virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

Merge commit 'a2a991b2ddf951454ffceb7bcedc9db93e26c610'

Browse Source 
* commit 'a2a991b2ddf951454ffceb7bcedc9db93e26c610':
  srtp: Improve the minimum encryption buffer size check
  srtp: Add support for a few DTLS-SRTP related crypto suites

Conflicts:
	libavformat/version.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-01-21 15:00:45 +01:00
commit bc639dbd9b
3 changed files with 31 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
libavformat/srtp.c
View File

@ -69,10 +69,15 @@ int ff_srtp_set_crypto(struct SRTPContext *s, const char *suite,
ff_srtp_free(s); ff_srtp_free(s);
// RFC 4568 // RFC 4568
if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80")) { if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80") ||
s->hmac_size = 10; !strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_80")) {
s->rtp_hmac_size = s->rtcp_hmac_size = 10;
} else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_32")) { } else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_32")) {
s->hmac_size = 4; s->rtp_hmac_size = s->rtcp_hmac_size = 4;
} else if (!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_32")) {
// RFC 5764 section 4.1.2
s->rtp_hmac_size = 4;
s->rtcp_hmac_size = 10;
} else { } else {
av_log(NULL, AV_LOG_WARNING, "SRTP Crypto suite %s not supported\n", av_log(NULL, AV_LOG_WARNING, "SRTP Crypto suite %s not supported\n",
suite); suite);
@ -124,19 +129,23 @@ int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr)
int ext, av_uninit(seq_largest); int ext, av_uninit(seq_largest);
uint32_t ssrc, av_uninit(roc); uint32_t ssrc, av_uninit(roc);
uint64_t index; uint64_t index;
int rtcp; int rtcp, hmac_size;
// TODO: Missing replay protection // TODO: Missing replay protection
if (len < s->hmac_size) if (len < 2)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
rtcp = RTP_PT_IS_RTCP(buf[1]); rtcp = RTP_PT_IS_RTCP(buf[1]);
hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
if (len < hmac_size)
return AVERROR_INVALIDDATA;
// Authentication HMAC // Authentication HMAC
av_hmac_init(s->hmac, rtcp ? s->rtcp_auth : s->rtp_auth, sizeof(s->rtp_auth)); av_hmac_init(s->hmac, rtcp ? s->rtcp_auth : s->rtp_auth, sizeof(s->rtp_auth));
// If MKI is used, this should exclude the MKI as well // If MKI is used, this should exclude the MKI as well
av_hmac_update(s->hmac, buf, len - s->hmac_size); av_hmac_update(s->hmac, buf, len - hmac_size);
if (!rtcp) { if (!rtcp) {
int seq = AV_RB16(buf + 2); int seq = AV_RB16(buf + 2);
@ -166,12 +175,12 @@ int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr)
} }
av_hmac_final(s->hmac, hmac, sizeof(hmac)); av_hmac_final(s->hmac, hmac, sizeof(hmac));
if (memcmp(hmac, buf + len - s->hmac_size, s->hmac_size)) { if (memcmp(hmac, buf + len - hmac_size, hmac_size)) {
av_log(NULL, AV_LOG_WARNING, "HMAC mismatch\n"); av_log(NULL, AV_LOG_WARNING, "HMAC mismatch\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
len -= s->hmac_size; len -= hmac_size;
*lenptr = len; *lenptr = len;
if (len < 12) if (len < 12)
@ -231,19 +240,24 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
uint8_t iv[16] = { 0 }, hmac[20]; uint8_t iv[16] = { 0 }, hmac[20];
uint64_t index; uint64_t index;
uint32_t ssrc; uint32_t ssrc;
int rtcp; int rtcp, hmac_size, padding;
uint8_t *buf; uint8_t *buf;
if (len + 14 > outlen)
return 0;
if (len < 12) if (len < 12)
return 0; return 0;
rtcp = RTP_PT_IS_RTCP(in[1]);
hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
padding = hmac_size;
if (rtcp)
padding += 4; // For the RTCP index
if (len + padding > outlen)
return 0;
memcpy(out, in, len); memcpy(out, in, len);
buf = out; buf = out;
rtcp = RTP_PT_IS_RTCP(buf[1]);
if (rtcp) { if (rtcp) {
ssrc = AV_RB32(buf + 4); ssrc = AV_RB32(buf + 4);
index = s->rtcp_index++; index = s->rtcp_index++;
@ -300,8 +314,8 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
} }
av_hmac_final(s->hmac, hmac, sizeof(hmac)); av_hmac_final(s->hmac, hmac, sizeof(hmac));
memcpy(buf + len, hmac, s->hmac_size); memcpy(buf + len, hmac, hmac_size);
len += s->hmac_size; len += hmac_size;
return buf + len - out; return buf + len - out;
} }

2
libavformat/srtp.h
View File

@ -30,7 +30,7 @@ struct AVHMAC;
struct SRTPContext { struct SRTPContext {
struct AVAES *aes; struct AVAES *aes;
struct AVHMAC *hmac; struct AVHMAC *hmac;
int hmac_size; int rtp_hmac_size, rtcp_hmac_size;
uint8_t master_key[16]; uint8_t master_key[16];
uint8_t master_salt[14]; uint8_t master_salt[14];
uint8_t rtp_key[16], rtcp_key[16]; uint8_t rtp_key[16], rtcp_key[16];

2
libavformat/version.h
View File

@ -31,7 +31,7 @@
#define LIBAVFORMAT_VERSION_MAJOR 54 #define LIBAVFORMAT_VERSION_MAJOR 54
#define LIBAVFORMAT_VERSION_MINOR 61 #define LIBAVFORMAT_VERSION_MINOR 61
#define LIBAVFORMAT_VERSION_MICRO 101 #define LIBAVFORMAT_VERSION_MICRO 102
#define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \ #define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \
LIBAVFORMAT_VERSION_MINOR, \ LIBAVFORMAT_VERSION_MINOR, \