Skip to content

Commit e835517

Browse files
kaleb-himeskaleb-himes
committed
SRTCP 32-bit indices default plus errata 48-bit indices
1 parent 69be7a7 commit e835517

2 files changed

Lines changed: 33 additions & 7 deletions

File tree

wolfcrypt/src/kdf.c

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1099,9 +1099,9 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
10991099
* @return MEMORY_E on dynamic memory allocation failure.
11001100
* @return 0 on success.
11011101
*/
1102-
int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
1102+
int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
11031103
int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2,
1104-
word32 key2Sz, byte* key3, word32 key3Sz)
1104+
word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator)
11051105
{
11061106
int ret = 0;
11071107
byte block[AES_BLOCK_SIZE];
@@ -1111,6 +1111,15 @@ int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
11111111
Aes aes[1];
11121112
#endif
11131113
int aes_inited = 0;
1114+
int idxLen;
1115+
1116+
if (idxLenIndicator == WC_SRTCP_32BIT_IDX) {
1117+
idxLen = WC_SRTCP_INDEX_LEN;
1118+
} else if (idxLenIndicator == WC_SRTCP_48BIT_IDX) {
1119+
idxLen = WC_SRTP_INDEX_LEN;
1120+
} else {
1121+
return BAD_FUNC_ARG; /* bad or invalid idxLenIndicator */
1122+
}
11141123

11151124
/* Validate parameters. */
11161125
if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) ||
@@ -1142,23 +1151,22 @@ int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
11421151

11431152
/* Calculate first block that can be used in each derivation. */
11441153
if (ret == 0) {
1145-
wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, index, WC_SRTCP_INDEX_LEN,
1146-
block);
1154+
wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, index, idxLen, block);
11471155
}
11481156

11491157
/* Calculate first key if required. */
11501158
if ((ret == 0) && (key1 != NULL)) {
1151-
ret = wc_srtp_kdf_derive_key(block, WC_SRTCP_INDEX_LEN,
1159+
ret = wc_srtp_kdf_derive_key(block, idxLen,
11521160
WC_SRTCP_LABEL_ENCRYPTION, key1, key1Sz, aes);
11531161
}
11541162
/* Calculate second key if required. */
11551163
if ((ret == 0) && (key2 != NULL)) {
1156-
ret = wc_srtp_kdf_derive_key(block, WC_SRTCP_INDEX_LEN,
1164+
ret = wc_srtp_kdf_derive_key(block, idxLen,
11571165
WC_SRTCP_LABEL_MSG_AUTH, key2, key2Sz, aes);
11581166
}
11591167
/* Calculate third key if required. */
11601168
if ((ret == 0) && (key3 != NULL)) {
1161-
ret = wc_srtp_kdf_derive_key(block, WC_SRTCP_INDEX_LEN,
1169+
ret = wc_srtp_kdf_derive_key(block, idxLen,
11621170
WC_SRTCP_LABEL_SALT, key3, key3Sz, aes);
11631171
}
11641172

@@ -1170,6 +1178,15 @@ int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
11701178
return ret;
11711179
}
11721180

1181+
int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
1182+
int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2,
1183+
word32 key2Sz, byte* key3, word32 key3Sz)
1184+
{
1185+
/* The default 32-bit IDX expected by many implementations */
1186+
return wc_SRTCP_KDF_ex(key, keySz, salt, saltSz, kdrIdx, index,
1187+
key1, key1Sz, key2, key2Sz, key3, key3Sz,
1188+
WC_SRTCP_32BIT_IDX);
1189+
}
11731190
/* Derive key with label using SRTP KDF algorithm.
11741191
*
11751192
* SP 800-135 (RFC 3711).

wolfssl/wolfcrypt/kdf.h

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -137,6 +137,12 @@ WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId,
137137
/* Length of index for SRTCP KDF. */
138138
#define WC_SRTCP_INDEX_LEN 4
139139

140+
/* Indicators */
141+
enum {
142+
WC_SRTCP_32BIT_IDX = 0,
143+
WC_SRTCP_48BIT_IDX = 1,
144+
};
145+
140146
/* Maximum length of salt that can be used with SRTP/SRTCP. */
141147
#define WC_SRTP_MAX_SALT 14
142148

@@ -146,6 +152,9 @@ WOLFSSL_API int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt,
146152
WOLFSSL_API int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt,
147153
word32 saltSz, int kdrIdx, const byte* index, byte* key1, word32 key1Sz,
148154
byte* key2, word32 key2Sz, byte* key3, word32 key3Sz);
155+
WOLFSSL_API int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt,
156+
word32 saltSz, int kdrIdx, const byte* index, byte* key1, word32 key1Sz,
157+
byte* key2, word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator);
149158
WOLFSSL_API int wc_SRTP_KDF_label(const byte* key, word32 keySz,
150159
const byte* salt, word32 saltSz, int kdrIdx, const byte* index, byte label,
151160
byte* outKey, word32 outKeySz);

0 commit comments

Comments
 (0)