utc); >+ ut_init(&utc); > >- for (i=0; i < 1000; i++) { >- irecvd = ut_next_index(&utc); >- idiff = i - irecvd; >- printf("%lu\t%lu\t%d\n", i, irecvd, idiff); >- } >- >- return 0; >-} >+ for (i = 0; i < 1000; i++) { >+ irecvd = ut_next_index(&utc); >+ idiff = i - irecvd; >+ printf("%lu\t%lu\t%d\n", i, irecvd, idiff); >+ } > >+ return 0; >+} > > #endif >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/auth_driver.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/auth_driver.c >deleted file mode 100644 >index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/cipher_driver.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/cipher_driver.c >index b63cd5ba0aca866beaea95e0f3d07213d96feff6..e28f5f264f8da365cab6fd6ce96c6964923cf9f3 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/cipher_driver.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/cipher_driver.c >@@ -8,26 +8,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -44,12 +44,11 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > >-#include <stdio.h> /* for printf() */ >-#include <stdlib.h> /* for rand() */ >-#include <string.h> /* for memset() */ >+#include <stdio.h> /* for printf() */ >+#include <stdlib.h> /* for rand() */ > #include "getopt_s.h" > #include "cipher.h" > #ifdef OPENSSL >@@ -61,12 +60,9 @@ > > #define PRINT_DEBUG 0 > >-void >-cipher_driver_test_throughput(srtp_cipher_t *c); >- >-srtp_err_status_t >-cipher_driver_self_test(srtp_cipher_type_t *ct); >+void cipher_driver_test_throughput(srtp_cipher_t *c); > >+srtp_err_status_t cipher_driver_self_test(srtp_cipher_type_t *ct); > > /* > * cipher_driver_test_buffering(ct) tests the cipher's output >@@ -74,44 +70,43 @@ cipher_driver_self_test(srtp_cipher_type_t *ct); > * calls > */ > >-srtp_err_status_t >-cipher_driver_test_buffering(srtp_cipher_t *c); >- >+srtp_err_status_t cipher_driver_test_buffering(srtp_cipher_t *c); > > /* > * functions for testing cipher cache thrash > */ >-srtp_err_status_t >-cipher_driver_test_array_throughput(srtp_cipher_type_t *ct, >- int klen, int num_cipher); >+srtp_err_status_t cipher_driver_test_array_throughput(srtp_cipher_type_t *ct, >+ int klen, >+ int num_cipher); > >-void >-cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher); >+void cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher); > >-uint64_t >-cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], int num_cipher, >- unsigned octets_in_buffer, int num_trials); >+uint64_t cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], >+ int num_cipher, >+ unsigned octets_in_buffer, >+ int num_trials); > >-srtp_err_status_t >-cipher_array_delete(srtp_cipher_t *cipher_array[], int num_cipher); >+srtp_err_status_t cipher_array_delete(srtp_cipher_t *cipher_array[], >+ int num_cipher); > >-srtp_err_status_t >-cipher_array_alloc_init(srtp_cipher_t ***cipher_array, int num_ciphers, >- srtp_cipher_type_t *ctype, int klen); >+srtp_err_status_t cipher_array_alloc_init(srtp_cipher_t ***cipher_array, >+ int num_ciphers, >+ srtp_cipher_type_t *ctype, >+ int klen); > >-void >-usage(char *prog_name) { >- printf("usage: %s [ -t | -v | -a ]\n", prog_name); >- exit(255); >+void usage(char *prog_name) >+{ >+ printf("usage: %s [ -t | -v | -a ]\n", prog_name); >+ exit(255); > } > >-void >-check_status(srtp_err_status_t s) { >- if (s) { >- printf("error (code %d)\n", s); >- exit(s); >- } >- return; >+void check_status(srtp_err_status_t s) >+{ >+ if (s) { >+ printf("error (code %d)\n", s); >+ exit(s); >+ } >+ return; > } > > /* >@@ -129,151 +124,163 @@ extern srtp_cipher_type_t srtp_aes_gcm_128_openssl; > extern srtp_cipher_type_t srtp_aes_gcm_256_openssl; > #endif > >-int >-main(int argc, char *argv[]) { >- srtp_cipher_t *c = NULL; >- srtp_err_status_t status; >- unsigned char test_key[48] = { >- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, >- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, >- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, >- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, >- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, >- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, >- }; >- int q; >- unsigned do_timing_test = 0; >- unsigned do_validation = 0; >- unsigned do_array_timing_test = 0; >- >- /* process input arguments */ >- while (1) { >- q = getopt_s(argc, argv, "tva"); >- if (q == -1) >- break; >- switch (q) { >- case 't': >- do_timing_test = 1; >- break; >- case 'v': >- do_validation = 1; >- break; >- case 'a': >- do_array_timing_test = 1; >- break; >- default: >- usage(argv[0]); >- } >- } >- >- printf("cipher test driver\n" >- "David A. McGrew\n" >- "Cisco Systems, Inc.\n"); >- >- if (!do_validation && !do_timing_test && !do_array_timing_test) >- usage(argv[0]); >- >- /* arry timing (cache thrash) test */ >- if (do_array_timing_test) { >- int max_num_cipher = 1 << 16; /* number of ciphers in cipher_array */ >- int num_cipher; >- >- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) >- cipher_driver_test_array_throughput(&srtp_null_cipher, 0, num_cipher); >- >- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) >- cipher_driver_test_array_throughput(&srtp_aes_icm_128, SRTP_AES_ICM_128_KEY_LEN_WSALT, num_cipher); >- >- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) >- cipher_driver_test_array_throughput(&srtp_aes_icm_256, SRTP_AES_ICM_256_KEY_LEN_WSALT, num_cipher); >+int main(int argc, char *argv[]) >+{ >+ srtp_cipher_t *c = NULL; >+ srtp_err_status_t status; >+ /* clang-format off */ >+ unsigned char test_key[48] = { >+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, >+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, >+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, >+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, >+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, >+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, >+ }; >+ /* clang-format on */ >+ int q; >+ unsigned do_timing_test = 0; >+ unsigned do_validation = 0; >+ unsigned do_array_timing_test = 0; >+ >+ /* process input arguments */ >+ while (1) { >+ q = getopt_s(argc, argv, "tva"); >+ if (q == -1) >+ break; >+ switch (q) { >+ case 't': >+ do_timing_test = 1; >+ break; >+ case 'v': >+ do_validation = 1; >+ break; >+ case 'a': >+ do_array_timing_test = 1; >+ break; >+ default: >+ usage(argv[0]); >+ } >+ } >+ >+ printf("cipher test driver\n" >+ "David A. McGrew\n" >+ "Cisco Systems, Inc.\n"); > >-#ifdef OPENSSL >- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) >- cipher_driver_test_array_throughput(&srtp_aes_icm_192, SRTP_AES_ICM_192_KEY_LEN_WSALT, num_cipher); >+ if (!do_validation && !do_timing_test && !do_array_timing_test) >+ usage(argv[0]); > >- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) { >- cipher_driver_test_array_throughput(&srtp_aes_gcm_128_openssl, SRTP_AES_GCM_128_KEY_LEN_WSALT, num_cipher); >- } >+ /* arry timing (cache thrash) test */ >+ if (do_array_timing_test) { >+ int max_num_cipher = 1 << 16; /* number of ciphers in cipher_array */ >+ int num_cipher; > >- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) { >- cipher_driver_test_array_throughput(&srtp_aes_gcm_256_openssl, SRTP_AES_GCM_256_KEY_LEN_WSALT, num_cipher); >- } >+ for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) >+ cipher_driver_test_array_throughput(&srtp_null_cipher, 0, >+ num_cipher); >+ >+ for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) >+ cipher_driver_test_array_throughput( >+ &srtp_aes_icm_128, SRTP_AES_ICM_128_KEY_LEN_WSALT, num_cipher); >+ >+ for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) >+ cipher_driver_test_array_throughput( >+ &srtp_aes_icm_256, SRTP_AES_ICM_256_KEY_LEN_WSALT, num_cipher); >+ >+#ifdef OPENSSL >+ for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) >+ cipher_driver_test_array_throughput( >+ &srtp_aes_icm_192, SRTP_AES_ICM_192_KEY_LEN_WSALT, num_cipher); >+ >+ for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) { >+ cipher_driver_test_array_throughput(&srtp_aes_gcm_128_openssl, >+ SRTP_AES_GCM_128_KEY_LEN_WSALT, >+ num_cipher); >+ } >+ >+ for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) { >+ cipher_driver_test_array_throughput(&srtp_aes_gcm_256_openssl, >+ SRTP_AES_GCM_256_KEY_LEN_WSALT, >+ num_cipher); >+ } > #endif >- } >+ } > >- if (do_validation) { >- cipher_driver_self_test(&srtp_null_cipher); >- cipher_driver_self_test(&srtp_aes_icm_128); >- cipher_driver_self_test(&srtp_aes_icm_256); >+ if (do_validation) { >+ cipher_driver_self_test(&srtp_null_cipher); >+ cipher_driver_self_test(&srtp_aes_icm_128); >+ cipher_driver_self_test(&srtp_aes_icm_256); > #ifdef OPENSSL >- cipher_driver_self_test(&srtp_aes_icm_192); >- cipher_driver_self_test(&srtp_aes_gcm_128_openssl); >- cipher_driver_self_test(&srtp_aes_gcm_256_openssl); >+ cipher_driver_self_test(&srtp_aes_icm_192); >+ cipher_driver_self_test(&srtp_aes_gcm_128_openssl); >+ cipher_driver_self_test(&srtp_aes_gcm_256_openssl); > #endif >- } >+ } > >- /* do timing and/or buffer_test on srtp_null_cipher */ >- status = srtp_cipher_type_alloc(&srtp_null_cipher, &c, 0, 0); >- check_status(status); >+ /* do timing and/or buffer_test on srtp_null_cipher */ >+ status = srtp_cipher_type_alloc(&srtp_null_cipher, &c, 0, 0); >+ check_status(status); > >- status = srtp_cipher_init(c, NULL); >- check_status(status); >+ status = srtp_cipher_init(c, NULL); >+ check_status(status); > >- if (do_timing_test) >- cipher_driver_test_throughput(c); >- if (do_validation) { >- status = cipher_driver_test_buffering(c); >+ if (do_timing_test) >+ cipher_driver_test_throughput(c); >+ if (do_validation) { >+ status = cipher_driver_test_buffering(c); >+ check_status(status); >+ } >+ status = srtp_cipher_dealloc(c); > check_status(status); >- } >- status = srtp_cipher_dealloc(c); >- check_status(status); >- > >- /* run the throughput test on the aes_icm cipher (128-bit key) */ >- status = srtp_cipher_type_alloc(&srtp_aes_icm_128, &c, SRTP_AES_ICM_128_KEY_LEN_WSALT, 0); >+ /* run the throughput test on the aes_icm cipher (128-bit key) */ >+ status = srtp_cipher_type_alloc(&srtp_aes_icm_128, &c, >+ SRTP_AES_ICM_128_KEY_LEN_WSALT, 0); > if (status) { >- fprintf(stderr, "error: can't allocate cipher\n"); >- exit(status); >+ fprintf(stderr, "error: can't allocate cipher\n"); >+ exit(status); > } > > status = srtp_cipher_init(c, test_key); > check_status(status); > > if (do_timing_test) >- cipher_driver_test_throughput(c); >- >+ cipher_driver_test_throughput(c); >+ > if (do_validation) { >- status = cipher_driver_test_buffering(c); >- check_status(status); >+ status = cipher_driver_test_buffering(c); >+ check_status(status); > } >- >+ > status = srtp_cipher_dealloc(c); > check_status(status); > >- /* repeat the tests with 256-bit keys */ >- status = srtp_cipher_type_alloc(&srtp_aes_icm_256, &c, SRTP_AES_ICM_256_KEY_LEN_WSALT, 0); >+ /* repeat the tests with 256-bit keys */ >+ status = srtp_cipher_type_alloc(&srtp_aes_icm_256, &c, >+ SRTP_AES_ICM_256_KEY_LEN_WSALT, 0); > if (status) { >- fprintf(stderr, "error: can't allocate cipher\n"); >- exit(status); >+ fprintf(stderr, "error: can't allocate cipher\n"); >+ exit(status); > } > > status = srtp_cipher_init(c, test_key); > check_status(status); > > if (do_timing_test) >- cipher_driver_test_throughput(c); >- >+ cipher_driver_test_throughput(c); >+ > if (do_validation) { >- status = cipher_driver_test_buffering(c); >- check_status(status); >+ status = cipher_driver_test_buffering(c); >+ check_status(status); > } >- >+ > status = srtp_cipher_dealloc(c); > check_status(status); > > #ifdef OPENSSL > /* run the throughput test on the aes_gcm_128_openssl cipher */ >- status = srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, SRTP_AES_GCM_128_KEY_LEN_WSALT, 8); >+ status = srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, >+ SRTP_AES_GCM_128_KEY_LEN_WSALT, 8); > if (status) { > fprintf(stderr, "error: can't allocate GCM 128 cipher\n"); > exit(status); >@@ -292,7 +299,8 @@ main(int argc, char *argv[]) { > check_status(status); > > /* run the throughput test on the aes_gcm_256_openssl cipher */ >- status = srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, SRTP_AES_GCM_256_KEY_LEN_WSALT, 16); >+ status = srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, >+ SRTP_AES_GCM_256_KEY_LEN_WSALT, 16); > if (status) { > fprintf(stderr, "error: can't allocate GCM 256 cipher\n"); > exit(status); >@@ -309,39 +317,39 @@ main(int argc, char *argv[]) { > } > status = srtp_cipher_dealloc(c); > check_status(status); >-#endif >+#endif > > return 0; > } > >-void >-cipher_driver_test_throughput(srtp_cipher_t *c) { >- int i; >- int min_enc_len = 32; >- int max_enc_len = 2048; /* should be a power of two */ >- int num_trials = 1000000; >- >- printf("timing %s throughput, key length %d:\n", c->type->description, c->key_len); >- fflush(stdout); >- for (i=min_enc_len; i <= max_enc_len; i = i * 2) >- printf("msg len: %d\tgigabits per second: %f\n", >- i, srtp_cipher_bits_per_second(c, i, num_trials) / 1e9); >- >+void cipher_driver_test_throughput(srtp_cipher_t *c) >+{ >+ int i; >+ int min_enc_len = 32; >+ int max_enc_len = 2048; /* should be a power of two */ >+ int num_trials = 1000000; >+ >+ printf("timing %s throughput, key length %d:\n", c->type->description, >+ c->key_len); >+ fflush(stdout); >+ for (i = min_enc_len; i <= max_enc_len; i = i * 2) >+ printf("msg len: %d\tgigabits per second: %f\n", i, >+ srtp_cipher_bits_per_second(c, i, num_trials) / 1e9); > } > >-srtp_err_status_t >-cipher_driver_self_test(srtp_cipher_type_t *ct) { >- srtp_err_status_t status; >- >- printf("running cipher self-test for %s...", ct->description); >- status = srtp_cipher_type_self_test(ct); >- if (status) { >- printf("failed with error code %d\n", status); >- exit(status); >- } >- printf("passed\n"); >- >- return srtp_err_status_ok; >+srtp_err_status_t cipher_driver_self_test(srtp_cipher_type_t *ct) >+{ >+ srtp_err_status_t status; >+ >+ printf("running cipher self-test for %s...", ct->description); >+ status = srtp_cipher_type_self_test(ct); >+ if (status) { >+ printf("failed with error code %d\n", status); >+ exit(status); >+ } >+ printf("passed\n"); >+ >+ return srtp_err_status_ok; > } > > /* >@@ -351,168 +359,166 @@ cipher_driver_self_test(srtp_cipher_type_t *ct) { > */ > > #define INITIAL_BUFLEN 1024 >-srtp_err_status_t >-cipher_driver_test_buffering(srtp_cipher_t *c) { >- int i, j, num_trials = 1000; >- unsigned len, buflen = INITIAL_BUFLEN; >- uint8_t buffer0[INITIAL_BUFLEN], buffer1[INITIAL_BUFLEN], *current, *end; >- uint8_t idx[16] = { >- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, >- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34 >- }; >- srtp_err_status_t status; >- >- printf("testing output buffering for cipher %s...", >- c->type->description); >- >- for (i=0; i < num_trials; i++) { >- >- /* set buffers to zero */ >- for (j=0; j < (int) buflen; j++) { >- buffer0[j] = buffer1[j] = 0; >- } >- >- /* initialize cipher */ >- status = srtp_cipher_set_iv(c, (uint8_t*)idx, srtp_direction_encrypt); >- if (status) >- return status; >- >- /* generate 'reference' value by encrypting all at once */ >- status = srtp_cipher_encrypt(c, buffer0, &buflen); >- if (status) >- return status; >- >- /* re-initialize cipher */ >- status = srtp_cipher_set_iv(c, (uint8_t*)idx, srtp_direction_encrypt); >- if (status) >- return status; >- >- /* now loop over short lengths until buffer1 is encrypted */ >- current = buffer1; >- end = buffer1 + buflen; >- while (current < end) { >- >- /* choose a short length */ >- len = rand() & 0x01f; >- >- /* make sure that len doesn't cause us to overreach the buffer */ >- if (current + len > end) >- len = end - current; >- >- status = srtp_cipher_encrypt(c, current, &len); >- if (status) >- return status; >- >- /* advance pointer into buffer1 to reflect encryption */ >- current += len; >- >- /* if buffer1 is all encrypted, break out of loop */ >- if (current == end) >- break; >- } >- >- /* compare buffers */ >- for (j=0; j < (int) buflen; j++) { >- if (buffer0[j] != buffer1[j]) { >+srtp_err_status_t cipher_driver_test_buffering(srtp_cipher_t *c) >+{ >+ int i, j, num_trials = 1000; >+ unsigned len, buflen = INITIAL_BUFLEN; >+ uint8_t buffer0[INITIAL_BUFLEN], buffer1[INITIAL_BUFLEN], *current, *end; >+ uint8_t idx[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, >+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34 }; >+ srtp_err_status_t status; >+ >+ printf("testing output buffering for cipher %s...", c->type->description); >+ >+ for (i = 0; i < num_trials; i++) { >+ /* set buffers to zero */ >+ for (j = 0; j < (int)buflen; j++) { >+ buffer0[j] = buffer1[j] = 0; >+ } >+ >+ /* initialize cipher */ >+ status = srtp_cipher_set_iv(c, (uint8_t *)idx, srtp_direction_encrypt); >+ if (status) >+ return status; >+ >+ /* generate 'reference' value by encrypting all at once */ >+ status = srtp_cipher_encrypt(c, buffer0, &buflen); >+ if (status) >+ return status; >+ >+ /* re-initialize cipher */ >+ status = srtp_cipher_set_iv(c, (uint8_t *)idx, srtp_direction_encrypt); >+ if (status) >+ return status; >+ >+ /* now loop over short lengths until buffer1 is encrypted */ >+ current = buffer1; >+ end = buffer1 + buflen; >+ while (current < end) { >+ /* choose a short length */ >+ len = rand() & 0x01f; >+ >+ /* make sure that len doesn't cause us to overreach the buffer */ >+ if (current + len > end) >+ len = end - current; >+ >+ status = srtp_cipher_encrypt(c, current, &len); >+ if (status) >+ return status; >+ >+ /* advance pointer into buffer1 to reflect encryption */ >+ current += len; >+ >+ /* if buffer1 is all encrypted, break out of loop */ >+ if (current == end) >+ break; >+ } >+ >+ /* compare buffers */ >+ for (j = 0; j < (int)buflen; j++) { >+ if (buffer0[j] != buffer1[j]) { > #if PRINT_DEBUG >- printf("test case %d failed at byte %d\n", i, j); >- printf("computed: %s\n", octet_string_hex_string(buffer1, buflen)); >- printf("expected: %s\n", octet_string_hex_string(buffer0, buflen)); >-#endif >- return srtp_err_status_algo_fail; >- } >+ printf("test case %d failed at byte %d\n", i, j); >+ printf("computed: %s\n", >+ octet_string_hex_string(buffer1, buflen)); >+ printf("expected: %s\n", >+ octet_string_hex_string(buffer0, buflen)); >+#endif >+ return srtp_err_status_algo_fail; >+ } >+ } > } >- } >- >- printf("passed\n"); > >- return srtp_err_status_ok; >-} >+ printf("passed\n"); > >+ return srtp_err_status_ok; >+} > > /* > * The function cipher_test_throughput_array() tests the effect of CPU >- * cache thrash on cipher throughput. >+ * cache thrash on cipher throughput. > * > * cipher_array_alloc_init(ctype, array, num_ciphers) creates an array > * of srtp_cipher_t of type ctype > */ > >-srtp_err_status_t >-cipher_array_alloc_init(srtp_cipher_t ***ca, int num_ciphers, >- srtp_cipher_type_t *ctype, int klen) { >- int i, j; >- srtp_err_status_t status; >- uint8_t *key; >- srtp_cipher_t **cipher_array; >- /* pad klen allocation, to handle aes_icm reading 16 bytes for the >- 14-byte salt */ >- int klen_pad = ((klen + 15) >> 4) << 4; >- >- /* allocate array of pointers to ciphers */ >- cipher_array = (srtp_cipher_t **) malloc(sizeof(srtp_cipher_t *) * num_ciphers); >- if (cipher_array == NULL) >- return srtp_err_status_alloc_fail; >- >- /* set ca to location of cipher_array */ >- *ca = cipher_array; >- >- /* allocate key */ >- key = srtp_crypto_alloc(klen_pad); >- if (key == NULL) { >- free(cipher_array); >- return srtp_err_status_alloc_fail; >- } >- >- /* allocate and initialize an array of ciphers */ >- for (i=0; i < num_ciphers; i++) { >- >- /* allocate cipher */ >- status = srtp_cipher_type_alloc(ctype, cipher_array, klen, 16); >- if (status) >- return status; >- >- /* generate random key and initialize cipher */ >- for (j=0; j < klen; j++) >- key[j] = (uint8_t) rand(); >- for (; j < klen_pad; j++) >- key[j] = 0; >- status = srtp_cipher_init(*cipher_array, key); >- if (status) >- return status; >- >-/* printf("%dth cipher is at %p\n", i, *cipher_array); */ >-/* printf("%dth cipher description: %s\n", i, */ >-/* (*cipher_array)->type->description); */ >- >- /* advance cipher array pointer */ >- cipher_array++; >- } >- >- srtp_crypto_free(key); >- >- return srtp_err_status_ok; >-} >+srtp_err_status_t cipher_array_alloc_init(srtp_cipher_t ***ca, >+ int num_ciphers, >+ srtp_cipher_type_t *ctype, >+ int klen) >+{ >+ int i, j; >+ srtp_err_status_t status; >+ uint8_t *key; >+ srtp_cipher_t **cipher_array; >+ /* pad klen allocation, to handle aes_icm reading 16 bytes for the >+ 14-byte salt */ >+ int klen_pad = ((klen + 15) >> 4) << 4; >+ >+ /* allocate array of pointers to ciphers */ >+ cipher_array = (srtp_cipher_t **)srtp_crypto_alloc(sizeof(srtp_cipher_t *) * >+ num_ciphers); >+ if (cipher_array == NULL) >+ return srtp_err_status_alloc_fail; >+ >+ /* set ca to location of cipher_array */ >+ *ca = cipher_array; >+ >+ /* allocate key */ >+ key = srtp_crypto_alloc(klen_pad); >+ if (key == NULL) { >+ srtp_crypto_free(cipher_array); >+ return srtp_err_status_alloc_fail; >+ } >+ >+ /* allocate and initialize an array of ciphers */ >+ for (i = 0; i < num_ciphers; i++) { >+ /* allocate cipher */ >+ status = srtp_cipher_type_alloc(ctype, cipher_array, klen, 16); >+ if (status) >+ return status; >+ >+ /* generate random key and initialize cipher */ >+ for (j = 0; j < klen; j++) >+ key[j] = (uint8_t)rand(); >+ for (; j < klen_pad; j++) >+ key[j] = 0; >+ status = srtp_cipher_init(*cipher_array, key); >+ if (status) >+ return status; >+ >+ /* printf("%dth cipher is at %p\n", i, *cipher_array); */ >+ /* printf("%dth cipher description: %s\n", i, */ >+ /* (*cipher_array)->type->description); */ >+ >+ /* advance cipher array pointer */ >+ cipher_array++; >+ } >+ >+ srtp_crypto_free(key); > >-srtp_err_status_t >-cipher_array_delete(srtp_cipher_t *cipher_array[], int num_cipher) { >- int i; >- >- for (i=0; i < num_cipher; i++) { >- srtp_cipher_dealloc(cipher_array[i]); >- } >- >- free(cipher_array); >- >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >+srtp_err_status_t cipher_array_delete(srtp_cipher_t *cipher_array[], >+ int num_cipher) >+{ >+ int i; >+ >+ for (i = 0; i < num_cipher; i++) { >+ srtp_cipher_dealloc(cipher_array[i]); >+ } >+ >+ srtp_crypto_free(cipher_array); >+ >+ return srtp_err_status_ok; >+} > > /* > * cipher_array_bits_per_second(c, l, t) computes (an estimate of) the > * number of bits that a cipher implementation can encrypt in a second > * when distinct keys are used to encrypt distinct messages >- * >+ * > * c is a cipher (which MUST be allocated an initialized already), l > * is the length in octets of the test data to be encrypted, and t is > * the number of trials >@@ -520,80 +526,85 @@ cipher_array_delete(srtp_cipher_t *cipher_array[], int num_cipher) { > * if an error is encountered, the value 0 is returned > */ > >-uint64_t >-cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], int num_cipher, >- unsigned octets_in_buffer, int num_trials) { >- int i; >- v128_t nonce; >- clock_t timer; >- unsigned char *enc_buf; >- int cipher_index = rand() % num_cipher; >- >- /* Over-alloc, for NIST CBC padding */ >- enc_buf = srtp_crypto_alloc(octets_in_buffer+17); >- if (enc_buf == NULL) >- return 0; /* indicate bad parameters by returning null */ >- memset(enc_buf, 0, octets_in_buffer); >- >- /* time repeated trials */ >- v128_set_to_zero(&nonce); >- timer = clock(); >- for(i=0; i < num_trials; i++, nonce.v32[3] = i) { >- /* length parameter to srtp_cipher_encrypt is in/out -- out is total, padded >- * length -- so reset it each time. */ >- unsigned octets_to_encrypt = octets_in_buffer; >- >- /* encrypt buffer with cipher */ >- srtp_cipher_set_iv(cipher_array[cipher_index], (uint8_t*)&nonce, srtp_direction_encrypt); >- srtp_cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_to_encrypt); >- >- /* choose a cipher at random from the array*/ >- cipher_index = (*((uint32_t *)enc_buf)) % num_cipher; >- } >- timer = clock() - timer; >- >- free(enc_buf); >- >- if (timer == 0) { >- /* Too fast! */ >- return 0; >- } >+uint64_t cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], >+ int num_cipher, >+ unsigned octets_in_buffer, >+ int num_trials) >+{ >+ int i; >+ v128_t nonce; >+ clock_t timer; >+ unsigned char *enc_buf; >+ int cipher_index = rand() % num_cipher; >+ >+ /* Over-alloc, for NIST CBC padding */ >+ enc_buf = srtp_crypto_alloc(octets_in_buffer + 17); >+ if (enc_buf == NULL) >+ return 0; /* indicate bad parameters by returning null */ >+ >+ /* time repeated trials */ >+ v128_set_to_zero(&nonce); >+ timer = clock(); >+ for (i = 0; i < num_trials; i++, nonce.v32[3] = i) { >+ /* length parameter to srtp_cipher_encrypt is in/out -- out is total, >+ * padded >+ * length -- so reset it each time. */ >+ unsigned octets_to_encrypt = octets_in_buffer; >+ >+ /* encrypt buffer with cipher */ >+ srtp_cipher_set_iv(cipher_array[cipher_index], (uint8_t *)&nonce, >+ srtp_direction_encrypt); >+ srtp_cipher_encrypt(cipher_array[cipher_index], enc_buf, >+ &octets_to_encrypt); >+ >+ /* choose a cipher at random from the array*/ >+ cipher_index = (*((uint32_t *)enc_buf)) % num_cipher; >+ } >+ timer = clock() - timer; > >- return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; >-} >+ srtp_crypto_free(enc_buf); > >-void >-cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher) { >- int i; >- int min_enc_len = 16; >- int max_enc_len = 2048; /* should be a power of two */ >- int num_trials = 1000000; >+ if (timer == 0) { >+ /* Too fast! */ >+ return 0; >+ } > >- printf("timing %s throughput with key length %d, array size %d:\n", >- (ca[0])->type->description, (ca[0])->key_len, num_cipher); >- fflush(stdout); >- for (i=min_enc_len; i <= max_enc_len; i = i * 4) >- printf("msg len: %d\tgigabits per second: %f\n", i, >- cipher_array_bits_per_second(ca, num_cipher, i, num_trials) / 1e9); >+ return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; >+} > >+void cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher) >+{ >+ int i; >+ int min_enc_len = 16; >+ int max_enc_len = 2048; /* should be a power of two */ >+ int num_trials = 1000000; >+ >+ printf("timing %s throughput with key length %d, array size %d:\n", >+ (ca[0])->type->description, (ca[0])->key_len, num_cipher); >+ fflush(stdout); >+ for (i = min_enc_len; i <= max_enc_len; i = i * 4) >+ printf("msg len: %d\tgigabits per second: %f\n", i, >+ cipher_array_bits_per_second(ca, num_cipher, i, num_trials) / >+ 1e9); > } > >-srtp_err_status_t >-cipher_driver_test_array_throughput(srtp_cipher_type_t *ct, >- int klen, int num_cipher) { >- srtp_cipher_t **ca = NULL; >- srtp_err_status_t status; >- >- status = cipher_array_alloc_init(&ca, num_cipher, ct, klen); >- if (status) { >- printf("error: cipher_array_alloc_init() failed with error code %d\n", >- status); >- return status; >- } >- >- cipher_array_test_throughput(ca, num_cipher); >- >- cipher_array_delete(ca, num_cipher); >- >- return srtp_err_status_ok; >+srtp_err_status_t cipher_driver_test_array_throughput(srtp_cipher_type_t *ct, >+ int klen, >+ int num_cipher) >+{ >+ srtp_cipher_t **ca = NULL; >+ srtp_err_status_t status; >+ >+ status = cipher_array_alloc_init(&ca, num_cipher, ct, klen); >+ if (status) { >+ printf("error: cipher_array_alloc_init() failed with error code %d\n", >+ status); >+ return status; >+ } >+ >+ cipher_array_test_throughput(ca, num_cipher); >+ >+ cipher_array_delete(ca, num_cipher); >+ >+ return srtp_err_status_ok; > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/datatypes_driver.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/datatypes_driver.c >index d847c2f8029a5df2f3e4db2194f99c3907698866..2f78903eb8eb133e622dea5cd1d0a9ee2157d27d 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/datatypes_driver.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/datatypes_driver.c >@@ -8,26 +8,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -43,117 +43,108 @@ > * > */ > >- > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > >-#include <stdio.h> /* for printf() */ >-#include <string.h> /* for strlen() */ >+#include <stdio.h> /* for printf() */ >+#include <string.h> /* for strlen() */ > #include "datatypes.h" > #include "util.h" > >-void >-byte_order(void); >+void byte_order(void); > >-void >-test_hex_string_funcs(void); >+void test_hex_string_funcs(void); > >-void >-print_string(char *s); >+void print_string(char *s); > >-void >-test_bswap(void); >+void test_bswap(void); > >-int >-main (void) { >- >- /* >- * this program includes various and sundry tests for fundamental >- * datatypes. it's a grab-bag of throwaway code, retained only in >- * case of future problems >- */ >- >- int i, j; >- v128_t x; >- char *r = >- "The Moving Finger writes; and, having writ,\n" >- "Moves on: nor all thy Piety nor Wit\n" >- "Shall lure it back to cancel half a Line,\n" >- "Nor all thy Tears wash out a Word of it."; >- char *s = "incomplet"; >- >- print_string(r); >- print_string(s); >- >- byte_order(); >- test_hex_string_funcs(); >- >- for (j=0; j < 128; j++) { >+int main(void) >+{ >+ /* >+ * this program includes various and sundry tests for fundamental >+ * datatypes. it's a grab-bag of throwaway code, retained only in >+ * case of future problems >+ */ >+ >+ int i, j; >+ v128_t x; >+ char *r = "The Moving Finger writes; and, having writ,\n" >+ "Moves on: nor all thy Piety nor Wit\n" >+ "Shall lure it back to cancel half a Line,\n" >+ "Nor all thy Tears wash out a Word of it."; >+ char *s = "incomplet"; >+ >+ print_string(r); >+ print_string(s); >+ >+ byte_order(); >+ test_hex_string_funcs(); >+ >+ for (j = 0; j < 128; j++) { >+ v128_set_to_zero(&x); >+ /* x.v32[0] = (1 << j); */ >+ v128_set_bit(&x, j); >+ printf("%s\n", v128_bit_string(&x)); >+ v128_clear_bit(&x, j); >+ printf("%s\n", v128_bit_string(&x)); >+ } >+ >+ printf("----------------------------------------------\n"); >+ v128_set_to_zero(&x); >+ for (i = 0; i < 128; i++) { >+ v128_set_bit(&x, i); >+ } >+ printf("%s\n", v128_bit_string(&x)); >+ >+ printf("----------------------------------------------\n"); > v128_set_to_zero(&x); >- /* x.v32[0] = (1 << j); */ >- v128_set_bit(&x, j); >- printf("%s\n", v128_bit_string(&x)); >- v128_clear_bit(&x, j); >- printf("%s\n", v128_bit_string(&x)); >- >- } >- >- printf("----------------------------------------------\n"); >- v128_set_to_zero(&x); >- for (i=0; i < 128; i++) { >- v128_set_bit(&x, i); >- } >- printf("%s\n", v128_bit_string(&x)); >- >- printf("----------------------------------------------\n"); >- v128_set_to_zero(&x); >- v128_set_bit(&x, 0); >- for (i=0; i < 128; i++) { >- printf("%s\n", v128_bit_string(&x)); >- v128_right_shift(&x, 1); >- } >- printf("----------------------------------------------\n"); >- v128_set_to_zero(&x); >- v128_set_bit(&x, 127); >- for (i=0; i < 128; i++) { >- printf("%s\n", v128_bit_string(&x)); >- v128_left_shift(&x, 1); >- } >- printf("----------------------------------------------\n"); >- for (i=0; i < 128; i++) { >+ v128_set_bit(&x, 0); >+ for (i = 0; i < 128; i++) { >+ printf("%s\n", v128_bit_string(&x)); >+ v128_right_shift(&x, 1); >+ } >+ printf("----------------------------------------------\n"); > v128_set_to_zero(&x); > v128_set_bit(&x, 127); >- v128_left_shift(&x, i); >- printf("%s\n", v128_bit_string(&x)); >- } >- printf("----------------------------------------------\n"); >- v128_set_to_zero(&x); >- for (i=0; i < 128; i+=2) { >- v128_set_bit(&x, i); >- } >- printf("bit_string: { %s }\n", v128_bit_string(&x)); >- printf("get_bit: { "); >- for (i=0; i < 128; i++) { >- if (v128_get_bit(&x, i) == 1) >- printf("1"); >- else >- printf("0"); >- } >- printf(" } \n"); >- >- test_bswap(); >- >- return 0; >+ for (i = 0; i < 128; i++) { >+ printf("%s\n", v128_bit_string(&x)); >+ v128_left_shift(&x, 1); >+ } >+ printf("----------------------------------------------\n"); >+ for (i = 0; i < 128; i++) { >+ v128_set_to_zero(&x); >+ v128_set_bit(&x, 127); >+ v128_left_shift(&x, i); >+ printf("%s\n", v128_bit_string(&x)); >+ } >+ printf("----------------------------------------------\n"); >+ v128_set_to_zero(&x); >+ for (i = 0; i < 128; i += 2) { >+ v128_set_bit(&x, i); >+ } >+ printf("bit_string: { %s }\n", v128_bit_string(&x)); >+ printf("get_bit: { "); >+ for (i = 0; i < 128; i++) { >+ if (v128_get_bit(&x, i) == 1) >+ printf("1"); >+ else >+ printf("0"); >+ } >+ printf(" } \n"); >+ >+ test_bswap(); >+ >+ return 0; > } > >- > /* byte_order() prints out byte ordering of datatypes */ > >-void >-byte_order(void) { >- int i; >- v128_t e; >+void byte_order(void) >+{ >+ int i; >+ v128_t e; > #if 0 > v16_t b; > v32_t c; >@@ -180,63 +171,60 @@ byte_order(void) { > > c.value = 0x00010002; > printf("v32_t:\t%x%x\n", c.v16[0], c.v16[1]); >-#endif >+#endif > >- printf("byte ordering of crypto/math datatypes:\n"); >- for (i=0; i < sizeof(e); i++) >- e.v8[i] = i; >- printf("v128_t: %s\n", v128_hex_string(&e)); >- >+ printf("byte ordering of crypto/math datatypes:\n"); >+ for (i = 0; i < sizeof(e); i++) >+ e.v8[i] = i; >+ printf("v128_t: %s\n", v128_hex_string(&e)); > } > >-void >-test_hex_string_funcs(void) { >- char hex1[] = "abadcafe"; >- char hex2[] = "0123456789abcdefqqqqq"; >- char raw[10]; >- int len; >- >- len = hex_string_to_octet_string(raw, hex1, strlen(hex1)); >- printf("computed length: %d\tstring: %s\n", len, >- octet_string_hex_string(raw, len/2)); >- printf("expected length: %u\tstring: %s\n", (unsigned)strlen(hex1), hex1); >- >- len = hex_string_to_octet_string(raw, hex2, strlen(hex2)); >- printf("computed length: %d\tstring: %s\n", len, >- octet_string_hex_string(raw, len/2)); >- printf("expected length: %d\tstring: %s\n", 16, "0123456789abcdef"); >- >+void test_hex_string_funcs(void) >+{ >+ char hex1[] = "abadcafe"; >+ char hex2[] = "0123456789abcdefqqqqq"; >+ char raw[10]; >+ int len; >+ >+ len = hex_string_to_octet_string(raw, hex1, strlen(hex1)); >+ printf("computed length: %d\tstring: %s\n", len, >+ octet_string_hex_string(raw, len / 2)); >+ printf("expected length: %u\tstring: %s\n", (unsigned)strlen(hex1), hex1); >+ >+ len = hex_string_to_octet_string(raw, hex2, strlen(hex2)); >+ printf("computed length: %d\tstring: %s\n", len, >+ octet_string_hex_string(raw, len / 2)); >+ printf("expected length: %d\tstring: %s\n", 16, "0123456789abcdef"); > } > >-void >-print_string(char *s) { >- size_t i; >- printf("%s\n", s); >- printf("strlen(s) = %u\n", (unsigned)strlen(s)); >- printf("{ "); >- for (i=0; i < strlen(s); i++) { >- printf("0x%x, ", s[i]); >- if (((i+1) % 8) == 0) >- printf("\n "); >- } >- printf("}\n"); >+void print_string(char *s) >+{ >+ size_t i; >+ printf("%s\n", s); >+ printf("strlen(s) = %u\n", (unsigned)strlen(s)); >+ printf("{ "); >+ for (i = 0; i < strlen(s); i++) { >+ printf("0x%x, ", s[i]); >+ if (((i + 1) % 8) == 0) >+ printf("\n "); >+ } >+ printf("}\n"); > } > >-void >-test_bswap(void) { >- uint32_t x = 0x11223344; >- uint64_t y = 0x1122334455667788LL; >+void test_bswap(void) >+{ >+ uint32_t x = 0x11223344; >+ uint64_t y = 0x1122334455667788LL; > >- printf("before: %0x\nafter: %0x\n", x, (unsigned int)be32_to_cpu(x)); >- printf("before: %0llx\nafter: %0llx\n", (unsigned long long)y, >- (unsigned long long)be64_to_cpu(y)); >+ printf("before: %0x\nafter: %0x\n", x, (unsigned int)be32_to_cpu(x)); >+ printf("before: %0llx\nafter: %0llx\n", (unsigned long long)y, >+ (unsigned long long)be64_to_cpu(y)); > >- y = 1234; >+ y = 1234; > >- printf("1234: %0llx\n", (unsigned long long)y); >- printf("as octet string: %s\n", >- octet_string_hex_string((uint8_t *) &y, 8)); >- y = be64_to_cpu(y); >- printf("bswapped octet string: %s\n", >- octet_string_hex_string((uint8_t *) &y, 8)); >+ printf("1234: %0llx\n", (unsigned long long)y); >+ printf("as octet string: %s\n", octet_string_hex_string((uint8_t *)&y, 8)); >+ y = be64_to_cpu(y); >+ printf("bswapped octet string: %s\n", >+ octet_string_hex_string((uint8_t *)&y, 8)); > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/kernel_driver.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/kernel_driver.c >index 92b72402498c5174039df6321e1149a2133941ef..d29405a9717da361e85ae46b93a688b87e0dc928 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/kernel_driver.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/crypto/test/kernel_driver.c >@@ -7,26 +7,26 @@ > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright(c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -42,77 +42,76 @@ > * > */ > >- > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > >-#include <stdio.h> /* for printf() */ >+#include <stdio.h> /* for printf() */ > #include "getopt_s.h" > #include "crypto_kernel.h" > >-void >-usage(char *prog_name) { >- printf("usage: %s [ -v ][ -d debug_module ]*\n", prog_name); >- exit(255); >+void usage(char *prog_name) >+{ >+ printf("usage: %s [ -v ][ -d debug_module ]*\n", prog_name); >+ exit(255); > } > >-int >-main (int argc, char *argv[]) { >- int q; >- int do_validation = 0; >- srtp_err_status_t status; >+int main(int argc, char *argv[]) >+{ >+ int q; >+ int do_validation = 0; >+ srtp_err_status_t status; > >- if (argc == 1) >- usage(argv[0]); >+ if (argc == 1) >+ usage(argv[0]); > >- /* initialize kernel - we need to do this before anything else */ >- status = srtp_crypto_kernel_init(); >- if (status) { >- printf("error: srtp_crypto_kernel init failed\n"); >- exit(1); >- } >- printf("srtp_crypto_kernel successfully initalized\n"); >+ /* initialize kernel - we need to do this before anything else */ >+ status = srtp_crypto_kernel_init(); >+ if (status) { >+ printf("error: srtp_crypto_kernel init failed\n"); >+ exit(1); >+ } >+ printf("srtp_crypto_kernel successfully initalized\n"); >+ >+ /* process input arguments */ >+ while (1) { >+ q = getopt_s(argc, argv, "vd:"); >+ if (q == -1) >+ break; >+ switch (q) { >+ case 'v': >+ do_validation = 1; >+ break; >+ case 'd': >+ status = srtp_crypto_kernel_set_debug_module(optarg_s, 1); >+ if (status) { >+ printf("error: set debug module (%s) failed\n", optarg_s); >+ exit(1); >+ } >+ break; >+ default: >+ usage(argv[0]); >+ } >+ } > >- /* process input arguments */ >- while (1) { >- q = getopt_s(argc, argv, "vd:"); >- if (q == -1) >- break; >- switch (q) { >- case 'v': >- do_validation = 1; >- break; >- case 'd': >- status = srtp_crypto_kernel_set_debug_module(optarg_s, 1); >- if (status) { >- printf("error: set debug module (%s) failed\n", optarg_s); >- exit(1); >- } >- break; >- default: >- usage(argv[0]); >- } >- } >+ if (do_validation) { >+ printf("checking srtp_crypto_kernel status...\n"); >+ status = srtp_crypto_kernel_status(); >+ if (status) { >+ printf("failed\n"); >+ exit(1); >+ } >+ printf("srtp_crypto_kernel passed self-tests\n"); >+ } > >- if (do_validation) { >- printf("checking srtp_crypto_kernel status...\n"); >- status = srtp_crypto_kernel_status(); >+ status = srtp_crypto_kernel_shutdown(); > if (status) { >- printf("failed\n"); >- exit(1); >+ printf("error: srtp_crypto_kernel shutdown failed\n"); >+ exit(1); > } >- printf("srtp_crypto_kernel passed self-tests\n"); >- } >+ printf("srtp_crypto_kernel successfully shut down\n"); > >- status = srtp_crypto_kernel_shutdown(); >- if (status) { >- printf("error: srtp_crypto_kernel shutdown failed\n"); >- exit(1); >- } >- printf("srtp_crypto_kernel successfully shut down\n"); >- >- return 0; >+ return 0; > } > > /* >@@ -120,10 +119,9 @@ main (int argc, char *argv[]) { > * of the crypto_kernel > */ > >-srtp_err_status_t >-crypto_kernel_cipher_test(void) { >- >- /* not implemented yet! */ >+srtp_err_status_t crypto_kernel_cipher_test(void) >+{ >+ /* not implemented yet! */ > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/ekt.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/ekt.h >index 86bfa17adf69eb43963b11eb93d74a7f39749f4e..a289a53dabe51ecc11c73f8da66dbc6862ca727d 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/ekt.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/ekt.h >@@ -7,26 +7,26 @@ > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright (c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -42,15 +42,13 @@ > * > */ > >- >- > /* >- * EKT implementation strategy >- * >+ * EKT implementation strategy >+ * > * use stream_template approach > * > * in srtp_unprotect, when a new stream appears, check if template has >- * EKT defined, and if it does, then apply EKT processing >+ * EKT defined, and if it does, then apply EKT processing > * > * question: will we want to allow key-sharing templates in addition > * to EKT templates? could define a new ssrc_type_t that's associated >@@ -69,14 +67,13 @@ > extern "C" { > #endif > >-#define SRTP_EKT_CIPHER_DEFAULT 1 >-#define SRTP_EKT_CIPHER_AES_128_ECB 1 >-#define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2 >-#define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3 >+#define SRTP_EKT_CIPHER_DEFAULT 1 >+#define SRTP_EKT_CIPHER_AES_128_ECB 1 >+#define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2 >+#define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3 > > typedef uint16_t srtp_ekt_spi_t; > >- > unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt); > > /* >@@ -88,24 +85,23 @@ unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt); > */ > > typedef struct srtp_ekt_policy_ctx_t { >- srtp_ekt_spi_t spi; /* security parameter index */ >- uint8_t ekt_cipher_type; >- uint8_t *ekt_key; >- struct srtp_ekt_policy_ctx_t *next_ekt_policy; >+ srtp_ekt_spi_t spi; /* security parameter index */ >+ uint8_t ekt_cipher_type; >+ uint8_t *ekt_key; >+ struct srtp_ekt_policy_ctx_t *next_ekt_policy; > } srtp_ekt_policy_ctx_t; > >- > /* > * an srtp_ekt_data_t structure holds the data corresponding to an ekt key, > * spi, and so on > */ > > typedef struct srtp_ekt_data_t { >- srtp_ekt_spi_t spi; >- uint8_t ekt_cipher_type; >- srtp_aes_expanded_key_t ekt_enc_key; >- srtp_aes_expanded_key_t ekt_dec_key; >- struct ekt_data_t *next_ekt_data; >+ srtp_ekt_spi_t spi; >+ uint8_t ekt_cipher_type; >+ srtp_aes_expanded_key_t ekt_enc_key; >+ srtp_aes_expanded_key_t ekt_dec_key; >+ struct ekt_data_t *next_ekt_data; > } srtp_ekt_data_t; > > /* >@@ -116,25 +112,31 @@ typedef struct srtp_ekt_data_t { > */ > > typedef struct srtp_ekt_stream_ctx_t { >- srtp_ekt_data_t *data; >- uint16_t isn; /* initial sequence number */ >- uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; >+ srtp_ekt_data_t *data; >+ uint16_t isn; /* initial sequence number */ >+ uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; > } srtp_ekt_stream_ctx_t; > >+srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, >+ srtp_ekt_policy_t policy); > >+srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e, >+ srtp_ekt_spi_t spi, >+ void *ekt_key, >+ unsigned ekt_cipher_type); > >-srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy); >- >-srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e, srtp_ekt_spi_t spi, void *ekt_key, unsigned ekt_cipher_type); >- >-srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e, srtp_ekt_policy_t p); >- >- >+srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e, >+ srtp_ekt_policy_t p); > >-srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len); >- >+srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, >+ const void *srtcp_hdr, >+ unsigned pkt_octet_len); > >-void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, srtp_xtd_seq_num_t pkt_index); >+void srtp_ekt_write_data(srtp_ekt_stream_t ekt, >+ uint8_t *base_tag, >+ unsigned base_tag_len, >+ int *packet_len, >+ srtp_xtd_seq_num_t pkt_index); > > /* > * We handle EKT by performing some additional steps before >@@ -144,10 +146,13 @@ void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base > * With EKT, the tag_len parameter is actually the base tag > * length > */ >-srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len); >- >-srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len); >+srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag, >+ uint8_t *pkt_tag_copy, >+ unsigned tag_len); > >+srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, >+ uint8_t *pkt_tag_copy, >+ unsigned tag_len); > > /* > * @brief EKT pre-processing for srtcp tag generation >@@ -157,16 +162,18 @@ srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, uint8_t > * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI > * fields. The Base Authentication Tag field is set to the all-zero > * value >- * >+ * > * When EKT is not used, this function is a no-op. >- * >+ * > */ >-srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, uint8_t *pkt_tag, unsigned pkt_octet_len); >+srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess( >+ const srtp_stream_t *s, >+ uint8_t *pkt_tag, >+ unsigned pkt_octet_len); > > /* it's not clear that a tag_generation_postprocess function is needed */ > srtp_err_status_t srtcp_auth_tag_generation_postprocess(void); > >- > #ifdef __cplusplus > } > #endif >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/getopt_s.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/getopt_s.h >index 63278e9850835b102713c0bca4f2cb77739a2c8f..53fb25ba7100219d39e22befeb3d50340469c1d5 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/getopt_s.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/getopt_s.h >@@ -7,26 +7,26 @@ > * > */ > /* >- * >+ * > * Copyright (c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -49,17 +49,16 @@ > extern "C" { > #endif > >-/* >+/* > * getopt_s(), optarg_s, and optind_s are small, locally defined > * versions of the POSIX standard getopt() interface. > */ >- >-int >-getopt_s(int argc, char * const argv[], const char *optstring); > >-extern char *optarg_s; /* defined in getopt.c */ >+int getopt_s(int argc, char *const argv[], const char *optstring); >+ >+extern char *optarg_s; /* defined in getopt.c */ > >-extern int optind_s; /* defined in getopt.c */ >+extern int optind_s; /* defined in getopt.c */ > > #ifdef __cplusplus > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/rtp.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/rtp.h >deleted file mode 100644 >index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/rtp_priv.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/rtp_priv.h >deleted file mode 100644 >index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/srtp.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/srtp.h >index 6d42f7b52f0d6e605fae8db73156e267204968ba..1fdd6c3affd835cd4223dd9ccc777045f88dbd7f 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/srtp.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/srtp.h >@@ -7,26 +7,26 @@ > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -42,7 +42,6 @@ > * > */ > >- > #ifndef SRTP_SRTP_H > #define SRTP_SRTP_H > >@@ -70,13 +69,13 @@ extern "C" { > /* > * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP > */ >-#define SRTP_MAX_KEY_LEN 64 >+#define SRTP_MAX_KEY_LEN 64 > > /* > * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP > */ > >-#define SRTP_MAX_TAG_LEN 16 >+#define SRTP_MAX_TAG_LEN 16 > > /** > * SRTP_MAX_MKI_LEN is the maximum size the MKI could be which is >@@ -84,7 +83,6 @@ extern "C" { > */ > #define SRTP_MAX_MKI_LEN 128 > >- > /** > * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer > * (authentication tag and MKI) supported by libSRTP. This value is >@@ -97,32 +95,36 @@ extern "C" { > > /** > * SRTP_MAX_NUM_MASTER_KEYS is the maximum number of Master keys for >- * MKI supported by libSRTP. >- * >+ * MKI supported by libSRTP. >+ * > */ > #define SRTP_MAX_NUM_MASTER_KEYS 16 > >-#define SRTP_SALT_LEN 14 >+#define SRTP_SALT_LEN 14 >+ > /* > * SRTP_AEAD_SALT_LEN is the length of the SALT values used with > * GCM mode. GCM mode requires an IV. The SALT value is used > * as part of the IV formation logic applied to each RTP packet. > */ >-#define SRTP_AEAD_SALT_LEN 12 >+#define SRTP_AEAD_SALT_LEN 12 > >-#define SRTP_AES_128_KEY_LEN 16 >-#define SRTP_AES_192_KEY_LEN 24 >-#define SRTP_AES_256_KEY_LEN 32 >+#define SRTP_AES_128_KEY_LEN 16 >+#define SRTP_AES_192_KEY_LEN 24 >+#define SRTP_AES_256_KEY_LEN 32 > >-#define SRTP_AES_ICM_128_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_128_KEY_LEN) >-#define SRTP_AES_ICM_192_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_192_KEY_LEN) >-#define SRTP_AES_ICM_256_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_256_KEY_LEN) >+#define SRTP_AES_ICM_128_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_128_KEY_LEN) >+#define SRTP_AES_ICM_192_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_192_KEY_LEN) >+#define SRTP_AES_ICM_256_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_256_KEY_LEN) > >-#define SRTP_AES_GCM_128_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_128_KEY_LEN) >-#define SRTP_AES_GCM_192_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_192_KEY_LEN) >-#define SRTP_AES_GCM_256_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_256_KEY_LEN) >+#define SRTP_AES_GCM_128_KEY_LEN_WSALT \ >+ (SRTP_AEAD_SALT_LEN + SRTP_AES_128_KEY_LEN) >+#define SRTP_AES_GCM_192_KEY_LEN_WSALT \ >+ (SRTP_AEAD_SALT_LEN + SRTP_AES_192_KEY_LEN) >+#define SRTP_AES_GCM_256_KEY_LEN_WSALT \ >+ (SRTP_AEAD_SALT_LEN + SRTP_AES_256_KEY_LEN) > >-/** >+/** > * @brief A srtp_cipher_type_id_t is an identifier for a particular cipher > * type. > * >@@ -131,13 +133,14 @@ extern "C" { > * SRTP_NULL_CIPHER is avaliable; this cipher leaves the data unchanged, > * and can be selected to indicate that no encryption is to take > * place. >- * >+ * > * @ingroup Ciphers > */ >-typedef uint32_t srtp_cipher_type_id_t; >+typedef uint32_t srtp_cipher_type_id_t; > > /** >- * @brief An srtp_auth_type_id_t is an identifier for a particular authentication >+ * @brief An srtp_auth_type_id_t is an identifier for a particular >+ * authentication > * function. > * > * An srtp_auth_type_id_t is an integer that represents a particular >@@ -145,7 +148,7 @@ typedef uint32_t srtp_cipher_type_id_t; > * avaliable; this authentication function performs no computation, > * and can be selected to indicate that no authentication is to take > * place. >- * >+ * > * @ingroup Authentication > */ > typedef uint32_t srtp_auth_type_id_t; >@@ -159,120 +162,119 @@ typedef uint32_t srtp_auth_type_id_t; > * > */ > typedef enum { >- srtp_err_status_ok = 0, /**< nothing to report */ >- srtp_err_status_fail = 1, /**< unspecified failure */ >- srtp_err_status_bad_param = 2, /**< unsupported parameter */ >- srtp_err_status_alloc_fail = 3, /**< couldn't allocate memory */ >- srtp_err_status_dealloc_fail = 4, /**< couldn't deallocate properly */ >- srtp_err_status_init_fail = 5, /**< couldn't initialize */ >- srtp_err_status_terminus = 6, /**< can't process as much data as requested */ >- srtp_err_status_auth_fail = 7, /**< authentication failure */ >- srtp_err_status_cipher_fail = 8, /**< cipher failure */ >- srtp_err_status_replay_fail = 9, /**< replay check failed (bad index) */ >- srtp_err_status_replay_old = 10, /**< replay check failed (index too old) */ >- srtp_err_status_algo_fail = 11, /**< algorithm failed test routine */ >- srtp_err_status_no_such_op = 12, /**< unsupported operation */ >- srtp_err_status_no_ctx = 13, /**< no appropriate context found */ >- srtp_err_status_cant_check = 14, /**< unable to perform desired validation */ >- srtp_err_status_key_expired = 15, /**< can't use key any more */ >- srtp_err_status_socket_err = 16, /**< error in use of socket */ >- srtp_err_status_signal_err = 17, /**< error in use POSIX signals */ >- srtp_err_status_nonce_bad = 18, /**< nonce check failed */ >- srtp_err_status_read_fail = 19, /**< couldn't read data */ >- srtp_err_status_write_fail = 20, /**< couldn't write data */ >- srtp_err_status_parse_err = 21, /**< error parsing data */ >- srtp_err_status_encode_err = 22, /**< error encoding data */ >- srtp_err_status_semaphore_err = 23,/**< error while using semaphores */ >- srtp_err_status_pfkey_err = 24, /**< error while using pfkey */ >- srtp_err_status_bad_mki = 25, /**< error MKI present in packet is invalid */ >- srtp_err_status_pkt_idx_old = 26, /**< packet index is too old to consider */ >- srtp_err_status_pkt_idx_adv = 27 /**< packet index advanced, reset needed */ >+ srtp_err_status_ok = 0, /**< nothing to report */ >+ srtp_err_status_fail = 1, /**< unspecified failure */ >+ srtp_err_status_bad_param = 2, /**< unsupported parameter */ >+ srtp_err_status_alloc_fail = 3, /**< couldn't allocate memory */ >+ srtp_err_status_dealloc_fail = 4, /**< couldn't deallocate properly */ >+ srtp_err_status_init_fail = 5, /**< couldn't initialize */ >+ srtp_err_status_terminus = 6, /**< can't process as much data as */ >+ /**< requested */ >+ srtp_err_status_auth_fail = 7, /**< authentication failure */ >+ srtp_err_status_cipher_fail = 8, /**< cipher failure */ >+ srtp_err_status_replay_fail = 9, /**< replay check failed (bad index) */ >+ srtp_err_status_replay_old = 10, /**< replay check failed (index too */ >+ /**< old) */ >+ srtp_err_status_algo_fail = 11, /**< algorithm failed test routine */ >+ srtp_err_status_no_such_op = 12, /**< unsupported operation */ >+ srtp_err_status_no_ctx = 13, /**< no appropriate context found */ >+ srtp_err_status_cant_check = 14, /**< unable to perform desired */ >+ /**< validation */ >+ srtp_err_status_key_expired = 15, /**< can't use key any more */ >+ srtp_err_status_socket_err = 16, /**< error in use of socket */ >+ srtp_err_status_signal_err = 17, /**< error in use POSIX signals */ >+ srtp_err_status_nonce_bad = 18, /**< nonce check failed */ >+ srtp_err_status_read_fail = 19, /**< couldn't read data */ >+ srtp_err_status_write_fail = 20, /**< couldn't write data */ >+ srtp_err_status_parse_err = 21, /**< error parsing data */ >+ srtp_err_status_encode_err = 22, /**< error encoding data */ >+ srtp_err_status_semaphore_err = 23, /**< error while using semaphores */ >+ srtp_err_status_pfkey_err = 24, /**< error while using pfkey */ >+ srtp_err_status_bad_mki = 25, /**< error MKI present in packet is */ >+ /**< invalid */ >+ srtp_err_status_pkt_idx_old = 26, /**< packet index is too old to */ >+ /**< consider */ >+ srtp_err_status_pkt_idx_adv = 27 /**< packet index advanced, reset */ >+ /**< needed */ > } srtp_err_status_t; > >- > typedef struct srtp_ctx_t_ srtp_ctx_t; > > /** >- * @brief srtp_sec_serv_t describes a set of security services. >+ * @brief srtp_sec_serv_t describes a set of security services. > * > * A srtp_sec_serv_t enumeration is used to describe the particular > * security services that will be applied by a particular crypto >- * policy (or other mechanism). >+ * policy (or other mechanism). > */ >- > typedef enum { >- sec_serv_none = 0, /**< no services */ >- sec_serv_conf = 1, /**< confidentiality */ >- sec_serv_auth = 2, /**< authentication */ >- sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */ >+ sec_serv_none = 0, /**< no services */ >+ sec_serv_conf = 1, /**< confidentiality */ >+ sec_serv_auth = 2, /**< authentication */ >+ sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */ > } srtp_sec_serv_t; > >-/** >+/** > * @brief srtp_crypto_policy_t describes a particular crypto policy that > * can be applied to an SRTP stream. > * > * A srtp_crypto_policy_t describes a particular cryptographic policy that > * can be applied to an SRTP or SRTCP stream. An SRTP session policy >- * consists of a list of these policies, one for each SRTP stream >+ * consists of a list of these policies, one for each SRTP stream > * in the session. > */ >- > typedef struct srtp_crypto_policy_t { >- srtp_cipher_type_id_t cipher_type; /**< An integer representing >- * the type of cipher. */ >- int cipher_key_len; /**< The length of the cipher key >- * in octets. */ >- srtp_auth_type_id_t auth_type; /**< An integer representing the >- * authentication function. */ >- int auth_key_len; /**< The length of the authentication >- * function key in octets. */ >- int auth_tag_len; /**< The length of the authentication >- * tag in octets. */ >- srtp_sec_serv_t sec_serv; /**< The flag indicating the security >- * services to be applied. */ >+ srtp_cipher_type_id_t cipher_type; /**< An integer representing */ >+ /**< the type of cipher. */ >+ int cipher_key_len; /**< The length of the cipher key */ >+ /**< in octets. */ >+ srtp_auth_type_id_t auth_type; /**< An integer representing the */ >+ /**< authentication function. */ >+ int auth_key_len; /**< The length of the authentication */ >+ /**< function key in octets. */ >+ int auth_tag_len; /**< The length of the authentication */ >+ /**< tag in octets. */ >+ srtp_sec_serv_t sec_serv; /**< The flag indicating the security */ >+ /**< services to be applied. */ > } srtp_crypto_policy_t; > >- >-/** >+/** > * @brief srtp_ssrc_type_t describes the type of an SSRC. >- * >+ * > * An srtp_ssrc_type_t enumeration is used to indicate a type of SSRC. See > * @ref srtp_policy_t for more informataion. > */ >- >-typedef enum { >- ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */ >- ssrc_specific = 1, /**< Indicates a specific SSRC value */ >- ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value >- (i.e. a value that is used in the >- function srtp_unprotect()) */ >- ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value >- (i.e. a value that is used in the >- function srtp_protect()) */ >+typedef enum { >+ ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */ >+ ssrc_specific = 1, /**< Indicates a specific SSRC value */ >+ ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value */ >+ /**< (i.e. a value that is used in the */ >+ /**< function srtp_unprotect()) */ >+ ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value */ >+ /**< (i.e. a value that is used in the */ >+ /**< function srtp_protect()) */ > } srtp_ssrc_type_t; > > /** >- * @brief An srtp_ssrc_t represents a particular SSRC value, or a `wildcard' SSRC. >- * >+ * @brief An srtp_ssrc_t represents a particular SSRC value, or a `wildcard' >+ * SSRC. >+ * > * An srtp_ssrc_t represents a particular SSRC value (if its type is > * ssrc_specific), or a wildcard SSRC value that will match all > * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound >- * SSRCs (if its type is ssrc_any_inbound). >- * >+ * SSRCs (if its type is ssrc_any_inbound). > */ >- >-typedef struct { >- srtp_ssrc_type_t type; /**< The type of this particular SSRC */ >- unsigned int value; /**< The value of this SSRC, if it is not a wildcard */ >+typedef struct { >+ srtp_ssrc_type_t type; /**< The type of this particular SSRC */ >+ unsigned int value; /**< The value of this SSRC, if it is not a */ >+ /**< wildcard */ > } srtp_ssrc_t; > >- > /** > * @brief points to an EKT policy > */ > typedef struct srtp_ekt_policy_ctx_t *srtp_ekt_policy_t; > >- > /** > * @brief points to EKT stream data > */ >@@ -285,13 +287,13 @@ typedef struct srtp_ekt_stream_ctx_t *srtp_ekt_stream_t; > * Index Size to correctly read it from a packet. > */ > typedef struct srtp_master_key_t { >- unsigned char *key; >- unsigned char *mki_id; >- unsigned int mki_size; >+ unsigned char *key; >+ unsigned char *mki_id; >+ unsigned int mki_size; > } srtp_master_key_t; > >-/** >- * @brief represents the policy for an SRTP session. >+/** >+ * @brief represents the policy for an SRTP session. > * > * A single srtp_policy_t struct represents the policy for a single > * SRTP stream, and a linked list of these elements represents the >@@ -300,7 +302,7 @@ typedef struct srtp_master_key_t { > * master key for that stream, the SSRC describing that stream, or a > * flag indicating a `wildcard' SSRC value, and a `next' field that > * holds a pointer to the next element in the list of policy elements, >- * or NULL if it is the last element. >+ * or NULL if it is the last element. > * > * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an > * inbound stream that for which there is no explicit SSRC entry in >@@ -311,47 +313,44 @@ typedef struct srtp_master_key_t { > * is intentional, and it allows libSRTP to ensure that no security > * lapses result from accidental re-use of SSRC values during key > * sharing. >- * >- * >+ * > * @warning The final element of the list @b must have its `next' pointer > * set to NULL. > */ > > typedef struct srtp_policy_t { >- srtp_ssrc_t ssrc; /**< The SSRC value of stream, or the >- * flags SSRC_ANY_INBOUND or >- * SSRC_ANY_OUTBOUND if key sharing >- * is used for this policy element. >- */ >- srtp_crypto_policy_t rtp; /**< SRTP crypto policy. */ >- srtp_crypto_policy_t rtcp; /**< SRTCP crypto policy. */ >- unsigned char *key; /**< Pointer to the SRTP master key for >- * this stream. */ >- srtp_master_key_t **keys; /** Array of Master Key structures */ >- unsigned long num_master_keys; /** Number of master keys */ >- srtp_ekt_policy_t ekt; /**< Pointer to the EKT policy structure >- * for this stream (if any) */ >- unsigned long window_size; /**< The window size to use for replay >- * protection. */ >- int allow_repeat_tx; /**< Whether retransmissions of >- * packets with the same sequence number >- * are allowed. (Note that such repeated >- * transmissions must have the same RTP >- * payload, or a severe security weakness >- * is introduced!) */ >- int *enc_xtn_hdr; /**< List of header ids to encrypt. */ >- int enc_xtn_hdr_count; /**< Number of entries in list of header ids. */ >- struct srtp_policy_t *next; /**< Pointer to next stream policy. */ >+ srtp_ssrc_t ssrc; /**< The SSRC value of stream, or the */ >+ /**< flags SSRC_ANY_INBOUND or */ >+ /**< SSRC_ANY_OUTBOUND if key sharing */ >+ /**< is used for this policy element. */ >+ srtp_crypto_policy_t rtp; /**< SRTP crypto policy. */ >+ srtp_crypto_policy_t rtcp; /**< SRTCP crypto policy. */ >+ unsigned char *key; /**< Pointer to the SRTP master key for */ >+ /**< this stream. */ >+ srtp_master_key_t **keys; /** Array of Master Key structures */ >+ unsigned long num_master_keys; /** Number of master keys */ >+ srtp_ekt_policy_t ekt; /**< Pointer to the EKT policy structure */ >+ /**< for this stream (if any) */ >+ unsigned long window_size; /**< The window size to use for replay */ >+ /**< protection. */ >+ int allow_repeat_tx; /**< Whether retransmissions of */ >+ /**< packets with the same sequence */ >+ /**< number are allowed. */ >+ /**< (Note that such repeated */ >+ /**< transmissions must have the same */ >+ /**< RTP payload, or a severe security */ >+ /**< weakness is introduced!) */ >+ int *enc_xtn_hdr; /**< List of header ids to encrypt. */ >+ int enc_xtn_hdr_count; /**< Number of entries in list of header */ >+ /**< ids. */ >+ struct srtp_policy_t *next; /**< Pointer to next stream policy. */ > } srtp_policy_t; > >- >- >- > /** > * @brief An srtp_t points to an SRTP session structure. > * > * The typedef srtp_t is a pointer to a structure that represents >- * an SRTP session. This datatype is intentially opaque in >+ * an SRTP session. This datatype is intentially opaque in > * order to separate the interface from the implementation. > * > * An SRTP session consists of all of the traffic sent to the RTP and >@@ -359,17 +358,14 @@ typedef struct srtp_policy_t { > * Audio/Video Profile). A session can be viewed as a set of SRTP > * streams, each of which originates with a different participant. > */ >- > typedef srtp_ctx_t *srtp_t; > >- > /** >- * @brief srtp_init() initializes the srtp library. >+ * @brief srtp_init() initializes the srtp library. > * > * @warning This function @b must be called before any other srtp > * functions. > */ >- > srtp_err_status_t srtp_init(void); > > /** >@@ -377,20 +373,19 @@ srtp_err_status_t srtp_init(void); > * > * @warning No srtp functions may be called after calling this function. > */ >- > srtp_err_status_t srtp_shutdown(void); > > /** > * @brief srtp_protect() is the Secure RTP sender-side packet processing > * function. >- * >+ * > * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP > * protection to the RTP packet rtp_hdr (which has length *len_ptr) using > * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr > * points to the resulting SRTP packet and *len_ptr is the number of > * octets in that packet; otherwise, no assumptions should be made > * about the value of either data elements. >- * >+ * > * The sequence numbers of the RTP packets presented to this function > * need not be consecutive, but they @b must be out of order by less > * than 2^15 = 32,768 packets. >@@ -400,11 +395,11 @@ srtp_err_status_t srtp_shutdown(void); > * packet, and assumes that the RTP packet is aligned on a 32-bit > * boundary. > * >- * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN >- * into the location in memory immediately following the RTP packet. >- * Callers MUST ensure that this much writable memory is available in >+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN >+ * into the location in memory immediately following the RTP packet. >+ * Callers MUST ensure that this much writable memory is available in > * the buffer that holds the RTP packet. >- * >+ * > * @param ctx is the SRTP context to use in processing the packet. > * > * @param rtp_hdr is a pointer to the RTP packet (before the call); after >@@ -415,25 +410,24 @@ srtp_err_status_t srtp_shutdown(void); > * complete SRTP packet after the call, if srtp_err_status_ok was returned. > * Otherwise, the value of the data to which it points is undefined. > * >- * @return >+ * @return > * - srtp_err_status_ok no problems > * - srtp_err_status_replay_fail rtp sequence number was non-increasing > * - @e other failure in cryptographic mechanisms > */ >- > srtp_err_status_t srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); > > /** > * @brief srtp_protect_mki() is the Secure RTP sender-side packet processing > * function that can utilize MKI. >- * >+ * > * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP > * protection to the RTP packet rtp_hdr (which has length *len_ptr) using > * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr > * points to the resulting SRTP packet and *len_ptr is the number of > * octets in that packet; otherwise, no assumptions should be made > * about the value of either data elements. >- * >+ * > * The sequence numbers of the RTP packets presented to this function > * need not be consecutive, but they @b must be out of order by less > * than 2^15 = 32,768 packets. >@@ -443,11 +437,11 @@ srtp_err_status_t srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); > * packet, and assumes that the RTP packet is aligned on a 32-bit > * boundary. > * >- * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN >- * into the location in memory immediately following the RTP packet. >- * Callers MUST ensure that this much writable memory is available in >+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN >+ * into the location in memory immediately following the RTP packet. >+ * Callers MUST ensure that this much writable memory is available in > * the buffer that holds the RTP packet. >- * >+ * > * @param ctx is the SRTP context to use in processing the packet. > * > * @param rtp_hdr is a pointer to the RTP packet (before the call); after >@@ -458,21 +452,23 @@ srtp_err_status_t srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); > * complete SRTP packet after the call, if srtp_err_status_ok was returned. > * Otherwise, the value of the data to which it points is undefined. > * >- * @param use_mki is a boolean to tell the system if mki is being used. If >- * set to false then will use the first set of session keys. If set to true will >+ * @param use_mki is a boolean to tell the system if mki is being used. If >+ * set to false then will use the first set of session keys. If set to true >+ * will > * use the session keys identified by the mki_index > * > * @param mki_index integer value specifying which set of session keys should be > * used if use_mki is set to true. > * >- * @return >+ * @return > * - srtp_err_status_ok no problems > * - srtp_err_status_replay_fail rtp sequence number was non-increasing > * - @e other failure in cryptographic mechanisms > */ >- >-srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, >- int *pkt_octet_len, unsigned int use_mki, >+srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, >+ void *rtp_hdr, >+ int *pkt_octet_len, >+ unsigned int use_mki, > unsigned int mki_index); > > /** >@@ -485,12 +481,12 @@ srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, > * srtp_err_status_ok is returned, then srtp_hdr points to the resulting > * RTP packet and *len_ptr is the number of octets in that packet; > * otherwise, no assumptions should be made about the value of either >- * data elements. >- * >+ * data elements. >+ * > * The sequence numbers of the RTP packets presented to this function > * need not be consecutive, but they @b must be out of order by less > * than 2^15 = 32,768 packets. >- * >+ * > * @warning This function assumes that the SRTP packet is aligned on a > * 32-bit boundary. > * >@@ -506,16 +502,15 @@ srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, > * complete rtp packet after the call, if srtp_err_status_ok was returned. > * Otherwise, the value of the data to which it points is undefined. > * >- * @return >+ * @return > * - srtp_err_status_ok if the RTP packet is valid. >- * - srtp_err_status_auth_fail if the SRTP packet failed the message >- * authentication check. >- * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet has >- * already been processed and accepted). >+ * - srtp_err_status_auth_fail if the SRTP packet failed the message >+ * authentication check. >+ * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet >+ * has already been processed and accepted). > * - [other] if there has been an error in the cryptographic mechanisms. > * > */ >- > srtp_err_status_t srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); > > /** >@@ -528,12 +523,12 @@ srtp_err_status_t srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); > * srtp_err_status_ok is returned, then srtp_hdr points to the resulting > * RTP packet and *len_ptr is the number of octets in that packet; > * otherwise, no assumptions should be made about the value of either >- * data elements. >- * >+ * data elements. >+ * > * The sequence numbers of the RTP packets presented to this function > * need not be consecutive, but they @b must be out of order by less > * than 2^15 = 32,768 packets. >- * >+ * > * @warning This function assumes that the SRTP packet is aligned on a > * 32-bit boundary. > * >@@ -550,52 +545,52 @@ srtp_err_status_t srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); > * Otherwise, the value of the data to which it points is undefined. > * > * @param use_mki is a boolean to tell the system if mki is being used. If >- * set to false then will use the first set of session keys. If set to true will >+ * set to false then will use the first set of session keys. If set to true >+ * will > * use the session keys identified by the mki_index > * >- * @return >+ * @return > * - srtp_err_status_ok if the RTP packet is valid. >- * - srtp_err_status_auth_fail if the SRTP packet failed the message >- * authentication check. >- * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet has >- * already been processed and accepted). >+ * - srtp_err_status_auth_fail if the SRTP packet failed the message >+ * authentication check. >+ * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet >+ * has already been processed and accepted). > * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI id > * - [other] if there has been an error in the cryptographic mechanisms. > * > */ >- >-srtp_err_status_t srtp_unprotect_mki(srtp_t ctx, void *srtp_hdr, int *len_ptr, >+srtp_err_status_t srtp_unprotect_mki(srtp_t ctx, >+ void *srtp_hdr, >+ int *len_ptr, > unsigned int use_mki); > > /** > * @brief srtp_create() allocates and initializes an SRTP session. > > * The function call srtp_create(session, policy) allocates and >- * initializes an SRTP session context, applying the given policy. >+ * initializes an SRTP session context, applying the given policy. > * > * @param session is a pointer to the SRTP session to which the policy is > * to be added. >- * >+ * > * @param policy is the srtp_policy_t struct that describes the policy > * for the session. The struct may be a single element, or it may be > * the head of a list, in which case each element of the list is > * processed. It may also be NULL, in which case streams should be added > * later using srtp_add_stream(). The final element of the list @b must > * have its `next' field set to NULL. >- * >+ * > * @return > * - srtp_err_status_ok if creation succeded. > * - srtp_err_status_alloc_fail if allocation failed. > * - srtp_err_status_init_fail if initialization failed. > */ >- > srtp_err_status_t srtp_create(srtp_t *session, const srtp_policy_t *policy); > >- > /** > * @brief srtp_add_stream() allocates and initializes an SRTP stream > * within a given SRTP session. >- * >+ * > * The function call srtp_add_stream(session, policy) allocates and > * initializes a new SRTP stream within a given, previously created > * session, applying the policy given as the other argument to that >@@ -606,13 +601,11 @@ srtp_err_status_t srtp_create(srtp_t *session, const srtp_policy_t *policy); > * - srtp_err_status_alloc_fail if stream allocation failed > * - srtp_err_status_init_fail if stream initialization failed. > */ >- > srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy); > >- > /** > * @brief srtp_remove_stream() deallocates an SRTP stream. >- * >+ * > * The function call srtp_remove_stream(session, ssrc) removes > * the SRTP stream with the SSRC value ssrc from the SRTP session > * context given by the argument session. >@@ -625,13 +618,12 @@ srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy); > * > * @warning Wildcard SSRC values cannot be removed from a > * session. >- * >+ * > * @return > * - srtp_err_status_ok if the stream deallocation succeded. > * - [other] otherwise. > * > */ >- > srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc); > > /** >@@ -658,7 +650,6 @@ srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc); > * - [other] otherwise. > * > */ >- > srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy); > > /** >@@ -682,15 +673,15 @@ srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy); > * - [other] otherwise. > * > */ >- >-srtp_err_status_t srtp_update_stream(srtp_t session, const srtp_policy_t *policy); >+srtp_err_status_t srtp_update_stream(srtp_t session, >+ const srtp_policy_t *policy); > > /** > * @brief srtp_crypto_policy_set_rtp_default() sets a crypto policy > * structure to the SRTP default policy for RTP protection. > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call crypto_policy_set_rtp_default(&p) sets the > * crypto_policy_t at location p to the SRTP default policy for RTP > * protection, as defined in the specification. This function is a >@@ -699,19 +690,18 @@ srtp_err_status_t srtp_update_stream(srtp_t session, const srtp_policy_t *policy > * with this function call. Doing so may allow your code to be > * forward compatible with later versions of libSRTP that include more > * elements in the crypto_policy_t datatype. >- * >+ * > * @return void. >- * >+ * > */ >- > void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p); > > /** > * @brief srtp_crypto_policy_set_rtcp_default() sets a crypto policy > * structure to the SRTP default policy for RTCP protection. > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_rtcp_default(&p) sets the > * srtp_crypto_policy_t at location p to the SRTP default policy for RTCP > * protection, as defined in the specification. This function is a >@@ -720,37 +710,35 @@ void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p); > * with this function call. Doing so may allow your code to be > * forward compatible with later versions of libSRTP that include more > * elements in the srtp_crypto_policy_t datatype. >- * >+ * > * @return void. >- * >+ * > */ >- > void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p); > > /** > * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto > * policy structure to the SRTP default policy for RTP protection. > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() is a > * synonym for srtp_crypto_policy_set_rtp_default(). It conforms to the > * naming convention used in RFC 4568 (SDP Security Descriptions for > * Media Streams). >- * >+ * > * @return void. >- * >+ * > */ >- >-#define srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(p) srtp_crypto_policy_set_rtp_default(p) >- >+#define srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(p) \ >+ srtp_crypto_policy_set_rtp_default(p) > > /** > * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto > * policy structure to a short-authentication tag policy > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&p) > * sets the srtp_crypto_policy_t at location p to use policy > * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568. >@@ -760,7 +748,7 @@ void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p); > * considered adequate only for protecting audio and video media that > * use a stateless playback function. See Section 7.5 of RFC 3711 > * (http://www.ietf.org/rfc/rfc3711.txt). >- * >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -773,25 +761,22 @@ void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p); > * (http://www.ietf.org/rfc/rfc3711.txt). > * > * @return void. >- * >+ * > */ >- > void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p); > >- >- > /** > * @brief srtp_crypto_policy_set_aes_cm_128_null_auth() sets a crypto > * policy structure to an encryption-only policy > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_aes_cm_128_null_auth(&p) sets > * the srtp_crypto_policy_t at location p to use the SRTP default cipher > * (AES-128 Counter Mode), but to use no authentication method. This > * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 > * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). >- * >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -803,24 +788,22 @@ void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p); > * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). > * > * @return void. >- * >+ * > */ >- > void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p); > >- > /** > * @brief srtp_crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto > * policy structure to an authentication-only policy > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&p) > * sets the srtp_crypto_policy_t at location p to use HMAC-SHA1 with an 80 > * bit authentication tag to provide message authentication, but to > * use no encryption. This policy is NOT RECOMMENDED for SRTP unless >- * there is a requirement to forego encryption. >- * >+ * there is a requirement to forego encryption. >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -828,24 +811,24 @@ void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p); > * include more elements in the srtp_crypto_policy_t datatype. > * > * @warning This policy is NOT RECOMMENDED for SRTP unless there is a >- * requirement to forego encryption. >+ * requirement to forego encryption. > * > * @return void. >- * >+ * > */ > void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p); > > /** > * @brief srtp_crypto_policy_set_null_cipher_hmac_null() sets a crypto >- * policy structure to use no encryption or authentication. >+ * policy structure to use no encryption or authentication. >+ * >+ * @param p is a pointer to the policy structure to be set > * >- * @param p is a pointer to the policy structure to be set >- * > * The function call srtp_crypto_policy_set_null_cipher_hmac_null(&p) > * sets the srtp_crypto_policy_t at location p to use no encryption and > * no authentication. This policy should only be used for testing and >- * troubleshootingl. >- * >+ * troubleshootingl. >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -853,27 +836,26 @@ void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p); > * include more elements in the srtp_crypto_policy_t datatype. > * > * @warning This policy is NOT RECOMMENDED for SRTP unless there is a >- * requirement to forego encryption and authentication. >+ * requirement to forego encryption and authentication. > * > * @return void. >- * >+ * > */ > void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p); > >- > /** > * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto >- * policy structure to a encryption and authentication policy using AES-256 >+ * policy structure to a encryption and authentication policy using AES-256 > * for RTP protection. > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&p) > * sets the srtp_crypto_policy_t at location p to use policy > * AES_CM_256_HMAC_SHA1_80 as defined in RFC 6188. This policy uses AES-256 > * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit > * authentication tag. >- * >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -881,19 +863,17 @@ void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p); > * include more elements in the srtp_crypto_policy_t datatype. > * > * @return void. >- * >+ * > */ >- > void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p); > >- > /** > * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto > * policy structure to a short-authentication tag policy using AES-256 > * encryption. > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(&p) > * sets the srtp_crypto_policy_t at location p to use policy > * AES_CM_256_HMAC_SHA1_32 as defined in RFC 6188. This policy uses AES-256 >@@ -902,7 +882,7 @@ void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p); > * considered adequate only for protecting audio and video media that > * use a stateless playback function. See Section 7.5 of RFC 3711 > * (http://www.ietf.org/rfc/rfc3711.txt). >- * >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -915,9 +895,8 @@ void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p); > * (http://www.ietf.org/rfc/rfc3711.txt). > * > * @return void. >- * >+ * > */ >- > void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p); > > /** >@@ -947,7 +926,6 @@ void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p); > */ > void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p); > >- > /** > * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80() sets a crypto > * policy structure to a encryption and authentication policy using AES-192 >@@ -972,7 +950,6 @@ void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p); > */ > void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p); > >- > /** > * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32() sets a crypto > * policy structure to a short-authentication tag policy using AES-192 >@@ -1005,7 +982,6 @@ void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p); > */ > void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p); > >- > /** > * @brief srtp_crypto_policy_set_aes_cm_192_null_auth() sets a crypto > * policy structure to an encryption-only policy >@@ -1033,19 +1009,18 @@ void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p); > */ > void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p); > >- > /** > * @brief srtp_crypto_policy_set_aes_gcm_128_8_auth() sets a crypto > * policy structure to an AEAD encryption policy. > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_aes_gcm_128_8_auth(&p) sets > * the srtp_crypto_policy_t at location p to use the SRTP default cipher > * (AES-128 Galois Counter Mode) with 8 octet auth tag. This > * policy applies confidentiality and authentication to both the > * RTP and RTCP packets. >- * >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -1053,7 +1028,7 @@ void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p); > * include more elements in the srtp_crypto_policy_t datatype. > * > * @return void. >- * >+ * > */ > void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p); > >@@ -1061,14 +1036,14 @@ void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p); > * @brief srtp_crypto_policy_set_aes_gcm_256_8_auth() sets a crypto > * policy structure to an AEAD encryption policy > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_aes_gcm_256_8_auth(&p) sets > * the srtp_crypto_policy_t at location p to use the SRTP default cipher >- * (AES-256 Galois Counter Mode) with 8 octet auth tag. This >+ * (AES-256 Galois Counter Mode) with 8 octet auth tag. This > * policy applies confidentiality and authentication to both the > * RTP and RTCP packets. >- * >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -1076,7 +1051,7 @@ void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p); > * include more elements in the srtp_crypto_policy_t datatype. > * > * @return void. >- * >+ * > */ > void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p); > >@@ -1084,14 +1059,14 @@ void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p); > * @brief srtp_crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto > * policy structure to an AEAD authentication-only policy > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets > * the srtp_crypto_policy_t at location p to use the SRTP default cipher >- * (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy >- * applies confidentiality and authentication to the RTP packets, >+ * (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy >+ * applies confidentiality and authentication to the RTP packets, > * but only authentication to the RTCP packets. >- * >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -1099,7 +1074,7 @@ void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p); > * include more elements in the srtp_crypto_policy_t datatype. > * > * @return void. >- * >+ * > */ > void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p); > >@@ -1107,14 +1082,14 @@ void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p); > * @brief srtp_crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto > * policy structure to an AEAD authentication-only policy > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets > * the srtp_crypto_policy_t at location p to use the SRTP default cipher >- * (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy >- * applies confidentiality and authentication to the RTP packets, >+ * (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy >+ * applies confidentiality and authentication to the RTP packets, > * but only authentication to the RTCP packets. >- * >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -1122,7 +1097,7 @@ void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p); > * include more elements in the srtp_crypto_policy_t datatype. > * > * @return void. >- * >+ * > */ > void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p); > >@@ -1130,14 +1105,14 @@ void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p); > * @brief srtp_crypto_policy_set_aes_gcm_128_16_auth() sets a crypto > * policy structure to an AEAD encryption policy. > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_aes_gcm_128_16_auth(&p) sets > * the srtp_crypto_policy_t at location p to use the SRTP default cipher > * (AES-128 Galois Counter Mode) with 16 octet auth tag. This > * policy applies confidentiality and authentication to both the > * RTP and RTCP packets. >- * >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -1145,7 +1120,7 @@ void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p); > * include more elements in the srtp_crypto_policy_t datatype. > * > * @return void. >- * >+ * > */ > void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p); > >@@ -1153,14 +1128,14 @@ void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p); > * @brief srtp_crypto_policy_set_aes_gcm_256_16_auth() sets a crypto > * policy structure to an AEAD encryption policy > * >- * @param p is a pointer to the policy structure to be set >- * >+ * @param p is a pointer to the policy structure to be set >+ * > * The function call srtp_crypto_policy_set_aes_gcm_256_16_auth(&p) sets > * the srtp_crypto_policy_t at location p to use the SRTP default cipher >- * (AES-256 Galois Counter Mode) with 16 octet auth tag. This >+ * (AES-256 Galois Counter Mode) with 16 octet auth tag. This > * policy applies confidentiality and authentication to both the > * RTP and RTCP packets. >- * >+ * > * This function is a convenience that helps to avoid dealing directly > * with the policy data structure. You are encouraged to initialize > * policy elements with this function call. Doing so may allow your >@@ -1168,15 +1143,14 @@ void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p); > * include more elements in the srtp_crypto_policy_t datatype. > * > * @return void. >- * >+ * > */ > void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p); > >- > /** > * @brief srtp_dealloc() deallocates storage for an SRTP session > * context. >- * >+ * > * The function call srtp_dealloc(s) deallocates storage for the > * SRTP session context s. This function should be called no more > * than one time for each of the contexts allocated by the function >@@ -1188,30 +1162,26 @@ void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p); > * - srtp_err_status_ok if there no problems. > * - srtp_err_status_dealloc_fail a memory deallocation failure occured. > */ >- > srtp_err_status_t srtp_dealloc(srtp_t s); > >- > /* >- * @brief identifies a particular SRTP profile >+ * @brief identifies a particular SRTP profile > * > * An srtp_profile_t enumeration is used to identify a particular SRTP > * profile (that is, a set of algorithms and parameters). These profiles > * are defined for DTLS-SRTP: > * https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml > */ >- > typedef enum { >- srtp_profile_reserved = 0, >- srtp_profile_aes128_cm_sha1_80 = 1, >- srtp_profile_aes128_cm_sha1_32 = 2, >- srtp_profile_null_sha1_80 = 5, >- srtp_profile_null_sha1_32 = 6, >- srtp_profile_aead_aes_128_gcm = 7, >- srtp_profile_aead_aes_256_gcm = 8, >+ srtp_profile_reserved = 0, >+ srtp_profile_aes128_cm_sha1_80 = 1, >+ srtp_profile_aes128_cm_sha1_32 = 2, >+ srtp_profile_null_sha1_80 = 5, >+ srtp_profile_null_sha1_32 = 6, >+ srtp_profile_aead_aes_128_gcm = 7, >+ srtp_profile_aead_aes_256_gcm = 8, > } srtp_profile_t; > >- > /** > * @brief srtp_crypto_policy_set_from_profile_for_rtp() sets a crypto policy > * structure to the appropriate value for RTP based on an srtp_profile_t >@@ -1232,13 +1202,12 @@ typedef enum { > * > * @return values > * - srtp_err_status_ok no problems were encountered >- * - srtp_err_status_bad_param the profile is not supported >+ * - srtp_err_status_bad_param the profile is not supported > * > */ >-srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy, srtp_profile_t profile); >- >- >- >+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp( >+ srtp_crypto_policy_t *policy, >+ srtp_profile_t profile); > > /** > * @brief srtp_crypto_policy_set_from_profile_for_rtcp() sets a crypto policy >@@ -1263,48 +1232,43 @@ srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy > * - srtp_err_status_bad_param the profile is not supported > * > */ >-srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy, srtp_profile_t profile); >+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp( >+ srtp_crypto_policy_t *policy, >+ srtp_profile_t profile); > > /** > * @brief returns the master key length for a given SRTP profile > */ >-unsigned int >-srtp_profile_get_master_key_length(srtp_profile_t profile); >- >+unsigned int srtp_profile_get_master_key_length(srtp_profile_t profile); > > /** > * @brief returns the master salt length for a given SRTP profile > */ >-unsigned int >-srtp_profile_get_master_salt_length(srtp_profile_t profile); >+unsigned int srtp_profile_get_master_salt_length(srtp_profile_t profile); > > /** > * @brief appends the salt to the key > * >- * The function call srtp_append_salt_to_key(k, klen, s, slen) >+ * The function call srtp_append_salt_to_key(k, klen, s, slen) > * copies the string s to the location at klen bytes following >- * the location k. >+ * the location k. > * > * @warning There must be at least bytes_in_salt + bytes_in_key bytes > * available at the location pointed to by key. >- * >+ * > */ >- >-void >-srtp_append_salt_to_key(unsigned char *key, unsigned int bytes_in_key, >- unsigned char *salt, unsigned int bytes_in_salt); >- >- >+void srtp_append_salt_to_key(unsigned char *key, >+ unsigned int bytes_in_key, >+ unsigned char *salt, >+ unsigned int bytes_in_salt); > > /** > * @} > */ > >- >- > /** > * @defgroup SRTCP Secure RTCP >- * @ingroup SRTP >+ * @ingroup SRTP > * > * @brief Secure RTCP functions are used to protect RTCP traffic. > * >@@ -1312,36 +1276,36 @@ srtp_append_salt_to_key(unsigned char *key, unsigned int bytes_in_key, > * traffic in much the same way as it does RTP traffic. The function > * srtp_protect_rtcp() applies cryptographic protections to outbound > * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on >- * inbound RTCP packets. >+ * inbound RTCP packets. > * > * A note on the naming convention: srtp_protect_rtcp() has an srtp_t > * as its first argument, and thus has `srtp_' as its prefix. The >- * trailing `_rtcp' indicates the protocol on which it acts. >- * >+ * trailing `_rtcp' indicates the protocol on which it acts. >+ * > * @{ > */ > > /** > * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet > * processing function. >- * >+ * > * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies > * SRTCP protection to the RTCP packet rtcp_hdr (which has length > * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is > * returned, then rtp_hdr points to the resulting SRTCP packet and > * *len_ptr is the number of octets in that packet; otherwise, no > * assumptions should be made about the value of either data elements. >- * >+ * > * @warning This function assumes that it can write the authentication > * tag into the location in memory immediately following the RTCP > * packet, and assumes that the RTCP packet is aligned on a 32-bit > * boundary. > * >- * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4 >- * into the location in memory immediately following the RTCP packet. >- * Callers MUST ensure that this much writable memory is available in >+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4 >+ * into the location in memory immediately following the RTCP packet. >+ * Callers MUST ensure that this much writable memory is available in > * the buffer that holds the RTCP packet. >- * >+ * > * @param ctx is the SRTP context to use in processing the packet. > * > * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after >@@ -1353,37 +1317,36 @@ srtp_append_salt_to_key(unsigned char *key, unsigned int bytes_in_key, > * was returned. Otherwise, the value of the data to which it points > * is undefined. > * >- * @return >+ * @return > * - srtp_err_status_ok if there were no problems. >- * - [other] if there was a failure in >+ * - [other] if there was a failure in > * the cryptographic mechanisms. > */ >- >- >-srtp_err_status_t srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len); >- >+srtp_err_status_t srtp_protect_rtcp(srtp_t ctx, >+ void *rtcp_hdr, >+ int *pkt_octet_len); > > /** > * @brief srtp_protect_rtcp_mki() is the Secure RTCP sender-side packet > * processing function that can utilize mki. >- * >+ * > * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies > * SRTCP protection to the RTCP packet rtcp_hdr (which has length > * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is > * returned, then rtp_hdr points to the resulting SRTCP packet and > * *len_ptr is the number of octets in that packet; otherwise, no > * assumptions should be made about the value of either data elements. >- * >+ * > * @warning This function assumes that it can write the authentication > * tag into the location in memory immediately following the RTCP > * packet, and assumes that the RTCP packet is aligned on a 32-bit > * boundary. > * >- * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4 >- * into the location in memory immediately following the RTCP packet. >- * Callers MUST ensure that this much writable memory is available in >+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4 >+ * into the location in memory immediately following the RTCP packet. >+ * Callers MUST ensure that this much writable memory is available in > * the buffer that holds the RTCP packet. >- * >+ * > * @param ctx is the SRTP context to use in processing the packet. > * > * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after >@@ -1395,21 +1358,24 @@ srtp_err_status_t srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_l > * was returned. Otherwise, the value of the data to which it points > * is undefined. > * >- * @param use_mki is a boolean to tell the system if mki is being used. If >- * set to false then will use the first set of session keys. If set to true will >+ * @param use_mki is a boolean to tell the system if mki is being used. If >+ * set to false then will use the first set of session keys. If set to true >+ * will > * use the session keys identified by the mki_index > * > * @param mki_index integer value specifying which set of session kesy should be > * used if use_mki is set to true. > * >- * @return >+ * @return > * - srtp_err_status_ok if there were no problems. >- * - [other] if there was a failure in >+ * - [other] if there was a failure in > * the cryptographic mechanisms. > */ >- >-srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len, >- unsigned int use_mki, unsigned int mki_index); >+srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, >+ void *rtcp_hdr, >+ int *pkt_octet_len, >+ unsigned int use_mki, >+ unsigned int mki_index); > > /** > * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet >@@ -1422,7 +1388,7 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_oct > * to the resulting RTCP packet and *len_ptr is the number of octets > * in that packet; otherwise, no assumptions should be made about the > * value of either data elements. >- * >+ * > * @warning This function assumes that the SRTCP packet is aligned on a > * 32-bit boundary. > * >@@ -1440,17 +1406,18 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_oct > * returned. Otherwise, the value of the data to which it points is > * undefined. > * >- * @return >+ * @return > * - srtp_err_status_ok if the RTCP packet is valid. >- * - srtp_err_status_auth_fail if the SRTCP packet failed the message >+ * - srtp_err_status_auth_fail if the SRTCP packet failed the message > * authentication check. > * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has > * already been processed and accepted). > * - [other] if there has been an error in the cryptographic mechanisms. > * > */ >- >-srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len); >+srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, >+ void *srtcp_hdr, >+ int *pkt_octet_len); > > /** > * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet >@@ -1463,7 +1430,7 @@ srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octe > * to the resulting RTCP packet and *len_ptr is the number of octets > * in that packet; otherwise, no assumptions should be made about the > * value of either data elements. >- * >+ * > * @warning This function assumes that the SRTCP packet is aligned on a > * 32-bit boundary. > * >@@ -1482,21 +1449,23 @@ srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octe > * undefined. > * > * @param use_mki is a boolean to tell the system if mki is being used. If >- * set to false then will use the first set of session keys. If set to true will >- * use the session keys identified by the mki_index >+ * set to false then will use the first set of session keys. If set to true >+ * will use the session keys identified by the mki_index > * >- * @return >+ * @return > * - srtp_err_status_ok if the RTCP packet is valid. >- * - srtp_err_status_auth_fail if the SRTCP packet failed the message >- * authentication check. >+ * - srtp_err_status_auth_fail if the SRTCP packet failed the message >+ * authentication check. > * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has >- * already been processed and accepted). >- * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI id >- * - [other] if there has been an error in the cryptographic mechanisms. >+ * already been processed and accepted). >+ * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI >+ * id >+ * - [other] if there has been an error in the >+ * cryptographic mechanisms. > * > */ >- >-srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, >+srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, >+ void *srtcp_hdr, > int *pkt_octet_len, > unsigned int use_mki); > >@@ -1504,7 +1473,6 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, > * @} > */ > >- > /** > * @defgroup User data associated to a SRTP session. > * @ingroup SRTP >@@ -1527,9 +1495,7 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, > * @return void. > * > */ >- >-void >-srtp_set_user_data(srtp_t ctx, void *data); >+void srtp_set_user_data(srtp_t ctx, void *data); > > /** > * @brief srtp_get_user_data() retrieves the pointer to the custom data >@@ -1546,23 +1512,20 @@ srtp_set_user_data(srtp_t ctx, void *data); > * @return void* pointer to the user data. > * > */ >- >-void* >-srtp_get_user_data(srtp_t ctx); >+void *srtp_get_user_data(srtp_t ctx); > > /** > * @} > */ > >- > /** > * @defgroup SRTPevents SRTP events and callbacks > * @ingroup SRTP > * >- * @brief libSRTP can use a user-provided callback function to >+ * @brief libSRTP can use a user-provided callback function to > * handle events. > * >- * >+ * > * libSRTP allows a user to provide a callback function to handle > * events that need to be dealt with outside of the data plane (see > * the enum srtp_event_t for a description of these events). Dealing >@@ -1583,8 +1546,8 @@ srtp_get_user_data(srtp_t ctx); > * @brief srtp_event_t defines events that need to be handled > * > * The enum srtp_event_t defines events that need to be handled >- * outside the `data plane', such as SSRC collisions and >- * key expirations. >+ * outside the `data plane', such as SSRC collisions and >+ * key expirations. > * > * When a key expires or the maximum number of packets has been > * reached, an SRTP stream will enter an `expired' state in which no >@@ -1596,34 +1559,28 @@ srtp_get_user_data(srtp_t ctx); > * are unaffected, unless key sharing is used by that stream. In the > * latter case, all of the streams in the session will expire. > */ >- >-typedef enum { >- event_ssrc_collision, /**< >- * An SSRC collision occured. >- */ >- event_key_soft_limit, /**< An SRTP stream reached the soft key >- * usage limit and will expire soon. >- */ >- event_key_hard_limit, /**< An SRTP stream reached the hard >- * key usage limit and has expired. >- */ >- event_packet_index_limit /**< An SRTP stream reached the hard >- * packet limit (2^48 packets). >- */ >+typedef enum { >+ event_ssrc_collision, /**< An SSRC collision occured. */ >+ event_key_soft_limit, /**< An SRTP stream reached the soft key */ >+ /**< usage limit and will expire soon. */ >+ event_key_hard_limit, /**< An SRTP stream reached the hard */ >+ /**< key usage limit and has expired. */ >+ event_packet_index_limit /**< An SRTP stream reached the hard */ >+ /**< packet limit (2^48 packets). */ > } srtp_event_t; > > /** >- * @brief srtp_event_data_t is the structure passed as a callback to >+ * @brief srtp_event_data_t is the structure passed as a callback to > * the event handler function > * > * The struct srtp_event_data_t holds the data passed to the event >- * handler function. >+ * handler function. > */ >- > typedef struct srtp_event_data_t { >- srtp_t session; /**< The session in which the event happend. */ >- uint32_t ssrc; /**< The ssrc in host order of the stream in which the event happend */ >- srtp_event_t event; /**< An enum indicating the type of event. */ >+ srtp_t session; /**< The session in which the event happend. */ >+ uint32_t ssrc; /**< The ssrc in host order of the stream in which */ >+ /**< the event happend */ >+ srtp_event_t event; /**< An enum indicating the type of event. */ > } srtp_event_data_t; > > /** >@@ -1636,12 +1593,11 @@ typedef struct srtp_event_data_t { > * There can only be a single, global handler for all events in > * libSRTP. > */ >- >-typedef void (srtp_event_handler_func_t)(srtp_event_data_t *data); >+typedef void(srtp_event_handler_func_t)(srtp_event_data_t *data); > > /** > * @brief sets the event handler to the function supplied by the caller. >- * >+ * > * The function call srtp_install_event_handler(func) sets the event > * handler function to the value func. The value NULL is acceptable > * as an argument; in this case, events will be ignored rather than >@@ -1651,24 +1607,23 @@ typedef void (srtp_event_handler_func_t)(srtp_event_data_t *data); > * pointer as an argument and returns void. This function > * will be used by libSRTP to handle events. > */ >- > srtp_err_status_t srtp_install_event_handler(srtp_event_handler_func_t func); > > /** >- * @brief Returns the version string of the library. >- * >+ * @brief Returns the version string of the library. >+ * > */ > const char *srtp_get_version_string(void); > > /** >- * @brief Returns the numeric representation of the library version. >- * >+ * @brief Returns the numeric representation of the library version. >+ * > */ > unsigned int srtp_get_version(void); > > /** > * @brief srtp_set_debug_module(mod_name, v) >- * >+ * > * sets dynamic debugging to the value v (0 for off, 1 for on) for the > * debug module with the name mod_name > * >@@ -1706,7 +1661,9 @@ typedef enum { > * There can only be a single, global handler for all log messages in > * libSRTP. > */ >-typedef void (srtp_log_handler_func_t)(srtp_log_level_t level, const char * msg, void *data); >+typedef void(srtp_log_handler_func_t)(srtp_log_level_t level, >+ const char *msg, >+ void *data); > > /** > * @brief sets the log handler to the function supplied by the caller. >@@ -1719,34 +1676,44 @@ typedef void (srtp_log_handler_func_t)(srtp_log_level_t level, const char * msg, > * > * @param func is a pointer to a fuction of type srtp_log_handler_func_t. > * This function will be used by libSRTP to output log messages. >- * @param data is a user pointer that will be returned as the data argument in func. >+ * @param data is a user pointer that will be returned as the data argument in >+ * func. > */ >-srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, void *data); >+srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, >+ void *data); > > /** > * @brief srtp_get_protect_trailer_length(session, use_mki, mki_index, length) > * >- * Determines the length of the amount of data Lib SRTP will add to the >- * packet during the protect process. The length is returned in the length parameter >+ * Determines the length of the amount of data Lib SRTP will add to the >+ * packet during the protect process. The length is returned in the length >+ * parameter > * >- * returns err_status_ok on success, err_status_bad_mki if the MKI index is invalid >+ * returns err_status_ok on success, err_status_bad_mki if the MKI index is >+ * invalid > * > */ >-srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session, uint32_t use_mki, >- uint32_t mki_index, uint32_t *length); >+srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session, >+ uint32_t use_mki, >+ uint32_t mki_index, >+ uint32_t *length); > > /** >- * @brief srtp_get_protect_rtcp_trailer_length(session, use_mki, mki_index, length) >+ * @brief srtp_get_protect_rtcp_trailer_length(session, use_mki, mki_index, >+ * length) > * >- * Determines the length of the amount of data Lib SRTP will add to the >- * packet during the protect process. The length is returned in the length parameter >+ * Determines the length of the amount of data Lib SRTP will add to the >+ * packet during the protect process. The length is returned in the length >+ * parameter > * >- * returns err_status_ok on success, err_status_bad_mki if the MKI index is invalid >+ * returns err_status_ok on success, err_status_bad_mki if the MKI index is >+ * invalid > * > */ >-srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session, uint32_t use_mki, >- uint32_t mki_index, uint32_t *length); >- >+srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session, >+ uint32_t use_mki, >+ uint32_t mki_index, >+ uint32_t *length); > > /** > * @brief srtp_set_stream_roc(session, ssrc, roc) >@@ -1757,7 +1724,9 @@ srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session, uint32_t > * stream found > * > */ >-srtp_err_status_t srtp_set_stream_roc(srtp_t session, uint32_t ssrc, uint32_t roc); >+srtp_err_status_t srtp_set_stream_roc(srtp_t session, >+ uint32_t ssrc, >+ uint32_t roc); > > /** > * @brief srtp_get_stream_roc(session, ssrc, roc) >@@ -1768,14 +1737,17 @@ srtp_err_status_t srtp_set_stream_roc(srtp_t session, uint32_t ssrc, uint32_t ro > * stream found > * > */ >-srtp_err_status_t srtp_get_stream_roc(srtp_t session, uint32_t ssrc, uint32_t *roc); >- >+srtp_err_status_t srtp_get_stream_roc(srtp_t session, >+ uint32_t ssrc, >+ uint32_t *roc); > > /** > * @} > */ >+ > /* in host order, so outside the #if */ >-#define SRTCP_E_BIT 0x80000000 >+#define SRTCP_E_BIT 0x80000000 >+ > /* for byte-access */ > #define SRTCP_E_BYTE_BIT 0x80 > #define SRTCP_INDEX_MASK 0x7fffffff >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/srtp_priv.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/srtp_priv.h >index 24d192dbca357645f9f0b9a9f692b2a2a46819d8..988efc4164d3c1c4d7ee6a729a97f8f496538a58 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/srtp_priv.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/srtp_priv.h >@@ -7,26 +7,26 @@ > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright (c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -62,14 +62,14 @@ > extern "C" { > #endif > >-#define SRTP_VER_STRING PACKAGE_STRING >-#define SRTP_VERSION PACKAGE_VERSION >+#define SRTP_VER_STRING PACKAGE_STRING >+#define SRTP_VERSION PACKAGE_VERSION > > typedef struct srtp_stream_ctx_t_ srtp_stream_ctx_t; > typedef srtp_stream_ctx_t *srtp_stream_t; > > /* >- * the following declarations are libSRTP internal functions >+ * the following declarations are libSRTP internal functions > */ > > /* >@@ -78,7 +78,6 @@ typedef srtp_stream_ctx_t *srtp_stream_t; > */ > srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc); > >- > /* > * srtp_stream_init_keys(s, k) (re)initializes the srtp_stream_t s by > * deriving all of the needed keys using the KDF and the key k. >@@ -88,29 +87,29 @@ srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp, > const unsigned int current_mki_index); > > /* >- * srtp_stream_init_all_master_keys(s, k, m) (re)initializes the srtp_stream_t s by >- * deriving all of the needed keys for all the master keys using the KDF and the keys from k. >+ * srtp_stream_init_all_master_keys(s, k, m) (re)initializes the srtp_stream_t s >+ * by deriving all of the needed keys for all the master keys using the KDF and >+ * the keys from k. > */ >-srtp_err_status_t srtp_steam_init_all_master_keys(srtp_stream_ctx_t *srtp, >- unsigned char *key, >- srtp_master_key_t **keys, >- const unsigned int max_master_keys); >+srtp_err_status_t srtp_steam_init_all_master_keys( >+ srtp_stream_ctx_t *srtp, >+ unsigned char *key, >+ srtp_master_key_t **keys, >+ const unsigned int max_master_keys); > > /* >- * srtp_stream_init(s, p) initializes the srtp_stream_t s to >+ * srtp_stream_init(s, p) initializes the srtp_stream_t s to > * use the policy at the location p > */ > srtp_err_status_t srtp_stream_init(srtp_stream_t srtp, const srtp_policy_t *p); > >- > /* >- * libsrtp internal datatypes >+ * libsrtp internal datatypes > */ >- >-typedef enum direction_t { >- dir_unknown = 0, >- dir_srtp_sender = 1, >- dir_srtp_receiver = 2 >+typedef enum direction_t { >+ dir_unknown = 0, >+ dir_srtp_sender = 1, >+ dir_srtp_receiver = 2 > } direction_t; > > /* >@@ -119,56 +118,52 @@ typedef enum direction_t { > * MKI ID which is used to identify the session keys. > */ > typedef struct srtp_session_keys_t { >- srtp_cipher_t *rtp_cipher; >- srtp_cipher_t *rtp_xtn_hdr_cipher; >- srtp_auth_t *rtp_auth; >- srtp_cipher_t *rtcp_cipher; >- srtp_auth_t *rtcp_auth; >- uint8_t salt[SRTP_AEAD_SALT_LEN]; >- uint8_t c_salt[SRTP_AEAD_SALT_LEN]; >- uint8_t *mki_id; >- unsigned int mki_size; >- srtp_key_limit_ctx_t *limit; >+ srtp_cipher_t *rtp_cipher; >+ srtp_cipher_t *rtp_xtn_hdr_cipher; >+ srtp_auth_t *rtp_auth; >+ srtp_cipher_t *rtcp_cipher; >+ srtp_auth_t *rtcp_auth; >+ uint8_t salt[SRTP_AEAD_SALT_LEN]; >+ uint8_t c_salt[SRTP_AEAD_SALT_LEN]; >+ uint8_t *mki_id; >+ unsigned int mki_size; >+ srtp_key_limit_ctx_t *limit; > } srtp_session_keys_t; > >- >-/* >+/* > * an srtp_stream_t has its own SSRC, encryption key, authentication > * key, sequence number, and replay database >- * >+ * > * note that the keys might not actually be unique, in which case the > * srtp_cipher_t and srtp_auth_t pointers will point to the same structures > */ >- > typedef struct srtp_stream_ctx_t_ { >- uint32_t ssrc; >- srtp_session_keys_t *session_keys; >- unsigned int num_master_keys; >- srtp_rdbx_t rtp_rdbx; >- srtp_sec_serv_t rtp_services; >- srtp_rdb_t rtcp_rdb; >- srtp_sec_serv_t rtcp_services; >- direction_t direction; >- int allow_repeat_tx; >- srtp_ekt_stream_t ekt; >- int *enc_xtn_hdr; >- int enc_xtn_hdr_count; >- uint32_t pending_roc; >- struct srtp_stream_ctx_t_ *next; /* linked list of streams */ >+ uint32_t ssrc; >+ srtp_session_keys_t *session_keys; >+ unsigned int num_master_keys; >+ srtp_rdbx_t rtp_rdbx; >+ srtp_sec_serv_t rtp_services; >+ srtp_rdb_t rtcp_rdb; >+ srtp_sec_serv_t rtcp_services; >+ direction_t direction; >+ int allow_repeat_tx; >+ srtp_ekt_stream_t ekt; >+ int *enc_xtn_hdr; >+ int enc_xtn_hdr_count; >+ uint32_t pending_roc; >+ struct srtp_stream_ctx_t_ *next; /* linked list of streams */ > } strp_stream_ctx_t_; > >- > /* > * an srtp_ctx_t holds a stream list and a service description > */ >- > typedef struct srtp_ctx_t_ { >- struct srtp_stream_ctx_t_ *stream_list; /* linked list of streams */ >- struct srtp_stream_ctx_t_ *stream_template; /* act as template for other streams */ >- void *user_data; /* user custom data */ >+ struct srtp_stream_ctx_t_ *stream_list; /* linked list of streams */ >+ struct srtp_stream_ctx_t_ *stream_template; /* act as template for other */ >+ /* streams */ >+ void *user_data; /* user custom data */ > } srtp_ctx_t_; > >- > /* > * srtp_hdr_t represents an RTP or SRTP header. The bit-fields in > * this structure should be declared "unsigned int" instead of >@@ -211,13 +206,11 @@ typedef struct { > > #endif > >- > typedef struct { >- uint16_t profile_specific; /* profile-specific info */ >- uint16_t length; /* number of 32-bit words in extension */ >+ uint16_t profile_specific; /* profile-specific info */ >+ uint16_t length; /* number of 32-bit words in extension */ > } srtp_hdr_xtnd_t; > >- > /* > * srtcp_hdr_t represents a secure rtcp header > * >@@ -237,10 +230,10 @@ typedef struct { > } srtcp_hdr_t; > > typedef struct { >- unsigned int index : 31; /* srtcp packet index in network order! */ >- unsigned int e : 1; /* encrypted? 1=yes */ >- /* optional mikey/etc go here */ >- /* and then the variable-length auth tag */ >+ unsigned int index : 31; /* srtcp packet index in network order! */ >+ unsigned int e : 1; /* encrypted? 1=yes */ >+ /* optional mikey/etc go here */ >+ /* and then the variable-length auth tag */ > } srtcp_trailer_t; > > #else /* BIG_ENDIAN */ >@@ -255,31 +248,30 @@ typedef struct { > } srtcp_hdr_t; > > typedef struct { >- unsigned int e : 1; /* encrypted? 1=yes */ >- unsigned int index : 31; /* srtcp packet index */ >- /* optional mikey/etc go here */ >- /* and then the variable-length auth tag */ >+ unsigned int e : 1; /* encrypted? 1=yes */ >+ unsigned int index : 31; /* srtcp packet index */ >+ /* optional mikey/etc go here */ >+ /* and then the variable-length auth tag */ > } srtcp_trailer_t; > > #endif > >- > /* > * srtp_handle_event(srtp, srtm, evnt) calls the event handling > * function, if there is one. > * >- * This macro is not included in the documentation as it is >+ * This macro is not included in the documentation as it is > * an internal-only function. > */ > >-#define srtp_handle_event(srtp, strm, evnt) \ >- if(srtp_event_handler) { \ >- srtp_event_data_t data; \ >- data.session = srtp; \ >- data.ssrc = ntohl(strm->ssrc); \ >- data.event = evnt; \ >- srtp_event_handler(&data); \ >-} >+#define srtp_handle_event(srtp, strm, evnt) \ >+ if (srtp_event_handler) { \ >+ srtp_event_data_t data; \ >+ data.session = srtp; \ >+ data.ssrc = ntohl(strm->ssrc); \ >+ data.event = evnt; \ >+ srtp_event_handler(&data); \ >+ } > > #ifdef __cplusplus > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/ut_sim.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/ut_sim.h >index d5c04baee72e089f1a6f233e2367ebb4b090e07e..e678b5fdf7e4df7948b7d56061032281ee4b83ab 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/ut_sim.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/include/ut_sim.h >@@ -9,26 +9,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -44,41 +44,37 @@ > * > */ > >- >- > #ifndef UT_SIM_H > #define UT_SIM_H > >-#include "integers.h" /* for uint32_t */ >+#include "integers.h" /* for uint32_t */ > > #ifdef __cplusplus > extern "C" { > #endif > >-#define UT_BUF 160 /* maximum amount of packet reorder */ >+#define UT_BUF 160 /* maximum amount of packet reorder */ > > typedef struct { >- uint32_t index; >- uint32_t buffer[UT_BUF]; >+ uint32_t index; >+ uint32_t buffer[UT_BUF]; > } ut_connection; > > /* >- * ut_init(&u) initializes the ut_connection >+ * ut_init(&u) initializes the ut_connection > * > * this function should always be the first one called on a new > * ut_connection > */ > >-void >-ut_init(ut_connection *utc); >+void ut_init(ut_connection *utc); > > /* > * ut_next_index(&u) returns the next index from the simulated > * unreliable connection > */ > >-uint32_t >-ut_next_index(ut_connection *utc); >+uint32_t ut_next_index(ut_connection *utc); > > #ifdef __cplusplus > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/srtp/ekt.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/srtp/ekt.c >index cd2c05d9c7b70b005d427dbffe26f06295127655..b54ecf64eb445ee5941425a22f46a16cfde7f4c9 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/srtp/ekt.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/srtp/ekt.c >@@ -2,31 +2,31 @@ > * ekt.c > * > * Encrypted Key Transport for SRTP >- * >+ * > * David McGrew > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright (c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -42,7 +42,6 @@ > * > */ > >- > #include "srtp_priv.h" > #include "err.h" > #include "ekt.h" >@@ -64,195 +63,219 @@ extern srtp_debug_module_t mod_srtp; > * | Initial Sequence Number | Security Parameter Index | > * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > * >- */ >+ */ > > #define EKT_OCTETS_AFTER_BASE_TAG 24 >-#define EKT_OCTETS_AFTER_EMK 8 >-#define EKT_OCTETS_AFTER_ROC 4 >-#define EKT_SPI_LEN 2 >- >-unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt) { >- /* >- * if the pointer ekt is NULL, then EKT is not in effect, so we >- * indicate this by returning zero >- */ >- if (!ekt) >+#define EKT_OCTETS_AFTER_EMK 8 >+#define EKT_OCTETS_AFTER_ROC 4 >+#define EKT_SPI_LEN 2 >+ >+unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt) >+{ >+ /* >+ * if the pointer ekt is NULL, then EKT is not in effect, so we >+ * indicate this by returning zero >+ */ >+ if (!ekt) >+ return 0; >+ >+ switch (ekt->data->ekt_cipher_type) { >+ case SRTP_EKT_CIPHER_AES_128_ECB: >+ return 16 + EKT_OCTETS_AFTER_EMK; >+ break; >+ default: >+ break; >+ } > return 0; >- >- switch(ekt->data->ekt_cipher_type) { >- case SRTP_EKT_CIPHER_AES_128_ECB: >- return 16 + EKT_OCTETS_AFTER_EMK; >- break; >- default: >- break; >- } >- return 0; > } > >-static inline srtp_ekt_spi_t srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) { >- const uint8_t *spi_location; >- >- spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN); >- >- return *((const srtp_ekt_spi_t *)spi_location); >-} >+static inline srtp_ekt_spi_t srtcp_packet_get_ekt_spi( >+ const uint8_t *packet_start, >+ unsigned pkt_octet_len) >+{ >+ const uint8_t *spi_location; >+ >+ spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN); > >-static inline uint32_t srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) { >- const uint8_t *roc_location; >- >- roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC); >- >- return *((const uint32_t *)roc_location); >+ return *((const srtp_ekt_spi_t *)spi_location); > } > >-static inline const uint8_t * srtcp_packet_get_emk_location(const uint8_t *packet_start, unsigned pkt_octet_len) { >- const uint8_t *location; >- >- location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG); >+static inline uint32_t srtcp_packet_get_ekt_roc(const uint8_t *packet_start, >+ unsigned pkt_octet_len) >+{ >+ const uint8_t *roc_location; >+ >+ roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC); > >- return location; >+ return *((const uint32_t *)roc_location); > } > >+static inline const uint8_t *srtcp_packet_get_emk_location( >+ const uint8_t *packet_start, >+ unsigned pkt_octet_len) >+{ >+ const uint8_t *location; > >-srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy) { >+ location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG); > >- /* >- * if the policy pointer is NULL, then EKT is not in use >- * so we just set the EKT stream data pointer to NULL >- */ >- if (!policy) { >- *stream_data = NULL; >- return srtp_err_status_ok; >- } >+ return location; >+} > >- /* TODO */ >- *stream_data = NULL; >+srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, >+ srtp_ekt_policy_t policy) >+{ >+ /* >+ * if the policy pointer is NULL, then EKT is not in use >+ * so we just set the EKT stream data pointer to NULL >+ */ >+ if (!policy) { >+ *stream_data = NULL; >+ return srtp_err_status_ok; >+ } >+ >+ /* TODO */ >+ *stream_data = NULL; > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t stream_data, srtp_ekt_policy_t policy) { >- if (!stream_data) >- return srtp_err_status_ok; >+srtp_err_status_t srtp_ekt_stream_init_from_policy( >+ srtp_ekt_stream_t stream_data, >+ srtp_ekt_policy_t policy) >+{ >+ if (!stream_data) >+ return srtp_err_status_ok; > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >- >-void aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) { >+void aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) >+{ > #ifndef OPENSSL >-//FIXME: need to get this working through the crypto module interface >- srtp_aes_expanded_key_t expanded_key; >+ // FIXME: need to get this working through the crypto module interface >+ srtp_aes_expanded_key_t expanded_key; > >- srtp_aes_expand_decryption_key(key, key_len, &expanded_key); >- srtp_aes_decrypt(ciphertext, &expanded_key); >+ srtp_aes_expand_decryption_key(key, key_len, &expanded_key); >+ srtp_aes_decrypt(ciphertext, &expanded_key); > #endif > } > > /* > * The function srtp_stream_init_from_ekt() initializes a stream using >- * the EKT data from an SRTCP trailer. >+ * the EKT data from an SRTCP trailer. > */ > >-srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len) { >- srtp_err_status_t err; >- const uint8_t *master_key; >- srtp_policy_t srtp_policy; >- uint32_t roc; >- >- /* >- * NOTE: at present, we only support a single ekt_policy at a time. >- */ >- if (stream->ekt->data->spi != >- srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len)) >- return srtp_err_status_no_ctx; >- >- if (stream->ekt->data->ekt_cipher_type != SRTP_EKT_CIPHER_AES_128_ECB) >- return srtp_err_status_bad_param; >- >- /* decrypt the Encrypted Master Key field */ >- master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len); >- /* FIX!? This decrypts the master key in-place, and never uses it */ >- /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t) >- * to a function which expects a raw (unexpanded) key */ >- aes_decrypt_with_raw_key((void*)master_key, &stream->ekt->data->ekt_dec_key, 16); >- >- /* set the SRTP ROC */ >- roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len); >- err = srtp_rdbx_set_roc(&stream->rtp_rdbx, roc); >- if (err) return err; >- >- err = srtp_stream_init(stream, &srtp_policy); >- if (err) return err; >- >- return srtp_err_status_ok; >-} >+srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, >+ const void *srtcp_hdr, >+ unsigned pkt_octet_len) >+{ >+ srtp_err_status_t err; >+ const uint8_t *master_key; >+ srtp_policy_t srtp_policy; >+ uint32_t roc; >+ >+ /* >+ * NOTE: at present, we only support a single ekt_policy at a time. >+ */ >+ if (stream->ekt->data->spi != >+ srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len)) >+ return srtp_err_status_no_ctx; >+ >+ if (stream->ekt->data->ekt_cipher_type != SRTP_EKT_CIPHER_AES_128_ECB) >+ return srtp_err_status_bad_param; >+ >+ /* decrypt the Encrypted Master Key field */ >+ master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len); >+ /* FIX!? This decrypts the master key in-place, and never uses it */ >+ /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t) >+ * to a function which expects a raw (unexpanded) key */ >+ aes_decrypt_with_raw_key((void *)master_key, >+ &stream->ekt->data->ekt_dec_key, 16); >+ >+ /* set the SRTP ROC */ >+ roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len); >+ err = srtp_rdbx_set_roc(&stream->rtp_rdbx, roc); >+ if (err) >+ return err; >+ >+ err = srtp_stream_init(stream, &srtp_policy); >+ if (err) >+ return err; > >-void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, srtp_xtd_seq_num_t pkt_index) { >- uint32_t roc; >- uint16_t isn; >- unsigned emk_len; >- uint8_t *packet; >- >- /* if the pointer ekt is NULL, then EKT is not in effect */ >- if (!ekt) { >- debug_print(mod_srtp, "EKT not in use", NULL); >- return; >- } >- >- /* write zeros into the location of the base tag */ >- octet_string_set_to_zero(base_tag, base_tag_len); >- packet = base_tag + base_tag_len; >- >- /* copy encrypted master key into packet */ >- emk_len = srtp_ekt_octets_after_base_tag(ekt); >- memcpy(packet, ekt->encrypted_master_key, emk_len); >- debug_print(mod_srtp, "writing EKT EMK: %s,", >- srtp_octet_string_hex_string(packet, emk_len)); >- packet += emk_len; >- >- /* copy ROC into packet */ >- roc = (uint32_t)(pkt_index >> 16); >- *((uint32_t *)packet) = be32_to_cpu(roc); >- debug_print(mod_srtp, "writing EKT ROC: %s,", >- srtp_octet_string_hex_string(packet, sizeof(roc))); >- packet += sizeof(roc); >- >- /* copy ISN into packet */ >- isn = (uint16_t)pkt_index; >- *((uint16_t *)packet) = htons(isn); >- debug_print(mod_srtp, "writing EKT ISN: %s,", >- srtp_octet_string_hex_string(packet, sizeof(isn))); >- packet += sizeof(isn); >- >- /* copy SPI into packet */ >- *((uint16_t *)packet) = htons(ekt->data->spi); >- debug_print(mod_srtp, "writing EKT SPI: %s,", >- srtp_octet_string_hex_string(packet, sizeof(ekt->data->spi))); >- >- /* increase packet length appropriately */ >- *packet_len += EKT_OCTETS_AFTER_EMK + emk_len; >+ return srtp_err_status_ok; > } > >+void srtp_ekt_write_data(srtp_ekt_stream_t ekt, >+ uint8_t *base_tag, >+ unsigned base_tag_len, >+ int *packet_len, >+ srtp_xtd_seq_num_t pkt_index) >+{ >+ uint32_t roc; >+ uint16_t isn; >+ unsigned emk_len; >+ uint8_t *packet; >+ >+ /* if the pointer ekt is NULL, then EKT is not in effect */ >+ if (!ekt) { >+ debug_print(mod_srtp, "EKT not in use", NULL); >+ return; >+ } >+ >+ /* write zeros into the location of the base tag */ >+ octet_string_set_to_zero(base_tag, base_tag_len); >+ packet = base_tag + base_tag_len; >+ >+ /* copy encrypted master key into packet */ >+ emk_len = srtp_ekt_octets_after_base_tag(ekt); >+ memcpy(packet, ekt->encrypted_master_key, emk_len); >+ debug_print(mod_srtp, "writing EKT EMK: %s,", >+ srtp_octet_string_hex_string(packet, emk_len)); >+ packet += emk_len; >+ >+ /* copy ROC into packet */ >+ roc = (uint32_t)(pkt_index >> 16); >+ *((uint32_t *)packet) = be32_to_cpu(roc); >+ debug_print(mod_srtp, "writing EKT ROC: %s,", >+ srtp_octet_string_hex_string(packet, sizeof(roc))); >+ packet += sizeof(roc); >+ >+ /* copy ISN into packet */ >+ isn = (uint16_t)pkt_index; >+ *((uint16_t *)packet) = htons(isn); >+ debug_print(mod_srtp, "writing EKT ISN: %s,", >+ srtp_octet_string_hex_string(packet, sizeof(isn))); >+ packet += sizeof(isn); >+ >+ /* copy SPI into packet */ >+ *((uint16_t *)packet) = htons(ekt->data->spi); >+ debug_print(mod_srtp, "writing EKT SPI: %s,", >+ srtp_octet_string_hex_string(packet, sizeof(ekt->data->spi))); >+ >+ /* increase packet length appropriately */ >+ *packet_len += EKT_OCTETS_AFTER_EMK + emk_len; >+} > > /* > * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag ) >- * >+ * > * If the pointer ekt is NULL, then the other inputs are unaffected. > * > * auth_tag is a pointer to the pointer to the location of the > * authentication tag in the packet. If EKT is in effect, then the >- * auth_tag pointer is set to the location >+ * auth_tag pointer is set to the location > */ > >-void srtcp_ekt_trailer(srtp_ekt_stream_t ekt, unsigned *auth_len, void **auth_tag, void *tag_copy) { >- /* >- * if there is no EKT policy, then the other inputs are unaffected >- */ >- if (!ekt) >- return; >- >- /* copy auth_tag into temporary location */ >- >+void srtcp_ekt_trailer(srtp_ekt_stream_t ekt, >+ unsigned *auth_len, >+ void **auth_tag, >+ void *tag_copy) >+{ >+ /* >+ * if there is no EKT policy, then the other inputs are unaffected >+ */ >+ if (!ekt) >+ return; >+ >+ /* copy auth_tag into temporary location */ > } >- >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/srtp/srtp.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/srtp/srtp.c >index ede804f1d0a2d18c243bfff1c129ce440cc08b12..44625015e7b685b07f959a5a6eb59ab085fc3463 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/srtp/srtp.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/srtp/srtp.c >@@ -7,26 +7,26 @@ > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -48,66 +48,67 @@ > #include "srtp_priv.h" > #include "crypto_types.h" > #include "err.h" >-#include "ekt.h" /* for SRTP Encrypted Key Transport */ >-#include "alloc.h" /* for srtp_crypto_alloc() */ >+#include "ekt.h" /* for SRTP Encrypted Key Transport */ >+#include "alloc.h" /* for srtp_crypto_alloc() */ >+ > #ifdef OPENSSL >-#include "aes_gcm_ossl.h" /* for AES GCM mode */ >-# ifdef OPENSSL_KDF >-# include <openssl/kdf.h> >-# include "aes_icm_ossl.h" /* for AES GCM mode */ >-# endif >+#include "aes_gcm_ossl.h" /* for AES GCM mode */ >+#ifdef OPENSSL_KDF >+#include <openssl/kdf.h> >+#include "aes_icm_ossl.h" /* for AES GCM mode */ >+#endif > #endif > > #include <limits.h> > #ifdef HAVE_NETINET_IN_H >-# include <netinet/in.h> >+#include <netinet/in.h> > #elif defined(HAVE_WINSOCK2_H) >-# include <winsock2.h> >+#include <winsock2.h> > #endif > >- > /* the debug module for srtp */ >- > srtp_debug_module_t mod_srtp = { >- 0, /* debugging is off by default */ >- "srtp" /* printable name for module */ >+ 0, /* debugging is off by default */ >+ "srtp" /* printable name for module */ > }; > >-#define octets_in_rtp_header 12 >-#define uint32s_in_rtp_header 3 >-#define octets_in_rtcp_header 8 >+#define octets_in_rtp_header 12 >+#define uint32s_in_rtp_header 3 >+#define octets_in_rtcp_header 8 > #define uint32s_in_rtcp_header 2 > #define octets_in_rtp_extn_hdr 4 > >-static srtp_err_status_t >-srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) { >- if (*pkt_octet_len < octets_in_rtp_header) >- return srtp_err_status_bad_param; >- >- srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; >+static srtp_err_status_t srtp_validate_rtp_header(void *rtp_hdr, >+ int *pkt_octet_len) >+{ >+ if (*pkt_octet_len < octets_in_rtp_header) >+ return srtp_err_status_bad_param; > >- /* Check RTP header length */ >- int rtp_header_len = octets_in_rtp_header + 4 * hdr->cc; >- if (hdr->x == 1) >- rtp_header_len += octets_in_rtp_extn_hdr; >+ srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; > >- if (*pkt_octet_len < rtp_header_len) >- return srtp_err_status_bad_param; >+ /* Check RTP header length */ >+ int rtp_header_len = octets_in_rtp_header + 4 * hdr->cc; >+ if (hdr->x == 1) >+ rtp_header_len += octets_in_rtp_extn_hdr; > >- /* Verifing profile length. */ >- if (hdr->x == 1) { >- srtp_hdr_xtnd_t *xtn_hdr = >- (srtp_hdr_xtnd_t *)((uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc); >- int profile_len = ntohs(xtn_hdr->length); >- rtp_header_len += profile_len * 4; >- /* profile length counts the number of 32-bit words */ > if (*pkt_octet_len < rtp_header_len) >- return srtp_err_status_bad_param; >- } >- return srtp_err_status_ok; >+ return srtp_err_status_bad_param; >+ >+ /* Verifing profile length. */ >+ if (hdr->x == 1) { >+ srtp_hdr_xtnd_t *xtn_hdr = >+ (srtp_hdr_xtnd_t *)((uint32_t *)hdr + uint32s_in_rtp_header + >+ hdr->cc); >+ int profile_len = ntohs(xtn_hdr->length); >+ rtp_header_len += profile_len * 4; >+ /* profile length counts the number of 32-bit words */ >+ if (*pkt_octet_len < rtp_header_len) >+ return srtp_err_status_bad_param; >+ } >+ return srtp_err_status_ok; > } > >-const char *srtp_get_version_string () >+const char *srtp_get_version_string() > { > /* > * Simply return the autotools generated string >@@ -115,29 +116,29 @@ const char *srtp_get_version_string () > return SRTP_VER_STRING; > } > >-unsigned int srtp_get_version () >+unsigned int srtp_get_version() > { > unsigned int major = 0, minor = 0, micro = 0; > unsigned int rv = 0; > int parse_rv; > > /* >- * Parse the autotools generated version >+ * Parse the autotools generated version > */ > parse_rv = sscanf(SRTP_VERSION, "%u.%u.%u", &major, &minor, µ); > if (parse_rv != 3) { >- /* >- * We're expected to parse all 3 version levels. >- * If not, then this must not be an official release. >- * Return all zeros on the version >- */ >- return (0); >+ /* >+ * We're expected to parse all 3 version levels. >+ * If not, then this must not be an official release. >+ * Return all zeros on the version >+ */ >+ return (0); > } > >- /* >+ /* > * We allow 8 bits for the major and minor, while > * allowing 16 bits for the micro. 16 bits for the micro >- * may be beneficial for a continuous delivery model >+ * may be beneficial for a continuous delivery model > * in the future. > */ > rv |= (major & 0xFF) << 24; >@@ -146,445 +147,409 @@ unsigned int srtp_get_version () > return rv; > } > >-/* Release (maybe partially allocated) stream. */ >-static void >-srtp_stream_free(srtp_stream_ctx_t *str) { >- unsigned int i = 0; >- srtp_session_keys_t *session_keys = NULL; >+srtp_err_status_t srtp_stream_dealloc(srtp_stream_ctx_t *stream, >+ const srtp_stream_ctx_t *stream_template) >+{ >+ srtp_err_status_t status; >+ unsigned int i = 0; >+ srtp_session_keys_t *session_keys = NULL; >+ srtp_session_keys_t *template_session_keys = NULL; > >- for (i = 0; i < str->num_master_keys; i++) { >- session_keys = &str->session_keys[i]; >+ /* >+ * we use a conservative deallocation strategy - if any deallocation >+ * fails, then we report that fact without trying to deallocate >+ * anything else >+ */ >+ if (stream->session_keys) { >+ for (i = 0; i < stream->num_master_keys; i++) { >+ session_keys = &stream->session_keys[i]; >+ >+ if (stream_template && >+ stream->num_master_keys == stream_template->num_master_keys) { >+ template_session_keys = &stream_template->session_keys[i]; >+ } else { >+ template_session_keys = NULL; >+ } > >- if (session_keys->rtp_xtn_hdr_cipher) { >- srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher); >- } >+ /* >+ * deallocate cipher, if it is not the same as that in template >+ */ >+ if (template_session_keys && >+ session_keys->rtp_cipher == template_session_keys->rtp_cipher) { >+ /* do nothing */ >+ } else if (session_keys->rtp_cipher) { >+ status = srtp_cipher_dealloc(session_keys->rtp_cipher); >+ if (status) >+ return status; >+ } > >- if (session_keys->rtcp_cipher) { >- srtp_cipher_dealloc(session_keys->rtcp_cipher); >- } >+ /* >+ * deallocate auth function, if it is not the same as that in >+ * template >+ */ >+ if (template_session_keys && >+ session_keys->rtp_auth == template_session_keys->rtp_auth) { >+ /* do nothing */ >+ } else if (session_keys->rtp_auth) { >+ status = srtp_auth_dealloc(session_keys->rtp_auth); >+ if (status) >+ return status; >+ } > >- if (session_keys->rtcp_auth) { >- srtp_auth_dealloc(session_keys->rtcp_auth); >- } >+ if (template_session_keys && >+ session_keys->rtp_xtn_hdr_cipher == >+ template_session_keys->rtp_xtn_hdr_cipher) { >+ /* do nothing */ >+ } else if (session_keys->rtp_xtn_hdr_cipher) { >+ status = srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher); >+ if (status) >+ return status; >+ } > >- if (session_keys->rtp_cipher) { >- srtp_cipher_dealloc(session_keys->rtp_cipher); >- } >+ /* >+ * deallocate rtcp cipher, if it is not the same as that in >+ * template >+ */ >+ if (template_session_keys && >+ session_keys->rtcp_cipher == >+ template_session_keys->rtcp_cipher) { >+ /* do nothing */ >+ } else if (session_keys->rtcp_cipher) { >+ status = srtp_cipher_dealloc(session_keys->rtcp_cipher); >+ if (status) >+ return status; >+ } > >- if (session_keys->rtp_auth) { >- srtp_auth_dealloc(session_keys->rtp_auth); >- } >+ /* >+ * deallocate rtcp auth function, if it is not the same as that in >+ * template >+ */ >+ if (template_session_keys && >+ session_keys->rtcp_auth == template_session_keys->rtcp_auth) { >+ /* do nothing */ >+ } else if (session_keys->rtcp_auth) { >+ status = srtp_auth_dealloc(session_keys->rtcp_auth); >+ if (status) >+ return status; >+ } > >- if (session_keys->mki_id) { >- srtp_crypto_free(session_keys->mki_id); >- } >+ /* >+ * zeroize the salt value >+ */ >+ octet_string_set_to_zero(session_keys->salt, SRTP_AEAD_SALT_LEN); >+ octet_string_set_to_zero(session_keys->c_salt, SRTP_AEAD_SALT_LEN); >+ >+ if (session_keys->mki_id) { >+ octet_string_set_to_zero(session_keys->mki_id, >+ session_keys->mki_size); >+ srtp_crypto_free(session_keys->mki_id); >+ session_keys->mki_id = NULL; >+ } > >- if (session_keys->limit) { >- srtp_crypto_free(session_keys->limit); >+ /* >+ * deallocate key usage limit, if it is not the same as that in >+ * template >+ */ >+ if (template_session_keys && >+ session_keys->limit == template_session_keys->limit) { >+ /* do nothing */ >+ } else if (session_keys->limit) { >+ srtp_crypto_free(session_keys->limit); >+ } >+ } >+ srtp_crypto_free(stream->session_keys); > } >- } >- >- srtp_crypto_free(str->session_keys); > >- if (str->enc_xtn_hdr) { >- srtp_crypto_free(str->enc_xtn_hdr); >- } >+ status = srtp_rdbx_dealloc(&stream->rtp_rdbx); >+ if (status) >+ return status; > >- srtp_crypto_free(str); >-} >+ /* DAM - need to deallocate EKT here */ > >-srtp_err_status_t >-srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, >- const srtp_policy_t *p) { >- srtp_stream_ctx_t *str; >- srtp_err_status_t stat; >- unsigned int i = 0; >- srtp_session_keys_t *session_keys = NULL; >- >- /* >- * This function allocates the stream context, rtp and rtcp ciphers >- * and auth functions, and key limit structure. If there is a >- * failure during allocation, we free all previously allocated >- * memory and return a failure code. The code could probably >- * be improved, but it works and should be clear. >- */ >- >- /* allocate srtp stream and set str_ptr */ >- str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); >- if (str == NULL) >- return srtp_err_status_alloc_fail; >- >- memset(str, 0, sizeof(srtp_stream_ctx_t)); >- *str_ptr = str; >- >- /* To keep backwards API compatible if someone is using multiple master >- * keys then key should be set to NULL >- */ >- if (p->key != NULL) { >- str->num_master_keys = 1; >- } else { >- str->num_master_keys = p->num_master_keys; >- } >- >- str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc( >- sizeof(srtp_session_keys_t) * str->num_master_keys); >- >- if (str->session_keys == NULL) { >- srtp_stream_free(str); >- return srtp_err_status_alloc_fail; >- } >- >- memset(str->session_keys, 0, sizeof(srtp_session_keys_t) * str->num_master_keys); >- >- for (i = 0; i < str->num_master_keys; i++) { >- session_keys = &str->session_keys[i]; >- >- /* allocate cipher */ >- stat = srtp_crypto_kernel_alloc_cipher(p->rtp.cipher_type, >- &session_keys->rtp_cipher, >- p->rtp.cipher_key_len, >- p->rtp.auth_tag_len); >- if (stat) { >- srtp_stream_free(str); >- return stat; >+ if (stream_template && >+ stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) { >+ /* do nothing */ >+ } else if (stream->enc_xtn_hdr) { >+ srtp_crypto_free(stream->enc_xtn_hdr); > } > >- /* allocate auth function */ >- stat = srtp_crypto_kernel_alloc_auth(p->rtp.auth_type, >- &session_keys->rtp_auth, >- p->rtp.auth_key_len, >- p->rtp.auth_tag_len); >- if (stat) { >- srtp_stream_free(str); >- return stat; >- } >+ /* deallocate srtp stream context */ >+ srtp_crypto_free(stream); >+ >+ return srtp_err_status_ok; >+} >+ >+srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, >+ const srtp_policy_t *p) >+{ >+ srtp_stream_ctx_t *str; >+ srtp_err_status_t stat; >+ unsigned int i = 0; >+ srtp_session_keys_t *session_keys = NULL; > > /* >- * ...and now the RTCP-specific initialization - first, allocate >- * the cipher >+ * This function allocates the stream context, rtp and rtcp ciphers >+ * and auth functions, and key limit structure. If there is a >+ * failure during allocation, we free all previously allocated >+ * memory and return a failure code. The code could probably >+ * be improved, but it works and should be clear. > */ >- stat = srtp_crypto_kernel_alloc_cipher(p->rtcp.cipher_type, >- &session_keys->rtcp_cipher, >- p->rtcp.cipher_key_len, >- p->rtcp.auth_tag_len); >- if (stat) { >- srtp_stream_free(str); >- return stat; >- } >- >- /* allocate auth function */ >- stat = srtp_crypto_kernel_alloc_auth(p->rtcp.auth_type, >- &session_keys->rtcp_auth, >- p->rtcp.auth_key_len, >- p->rtcp.auth_tag_len); >- if (stat) { >- srtp_stream_free(str); >- return stat; >- } >- >- session_keys->mki_id = NULL; > >- /* allocate key limit structure */ >- session_keys->limit = (srtp_key_limit_ctx_t*) srtp_crypto_alloc(sizeof(srtp_key_limit_ctx_t)); >- if (session_keys->limit == NULL) { >- srtp_stream_free(str); >+ /* allocate srtp stream and set str_ptr */ >+ str = (srtp_stream_ctx_t *)srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); >+ if (str == NULL) > return srtp_err_status_alloc_fail; >- } >- } >- >- /* allocate ekt data associated with stream */ >- stat = srtp_ekt_alloc(&str->ekt, p->ekt); >- if (stat) { >- srtp_stream_free(str); >- return stat; >- } > >- if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) { >- srtp_cipher_type_id_t enc_xtn_hdr_cipher_type; >- int enc_xtn_hdr_cipher_key_len; >+ *str_ptr = str; > >- str->enc_xtn_hdr = (int*) srtp_crypto_alloc(p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); >- if (!str->enc_xtn_hdr) { >- srtp_stream_free(str); >- return srtp_err_status_alloc_fail; >+ /* >+ *To keep backwards API compatible if someone is using multiple master >+ * keys then key should be set to NULL >+ */ >+ if (p->key != NULL) { >+ str->num_master_keys = 1; >+ } else { >+ str->num_master_keys = p->num_master_keys; > } >- memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr, p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); >- str->enc_xtn_hdr_count = p->enc_xtn_hdr_count; > >- /* For GCM ciphers, the corresponding ICM cipher is used for header extensions encryption. */ >- switch (p->rtp.cipher_type) { >- case SRTP_AES_GCM_128: >- enc_xtn_hdr_cipher_type = SRTP_AES_ICM_128; >- enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; >- break; >- case SRTP_AES_GCM_256: >- enc_xtn_hdr_cipher_type = SRTP_AES_ICM_256; >- enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; >- break; >- default: >- enc_xtn_hdr_cipher_type = p->rtp.cipher_type; >- enc_xtn_hdr_cipher_key_len = p->rtp.cipher_key_len; >- break; >- } >+ str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc( >+ sizeof(srtp_session_keys_t) * str->num_master_keys); > >- for (i = 0; i < str->num_master_keys; i++) { >- session_keys = &str->session_keys[i]; >- >- /* allocate cipher for extensions header encryption */ >- stat = srtp_crypto_kernel_alloc_cipher(enc_xtn_hdr_cipher_type, >- &session_keys->rtp_xtn_hdr_cipher, >- enc_xtn_hdr_cipher_key_len, >- 0); >- if (stat) { >- srtp_stream_free(str); >- return stat; >- } >+ if (str->session_keys == NULL) { >+ srtp_stream_dealloc(str, NULL); >+ return srtp_err_status_alloc_fail; > } >- } else { >+ > for (i = 0; i < str->num_master_keys; i++) { >- session_keys = &str->session_keys[i]; >- session_keys->rtp_xtn_hdr_cipher = NULL; >- } >+ session_keys = &str->session_keys[i]; >+ >+ /* allocate cipher */ >+ stat = srtp_crypto_kernel_alloc_cipher( >+ p->rtp.cipher_type, &session_keys->rtp_cipher, >+ p->rtp.cipher_key_len, p->rtp.auth_tag_len); >+ if (stat) { >+ srtp_stream_dealloc(str, NULL); >+ return stat; >+ } > >- str->enc_xtn_hdr = NULL; >- str->enc_xtn_hdr_count = 0; >- } >+ /* allocate auth function */ >+ stat = srtp_crypto_kernel_alloc_auth( >+ p->rtp.auth_type, &session_keys->rtp_auth, p->rtp.auth_key_len, >+ p->rtp.auth_tag_len); >+ if (stat) { >+ srtp_stream_dealloc(str, NULL); >+ return stat; >+ } > >- return srtp_err_status_ok; >-} >+ /* >+ * ...and now the RTCP-specific initialization - first, allocate >+ * the cipher >+ */ >+ stat = srtp_crypto_kernel_alloc_cipher( >+ p->rtcp.cipher_type, &session_keys->rtcp_cipher, >+ p->rtcp.cipher_key_len, p->rtcp.auth_tag_len); >+ if (stat) { >+ srtp_stream_dealloc(str, NULL); >+ return stat; >+ } > >-srtp_err_status_t >-srtp_stream_dealloc(srtp_stream_ctx_t *stream, srtp_stream_ctx_t *stream_template) { >- srtp_err_status_t status; >- unsigned int i = 0; >- srtp_session_keys_t *session_keys = NULL; >- srtp_session_keys_t *template_session_keys = NULL; >- >- /* >- * we use a conservative deallocation strategy - if any deallocation >- * fails, then we report that fact without trying to deallocate >- * anything else >- */ >- for ( i = 0; i < stream->num_master_keys; i++) { >- session_keys = &stream->session_keys[i]; >- >- if (stream_template) { >- template_session_keys = &stream_template->session_keys[i]; >- } else { >- template_session_keys = NULL; >- } >+ /* allocate auth function */ >+ stat = srtp_crypto_kernel_alloc_auth( >+ p->rtcp.auth_type, &session_keys->rtcp_auth, p->rtcp.auth_key_len, >+ p->rtcp.auth_tag_len); >+ if (stat) { >+ srtp_stream_dealloc(str, NULL); >+ return stat; >+ } > >- /* deallocate cipher, if it is not the same as that in template */ >- if (template_session_keys >- && session_keys->rtp_cipher == template_session_keys->rtp_cipher) { >- /* do nothing */ >- } else { >- status = srtp_cipher_dealloc(session_keys->rtp_cipher); >- if (status) >- return status; >- } >+ session_keys->mki_id = NULL; > >- /* deallocate auth function, if it is not the same as that in template */ >- if (template_session_keys >- && session_keys->rtp_auth == template_session_keys->rtp_auth) { >- /* do nothing */ >- } else { >- status = srtp_auth_dealloc(session_keys->rtp_auth); >- if (status) >- return status; >+ /* allocate key limit structure */ >+ session_keys->limit = (srtp_key_limit_ctx_t *)srtp_crypto_alloc( >+ sizeof(srtp_key_limit_ctx_t)); >+ if (session_keys->limit == NULL) { >+ srtp_stream_dealloc(str, NULL); >+ return srtp_err_status_alloc_fail; >+ } > } > >- if (template_session_keys >- && session_keys->rtp_xtn_hdr_cipher == template_session_keys->rtp_xtn_hdr_cipher) { >- /* do nothing */ >- } else if (session_keys->rtp_xtn_hdr_cipher) { >- status = srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher); >- if (status) >- return status; >+ /* allocate ekt data associated with stream */ >+ stat = srtp_ekt_alloc(&str->ekt, p->ekt); >+ if (stat) { >+ srtp_stream_dealloc(str, NULL); >+ return stat; > } > >- /* >- * deallocate rtcp cipher, if it is not the same as that in >- * template >- */ >- if (template_session_keys >- && session_keys->rtcp_cipher == template_session_keys->rtcp_cipher) { >- /* do nothing */ >- } else { >- status = srtp_cipher_dealloc(session_keys->rtcp_cipher); >- if (status) >- return status; >- } >+ if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) { >+ srtp_cipher_type_id_t enc_xtn_hdr_cipher_type; >+ int enc_xtn_hdr_cipher_key_len; > >- /* >- * deallocate rtcp auth function, if it is not the same as that in >- * template >- */ >- if (template_session_keys >- && session_keys->rtcp_auth == template_session_keys->rtcp_auth) { >- /* do nothing */ >- } else { >- status = srtp_auth_dealloc(session_keys->rtcp_auth); >- if (status) >- return status; >- } >+ str->enc_xtn_hdr = (int *)srtp_crypto_alloc(p->enc_xtn_hdr_count * >+ sizeof(p->enc_xtn_hdr[0])); >+ if (!str->enc_xtn_hdr) { >+ srtp_stream_dealloc(str, NULL); >+ return srtp_err_status_alloc_fail; >+ } >+ memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr, >+ p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); >+ str->enc_xtn_hdr_count = p->enc_xtn_hdr_count; > >- /* >- * zeroize the salt value >- */ >- octet_string_set_to_zero(session_keys->salt, SRTP_AEAD_SALT_LEN); >- octet_string_set_to_zero(session_keys->c_salt, SRTP_AEAD_SALT_LEN); >+ /* >+ * For GCM ciphers, the corresponding ICM cipher is used for header >+ * extensions encryption. >+ */ >+ switch (p->rtp.cipher_type) { >+ case SRTP_AES_GCM_128: >+ enc_xtn_hdr_cipher_type = SRTP_AES_ICM_128; >+ enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; >+ break; >+ case SRTP_AES_GCM_256: >+ enc_xtn_hdr_cipher_type = SRTP_AES_ICM_256; >+ enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; >+ break; >+ default: >+ enc_xtn_hdr_cipher_type = p->rtp.cipher_type; >+ enc_xtn_hdr_cipher_key_len = p->rtp.cipher_key_len; >+ break; >+ } > >- if (session_keys->mki_id) { >- octet_string_set_to_zero(session_keys->mki_id, session_keys->mki_size); >- srtp_crypto_free(session_keys->mki_id); >- session_keys->mki_id = NULL; >- } >+ for (i = 0; i < str->num_master_keys; i++) { >+ session_keys = &str->session_keys[i]; > >- /* deallocate key usage limit, if it is not the same as that in template */ >- if (template_session_keys >- && session_keys->limit == template_session_keys->limit) { >- /* do nothing */ >+ /* allocate cipher for extensions header encryption */ >+ stat = srtp_crypto_kernel_alloc_cipher( >+ enc_xtn_hdr_cipher_type, &session_keys->rtp_xtn_hdr_cipher, >+ enc_xtn_hdr_cipher_key_len, 0); >+ if (stat) { >+ srtp_stream_dealloc(str, NULL); >+ return stat; >+ } >+ } > } else { >- srtp_crypto_free(session_keys->limit); >- } >- >- } >- >- if (stream_template >- && stream->session_keys == stream_template->session_keys) { >- /* do nothing */ >- } else { >- srtp_crypto_free(stream->session_keys); >- } >- >- status = srtp_rdbx_dealloc(&stream->rtp_rdbx); >- if (status) >- return status; >- >- /* DAM - need to deallocate EKT here */ >- >- if (stream_template >- && stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) { >- /* do nothing */ >- } else if (stream->enc_xtn_hdr) { >- srtp_crypto_free(stream->enc_xtn_hdr); >- } >+ for (i = 0; i < str->num_master_keys; i++) { >+ session_keys = &str->session_keys[i]; >+ session_keys->rtp_xtn_hdr_cipher = NULL; >+ } > >- /* deallocate srtp stream context */ >- srtp_crypto_free(stream); >+ str->enc_xtn_hdr = NULL; >+ str->enc_xtn_hdr_count = 0; >+ } > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >- > /* > * srtp_stream_clone(stream_template, new) allocates a new stream and > * initializes it using the cipher and auth of the stream_template >- * >+ * > * the only unique data in a cloned stream is the replay database and > * the SSRC > */ > >-srtp_err_status_t >-srtp_stream_clone(const srtp_stream_ctx_t *stream_template, >- uint32_t ssrc, >- srtp_stream_ctx_t **str_ptr) { >- srtp_err_status_t status; >- srtp_stream_ctx_t *str; >- unsigned int i = 0; >- srtp_session_keys_t *session_keys = NULL; >- const srtp_session_keys_t *template_session_keys = NULL; >- >- debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ntohl(ssrc)); >- >- /* allocate srtp stream and set str_ptr */ >- str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); >- if (str == NULL) >- return srtp_err_status_alloc_fail; >- *str_ptr = str; >- >- str->num_master_keys = stream_template->num_master_keys; >- str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc( >- sizeof(srtp_session_keys_t) * str->num_master_keys); >- >- if (str->session_keys == NULL) { >- srtp_crypto_free(*str_ptr); >- *str_ptr = NULL; >- return srtp_err_status_alloc_fail; >- } >- >- for (i = 0; i < stream_template->num_master_keys; i++){ >- session_keys = &str->session_keys[i]; >- template_session_keys = &stream_template->session_keys[i]; >- >- /* set cipher and auth pointers to those of the template */ >- session_keys->rtp_cipher = template_session_keys->rtp_cipher; >- session_keys->rtp_auth = template_session_keys->rtp_auth; >- session_keys->rtp_xtn_hdr_cipher = template_session_keys->rtp_xtn_hdr_cipher; >- session_keys->rtcp_cipher = template_session_keys->rtcp_cipher; >- session_keys->rtcp_auth = template_session_keys->rtcp_auth; >- session_keys->mki_size = template_session_keys->mki_size; >- >- if (template_session_keys->mki_size == 0) { >- session_keys->mki_id = NULL; >- } else { >- session_keys->mki_id = srtp_crypto_alloc(template_session_keys->mki_size); >+srtp_err_status_t srtp_stream_clone(const srtp_stream_ctx_t *stream_template, >+ uint32_t ssrc, >+ srtp_stream_ctx_t **str_ptr) >+{ >+ srtp_err_status_t status; >+ srtp_stream_ctx_t *str; >+ unsigned int i = 0; >+ srtp_session_keys_t *session_keys = NULL; >+ const srtp_session_keys_t *template_session_keys = NULL; > >- if (session_keys->mki_id == NULL) { >- return srtp_err_status_init_fail; >- } >- memset(session_keys->mki_id, 0x0, session_keys->mki_size); >- memcpy(session_keys->mki_id, template_session_keys->mki_id, session_keys->mki_size); >- } >- /* Copy the salt values */ >- memcpy(session_keys->salt, template_session_keys->salt, SRTP_AEAD_SALT_LEN); >- memcpy(session_keys->c_salt, template_session_keys->c_salt, SRTP_AEAD_SALT_LEN); >- >- /* set key limit to point to that of the template */ >- status = srtp_key_limit_clone(template_session_keys->limit, &session_keys->limit); >- if (status) { >- srtp_crypto_free(*str_ptr); >- *str_ptr = NULL; >- return status; >- } >- } >- >- >- /* initialize replay databases */ >- status = srtp_rdbx_init(&str->rtp_rdbx, >- srtp_rdbx_get_window_size(&stream_template->rtp_rdbx)); >- if (status) { >- srtp_crypto_free(*str_ptr); >- *str_ptr = NULL; >- return status; >- } >- srtp_rdb_init(&str->rtcp_rdb); >- str->allow_repeat_tx = stream_template->allow_repeat_tx; >+ debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ntohl(ssrc)); > >- /* set ssrc to that provided */ >- str->ssrc = ssrc; >+ /* allocate srtp stream and set str_ptr */ >+ str = (srtp_stream_ctx_t *)srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); >+ if (str == NULL) >+ return srtp_err_status_alloc_fail; >+ *str_ptr = str; > >- /* reset pending ROC */ >- str->pending_roc = 0; >+ str->num_master_keys = stream_template->num_master_keys; >+ str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc( >+ sizeof(srtp_session_keys_t) * str->num_master_keys); > >- /* set direction and security services */ >- str->direction = stream_template->direction; >- str->rtp_services = stream_template->rtp_services; >- str->rtcp_services = stream_template->rtcp_services; >+ if (str->session_keys == NULL) { >+ srtp_stream_dealloc(*str_ptr, stream_template); >+ *str_ptr = NULL; >+ return srtp_err_status_alloc_fail; >+ } > >- /* set pointer to EKT data associated with stream */ >- str->ekt = stream_template->ekt; >+ for (i = 0; i < stream_template->num_master_keys; i++) { >+ session_keys = &str->session_keys[i]; >+ template_session_keys = &stream_template->session_keys[i]; >+ >+ /* set cipher and auth pointers to those of the template */ >+ session_keys->rtp_cipher = template_session_keys->rtp_cipher; >+ session_keys->rtp_auth = template_session_keys->rtp_auth; >+ session_keys->rtp_xtn_hdr_cipher = >+ template_session_keys->rtp_xtn_hdr_cipher; >+ session_keys->rtcp_cipher = template_session_keys->rtcp_cipher; >+ session_keys->rtcp_auth = template_session_keys->rtcp_auth; >+ session_keys->mki_size = template_session_keys->mki_size; >+ >+ if (template_session_keys->mki_size == 0) { >+ session_keys->mki_id = NULL; >+ } else { >+ session_keys->mki_id = >+ srtp_crypto_alloc(template_session_keys->mki_size); > >- /* copy information about extensions header encryption */ >- str->enc_xtn_hdr = stream_template->enc_xtn_hdr; >- str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count; >+ if (session_keys->mki_id == NULL) { >+ srtp_stream_dealloc(*str_ptr, stream_template); >+ *str_ptr = NULL; >+ return srtp_err_status_init_fail; >+ } >+ memcpy(session_keys->mki_id, template_session_keys->mki_id, >+ session_keys->mki_size); >+ } >+ /* Copy the salt values */ >+ memcpy(session_keys->salt, template_session_keys->salt, >+ SRTP_AEAD_SALT_LEN); >+ memcpy(session_keys->c_salt, template_session_keys->c_salt, >+ SRTP_AEAD_SALT_LEN); >+ >+ /* set key limit to point to that of the template */ >+ status = srtp_key_limit_clone(template_session_keys->limit, >+ &session_keys->limit); >+ if (status) { >+ srtp_stream_dealloc(*str_ptr, stream_template); >+ *str_ptr = NULL; >+ return status; >+ } >+ } > >- /* defensive coding */ >- str->next = NULL; >- return srtp_err_status_ok; >-} >+ /* initialize replay databases */ >+ status = srtp_rdbx_init( >+ &str->rtp_rdbx, srtp_rdbx_get_window_size(&stream_template->rtp_rdbx)); >+ if (status) { >+ srtp_stream_dealloc(*str_ptr, stream_template); >+ *str_ptr = NULL; >+ return status; >+ } >+ srtp_rdb_init(&str->rtcp_rdb); >+ str->allow_repeat_tx = stream_template->allow_repeat_tx; >+ >+ /* set ssrc to that provided */ >+ str->ssrc = ssrc; >+ >+ /* reset pending ROC */ >+ str->pending_roc = 0; >+ >+ /* set direction and security services */ >+ str->direction = stream_template->direction; >+ str->rtp_services = stream_template->rtp_services; >+ str->rtcp_services = stream_template->rtcp_services; > >+ /* set pointer to EKT data associated with stream */ >+ str->ekt = stream_template->ekt; >+ >+ /* copy information about extensions header encryption */ >+ str->enc_xtn_hdr = stream_template->enc_xtn_hdr; >+ str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count; >+ >+ /* defensive coding */ >+ str->next = NULL; >+ return srtp_err_status_ok; >+} > > /* > * key derivation functions, internal to libSRTP >@@ -593,7 +558,7 @@ srtp_stream_clone(const srtp_stream_ctx_t *stream_template, > * > * srtp_kdf_init(&kdf, cipher_id, k, keylen) initializes kdf to use cipher > * described by cipher_id, with the master key k with length in octets keylen. >- * >+ * > * srtp_kdf_generate(&kdf, l, kl, keylen) derives the key > * corresponding to label l and puts it into kl; the length > * of the key in octets is provided as keylen. this function >@@ -603,39 +568,42 @@ srtp_stream_clone(const srtp_stream_ctx_t *stream_template, > */ > > typedef enum { >- label_rtp_encryption = 0x00, >- label_rtp_msg_auth = 0x01, >- label_rtp_salt = 0x02, >- label_rtcp_encryption = 0x03, >- label_rtcp_msg_auth = 0x04, >- label_rtcp_salt = 0x05, >- label_rtp_header_encryption = 0x06, >- label_rtp_header_salt = 0x07 >+ label_rtp_encryption = 0x00, >+ label_rtp_msg_auth = 0x01, >+ label_rtp_salt = 0x02, >+ label_rtcp_encryption = 0x03, >+ label_rtcp_msg_auth = 0x04, >+ label_rtcp_salt = 0x05, >+ label_rtp_header_encryption = 0x06, >+ label_rtp_header_salt = 0x07 > } srtp_prf_label; > > #define MAX_SRTP_KEY_LEN 256 > > #if defined(OPENSSL) && defined(OPENSSL_KDF) > #define MAX_SRTP_AESKEY_LEN 32 >-#define MAX_SRTP_SALT_LEN 14 >+#define MAX_SRTP_SALT_LEN 14 > > /* > * srtp_kdf_t represents a key derivation function. The SRTP > * default KDF is the only one implemented at present. > */ >-typedef struct { >+typedef struct { > uint8_t master_key[MAX_SRTP_AESKEY_LEN]; > uint8_t master_salt[MAX_SRTP_SALT_LEN]; > const EVP_CIPHER *evp; > } srtp_kdf_t; > >- >-static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int key_len, int salt_len) >+static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, >+ const uint8_t *key, >+ int key_len, >+ int salt_len) > { > memset(kdf, 0x0, sizeof(srtp_kdf_t)); > > /* The NULL cipher has zero key length */ >- if (key_len == 0) return srtp_err_status_ok; >+ if (key_len == 0) >+ return srtp_err_status_ok; > > if ((key_len > MAX_SRTP_AESKEY_LEN) || (salt_len > MAX_SRTP_SALT_LEN)) { > return srtp_err_status_bad_param; >@@ -654,17 +622,21 @@ static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int > return srtp_err_status_bad_param; > break; > } >- memcpy(kdf->master_key, key, key_len); >- memcpy(kdf->master_salt, key+key_len, salt_len); >+ memcpy(kdf->master_key, key, key_len); >+ memcpy(kdf->master_salt, key + key_len, salt_len); > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, uint8_t *key, unsigned int length) >+static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, >+ srtp_prf_label label, >+ uint8_t *key, >+ unsigned int length) > { > int ret; > > /* The NULL cipher will not have an EVP */ >- if (!kdf->evp) return srtp_err_status_ok; >+ if (!kdf->evp) >+ return srtp_err_status_ok; > octet_string_set_to_zero(key, length); > > /* >@@ -672,7 +644,8 @@ static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label > * This is useful if OpenSSL is in FIPS mode and FIP > * compliance is required for SRTP. > */ >- ret = kdf_srtp(kdf->evp, (char *)&kdf->master_key, (char *)&kdf->master_salt, NULL, NULL, label, (char *)key); >+ ret = kdf_srtp(kdf->evp, (char *)&kdf->master_key, >+ (char *)&kdf->master_salt, NULL, NULL, label, (char *)key); > if (ret == -1) { > return (srtp_err_status_algo_fail); > } >@@ -680,25 +653,28 @@ static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { >+static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) >+{ > octet_string_set_to_zero(kdf->master_key, MAX_SRTP_AESKEY_LEN); > octet_string_set_to_zero(kdf->master_salt, MAX_SRTP_SALT_LEN); > kdf->evp = NULL; > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-#else /* if OPENSSL_KDF */ >+#else /* if OPENSSL_KDF */ > > /* > * srtp_kdf_t represents a key derivation function. The SRTP > * default KDF is the only one implemented at present. > */ >-typedef struct { >- srtp_cipher_t *cipher; /* cipher used for key derivation */ >+typedef struct { >+ srtp_cipher_t *cipher; /* cipher used for key derivation */ > } srtp_kdf_t; > >-static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int key_len) >+static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, >+ const uint8_t *key, >+ int key_len) > { > srtp_cipher_type_id_t cipher_id; > switch (key_len) { >@@ -718,7 +694,8 @@ static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int > > srtp_err_status_t stat; > stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, key_len, 0); >- if (stat) return stat; >+ if (stat) >+ return stat; > > stat = srtp_cipher_init(kdf->cipher, key); > if (stat) { >@@ -728,105 +705,113 @@ static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, uint8_t *key, unsigned int length) >+static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, >+ srtp_prf_label label, >+ uint8_t *key, >+ unsigned int length) > { > srtp_err_status_t status; > v128_t nonce; >- >+ > /* set eigth octet of nonce to <label>, set the rest of it to zero */ > v128_set_to_zero(&nonce); > nonce.v8[7] = label; >- >- status = srtp_cipher_set_iv(kdf->cipher, (uint8_t*)&nonce, srtp_direction_encrypt); >- if (status) return status; >- >+ >+ status = srtp_cipher_set_iv(kdf->cipher, (uint8_t *)&nonce, >+ srtp_direction_encrypt); >+ if (status) >+ return status; >+ > /* generate keystream output */ > octet_string_set_to_zero(key, length); > status = srtp_cipher_encrypt(kdf->cipher, key, &length); >- if (status) return status; >+ if (status) >+ return status; > > return srtp_err_status_ok; > } > >-static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { >+static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) >+{ > srtp_err_status_t status; > status = srtp_cipher_dealloc(kdf->cipher); >- if (status) return status; >+ if (status) >+ return status; > kdf->cipher = NULL; >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > #endif /* else OPENSSL_KDF */ > > /* >- * end of key derivation functions >+ * end of key derivation functions > */ > >- >- > /* Get the base key length corresponding to a given combined key+salt > * length for the given cipher. > * TODO: key and salt lengths should be separate fields in the policy. */ >-static inline int base_key_length(const srtp_cipher_type_t *cipher, int key_length) >+static inline int base_key_length(const srtp_cipher_type_t *cipher, >+ int key_length) > { >- switch (cipher->id) { >- case SRTP_AES_ICM_128: >- case SRTP_AES_ICM_192: >- case SRTP_AES_ICM_256: >- /* The legacy modes are derived from >- * the configured key length on the policy */ >- return key_length - SRTP_SALT_LEN; >- break; >- case SRTP_AES_GCM_128: >- return key_length - SRTP_AEAD_SALT_LEN; >- break; >- case SRTP_AES_GCM_256: >- return key_length - SRTP_AEAD_SALT_LEN; >- break; >- default: >- return key_length; >- break; >- } >+ switch (cipher->id) { >+ case SRTP_AES_ICM_128: >+ case SRTP_AES_ICM_192: >+ case SRTP_AES_ICM_256: >+ /* The legacy modes are derived from >+ * the configured key length on the policy */ >+ return key_length - SRTP_SALT_LEN; >+ break; >+ case SRTP_AES_GCM_128: >+ return key_length - SRTP_AEAD_SALT_LEN; >+ break; >+ case SRTP_AES_GCM_256: >+ return key_length - SRTP_AEAD_SALT_LEN; >+ break; >+ default: >+ return key_length; >+ break; >+ } > } > >-unsigned int >-srtp_validate_policy_master_keys(const srtp_policy_t *policy) >+unsigned int srtp_validate_policy_master_keys(const srtp_policy_t *policy) > { >- int i = 0; >+ unsigned long i = 0; > > if (policy->key == NULL) { > if (policy->num_master_keys <= 0) > return 0; > > if (policy->num_master_keys > SRTP_MAX_NUM_MASTER_KEYS) >- return 0; >- >+ return 0; >+ > for (i = 0; i < policy->num_master_keys; i++) { > if (policy->keys[i]->key == NULL) > return 0; >- if (policy->keys[i]->mki_size > SRTP_MAX_MKI_LEN) >- return 0; >+ if (policy->keys[i]->mki_size > SRTP_MAX_MKI_LEN) >+ return 0; > } > } > > return 1; > } > >-srtp_session_keys_t* >-srtp_get_session_keys_with_mki_index(srtp_stream_ctx_t *stream, >- unsigned int use_mki, >- unsigned int mki_index) { >+srtp_session_keys_t *srtp_get_session_keys_with_mki_index( >+ srtp_stream_ctx_t *stream, >+ unsigned int use_mki, >+ unsigned int mki_index) >+{ > if (use_mki) { >- if (mki_index < stream->num_master_keys) { >- return &stream->session_keys[mki_index]; >+ if (mki_index >= stream->num_master_keys) { >+ return NULL; > } >+ return &stream->session_keys[mki_index]; > } > > return &stream->session_keys[0]; > } > >-unsigned int >-srtp_inject_mki(uint8_t *mki_tag_location, srtp_session_keys_t* session_keys, >- unsigned int use_mki) >+unsigned int srtp_inject_mki(uint8_t *mki_tag_location, >+ srtp_session_keys_t *session_keys, >+ unsigned int use_mki) > { > unsigned int mki_size = 0; > >@@ -842,16 +827,17 @@ srtp_inject_mki(uint8_t *mki_tag_location, srtp_session_keys_t* session_keys, > return mki_size; > } > >-srtp_err_status_t >-srtp_stream_init_all_master_keys(srtp_stream_ctx_t *srtp, >- unsigned char *key, >- srtp_master_key_t **keys, >- const unsigned int max_master_keys) { >- int i = 0; >+srtp_err_status_t srtp_stream_init_all_master_keys( >+ srtp_stream_ctx_t *srtp, >+ unsigned char *key, >+ srtp_master_key_t **keys, >+ const unsigned int max_master_keys) >+{ >+ unsigned int i = 0; > srtp_err_status_t status = srtp_err_status_ok; > srtp_master_key_t single_master_key; > >- if ( key != NULL ) { >+ if (key != NULL) { > srtp->num_master_keys = 1; > single_master_key.key = key; > single_master_key.mki_id = NULL; >@@ -860,7 +846,8 @@ srtp_stream_init_all_master_keys(srtp_stream_ctx_t *srtp, > } else { > srtp->num_master_keys = max_master_keys; > >- for (i = 0; i < srtp->num_master_keys && i < SRTP_MAX_NUM_MASTER_KEYS; i++) { >+ for (i = 0; i < srtp->num_master_keys && i < SRTP_MAX_NUM_MASTER_KEYS; >+ i++) { > status = srtp_stream_init_keys(srtp, keys[i], i); > > if (status) { >@@ -872,577 +859,609 @@ srtp_stream_init_all_master_keys(srtp_stream_ctx_t *srtp, > return status; > } > >-srtp_err_status_t >-srtp_stream_init_keys(srtp_stream_ctx_t *srtp, srtp_master_key_t *master_key, >- const unsigned int current_mki_index) { >- srtp_err_status_t stat; >- srtp_kdf_t kdf; >- uint8_t tmp_key[MAX_SRTP_KEY_LEN]; >- int kdf_keylen = 30, rtp_keylen, rtcp_keylen; >- int rtp_base_key_len, rtp_salt_len; >- int rtcp_base_key_len, rtcp_salt_len; >- srtp_session_keys_t *session_keys = NULL; >- unsigned char *key = master_key->key; >- >- /* If RTP or RTCP have a key length > AES-128, assume matching kdf. */ >- /* TODO: kdf algorithm, master key length, and master salt length should >- * be part of srtp_policy_t. */ >- session_keys = &srtp->session_keys[current_mki_index]; >- >- /* initialize key limit to maximum value */ >-#ifdef NO_64BIT_MATH >+srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp, >+ srtp_master_key_t *master_key, >+ const unsigned int current_mki_index) > { >- uint64_t temp; >- temp = make64(UINT_MAX,UINT_MAX); >- srtp_key_limit_set(session_keys->limit, temp); >-} >+ srtp_err_status_t stat; >+ srtp_kdf_t kdf; >+ uint8_t tmp_key[MAX_SRTP_KEY_LEN]; >+ int kdf_keylen = 30, rtp_keylen, rtcp_keylen; >+ int rtp_base_key_len, rtp_salt_len; >+ int rtcp_base_key_len, rtcp_salt_len; >+ srtp_session_keys_t *session_keys = NULL; >+ unsigned char *key = master_key->key; >+ >+ /* If RTP or RTCP have a key length > AES-128, assume matching kdf. */ >+ /* TODO: kdf algorithm, master key length, and master salt length should >+ * be part of srtp_policy_t. >+ */ >+ session_keys = &srtp->session_keys[current_mki_index]; >+ >+/* initialize key limit to maximum value */ >+#ifdef NO_64BIT_MATH >+ { >+ uint64_t temp; >+ temp = make64(UINT_MAX, UINT_MAX); >+ srtp_key_limit_set(session_keys->limit, temp); >+ } > #else >- srtp_key_limit_set(session_keys->limit, 0xffffffffffffLL); >+ srtp_key_limit_set(session_keys->limit, 0xffffffffffffLL); > #endif > >+ if (master_key->mki_size != 0) { >+ session_keys->mki_id = srtp_crypto_alloc(master_key->mki_size); > >- if ( master_key->mki_size != 0 ) { >- session_keys->mki_id = srtp_crypto_alloc(master_key->mki_size); >- >- if (session_keys->mki_id == NULL) { >- return srtp_err_status_init_fail; >- } >- memset(session_keys->mki_id, 0x0, master_key->mki_size); >- memcpy(session_keys->mki_id, master_key->mki_id, master_key->mki_size); >- } else { >- session_keys->mki_id = NULL; >- } >- >- session_keys->mki_size = master_key->mki_size; >- >- rtp_keylen = srtp_cipher_get_key_length(session_keys->rtp_cipher); >- rtcp_keylen = srtp_cipher_get_key_length(session_keys->rtcp_cipher); >- rtp_base_key_len = base_key_length(session_keys->rtp_cipher->type, rtp_keylen); >- rtp_salt_len = rtp_keylen - rtp_base_key_len; >- >- if (rtp_keylen > kdf_keylen) { >- kdf_keylen = 46; /* AES-CTR mode is always used for KDF */ >- } >- >- if (rtcp_keylen > kdf_keylen) { >- kdf_keylen = 46; /* AES-CTR mode is always used for KDF */ >- } >- >- debug_print(mod_srtp, "srtp key len: %d", rtp_keylen); >- debug_print(mod_srtp, "srtcp key len: %d", rtcp_keylen); >- debug_print(mod_srtp, "base key len: %d", rtp_base_key_len); >- debug_print(mod_srtp, "kdf key len: %d", kdf_keylen); >- debug_print(mod_srtp, "rtp salt len: %d", rtp_salt_len); >- >- /* >- * Make sure the key given to us is 'zero' appended. GCM >- * mode uses a shorter master SALT (96 bits), but still relies on >- * the legacy CTR mode KDF, which uses a 112 bit master SALT. >- */ >- memset(tmp_key, 0x0, MAX_SRTP_KEY_LEN); >- memcpy(tmp_key, key, (rtp_base_key_len + rtp_salt_len)); >- >- /* initialize KDF state */ >-#if defined(OPENSSL) && defined(OPENSSL_KDF) >- stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, rtp_base_key_len, rtp_salt_len); >-#else >- stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, kdf_keylen); >-#endif >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- >- /* generate encryption key */ >- stat = srtp_kdf_generate(&kdf, label_rtp_encryption, >- tmp_key, rtp_base_key_len); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- debug_print(mod_srtp, "cipher key: %s", >- srtp_octet_string_hex_string(tmp_key, rtp_base_key_len)); >- >- /* >- * if the cipher in the srtp context uses a salt, then we need >- * to generate the salt value >- */ >- if (rtp_salt_len > 0) { >- debug_print(mod_srtp, "found rtp_salt_len > 0, generating salt", NULL); >- >- /* generate encryption salt, put after encryption key */ >- stat = srtp_kdf_generate(&kdf, label_rtp_salt, >- tmp_key + rtp_base_key_len, rtp_salt_len); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- memcpy(session_keys->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN); >- } >- if (rtp_salt_len > 0) { >- debug_print(mod_srtp, "cipher salt: %s", >- srtp_octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_salt_len)); >- } >- >- /* initialize cipher */ >- stat = srtp_cipher_init(session_keys->rtp_cipher, tmp_key); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- >- if (session_keys->rtp_xtn_hdr_cipher) { >- /* generate extensions header encryption key */ >- int rtp_xtn_hdr_keylen; >- int rtp_xtn_hdr_base_key_len; >- int rtp_xtn_hdr_salt_len; >- srtp_kdf_t tmp_kdf; >- srtp_kdf_t *xtn_hdr_kdf; >- >- if (session_keys->rtp_xtn_hdr_cipher->type != session_keys->rtp_cipher->type) { >- /* With GCM ciphers, the header extensions are still encrypted using the corresponding ICM cipher. */ >- /* See https://tools.ietf.org/html/rfc7714#section-8.3 */ >- uint8_t tmp_xtn_hdr_key[MAX_SRTP_KEY_LEN]; >- rtp_xtn_hdr_keylen = srtp_cipher_get_key_length(session_keys->rtp_xtn_hdr_cipher); >- rtp_xtn_hdr_base_key_len = base_key_length(session_keys->rtp_xtn_hdr_cipher->type, >- rtp_xtn_hdr_keylen); >- rtp_xtn_hdr_salt_len = rtp_xtn_hdr_keylen - rtp_xtn_hdr_base_key_len; >- if (rtp_xtn_hdr_salt_len > rtp_salt_len) { >- switch (session_keys->rtp_cipher->type->id) { >- case SRTP_AES_GCM_128: >- case SRTP_AES_GCM_256: >- /* The shorter GCM salt is padded to the required ICM salt length. */ >- rtp_xtn_hdr_salt_len = rtp_salt_len; >- break; >- default: >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_bad_param; >+ if (session_keys->mki_id == NULL) { >+ return srtp_err_status_init_fail; > } >- } >- memset(tmp_xtn_hdr_key, 0x0, MAX_SRTP_KEY_LEN); >- memcpy(tmp_xtn_hdr_key, key, (rtp_xtn_hdr_base_key_len + rtp_xtn_hdr_salt_len)); >- xtn_hdr_kdf = &tmp_kdf; >+ memcpy(session_keys->mki_id, master_key->mki_id, master_key->mki_size); >+ } else { >+ session_keys->mki_id = NULL; >+ } >+ >+ session_keys->mki_size = master_key->mki_size; >+ >+ rtp_keylen = srtp_cipher_get_key_length(session_keys->rtp_cipher); >+ rtcp_keylen = srtp_cipher_get_key_length(session_keys->rtcp_cipher); >+ rtp_base_key_len = >+ base_key_length(session_keys->rtp_cipher->type, rtp_keylen); >+ rtp_salt_len = rtp_keylen - rtp_base_key_len; >+ >+ if (rtp_keylen > kdf_keylen) { >+ kdf_keylen = 46; /* AES-CTR mode is always used for KDF */ >+ } >+ >+ if (rtcp_keylen > kdf_keylen) { >+ kdf_keylen = 46; /* AES-CTR mode is always used for KDF */ >+ } >+ >+ debug_print(mod_srtp, "srtp key len: %d", rtp_keylen); >+ debug_print(mod_srtp, "srtcp key len: %d", rtcp_keylen); >+ debug_print(mod_srtp, "base key len: %d", rtp_base_key_len); >+ debug_print(mod_srtp, "kdf key len: %d", kdf_keylen); >+ debug_print(mod_srtp, "rtp salt len: %d", rtp_salt_len); > >- /* initialize KDF state */ >+ /* >+ * Make sure the key given to us is 'zero' appended. GCM >+ * mode uses a shorter master SALT (96 bits), but still relies on >+ * the legacy CTR mode KDF, which uses a 112 bit master SALT. >+ */ >+ memset(tmp_key, 0x0, MAX_SRTP_KEY_LEN); >+ memcpy(tmp_key, key, (rtp_base_key_len + rtp_salt_len)); >+ >+/* initialize KDF state */ > #if defined(OPENSSL) && defined(OPENSSL_KDF) >- stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); >+ stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, rtp_base_key_len, >+ rtp_salt_len); > #else >- stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, kdf_keylen); >+ stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, kdf_keylen); > #endif >- octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN); >- if (stat) { >+ if (stat) { > /* zeroize temp buffer */ > octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); > return srtp_err_status_init_fail; >- } >- } else { >- /* Reuse main KDF. */ >- rtp_xtn_hdr_keylen = rtp_keylen; >- rtp_xtn_hdr_base_key_len = rtp_base_key_len; >- rtp_xtn_hdr_salt_len = rtp_salt_len; >- xtn_hdr_kdf = &kdf; > } > >- stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_encryption, >- tmp_key, rtp_xtn_hdr_base_key_len); >+ /* generate encryption key */ >+ stat = srtp_kdf_generate(&kdf, label_rtp_encryption, tmp_key, >+ rtp_base_key_len); > if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; > } >- debug_print(mod_srtp, "extensions cipher key: %s", >- srtp_octet_string_hex_string(tmp_key, rtp_xtn_hdr_base_key_len)); >+ debug_print(mod_srtp, "cipher key: %s", >+ srtp_octet_string_hex_string(tmp_key, rtp_base_key_len)); > > /* > * if the cipher in the srtp context uses a salt, then we need > * to generate the salt value > */ >- if (rtp_xtn_hdr_salt_len > 0) { >- debug_print(mod_srtp, "found rtp_xtn_hdr_salt_len > 0, generating salt", NULL); >- >- /* generate encryption salt, put after encryption key */ >- stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_salt, >- tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >+ if (rtp_salt_len > 0) { >+ debug_print(mod_srtp, "found rtp_salt_len > 0, generating salt", NULL); >+ >+ /* generate encryption salt, put after encryption key */ >+ stat = srtp_kdf_generate(&kdf, label_rtp_salt, >+ tmp_key + rtp_base_key_len, rtp_salt_len); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } >+ memcpy(session_keys->salt, tmp_key + rtp_base_key_len, >+ SRTP_AEAD_SALT_LEN); > } >- if (rtp_xtn_hdr_salt_len > 0) { >- debug_print(mod_srtp, "extensions cipher salt: %s", >- srtp_octet_string_hex_string(tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len)); >+ if (rtp_salt_len > 0) { >+ debug_print(mod_srtp, "cipher salt: %s", >+ srtp_octet_string_hex_string(tmp_key + rtp_base_key_len, >+ rtp_salt_len)); > } > >- /* initialize extensions header cipher */ >- stat = srtp_cipher_init(session_keys->rtp_xtn_hdr_cipher, tmp_key); >+ /* initialize cipher */ >+ stat = srtp_cipher_init(session_keys->rtp_cipher, tmp_key); > if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- >- if (xtn_hdr_kdf != &kdf) { >- /* release memory for custom header extension encryption kdf */ >- stat = srtp_kdf_clear(xtn_hdr_kdf); >- if (stat) { > /* zeroize temp buffer */ > octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); > return srtp_err_status_init_fail; >- } > } >- } >- >- /* generate authentication key */ >- stat = srtp_kdf_generate(&kdf, label_rtp_msg_auth, >- tmp_key, srtp_auth_get_key_length(session_keys->rtp_auth)); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- debug_print(mod_srtp, "auth key: %s", >- srtp_octet_string_hex_string(tmp_key, >- srtp_auth_get_key_length(session_keys->rtp_auth))); >- >- /* initialize auth function */ >- stat = srtp_auth_init(session_keys->rtp_auth, tmp_key); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- >- /* >- * ...now initialize SRTCP keys >- */ >- >- rtcp_base_key_len = base_key_length(session_keys->rtcp_cipher->type, rtcp_keylen); >- rtcp_salt_len = rtcp_keylen - rtcp_base_key_len; >- debug_print(mod_srtp, "rtcp salt len: %d", rtcp_salt_len); >- >- /* generate encryption key */ >- stat = srtp_kdf_generate(&kdf, label_rtcp_encryption, >- tmp_key, rtcp_base_key_len); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- >- /* >- * if the cipher in the srtp context uses a salt, then we need >- * to generate the salt value >- */ >- if (rtcp_salt_len > 0) { >- debug_print(mod_srtp, "found rtcp_salt_len > 0, generating rtcp salt", >- NULL); >- >- /* generate encryption salt, put after encryption key */ >- stat = srtp_kdf_generate(&kdf, label_rtcp_salt, >- tmp_key + rtcp_base_key_len, rtcp_salt_len); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- memcpy(session_keys->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN); >- } >- debug_print(mod_srtp, "rtcp cipher key: %s", >- srtp_octet_string_hex_string(tmp_key, rtcp_base_key_len)); >- if (rtcp_salt_len > 0) { >- debug_print(mod_srtp, "rtcp cipher salt: %s", >- srtp_octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_salt_len)); >- } >- >- /* initialize cipher */ >- stat = srtp_cipher_init(session_keys->rtcp_cipher, tmp_key); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- >- /* generate authentication key */ >- stat = srtp_kdf_generate(&kdf, label_rtcp_msg_auth, >- tmp_key, srtp_auth_get_key_length(session_keys->rtcp_auth)); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } >- >- debug_print(mod_srtp, "rtcp auth key: %s", >- srtp_octet_string_hex_string(tmp_key, >- srtp_auth_get_key_length(session_keys->rtcp_auth))); >- >- /* initialize auth function */ >- stat = srtp_auth_init(session_keys->rtcp_auth, tmp_key); >- if (stat) { >- /* zeroize temp buffer */ >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- return srtp_err_status_init_fail; >- } > >- /* clear memory then return */ >- stat = srtp_kdf_clear(&kdf); >- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >- if (stat) >- return srtp_err_status_init_fail; >+ if (session_keys->rtp_xtn_hdr_cipher) { >+ /* generate extensions header encryption key */ >+ int rtp_xtn_hdr_keylen; >+ int rtp_xtn_hdr_base_key_len; >+ int rtp_xtn_hdr_salt_len; >+ srtp_kdf_t tmp_kdf; >+ srtp_kdf_t *xtn_hdr_kdf; >+ >+ if (session_keys->rtp_xtn_hdr_cipher->type != >+ session_keys->rtp_cipher->type) { >+ /* >+ * With GCM ciphers, the header extensions are still encrypted using >+ * the corresponding ICM cipher. >+ * See https://tools.ietf.org/html/rfc7714#section-8.3 >+ */ >+ uint8_t tmp_xtn_hdr_key[MAX_SRTP_KEY_LEN]; >+ rtp_xtn_hdr_keylen = >+ srtp_cipher_get_key_length(session_keys->rtp_xtn_hdr_cipher); >+ rtp_xtn_hdr_base_key_len = base_key_length( >+ session_keys->rtp_xtn_hdr_cipher->type, rtp_xtn_hdr_keylen); >+ rtp_xtn_hdr_salt_len = >+ rtp_xtn_hdr_keylen - rtp_xtn_hdr_base_key_len; >+ if (rtp_xtn_hdr_salt_len > rtp_salt_len) { >+ switch (session_keys->rtp_cipher->type->id) { >+ case SRTP_AES_GCM_128: >+ case SRTP_AES_GCM_256: >+ /* >+ * The shorter GCM salt is padded to the required ICM salt >+ * length. >+ */ >+ rtp_xtn_hdr_salt_len = rtp_salt_len; >+ break; >+ default: >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_bad_param; >+ } >+ } >+ memset(tmp_xtn_hdr_key, 0x0, MAX_SRTP_KEY_LEN); >+ memcpy(tmp_xtn_hdr_key, key, >+ (rtp_xtn_hdr_base_key_len + rtp_xtn_hdr_salt_len)); >+ xtn_hdr_kdf = &tmp_kdf; > >- return srtp_err_status_ok; >-} >+/* initialize KDF state */ >+#if defined(OPENSSL) && defined(OPENSSL_KDF) >+ stat = >+ srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, >+ rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); >+#else >+ stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, >+ kdf_keylen); >+#endif >+ octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } >+ } else { >+ /* Reuse main KDF. */ >+ rtp_xtn_hdr_keylen = rtp_keylen; >+ rtp_xtn_hdr_base_key_len = rtp_base_key_len; >+ rtp_xtn_hdr_salt_len = rtp_salt_len; >+ xtn_hdr_kdf = &kdf; >+ } > >-srtp_err_status_t >-srtp_stream_init(srtp_stream_ctx_t *srtp, >- const srtp_policy_t *p) { >- srtp_err_status_t err; >+ stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_encryption, >+ tmp_key, rtp_xtn_hdr_base_key_len); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } >+ debug_print( >+ mod_srtp, "extensions cipher key: %s", >+ srtp_octet_string_hex_string(tmp_key, rtp_xtn_hdr_base_key_len)); > >- debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)", >- p->ssrc.value); >+ /* >+ * if the cipher in the srtp context uses a salt, then we need >+ * to generate the salt value >+ */ >+ if (rtp_xtn_hdr_salt_len > 0) { >+ debug_print(mod_srtp, >+ "found rtp_xtn_hdr_salt_len > 0, generating salt", >+ NULL); >+ >+ /* generate encryption salt, put after encryption key */ >+ stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_salt, >+ tmp_key + rtp_xtn_hdr_base_key_len, >+ rtp_xtn_hdr_salt_len); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } >+ } >+ if (rtp_xtn_hdr_salt_len > 0) { >+ debug_print( >+ mod_srtp, "extensions cipher salt: %s", >+ srtp_octet_string_hex_string(tmp_key + rtp_xtn_hdr_base_key_len, >+ rtp_xtn_hdr_salt_len)); >+ } > >- /* initialize replay database */ >- /* window size MUST be at least 64. MAY be larger. Values more than >- * 2^15 aren't meaningful due to how extended sequence numbers are >- * calculated. Let a window size of 0 imply the default value. */ >+ /* initialize extensions header cipher */ >+ stat = srtp_cipher_init(session_keys->rtp_xtn_hdr_cipher, tmp_key); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } > >- if (p->window_size != 0 && (p->window_size < 64 || p->window_size >= 0x8000)) >- return srtp_err_status_bad_param; >+ if (xtn_hdr_kdf != &kdf) { >+ /* release memory for custom header extension encryption kdf */ >+ stat = srtp_kdf_clear(xtn_hdr_kdf); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } >+ } >+ } > >- if (p->window_size != 0) >- err = srtp_rdbx_init(&srtp->rtp_rdbx, p->window_size); >- else >- err = srtp_rdbx_init(&srtp->rtp_rdbx, 128); >- if (err) return err; >+ /* generate authentication key */ >+ stat = srtp_kdf_generate(&kdf, label_rtp_msg_auth, tmp_key, >+ srtp_auth_get_key_length(session_keys->rtp_auth)); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } >+ debug_print(mod_srtp, "auth key: %s", >+ srtp_octet_string_hex_string( >+ tmp_key, srtp_auth_get_key_length(session_keys->rtp_auth))); > >- /* set the SSRC value */ >- srtp->ssrc = htonl(p->ssrc.value); >+ /* initialize auth function */ >+ stat = srtp_auth_init(session_keys->rtp_auth, tmp_key); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } > >- /* reset pending ROC */ >- srtp->pending_roc = 0; >+ /* >+ * ...now initialize SRTCP keys >+ */ > >- /* set the security service flags */ >- srtp->rtp_services = p->rtp.sec_serv; >- srtp->rtcp_services = p->rtcp.sec_serv; >+ rtcp_base_key_len = >+ base_key_length(session_keys->rtcp_cipher->type, rtcp_keylen); >+ rtcp_salt_len = rtcp_keylen - rtcp_base_key_len; >+ debug_print(mod_srtp, "rtcp salt len: %d", rtcp_salt_len); > >- /* >- * set direction to unknown - this flag gets checked in srtp_protect(), >- * srtp_unprotect(), srtp_protect_rtcp(), and srtp_unprotect_rtcp(), and >- * gets set appropriately if it is set to unknown. >- */ >- srtp->direction = dir_unknown; >- >- /* initialize SRTCP replay database */ >- srtp_rdb_init(&srtp->rtcp_rdb); >- >- /* initialize allow_repeat_tx */ >- /* guard against uninitialized memory: allow only 0 or 1 here */ >- if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) { >- srtp_rdbx_dealloc(&srtp->rtp_rdbx); >- return srtp_err_status_bad_param; >- } >- srtp->allow_repeat_tx = p->allow_repeat_tx; >- >- /* DAM - no RTCP key limit at present */ >- >- /* initialize keys */ >- err = srtp_stream_init_all_master_keys(srtp, p->key, p->keys, p->num_master_keys); >- if (err) { >- srtp_rdbx_dealloc(&srtp->rtp_rdbx); >- return err; >- } >- >- /* >- * if EKT is in use, then initialize the EKT data associated with >- * the stream >- */ >- err = srtp_ekt_stream_init_from_policy(srtp->ekt, p->ekt); >- if (err) { >- srtp_rdbx_dealloc(&srtp->rtp_rdbx); >- return err; >- } >- >- return srtp_err_status_ok; >- } >- >- >- /* >- * srtp_event_reporter is an event handler function that merely >- * reports the events that are reported by the callbacks >- */ >- >- void >- srtp_event_reporter(srtp_event_data_t *data) { >- >- srtp_err_report(srtp_err_level_warning, "srtp: in stream 0x%x: ", >- data->ssrc); >- >- switch(data->event) { >- case event_ssrc_collision: >- srtp_err_report(srtp_err_level_warning, "\tSSRC collision\n"); >- break; >- case event_key_soft_limit: >- srtp_err_report(srtp_err_level_warning, "\tkey usage soft limit reached\n"); >- break; >- case event_key_hard_limit: >- srtp_err_report(srtp_err_level_warning, "\tkey usage hard limit reached\n"); >- break; >- case event_packet_index_limit: >- srtp_err_report(srtp_err_level_warning, "\tpacket index limit reached\n"); >- break; >- default: >- srtp_err_report(srtp_err_level_warning, "\tunknown event reported to handler\n"); >- } >- } >- >- /* >- * srtp_event_handler is a global variable holding a pointer to the >- * event handler function; this function is called for any unexpected >- * event that needs to be handled out of the SRTP data path. see >- * srtp_event_t in srtp.h for more info >- * >- * it is okay to set srtp_event_handler to NULL, but we set >- * it to the srtp_event_reporter. >- */ >- >- static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter; >- >- srtp_err_status_t >- srtp_install_event_handler(srtp_event_handler_func_t func) { >- >- /* >- * note that we accept NULL arguments intentionally - calling this >- * function with a NULL arguments removes an event handler that's >- * been previously installed >- */ >+ /* generate encryption key */ >+ stat = srtp_kdf_generate(&kdf, label_rtcp_encryption, tmp_key, >+ rtcp_base_key_len); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } > >- /* set global event handling function */ >- srtp_event_handler = func; >- return srtp_err_status_ok; >- } >+ /* >+ * if the cipher in the srtp context uses a salt, then we need >+ * to generate the salt value >+ */ >+ if (rtcp_salt_len > 0) { >+ debug_print(mod_srtp, "found rtcp_salt_len > 0, generating rtcp salt", >+ NULL); >+ >+ /* generate encryption salt, put after encryption key */ >+ stat = srtp_kdf_generate(&kdf, label_rtcp_salt, >+ tmp_key + rtcp_base_key_len, rtcp_salt_len); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } >+ memcpy(session_keys->c_salt, tmp_key + rtcp_base_key_len, >+ SRTP_AEAD_SALT_LEN); >+ } >+ debug_print(mod_srtp, "rtcp cipher key: %s", >+ srtp_octet_string_hex_string(tmp_key, rtcp_base_key_len)); >+ if (rtcp_salt_len > 0) { >+ debug_print(mod_srtp, "rtcp cipher salt: %s", >+ srtp_octet_string_hex_string(tmp_key + rtcp_base_key_len, >+ rtcp_salt_len)); >+ } > >+ /* initialize cipher */ >+ stat = srtp_cipher_init(session_keys->rtcp_cipher, tmp_key); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } > >-/* >- * Check if the given extension header id is / should be encrypted. >- * Returns 1 if yes, otherwise 0. >- */ >-static int >-srtp_protect_extension_header(srtp_stream_ctx_t *stream, int id) { >- int* enc_xtn_hdr = stream->enc_xtn_hdr; >- int count = stream->enc_xtn_hdr_count; >+ /* generate authentication key */ >+ stat = srtp_kdf_generate(&kdf, label_rtcp_msg_auth, tmp_key, >+ srtp_auth_get_key_length(session_keys->rtcp_auth)); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; >+ } > >- if (!enc_xtn_hdr || count <= 0) { >- return 0; >- } >+ debug_print( >+ mod_srtp, "rtcp auth key: %s", >+ srtp_octet_string_hex_string( >+ tmp_key, srtp_auth_get_key_length(session_keys->rtcp_auth))); > >- while (count > 0) { >- if (*enc_xtn_hdr == id) { >- return 1; >+ /* initialize auth function */ >+ stat = srtp_auth_init(session_keys->rtcp_auth, tmp_key); >+ if (stat) { >+ /* zeroize temp buffer */ >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ return srtp_err_status_init_fail; > } > >- enc_xtn_hdr++; >- count--; >- } >- return 0; >+ /* clear memory then return */ >+ stat = srtp_kdf_clear(&kdf); >+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); >+ if (stat) >+ return srtp_err_status_init_fail; >+ >+ return srtp_err_status_ok; > } > >+srtp_err_status_t srtp_stream_init(srtp_stream_ctx_t *srtp, >+ const srtp_policy_t *p) >+{ >+ srtp_err_status_t err; >+ >+ debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)", p->ssrc.value); >+ >+ /* initialize replay database */ >+ /* >+ * window size MUST be at least 64. MAY be larger. Values more than >+ * 2^15 aren't meaningful due to how extended sequence numbers are >+ * calculated. >+ * Let a window size of 0 imply the default value. >+ */ >+ >+ if (p->window_size != 0 && >+ (p->window_size < 64 || p->window_size >= 0x8000)) >+ return srtp_err_status_bad_param; >+ >+ if (p->window_size != 0) >+ err = srtp_rdbx_init(&srtp->rtp_rdbx, p->window_size); >+ else >+ err = srtp_rdbx_init(&srtp->rtp_rdbx, 128); >+ if (err) >+ return err; >+ >+ /* set the SSRC value */ >+ srtp->ssrc = htonl(p->ssrc.value); >+ >+ /* reset pending ROC */ >+ srtp->pending_roc = 0; >+ >+ /* set the security service flags */ >+ srtp->rtp_services = p->rtp.sec_serv; >+ srtp->rtcp_services = p->rtcp.sec_serv; >+ >+ /* >+ * set direction to unknown - this flag gets checked in srtp_protect(), >+ * srtp_unprotect(), srtp_protect_rtcp(), and srtp_unprotect_rtcp(), and >+ * gets set appropriately if it is set to unknown. >+ */ >+ srtp->direction = dir_unknown; >+ >+ /* initialize SRTCP replay database */ >+ srtp_rdb_init(&srtp->rtcp_rdb); >+ >+ /* initialize allow_repeat_tx */ >+ /* guard against uninitialized memory: allow only 0 or 1 here */ >+ if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) { >+ srtp_rdbx_dealloc(&srtp->rtp_rdbx); >+ return srtp_err_status_bad_param; >+ } >+ srtp->allow_repeat_tx = p->allow_repeat_tx; >+ >+ /* DAM - no RTCP key limit at present */ >+ >+ /* initialize keys */ >+ err = srtp_stream_init_all_master_keys(srtp, p->key, p->keys, >+ p->num_master_keys); >+ if (err) { >+ srtp_rdbx_dealloc(&srtp->rtp_rdbx); >+ return err; >+ } >+ >+ /* >+ * if EKT is in use, then initialize the EKT data associated with >+ * the stream >+ */ >+ err = srtp_ekt_stream_init_from_policy(srtp->ekt, p->ekt); >+ if (err) { >+ srtp_rdbx_dealloc(&srtp->rtp_rdbx); >+ return err; >+ } >+ >+ return srtp_err_status_ok; >+} > > /* >- * extensions header encryption RFC 6904 >+ * srtp_event_reporter is an event handler function that merely >+ * reports the events that are reported by the callbacks > */ >-static srtp_err_status_t >-srtp_process_header_encryption(srtp_stream_ctx_t *stream, >- srtp_hdr_xtnd_t *xtn_hdr, >- srtp_session_keys_t *session_keys) { >- srtp_err_status_t status; >- uint8_t keystream[257]; /* Maximum 2 bytes header + 255 bytes data. */ >- int keystream_pos; >- uint8_t* xtn_hdr_data = ((uint8_t *)xtn_hdr) + octets_in_rtp_extn_hdr; >- uint8_t* xtn_hdr_end = xtn_hdr_data + (ntohs(xtn_hdr->length) * sizeof(uint32_t)); >- >- if (ntohs(xtn_hdr->profile_specific) == 0xbede) { >- /* RFC 5285, section 4.2. One-Byte Header */ >- while (xtn_hdr_data < xtn_hdr_end) { >- uint8_t xid = (*xtn_hdr_data & 0xf0) >> 4; >- unsigned int xlen = (*xtn_hdr_data & 0x0f) + 1; >- uint32_t xlen_with_header = 1+xlen; >- xtn_hdr_data++; >- >- if (xtn_hdr_data + xlen > xtn_hdr_end) >- return srtp_err_status_parse_err; > >- if (xid == 15) { >- /* found header 15, stop further processing. */ >+void srtp_event_reporter(srtp_event_data_t *data) >+{ >+ srtp_err_report(srtp_err_level_warning, "srtp: in stream 0x%x: ", >+ data->ssrc); >+ >+ switch (data->event) { >+ case event_ssrc_collision: >+ srtp_err_report(srtp_err_level_warning, "\tSSRC collision\n"); >+ break; >+ case event_key_soft_limit: >+ srtp_err_report(srtp_err_level_warning, >+ "\tkey usage soft limit reached\n"); >+ break; >+ case event_key_hard_limit: >+ srtp_err_report(srtp_err_level_warning, >+ "\tkey usage hard limit reached\n"); > break; >- } >+ case event_packet_index_limit: >+ srtp_err_report(srtp_err_level_warning, >+ "\tpacket index limit reached\n"); >+ break; >+ default: >+ srtp_err_report(srtp_err_level_warning, >+ "\tunknown event reported to handler\n"); >+ } >+} > >- status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher, >- keystream, &xlen_with_header); >- if (status) >- return srtp_err_status_cipher_fail; >+/* >+ * srtp_event_handler is a global variable holding a pointer to the >+ * event handler function; this function is called for any unexpected >+ * event that needs to be handled out of the SRTP data path. see >+ * srtp_event_t in srtp.h for more info >+ * >+ * it is okay to set srtp_event_handler to NULL, but we set >+ * it to the srtp_event_reporter. >+ */ >+ >+static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter; >+ >+srtp_err_status_t srtp_install_event_handler(srtp_event_handler_func_t func) >+{ >+ /* >+ * note that we accept NULL arguments intentionally - calling this >+ * function with a NULL arguments removes an event handler that's >+ * been previously installed >+ */ >+ >+ /* set global event handling function */ >+ srtp_event_handler = func; >+ return srtp_err_status_ok; >+} >+ >+/* >+ * Check if the given extension header id is / should be encrypted. >+ * Returns 1 if yes, otherwise 0. >+ */ >+static int srtp_protect_extension_header(srtp_stream_ctx_t *stream, int id) >+{ >+ int *enc_xtn_hdr = stream->enc_xtn_hdr; >+ int count = stream->enc_xtn_hdr_count; > >- if (srtp_protect_extension_header(stream, xid)) { >- keystream_pos = 1; >- while (xlen > 0) { >- *xtn_hdr_data ^= keystream[keystream_pos++]; >- xtn_hdr_data++; >- xlen--; >+ if (!enc_xtn_hdr || count <= 0) { >+ return 0; >+ } >+ >+ while (count > 0) { >+ if (*enc_xtn_hdr == id) { >+ return 1; > } >- } else { >- xtn_hdr_data += xlen; >- } >- >- /* skip padding bytes. */ >- while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { >- xtn_hdr_data++; >- } >- } >- } else if ((ntohs(xtn_hdr->profile_specific) & 0x1fff) == 0x100) { >- /* RFC 5285, section 4.3. Two-Byte Header */ >- while (xtn_hdr_data + 1 < xtn_hdr_end) { >- uint8_t xid = *xtn_hdr_data; >- unsigned int xlen = *(xtn_hdr_data+1); >- uint32_t xlen_with_header = 2+xlen; >- xtn_hdr_data += 2; >- >- if (xtn_hdr_data + xlen > xtn_hdr_end) >- return srtp_err_status_parse_err; > >- status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher, >- keystream, &xlen_with_header); >- if (status) >- return srtp_err_status_cipher_fail; >+ enc_xtn_hdr++; >+ count--; >+ } >+ return 0; >+} >+ >+/* >+ * extensions header encryption RFC 6904 >+ */ >+static srtp_err_status_t srtp_process_header_encryption( >+ srtp_stream_ctx_t *stream, >+ srtp_hdr_xtnd_t *xtn_hdr, >+ srtp_session_keys_t *session_keys) >+{ >+ srtp_err_status_t status; >+ uint8_t keystream[257]; /* Maximum 2 bytes header + 255 bytes data. */ >+ int keystream_pos; >+ uint8_t *xtn_hdr_data = ((uint8_t *)xtn_hdr) + octets_in_rtp_extn_hdr; >+ uint8_t *xtn_hdr_end = >+ xtn_hdr_data + (ntohs(xtn_hdr->length) * sizeof(uint32_t)); >+ >+ if (ntohs(xtn_hdr->profile_specific) == 0xbede) { >+ /* RFC 5285, section 4.2. One-Byte Header */ >+ while (xtn_hdr_data < xtn_hdr_end) { >+ uint8_t xid = (*xtn_hdr_data & 0xf0) >> 4; >+ unsigned int xlen = (*xtn_hdr_data & 0x0f) + 1; >+ uint32_t xlen_with_header = 1 + xlen; >+ xtn_hdr_data++; >+ >+ if (xtn_hdr_data + xlen > xtn_hdr_end) >+ return srtp_err_status_parse_err; >+ >+ if (xid == 15) { >+ /* found header 15, stop further processing. */ >+ break; >+ } >+ >+ status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher, >+ keystream, &xlen_with_header); >+ if (status) >+ return srtp_err_status_cipher_fail; >+ >+ if (srtp_protect_extension_header(stream, xid)) { >+ keystream_pos = 1; >+ while (xlen > 0) { >+ *xtn_hdr_data ^= keystream[keystream_pos++]; >+ xtn_hdr_data++; >+ xlen--; >+ } >+ } else { >+ xtn_hdr_data += xlen; >+ } > >- if (xlen > 0 && srtp_protect_extension_header(stream, xid)) { >- keystream_pos = 2; >- while (xlen > 0) { >- *xtn_hdr_data ^= keystream[keystream_pos++]; >- xtn_hdr_data++; >- xlen--; >+ /* skip padding bytes. */ >+ while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { >+ xtn_hdr_data++; >+ } > } >- } else { >- xtn_hdr_data += xlen; >- } >+ } else if ((ntohs(xtn_hdr->profile_specific) & 0x1fff) == 0x100) { >+ /* RFC 5285, section 4.3. Two-Byte Header */ >+ while (xtn_hdr_data + 1 < xtn_hdr_end) { >+ uint8_t xid = *xtn_hdr_data; >+ unsigned int xlen = *(xtn_hdr_data + 1); >+ uint32_t xlen_with_header = 2 + xlen; >+ xtn_hdr_data += 2; >+ >+ if (xtn_hdr_data + xlen > xtn_hdr_end) >+ return srtp_err_status_parse_err; >+ >+ status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher, >+ keystream, &xlen_with_header); >+ if (status) >+ return srtp_err_status_cipher_fail; >+ >+ if (xlen > 0 && srtp_protect_extension_header(stream, xid)) { >+ keystream_pos = 2; >+ while (xlen > 0) { >+ *xtn_hdr_data ^= keystream[keystream_pos++]; >+ xtn_hdr_data++; >+ xlen--; >+ } >+ } else { >+ xtn_hdr_data += xlen; >+ } > >- /* skip padding bytes. */ >- while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { >- xtn_hdr_data++; >- } >+ /* skip padding bytes. */ >+ while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { >+ xtn_hdr_data++; >+ } >+ } >+ } else { >+ /* unsupported extension header format. */ >+ return srtp_err_status_parse_err; > } >- } else { >- /* unsupported extension header format. */ >- return srtp_err_status_parse_err; >- } > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >- > /* > * AEAD uses a new IV formation method. This function implements > * section 8.1. (SRTP IV Formation for AES-GCM) of RFC7714. >@@ -1464,7 +1483,7 @@ srtp_process_header_encryption(srtp_stream_ctx_t *stream, > * +--+--+--+--+--+--+--+--+--+--+--+--+* > * > * Input: *session_keys - pointer to SRTP stream context session keys, >- * used to retrieve the SALT >+ * used to retrieve the SALT > * *iv - Pointer to receive the calculated IV > * *seq - The ROC and SEQ value to use for the > * IV calculation. >@@ -1472,19 +1491,20 @@ srtp_process_header_encryption(srtp_stream_ctx_t *stream, > * > */ > >-static void srtp_calc_aead_iv(srtp_session_keys_t *session_keys, v128_t *iv, >- srtp_xtd_seq_num_t *seq, srtp_hdr_t *hdr) >+static void srtp_calc_aead_iv(srtp_session_keys_t *session_keys, >+ v128_t *iv, >+ srtp_xtd_seq_num_t *seq, >+ srtp_hdr_t *hdr) > { >- v128_t in; >- v128_t salt; >+ v128_t in; >+ v128_t salt; > > #ifdef NO_64BIT_MATH >- uint32_t local_roc = ((high32(*seq) << 16) | >- (low32(*seq) >> 16)); >- uint16_t local_seq = (uint16_t) (low32(*seq)); >+ uint32_t local_roc = ((high32(*seq) << 16) | (low32(*seq) >> 16)); >+ uint16_t local_seq = (uint16_t)(low32(*seq)); > #else > uint32_t local_roc = (uint32_t)(*seq >> 16); >- uint16_t local_seq = (uint16_t) *seq; >+ uint16_t local_seq = (uint16_t)*seq; > #endif > > memset(&in, 0, sizeof(v128_t)); >@@ -1512,149 +1532,145 @@ static void srtp_calc_aead_iv(srtp_session_keys_t *session_keys, v128_t *iv, > v128_xor(iv, &in, &salt); > } > >+srtp_session_keys_t *srtp_get_session_keys(srtp_stream_ctx_t *stream, >+ uint8_t *hdr, >+ const unsigned int *pkt_octet_len, >+ unsigned int *mki_size) >+{ >+ unsigned int base_mki_start_location = *pkt_octet_len; >+ unsigned int mki_start_location = 0; >+ unsigned int tag_len = 0; >+ unsigned int i = 0; >+ >+ // Determine the authentication tag size >+ if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 || >+ stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) { >+ tag_len = 0; >+ } else { >+ tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth); >+ } >+ >+ if (tag_len > base_mki_start_location) { >+ *mki_size = 0; >+ return NULL; >+ } >+ >+ base_mki_start_location -= tag_len; >+ >+ for (i = 0; i < stream->num_master_keys; i++) { >+ if (stream->session_keys[i].mki_size != 0 && >+ stream->session_keys[i].mki_size <= base_mki_start_location) { >+ *mki_size = stream->session_keys[i].mki_size; >+ mki_start_location = base_mki_start_location - *mki_size; >+ >+ if (memcmp(hdr + mki_start_location, stream->session_keys[i].mki_id, >+ *mki_size) == 0) { >+ return &stream->session_keys[i]; >+ } >+ } >+ } > >-srtp_session_keys_t* >-srtp_get_session_keys(srtp_stream_ctx_t *stream, uint8_t* hdr, >- const unsigned int* pkt_octet_len, >- unsigned int* mki_size) { >- unsigned int base_mki_start_location = *pkt_octet_len; >- unsigned int mki_start_location = 0; >- unsigned int tag_len = 0; >- unsigned int i = 0; >- >- // Determine the authentication tag size >- if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 || >- stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) { >- tag_len = 0; >- } else { >- tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth); >- } >- >- if (tag_len > base_mki_start_location) { >- *mki_size = 0; >- return NULL; >- } >- >- base_mki_start_location -= tag_len; >- >- for (i = 0; i < stream->num_master_keys; i++) { >- if (stream->session_keys[i].mki_size != 0) { >- *mki_size = stream->session_keys[i].mki_size; >- mki_start_location = base_mki_start_location - *mki_size; >- >- if ( mki_start_location >= *mki_size && >- memcmp(hdr + mki_start_location, stream->session_keys[i].mki_id, *mki_size) == 0 ) { >- return &stream->session_keys[i]; >- } >- } >- } >- >- *mki_size = 0; >- return NULL; >+ *mki_size = 0; >+ return NULL; > } > >-static srtp_err_status_t >-srtp_estimate_index(srtp_rdbx_t *rdbx, >- uint32_t roc, >- srtp_xtd_seq_num_t *est, >- srtp_sequence_number_t seq, >- int *delta) >+static srtp_err_status_t srtp_estimate_index(srtp_rdbx_t *rdbx, >+ uint32_t roc, >+ srtp_xtd_seq_num_t *est, >+ srtp_sequence_number_t seq, >+ int *delta) > { > #ifdef NO_64BIT_MATH >- uint32_t internal_pkt_idx_reduced; >- uint32_t external_pkt_idx_reduced; >- uint32_t internal_roc; >- uint32_t roc_difference; >+ uint32_t internal_pkt_idx_reduced; >+ uint32_t external_pkt_idx_reduced; >+ uint32_t internal_roc; >+ uint32_t roc_difference; > #endif > > #ifdef NO_64BIT_MATH >- *est = (srtp_xtd_seq_num_t)make64(roc >> 16, (roc << 16) | seq); >- *delta = low32(est) - rdbx->index; >+ *est = (srtp_xtd_seq_num_t)make64(roc >> 16, (roc << 16) | seq); >+ *delta = low32(est) - rdbx->index; > #else >- *est = (srtp_xtd_seq_num_t)(((uint64_t)roc) << 16) | seq; >- *delta = (int)(*est - rdbx->index); >+ *est = (srtp_xtd_seq_num_t)(((uint64_t)roc) << 16) | seq; >+ *delta = (int)(*est - rdbx->index); > #endif > >- if (*est > rdbx->index) { >+ if (*est > rdbx->index) { > #ifdef NO_64BIT_MATH >- internal_roc = (uint32_t)(rdbx->index >> 16); >- roc_difference = roc - internal_roc; >- if (roc_difference > 1) { >- *delta = 0; >- return srtp_err_status_pkt_idx_adv; >- } >+ internal_roc = (uint32_t)(rdbx->index >> 16); >+ roc_difference = roc - internal_roc; >+ if (roc_difference > 1) { >+ *delta = 0; >+ return srtp_err_status_pkt_idx_adv; >+ } > >- internal_pkt_idx_reduced = (uint32_t)(rdbx->index & 0xFFFF); >- external_pkt_idx_reduced = (uint32_t)((roc_difference << 16) | seq); >+ internal_pkt_idx_reduced = (uint32_t)(rdbx->index & 0xFFFF); >+ external_pkt_idx_reduced = (uint32_t)((roc_difference << 16) | seq); > >- if (external_pkt_idx_reduced - internal_pkt_idx_reduced > >- seq_num_median) { >- *delta = 0; >- return srtp_err_status_pkt_idx_adv; >- } >+ if (external_pkt_idx_reduced - internal_pkt_idx_reduced > >+ seq_num_median) { >+ *delta = 0; >+ return srtp_err_status_pkt_idx_adv; >+ } > #else >- if (*est - rdbx->index > seq_num_median) { >- *delta = 0; >- return srtp_err_status_pkt_idx_adv; >- } >+ if (*est - rdbx->index > seq_num_median) { >+ *delta = 0; >+ return srtp_err_status_pkt_idx_adv; >+ } > #endif >- } else if (*est < rdbx->index) { >+ } else if (*est < rdbx->index) { > #ifdef NO_64BIT_MATH > >- internal_roc = (uint32_t)(rdbx->index >> 16); >- roc_difference = internal_roc - roc; >- if (roc_difference > 1) { >- *delta = 0; >- return srtp_err_status_pkt_idx_adv; >- } >+ internal_roc = (uint32_t)(rdbx->index >> 16); >+ roc_difference = internal_roc - roc; >+ if (roc_difference > 1) { >+ *delta = 0; >+ return srtp_err_status_pkt_idx_adv; >+ } > >- internal_pkt_idx_reduced = >- (uint32_t)((roc_difference << 16) | rdbx->index & 0xFFFF); >- external_pkt_idx_reduced = (uint32_t)(seq); >+ internal_pkt_idx_reduced = >+ (uint32_t)((roc_difference << 16) | rdbx->index & 0xFFFF); >+ external_pkt_idx_reduced = (uint32_t)(seq); > >- if (internal_pkt_idx_reduced - external_pkt_idx_reduced > >- seq_num_median) { >- *delta = 0; >- return srtp_err_status_pkt_idx_old; >- } >+ if (internal_pkt_idx_reduced - external_pkt_idx_reduced > >+ seq_num_median) { >+ *delta = 0; >+ return srtp_err_status_pkt_idx_old; >+ } > #else >- if (rdbx->index - *est > seq_num_median) { >- *delta = 0; >- return srtp_err_status_pkt_idx_old; >- } >+ if (rdbx->index - *est > seq_num_median) { >+ *delta = 0; >+ return srtp_err_status_pkt_idx_old; >+ } > #endif >- } >+ } > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-static srtp_err_status_t >-srtp_get_est_pkt_index(srtp_hdr_t *hdr, >- srtp_stream_ctx_t *stream, >- srtp_xtd_seq_num_t *est, >- int *delta) >+static srtp_err_status_t srtp_get_est_pkt_index(srtp_hdr_t *hdr, >+ srtp_stream_ctx_t *stream, >+ srtp_xtd_seq_num_t *est, >+ int *delta) > { >- srtp_err_status_t result = srtp_err_status_ok; >- >- if (stream->pending_roc) { >- result = srtp_estimate_index(&stream->rtp_rdbx, >- stream->pending_roc, >- est, >- ntohs(hdr->seq), >- delta); >- } else { >- /* estimate packet index from seq. num. in header */ >- *delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, >- est, >- ntohs(hdr->seq)); >- } >+ srtp_err_status_t result = srtp_err_status_ok; >+ >+ if (stream->pending_roc) { >+ result = srtp_estimate_index(&stream->rtp_rdbx, stream->pending_roc, >+ est, ntohs(hdr->seq), delta); >+ } else { >+ /* estimate packet index from seq. num. in header */ >+ *delta = >+ srtp_rdbx_estimate_index(&stream->rtp_rdbx, est, ntohs(hdr->seq)); >+ } > > #ifdef NO_64BIT_MATH >- debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(*est), low32(*est)); >+ debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(*est), >+ low32(*est)); > #else >- debug_print(mod_srtp, "estimated u_packet index: %016llx", *est); >+ debug_print(mod_srtp, "estimated u_packet index: %016llx", *est); > #endif >- return result; >+ return result; > } > > /* >@@ -1662,16 +1678,18 @@ srtp_get_est_pkt_index(srtp_hdr_t *hdr, > * which currently supports AES-GCM encryption. All packets are > * encrypted and authenticated. > */ >-static srtp_err_status_t >-srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, >- void *rtp_hdr, unsigned int *pkt_octet_len, >- srtp_session_keys_t *session_keys, unsigned int use_mki) >+static srtp_err_status_t srtp_protect_aead(srtp_ctx_t *ctx, >+ srtp_stream_ctx_t *stream, >+ void *rtp_hdr, >+ unsigned int *pkt_octet_len, >+ srtp_session_keys_t *session_keys, >+ unsigned int use_mki) > { >- srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr; >- uint32_t *enc_start; /* pointer to start of encrypted portion */ >- int enc_octet_len = 0; /* number of octets in encrypted portion */ >- srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ >- int delta; /* delta of local pkt idx and that in hdr */ >+ srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; >+ uint32_t *enc_start; /* pointer to start of encrypted portion */ >+ int enc_octet_len = 0; /* number of octets in encrypted portion */ >+ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ >+ int delta; /* delta of local pkt idx and that in hdr */ > srtp_err_status_t status; > uint32_t tag_len; > v128_t iv; >@@ -1708,17 +1726,18 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, > * extension, if present; otherwise, it starts after the last csrc, > * if any are present > */ >- enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc; >- if (hdr->x == 1) { >- xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; >- enc_start += (ntohs(xtn_hdr->length) + 1); >- } >- /* note: the passed size is without the auth tag */ >- if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) >- return srtp_err_status_parse_err; >- enc_octet_len = (int)(*pkt_octet_len - >- ((uint8_t*)enc_start - (uint8_t*)hdr)); >- if (enc_octet_len < 0) return srtp_err_status_parse_err; >+ enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; >+ if (hdr->x == 1) { >+ xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; >+ enc_start += (ntohs(xtn_hdr->length) + 1); >+ } >+ /* note: the passed size is without the auth tag */ >+ if (!((uint8_t *)enc_start <= (uint8_t *)hdr + *pkt_octet_len)) >+ return srtp_err_status_parse_err; >+ enc_octet_len = >+ (int)(*pkt_octet_len - ((uint8_t *)enc_start - (uint8_t *)hdr)); >+ if (enc_octet_len < 0) >+ return srtp_err_status_parse_err; > > /* > * estimate the packet index using the start of the replay window >@@ -1727,16 +1746,16 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, > delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); > status = srtp_rdbx_check(&stream->rtp_rdbx, delta); > if (status) { >- if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) { >- return status; /* we've been asked to reuse an index */ >- } >+ if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) { >+ return status; /* we've been asked to reuse an index */ >+ } > } else { >- srtp_rdbx_add_index(&stream->rtp_rdbx, delta); >+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta); > } > > #ifdef NO_64BIT_MATH >- debug_print2(mod_srtp, "estimated packet index: %08x%08x", >- high32(est), low32(est)); >+ debug_print2(mod_srtp, "estimated packet index: %08x%08x", high32(est), >+ low32(est)); > #else > debug_print(mod_srtp, "estimated packet index: %016llx", est); > #endif >@@ -1745,50 +1764,50 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, > * AEAD uses a new IV formation method > */ > srtp_calc_aead_iv(session_keys, &iv, &est, hdr); >- /* shift est, put into network byte order */ >+/* shift est, put into network byte order */ > #ifdef NO_64BIT_MATH >- est = be64_to_cpu(make64((high32(est) << 16) | >- (low32(est) >> 16), >- low32(est) << 16)); >+ est = be64_to_cpu( >+ make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); > #else > est = be64_to_cpu(est << 16); > #endif > >- status = srtp_cipher_set_iv(session_keys->rtp_cipher, >- (uint8_t*)&iv, srtp_direction_encrypt); >+ status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv, >+ srtp_direction_encrypt); > if (!status && session_keys->rtp_xtn_hdr_cipher) { >- iv.v32[0] = 0; >- iv.v32[1] = hdr->ssrc; >- iv.v64[1] = est; >- status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, >- (uint8_t*)&iv, srtp_direction_encrypt); >+ iv.v32[0] = 0; >+ iv.v32[1] = hdr->ssrc; >+ iv.v64[1] = est; >+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, >+ (uint8_t *)&iv, srtp_direction_encrypt); > } > if (status) { > return srtp_err_status_cipher_fail; > } > > if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { >- /* >- * extensions header encryption RFC 6904 >- */ >- status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); >- if (status) { >- return status; >- } >+ /* >+ * extensions header encryption RFC 6904 >+ */ >+ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); >+ if (status) { >+ return status; >+ } > } > > /* >- * Set the AAD over the RTP header >+ * Set the AAD over the RTP header > */ > aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; >- status = srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t*)hdr, aad_len); >+ status = >+ srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t *)hdr, aad_len); > if (status) { >- return ( srtp_err_status_cipher_fail); >+ return (srtp_err_status_cipher_fail); > } > > /* Encrypt the payload */ >- status = srtp_cipher_encrypt(session_keys->rtp_cipher, >- (uint8_t*)enc_start, (unsigned int *)&enc_octet_len); >+ status = srtp_cipher_encrypt(session_keys->rtp_cipher, (uint8_t *)enc_start, >+ (unsigned int *)&enc_octet_len); > if (status) { > return srtp_err_status_cipher_fail; > } >@@ -1796,10 +1815,11 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, > * If we're doing GCM, we need to get the tag > * and append that to the output > */ >- status = srtp_cipher_get_tag(session_keys->rtp_cipher, >- (uint8_t*)enc_start+enc_octet_len, &tag_len); >+ status = >+ srtp_cipher_get_tag(session_keys->rtp_cipher, >+ (uint8_t *)enc_start + enc_octet_len, &tag_len); > if (status) { >- return ( srtp_err_status_cipher_fail); >+ return (srtp_err_status_cipher_fail); > } > > mki_location = (uint8_t *)hdr + *pkt_octet_len + tag_len; >@@ -1814,7 +1834,6 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, > return srtp_err_status_ok; > } > >- > /* > * This function handles incoming SRTP packets while in AEAD mode, > * which currently supports AES-GCM encryption. All packets are >@@ -1822,13 +1841,17 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, > * of the packet stream and is automatically checked by GCM > * when decrypting the payload. > */ >-static srtp_err_status_t >-srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, >- srtp_xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len, >- srtp_session_keys_t *session_keys, unsigned int mki_size) >+static srtp_err_status_t srtp_unprotect_aead(srtp_ctx_t *ctx, >+ srtp_stream_ctx_t *stream, >+ int delta, >+ srtp_xtd_seq_num_t est, >+ void *srtp_hdr, >+ unsigned int *pkt_octet_len, >+ srtp_session_keys_t *session_keys, >+ unsigned int mki_size) > { >- srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr; >- uint32_t *enc_start; /* pointer to start of encrypted portion */ >+ srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr; >+ uint32_t *enc_start; /* pointer to start of encrypted portion */ > unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ > v128_t iv; > srtp_err_status_t status; >@@ -1839,7 +1862,8 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, > debug_print(mod_srtp, "function srtp_unprotect_aead", NULL); > > #ifdef NO_64BIT_MATH >- debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est), low32(est)); >+ debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est), >+ low32(est)); > #else > debug_print(mod_srtp, "estimated u_packet index: %016llx", est); > #endif >@@ -1848,21 +1872,22 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, > tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); > > /* >- * AEAD uses a new IV formation method >+ * AEAD uses a new IV formation method > */ > srtp_calc_aead_iv(session_keys, &iv, &est, hdr); >- status = srtp_cipher_set_iv(session_keys->rtp_cipher, >- (uint8_t*)&iv, srtp_direction_decrypt); >+ status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv, >+ srtp_direction_decrypt); > if (!status && session_keys->rtp_xtn_hdr_cipher) { >- iv.v32[0] = 0; >- iv.v32[1] = hdr->ssrc; >+ iv.v32[0] = 0; >+ iv.v32[1] = hdr->ssrc; > #ifdef NO_64BIT_MATH >- iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), >- low32(est) << 16)); >+ iv.v64[1] = be64_to_cpu( >+ make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); > #else >- iv.v64[1] = be64_to_cpu(est << 16); >+ iv.v64[1] = be64_to_cpu(est << 16); > #endif >- status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); >+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, >+ (uint8_t *)&iv, srtp_direction_encrypt); > } > if (status) { > return srtp_err_status_cipher_fail; >@@ -1874,25 +1899,26 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, > * extension, if present; otherwise, it starts after the last csrc, > * if any are present > */ >- enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc; >+ enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; > if (hdr->x == 1) { >- xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; >+ xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; > enc_start += (ntohs(xtn_hdr->length) + 1); > } >- if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len - mki_size))) >+ if (!((uint8_t *)enc_start <= >+ (uint8_t *)hdr + (*pkt_octet_len - tag_len - mki_size))) > return srtp_err_status_parse_err; > /* >- * We pass the tag down to the cipher when doing GCM mode >+ * We pass the tag down to the cipher when doing GCM mode > */ > enc_octet_len = (unsigned int)(*pkt_octet_len - mki_size - >- ((uint8_t*)enc_start - (uint8_t*)hdr)); >+ ((uint8_t *)enc_start - (uint8_t *)hdr)); > > /* > * Sanity check the encrypted payload length against > * the tag size. It must always be at least as large > * as the tag length. > */ >- if (enc_octet_len < (unsigned int) tag_len) { >+ if (enc_octet_len < (unsigned int)tag_len) { > return srtp_err_status_cipher_fail; > } > >@@ -1918,27 +1944,28 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, > * Set the AAD for AES-GCM, which is the RTP header > */ > aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; >- status = srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t*)hdr, aad_len); >+ status = >+ srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t *)hdr, aad_len); > if (status) { >- return ( srtp_err_status_cipher_fail); >+ return (srtp_err_status_cipher_fail); > } > > /* Decrypt the ciphertext. This also checks the auth tag based > * on the AAD we just specified above */ >- status = srtp_cipher_decrypt(session_keys->rtp_cipher, >- (uint8_t*)enc_start, &enc_octet_len); >+ status = srtp_cipher_decrypt(session_keys->rtp_cipher, (uint8_t *)enc_start, >+ &enc_octet_len); > if (status) { > return status; > } > > if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { >- /* >- * extensions header encryption RFC 6904 >- */ >- status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); >- if (status) { >- return status; >- } >+ /* >+ * extensions header encryption RFC 6904 >+ */ >+ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); >+ if (status) { >+ return status; >+ } > } > > /* >@@ -1974,7 +2001,8 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, > * stream, and some implementations will want to not return > * failure here > */ >- status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); >+ status = >+ srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); > if (status) { > return status; > } >@@ -2002,724 +2030,730 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, > return srtp_err_status_ok; > } > >+srtp_err_status_t srtp_protect(srtp_ctx_t *ctx, >+ void *rtp_hdr, >+ int *pkt_octet_len) >+{ >+ return srtp_protect_mki(ctx, rtp_hdr, pkt_octet_len, 0, 0); >+} > >- srtp_err_status_t >- srtp_protect(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len) { >- return srtp_protect_mki(ctx, rtp_hdr, pkt_octet_len, 0, 0); >- } >- >-srtp_err_status_t >-srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len, >- unsigned int use_mki, unsigned int mki_index ) { >- srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; >- uint32_t *enc_start; /* pointer to start of encrypted portion */ >- uint32_t *auth_start; /* pointer to start of auth. portion */ >- int enc_octet_len = 0; /* number of octets in encrypted portion */ >- srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ >- int delta; /* delta of local pkt idx and that in hdr */ >- uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >- srtp_err_status_t status; >- int tag_len; >- srtp_stream_ctx_t *stream; >- uint32_t prefix_len; >- srtp_hdr_xtnd_t *xtn_hdr = NULL; >- unsigned int mki_size = 0; >- srtp_session_keys_t *session_keys = NULL; >- uint8_t* mki_location = NULL; >- int advance_packet_index = 0; >- >- debug_print(mod_srtp, "function srtp_protect", NULL); >- >- /* we assume the hdr is 32-bit aligned to start */ >- >- /* Verify RTP header */ >- status = srtp_validate_rtp_header(rtp_hdr, pkt_octet_len); >- if (status) >- return status; >- >- /* check the packet length - it must at least contain a full header */ >- if (*pkt_octet_len < octets_in_rtp_header) >- return srtp_err_status_bad_param; >+srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, >+ void *rtp_hdr, >+ int *pkt_octet_len, >+ unsigned int use_mki, >+ unsigned int mki_index) >+{ >+ srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; >+ uint32_t *enc_start; /* pointer to start of encrypted portion */ >+ uint32_t *auth_start; /* pointer to start of auth. portion */ >+ int enc_octet_len = 0; /* number of octets in encrypted portion */ >+ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ >+ int delta; /* delta of local pkt idx and that in hdr */ >+ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >+ srtp_err_status_t status; >+ int tag_len; >+ srtp_stream_ctx_t *stream; >+ uint32_t prefix_len; >+ srtp_hdr_xtnd_t *xtn_hdr = NULL; >+ unsigned int mki_size = 0; >+ srtp_session_keys_t *session_keys = NULL; >+ uint8_t *mki_location = NULL; >+ int advance_packet_index = 0; > >- /* >- * look up ssrc in srtp_stream list, and process the packet with >- * the appropriate stream. if we haven't seen this stream before, >- * there's a template key for this srtp_session, and the cipher >- * supports key-sharing, then we assume that a new stream using >- * that key has just started up >- */ >- stream = srtp_get_stream(ctx, hdr->ssrc); >- if (stream == NULL) { >- if (ctx->stream_template != NULL) { >- srtp_stream_ctx_t *new_stream; >- >- /* allocate and initialize a new stream */ >- status = srtp_stream_clone(ctx->stream_template, >- hdr->ssrc, &new_stream); >- if (status) >- return status; >- >- /* add new stream to the head of the stream_list */ >- new_stream->next = ctx->stream_list; >- ctx->stream_list = new_stream; >- >- /* set direction to outbound */ >- new_stream->direction = dir_srtp_sender; >- >- /* set stream (the pointer used in this function) */ >- stream = new_stream; >- } else { >- /* no template stream, so we return an error */ >- return srtp_err_status_no_ctx; >- } >- } >- >- /* >- * verify that stream is for sending traffic - this check will >- * detect SSRC collisions, since a stream that appears in both >- * srtp_protect() and srtp_unprotect() will fail this test in one of >- * those functions. >- */ >+ debug_print(mod_srtp, "function srtp_protect", NULL); > >- if (stream->direction != dir_srtp_sender) { >- if (stream->direction == dir_unknown) { >- stream->direction = dir_srtp_sender; >- } else { >- srtp_handle_event(ctx, stream, event_ssrc_collision); >- } >- } >+ /* we assume the hdr is 32-bit aligned to start */ > >- session_keys = srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index); >+ /* Verify RTP header */ >+ status = srtp_validate_rtp_header(rtp_hdr, pkt_octet_len); >+ if (status) >+ return status; > >- /* >- * Check if this is an AEAD stream (GCM mode). If so, then dispatch >- * the request to our AEAD handler. >- */ >- if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || >- session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { >- return srtp_protect_aead(ctx, stream, rtp_hdr, >- (unsigned int*)pkt_octet_len, session_keys, >- use_mki); >- } >- >- /* >- * update the key usage limit, and check it to make sure that we >- * didn't just hit either the soft limit or the hard limit, and call >- * the event handler if we hit either. >- */ >- switch(srtp_key_limit_update(session_keys->limit)) { >- case srtp_key_event_normal: >- break; >- case srtp_key_event_soft_limit: >- srtp_handle_event(ctx, stream, event_key_soft_limit); >- break; >- case srtp_key_event_hard_limit: >- srtp_handle_event(ctx, stream, event_key_hard_limit); >- return srtp_err_status_key_expired; >- default: >- break; >- } >- >- /* get tag length from stream */ >- tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); >- >- /* >- * find starting point for encryption and length of data to be >- * encrypted - the encrypted portion starts after the rtp header >- * extension, if present; otherwise, it starts after the last csrc, >- * if any are present >- * >- * if we're not providing confidentiality, set enc_start to NULL >- */ >- if (stream->rtp_services & sec_serv_conf) { >- enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; >- if (hdr->x == 1) { >- xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; >- enc_start += (ntohs(xtn_hdr->length) + 1); >- } >- /* note: the passed size is without the auth tag */ >- if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) >- return srtp_err_status_parse_err; >- enc_octet_len = (int)(*pkt_octet_len - >- ((uint8_t*)enc_start - (uint8_t*)hdr)); >- if (enc_octet_len < 0) return srtp_err_status_parse_err; >- } else { >- enc_start = NULL; >- } >- >- mki_location = (uint8_t *)hdr + *pkt_octet_len; >- mki_size = srtp_inject_mki(mki_location, session_keys, use_mki); >- >- /* >- * if we're providing authentication, set the auth_start and auth_tag >- * pointers to the proper locations; otherwise, set auth_start to NULL >- * to indicate that no authentication is needed >- */ >- if (stream->rtp_services & sec_serv_auth) { >- auth_start = (uint32_t *)hdr; >- auth_tag = (uint8_t *)hdr + *pkt_octet_len + mki_size; >- } else { >- auth_start = NULL; >- auth_tag = NULL; >- } >- >- /* >- * estimate the packet index using the start of the replay window >- * and the sequence number from the header >- */ >- status = srtp_get_est_pkt_index(hdr, >- stream, >- &est, >- &delta); >- >- if (status && (status != srtp_err_status_pkt_idx_adv)) >- return status; >+ /* check the packet length - it must at least contain a full header */ >+ if (*pkt_octet_len < octets_in_rtp_header) >+ return srtp_err_status_bad_param; > >- if (status == srtp_err_status_pkt_idx_adv) >- advance_packet_index = 1; >+ /* >+ * look up ssrc in srtp_stream list, and process the packet with >+ * the appropriate stream. if we haven't seen this stream before, >+ * there's a template key for this srtp_session, and the cipher >+ * supports key-sharing, then we assume that a new stream using >+ * that key has just started up >+ */ >+ stream = srtp_get_stream(ctx, hdr->ssrc); >+ if (stream == NULL) { >+ if (ctx->stream_template != NULL) { >+ srtp_stream_ctx_t *new_stream; > >- if (advance_packet_index) { >- srtp_rdbx_set_roc_seq(&stream->rtp_rdbx, >- (uint32_t)(est >> 16), >- (uint16_t)(est & 0xFFFF)); >- stream->pending_roc = 0; >- srtp_rdbx_add_index(&stream->rtp_rdbx, 0); >- } else { >- status = srtp_rdbx_check(&stream->rtp_rdbx, delta); >- if (status) { >- if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) >- return status; /* we've been asked to reuse an index */ >- } >- srtp_rdbx_add_index(&stream->rtp_rdbx, delta); >- } >+ /* allocate and initialize a new stream */ >+ status = >+ srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); >+ if (status) >+ return status; > >-#ifdef NO_64BIT_MATH >- debug_print2(mod_srtp, "estimated packet index: %08x%08x", >- high32(est),low32(est)); >-#else >- debug_print(mod_srtp, "estimated packet index: %016llx", est); >-#endif >+ /* add new stream to the head of the stream_list */ >+ new_stream->next = ctx->stream_list; >+ ctx->stream_list = new_stream; > >- /* >- * if we're using rindael counter mode, set nonce and seq >- */ >- if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 || >- session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 || >- session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) { >- v128_t iv; >+ /* set direction to outbound */ >+ new_stream->direction = dir_srtp_sender; > >- iv.v32[0] = 0; >- iv.v32[1] = hdr->ssrc; >-#ifdef NO_64BIT_MATH >- iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), >- low32(est) << 16)); >-#else >- iv.v64[1] = be64_to_cpu(est << 16); >-#endif >- status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); >- if (!status && session_keys->rtp_xtn_hdr_cipher) { >- status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); >- } >- } else { >- v128_t iv; >- >- /* otherwise, set the index to est */ >-#ifdef NO_64BIT_MATH >- iv.v32[0] = 0; >- iv.v32[1] = 0; >-#else >- iv.v64[0] = 0; >-#endif >- iv.v64[1] = be64_to_cpu(est); >- status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); >- if (!status && session_keys->rtp_xtn_hdr_cipher) { >- status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); >- } >- } >- if (status) >- return srtp_err_status_cipher_fail; >- >- /* shift est, put into network byte order */ >-#ifdef NO_64BIT_MATH >- est = be64_to_cpu(make64((high32(est) << 16) | >- (low32(est) >> 16), >- low32(est) << 16)); >-#else >- est = be64_to_cpu(est << 16); >-#endif >- >- /* >- * if we're authenticating using a universal hash, put the keystream >- * prefix into the authentication tag >- */ >- if (auth_start) { >- >- prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth); >- if (prefix_len) { >- status = srtp_cipher_output(session_keys->rtp_cipher, auth_tag, &prefix_len); >- if (status) >- return srtp_err_status_cipher_fail; >- debug_print(mod_srtp, "keystream prefix: %s", >- srtp_octet_string_hex_string(auth_tag, prefix_len)); >+ /* set stream (the pointer used in this function) */ >+ stream = new_stream; >+ } else { >+ /* no template stream, so we return an error */ >+ return srtp_err_status_no_ctx; >+ } > } >- } > >- if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { > /* >- * extensions header encryption RFC 6904 >+ * verify that stream is for sending traffic - this check will >+ * detect SSRC collisions, since a stream that appears in both >+ * srtp_protect() and srtp_unprotect() will fail this test in one of >+ * those functions. > */ >- status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); >- if (status) { >- return status; >- } >- } >- >- /* if we're encrypting, exor keystream into the message */ >- if (enc_start) { >- status = srtp_cipher_encrypt(session_keys->rtp_cipher, >- (uint8_t *)enc_start, (unsigned int *)&enc_octet_len); >- if (status) >- return srtp_err_status_cipher_fail; >- } >- >- /* >- * if we're authenticating, run authentication function and put result >- * into the auth_tag >- */ >- if (auth_start) { >- >- /* initialize auth func context */ >- status = srtp_auth_start(session_keys->rtp_auth); >- if (status) return status; >- >- /* run auth func over packet */ >- status = srtp_auth_update(session_keys->rtp_auth, >- (uint8_t *)auth_start, *pkt_octet_len); >- if (status) return status; >- >- /* run auth func over ROC, put result into auth_tag */ >- debug_print(mod_srtp, "estimated packet index: %016llx", est); >- status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, auth_tag); >- debug_print(mod_srtp, "srtp auth tag: %s", >- srtp_octet_string_hex_string(auth_tag, tag_len)); >- if (status) >- return srtp_err_status_auth_fail; >- >- } > >- if (auth_tag) { >- >- /* increase the packet length by the length of the auth tag */ >- *pkt_octet_len += tag_len; >- } >- >- if (use_mki) { >- /* increate the packet length by the mki size */ >- *pkt_octet_len += mki_size; >- } >+ if (stream->direction != dir_srtp_sender) { >+ if (stream->direction == dir_unknown) { >+ stream->direction = dir_srtp_sender; >+ } else { >+ srtp_handle_event(ctx, stream, event_ssrc_collision); >+ } >+ } > >- return srtp_err_status_ok; >-} >+ session_keys = >+ srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index); > >+ if (session_keys == NULL) >+ return srtp_err_status_bad_mki; > >-srtp_err_status_t >-srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { >- return srtp_unprotect_mki(ctx, srtp_hdr, pkt_octet_len, 0); >-} >+ /* >+ * Check if this is an AEAD stream (GCM mode). If so, then dispatch >+ * the request to our AEAD handler. >+ */ >+ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || >+ session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { >+ return srtp_protect_aead(ctx, stream, rtp_hdr, >+ (unsigned int *)pkt_octet_len, session_keys, >+ use_mki); >+ } > >-srtp_err_status_t >-srtp_unprotect_mki(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len, >- unsigned int use_mki) { >- srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr; >- uint32_t *enc_start; /* pointer to start of encrypted portion */ >- uint32_t *auth_start; /* pointer to start of auth. portion */ >- unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ >- uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >- srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ >- int delta; /* delta of local pkt idx and that in hdr */ >- v128_t iv; >- srtp_err_status_t status; >- srtp_stream_ctx_t *stream; >- uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; >- uint32_t tag_len, prefix_len; >- srtp_hdr_xtnd_t *xtn_hdr = NULL; >- unsigned int mki_size = 0; >- srtp_session_keys_t *session_keys = NULL; >- int advance_packet_index = 0; >- uint32_t roc_to_set = 0; >- uint16_t seq_to_set = 0; >- >- debug_print(mod_srtp, "function srtp_unprotect", NULL); >- >- /* we assume the hdr is 32-bit aligned to start */ >- >- /* Verify RTP header */ >- status = srtp_validate_rtp_header(srtp_hdr, pkt_octet_len); >- if (status) >- return status; >+ /* >+ * update the key usage limit, and check it to make sure that we >+ * didn't just hit either the soft limit or the hard limit, and call >+ * the event handler if we hit either. >+ */ >+ switch (srtp_key_limit_update(session_keys->limit)) { >+ case srtp_key_event_normal: >+ break; >+ case srtp_key_event_soft_limit: >+ srtp_handle_event(ctx, stream, event_key_soft_limit); >+ break; >+ case srtp_key_event_hard_limit: >+ srtp_handle_event(ctx, stream, event_key_hard_limit); >+ return srtp_err_status_key_expired; >+ default: >+ break; >+ } >+ >+ /* get tag length from stream */ >+ tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); >+ >+ /* >+ * find starting point for encryption and length of data to be >+ * encrypted - the encrypted portion starts after the rtp header >+ * extension, if present; otherwise, it starts after the last csrc, >+ * if any are present >+ * >+ * if we're not providing confidentiality, set enc_start to NULL >+ */ >+ if (stream->rtp_services & sec_serv_conf) { >+ enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; >+ if (hdr->x == 1) { >+ xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; >+ enc_start += (ntohs(xtn_hdr->length) + 1); >+ } >+ /* note: the passed size is without the auth tag */ >+ if (!((uint8_t *)enc_start <= (uint8_t *)hdr + *pkt_octet_len)) >+ return srtp_err_status_parse_err; >+ enc_octet_len = >+ (int)(*pkt_octet_len - ((uint8_t *)enc_start - (uint8_t *)hdr)); >+ if (enc_octet_len < 0) >+ return srtp_err_status_parse_err; >+ } else { >+ enc_start = NULL; >+ } >+ >+ mki_location = (uint8_t *)hdr + *pkt_octet_len; >+ mki_size = srtp_inject_mki(mki_location, session_keys, use_mki); >+ >+ /* >+ * if we're providing authentication, set the auth_start and auth_tag >+ * pointers to the proper locations; otherwise, set auth_start to NULL >+ * to indicate that no authentication is needed >+ */ >+ if (stream->rtp_services & sec_serv_auth) { >+ auth_start = (uint32_t *)hdr; >+ auth_tag = (uint8_t *)hdr + *pkt_octet_len + mki_size; >+ } else { >+ auth_start = NULL; >+ auth_tag = NULL; >+ } >+ >+ /* >+ * estimate the packet index using the start of the replay window >+ * and the sequence number from the header >+ */ >+ status = srtp_get_est_pkt_index(hdr, stream, &est, &delta); >+ >+ if (status && (status != srtp_err_status_pkt_idx_adv)) >+ return status; >+ >+ if (status == srtp_err_status_pkt_idx_adv) >+ advance_packet_index = 1; >+ >+ if (advance_packet_index) { >+ srtp_rdbx_set_roc_seq(&stream->rtp_rdbx, (uint32_t)(est >> 16), >+ (uint16_t)(est & 0xFFFF)); >+ stream->pending_roc = 0; >+ srtp_rdbx_add_index(&stream->rtp_rdbx, 0); >+ } else { >+ status = srtp_rdbx_check(&stream->rtp_rdbx, delta); >+ if (status) { >+ if (status != srtp_err_status_replay_fail || >+ !stream->allow_repeat_tx) >+ return status; /* we've been asked to reuse an index */ >+ } >+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta); >+ } > >- /* check the packet length - it must at least contain a full header */ >- if (*pkt_octet_len < octets_in_rtp_header) >- return srtp_err_status_bad_param; >- >- /* >- * look up ssrc in srtp_stream list, and process the packet with >- * the appropriate stream. if we haven't seen this stream before, >- * there's only one key for this srtp_session, and the cipher >- * supports key-sharing, then we assume that a new stream using >- * that key has just started up >- */ >- stream = srtp_get_stream(ctx, hdr->ssrc); >- if (stream == NULL) { >- if (ctx->stream_template != NULL) { >- stream = ctx->stream_template; >- debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)", >- ntohl(hdr->ssrc)); >- >- /* >- * set estimated packet index to sequence number from header, >- * and set delta equal to the same value >- */ > #ifdef NO_64BIT_MATH >- est = (srtp_xtd_seq_num_t) make64(0,ntohs(hdr->seq)); >- delta = low32(est); >+ debug_print2(mod_srtp, "estimated packet index: %08x%08x", high32(est), >+ low32(est)); > #else >- est = (srtp_xtd_seq_num_t) ntohs(hdr->seq); >- delta = (int)est; >+ debug_print(mod_srtp, "estimated packet index: %016llx", est); > #endif >+ >+ /* >+ * if we're using rindael counter mode, set nonce and seq >+ */ >+ if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 || >+ session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 || >+ session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) { >+ v128_t iv; >+ >+ iv.v32[0] = 0; >+ iv.v32[1] = hdr->ssrc; >+#ifdef NO_64BIT_MATH >+ iv.v64[1] = be64_to_cpu( >+ make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); >+#else >+ iv.v64[1] = be64_to_cpu(est << 16); >+#endif >+ status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv, >+ srtp_direction_encrypt); >+ if (!status && session_keys->rtp_xtn_hdr_cipher) { >+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, >+ (uint8_t *)&iv, srtp_direction_encrypt); >+ } > } else { >- >- /* >- * no stream corresponding to SSRC found, and we don't do >- * key-sharing, so return an error >- */ >- return srtp_err_status_no_ctx; >- } >- } else { >- status = srtp_get_est_pkt_index(hdr, >- stream, >- &est, >- &delta); >+ v128_t iv; > >- if (status && (status != srtp_err_status_pkt_idx_adv)) >- return status; >+/* otherwise, set the index to est */ >+#ifdef NO_64BIT_MATH >+ iv.v32[0] = 0; >+ iv.v32[1] = 0; >+#else >+ iv.v64[0] = 0; >+#endif >+ iv.v64[1] = be64_to_cpu(est); >+ status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv, >+ srtp_direction_encrypt); >+ if (!status && session_keys->rtp_xtn_hdr_cipher) { >+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, >+ (uint8_t *)&iv, srtp_direction_encrypt); >+ } >+ } >+ if (status) >+ return srtp_err_status_cipher_fail; >+ >+/* shift est, put into network byte order */ >+#ifdef NO_64BIT_MATH >+ est = be64_to_cpu( >+ make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); >+#else >+ est = be64_to_cpu(est << 16); >+#endif > >- if (status == srtp_err_status_pkt_idx_adv) { >- advance_packet_index = 1; >- roc_to_set = (uint32_t)(est >> 16); >- seq_to_set = (uint16_t)(est & 0xFFFF); >+ /* >+ * if we're authenticating using a universal hash, put the keystream >+ * prefix into the authentication tag >+ */ >+ if (auth_start) { >+ prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth); >+ if (prefix_len) { >+ status = srtp_cipher_output(session_keys->rtp_cipher, auth_tag, >+ &prefix_len); >+ if (status) >+ return srtp_err_status_cipher_fail; >+ debug_print(mod_srtp, "keystream prefix: %s", >+ srtp_octet_string_hex_string(auth_tag, prefix_len)); >+ } > } > >- /* check replay database */ >- if (!advance_packet_index) { >- status = srtp_rdbx_check(&stream->rtp_rdbx, delta); >- if (status) >- return status; >+ if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { >+ /* >+ * extensions header encryption RFC 6904 >+ */ >+ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); >+ if (status) { >+ return status; >+ } >+ } >+ >+ /* if we're encrypting, exor keystream into the message */ >+ if (enc_start) { >+ status = >+ srtp_cipher_encrypt(session_keys->rtp_cipher, (uint8_t *)enc_start, >+ (unsigned int *)&enc_octet_len); >+ if (status) >+ return srtp_err_status_cipher_fail; >+ } >+ >+ /* >+ * if we're authenticating, run authentication function and put result >+ * into the auth_tag >+ */ >+ if (auth_start) { >+ /* initialize auth func context */ >+ status = srtp_auth_start(session_keys->rtp_auth); >+ if (status) >+ return status; >+ >+ /* run auth func over packet */ >+ status = srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start, >+ *pkt_octet_len); >+ if (status) >+ return status; >+ >+ /* run auth func over ROC, put result into auth_tag */ >+ debug_print(mod_srtp, "estimated packet index: %016llx", est); >+ status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, >+ auth_tag); >+ debug_print(mod_srtp, "srtp auth tag: %s", >+ srtp_octet_string_hex_string(auth_tag, tag_len)); >+ if (status) >+ return srtp_err_status_auth_fail; > } >- } > >+ if (auth_tag) { >+ /* increase the packet length by the length of the auth tag */ >+ *pkt_octet_len += tag_len; >+ } >+ >+ if (use_mki) { >+ /* increate the packet length by the mki size */ >+ *pkt_octet_len += mki_size; >+ } >+ >+ return srtp_err_status_ok; >+} >+ >+srtp_err_status_t srtp_unprotect(srtp_ctx_t *ctx, >+ void *srtp_hdr, >+ int *pkt_octet_len) >+{ >+ return srtp_unprotect_mki(ctx, srtp_hdr, pkt_octet_len, 0); >+} >+ >+srtp_err_status_t srtp_unprotect_mki(srtp_ctx_t *ctx, >+ void *srtp_hdr, >+ int *pkt_octet_len, >+ unsigned int use_mki) >+{ >+ srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr; >+ uint32_t *enc_start; /* pointer to start of encrypted portion */ >+ uint32_t *auth_start; /* pointer to start of auth. portion */ >+ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ >+ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >+ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ >+ int delta; /* delta of local pkt idx and that in hdr */ >+ v128_t iv; >+ srtp_err_status_t status; >+ srtp_stream_ctx_t *stream; >+ uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; >+ uint32_t tag_len, prefix_len; >+ srtp_hdr_xtnd_t *xtn_hdr = NULL; >+ unsigned int mki_size = 0; >+ srtp_session_keys_t *session_keys = NULL; >+ int advance_packet_index = 0; >+ uint32_t roc_to_set = 0; >+ uint16_t seq_to_set = 0; >+ >+ debug_print(mod_srtp, "function srtp_unprotect", NULL); >+ >+ /* we assume the hdr is 32-bit aligned to start */ >+ >+ /* Verify RTP header */ >+ status = srtp_validate_rtp_header(srtp_hdr, pkt_octet_len); >+ if (status) >+ return status; >+ >+ /* check the packet length - it must at least contain a full header */ >+ if (*pkt_octet_len < octets_in_rtp_header) >+ return srtp_err_status_bad_param; >+ >+ /* >+ * look up ssrc in srtp_stream list, and process the packet with >+ * the appropriate stream. if we haven't seen this stream before, >+ * there's only one key for this srtp_session, and the cipher >+ * supports key-sharing, then we assume that a new stream using >+ * that key has just started up >+ */ >+ stream = srtp_get_stream(ctx, hdr->ssrc); >+ if (stream == NULL) { >+ if (ctx->stream_template != NULL) { >+ stream = ctx->stream_template; >+ debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)", >+ ntohl(hdr->ssrc)); >+ >+/* >+ * set estimated packet index to sequence number from header, >+ * and set delta equal to the same value >+ */ > #ifdef NO_64BIT_MATH >- debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est),low32(est)); >+ est = (srtp_xtd_seq_num_t)make64(0, ntohs(hdr->seq)); >+ delta = low32(est); > #else >- debug_print(mod_srtp, "estimated u_packet index: %016llx", est); >+ est = (srtp_xtd_seq_num_t)ntohs(hdr->seq); >+ delta = (int)est; > #endif >+ } else { >+ /* >+ * no stream corresponding to SSRC found, and we don't do >+ * key-sharing, so return an error >+ */ >+ return srtp_err_status_no_ctx; >+ } >+ } else { >+ status = srtp_get_est_pkt_index(hdr, stream, &est, &delta); >+ >+ if (status && (status != srtp_err_status_pkt_idx_adv)) >+ return status; >+ >+ if (status == srtp_err_status_pkt_idx_adv) { >+ advance_packet_index = 1; >+ roc_to_set = (uint32_t)(est >> 16); >+ seq_to_set = (uint16_t)(est & 0xFFFF); >+ } >+ >+ /* check replay database */ >+ if (!advance_packet_index) { >+ status = srtp_rdbx_check(&stream->rtp_rdbx, delta); >+ if (status) >+ return status; >+ } >+ } > >- /* >- * Determine if MKI is being used and what session keys should be used >- */ >- if (use_mki) { >- session_keys = srtp_get_session_keys(stream, (uint8_t *)hdr, >- (const unsigned int*)pkt_octet_len, >- &mki_size); >- >- if (session_keys == NULL) >- return srtp_err_status_bad_mki; >- } else { >- session_keys = &stream->session_keys[0]; >- } >- >- /* >- * Check if this is an AEAD stream (GCM mode). If so, then dispatch >- * the request to our AEAD handler. >- */ >- if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || >- session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { >- return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, >- (unsigned int*)pkt_octet_len, session_keys, >- mki_size); >- } >- >- /* get tag length from stream */ >- tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); >- >- /* >- * set the cipher's IV properly, depending on whatever cipher we >- * happen to be using >- */ >- if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 || >- session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 || >- session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) { >- /* aes counter mode */ >- iv.v32[0] = 0; >- iv.v32[1] = hdr->ssrc; /* still in network order */ > #ifdef NO_64BIT_MATH >- iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), >- low32(est) << 16)); >+ debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est), >+ low32(est)); > #else >- iv.v64[1] = be64_to_cpu(est << 16); >+ debug_print(mod_srtp, "estimated u_packet index: %016llx", est); > #endif >- status = srtp_cipher_set_iv(session_keys->rtp_cipher, >- (uint8_t*)&iv, srtp_direction_decrypt); >- if (!status && session_keys->rtp_xtn_hdr_cipher) { >- status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, >- (uint8_t*)&iv, srtp_direction_decrypt); >+ >+ /* Determine if MKI is being used and what session keys should be used */ >+ if (use_mki) { >+ session_keys = srtp_get_session_keys( >+ stream, (uint8_t *)hdr, (const unsigned int *)pkt_octet_len, >+ &mki_size); >+ >+ if (session_keys == NULL) >+ return srtp_err_status_bad_mki; >+ } else { >+ session_keys = &stream->session_keys[0]; > } >- } else { >- >- /* no particular format - set the iv to the pakcet index */ >+ >+ /* >+ * Check if this is an AEAD stream (GCM mode). If so, then dispatch >+ * the request to our AEAD handler. >+ */ >+ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || >+ session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { >+ return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, >+ (unsigned int *)pkt_octet_len, session_keys, >+ mki_size); >+ } >+ >+ /* get tag length from stream */ >+ tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); >+ >+ /* >+ * set the cipher's IV properly, depending on whatever cipher we >+ * happen to be using >+ */ >+ if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 || >+ session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 || >+ session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) { >+ /* aes counter mode */ >+ iv.v32[0] = 0; >+ iv.v32[1] = hdr->ssrc; /* still in network order */ > #ifdef NO_64BIT_MATH >- iv.v32[0] = 0; >- iv.v32[1] = 0; >+ iv.v64[1] = be64_to_cpu( >+ make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); > #else >- iv.v64[0] = 0; >+ iv.v64[1] = be64_to_cpu(est << 16); > #endif >- iv.v64[1] = be64_to_cpu(est); >- status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); >- if (!status && session_keys->rtp_xtn_hdr_cipher) { >- status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_decrypt); >+ status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv, >+ srtp_direction_decrypt); >+ if (!status && session_keys->rtp_xtn_hdr_cipher) { >+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, >+ (uint8_t *)&iv, srtp_direction_decrypt); >+ } >+ } else { >+/* no particular format - set the iv to the pakcet index */ >+#ifdef NO_64BIT_MATH >+ iv.v32[0] = 0; >+ iv.v32[1] = 0; >+#else >+ iv.v64[0] = 0; >+#endif >+ iv.v64[1] = be64_to_cpu(est); >+ status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv, >+ srtp_direction_decrypt); >+ if (!status && session_keys->rtp_xtn_hdr_cipher) { >+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, >+ (uint8_t *)&iv, srtp_direction_decrypt); >+ } > } >- } >- if (status) >- return srtp_err_status_cipher_fail; >+ if (status) >+ return srtp_err_status_cipher_fail; > >- /* shift est, put into network byte order */ >+/* shift est, put into network byte order */ > #ifdef NO_64BIT_MATH >- est = be64_to_cpu(make64((high32(est) << 16) | >- (low32(est) >> 16), >- low32(est) << 16)); >+ est = be64_to_cpu( >+ make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); > #else >- est = be64_to_cpu(est << 16); >+ est = be64_to_cpu(est << 16); > #endif > >- /* >- * find starting point for decryption and length of data to be >- * decrypted - the encrypted portion starts after the rtp header >- * extension, if present; otherwise, it starts after the last csrc, >- * if any are present >- * >- * if we're not providing confidentiality, set enc_start to NULL >- */ >- if (stream->rtp_services & sec_serv_conf) { >- enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; >- if (hdr->x == 1) { >- xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; >- enc_start += (ntohs(xtn_hdr->length) + 1); >- } >- if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len - mki_size))) >- return srtp_err_status_parse_err; >- enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - mki_size - >- ((uint8_t*)enc_start - (uint8_t*)hdr)); >- } else { >- enc_start = NULL; >- } >- >- /* >- * if we're providing authentication, set the auth_start and auth_tag >- * pointers to the proper locations; otherwise, set auth_start to NULL >- * to indicate that no authentication is needed >- */ >- if (stream->rtp_services & sec_serv_auth) { >- auth_start = (uint32_t *)hdr; >- auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len; >- } else { >- auth_start = NULL; >- auth_tag = NULL; >- } >- >- /* >- * if we expect message authentication, run the authentication >- * function and compare the result with the value of the auth_tag >- */ >- if (auth_start) { >- >- /* >- * if we're using a universal hash, then we need to compute the >- * keystream prefix for encrypting the universal hash output >+ /* >+ * find starting point for decryption and length of data to be >+ * decrypted - the encrypted portion starts after the rtp header >+ * extension, if present; otherwise, it starts after the last csrc, >+ * if any are present > * >- * if the keystream prefix length is zero, then we know that >- * the authenticator isn't using a universal hash function >- */ >- if (session_keys->rtp_auth->prefix_len != 0) { >- >- prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth); >- status = srtp_cipher_output(session_keys->rtp_cipher, tmp_tag, &prefix_len); >- debug_print(mod_srtp, "keystream prefix: %s", >- srtp_octet_string_hex_string(tmp_tag, prefix_len)); >- if (status) >- return srtp_err_status_cipher_fail; >- } >+ * if we're not providing confidentiality, set enc_start to NULL >+ */ >+ if (stream->rtp_services & sec_serv_conf) { >+ enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; >+ if (hdr->x == 1) { >+ xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; >+ enc_start += (ntohs(xtn_hdr->length) + 1); >+ } >+ if (!((uint8_t *)enc_start <= >+ (uint8_t *)hdr + (*pkt_octet_len - tag_len - mki_size))) >+ return srtp_err_status_parse_err; >+ enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - mki_size - >+ ((uint8_t *)enc_start - (uint8_t *)hdr)); >+ } else { >+ enc_start = NULL; >+ } > >- /* initialize auth func context */ >- status = srtp_auth_start(session_keys->rtp_auth); >- if (status) return status; >- >- /* now compute auth function over packet */ >- status = srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start, >- *pkt_octet_len - tag_len - mki_size); >- >- /* run auth func over ROC, then write tmp tag */ >- status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, tmp_tag); >- >- debug_print(mod_srtp, "computed auth tag: %s", >- srtp_octet_string_hex_string(tmp_tag, tag_len)); >- debug_print(mod_srtp, "packet auth tag: %s", >- srtp_octet_string_hex_string(auth_tag, tag_len)); >- if (status) >- return srtp_err_status_auth_fail; >+ /* >+ * if we're providing authentication, set the auth_start and auth_tag >+ * pointers to the proper locations; otherwise, set auth_start to NULL >+ * to indicate that no authentication is needed >+ */ >+ if (stream->rtp_services & sec_serv_auth) { >+ auth_start = (uint32_t *)hdr; >+ auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len; >+ } else { >+ auth_start = NULL; >+ auth_tag = NULL; >+ } > >- if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) >- return srtp_err_status_auth_fail; >- } >- >- /* >- * update the key usage limit, and check it to make sure that we >- * didn't just hit either the soft limit or the hard limit, and call >- * the event handler if we hit either. >- */ >- switch(srtp_key_limit_update(session_keys->limit)) { >- case srtp_key_event_normal: >- break; >- case srtp_key_event_soft_limit: >- srtp_handle_event(ctx, stream, event_key_soft_limit); >- break; >- case srtp_key_event_hard_limit: >- srtp_handle_event(ctx, stream, event_key_hard_limit); >- return srtp_err_status_key_expired; >- default: >- break; >- } >- >- if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { > /* >- * extensions header encryption RFC 6904 >+ * if we expect message authentication, run the authentication >+ * function and compare the result with the value of the auth_tag > */ >- status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); >- if (status) { >- return status; >+ if (auth_start) { >+ /* >+ * if we're using a universal hash, then we need to compute the >+ * keystream prefix for encrypting the universal hash output >+ * >+ * if the keystream prefix length is zero, then we know that >+ * the authenticator isn't using a universal hash function >+ */ >+ if (session_keys->rtp_auth->prefix_len != 0) { >+ prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth); >+ status = srtp_cipher_output(session_keys->rtp_cipher, tmp_tag, >+ &prefix_len); >+ debug_print(mod_srtp, "keystream prefix: %s", >+ srtp_octet_string_hex_string(tmp_tag, prefix_len)); >+ if (status) >+ return srtp_err_status_cipher_fail; >+ } >+ >+ /* initialize auth func context */ >+ status = srtp_auth_start(session_keys->rtp_auth); >+ if (status) >+ return status; >+ >+ /* now compute auth function over packet */ >+ status = srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start, >+ *pkt_octet_len - tag_len - mki_size); >+ >+ /* run auth func over ROC, then write tmp tag */ >+ status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, >+ tmp_tag); >+ >+ debug_print(mod_srtp, "computed auth tag: %s", >+ srtp_octet_string_hex_string(tmp_tag, tag_len)); >+ debug_print(mod_srtp, "packet auth tag: %s", >+ srtp_octet_string_hex_string(auth_tag, tag_len)); >+ if (status) >+ return srtp_err_status_auth_fail; >+ >+ if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) >+ return srtp_err_status_auth_fail; > } >- } > >- /* if we're decrypting, add keystream into ciphertext */ >- if (enc_start) { >- status = srtp_cipher_decrypt(session_keys->rtp_cipher, >- (uint8_t *)enc_start, &enc_octet_len); >- if (status) >- return srtp_err_status_cipher_fail; >- } >- >- /* >- * verify that stream is for received traffic - this check will >- * detect SSRC collisions, since a stream that appears in both >- * srtp_protect() and srtp_unprotect() will fail this test in one of >- * those functions. >- * >- * we do this check *after* the authentication check, so that the >- * latter check will catch any attempts to fool us into thinking >- * that we've got a collision >- */ >- if (stream->direction != dir_srtp_receiver) { >- if (stream->direction == dir_unknown) { >- stream->direction = dir_srtp_receiver; >- } else { >- srtp_handle_event(ctx, stream, event_ssrc_collision); >- } >- } >- >- /* >- * if the stream is a 'provisional' one, in which the template context >- * is used, then we need to allocate a new stream at this point, since >- * the authentication passed >- */ >- if (stream == ctx->stream_template) { >- srtp_stream_ctx_t *new_stream; >- >- /* >- * allocate and initialize a new stream >- * >- * note that we indicate failure if we can't allocate the new >- * stream, and some implementations will want to not return >- * failure here >+ /* >+ * update the key usage limit, and check it to make sure that we >+ * didn't just hit either the soft limit or the hard limit, and call >+ * the event handler if we hit either. > */ >- status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); >- if (status) >- return status; >- >- /* add new stream to the head of the stream_list */ >- new_stream->next = ctx->stream_list; >- ctx->stream_list = new_stream; >- >- /* set stream (the pointer used in this function) */ >- stream = new_stream; >- } >- >- /* >- * the message authentication function passed, so add the packet >- * index into the replay database >- */ >- if (advance_packet_index) { >- srtp_rdbx_set_roc_seq(&stream->rtp_rdbx, >- roc_to_set, >- seq_to_set); >- stream->pending_roc = 0; >- srtp_rdbx_add_index(&stream->rtp_rdbx, 0); >- } else { >- srtp_rdbx_add_index(&stream->rtp_rdbx, delta); >- } >+ switch (srtp_key_limit_update(session_keys->limit)) { >+ case srtp_key_event_normal: >+ break; >+ case srtp_key_event_soft_limit: >+ srtp_handle_event(ctx, stream, event_key_soft_limit); >+ break; >+ case srtp_key_event_hard_limit: >+ srtp_handle_event(ctx, stream, event_key_hard_limit); >+ return srtp_err_status_key_expired; >+ default: >+ break; >+ } > >- /* decrease the packet length by the length of the auth tag */ >- *pkt_octet_len -= tag_len; >+ if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { >+ /* extensions header encryption RFC 6904 */ >+ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); >+ if (status) { >+ return status; >+ } >+ } > >- /* decrease the packet length by the mki size */ >- *pkt_octet_len -= mki_size; >+ /* if we're decrypting, add keystream into ciphertext */ >+ if (enc_start) { >+ status = srtp_cipher_decrypt(session_keys->rtp_cipher, >+ (uint8_t *)enc_start, &enc_octet_len); >+ if (status) >+ return srtp_err_status_cipher_fail; >+ } > >- return srtp_err_status_ok; >-} >+ /* >+ * verify that stream is for received traffic - this check will >+ * detect SSRC collisions, since a stream that appears in both >+ * srtp_protect() and srtp_unprotect() will fail this test in one of >+ * those functions. >+ * >+ * we do this check *after* the authentication check, so that the >+ * latter check will catch any attempts to fool us into thinking >+ * that we've got a collision >+ */ >+ if (stream->direction != dir_srtp_receiver) { >+ if (stream->direction == dir_unknown) { >+ stream->direction = dir_srtp_receiver; >+ } else { >+ srtp_handle_event(ctx, stream, event_ssrc_collision); >+ } >+ } > >-srtp_err_status_t >-srtp_init() { >- srtp_err_status_t status; >+ /* >+ * if the stream is a 'provisional' one, in which the template context >+ * is used, then we need to allocate a new stream at this point, since >+ * the authentication passed >+ */ >+ if (stream == ctx->stream_template) { >+ srtp_stream_ctx_t *new_stream; > >- /* initialize crypto kernel */ >- status = srtp_crypto_kernel_init(); >- if (status) >- return status; >+ /* >+ * allocate and initialize a new stream >+ * >+ * note that we indicate failure if we can't allocate the new >+ * stream, and some implementations will want to not return >+ * failure here >+ */ >+ status = >+ srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); >+ if (status) >+ return status; > >- /* load srtp debug module into the kernel */ >- status = srtp_crypto_kernel_load_debug_module(&mod_srtp); >- if (status) >- return status; >+ /* add new stream to the head of the stream_list */ >+ new_stream->next = ctx->stream_list; >+ ctx->stream_list = new_stream; >+ >+ /* set stream (the pointer used in this function) */ >+ stream = new_stream; >+ } >+ >+ /* >+ * the message authentication function passed, so add the packet >+ * index into the replay database >+ */ >+ if (advance_packet_index) { >+ srtp_rdbx_set_roc_seq(&stream->rtp_rdbx, roc_to_set, seq_to_set); >+ stream->pending_roc = 0; >+ srtp_rdbx_add_index(&stream->rtp_rdbx, 0); >+ } else { >+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta); >+ } >+ >+ /* decrease the packet length by the length of the auth tag */ >+ *pkt_octet_len -= tag_len; > >- return srtp_err_status_ok; >+ /* decrease the packet length by the mki size */ >+ *pkt_octet_len -= mki_size; >+ >+ return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_shutdown() { >- srtp_err_status_t status; >+srtp_err_status_t srtp_init() >+{ >+ srtp_err_status_t status; > >- /* shut down crypto kernel */ >- status = srtp_crypto_kernel_shutdown(); >- if (status) >- return status; >+ /* initialize crypto kernel */ >+ status = srtp_crypto_kernel_init(); >+ if (status) >+ return status; > >- /* shutting down crypto kernel frees the srtp debug module as well */ >+ /* load srtp debug module into the kernel */ >+ status = srtp_crypto_kernel_load_debug_module(&mod_srtp); >+ if (status) >+ return status; > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >+srtp_err_status_t srtp_shutdown() >+{ >+ srtp_err_status_t status; >+ >+ /* shut down crypto kernel */ >+ status = srtp_crypto_kernel_shutdown(); >+ if (status) >+ return status; >+ >+ /* shutting down crypto kernel frees the srtp debug module as well */ > >-/* >+ return srtp_err_status_ok; >+} >+ >+/* > * The following code is under consideration for removal. See >- * SRTP_MAX_TRAILER_LEN >+ * SRTP_MAX_TRAILER_LEN > */ > #if 0 > >@@ -2740,378 +2774,376 @@ srtp_get_trailer_length(const srtp_stream_t s) { > * srtp_get_stream(ssrc) returns a pointer to the stream corresponding > * to ssrc, or NULL if no stream exists for that ssrc > * >- * this is an internal function >+ * this is an internal function > */ > >-srtp_stream_ctx_t * >-srtp_get_stream(srtp_t srtp, uint32_t ssrc) { >- srtp_stream_ctx_t *stream; >- >- /* walk down list until ssrc is found */ >- stream = srtp->stream_list; >- while (stream != NULL) { >- if (stream->ssrc == ssrc) >- return stream; >- stream = stream->next; >- } >- >- /* we haven't found our ssrc, so return a null */ >- return NULL; >+srtp_stream_ctx_t *srtp_get_stream(srtp_t srtp, uint32_t ssrc) >+{ >+ srtp_stream_ctx_t *stream; >+ >+ /* walk down list until ssrc is found */ >+ stream = srtp->stream_list; >+ while (stream != NULL) { >+ if (stream->ssrc == ssrc) >+ return stream; >+ stream = stream->next; >+ } >+ >+ /* we haven't found our ssrc, so return a null */ >+ return NULL; > } > >-srtp_err_status_t >-srtp_dealloc(srtp_t session) { >- srtp_stream_ctx_t *stream; >- srtp_err_status_t status; >- >- /* >- * we take a conservative deallocation strategy - if we encounter an >- * error deallocating a stream, then we stop trying to deallocate >- * memory and just return an error >- */ >- >- /* walk list of streams, deallocating as we go */ >- stream = session->stream_list; >- while (stream != NULL) { >- srtp_stream_t next = stream->next; >- status = srtp_stream_dealloc(stream, session->stream_template); >- if (status) >- return status; >- stream = next; >- } >- >- /* deallocate stream template, if there is one */ >- if (session->stream_template != NULL) { >- status = srtp_stream_dealloc(session->stream_template, NULL); >- if (status) >- return status; >- } >+srtp_err_status_t srtp_dealloc(srtp_t session) >+{ >+ srtp_stream_ctx_t *stream; >+ srtp_err_status_t status; >+ >+ /* >+ * we take a conservative deallocation strategy - if we encounter an >+ * error deallocating a stream, then we stop trying to deallocate >+ * memory and just return an error >+ */ >+ >+ /* walk list of streams, deallocating as we go */ >+ stream = session->stream_list; >+ while (stream != NULL) { >+ srtp_stream_t next = stream->next; >+ status = srtp_stream_dealloc(stream, session->stream_template); >+ if (status) >+ return status; >+ stream = next; >+ } >+ >+ /* deallocate stream template, if there is one */ >+ if (session->stream_template != NULL) { >+ status = srtp_stream_dealloc(session->stream_template, NULL); >+ if (status) >+ return status; >+ } >+ >+ /* deallocate session context */ >+ srtp_crypto_free(session); >+ >+ return srtp_err_status_ok; >+} > >- /* deallocate session context */ >- srtp_crypto_free(session); >+srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy) >+{ >+ srtp_err_status_t status; >+ srtp_stream_t tmp; >+ >+ /* sanity check arguments */ >+ if ((session == NULL) || (policy == NULL) || >+ (!srtp_validate_policy_master_keys(policy))) >+ return srtp_err_status_bad_param; >+ >+ /* allocate stream */ >+ status = srtp_stream_alloc(&tmp, policy); >+ if (status) { >+ return status; >+ } >+ >+ /* initialize stream */ >+ status = srtp_stream_init(tmp, policy); >+ if (status) { >+ srtp_stream_dealloc(tmp, NULL); >+ return status; >+ } >+ >+ /* >+ * set the head of the stream list or the template to point to the >+ * stream that we've just alloced and init'ed, depending on whether >+ * or not it has a wildcard SSRC value or not >+ * >+ * if the template stream has already been set, then the policy is >+ * inconsistent, so we return a bad_param error code >+ */ >+ switch (policy->ssrc.type) { >+ case (ssrc_any_outbound): >+ if (session->stream_template) { >+ srtp_stream_dealloc(tmp, NULL); >+ return srtp_err_status_bad_param; >+ } >+ session->stream_template = tmp; >+ session->stream_template->direction = dir_srtp_sender; >+ break; >+ case (ssrc_any_inbound): >+ if (session->stream_template) { >+ srtp_stream_dealloc(tmp, NULL); >+ return srtp_err_status_bad_param; >+ } >+ session->stream_template = tmp; >+ session->stream_template->direction = dir_srtp_receiver; >+ break; >+ case (ssrc_specific): >+ tmp->next = session->stream_list; >+ session->stream_list = tmp; >+ break; >+ case (ssrc_undefined): >+ default: >+ srtp_stream_dealloc(tmp, NULL); >+ return srtp_err_status_bad_param; >+ } > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >+srtp_err_status_t srtp_create(srtp_t *session, /* handle for session */ >+ const srtp_policy_t *policy) >+{ /* SRTP policy (list) */ >+ srtp_err_status_t stat; >+ srtp_ctx_t *ctx; >+ >+ /* sanity check arguments */ >+ if (session == NULL) >+ return srtp_err_status_bad_param; > >-srtp_err_status_t >-srtp_add_stream(srtp_t session, >- const srtp_policy_t *policy) { >- srtp_err_status_t status; >- srtp_stream_t tmp; >+ /* allocate srtp context and set ctx_ptr */ >+ ctx = (srtp_ctx_t *)srtp_crypto_alloc(sizeof(srtp_ctx_t)); >+ if (ctx == NULL) >+ return srtp_err_status_alloc_fail; >+ *session = ctx; > >- /* sanity check arguments */ >- if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) >- return srtp_err_status_bad_param; >+ /* >+ * loop over elements in the policy list, allocating and >+ * initializing a stream for each element >+ */ >+ ctx->stream_template = NULL; >+ ctx->stream_list = NULL; >+ ctx->user_data = NULL; >+ while (policy != NULL) { >+ stat = srtp_add_stream(ctx, policy); >+ if (stat) { >+ /* clean up everything */ >+ srtp_dealloc(*session); >+ *session = NULL; >+ return stat; >+ } > >- /* allocate stream */ >- status = srtp_stream_alloc(&tmp, policy); >- if (status) { >- return status; >- } >- >- /* initialize stream */ >- status = srtp_stream_init(tmp, policy); >- if (status) { >- srtp_crypto_free(tmp); >- return status; >- } >- >- /* >- * set the head of the stream list or the template to point to the >- * stream that we've just alloced and init'ed, depending on whether >- * or not it has a wildcard SSRC value or not >- * >- * if the template stream has already been set, then the policy is >- * inconsistent, so we return a bad_param error code >- */ >- switch (policy->ssrc.type) { >- case (ssrc_any_outbound): >- if (session->stream_template) { >- return srtp_err_status_bad_param; >- } >- session->stream_template = tmp; >- session->stream_template->direction = dir_srtp_sender; >- break; >- case (ssrc_any_inbound): >- if (session->stream_template) { >- return srtp_err_status_bad_param; >- } >- session->stream_template = tmp; >- session->stream_template->direction = dir_srtp_receiver; >- break; >- case (ssrc_specific): >- tmp->next = session->stream_list; >- session->stream_list = tmp; >- break; >- case (ssrc_undefined): >- default: >- srtp_crypto_free(tmp); >- return srtp_err_status_bad_param; >- } >- >- return srtp_err_status_ok; >+ /* set policy to next item in list */ >+ policy = policy->next; >+ } >+ >+ return srtp_err_status_ok; > } > >+srtp_err_status_t srtp_remove_stream(srtp_t session, uint32_t ssrc) >+{ >+ srtp_stream_ctx_t *stream, *last_stream; >+ srtp_err_status_t status; >+ >+ /* sanity check arguments */ >+ if (session == NULL) >+ return srtp_err_status_bad_param; >+ >+ /* find stream in list; complain if not found */ >+ last_stream = stream = session->stream_list; >+ while ((stream != NULL) && (ssrc != stream->ssrc)) { >+ last_stream = stream; >+ stream = stream->next; >+ } >+ if (stream == NULL) >+ return srtp_err_status_no_ctx; > >-srtp_err_status_t >-srtp_create(srtp_t *session, /* handle for session */ >- const srtp_policy_t *policy) { /* SRTP policy (list) */ >- srtp_err_status_t stat; >- srtp_ctx_t *ctx; >- >- /* sanity check arguments */ >- if (session == NULL) >- return srtp_err_status_bad_param; >- >- /* allocate srtp context and set ctx_ptr */ >- ctx = (srtp_ctx_t *) srtp_crypto_alloc(sizeof(srtp_ctx_t)); >- if (ctx == NULL) >- return srtp_err_status_alloc_fail; >- *session = ctx; >- >- /* >- * loop over elements in the policy list, allocating and >- * initializing a stream for each element >- */ >- ctx->stream_template = NULL; >- ctx->stream_list = NULL; >- ctx->user_data = NULL; >- while (policy != NULL) { >- >- stat = srtp_add_stream(ctx, policy); >- if (stat) { >- /* clean up everything */ >- srtp_dealloc(*session); >- *session = NULL; >- return stat; >- } >+ /* remove stream from the list */ >+ if (last_stream == stream) >+ /* stream was first in list */ >+ session->stream_list = stream->next; >+ else >+ last_stream->next = stream->next; > >- /* set policy to next item in list */ >- policy = policy->next; >- } >+ /* deallocate the stream */ >+ status = srtp_stream_dealloc(stream, session->stream_template); >+ if (status) >+ return status; > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >+srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy) >+{ >+ srtp_err_status_t stat; > >-srtp_err_status_t >-srtp_remove_stream(srtp_t session, uint32_t ssrc) { >- srtp_stream_ctx_t *stream, *last_stream; >- srtp_err_status_t status; >- >- /* sanity check arguments */ >- if (session == NULL) >- return srtp_err_status_bad_param; >- >- /* find stream in list; complain if not found */ >- last_stream = stream = session->stream_list; >- while ((stream != NULL) && (ssrc != stream->ssrc)) { >- last_stream = stream; >- stream = stream->next; >- } >- if (stream == NULL) >- return srtp_err_status_no_ctx; >- >- /* remove stream from the list */ >- if (last_stream == stream) >- /* stream was first in list */ >- session->stream_list = stream->next; >- else >- last_stream->next = stream->next; >- >- /* deallocate the stream */ >- status = srtp_stream_dealloc(stream, session->stream_template); >- if (status) >- return status; >+ /* sanity check arguments */ >+ if ((session == NULL) || (policy == NULL) || >+ (!srtp_validate_policy_master_keys(policy))) { >+ return srtp_err_status_bad_param; >+ } >+ >+ while (policy != NULL) { >+ stat = srtp_update_stream(session, policy); >+ if (stat) { >+ return stat; >+ } > >- return srtp_err_status_ok; >+ /* set policy to next item in list */ >+ policy = policy->next; >+ } >+ return srtp_err_status_ok; > } > >+static srtp_err_status_t update_template_streams(srtp_t session, >+ const srtp_policy_t *policy) >+{ >+ srtp_err_status_t status; >+ srtp_stream_t new_stream_template; >+ srtp_stream_t new_stream_list = NULL; > >-srtp_err_status_t >-srtp_update(srtp_t session, const srtp_policy_t *policy) { >- srtp_err_status_t stat; >+ if (session->stream_template == NULL) { >+ return srtp_err_status_bad_param; >+ } > >- /* sanity check arguments */ >- if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) { >- return srtp_err_status_bad_param; >- } >+ /* allocate new template stream */ >+ status = srtp_stream_alloc(&new_stream_template, policy); >+ if (status) { >+ return status; >+ } > >- while (policy != NULL) { >- stat = srtp_update_stream(session, policy); >- if (stat) { >- return stat; >+ /* initialize new template stream */ >+ status = srtp_stream_init(new_stream_template, policy); >+ if (status) { >+ srtp_crypto_free(new_stream_template); >+ return status; > } > >- /* set policy to next item in list */ >- policy = policy->next; >- } >- return srtp_err_status_ok; >-} >+ /* for all old templated streams */ >+ for (;;) { >+ srtp_stream_t stream; >+ uint32_t ssrc; >+ srtp_xtd_seq_num_t old_index; >+ srtp_rdb_t old_rtcp_rdb; >+ >+ stream = session->stream_list; >+ while ((stream != NULL) && >+ (stream->session_keys[0].rtp_auth != >+ session->stream_template->session_keys[0].rtp_auth)) { >+ stream = stream->next; >+ } >+ if (stream == NULL) { >+ /* no more templated streams */ >+ break; >+ } > >+ /* save old extendard seq */ >+ ssrc = stream->ssrc; >+ old_index = stream->rtp_rdbx.index; >+ old_rtcp_rdb = stream->rtcp_rdb; > >-static srtp_err_status_t >-update_template_streams(srtp_t session, const srtp_policy_t *policy) { >- srtp_err_status_t status; >- srtp_stream_t new_stream_template; >- srtp_stream_t new_stream_list = NULL; >+ /* remove stream */ >+ status = srtp_remove_stream(session, ssrc); >+ if (status) { >+ /* free new allocations */ >+ while (new_stream_list != NULL) { >+ srtp_stream_t next = new_stream_list->next; >+ srtp_stream_dealloc(new_stream_list, new_stream_template); >+ new_stream_list = next; >+ } >+ srtp_stream_dealloc(new_stream_template, NULL); >+ return status; >+ } > >- if (session->stream_template == NULL) { >- return srtp_err_status_bad_param; >- } >+ /* allocate and initialize a new stream */ >+ status = srtp_stream_clone(new_stream_template, ssrc, &stream); >+ if (status) { >+ /* free new allocations */ >+ while (new_stream_list != NULL) { >+ srtp_stream_t next = new_stream_list->next; >+ srtp_stream_dealloc(new_stream_list, new_stream_template); >+ new_stream_list = next; >+ } >+ srtp_stream_dealloc(new_stream_template, NULL); >+ return status; >+ } > >- /* allocate new template stream */ >- status = srtp_stream_alloc(&new_stream_template, policy); >- if (status) { >- return status; >- } >+ /* add new stream to the head of the new_stream_list */ >+ stream->next = new_stream_list; >+ new_stream_list = stream; > >- /* initialize new template stream */ >- status = srtp_stream_init(new_stream_template, policy); >- if (status) { >- srtp_crypto_free(new_stream_template); >+ /* restore old extended seq */ >+ stream->rtp_rdbx.index = old_index; >+ stream->rtcp_rdb = old_rtcp_rdb; >+ } >+ /* dealloc old template */ >+ srtp_stream_dealloc(session->stream_template, NULL); >+ /* set new template */ >+ session->stream_template = new_stream_template; >+ /* add new list */ >+ if (new_stream_list) { >+ srtp_stream_t tail = new_stream_list; >+ while (tail->next) { >+ tail = tail->next; >+ } >+ tail->next = session->stream_list; >+ session->stream_list = new_stream_list; >+ } > return status; >- } >+} > >- /* for all old templated streams */ >- for (;;) { >- srtp_stream_t stream; >- uint32_t ssrc; >+static srtp_err_status_t update_stream(srtp_t session, >+ const srtp_policy_t *policy) >+{ >+ srtp_err_status_t status; > srtp_xtd_seq_num_t old_index; > srtp_rdb_t old_rtcp_rdb; >+ srtp_stream_t stream; > >- stream = session->stream_list; >- while ((stream != NULL) && >- (stream->session_keys[0].rtp_auth != >- session->stream_template->session_keys[0].rtp_auth)) { >- stream = stream->next; >- } >+ stream = srtp_get_stream(session, htonl(policy->ssrc.value)); > if (stream == NULL) { >- /* no more templated streams */ >- break; >+ return srtp_err_status_bad_param; > } > > /* save old extendard seq */ >- ssrc = stream->ssrc; > old_index = stream->rtp_rdbx.index; > old_rtcp_rdb = stream->rtcp_rdb; > >- /* remove stream */ >- status = srtp_remove_stream(session, ssrc); >+ status = srtp_remove_stream(session, htonl(policy->ssrc.value)); > if (status) { >- /* free new allocations */ >- while (new_stream_list != NULL) { >- srtp_stream_t next = new_stream_list->next; >- srtp_stream_dealloc(new_stream_list, new_stream_template); >- new_stream_list = next; >- } >- srtp_stream_dealloc(new_stream_template, NULL); >- return status; >- } >- >- /* allocate and initialize a new stream */ >- status = srtp_stream_clone(new_stream_template, ssrc, &stream); >+ return status; >+ } >+ >+ status = srtp_add_stream(session, policy); > if (status) { >- /* free new allocations */ >- while (new_stream_list != NULL) { >- srtp_stream_t next = new_stream_list->next; >- srtp_stream_dealloc(new_stream_list, new_stream_template); >- new_stream_list = next; >- } >- srtp_stream_dealloc(new_stream_template, NULL); >- return status; >+ return status; > } > >- /* add new stream to the head of the new_stream_list */ >- stream->next = new_stream_list; >- new_stream_list = stream; >+ stream = srtp_get_stream(session, htonl(policy->ssrc.value)); >+ if (stream == NULL) { >+ return srtp_err_status_fail; >+ } > > /* restore old extended seq */ > stream->rtp_rdbx.index = old_index; > stream->rtcp_rdb = old_rtcp_rdb; >- } >- /* dealloc old template */ >- srtp_stream_dealloc(session->stream_template, NULL); >- /* set new template */ >- session->stream_template = new_stream_template; >- /* add new list */ >- if (new_stream_list) { >- srtp_stream_t tail = new_stream_list; >- while (tail->next) { >- tail = tail->next; >- } >- tail->next = session->stream_list; >- session->stream_list = new_stream_list; >- } >- return status; >-} > >+ return srtp_err_status_ok; >+} > >-static srtp_err_status_t >-update_stream(srtp_t session, const srtp_policy_t *policy) { >- srtp_err_status_t status; >- srtp_xtd_seq_num_t old_index; >- srtp_rdb_t old_rtcp_rdb; >- srtp_stream_t stream; >- >- stream = srtp_get_stream(session, htonl(policy->ssrc.value)); >- if (stream == NULL) { >- return srtp_err_status_bad_param; >- } >+srtp_err_status_t srtp_update_stream(srtp_t session, >+ const srtp_policy_t *policy) >+{ >+ srtp_err_status_t status; > >- /* save old extendard seq */ >- old_index = stream->rtp_rdbx.index; >- old_rtcp_rdb = stream->rtcp_rdb; >+ /* sanity check arguments */ >+ if ((session == NULL) || (policy == NULL) || >+ (!srtp_validate_policy_master_keys(policy))) >+ return srtp_err_status_bad_param; > >- status = srtp_remove_stream(session, htonl(policy->ssrc.value)); >- if (status) { >- return status; >- } >+ switch (policy->ssrc.type) { >+ case (ssrc_any_outbound): >+ case (ssrc_any_inbound): >+ status = update_template_streams(session, policy); >+ break; >+ case (ssrc_specific): >+ status = update_stream(session, policy); >+ break; >+ case (ssrc_undefined): >+ default: >+ return srtp_err_status_bad_param; >+ } > >- status = srtp_add_stream(session, policy); >- if (status) { > return status; >- } >- >- stream = srtp_get_stream(session, htonl(policy->ssrc.value)); >- if (stream == NULL) { >- return srtp_err_status_fail; >- } >- >- /* restore old extended seq */ >- stream->rtp_rdbx.index = old_index; >- stream->rtcp_rdb = old_rtcp_rdb; >- >- return srtp_err_status_ok; >-} >- >- >-srtp_err_status_t >-srtp_update_stream(srtp_t session, const srtp_policy_t *policy) { >- srtp_err_status_t status; >- >- /* sanity check arguments */ >- if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) >- return srtp_err_status_bad_param; >- >- switch (policy->ssrc.type) { >- case (ssrc_any_outbound): >- case (ssrc_any_inbound): >- status = update_template_streams(session, policy); >- break; >- case (ssrc_specific): >- status = update_stream(session, policy); >- break; >- case (ssrc_undefined): >- default: >- return srtp_err_status_bad_param; >- } >- >- return status; > } > >- > /* > * The default policy - provides a convenient way for callers to use > * the default security policy >@@ -3121,283 +3153,264 @@ srtp_update_stream(srtp_t session, const srtp_policy_t *policy) { > * > */ > >-/* >+/* > * NOTE: cipher_key_len is really key len (128 bits) plus salt len > * (112 bits) > */ > /* There are hard-coded 16's for base_key_len in the key generation code */ > >-void >-srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p) { >- >- p->cipher_type = SRTP_AES_ICM_128; >- p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */ >- p->auth_type = SRTP_HMAC_SHA1; >- p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >- p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ >- p->sec_serv = sec_serv_conf_and_auth; >- >-} >- >-void >-srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p) { >- >- p->cipher_type = SRTP_AES_ICM_128; >- p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */ >- p->auth_type = SRTP_HMAC_SHA1; >- p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >- p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ >- p->sec_serv = sec_serv_conf_and_auth; >- >+void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p) >+{ >+ p->cipher_type = SRTP_AES_ICM_128; >+ p->cipher_key_len = >+ SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */ >+ p->auth_type = SRTP_HMAC_SHA1; >+ p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >+ p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ >+ p->sec_serv = sec_serv_conf_and_auth; > } > >-void >-srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p) { >- >- /* >- * corresponds to RFC 4568 >- * >- * note that this crypto policy is intended for SRTP, but not SRTCP >- */ >- >- p->cipher_type = SRTP_AES_ICM_128; >- p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */ >- p->auth_type = SRTP_HMAC_SHA1; >- p->auth_key_len = 20; /* 160 bit key */ >- p->auth_tag_len = 4; /* 32 bit tag */ >- p->sec_serv = sec_serv_conf_and_auth; >- >+void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p) >+{ >+ p->cipher_type = SRTP_AES_ICM_128; >+ p->cipher_key_len = >+ SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */ >+ p->auth_type = SRTP_HMAC_SHA1; >+ p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >+ p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ >+ p->sec_serv = sec_serv_conf_and_auth; > } > >+void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p) >+{ >+ /* >+ * corresponds to RFC 4568 >+ * >+ * note that this crypto policy is intended for SRTP, but not SRTCP >+ */ > >-void >-srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p) { >- >- /* >- * corresponds to RFC 4568 >- * >- * note that this crypto policy is intended for SRTP, but not SRTCP >- */ >- >- p->cipher_type = SRTP_AES_ICM_128; >- p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */ >- p->auth_type = SRTP_NULL_AUTH; >- p->auth_key_len = 0; >- p->auth_tag_len = 0; >- p->sec_serv = sec_serv_conf; >- >+ p->cipher_type = SRTP_AES_ICM_128; >+ p->cipher_key_len = >+ SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */ >+ p->auth_type = SRTP_HMAC_SHA1; >+ p->auth_key_len = 20; /* 160 bit key */ >+ p->auth_tag_len = 4; /* 32 bit tag */ >+ p->sec_serv = sec_serv_conf_and_auth; > } > >+void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p) >+{ >+ /* >+ * corresponds to RFC 4568 >+ * >+ * note that this crypto policy is intended for SRTP, but not SRTCP >+ */ > >-void >-srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p) { >- >- /* >- * corresponds to RFC 4568 >- */ >- >- p->cipher_type = SRTP_NULL_CIPHER; >- p->cipher_key_len = 0; >- p->auth_type = SRTP_HMAC_SHA1; >- p->auth_key_len = 20; >- p->auth_tag_len = 10; >- p->sec_serv = sec_serv_auth; >- >+ p->cipher_type = SRTP_AES_ICM_128; >+ p->cipher_key_len = >+ SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */ >+ p->auth_type = SRTP_NULL_AUTH; >+ p->auth_key_len = 0; >+ p->auth_tag_len = 0; >+ p->sec_serv = sec_serv_conf; > } > >-void >-srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p) { >- >- /* >- * Should only be used for testing >- */ >+void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p) >+{ >+ /* >+ * corresponds to RFC 4568 >+ */ > >- p->cipher_type = SRTP_NULL_CIPHER; >- p->cipher_key_len = 0; >- p->auth_type = SRTP_NULL_AUTH; >- p->auth_key_len = 0; >- p->auth_tag_len = 0; >- p->sec_serv = sec_serv_none; >- >+ p->cipher_type = SRTP_NULL_CIPHER; >+ p->cipher_key_len = 0; >+ p->auth_type = SRTP_HMAC_SHA1; >+ p->auth_key_len = 20; >+ p->auth_tag_len = 10; >+ p->sec_serv = sec_serv_auth; > } > >+void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p) >+{ >+ /* >+ * Should only be used for testing >+ */ > >-void >-srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p) { >- >- /* >- * corresponds to RFC 6188 >- */ >- >- p->cipher_type = SRTP_AES_ICM_256; >- p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; >- p->auth_type = SRTP_HMAC_SHA1; >- p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >- p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ >- p->sec_serv = sec_serv_conf_and_auth; >+ p->cipher_type = SRTP_NULL_CIPHER; >+ p->cipher_key_len = 0; >+ p->auth_type = SRTP_NULL_AUTH; >+ p->auth_key_len = 0; >+ p->auth_tag_len = 0; >+ p->sec_serv = sec_serv_none; > } > >+void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p) >+{ >+ /* >+ * corresponds to RFC 6188 >+ */ > >-void >-srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p) { >+ p->cipher_type = SRTP_AES_ICM_256; >+ p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; >+ p->auth_type = SRTP_HMAC_SHA1; >+ p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >+ p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ >+ p->sec_serv = sec_serv_conf_and_auth; >+} > >- /* >- * corresponds to RFC 6188 >- * >- * note that this crypto policy is intended for SRTP, but not SRTCP >- */ >+void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p) >+{ >+ /* >+ * corresponds to RFC 6188 >+ * >+ * note that this crypto policy is intended for SRTP, but not SRTCP >+ */ > >- p->cipher_type = SRTP_AES_ICM_256; >- p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; >- p->auth_type = SRTP_HMAC_SHA1; >- p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >- p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ >- p->sec_serv = sec_serv_conf_and_auth; >+ p->cipher_type = SRTP_AES_ICM_256; >+ p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; >+ p->auth_type = SRTP_HMAC_SHA1; >+ p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >+ p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ >+ p->sec_serv = sec_serv_conf_and_auth; > } > > /* > * AES-256 with no authentication. > */ >-void >-srtp_crypto_policy_set_aes_cm_256_null_auth (srtp_crypto_policy_t *p) >+void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p) > { >- p->cipher_type = SRTP_AES_ICM_256; >- p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; >- p->auth_type = SRTP_NULL_AUTH; >- p->auth_key_len = 0; >- p->auth_tag_len = 0; >- p->sec_serv = sec_serv_conf; >+ p->cipher_type = SRTP_AES_ICM_256; >+ p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; >+ p->auth_type = SRTP_NULL_AUTH; >+ p->auth_key_len = 0; >+ p->auth_tag_len = 0; >+ p->sec_serv = sec_serv_conf; > } > > #ifdef OPENSSL >-void >-srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p) { >- >- /* >- * corresponds to RFC 6188 >- */ >- >- p->cipher_type = SRTP_AES_ICM_192; >- p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; >- p->auth_type = SRTP_HMAC_SHA1; >- p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >- p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ >- p->sec_serv = sec_serv_conf_and_auth; >-} >- >+void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p) >+{ >+ /* >+ * corresponds to RFC 6188 >+ */ > >-void >-srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p) { >+ p->cipher_type = SRTP_AES_ICM_192; >+ p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; >+ p->auth_type = SRTP_HMAC_SHA1; >+ p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >+ p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ >+ p->sec_serv = sec_serv_conf_and_auth; >+} > >- /* >- * corresponds to RFC 6188 >- * >- * note that this crypto policy is intended for SRTP, but not SRTCP >- */ >+void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p) >+{ >+ /* >+ * corresponds to RFC 6188 >+ * >+ * note that this crypto policy is intended for SRTP, but not SRTCP >+ */ > >- p->cipher_type = SRTP_AES_ICM_192; >- p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; >- p->auth_type = SRTP_HMAC_SHA1; >- p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >- p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ >- p->sec_serv = sec_serv_conf_and_auth; >+ p->cipher_type = SRTP_AES_ICM_192; >+ p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; >+ p->auth_type = SRTP_HMAC_SHA1; >+ p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ >+ p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ >+ p->sec_serv = sec_serv_conf_and_auth; > } > > /* > * AES-192 with no authentication. > */ >-void >-srtp_crypto_policy_set_aes_cm_192_null_auth (srtp_crypto_policy_t *p) >+void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p) > { >- p->cipher_type = SRTP_AES_ICM_192; >- p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; >- p->auth_type = SRTP_NULL_AUTH; >- p->auth_key_len = 0; >- p->auth_tag_len = 0; >- p->sec_serv = sec_serv_conf; >+ p->cipher_type = SRTP_AES_ICM_192; >+ p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; >+ p->auth_type = SRTP_NULL_AUTH; >+ p->auth_key_len = 0; >+ p->auth_tag_len = 0; >+ p->sec_serv = sec_serv_conf; > } > > /* >- * AES-128 GCM mode with 8 octet auth tag. >+ * AES-128 GCM mode with 8 octet auth tag. > */ >-void >-srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p) { >- p->cipher_type = SRTP_AES_GCM_128; >- p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; >- p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >- p->auth_key_len = 0; >- p->auth_tag_len = 8; /* 8 octet tag length */ >- p->sec_serv = sec_serv_conf_and_auth; >+void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p) >+{ >+ p->cipher_type = SRTP_AES_GCM_128; >+ p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; >+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >+ p->auth_key_len = 0; >+ p->auth_tag_len = 8; /* 8 octet tag length */ >+ p->sec_serv = sec_serv_conf_and_auth; > } > > /* >- * AES-256 GCM mode with 8 octet auth tag. >+ * AES-256 GCM mode with 8 octet auth tag. > */ >-void >-srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p) { >- p->cipher_type = SRTP_AES_GCM_256; >- p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; >- p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >- p->auth_key_len = 0; >- p->auth_tag_len = 8; /* 8 octet tag length */ >- p->sec_serv = sec_serv_conf_and_auth; >+void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p) >+{ >+ p->cipher_type = SRTP_AES_GCM_256; >+ p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; >+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >+ p->auth_key_len = 0; >+ p->auth_tag_len = 8; /* 8 octet tag length */ >+ p->sec_serv = sec_serv_conf_and_auth; > } > > /* >- * AES-128 GCM mode with 8 octet auth tag, no RTCP encryption. >+ * AES-128 GCM mode with 8 octet auth tag, no RTCP encryption. > */ >-void >-srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p) { >- p->cipher_type = SRTP_AES_GCM_128; >- p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; >- p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >- p->auth_key_len = 0; >- p->auth_tag_len = 8; /* 8 octet tag length */ >- p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ >+void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p) >+{ >+ p->cipher_type = SRTP_AES_GCM_128; >+ p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; >+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >+ p->auth_key_len = 0; >+ p->auth_tag_len = 8; /* 8 octet tag length */ >+ p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ > } > > /* >- * AES-256 GCM mode with 8 octet auth tag, no RTCP encryption. >+ * AES-256 GCM mode with 8 octet auth tag, no RTCP encryption. > */ >-void >-srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p) { >- p->cipher_type = SRTP_AES_GCM_256; >- p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; >- p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >- p->auth_key_len = 0; >- p->auth_tag_len = 8; /* 8 octet tag length */ >- p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ >+void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p) >+{ >+ p->cipher_type = SRTP_AES_GCM_256; >+ p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; >+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >+ p->auth_key_len = 0; >+ p->auth_tag_len = 8; /* 8 octet tag length */ >+ p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ > } > > /* >- * AES-128 GCM mode with 16 octet auth tag. >+ * AES-128 GCM mode with 16 octet auth tag. > */ >-void >-srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p) { >- p->cipher_type = SRTP_AES_GCM_128; >- p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; >- p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >- p->auth_key_len = 0; >- p->auth_tag_len = 16; /* 16 octet tag length */ >- p->sec_serv = sec_serv_conf_and_auth; >+void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p) >+{ >+ p->cipher_type = SRTP_AES_GCM_128; >+ p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; >+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >+ p->auth_key_len = 0; >+ p->auth_tag_len = 16; /* 16 octet tag length */ >+ p->sec_serv = sec_serv_conf_and_auth; > } > > /* >- * AES-256 GCM mode with 16 octet auth tag. >+ * AES-256 GCM mode with 16 octet auth tag. > */ >-void >-srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) { >- p->cipher_type = SRTP_AES_GCM_256; >- p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; >- p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >- p->auth_key_len = 0; >- p->auth_tag_len = 16; /* 16 octet tag length */ >- p->sec_serv = sec_serv_conf_and_auth; >+void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) >+{ >+ p->cipher_type = SRTP_AES_GCM_256; >+ p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; >+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ >+ p->auth_key_len = 0; >+ p->auth_tag_len = 16; /* 16 octet tag length */ >+ p->sec_serv = sec_serv_conf_and_auth; > } > > #endif > >-/* >+/* > * secure rtcp functions > */ > >@@ -3420,7 +3433,7 @@ srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) { > * +--+--+--+--+--+--+--+--+--+--+--+--+* > * > * Input: *session_keys - pointer to SRTP stream context session keys, >- * used to retrieve the SALT >+ * used to retrieve the SALT > * *iv - Pointer to recieve the calculated IV > * seq_num - The SEQ value to use for the IV calculation. > * *hdr - The RTP header, used to get the SSRC value >@@ -3429,12 +3442,14 @@ srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) { > * if seq_num is invalid > * > */ >-static srtp_err_status_t >-srtp_calc_aead_iv_srtcp(srtp_session_keys_t *session_keys, v128_t *iv, >- uint32_t seq_num, srtcp_hdr_t *hdr) >+static srtp_err_status_t srtp_calc_aead_iv_srtcp( >+ srtp_session_keys_t *session_keys, >+ v128_t *iv, >+ uint32_t seq_num, >+ srtcp_hdr_t *hdr) > { >- v128_t in; >- v128_t salt; >+ v128_t in; >+ v128_t salt; > > memset(&in, 0, sizeof(v128_t)); > memset(&salt, 0, sizeof(v128_t)); >@@ -3450,40 +3465,215 @@ srtp_calc_aead_iv_srtcp(srtp_session_keys_t *session_keys, v128_t *iv, > if (seq_num & 0x80000000UL) { > return srtp_err_status_bad_param; > } >- in.v32[2] = htonl(seq_num); >- >- debug_print(mod_srtp, "Pre-salted RTCP IV = %s\n", v128_hex_string(&in)); >+ in.v32[2] = htonl(seq_num); >+ >+ debug_print(mod_srtp, "Pre-salted RTCP IV = %s\n", v128_hex_string(&in)); >+ >+ /* >+ * Get the SALT value from the context >+ */ >+ memcpy(salt.v8, session_keys->c_salt, 12); >+ debug_print(mod_srtp, "RTCP SALT = %s\n", v128_hex_string(&salt)); >+ >+ /* >+ * Finally, apply the SALT to the input >+ */ >+ v128_xor(iv, &in, &salt); >+ >+ return srtp_err_status_ok; >+} >+ >+/* >+ * This code handles AEAD ciphers for outgoing RTCP. We currently support >+ * AES-GCM mode with 128 or 256 bit keys. >+ */ >+static srtp_err_status_t srtp_protect_rtcp_aead( >+ srtp_t ctx, >+ srtp_stream_ctx_t *stream, >+ void *rtcp_hdr, >+ unsigned int *pkt_octet_len, >+ srtp_session_keys_t *session_keys, >+ unsigned int use_mki) >+{ >+ srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; >+ uint32_t *enc_start; /* pointer to start of encrypted portion */ >+ uint32_t *trailer; /* pointer to start of trailer */ >+ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ >+ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >+ srtp_err_status_t status; >+ uint32_t tag_len; >+ uint32_t seq_num; >+ v128_t iv; >+ uint32_t tseq; >+ unsigned int mki_size = 0; >+ >+ /* get tag length from stream context */ >+ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); >+ >+ /* >+ * set encryption start and encryption length - if we're not >+ * providing confidentiality, set enc_start to NULL >+ */ >+ enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; >+ enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; >+ >+ /* NOTE: hdr->length is not usable - it refers to only the first >+ * RTCP report in the compound packet! >+ */ >+ /* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always >+ * multiples of 32-bits (RFC 3550 6.1) >+ */ >+ trailer = (uint32_t *)((char *)enc_start + enc_octet_len + tag_len); >+ >+ if (stream->rtcp_services & sec_serv_conf) { >+ *trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ >+ } else { >+ enc_start = NULL; >+ enc_octet_len = 0; >+ /* 0 is network-order independant */ >+ *trailer = 0x00000000; /* set encrypt bit */ >+ } >+ >+ mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + tag_len + >+ sizeof(srtcp_trailer_t), >+ session_keys, use_mki); >+ >+ /* >+ * set the auth_tag pointer to the proper location, which is after >+ * the payload, but before the trailer >+ * (note that srtpc *always* provides authentication, unlike srtp) >+ */ >+ /* Note: This would need to change for optional mikey data */ >+ auth_tag = (uint8_t *)hdr + *pkt_octet_len; >+ >+ /* >+ * check sequence number for overruns, and copy it into the packet >+ * if its value isn't too big >+ */ >+ status = srtp_rdb_increment(&stream->rtcp_rdb); >+ if (status) { >+ return status; >+ } >+ seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); >+ *trailer |= htonl(seq_num); >+ debug_print(mod_srtp, "srtcp index: %x", seq_num); >+ >+ /* >+ * Calculate and set the IV >+ */ >+ status = srtp_calc_aead_iv_srtcp(session_keys, &iv, seq_num, hdr); >+ if (status) { >+ return srtp_err_status_cipher_fail; >+ } >+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv, >+ srtp_direction_encrypt); >+ if (status) { >+ return srtp_err_status_cipher_fail; >+ } >+ >+ /* >+ * Set the AAD for GCM mode >+ */ >+ if (enc_start) { >+ /* >+ * If payload encryption is enabled, then the AAD consist of >+ * the RTCP header and the seq# at the end of the packet >+ */ >+ status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)hdr, >+ octets_in_rtcp_header); >+ if (status) { >+ return (srtp_err_status_cipher_fail); >+ } >+ } else { >+ /* >+ * Since payload encryption is not enabled, we must authenticate >+ * the entire packet as described in RFC 7714 (Section 9.3. Data >+ * Types in Unencrypted SRTCP Compound Packets) >+ */ >+ status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)hdr, >+ *pkt_octet_len); >+ if (status) { >+ return (srtp_err_status_cipher_fail); >+ } >+ } >+ /* >+ * Process the sequence# as AAD >+ */ >+ tseq = *trailer; >+ status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)&tseq, >+ sizeof(srtcp_trailer_t)); >+ if (status) { >+ return (srtp_err_status_cipher_fail); >+ } >+ >+ /* if we're encrypting, exor keystream into the message */ >+ if (enc_start) { >+ status = srtp_cipher_encrypt(session_keys->rtcp_cipher, >+ (uint8_t *)enc_start, &enc_octet_len); >+ if (status) { >+ return srtp_err_status_cipher_fail; >+ } >+ /* >+ * Get the tag and append that to the output >+ */ >+ status = srtp_cipher_get_tag(session_keys->rtcp_cipher, >+ (uint8_t *)auth_tag, &tag_len); >+ if (status) { >+ return (srtp_err_status_cipher_fail); >+ } >+ enc_octet_len += tag_len; >+ } else { >+ /* >+ * Even though we're not encrypting the payload, we need >+ * to run the cipher to get the auth tag. >+ */ >+ unsigned int nolen = 0; >+ status = srtp_cipher_encrypt(session_keys->rtcp_cipher, NULL, &nolen); >+ if (status) { >+ return srtp_err_status_cipher_fail; >+ } >+ /* >+ * Get the tag and append that to the output >+ */ >+ status = srtp_cipher_get_tag(session_keys->rtcp_cipher, >+ (uint8_t *)auth_tag, &tag_len); >+ if (status) { >+ return (srtp_err_status_cipher_fail); >+ } >+ enc_octet_len += tag_len; >+ } > >- /* >- * Get the SALT value from the context >- */ >- memcpy(salt.v8, session_keys->c_salt, 12); >- debug_print(mod_srtp, "RTCP SALT = %s\n", v128_hex_string(&salt)); >+ /* increase the packet length by the length of the auth tag and seq_num*/ >+ *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); > >- /* >- * Finally, apply the SALT to the input >- */ >- v128_xor(iv, &in, &salt); >+ /* increase the packet by the mki_size */ >+ *pkt_octet_len += mki_size; > > return srtp_err_status_ok; > } > > /* >- * This code handles AEAD ciphers for outgoing RTCP. We currently support >- * AES-GCM mode with 128 or 256 bit keys. >+ * This function handles incoming SRTCP packets while in AEAD mode, >+ * which currently supports AES-GCM encryption. Note, the auth tag is >+ * at the end of the packet stream and is automatically checked by GCM >+ * when decrypting the payload. > */ >-static srtp_err_status_t >-srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, >- void *rtcp_hdr, unsigned int *pkt_octet_len, >- srtp_session_keys_t *session_keys, unsigned int use_mki) >+static srtp_err_status_t srtp_unprotect_rtcp_aead( >+ srtp_t ctx, >+ srtp_stream_ctx_t *stream, >+ void *srtcp_hdr, >+ unsigned int *pkt_octet_len, >+ srtp_session_keys_t *session_keys, >+ unsigned int use_mki) > { >- srtcp_hdr_t *hdr = (srtcp_hdr_t*)rtcp_hdr; >- uint32_t *enc_start; /* pointer to start of encrypted portion */ >- uint32_t *trailer; /* pointer to start of trailer */ >+ srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; >+ uint32_t *enc_start; /* pointer to start of encrypted portion */ >+ uint32_t *trailer; /* pointer to start of trailer */ > unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ >- uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >+ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ > srtp_err_status_t status; >- uint32_t tag_len; >+ int tag_len; >+ unsigned int tmp_len; > uint32_t seq_num; > v128_t iv; > uint32_t tseq; >@@ -3492,50 +3682,49 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, > /* get tag length from stream context */ > tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); > >+ if (use_mki) { >+ mki_size = session_keys->mki_size; >+ } >+ > /* >- * set encryption start and encryption length - if we're not >- * providing confidentiality, set enc_start to NULL >+ * set encryption start, encryption length, and trailer > */ >- enc_start = (uint32_t*)hdr + uint32s_in_rtcp_header; >- enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; >- >- /* NOTE: hdr->length is not usable - it refers to only the first >- RTCP report in the compound packet! */ >- /* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always >- multiples of 32-bits (RFC 3550 6.1) */ >- trailer = (uint32_t*)((char*)enc_start + enc_octet_len + tag_len); >+ /* index & E (encryption) bit follow normal data. hdr->len is the number of >+ * words (32-bit) in the normal packet minus 1 >+ */ >+ /* This should point trailer to the word past the end of the normal data. */ >+ /* This would need to be modified for optional mikey data */ >+ /* >+ * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always >+ * multiples of 32-bits (RFC 3550 6.1) >+ */ >+ trailer = (uint32_t *)((char *)hdr + *pkt_octet_len - >+ sizeof(srtcp_trailer_t) - mki_size); >+ /* >+ * We pass the tag down to the cipher when doing GCM mode >+ */ >+ enc_octet_len = *pkt_octet_len - (octets_in_rtcp_header + >+ sizeof(srtcp_trailer_t) + mki_size); >+ auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len - mki_size - >+ sizeof(srtcp_trailer_t); > >- if (stream->rtcp_services & sec_serv_conf) { >- *trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ >+ if (*((unsigned char *)trailer) & SRTCP_E_BYTE_BIT) { >+ enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; > } else { >- enc_start = NULL; > enc_octet_len = 0; >- /* 0 is network-order independant */ >- *trailer = 0x00000000; /* set encrypt bit */ >+ enc_start = NULL; /* this indicates that there's no encryption */ > } > >- mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + tag_len + sizeof(srtcp_trailer_t), >- session_keys, use_mki); >- >- /* >- * set the auth_tag pointer to the proper location, which is after >- * the payload, but before the trailer >- * (note that srtpc *always* provides authentication, unlike srtp) >- */ >- /* Note: This would need to change for optional mikey data */ >- auth_tag = (uint8_t*)hdr + *pkt_octet_len; >- > /* >- * check sequence number for overruns, and copy it into the packet >- * if its value isn't too big >+ * check the sequence number for replays > */ >- status = srtp_rdb_increment(&stream->rtcp_rdb); >+ /* this is easier than dealing with bitfield access */ >+ seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; >+ debug_print(mod_srtp, "srtcp index: %x", seq_num); >+ status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); > if (status) { > return status; > } >- seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); >- *trailer |= htonl(seq_num); >- debug_print(mod_srtp, "srtcp index: %x", seq_num); > > /* > * Calculate and set the IV >@@ -3544,8 +3733,8 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, > if (status) { > return srtp_err_status_cipher_fail; > } >- status = srtp_cipher_set_iv(session_keys->rtcp_cipher, >- (uint8_t*)&iv, srtp_direction_encrypt); >+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv, >+ srtp_direction_decrypt); > if (status) { > return srtp_err_status_cipher_fail; > } >@@ -3558,10 +3747,10 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, > * If payload encryption is enabled, then the AAD consist of > * the RTCP header and the seq# at the end of the packet > */ >- status = srtp_cipher_set_aad(session_keys->rtcp_cipher, >- (uint8_t*)hdr, octets_in_rtcp_header); >+ status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)hdr, >+ octets_in_rtcp_header); > if (status) { >- return ( srtp_err_status_cipher_fail); >+ return (srtp_err_status_cipher_fail); > } > } else { > /* >@@ -3569,59 +3758,322 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, > * the entire packet as described in RFC 7714 (Section 9.3. Data > * Types in Unencrypted SRTCP Compound Packets) > */ >- status = srtp_cipher_set_aad(session_keys->rtcp_cipher, >- (uint8_t*)hdr, *pkt_octet_len); >+ status = srtp_cipher_set_aad( >+ session_keys->rtcp_cipher, (uint8_t *)hdr, >+ (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t) - mki_size)); > if (status) { >- return ( srtp_err_status_cipher_fail); >+ return (srtp_err_status_cipher_fail); > } > } >+ > /* > * Process the sequence# as AAD > */ > tseq = *trailer; >- status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t*)&tseq, >+ status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)&tseq, > sizeof(srtcp_trailer_t)); > if (status) { >- return ( srtp_err_status_cipher_fail); >+ return (srtp_err_status_cipher_fail); > } > >- /* if we're encrypting, exor keystream into the message */ >+ /* if we're decrypting, exor keystream into the message */ > if (enc_start) { >- status = srtp_cipher_encrypt(session_keys->rtcp_cipher, >- (uint8_t*)enc_start, &enc_octet_len); >+ status = srtp_cipher_decrypt(session_keys->rtcp_cipher, >+ (uint8_t *)enc_start, &enc_octet_len); > if (status) { >- return srtp_err_status_cipher_fail; >+ return status; > } >+ } else { > /* >- * Get the tag and append that to the output >+ * Still need to run the cipher to check the tag > */ >- status = srtp_cipher_get_tag(session_keys->rtcp_cipher, (uint8_t*)auth_tag, >- &tag_len); >+ tmp_len = tag_len; >+ status = srtp_cipher_decrypt(session_keys->rtcp_cipher, >+ (uint8_t *)auth_tag, &tmp_len); > if (status) { >- return ( srtp_err_status_cipher_fail); >+ return status; > } >- enc_octet_len += tag_len; >- } else { >+ } >+ >+ /* decrease the packet length by the length of the auth tag and seq_num*/ >+ *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t) + mki_size); >+ >+ /* >+ * verify that stream is for received traffic - this check will >+ * detect SSRC collisions, since a stream that appears in both >+ * srtp_protect() and srtp_unprotect() will fail this test in one of >+ * those functions. >+ * >+ * we do this check *after* the authentication check, so that the >+ * latter check will catch any attempts to fool us into thinking >+ * that we've got a collision >+ */ >+ if (stream->direction != dir_srtp_receiver) { >+ if (stream->direction == dir_unknown) { >+ stream->direction = dir_srtp_receiver; >+ } else { >+ srtp_handle_event(ctx, stream, event_ssrc_collision); >+ } >+ } >+ >+ /* >+ * if the stream is a 'provisional' one, in which the template context >+ * is used, then we need to allocate a new stream at this point, since >+ * the authentication passed >+ */ >+ if (stream == ctx->stream_template) { >+ srtp_stream_ctx_t *new_stream; >+ > /* >- * Even though we're not encrypting the payload, we need >- * to run the cipher to get the auth tag. >+ * allocate and initialize a new stream >+ * >+ * note that we indicate failure if we can't allocate the new >+ * stream, and some implementations will want to not return >+ * failure here > */ >- unsigned int nolen = 0; >- status = srtp_cipher_encrypt(session_keys->rtcp_cipher, NULL, &nolen); >+ status = >+ srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); > if (status) { >+ return status; >+ } >+ >+ /* add new stream to the head of the stream_list */ >+ new_stream->next = ctx->stream_list; >+ ctx->stream_list = new_stream; >+ >+ /* set stream (the pointer used in this function) */ >+ stream = new_stream; >+ } >+ >+ /* we've passed the authentication check, so add seq_num to the rdb */ >+ srtp_rdb_add_index(&stream->rtcp_rdb, seq_num); >+ >+ return srtp_err_status_ok; >+} >+ >+srtp_err_status_t srtp_protect_rtcp(srtp_t ctx, >+ void *rtcp_hdr, >+ int *pkt_octet_len) >+{ >+ return srtp_protect_rtcp_mki(ctx, rtcp_hdr, pkt_octet_len, 0, 0); >+} >+ >+srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, >+ void *rtcp_hdr, >+ int *pkt_octet_len, >+ unsigned int use_mki, >+ unsigned int mki_index) >+{ >+ srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; >+ uint32_t *enc_start; /* pointer to start of encrypted portion */ >+ uint32_t *auth_start; /* pointer to start of auth. portion */ >+ uint32_t *trailer; /* pointer to start of trailer */ >+ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ >+ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >+ srtp_err_status_t status; >+ int tag_len; >+ srtp_stream_ctx_t *stream; >+ uint32_t prefix_len; >+ uint32_t seq_num; >+ unsigned int mki_size = 0; >+ srtp_session_keys_t *session_keys = NULL; >+ >+ /* we assume the hdr is 32-bit aligned to start */ >+ >+ /* check the packet length - it must at least contain a full header */ >+ if (*pkt_octet_len < octets_in_rtcp_header) >+ return srtp_err_status_bad_param; >+ >+ /* >+ * look up ssrc in srtp_stream list, and process the packet with >+ * the appropriate stream. if we haven't seen this stream before, >+ * there's only one key for this srtp_session, and the cipher >+ * supports key-sharing, then we assume that a new stream using >+ * that key has just started up >+ */ >+ stream = srtp_get_stream(ctx, hdr->ssrc); >+ if (stream == NULL) { >+ if (ctx->stream_template != NULL) { >+ srtp_stream_ctx_t *new_stream; >+ >+ /* allocate and initialize a new stream */ >+ status = >+ srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); >+ if (status) >+ return status; >+ >+ /* add new stream to the head of the stream_list */ >+ new_stream->next = ctx->stream_list; >+ ctx->stream_list = new_stream; >+ >+ /* set stream (the pointer used in this function) */ >+ stream = new_stream; >+ } else { >+ /* no template stream, so we return an error */ >+ return srtp_err_status_no_ctx; >+ } >+ } >+ >+ /* >+ * verify that stream is for sending traffic - this check will >+ * detect SSRC collisions, since a stream that appears in both >+ * srtp_protect() and srtp_unprotect() will fail this test in one of >+ * those functions. >+ */ >+ if (stream->direction != dir_srtp_sender) { >+ if (stream->direction == dir_unknown) { >+ stream->direction = dir_srtp_sender; >+ } else { >+ srtp_handle_event(ctx, stream, event_ssrc_collision); >+ } >+ } >+ >+ session_keys = >+ srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index); >+ >+ if (session_keys == NULL) >+ return srtp_err_status_bad_mki; >+ >+ /* >+ * Check if this is an AEAD stream (GCM mode). If so, then dispatch >+ * the request to our AEAD handler. >+ */ >+ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || >+ session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { >+ return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, >+ (unsigned int *)pkt_octet_len, >+ session_keys, use_mki); >+ } >+ >+ /* get tag length from stream context */ >+ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); >+ >+ /* >+ * set encryption start and encryption length - if we're not >+ * providing confidentiality, set enc_start to NULL >+ */ >+ enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; >+ enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; >+ >+ /* all of the packet, except the header, gets encrypted */ >+ /* >+ * NOTE: hdr->length is not usable - it refers to only the first RTCP report >+ * in the compound packet! >+ */ >+ /* >+ * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always >+ * multiples of 32-bits (RFC 3550 6.1) >+ */ >+ trailer = (uint32_t *)((char *)enc_start + enc_octet_len); >+ >+ if (stream->rtcp_services & sec_serv_conf) { >+ *trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ >+ } else { >+ enc_start = NULL; >+ enc_octet_len = 0; >+ /* 0 is network-order independant */ >+ *trailer = 0x00000000; /* set encrypt bit */ >+ } >+ >+ mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + >+ sizeof(srtcp_trailer_t), >+ session_keys, use_mki); >+ >+ /* >+ * set the auth_start and auth_tag pointers to the proper locations >+ * (note that srtpc *always* provides authentication, unlike srtp) >+ */ >+ /* Note: This would need to change for optional mikey data */ >+ auth_start = (uint32_t *)hdr; >+ auth_tag = >+ (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t) + mki_size; >+ >+ /* perform EKT processing if needed */ >+ srtp_ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len, >+ srtp_rdbx_get_packet_index(&stream->rtp_rdbx)); >+ >+ /* >+ * check sequence number for overruns, and copy it into the packet >+ * if its value isn't too big >+ */ >+ status = srtp_rdb_increment(&stream->rtcp_rdb); >+ if (status) >+ return status; >+ seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); >+ *trailer |= htonl(seq_num); >+ debug_print(mod_srtp, "srtcp index: %x", seq_num); >+ >+ /* >+ * if we're using rindael counter mode, set nonce and seq >+ */ >+ if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 || >+ session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 || >+ session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) { >+ v128_t iv; >+ >+ iv.v32[0] = 0; >+ iv.v32[1] = hdr->ssrc; /* still in network order! */ >+ iv.v32[2] = htonl(seq_num >> 16); >+ iv.v32[3] = htonl(seq_num << 16); >+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv, >+ srtp_direction_encrypt); >+ >+ } else { >+ v128_t iv; >+ >+ /* otherwise, just set the index to seq_num */ >+ iv.v32[0] = 0; >+ iv.v32[1] = 0; >+ iv.v32[2] = 0; >+ iv.v32[3] = htonl(seq_num); >+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv, >+ srtp_direction_encrypt); >+ } >+ if (status) >+ return srtp_err_status_cipher_fail; >+ >+ /* >+ * if we're authenticating using a universal hash, put the keystream >+ * prefix into the authentication tag >+ */ >+ >+ /* if auth_start is non-null, then put keystream into tag */ >+ if (auth_start) { >+ /* put keystream prefix into auth_tag */ >+ prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth); >+ status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, >+ &prefix_len); >+ >+ debug_print(mod_srtp, "keystream prefix: %s", >+ srtp_octet_string_hex_string(auth_tag, prefix_len)); >+ >+ if (status) >+ return srtp_err_status_cipher_fail; >+ } >+ >+ /* if we're encrypting, exor keystream into the message */ >+ if (enc_start) { >+ status = srtp_cipher_encrypt(session_keys->rtcp_cipher, >+ (uint8_t *)enc_start, &enc_octet_len); >+ if (status) > return srtp_err_status_cipher_fail; >- } >- /* >- * Get the tag and append that to the output >- */ >- status = srtp_cipher_get_tag(session_keys->rtcp_cipher, (uint8_t*)auth_tag, >- &tag_len); >- if (status) { >- return ( srtp_err_status_cipher_fail); >- } >- enc_octet_len += tag_len; > } > >+ /* initialize auth func context */ >+ srtp_auth_start(session_keys->rtcp_auth); >+ >+ /* >+ * run auth func over packet (including trailer), and write the >+ * result at auth_tag >+ */ >+ status = >+ srtp_auth_compute(session_keys->rtcp_auth, (uint8_t *)auth_start, >+ (*pkt_octet_len) + sizeof(srtcp_trailer_t), auth_tag); >+ debug_print(mod_srtp, "srtcp auth tag: %s", >+ srtp_octet_string_hex_string(auth_tag, tag_len)); >+ if (status) >+ return srtp_err_status_auth_fail; >+ > /* increase the packet length by the length of the auth tag and seq_num*/ > *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); > >@@ -3631,64 +4083,186 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, > return srtp_err_status_ok; > } > >-/* >- * This function handles incoming SRTCP packets while in AEAD mode, >- * which currently supports AES-GCM encryption. Note, the auth tag is >- * at the end of the packet stream and is automatically checked by GCM >- * when decrypting the payload. >- */ >-static srtp_err_status_t >-srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, >- void *srtcp_hdr, unsigned int *pkt_octet_len, >- srtp_session_keys_t *session_keys, unsigned int use_mki) >+srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, >+ void *srtcp_hdr, >+ int *pkt_octet_len) >+{ >+ return srtp_unprotect_rtcp_mki(ctx, srtcp_hdr, pkt_octet_len, 0); >+} >+ >+srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, >+ void *srtcp_hdr, >+ int *pkt_octet_len, >+ unsigned int use_mki) > { >- srtcp_hdr_t *hdr = (srtcp_hdr_t*)srtcp_hdr; >- uint32_t *enc_start; /* pointer to start of encrypted portion */ >- uint32_t *trailer; /* pointer to start of trailer */ >+ srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; >+ uint32_t *enc_start; /* pointer to start of encrypted portion */ >+ uint32_t *auth_start; /* pointer to start of auth. portion */ >+ uint32_t *trailer; /* pointer to start of trailer */ > unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ >- uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >+ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >+ uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; >+ uint8_t tag_copy[SRTP_MAX_TAG_LEN]; > srtp_err_status_t status; >+ unsigned int auth_len; > int tag_len; >- unsigned int tmp_len; >+ srtp_stream_ctx_t *stream; >+ uint32_t prefix_len; > uint32_t seq_num; >- v128_t iv; >- uint32_t tseq; >+ int e_bit_in_packet; /* whether the E-bit was found in the packet */ >+ int sec_serv_confidentiality; /* whether confidentiality was requested */ > unsigned int mki_size = 0; >+ srtp_session_keys_t *session_keys = NULL; >+ >+ /* we assume the hdr is 32-bit aligned to start */ >+ >+ if (*pkt_octet_len < 0) >+ return srtp_err_status_bad_param; >+ >+ /* >+ * check that the length value is sane; we'll check again once we >+ * know the tag length, but we at least want to know that it is >+ * a positive value >+ */ >+ if ((unsigned int)(*pkt_octet_len) < >+ octets_in_rtcp_header + sizeof(srtcp_trailer_t)) >+ return srtp_err_status_bad_param; >+ >+ /* >+ * look up ssrc in srtp_stream list, and process the packet with >+ * the appropriate stream. if we haven't seen this stream before, >+ * there's only one key for this srtp_session, and the cipher >+ * supports key-sharing, then we assume that a new stream using >+ * that key has just started up >+ */ >+ stream = srtp_get_stream(ctx, hdr->ssrc); >+ if (stream == NULL) { >+ if (ctx->stream_template != NULL) { >+ stream = ctx->stream_template; >+ >+ /* >+ * check to see if stream_template has an EKT data structure, in >+ * which case we initialize the template using the EKT policy >+ * referenced by that data (which consists of decrypting the >+ * master key from the EKT field) >+ * >+ * this function initializes a *provisional* stream, and this >+ * stream should not be accepted until and unless the packet >+ * passes its authentication check >+ */ >+ if (stream->ekt != NULL) { >+ status = srtp_stream_init_from_ekt(stream, srtcp_hdr, >+ *pkt_octet_len); >+ if (status) >+ return status; >+ } >+ >+ debug_print(mod_srtp, >+ "srtcp using provisional stream (SSRC: 0x%08x)", >+ ntohl(hdr->ssrc)); >+ } else { >+ /* no template stream, so we return an error */ >+ return srtp_err_status_no_ctx; >+ } >+ } >+ >+ /* >+ * Determine if MKI is being used and what session keys should be used >+ */ >+ if (use_mki) { >+ session_keys = srtp_get_session_keys( >+ stream, (uint8_t *)hdr, (const unsigned int *)pkt_octet_len, >+ &mki_size); >+ >+ if (session_keys == NULL) >+ return srtp_err_status_bad_mki; >+ } else { >+ session_keys = &stream->session_keys[0]; >+ } > > /* get tag length from stream context */ > tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); > >- if (use_mki) { >- mki_size = session_keys->mki_size; >+ /* check the packet length - it must contain at least a full RTCP >+ header, an auth tag (if applicable), and the SRTCP encrypted flag >+ and 31-bit index value */ >+ if (*pkt_octet_len < (int)(octets_in_rtcp_header + tag_len + mki_size + >+ sizeof(srtcp_trailer_t))) { >+ return srtp_err_status_bad_param; >+ } >+ >+ /* >+ * Check if this is an AEAD stream (GCM mode). If so, then dispatch >+ * the request to our AEAD handler. >+ */ >+ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || >+ session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { >+ return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, >+ (unsigned int *)pkt_octet_len, >+ session_keys, mki_size); > } > >+ sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf || >+ stream->rtcp_services == sec_serv_conf_and_auth; >+ > /* > * set encryption start, encryption length, and trailer > */ >- /* index & E (encryption) bit follow normal data. hdr->len >- is the number of words (32-bit) in the normal packet minus 1 */ >- /* This should point trailer to the word past the end of the >- normal data. */ >- /* This would need to be modified for optional mikey data */ >+ enc_octet_len = *pkt_octet_len - (octets_in_rtcp_header + tag_len + >+ mki_size + sizeof(srtcp_trailer_t)); > /* >- * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always >- * multiples of 32-bits (RFC 3550 6.1) >+ *index & E (encryption) bit follow normal data. hdr->len is the number of >+ * words (32-bit) in the normal packet minus 1 > */ >- trailer = (uint32_t*)((char*)hdr + *pkt_octet_len - sizeof(srtcp_trailer_t) - mki_size); >+ /* This should point trailer to the word past the end of the normal data. */ >+ /* This would need to be modified for optional mikey data */ > /* >- * We pass the tag down to the cipher when doing GCM mode >+ * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always >+ * multiples of 32-bits (RFC 3550 6.1) > */ >- enc_octet_len = *pkt_octet_len - (octets_in_rtcp_header + >- sizeof(srtcp_trailer_t) + mki_size); >- auth_tag = (uint8_t*)hdr + *pkt_octet_len - tag_len - mki_size - sizeof(srtcp_trailer_t); >- >- if (*((unsigned char*)trailer) & SRTCP_E_BYTE_BIT) { >- enc_start = (uint32_t*)hdr + uint32s_in_rtcp_header; >+ trailer = (uint32_t *)((char *)hdr + *pkt_octet_len - >+ (tag_len + mki_size + sizeof(srtcp_trailer_t))); >+ e_bit_in_packet = >+ (*((unsigned char *)trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT; >+ if (e_bit_in_packet != sec_serv_confidentiality) { >+ return srtp_err_status_cant_check; >+ } >+ if (sec_serv_confidentiality) { >+ enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; > } else { > enc_octet_len = 0; > enc_start = NULL; /* this indicates that there's no encryption */ > } > >+ /* >+ * set the auth_start and auth_tag pointers to the proper locations >+ * (note that srtcp *always* uses authentication, unlike srtp) >+ */ >+ auth_start = (uint32_t *)hdr; >+ >+ /* >+ * The location of the auth tag in the packet needs to know MKI >+ * could be present. The data needed to calculate the Auth tag >+ * must not include the MKI >+ */ >+ auth_len = *pkt_octet_len - tag_len - mki_size; >+ auth_tag = (uint8_t *)hdr + auth_len + mki_size; >+ >+ /* >+ * if EKT is in use, then we make a copy of the tag from the packet, >+ * and then zeroize the location of the base tag >+ * >+ * we first re-position the auth_tag pointer so that it points to >+ * the base tag >+ */ >+ if (stream->ekt) { >+ auth_tag -= srtp_ekt_octets_after_base_tag(stream->ekt); >+ memcpy(tag_copy, auth_tag, tag_len); >+ octet_string_set_to_zero(auth_tag, tag_len); >+ auth_tag = tag_copy; >+ auth_len += tag_len; >+ } >+ > /* > * check the sequence number for replays > */ >@@ -3696,79 +4270,88 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, > seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; > debug_print(mod_srtp, "srtcp index: %x", seq_num); > status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); >- if (status) { >+ if (status) > return status; >- } > > /* >- * Calculate and set the IV >+ * if we're using aes counter mode, set nonce and seq > */ >- status = srtp_calc_aead_iv_srtcp(session_keys, &iv, seq_num, hdr); >- if (status) { >- return srtp_err_status_cipher_fail; >- } >- status = srtp_cipher_set_iv(session_keys->rtcp_cipher, >- (uint8_t*)&iv, srtp_direction_decrypt); >- if (status) { >- return srtp_err_status_cipher_fail; >- } >+ if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 || >+ session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 || >+ session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) { >+ v128_t iv; >+ >+ iv.v32[0] = 0; >+ iv.v32[1] = hdr->ssrc; /* still in network order! */ >+ iv.v32[2] = htonl(seq_num >> 16); >+ iv.v32[3] = htonl(seq_num << 16); >+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv, >+ srtp_direction_decrypt); > >- /* >- * Set the AAD for GCM mode >- */ >- if (enc_start) { >- /* >- * If payload encryption is enabled, then the AAD consist of >- * the RTCP header and the seq# at the end of the packet >- */ >- status = srtp_cipher_set_aad(session_keys->rtcp_cipher, >- (uint8_t*)hdr, octets_in_rtcp_header); >- if (status) { >- return ( srtp_err_status_cipher_fail); >- } > } else { >- /* >- * Since payload encryption is not enabled, we must authenticate >- * the entire packet as described in RFC 7714 (Section 9.3. Data >- * Types in Unencrypted SRTCP Compound Packets) >- */ >- status = srtp_cipher_set_aad( >- session_keys->rtcp_cipher, (uint8_t*)hdr, >- (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t) - mki_size)); >- if (status) { >- return ( srtp_err_status_cipher_fail); >- } >+ v128_t iv; >+ >+ /* otherwise, just set the index to seq_num */ >+ iv.v32[0] = 0; >+ iv.v32[1] = 0; >+ iv.v32[2] = 0; >+ iv.v32[3] = htonl(seq_num); >+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv, >+ srtp_direction_decrypt); > } >+ if (status) >+ return srtp_err_status_cipher_fail; >+ >+ /* initialize auth func context */ >+ srtp_auth_start(session_keys->rtcp_auth); >+ >+ /* run auth func over packet, put result into tmp_tag */ >+ status = srtp_auth_compute(session_keys->rtcp_auth, (uint8_t *)auth_start, >+ auth_len, tmp_tag); >+ debug_print(mod_srtp, "srtcp computed tag: %s", >+ srtp_octet_string_hex_string(tmp_tag, tag_len)); >+ if (status) >+ return srtp_err_status_auth_fail; >+ >+ /* compare the tag just computed with the one in the packet */ >+ debug_print(mod_srtp, "srtcp tag from packet: %s", >+ srtp_octet_string_hex_string(auth_tag, tag_len)); >+ if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) >+ return srtp_err_status_auth_fail; > > /* >- * Process the sequence# as AAD >+ * if we're authenticating using a universal hash, put the keystream >+ * prefix into the authentication tag > */ >- tseq = *trailer; >- status = srtp_cipher_set_aad(session_keys->rtcp_cipher, >- (uint8_t*)&tseq, sizeof(srtcp_trailer_t)); >- if (status) { >- return ( srtp_err_status_cipher_fail); >+ prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth); >+ if (prefix_len) { >+ status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, >+ &prefix_len); >+ debug_print(mod_srtp, "keystream prefix: %s", >+ srtp_octet_string_hex_string(auth_tag, prefix_len)); >+ if (status) >+ return srtp_err_status_cipher_fail; > } > > /* if we're decrypting, exor keystream into the message */ > if (enc_start) { >- status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t*)enc_start, &enc_octet_len); >- if (status) { >- return status; >- } >- } else { >- /* >- * Still need to run the cipher to check the tag >- */ >- tmp_len = tag_len; >- status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t*)auth_tag, &tmp_len); >- if (status) { >- return status; >- } >+ status = srtp_cipher_decrypt(session_keys->rtcp_cipher, >+ (uint8_t *)enc_start, &enc_octet_len); >+ if (status) >+ return srtp_err_status_cipher_fail; > } > >- /* decrease the packet length by the length of the auth tag and seq_num*/ >- *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t) + mki_size); >+ /* decrease the packet length by the length of the auth tag and seq_num */ >+ *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t)); >+ >+ /* decrease the packet length by the length of the mki_size */ >+ *pkt_octet_len -= mki_size; >+ >+ /* >+ * if EKT is in effect, subtract the EKT data out of the packet >+ * length >+ */ >+ *pkt_octet_len -= srtp_ekt_octets_after_base_tag(stream->ekt); > > /* > * verify that stream is for received traffic - this check will >@@ -3803,10 +4386,10 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, > * stream, and some implementations will want to not return > * failure here > */ >- status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); >- if (status) { >+ status = >+ srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); >+ if (status) > return status; >- } > > /* add new stream to the head of the stream_list */ > new_stream->next = ctx->stream_list; >@@ -3822,754 +4405,236 @@ srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, > return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { >- return srtp_protect_rtcp_mki(ctx, rtcp_hdr, pkt_octet_len, 0, 0); >-} >- >-srtp_err_status_t >-srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len, >- unsigned int use_mki, unsigned int mki_index) { >- srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; >- uint32_t *enc_start; /* pointer to start of encrypted portion */ >- uint32_t *auth_start; /* pointer to start of auth. portion */ >- uint32_t *trailer; /* pointer to start of trailer */ >- unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ >- uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >- srtp_err_status_t status; >- int tag_len; >- srtp_stream_ctx_t *stream; >- uint32_t prefix_len; >- uint32_t seq_num; >- unsigned int mki_size = 0; >- srtp_session_keys_t *session_keys = NULL; >- >- /* we assume the hdr is 32-bit aligned to start */ >- >- /* check the packet length - it must at least contain a full header */ >- if (*pkt_octet_len < octets_in_rtcp_header) >- return srtp_err_status_bad_param; >- >- /* >- * look up ssrc in srtp_stream list, and process the packet with >- * the appropriate stream. if we haven't seen this stream before, >- * there's only one key for this srtp_session, and the cipher >- * supports key-sharing, then we assume that a new stream using >- * that key has just started up >- */ >- stream = srtp_get_stream(ctx, hdr->ssrc); >- if (stream == NULL) { >- if (ctx->stream_template != NULL) { >- srtp_stream_ctx_t *new_stream; >- >- /* allocate and initialize a new stream */ >- status = srtp_stream_clone(ctx->stream_template, >- hdr->ssrc, &new_stream); >- if (status) >- return status; >- >- /* add new stream to the head of the stream_list */ >- new_stream->next = ctx->stream_list; >- ctx->stream_list = new_stream; >- >- /* set stream (the pointer used in this function) */ >- stream = new_stream; >- } else { >- /* no template stream, so we return an error */ >- return srtp_err_status_no_ctx; >- } >- } >- >- /* >- * verify that stream is for sending traffic - this check will >- * detect SSRC collisions, since a stream that appears in both >- * srtp_protect() and srtp_unprotect() will fail this test in one of >- * those functions. >- */ >- if (stream->direction != dir_srtp_sender) { >- if (stream->direction == dir_unknown) { >- stream->direction = dir_srtp_sender; >- } else { >- srtp_handle_event(ctx, stream, event_ssrc_collision); >- } >- } >- >- session_keys = srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index); >- >- /* >- * Check if this is an AEAD stream (GCM mode). If so, then dispatch >- * the request to our AEAD handler. >- */ >- if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || >- session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { >- return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, >- (unsigned int*)pkt_octet_len, session_keys, >- use_mki); >- } >- >- /* get tag length from stream context */ >- tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); >- >- /* >- * set encryption start and encryption length - if we're not >- * providing confidentiality, set enc_start to NULL >- */ >- enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; >- enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; >- >- /* all of the packet, except the header, gets encrypted */ >- /* NOTE: hdr->length is not usable - it refers to only the first >- RTCP report in the compound packet! */ >- /* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always >- multiples of 32-bits (RFC 3550 6.1) */ >- trailer = (uint32_t *) ((char *)enc_start + enc_octet_len); >- >- if (stream->rtcp_services & sec_serv_conf) { >- *trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ >- } else { >- enc_start = NULL; >- enc_octet_len = 0; >- /* 0 is network-order independant */ >- *trailer = 0x00000000; /* set encrypt bit */ >- } >- >- mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t), >- session_keys, use_mki); >- >- /* >- * set the auth_start and auth_tag pointers to the proper locations >- * (note that srtpc *always* provides authentication, unlike srtp) >- */ >- /* Note: This would need to change for optional mikey data */ >- auth_start = (uint32_t *)hdr; >- auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t) + mki_size; >- >- /* perform EKT processing if needed */ >- srtp_ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len, >- srtp_rdbx_get_packet_index(&stream->rtp_rdbx)); >- >- /* >- * check sequence number for overruns, and copy it into the packet >- * if its value isn't too big >- */ >- status = srtp_rdb_increment(&stream->rtcp_rdb); >- if (status) >- return status; >- seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); >- *trailer |= htonl(seq_num); >- debug_print(mod_srtp, "srtcp index: %x", seq_num); >- >- /* >- * if we're using rindael counter mode, set nonce and seq >- */ >- if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 || >- session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 || >- session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) { >- v128_t iv; >- >- iv.v32[0] = 0; >- iv.v32[1] = hdr->ssrc; /* still in network order! */ >- iv.v32[2] = htonl(seq_num >> 16); >- iv.v32[3] = htonl(seq_num << 16); >- status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t*)&iv, >- srtp_direction_encrypt); >- >- } else { >- v128_t iv; >- >- /* otherwise, just set the index to seq_num */ >- iv.v32[0] = 0; >- iv.v32[1] = 0; >- iv.v32[2] = 0; >- iv.v32[3] = htonl(seq_num); >- status = srtp_cipher_set_iv(session_keys->rtcp_cipher, >- (uint8_t*)&iv, srtp_direction_encrypt); >- } >- if (status) >- return srtp_err_status_cipher_fail; >- >- /* >- * if we're authenticating using a universal hash, put the keystream >- * prefix into the authentication tag >- */ >- >- /* if auth_start is non-null, then put keystream into tag */ >- if (auth_start) { >- >- /* put keystream prefix into auth_tag */ >- prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth); >- status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, &prefix_len); >- >- debug_print(mod_srtp, "keystream prefix: %s", >- srtp_octet_string_hex_string(auth_tag, prefix_len)); >- >- if (status) >- return srtp_err_status_cipher_fail; >- } >- >- /* if we're encrypting, exor keystream into the message */ >- if (enc_start) { >- status = srtp_cipher_encrypt(session_keys->rtcp_cipher, >- (uint8_t *)enc_start, &enc_octet_len); >- if (status) >- return srtp_err_status_cipher_fail; >- } >- >- /* initialize auth func context */ >- srtp_auth_start(session_keys->rtcp_auth); >- >- /* >- * run auth func over packet (including trailer), and write the >- * result at auth_tag >- */ >- status = srtp_auth_compute(session_keys->rtcp_auth, >- (uint8_t *)auth_start, >- (*pkt_octet_len) + sizeof(srtcp_trailer_t), >- auth_tag); >- debug_print(mod_srtp, "srtcp auth tag: %s", >- srtp_octet_string_hex_string(auth_tag, tag_len)); >- if (status) >- return srtp_err_status_auth_fail; >- >- /* increase the packet length by the length of the auth tag and seq_num*/ >- *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); >- >- /* increase the packet by the mki_size */ >- *pkt_octet_len += mki_size; >- >- return srtp_err_status_ok; >-} >- >- >-srtp_err_status_t >-srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { >- return srtp_unprotect_rtcp_mki(ctx, srtcp_hdr, pkt_octet_len, 0); >-} >- >-srtp_err_status_t >-srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len, >- unsigned int use_mki) { >- srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; >- uint32_t *enc_start; /* pointer to start of encrypted portion */ >- uint32_t *auth_start; /* pointer to start of auth. portion */ >- uint32_t *trailer; /* pointer to start of trailer */ >- unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ >- uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ >- uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; >- uint8_t tag_copy[SRTP_MAX_TAG_LEN]; >- srtp_err_status_t status; >- unsigned int auth_len; >- int tag_len; >- srtp_stream_ctx_t *stream; >- uint32_t prefix_len; >- uint32_t seq_num; >- int e_bit_in_packet; /* whether the E-bit was found in the packet */ >- int sec_serv_confidentiality; /* whether confidentiality was requested */ >- unsigned int mki_size = 0; >- srtp_session_keys_t *session_keys = NULL; >- >- /* we assume the hdr is 32-bit aligned to start */ >- >- /* check that the length value is sane; we'll check again once we >- know the tag length, but we at least want to know that it is >- a positive value */ >- if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t)) >- return srtp_err_status_bad_param; >- >- /* >- * look up ssrc in srtp_stream list, and process the packet with >- * the appropriate stream. if we haven't seen this stream before, >- * there's only one key for this srtp_session, and the cipher >- * supports key-sharing, then we assume that a new stream using >- * that key has just started up >- */ >- stream = srtp_get_stream(ctx, hdr->ssrc); >- if (stream == NULL) { >- if (ctx->stream_template != NULL) { >- stream = ctx->stream_template; >- >- /* >- * check to see if stream_template has an EKT data structure, in >- * which case we initialize the template using the EKT policy >- * referenced by that data (which consists of decrypting the >- * master key from the EKT field) >- * >- * this function initializes a *provisional* stream, and this >- * stream should not be accepted until and unless the packet >- * passes its authentication check >- */ >- if (stream->ekt != NULL) { >- status = srtp_stream_init_from_ekt(stream, srtcp_hdr, *pkt_octet_len); >- if (status) >- return status; >- } >- >- debug_print(mod_srtp, "srtcp using provisional stream (SSRC: 0x%08x)", >- ntohl(hdr->ssrc)); >- } else { >- /* no template stream, so we return an error */ >- return srtp_err_status_no_ctx; >- } >- } >- >- /* >- * Determine if MKI is being used and what session keys should be used >- */ >- if (use_mki) { >- session_keys = srtp_get_session_keys(stream, (uint8_t *)hdr, >- (const unsigned int*)pkt_octet_len, >- &mki_size); >- >- if (session_keys == NULL) >- return srtp_err_status_bad_mki; >- } else { >- session_keys = &stream->session_keys[0]; >- } >- >- >- /* get tag length from stream context */ >- tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); >- >- /* check the packet length - it must contain at least a full RTCP >- header, an auth tag (if applicable), and the SRTCP encrypted flag >- and 31-bit index value */ >- if (*pkt_octet_len < (int) (octets_in_rtcp_header + tag_len + mki_size + sizeof(srtcp_trailer_t))) { >- return srtp_err_status_bad_param; >- } >- >- /* >- * Check if this is an AEAD stream (GCM mode). If so, then dispatch >- * the request to our AEAD handler. >- */ >- if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || >- session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { >- return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, >- (unsigned int*)pkt_octet_len, session_keys, >- mki_size); >- } >- >- sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf || >- stream->rtcp_services == sec_serv_conf_and_auth; >- >- /* >- * set encryption start, encryption length, and trailer >- */ >- enc_octet_len = *pkt_octet_len - >- (octets_in_rtcp_header + tag_len + mki_size + sizeof(srtcp_trailer_t)); >- /* index & E (encryption) bit follow normal data. hdr->len >- is the number of words (32-bit) in the normal packet minus 1 */ >- /* This should point trailer to the word past the end of the >- normal data. */ >- /* This would need to be modified for optional mikey data */ >- /* >- * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always >- * multiples of 32-bits (RFC 3550 6.1) >- */ >- trailer = (uint32_t *) ((char *) hdr + >- *pkt_octet_len -(tag_len + mki_size + sizeof(srtcp_trailer_t))); >- e_bit_in_packet = >- (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT; >- if (e_bit_in_packet != sec_serv_confidentiality) { >- return srtp_err_status_cant_check; >- } >- if (sec_serv_confidentiality) { >- enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; >- } else { >- enc_octet_len = 0; >- enc_start = NULL; /* this indicates that there's no encryption */ >- } >- >- /* >- * set the auth_start and auth_tag pointers to the proper locations >- * (note that srtcp *always* uses authentication, unlike srtp) >- */ >- auth_start = (uint32_t *)hdr; >- >- /* >- * The location of the auth tag in the packet needs to know MKI >- * could be present. The data needed to calculate the Auth tag >- * must not include the MKI >- */ >- auth_len = *pkt_octet_len - tag_len - mki_size; >- auth_tag = (uint8_t *)hdr + auth_len + mki_size; >- >- /* >- * if EKT is in use, then we make a copy of the tag from the packet, >- * and then zeroize the location of the base tag >- * >- * we first re-position the auth_tag pointer so that it points to >- * the base tag >- */ >- if (stream->ekt) { >- auth_tag -= srtp_ekt_octets_after_base_tag(stream->ekt); >- memcpy(tag_copy, auth_tag, tag_len); >- octet_string_set_to_zero(auth_tag, tag_len); >- auth_tag = tag_copy; >- auth_len += tag_len; >- } >- >- /* >- * check the sequence number for replays >- */ >- /* this is easier than dealing with bitfield access */ >- seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; >- debug_print(mod_srtp, "srtcp index: %x", seq_num); >- status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); >- if (status) >- return status; >- >- /* >- * if we're using aes counter mode, set nonce and seq >- */ >- if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 || >- session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 || >- session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) { >- v128_t iv; >- >- iv.v32[0] = 0; >- iv.v32[1] = hdr->ssrc; /* still in network order! */ >- iv.v32[2] = htonl(seq_num >> 16); >- iv.v32[3] = htonl(seq_num << 16); >- status = srtp_cipher_set_iv(session_keys->rtcp_cipher, >- (uint8_t*)&iv, srtp_direction_decrypt); >- >- } else { >- v128_t iv; >- >- /* otherwise, just set the index to seq_num */ >- iv.v32[0] = 0; >- iv.v32[1] = 0; >- iv.v32[2] = 0; >- iv.v32[3] = htonl(seq_num); >- status = srtp_cipher_set_iv(session_keys->rtcp_cipher, >- (uint8_t*)&iv, srtp_direction_decrypt); >- >- } >- if (status) >- return srtp_err_status_cipher_fail; >- >- /* initialize auth func context */ >- srtp_auth_start(session_keys->rtcp_auth); >- >- /* run auth func over packet, put result into tmp_tag */ >- status = srtp_auth_compute(session_keys->rtcp_auth, (uint8_t *)auth_start, >- auth_len, tmp_tag); >- debug_print(mod_srtp, "srtcp computed tag: %s", >- srtp_octet_string_hex_string(tmp_tag, tag_len)); >- if (status) >- return srtp_err_status_auth_fail; >- >- /* compare the tag just computed with the one in the packet */ >- debug_print(mod_srtp, "srtcp tag from packet: %s", >- srtp_octet_string_hex_string(auth_tag, tag_len)); >- if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) >- return srtp_err_status_auth_fail; >- >- /* >- * if we're authenticating using a universal hash, put the keystream >- * prefix into the authentication tag >- */ >- prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth); >- if (prefix_len) { >- status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, &prefix_len); >- debug_print(mod_srtp, "keystream prefix: %s", >- srtp_octet_string_hex_string(auth_tag, prefix_len)); >- if (status) >- return srtp_err_status_cipher_fail; >- } >- >- /* if we're decrypting, exor keystream into the message */ >- if (enc_start) { >- status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t *)enc_start, >- &enc_octet_len); >- if (status) >- return srtp_err_status_cipher_fail; >- } >- >- /* decrease the packet length by the length of the auth tag and seq_num */ >- *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t)); >- >- /* decrease the packet length by the length of the mki_size */ >- *pkt_octet_len -= mki_size; >- >- /* >- * if EKT is in effect, subtract the EKT data out of the packet >- * length >- */ >- *pkt_octet_len -= srtp_ekt_octets_after_base_tag(stream->ekt); >- >- /* >- * verify that stream is for received traffic - this check will >- * detect SSRC collisions, since a stream that appears in both >- * srtp_protect() and srtp_unprotect() will fail this test in one of >- * those functions. >- * >- * we do this check *after* the authentication check, so that the >- * latter check will catch any attempts to fool us into thinking >- * that we've got a collision >- */ >- if (stream->direction != dir_srtp_receiver) { >- if (stream->direction == dir_unknown) { >- stream->direction = dir_srtp_receiver; >- } else { >- srtp_handle_event(ctx, stream, event_ssrc_collision); >- } >- } >- >- /* >- * if the stream is a 'provisional' one, in which the template context >- * is used, then we need to allocate a new stream at this point, since >- * the authentication passed >- */ >- if (stream == ctx->stream_template) { >- srtp_stream_ctx_t *new_stream; >- >- /* >- * allocate and initialize a new stream >- * >- * note that we indicate failure if we can't allocate the new >- * stream, and some implementations will want to not return >- * failure here >- */ >- status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); >- if (status) >- return status; >- >- /* add new stream to the head of the stream_list */ >- new_stream->next = ctx->stream_list; >- ctx->stream_list = new_stream; >- >- /* set stream (the pointer used in this function) */ >- stream = new_stream; >- } >- >- /* we've passed the authentication check, so add seq_num to the rdb */ >- srtp_rdb_add_index(&stream->rtcp_rdb, seq_num); >- >- >- return srtp_err_status_ok; >-} >- >- > /* > * user data within srtp_t context > */ > >-void >-srtp_set_user_data(srtp_t ctx, void *data) { >- ctx->user_data = data; >+void srtp_set_user_data(srtp_t ctx, void *data) >+{ >+ ctx->user_data = data; > } > >-void* >-srtp_get_user_data(srtp_t ctx) { >- return ctx->user_data; >+void *srtp_get_user_data(srtp_t ctx) >+{ >+ return ctx->user_data; > } > >- > /* >- * dtls keying for srtp >+ * dtls keying for srtp > */ > >-srtp_err_status_t >-srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy, >- srtp_profile_t profile) { >- >- /* set SRTP policy from the SRTP profile in the key set */ >- switch(profile) { >- case srtp_profile_aes128_cm_sha1_80: >- srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); >- break; >- case srtp_profile_aes128_cm_sha1_32: >- srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); >- break; >- case srtp_profile_null_sha1_80: >- srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); >- break; >+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp( >+ srtp_crypto_policy_t *policy, >+ srtp_profile_t profile) >+{ >+ /* set SRTP policy from the SRTP profile in the key set */ >+ switch (profile) { >+ case srtp_profile_aes128_cm_sha1_80: >+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); >+ break; >+ case srtp_profile_aes128_cm_sha1_32: >+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); >+ break; >+ case srtp_profile_null_sha1_80: >+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); >+ break; > #if defined(OPENSSL) >- case srtp_profile_aead_aes_128_gcm: >- srtp_crypto_policy_set_aes_gcm_128_16_auth(policy); >- break; >- case srtp_profile_aead_aes_256_gcm: >- srtp_crypto_policy_set_aes_gcm_256_16_auth(policy); >- break; >+ case srtp_profile_aead_aes_128_gcm: >+ srtp_crypto_policy_set_aes_gcm_128_16_auth(policy); >+ break; >+ case srtp_profile_aead_aes_256_gcm: >+ srtp_crypto_policy_set_aes_gcm_256_16_auth(policy); >+ break; > #endif > /* the following profiles are not (yet) supported */ >- case srtp_profile_null_sha1_32: >- default: >- return srtp_err_status_bad_param; >- } >+ case srtp_profile_null_sha1_32: >+ default: >+ return srtp_err_status_bad_param; >+ } > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy, >- srtp_profile_t profile) { >- >- /* set SRTP policy from the SRTP profile in the key set */ >- switch(profile) { >- case srtp_profile_aes128_cm_sha1_80: >- srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); >- break; >- case srtp_profile_aes128_cm_sha1_32: >- /* We do not honor the 32-bit auth tag request since >- * this is not compliant with RFC 3711 */ >- srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); >- break; >- case srtp_profile_null_sha1_80: >- srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); >- break; >+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp( >+ srtp_crypto_policy_t *policy, >+ srtp_profile_t profile) >+{ >+ /* set SRTP policy from the SRTP profile in the key set */ >+ switch (profile) { >+ case srtp_profile_aes128_cm_sha1_80: >+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); >+ break; >+ case srtp_profile_aes128_cm_sha1_32: >+ /* We do not honor the 32-bit auth tag request since >+ * this is not compliant with RFC 3711 */ >+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); >+ break; >+ case srtp_profile_null_sha1_80: >+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); >+ break; > #if defined(OPENSSL) >- case srtp_profile_aead_aes_128_gcm: >- srtp_crypto_policy_set_aes_gcm_128_16_auth(policy); >- break; >- case srtp_profile_aead_aes_256_gcm: >- srtp_crypto_policy_set_aes_gcm_256_16_auth(policy); >- break; >+ case srtp_profile_aead_aes_128_gcm: >+ srtp_crypto_policy_set_aes_gcm_128_16_auth(policy); >+ break; >+ case srtp_profile_aead_aes_256_gcm: >+ srtp_crypto_policy_set_aes_gcm_256_16_auth(policy); >+ break; > #endif > /* the following profiles are not (yet) supported */ >- case srtp_profile_null_sha1_32: >- default: >- return srtp_err_status_bad_param; >- } >+ case srtp_profile_null_sha1_32: >+ default: >+ return srtp_err_status_bad_param; >+ } > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-void srtp_append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, uint8_t *salt, unsigned int bytes_in_salt) { >- memcpy(key + bytes_in_key, salt, bytes_in_salt); >+void srtp_append_salt_to_key(uint8_t *key, >+ unsigned int bytes_in_key, >+ uint8_t *salt, >+ unsigned int bytes_in_salt) >+{ >+ memcpy(key + bytes_in_key, salt, bytes_in_salt); > } > >-unsigned int >-srtp_profile_get_master_key_length(srtp_profile_t profile) { >- >- switch(profile) { >- case srtp_profile_aes128_cm_sha1_80: >- return SRTP_AES_128_KEY_LEN; >- break; >- case srtp_profile_aes128_cm_sha1_32: >- return SRTP_AES_128_KEY_LEN; >- break; >- case srtp_profile_null_sha1_80: >- return SRTP_AES_128_KEY_LEN; >- break; >- case srtp_profile_aead_aes_128_gcm: >- return SRTP_AES_128_KEY_LEN; >- break; >- case srtp_profile_aead_aes_256_gcm: >- return SRTP_AES_256_KEY_LEN; >- break; >+unsigned int srtp_profile_get_master_key_length(srtp_profile_t profile) >+{ >+ switch (profile) { >+ case srtp_profile_aes128_cm_sha1_80: >+ return SRTP_AES_128_KEY_LEN; >+ break; >+ case srtp_profile_aes128_cm_sha1_32: >+ return SRTP_AES_128_KEY_LEN; >+ break; >+ case srtp_profile_null_sha1_80: >+ return SRTP_AES_128_KEY_LEN; >+ break; >+ case srtp_profile_aead_aes_128_gcm: >+ return SRTP_AES_128_KEY_LEN; >+ break; >+ case srtp_profile_aead_aes_256_gcm: >+ return SRTP_AES_256_KEY_LEN; >+ break; > /* the following profiles are not (yet) supported */ >- case srtp_profile_null_sha1_32: >- default: >- return 0; /* indicate error by returning a zero */ >- } >+ case srtp_profile_null_sha1_32: >+ default: >+ return 0; /* indicate error by returning a zero */ >+ } > } > >-unsigned int >-srtp_profile_get_master_salt_length(srtp_profile_t profile) { >- >- switch(profile) { >- case srtp_profile_aes128_cm_sha1_80: >- return SRTP_SALT_LEN; >- break; >- case srtp_profile_aes128_cm_sha1_32: >- return SRTP_SALT_LEN; >- break; >- case srtp_profile_null_sha1_80: >- return SRTP_SALT_LEN; >- break; >- case srtp_profile_aead_aes_128_gcm: >- return SRTP_AEAD_SALT_LEN; >- break; >- case srtp_profile_aead_aes_256_gcm: >- return SRTP_AEAD_SALT_LEN; >- break; >+unsigned int srtp_profile_get_master_salt_length(srtp_profile_t profile) >+{ >+ switch (profile) { >+ case srtp_profile_aes128_cm_sha1_80: >+ return SRTP_SALT_LEN; >+ break; >+ case srtp_profile_aes128_cm_sha1_32: >+ return SRTP_SALT_LEN; >+ break; >+ case srtp_profile_null_sha1_80: >+ return SRTP_SALT_LEN; >+ break; >+ case srtp_profile_aead_aes_128_gcm: >+ return SRTP_AEAD_SALT_LEN; >+ break; >+ case srtp_profile_aead_aes_256_gcm: >+ return SRTP_AEAD_SALT_LEN; >+ break; > /* the following profiles are not (yet) supported */ >- case srtp_profile_null_sha1_32: >- default: >- return 0; /* indicate error by returning a zero */ >- } >+ case srtp_profile_null_sha1_32: >+ default: >+ return 0; /* indicate error by returning a zero */ >+ } > } > >-srtp_err_status_t >-srtp_get_protect_trailer_length(srtp_t session, >- uint32_t use_mki, >- uint32_t mki_index, >- uint32_t *length) >+srtp_err_status_t stream_get_protect_trailer_length(srtp_stream_ctx_t *stream, >+ uint32_t is_rtp, >+ uint32_t use_mki, >+ uint32_t mki_index, >+ uint32_t *length) > { >- srtp_stream_ctx_t *stream; >- >- if (session == NULL) >- return srtp_err_status_bad_param; >- > *length = 0; > >- /* Try obtaining stream from stream_list */ >- stream = session->stream_list; >- >- if (stream == NULL) { >- /* Try obtaining the template stream */ >- stream = session->stream_template; >- } >- >- if (stream == NULL) { >- return srtp_err_status_bad_param; >- } >+ srtp_session_keys_t *session_key; > > if (use_mki) { >- if (mki_index > stream->num_master_keys) >- return srtp_err_status_bad_mki; >+ if (mki_index >= stream->num_master_keys) { >+ return srtp_err_status_bad_mki; >+ } >+ session_key = &stream->session_keys[mki_index]; > >- *length += stream->session_keys[mki_index].mki_size; >- *length += srtp_auth_get_tag_length(stream->session_keys[mki_index].rtp_auth); >+ *length += session_key->mki_size; >+ >+ } else { >+ session_key = &stream->session_keys[0]; >+ } >+ if (is_rtp) { >+ *length += srtp_auth_get_tag_length(session_key->rtp_auth); > } else { >- *length += srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth); >+ *length += srtp_auth_get_tag_length(session_key->rtcp_auth); >+ *length += sizeof(srtcp_trailer_t); > } > > return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_get_protect_rtcp_trailer_length(srtp_t session, >- uint32_t use_mki, >- uint32_t mki_index, >- uint32_t *length) >+srtp_err_status_t get_protect_trailer_length(srtp_t session, >+ uint32_t is_rtp, >+ uint32_t use_mki, >+ uint32_t mki_index, >+ uint32_t *length) > { > srtp_stream_ctx_t *stream; > >- if (session == NULL) >- return srtp_err_status_bad_param; >+ if (session == NULL) { >+ return srtp_err_status_bad_param; >+ } > >- *length = 0; >+ if (session->stream_template == NULL && session->stream_list == NULL) { >+ return srtp_err_status_bad_param; >+ } > >- /* Try obtaining stream from stream_list */ >- stream = session->stream_list; >+ *length = 0; > >- if (stream == NULL) { >- /* Try obtaining the template stream */ >- stream = session->stream_template; >- } >+ stream = session->stream_template; > >- if (stream == NULL) { >- return srtp_err_status_bad_param; >+ if (stream != NULL) { >+ stream_get_protect_trailer_length(stream, is_rtp, use_mki, mki_index, >+ length); > } > >- if (use_mki) { >- if (mki_index > stream->num_master_keys) >- return srtp_err_status_bad_mki; >+ stream = session->stream_list; > >- *length += stream->session_keys[mki_index].mki_size; >- *length += srtp_auth_get_tag_length(stream->session_keys[mki_index].rtcp_auth); >- } else { >- *length += srtp_auth_get_tag_length(stream->session_keys[0].rtcp_auth); >+ while (stream != NULL) { >+ uint32_t temp_length; >+ if (stream_get_protect_trailer_length(stream, is_rtp, use_mki, >+ mki_index, &temp_length) == >+ srtp_err_status_ok) { >+ if (temp_length > *length) { >+ *length = temp_length; >+ } >+ } >+ stream = stream->next; > } >- >- *length += sizeof(srtcp_trailer_t); > > return srtp_err_status_ok; > } > >+srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session, >+ uint32_t use_mki, >+ uint32_t mki_index, >+ uint32_t *length) >+{ >+ return get_protect_trailer_length(session, 1, use_mki, mki_index, length); >+} >+ >+srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session, >+ uint32_t use_mki, >+ uint32_t mki_index, >+ uint32_t *length) >+{ >+ return get_protect_trailer_length(session, 0, use_mki, mki_index, length); >+} > > /* > * SRTP debug interface >@@ -4591,26 +4656,34 @@ srtp_err_status_t srtp_list_debug_modules(void) > */ > > static srtp_log_handler_func_t *srtp_log_handler = NULL; >-static void * srtp_log_handler_data = NULL; >+static void *srtp_log_handler_data = NULL; > >-void srtp_err_handler(srtp_err_reporting_level_t level, const char * msg) >+void srtp_err_handler(srtp_err_reporting_level_t level, const char *msg) > { > if (srtp_log_handler) { > srtp_log_level_t log_level = srtp_log_level_error; >- switch(level) { >- case srtp_err_level_error: log_level = srtp_log_level_error; break; >- case srtp_err_level_warning: log_level = srtp_log_level_warning; break; >- case srtp_err_level_info: log_level = srtp_log_level_info; break; >- case srtp_err_level_debug: log_level = srtp_log_level_debug; break; >+ switch (level) { >+ case srtp_err_level_error: >+ log_level = srtp_log_level_error; >+ break; >+ case srtp_err_level_warning: >+ log_level = srtp_log_level_warning; >+ break; >+ case srtp_err_level_info: >+ log_level = srtp_log_level_info; >+ break; >+ case srtp_err_level_debug: >+ log_level = srtp_log_level_debug; >+ break; > } > > srtp_log_handler(log_level, msg, srtp_log_handler_data); > } > } > >-srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, void * data) >+srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, >+ void *data) > { >- > /* > * note that we accept NULL arguments intentionally - calling this > * function with a NULL arguments removes a log handler that's >@@ -4628,8 +4701,10 @@ srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, void * > return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_set_stream_roc(srtp_t session, uint32_t ssrc, uint32_t roc) { >+srtp_err_status_t srtp_set_stream_roc(srtp_t session, >+ uint32_t ssrc, >+ uint32_t roc) >+{ > srtp_stream_t stream; > > stream = srtp_get_stream(session, htonl(ssrc)); >@@ -4641,8 +4716,10 @@ srtp_set_stream_roc(srtp_t session, uint32_t ssrc, uint32_t roc) { > return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_get_stream_roc(srtp_t session, uint32_t ssrc, uint32_t *roc) { >+srtp_err_status_t srtp_get_stream_roc(srtp_t session, >+ uint32_t ssrc, >+ uint32_t *roc) >+{ > srtp_stream_t stream; > > stream = srtp_get_stream(session, htonl(ssrc)); >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/.gitattributes b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/.gitattributes >deleted file mode 100644 >index f737a94c7680c7257317c4b5518c38a0a699f510..0000000000000000000000000000000000000000 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/.gitattributes >+++ /dev/null >@@ -1,2 +0,0 @@ >-srtp_driver.c svn-properties=allow-tabs=on >-rtp.h svn-properties=allow-tabs=on >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/cutest.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/cutest.h >index a94e144ab5a6b97af6b9d48291a17d7ceeb76977..f46626d3956af65f58f1b1434db37db457d56a22 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/cutest.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/cutest.h >@@ -10,10 +10,10 @@ > * the rights to use, copy, modify, merge, publish, distribute, sublicense, > * and/or sell copies of the Software, and to permit persons to whom the > * Software is furnished to do so, subject to the following conditions: >- * >+ * > * The above copyright notice and this permission notice shall be included in > * all copies or substantial portions of the Software. >- * >+ * > * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS > * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, > * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE >@@ -26,7 +26,6 @@ > #ifndef CUTEST_H__ > #define CUTEST_H__ > >- > /************************ > *** Public interface *** > ************************/ >@@ -56,8 +55,7 @@ > * > * void test_func(void); > */ >-#define TEST_LIST const struct test__ test_list__[] >- >+#define TEST_LIST const struct test__ test_list__[] > > /* Macros for testing whether an unit test succeeds or fails. These macros > * can be used arbitrarily in functions implementing the unit tests. >@@ -78,9 +76,9 @@ > * TEST_CHECK(ptr->member2 > 200); > * } > */ >-#define TEST_CHECK_(cond,...) test_check__((cond), __FILE__, __LINE__, __VA_ARGS__) >-#define TEST_CHECK(cond) test_check__((cond), __FILE__, __LINE__, "%s", #cond) >- >+#define TEST_CHECK_(cond, ...) \ >+ test_check__((cond), __FILE__, __LINE__, __VA_ARGS__) >+#define TEST_CHECK(cond) test_check__((cond), __FILE__, __LINE__, "%s", #cond) > > /********************** > *** Implementation *** >@@ -94,47 +92,43 @@ > #include <string.h> > > #if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__) >- #define CUTEST_UNIX__ 1 >- #include <errno.h> >- #include <unistd.h> >- #include <sys/types.h> >- #include <sys/wait.h> >- #include <signal.h> >+#define CUTEST_UNIX__ 1 >+#include <errno.h> >+#include <unistd.h> >+#include <sys/types.h> >+#include <sys/wait.h> >+#include <signal.h> > #endif > > #if defined(_WIN32) || defined(__WIN32__) || defined(__WINDOWS__) >- #define CUTEST_WIN__ 1 >- #include <windows.h> >- #include <io.h> >+#define CUTEST_WIN__ 1 >+#include <windows.h> >+#include <io.h> > #endif > > #ifdef __cplusplus >- #include <exception> >+#include <exception> > #endif > >- > /* Note our global private identifiers end with '__' to mitigate risk of clash > * with the unit tests implementation. */ > >- > #ifdef __cplusplus >- extern "C" { >+extern "C" { > #endif > >- > struct test__ { >- const char* name; >+ const char *name; > void (*func)(void); > }; > > extern const struct test__ test_list__[]; > >-int test_check__(int cond, const char* file, int line, const char* fmt, ...); >- >+int test_check__(int cond, const char *file, int line, const char *fmt, ...); > > #ifndef TEST_NO_MAIN > >-static char* test_argv0__ = NULL; >+static char *test_argv0__ = NULL; > static int test_count__ = 0; > static int test_no_exec__ = 0; > static int test_no_summary__ = 0; >@@ -143,21 +137,20 @@ static int test_skip_mode__ = 0; > static int test_stat_failed_units__ = 0; > static int test_stat_run_units__ = 0; > >-static const struct test__* test_current_unit__ = NULL; >+static const struct test__ *test_current_unit__ = NULL; > static int test_current_already_logged__ = 0; > static int test_verbose_level__ = 2; > static int test_current_failures__ = 0; > static int test_colorize__ = 0; > >-#define CUTEST_COLOR_DEFAULT__ 0 >-#define CUTEST_COLOR_GREEN__ 1 >-#define CUTEST_COLOR_RED__ 2 >-#define CUTEST_COLOR_DEFAULT_INTENSIVE__ 3 >-#define CUTEST_COLOR_GREEN_INTENSIVE__ 4 >-#define CUTEST_COLOR_RED_INTENSIVE__ 5 >+#define CUTEST_COLOR_DEFAULT__ 0 >+#define CUTEST_COLOR_GREEN__ 1 >+#define CUTEST_COLOR_RED__ 2 >+#define CUTEST_COLOR_DEFAULT_INTENSIVE__ 3 >+#define CUTEST_COLOR_GREEN_INTENSIVE__ 4 >+#define CUTEST_COLOR_RED_INTENSIVE__ 5 > >-static size_t >-test_print_in_color__(int color, const char* fmt, ...) >+static size_t test_print_in_color__(int color, const char *fmt, ...) > { > va_list args; > char buffer[256]; >@@ -166,22 +159,34 @@ test_print_in_color__(int color, const char* fmt, ...) > va_start(args, fmt); > vsnprintf(buffer, sizeof(buffer), fmt, args); > va_end(args); >- buffer[sizeof(buffer)-1] = '\0'; >+ buffer[sizeof(buffer) - 1] = '\0'; > >- if(!test_colorize__) { >+ if (!test_colorize__) { > return printf("%s", buffer); > } > > #if defined CUTEST_UNIX__ > { >- const char* col_str; >- switch(color) { >- case CUTEST_COLOR_GREEN__: col_str = "\033[0;32m"; break; >- case CUTEST_COLOR_RED__: col_str = "\033[0;31m"; break; >- case CUTEST_COLOR_GREEN_INTENSIVE__: col_str = "\033[1;32m"; break; >- case CUTEST_COLOR_RED_INTENSIVE__: col_str = "\033[1;30m"; break; >- case CUTEST_COLOR_DEFAULT_INTENSIVE__: col_str = "\033[1m"; break; >- default: col_str = "\033[0m"; break; >+ const char *col_str; >+ switch (color) { >+ case CUTEST_COLOR_GREEN__: >+ col_str = "\033[0;32m"; >+ break; >+ case CUTEST_COLOR_RED__: >+ col_str = "\033[0;31m"; >+ break; >+ case CUTEST_COLOR_GREEN_INTENSIVE__: >+ col_str = "\033[1;32m"; >+ break; >+ case CUTEST_COLOR_RED_INTENSIVE__: >+ col_str = "\033[1;30m"; >+ break; >+ case CUTEST_COLOR_DEFAULT_INTENSIVE__: >+ col_str = "\033[1m"; >+ break; >+ default: >+ col_str = "\033[0m"; >+ break; > } > printf("%s", col_str); > n = printf("%s", buffer); >@@ -197,15 +202,28 @@ test_print_in_color__(int color, const char* fmt, ...) > h = GetStdHandle(STD_OUTPUT_HANDLE); > GetConsoleScreenBufferInfo(h, &info); > >- switch(color) { >- case CUTEST_COLOR_GREEN__: attr = FOREGROUND_GREEN; break; >- case CUTEST_COLOR_RED__: attr = FOREGROUND_RED; break; >- case CUTEST_COLOR_GREEN_INTENSIVE__: attr = FOREGROUND_GREEN | FOREGROUND_INTENSITY; break; >- case CUTEST_COLOR_RED_INTENSIVE__: attr = FOREGROUND_RED | FOREGROUND_INTENSITY; break; >- case CUTEST_COLOR_DEFAULT_INTENSIVE__: attr = FOREGROUND_BLUE | FOREGROUND_GREEN | FOREGROUND_RED | FOREGROUND_INTENSITY; break; >- default: attr = 0; break; >+ switch (color) { >+ case CUTEST_COLOR_GREEN__: >+ attr = FOREGROUND_GREEN; >+ break; >+ case CUTEST_COLOR_RED__: >+ attr = FOREGROUND_RED; >+ break; >+ case CUTEST_COLOR_GREEN_INTENSIVE__: >+ attr = FOREGROUND_GREEN | FOREGROUND_INTENSITY; >+ break; >+ case CUTEST_COLOR_RED_INTENSIVE__: >+ attr = FOREGROUND_RED | FOREGROUND_INTENSITY; >+ break; >+ case CUTEST_COLOR_DEFAULT_INTENSIVE__: >+ attr = FOREGROUND_BLUE | FOREGROUND_GREEN | FOREGROUND_RED | >+ FOREGROUND_INTENSITY; >+ break; >+ default: >+ attr = 0; >+ break; > } >- if(attr != 0) >+ if (attr != 0) > SetConsoleTextAttribute(h, attr); > n = printf("%s", buffer); > SetConsoleTextAttribute(h, info.wAttributes); >@@ -217,19 +235,18 @@ test_print_in_color__(int color, const char* fmt, ...) > #endif > } > >-int >-test_check__(int cond, const char* file, int line, const char* fmt, ...) >+int test_check__(int cond, const char *file, int line, const char *fmt, ...) > { > const char *result_str; > int result_color; > int verbose_level; > >- if(cond) { >+ if (cond) { > result_str = "ok"; > result_color = CUTEST_COLOR_GREEN__; > verbose_level = 3; > } else { >- if(!test_current_already_logged__ && test_current_unit__ != NULL) { >+ if (!test_current_already_logged__ && test_current_unit__ != NULL) { > printf("[ "); > test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "FAILED"); > printf(" ]\n"); >@@ -241,13 +258,13 @@ test_check__(int cond, const char* file, int line, const char* fmt, ...) > test_current_already_logged__++; > } > >- if(test_verbose_level__ >= verbose_level) { >+ if (test_verbose_level__ >= verbose_level) { > size_t n = 0; > va_list args; > > printf(" "); > >- if(file != NULL) >+ if (file != NULL) > n += printf("%s:%d: Check ", file, line); > > va_start(args, fmt); >@@ -263,23 +280,21 @@ test_check__(int cond, const char* file, int line, const char* fmt, ...) > return (cond != 0); > } > >-static void >-test_list_names__(void) >+static void test_list_names__(void) > { >- const struct test__* test; >+ const struct test__ *test; > > printf("Unit tests:\n"); >- for(test = &test_list__[0]; test->func != NULL; test++) >+ for (test = &test_list__[0]; test->func != NULL; test++) > printf(" %s\n", test->name); > } > >-static const struct test__* >-test_by_name__(const char* name) >+static const struct test__ *test_by_name__(const char *name) > { >- const struct test__* test; >+ const struct test__ *test; > >- for(test = &test_list__[0]; test->func != NULL; test++) { >- if(strcmp(test->name, name) == 0) >+ for (test = &test_list__[0]; test->func != NULL; test++) { >+ if (strcmp(test->name, name) == 0) > return test; > } > >@@ -287,24 +302,25 @@ test_by_name__(const char* name) > } > > /* Call directly the given test unit function. */ >-static int >-test_do_run__(const struct test__* test) >+static int test_do_run__(const struct test__ *test) > { > test_current_unit__ = test; > test_current_failures__ = 0; > test_current_already_logged__ = 0; > >- if(test_verbose_level__ >= 3) { >- test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "Test %s:\n", test->name); >+ if (test_verbose_level__ >= 3) { >+ test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "Test %s:\n", >+ test->name); > test_current_already_logged__++; >- } else if(test_verbose_level__ >= 1) { >+ } else if (test_verbose_level__ >= 1) { > size_t n; > char spaces[32]; > >- n = test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "Test %s... ", test->name); >+ n = test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, >+ "Test %s... ", test->name); > memset(spaces, ' ', sizeof(spaces)); >- if(n < sizeof(spaces)) >- printf("%.*s", (int) (sizeof(spaces) - n), spaces); >+ if (n < sizeof(spaces)) >+ printf("%.*s", (int)(sizeof(spaces) - n), spaces); > } else { > test_current_already_logged__ = 1; > } >@@ -320,24 +336,34 @@ test_do_run__(const struct test__* test) > test->func(); > > #ifdef __cplusplus >- } catch(std::exception& e) { >- const char* what = e.what(); >- if(what != NULL) >+ } catch (std::exception &e) { >+ const char *what = e.what(); >+ if (what != NULL) > test_check__(0, NULL, 0, "Threw std::exception: %s", what); > else > test_check__(0, NULL, 0, "Threw std::exception"); >- } catch(...) { >+ } catch (...) { > test_check__(0, NULL, 0, "Threw an exception"); > } > #endif > >- if(test_verbose_level__ >= 3) { >- switch(test_current_failures__) { >- case 0: test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, " All conditions have passed.\n\n"); break; >- case 1: test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " One condition has FAILED.\n\n"); break; >- default: test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " %d conditions have FAILED.\n\n", test_current_failures__); break; >+ if (test_verbose_level__ >= 3) { >+ switch (test_current_failures__) { >+ case 0: >+ test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, >+ " All conditions have passed.\n\n"); >+ break; >+ case 1: >+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, >+ " One condition has FAILED.\n\n"); >+ break; >+ default: >+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, >+ " %d conditions have FAILED.\n\n", >+ test_current_failures__); >+ break; > } >- } else if(test_verbose_level__ >= 1 && test_current_failures__ == 0) { >+ } else if (test_verbose_level__ >= 1 && test_current_failures__ == 0) { > printf("[ "); > test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, "OK"); > printf(" ]\n"); >@@ -351,21 +377,21 @@ test_do_run__(const struct test__* test) > /* Called if anything goes bad in cutest, or if the unit test ends in other > * way then by normal returning from its function (e.g. exception or some > * abnormal child process termination). */ >-static void >-test_error__(const char* fmt, ...) >+static void test_error__(const char *fmt, ...) > { > va_list args; > >- if(test_verbose_level__ == 0) >+ if (test_verbose_level__ == 0) > return; > >- if(test_verbose_level__ <= 2 && !test_current_already_logged__ && test_current_unit__ != NULL) { >+ if (test_verbose_level__ <= 2 && !test_current_already_logged__ && >+ test_current_unit__ != NULL) { > printf("[ "); > test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "FAILED"); > printf(" ]\n"); > } > >- if(test_verbose_level__ >= 2) { >+ if (test_verbose_level__ >= 2) { > test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " Error: "); > va_start(args, fmt); > vprintf(fmt, args); >@@ -378,51 +404,73 @@ test_error__(const char* fmt, ...) > /* Trigger the unit test. If possible (and not suppressed) it starts a child > * process who calls test_do_run__(), otherwise it calls test_do_run__() > * directly. */ >-static void >-test_run__(const struct test__* test) >+static void test_run__(const struct test__ *test) > { > int failed = 1; > > test_current_unit__ = test; > test_current_already_logged__ = 0; > >- if(!test_no_exec__) { >- >+ if (!test_no_exec__) { > #if defined(CUTEST_UNIX__) > > pid_t pid; > int exit_code; > > pid = fork(); >- if(pid == (pid_t)-1) { >+ if (pid == (pid_t)-1) { > test_error__("Cannot fork. %s [%d]", strerror(errno), errno); > failed = 1; >- } else if(pid == 0) { >+ } else if (pid == 0) { > /* Child: Do the test. */ > failed = (test_do_run__(test) != 0); > exit(failed ? 1 : 0); > } else { > /* Parent: Wait until child terminates and analyze its exit code. */ > waitpid(pid, &exit_code, 0); >- if(WIFEXITED(exit_code)) { >- switch(WEXITSTATUS(exit_code)) { >- case 0: failed = 0; break; /* test has passed. */ >- case 1: /* noop */ break; /* "normal" failure. */ >- default: test_error__("Unexpected exit code [%d]", WEXITSTATUS(exit_code)); >+ if (WIFEXITED(exit_code)) { >+ switch (WEXITSTATUS(exit_code)) { >+ case 0: >+ failed = 0; >+ break; /* test has passed. */ >+ case 1: /* noop */ >+ break; /* "normal" failure. */ >+ default: >+ test_error__("Unexpected exit code [%d]", >+ WEXITSTATUS(exit_code)); > } >- } else if(WIFSIGNALED(exit_code)) { >+ } else if (WIFSIGNALED(exit_code)) { > char tmp[32]; >- const char* signame; >- switch(WTERMSIG(exit_code)) { >- case SIGINT: signame = "SIGINT"; break; >- case SIGHUP: signame = "SIGHUP"; break; >- case SIGQUIT: signame = "SIGQUIT"; break; >- case SIGABRT: signame = "SIGABRT"; break; >- case SIGKILL: signame = "SIGKILL"; break; >- case SIGSEGV: signame = "SIGSEGV"; break; >- case SIGILL: signame = "SIGILL"; break; >- case SIGTERM: signame = "SIGTERM"; break; >- default: sprintf(tmp, "signal %d", WTERMSIG(exit_code)); signame = tmp; break; >+ const char *signame; >+ switch (WTERMSIG(exit_code)) { >+ case SIGINT: >+ signame = "SIGINT"; >+ break; >+ case SIGHUP: >+ signame = "SIGHUP"; >+ break; >+ case SIGQUIT: >+ signame = "SIGQUIT"; >+ break; >+ case SIGABRT: >+ signame = "SIGABRT"; >+ break; >+ case SIGKILL: >+ signame = "SIGKILL"; >+ break; >+ case SIGSEGV: >+ signame = "SIGSEGV"; >+ break; >+ case SIGILL: >+ signame = "SIGILL"; >+ break; >+ case SIGTERM: >+ signame = "SIGTERM"; >+ break; >+ default: >+ sprintf(tmp, "signal %d", WTERMSIG(exit_code)); >+ signame = tmp; >+ break; > } > test_error__("Test interrupted by %s", signame); > } else { >@@ -432,26 +480,28 @@ test_run__(const struct test__* test) > > #elif defined(CUTEST_WIN__) > >- char buffer[512] = {0}; >- STARTUPINFOA startupInfo = {0}; >+ char buffer[512] = { 0 }; >+ STARTUPINFOA startupInfo = { 0 }; > PROCESS_INFORMATION processInfo; > DWORD exitCode; > > /* Windows has no fork(). So we propagate all info into the child > * through a command line arguments. */ >- _snprintf(buffer, sizeof(buffer)-1, >- "%s --no-exec --no-summary --verbose=%d --color=%s -- \"%s\"", >- test_argv0__, test_verbose_level__, >- test_colorize__ ? "always" : "never", test->name); >+ _snprintf(buffer, sizeof(buffer) - 1, >+ "%s --no-exec --no-summary --verbose=%d --color=%s -- \"%s\"", >+ test_argv0__, test_verbose_level__, >+ test_colorize__ ? "always" : "never", test->name); > startupInfo.cb = sizeof(STARTUPINFO); >- if(CreateProcessA(NULL, buffer, NULL, NULL, FALSE, 0, NULL, NULL, &startupInfo, &processInfo)) { >+ if (CreateProcessA(NULL, buffer, NULL, NULL, FALSE, 0, NULL, NULL, >+ &startupInfo, &processInfo)) { > WaitForSingleObject(processInfo.hProcess, INFINITE); > GetExitCodeProcess(processInfo.hProcess, &exitCode); > CloseHandle(processInfo.hThread); > CloseHandle(processInfo.hProcess); > failed = (exitCode != 0); > } else { >- test_error__("Cannot create unit test subprocess [%ld].", GetLastError()); >+ test_error__("Cannot create unit test subprocess [%ld].", >+ GetLastError()); > failed = 1; > } > >@@ -470,14 +520,13 @@ test_run__(const struct test__* test) > test_current_unit__ = NULL; > > test_stat_run_units__++; >- if(failed) >+ if (failed) > test_stat_failed_units__++; > } > > #if defined(CUTEST_WIN__) > /* Callback for SEH events. */ >-static LONG CALLBACK >-test_exception_filter__(EXCEPTION_POINTERS *ptrs) >+static LONG CALLBACK test_exception_filter__(EXCEPTION_POINTERS *ptrs) > { > test_error__("Unhandled SEH exception %08lx at %p.", > ptrs->ExceptionRecord->ExceptionCode, >@@ -488,35 +537,42 @@ test_exception_filter__(EXCEPTION_POINTERS *ptrs) > } > #endif > >-static void >-test_help__(void) >+static void test_help__(void) > { > printf("Usage: %s [options] [test...]\n", test_argv0__); >- printf("Run the specified unit tests; or if the option '--skip' is used, run all\n"); >- printf("tests in the suite but those listed. By default, if no tests are specified\n"); >+ printf("Run the specified unit tests; or if the option '--skip' is used, " >+ "run all\n"); >+ printf("tests in the suite but those listed. By default, if no tests are " >+ "specified\n"); > printf("on the command line, all unit tests in the suite are run.\n"); > printf("\n"); > printf("Options:\n"); >- printf(" -s, --skip Execute all unit tests but the listed ones\n"); >- printf(" --no-exec Do not execute unit tests as child processes\n"); >- printf(" --no-summary Suppress printing of test results summary\n"); >+ printf( >+ " -s, --skip Execute all unit tests but the listed ones\n"); >+ printf(" --no-exec Do not execute unit tests as child " >+ "processes\n"); >+ printf( >+ " --no-summary Suppress printing of test results summary\n"); > printf(" -l, --list List unit tests in the suite and exit\n"); > printf(" -v, --verbose Enable more verbose output\n"); > printf(" --verbose=LEVEL Set verbose level to LEVEL:\n"); > printf(" 0 ... Be silent\n"); >- printf(" 1 ... Output one line per test (and summary)\n"); >- printf(" 2 ... As 1 and failed conditions (this is default)\n"); >- printf(" 3 ... As 1 and all conditions (and extended summary)\n"); >- printf(" --color=WHEN Enable colorized output (WHEN is one of 'auto', 'always', 'never')\n"); >+ printf(" 1 ... Output one line per test (and " >+ "summary)\n"); >+ printf(" 2 ... As 1 and failed conditions (this " >+ "is default)\n"); >+ printf(" 3 ... As 1 and all conditions (and " >+ "extended summary)\n"); >+ printf(" --color=WHEN Enable colorized output (WHEN is one of " >+ "'auto', 'always', 'never')\n"); > printf(" -h, --help Display this help and exit\n"); > printf("\n"); > test_list_names__(); > } > >-int >-main(int argc, char** argv) >+int main(int argc, char **argv) > { >- const struct test__** tests = NULL; >+ const struct test__ **tests = NULL; > int i, j, n = 0; > int seen_double_dash = 0; > >@@ -531,42 +587,50 @@ main(int argc, char** argv) > #endif > > /* Parse options */ >- for(i = 1; i < argc; i++) { >- if(seen_double_dash || argv[i][0] != '-') { >- tests = (const struct test__**) realloc((void*)tests, (n+1) * sizeof(const struct test__*)); >- if(tests == NULL) { >+ for (i = 1; i < argc; i++) { >+ if (seen_double_dash || argv[i][0] != '-') { >+ tests = (const struct test__ **)realloc( >+ (void *)tests, (n + 1) * sizeof(const struct test__ *)); >+ if (tests == NULL) { > fprintf(stderr, "Out of memory.\n"); > exit(2); > } > tests[n] = test_by_name__(argv[i]); >- if(tests[n] == NULL) { >- fprintf(stderr, "%s: Unrecognized unit test '%s'\n", argv[0], argv[i]); >- fprintf(stderr, "Try '%s --list' for list of unit tests.\n", argv[0]); >+ if (tests[n] == NULL) { >+ fprintf(stderr, "%s: Unrecognized unit test '%s'\n", argv[0], >+ argv[i]); >+ fprintf(stderr, "Try '%s --list' for list of unit tests.\n", >+ argv[0]); > exit(2); > } > n++; >- } else if(strcmp(argv[i], "--") == 0) { >+ } else if (strcmp(argv[i], "--") == 0) { > seen_double_dash = 1; >- } else if(strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-h") == 0) { >+ } else if (strcmp(argv[i], "--help") == 0 || >+ strcmp(argv[i], "-h") == 0) { > test_help__(); > exit(0); >- } else if(strcmp(argv[i], "--verbose") == 0 || strcmp(argv[i], "-v") == 0) { >+ } else if (strcmp(argv[i], "--verbose") == 0 || >+ strcmp(argv[i], "-v") == 0) { > test_verbose_level__++; >- } else if(strncmp(argv[i], "--verbose=", 10) == 0) { >+ } else if (strncmp(argv[i], "--verbose=", 10) == 0) { > test_verbose_level__ = atoi(argv[i] + 10); >- } else if(strcmp(argv[i], "--color=auto") == 0) { >+ } else if (strcmp(argv[i], "--color=auto") == 0) { > /* noop (set from above) */ >- } else if(strcmp(argv[i], "--color=always") == 0 || strcmp(argv[i], "--color") == 0) { >+ } else if (strcmp(argv[i], "--color=always") == 0 || >+ strcmp(argv[i], "--color") == 0) { > test_colorize__ = 1; >- } else if(strcmp(argv[i], "--color=never") == 0) { >+ } else if (strcmp(argv[i], "--color=never") == 0) { > test_colorize__ = 0; >- } else if(strcmp(argv[i], "--skip") == 0 || strcmp(argv[i], "-s") == 0) { >+ } else if (strcmp(argv[i], "--skip") == 0 || >+ strcmp(argv[i], "-s") == 0) { > test_skip_mode__ = 1; >- } else if(strcmp(argv[i], "--no-exec") == 0) { >+ } else if (strcmp(argv[i], "--no-exec") == 0) { > test_no_exec__ = 1; >- } else if(strcmp(argv[i], "--no-summary") == 0) { >+ } else if (strcmp(argv[i], "--no-summary") == 0) { > test_no_summary__ = 1; >- } else if(strcmp(argv[i], "--list") == 0 || strcmp(argv[i], "-l") == 0) { >+ } else if (strcmp(argv[i], "--list") == 0 || >+ strcmp(argv[i], "-l") == 0) { > test_list_names__(); > exit(0); > } else { >@@ -582,66 +646,68 @@ main(int argc, char** argv) > > /* Count all test units */ > test_count__ = 0; >- for(i = 0; test_list__[i].func != NULL; i++) >+ for (i = 0; test_list__[i].func != NULL; i++) > test_count__++; > > /* Run the tests */ >- if(n == 0) { >+ if (n == 0) { > /* Run all tests */ >- for(i = 0; test_list__[i].func != NULL; i++) >+ for (i = 0; test_list__[i].func != NULL; i++) > test_run__(&test_list__[i]); >- } else if(!test_skip_mode__) { >+ } else if (!test_skip_mode__) { > /* Run the listed tests */ >- for(i = 0; i < n; i++) >+ for (i = 0; i < n; i++) > test_run__(tests[i]); > } else { > /* Run all tests except those listed */ >- for(i = 0; test_list__[i].func != NULL; i++) { >+ for (i = 0; test_list__[i].func != NULL; i++) { > int want_skip = 0; >- for(j = 0; j < n; j++) { >- if(tests[j] == &test_list__[i]) { >+ for (j = 0; j < n; j++) { >+ if (tests[j] == &test_list__[i]) { > want_skip = 1; > break; > } > } >- if(!want_skip) >+ if (!want_skip) > test_run__(&test_list__[i]); > } > } > > /* Write a summary */ >- if(!test_no_summary__ && test_verbose_level__ >= 1) { >+ if (!test_no_summary__ && test_verbose_level__ >= 1) { > test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "\nSummary:\n"); > >- if(test_verbose_level__ >= 3) { >+ if (test_verbose_level__ >= 3) { > printf(" Count of all unit tests: %4d\n", test_count__); >- printf(" Count of run unit tests: %4d\n", test_stat_run_units__); >- printf(" Count of failed unit tests: %4d\n", test_stat_failed_units__); >- printf(" Count of skipped unit tests: %4d\n", test_count__ - test_stat_run_units__); >+ printf(" Count of run unit tests: %4d\n", >+ test_stat_run_units__); >+ printf(" Count of failed unit tests: %4d\n", >+ test_stat_failed_units__); >+ printf(" Count of skipped unit tests: %4d\n", >+ test_count__ - test_stat_run_units__); > } > >- if(test_stat_failed_units__ == 0) { >+ if (test_stat_failed_units__ == 0) { > test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, >- " SUCCESS: All unit tests have passed.\n"); >+ " SUCCESS: All unit tests have passed.\n"); > } else { >- test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, >- " FAILED: %d of %d unit tests have failed.\n", >- test_stat_failed_units__, test_stat_run_units__); >+ test_print_in_color__( >+ CUTEST_COLOR_RED_INTENSIVE__, >+ " FAILED: %d of %d unit tests have failed.\n", >+ test_stat_failed_units__, test_stat_run_units__); > } > } > >- if(tests != NULL) >- free((void*)tests); >+ if (tests != NULL) >+ free((void *)tests); > > return (test_stat_failed_units__ == 0) ? 0 : 1; > } > >- >-#endif /* #ifndef TEST_NO_MAIN */ >+#endif /* #ifndef TEST_NO_MAIN */ > > #ifdef __cplusplus >- } /* extern "C" */ >+} /* extern "C" */ > #endif > >- >-#endif /* #ifndef CUTEST_H__ */ >+#endif /* #ifndef CUTEST_H__ */ >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/dtls_srtp_driver.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/dtls_srtp_driver.c >index ebf73f9fc51b5e50e9f2ed3d95e19f8e020bddfd..4f4d0a39b38edc4b488f64ed53761dfcd063ec65 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/dtls_srtp_driver.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/dtls_srtp_driver.c >@@ -7,26 +7,26 @@ > * Cisco Systems, Inc. > */ > /* >- * >+ * > * Copyright (c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -46,171 +46,170 @@ > #include "getopt_s.h" /* for local getopt() */ > #include "srtp_priv.h" > >-srtp_err_status_t >-test_dtls_srtp(void); >+srtp_err_status_t test_dtls_srtp(void); > >-srtp_hdr_t * >-srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc); >+srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc); > >-void >-usage(char *prog_name) { >- printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n" >- " -d <mod> turn on debugging module <mod>\n" >- " -l list debugging modules\n", prog_name); >- exit(1); >+void usage(char *prog_name) >+{ >+ printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n" >+ " -d <mod> turn on debugging module <mod>\n" >+ " -l list debugging modules\n", >+ prog_name); >+ exit(1); > } > >-int >-main(int argc, char *argv[]) { >- unsigned do_list_mods = 0; >- int q; >- srtp_err_status_t err; >+int main(int argc, char *argv[]) >+{ >+ unsigned do_list_mods = 0; >+ int q; >+ srtp_err_status_t err; > >- printf("dtls_srtp_driver\n"); >+ printf("dtls_srtp_driver\n"); > >- /* initialize srtp library */ >- err = srtp_init(); >- if (err) { >- printf("error: srtp init failed with error code %d\n", err); >- exit(1); >- } >- >- /* process input arguments */ >- while (1) { >- q = getopt_s(argc, argv, "ld:"); >- if (q == -1) >- break; >- switch (q) { >- case 'l': >- do_list_mods = 1; >- break; >- case 'd': >- err = srtp_crypto_kernel_set_debug_module(optarg_s, 1); >- if (err) { >- printf("error: set debug module (%s) failed\n", optarg_s); >+ /* initialize srtp library */ >+ err = srtp_init(); >+ if (err) { >+ printf("error: srtp init failed with error code %d\n", err); > exit(1); >- } >- break; >- default: >- usage(argv[0]); >- } >- } >- >- if (do_list_mods) { >- err = srtp_crypto_kernel_list_debug_modules(); >+ } >+ >+ /* process input arguments */ >+ while (1) { >+ q = getopt_s(argc, argv, "ld:"); >+ if (q == -1) >+ break; >+ switch (q) { >+ case 'l': >+ do_list_mods = 1; >+ break; >+ case 'd': >+ err = srtp_crypto_kernel_set_debug_module(optarg_s, 1); >+ if (err) { >+ printf("error: set debug module (%s) failed\n", optarg_s); >+ exit(1); >+ } >+ break; >+ default: >+ usage(argv[0]); >+ } >+ } >+ >+ if (do_list_mods) { >+ err = srtp_crypto_kernel_list_debug_modules(); >+ if (err) { >+ printf("error: list of debug modules failed\n"); >+ exit(1); >+ } >+ } >+ >+ printf("testing dtls_srtp..."); >+ err = test_dtls_srtp(); > if (err) { >- printf("error: list of debug modules failed\n"); >- exit(1); >+ printf("\nerror (code %d)\n", err); >+ exit(1); > } >- } >+ printf("passed\n"); > >- printf("testing dtls_srtp..."); >- err = test_dtls_srtp(); >- if (err) { >- printf("\nerror (code %d)\n", err); >- exit(1); >- } >- printf("passed\n"); >- >- /* shut down srtp library */ >- err = srtp_shutdown(); >- if (err) { >- printf("error: srtp shutdown failed with error code %d\n", err); >- exit(1); >- } >+ /* shut down srtp library */ >+ err = srtp_shutdown(); >+ if (err) { >+ printf("error: srtp shutdown failed with error code %d\n", err); >+ exit(1); >+ } > >- return 0; >+ return 0; > } > >+srtp_err_status_t test_dtls_srtp(void) >+{ >+ srtp_hdr_t *test_packet; >+ int test_packet_len = 80; >+ srtp_t s; >+ srtp_policy_t policy; >+ uint8_t key[SRTP_MAX_KEY_LEN]; >+ uint8_t salt[SRTP_MAX_KEY_LEN]; >+ unsigned int key_len, salt_len; >+ srtp_profile_t profile; >+ srtp_err_status_t err; > >-srtp_err_status_t >-test_dtls_srtp(void) { >- srtp_hdr_t *test_packet; >- int test_packet_len = 80; >- srtp_t s; >- srtp_policy_t policy; >- uint8_t key[SRTP_MAX_KEY_LEN]; >- uint8_t salt[SRTP_MAX_KEY_LEN]; >- unsigned int key_len, salt_len; >- srtp_profile_t profile; >- srtp_err_status_t err; >- >- memset(&policy, 0x0, sizeof(srtp_policy_t)); >- >- /* create a 'null' SRTP session */ >- err = srtp_create(&s, NULL); >- if (err) >- return err; >- >- /* >- * verify that packet-processing functions behave properly - we >- * expect that these functions will return srtp_err_status_no_ctx >- */ >- test_packet = srtp_create_test_packet(80, 0xa5a5a5a5); >- if (test_packet == NULL) >- return srtp_err_status_alloc_fail; >- err = srtp_protect(s, test_packet, &test_packet_len); >- if (err != srtp_err_status_no_ctx) { >- printf("wrong return value from srtp_protect() (got code %d)\n", >- err); >- return srtp_err_status_fail; >- } >- err = srtp_unprotect(s, test_packet, &test_packet_len); >- if (err != srtp_err_status_no_ctx) { >- printf("wrong return value from srtp_unprotect() (got code %d)\n", >- err); >- return srtp_err_status_fail; >- } >- err = srtp_protect_rtcp(s, test_packet, &test_packet_len); >- if (err != srtp_err_status_no_ctx) { >- printf("wrong return value from srtp_protect_rtcp() (got code %d)\n", >- err); >- return srtp_err_status_fail; >- } >- err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len); >- if (err != srtp_err_status_no_ctx) { >- printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n", >- err); >- return srtp_err_status_fail; >- } >- >- >- /* >- * set keys to known values for testing >- */ >- profile = srtp_profile_aes128_cm_sha1_80; >- key_len = srtp_profile_get_master_key_length(profile); >- salt_len = srtp_profile_get_master_salt_length(profile); >- memset(key, 0xff, key_len); >- memset(salt, 0xee, salt_len); >- srtp_append_salt_to_key(key, key_len, salt, salt_len); >- policy.key = key; >- >- /* initialize SRTP policy from profile */ >- err = srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile); >- if (err) return err; >- err = srtp_crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile); >- if (err) return err; >- policy.ssrc.type = ssrc_any_inbound; >- policy.ekt = NULL; >- policy.window_size = 128; >- policy.allow_repeat_tx = 0; >- policy.next = NULL; >- >- err = srtp_add_stream(s, &policy); >- if (err) >- return err; >- >- err = srtp_dealloc(s); >- if (err) >- return err; >- >- free(test_packet); >- >- return srtp_err_status_ok; >-} >+ memset(&policy, 0x0, sizeof(srtp_policy_t)); > >+ /* create a 'null' SRTP session */ >+ err = srtp_create(&s, NULL); >+ if (err) >+ return err; > >+ /* >+ * verify that packet-processing functions behave properly - we >+ * expect that these functions will return srtp_err_status_no_ctx >+ */ >+ test_packet = srtp_create_test_packet(80, 0xa5a5a5a5); >+ if (test_packet == NULL) >+ return srtp_err_status_alloc_fail; >+ >+ err = srtp_protect(s, test_packet, &test_packet_len); >+ if (err != srtp_err_status_no_ctx) { >+ printf("wrong return value from srtp_protect() (got code %d)\n", err); >+ return srtp_err_status_fail; >+ } >+ >+ err = srtp_unprotect(s, test_packet, &test_packet_len); >+ if (err != srtp_err_status_no_ctx) { >+ printf("wrong return value from srtp_unprotect() (got code %d)\n", err); >+ return srtp_err_status_fail; >+ } >+ >+ err = srtp_protect_rtcp(s, test_packet, &test_packet_len); >+ if (err != srtp_err_status_no_ctx) { >+ printf("wrong return value from srtp_protect_rtcp() (got code %d)\n", >+ err); >+ return srtp_err_status_fail; >+ } >+ >+ err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len); >+ if (err != srtp_err_status_no_ctx) { >+ printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n", >+ err); >+ return srtp_err_status_fail; >+ } >+ >+ /* >+ * set keys to known values for testing >+ */ >+ profile = srtp_profile_aes128_cm_sha1_80; >+ key_len = srtp_profile_get_master_key_length(profile); >+ salt_len = srtp_profile_get_master_salt_length(profile); >+ memset(key, 0xff, key_len); >+ memset(salt, 0xee, salt_len); >+ srtp_append_salt_to_key(key, key_len, salt, salt_len); >+ policy.key = key; >+ >+ /* initialize SRTP policy from profile */ >+ err = srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile); >+ if (err) >+ return err; >+ err = srtp_crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile); >+ if (err) >+ return err; >+ policy.ssrc.type = ssrc_any_inbound; >+ policy.ekt = NULL; >+ policy.window_size = 128; >+ policy.allow_repeat_tx = 0; >+ policy.next = NULL; >+ >+ err = srtp_add_stream(s, &policy); >+ if (err) >+ return err; >+ >+ err = srtp_dealloc(s); >+ if (err) >+ return err; >+ >+ free(test_packet); >+ >+ return srtp_err_status_ok; >+} > > /* > * srtp_create_test_packet(len, ssrc) returns a pointer to a >@@ -225,39 +224,38 @@ test_dtls_srtp(void) { > * deallocated with the free() call once it is no longer needed. > */ > >-srtp_hdr_t * >-srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) { >- int i; >- uint8_t *buffer; >- srtp_hdr_t *hdr; >- int bytes_in_hdr = 12; >- >- /* allocate memory for test packet */ >- hdr = malloc(pkt_octet_len + bytes_in_hdr >- + SRTP_MAX_TRAILER_LEN + 4); >- if (!hdr) >- return NULL; >- >- hdr->version = 2; /* RTP version two */ >- hdr->p = 0; /* no padding needed */ >- hdr->x = 0; /* no header extension */ >- hdr->cc = 0; /* no CSRCs */ >- hdr->m = 0; /* marker bit */ >- hdr->pt = 0xf; /* payload type */ >- hdr->seq = htons(0x1234); /* sequence number */ >- hdr->ts = htonl(0xdecafbad); /* timestamp */ >- hdr->ssrc = htonl(ssrc); /* synch. source */ >- >- buffer = (uint8_t *)hdr; >- buffer += bytes_in_hdr; >- >- /* set RTP data to 0xab */ >- for (i=0; i < pkt_octet_len; i++) >- *buffer++ = 0xab; >- >- /* set post-data value to 0xffff to enable overrun checking */ >- for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++) >- *buffer++ = 0xff; >- >- return hdr; >+srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) >+{ >+ int i; >+ uint8_t *buffer; >+ srtp_hdr_t *hdr; >+ int bytes_in_hdr = 12; >+ >+ /* allocate memory for test packet */ >+ hdr = malloc(pkt_octet_len + bytes_in_hdr + SRTP_MAX_TRAILER_LEN + 4); >+ if (!hdr) >+ return NULL; >+ >+ hdr->version = 2; /* RTP version two */ >+ hdr->p = 0; /* no padding needed */ >+ hdr->x = 0; /* no header extension */ >+ hdr->cc = 0; /* no CSRCs */ >+ hdr->m = 0; /* marker bit */ >+ hdr->pt = 0xf; /* payload type */ >+ hdr->seq = htons(0x1234); /* sequence number */ >+ hdr->ts = htonl(0xdecafbad); /* timestamp */ >+ hdr->ssrc = htonl(ssrc); /* synch. source */ >+ >+ buffer = (uint8_t *)hdr; >+ buffer += bytes_in_hdr; >+ >+ /* set RTP data to 0xab */ >+ for (i = 0; i < pkt_octet_len; i++) >+ *buffer++ = 0xab; >+ >+ /* set post-data value to 0xffff to enable overrun checking */ >+ for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) >+ *buffer++ = 0xff; >+ >+ return hdr; > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/getopt_s.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/getopt_s.c >index 35e8871f9f735014af15b2161dd007b3f5885ba3..ab631878a4050a1567230c60e086acc9a9915678 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/getopt_s.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/getopt_s.c >@@ -3,30 +3,30 @@ > * > * a minimal implementation of the getopt() function, written so that > * test applications that use that function can run on non-POSIX >- * platforms >+ * platforms > * > */ > /* >- * >+ * > * Copyright (c) 2001-2017 Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -42,71 +42,67 @@ > * > */ > >-#include <stdlib.h> /* for NULL */ >+#include <stdlib.h> /* for NULL */ > > int optind_s = 0; > > char *optarg_s; > >-#define GETOPT_FOUND_WITHOUT_ARGUMENT 2 >-#define GETOPT_FOUND_WITH_ARGUMENT 1 >-#define GETOPT_NOT_FOUND 0 >+#define GETOPT_FOUND_WITHOUT_ARGUMENT 2 >+#define GETOPT_FOUND_WITH_ARGUMENT 1 >+#define GETOPT_NOT_FOUND 0 > >-static int >-getopt_check_character(char c, const char *string) { >- unsigned int max_string_len = 128; >+static int getopt_check_character(char c, const char *string) >+{ >+ unsigned int max_string_len = 128; > >- while (*string != 0) { >- if (max_string_len == 0) { >- return '?'; >+ while (*string != 0) { >+ if (max_string_len == 0) { >+ return '?'; >+ } >+ if (*string++ == c) { >+ if (*string == ':') { >+ return GETOPT_FOUND_WITH_ARGUMENT; >+ } else { >+ return GETOPT_FOUND_WITHOUT_ARGUMENT; >+ } >+ } > } >- if (*string++ == c) { >- if (*string == ':') { >- return GETOPT_FOUND_WITH_ARGUMENT; >- } else { >- return GETOPT_FOUND_WITHOUT_ARGUMENT; >- } >- } >- } >- return GETOPT_NOT_FOUND; >+ return GETOPT_NOT_FOUND; > } > >-int >-getopt_s(int argc, >- char * const argv[], >- const char *optstring) { >- >+int getopt_s(int argc, char *const argv[], const char *optstring) >+{ >+ while (optind_s + 1 < argc) { >+ char *string; > >- while (optind_s + 1 < argc) { >- char *string; >- >- /* move 'string' on to next argument */ >- optind_s++; >- string = argv[optind_s]; >+ /* move 'string' on to next argument */ >+ optind_s++; >+ string = argv[optind_s]; > >- if (string == NULL) >- return '?'; /* NULL argument string */ >+ if (string == NULL) >+ return '?'; /* NULL argument string */ > >- if (string[0] != '-') >- return -1; /* found an unexpected character */ >+ if (string[0] != '-') >+ return -1; /* found an unexpected character */ > >- switch(getopt_check_character(string[1], optstring)) { >- case GETOPT_FOUND_WITH_ARGUMENT: >- if (optind_s + 1 < argc) { >- optind_s++; >- optarg_s = argv[optind_s]; >- return string[1]; >- } else { >- return '?'; /* argument missing */ >- } >- case GETOPT_FOUND_WITHOUT_ARGUMENT: >- return string[1]; >- case GETOPT_NOT_FOUND: >- default: >- return '?'; /* didn't find expected character */ >- break; >+ switch (getopt_check_character(string[1], optstring)) { >+ case GETOPT_FOUND_WITH_ARGUMENT: >+ if (optind_s + 1 < argc) { >+ optind_s++; >+ optarg_s = argv[optind_s]; >+ return string[1]; >+ } else { >+ return '?'; /* argument missing */ >+ } >+ case GETOPT_FOUND_WITHOUT_ARGUMENT: >+ return string[1]; >+ case GETOPT_NOT_FOUND: >+ default: >+ return '?'; /* didn't find expected character */ >+ break; >+ } > } >- } > >- return -1; >+ return -1; > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rdbx_driver.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rdbx_driver.c >index 8ecbf9f49bfbf828a12aabefce6fd73da1a78fc3..609ce9c8e48a275cc199b3a1e8dab4b890a9ab7d 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rdbx_driver.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rdbx_driver.c >@@ -6,28 +6,27 @@ > * David A. McGrew > * Cisco Systems, Inc. > */ >- > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -44,7 +43,7 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include <stdio.h> /* for printf() */ >@@ -58,89 +57,84 @@ > > #include "ut_sim.h" > >-srtp_err_status_t >-test_replay_dbx(int num_trials, unsigned long ws); >+srtp_err_status_t test_replay_dbx(int num_trials, unsigned long ws); > >-double >-rdbx_check_adds_per_second(int num_trials, unsigned long ws); >+double rdbx_check_adds_per_second(int num_trials, unsigned long ws); > >-void >-usage(char *prog_name) { >- printf("usage: %s [ -t | -v ]\n", prog_name); >- exit(255); >+void usage(char *prog_name) >+{ >+ printf("usage: %s [ -t | -v ]\n", prog_name); >+ exit(255); > } > >-int >-main (int argc, char *argv[]) { >- double rate; >- srtp_err_status_t status; >- int q; >- unsigned do_timing_test = 0; >- unsigned do_validation = 0; >- >- /* process input arguments */ >- while (1) { >- q = getopt_s(argc, argv, "tv"); >- if (q == -1) >- break; >- switch (q) { >- case 't': >- do_timing_test = 1; >- break; >- case 'v': >- do_validation = 1; >- break; >- default: >- usage(argv[0]); >- } >- } >- >- printf("rdbx (replay database w/ extended range) test driver\n" >- "David A. McGrew\n" >- "Cisco Systems, Inc.\n"); >- >- if (!do_validation && !do_timing_test) >- usage(argv[0]); >- >- if (do_validation) { >- printf("testing srtp_rdbx_t (ws=128)...\n"); >- >- status = test_replay_dbx(1 << 12, 128); >- if (status) { >- printf("failed\n"); >- exit(1); >+int main(int argc, char *argv[]) >+{ >+ double rate; >+ srtp_err_status_t status; >+ int q; >+ unsigned do_timing_test = 0; >+ unsigned do_validation = 0; >+ >+ /* process input arguments */ >+ while (1) { >+ q = getopt_s(argc, argv, "tv"); >+ if (q == -1) >+ break; >+ switch (q) { >+ case 't': >+ do_timing_test = 1; >+ break; >+ case 'v': >+ do_validation = 1; >+ break; >+ default: >+ usage(argv[0]); >+ } > } >- printf("passed\n"); > >- printf("testing srtp_rdbx_t (ws=1024)...\n"); >+ printf("rdbx (replay database w/ extended range) test driver\n" >+ "David A. McGrew\n" >+ "Cisco Systems, Inc.\n"); > >- status = test_replay_dbx(1 << 12, 1024); >- if (status) { >- printf("failed\n"); >- exit(1); >+ if (!do_validation && !do_timing_test) >+ usage(argv[0]); >+ >+ if (do_validation) { >+ printf("testing srtp_rdbx_t (ws=128)...\n"); >+ >+ status = test_replay_dbx(1 << 12, 128); >+ if (status) { >+ printf("failed\n"); >+ exit(1); >+ } >+ printf("passed\n"); >+ >+ printf("testing srtp_rdbx_t (ws=1024)...\n"); >+ >+ status = test_replay_dbx(1 << 12, 1024); >+ if (status) { >+ printf("failed\n"); >+ exit(1); >+ } >+ printf("passed\n"); > } >- printf("passed\n"); >- } >- >- if (do_timing_test) { >- rate = rdbx_check_adds_per_second(1 << 18, 128); >- printf("rdbx_check/replay_adds per second (ws=128): %e\n", rate); >- rate = rdbx_check_adds_per_second(1 << 18, 1024); >- printf("rdbx_check/replay_adds per second (ws=1024): %e\n", rate); >- } >- >- return 0; >-} > >-void >-print_rdbx(srtp_rdbx_t *rdbx) { >- char buf[2048]; >- printf("rdbx: {%llu, %s}\n", >- (unsigned long long)(rdbx->index), >- bitvector_bit_string(&rdbx->bitmask, buf, sizeof(buf)) >-); >+ if (do_timing_test) { >+ rate = rdbx_check_adds_per_second(1 << 18, 128); >+ printf("rdbx_check/replay_adds per second (ws=128): %e\n", rate); >+ rate = rdbx_check_adds_per_second(1 << 18, 1024); >+ printf("rdbx_check/replay_adds per second (ws=1024): %e\n", rate); >+ } >+ >+ return 0; > } > >+void print_rdbx(srtp_rdbx_t *rdbx) >+{ >+ char buf[2048]; >+ printf("rdbx: {%llu, %s}\n", (unsigned long long)(rdbx->index), >+ bitvector_bit_string(&rdbx->bitmask, buf, sizeof(buf))); >+} > > /* > * rdbx_check_add(rdbx, idx) checks a known-to-be-good idx against >@@ -150,217 +144,214 @@ print_rdbx(srtp_rdbx_t *rdbx) { > * > */ > >-srtp_err_status_t >-rdbx_check_add(srtp_rdbx_t *rdbx, uint32_t idx) { >- int delta; >- srtp_xtd_seq_num_t est; >- >- delta = srtp_index_guess(&rdbx->index, &est, idx); >- >- if (srtp_rdbx_check(rdbx, delta) != srtp_err_status_ok) { >- printf("replay_check failed at index %u\n", idx); >- return srtp_err_status_algo_fail; >- } >- >- /* >- * in practice, we'd authenticate the packet containing idx, using >- * the estimated value est, at this point >- */ >- >- if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) { >- printf("rdbx_add_index failed at index %u\n", idx); >- return srtp_err_status_algo_fail; >- } >- >- return srtp_err_status_ok; >+srtp_err_status_t rdbx_check_add(srtp_rdbx_t *rdbx, uint32_t idx) >+{ >+ int delta; >+ srtp_xtd_seq_num_t est; >+ >+ delta = srtp_index_guess(&rdbx->index, &est, idx); >+ >+ if (srtp_rdbx_check(rdbx, delta) != srtp_err_status_ok) { >+ printf("replay_check failed at index %u\n", idx); >+ return srtp_err_status_algo_fail; >+ } >+ >+ /* >+ * in practice, we'd authenticate the packet containing idx, using >+ * the estimated value est, at this point >+ */ >+ >+ if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) { >+ printf("rdbx_add_index failed at index %u\n", idx); >+ return srtp_err_status_algo_fail; >+ } >+ >+ return srtp_err_status_ok; > } > > /* > * rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx) >- * >+ * > * checks that a sequence number idx is in the replay database > * and thus will be rejected > */ > >-srtp_err_status_t >-rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx) { >- int delta; >- srtp_xtd_seq_num_t est; >- srtp_err_status_t status; >+srtp_err_status_t rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx) >+{ >+ int delta; >+ srtp_xtd_seq_num_t est; >+ srtp_err_status_t status; > >- delta = srtp_index_guess(&rdbx->index, &est, idx); >+ delta = srtp_index_guess(&rdbx->index, &est, idx); > >- status = srtp_rdbx_check(rdbx, delta); >- if (status == srtp_err_status_ok) { >- printf("delta: %d ", delta); >- printf("replay_check failed at index %u (false positive)\n", idx); >- return srtp_err_status_algo_fail; >- } >+ status = srtp_rdbx_check(rdbx, delta); >+ if (status == srtp_err_status_ok) { >+ printf("delta: %d ", delta); >+ printf("replay_check failed at index %u (false positive)\n", idx); >+ return srtp_err_status_algo_fail; >+ } > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-srtp_err_status_t >-rdbx_check_add_unordered(srtp_rdbx_t *rdbx, uint32_t idx) { >- int delta; >- srtp_xtd_seq_num_t est; >- srtp_err_status_t rstat; >- >- delta = srtp_index_guess(&rdbx->index, &est, idx); >- >- rstat = srtp_rdbx_check(rdbx, delta); >- if ((rstat != srtp_err_status_ok) && (rstat != srtp_err_status_replay_old)) { >- printf("replay_check_add_unordered failed at index %u\n", idx); >- return srtp_err_status_algo_fail; >- } >- if (rstat == srtp_err_status_replay_old) { >- return srtp_err_status_ok; >- } >- if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) { >- printf("rdbx_add_index failed at index %u\n", idx); >- return srtp_err_status_algo_fail; >- } >- >- return srtp_err_status_ok; >-} >+srtp_err_status_t rdbx_check_add_unordered(srtp_rdbx_t *rdbx, uint32_t idx) >+{ >+ int delta; >+ srtp_xtd_seq_num_t est; >+ srtp_err_status_t rstat; >+ >+ delta = srtp_index_guess(&rdbx->index, &est, idx); >+ >+ rstat = srtp_rdbx_check(rdbx, delta); >+ if ((rstat != srtp_err_status_ok) && >+ (rstat != srtp_err_status_replay_old)) { >+ printf("replay_check_add_unordered failed at index %u\n", idx); >+ return srtp_err_status_algo_fail; >+ } >+ if (rstat == srtp_err_status_replay_old) { >+ return srtp_err_status_ok; >+ } >+ if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) { >+ printf("rdbx_add_index failed at index %u\n", idx); >+ return srtp_err_status_algo_fail; >+ } > >-srtp_err_status_t >-test_replay_dbx(int num_trials, unsigned long ws) { >- srtp_rdbx_t rdbx; >- uint32_t idx, ircvd; >- ut_connection utc; >- srtp_err_status_t status; >- int num_fp_trials; >- >- status = srtp_rdbx_init(&rdbx, ws); >- if (status) { >- printf("replay_init failed with error code %d\n", status); >- exit(1); >- } >- >- /* >- * test sequential insertion >- */ >- printf("\ttesting sequential insertion..."); >- for (idx=0; (int) idx < num_trials; idx++) { >- status = rdbx_check_add(&rdbx, idx); >- if (status) >- return status; >- } >- printf("passed\n"); >- >- /* >- * test for false positives by checking all of the index >- * values which we've just added >- * >- * note that we limit the number of trials here, since allowing the >- * rollover counter to roll over would defeat this test >- */ >- num_fp_trials = num_trials % 0x10000; >- if (num_fp_trials == 0) { >- printf("warning: no false positive tests performed\n"); >- } >- printf("\ttesting for false positives..."); >- for (idx=0; (int) idx < num_fp_trials; idx++) { >- status = rdbx_check_expect_failure(&rdbx, idx); >- if (status) >- return status; >- } >- printf("passed\n"); >- >- /* re-initialize */ >- srtp_rdbx_dealloc(&rdbx); >- >- if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) { >- printf("replay_init failed\n"); >- return srtp_err_status_init_fail; >- } >- >- /* >- * test non-sequential insertion >- * >- * this test covers only fase negatives, since the values returned >- * by ut_next_index(...) are distinct >- */ >- ut_init(&utc); >- >- printf("\ttesting non-sequential insertion..."); >- for (idx=0; (int) idx < num_trials; idx++) { >- ircvd = ut_next_index(&utc); >- status = rdbx_check_add_unordered(&rdbx, ircvd); >- if (status) >- return status; >- status = rdbx_check_expect_failure(&rdbx, ircvd); >- if (status) >- return status; >- } >- printf("passed\n"); >- >- /* re-initialize */ >- srtp_rdbx_dealloc(&rdbx); >- >- if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) { >- printf("replay_init failed\n"); >- return srtp_err_status_init_fail; >- } >- >- /* >- * test insertion with large gaps. >- * check for false positives for each insertion. >- */ >- printf("\ttesting insertion with large gaps..."); >- for (idx=0, ircvd=0; (int) idx < num_trials; idx++, ircvd += (1 << (rand() % 12))) { >- status = rdbx_check_add(&rdbx, ircvd); >- if (status) >- return status; >- status = rdbx_check_expect_failure(&rdbx, ircvd); >- if (status) >- return status; >- } >- printf("passed\n"); >- >- srtp_rdbx_dealloc(&rdbx); >- >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >+srtp_err_status_t test_replay_dbx(int num_trials, unsigned long ws) >+{ >+ srtp_rdbx_t rdbx; >+ uint32_t idx, ircvd; >+ ut_connection utc; >+ srtp_err_status_t status; >+ int num_fp_trials; >+ >+ status = srtp_rdbx_init(&rdbx, ws); >+ if (status) { >+ printf("replay_init failed with error code %d\n", status); >+ exit(1); >+ } >+ >+ /* >+ * test sequential insertion >+ */ >+ printf("\ttesting sequential insertion..."); >+ for (idx = 0; (int)idx < num_trials; idx++) { >+ status = rdbx_check_add(&rdbx, idx); >+ if (status) >+ return status; >+ } >+ printf("passed\n"); >+ >+ /* >+ * test for false positives by checking all of the index >+ * values which we've just added >+ * >+ * note that we limit the number of trials here, since allowing the >+ * rollover counter to roll over would defeat this test >+ */ >+ num_fp_trials = num_trials % 0x10000; >+ if (num_fp_trials == 0) { >+ printf("warning: no false positive tests performed\n"); >+ } >+ printf("\ttesting for false positives..."); >+ for (idx = 0; (int)idx < num_fp_trials; idx++) { >+ status = rdbx_check_expect_failure(&rdbx, idx); >+ if (status) >+ return status; >+ } >+ printf("passed\n"); >+ >+ /* re-initialize */ >+ srtp_rdbx_dealloc(&rdbx); >+ >+ if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) { >+ printf("replay_init failed\n"); >+ return srtp_err_status_init_fail; >+ } >+ >+ /* >+ * test non-sequential insertion >+ * >+ * this test covers only fase negatives, since the values returned >+ * by ut_next_index(...) are distinct >+ */ >+ ut_init(&utc); >+ >+ printf("\ttesting non-sequential insertion..."); >+ for (idx = 0; (int)idx < num_trials; idx++) { >+ ircvd = ut_next_index(&utc); >+ status = rdbx_check_add_unordered(&rdbx, ircvd); >+ if (status) >+ return status; >+ status = rdbx_check_expect_failure(&rdbx, ircvd); >+ if (status) >+ return status; >+ } >+ printf("passed\n"); >+ >+ /* re-initialize */ >+ srtp_rdbx_dealloc(&rdbx); >+ >+ if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) { >+ printf("replay_init failed\n"); >+ return srtp_err_status_init_fail; >+ } >+ >+ /* >+ * test insertion with large gaps. >+ * check for false positives for each insertion. >+ */ >+ printf("\ttesting insertion with large gaps..."); >+ for (idx = 0, ircvd = 0; (int)idx < num_trials; >+ idx++, ircvd += (1 << (rand() % 12))) { >+ status = rdbx_check_add(&rdbx, ircvd); >+ if (status) >+ return status; >+ status = rdbx_check_expect_failure(&rdbx, ircvd); >+ if (status) >+ return status; >+ } >+ printf("passed\n"); > >+ srtp_rdbx_dealloc(&rdbx); > >-#include <time.h> /* for clock() */ >-#include <stdlib.h> /* for random() */ >- >-double >-rdbx_check_adds_per_second(int num_trials, unsigned long ws) { >- uint32_t i; >- int delta; >- srtp_rdbx_t rdbx; >- srtp_xtd_seq_num_t est; >- clock_t timer; >- int failures; /* count number of failures */ >- >- if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) { >- printf("replay_init failed\n"); >- exit(1); >- } >- >- failures = 0; >- timer = clock(); >- for(i=0; (int) i < num_trials; i++) { >- >- delta = srtp_index_guess(&rdbx.index, &est, i); >- >- if (srtp_rdbx_check(&rdbx, delta) != srtp_err_status_ok) >- ++failures; >- else >- if (srtp_rdbx_add_index(&rdbx, delta) != srtp_err_status_ok) >- ++failures; >- } >- timer = clock() - timer; >- >- printf("number of failures: %d \n", failures); >- >- srtp_rdbx_dealloc(&rdbx); >- >- return (double) CLOCKS_PER_SEC * num_trials / timer; >+ return srtp_err_status_ok; > } > >+#include <time.h> /* for clock() */ >+#include <stdlib.h> /* for random() */ >+ >+double rdbx_check_adds_per_second(int num_trials, unsigned long ws) >+{ >+ uint32_t i; >+ int delta; >+ srtp_rdbx_t rdbx; >+ srtp_xtd_seq_num_t est; >+ clock_t timer; >+ int failures; /* count number of failures */ >+ >+ if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) { >+ printf("replay_init failed\n"); >+ exit(1); >+ } >+ >+ failures = 0; >+ timer = clock(); >+ for (i = 0; (int)i < num_trials; i++) { >+ delta = srtp_index_guess(&rdbx.index, &est, i); >+ >+ if (srtp_rdbx_check(&rdbx, delta) != srtp_err_status_ok) >+ ++failures; >+ else if (srtp_rdbx_add_index(&rdbx, delta) != srtp_err_status_ok) >+ ++failures; >+ } >+ timer = clock() - timer; >+ >+ printf("number of failures: %d \n", failures); >+ >+ srtp_rdbx_dealloc(&rdbx); >+ >+ return (double)CLOCKS_PER_SEC * num_trials / timer; >+} >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/replay_driver.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/replay_driver.c >index b964a4a03ebbca542d8f2c04045b75f7e9168791..a88224684f6a411ce15aeb530b33a0c8c58e55a3 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/replay_driver.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/replay_driver.c >@@ -8,26 +8,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -44,7 +44,7 @@ > */ > > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include <stdio.h> >@@ -59,226 +59,225 @@ > > unsigned num_trials = 1 << 16; > >-srtp_err_status_t >-test_rdb_db(void); >- >-double >-rdb_check_adds_per_second(void); >- >-int >-main (void) { >- srtp_err_status_t err; >- >- printf("testing anti-replay database (srtp_rdb_t)...\n"); >- err = test_rdb_db(); >- if (err) { >- printf("failed\n"); >- exit(1); >- } >- printf("done\n"); >- >- printf("rdb_check/rdb_adds per second: %e\n", >- rdb_check_adds_per_second()); >- >- return 0; >-} >+srtp_err_status_t test_rdb_db(void); > >+double rdb_check_adds_per_second(void); > >-void >-print_rdb(srtp_rdb_t *rdb) { >- printf("rdb: {%u, %s}\n", rdb->window_start, v128_bit_string(&rdb->bitmask)); >-} >+int main(void) >+{ >+ srtp_err_status_t err; >+ >+ printf("testing anti-replay database (srtp_rdb_t)...\n"); >+ err = test_rdb_db(); >+ if (err) { >+ printf("failed\n"); >+ exit(1); >+ } >+ printf("done\n"); > >-srtp_err_status_t >-rdb_check_add(srtp_rdb_t *rdb, uint32_t idx) { >+ printf("rdb_check/rdb_adds per second: %e\n", rdb_check_adds_per_second()); > >- if (srtp_rdb_check(rdb, idx) != srtp_err_status_ok) { >- printf("rdb_check failed at index %u\n", idx); >- return srtp_err_status_fail; >- } >- if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) { >- printf("rdb_add_index failed at index %u\n", idx); >- return srtp_err_status_fail; >- } >+ return 0; >+} > >- return srtp_err_status_ok; >+void print_rdb(srtp_rdb_t *rdb) >+{ >+ printf("rdb: {%u, %s}\n", rdb->window_start, >+ v128_bit_string(&rdb->bitmask)); > } > >-srtp_err_status_t >-rdb_check_expect_failure(srtp_rdb_t *rdb, uint32_t idx) { >- srtp_err_status_t err; >- >- err = srtp_rdb_check(rdb, idx); >- if ((err != srtp_err_status_replay_old) && (err != srtp_err_status_replay_fail)) { >- printf("rdb_check failed at index %u (false positive)\n", idx); >- return srtp_err_status_fail; >- } >- >- return srtp_err_status_ok; >+srtp_err_status_t rdb_check_add(srtp_rdb_t *rdb, uint32_t idx) >+{ >+ if (srtp_rdb_check(rdb, idx) != srtp_err_status_ok) { >+ printf("rdb_check failed at index %u\n", idx); >+ return srtp_err_status_fail; >+ } >+ if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) { >+ printf("rdb_add_index failed at index %u\n", idx); >+ return srtp_err_status_fail; >+ } >+ >+ return srtp_err_status_ok; >+} >+ >+srtp_err_status_t rdb_check_expect_failure(srtp_rdb_t *rdb, uint32_t idx) >+{ >+ srtp_err_status_t err; >+ >+ err = srtp_rdb_check(rdb, idx); >+ if ((err != srtp_err_status_replay_old) && >+ (err != srtp_err_status_replay_fail)) { >+ printf("rdb_check failed at index %u (false positive)\n", idx); >+ return srtp_err_status_fail; >+ } >+ >+ return srtp_err_status_ok; > } > >-srtp_err_status_t >-rdb_check_add_unordered(srtp_rdb_t *rdb, uint32_t idx) { >- srtp_err_status_t rstat; >- >- /* printf("index: %u\n", idx); */ >- rstat = srtp_rdb_check(rdb, idx); >- if ((rstat != srtp_err_status_ok) && (rstat != srtp_err_status_replay_old)) { >- printf("rdb_check_add_unordered failed at index %u\n", idx); >- return rstat; >- } >- if (rstat == srtp_err_status_replay_old) { >- return srtp_err_status_ok; >- } >- if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) { >- printf("rdb_add_index failed at index %u\n", idx); >- return srtp_err_status_fail; >- } >- >- return srtp_err_status_ok; >+srtp_err_status_t rdb_check_add_unordered(srtp_rdb_t *rdb, uint32_t idx) >+{ >+ srtp_err_status_t rstat; >+ >+ /* printf("index: %u\n", idx); */ >+ rstat = srtp_rdb_check(rdb, idx); >+ if ((rstat != srtp_err_status_ok) && >+ (rstat != srtp_err_status_replay_old)) { >+ printf("rdb_check_add_unordered failed at index %u\n", idx); >+ return rstat; >+ } >+ if (rstat == srtp_err_status_replay_old) { >+ return srtp_err_status_ok; >+ } >+ if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) { >+ printf("rdb_add_index failed at index %u\n", idx); >+ return srtp_err_status_fail; >+ } >+ >+ return srtp_err_status_ok; > } > >-srtp_err_status_t >-test_rdb_db() { >- srtp_rdb_t rdb; >- uint32_t idx, ircvd; >- ut_connection utc; >- srtp_err_status_t err; >- >- if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >- printf("rdb_init failed\n"); >- return srtp_err_status_init_fail; >- } >- >- /* test sequential insertion */ >- for (idx=0; idx < num_trials; idx++) { >- err = rdb_check_add(&rdb, idx); >- if (err) >- return err; >- } >- >- /* test for false positives */ >- for (idx=0; idx < num_trials; idx++) { >- err = rdb_check_expect_failure(&rdb, idx); >- if (err) >- return err; >- } >- >- /* re-initialize */ >- if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >- printf("rdb_init failed\n"); >- return srtp_err_status_fail; >- } >- >- /* test non-sequential insertion */ >- ut_init(&utc); >- >- for (idx=0; idx < num_trials; idx++) { >- ircvd = ut_next_index(&utc); >- err = rdb_check_add_unordered(&rdb, ircvd); >- if (err) >- return err; >- err = rdb_check_expect_failure(&rdb, ircvd); >- if (err) >- return err; >- } >- >- /* re-initialize */ >- if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >- printf("rdb_init failed\n"); >- return srtp_err_status_fail; >- } >- >- /* test insertion with large gaps */ >- for (idx=0, ircvd=0; idx < num_trials; idx++, ircvd += (1 << (rand() % 10))) { >- err = rdb_check_add(&rdb, ircvd); >- if (err) >- return err; >- err = rdb_check_expect_failure(&rdb, ircvd); >- if (err) >- return err; >- } >- >- /* re-initialize */ >- if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >- printf("rdb_init failed\n"); >- return srtp_err_status_fail; >- } >- >- /* test loss of first 513 packets */ >- for (idx=0; idx < num_trials; idx++) { >- err = rdb_check_add(&rdb, idx + 513); >- if (err) >- return err; >- } >- >- /* test for false positives */ >- for (idx=0; idx < num_trials + 513; idx++) { >- err = rdb_check_expect_failure(&rdb, idx); >- if (err) >- return err; >- } >- >- /* test for key expired */ >- if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >- printf("rdb_init failed\n"); >- return srtp_err_status_fail; >- } >- rdb.window_start = 0x7ffffffe; >- if (srtp_rdb_increment(&rdb) != srtp_err_status_ok) { >- printf("srtp_rdb_increment of 0x7ffffffe failed\n"); >- return srtp_err_status_fail; >- } >- if (srtp_rdb_get_value(&rdb) != 0x7fffffff) { >- printf("rdb valiue was not 0x7fffffff\n"); >- return srtp_err_status_fail; >- } >- if (srtp_rdb_increment(&rdb) != srtp_err_status_key_expired) { >- printf("srtp_rdb_increment of 0x7fffffff did not return srtp_err_status_key_expired\n"); >- return srtp_err_status_fail; >- } >- if (srtp_rdb_get_value(&rdb) != 0x7fffffff) { >- printf("rdb valiue was not 0x7fffffff\n"); >- return srtp_err_status_fail; >- } >- >- >- return srtp_err_status_ok; >+srtp_err_status_t test_rdb_db() >+{ >+ srtp_rdb_t rdb; >+ uint32_t idx, ircvd; >+ ut_connection utc; >+ srtp_err_status_t err; >+ >+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >+ printf("rdb_init failed\n"); >+ return srtp_err_status_init_fail; >+ } >+ >+ /* test sequential insertion */ >+ for (idx = 0; idx < num_trials; idx++) { >+ err = rdb_check_add(&rdb, idx); >+ if (err) >+ return err; >+ } >+ >+ /* test for false positives */ >+ for (idx = 0; idx < num_trials; idx++) { >+ err = rdb_check_expect_failure(&rdb, idx); >+ if (err) >+ return err; >+ } >+ >+ /* re-initialize */ >+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >+ printf("rdb_init failed\n"); >+ return srtp_err_status_fail; >+ } >+ >+ /* test non-sequential insertion */ >+ ut_init(&utc); >+ >+ for (idx = 0; idx < num_trials; idx++) { >+ ircvd = ut_next_index(&utc); >+ err = rdb_check_add_unordered(&rdb, ircvd); >+ if (err) >+ return err; >+ err = rdb_check_expect_failure(&rdb, ircvd); >+ if (err) >+ return err; >+ } >+ >+ /* re-initialize */ >+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >+ printf("rdb_init failed\n"); >+ return srtp_err_status_fail; >+ } >+ >+ /* test insertion with large gaps */ >+ for (idx = 0, ircvd = 0; idx < num_trials; >+ idx++, ircvd += (1 << (rand() % 10))) { >+ err = rdb_check_add(&rdb, ircvd); >+ if (err) >+ return err; >+ err = rdb_check_expect_failure(&rdb, ircvd); >+ if (err) >+ return err; >+ } >+ >+ /* re-initialize */ >+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >+ printf("rdb_init failed\n"); >+ return srtp_err_status_fail; >+ } >+ >+ /* test loss of first 513 packets */ >+ for (idx = 0; idx < num_trials; idx++) { >+ err = rdb_check_add(&rdb, idx + 513); >+ if (err) >+ return err; >+ } >+ >+ /* test for false positives */ >+ for (idx = 0; idx < num_trials + 513; idx++) { >+ err = rdb_check_expect_failure(&rdb, idx); >+ if (err) >+ return err; >+ } >+ >+ /* test for key expired */ >+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >+ printf("rdb_init failed\n"); >+ return srtp_err_status_fail; >+ } >+ rdb.window_start = 0x7ffffffe; >+ if (srtp_rdb_increment(&rdb) != srtp_err_status_ok) { >+ printf("srtp_rdb_increment of 0x7ffffffe failed\n"); >+ return srtp_err_status_fail; >+ } >+ if (srtp_rdb_get_value(&rdb) != 0x7fffffff) { >+ printf("rdb valiue was not 0x7fffffff\n"); >+ return srtp_err_status_fail; >+ } >+ if (srtp_rdb_increment(&rdb) != srtp_err_status_key_expired) { >+ printf("srtp_rdb_increment of 0x7fffffff did not return " >+ "srtp_err_status_key_expired\n"); >+ return srtp_err_status_fail; >+ } >+ if (srtp_rdb_get_value(&rdb) != 0x7fffffff) { >+ printf("rdb valiue was not 0x7fffffff\n"); >+ return srtp_err_status_fail; >+ } >+ >+ return srtp_err_status_ok; > } > >-#include <time.h> /* for clock() */ >-#include <stdlib.h> /* for random() */ >+#include <time.h> /* for clock() */ >+#include <stdlib.h> /* for random() */ > > #define REPLAY_NUM_TRIALS 10000000 > >-double >-rdb_check_adds_per_second(void) { >- uint32_t i; >- srtp_rdb_t rdb; >- clock_t timer; >- int failures = 0; /* count number of failures */ >- >- if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >- printf("rdb_init failed\n"); >- exit(1); >- } >- >- timer = clock(); >- for(i=0; i < REPLAY_NUM_TRIALS; i+=3) { >- if (srtp_rdb_check(&rdb, i+2) != srtp_err_status_ok) >- ++failures; >- if (srtp_rdb_add_index(&rdb, i+2) != srtp_err_status_ok) >- ++failures; >- if (srtp_rdb_check(&rdb, i+1) != srtp_err_status_ok) >- ++failures; >- if (srtp_rdb_add_index(&rdb, i+1) != srtp_err_status_ok) >- ++failures; >- if (srtp_rdb_check(&rdb, i) != srtp_err_status_ok) >- ++failures; >- if (srtp_rdb_add_index(&rdb, i) != srtp_err_status_ok) >- ++failures; >- } >- timer = clock() - timer; >- >- return (double) CLOCKS_PER_SEC * REPLAY_NUM_TRIALS / timer; >+double rdb_check_adds_per_second(void) >+{ >+ uint32_t i; >+ srtp_rdb_t rdb; >+ clock_t timer; >+ int failures = 0; /* count number of failures */ >+ >+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { >+ printf("rdb_init failed\n"); >+ exit(1); >+ } >+ >+ timer = clock(); >+ for (i = 0; i < REPLAY_NUM_TRIALS; i += 3) { >+ if (srtp_rdb_check(&rdb, i + 2) != srtp_err_status_ok) >+ ++failures; >+ if (srtp_rdb_add_index(&rdb, i + 2) != srtp_err_status_ok) >+ ++failures; >+ if (srtp_rdb_check(&rdb, i + 1) != srtp_err_status_ok) >+ ++failures; >+ if (srtp_rdb_add_index(&rdb, i + 1) != srtp_err_status_ok) >+ ++failures; >+ if (srtp_rdb_check(&rdb, i) != srtp_err_status_ok) >+ ++failures; >+ if (srtp_rdb_add_index(&rdb, i) != srtp_err_status_ok) >+ ++failures; >+ } >+ timer = clock() - timer; >+ >+ return (double)CLOCKS_PER_SEC * REPLAY_NUM_TRIALS / timer; > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/roc_driver.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/roc_driver.c >index c23113adc983626d1facee60e13e34f6e94614f9..d61ba8ef24ea22f66bb983773aa6662f47f4fb37 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/roc_driver.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/roc_driver.c >@@ -8,26 +8,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -43,9 +43,8 @@ > * > */ > >- > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > > #include <stdio.h> >@@ -55,121 +54,117 @@ > * srtp_xtd_seq_num_t - this allows the functions to be exhaustively tested. > */ > #if ROC_NEEDS_TO_BE_TESTED >-#define ROC_TEST >+#define ROC_TEST > #endif > > #include "rdbx.h" > #include "ut_sim.h" > >-srtp_err_status_t >-roc_test(int num_trials); >- >-int >-main (void) { >- srtp_err_status_t status; >- >- printf("rollover counter test driver\n" >- "David A. McGrew\n" >- "Cisco Systems, Inc.\n"); >- >- printf("testing index functions..."); >- status = roc_test(1 << 18); >- if (status) { >- printf("failed\n"); >- exit(status); >- } >- printf("passed\n"); >- return 0; >-} >+srtp_err_status_t roc_test(int num_trials); >+ >+int main(void) >+{ >+ srtp_err_status_t status; > >+ printf("rollover counter test driver\n" >+ "David A. McGrew\n" >+ "Cisco Systems, Inc.\n"); >+ >+ printf("testing index functions..."); >+ status = roc_test(1 << 18); >+ if (status) { >+ printf("failed\n"); >+ exit(status); >+ } >+ printf("passed\n"); >+ return 0; >+} > > #define ROC_VERBOSE 0 > >-srtp_err_status_t >-roc_test(int num_trials) { >- srtp_xtd_seq_num_t local, est, ref; >- ut_connection utc; >- int i, num_bad_est = 0; >- int delta; >- uint32_t ircvd; >- double failure_rate; >- >- srtp_index_init(&local); >- srtp_index_init(&ref); >- srtp_index_init(&est); >- >- printf("\n\ttesting sequential insertion..."); >- for (i=0; i < 2048; i++) { >- delta = srtp_index_guess(&local, &est, (uint16_t) ref); >+srtp_err_status_t roc_test(int num_trials) >+{ >+ srtp_xtd_seq_num_t local, est, ref; >+ ut_connection utc; >+ int i, num_bad_est = 0; >+ int delta; >+ uint32_t ircvd; >+ double failure_rate; >+ >+ srtp_index_init(&local); >+ srtp_index_init(&ref); >+ srtp_index_init(&est); >+ >+ printf("\n\ttesting sequential insertion..."); >+ for (i = 0; i < 2048; i++) { >+ delta = srtp_index_guess(&local, &est, (uint16_t)ref); > #if ROC_VERBOSE >- printf("%lld, %lld, %d\n", ref, est, i); >+ printf("%lld, %lld, %d\n", ref, est, i); > #endif >- if (ref != est) { >+ if (ref != est) { > #if ROC_VERBOSE >- printf(" *bad estimate*\n"); >+ printf(" *bad estimate*\n"); > #endif >- ++num_bad_est; >+ ++num_bad_est; >+ } >+ srtp_index_advance(&ref, 1); >+ } >+ failure_rate = (double)num_bad_est / num_trials; >+ if (failure_rate > 0.01) { >+ printf("error: failure rate too high (%d bad estimates in %d trials)\n", >+ num_bad_est, num_trials); >+ return srtp_err_status_algo_fail; > } >- srtp_index_advance(&ref, 1); >- } >- failure_rate = (double) num_bad_est / num_trials; >- if (failure_rate > 0.01) { >- printf("error: failure rate too high (%d bad estimates in %d trials)\n", >- num_bad_est, num_trials); >- return srtp_err_status_algo_fail; >- } >- printf("done\n"); >- >- >- printf("\ttesting non-sequential insertion..."); >- srtp_index_init(&local); >- srtp_index_init(&ref); >- srtp_index_init(&est); >- ut_init(&utc); >- >- for (i=0; i < num_trials; i++) { >- >- /* get next seq num from unreliable transport simulator */ >- ircvd = ut_next_index(&utc); >- >- /* set ref to value of ircvd */ >- ref = ircvd; >- >- /* estimate index based on low bits of ircvd */ >- delta = srtp_index_guess(&local, &est, (uint16_t) ref); >+ printf("done\n"); >+ >+ printf("\ttesting non-sequential insertion..."); >+ srtp_index_init(&local); >+ srtp_index_init(&ref); >+ srtp_index_init(&est); >+ ut_init(&utc); >+ >+ for (i = 0; i < num_trials; i++) { >+ /* get next seq num from unreliable transport simulator */ >+ ircvd = ut_next_index(&utc); >+ >+ /* set ref to value of ircvd */ >+ ref = ircvd; >+ >+ /* estimate index based on low bits of ircvd */ >+ delta = srtp_index_guess(&local, &est, (uint16_t)ref); > #if ROC_VERBOSE >- printf("ref: %lld, local: %lld, est: %lld, ircvd: %d, delta: %d\n", >- ref, local, est, ircvd, delta); >+ printf("ref: %lld, local: %lld, est: %lld, ircvd: %d, delta: %d\n", ref, >+ local, est, ircvd, delta); > #endif >- >- if (local + delta != est) { >- printf(" *bad delta*: local %llu + delta %d != est %llu\n", >- (unsigned long long)local, delta, (unsigned long long)est); >- return srtp_err_status_algo_fail; >- } > >- /* now update local srtp_xtd_seq_num_t as necessary */ >- if (delta > 0) >- srtp_index_advance(&local, delta); >+ if (local + delta != est) { >+ printf(" *bad delta*: local %llu + delta %d != est %llu\n", >+ (unsigned long long)local, delta, (unsigned long long)est); >+ return srtp_err_status_algo_fail; >+ } >+ >+ /* now update local srtp_xtd_seq_num_t as necessary */ >+ if (delta > 0) >+ srtp_index_advance(&local, delta); > >- if (ref != est) { >+ if (ref != est) { > #if ROC_VERBOSE >- printf(" *bad estimate*\n"); >+ printf(" *bad estimate*\n"); > #endif >- /* record failure event */ >- ++num_bad_est; >- >- /* reset local value to correct value */ >- local = ref; >+ /* record failure event */ >+ ++num_bad_est; >+ >+ /* reset local value to correct value */ >+ local = ref; >+ } > } >- } >- failure_rate = (double) num_bad_est / num_trials; >- if (failure_rate > 0.01) { >- printf("error: failure rate too high (%d bad estimates in %d trials)\n", >- num_bad_est, num_trials); >- return srtp_err_status_algo_fail; >- } >- printf("done\n"); >- >- return srtp_err_status_ok; >+ failure_rate = (double)num_bad_est / num_trials; >+ if (failure_rate > 0.01) { >+ printf("error: failure rate too high (%d bad estimates in %d trials)\n", >+ num_bad_est, num_trials); >+ return srtp_err_status_algo_fail; >+ } >+ printf("done\n"); >+ >+ return srtp_err_status_ok; > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtp.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtp.c >index 74cb9021796d5cf9ffd887824a7c39f0a3306b9e..f60a9b11b28850e6025800dc9583caaa4108648c 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtp.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtp.c >@@ -8,26 +8,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -50,178 +50,178 @@ > > #include <sys/types.h> > #ifdef HAVE_SYS_SOCKET_H >-# include <sys/socket.h> >+#include <sys/socket.h> > #endif > >-#define PRINT_DEBUG 0 /* set to 1 to print out debugging data */ >-#define VERBOSE_DEBUG 0 /* set to 1 to print out more data */ >- >-int >-rtp_sendto(rtp_sender_t sender, const void* msg, int len) { >- int octets_sent; >- srtp_err_status_t stat; >- int pkt_len = len + RTP_HEADER_LEN; >- >- /* marshal data */ >- strncpy(sender->message.body, msg, len); >- >- /* update header */ >- sender->message.header.seq = ntohs(sender->message.header.seq) + 1; >- sender->message.header.seq = htons(sender->message.header.seq); >- sender->message.header.ts = ntohl(sender->message.header.ts) + 1; >- sender->message.header.ts = htonl(sender->message.header.ts); >- >- /* apply srtp */ >- stat = srtp_protect(sender->srtp_ctx, &sender->message.header, &pkt_len); >- if (stat) { >+#define PRINT_DEBUG 0 /* set to 1 to print out debugging data */ >+#define VERBOSE_DEBUG 0 /* set to 1 to print out more data */ >+ >+int rtp_sendto(rtp_sender_t sender, const void *msg, int len) >+{ >+ int octets_sent; >+ srtp_err_status_t stat; >+ int pkt_len = len + RTP_HEADER_LEN; >+ >+ /* marshal data */ >+ strncpy(sender->message.body, msg, len); >+ >+ /* update header */ >+ sender->message.header.seq = ntohs(sender->message.header.seq) + 1; >+ sender->message.header.seq = htons(sender->message.header.seq); >+ sender->message.header.ts = ntohl(sender->message.header.ts) + 1; >+ sender->message.header.ts = htonl(sender->message.header.ts); >+ >+ /* apply srtp */ >+ stat = srtp_protect(sender->srtp_ctx, &sender->message.header, &pkt_len); >+ if (stat) { > #if PRINT_DEBUG >- fprintf(stderr, "error: srtp protection failed with code %d\n", stat); >+ fprintf(stderr, "error: srtp protection failed with code %d\n", stat); > #endif >- return -1; >- } >+ return -1; >+ } > #if VERBOSE_DEBUG >- srtp_print_packet(&sender->message.header, pkt_len); >+ srtp_print_packet(&sender->message.header, pkt_len); > #endif >- octets_sent = sendto(sender->socket, (void*)&sender->message, >- pkt_len, 0, (struct sockaddr *)&sender->addr, >- sizeof (struct sockaddr_in)); >+ octets_sent = >+ sendto(sender->socket, (void *)&sender->message, pkt_len, 0, >+ (struct sockaddr *)&sender->addr, sizeof(struct sockaddr_in)); > >- if (octets_sent != pkt_len) { >+ if (octets_sent != pkt_len) { > #if PRINT_DEBUG >- fprintf(stderr, "error: couldn't send message %s", (char *)msg); >- perror(""); >+ fprintf(stderr, "error: couldn't send message %s", (char *)msg); >+ perror(""); > #endif >- } >+ } > >- return octets_sent; >+ return octets_sent; > } > >-int >-rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len) { >- int octets_recvd; >- srtp_err_status_t stat; >- >- octets_recvd = recvfrom(receiver->socket, (void *)&receiver->message, >- *len, 0, (struct sockaddr *) NULL, 0); >- >- if (octets_recvd == -1) { >- *len = 0; >- return -1; >- } >- >- /* verify rtp header */ >- if (receiver->message.header.version != 2) { >- *len = 0; >- return -1; >- } >+int rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len) >+{ >+ int octets_recvd; >+ srtp_err_status_t stat; >+ >+ octets_recvd = recvfrom(receiver->socket, (void *)&receiver->message, *len, >+ 0, (struct sockaddr *)NULL, 0); >+ >+ if (octets_recvd == -1) { >+ *len = 0; >+ return -1; >+ } >+ >+ /* verify rtp header */ >+ if (receiver->message.header.version != 2) { >+ *len = 0; >+ return -1; >+ } > > #if PRINT_DEBUG >- fprintf(stderr, "%d octets received from SSRC %u\n", >- octets_recvd, receiver->message.header.ssrc); >+ fprintf(stderr, "%d octets received from SSRC %u\n", octets_recvd, >+ receiver->message.header.ssrc); > #endif > #if VERBOSE_DEBUG >- srtp_print_packet(&receiver->message.header, octets_recvd); >+ srtp_print_packet(&receiver->message.header, octets_recvd); > #endif > >- /* apply srtp */ >- stat = srtp_unprotect(receiver->srtp_ctx, >- &receiver->message.header, &octets_recvd); >- if (stat) { >- fprintf(stderr, >- "error: srtp unprotection failed with code %d%s\n", stat, >- stat == srtp_err_status_replay_fail ? " (replay check failed)" : >- stat == srtp_err_status_auth_fail ? " (auth check failed)" : ""); >- return -1; >- } >- strncpy(msg, receiver->message.body, octets_recvd); >- >- return octets_recvd; >+ /* apply srtp */ >+ stat = srtp_unprotect(receiver->srtp_ctx, &receiver->message.header, >+ &octets_recvd); >+ if (stat) { >+ fprintf(stderr, "error: srtp unprotection failed with code %d%s\n", >+ stat, >+ stat == srtp_err_status_replay_fail >+ ? " (replay check failed)" >+ : stat == srtp_err_status_auth_fail ? " (auth check failed)" >+ : ""); >+ return -1; >+ } >+ strncpy(msg, receiver->message.body, octets_recvd); >+ >+ return octets_recvd; > } > >-int >-rtp_sender_init(rtp_sender_t sender, >- int sock, >- struct sockaddr_in addr, >- unsigned int ssrc) { >- >- /* set header values */ >- sender->message.header.ssrc = htonl(ssrc); >- sender->message.header.ts = 0; >- sender->message.header.seq = (uint16_t) rand(); >- sender->message.header.m = 0; >- sender->message.header.pt = 0x1; >- sender->message.header.version = 2; >- sender->message.header.p = 0; >- sender->message.header.x = 0; >- sender->message.header.cc = 0; >- >- /* set other stuff */ >- sender->socket = sock; >- sender->addr = addr; >- >- return 0; >+int rtp_sender_init(rtp_sender_t sender, >+ int sock, >+ struct sockaddr_in addr, >+ unsigned int ssrc) >+{ >+ /* set header values */ >+ sender->message.header.ssrc = htonl(ssrc); >+ sender->message.header.ts = 0; >+ sender->message.header.seq = (uint16_t)rand(); >+ sender->message.header.m = 0; >+ sender->message.header.pt = 0x1; >+ sender->message.header.version = 2; >+ sender->message.header.p = 0; >+ sender->message.header.x = 0; >+ sender->message.header.cc = 0; >+ >+ /* set other stuff */ >+ sender->socket = sock; >+ sender->addr = addr; >+ >+ return 0; > } > >-int >-rtp_receiver_init(rtp_receiver_t rcvr, >- int sock, >- struct sockaddr_in addr, >- unsigned int ssrc) { >- >- /* set header values */ >- rcvr->message.header.ssrc = htonl(ssrc); >- rcvr->message.header.ts = 0; >- rcvr->message.header.seq = 0; >- rcvr->message.header.m = 0; >- rcvr->message.header.pt = 0x1; >- rcvr->message.header.version = 2; >- rcvr->message.header.p = 0; >- rcvr->message.header.x = 0; >- rcvr->message.header.cc = 0; >- >- /* set other stuff */ >- rcvr->socket = sock; >- rcvr->addr = addr; >- >- return 0; >+int rtp_receiver_init(rtp_receiver_t rcvr, >+ int sock, >+ struct sockaddr_in addr, >+ unsigned int ssrc) >+{ >+ /* set header values */ >+ rcvr->message.header.ssrc = htonl(ssrc); >+ rcvr->message.header.ts = 0; >+ rcvr->message.header.seq = 0; >+ rcvr->message.header.m = 0; >+ rcvr->message.header.pt = 0x1; >+ rcvr->message.header.version = 2; >+ rcvr->message.header.p = 0; >+ rcvr->message.header.x = 0; >+ rcvr->message.header.cc = 0; >+ >+ /* set other stuff */ >+ rcvr->socket = sock; >+ rcvr->addr = addr; >+ >+ return 0; > } > >-int >-rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy) { >- return srtp_create(&sender->srtp_ctx, policy); >+int rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy) >+{ >+ return srtp_create(&sender->srtp_ctx, policy); > } > >-int >-rtp_sender_deinit_srtp(rtp_sender_t sender) { >- return srtp_dealloc(sender->srtp_ctx); >+int rtp_sender_deinit_srtp(rtp_sender_t sender) >+{ >+ return srtp_dealloc(sender->srtp_ctx); > } > >-int >-rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy) { >- return srtp_create(&sender->srtp_ctx, policy); >+int rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy) >+{ >+ return srtp_create(&sender->srtp_ctx, policy); > } > >-int >-rtp_receiver_deinit_srtp(rtp_receiver_t sender) { >- return srtp_dealloc(sender->srtp_ctx); >+int rtp_receiver_deinit_srtp(rtp_receiver_t sender) >+{ >+ return srtp_dealloc(sender->srtp_ctx); > } > >-rtp_sender_t >-rtp_sender_alloc(void) { >- return (rtp_sender_t)malloc(sizeof(rtp_sender_ctx_t)); >+rtp_sender_t rtp_sender_alloc(void) >+{ >+ return (rtp_sender_t)malloc(sizeof(rtp_sender_ctx_t)); > } > >-void >-rtp_sender_dealloc(rtp_sender_t rtp_ctx) { >- free(rtp_ctx); >+void rtp_sender_dealloc(rtp_sender_t rtp_ctx) >+{ >+ free(rtp_ctx); > } > >-rtp_receiver_t >-rtp_receiver_alloc(void) { >- return (rtp_receiver_t)malloc(sizeof(rtp_receiver_ctx_t)); >+rtp_receiver_t rtp_receiver_alloc(void) >+{ >+ return (rtp_receiver_t)malloc(sizeof(rtp_receiver_ctx_t)); > } > >-void >-rtp_receiver_dealloc(rtp_receiver_t rtp_ctx) { >- free(rtp_ctx); >+void rtp_receiver_dealloc(rtp_receiver_t rtp_ctx) >+{ >+ free(rtp_ctx); > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtp.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtp.h >index d010508de32fdd8acaef01f8ca7fa569d26430d2..37921a665c0a3165d98b5ee9fde57db247826d2a 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtp.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtp.h >@@ -1,6 +1,6 @@ > /* > * rtp.h >- * >+ * > * rtp interface for srtp reference implementation > * > * David A. McGrew >@@ -15,26 +15,26 @@ > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -50,14 +50,13 @@ > * > */ > >- > #ifndef SRTP_RTP_H > #define SRTP_RTP_H > > #ifdef HAVE_NETINET_IN_H >-# include <netinet/in.h> >+#include <netinet/in.h> > #elif defined HAVE_WINSOCK2_H >-# include <winsock2.h> >+#include <winsock2.h> > #endif > > #include "srtp_priv.h" >@@ -69,98 +68,85 @@ extern "C" { > /* > * RTP_HEADER_LEN indicates the size of an RTP header > */ >-#define RTP_HEADER_LEN 12 >+#define RTP_HEADER_LEN 12 > >-/* >+/* > * RTP_MAX_BUF_LEN defines the largest RTP packet in the rtp.c implementation > */ >-#define RTP_MAX_BUF_LEN 16384 >- >+#define RTP_MAX_BUF_LEN 16384 > > typedef srtp_hdr_t rtp_hdr_t; > > typedef struct { >- srtp_hdr_t header; >- char body[RTP_MAX_BUF_LEN]; >+ srtp_hdr_t header; >+ char body[RTP_MAX_BUF_LEN]; > } rtp_msg_t; > > typedef struct rtp_sender_ctx_t { >- rtp_msg_t message; >- int socket; >- srtp_ctx_t *srtp_ctx; >- struct sockaddr_in addr; /* reciever's address */ >+ rtp_msg_t message; >+ int socket; >+ srtp_ctx_t *srtp_ctx; >+ struct sockaddr_in addr; /* reciever's address */ > } rtp_sender_ctx_t; > > typedef struct rtp_receiver_ctx_t { >- rtp_msg_t message; >- int socket; >- srtp_ctx_t *srtp_ctx; >- struct sockaddr_in addr; /* receiver's address */ >+ rtp_msg_t message; >+ int socket; >+ srtp_ctx_t *srtp_ctx; >+ struct sockaddr_in addr; /* receiver's address */ > } rtp_receiver_ctx_t; > >- > typedef struct rtp_sender_ctx_t *rtp_sender_t; > > typedef struct rtp_receiver_ctx_t *rtp_receiver_t; > >-int >-rtp_sendto(rtp_sender_t sender, const void* msg, int len); >+int rtp_sendto(rtp_sender_t sender, const void *msg, int len); > >-int >-rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len); >+int rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len); > >-int >-rtp_receiver_init(rtp_receiver_t rcvr, int sock, >- struct sockaddr_in addr, unsigned int ssrc); >+int rtp_receiver_init(rtp_receiver_t rcvr, >+ int sock, >+ struct sockaddr_in addr, >+ unsigned int ssrc); > >-int >-rtp_sender_init(rtp_sender_t sender, int sock, >- struct sockaddr_in addr, unsigned int ssrc); >+int rtp_sender_init(rtp_sender_t sender, >+ int sock, >+ struct sockaddr_in addr, >+ unsigned int ssrc); > > /* > * srtp_sender_init(...) initializes an rtp_sender_t > */ > >-int >-srtp_sender_init(rtp_sender_t rtp_ctx, /* structure to be init'ed */ >- struct sockaddr_in name, /* socket name */ >- srtp_sec_serv_t security_services, /* sec. servs. to be used */ >- unsigned char *input_key /* master key/salt in hex */ >- ); >- >-int >-srtp_receiver_init(rtp_receiver_t rtp_ctx, /* structure to be init'ed */ >- struct sockaddr_in name, /* socket name */ >- srtp_sec_serv_t security_services, /* sec. servs. to be used */ >- unsigned char *input_key /* master key/salt in hex */ >- ); >- >- >-int >-rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy); >+int srtp_sender_init( >+ rtp_sender_t rtp_ctx, /* structure to be init'ed */ >+ struct sockaddr_in name, /* socket name */ >+ srtp_sec_serv_t security_services, /* sec. servs. to be used */ >+ unsigned char *input_key /* master key/salt in hex */ >+ ); > >-int >-rtp_sender_deinit_srtp(rtp_sender_t sender); >+int srtp_receiver_init( >+ rtp_receiver_t rtp_ctx, /* structure to be init'ed */ >+ struct sockaddr_in name, /* socket name */ >+ srtp_sec_serv_t security_services, /* sec. servs. to be used */ >+ unsigned char *input_key /* master key/salt in hex */ >+ ); > >-int >-rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy); >+int rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy); > >-int >-rtp_receiver_deinit_srtp(rtp_receiver_t sender); >+int rtp_sender_deinit_srtp(rtp_sender_t sender); > >+int rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy); > >-rtp_sender_t >-rtp_sender_alloc(void); >+int rtp_receiver_deinit_srtp(rtp_receiver_t sender); > >-void >-rtp_sender_dealloc(rtp_sender_t rtp_ctx); >+rtp_sender_t rtp_sender_alloc(void); > >-rtp_receiver_t >-rtp_receiver_alloc(void); >+void rtp_sender_dealloc(rtp_sender_t rtp_ctx); > >-void >-rtp_receiver_dealloc(rtp_receiver_t rtp_ctx); >+rtp_receiver_t rtp_receiver_alloc(void); > >+void rtp_receiver_dealloc(rtp_receiver_t rtp_ctx); > > #ifdef __cplusplus > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtpw.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtpw.c >index 3b7ac6700b20ebad100d818e18050244bbfc91b4..6e7416c7f524d86e689a4fc80f210d86c8e237ce 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtpw.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/rtpw.c >@@ -8,33 +8,33 @@ > * > * This app is a simple RTP application intended only for testing > * libsrtp. It reads one word at a time from words.txt (or >- * whatever file is specified as DICT_FILE), and sends one word out >+ * whatever file is specified as DICT_FILE or with -w), and sends one word out > * each USEC_RATE microseconds. Secure RTP protections can be > * applied. See the usage() function for more details. > * > */ > > /* >- * >+ * > * Copyright (c) 2001-2017, Cisco Systems, Inc. > * All rights reserved. >- * >+ * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: >- * >+ * > * Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. >- * >+ * > * Redistributions in binary form must reproduce the above > * copyright notice, this list of conditions and the following > * disclaimer in the documentation and/or other materials provided > * with the distribution. >- * >+ * > * Neither the name of the Cisco Systems, Inc. nor the names of its > * contributors may be used to endorse or promote products derived > * from this software without specific prior written permission. >- * >+ * > * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >@@ -50,82 +50,76 @@ > * > */ > >- > #ifdef HAVE_CONFIG_H >- #include <config.h> >+#include <config.h> > #endif > >-#include "getopt_s.h" /* for local getopt() */ >+#include "getopt_s.h" /* for local getopt() */ > >-#include <stdio.h> /* for printf, fprintf */ >-#include <stdlib.h> /* for atoi() */ >+#include <stdio.h> /* for printf, fprintf */ >+#include <stdlib.h> /* for atoi() */ > #include <errno.h> >-#include <signal.h> /* for signal() */ >+#include <signal.h> /* for signal() */ > >-#include <string.h> /* for strncpy() */ >-#include <time.h> /* for usleep() */ >+#include <string.h> /* for strncpy() */ >+#include <time.h> /* for usleep() */ > > #ifdef HAVE_UNISTD_H >-#include <unistd.h> /* for close() */ >+#include <unistd.h> /* for close() */ > #elif defined(_MSC_VER) >-#include <io.h> /* for _close() */ >+#include <io.h> /* for _close() */ > #define close _close > #endif > #ifdef HAVE_SYS_SOCKET_H >-# include <sys/socket.h> >+#include <sys/socket.h> > #endif > #ifdef HAVE_NETINET_IN_H >-# include <netinet/in.h> >+#include <netinet/in.h> > #elif defined HAVE_WINSOCK2_H >-# include <winsock2.h> >-# include <ws2tcpip.h> >-# define RTPW_USE_WINSOCK2 1 >+#include <winsock2.h> >+#include <ws2tcpip.h> >+#define RTPW_USE_WINSOCK2 1 > #endif > #ifdef HAVE_ARPA_INET_H >-# include <arpa/inet.h> >+#include <arpa/inet.h> > #endif > >-#include "srtp.h" >+#include "srtp.h" > #include "rtp.h" > #include "util.h" > >-#define DICT_FILE "words.txt" >-#define USEC_RATE (5e5) >-#define MAX_WORD_LEN 128 >+#define DICT_FILE "words.txt" >+#define USEC_RATE (5e5) >+#define MAX_WORD_LEN 128 > #define ADDR_IS_MULTICAST(a) IN_MULTICAST(htonl(a)) >-#define MAX_KEY_LEN 96 >- >+#define MAX_KEY_LEN 96 > > #ifndef HAVE_USLEEP >-# ifdef HAVE_WINDOWS_H >-# define usleep(us) Sleep((us)/1000) >-# else >-# define usleep(us) sleep((us)/1000000) >-# endif >+#ifdef HAVE_WINDOWS_H >+#define usleep(us) Sleep((us) / 1000) >+#else >+#define usleep(us) sleep((us) / 1000000) >+#endif > #endif >- > > /* > * the function usage() prints an error message describing how this > * program should be called, then calls exit() > */ > >-void >-usage(char *prog_name); >+void usage(char *prog_name); > > /* > * leave_group(...) de-registers from a multicast group > */ > >-void >-leave_group(int sock, struct ip_mreq mreq, char *name); >- >+void leave_group(int sock, struct ip_mreq mreq, char *name); > > /* > * setup_signal_handler() sets up a signal handler to trigger > * cleanups after an interrupt > */ >-int setup_signal_handler(char* name); >+int setup_signal_handler(char *name); > > /* > * handle_signal(...) handles interrupt signal to trigger cleanups >@@ -139,561 +133,568 @@ volatile int interrupted = 0; > > typedef enum { sender, receiver, unknown } program_type; > >-int >-main (int argc, char *argv[]) { >- char *dictfile = DICT_FILE; >- FILE *dict; >- char word[MAX_WORD_LEN]; >- int sock, ret; >- struct in_addr rcvr_addr; >- struct sockaddr_in name; >- struct ip_mreq mreq; >+int main(int argc, char *argv[]) >+{ >+ char *dictfile = DICT_FILE; >+ FILE *dict; >+ char word[MAX_WORD_LEN]; >+ int sock, ret; >+ struct in_addr rcvr_addr; >+ struct sockaddr_in name; >+ struct ip_mreq mreq; > #if BEW >- struct sockaddr_in local; >-#endif >- program_type prog_type = unknown; >- srtp_sec_serv_t sec_servs = sec_serv_none; >- unsigned char ttl = 5; >- int c; >- int key_size = 128; >- int tag_size = 8; >- int gcm_on = 0; >- char *input_key = NULL; >- int b64_input = 0; >- char *address = NULL; >- char key[MAX_KEY_LEN]; >- unsigned short port = 0; >- rtp_sender_t snd; >- srtp_policy_t policy; >- srtp_err_status_t status; >- int len; >- int expected_len; >- int do_list_mods = 0; >- uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */ >+ struct sockaddr_in local; >+#endif >+ program_type prog_type = unknown; >+ srtp_sec_serv_t sec_servs = sec_serv_none; >+ unsigned char ttl = 5; >+ int c; >+ int key_size = 128; >+ int tag_size = 8; >+ int gcm_on = 0; >+ char *input_key = NULL; >+ int b64_input = 0; >+ char *address = NULL; >+ char key[MAX_KEY_LEN]; >+ unsigned short port = 0; >+ rtp_sender_t snd; >+ srtp_policy_t policy; >+ srtp_err_status_t status; >+ int len; >+ int expected_len; >+ int do_list_mods = 0; >+ uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */ > #ifdef RTPW_USE_WINSOCK2 >- WORD wVersionRequested = MAKEWORD(2, 0); >- WSADATA wsaData; >+ WORD wVersionRequested = MAKEWORD(2, 0); >+ WSADATA wsaData; > >- ret = WSAStartup(wVersionRequested, &wsaData); >- if (ret != 0) { >- fprintf(stderr, "error: WSAStartup() failed: %d\n", ret); >- exit(1); >- } >+ ret = WSAStartup(wVersionRequested, &wsaData); >+ if (ret != 0) { >+ fprintf(stderr, "error: WSAStartup() failed: %d\n", ret); >+ exit(1); >+ } > #endif > >- memset(&policy, 0x0, sizeof(srtp_policy_t)); >+ memset(&policy, 0x0, sizeof(srtp_policy_t)); > >- printf("Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version()); >+ printf("Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version()); > >- if (setup_signal_handler(argv[0]) != 0) { >- exit(1); >- } >+ if (setup_signal_handler(argv[0]) != 0) { >+ exit(1); >+ } > >- /* initialize srtp library */ >- status = srtp_init(); >- if (status) { >- printf("error: srtp initialization failed with error code %d\n", status); >- exit(1); >- } >+ /* initialize srtp library */ >+ status = srtp_init(); >+ if (status) { >+ printf("error: srtp initialization failed with error code %d\n", >+ status); >+ exit(1); >+ } >+ >+ /* check args */ >+ while (1) { >+ c = getopt_s(argc, argv, "b:k:rsgt:ae:ld:w:"); >+ if (c == -1) { >+ break; >+ } >+ switch (c) { >+ case 'b': >+ b64_input = 1; >+ /* fall thru */ >+ case 'k': >+ input_key = optarg_s; >+ break; >+ case 'e': >+ key_size = atoi(optarg_s); >+ if (key_size != 128 && key_size != 256) { >+ printf("error: encryption key size must be 128 or 256 (%d)\n", >+ key_size); >+ exit(1); >+ } >+ sec_servs |= sec_serv_conf; >+ break; >+ case 't': >+ tag_size = atoi(optarg_s); >+ if (tag_size != 8 && tag_size != 16) { >+ printf("error: GCM tag size must be 8 or 16 (%d)\n", tag_size); >+ exit(1); >+ } >+ break; >+ case 'a': >+ sec_servs |= sec_serv_auth; >+ break; >+ case 'g': >+ gcm_on = 1; >+ sec_servs |= sec_serv_auth; >+ break; >+ case 'r': >+ prog_type = receiver; >+ break; >+ case 's': >+ prog_type = sender; >+ break; >+ case 'd': >+ status = srtp_set_debug_module(optarg_s, 1); >+ if (status) { >+ printf("error: set debug module (%s) failed\n", optarg_s); >+ exit(1); >+ } >+ break; >+ case 'l': >+ do_list_mods = 1; >+ break; >+ case 'w': >+ dictfile = optarg_s; >+ break; >+ default: >+ usage(argv[0]); >+ } >+ } > >- /* check args */ >- while (1) { >- c = getopt_s(argc, argv, "b:k:rsgt:ae:ld:"); >- if (c == -1) { >- break; >+ if (prog_type == unknown) { >+ if (do_list_mods) { >+ status = srtp_list_debug_modules(); >+ if (status) { >+ printf("error: list of debug modules failed\n"); >+ exit(1); >+ } >+ return 0; >+ } else { >+ printf("error: neither sender [-s] nor receiver [-r] specified\n"); >+ usage(argv[0]); >+ } > } >- switch (c) { >- case 'b': >- b64_input = 1; >- /* fall thru */ >- case 'k': >- input_key = optarg_s; >- break; >- case 'e': >- key_size = atoi(optarg_s); >- if (key_size != 128 && key_size != 256) { >- printf("error: encryption key size must be 128 or 256 (%d)\n", key_size); >- exit(1); >- } >- sec_servs |= sec_serv_conf; >- break; >- case 't': >- tag_size = atoi(optarg_s); >- if (tag_size != 8 && tag_size != 16) { >- printf("error: GCM tag size must be 8 or 16 (%d)\n", tag_size); >- exit(1); >- } >- break; >- case 'a': >- sec_servs |= sec_serv_auth; >- break; >- case 'g': >- gcm_on = 1; >- sec_servs |= sec_serv_auth; >- break; >- case 'r': >- prog_type = receiver; >- break; >- case 's': >- prog_type = sender; >- break; >- case 'd': >- status = srtp_set_debug_module(optarg_s, 1); >- if (status) { >- printf("error: set debug module (%s) failed\n", optarg_s); >- exit(1); >- } >- break; >- case 'l': >- do_list_mods = 1; >- break; >- default: >- usage(argv[0]); >+ >+ if ((sec_servs && !input_key) || (!sec_servs && input_key)) { >+ /* >+ * a key must be provided if and only if security services have >+ * been requested >+ */ >+ usage(argv[0]); > } >- } >- >- if (prog_type == unknown) { >- if (do_list_mods) { >- status = srtp_list_debug_modules(); >- if (status) { >- printf("error: list of debug modules failed\n"); >- exit(1); >- } >- return 0; >- } else { >- printf("error: neither sender [-s] nor receiver [-r] specified\n"); >- usage(argv[0]); >+ >+ if (argc != optind_s + 2) { >+ /* wrong number of arguments */ >+ usage(argv[0]); > } >- } >- >- if ((sec_servs && !input_key) || (!sec_servs && input_key)) { >- /* >- * a key must be provided if and only if security services have >- * been requested >- */ >- usage(argv[0]); >- } >- >- if (argc != optind_s + 2) { >- /* wrong number of arguments */ >- usage(argv[0]); >- } >- >- /* get address from arg */ >- address = argv[optind_s++]; >- >- /* get port from arg */ >- port = atoi(argv[optind_s++]); >- >- /* set address */ >+ >+ /* get address from arg */ >+ address = argv[optind_s++]; >+ >+ /* get port from arg */ >+ port = atoi(argv[optind_s++]); >+ >+/* set address */ > #ifdef HAVE_INET_ATON >- if (0 == inet_aton(address, &rcvr_addr)) { >- fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address); >- exit(1); >- } >- if (rcvr_addr.s_addr == INADDR_NONE) { >- fprintf(stderr, "%s: address error", argv[0]); >- exit(1); >- } >+ if (0 == inet_aton(address, &rcvr_addr)) { >+ fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], >+ address); >+ exit(1); >+ } >+ if (rcvr_addr.s_addr == INADDR_NONE) { >+ fprintf(stderr, "%s: address error", argv[0]); >+ exit(1); >+ } > #else >- rcvr_addr.s_addr = inet_addr(address); >- if (0xffffffff == rcvr_addr.s_addr) { >- fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address); >- exit(1); >- } >+ rcvr_addr.s_addr = inet_addr(address); >+ if (0xffffffff == rcvr_addr.s_addr) { >+ fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], >+ address); >+ exit(1); >+ } > #endif > >- /* open socket */ >- sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); >- if (sock < 0) { >- int err; >+ /* open socket */ >+ sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); >+ if (sock < 0) { >+ int err; > #ifdef RTPW_USE_WINSOCK2 >- err = WSAGetLastError(); >+ err = WSAGetLastError(); > #else >- err = errno; >+ err = errno; > #endif >- fprintf(stderr, "%s: couldn't open socket: %d\n", argv[0], err); >- exit(1); >- } >- >- name.sin_addr = rcvr_addr; >- name.sin_family = PF_INET; >- name.sin_port = htons(port); >- >- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { >- if (prog_type == sender) { >- ret = setsockopt(sock, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, >- sizeof(ttl)); >- if (ret < 0) { >- fprintf(stderr, "%s: Failed to set TTL for multicast group", argv[0]); >- perror(""); >- exit(1); >- } >+ fprintf(stderr, "%s: couldn't open socket: %d\n", argv[0], err); >+ exit(1); > } > >- mreq.imr_multiaddr.s_addr = rcvr_addr.s_addr; >- mreq.imr_interface.s_addr = htonl(INADDR_ANY); >- ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, (void*)&mreq, >- sizeof(mreq)); >- if (ret < 0) { >- fprintf(stderr, "%s: Failed to join multicast group", argv[0]); >- perror(""); >- exit(1); >+ name.sin_addr = rcvr_addr; >+ name.sin_family = PF_INET; >+ name.sin_port = htons(port); >+ >+ if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { >+ if (prog_type == sender) { >+ ret = setsockopt(sock, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, >+ sizeof(ttl)); >+ if (ret < 0) { >+ fprintf(stderr, "%s: Failed to set TTL for multicast group", >+ argv[0]); >+ perror(""); >+ exit(1); >+ } >+ } >+ >+ mreq.imr_multiaddr.s_addr = rcvr_addr.s_addr; >+ mreq.imr_interface.s_addr = htonl(INADDR_ANY); >+ ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, (void *)&mreq, >+ sizeof(mreq)); >+ if (ret < 0) { >+ fprintf(stderr, "%s: Failed to join multicast group", argv[0]); >+ perror(""); >+ exit(1); >+ } > } >- } >- >- /* report security services selected on the command line */ >- printf("security services: "); >- if (sec_servs & sec_serv_conf) >- printf("confidentiality "); >- if (sec_servs & sec_serv_auth) >- printf("message authentication"); >- if (sec_servs == sec_serv_none) >- printf("none"); >- printf("\n"); >- >- /* set up the srtp policy and master key */ >- if (sec_servs) { >- /* >- * create policy structure, using the default mechanisms but >- * with only the security services requested on the command line, >- * using the right SSRC value >- */ >- switch (sec_servs) { >- case sec_serv_conf_and_auth: >- if (gcm_on) { >+ >+ /* report security services selected on the command line */ >+ printf("security services: "); >+ if (sec_servs & sec_serv_conf) >+ printf("confidentiality "); >+ if (sec_servs & sec_serv_auth) >+ printf("message authentication"); >+ if (sec_servs == sec_serv_none) >+ printf("none"); >+ printf("\n"); >+ >+ /* set up the srtp policy and master key */ >+ if (sec_servs) { >+ /* >+ * create policy structure, using the default mechanisms but >+ * with only the security services requested on the command line, >+ * using the right SSRC value >+ */ >+ switch (sec_servs) { >+ case sec_serv_conf_and_auth: >+ if (gcm_on) { > #ifdef OPENSSL >- switch (key_size) { >- case 128: >- srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); >- srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); >- break; >- case 256: >- srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp); >- srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp); >- break; >- } >+ switch (key_size) { >+ case 128: >+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); >+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); >+ break; >+ case 256: >+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp); >+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp); >+ break; >+ } > #else >- printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n"); >- return 0; >+ printf("error: GCM mode only supported when using the OpenSSL " >+ "crypto engine.\n"); >+ return 0; > #endif >- } else { >- switch (key_size) { >- case 128: >- srtp_crypto_policy_set_rtp_default(&policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- break; >- case 256: >- srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- break; >- } >- } >- break; >- case sec_serv_conf: >- if (gcm_on) { >- printf("error: GCM mode must always be used with auth enabled\n"); >- return -1; >- } else { >- switch (key_size) { >- case 128: >- srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- break; >- case 256: >- srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- break; >- } >- } >- break; >- case sec_serv_auth: >- if (gcm_on) { >+ } else { >+ switch (key_size) { >+ case 128: >+ srtp_crypto_policy_set_rtp_default(&policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >+ break; >+ case 256: >+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >+ break; >+ } >+ } >+ break; >+ case sec_serv_conf: >+ if (gcm_on) { >+ printf( >+ "error: GCM mode must always be used with auth enabled\n"); >+ return -1; >+ } else { >+ switch (key_size) { >+ case 128: >+ srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >+ break; >+ case 256: >+ srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >+ break; >+ } >+ } >+ break; >+ case sec_serv_auth: >+ if (gcm_on) { > #ifdef OPENSSL >- switch (key_size) { >- case 128: >- srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp); >- srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp); >- break; >- case 256: >- srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp); >- srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp); >- break; >- } >+ switch (key_size) { >+ case 128: >+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp); >+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth( >+ &policy.rtcp); >+ break; >+ case 256: >+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp); >+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth( >+ &policy.rtcp); >+ break; >+ } > #else >- printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n"); >- return 0; >+ printf("error: GCM mode only supported when using the OpenSSL " >+ "crypto engine.\n"); >+ return 0; > #endif >- } else { >- srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- } >- break; >- default: >- printf("error: unknown security service requested\n"); >- return -1; >- } >- policy.ssrc.type = ssrc_specific; >- policy.ssrc.value = ssrc; >- policy.key = (uint8_t *)key; >- policy.ekt = NULL; >- policy.next = NULL; >- policy.window_size = 128; >- policy.allow_repeat_tx = 0; >- policy.rtp.sec_serv = sec_servs; >- policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */ >- >- if (gcm_on && tag_size != 8) { >- policy.rtp.auth_tag_len = tag_size; >- } >+ } else { >+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >+ } >+ break; >+ default: >+ printf("error: unknown security service requested\n"); >+ return -1; >+ } >+ policy.ssrc.type = ssrc_specific; >+ policy.ssrc.value = ssrc; >+ policy.key = (uint8_t *)key; >+ policy.ekt = NULL; >+ policy.next = NULL; >+ policy.window_size = 128; >+ policy.allow_repeat_tx = 0; >+ policy.rtp.sec_serv = sec_servs; >+ policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */ >+ >+ if (gcm_on && tag_size != 8) { >+ policy.rtp.auth_tag_len = tag_size; >+ } > >- /* >- * read key from hexadecimal or base64 on command line into an octet string >- */ >- if (b64_input) { >- int pad; >- expected_len = (policy.rtp.cipher_key_len*4)/3; >- len = base64_string_to_octet_string(key, &pad, input_key, expected_len); >- if (pad != 0) { >- fprintf(stderr, "error: padding in base64 unexpected\n"); >- exit(1); >+ /* >+ * read key from hexadecimal or base64 on command line into an octet >+ * string >+ */ >+ if (b64_input) { >+ int pad; >+ expected_len = (policy.rtp.cipher_key_len * 4) / 3; >+ len = base64_string_to_octet_string(key, &pad, input_key, >+ expected_len); >+ if (pad != 0) { >+ fprintf(stderr, "error: padding in base64 unexpected\n"); >+ exit(1); >+ } >+ } else { >+ expected_len = policy.rtp.cipher_key_len * 2; >+ len = hex_string_to_octet_string(key, input_key, expected_len); >+ } >+ /* check that hex string is the right length */ >+ if (len < expected_len) { >+ fprintf(stderr, "error: too few digits in key/salt " >+ "(should be %d digits, found %d)\n", >+ expected_len, len); >+ exit(1); >+ } >+ if ((int)strlen(input_key) > policy.rtp.cipher_key_len * 2) { >+ fprintf(stderr, "error: too many digits in key/salt " >+ "(should be %d hexadecimal digits, found %u)\n", >+ policy.rtp.cipher_key_len * 2, (unsigned)strlen(input_key)); >+ exit(1); > } >+ >+ printf("set master key/salt to %s/", octet_string_hex_string(key, 16)); >+ printf("%s\n", octet_string_hex_string(key + 16, 14)); >+ > } else { >- expected_len = policy.rtp.cipher_key_len*2; >- len = hex_string_to_octet_string(key, input_key, expected_len); >- } >- /* check that hex string is the right length */ >- if (len < expected_len) { >- fprintf(stderr, >- "error: too few digits in key/salt " >- "(should be %d digits, found %d)\n", >- expected_len, len); >- exit(1); >- } >- if ((int) strlen(input_key) > policy.rtp.cipher_key_len*2) { >- fprintf(stderr, >- "error: too many digits in key/salt " >- "(should be %d hexadecimal digits, found %u)\n", >- policy.rtp.cipher_key_len*2, (unsigned)strlen(input_key)); >- exit(1); >+ /* >+ * we're not providing security services, so set the policy to the >+ * null policy >+ * >+ * Note that this policy does not conform to the SRTP >+ * specification, since RTCP authentication is required. However, >+ * the effect of this policy is to turn off SRTP, so that this >+ * application is now a vanilla-flavored RTP application. >+ */ >+ srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtp); >+ srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtcp); >+ policy.key = (uint8_t *)key; >+ policy.ssrc.type = ssrc_specific; >+ policy.ssrc.value = ssrc; >+ policy.window_size = 0; >+ policy.allow_repeat_tx = 0; >+ policy.ekt = NULL; >+ policy.next = NULL; > } >- >- printf("set master key/salt to %s/", octet_string_hex_string(key, 16)); >- printf("%s\n", octet_string_hex_string(key+16, 14)); >- >- } else { >- /* >- * we're not providing security services, so set the policy to the >- * null policy >- * >- * Note that this policy does not conform to the SRTP >- * specification, since RTCP authentication is required. However, >- * the effect of this policy is to turn off SRTP, so that this >- * application is now a vanilla-flavored RTP application. >- */ >- srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtp); >- srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtcp); >- policy.key = (uint8_t *)key; >- policy.ssrc.type = ssrc_specific; >- policy.ssrc.value = ssrc; >- policy.window_size = 0; >- policy.allow_repeat_tx = 0; >- policy.ekt = NULL; >- policy.next = NULL; >- } >- >- if (prog_type == sender) { > >+ if (prog_type == sender) { > #if BEW >- /* bind to local socket (to match crypto policy, if need be) */ >- memset(&local, 0, sizeof(struct sockaddr_in)); >- local.sin_addr.s_addr = htonl(INADDR_ANY); >- local.sin_port = htons(port); >- ret = bind(sock, (struct sockaddr *) &local, sizeof(struct sockaddr_in)); >- if (ret < 0) { >- fprintf(stderr, "%s: bind failed\n", argv[0]); >- perror(""); >- exit(1); >- } >+ /* bind to local socket (to match crypto policy, if need be) */ >+ memset(&local, 0, sizeof(struct sockaddr_in)); >+ local.sin_addr.s_addr = htonl(INADDR_ANY); >+ local.sin_port = htons(port); >+ ret = bind(sock, (struct sockaddr *)&local, sizeof(struct sockaddr_in)); >+ if (ret < 0) { >+ fprintf(stderr, "%s: bind failed\n", argv[0]); >+ perror(""); >+ exit(1); >+ } > #endif /* BEW */ > >- /* initialize sender's rtp and srtp contexts */ >- snd = rtp_sender_alloc(); >- if (snd == NULL) { >- fprintf(stderr, "error: malloc() failed\n"); >- exit(1); >- } >- rtp_sender_init(snd, sock, name, ssrc); >- status = rtp_sender_init_srtp(snd, &policy); >- if (status) { >- fprintf(stderr, >- "error: srtp_create() failed with code %d\n", >- status); >- exit(1); >- } >- >- /* open dictionary */ >- dict = fopen (dictfile, "r"); >- if (dict == NULL) { >- fprintf(stderr, "%s: couldn't open file %s\n", argv[0], dictfile); >- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { >- leave_group(sock, mreq, argv[0]); >- } >- exit(1); >- } >- >- /* read words from dictionary, then send them off */ >- while (!interrupted && fgets(word, MAX_WORD_LEN, dict) != NULL) { >- len = strlen(word) + 1; /* plus one for null */ >- >- if (len > MAX_WORD_LEN) >- printf("error: word %s too large to send\n", word); >- else { >- rtp_sendto(snd, word, len); >- printf("sending word: %s", word); >- } >- usleep(USEC_RATE); >- } >+ /* initialize sender's rtp and srtp contexts */ >+ snd = rtp_sender_alloc(); >+ if (snd == NULL) { >+ fprintf(stderr, "error: malloc() failed\n"); >+ exit(1); >+ } >+ rtp_sender_init(snd, sock, name, ssrc); >+ status = rtp_sender_init_srtp(snd, &policy); >+ if (status) { >+ fprintf(stderr, "error: srtp_create() failed with code %d\n", >+ status); >+ exit(1); >+ } > >- rtp_sender_deinit_srtp(snd); >- rtp_sender_dealloc(snd); >- >- fclose(dict); >- } else { /* prog_type == receiver */ >- rtp_receiver_t rcvr; >- >- if (bind(sock, (struct sockaddr *)&name, sizeof(name)) < 0) { >- close(sock); >- fprintf(stderr, "%s: socket bind error\n", argv[0]); >- perror(NULL); >- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { >- leave_group(sock, mreq, argv[0]); >- } >- exit(1); >- } >+ /* open dictionary */ >+ dict = fopen(dictfile, "r"); >+ if (dict == NULL) { >+ fprintf(stderr, "%s: couldn't open file %s\n", argv[0], dictfile); >+ if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { >+ leave_group(sock, mreq, argv[0]); >+ } >+ exit(1); >+ } > >- rcvr = rtp_receiver_alloc(); >- if (rcvr == NULL) { >- fprintf(stderr, "error: malloc() failed\n"); >- exit(1); >- } >- rtp_receiver_init(rcvr, sock, name, ssrc); >- status = rtp_receiver_init_srtp(rcvr, &policy); >- if (status) { >- fprintf(stderr, >- "error: srtp_create() failed with code %d\n", >- status); >- exit(1); >- } >+ /* read words from dictionary, then send them off */ >+ while (!interrupted && fgets(word, MAX_WORD_LEN, dict) != NULL) { >+ len = strlen(word) + 1; /* plus one for null */ >+ >+ if (len > MAX_WORD_LEN) >+ printf("error: word %s too large to send\n", word); >+ else { >+ rtp_sendto(snd, word, len); >+ printf("sending word: %s", word); >+ } >+ usleep(USEC_RATE); >+ } >+ >+ rtp_sender_deinit_srtp(snd); >+ rtp_sender_dealloc(snd); >+ >+ fclose(dict); >+ } else { /* prog_type == receiver */ >+ rtp_receiver_t rcvr; >+ >+ if (bind(sock, (struct sockaddr *)&name, sizeof(name)) < 0) { >+ close(sock); >+ fprintf(stderr, "%s: socket bind error\n", argv[0]); >+ perror(NULL); >+ if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { >+ leave_group(sock, mreq, argv[0]); >+ } >+ exit(1); >+ } > >- /* get next word and loop */ >- while (!interrupted) { >- len = MAX_WORD_LEN; >- if (rtp_recvfrom(rcvr, word, &len) > -1) >- printf("\tword: %s\n", word); >+ rcvr = rtp_receiver_alloc(); >+ if (rcvr == NULL) { >+ fprintf(stderr, "error: malloc() failed\n"); >+ exit(1); >+ } >+ rtp_receiver_init(rcvr, sock, name, ssrc); >+ status = rtp_receiver_init_srtp(rcvr, &policy); >+ if (status) { >+ fprintf(stderr, "error: srtp_create() failed with code %d\n", >+ status); >+ exit(1); >+ } >+ >+ /* get next word and loop */ >+ while (!interrupted) { >+ len = MAX_WORD_LEN; >+ if (rtp_recvfrom(rcvr, word, &len) > -1) >+ printf("\tword: %s\n", word); >+ } >+ >+ rtp_receiver_deinit_srtp(rcvr); >+ rtp_receiver_dealloc(rcvr); > } >- >- rtp_receiver_deinit_srtp(rcvr); >- rtp_receiver_dealloc(rcvr); >- } > >- if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { >- leave_group(sock, mreq, argv[0]); >- } >+ if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { >+ leave_group(sock, mreq, argv[0]); >+ } > > #ifdef RTPW_USE_WINSOCK2 >- ret = closesocket(sock); >+ ret = closesocket(sock); > #else >- ret = close(sock); >+ ret = close(sock); > #endif >- if (ret < 0) { >- fprintf(stderr, "%s: Failed to close socket", argv[0]); >- perror(""); >- } >- >- status = srtp_shutdown(); >- if (status) { >- printf("error: srtp shutdown failed with error code %d\n", status); >- exit(1); >- } >+ if (ret < 0) { >+ fprintf(stderr, "%s: Failed to close socket", argv[0]); >+ perror(""); >+ } >+ >+ status = srtp_shutdown(); >+ if (status) { >+ printf("error: srtp shutdown failed with error code %d\n", status); >+ exit(1); >+ } > > #ifdef RTPW_USE_WINSOCK2 >- WSACleanup(); >+ WSACleanup(); > #endif > >- return 0; >+ return 0; > } > >- >-void >-usage(char *string) { >- >- printf("usage: %s [-d <debug>]* [-k <key> [-a][-e]] " >- "[-s | -r] dest_ip dest_port\n" >- "or %s -l\n" >- "where -a use message authentication\n" >- " -e <key size> use encryption (use 128 or 256 for key size)\n" >- " -g Use AES-GCM mode (must be used with -e)\n" >- " -t <tag size> Tag size to use in GCM mode (use 8 or 16)\n" >- " -k <key> sets the srtp master key given in hexadecimal\n" >- " -b <key> sets the srtp master key given in base64\n" >- " -s act as rtp sender\n" >- " -r act as rtp receiver\n" >- " -l list debug modules\n" >- " -d <debug> turn on debugging for module <debug>\n", >- string, string); >- exit(1); >- >+void usage(char *string) >+{ >+ printf("usage: %s [-d <debug>]* [-k <key> [-a][-e]] " >+ "[-s | -r] dest_ip dest_port\n" >+ "or %s -l\n" >+ "where -a use message authentication\n" >+ " -e <key size> use encryption (use 128 or 256 for key size)\n" >+ " -g Use AES-GCM mode (must be used with -e)\n" >+ " -t <tag size> Tag size to use in GCM mode (use 8 or 16)\n" >+ " -k <key> sets the srtp master key given in hexadecimal\n" >+ " -b <key> sets the srtp master key given in base64\n" >+ " -s act as rtp sender\n" >+ " -r act as rtp receiver\n" >+ " -l list debug modules\n" >+ " -d <debug> turn on debugging for module <debug>\n" >+ " -w <wordsfile> use <wordsfile> for input, rather than %s\n", >+ string, string, DICT_FILE); >+ exit(1); > } > >+void leave_group(int sock, struct ip_mreq mreq, char *name) >+{ >+ int ret; > >-void >-leave_group(int sock, struct ip_mreq mreq, char *name) { >- int ret; >- >- ret = setsockopt(sock, IPPROTO_IP, IP_DROP_MEMBERSHIP, (void*)&mreq, >- sizeof(mreq)); >- if (ret < 0) { >- fprintf(stderr, "%s: Failed to leave multicast group", name); >- perror(""); >- } >+ ret = setsockopt(sock, IPPROTO_IP, IP_DROP_MEMBERSHIP, (void *)&mreq, >+ sizeof(mreq)); >+ if (ret < 0) { >+ fprintf(stderr, "%s: Failed to leave multicast group", name); >+ perror(""); >+ } > } > > void handle_signal(int signum) > { >- interrupted = 1; >- /* Reset handler explicitly, in case we don't have sigaction() (and signal() >- has BSD semantics), or we don't have SA_RESETHAND */ >- signal(signum, SIG_DFL); >+ interrupted = 1; >+ /* Reset handler explicitly, in case we don't have sigaction() (and signal() >+ has BSD semantics), or we don't have SA_RESETHAND */ >+ signal(signum, SIG_DFL); > } > >-int setup_signal_handler(char* name) >+int setup_signal_handler(char *name) > { > #if HAVE_SIGACTION >- struct sigaction act; >- memset(&act, 0, sizeof(act)); >+ struct sigaction act; >+ memset(&act, 0, sizeof(act)); > >- act.sa_handler = handle_signal; >- sigemptyset(&act.sa_mask); >+ act.sa_handler = handle_signal; >+ sigemptyset(&act.sa_mask); > #if defined(SA_RESETHAND) >- act.sa_flags = SA_RESETHAND; >+ act.sa_flags = SA_RESETHAND; > #else >- act.sa_flags = 0; >+ act.sa_flags = 0; > #endif >- /* Note that we're not setting SA_RESTART; we want recvfrom to return >- * EINTR when we signal the receiver. */ >- >- if (sigaction(SIGTERM, &act, NULL) != 0) { >- fprintf(stderr, "%s: error setting up signal handler", name); >- perror(""); >- return -1; >- } >+ /* Note that we're not setting SA_RESTART; we want recvfrom to return >+ * EINTR when we signal the receiver. */ >+ >+ if (sigaction(SIGTERM, &act, NULL) != 0) { >+ fprintf(stderr, "%s: error setting up signal handler", name); >+ perror(""); >+ return -1; >+ } > #else >- if (signal(SIGTERM, handle_signal) == SIG_ERR) { >- fprintf(stderr, "%s: error setting up signal handler", name); >- perror(""); >- return -1; >- } >+ if (signal(SIGTERM, handle_signal) == SIG_ERR) { >+ fprintf(stderr, "%s: error setting up signal handler", name); >+ perror(""); >+ return -1; >+ } > #endif >- return 0; >+ return 0; > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/srtp_driver.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/srtp_driver.c >index 56052a6321d517f15dc2612ec436bed2873fbbf1..4ea8fe5302c1be34929f9b0d9f27710bb13ccbce 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/srtp_driver.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/srtp_driver.c >@@ -1,5 +1,3 @@ >- >- > /* > * srtp_driver.c > * >@@ -44,7 +42,6 @@ > * > */ > >- > #include <string.h> /* for memcpy() */ > #include <time.h> /* for clock() */ > #include <stdlib.h> /* for malloc(), free() */ >@@ -55,96 +52,73 @@ > #include "util.h" > > #ifdef HAVE_NETINET_IN_H >-# include <netinet/in.h> >+#include <netinet/in.h> > #elif defined HAVE_WINSOCK2_H >-# include <winsock2.h> >+#include <winsock2.h> > #endif > > #define PRINT_REFERENCE_PACKET 1 > >-srtp_err_status_t >-srtp_validate(void); >+srtp_err_status_t srtp_validate(void); > > #ifdef OPENSSL >-srtp_err_status_t >-srtp_validate_gcm(void); >+srtp_err_status_t srtp_validate_gcm(void); > #endif > >-srtp_err_status_t >-srtp_validate_encrypted_extensions_headers(void); >+srtp_err_status_t srtp_validate_encrypted_extensions_headers(void); > > #ifdef OPENSSL >-srtp_err_status_t >-srtp_validate_encrypted_extensions_headers_gcm(void); >+srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void); > #endif > >-srtp_err_status_t >-srtp_validate_aes_256(void); >+srtp_err_status_t srtp_validate_aes_256(void); > >-srtp_err_status_t >-srtp_create_big_policy(srtp_policy_t **list); >+srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list); > >-srtp_err_status_t >-srtp_dealloc_big_policy(srtp_policy_t *list); >+srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list); > >-srtp_err_status_t >-srtp_test_empty_payload(void); >+srtp_err_status_t srtp_test_empty_payload(void); > > #ifdef OPENSSL >-srtp_err_status_t >-srtp_test_empty_payload_gcm(void); >+srtp_err_status_t srtp_test_empty_payload_gcm(void); > #endif > >-srtp_err_status_t >-srtp_test_remove_stream(void); >+srtp_err_status_t srtp_test_remove_stream(void); > >-srtp_err_status_t >-srtp_test_update(void); >+srtp_err_status_t srtp_test_update(void); > >-srtp_err_status_t >-srtp_test_protect_trailer_length(void); >+srtp_err_status_t srtp_test_protect_trailer_length(void); > >-srtp_err_status_t >-srtp_test_protect_rtcp_trailer_length(void); >+srtp_err_status_t srtp_test_protect_rtcp_trailer_length(void); > >-srtp_err_status_t >-srtp_test_get_roc(void); >+srtp_err_status_t srtp_test_get_roc(void); > >-srtp_err_status_t >-srtp_test_set_receiver_roc(void); >+srtp_err_status_t srtp_test_set_receiver_roc(void); > >-srtp_err_status_t >-srtp_test_set_sender_roc(void); >+srtp_err_status_t srtp_test_set_sender_roc(void); > >-double >-srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy); >+double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy); > >-double >-srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy); >+double srtp_rejections_per_second(int msg_len_octets, >+ const srtp_policy_t *policy); > >-void >-srtp_do_timing(const srtp_policy_t *policy); >+void srtp_do_timing(const srtp_policy_t *policy); > >-void >-srtp_do_rejection_timing(const srtp_policy_t *policy); >+void srtp_do_rejection_timing(const srtp_policy_t *policy); > >-srtp_err_status_t >-srtp_test(const srtp_policy_t *policy, int extension_header, int mki_index); >+srtp_err_status_t srtp_test(const srtp_policy_t *policy, >+ int extension_header, >+ int mki_index); > >-srtp_err_status_t >-srtcp_test(const srtp_policy_t *policy, int mki_index); >+srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index); > >-srtp_err_status_t >-srtp_session_print_policy(srtp_t srtp); >+srtp_err_status_t srtp_session_print_policy(srtp_t srtp); > >-srtp_err_status_t >-srtp_print_policy(const srtp_policy_t *policy); >+srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy); > >-char * >-srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len); >+char *srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len); > >-double >-mips_estimate(int num_trials, int *ignore); >+double mips_estimate(int num_trials, int *ignore); > > #define TEST_MKI_ID_SIZE 4 > >@@ -153,6 +127,7 @@ extern uint8_t test_key_2[46]; > extern uint8_t test_mki_id[TEST_MKI_ID_SIZE]; > extern uint8_t test_mki_id_2[TEST_MKI_ID_SIZE]; > >+// clang-format off > srtp_master_key_t master_key_1 = { > test_key, > test_mki_id, >@@ -169,9 +144,9 @@ srtp_master_key_t *test_keys[2] = { > &master_key_1, > &master_key_2 > }; >+// clang-format on > >-void >-usage (char *prog_name) >+void usage(char *prog_name) > { > printf("usage: %s [ -t ][ -c ][ -v ][ -o ][-d <debug_module> ]* [ -l ]\n" > " -t run timing test\n" >@@ -180,19 +155,27 @@ usage (char *prog_name) > " -v run validation tests\n" > " -o output logging to stdout\n" > " -d <mod> turn on debugging module <mod>\n" >- " -l list debugging modules\n", prog_name); >+ " -l list debugging modules\n", >+ prog_name); > exit(1); > } > >-void >-log_handler (srtp_log_level_t level, const char * msg, void * data) >+void log_handler(srtp_log_level_t level, const char *msg, void *data) > { > char level_char = '?'; >- switch(level) { >- case srtp_log_level_error: level_char = 'e'; break; >- case srtp_log_level_warning: level_char = 'w'; break; >- case srtp_log_level_info: level_char = 'i'; break; >- case srtp_log_level_debug: level_char = 'd'; break; >+ switch (level) { >+ case srtp_log_level_error: >+ level_char = 'e'; >+ break; >+ case srtp_log_level_warning: >+ level_char = 'w'; >+ break; >+ case srtp_log_level_info: >+ level_char = 'i'; >+ break; >+ case srtp_log_level_debug: >+ level_char = 'd'; >+ break; > } > printf("SRTP-LOG [%c]: %s\n", level_char, msg); > } >@@ -204,7 +187,6 @@ log_handler (srtp_log_level_t level, const char * msg, void * data) > > extern const srtp_policy_t *policy_array[]; > >- > /* the wildcard_policy is declared below; it has a wildcard ssrc */ > > extern const srtp_policy_t wildcard_policy; >@@ -217,20 +199,19 @@ extern const srtp_policy_t wildcard_policy; > */ > > srtp_debug_module_t mod_driver = { >- 0, /* debugging is off by default */ >- "driver" /* printable name for module */ >+ 0, /* debugging is off by default */ >+ "driver" /* printable name for module */ > }; > >-int >-main (int argc, char *argv[]) >+int main(int argc, char *argv[]) > { > int q; >- unsigned do_timing_test = 0; >+ unsigned do_timing_test = 0; > unsigned do_rejection_test = 0; >- unsigned do_codec_timing = 0; >- unsigned do_validation = 0; >- unsigned do_list_mods = 0; >- unsigned do_log_stdout = 0; >+ unsigned do_codec_timing = 0; >+ unsigned do_validation = 0; >+ unsigned do_list_mods = 0; >+ unsigned do_log_stdout = 0; > srtp_err_status_t status; > > /* >@@ -255,7 +236,8 @@ main (int argc, char *argv[]) > status = srtp_crypto_kernel_load_debug_module(&mod_driver); > if (status) { > printf("error: load of srtp_driver debug module failed " >- "with error code %d\n", status); >+ "with error code %d\n", >+ status); > exit(1); > } > >@@ -296,8 +278,8 @@ main (int argc, char *argv[]) > } > } > >- if (!do_validation && !do_timing_test && !do_codec_timing >- && !do_list_mods && !do_rejection_test) { >+ if (!do_validation && !do_timing_test && !do_codec_timing && >+ !do_list_mods && !do_rejection_test) { > usage(argv[0]); > } > >@@ -326,51 +308,56 @@ main (int argc, char *argv[]) > printf("testing srtp_protect and srtp_unprotect\n"); > if (srtp_test(*policy, 0, -1) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } > >- printf("testing srtp_protect and srtp_unprotect with encrypted extensions headers\n"); >+ printf("testing srtp_protect and srtp_unprotect with encrypted " >+ "extensions headers\n"); > if (srtp_test(*policy, 1, -1) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } > printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n"); > if (srtcp_test(*policy, -1) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >- printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI index set to 0\n"); >+ printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI " >+ "index set to 0\n"); > if (srtp_test(*policy, 0, 0) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >- printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI index set to 1\n"); >+ printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI " >+ "index set to 1\n"); > if (srtp_test(*policy, 0, 1) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } > >- printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI index set to 0\n"); >+ printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI " >+ "index set to 0\n"); > if (srtcp_test(*policy, 0) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >- printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI index set to 1\n"); >+ printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI " >+ "index set to 1\n"); > if (srtcp_test(*policy, 1) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -386,14 +373,15 @@ main (int argc, char *argv[]) > printf("testing srtp_protect and srtp_unprotect with big policy\n"); > if (srtp_test(big_policy, 0, -1) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >- printf("testing srtp_protect and srtp_unprotect with big policy and encrypted extensions headers\n"); >+ printf("testing srtp_protect and srtp_unprotect with big policy and " >+ "encrypted extensions headers\n"); > if (srtp_test(big_policy, 1, -1) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -408,7 +396,7 @@ main (int argc, char *argv[]) > "wildcard ssrc policy\n"); > if (srtp_test(&wildcard_policy, 0, -1) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -416,7 +404,7 @@ main (int argc, char *argv[]) > "wildcard ssrc policy and encrypted extensions headers\n"); > if (srtp_test(&wildcard_policy, 1, -1) == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -429,7 +417,7 @@ main (int argc, char *argv[]) > "reference packet\n"); > if (srtp_validate() == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -439,7 +427,7 @@ main (int argc, char *argv[]) > "reference packet using GCM\n"); > if (srtp_validate_gcm() == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -457,9 +445,10 @@ main (int argc, char *argv[]) > #ifdef OPENSSL > printf("testing srtp_protect and srtp_unprotect against " > "reference packet with encrypted extension headers (GCM)\n"); >- if (srtp_validate_encrypted_extensions_headers_gcm() == srtp_err_status_ok) { >+ if (srtp_validate_encrypted_extensions_headers_gcm() == >+ srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -473,7 +462,7 @@ main (int argc, char *argv[]) > "reference packet (AES-256)\n"); > if (srtp_validate_aes_256() == srtp_err_status_ok) { > printf("passed\n\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -485,7 +474,7 @@ main (int argc, char *argv[]) > "packet with empty payload\n"); > if (srtp_test_empty_payload() == srtp_err_status_ok) { > printf("passed\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -494,7 +483,7 @@ main (int argc, char *argv[]) > "packet with empty payload (GCM)\n"); > if (srtp_test_empty_payload_gcm() == srtp_err_status_ok) { > printf("passed\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -506,7 +495,7 @@ main (int argc, char *argv[]) > printf("testing srtp_remove_stream()..."); > if (srtp_test_remove_stream() == srtp_err_status_ok) { > printf("passed\n"); >- } else{ >+ } else { > printf("failed\n"); > exit(1); > } >@@ -565,7 +554,6 @@ main (int argc, char *argv[]) > printf("failed\n"); > exit(1); > } >- > } > > if (do_timing_test) { >@@ -598,7 +586,7 @@ main (int argc, char *argv[]) > memset(&policy, 0, sizeof(policy)); > srtp_crypto_policy_set_rtp_default(&policy.rtp); > srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- policy.ssrc.type = ssrc_specific; >+ policy.ssrc.type = ssrc_specific; > policy.ssrc.value = 0xdecafbad; > policy.key = test_key; > policy.ekt = NULL; >@@ -612,28 +600,28 @@ main (int argc, char *argv[]) > printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n"); > printf("G.711\t\t%d\t\t\t%e\n", 80, > (double)mips_value * (80 * 8) / >- srtp_bits_per_second(80, &policy) / .01 ); >+ srtp_bits_per_second(80, &policy) / .01); > printf("G.711\t\t%d\t\t\t%e\n", 160, > (double)mips_value * (160 * 8) / >- srtp_bits_per_second(160, &policy) / .02); >+ srtp_bits_per_second(160, &policy) / .02); > printf("G.726-32\t%d\t\t\t%e\n", 40, > (double)mips_value * (40 * 8) / >- srtp_bits_per_second(40, &policy) / .01 ); >+ srtp_bits_per_second(40, &policy) / .01); > printf("G.726-32\t%d\t\t\t%e\n", 80, > (double)mips_value * (80 * 8) / >- srtp_bits_per_second(80, &policy) / .02); >+ srtp_bits_per_second(80, &policy) / .02); > printf("G.729\t\t%d\t\t\t%e\n", 10, > (double)mips_value * (10 * 8) / >- srtp_bits_per_second(10, &policy) / .01 ); >+ srtp_bits_per_second(10, &policy) / .01); > printf("G.729\t\t%d\t\t\t%e\n", 20, > (double)mips_value * (20 * 8) / >- srtp_bits_per_second(20, &policy) / .02 ); >+ srtp_bits_per_second(20, &policy) / .02); > printf("Wideband\t%d\t\t\t%e\n", 320, > (double)mips_value * (320 * 8) / >- srtp_bits_per_second(320, &policy) / .01 ); >+ srtp_bits_per_second(320, &policy) / .01); > printf("Wideband\t%d\t\t\t%e\n", 640, > (double)mips_value * (640 * 8) / >- srtp_bits_per_second(640, &policy) / .02 ); >+ srtp_bits_per_second(640, &policy) / .02); > } > > status = srtp_shutdown(); >@@ -645,8 +633,6 @@ main (int argc, char *argv[]) > return 0; > } > >- >- > /* > * srtp_create_test_packet(len, ssrc) returns a pointer to a > * (malloced) example RTP packet whose data field has the length given >@@ -660,8 +646,9 @@ main (int argc, char *argv[]) > * deallocated with the free() call once it is no longer needed. > */ > >-srtp_hdr_t * >-srtp_create_test_packet (int pkt_octet_len, uint32_t ssrc) >+srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len, >+ uint32_t ssrc, >+ int *pkt_len) > { > int i; > uint8_t *buffer; >@@ -669,23 +656,23 @@ srtp_create_test_packet (int pkt_octet_len, uint32_t ssrc) > int bytes_in_hdr = 12; > > /* allocate memory for test packet */ >- hdr = (srtp_hdr_t*)malloc(pkt_octet_len + bytes_in_hdr >- + SRTP_MAX_TRAILER_LEN + 4); >+ hdr = (srtp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr + >+ SRTP_MAX_TRAILER_LEN + 4); > if (!hdr) { > return NULL; > } > >- hdr->version = 2; /* RTP version two */ >- hdr->p = 0; /* no padding needed */ >- hdr->x = 0; /* no header extension */ >- hdr->cc = 0; /* no CSRCs */ >- hdr->m = 0; /* marker bit */ >- hdr->pt = 0xf; /* payload type */ >- hdr->seq = htons(0x1234); /* sequence number */ >- hdr->ts = htonl(0xdecafbad); /* timestamp */ >- hdr->ssrc = htonl(ssrc); /* synch. source */ >+ hdr->version = 2; /* RTP version two */ >+ hdr->p = 0; /* no padding needed */ >+ hdr->x = 0; /* no header extension */ >+ hdr->cc = 0; /* no CSRCs */ >+ hdr->m = 0; /* marker bit */ >+ hdr->pt = 0xf; /* payload type */ >+ hdr->seq = htons(0x1234); /* sequence number */ >+ hdr->ts = htonl(0xdecafbad); /* timestamp */ >+ hdr->ssrc = htonl(ssrc); /* synch. source */ > >- buffer = (uint8_t*)hdr; >+ buffer = (uint8_t *)hdr; > buffer += bytes_in_hdr; > > /* set RTP data to 0xab */ >@@ -698,85 +685,91 @@ srtp_create_test_packet (int pkt_octet_len, uint32_t ssrc) > *buffer++ = 0xff; > } > >+ *pkt_len = bytes_in_hdr + pkt_octet_len; >+ > return hdr; > } > >-static srtp_hdr_t * >-srtp_create_test_packet_extended (int pkt_octet_len, uint32_t ssrc, uint16_t seq, uint32_t ts) >+static srtp_hdr_t *srtp_create_test_packet_extended(int pkt_octet_len, >+ uint32_t ssrc, >+ uint16_t seq, >+ uint32_t ts, >+ int *pkt_len) > { >- srtp_hdr_t *hdr; >+ srtp_hdr_t *hdr; > >- hdr = srtp_create_test_packet(pkt_octet_len, ssrc); >- if (hdr == NULL) >- return hdr; >+ hdr = srtp_create_test_packet(pkt_octet_len, ssrc, pkt_len); >+ if (hdr == NULL) >+ return hdr; > >- hdr->seq = htons(seq); >- hdr->ts = htonl(ts); >- return hdr; >+ hdr->seq = htons(seq); >+ hdr->ts = htonl(ts); >+ return hdr; > } > >-srtp_hdr_t * >-srtp_create_test_packet_ext_hdr(int pkt_octet_len, uint32_t ssrc) { >- int i; >- uint8_t *buffer; >- srtp_hdr_t *hdr; >- int bytes_in_hdr = 12; >- uint8_t extension_header[12] = { >- /* one-byte header */ >- 0xbe, 0xde, >- /* size */ >- 0x00, 0x02, >- /* id 1, length 1 (i.e. 2 bytes) */ >- 0x11, >- /* payload */ >- 0xca, >- 0xfe, >- /* padding */ >- 0x00, >- /* id 2, length 0 (i.e. 1 byte) */ >- 0x20, >- /* payload */ >- 0xba, >- /* padding */ >- 0x00, >- 0x00 >- }; >- >- /* allocate memory for test packet */ >- hdr = (srtp_hdr_t*) malloc(pkt_octet_len + bytes_in_hdr >- + sizeof(extension_header) + SRTP_MAX_TRAILER_LEN + 4); >- if (!hdr) >- return NULL; >- >- hdr->version = 2; /* RTP version two */ >- hdr->p = 0; /* no padding needed */ >- hdr->x = 1; /* no header extension */ >- hdr->cc = 0; /* no CSRCs */ >- hdr->m = 0; /* marker bit */ >- hdr->pt = 0xf; /* payload type */ >- hdr->seq = htons(0x1234); /* sequence number */ >- hdr->ts = htonl(0xdecafbad); /* timestamp */ >- hdr->ssrc = htonl(ssrc); /* synch. source */ >- >- buffer = (uint8_t *)hdr; >- buffer += bytes_in_hdr; >- >- memcpy(buffer, extension_header, sizeof(extension_header)); >- buffer += sizeof(extension_header); >- >- /* set RTP data to 0xab */ >- for (i=0; i < pkt_octet_len; i++) >- *buffer++ = 0xab; >- >- /* set post-data value to 0xffff to enable overrun checking */ >- for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++) >- *buffer++ = 0xff; >- >- return hdr; >+srtp_hdr_t *srtp_create_test_packet_ext_hdr(int pkt_octet_len, >+ uint32_t ssrc, >+ int *pkt_len) >+{ >+ int i; >+ uint8_t *buffer; >+ srtp_hdr_t *hdr; >+ int bytes_in_hdr = 12; >+ uint8_t extension_header[12] = { /* one-byte header */ >+ 0xbe, 0xde, >+ /* size */ >+ 0x00, 0x02, >+ /* id 1, length 1 (i.e. 2 bytes) */ >+ 0x11, >+ /* payload */ >+ 0xca, 0xfe, >+ /* padding */ >+ 0x00, >+ /* id 2, length 0 (i.e. 1 byte) */ >+ 0x20, >+ /* payload */ >+ 0xba, >+ /* padding */ >+ 0x00, 0x00 >+ }; >+ >+ /* allocate memory for test packet */ >+ hdr = (srtp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr + >+ sizeof(extension_header) + SRTP_MAX_TRAILER_LEN + >+ 4); >+ if (!hdr) >+ return NULL; >+ >+ hdr->version = 2; /* RTP version two */ >+ hdr->p = 0; /* no padding needed */ >+ hdr->x = 1; /* no header extension */ >+ hdr->cc = 0; /* no CSRCs */ >+ hdr->m = 0; /* marker bit */ >+ hdr->pt = 0xf; /* payload type */ >+ hdr->seq = htons(0x1234); /* sequence number */ >+ hdr->ts = htonl(0xdecafbad); /* timestamp */ >+ hdr->ssrc = htonl(ssrc); /* synch. source */ >+ >+ buffer = (uint8_t *)hdr; >+ buffer += bytes_in_hdr; >+ >+ memcpy(buffer, extension_header, sizeof(extension_header)); >+ buffer += sizeof(extension_header); >+ >+ /* set RTP data to 0xab */ >+ for (i = 0; i < pkt_octet_len; i++) >+ *buffer++ = 0xab; >+ >+ /* set post-data value to 0xffff to enable overrun checking */ >+ for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) >+ *buffer++ = 0xff; >+ >+ *pkt_len = bytes_in_hdr + sizeof(extension_header) + pkt_octet_len; >+ >+ return hdr; > } > >-void >-srtp_do_timing (const srtp_policy_t *policy) >+void srtp_do_timing(const srtp_policy_t *policy) > { > int len; > >@@ -796,11 +789,9 @@ srtp_do_timing (const srtp_policy_t *policy) > > /* these extra linefeeds let gnuplot know that a dataset is done */ > printf("\r\n\r\n"); >- > } > >-void >-srtp_do_rejection_timing (const srtp_policy_t *policy) >+void srtp_do_rejection_timing(const srtp_policy_t *policy) > { > int len; > >@@ -819,21 +810,18 @@ srtp_do_rejection_timing (const srtp_policy_t *policy) > > /* these extra linefeeds let gnuplot know that a dataset is done */ > printf("\r\n\r\n"); >- > } > >- > #define MAX_MSG_LEN 1024 > >-double >-srtp_bits_per_second (int msg_len_octets, const srtp_policy_t *policy) >+double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) > { > srtp_t srtp; > srtp_hdr_t *mesg; > int i; > clock_t timer; > int num_trials = 100000; >- int len; >+ int input_len, len; > uint32_t ssrc; > srtp_err_status_t status; > >@@ -858,15 +846,13 @@ srtp_bits_per_second (int msg_len_octets, const srtp_policy_t *policy) > /* > * create a test packet > */ >- mesg = srtp_create_test_packet(msg_len_octets, ssrc); >+ mesg = srtp_create_test_packet(msg_len_octets, ssrc, &input_len); > if (mesg == NULL) { > return 0.0; /* indicate failure by returning zero */ >- > } > timer = clock(); > for (i = 0; i < num_trials; i++) { >- len = msg_len_octets + 12; /* add in rtp header length */ >- >+ len = input_len; > /* srtp protect message */ > status = srtp_protect(srtp, mesg, &len); > if (status) { >@@ -876,7 +862,8 @@ srtp_bits_per_second (int msg_len_octets, const srtp_policy_t *policy) > > /* increment message number */ > { >- /* hack sequence to avoid problems with macros for htons/ntohs on some systems */ >+ /* hack sequence to avoid problems with macros for htons/ntohs on >+ * some systems */ > short new_seq = ntohs(mesg->seq) + 1; > mesg->seq = htons(new_seq); > } >@@ -891,12 +878,11 @@ srtp_bits_per_second (int msg_len_octets, const srtp_policy_t *policy) > exit(1); > } > >- return (double)(msg_len_octets) * 8 * >- num_trials * CLOCKS_PER_SEC / timer; >+ return (double)(msg_len_octets)*8 * num_trials * CLOCKS_PER_SEC / timer; > } > >-double >-srtp_rejections_per_second (int msg_len_octets, const srtp_policy_t *policy) >+double srtp_rejections_per_second(int msg_len_octets, >+ const srtp_policy_t *policy) > { > srtp_ctx_t *srtp; > srtp_hdr_t *mesg; >@@ -916,18 +902,16 @@ srtp_rejections_per_second (int msg_len_octets, const srtp_policy_t *policy) > exit(1); > } > >- mesg = srtp_create_test_packet(msg_len_octets, ssrc); >+ mesg = srtp_create_test_packet(msg_len_octets, ssrc, &len); > if (mesg == NULL) { > return 0.0; /* indicate failure by returning zero */ >- > } >- len = msg_len_octets; >- srtp_protect(srtp, (srtp_hdr_t*)mesg, &len); >+ srtp_protect(srtp, (srtp_hdr_t *)mesg, &len); > > timer = clock(); > for (i = 0; i < num_trials; i++) { > len = msg_len_octets; >- srtp_unprotect(srtp, (srtp_hdr_t*)mesg, &len); >+ srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len); > } > timer = clock() - timer; > >@@ -942,56 +926,67 @@ srtp_rejections_per_second (int msg_len_octets, const srtp_policy_t *policy) > return (double)num_trials * CLOCKS_PER_SEC / timer; > } > >- >-void >-err_check (srtp_err_status_t s) >+void err_check(srtp_err_status_t s) > { > if (s == srtp_err_status_ok) { > return; >- } else{ >+ } else { > fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s); > } > exit(1); > } > >-srtp_err_status_t >-srtp_test_call_protect(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int mki_index) { >+srtp_err_status_t srtp_test_call_protect(srtp_t srtp_sender, >+ srtp_hdr_t *hdr, >+ int *len, >+ int mki_index) >+{ > if (mki_index == -1) { >- return srtp_protect(srtp_sender, hdr, len); >+ return srtp_protect(srtp_sender, hdr, len); > } else { >- return srtp_protect_mki(srtp_sender, hdr, len, 1, mki_index); >+ return srtp_protect_mki(srtp_sender, hdr, len, 1, mki_index); > } > } > >-srtp_err_status_t >-srtp_test_call_protect_rtcp(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int mki_index) { >+srtp_err_status_t srtp_test_call_protect_rtcp(srtp_t srtp_sender, >+ srtp_hdr_t *hdr, >+ int *len, >+ int mki_index) >+{ > if (mki_index == -1) { >- return srtp_protect_rtcp(srtp_sender, hdr, len); >+ return srtp_protect_rtcp(srtp_sender, hdr, len); > } else { >- return srtp_protect_rtcp_mki(srtp_sender, hdr, len, 1, mki_index); >+ return srtp_protect_rtcp_mki(srtp_sender, hdr, len, 1, mki_index); > } > } > >-srtp_err_status_t >-srtp_test_call_unprotect(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int use_mki) { >+srtp_err_status_t srtp_test_call_unprotect(srtp_t srtp_sender, >+ srtp_hdr_t *hdr, >+ int *len, >+ int use_mki) >+{ > if (use_mki == -1) { >- return srtp_unprotect(srtp_sender, hdr, len); >+ return srtp_unprotect(srtp_sender, hdr, len); > } else { >- return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki); >+ return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki); > } > } > >-srtp_err_status_t >-srtp_test_call_unprotect_rtcp(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int use_mki) { >+srtp_err_status_t srtp_test_call_unprotect_rtcp(srtp_t srtp_sender, >+ srtp_hdr_t *hdr, >+ int *len, >+ int use_mki) >+{ > if (use_mki == -1) { >- return srtp_unprotect_rtcp(srtp_sender, hdr, len); >+ return srtp_unprotect_rtcp(srtp_sender, hdr, len); > } else { >- return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki); >+ return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki); > } > } > >-srtp_err_status_t >-srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) >+srtp_err_status_t srtp_test(const srtp_policy_t *policy, >+ int extension_header, >+ int mki_index) > { > int i; > srtp_t srtp_sender; >@@ -1000,9 +995,9 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > srtp_hdr_t *hdr, *hdr2; > uint8_t hdr_enc[64]; > uint8_t *pkt_end; >- int msg_len_octets, msg_len_enc; >- int len; >- int tag_length = policy->rtp.auth_tag_len; >+ int msg_len_octets, msg_len_enc, msg_len; >+ int len, len2; >+ uint32_t tag_length; > uint32_t ssrc; > srtp_policy_t *rcvr_policy; > srtp_policy_t tmp_policy; >@@ -1010,7 +1005,7 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > int use_mki = 0; > > if (mki_index >= 0) >- use_mki = 1; >+ use_mki = 1; > > if (extension_header) { > memcpy(&tmp_policy, policy, sizeof(srtp_policy_t)); >@@ -1031,18 +1026,21 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > */ > if (policy->ssrc.type != ssrc_specific) { > ssrc = 0xdecafbad; >- } else{ >+ } else { > ssrc = policy->ssrc.value; > } > msg_len_octets = 28; > if (extension_header) { >- hdr = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc); >- hdr2 = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc); >+ hdr = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc, &len); >+ hdr2 = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc, &len2); > } else { >- hdr = srtp_create_test_packet(msg_len_octets, ssrc); >- hdr2 = srtp_create_test_packet(msg_len_octets, ssrc); >+ hdr = srtp_create_test_packet(msg_len_octets, ssrc, &len); >+ hdr2 = srtp_create_test_packet(msg_len_octets, ssrc, &len2); > } > >+ /* save original msg len */ >+ msg_len = len; >+ > if (hdr == NULL) { > free(hdr2); > return srtp_err_status_alloc_fail; >@@ -1052,18 +1050,12 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > return srtp_err_status_alloc_fail; > } > >- /* set message length */ >- len = msg_len_octets; >- if (extension_header) { >- len += 12; >- } >- > debug_print(mod_driver, "before protection:\n%s", > srtp_packet_to_string(hdr, len)); > > #if PRINT_REFERENCE_PACKET > debug_print(mod_driver, "reference packet before protection:\n%s", >- octet_string_hex_string((uint8_t*)hdr, len)); >+ octet_string_hex_string((uint8_t *)hdr, len)); > #endif > err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index)); > >@@ -1071,7 +1063,7 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > srtp_packet_to_string(hdr, len)); > #if PRINT_REFERENCE_PACKET > debug_print(mod_driver, "after protection:\n%s", >- octet_string_hex_string((uint8_t*)hdr, len)); >+ octet_string_hex_string((uint8_t *)hdr, len)); > #endif > > /* save protected message and length */ >@@ -1085,16 +1077,14 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > * data following the packet is different, then we know that the > * protect function is overwriting the end of the packet. > */ >- pkt_end = (uint8_t*)hdr + sizeof(srtp_hdr_t) >- + msg_len_octets + tag_length; >- if (extension_header) { >- pkt_end += 12; >- } >+ err_check(srtp_get_protect_trailer_length(srtp_sender, use_mki, mki_index, >+ &tag_length)); >+ pkt_end = (uint8_t *)hdr + msg_len + tag_length; > for (i = 0; i < 4; i++) { > if (pkt_end[i] != 0xff) { > fprintf(stdout, "overwrite in srtp_protect() function " >- "(expected %x, found %x in trailing octet %d)\n", >- 0xff, ((uint8_t*)hdr)[i], i); >+ "(expected %x, found %x in trailing octet %d)\n", >+ 0xff, ((uint8_t *)hdr)[i], i); > free(hdr); > free(hdr2); > return srtp_err_status_algo_fail; >@@ -1114,7 +1104,7 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > printf("testing that ciphertext is distinct from plaintext..."); > status = srtp_err_status_algo_fail; > for (i = 12; i < msg_len_octets + 12; i++) { >- if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) { >+ if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { > status = srtp_err_status_ok; > } > } >@@ -1134,7 +1124,7 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > * we always copy the policy into the rcvr_policy, since otherwise > * the compiler would fret about the constness of the policy > */ >- rcvr_policy = (srtp_policy_t*)malloc(sizeof(srtp_policy_t)); >+ rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t)); > if (rcvr_policy == NULL) { > free(hdr); > free(hdr2); >@@ -1160,8 +1150,8 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > srtp_packet_to_string(hdr, len)); > > /* verify that the unprotected packet matches the origial one */ >- for (i = 0; i < msg_len_octets; i++) { >- if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) { >+ for (i = 0; i < len; i++) { >+ if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { > fprintf(stdout, "mismatch at octet %d\n", i); > status = srtp_err_status_algo_fail; > } >@@ -1177,15 +1167,13 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > * if the policy includes authentication, then test for false positives > */ > if (policy->rtp.sec_serv & sec_serv_auth) { >- char *data = ((char*)hdr) + 12; >+ char *data = ((char *)hdr) + (extension_header ? 24 : 12); > > printf("testing for false positives in replay check..."); > >- /* set message length */ >- len = msg_len_enc; >- > /* unprotect a second time - should fail with a replay error */ >- status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki); >+ status = >+ srtp_test_call_unprotect(srtp_rcvr, hdr, &msg_len_enc, use_mki); > if (status != srtp_err_status_replay_fail) { > printf("failed with error code %d\n", status); > free(hdr); >@@ -1201,17 +1189,11 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > /* increment sequence number in header */ > hdr->seq++; > >- /* set message length */ >- len = msg_len_octets; >- if (extension_header) { >- len += 12; >- } >- > /* apply protection */ > err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index)); > > /* flip bits in packet */ >- data[extension_header ? 12 : 0] ^= 0xff; >+ data[0] ^= 0xff; > > /* unprotect, and check for authentication failure */ > status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki); >@@ -1224,7 +1206,6 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > } else { > printf("passed\n"); > } >- > } > > err_check(srtp_dealloc(srtp_sender)); >@@ -1236,9 +1217,7 @@ srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) > return srtp_err_status_ok; > } > >- >-srtp_err_status_t >-srtcp_test (const srtp_policy_t *policy, int mki_index) >+srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index) > { > int i; > srtp_t srtcp_sender; >@@ -1247,9 +1226,9 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > srtp_hdr_t *hdr, *hdr2; > uint8_t hdr_enc[64]; > uint8_t *pkt_end; >- int msg_len_octets, msg_len_enc; >- int len; >- int tag_length = policy->rtp.auth_tag_len; >+ int msg_len_octets, msg_len_enc, msg_len; >+ int len, len2; >+ uint32_t tag_length; > uint32_t ssrc; > srtp_policy_t *rcvr_policy; > int use_mki = 0; >@@ -1269,30 +1248,29 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > */ > if (policy->ssrc.type != ssrc_specific) { > ssrc = 0xdecafbad; >- } else{ >+ } else { > ssrc = policy->ssrc.value; > } > msg_len_octets = 28; >- hdr = srtp_create_test_packet(msg_len_octets, ssrc); >+ hdr = srtp_create_test_packet(msg_len_octets, ssrc, &len); >+ /* save message len */ >+ msg_len = len; > > if (hdr == NULL) { > return srtp_err_status_alloc_fail; > } >- hdr2 = srtp_create_test_packet(msg_len_octets, ssrc); >+ hdr2 = srtp_create_test_packet(msg_len_octets, ssrc, &len2); > if (hdr2 == NULL) { > free(hdr); > return srtp_err_status_alloc_fail; > } > >- /* set message length */ >- len = msg_len_octets; >- > debug_print(mod_driver, "before protection:\n%s", > srtp_packet_to_string(hdr, len)); > > #if PRINT_REFERENCE_PACKET > debug_print(mod_driver, "reference packet before protection:\n%s", >- octet_string_hex_string((uint8_t*)hdr, len)); >+ octet_string_hex_string((uint8_t *)hdr, len)); > #endif > err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index)); > >@@ -1300,7 +1278,7 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > srtp_packet_to_string(hdr, len)); > #if PRINT_REFERENCE_PACKET > debug_print(mod_driver, "after protection:\n%s", >- octet_string_hex_string((uint8_t*)hdr, len)); >+ octet_string_hex_string((uint8_t *)hdr, len)); > #endif > > /* save protected message and length */ >@@ -1314,13 +1292,14 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > * data following the packet is different, then we know that the > * protect function is overwriting the end of the packet. > */ >- pkt_end = (uint8_t*)hdr + sizeof(srtp_hdr_t) >- + msg_len_octets + tag_length; >+ srtp_get_protect_rtcp_trailer_length(srtcp_sender, use_mki, mki_index, >+ &tag_length); >+ pkt_end = (uint8_t *)hdr + msg_len + tag_length; > for (i = 0; i < 4; i++) { > if (pkt_end[i] != 0xff) { > fprintf(stdout, "overwrite in srtp_protect_rtcp() function " >- "(expected %x, found %x in trailing octet %d)\n", >- 0xff, ((uint8_t*)hdr)[i], i); >+ "(expected %x, found %x in trailing octet %d)\n", >+ 0xff, ((uint8_t *)hdr)[i], i); > free(hdr); > free(hdr2); > return srtp_err_status_algo_fail; >@@ -1336,11 +1315,11 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > * reason, we skip this check if the plaintext is less than four > * octets long. > */ >- if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) { >+ if ((policy->rtcp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) { > printf("testing that ciphertext is distinct from plaintext..."); > status = srtp_err_status_algo_fail; > for (i = 12; i < msg_len_octets + 12; i++) { >- if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) { >+ if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { > status = srtp_err_status_ok; > } > } >@@ -1360,7 +1339,7 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > * we always copy the policy into the rcvr_policy, since otherwise > * the compiler would fret about the constness of the policy > */ >- rcvr_policy = (srtp_policy_t*)malloc(sizeof(srtp_policy_t)); >+ rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t)); > if (rcvr_policy == NULL) { > return srtp_err_status_alloc_fail; > } >@@ -1377,8 +1356,8 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > srtp_packet_to_string(hdr, len)); > > /* verify that the unprotected packet matches the origial one */ >- for (i = 0; i < msg_len_octets; i++) { >- if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) { >+ for (i = 0; i < len; i++) { >+ if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { > fprintf(stdout, "mismatch at octet %d\n", i); > status = srtp_err_status_algo_fail; > } >@@ -1394,15 +1373,13 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > * if the policy includes authentication, then test for false positives > */ > if (policy->rtp.sec_serv & sec_serv_auth) { >- char *data = ((char*)hdr) + 12; >+ char *data = ((char *)hdr) + 12; > > printf("testing for false positives in replay check..."); > >- /* set message length */ >- len = msg_len_enc; >- > /* unprotect a second time - should fail with a replay error */ >- status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki); >+ status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &msg_len_enc, >+ use_mki); > if (status != srtp_err_status_replay_fail) { > printf("failed with error code %d\n", status); > free(hdr); >@@ -1418,11 +1395,9 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > /* increment sequence number in header */ > hdr->seq++; > >- /* set message length */ >- len = msg_len_octets; >- > /* apply protection */ >- err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index)); >+ err_check( >+ srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index)); > > /* flip bits in packet */ > data[0] ^= 0xff; >@@ -1438,7 +1413,6 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > } else { > printf("passed\n"); > } >- > } > > err_check(srtp_dealloc(srtcp_sender)); >@@ -1450,21 +1424,11 @@ srtcp_test (const srtp_policy_t *policy, int mki_index) > return srtp_err_status_ok; > } > >- >-srtp_err_status_t >-srtp_session_print_policy (srtp_t srtp) >+srtp_err_status_t srtp_session_print_policy(srtp_t srtp) > { >- char *serv_descr[4] = { >- "none", >- "confidentiality", >- "authentication", >- "confidentiality and authentication" >- }; >- char *direction[3] = { >- "unknown", >- "outbound", >- "inbound" >- }; >+ char *serv_descr[4] = { "none", "confidentiality", "authentication", >+ "confidentiality and authentication" }; >+ char *direction[3] = { "unknown", "outbound", "inbound" }; > srtp_stream_t stream; > srtp_session_keys_t *session_keys = NULL; > >@@ -1498,7 +1462,7 @@ srtp_session_print_policy (srtp_t srtp) > > printf("# Encrypted extension headers: "); > if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) { >- int* enc_xtn_hdr = stream->enc_xtn_hdr; >+ int *enc_xtn_hdr = stream->enc_xtn_hdr; > int count = stream->enc_xtn_hdr_count; > while (count > 0) { > printf("%d ", *enc_xtn_hdr); >@@ -1528,8 +1492,7 @@ srtp_session_print_policy (srtp_t srtp) > "# rtcp services: %s\r\n" > "# window size: %lu\r\n" > "# tx rtx allowed:%s\r\n", >- stream->ssrc, >- session_keys->rtp_cipher->type->description, >+ stream->ssrc, session_keys->rtp_cipher->type->description, > session_keys->rtp_auth->type->description, > serv_descr[stream->rtp_services], > session_keys->rtcp_cipher->type->description, >@@ -1540,7 +1503,7 @@ srtp_session_print_policy (srtp_t srtp) > > printf("# Encrypted extension headers: "); > if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) { >- int* enc_xtn_hdr = stream->enc_xtn_hdr; >+ int *enc_xtn_hdr = stream->enc_xtn_hdr; > int count = stream->enc_xtn_hdr_count; > while (count > 0) { > printf("%d ", *enc_xtn_hdr); >@@ -1558,8 +1521,7 @@ srtp_session_print_policy (srtp_t srtp) > return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_print_policy (const srtp_policy_t *policy) >+srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy) > { > srtp_err_status_t status; > srtp_t session; >@@ -1592,11 +1554,10 @@ srtp_print_policy (const srtp_policy_t *policy) > > char packet_string[MTU]; > >-char * >-srtp_packet_to_string (srtp_hdr_t *hdr, int pkt_octet_len) >+char *srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len) > { > int octets_in_rtp_header = 12; >- uint8_t *data = ((uint8_t*)hdr) + octets_in_rtp_header; >+ uint8_t *data = ((uint8_t *)hdr) + octets_in_rtp_header; > int hex_len = pkt_octet_len - octets_in_rtp_header; > > /* sanity checking */ >@@ -1605,29 +1566,20 @@ srtp_packet_to_string (srtp_hdr_t *hdr, int pkt_octet_len) > } > > /* write packet into string */ >- sprintf(packet_string, >- "(s)rtp packet: {\n" >- " version:\t%d\n" >- " p:\t\t%d\n" >- " x:\t\t%d\n" >- " cc:\t\t%d\n" >- " m:\t\t%d\n" >- " pt:\t\t%x\n" >- " seq:\t\t%x\n" >- " ts:\t\t%x\n" >- " ssrc:\t%x\n" >- " data:\t%s\n" >- "} (%d octets in total)\n", >- hdr->version, >- hdr->p, >- hdr->x, >- hdr->cc, >- hdr->m, >- hdr->pt, >- hdr->seq, >- hdr->ts, >- hdr->ssrc, >- octet_string_hex_string(data, hex_len), >+ sprintf(packet_string, "(s)rtp packet: {\n" >+ " version:\t%d\n" >+ " p:\t\t%d\n" >+ " x:\t\t%d\n" >+ " cc:\t\t%d\n" >+ " m:\t\t%d\n" >+ " pt:\t\t%x\n" >+ " seq:\t\t%x\n" >+ " ts:\t\t%x\n" >+ " ssrc:\t%x\n" >+ " data:\t%s\n" >+ "} (%d octets in total)\n", >+ hdr->version, hdr->p, hdr->x, hdr->cc, hdr->m, hdr->pt, hdr->seq, >+ hdr->ts, hdr->ssrc, octet_string_hex_string(data, hex_len), > pkt_octet_len); > > return packet_string; >@@ -1643,8 +1595,7 @@ srtp_packet_to_string (srtp_hdr_t *hdr, int pkt_octet_len) > * optimize away the function > */ > >-double >-mips_estimate (int num_trials, int *ignore) >+double mips_estimate(int num_trials, int *ignore) > { > clock_t t; > volatile int i, sum; >@@ -1656,23 +1607,21 @@ mips_estimate (int num_trials, int *ignore) > } > t = clock() - t; > >-/* printf("%d\n", sum); */ >+ /* printf("%d\n", sum); */ > *ignore = sum; > > return (double)num_trials * CLOCKS_PER_SEC / t; > } > >- > /* > * srtp_validate() verifies the correctness of libsrtp by comparing > * some computed packets against some pre-computed reference values. > * These packets were made with the default SRTP policy. > */ > >- >-srtp_err_status_t >-srtp_validate () >+srtp_err_status_t srtp_validate() > { >+ // clang-format off > uint8_t srtp_plaintext_ref[28] = { > 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, > 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, >@@ -1712,6 +1661,8 @@ srtp_validate () > 0x80, 0x00, 0x00, 0x01, 0x99, 0x3e, 0x08, 0xcd, > 0x54, 0xd6, 0xc1, 0x23, 0x07, 0x98 > }; >+ // clang-format on >+ > srtp_t srtp_snd, srtp_recv; > srtp_err_status_t status; > int len; >@@ -1724,7 +1675,7 @@ srtp_validate () > memset(&policy, 0, sizeof(policy)); > srtp_crypto_policy_set_rtp_default(&policy.rtp); > srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- policy.ssrc.type = ssrc_specific; >+ policy.ssrc.type = ssrc_specific; > policy.ssrc.value = 0xcafebabe; > policy.key = test_key; > policy.ekt = NULL; >@@ -1826,9 +1777,9 @@ srtp_validate () > * srtp_validate_gcm() verifies the correctness of libsrtp by comparing > * an computed packet against the known ciphertext for the plaintext. > */ >-srtp_err_status_t >-srtp_validate_gcm () >+srtp_err_status_t srtp_validate_gcm() > { >+ // clang-format off > unsigned char test_key_gcm[28] = { > 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, >@@ -1878,6 +1829,7 @@ srtp_validate_gcm () > 0xea, 0x31, 0x12, 0x3b, 0xa8, 0x8c, 0xe6, 0x1e, > 0x80, 0x00, 0x00, 0x01 > }; >+ // clang-format on > > srtp_t srtp_snd, srtp_recv; > srtp_err_status_t status; >@@ -1891,9 +1843,9 @@ srtp_validate_gcm () > memset(&policy, 0, sizeof(policy)); > srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); > srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp); >- policy.ssrc.type = ssrc_specific; >+ policy.ssrc.type = ssrc_specific; > policy.ssrc.value = 0xcafebabe; >- policy.key = test_key_gcm; >+ policy.key = test_key_gcm; > policy.ekt = NULL; > policy.window_size = 128; > policy.allow_repeat_tx = 0; >@@ -1993,8 +1945,9 @@ srtp_validate_gcm () > /* > * Test vectors taken from RFC 6904, Appendix A > */ >-srtp_err_status_t >-srtp_validate_encrypted_extensions_headers() { >+srtp_err_status_t srtp_validate_encrypted_extensions_headers() >+{ >+ // clang-format off > unsigned char test_key_ext_headers[30] = { > 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, > 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, >@@ -2032,11 +1985,13 @@ srtp_validate_encrypted_extensions_headers() { > 0x5a, 0x46, 0xb3, 0xca, 0x35, 0xc5, 0x35, 0xa8, > 0x91, 0xc7 > }; >+ // clang-format on >+ > srtp_t srtp_snd, srtp_recv; > srtp_err_status_t status; > int len; > srtp_policy_t policy; >- int headers[3] = {1, 3, 4}; >+ int headers[3] = { 1, 3, 4 }; > > /* > * create a session with a single stream using the default srtp >@@ -2045,7 +2000,7 @@ srtp_validate_encrypted_extensions_headers() { > memset(&policy, 0, sizeof(policy)); > srtp_crypto_policy_set_rtp_default(&policy.rtp); > srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- policy.ssrc.type = ssrc_specific; >+ policy.ssrc.type = ssrc_specific; > policy.ssrc.value = 0xcafebabe; > policy.key = test_key_ext_headers; > policy.ekt = NULL; >@@ -2108,14 +2063,14 @@ srtp_validate_encrypted_extensions_headers() { > return srtp_err_status_ok; > } > >- > #ifdef OPENSSL > > /* > * Headers of test vectors taken from RFC 6904, Appendix A > */ >-srtp_err_status_t >-srtp_validate_encrypted_extensions_headers_gcm() { >+srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm() >+{ >+ // clang-format off > unsigned char test_key_ext_headers[30] = { > 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, > 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, >@@ -2151,11 +2106,13 @@ srtp_validate_encrypted_extensions_headers_gcm() { > 0x6c, 0xd3, 0xd2, 0x88, 0xb4, 0x9f, 0x6c, 0xa9, > 0xf4, 0xb1, 0xb7, 0x59, 0x71, 0x9e, 0xb5, 0xbc > }; >+ // clang-format on >+ > srtp_t srtp_snd, srtp_recv; > srtp_err_status_t status; > int len; > srtp_policy_t policy; >- int headers[3] = {1, 3, 4}; >+ int headers[3] = { 1, 3, 4 }; > > /* > * create a session with a single stream using the default srtp >@@ -2164,7 +2121,7 @@ srtp_validate_encrypted_extensions_headers_gcm() { > memset(&policy, 0, sizeof(policy)); > srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); > srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); >- policy.ssrc.type = ssrc_specific; >+ policy.ssrc.type = ssrc_specific; > policy.ssrc.value = 0xcafebabe; > policy.key = test_key_ext_headers; > policy.ekt = NULL; >@@ -2234,10 +2191,9 @@ srtp_validate_encrypted_extensions_headers_gcm() { > * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy. > */ > >- >-srtp_err_status_t >-srtp_validate_aes_256 () >+srtp_err_status_t srtp_validate_aes_256() > { >+ // clang-format off > unsigned char aes_256_test_key[46] = { > 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76, > 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29, >@@ -2267,6 +2223,8 @@ srtp_validate_aes_256 () > 0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a, > 0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b > }; >+ // clang-format on >+ > srtp_t srtp_snd, srtp_recv; > srtp_err_status_t status; > int len; >@@ -2279,7 +2237,7 @@ srtp_validate_aes_256 () > memset(&policy, 0, sizeof(policy)); > srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp); > srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp); >- policy.ssrc.type = ssrc_specific; >+ policy.ssrc.type = ssrc_specific; > policy.ssrc.value = 0xcafebabe; > policy.key = aes_256_test_key; > policy.ekt = NULL; >@@ -2345,9 +2303,7 @@ srtp_validate_aes_256 () > return srtp_err_status_ok; > } > >- >-srtp_err_status_t >-srtp_create_big_policy (srtp_policy_t **list) >+srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list) > { > extern const srtp_policy_t *policy_array[]; > srtp_policy_t *p, *tmp; >@@ -2365,7 +2321,7 @@ srtp_create_big_policy (srtp_policy_t **list) > */ > tmp = NULL; > while (policy_array[i] != NULL) { >- p = (srtp_policy_t*)malloc(sizeof(srtp_policy_t)); >+ p = (srtp_policy_t *)malloc(sizeof(srtp_policy_t)); > if (p == NULL) { > return srtp_err_status_bad_param; > } >@@ -2381,8 +2337,7 @@ srtp_create_big_policy (srtp_policy_t **list) > return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_dealloc_big_policy (srtp_policy_t *list) >+srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list) > { > srtp_policy_t *p, *next; > >@@ -2394,8 +2349,7 @@ srtp_dealloc_big_policy (srtp_policy_t *list) > return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_test_empty_payload() >+srtp_err_status_t srtp_test_empty_payload() > { > srtp_t srtp_snd, srtp_recv; > srtp_err_status_t status; >@@ -2410,7 +2364,7 @@ srtp_test_empty_payload() > memset(&policy, 0, sizeof(policy)); > srtp_crypto_policy_set_rtp_default(&policy.rtp); > srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- policy.ssrc.type = ssrc_specific; >+ policy.ssrc.type = ssrc_specific; > policy.ssrc.value = 0xcafebabe; > policy.key = test_key; > policy.ekt = NULL; >@@ -2423,12 +2377,11 @@ srtp_test_empty_payload() > return status; > } > >- mesg = srtp_create_test_packet(0, policy.ssrc.value); >+ mesg = srtp_create_test_packet(0, policy.ssrc.value, &len); > if (mesg == NULL) { > return srtp_err_status_fail; > } > >- len = 12; /* only the header */ > status = srtp_protect(srtp_snd, mesg, &len); > if (status) { > return status; >@@ -2472,8 +2425,7 @@ srtp_test_empty_payload() > } > > #ifdef OPENSSL >-srtp_err_status_t >-srtp_test_empty_payload_gcm() >+srtp_err_status_t srtp_test_empty_payload_gcm() > { > srtp_t srtp_snd, srtp_recv; > srtp_err_status_t status; >@@ -2488,7 +2440,7 @@ srtp_test_empty_payload_gcm() > memset(&policy, 0, sizeof(policy)); > srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); > srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); >- policy.ssrc.type = ssrc_specific; >+ policy.ssrc.type = ssrc_specific; > policy.ssrc.value = 0xcafebabe; > policy.key = test_key; > policy.ekt = NULL; >@@ -2501,12 +2453,11 @@ srtp_test_empty_payload_gcm() > return status; > } > >- mesg = srtp_create_test_packet(0, policy.ssrc.value); >+ mesg = srtp_create_test_packet(0, policy.ssrc.value, &len); > if (mesg == NULL) { > return srtp_err_status_fail; > } > >- len = 12; /* only the header */ > status = srtp_protect(srtp_snd, mesg, &len); > if (status) { > return status; >@@ -2548,10 +2499,9 @@ srtp_test_empty_payload_gcm() > > return srtp_err_status_ok; > } >-#endif // OPENSSL >+#endif // OPENSSL > >-srtp_err_status_t >-srtp_test_remove_stream () >+srtp_err_status_t srtp_test_remove_stream() > { > srtp_err_status_t status; > srtp_policy_t *policy_list, policy; >@@ -2565,7 +2515,6 @@ srtp_test_remove_stream () > */ > extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc); > >- > status = srtp_create_big_policy(&policy_list); > if (status) { > return status; >@@ -2616,7 +2565,7 @@ srtp_test_remove_stream () > memset(&policy, 0, sizeof(policy)); > srtp_crypto_policy_set_rtp_default(&policy.rtp); > srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- policy.ssrc.type = ssrc_specific; >+ policy.ssrc.type = ssrc_specific; > policy.ssrc.value = 0xcafebabe; > policy.key = test_key; > policy.ekt = NULL; >@@ -2647,7 +2596,7 @@ srtp_test_remove_stream () > return srtp_err_status_ok; > } > >- >+// clang-format off > unsigned char test_alt_key[46] = { > 0xe5, 0x19, 0x6f, 0x01, 0x5e, 0xf1, 0x9b, 0xe1, > 0xd7, 0x47, 0xa7, 0x27, 0x07, 0xd7, 0x47, 0x33, >@@ -2656,6 +2605,7 @@ unsigned char test_alt_key[46] = { > 0xc7, 0x15, 0xe2, 0xea, 0xfe, 0x55, 0x67, 0x96, > 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 > }; >+// clang-format on > > /* > * srtp_test_update() verifies updating/rekeying exsisting streams. >@@ -2664,748 +2614,776 @@ unsigned char test_alt_key[46] = { > * atempts to prove that srtp_update does not reset the ROC. > */ > >-srtp_err_status_t >-srtp_test_update() { >- >- srtp_err_status_t status; >- uint32_t ssrc = 0x12121212; >- int msg_len_octets = 32; >- int protected_msg_len_octets; >- srtp_hdr_t * msg; >- srtp_t srtp_snd, srtp_recv; >- srtp_policy_t policy; >- >- memset(&policy, 0, sizeof(policy)); >- srtp_crypto_policy_set_rtp_default(&policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- policy.ekt = NULL; >- policy.window_size = 128; >- policy.allow_repeat_tx = 0; >- policy.next = NULL; >- policy.ssrc.type = ssrc_any_outbound; >- policy.key = test_key; >- >- /* create a send and recive ctx with defualt profile and test_key */ >- status = srtp_create(&srtp_recv, &policy); >- if (status) >- return status; >- >- policy.ssrc.type = ssrc_any_inbound; >- status = srtp_create(&srtp_snd, &policy); >- if (status) >- return status; >- >- /* protect and unprotect two msg's that will cause the ROC to be equal to 1 */ >- msg = srtp_create_test_packet(msg_len_octets, ssrc); >- if (msg == NULL) >- return srtp_err_status_alloc_fail; >- msg->seq = htons(65535); >- >- protected_msg_len_octets = msg_len_octets; >- status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); >- if (status) >- return srtp_err_status_fail; >- >- status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); >- if (status) >- return status; >- >- free(msg); >- >- msg = srtp_create_test_packet(msg_len_octets, ssrc); >- if (msg == NULL) >- return srtp_err_status_alloc_fail; >- msg->seq = htons(1); >- >- protected_msg_len_octets = msg_len_octets; >- status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); >- if (status) >- return srtp_err_status_fail; >- >- status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); >- if (status) >- return status; >- >- free(msg); >- >- /* update send ctx with same test_key t verify update works*/ >- policy.ssrc.type = ssrc_any_outbound; >- policy.key = test_key; >- status = srtp_update(srtp_snd, &policy); >- if (status) >- return status; >- >- msg = srtp_create_test_packet(msg_len_octets, ssrc); >- if (msg == NULL) >- return srtp_err_status_alloc_fail; >- msg->seq = htons(2); >- >- protected_msg_len_octets = msg_len_octets; >- status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); >- if (status) >- return srtp_err_status_fail; >- >- status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); >- if (status) >- return status; >- >- free(msg); >- >- >- /* update send ctx to use test_alt_key */ >- policy.ssrc.type = ssrc_any_outbound; >- policy.key = test_alt_key; >- status = srtp_update(srtp_snd, &policy); >- if (status) >- return status; >- >- /* create and protect msg with new key and ROC still equal to 1 */ >- msg = srtp_create_test_packet(msg_len_octets, ssrc); >- if (msg == NULL) >- return srtp_err_status_alloc_fail; >- msg->seq = htons(3); >- >- protected_msg_len_octets = msg_len_octets; >- status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); >- if (status) >- return srtp_err_status_fail; >- >- /* verify that recive ctx will fail to unprotect as it still uses test_key */ >- status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); >- if (status == srtp_err_status_ok) >- return srtp_err_status_fail; >- >- /* create a new recvieve ctx with test_alt_key but since it is new it will have ROC equal to 1 >- * and therefore should fail to unprotected */ >- { >- srtp_t srtp_recv_roc_0; >- >- policy.ssrc.type = ssrc_any_inbound; >+srtp_err_status_t srtp_test_update() >+{ >+ srtp_err_status_t status; >+ uint32_t ssrc = 0x12121212; >+ int msg_len_octets = 32; >+ int protected_msg_len_octets; >+ srtp_hdr_t *msg; >+ srtp_t srtp_snd, srtp_recv; >+ srtp_policy_t policy; >+ >+ memset(&policy, 0, sizeof(policy)); >+ srtp_crypto_policy_set_rtp_default(&policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >+ policy.ekt = NULL; >+ policy.window_size = 128; >+ policy.allow_repeat_tx = 0; >+ policy.next = NULL; >+ policy.ssrc.type = ssrc_any_outbound; >+ policy.key = test_key; >+ >+ /* create a send and recive ctx with defualt profile and test_key */ >+ status = srtp_create(&srtp_recv, &policy); >+ if (status) >+ return status; >+ >+ policy.ssrc.type = ssrc_any_inbound; >+ status = srtp_create(&srtp_snd, &policy); >+ if (status) >+ return status; >+ >+ /* protect and unprotect two msg's that will cause the ROC to be equal to 1 >+ */ >+ msg = srtp_create_test_packet(msg_len_octets, ssrc, >+ &protected_msg_len_octets); >+ if (msg == NULL) >+ return srtp_err_status_alloc_fail; >+ msg->seq = htons(65535); >+ >+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); >+ if (status) >+ return srtp_err_status_fail; >+ >+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); >+ if (status) >+ return status; >+ >+ free(msg); >+ >+ msg = srtp_create_test_packet(msg_len_octets, ssrc, >+ &protected_msg_len_octets); >+ if (msg == NULL) >+ return srtp_err_status_alloc_fail; >+ msg->seq = htons(1); >+ >+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); >+ if (status) >+ return srtp_err_status_fail; >+ >+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); >+ if (status) >+ return status; >+ >+ free(msg); >+ >+ /* update send ctx with same test_key t verify update works*/ >+ policy.ssrc.type = ssrc_any_outbound; >+ policy.key = test_key; >+ status = srtp_update(srtp_snd, &policy); >+ if (status) >+ return status; >+ >+ msg = srtp_create_test_packet(msg_len_octets, ssrc, >+ &protected_msg_len_octets); >+ if (msg == NULL) >+ return srtp_err_status_alloc_fail; >+ msg->seq = htons(2); >+ >+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); >+ if (status) >+ return srtp_err_status_fail; >+ >+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); >+ if (status) >+ return status; >+ >+ free(msg); >+ >+ /* update send ctx to use test_alt_key */ >+ policy.ssrc.type = ssrc_any_outbound; > policy.key = test_alt_key; >- status = srtp_create(&srtp_recv_roc_0, &policy); >+ status = srtp_update(srtp_snd, &policy); > if (status) >- return status; >+ return status; > >- status = srtp_unprotect(srtp_recv_roc_0, msg, &protected_msg_len_octets); >- if (status == srtp_err_status_ok) >- return srtp_err_status_fail; >+ /* create and protect msg with new key and ROC still equal to 1 */ >+ msg = srtp_create_test_packet(msg_len_octets, ssrc, >+ &protected_msg_len_octets); >+ if (msg == NULL) >+ return srtp_err_status_alloc_fail; >+ msg->seq = htons(3); > >- status = srtp_dealloc(srtp_recv_roc_0); >+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); > if (status) >- return status; >- } >+ return srtp_err_status_fail; > >- /* update recive ctx to use test_alt_key */ >- policy.ssrc.type = ssrc_any_inbound; >- policy.key = test_alt_key; >- status = srtp_update(srtp_recv, &policy); >- if (status) >- return status; >+ /* verify that recive ctx will fail to unprotect as it still uses test_key >+ */ >+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); >+ if (status == srtp_err_status_ok) >+ return srtp_err_status_fail; >+ >+ /* create a new recvieve ctx with test_alt_key but since it is new it will >+ * have ROC equal to 1 >+ * and therefore should fail to unprotected */ >+ { >+ srtp_t srtp_recv_roc_0; >+ >+ policy.ssrc.type = ssrc_any_inbound; >+ policy.key = test_alt_key; >+ status = srtp_create(&srtp_recv_roc_0, &policy); >+ if (status) >+ return status; >+ >+ status = >+ srtp_unprotect(srtp_recv_roc_0, msg, &protected_msg_len_octets); >+ if (status == srtp_err_status_ok) >+ return srtp_err_status_fail; >+ >+ status = srtp_dealloc(srtp_recv_roc_0); >+ if (status) >+ return status; >+ } >+ >+ /* update recive ctx to use test_alt_key */ >+ policy.ssrc.type = ssrc_any_inbound; >+ policy.key = test_alt_key; >+ status = srtp_update(srtp_recv, &policy); >+ if (status) >+ return status; > >- /* verify that can still unprotect, therfore key is updated and ROC value is preserved */ >- status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); >- if (status) >- return status; >+ /* verify that can still unprotect, therfore key is updated and ROC value is >+ * preserved */ >+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); >+ if (status) >+ return status; > >- free(msg); >+ free(msg); > >- status = srtp_dealloc(srtp_snd); >- if (status) >- return status; >+ status = srtp_dealloc(srtp_snd); >+ if (status) >+ return status; > >- status = srtp_dealloc(srtp_recv); >- if (status) >- return status; >+ status = srtp_dealloc(srtp_recv); >+ if (status) >+ return status; > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_test_setup_protect_trailer_streams(srtp_t *srtp_send, srtp_t *srtp_send_mki, >- srtp_t *srtp_send_aes_gcm, srtp_t *srtp_send_aes_gcm_mki) { >+srtp_err_status_t srtp_test_setup_protect_trailer_streams( >+ srtp_t *srtp_send, >+ srtp_t *srtp_send_mki, >+ srtp_t *srtp_send_aes_gcm, >+ srtp_t *srtp_send_aes_gcm_mki) >+{ >+ srtp_err_status_t status; >+ srtp_policy_t policy; >+ srtp_policy_t policy_mki; > >- srtp_err_status_t status; >- srtp_policy_t policy; >- srtp_policy_t policy_mki; > #ifdef OPENSSL >- srtp_policy_t policy_aes_gcm; >- srtp_policy_t policy_aes_gcm_mki; >+ srtp_policy_t policy_aes_gcm; >+ srtp_policy_t policy_aes_gcm_mki; > #endif // OPENSSL > >- memset(&policy, 0, sizeof(policy)); >- srtp_crypto_policy_set_rtp_default(&policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- policy.ekt = NULL; >- policy.window_size = 128; >- policy.allow_repeat_tx = 0; >- policy.next = NULL; >- policy.ssrc.type = ssrc_any_outbound; >- policy.key = test_key; >- >- memset(&policy_mki, 0, sizeof(policy_mki)); >- srtp_crypto_policy_set_rtp_default(&policy_mki.rtp); >- srtp_crypto_policy_set_rtcp_default(&policy_mki.rtcp); >- policy_mki.ekt = NULL; >- policy_mki.window_size = 128; >- policy_mki.allow_repeat_tx = 0; >- policy_mki.next = NULL; >- policy_mki.ssrc.type = ssrc_any_outbound; >- policy_mki.key = NULL; >- policy_mki.keys = test_keys; >- policy_mki.num_master_keys = 2; >+ memset(&policy, 0, sizeof(policy)); >+ srtp_crypto_policy_set_rtp_default(&policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >+ policy.ekt = NULL; >+ policy.window_size = 128; >+ policy.allow_repeat_tx = 0; >+ policy.next = NULL; >+ policy.ssrc.type = ssrc_any_outbound; >+ policy.key = test_key; > >-#ifdef OPENSSL >- memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm)); >- srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp); >- srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp); >- policy_aes_gcm.ekt = NULL; >- policy_aes_gcm.window_size = 128; >- policy_aes_gcm.allow_repeat_tx = 0; >- policy_aes_gcm.next = NULL; >- policy_aes_gcm.ssrc.type = ssrc_any_outbound; >- policy_aes_gcm.key = test_key; >- >- memset(&policy_aes_gcm_mki, 0, sizeof(policy_aes_gcm_mki)); >- srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtp); >- srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtcp); >- policy_aes_gcm_mki.ekt = NULL; >- policy_aes_gcm_mki.window_size = 128; >- policy_aes_gcm_mki.allow_repeat_tx = 0; >- policy_aes_gcm_mki.next = NULL; >- policy_aes_gcm_mki.ssrc.type = ssrc_any_outbound; >- policy_aes_gcm_mki.key = NULL; >- policy_aes_gcm_mki.keys = test_keys; >- policy_aes_gcm_mki.num_master_keys = 2; >+ memset(&policy_mki, 0, sizeof(policy_mki)); >+ srtp_crypto_policy_set_rtp_default(&policy_mki.rtp); >+ srtp_crypto_policy_set_rtcp_default(&policy_mki.rtcp); >+ policy_mki.ekt = NULL; >+ policy_mki.window_size = 128; >+ policy_mki.allow_repeat_tx = 0; >+ policy_mki.next = NULL; >+ policy_mki.ssrc.type = ssrc_any_outbound; >+ policy_mki.key = NULL; >+ policy_mki.keys = test_keys; >+ policy_mki.num_master_keys = 2; > >+#ifdef OPENSSL >+ memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm)); >+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp); >+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp); >+ policy_aes_gcm.ekt = NULL; >+ policy_aes_gcm.window_size = 128; >+ policy_aes_gcm.allow_repeat_tx = 0; >+ policy_aes_gcm.next = NULL; >+ policy_aes_gcm.ssrc.type = ssrc_any_outbound; >+ policy_aes_gcm.key = test_key; >+ >+ memset(&policy_aes_gcm_mki, 0, sizeof(policy_aes_gcm_mki)); >+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtp); >+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtcp); >+ policy_aes_gcm_mki.ekt = NULL; >+ policy_aes_gcm_mki.window_size = 128; >+ policy_aes_gcm_mki.allow_repeat_tx = 0; >+ policy_aes_gcm_mki.next = NULL; >+ policy_aes_gcm_mki.ssrc.type = ssrc_any_outbound; >+ policy_aes_gcm_mki.key = NULL; >+ policy_aes_gcm_mki.keys = test_keys; >+ policy_aes_gcm_mki.num_master_keys = 2; > #endif > >- /* create a send ctx with defualt profile and test_key */ >- status = srtp_create(srtp_send, &policy); >- if (status) >- return status; >+ /* create a send ctx with defualt profile and test_key */ >+ status = srtp_create(srtp_send, &policy); >+ if (status) >+ return status; > >- status = srtp_create(srtp_send_mki, &policy_mki); >- if (status) >- return status; >+ status = srtp_create(srtp_send_mki, &policy_mki); >+ if (status) >+ return status; > > #ifdef OPENSSL >- status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm); >- if (status) >- return status; >+ status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm); >+ if (status) >+ return status; > >- status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki); >- if (status) >- return status; >-#endif //OPENSSL >+ status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki); >+ if (status) >+ return status; >+#endif // OPENSSL > >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_test_protect_trailer_length() { >- >- srtp_t srtp_send; >- srtp_t srtp_send_mki; >- srtp_t srtp_send_aes_gcm; >- srtp_t srtp_send_aes_gcm_mki; >- uint32_t length = 0; >- srtp_err_status_t status; >+srtp_err_status_t srtp_test_protect_trailer_length() >+{ >+ srtp_t srtp_send; >+ srtp_t srtp_send_mki; >+ srtp_t srtp_send_aes_gcm; >+ srtp_t srtp_send_aes_gcm_mki; >+ uint32_t length = 0; >+ srtp_err_status_t status; > >- srtp_test_setup_protect_trailer_streams(&srtp_send, &srtp_send_mki, >- &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki); >+ srtp_test_setup_protect_trailer_streams( >+ &srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki); > >- status = srtp_get_protect_trailer_length(srtp_send, 0, 0, &length); >- if (status) >- return status; >+ status = srtp_get_protect_trailer_length(srtp_send, 0, 0, &length); >+ if (status) >+ return status; > >- /* TAG Length: 10 bytes */ >- if (length != 10) >- return srtp_err_status_fail; >+ /* TAG Length: 10 bytes */ >+ if (length != 10) >+ return srtp_err_status_fail; > >- status = srtp_get_protect_trailer_length(srtp_send_mki, 1, 1, &length); >- if (status) >- return status; >+ status = srtp_get_protect_trailer_length(srtp_send_mki, 1, 1, &length); >+ if (status) >+ return status; > >- /* TAG Length: 10 bytes + MKI length: 4 bytes*/ >- if (length != 14) >- return srtp_err_status_fail; >+ /* TAG Length: 10 bytes + MKI length: 4 bytes*/ >+ if (length != 14) >+ return srtp_err_status_fail; > > #ifdef OPENSSL >- status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length); >- if (status) >- return status; >+ status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length); >+ if (status) >+ return status; > >- /* TAG Length: 16 bytes */ >- if (length != 16) >- return srtp_err_status_fail; >+ /* TAG Length: 16 bytes */ >+ if (length != 16) >+ return srtp_err_status_fail; > >+ status = >+ srtp_get_protect_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length); >+ if (status) >+ return status; > >- status = srtp_get_protect_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length); >- if (status) >- return status; >+ /* TAG Length: 16 bytes + MKI length: 4 bytes*/ >+ if (length != 20) >+ return srtp_err_status_fail; >+#endif // OPENSSL > >- /* TAG Length: 16 bytes + MKI length: 4 bytes*/ >- if (length != 20) >- return srtp_err_status_fail; >+ srtp_dealloc(srtp_send); >+ srtp_dealloc(srtp_send_mki); >+#ifdef OPENSSL >+ srtp_dealloc(srtp_send_aes_gcm); >+ srtp_dealloc(srtp_send_aes_gcm_mki); >+#endif > >-#endif //OPENSSL >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_test_protect_rtcp_trailer_length() { >- >- srtp_t srtp_send; >- srtp_t srtp_send_mki; >- srtp_t srtp_send_aes_gcm; >- srtp_t srtp_send_aes_gcm_mki; >- uint32_t length = 0; >- srtp_err_status_t status; >+srtp_err_status_t srtp_test_protect_rtcp_trailer_length() >+{ >+ srtp_t srtp_send; >+ srtp_t srtp_send_mki; >+ srtp_t srtp_send_aes_gcm; >+ srtp_t srtp_send_aes_gcm_mki; >+ uint32_t length = 0; >+ srtp_err_status_t status; > >- srtp_test_setup_protect_trailer_streams(&srtp_send, &srtp_send_mki, >- &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki); >+ srtp_test_setup_protect_trailer_streams( >+ &srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki); > >- status = srtp_get_protect_rtcp_trailer_length(srtp_send, 0, 0, &length); >- if (status) >- return status; >+ status = srtp_get_protect_rtcp_trailer_length(srtp_send, 0, 0, &length); >+ if (status) >+ return status; > >- /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes*/ >- if (length != 14) >- return srtp_err_status_fail; >+ /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes*/ >+ if (length != 14) >+ return srtp_err_status_fail; > >- status = srtp_get_protect_rtcp_trailer_length(srtp_send_mki, 1, 1, &length); >- if (status) >- return status; >+ status = srtp_get_protect_rtcp_trailer_length(srtp_send_mki, 1, 1, &length); >+ if (status) >+ return status; > >- /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/ >- if (length != 18) >- return srtp_err_status_fail; >+ /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/ >+ if (length != 18) >+ return srtp_err_status_fail; > > #ifdef OPENSSL >- status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length); >- if (status) >- return status; >+ status = >+ srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length); >+ if (status) >+ return status; > >- /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes*/ >- if (length != 20) >- return srtp_err_status_fail; >+ /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes*/ >+ if (length != 20) >+ return srtp_err_status_fail; > >+ status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm_mki, 1, 1, >+ &length); >+ if (status) >+ return status; > >- status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length); >- if (status) >- return status; >+ /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/ >+ if (length != 24) >+ return srtp_err_status_fail; >+#endif // OPENSSL > >- /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/ >- if (length != 24) >- return srtp_err_status_fail; >+ srtp_dealloc(srtp_send); >+ srtp_dealloc(srtp_send_mki); >+#ifdef OPENSSL >+ srtp_dealloc(srtp_send_aes_gcm); >+ srtp_dealloc(srtp_send_aes_gcm_mki); >+#endif > >-#endif //OPENSSL >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_test_get_roc() { >- srtp_err_status_t status; >- srtp_policy_t policy; >- srtp_t session; >- srtp_hdr_t *pkt; >- uint32_t i; >- uint32_t roc; >- uint32_t ts; >- uint16_t seq; >- >- int msg_len_octets = 32; >- int protected_msg_len_octets; >- >- memset(&policy, 0, sizeof(policy)); >- srtp_crypto_policy_set_rtp_default(&policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >- policy.ssrc.type = ssrc_specific; >- policy.ssrc.value = 0xcafebabe; >- policy.key = test_key; >- policy.window_size = 128; >- >- /* Create a sender session */ >- status = srtp_create(&session, &policy); >- if (status) { >- return status; >- } >- >- /* Set start sequence so we roll over */ >- seq = 65535; >- ts = 0; >- >- for (i = 0; i < 2; i++) { >- pkt = srtp_create_test_packet_extended(msg_len_octets, policy.ssrc.value, seq, ts); >- protected_msg_len_octets = msg_len_octets; >- status = srtp_protect(session, pkt, &protected_msg_len_octets); >- free(pkt); >+srtp_err_status_t srtp_test_get_roc() >+{ >+ srtp_err_status_t status; >+ srtp_policy_t policy; >+ srtp_t session; >+ srtp_hdr_t *pkt; >+ uint32_t i; >+ uint32_t roc; >+ uint32_t ts; >+ uint16_t seq; >+ >+ int msg_len_octets = 32; >+ int protected_msg_len_octets; >+ >+ memset(&policy, 0, sizeof(policy)); >+ srtp_crypto_policy_set_rtp_default(&policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp); >+ policy.ssrc.type = ssrc_specific; >+ policy.ssrc.value = 0xcafebabe; >+ policy.key = test_key; >+ policy.window_size = 128; >+ >+ /* Create a sender session */ >+ status = srtp_create(&session, &policy); > if (status) { >- return status; >+ return status; > } > >- status = srtp_get_stream_roc(session, policy.ssrc.value, &roc); >+ /* Set start sequence so we roll over */ >+ seq = 65535; >+ ts = 0; >+ >+ for (i = 0; i < 2; i++) { >+ pkt = srtp_create_test_packet_extended(msg_len_octets, >+ policy.ssrc.value, seq, ts, >+ &protected_msg_len_octets); >+ status = srtp_protect(session, pkt, &protected_msg_len_octets); >+ free(pkt); >+ if (status) { >+ return status; >+ } >+ >+ status = srtp_get_stream_roc(session, policy.ssrc.value, &roc); >+ if (status) { >+ return status; >+ } >+ >+ if (roc != i) { >+ return srtp_err_status_fail; >+ } >+ >+ seq++; >+ ts++; >+ } >+ >+ /* Cleanup */ >+ status = srtp_dealloc(session); >+ if (status) { >+ return status; >+ } >+ >+ return srtp_err_status_ok; >+} >+ >+static srtp_err_status_t test_set_receiver_roc(uint32_t packets, >+ uint32_t roc_to_set) >+{ >+ srtp_err_status_t status; >+ >+ srtp_policy_t sender_policy; >+ srtp_t sender_session; >+ >+ srtp_policy_t receiver_policy; >+ srtp_t receiver_session; >+ >+ srtp_hdr_t *pkt_1; >+ unsigned char *recv_pkt_1; >+ >+ srtp_hdr_t *pkt_2; >+ unsigned char *recv_pkt_2; >+ >+ uint32_t i; >+ uint32_t ts; >+ uint16_t seq; >+ >+ int msg_len_octets = 32; >+ int protected_msg_len_octets_1; >+ int protected_msg_len_octets_2; >+ >+ /* Create sender */ >+ memset(&sender_policy, 0, sizeof(sender_policy)); >+ srtp_crypto_policy_set_rtp_default(&sender_policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp); >+ sender_policy.ssrc.type = ssrc_specific; >+ sender_policy.ssrc.value = 0xcafebabe; >+ sender_policy.key = test_key; >+ sender_policy.window_size = 128; >+ >+ status = srtp_create(&sender_session, &sender_policy); > if (status) { >- return status; >+ return status; > } > >- if (roc != i) { >- return srtp_err_status_fail; >+ /* Create and protect packets */ >+ seq = 0; >+ ts = 0; >+ for (i = 0; i < packets; i++) { >+ srtp_hdr_t *tmp_pkt; >+ int tmp_len; >+ >+ tmp_pkt = srtp_create_test_packet_extended( >+ msg_len_octets, sender_policy.ssrc.value, seq, ts, &tmp_len); >+ status = srtp_protect(sender_session, tmp_pkt, &tmp_len); >+ free(tmp_pkt); >+ if (status) { >+ return status; >+ } >+ seq++; >+ ts++; > } > >+ /* Create the first packet to decrypt and test for ROC change */ >+ pkt_1 = srtp_create_test_packet_extended(msg_len_octets, >+ sender_policy.ssrc.value, seq, ts, >+ &protected_msg_len_octets_1); >+ status = srtp_protect(sender_session, pkt_1, &protected_msg_len_octets_1); >+ if (status) { >+ return status; >+ } >+ >+ /* Create the second packet to decrypt and test for ROC change */ > seq++; > ts++; >- } >+ pkt_2 = srtp_create_test_packet_extended(msg_len_octets, >+ sender_policy.ssrc.value, seq, ts, >+ &protected_msg_len_octets_2); >+ status = srtp_protect(sender_session, pkt_2, &protected_msg_len_octets_2); >+ if (status) { >+ return status; >+ } > >- /* Cleanup */ >- status = srtp_dealloc(session); >- if (status) { >- return status; >- } >+ /* Create the receiver */ >+ memset(&receiver_policy, 0, sizeof(receiver_policy)); >+ srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp); >+ receiver_policy.ssrc.type = ssrc_specific; >+ receiver_policy.ssrc.value = sender_policy.ssrc.value; >+ receiver_policy.key = test_key; >+ receiver_policy.window_size = 128; >+ >+ status = srtp_create(&receiver_session, &receiver_policy); >+ if (status) { >+ return status; >+ } >+ >+ /* Make a copy of the first sent protected packet */ >+ recv_pkt_1 = malloc(protected_msg_len_octets_1); >+ if (recv_pkt_1 == NULL) { >+ return srtp_err_status_fail; >+ } >+ memcpy(recv_pkt_1, pkt_1, protected_msg_len_octets_1); >+ >+ /* Make a copy of the second sent protected packet */ >+ recv_pkt_2 = malloc(protected_msg_len_octets_2); >+ if (recv_pkt_2 == NULL) { >+ return srtp_err_status_fail; >+ } >+ memcpy(recv_pkt_2, pkt_2, protected_msg_len_octets_2); >+ >+ /* Set the ROC to the wanted value */ >+ status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value, >+ roc_to_set); >+ if (status) { >+ return status; >+ } > >- return srtp_err_status_ok; >+ /* Unprotect the first packet */ >+ status = srtp_unprotect(receiver_session, recv_pkt_1, >+ &protected_msg_len_octets_1); >+ if (status) { >+ return status; >+ } >+ >+ /* Unprotect the second packet */ >+ status = srtp_unprotect(receiver_session, recv_pkt_2, >+ &protected_msg_len_octets_2); >+ if (status) { >+ return status; >+ } >+ >+ /* Cleanup */ >+ status = srtp_dealloc(sender_session); >+ if (status) { >+ return status; >+ } >+ >+ status = srtp_dealloc(receiver_session); >+ if (status) { >+ return status; >+ } >+ >+ free(pkt_1); >+ free(recv_pkt_1); >+ free(pkt_2); >+ free(recv_pkt_2); >+ >+ return srtp_err_status_ok; > } > >-static srtp_err_status_t >-test_set_receiver_roc(uint32_t packets, uint32_t roc_to_set) >+static srtp_err_status_t test_set_sender_roc(uint16_t seq, uint32_t roc_to_set) > { >- srtp_err_status_t status; >+ srtp_err_status_t status; >+ >+ srtp_policy_t sender_policy; >+ srtp_t sender_session; >+ >+ srtp_policy_t receiver_policy; >+ srtp_t receiver_session; > >- srtp_policy_t sender_policy; >- srtp_t sender_session; >+ srtp_hdr_t *pkt; >+ unsigned char *recv_pkt; >+ >+ uint32_t ts; >+ >+ int msg_len_octets = 32; >+ int protected_msg_len_octets; >+ >+ /* Create sender */ >+ memset(&sender_policy, 0, sizeof(sender_policy)); >+ srtp_crypto_policy_set_rtp_default(&sender_policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp); >+ sender_policy.ssrc.type = ssrc_specific; >+ sender_policy.ssrc.value = 0xcafebabe; >+ sender_policy.key = test_key; >+ sender_policy.window_size = 128; >+ >+ status = srtp_create(&sender_session, &sender_policy); >+ if (status) { >+ return status; >+ } > >- srtp_policy_t receiver_policy; >- srtp_t receiver_session; >+ /* Set the ROC before encrypting the first packet */ >+ status = srtp_set_stream_roc(sender_session, sender_policy.ssrc.value, >+ roc_to_set); >+ if (status != srtp_err_status_ok) { >+ return status; >+ } > >- srtp_hdr_t *pkt_1; >- unsigned char *recv_pkt_1; >+ /* Create the packet to decrypt */ >+ ts = 0; >+ pkt = srtp_create_test_packet_extended(msg_len_octets, >+ sender_policy.ssrc.value, seq, ts, >+ &protected_msg_len_octets); >+ status = srtp_protect(sender_session, pkt, &protected_msg_len_octets); >+ if (status) { >+ return status; >+ } > >- srtp_hdr_t *pkt_2; >- unsigned char *recv_pkt_2; >+ /* Create the receiver */ >+ memset(&receiver_policy, 0, sizeof(receiver_policy)); >+ srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp); >+ srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp); >+ receiver_policy.ssrc.type = ssrc_specific; >+ receiver_policy.ssrc.value = sender_policy.ssrc.value; >+ receiver_policy.key = test_key; >+ receiver_policy.window_size = 128; > >- uint32_t i; >- uint32_t ts; >- uint16_t seq; >+ status = srtp_create(&receiver_session, &receiver_policy); >+ if (status) { >+ return status; >+ } > >- int msg_len_octets = 32; >- int protected_msg_len_octets_1; >- int protected_msg_len_octets_2; >+ /* Make a copy of the sent protected packet */ >+ recv_pkt = malloc(protected_msg_len_octets); >+ if (recv_pkt == NULL) { >+ return srtp_err_status_fail; >+ } >+ memcpy(recv_pkt, pkt, protected_msg_len_octets); > >- /* Create sender */ >- memset(&sender_policy, 0, sizeof(sender_policy)); >- srtp_crypto_policy_set_rtp_default(&sender_policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp); >- sender_policy.ssrc.type = ssrc_specific; >- sender_policy.ssrc.value = 0xcafebabe; >- sender_policy.key = test_key; >- sender_policy.window_size = 128; >+ /* Set the ROC to the wanted value */ >+ status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value, >+ roc_to_set); >+ if (status) { >+ return status; >+ } > >- status = srtp_create(&sender_session, &sender_policy); >- if (status) { >- return status; >- } >+ status = >+ srtp_unprotect(receiver_session, recv_pkt, &protected_msg_len_octets); >+ if (status) { >+ return status; >+ } > >- /* Create and protect packets */ >- seq = 0; >- ts = 0; >- for (i = 0; i < packets; i++) { >- srtp_hdr_t *tmp_pkt; >- int tmp_len; >+ /* Cleanup */ >+ status = srtp_dealloc(sender_session); >+ if (status) { >+ return status; >+ } > >- tmp_pkt = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts); >- tmp_len = msg_len_octets; >- status = srtp_protect(sender_session, tmp_pkt, &tmp_len); >- free(tmp_pkt); >+ status = srtp_dealloc(receiver_session); > if (status) { >- return status; >+ return status; > } >- seq++; >- ts++; >- } >- >- /* Create the first packet to decrypt and test for ROC change */ >- pkt_1 = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts); >- protected_msg_len_octets_1 = msg_len_octets; >- status = srtp_protect(sender_session, pkt_1, &protected_msg_len_octets_1); >- if (status) { >- return status; >- } >- >- /* Create the second packet to decrypt and test for ROC change */ >- seq++; >- ts++; >- pkt_2 = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts); >- protected_msg_len_octets_2 = msg_len_octets; >- status = srtp_protect(sender_session, pkt_2, &protected_msg_len_octets_2); >- if (status) { >- return status; >- } >- >- /* Create the receiver */ >- memset(&receiver_policy, 0, sizeof(receiver_policy)); >- srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp); >- receiver_policy.ssrc.type = ssrc_specific; >- receiver_policy.ssrc.value = sender_policy.ssrc.value; >- receiver_policy.key = test_key; >- receiver_policy.window_size = 128; >- >- status = srtp_create(&receiver_session, &receiver_policy); >- if (status) { >- return status; >- } >- >- /* Make a copy of the first sent protected packet */ >- recv_pkt_1 = malloc(protected_msg_len_octets_1); >- if (recv_pkt_1 == NULL) { >- return srtp_err_status_fail; >- } >- memcpy(recv_pkt_1, pkt_1, protected_msg_len_octets_1); >- >- /* Make a copy of the second sent protected packet */ >- recv_pkt_2 = malloc(protected_msg_len_octets_2); >- if (recv_pkt_2 == NULL) { >- return srtp_err_status_fail; >- } >- memcpy(recv_pkt_2, pkt_2, protected_msg_len_octets_2); >- >- /* Set the ROC to the wanted value */ >- status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value, roc_to_set); >- if (status) { >- return status; >- } >- >- /* Unprotect the first packet */ >- status = srtp_unprotect(receiver_session, recv_pkt_1, &protected_msg_len_octets_1); >- if (status) { >- return status; >- } >- >- /* Unprotect the second packet */ >- status = srtp_unprotect(receiver_session, recv_pkt_2, &protected_msg_len_octets_2); >- if (status) { >- return status; >- } >- >- /* Cleanup */ >- status = srtp_dealloc(sender_session); >- if (status) { >- return status; >- } >- >- status = srtp_dealloc(receiver_session); >- if (status) { >- return status; >- } >- >- free(pkt_1); >- free(recv_pkt_1); >- free(pkt_2); >- free(recv_pkt_2); >- >- return srtp_err_status_ok; >+ >+ free(pkt); >+ free(recv_pkt); >+ >+ return srtp_err_status_ok; > } > >-static srtp_err_status_t >-test_set_sender_roc(uint16_t seq, uint32_t roc_to_set) >+srtp_err_status_t srtp_test_set_receiver_roc() > { >- srtp_err_status_t status; >- >- srtp_policy_t sender_policy; >- srtp_t sender_session; >- >- srtp_policy_t receiver_policy; >- srtp_t receiver_session; >- >- srtp_hdr_t *pkt; >- unsigned char *recv_pkt; >- >- uint32_t ts; >- >- int msg_len_octets = 32; >- int protected_msg_len_octets; >- >- /* Create sender */ >- memset(&sender_policy, 0, sizeof(sender_policy)); >- srtp_crypto_policy_set_rtp_default(&sender_policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp); >- sender_policy.ssrc.type = ssrc_specific; >- sender_policy.ssrc.value = 0xcafebabe; >- sender_policy.key = test_key; >- sender_policy.window_size = 128; >- >- status = srtp_create(&sender_session, &sender_policy); >- if (status) { >- return status; >- } >- >- /* Set the ROC before encrypting the first packet */ >- status = srtp_set_stream_roc(sender_session, sender_policy.ssrc.value, roc_to_set); >- if (status != srtp_err_status_ok) { >- return status; >- } >- >- /* Create the packet to decrypt */ >- ts = 0; >- pkt = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts); >- protected_msg_len_octets = msg_len_octets; >- status = srtp_protect(sender_session, pkt, &protected_msg_len_octets); >- if (status) { >- return status; >- } >- >- /* Create the receiver */ >- memset(&receiver_policy, 0, sizeof(receiver_policy)); >- srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp); >- srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp); >- receiver_policy.ssrc.type = ssrc_specific; >- receiver_policy.ssrc.value = sender_policy.ssrc.value; >- receiver_policy.key = test_key; >- receiver_policy.window_size = 128; >- >- status = srtp_create(&receiver_session, &receiver_policy); >- if (status) { >- return status; >- } >- >- /* Make a copy of the sent protected packet */ >- recv_pkt = malloc(protected_msg_len_octets); >- if (recv_pkt == NULL) { >- return srtp_err_status_fail; >- } >- memcpy(recv_pkt, pkt, protected_msg_len_octets); >- >- /* Set the ROC to the wanted value */ >- status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value, roc_to_set); >- if (status) { >- return status; >- } >- >- status = srtp_unprotect(receiver_session, recv_pkt, &protected_msg_len_octets); >- if (status) { >- return status; >- } >- >- /* Cleanup */ >- status = srtp_dealloc(sender_session); >- if (status) { >- return status; >- } >- >- status = srtp_dealloc(receiver_session); >- if (status) { >- return status; >- } >- >- free(pkt); >- free(recv_pkt); >- >- return srtp_err_status_ok; >-} >+ int packets; >+ uint32_t roc; >+ srtp_err_status_t status; >+ >+ /* First test does not rollover */ >+ packets = 1; >+ roc = 0; >+ >+ status = test_set_receiver_roc(packets - 1, roc); >+ if (status) { >+ return status; >+ } >+ >+ status = test_set_receiver_roc(packets, roc); >+ if (status) { >+ return status; >+ } >+ >+ status = test_set_receiver_roc(packets + 1, roc); >+ if (status) { >+ return status; >+ } >+ >+ status = test_set_receiver_roc(packets + 60000, roc); >+ if (status) { >+ return status; >+ } >+ >+ /* Second test should rollover */ >+ packets = 65535; >+ roc = 0; >+ >+ status = test_set_receiver_roc(packets - 1, roc); >+ if (status) { >+ return status; >+ } >+ >+ status = test_set_receiver_roc(packets, roc); >+ if (status) { >+ return status; >+ } >+ >+ /* Now the rollover counter should be 1 */ >+ roc = 1; >+ status = test_set_receiver_roc(packets + 1, roc); >+ if (status) { >+ return status; >+ } >+ >+ status = test_set_receiver_roc(packets + 60000, roc); >+ if (status) { >+ return status; >+ } > >-srtp_err_status_t >-srtp_test_set_receiver_roc() { >- int packets; >- uint32_t roc; >- srtp_err_status_t status; >- >- /* First test does not rollover */ >- packets = 1; >- roc = 0; >- >- status = test_set_receiver_roc(packets - 1, roc); >- if (status) { >- return status; >- } >- >- status = test_set_receiver_roc(packets, roc); >- if (status) { >- return status; >- } >- >- status = test_set_receiver_roc(packets + 1, roc); >- if (status) { >- return status; >- } >- >- status = test_set_receiver_roc(packets + 60000, roc); >- if (status) { >- return status; >- } >- >- /* Second test should rollover */ >- packets = 65535; >- roc = 0; >- >- status = test_set_receiver_roc(packets - 1, roc); >- if (status) { >- return status; >- } >- >- status = test_set_receiver_roc(packets, roc); >- if (status) { >- return status; >- } >- >- /* Now the rollover counter should be 1 */ >- roc = 1; >- status = test_set_receiver_roc(packets + 1, roc); >- if (status) { >- return status; >- } >- >- status = test_set_receiver_roc(packets + 60000, roc); >- if (status) { >- return status; >- } >- >- return srtp_err_status_ok; >+ return srtp_err_status_ok; > } > >-srtp_err_status_t >-srtp_test_set_sender_roc() { >- uint32_t roc; >- uint16_t seq; >- srtp_err_status_t status; >- >- seq = 43210; >- roc = 0; >- status = test_set_sender_roc(seq, roc); >- if (status) { >- return status; >- } >- >- roc = 65535; >- status = test_set_sender_roc(seq, roc); >- if (status) { >- return status; >- } >- >- roc = 0xffff; >- status = test_set_sender_roc(seq, roc); >- if (status) { >- return status; >- } >- >- roc = 0xffff00; >- status = test_set_sender_roc(seq, roc); >- if (status) { >- return status; >- } >- >- roc = 0xfffffff0; >- status = test_set_sender_roc(seq, roc); >- if (status) { >- return status; >- } >- >- return srtp_err_status_ok; >+srtp_err_status_t srtp_test_set_sender_roc() >+{ >+ uint32_t roc; >+ uint16_t seq; >+ srtp_err_status_t status; >+ >+ seq = 43210; >+ roc = 0; >+ status = test_set_sender_roc(seq, roc); >+ if (status) { >+ return status; >+ } >+ >+ roc = 65535; >+ status = test_set_sender_roc(seq, roc); >+ if (status) { >+ return status; >+ } >+ >+ roc = 0xffff; >+ status = test_set_sender_roc(seq, roc); >+ if (status) { >+ return status; >+ } >+ >+ roc = 0xffff00; >+ status = test_set_sender_roc(seq, roc); >+ if (status) { >+ return status; >+ } >+ >+ roc = 0xfffffff0; >+ status = test_set_sender_roc(seq, roc); >+ if (status) { >+ return status; >+ } >+ >+ return srtp_err_status_ok; > } > > /* > * srtp policy definitions - these definitions are used above > */ > >+// clang-format off > unsigned char test_key[46] = { > 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, > 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, >@@ -3431,241 +3409,253 @@ unsigned char test_mki_id[TEST_MKI_ID_SIZE] = { > unsigned char test_mki_id_2[TEST_MKI_ID_SIZE] = { > 0xf3, 0xa1, 0x46, 0x71 > }; >+// clang-format on > > const srtp_policy_t default_policy = { >- { ssrc_any_outbound, 0 }, /* SSRC */ >- { /* SRTP policy */ >- SRTP_AES_ICM_128, /* cipher type */ >+ { ssrc_any_outbound, 0 }, /* SSRC */ >+ { >+ /* SRTP policy */ >+ SRTP_AES_ICM_128, /* cipher type */ > SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_HMAC_SHA1, /* authentication func type */ >- 16, /* auth key length in octets */ >- 10, /* auth tag length in octets */ >- sec_serv_conf_and_auth /* security services flag */ >+ SRTP_HMAC_SHA1, /* authentication func type */ >+ 16, /* auth key length in octets */ >+ 10, /* auth tag length in octets */ >+ sec_serv_conf_and_auth /* security services flag */ > }, >- { /* SRTCP policy */ >- SRTP_AES_ICM_128, /* cipher type */ >+ { >+ /* SRTCP policy */ >+ SRTP_AES_ICM_128, /* cipher type */ > SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_HMAC_SHA1, /* authentication func type */ >- 16, /* auth key length in octets */ >- 10, /* auth tag length in octets */ >- sec_serv_conf_and_auth /* security services flag */ >+ SRTP_HMAC_SHA1, /* authentication func type */ >+ 16, /* auth key length in octets */ >+ 10, /* auth tag length in octets */ >+ sec_serv_conf_and_auth /* security services flag */ > }, > NULL, > (srtp_master_key_t **)test_keys, >- 2, /* indicates the number of Master keys */ >- NULL, /* indicates that EKT is not in use */ >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 2, /* indicates the number of Master keys */ >+ NULL, /* indicates that EKT is not in use */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; > > const srtp_policy_t aes_only_policy = { > { ssrc_any_outbound, 0 }, /* SSRC */ > { >- SRTP_AES_ICM_128, /* cipher type */ >+ SRTP_AES_ICM_128, /* cipher type */ > SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >- 0, /* auth key length in octets */ >- 0, /* auth tag length in octets */ >- sec_serv_conf /* security services flag */ >+ SRTP_NULL_AUTH, /* authentication func type */ >+ 0, /* auth key length in octets */ >+ 0, /* auth tag length in octets */ >+ sec_serv_conf /* security services flag */ > }, > { >- SRTP_AES_ICM_128, /* cipher type */ >+ SRTP_AES_ICM_128, /* cipher type */ > SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >- 0, /* auth key length in octets */ >- 0, /* auth tag length in octets */ >- sec_serv_conf /* security services flag */ >+ SRTP_NULL_AUTH, /* authentication func type */ >+ 0, /* auth key length in octets */ >+ 0, /* auth tag length in octets */ >+ sec_serv_conf /* security services flag */ > }, > NULL, > (srtp_master_key_t **)test_keys, >- 2, /* indicates the number of Master keys */ >- NULL, /* indicates that EKT is not in use */ >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 2, /* indicates the number of Master keys */ >+ NULL, /* indicates that EKT is not in use */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; > > const srtp_policy_t hmac_only_policy = { >- { ssrc_any_outbound, 0 }, /* SSRC */ >+ { ssrc_any_outbound, 0 }, /* SSRC */ > { >- SRTP_NULL_CIPHER, /* cipher type */ >- 0, /* cipher key length in octets */ >- SRTP_HMAC_SHA1, /* authentication func type */ >- 20, /* auth key length in octets */ >- 4, /* auth tag length in octets */ >- sec_serv_auth /* security services flag */ >+ SRTP_NULL_CIPHER, /* cipher type */ >+ 0, /* cipher key length in octets */ >+ SRTP_HMAC_SHA1, /* authentication func type */ >+ 20, /* auth key length in octets */ >+ 4, /* auth tag length in octets */ >+ sec_serv_auth /* security services flag */ > }, > { >- SRTP_NULL_CIPHER, /* cipher type */ >- 0, /* cipher key length in octets */ >- SRTP_HMAC_SHA1, /* authentication func type */ >- 20, /* auth key length in octets */ >- 4, /* auth tag length in octets */ >- sec_serv_auth /* security services flag */ >+ SRTP_NULL_CIPHER, /* cipher type */ >+ 0, /* cipher key length in octets */ >+ SRTP_HMAC_SHA1, /* authentication func type */ >+ 20, /* auth key length in octets */ >+ 4, /* auth tag length in octets */ >+ sec_serv_auth /* security services flag */ > }, > NULL, > (srtp_master_key_t **)test_keys, >- 2, /* Number of Master keys associated with the policy */ >- NULL, /* indicates that EKT is not in use */ >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 2, /* Number of Master keys associated with the policy */ >+ NULL, /* indicates that EKT is not in use */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; > > #ifdef OPENSSL > const srtp_policy_t aes128_gcm_8_policy = { >- { ssrc_any_outbound, 0 }, /* SSRC */ >- { /* SRTP policy */ >- SRTP_AES_GCM_128, /* cipher type */ >+ { ssrc_any_outbound, 0 }, /* SSRC */ >+ { >+ /* SRTP policy */ >+ SRTP_AES_GCM_128, /* cipher type */ > SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >+ SRTP_NULL_AUTH, /* authentication func type */ > 0, /* auth key length in octets */ > 8, /* auth tag length in octets */ > sec_serv_conf_and_auth /* security services flag */ > }, >- { /* SRTCP policy */ >- SRTP_AES_GCM_128, /* cipher type */ >+ { >+ /* SRTCP policy */ >+ SRTP_AES_GCM_128, /* cipher type */ > SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >+ SRTP_NULL_AUTH, /* authentication func type */ > 0, /* auth key length in octets */ > 8, /* auth tag length in octets */ > sec_serv_conf_and_auth /* security services flag */ > }, > NULL, > (srtp_master_key_t **)test_keys, >- 2, /* indicates the number of Master keys */ >- NULL, /* indicates that EKT is not in use */ >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 2, /* indicates the number of Master keys */ >+ NULL, /* indicates that EKT is not in use */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; > > const srtp_policy_t aes128_gcm_8_cauth_policy = { >- { ssrc_any_outbound, 0 }, /* SSRC */ >- { /* SRTP policy */ >- SRTP_AES_GCM_128, /* cipher type */ >+ { ssrc_any_outbound, 0 }, /* SSRC */ >+ { >+ /* SRTP policy */ >+ SRTP_AES_GCM_128, /* cipher type */ > SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >+ SRTP_NULL_AUTH, /* authentication func type */ > 0, /* auth key length in octets */ > 8, /* auth tag length in octets */ > sec_serv_conf_and_auth /* security services flag */ > }, >- { /* SRTCP policy */ >- SRTP_AES_GCM_128, /* cipher type */ >+ { >+ /* SRTCP policy */ >+ SRTP_AES_GCM_128, /* cipher type */ > SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >+ SRTP_NULL_AUTH, /* authentication func type */ > 0, /* auth key length in octets */ > 8, /* auth tag length in octets */ > sec_serv_auth /* security services flag */ > }, > NULL, > (srtp_master_key_t **)test_keys, >- 2, /* indicates the number of Master keys */ >- NULL, /* indicates that EKT is not in use */ >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 2, /* indicates the number of Master keys */ >+ NULL, /* indicates that EKT is not in use */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; > > const srtp_policy_t aes256_gcm_8_policy = { >- { ssrc_any_outbound, 0 }, /* SSRC */ >- { /* SRTP policy */ >- SRTP_AES_GCM_256, /* cipher type */ >+ { ssrc_any_outbound, 0 }, /* SSRC */ >+ { >+ /* SRTP policy */ >+ SRTP_AES_GCM_256, /* cipher type */ > SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >+ SRTP_NULL_AUTH, /* authentication func type */ > 0, /* auth key length in octets */ > 8, /* auth tag length in octets */ > sec_serv_conf_and_auth /* security services flag */ > }, >- { /* SRTCP policy */ >- SRTP_AES_GCM_256, /* cipher type */ >+ { >+ /* SRTCP policy */ >+ SRTP_AES_GCM_256, /* cipher type */ > SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >+ SRTP_NULL_AUTH, /* authentication func type */ > 0, /* auth key length in octets */ > 8, /* auth tag length in octets */ > sec_serv_conf_and_auth /* security services flag */ > }, > NULL, > (srtp_master_key_t **)test_keys, >- 2, /* indicates the number of Master keys */ >- NULL, /* indicates that EKT is not in use */ >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 2, /* indicates the number of Master keys */ >+ NULL, /* indicates that EKT is not in use */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; > > const srtp_policy_t aes256_gcm_8_cauth_policy = { >- { ssrc_any_outbound, 0 }, /* SSRC */ >- { /* SRTP policy */ >- SRTP_AES_GCM_256, /* cipher type */ >+ { ssrc_any_outbound, 0 }, /* SSRC */ >+ { >+ /* SRTP policy */ >+ SRTP_AES_GCM_256, /* cipher type */ > SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >+ SRTP_NULL_AUTH, /* authentication func type */ > 0, /* auth key length in octets */ > 8, /* auth tag length in octets */ > sec_serv_conf_and_auth /* security services flag */ > }, >- { /* SRTCP policy */ >- SRTP_AES_GCM_256, /* cipher type */ >+ { >+ /* SRTCP policy */ >+ SRTP_AES_GCM_256, /* cipher type */ > SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >+ SRTP_NULL_AUTH, /* authentication func type */ > 0, /* auth key length in octets */ > 8, /* auth tag length in octets */ > sec_serv_auth /* security services flag */ > }, > NULL, > (srtp_master_key_t **)test_keys, >- 2, /* indicates the number of Master keys */ >- NULL, /* indicates that EKT is not in use */ >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 2, /* indicates the number of Master keys */ >+ NULL, /* indicates that EKT is not in use */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; > #endif > > const srtp_policy_t null_policy = { >- { ssrc_any_outbound, 0 }, /* SSRC */ >+ { ssrc_any_outbound, 0 }, /* SSRC */ > { >- SRTP_NULL_CIPHER, /* cipher type */ >- 0, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >- 0, /* auth key length in octets */ >- 0, /* auth tag length in octets */ >- sec_serv_none /* security services flag */ >+ SRTP_NULL_CIPHER, /* cipher type */ >+ 0, /* cipher key length in octets */ >+ SRTP_NULL_AUTH, /* authentication func type */ >+ 0, /* auth key length in octets */ >+ 0, /* auth tag length in octets */ >+ sec_serv_none /* security services flag */ > }, > { >- SRTP_NULL_CIPHER, /* cipher type */ >- 0, /* cipher key length in octets */ >- SRTP_NULL_AUTH, /* authentication func type */ >- 0, /* auth key length in octets */ >- 0, /* auth tag length in octets */ >- sec_serv_none /* security services flag */ >+ SRTP_NULL_CIPHER, /* cipher type */ >+ 0, /* cipher key length in octets */ >+ SRTP_NULL_AUTH, /* authentication func type */ >+ 0, /* auth key length in octets */ >+ 0, /* auth tag length in octets */ >+ sec_serv_none /* security services flag */ > }, > NULL, > (srtp_master_key_t **)test_keys, >- 2, /* indicates the number of Master keys */ >- NULL, /* indicates that EKT is not in use */ >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 2, /* indicates the number of Master keys */ >+ NULL, /* indicates that EKT is not in use */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; > >+// clang-format off > unsigned char test_256_key[46] = { > 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76, > 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29, >@@ -3701,80 +3691,86 @@ srtp_master_key_t *test_256_keys[2] = { > &master_key_1, > &master_key_2 > }; >+// clang-format on > > const srtp_policy_t aes_256_hmac_policy = { >- { ssrc_any_outbound, 0 }, /* SSRC */ >- { /* SRTP policy */ >+ { ssrc_any_outbound, 0 }, /* SSRC */ >+ { >+ /* SRTP policy */ > SRTP_AES_ICM_256, /* cipher type */ > SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_HMAC_SHA1, /* authentication func type */ >- 20, /* auth key length in octets */ >- 10, /* auth tag length in octets */ >- sec_serv_conf_and_auth /* security services flag */ >+ SRTP_HMAC_SHA1, /* authentication func type */ >+ 20, /* auth key length in octets */ >+ 10, /* auth tag length in octets */ >+ sec_serv_conf_and_auth /* security services flag */ > }, >- { /* SRTCP policy */ >+ { >+ /* SRTCP policy */ > SRTP_AES_ICM_256, /* cipher type */ > SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_HMAC_SHA1, /* authentication func type */ >- 20, /* auth key length in octets */ >- 10, /* auth tag length in octets */ >- sec_serv_conf_and_auth /* security services flag */ >+ SRTP_HMAC_SHA1, /* authentication func type */ >+ 20, /* auth key length in octets */ >+ 10, /* auth tag length in octets */ >+ sec_serv_conf_and_auth /* security services flag */ > }, > NULL, > (srtp_master_key_t **)test_256_keys, >- 2, /* indicates the number of Master keys */ >- NULL, /* indicates that EKT is not in use */ >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 2, /* indicates the number of Master keys */ >+ NULL, /* indicates that EKT is not in use */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; > >+// clang-format off > uint8_t ekt_test_key[16] = { > 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca, > 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b > }; >+// clang-format on > > #include "ekt.h" > >+// clang-format off > srtp_ekt_policy_ctx_t ekt_test_policy = { > 0xa5a5, /* SPI */ > SRTP_EKT_CIPHER_AES_128_ECB, > ekt_test_key, > NULL > }; >+// clang-format on > > const srtp_policy_t hmac_only_with_ekt_policy = { >- { ssrc_any_outbound, 0 }, /* SSRC */ >+ { ssrc_any_outbound, 0 }, /* SSRC */ > { >- SRTP_NULL_CIPHER, /* cipher type */ >- 0, /* cipher key length in octets */ >- SRTP_HMAC_SHA1, /* authentication func type */ >- 20, /* auth key length in octets */ >- 4, /* auth tag length in octets */ >- sec_serv_auth /* security services flag */ >+ SRTP_NULL_CIPHER, /* cipher type */ >+ 0, /* cipher key length in octets */ >+ SRTP_HMAC_SHA1, /* authentication func type */ >+ 20, /* auth key length in octets */ >+ 4, /* auth tag length in octets */ >+ sec_serv_auth /* security services flag */ > }, > { >- SRTP_NULL_CIPHER, /* cipher type */ >- 0, /* cipher key length in octets */ >- SRTP_HMAC_SHA1, /* authentication func type */ >- 20, /* auth key length in octets */ >- 4, /* auth tag length in octets */ >- sec_serv_auth /* security services flag */ >+ SRTP_NULL_CIPHER, /* cipher type */ >+ 0, /* cipher key length in octets */ >+ SRTP_HMAC_SHA1, /* authentication func type */ >+ 20, /* auth key length in octets */ >+ 4, /* auth tag length in octets */ >+ sec_serv_auth /* security services flag */ > }, > NULL, > (srtp_master_key_t **)test_keys, >- 2, /* indicates the number of Master keys */ >- &ekt_test_policy, /* indicates that EKT is not in use */ >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 2, /* indicates the number of Master keys */ >+ &ekt_test_policy, /* indicates that EKT is not in use */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; > >- > /* > * an array of pointers to the policies listed above > * >@@ -3785,8 +3781,8 @@ const srtp_policy_t hmac_only_with_ekt_policy = { > * add to this list, you should do it at the end. > */ > >-const srtp_policy_t * >-policy_array[] = { >+// clang-format off >+const srtp_policy_t *policy_array[] = { > &hmac_only_policy, > &aes_only_policy, > &default_policy, >@@ -3801,32 +3797,35 @@ policy_array[] = { > &hmac_only_with_ekt_policy, > NULL > }; >+// clang-format on > > const srtp_policy_t wildcard_policy = { >- { ssrc_any_outbound, 0 }, /* SSRC */ >- { /* SRTP policy */ >- SRTP_AES_ICM_128, /* cipher type */ >+ { ssrc_any_outbound, 0 }, /* SSRC */ >+ { >+ /* SRTP policy */ >+ SRTP_AES_ICM_128, /* cipher type */ > SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_HMAC_SHA1, /* authentication func type */ >- 16, /* auth key length in octets */ >- 10, /* auth tag length in octets */ >- sec_serv_conf_and_auth /* security services flag */ >+ SRTP_HMAC_SHA1, /* authentication func type */ >+ 16, /* auth key length in octets */ >+ 10, /* auth tag length in octets */ >+ sec_serv_conf_and_auth /* security services flag */ > }, >- { /* SRTCP policy */ >- SRTP_AES_ICM_128, /* cipher type */ >+ { >+ /* SRTCP policy */ >+ SRTP_AES_ICM_128, /* cipher type */ > SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ >- SRTP_HMAC_SHA1, /* authentication func type */ >- 16, /* auth key length in octets */ >- 10, /* auth tag length in octets */ >- sec_serv_conf_and_auth /* security services flag */ >+ SRTP_HMAC_SHA1, /* authentication func type */ >+ 16, /* auth key length in octets */ >+ 10, /* auth tag length in octets */ >+ sec_serv_conf_and_auth /* security services flag */ > }, > test_key, > NULL, > 0, > NULL, >- 128, /* replay window size */ >- 0, /* retransmission not allowed */ >- NULL, /* no encrypted extension headers */ >- 0, /* list of encrypted extension headers is empty */ >+ 128, /* replay window size */ >+ 0, /* retransmission not allowed */ >+ NULL, /* no encrypted extension headers */ >+ 0, /* list of encrypted extension headers is empty */ > NULL > }; >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/test_srtp.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/test_srtp.c >index 22565573dcb06cd127da7fea8b78db2cbb8a8346..cdc9b5d5b7628786082222d3824dca5a12d3f0dd 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/test_srtp.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/test_srtp.c >@@ -72,13 +72,13 @@ void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number(void); > * item is the test function. > */ > >-TEST_LIST = {{"srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output()", >- srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output}, >- {"srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param()", >- srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param}, >- {"srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number()", >- srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number}, >- {NULL} /* End of tests */}; >+TEST_LIST = { { "srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output()", >+ srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output }, >+ { "srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param()", >+ srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param }, >+ { "srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number()", >+ srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number }, >+ { NULL } /* End of tests */ }; > > /* > * Implementation. >@@ -146,9 +146,9 @@ void srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param() > */ > void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number() > { >+#define SAMPLE_COUNT (3) > // Preconditions > // Test each significant bit high in each full byte. >- #define SAMPLE_COUNT (3) > srtp_session_keys_t session_keys; > srtcp_hdr_t header; > v128_t output_iv[SAMPLE_COUNT]; >@@ -173,13 +173,13 @@ void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number() > size_t i = 0; > for (i = 0; i < SAMPLE_COUNT; i++) { > TEST_CHECK(srtp_calc_aead_iv_srtcp(&session_keys, &output_iv[i], >- sequence_num[i], &header) >- == srtp_err_status_ok); >+ sequence_num[i], >+ &header) == srtp_err_status_ok); > } > > // Then all IVs are as expected > for (i = 0; i < SAMPLE_COUNT; i++) { > TEST_CHECK(memcmp(&final_iv[i], &output_iv[i], sizeof(v128_t)) == 0); > } >- #undef SAMPLE_COUNT >+#undef SAMPLE_COUNT > } >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/util.c b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/util.c >index 752a6a4c7a84fe3a0c1a0987cfedfbbdeb216e66..eb203f4c4afee982bb249380ae661e1417701a36 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/util.c >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/util.c >@@ -49,38 +49,61 @@ > > char bit_string[MAX_PRINT_STRING_LEN]; > >-static inline int hex_char_to_nibble (uint8_t c) >+static inline int hex_char_to_nibble(uint8_t c) > { > switch (c) { >- case ('0'): return 0x0; >- case ('1'): return 0x1; >- case ('2'): return 0x2; >- case ('3'): return 0x3; >- case ('4'): return 0x4; >- case ('5'): return 0x5; >- case ('6'): return 0x6; >- case ('7'): return 0x7; >- case ('8'): return 0x8; >- case ('9'): return 0x9; >- case ('a'): return 0xa; >- case ('A'): return 0xa; >- case ('b'): return 0xb; >- case ('B'): return 0xb; >- case ('c'): return 0xc; >- case ('C'): return 0xc; >- case ('d'): return 0xd; >- case ('D'): return 0xd; >- case ('e'): return 0xe; >- case ('E'): return 0xe; >- case ('f'): return 0xf; >- case ('F'): return 0xf; >- default: return -1; /* this flags an error */ >+ case ('0'): >+ return 0x0; >+ case ('1'): >+ return 0x1; >+ case ('2'): >+ return 0x2; >+ case ('3'): >+ return 0x3; >+ case ('4'): >+ return 0x4; >+ case ('5'): >+ return 0x5; >+ case ('6'): >+ return 0x6; >+ case ('7'): >+ return 0x7; >+ case ('8'): >+ return 0x8; >+ case ('9'): >+ return 0x9; >+ case ('a'): >+ return 0xa; >+ case ('A'): >+ return 0xa; >+ case ('b'): >+ return 0xb; >+ case ('B'): >+ return 0xb; >+ case ('c'): >+ return 0xc; >+ case ('C'): >+ return 0xc; >+ case ('d'): >+ return 0xd; >+ case ('D'): >+ return 0xd; >+ case ('e'): >+ return 0xe; >+ case ('E'): >+ return 0xe; >+ case ('f'): >+ return 0xf; >+ case ('F'): >+ return 0xf; >+ default: >+ return -1; /* this flags an error */ > } > /* NOTREACHED */ > return -1; /* this keeps compilers from complaining */ > } > >-uint8_t nibble_to_hex_char (uint8_t nibble) >+uint8_t nibble_to_hex_char(uint8_t nibble) > { > char buf[16] = { '0', '1', '2', '3', '4', '5', '6', '7', > '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; >@@ -92,7 +115,7 @@ uint8_t nibble_to_hex_char (uint8_t nibble) > * hex_string_to_octet_string converts a hexadecimal string > * of length 2 * len to a raw octet string of length len > */ >-int hex_string_to_octet_string (char *raw, char *hex, int len) >+int hex_string_to_octet_string(char *raw, char *hex, int len) > { > uint8_t x; > int tmp; >@@ -118,9 +141,9 @@ int hex_string_to_octet_string (char *raw, char *hex, int len) > return hex_len; > } > >-char * octet_string_hex_string (const void *s, int length) >+char *octet_string_hex_string(const void *s, int length) > { >- const uint8_t *str = (const uint8_t*)s; >+ const uint8_t *str = (const uint8_t *)s; > int i; > > /* double length, since one octet takes two hex characters */ >@@ -132,7 +155,7 @@ char * octet_string_hex_string (const void *s, int length) > } > > for (i = 0; i < length; i += 2) { >- bit_string[i] = nibble_to_hex_char(*str >> 4); >+ bit_string[i] = nibble_to_hex_char(*str >> 4); > bit_string[i + 1] = nibble_to_hex_char(*str++ & 0xF); > } > bit_string[i] = 0; /* null terminate string */ >@@ -142,9 +165,9 @@ char * octet_string_hex_string (const void *s, int length) > static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" > "abcdefghijklmnopqrstuvwxyz0123456789+/"; > >-static int base64_block_to_octet_triple (char *out, char *in) >+static int base64_block_to_octet_triple(char *out, char *in) > { >- unsigned char sextets[4] = {0}; >+ unsigned char sextets[4] = { 0 }; > int j = 0; > int i; > >@@ -152,7 +175,9 @@ static int base64_block_to_octet_triple (char *out, char *in) > char *p = strchr(b64chars, in[i]); > if (p != NULL) { > sextets[i] = p - b64chars; >- } else{ j++; } >+ } else { >+ j++; >+ } > } > > out[0] = (sextets[0] << 2) | (sextets[1] >> 4); >@@ -165,7 +190,7 @@ static int base64_block_to_octet_triple (char *out, char *in) > return j; > } > >-int base64_string_to_octet_string (char *out, int *pad, char *in, int len) >+int base64_string_to_octet_string(char *out, int *pad, char *in, int len) > { > int k = 0; > int i = 0; >diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/util.h b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/util.h >index db58c24661cdc455dc874d9bb14f08ea081bd567..d04b279b3a3a39e22ba9ff2ef5a29455255f65a3 100644 >--- a/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/util.h >+++ b/Source/ThirdParty/libwebrtc/Source/third_party/libsrtp/test/util.h >@@ -47,7 +47,7 @@ > #define MAX_PRINT_STRING_LEN 1024 > > int hex_string_to_octet_string(char *raw, char *hex, int len); >-char * octet_string_hex_string(const void *s, int length); >+char *octet_string_hex_string(const void *s, int length); > int base64_string_to_octet_string(char *raw, int *pad, char *base64, int len); > > #endif >diff --git a/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj b/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj >index e9559fb7ed99c34b3c242be0396d5c5e7a514aaa..3ecf5a614d3e0005af38476f7576417498a0cac2 100644 >--- a/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj >+++ b/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj >@@ -21,6 +21,7 @@ > /* End PBXAggregateTarget section */ > > /* Begin PBXBuildFile section */ >+ 4100CDF921CAE33400F9B87D /* srtpsession.cc in Sources */ = {isa = PBXBuildFile; fileRef = 419C82D01FE20E560040C30F /* srtpsession.cc */; }; > 4102F68D21273206006AE8D7 /* rtcstatstraversal.h in Headers */ = {isa = PBXBuildFile; fileRef = 4102F68421273204006AE8D7 /* rtcstatstraversal.h */; }; > 4102F68E21273206006AE8D7 /* jseptransportcontroller.h in Headers */ = {isa = PBXBuildFile; fileRef = 4102F68521273204006AE8D7 /* jseptransportcontroller.h */; }; > 4102F68F21273206006AE8D7 /* transportstats.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4102F68621273205006AE8D7 /* transportstats.cc */; }; >@@ -831,7 +832,6 @@ > 419C82DB1FE20E590040C30F /* rtptransportinternaladapter.h in Headers */ = {isa = PBXBuildFile; fileRef = 419C82CD1FE20E550040C30F /* rtptransportinternaladapter.h */; }; > 419C82DC1FE20E590040C30F /* sdputils.cc in Sources */ = {isa = PBXBuildFile; fileRef = 419C82CE1FE20E550040C30F /* sdputils.cc */; }; > 419C82DD1FE20E590040C30F /* sdputils.h in Headers */ = {isa = PBXBuildFile; fileRef = 419C82CF1FE20E560040C30F /* sdputils.h */; }; >- 419C82DE1FE20E590040C30F /* srtpsession.cc in Sources */ = {isa = PBXBuildFile; fileRef = 419C82D01FE20E560040C30F /* srtpsession.cc */; }; > 419C82DF1FE20E590040C30F /* srtptransport.cc in Sources */ = {isa = PBXBuildFile; fileRef = 419C82D11FE20E560040C30F /* srtptransport.cc */; }; > 419C82E01FE20E590040C30F /* dtlssrtptransport.h in Headers */ = {isa = PBXBuildFile; fileRef = 419C82D21FE20E570040C30F /* dtlssrtptransport.h */; }; > 419C82E11FE20E590040C30F /* srtpsession.h in Headers */ = {isa = PBXBuildFile; fileRef = 419C82D31FE20E570040C30F /* srtpsession.h */; }; >@@ -15714,6 +15714,7 @@ > 5C088C1E1E4AA44400403995 /* rtcpmuxfilter.cc in Sources */, > 5C088C201E4AA44400403995 /* srtpfilter.cc in Sources */, > 41239B4D2147743A00396F81 /* video_stream_encoder_create.cc in Sources */, >+ 4100CDF921CAE33400F9B87D /* srtpsession.cc in Sources */, > ); > runOnlyForDeploymentPostprocessing = 0; > }; >@@ -17075,7 +17076,6 @@ > 5CDD835F1E43257200621E92 /* sps_parser.cc in Sources */, > 5CDD83621E43257200621E92 /* sps_vui_rewriter.cc in Sources */, > 5CDD86721E43B8B500621E92 /* sqrt_of_one_minus_x_squared.c in Sources */, >- 419C82DE1FE20E590040C30F /* srtpsession.cc in Sources */, > 419C82DF1FE20E590040C30F /* srtptransport.cc in Sources */, > 419C845E1FE255FA0040C30F /* ssl_aead_ctx.cc in Sources */, > 419C84741FE255FA0040C30F /* ssl_asn1.cc in Sources */,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=357890">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 192861
:
357694
|
357710
|
357725
| 357890