1/*
2 * srtp_driver.c
3 *
4 * a test driver for libSRTP
5 *
6 * David A. McGrew
7 * Cisco Systems, Inc.
8 */
9/*
10 *
11 * Copyright (c) 2001-2006, Cisco Systems, Inc.
12 * All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 *
18 *   Redistributions of source code must retain the above copyright
19 *   notice, this list of conditions and the following disclaimer.
20 *
21 *   Redistributions in binary form must reproduce the above
22 *   copyright notice, this list of conditions and the following
23 *   disclaimer in the documentation and/or other materials provided
24 *   with the distribution.
25 *
26 *   Neither the name of the Cisco Systems, Inc. nor the names of its
27 *   contributors may be used to endorse or promote products derived
28 *   from this software without specific prior written permission.
29 *
30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41 * OF THE POSSIBILITY OF SUCH DAMAGE.
42 *
43 */
44
45
46#include <string.h>   /* for memcpy()          */
47#include <time.h>     /* for clock()           */
48#include <stdlib.h>   /* for malloc(), free()  */
49#include <stdio.h>    /* for print(), fflush() */
50#include "getopt_s.h" /* for local getopt()    */
51
52#include "srtp_priv.h"
53
54#ifdef HAVE_NETINET_IN_H
55# include <netinet/in.h>
56#elif defined HAVE_WINSOCK2_H
57# include <winsock2.h>
58#endif
59
60#define PRINT_REFERENCE_PACKET 1
61
62err_status_t
63srtp_validate(void);
64
65err_status_t
66srtp_create_big_policy(srtp_policy_t **list);
67
68err_status_t
69srtp_test_remove_stream(void);
70
71double
72srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy);
73
74double
75srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy);
76
77void
78srtp_do_timing(const srtp_policy_t *policy);
79
80void
81srtp_do_rejection_timing(const srtp_policy_t *policy);
82
83err_status_t
84srtp_test(const srtp_policy_t *policy);
85
86err_status_t
87srtcp_test(const srtp_policy_t *policy);
88
89err_status_t
90srtp_session_print_policy(srtp_t srtp);
91
92err_status_t
93srtp_print_policy(const srtp_policy_t *policy);
94
95char *
96srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len);
97
98double
99mips_estimate(int num_trials, int *ignore);
100
101extern uint8_t test_key[30];
102
103void
104usage(char *prog_name) {
105  printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n"
106         "  -t         run timing test\n"
107	 "  -r         run rejection timing test\n"
108         "  -c         run codec timing test\n"
109         "  -v         run validation tests\n"
110         "  -d <mod>   turn on debugging module <mod>\n"
111         "  -l         list debugging modules\n", prog_name);
112  exit(1);
113}
114
115/*
116 * The policy_array is a null-terminated array of policy structs. it
117 * is declared at the end of this file
118 */
119
120extern const srtp_policy_t *policy_array[];
121
122
123/* the wildcard_policy is declared below; it has a wildcard ssrc */
124
125extern const srtp_policy_t wildcard_policy;
126
127/*
128 * mod_driver debug module - debugging module for this test driver
129 *
130 * we use the crypto_kernel debugging system in this driver, which
131 * makes the interface uniform and increases portability
132 */
133
134debug_module_t mod_driver = {
135  0,                  /* debugging is off by default */
136  "driver"            /* printable name for module   */
137};
138
139int
140main (int argc, char *argv[]) {
141  int q;
142  unsigned do_timing_test    = 0;
143  unsigned do_rejection_test = 0;
144  unsigned do_codec_timing   = 0;
145  unsigned do_validation     = 0;
146  unsigned do_list_mods      = 0;
147  err_status_t status;
148
149  /*
150   * verify that the compiler has interpreted the header data
151   * structure srtp_hdr_t correctly
152   */
153  if (sizeof(srtp_hdr_t) != 12) {
154     printf("error: srtp_hdr_t has incorrect size"
155	    "(size is %ld bytes, expected 12)\n",
156	    (long)sizeof(srtp_hdr_t));
157    exit(1);
158  }
159
160  /* initialize srtp library */
161  status = srtp_init();
162  if (status) {
163    printf("error: srtp init failed with error code %d\n", status);
164    exit(1);
165  }
166
167  /*  load srtp_driver debug module */
168  status = crypto_kernel_load_debug_module(&mod_driver);
169    if (status) {
170    printf("error: load of srtp_driver debug module failed "
171           "with error code %d\n", status);
172    exit(1);
173  }
174
175  /* process input arguments */
176  while (1) {
177    q = getopt_s(argc, argv, "trcvld:");
178    if (q == -1)
179      break;
180    switch (q) {
181    case 't':
182      do_timing_test = 1;
183      break;
184    case 'r':
185      do_rejection_test = 1;
186      break;
187    case 'c':
188      do_codec_timing = 1;
189      break;
190    case 'v':
191      do_validation = 1;
192      break;
193    case 'l':
194      do_list_mods = 1;
195      break;
196    case 'd':
197      status = crypto_kernel_set_debug_module(optarg_s, 1);
198      if (status) {
199        printf("error: set debug module (%s) failed\n", optarg_s);
200        exit(1);
201      }
202      break;
203    default:
204      usage(argv[0]);
205    }
206  }
207
208  if (!do_validation && !do_timing_test && !do_codec_timing
209      && !do_list_mods && !do_rejection_test)
210    usage(argv[0]);
211
212  if (do_list_mods) {
213    status = crypto_kernel_list_debug_modules();
214    if (status) {
215      printf("error: list of debug modules failed\n");
216      exit(1);
217    }
218  }
219
220  if (do_validation) {
221    const srtp_policy_t **policy = policy_array;
222    srtp_policy_t *big_policy;
223
224    /* loop over policy array, testing srtp and srtcp for each policy */
225    while (*policy != NULL) {
226      printf("testing srtp_protect and srtp_unprotect\n");
227      if (srtp_test(*policy) == err_status_ok)
228	printf("passed\n\n");
229      else {
230	printf("failed\n");
231	exit(1);
232      }
233      printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
234      if (srtcp_test(*policy) == err_status_ok)
235	printf("passed\n\n");
236      else {
237	printf("failed\n");
238	exit(1);
239      }
240      policy++;
241    }
242
243    /* create a big policy list and run tests on it */
244    status = srtp_create_big_policy(&big_policy);
245    if (status) {
246      printf("unexpected failure with error code %d\n", status);
247      exit(1);
248    }
249    printf("testing srtp_protect and srtp_unprotect with big policy\n");
250    if (srtp_test(big_policy) == err_status_ok)
251      printf("passed\n\n");
252    else {
253      printf("failed\n");
254      exit(1);
255    }
256
257    /* run test on wildcard policy */
258    printf("testing srtp_protect and srtp_unprotect on "
259	   "wildcard ssrc policy\n");
260    if (srtp_test(&wildcard_policy) == err_status_ok)
261      printf("passed\n\n");
262    else {
263      printf("failed\n");
264      exit(1);
265    }
266
267    /*
268     * run validation test against the reference packets - note
269     * that this test only covers the default policy
270     */
271    printf("testing srtp_protect and srtp_unprotect against "
272	   "reference packets\n");
273    if (srtp_validate() == err_status_ok)
274      printf("passed\n\n");
275    else {
276      printf("failed\n");
277       exit(1);
278    }
279
280    /*
281     * test the function srtp_remove_stream()
282     */
283    printf("testing srtp_remove_stream()...");
284    if (srtp_test_remove_stream() == err_status_ok)
285      printf("passed\n");
286    else {
287      printf("failed\n");
288      exit(1);
289    }
290  }
291
292  if (do_timing_test) {
293    const srtp_policy_t **policy = policy_array;
294
295    /* loop over policies, run timing test for each */
296    while (*policy != NULL) {
297      srtp_print_policy(*policy);
298      srtp_do_timing(*policy);
299      policy++;
300    }
301  }
302
303  if (do_rejection_test) {
304    const srtp_policy_t **policy = policy_array;
305
306    /* loop over policies, run rejection timing test for each */
307    while (*policy != NULL) {
308      srtp_print_policy(*policy);
309      srtp_do_rejection_timing(*policy);
310      policy++;
311    }
312  }
313
314  if (do_codec_timing) {
315    srtp_policy_t policy;
316    int ignore;
317    double mips = mips_estimate(1000000000, &ignore);
318
319    crypto_policy_set_rtp_default(&policy.rtp);
320    crypto_policy_set_rtcp_default(&policy.rtcp);
321    policy.ssrc.type  = ssrc_specific;
322    policy.ssrc.value = 0xdecafbad;
323    policy.key  = test_key;
324    policy.ekt = NULL;
325    policy.window_size = 128;
326    policy.allow_repeat_tx = 0;
327    policy.next = NULL;
328
329    printf("mips estimate: %e\n", mips);
330
331    printf("testing srtp processing time for voice codecs:\n");
332    printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
333    printf("G.711\t\t%d\t\t\t%e\n", 80,
334           (double) mips * (80 * 8) /
335	   srtp_bits_per_second(80, &policy) / .01 );
336    printf("G.711\t\t%d\t\t\t%e\n", 160,
337           (double) mips * (160 * 8) /
338	   srtp_bits_per_second(160, &policy) / .02);
339    printf("G.726-32\t%d\t\t\t%e\n", 40,
340           (double) mips * (40 * 8) /
341	   srtp_bits_per_second(40, &policy) / .01 );
342    printf("G.726-32\t%d\t\t\t%e\n", 80,
343           (double) mips * (80 * 8) /
344	   srtp_bits_per_second(80, &policy) / .02);
345    printf("G.729\t\t%d\t\t\t%e\n", 10,
346           (double) mips * (10 * 8) /
347	   srtp_bits_per_second(10, &policy) / .01 );
348    printf("G.729\t\t%d\t\t\t%e\n", 20,
349           (double) mips * (20 * 8) /
350	   srtp_bits_per_second(20, &policy) / .02 );
351    printf("Wideband\t%d\t\t\t%e\n", 320,
352           (double) mips * (320 * 8) /
353	   srtp_bits_per_second(320, &policy) / .01 );
354    printf("Wideband\t%d\t\t\t%e\n", 640,
355           (double) mips * (640 * 8) /
356	   srtp_bits_per_second(640, &policy) / .02 );
357  }
358
359  return 0;
360}
361
362
363
364/*
365 * srtp_create_test_packet(len, ssrc) returns a pointer to a
366 * (malloced) example RTP packet whose data field has the length given
367 * by pkt_octet_len and the SSRC value ssrc.  The total length of the
368 * packet is twelve octets longer, since the header is at the
369 * beginning.  There is room at the end of the packet for a trailer,
370 * and the four octets following the packet are filled with 0xff
371 * values to enable testing for overwrites.
372 *
373 * note that the location of the test packet can (and should) be
374 * deallocated with the free() call once it is no longer needed.
375 */
376
377srtp_hdr_t *
378srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) {
379  int i;
380  uint8_t *buffer;
381  srtp_hdr_t *hdr;
382  int bytes_in_hdr = 12;
383
384  /* allocate memory for test packet */
385  hdr = (srtp_hdr_t*) malloc(pkt_octet_len + bytes_in_hdr
386	       + SRTP_MAX_TRAILER_LEN + 4);
387  if (!hdr)
388    return NULL;
389
390  hdr->version = 2;              /* RTP version two     */
391  hdr->p    = 0;                 /* no padding needed   */
392  hdr->x    = 0;                 /* no header extension */
393  hdr->cc   = 0;                 /* no CSRCs            */
394  hdr->m    = 0;                 /* marker bit          */
395  hdr->pt   = 0xf;               /* payload type        */
396  hdr->seq  = htons(0x1234);     /* sequence number     */
397  hdr->ts   = htonl(0xdecafbad); /* timestamp           */
398  hdr->ssrc = htonl(ssrc);       /* synch. source       */
399
400  buffer = (uint8_t *)hdr;
401  buffer += bytes_in_hdr;
402
403  /* set RTP data to 0xab */
404  for (i=0; i < pkt_octet_len; i++)
405    *buffer++ = 0xab;
406
407  /* set post-data value to 0xffff to enable overrun checking */
408  for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++)
409    *buffer++ = 0xff;
410
411  return hdr;
412}
413
414void
415srtp_do_timing(const srtp_policy_t *policy) {
416  int len;
417
418  /*
419   * note: the output of this function is formatted so that it
420   * can be used in gnuplot.  '#' indicates a comment, and "\r\n"
421   * terminates a record
422   */
423
424  printf("# testing srtp throughput:\r\n");
425  printf("# mesg length (octets)\tthroughput (megabits per second)\r\n");
426
427  for (len=16; len <= 2048; len *= 2)
428    printf("%d\t\t\t%f\r\n", len,
429	   srtp_bits_per_second(len, policy) / 1.0E6);
430
431  /* these extra linefeeds let gnuplot know that a dataset is done */
432  printf("\r\n\r\n");
433
434}
435
436void
437srtp_do_rejection_timing(const srtp_policy_t *policy) {
438  int len;
439
440  /*
441   * note: the output of this function is formatted so that it
442   * can be used in gnuplot.  '#' indicates a comment, and "\r\n"
443   * terminates a record
444   */
445
446  printf("# testing srtp rejection throughput:\r\n");
447  printf("# mesg length (octets)\trejections per second\r\n");
448
449  for (len=8; len <= 2048; len *= 2)
450    printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy));
451
452  /* these extra linefeeds let gnuplot know that a dataset is done */
453  printf("\r\n\r\n");
454
455}
456
457
458#define MAX_MSG_LEN 1024
459
460double
461srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) {
462  srtp_t srtp;
463  srtp_hdr_t *mesg;
464  int i;
465  clock_t timer;
466  int num_trials = 100000;
467  int len;
468  uint32_t ssrc;
469  err_status_t status;
470
471  /*
472   * allocate and initialize an srtp session
473   */
474  status = srtp_create(&srtp, policy);
475  if (status) {
476    printf("error: srtp_create() failed with error code %d\n", status);
477    exit(1);
478  }
479
480  /*
481   * if the ssrc is unspecified, use a predetermined one
482   */
483  if (policy->ssrc.type != ssrc_specific) {
484    ssrc = 0xdeadbeef;
485  } else {
486    ssrc = policy->ssrc.value;
487  }
488
489  /*
490   * create a test packet
491   */
492  mesg = srtp_create_test_packet(msg_len_octets, ssrc);
493  if (mesg == NULL)
494    return 0.0;   /* indicate failure by returning zero */
495
496  timer = clock();
497  for (i=0; i < num_trials; i++) {
498    err_status_t status;
499    len = msg_len_octets + 12;  /* add in rtp header length */
500
501    /* srtp protect message */
502    status = srtp_protect(srtp, mesg, &len);
503    if (status) {
504      printf("error: srtp_protect() failed with error code %d\n", status);
505      exit(1);
506    }
507
508    /* increment message number */
509    mesg->seq = htons(ntohs(mesg->seq) + 1);
510
511  }
512  timer = clock() - timer;
513
514  free(mesg);
515
516  return (double) (msg_len_octets) * 8 *
517                  num_trials * CLOCKS_PER_SEC / timer;
518}
519
520double
521srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy) {
522  srtp_ctx_t *srtp;
523  srtp_hdr_t *mesg;
524  int i;
525  int len;
526  clock_t timer;
527  int num_trials = 1000000;
528  uint32_t ssrc = policy->ssrc.value;
529  err_status_t status;
530
531  /*
532   * allocate and initialize an srtp session
533   */
534  status = srtp_create(&srtp, policy);
535  if (status) {
536    printf("error: srtp_create() failed with error code %d\n", status);
537    exit(1);
538  }
539
540  mesg = srtp_create_test_packet(msg_len_octets, ssrc);
541  if (mesg == NULL)
542    return 0.0;  /* indicate failure by returning zero */
543
544  len = msg_len_octets;
545  srtp_protect(srtp, (srtp_hdr_t *)mesg, &len);
546
547  timer = clock();
548  for (i=0; i < num_trials; i++) {
549    len = msg_len_octets;
550    srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len);
551  }
552  timer = clock() - timer;
553
554  free(mesg);
555
556  return (double) num_trials * CLOCKS_PER_SEC / timer;
557}
558
559
560void
561err_check(err_status_t s) {
562  if (s == err_status_ok)
563    return;
564  else
565    fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
566  exit (1);
567}
568
569err_status_t
570srtp_test(const srtp_policy_t *policy) {
571  int i;
572  srtp_t srtp_sender;
573  srtp_t srtp_rcvr;
574  err_status_t status = err_status_ok;
575  srtp_hdr_t *hdr, *hdr2;
576  uint8_t hdr_enc[64];
577  uint8_t *pkt_end;
578  int msg_len_octets, msg_len_enc;
579  int len;
580  int tag_length = policy->rtp.auth_tag_len;
581  uint32_t ssrc;
582  srtp_policy_t *rcvr_policy;
583
584  err_check(srtp_create(&srtp_sender, policy));
585
586  /* print out policy */
587  err_check(srtp_session_print_policy(srtp_sender));
588
589  /*
590   * initialize data buffer, using the ssrc in the policy unless that
591   * value is a wildcard, in which case we'll just use an arbitrary
592   * one
593   */
594  if (policy->ssrc.type != ssrc_specific)
595    ssrc = 0xdecafbad;
596  else
597    ssrc = policy->ssrc.value;
598  msg_len_octets = 28;
599  hdr = srtp_create_test_packet(msg_len_octets, ssrc);
600
601  if (hdr == NULL)
602    return err_status_alloc_fail;
603  hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
604  if (hdr2 == NULL) {
605    free(hdr);
606    return err_status_alloc_fail;
607  }
608
609  /* set message length */
610  len = msg_len_octets;
611
612  debug_print(mod_driver, "before protection:\n%s",
613	      srtp_packet_to_string(hdr, len));
614
615#if PRINT_REFERENCE_PACKET
616  debug_print(mod_driver, "reference packet before protection:\n%s",
617	      octet_string_hex_string((uint8_t *)hdr, len));
618#endif
619  err_check(srtp_protect(srtp_sender, hdr, &len));
620
621  debug_print(mod_driver, "after protection:\n%s",
622	      srtp_packet_to_string(hdr, len));
623#if PRINT_REFERENCE_PACKET
624  debug_print(mod_driver, "after protection:\n%s",
625	      octet_string_hex_string((uint8_t *)hdr, len));
626#endif
627
628  /* save protected message and length */
629  memcpy(hdr_enc, hdr, len);
630  msg_len_enc = len;
631
632  /*
633   * check for overrun of the srtp_protect() function
634   *
635   * The packet is followed by a value of 0xfffff; if the value of the
636   * data following the packet is different, then we know that the
637   * protect function is overwriting the end of the packet.
638   */
639  pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t)
640    + msg_len_octets + tag_length;
641  for (i = 0; i < 4; i++)
642    if (pkt_end[i] != 0xff) {
643      fprintf(stdout, "overwrite in srtp_protect() function "
644              "(expected %x, found %x in trailing octet %d)\n",
645              0xff, ((uint8_t *)hdr)[i], i);
646      free(hdr);
647      free(hdr2);
648      return err_status_algo_fail;
649    }
650
651  /*
652   * if the policy includes confidentiality, check that ciphertext is
653   * different than plaintext
654   *
655   * Note that this check will give false negatives, with some small
656   * probability, especially if the packets are short.  For that
657   * reason, we skip this check if the plaintext is less than four
658   * octets long.
659   */
660  if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
661    printf("testing that ciphertext is distinct from plaintext...");
662    status = err_status_algo_fail;
663    for (i=12; i < msg_len_octets+12; i++)
664      if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
665	status = err_status_ok;
666      }
667    if (status) {
668      printf("failed\n");
669      free(hdr);
670      free(hdr2);
671      return status;
672    }
673    printf("passed\n");
674  }
675
676  /*
677   * if the policy uses a 'wildcard' ssrc, then we need to make a copy
678   * of the policy that changes the direction to inbound
679   *
680   * we always copy the policy into the rcvr_policy, since otherwise
681   * the compiler would fret about the constness of the policy
682   */
683  rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
684  if (rcvr_policy == NULL)
685    return err_status_alloc_fail;
686  memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
687  if (policy->ssrc.type == ssrc_any_outbound) {
688    rcvr_policy->ssrc.type = ssrc_any_inbound;
689  }
690
691  err_check(srtp_create(&srtp_rcvr, rcvr_policy));
692
693  err_check(srtp_unprotect(srtp_rcvr, hdr, &len));
694
695  debug_print(mod_driver, "after unprotection:\n%s",
696	      srtp_packet_to_string(hdr, len));
697
698  /* verify that the unprotected packet matches the origial one */
699  for (i=0; i < msg_len_octets; i++)
700    if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
701      fprintf(stdout, "mismatch at octet %d\n", i);
702      status = err_status_algo_fail;
703    }
704  if (status) {
705    free(hdr);
706    free(hdr2);
707    return status;
708  }
709
710  /*
711   * if the policy includes authentication, then test for false positives
712   */
713  if (policy->rtp.sec_serv & sec_serv_auth) {
714    char *data = ((char *)hdr) + 12;
715
716    printf("testing for false positives in replay check...");
717
718    /* set message length */
719    len = msg_len_enc;
720
721    /* unprotect a second time - should fail with a replay error */
722    status = srtp_unprotect(srtp_rcvr, hdr_enc, &len);
723    if (status != err_status_replay_fail) {
724      printf("failed with error code %d\n", status);
725      free(hdr);
726      free(hdr2);
727      return status;
728    } else {
729      printf("passed\n");
730    }
731
732    printf("testing for false positives in auth check...");
733
734    /* increment sequence number in header */
735    hdr->seq++;
736
737    /* set message length */
738    len = msg_len_octets;
739
740    /* apply protection */
741    err_check(srtp_protect(srtp_sender, hdr, &len));
742
743    /* flip bits in packet */
744    data[0] ^= 0xff;
745
746    /* unprotect, and check for authentication failure */
747    status = srtp_unprotect(srtp_rcvr, hdr, &len);
748    if (status != err_status_auth_fail) {
749      printf("failed\n");
750      free(hdr);
751      free(hdr2);
752      return status;
753    } else {
754      printf("passed\n");
755    }
756
757  }
758
759  err_check(srtp_dealloc(srtp_sender));
760  err_check(srtp_dealloc(srtp_rcvr));
761
762  free(hdr);
763  free(hdr2);
764  return err_status_ok;
765}
766
767
768err_status_t
769srtcp_test(const srtp_policy_t *policy) {
770  int i;
771  srtp_t srtcp_sender;
772  srtp_t srtcp_rcvr;
773  err_status_t status = err_status_ok;
774  srtp_hdr_t *hdr, *hdr2;
775  uint8_t hdr_enc[64];
776  uint8_t *pkt_end;
777  int msg_len_octets, msg_len_enc;
778  int len;
779  int tag_length = policy->rtp.auth_tag_len;
780  uint32_t ssrc;
781  srtp_policy_t *rcvr_policy;
782
783  err_check(srtp_create(&srtcp_sender, policy));
784
785  /* print out policy */
786  err_check(srtp_session_print_policy(srtcp_sender));
787
788  /*
789   * initialize data buffer, using the ssrc in the policy unless that
790   * value is a wildcard, in which case we'll just use an arbitrary
791   * one
792   */
793  if (policy->ssrc.type != ssrc_specific)
794    ssrc = 0xdecafbad;
795  else
796    ssrc = policy->ssrc.value;
797  msg_len_octets = 28;
798  hdr = srtp_create_test_packet(msg_len_octets, ssrc);
799
800  if (hdr == NULL)
801    return err_status_alloc_fail;
802  hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
803  if (hdr2 == NULL) {
804    free(hdr);
805    return err_status_alloc_fail;
806  }
807
808  /* set message length */
809  len = msg_len_octets;
810
811  debug_print(mod_driver, "before protection:\n%s",
812	      srtp_packet_to_string(hdr, len));
813
814#if PRINT_REFERENCE_PACKET
815  debug_print(mod_driver, "reference packet before protection:\n%s",
816	      octet_string_hex_string((uint8_t *)hdr, len));
817#endif
818  err_check(srtp_protect_rtcp(srtcp_sender, hdr, &len));
819
820  debug_print(mod_driver, "after protection:\n%s",
821	      srtp_packet_to_string(hdr, len));
822#if PRINT_REFERENCE_PACKET
823  debug_print(mod_driver, "after protection:\n%s",
824	      octet_string_hex_string((uint8_t *)hdr, len));
825#endif
826
827  /* save protected message and length */
828  memcpy(hdr_enc, hdr, len);
829  msg_len_enc = len;
830
831  /*
832   * check for overrun of the srtp_protect() function
833   *
834   * The packet is followed by a value of 0xfffff; if the value of the
835   * data following the packet is different, then we know that the
836   * protect function is overwriting the end of the packet.
837   */
838  pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t)
839    + msg_len_octets + tag_length;
840  for (i = 0; i < 4; i++)
841    if (pkt_end[i] != 0xff) {
842      fprintf(stdout, "overwrite in srtp_protect_rtcp() function "
843              "(expected %x, found %x in trailing octet %d)\n",
844              0xff, ((uint8_t *)hdr)[i], i);
845      free(hdr);
846      free(hdr2);
847      return err_status_algo_fail;
848    }
849
850  /*
851   * if the policy includes confidentiality, check that ciphertext is
852   * different than plaintext
853   *
854   * Note that this check will give false negatives, with some small
855   * probability, especially if the packets are short.  For that
856   * reason, we skip this check if the plaintext is less than four
857   * octets long.
858   */
859  if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
860    printf("testing that ciphertext is distinct from plaintext...");
861    status = err_status_algo_fail;
862    for (i=12; i < msg_len_octets+12; i++)
863      if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
864	status = err_status_ok;
865      }
866    if (status) {
867      printf("failed\n");
868      free(hdr);
869      free(hdr2);
870      return status;
871    }
872    printf("passed\n");
873  }
874
875  /*
876   * if the policy uses a 'wildcard' ssrc, then we need to make a copy
877   * of the policy that changes the direction to inbound
878   *
879   * we always copy the policy into the rcvr_policy, since otherwise
880   * the compiler would fret about the constness of the policy
881   */
882  rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
883  if (rcvr_policy == NULL)
884    return err_status_alloc_fail;
885  memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
886  if (policy->ssrc.type == ssrc_any_outbound) {
887    rcvr_policy->ssrc.type = ssrc_any_inbound;
888  }
889
890  err_check(srtp_create(&srtcp_rcvr, rcvr_policy));
891
892  err_check(srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len));
893
894  debug_print(mod_driver, "after unprotection:\n%s",
895	      srtp_packet_to_string(hdr, len));
896
897  /* verify that the unprotected packet matches the origial one */
898  for (i=0; i < msg_len_octets; i++)
899    if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
900      fprintf(stdout, "mismatch at octet %d\n", i);
901      status = err_status_algo_fail;
902    }
903  if (status) {
904    free(hdr);
905    free(hdr2);
906    return status;
907  }
908
909  /*
910   * if the policy includes authentication, then test for false positives
911   */
912  if (policy->rtp.sec_serv & sec_serv_auth) {
913    char *data = ((char *)hdr) + 12;
914
915    printf("testing for false positives in replay check...");
916
917    /* set message length */
918    len = msg_len_enc;
919
920    /* unprotect a second time - should fail with a replay error */
921    status = srtp_unprotect_rtcp(srtcp_rcvr, hdr_enc, &len);
922    if (status != err_status_replay_fail) {
923      printf("failed with error code %d\n", status);
924      free(hdr);
925      free(hdr2);
926      return status;
927    } else {
928      printf("passed\n");
929    }
930
931    printf("testing for false positives in auth check...");
932
933    /* increment sequence number in header */
934    hdr->seq++;
935
936    /* set message length */
937    len = msg_len_octets;
938
939    /* apply protection */
940    err_check(srtp_protect_rtcp(srtcp_sender, hdr, &len));
941
942    /* flip bits in packet */
943    data[0] ^= 0xff;
944
945    /* unprotect, and check for authentication failure */
946    status = srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len);
947    if (status != err_status_auth_fail) {
948      printf("failed\n");
949      free(hdr);
950      free(hdr2);
951      return status;
952    } else {
953      printf("passed\n");
954    }
955
956  }
957
958  err_check(srtp_dealloc(srtcp_sender));
959  err_check(srtp_dealloc(srtcp_rcvr));
960
961  free(hdr);
962  free(hdr2);
963  return err_status_ok;
964}
965
966
967err_status_t
968srtp_session_print_policy(srtp_t srtp) {
969  char *serv_descr[4] = {
970    "none",
971    "confidentiality",
972    "authentication",
973    "confidentiality and authentication"
974  };
975  char *direction[3] = {
976    "unknown",
977    "outbound",
978    "inbound"
979  };
980  srtp_stream_t stream;
981
982  /* sanity checking */
983  if (srtp == NULL)
984    return err_status_fail;
985
986  /* if there's a template stream, print it out */
987  if (srtp->stream_template != NULL) {
988    stream = srtp->stream_template;
989    printf("# SSRC:          any %s\r\n"
990	   "# rtp cipher:    %s\r\n"
991	   "# rtp auth:      %s\r\n"
992	   "# rtp services:  %s\r\n"
993           "# rtcp cipher:   %s\r\n"
994	   "# rtcp auth:     %s\r\n"
995	   "# rtcp services: %s\r\n"
996	   "# window size:   %lu\r\n"
997	   "# tx rtx allowed:%s\r\n",
998	   direction[stream->direction],
999	   stream->rtp_cipher->type->description,
1000	   stream->rtp_auth->type->description,
1001	   serv_descr[stream->rtp_services],
1002	   stream->rtcp_cipher->type->description,
1003	   stream->rtcp_auth->type->description,
1004	   serv_descr[stream->rtcp_services],
1005	   rdbx_get_window_size(&stream->rtp_rdbx),
1006	   stream->allow_repeat_tx ? "true" : "false");
1007  }
1008
1009  /* loop over streams in session, printing the policy of each */
1010  stream = srtp->stream_list;
1011  while (stream != NULL) {
1012    if (stream->rtp_services > sec_serv_conf_and_auth)
1013      return err_status_bad_param;
1014
1015    printf("# SSRC:          0x%08x\r\n"
1016	   "# rtp cipher:    %s\r\n"
1017	   "# rtp auth:      %s\r\n"
1018	   "# rtp services:  %s\r\n"
1019           "# rtcp cipher:   %s\r\n"
1020	   "# rtcp auth:     %s\r\n"
1021	   "# rtcp services: %s\r\n"
1022	   "# window size:   %lu\r\n"
1023	   "# tx rtx allowed:%s\r\n",
1024	   stream->ssrc,
1025	   stream->rtp_cipher->type->description,
1026	   stream->rtp_auth->type->description,
1027	   serv_descr[stream->rtp_services],
1028	   stream->rtcp_cipher->type->description,
1029	   stream->rtcp_auth->type->description,
1030	   serv_descr[stream->rtcp_services],
1031	   rdbx_get_window_size(&stream->rtp_rdbx),
1032	   stream->allow_repeat_tx ? "true" : "false");
1033
1034    /* advance to next stream in the list */
1035    stream = stream->next;
1036  }
1037  return err_status_ok;
1038}
1039
1040err_status_t
1041srtp_print_policy(const srtp_policy_t *policy) {
1042  err_status_t status;
1043  srtp_t session;
1044
1045  status = srtp_create(&session, policy);
1046  if (status)
1047    return status;
1048  status = srtp_session_print_policy(session);
1049  if (status)
1050    return status;
1051  status = srtp_dealloc(session);
1052  if (status)
1053    return status;
1054  return err_status_ok;
1055}
1056
1057/*
1058 * srtp_print_packet(...) is for debugging only
1059 * it prints an RTP packet to the stdout
1060 *
1061 * note that this function is *not* threadsafe
1062 */
1063
1064#include <stdio.h>
1065
1066#define MTU 2048
1067
1068char packet_string[MTU];
1069
1070char *
1071srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len) {
1072  int octets_in_rtp_header = 12;
1073  uint8_t *data = ((uint8_t *)hdr)+octets_in_rtp_header;
1074  int hex_len = pkt_octet_len-octets_in_rtp_header;
1075
1076  /* sanity checking */
1077  if ((hdr == NULL) || (pkt_octet_len > MTU))
1078    return NULL;
1079
1080  /* write packet into string */
1081  sprintf(packet_string,
1082	  "(s)rtp packet: {\n"
1083	  "   version:\t%d\n"
1084	  "   p:\t\t%d\n"
1085	  "   x:\t\t%d\n"
1086	  "   cc:\t\t%d\n"
1087	  "   m:\t\t%d\n"
1088	  "   pt:\t\t%x\n"
1089	  "   seq:\t\t%x\n"
1090	  "   ts:\t\t%x\n"
1091	  "   ssrc:\t%x\n"
1092	  "   data:\t%s\n"
1093	  "} (%d octets in total)\n",
1094	  hdr->version,
1095	  hdr->p,
1096	  hdr->x,
1097	  hdr->cc,
1098	  hdr->m,
1099	  hdr->pt,
1100	  hdr->seq,
1101	  hdr->ts,
1102	  hdr->ssrc,
1103  	  octet_string_hex_string(data, hex_len),
1104	  pkt_octet_len);
1105
1106  return packet_string;
1107}
1108
1109/*
1110 * mips_estimate() is a simple function to estimate the number of
1111 * instructions per second that the host can perform.  note that this
1112 * function can be grossly wrong; you may want to have a manual sanity
1113 * check of its output!
1114 *
1115 * the 'ignore' pointer is there to convince the compiler to not just
1116 * optimize away the function
1117 */
1118
1119double
1120mips_estimate(int num_trials, int *ignore) {
1121  clock_t t;
1122  int i, sum;
1123
1124  sum = 0;
1125  t = clock();
1126  for (i=0; i<num_trials; i++)
1127    sum += i;
1128  t = clock() - t;
1129
1130/*   printf("%d\n", sum); */
1131  *ignore = sum;
1132
1133  return (double) num_trials * CLOCKS_PER_SEC / t;
1134}
1135
1136
1137/*
1138 * srtp_validate() verifies the correctness of libsrtp by comparing
1139 * some computed packets against some pre-computed reference values.
1140 * These packets were made with the default SRTP policy.
1141 */
1142
1143
1144err_status_t
1145srtp_validate() {
1146  unsigned char test_key[30] = {
1147    0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
1148    0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
1149    0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
1150    0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
1151  };
1152  uint8_t srtp_plaintext_ref[28] = {
1153    0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1154    0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1155    0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1156    0xab, 0xab, 0xab, 0xab
1157  };
1158  uint8_t srtp_plaintext[38] = {
1159    0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1160    0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1161    0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1162    0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
1163    0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1164  };
1165  uint8_t srtp_ciphertext[38] = {
1166    0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1167    0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
1168    0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
1169    0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
1170    0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
1171  };
1172  srtp_t srtp_snd, srtp_recv;
1173  err_status_t status;
1174  int len;
1175  srtp_policy_t policy;
1176
1177  /*
1178   * create a session with a single stream using the default srtp
1179   * policy and with the SSRC value 0xcafebabe
1180   */
1181  crypto_policy_set_rtp_default(&policy.rtp);
1182  crypto_policy_set_rtcp_default(&policy.rtcp);
1183  policy.ssrc.type  = ssrc_specific;
1184  policy.ssrc.value = 0xcafebabe;
1185  policy.key  = test_key;
1186  policy.ekt = NULL;
1187  policy.window_size = 128;
1188  policy.allow_repeat_tx = 0;
1189  policy.next = NULL;
1190
1191  status = srtp_create(&srtp_snd, &policy);
1192  if (status)
1193    return status;
1194
1195  /*
1196   * protect plaintext, then compare with ciphertext
1197   */
1198  len = 28;
1199  status = srtp_protect(srtp_snd, srtp_plaintext, &len);
1200  if (status || (len != 38))
1201    return err_status_fail;
1202
1203  debug_print(mod_driver, "ciphertext:\n  %s",
1204	      octet_string_hex_string(srtp_plaintext, len));
1205  debug_print(mod_driver, "ciphertext reference:\n  %s",
1206	      octet_string_hex_string(srtp_ciphertext, len));
1207
1208  if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
1209    return err_status_fail;
1210
1211  /*
1212   * create a receiver session context comparable to the one created
1213   * above - we need to do this so that the replay checking doesn't
1214   * complain
1215   */
1216  status = srtp_create(&srtp_recv, &policy);
1217  if (status)
1218    return status;
1219
1220  /*
1221   * unprotect ciphertext, then compare with plaintext
1222   */
1223  status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
1224  if (status || (len != 28))
1225    return status;
1226
1227  if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
1228    return err_status_fail;
1229
1230  return err_status_ok;
1231}
1232
1233
1234err_status_t
1235srtp_create_big_policy(srtp_policy_t **list) {
1236  extern const srtp_policy_t *policy_array[];
1237  srtp_policy_t *p, *tmp;
1238  int i = 0;
1239  uint32_t ssrc = 0;
1240
1241  /* sanity checking */
1242  if ((list == NULL) || (policy_array[0] == NULL))
1243    return err_status_bad_param;
1244
1245  /*
1246   * loop over policy list, mallocing a new list and copying values
1247   * into it (and incrementing the SSRC value as we go along)
1248   */
1249  tmp = p = NULL;
1250  while (policy_array[i] != NULL) {
1251    p  = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
1252    if (p == NULL)
1253      return err_status_bad_param;
1254    memcpy(p, policy_array[i], sizeof(srtp_policy_t));
1255    p->ssrc.type = ssrc_specific;
1256    p->ssrc.value = ssrc++;
1257    p->next = tmp;
1258    tmp = p;
1259    i++;
1260  }
1261  *list = p;
1262
1263  return err_status_ok;
1264}
1265
1266err_status_t
1267srtp_test_remove_stream() {
1268  err_status_t status;
1269  srtp_policy_t *policy_list;
1270  srtp_t session;
1271  srtp_stream_t stream;
1272  /*
1273   * srtp_get_stream() is a libSRTP internal function that we declare
1274   * here so that we can use it to verify the correct operation of the
1275   * library
1276   */
1277  extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
1278
1279
1280  status = srtp_create_big_policy(&policy_list);
1281  if (status)
1282    return status;
1283
1284  status = srtp_create(&session, policy_list);
1285  if (status)
1286    return status;
1287
1288  /*
1289   * check for false positives by trying to remove a stream that's not
1290   * in the session
1291   */
1292  status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
1293  if (status != err_status_no_ctx)
1294    return err_status_fail;
1295
1296  /*
1297   * check for false negatives by removing stream 0x1, then
1298   * searching for streams 0x0 and 0x2
1299   */
1300  status = srtp_remove_stream(session, htonl(0x1));
1301  if (status != err_status_ok)
1302    return err_status_fail;
1303  stream = srtp_get_stream(session, htonl(0x0));
1304  if (stream == NULL)
1305    return err_status_fail;
1306  stream = srtp_get_stream(session, htonl(0x2));
1307  if (stream == NULL)
1308    return err_status_fail;
1309
1310  return err_status_ok;
1311}
1312
1313/*
1314 * srtp policy definitions - these definitions are used above
1315 */
1316
1317unsigned char test_key[30] = {
1318    0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
1319    0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
1320    0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
1321    0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
1322};
1323
1324
1325const srtp_policy_t default_policy = {
1326  { ssrc_any_outbound, 0 },  /* SSRC                           */
1327  {                      /* SRTP policy                    */
1328    AES_128_ICM,            /* cipher type                 */
1329    30,                     /* cipher key length in octets */
1330    HMAC_SHA1,              /* authentication func type    */
1331    16,                     /* auth key length in octets   */
1332    10,                     /* auth tag length in octets   */
1333    sec_serv_conf_and_auth  /* security services flag      */
1334  },
1335  {                      /* SRTCP policy                   */
1336    AES_128_ICM,            /* cipher type                 */
1337    30,                     /* cipher key length in octets */
1338    HMAC_SHA1,              /* authentication func type    */
1339    16,                     /* auth key length in octets   */
1340    10,                     /* auth tag length in octets   */
1341    sec_serv_conf_and_auth  /* security services flag      */
1342  },
1343  test_key,
1344  NULL,        /* indicates that EKT is not in use */
1345  128,         /* replay window size */
1346  0,           /* retransmission not allowed */
1347  NULL
1348};
1349
1350const srtp_policy_t aes_tmmh_policy = {
1351  { ssrc_any_outbound, 0 },     /* SSRC                        */
1352  {
1353    AES_128_ICM,            /* cipher type                 */
1354    30,                     /* cipher key length in octets */
1355    UST_TMMHv2,             /* authentication func type    */
1356    94,                     /* auth key length in octets   */
1357    4,                      /* auth tag length in octets   */
1358    sec_serv_conf_and_auth  /* security services flag      */
1359  },
1360  {
1361    AES_128_ICM,            /* cipher type                 */
1362    30,                     /* cipher key length in octets */
1363    UST_TMMHv2,             /* authentication func type    */
1364    94,                     /* auth key length in octets   */
1365    4,                      /* auth tag length in octets   */
1366    sec_serv_conf_and_auth  /* security services flag      */
1367  },
1368  test_key,
1369  NULL,        /* indicates that EKT is not in use */
1370  128,         /* replay window size */
1371  0,           /* retransmission not allowed */
1372  NULL
1373};
1374
1375const srtp_policy_t tmmh_only_policy = {
1376  { ssrc_any_outbound, 0 },     /* SSRC                        */
1377  {
1378    AES_128_ICM,            /* cipher type                 */
1379    30,                     /* cipher key length in octets */
1380    UST_TMMHv2,             /* authentication func type    */
1381    94,                     /* auth key length in octets   */
1382    4,                      /* auth tag length in octets   */
1383    sec_serv_auth           /* security services flag      */
1384  },
1385  {
1386    AES_128_ICM,            /* cipher type                 */
1387    30,                     /* cipher key length in octets */
1388    UST_TMMHv2,             /* authentication func type    */
1389    94,                     /* auth key length in octets   */
1390    4,                      /* auth tag length in octets   */
1391    sec_serv_auth           /* security services flag      */
1392  },
1393  test_key,
1394  NULL,        /* indicates that EKT is not in use */
1395  128,         /* replay window size */
1396  0,           /* retransmission not allowed */
1397  NULL
1398};
1399
1400const srtp_policy_t aes_only_policy = {
1401  { ssrc_any_outbound, 0 },     /* SSRC                        */
1402  {
1403    AES_128_ICM,            /* cipher type                 */
1404    30,                     /* cipher key length in octets */
1405    NULL_AUTH,              /* authentication func type    */
1406    0,                      /* auth key length in octets   */
1407    0,                      /* auth tag length in octets   */
1408    sec_serv_conf           /* security services flag      */
1409  },
1410  {
1411    AES_128_ICM,            /* cipher type                 */
1412    30,                     /* cipher key length in octets */
1413    NULL_AUTH,              /* authentication func type    */
1414    0,                      /* auth key length in octets   */
1415    0,                      /* auth tag length in octets   */
1416    sec_serv_conf           /* security services flag      */
1417  },
1418  test_key,
1419  NULL,        /* indicates that EKT is not in use */
1420  128,         /* replay window size */
1421  0,           /* retransmission not allowed */
1422  NULL
1423};
1424
1425const srtp_policy_t hmac_only_policy = {
1426  { ssrc_any_outbound, 0 },     /* SSRC                        */
1427  {
1428    NULL_CIPHER,            /* cipher type                 */
1429    0,                      /* cipher key length in octets */
1430    HMAC_SHA1,              /* authentication func type    */
1431    20,                     /* auth key length in octets   */
1432    4,                      /* auth tag length in octets   */
1433    sec_serv_auth           /* security services flag      */
1434  },
1435  {
1436    NULL_CIPHER,            /* cipher type                 */
1437    0,                      /* cipher key length in octets */
1438    HMAC_SHA1,              /* authentication func type    */
1439    20,                     /* auth key length in octets   */
1440    4,                      /* auth tag length in octets   */
1441    sec_serv_auth           /* security services flag      */
1442  },
1443  test_key,
1444  NULL,        /* indicates that EKT is not in use */
1445  128,         /* replay window size */
1446  0,           /* retransmission not allowed */
1447  NULL
1448};
1449
1450const srtp_policy_t null_policy = {
1451  { ssrc_any_outbound, 0 },     /* SSRC                        */
1452  {
1453    NULL_CIPHER,            /* cipher type                 */
1454    0,                      /* cipher key length in octets */
1455    NULL_AUTH,              /* authentication func type    */
1456    0,                      /* auth key length in octets   */
1457    0,                      /* auth tag length in octets   */
1458    sec_serv_none           /* security services flag      */
1459  },
1460  {
1461    NULL_CIPHER,            /* cipher type                 */
1462    0,                      /* cipher key length in octets */
1463    NULL_AUTH,              /* authentication func type    */
1464    0,                      /* auth key length in octets   */
1465    0,                      /* auth tag length in octets   */
1466    sec_serv_none           /* security services flag      */
1467  },
1468  test_key,
1469  NULL,        /* indicates that EKT is not in use */
1470  128,         /* replay window size */
1471  0,           /* retransmission not allowed */
1472  NULL
1473};
1474
1475uint8_t ekt_test_key[16] = {
1476  0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca,
1477  0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b
1478};
1479
1480#include "ekt.h"
1481
1482ekt_policy_ctx_t ekt_test_policy = {
1483  0xa5a5,                   /* SPI */
1484  EKT_CIPHER_AES_128_ECB,
1485  ekt_test_key,
1486  NULL
1487};
1488
1489const srtp_policy_t hmac_only_with_ekt_policy = {
1490  { ssrc_any_outbound, 0 },     /* SSRC                        */
1491  {
1492    NULL_CIPHER,            /* cipher type                 */
1493    0,                      /* cipher key length in octets */
1494    HMAC_SHA1,              /* authentication func type    */
1495    20,                     /* auth key length in octets   */
1496    4,                      /* auth tag length in octets   */
1497    sec_serv_auth           /* security services flag      */
1498  },
1499  {
1500    NULL_CIPHER,            /* cipher type                 */
1501    0,                      /* cipher key length in octets */
1502    HMAC_SHA1,              /* authentication func type    */
1503    20,                     /* auth key length in octets   */
1504    4,                      /* auth tag length in octets   */
1505    sec_serv_auth           /* security services flag      */
1506  },
1507  test_key,
1508  &ekt_test_policy,        /* indicates that EKT is not in use */
1509  128,         /* replay window size */
1510  0,           /* retransmission not allowed */
1511  NULL
1512};
1513
1514
1515/*
1516 * an array of pointers to the policies listed above
1517 *
1518 * This array is used to test various aspects of libSRTP for
1519 * different cryptographic policies.  The order of the elements
1520 * matters - the timing test generates output that can be used
1521 * in a plot (see the gnuplot script file 'timing').  If you
1522 * add to this list, you should do it at the end.
1523 */
1524
1525#define USE_TMMH 0
1526
1527const srtp_policy_t *
1528policy_array[] = {
1529  &hmac_only_policy,
1530#if USE_TMMH
1531  &tmmh_only_policy,
1532#endif
1533  &aes_only_policy,
1534#if USE_TMMH
1535  &aes_tmmh_policy,
1536#endif
1537  &default_policy,
1538  &null_policy,
1539  &hmac_only_with_ekt_policy,
1540  NULL
1541};
1542
1543const srtp_policy_t wildcard_policy = {
1544  { ssrc_any_outbound, 0 }, /* SSRC                        */
1545  {                      /* SRTP policy                    */
1546    AES_128_ICM,            /* cipher type                 */
1547    30,                     /* cipher key length in octets */
1548    HMAC_SHA1,              /* authentication func type    */
1549    16,                     /* auth key length in octets   */
1550    10,                     /* auth tag length in octets   */
1551    sec_serv_conf_and_auth  /* security services flag      */
1552  },
1553  {                      /* SRTCP policy                   */
1554    AES_128_ICM,            /* cipher type                 */
1555    30,                     /* cipher key length in octets */
1556    HMAC_SHA1,              /* authentication func type    */
1557    16,                     /* auth key length in octets   */
1558    10,                     /* auth tag length in octets   */
1559    sec_serv_conf_and_auth  /* security services flag      */
1560  },
1561  test_key,
1562  NULL,
1563  128,         /* replay window size */
1564  0,           /* retransmission not allowed */
1565  NULL
1566};
1567