Merge pull request cisco#683 from pabuhler/remove-gcm-8-byte-tag

remove support for gcm_x_8

Author: pabuhler

fuzzer/fuzzer.h

@@ -150,16 +150,8 @@ const struct fuzz_srtp_crypto_policy_func_ext fuzz_srtp_crypto_policies[] = {
       "srtp_crypto_policy_set_aes_cm_192_null_auth" },
     { srtp_crypto_policy_set_aes_gcm_128_16_auth,
       "srtp_crypto_policy_set_aes_gcm_128_16_auth" },
-    { srtp_crypto_policy_set_aes_gcm_128_8_auth,
-      "srtp_crypto_policy_set_aes_gcm_128_8_auth" },
-    { srtp_crypto_policy_set_aes_gcm_128_8_only_auth,
-      "srtp_crypto_policy_set_aes_gcm_128_8_only_auth" },
     { srtp_crypto_policy_set_aes_gcm_256_16_auth,
       "srtp_crypto_policy_set_aes_gcm_256_16_auth" },
-    { srtp_crypto_policy_set_aes_gcm_256_8_auth,
-      "srtp_crypto_policy_set_aes_gcm_256_8_auth" },
-    { srtp_crypto_policy_set_aes_gcm_256_8_only_auth,
-      "srtp_crypto_policy_set_aes_gcm_256_8_only_auth" },
 #endif
 };
 

include/srtp.h

@@ -1022,98 +1022,6 @@ void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p);
  */
 void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p);
 
-/**
- * @brief srtp_crypto_policy_set_aes_gcm_128_8_auth() sets a crypto
- * policy structure to an AEAD encryption policy.
- *
- * @param p is a pointer to the policy structure to be set
- *
- * The function call srtp_crypto_policy_set_aes_gcm_128_8_auth(&p) sets
- * the srtp_crypto_policy_t at location p to use the SRTP default cipher
- * (AES-128 Galois Counter Mode) with 8 octet auth tag.  This
- * policy applies confidentiality and authentication to both the
- * RTP and RTCP packets.
- *
- * This function is a convenience that helps to avoid dealing directly
- * with the policy data structure.  You are encouraged to initialize
- * policy elements with this function call.  Doing so may allow your
- * code to be forward compatible with later versions of libSRTP that
- * include more elements in the srtp_crypto_policy_t datatype.
- *
- * @return void.
- *
- */
-void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p);
-
-/**
- * @brief srtp_crypto_policy_set_aes_gcm_256_8_auth() sets a crypto
- * policy structure to an AEAD encryption policy
- *
- * @param p is a pointer to the policy structure to be set
- *
- * The function call srtp_crypto_policy_set_aes_gcm_256_8_auth(&p) sets
- * the srtp_crypto_policy_t at location p to use the SRTP default cipher
- * (AES-256 Galois Counter Mode) with 8 octet auth tag.  This
- * policy applies confidentiality and authentication to both the
- * RTP and RTCP packets.
- *
- * This function is a convenience that helps to avoid dealing directly
- * with the policy data structure.  You are encouraged to initialize
- * policy elements with this function call.  Doing so may allow your
- * code to be forward compatible with later versions of libSRTP that
- * include more elements in the srtp_crypto_policy_t datatype.
- *
- * @return void.
- *
- */
-void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p);
-
-/**
- * @brief srtp_crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto
- * policy structure to an AEAD authentication-only policy
- *
- * @param p is a pointer to the policy structure to be set
- *
- * The function call srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets
- * the srtp_crypto_policy_t at location p to use the SRTP default cipher
- * (AES-128 Galois Counter Mode) with 8 octet auth tag.  This policy
- * applies confidentiality and authentication to the RTP packets,
- * but only authentication to the RTCP packets.
- *
- * This function is a convenience that helps to avoid dealing directly
- * with the policy data structure.  You are encouraged to initialize
- * policy elements with this function call.  Doing so may allow your
- * code to be forward compatible with later versions of libSRTP that
- * include more elements in the srtp_crypto_policy_t datatype.
- *
- * @return void.
- *
- */
-void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p);
-
-/**
- * @brief srtp_crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto
- * policy structure to an AEAD authentication-only policy
- *
- * @param p is a pointer to the policy structure to be set
- *
- * The function call srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets
- * the srtp_crypto_policy_t at location p to use the SRTP default cipher
- * (AES-256 Galois Counter Mode) with 8 octet auth tag.  This policy
- * applies confidentiality and authentication to the RTP packets,
- * but only authentication to the RTCP packets.
- *
- * This function is a convenience that helps to avoid dealing directly
- * with the policy data structure.  You are encouraged to initialize
- * policy elements with this function call.  Doing so may allow your
- * code to be forward compatible with later versions of libSRTP that
- * include more elements in the srtp_crypto_policy_t datatype.
- *
- * @return void.
- *
- */
-void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p);
-
 /**
  * @brief srtp_crypto_policy_set_aes_gcm_128_16_auth() sets a crypto
  * policy structure to an AEAD encryption policy.

srtp.def

@@ -23,10 +23,6 @@ srtp_crypto_policy_set_aes_cm_192_null_auth
 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80
 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32
 srtp_crypto_policy_set_aes_cm_256_null_auth
-srtp_crypto_policy_set_aes_gcm_128_8_auth
-srtp_crypto_policy_set_aes_gcm_256_8_auth
-srtp_crypto_policy_set_aes_gcm_128_8_only_auth
-srtp_crypto_policy_set_aes_gcm_256_8_only_auth
 srtp_crypto_policy_set_aes_gcm_128_16_auth
 srtp_crypto_policy_set_aes_gcm_256_16_auth
 srtp_dealloc

srtp/srtp.c

@@ -3452,58 +3452,6 @@ void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p)
     p->sec_serv = sec_serv_conf;
 }
 
-/*
- * AES-128 GCM mode with 8 octet auth tag.
- */
-void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p)
-{
-    p->cipher_type = SRTP_AES_GCM_128;
-    p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT;
-    p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
-    p->auth_key_len = 0;
-    p->auth_tag_len = 8; /* 8 octet tag length */
-    p->sec_serv = sec_serv_conf_and_auth;
-}
-
-/*
- * AES-256 GCM mode with 8 octet auth tag.
- */
-void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p)
-{
-    p->cipher_type = SRTP_AES_GCM_256;
-    p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT;
-    p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
-    p->auth_key_len = 0;
-    p->auth_tag_len = 8; /* 8 octet tag length */
-    p->sec_serv = sec_serv_conf_and_auth;
-}
-
-/*
- * AES-128 GCM mode with 8 octet auth tag, no RTCP encryption.
- */
-void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p)
-{
-    p->cipher_type = SRTP_AES_GCM_128;
-    p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT;
-    p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
-    p->auth_key_len = 0;
-    p->auth_tag_len = 8;         /* 8 octet tag length */
-    p->sec_serv = sec_serv_auth; /* This only applies to RTCP */
-}
-
-/*
- * AES-256 GCM mode with 8 octet auth tag, no RTCP encryption.
- */
-void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p)
-{
-    p->cipher_type = SRTP_AES_GCM_256;
-    p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT;
-    p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
-    p->auth_key_len = 0;
-    p->auth_tag_len = 8;         /* 8 octet tag length */
-    p->sec_serv = sec_serv_auth; /* This only applies to RTCP */
-}
-
 /*
  * AES-128 GCM mode with 16 octet auth tag.
  */

test/rtp_decoder.c

@@ -320,9 +320,8 @@ int main(int argc, char *argv[])
         }
     }
 
-    if (gcm_on && scs.tag_size != 8 && scs.tag_size != 16) {
-        fprintf(stderr, "error: GCM tag size must be 8 or 16 (%d)\n",
-                scs.tag_size);
+    if (gcm_on && scs.tag_size != 16) {
+        fprintf(stderr, "error: GCM tag size must be 16 (%d)\n", scs.tag_size);
         exit(1);
     }
 
@@ -379,24 +378,12 @@ int main(int argc, char *argv[])
 #ifdef OPENSSL
                 switch (scs.key_size) {
                 case 128:
-                    if (scs.tag_size == 16) {
-                        srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
-                        srtp_crypto_policy_set_aes_gcm_128_16_auth(
-                            &policy.rtcp);
-                    } else {
-                        srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
-                        srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
-                    }
+                    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
                     break;
                 case 256:
-                    if (scs.tag_size == 16) {
-                        srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
-                        srtp_crypto_policy_set_aes_gcm_256_16_auth(
-                            &policy.rtcp);
-                    } else {
-                        srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
-                        srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
-                    }
+                    srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
                     break;
                 }
 #else
@@ -495,14 +482,16 @@ int main(int argc, char *argv[])
 #ifdef OPENSSL
                 switch (scs.key_size) {
                 case 128:
-                    srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
-                    srtp_crypto_policy_set_aes_gcm_128_8_only_auth(
-                        &policy.rtcp);
+                    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+                    policy.rtp.sec_serv = sec_serv_auth;
+                    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
+                    policy.rtcp.sec_serv = sec_serv_auth;
                     break;
                 case 256:
-                    srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
-                    srtp_crypto_policy_set_aes_gcm_256_8_only_auth(
-                        &policy.rtcp);
+                    srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
+                    policy.rtp.sec_serv = sec_serv_auth;
+                    srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
+                    policy.rtcp.sec_serv = sec_serv_auth;
                     break;
                 }
 #else

test/rtpw.c

@@ -378,12 +378,12 @@ int main(int argc, char *argv[])
 #ifdef GCM
                 switch (key_size) {
                 case 128:
-                    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
-                    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+                    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
                     break;
                 case 256:
-                    srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
-                    srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+                    srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
                     break;
                 }
 #else
@@ -427,14 +427,16 @@ int main(int argc, char *argv[])
 #ifdef GCM
                 switch (key_size) {
                 case 128:
-                    srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
-                    srtp_crypto_policy_set_aes_gcm_128_8_only_auth(
-                        &policy.rtcp);
+                    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+                    policy.rtp.sec_serv = sec_serv_auth;
+                    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
+                    policy.rtcp.sec_serv = sec_serv_auth;
                     break;
                 case 256:
-                    srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
-                    srtp_crypto_policy_set_aes_gcm_256_8_only_auth(
-                        &policy.rtcp);
+                    srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
+                    policy.rtp.sec_serv = sec_serv_auth;
+                    srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
+                    policy.rtcp.sec_serv = sec_serv_auth;
                     break;
                 }
 #else

test/srtp_driver.c

@@ -2373,25 +2373,27 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void)
         0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
         0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
     };
-    uint8_t srtp_plaintext[64] = {
+    uint8_t srtp_plaintext[72] = {
         0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
         0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
         0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
         0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
         0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
         0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
         0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
     };
-    uint8_t srtp_ciphertext[64] = {
+    uint8_t srtp_ciphertext[72] = {
         0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
         0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
         0x17, 0x12, 0xe0, 0x20, 0x5b, 0xfa, 0x94, 0x9b,
         0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0xbb, 0x46,
         0x73, 0x27, 0x78, 0xd9, 0x92, 0x9a, 0xab, 0x00,
         0x0e, 0xca, 0x0c, 0xf9, 0x5e, 0xe9, 0x55, 0xb2,
         0x6c, 0xd3, 0xd2, 0x88, 0xb4, 0x9f, 0x6c, 0xa9,
-        0xf4, 0xb1, 0xb7, 0x59, 0x71, 0x9e, 0xb5, 0xbc
+        0xf4, 0xb1, 0xb7, 0x59, 0x71, 0x9e, 0xb5, 0xbc,
+        0x11, 0x3b, 0x9f, 0xf1, 0xd4, 0x0c, 0xd2, 0x5a
     };
     // clang-format on
 
@@ -2406,8 +2408,8 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void)
      * policy and with the SSRC value 0xcafebabe
      */
     memset(&policy, 0, sizeof(policy));
-    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
-    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
     policy.ssrc.type = ssrc_specific;
     policy.ssrc.value = 0xcafebabe;
     policy.key = test_key_ext_headers;
@@ -2429,9 +2431,9 @@ srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void)
     if (status || (len != sizeof(srtp_plaintext)))
         return srtp_err_status_fail;
 
-    debug_print(mod_driver, "ciphertext:\n  %s",
+    debug_print(mod_driver, " ? ciphertext:\n  %s",
                 srtp_octet_string_hex_string(srtp_plaintext, len));
-    debug_print(mod_driver, "ciphertext reference:\n  %s",
+    debug_print(mod_driver, " ? ciphertext reference:\n  %s",
                 srtp_octet_string_hex_string(srtp_ciphertext, len));
 
     if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
@@ -2723,8 +2725,8 @@ srtp_err_status_t srtp_test_empty_payload_gcm(void)
      * policy and with the SSRC value 0xcafebabe
      */
     memset(&policy, 0, sizeof(policy));
-    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
-    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
     policy.ssrc.type = ssrc_specific;
     policy.ssrc.value = 0xcafebabe;
     policy.key = test_key;
@@ -2745,7 +2747,7 @@ srtp_err_status_t srtp_test_empty_payload_gcm(void)
     status = srtp_protect(srtp_snd, mesg, &len);
     if (status) {
         return status;
-    } else if (len != 12 + 8) {
+    } else if (len != 12 + 16) {
         return srtp_err_status_fail;
     }