Skip to content

Commit

Permalink
implement not in-place api's for protect/unprotect
Browse files Browse the repository at this point in the history 
The protect/unprotect api's can now operate both in-place or not in-place, depending on the requirements of the caller.
The length of the out buffer can now be checked to ensure there is sufficient space.

Tests are add to verify validation of the output buffer length.
  • Loading branch information
@pabuhler
pabuhler committed Apr 30, 2024
1 parent a15e63d commit 8b50c31
Show file tree
Hide file tree
Showing 6 changed files with 1,100 additions and 534 deletions.
16 changes: 12 additions & 4 deletions fuzzer/fuzzer.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,31 +187,39 @@ static srtp_err_status_t fuzz_srtp_protect(srtp_t srtp_sender,
size_t *len,
size_t mki)
{
return srtp_protect(srtp_sender, hdr, len, mki);
size_t out_len = *len + SRTP_MAX_TRAILER_LEN;
srtp_err_status_t s =
srtp_protect(srtp_sender, hdr, *len, hdr, &out_len, mki);
*len = out_len;
return s;
}

static srtp_err_status_t fuzz_srtp_unprotect(srtp_t srtp_sender,
void *hdr,
size_t *len,
size_t mki)
{
return srtp_unprotect(srtp_sender, hdr, len);
return srtp_unprotect(srtp_sender, hdr, *len, hdr, len);
}

static srtp_err_status_t fuzz_srtp_protect_rtcp(srtp_t srtp_sender,
void *hdr,
size_t *len,
size_t mki)
{
return srtp_protect_rtcp(srtp_sender, hdr, len, mki);
size_t out_len = *len + SRTP_MAX_SRTCP_TRAILER_LEN;
srtp_err_status_t s =
srtp_protect_rtcp(srtp_sender, hdr, *len, hdr, &out_len, mki);
*len = out_len;
return s;
}

static srtp_err_status_t fuzz_srtp_unprotect_rtcp(srtp_t srtp_sender,
void *hdr,
size_t *len,
size_t mki)
{
return srtp_unprotect_rtcp(srtp_sender, hdr, len);
return srtp_unprotect_rtcp(srtp_sender, hdr, *len, hdr, len);
}

/* Get protect length functions */
Expand Down
52 changes: 17 additions & 35 deletions include/srtp.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -426,18 +426,13 @@ srtp_err_status_t srtp_shutdown(void);
* - srtp_err_status_replay_fail rtp sequence number was non-increasing
* - @e other failure in cryptographic mechanisms
*/
srtp_err_status_t srtp_protect(srtp_ctx_t *ctx,
uint8_t *rtp_hdr,
size_t *pkt_octet_len,
srtp_err_status_t srtp_protect(srtp_t ctx,
const uint8_t *rtp,
size_t rtp_len,
uint8_t *srtp,
size_t *srtp_len,
size_t mki_index);

srtp_err_status_t srtp_protect2(srtp_t ctx,
const uint8_t *rtp,
size_t rtp_len,
uint8_t *srtp,
size_t *srtp_len,
size_t mki_index);

/**
* @brief srtp_unprotect() is the Secure RTP receiver-side packet
* processing function.
Expand Down Expand Up @@ -480,14 +475,10 @@ srtp_err_status_t srtp_protect2(srtp_t ctx,
*
*/
srtp_err_status_t srtp_unprotect(srtp_t ctx,
uint8_t *srtp_hdr,
size_t *len_ptr);

srtp_err_status_t srtp_unprotect2(srtp_t ctx,
const uint8_t *srtp,
size_t srtp_len,
uint8_t *rtp,
size_t *rtp_len);
const uint8_t *srtp,
size_t srtp_len,
uint8_t *rtp,
size_t *rtp_len);

/**
* @brief srtp_create() allocates and initializes an SRTP session.
Expand Down Expand Up @@ -1161,17 +1152,12 @@ void srtp_append_salt_to_key(uint8_t *key,
* the cryptographic mechanisms.
*/
srtp_err_status_t srtp_protect_rtcp(srtp_t ctx,
uint8_t *rtcp_hdr,
size_t *pkt_octet_len,
const uint8_t *rtcp,
size_t rtcp_len,
uint8_t *srtcp,
size_t *srtcp_len,
size_t mki_index);

srtp_err_status_t srtp_protect_rtcp2(srtp_t ctx,
const uint8_t *rtcp,
size_t rtcp_len,
uint8_t *srtcp,
size_t *srtcp_len,
size_t mki_index);

/**
* @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet
* processing function.
Expand Down Expand Up @@ -1213,14 +1199,10 @@ srtp_err_status_t srtp_protect_rtcp2(srtp_t ctx,
*
*/
srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx,
uint8_t *srtcp_hdr,
size_t *pkt_octet_len);

srtp_err_status_t srtp_unprotect_rtcp2(srtp_t ctx,
const uint8_t *srtcp,
size_t srtcp_len,
uint8_t *rtcp,
size_t *rtcp_len);
const uint8_t *srtcp,
size_t srtcp_len,
uint8_t *rtcp,
size_t *rtcp_len);

/**
* @defgroup User data associated to a SRTP session.
Expand Down
Loading

0 comments on commit 8b50c31

Please sign in to comment.