From ffa7ed5770734a15d46c8f50948910c27116f55c Mon Sep 17 00:00:00 2001 From: Aaro Altonen Date: Thu, 3 Sep 2020 10:53:57 +0300 Subject: [PATCH] Fix RTP/RTCP authentication tag length The tag is truncated from 20 bytes to 4 bytes --- include/crypto.hh | 3 +++ include/queue.hh | 2 +- include/srtp/base.hh | 4 ++-- src/crypto.cc | 8 ++++++++ src/queue.cc | 6 +++--- src/srtp/srtp.cc | 6 +++--- 6 files changed, 20 insertions(+), 9 deletions(-) diff --git a/include/crypto.hh b/include/crypto.hh index 773d8d2..bc4954a 100644 --- a/include/crypto.hh +++ b/include/crypto.hh @@ -25,6 +25,9 @@ namespace uvg_rtp { void update(uint8_t *data, size_t len); void final(uint8_t *digest); + /* truncate digest to "size" bytes */ + void final(uint8_t *digest, size_t size); + private: CryptoPP::HMAC hmac_; }; diff --git a/include/queue.hh b/include/queue.hh index 1c55a8f..cf62071 100644 --- a/include/queue.hh +++ b/include/queue.hh @@ -67,7 +67,7 @@ namespace uvg_rtp { void *media_headers; /* Pointer to RTP authentication (if enabled) */ - uint64_t *rtp_auth_tags; + uint32_t *rtp_auth_tags; size_t chunk_ptr; size_t hdr_ptr; diff --git a/include/srtp/base.hh b/include/srtp/base.hh index 6e1507b..86b7c62 100644 --- a/include/srtp/base.hh +++ b/include/srtp/base.hh @@ -24,8 +24,8 @@ #define AES_KEY_LENGTH 16 /* 128 bits */ #define HMAC_KEY_LENGTH 32 /* 256 bits */ #define SALT_LENGTH 14 /* 112 bits */ -#define AUTH_TAG_LENGTH 8 -#define SRTCP_INDEX_LENGTH 8 +#define AUTH_TAG_LENGTH 4 +#define SRTCP_INDEX_LENGTH 4 namespace uvg_rtp { diff --git a/src/crypto.cc b/src/crypto.cc index be0dde2..b156148 100644 --- a/src/crypto.cc +++ b/src/crypto.cc @@ -24,6 +24,14 @@ void uvg_rtp::crypto::hmac::sha1::final(uint8_t *digest) hmac_.Final(digest); } +void uvg_rtp::crypto::hmac::sha1::final(uint8_t *digest, size_t size) +{ + uint8_t d[20] = { 0 }; + + hmac_.Final(d); + memcpy(digest, d, size); +} + /* ***************** hmac-sha256 ***************** */ uvg_rtp::crypto::hmac::sha256::sha256(uint8_t *key, size_t key_size): diff --git a/src/queue.cc b/src/queue.cc index 632e36f..f962c3a 100644 --- a/src/queue.cc +++ b/src/queue.cc @@ -80,7 +80,7 @@ rtp_error_t uvg_rtp::frame_queue::init_transaction() active_->dealloc_hook = dealloc_hook_; if (flags_ & RCE_SRTP_AUTHENTICATE_RTP) - active_->rtp_auth_tags = new uint64_t[max_mcount_]; + active_->rtp_auth_tags = new uint32_t[max_mcount_]; else active_->rtp_auth_tags = nullptr; @@ -251,7 +251,7 @@ rtp_error_t uvg_rtp::frame_queue::enqueue_message(uint8_t *message, size_t messa if (flags_ & RCE_SRTP_AUTHENTICATE_RTP) { tmp.push_back({ - sizeof(uint64_t), + sizeof(uint32_t), (uint8_t *)&active_->rtp_auth_tags[active_->rtpauth_ptr++] }); } @@ -292,7 +292,7 @@ rtp_error_t uvg_rtp::frame_queue::enqueue_message(std::vectorrtp_auth_tags[active_->rtpauth_ptr++] }); } diff --git a/src/srtp/srtp.cc b/src/srtp/srtp.cc index 0523d61..2416a34 100644 --- a/src/srtp/srtp.cc +++ b/src/srtp/srtp.cc @@ -51,12 +51,12 @@ rtp_error_t uvg_rtp::srtp::recv_packet_handler(void *arg, int flags, frame::rtp_ /* Calculate authentication tag for the packet and compare it against the one we received */ if (srtp->authenticate_rtp()) { - uint64_t digest = 0; + uint32_t digest = 0; auto hmac_sha1 = uvg_rtp::crypto::hmac::sha1(ctx->key_ctx.remote.auth_key, AES_KEY_LENGTH); hmac_sha1.update(frame->dgram, frame->dgram_size - AUTH_TAG_LENGTH); hmac_sha1.update((uint8_t *)&ctx->roc, sizeof(ctx->roc)); - hmac_sha1.final((uint8_t *)&digest); + hmac_sha1.final((uint8_t *)&digest, sizeof(uint32_t)); if (memcmp(&digest, &frame->dgram[frame->dgram_size - AUTH_TAG_LENGTH], AUTH_TAG_LENGTH)) { LOG_ERROR("Authentication tag mismatch!"); @@ -122,7 +122,7 @@ authenticate: hmac_sha1.update((uint8_t *)buffers[i].second, buffers[i].first); hmac_sha1.update((uint8_t *)&ctx->roc, sizeof(ctx->roc)); - hmac_sha1.final((uint8_t *)buffers[buffers.size() - 1].second); + hmac_sha1.final((uint8_t *)buffers[buffers.size() - 1].second, sizeof(uint32_t)); return ret; }