diff --git a/srtp/srtp.c b/srtp/srtp.c index 75b71fb6e..6acc09646 100644 --- a/srtp/srtp.c +++ b/srtp/srtp.c @@ -75,10 +75,14 @@ srtp_debug_module_t mod_srtp = { #define octets_in_rtp_header 12 #define uint32s_in_rtp_header 3 -#define octets_in_rtcp_header 8 -#define uint32s_in_rtcp_header 2 #define octets_in_rtp_extn_hdr 4 +#define rtcp_type_sr 200 +#define rtcp_type_rr 201 +#define rtcp_type_sdes 202 +#define rtcp_type_bye 203 +#define rtcp_type_app 204 + static srtp_err_status_t srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) { @@ -3611,6 +3615,19 @@ static srtp_err_status_t srtp_calc_aead_iv_srtcp( return srtp_err_status_ok; } +/* + * This function returns the number of rtcp header octets depending on packet type + */ +static uint32_t get_octets_in_rtcp_header(uint32_t packet_type) +{ + switch (packet_type) { + case rtcp_type_app: + return 12; + default: + return 8; + } +} + /* * This code handles AEAD ciphers for outgoing RTCP. We currently support * AES-GCM mode with 128 or 256 bit keys. @@ -3629,11 +3646,17 @@ static srtp_err_status_t srtp_protect_rtcp_aead( unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_err_status_t status; + uint32_t octets_in_rtcp_header; + uint32_t uint32s_in_rtcp_header; uint32_t tag_len; uint32_t seq_num; v128_t iv; uint32_t tseq; unsigned int mki_size = 0; + + /* get the number of octets and uint32s in rtcp header, depending on packet type */ + octets_in_rtcp_header = get_octets_in_rtcp_header(hdr->pt); + uint32s_in_rtcp_header = octets_in_rtcp_header / 4; /* get tag length from stream context */ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); @@ -3800,6 +3823,8 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead( unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_err_status_t status; + uint32_t octets_in_rtcp_header; + uint32_t uint32s_in_rtcp_header; int tag_len; unsigned int tmp_len; uint32_t seq_num; @@ -3807,6 +3832,10 @@ static srtp_err_status_t srtp_unprotect_rtcp_aead( uint32_t tseq; unsigned int mki_size = 0; + /* get the number of octets and uint32s in rtcp header, depending on packet type */ + octets_in_rtcp_header = get_octets_in_rtcp_header(hdr->pt); + uint32s_in_rtcp_header = octets_in_rtcp_header / 4; + /* get tag length from stream context */ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); @@ -4001,6 +4030,8 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_err_status_t status; + uint32_t octets_in_rtcp_header; + uint32_t uint32s_in_rtcp_header; int tag_len; srtp_stream_ctx_t *stream; uint32_t prefix_len; @@ -4010,6 +4041,10 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, /* we assume the hdr is 32-bit aligned to start */ + /* get the number of octets and uint32s in rtcp header, depending on packet type */ + octets_in_rtcp_header = get_octets_in_rtcp_header(hdr->pt); + uint32s_in_rtcp_header = octets_in_rtcp_header / 4; + /* check the packet length - it must at least contain a full header */ if (*pkt_octet_len < octets_in_rtcp_header) return srtp_err_status_bad_param; @@ -4234,6 +4269,8 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; srtp_err_status_t status; unsigned int auth_len; + uint32_t octets_in_rtcp_header; + uint32_t uint32s_in_rtcp_header; int tag_len; srtp_stream_ctx_t *stream; uint32_t prefix_len; @@ -4245,6 +4282,10 @@ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, /* we assume the hdr is 32-bit aligned to start */ + /* get the number of octets and uint32s in rtcp header, depending on packet type */ + octets_in_rtcp_header = get_octets_in_rtcp_header(hdr->pt); + uint32s_in_rtcp_header = octets_in_rtcp_header / 4; + if (*pkt_octet_len < 0) return srtp_err_status_bad_param;