@@ -64,7 +64,9 @@ srtp_err_status_t srtp_validate(void);
6464
6565srtp_err_status_t srtp_validate_mki (void );
6666
67- srtp_err_status_t srtp_validate_null (void );
67+ srtp_err_status_t srtp_validate_null_sha1_80 (void );
68+
69+ srtp_err_status_t srtp_validate_null_null (void );
6870
6971srtp_err_status_t srtp_validate_cryptex (void );
7072
@@ -702,8 +704,17 @@ int main(int argc, char *argv[])
702704 }
703705
704706 printf ("testing srtp_protect and srtp_unprotect against "
705- "reference packet using null cipher and HMAC\n" );
706- if (srtp_validate_null () == srtp_err_status_ok ) {
707+ "reference packet using null cipher and SHA1-80 HMAC\n" );
708+ if (srtp_validate_null_sha1_80 () == srtp_err_status_ok ) {
709+ printf ("passed\n\n" );
710+ } else {
711+ printf ("failed\n" );
712+ exit (1 );
713+ }
714+
715+ printf ("testing srtp_protect and srtp_unprotect against "
716+ "reference packet using null cipher and null HMAC\n" );
717+ if (srtp_validate_null_null () == srtp_err_status_ok ) {
707718 printf ("passed\n\n" );
708719 } else {
709720 printf ("failed\n" );
@@ -2614,13 +2625,13 @@ srtp_err_status_t srtp_validate_mki(void)
26142625}
26152626
26162627/*
2617- * srtp_validate_null () verifies the correctness of libsrtp by comparing
2628+ * srtp_validate_null_sha1_80 () verifies the correctness of libsrtp by comparing
26182629 * some computed packets against some pre-computed reference values.
26192630 * These packets were made with a policy that applies null encryption
26202631 * and HMAC authentication.
26212632 */
26222633
2623- srtp_err_status_t srtp_validate_null (void )
2634+ srtp_err_status_t srtp_validate_null_sha1_80 (void )
26242635{
26252636 // clang-format off
26262637 uint8_t srtp_plaintext_ref [28 ] = {
@@ -2772,6 +2783,176 @@ srtp_err_status_t srtp_validate_null(void)
27722783 return srtp_err_status_ok ;
27732784}
27742785
2786+ /*
2787+ * srtp_validate_null_null() verifies the correctness of libsrtp by comparing
2788+ * some computed packets against some pre-computed reference values.
2789+ * These packets were made with a policy that applies null encryption
2790+ * and null authentication.
2791+ */
2792+
2793+ srtp_err_status_t srtp_validate_null_null (void )
2794+ {
2795+ // clang-format off
2796+ uint8_t srtp_plaintext_ref [28 ] = {
2797+ 0x80 , 0x0f , 0x12 , 0x34 , 0xde , 0xca , 0xfb , 0xad ,
2798+ 0xca , 0xfe , 0xba , 0xbe , 0xab , 0xab , 0xab , 0xab ,
2799+ 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab ,
2800+ 0xab , 0xab , 0xab , 0xab
2801+ };
2802+ uint8_t srtp_plaintext [28 ] = {
2803+ 0x80 , 0x0f , 0x12 , 0x34 , 0xde , 0xca , 0xfb , 0xad ,
2804+ 0xca , 0xfe , 0xba , 0xbe , 0xab , 0xab , 0xab , 0xab ,
2805+ 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab ,
2806+ 0xab , 0xab , 0xab , 0xab ,
2807+ };
2808+ uint8_t srtp_ciphertext [28 ] = {
2809+ 0x80 , 0x0f , 0x12 , 0x34 , 0xde , 0xca , 0xfb , 0xad ,
2810+ 0xca , 0xfe , 0xba , 0xbe , 0xab , 0xab , 0xab , 0xab ,
2811+ 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab ,
2812+ 0xab , 0xab , 0xab , 0xab ,
2813+ };
2814+ uint8_t rtcp_plaintext_ref [24 ] = {
2815+ 0x81 , 0xc8 , 0x00 , 0x0b , 0xca , 0xfe , 0xba , 0xbe ,
2816+ 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab ,
2817+ 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab ,
2818+ };
2819+ uint8_t rtcp_plaintext [28 ] = {
2820+ 0x81 , 0xc8 , 0x00 , 0x0b , 0xca , 0xfe , 0xba , 0xbe ,
2821+ 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab ,
2822+ 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab ,
2823+ 0x00 , 0x00 , 0x00 , 0x00 ,
2824+ };
2825+ uint8_t srtcp_ciphertext [28 ] = {
2826+ 0x81 , 0xc8 , 0x00 , 0x0b , 0xca , 0xfe , 0xba , 0xbe ,
2827+ 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab ,
2828+ 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab , 0xab ,
2829+ 0x00 , 0x00 , 0x00 , 0x01 ,
2830+ };
2831+ // clang-format on
2832+
2833+ srtp_t srtp_snd , srtp_recv ;
2834+ srtp_err_status_t status ;
2835+ size_t len ;
2836+ srtp_policy_t policy ;
2837+
2838+ /*
2839+ * create a session with a single stream using the default srtp
2840+ * policy and with the SSRC value 0xcafebabe
2841+ */
2842+ memset (& policy , 0 , sizeof (policy ));
2843+ srtp_crypto_policy_set_null_cipher_hmac_null (& policy .rtp );
2844+ srtp_crypto_policy_set_null_cipher_hmac_null (& policy .rtcp );
2845+ policy .ssrc .type = ssrc_specific ;
2846+ policy .ssrc .value = 0xcafebabe ;
2847+ /*
2848+ * We need some non-zero value set here
2849+ */
2850+ policy .key = (void * )(uintptr_t )-1 ;
2851+ policy .window_size = 128 ;
2852+ policy .allow_repeat_tx = false;
2853+ policy .next = NULL ;
2854+
2855+ status = srtp_create (& srtp_snd , & policy );
2856+ if (status ) {
2857+ return status ;
2858+ }
2859+
2860+ /*
2861+ * protect plaintext, then compare with ciphertext
2862+ */
2863+ len = 28 ;
2864+ status = call_srtp_protect (srtp_snd , srtp_plaintext , & len , 0 );
2865+ if (!status && (len != 28 )) {
2866+ status = srtp_err_status_fail ;
2867+ }
2868+ if (status ) {
2869+ return status ;
2870+ }
2871+
2872+ debug_print (mod_driver , "ciphertext:\n %s" ,
2873+ octet_string_hex_string (srtp_plaintext , len ));
2874+ debug_print (mod_driver , "ciphertext reference:\n %s" ,
2875+ octet_string_hex_string (srtp_ciphertext , len ));
2876+
2877+ if (!srtp_octet_string_equal (srtp_plaintext , srtp_ciphertext , len )) {
2878+ return srtp_err_status_fail ;
2879+ }
2880+
2881+ /*
2882+ * protect plaintext rtcp, then compare with srtcp ciphertext
2883+ */
2884+ len = 24 ;
2885+ status = call_srtp_protect_rtcp (srtp_snd , rtcp_plaintext , & len , 0 );
2886+ if (!status && (len != 28 )) {
2887+ status = srtp_err_status_fail ;
2888+ }
2889+ if (status ) {
2890+ return status ;
2891+ }
2892+
2893+ debug_print (mod_driver , "srtcp ciphertext:\n %s" ,
2894+ octet_string_hex_string (rtcp_plaintext , len ));
2895+ debug_print (mod_driver , "srtcp ciphertext reference:\n %s" ,
2896+ octet_string_hex_string (srtcp_ciphertext , len ));
2897+
2898+ if (!srtp_octet_string_equal (rtcp_plaintext , srtcp_ciphertext , len )) {
2899+ return srtp_err_status_fail ;
2900+ }
2901+
2902+ /*
2903+ * create a receiver session context comparable to the one created
2904+ * above - we need to do this so that the replay checking doesn't
2905+ * complain
2906+ */
2907+ status = srtp_create (& srtp_recv , & policy );
2908+ if (status ) {
2909+ return status ;
2910+ }
2911+
2912+ /*
2913+ * unprotect ciphertext, then compare with plaintext
2914+ */
2915+ status = call_srtp_unprotect (srtp_recv , srtp_ciphertext , & len );
2916+ if (!status && (len != 28 )) {
2917+ status = srtp_err_status_fail ;
2918+ }
2919+ if (status ) {
2920+ return status ;
2921+ }
2922+
2923+ if (!srtp_octet_string_equal (srtp_ciphertext , srtp_plaintext_ref , len )) {
2924+ return srtp_err_status_fail ;
2925+ }
2926+
2927+ /*
2928+ * unprotect srtcp ciphertext, then compare with rtcp plaintext
2929+ */
2930+ len = 28 ;
2931+ status = call_srtp_unprotect_rtcp (srtp_recv , srtcp_ciphertext , & len );
2932+ if (!status && (len != 24 )) {
2933+ status = srtp_err_status_fail ;
2934+ }
2935+ if (status ) {
2936+ return status ;
2937+ }
2938+
2939+ if (!srtp_octet_string_equal (srtcp_ciphertext , rtcp_plaintext_ref , len )) {
2940+ return srtp_err_status_fail ;
2941+ }
2942+
2943+ status = srtp_dealloc (srtp_snd );
2944+ if (status ) {
2945+ return status ;
2946+ }
2947+
2948+ status = srtp_dealloc (srtp_recv );
2949+ if (status ) {
2950+ return status ;
2951+ }
2952+
2953+ return srtp_err_status_ok ;
2954+ }
2955+
27752956/*
27762957 * srtp_validate_cryptex() verifies the correctness of libsrtp by comparing
27772958 * some computed packets against some pre-computed reference values.
0 commit comments