From 63516961b24808c77ce76a3761accf283dded4dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pascal=20B=C3=BChler?= Date: Tue, 14 Jan 2025 17:50:34 +0100 Subject: [PATCH 1/2] add cipher test that verifies multiple packets libSRTP will allocate and initialize a cipher once and then use it to encrypt or decrypt multiple packets. Between each operation a new IV will be set, the IV is unique for each packet. This test will ensure that cipher implementations support this. The test vectors are based on examples in RFC 9335 . --- crypto/test/cipher_driver.c | 379 ++++++++++++++++++++++++++++++++++++ test/util.c | 10 + 2 files changed, 389 insertions(+) diff --git a/crypto/test/cipher_driver.c b/crypto/test/cipher_driver.c index a61ff19b1..ea64636a0 100644 --- a/crypto/test/cipher_driver.c +++ b/crypto/test/cipher_driver.c @@ -67,6 +67,11 @@ srtp_err_status_t cipher_driver_test_api(srtp_cipher_type_t *ct, size_t key_len, size_t tag_len); +srtp_err_status_t cipher_driver_test_multi_aes_icm_128(void); +#ifdef GCM +srtp_err_status_t cipher_driver_test_multi_aes_gcm_128(void); +#endif + /* * cipher_driver_test_buffering(ct) tests the cipher's output * buffering for correctness by checking the consistency of successive @@ -218,6 +223,10 @@ int main(int argc, char *argv[]) #ifdef GCM cipher_driver_test_api(&srtp_aes_gcm_128, SRTP_AES_GCM_128_KEY_LEN_WSALT, 16); +#endif + cipher_driver_test_multi_aes_icm_128(); +#ifdef GCM + cipher_driver_test_multi_aes_gcm_128(); #endif } @@ -520,6 +529,376 @@ srtp_err_status_t cipher_driver_test_api(srtp_cipher_type_t *ct, return srtp_err_status_ok; } +srtp_err_status_t cipher_driver_test_multi_aes_icm_128(void) +{ + /* clang-format off */ + uint8_t key[30] = { + 0xc6, 0x1e, 0x7a, 0x93, 0x74, 0x4f, 0x39, 0xee, + 0x10, 0x73, 0x4a, 0xfe, 0x3f, 0xf7, 0xa0, 0x87, + 0x30, 0xcb, 0xbc, 0x08, 0x86, 0x3d, 0x8c, 0x85, + 0xd4, 0x9d, 0xb3, 0x4a, 0x9a, 0xe1 + }; + uint8_t iv_0[16] = { + 0x00, 0x00, 0x00, 0x00, 0xca, 0xfe, 0xba, 0xbe, + 0x00, 0x00, 0x00, 0x00, 0x12, 0x35, 0x00, 0x00 + }; + uint8_t plain_text_0[] = { + 0x51, 0x00, 0x02, 0x00, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_0[] = { + 0xeb, 0x92, 0x36, 0x52, 0x51, 0xc3, 0xe0, 0x36, + 0xf8, 0xde, 0x27, 0xe9, 0xc2, 0x7e, 0xe3, 0xe0, + 0xb4, 0x65, 0x1d, 0x9f + }; + uint8_t iv_1[16] = { + 0x00, 0x00, 0x00, 0x00, 0xca, 0xfe, 0xba, 0xbe, + 0x00, 0x00, 0x00, 0x00, 0x12, 0x36, 0x00, 0x00 + }; + uint8_t plain_text_1[] = { + 0x05, 0x02, 0x00, 0x02, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_1[] = { + 0x4e, 0xd9, 0xcc, 0x4e, 0x6a, 0x71, 0x2b, 0x30, + 0x96, 0xc5, 0xca, 0x77, 0x33, 0x9d, 0x42, 0x04, + 0xce, 0x0d, 0x77, 0x39 + }; + uint8_t iv_2[16] = { + 0x00, 0x00, 0x00, 0x00, 0xca, 0xfe, 0xba, 0xbe, + 0x00, 0x00, 0x00, 0x00, 0x12, 0x38, 0x00, 0x00 + }; + uint8_t plain_text_2[] = { + 0x00, 0x01, 0xe2, 0x40, 0x00, 0x00, 0xb2, 0x6e, + 0x51, 0x00, 0x02, 0x00, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_2[] = { + 0x8b, 0xb6, 0xe1, 0x2b, 0x5c, 0xff, 0x16, 0xdd, + 0x92, 0x83, 0x8c, 0x8c, 0x09, 0xe5, 0x83, 0x93, + 0xe1, 0xde, 0x3a, 0x9a, 0x74, 0x73, 0x4d, 0x67, + 0x45, 0x67, 0x13, 0x38 + }; + uint8_t iv_3[16] = { + 0x00, 0x00, 0x00, 0x00, 0xca, 0xfe, 0xba, 0xbe, + 0x00, 0x00, 0x00, 0x00, 0x12, 0x39, 0x00, 0x00 + }; + uint8_t plain_text_3[] = { + 0x00, 0x01, 0xe2, 0x40, 0x00, 0x00, 0xb2, 0x6e, + 0x05, 0x02, 0x00, 0x02, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_3[] = { + 0xf7, 0x0e, 0x51, 0x3e, 0xb9, 0x0b, 0x9b, 0x25, + 0xbb, 0xed, 0x48, 0x48, 0xfa, 0xa6, 0x44, 0x66, + 0x5f, 0x3d, 0x7f, 0x34, 0x12, 0x59, 0x14, 0xe9, + 0xf4, 0xd0, 0xae, 0x92 + }; + uint8_t iv_4[16] = { + 0x00, 0x00, 0x00, 0x00, 0xca, 0xfe, 0xba, 0xbe, + 0x00, 0x00, 0x00, 0x00, 0x12, 0x3a, 0x00, 0x00 + }; + uint8_t plain_text_4[] = { + 0x00, 0x01, 0xe2, 0x40, 0x00, 0x00, 0xb2, 0x6e, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_4[] = { + 0x71, 0x30, 0xb6, 0xab, 0xfe, 0x2a, 0xb0, 0xe3, + 0xe3, 0xd9, 0xf6, 0x4b, 0x25, 0xc9, 0xe7, 0x4c, + 0xb4, 0xcf, 0x8e, 0x43, 0xfb, 0x92, 0xe3, 0x78 + }; + uint8_t iv_5[16] = { + 0x00, 0x00, 0x00, 0x00, 0xca, 0xfe, 0xba, 0xbe, + 0x00, 0x00, 0x00, 0x00, 0x12, 0x3b, 0x00, 0x00 + }; + uint8_t plain_text_5[] = { + 0x00, 0x01, 0xe2, 0x40, 0x00, 0x00, 0xb2, 0x6e, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_5[] = { + 0xcb, 0xf2, 0x4c, 0x12, 0x43, 0x30, 0xe1, 0xc8, + 0x59, 0x9d, 0xd4, 0x5b, 0xc9, 0xd6, 0x87, 0xb6, + 0x03, 0xe8, 0xb5, 0x9d, 0x77, 0x1f, 0xd3, 0x8e + }; + + uint8_t *ivs[] = { + iv_0, iv_1, iv_2, iv_3, iv_4, iv_5 + }; + uint8_t *plain_texts[] = { + plain_text_0, plain_text_1, plain_text_2, + plain_text_3, plain_text_4, plain_text_5 + }; + size_t plain_text_lengths[] = { + sizeof(plain_text_0), sizeof(plain_text_1), + sizeof(plain_text_2), sizeof(plain_text_3), + sizeof(plain_text_4), sizeof(plain_text_5) + }; + uint8_t *cipher_texts[] = { + cipher_text_0, cipher_text_1, cipher_text_2, + cipher_text_3, cipher_text_4, cipher_text_5 + }; + size_t cipher_text_lengths[] = { + sizeof(cipher_text_0), sizeof(cipher_text_1), + sizeof(cipher_text_2), sizeof(cipher_text_3), + sizeof(cipher_text_4), sizeof(cipher_text_5) + }; + size_t num_tests = sizeof(plain_texts) / sizeof(plain_texts[0]); + /* clang-format on */ + + srtp_cipher_type_t *ct = &srtp_aes_icm_128; + srtp_cipher_t *c = NULL; + + printf("testing cipher multi for %s e[", ct->description); + + CHECK_OK(srtp_cipher_type_alloc(ct, &c, 30, 0)); + CHECK_OK(srtp_cipher_init(c, key)); + for (size_t i = 0; i < num_tests; ++i) { + printf("%zu,", i); + CHECK_OK(srtp_cipher_set_iv(c, ivs[i], srtp_direction_encrypt)); + uint8_t dst[1024] = { 0 }; + size_t dst_len = sizeof(dst); + CHECK_OK(srtp_cipher_encrypt(c, plain_texts[i], plain_text_lengths[i], + dst, &dst_len)); + CHECK(dst_len == cipher_text_lengths[i]); + CHECK_BUFFER_EQUAL(cipher_texts[i], dst, dst_len); + } + CHECK_OK(srtp_cipher_dealloc(c)); + + printf("] d["); + + CHECK_OK(srtp_cipher_type_alloc(ct, &c, 30, 0)); + CHECK_OK(srtp_cipher_init(c, key)); + for (size_t i = 0; i < num_tests; ++i) { + printf("%zu,", i); + CHECK_OK(srtp_cipher_set_iv(c, ivs[i], srtp_direction_decrypt)); + uint8_t dst[1024] = { 0 }; + size_t dst_len = sizeof(dst); + CHECK_OK(srtp_cipher_decrypt(c, cipher_texts[i], cipher_text_lengths[i], + dst, &dst_len)); + CHECK(dst_len == plain_text_lengths[i]); + CHECK_BUFFER_EQUAL(plain_texts[i], dst, dst_len); + } + CHECK_OK(srtp_cipher_dealloc(c)); + + printf("]...passed\n"); + + return srtp_err_status_ok; +} + +#ifdef GCM +srtp_err_status_t cipher_driver_test_multi_aes_gcm_128(void) +{ + /* clang-format off */ + uint8_t key[16] = { + 0x07, 0x7c, 0x61, 0x43, 0xcb, 0x22, 0x1b, 0xc3, + 0x55, 0xff, 0x23, 0xd5, 0xf9, 0x84, 0xa1, 0x6e + }; + uint8_t iv_0[16] = { + 0x9a, 0xf3, 0x23, 0xad, 0xde, 0x55, 0xac, 0x9c, + 0x99, 0xc5, 0xb5, 0xf1 + }; + uint8_t aad_0[] = { + 0x90, 0x0f, 0x12, 0x35, 0xde, 0xca, 0xfb, 0xad, + 0xca, 0xfe, 0xba, 0xbe, 0xc0, 0xde, 0x00, 0x01 + }; + uint8_t plain_text_0[] = { + 0x51, 0x00, 0x02, 0x00, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_0[] = { + 0x39, 0x97, 0x2d, 0xc9, 0x57, 0x2c, 0x4d, 0x99, + 0xe8, 0xfc, 0x35, 0x5d, 0xe7, 0x43, 0xfb, 0x2e, + 0x94, 0xf9, 0xd8, 0xff, 0x54, 0xe7, 0x2f, 0x41, + 0x93, 0xbb, 0xc5, 0xc7, 0x4f, 0xfa, 0xb0, 0xfa, + 0x9f, 0xa0, 0xfb, 0xeb + }; + uint8_t iv_1[16] = { + 0x9a, 0xf3, 0x23, 0xad, 0xde, 0x55, 0xac, 0x9c, + 0x99, 0xc5, 0xb5, 0xf2 + }; + uint8_t aad_1[] = { + 0x90, 0x0f, 0x12, 0x36, 0xde, 0xca, 0xfb, 0xad, + 0xca, 0xfe, 0xba, 0xbe, 0xc2, 0xde, 0x00, 0x01 + }; + uint8_t plain_text_1[] = { + 0x05, 0x02, 0x00, 0x02, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_1[] = { + 0xbb, 0x75, 0xa4, 0xc5, 0x45, 0xcd, 0x1f, 0x41, + 0x3b, 0xdb, 0x7d, 0xaa, 0x2b, 0x1e, 0x32, 0x63, + 0xde, 0x31, 0x36, 0x67, 0xc9, 0x63, 0x24, 0x90, + 0x81, 0xb3, 0x5a, 0x65, 0xf5, 0xcb, 0x6c, 0x88, + 0xb3, 0x94, 0x23, 0x5f + }; + uint8_t iv_2[16] = { + 0x9a, 0xf3, 0x23, 0xad, 0xde, 0x55, 0xac, 0x9c, + 0x99, 0xc5, 0xb5, 0xfc + }; + uint8_t aad_2[] = { + 0x92, 0x0f, 0x12, 0x38, 0xde, 0xca, 0xfb, 0xad, + 0xca, 0xfe, 0xba, 0xbe, 0xc0, 0xde, 0x00, 0x01 + }; + uint8_t plain_text_2[] = { + 0x00, 0x01, 0xe2, 0x40, 0x00, 0x00, 0xb2, 0x6e, + 0x51, 0x00, 0x02, 0x00, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_2[] = { + 0x63, 0xbb, 0xcc, 0xc4, 0xa7, 0xf6, 0x95, 0xc4, + 0x8a, 0xd7, 0xc7, 0x1f, 0xac, 0x70, 0xa8, 0x0c, + 0x92, 0x86, 0x6b, 0x4c, 0x6b, 0xa9, 0x85, 0x46, + 0xef, 0x91, 0x35, 0x86, 0xe9, 0x5f, 0xfa, 0xaf, + 0xfe, 0x95, 0x68, 0x85, 0xbb, 0x06, 0x47, 0xa8, + 0xbc, 0x09, 0x4a, 0xc8 + }; + uint8_t iv_3[16] = { + 0x9a, 0xf3, 0x23, 0xad, 0xde, 0x55, 0xac, 0x9c, + 0x99, 0xc5, 0xb5, 0xfd + }; + uint8_t aad_3[] = { + 0x92, 0x0f, 0x12, 0x39, 0xde, 0xca, 0xfb, 0xad, + 0xca, 0xfe, 0xba, 0xbe, 0xc2, 0xde, 0x00, 0x01 + }; + uint8_t plain_text_3[] = { + 0x00, 0x01, 0xe2, 0x40, 0x00, 0x00, 0xb2, 0x6e, + 0x05, 0x02, 0x00, 0x02, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_3[] = { + 0x36, 0x80, 0x52, 0x4f, 0x8d, 0x31, 0x2b, 0x00, + 0xc7, 0x8d, 0x12, 0x00, 0x38, 0x42, 0x2b, 0xc1, + 0x11, 0xa7, 0x18, 0x7a, 0x18, 0x24, 0x6f, 0x98, + 0x0c, 0x05, 0x9c, 0xc6, 0xbc, 0x9d, 0xf8, 0xb6, + 0x26, 0x39, 0x4e, 0xca, 0x34, 0x4e, 0x4b, 0x05, + 0xd8, 0x0f, 0xea, 0x83 + }; + uint8_t iv_4[16] = { + 0x9a, 0xf3, 0x23, 0xad, 0xde, 0x55, 0xac, 0x9c, + 0x99, 0xc5, 0xb5, 0xfe + }; + uint8_t aad_4[] = { + 0x92, 0x0f, 0x12, 0x3a, 0xde, 0xca, 0xfb, 0xad, + 0xca, 0xfe, 0xba, 0xbe, 0xc0, 0xde, 0x00, 0x00 + }; + uint8_t plain_text_4[] = { + 0x00, 0x01, 0xe2, 0x40, 0x00, 0x00, 0xb2, 0x6e, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_4[] = { + 0x15, 0xb6, 0xbb, 0x43, 0x37, 0x90, 0x6f, 0xff, + 0xb7, 0xb9, 0x64, 0x53, 0x7a, 0x2b, 0x03, 0xab, + 0x7b, 0xa5, 0x38, 0x9c, 0xe9, 0x33, 0x17, 0x12, + 0x6b, 0x5d, 0x97, 0x4d, 0xf3, 0x0c, 0x68, 0x84, + 0xdc, 0xb6, 0x51, 0xc5, 0xe1, 0x20, 0xc1, 0xda + }; + uint8_t iv_5[16] = { + 0x9a, 0xf3, 0x23, 0xad, 0xde, 0x55, 0xac, 0x9c, + 0x99, 0xc5, 0xb5, 0xff + }; + uint8_t aad_5[] = { + 0x92, 0x0f, 0x12, 0x3b, 0xde, 0xca, 0xfb, 0xad, + 0xca, 0xfe, 0xba, 0xbe, 0xc2, 0xde, 0x00, 0x00 + }; + uint8_t plain_text_5[] = { + 0x00, 0x01, 0xe2, 0x40, 0x00, 0x00, 0xb2, 0x6e, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab + }; + uint8_t cipher_text_5[] = { + 0xdc, 0xb3, 0x8c, 0x9e, 0x48, 0xbf, 0x95, 0xf4, + 0x61, 0xee, 0x43, 0x2c, 0xf9, 0x20, 0x31, 0x70, + 0x76, 0x61, 0x32, 0x58, 0xd3, 0xce, 0x42, 0x36, + 0xc0, 0x6a, 0xc4, 0x29, 0x68, 0x1a, 0xd0, 0x84, + 0x13, 0x51, 0x2d, 0xc9, 0x8b, 0x52, 0x07, 0xd8 + }; + + uint8_t *ivs[] = { + iv_0, iv_1, iv_2, iv_3, iv_4, iv_5 + }; + uint8_t *aads[] = { + aad_0, aad_1, aad_2, aad_3, aad_4, aad_5 + }; + size_t aad_lengths[] = { + sizeof(aad_0), sizeof(aad_1), + sizeof(aad_2), sizeof(aad_3), + sizeof(aad_4), sizeof(aad_5) + }; + uint8_t *plain_texts[] = { + plain_text_0, plain_text_1, plain_text_2, + plain_text_3, plain_text_4, plain_text_5 + }; + size_t plain_text_lengths[] = { + sizeof(plain_text_0), sizeof(plain_text_1), + sizeof(plain_text_2), sizeof(plain_text_3), + sizeof(plain_text_4), sizeof(plain_text_5) + }; + uint8_t *cipher_texts[] = { + cipher_text_0, cipher_text_1, cipher_text_2, + cipher_text_3, cipher_text_4, cipher_text_5 + }; + size_t cipher_text_lengths[] = { + sizeof(cipher_text_0), sizeof(cipher_text_1), + sizeof(cipher_text_2), sizeof(cipher_text_3), + sizeof(cipher_text_4), sizeof(cipher_text_5) + }; + size_t num_tests = sizeof(plain_texts) / sizeof(plain_texts[0]); + /* clang-format on */ + + srtp_cipher_type_t *ct = &srtp_aes_gcm_128; + srtp_cipher_t *c = NULL; + + printf("testing cipher multi for %s e[", ct->description); + + CHECK_OK(srtp_cipher_type_alloc(ct, &c, 28, 16)); + CHECK_OK(srtp_cipher_init(c, key)); + for (size_t i = 0; i < num_tests; ++i) { + printf("%zu,", i); + CHECK_OK(srtp_cipher_set_iv(c, ivs[i], srtp_direction_encrypt)); + CHECK_OK(srtp_cipher_set_aad(c, aads[i], aad_lengths[i])); + uint8_t dst[1024] = { 0 }; + size_t dst_len = sizeof(dst); + CHECK_OK(srtp_cipher_encrypt(c, plain_texts[i], plain_text_lengths[i], + dst, &dst_len)); + CHECK(dst_len == cipher_text_lengths[i]); + CHECK_BUFFER_EQUAL(cipher_texts[i], dst, dst_len); + } + CHECK_OK(srtp_cipher_dealloc(c)); + + printf("] d["); + + CHECK_OK(srtp_cipher_type_alloc(ct, &c, 28, 16)); + CHECK_OK(srtp_cipher_init(c, key)); + for (size_t i = 0; i < num_tests; ++i) { + printf("%zu,", i); + CHECK_OK(srtp_cipher_set_iv(c, ivs[i], srtp_direction_decrypt)); + CHECK_OK(srtp_cipher_set_aad(c, aads[i], aad_lengths[i])); + uint8_t dst[1024] = { 0 }; + size_t dst_len = sizeof(dst); + CHECK_OK(srtp_cipher_decrypt(c, cipher_texts[i], cipher_text_lengths[i], + dst, &dst_len)); + CHECK(dst_len == plain_text_lengths[i]); + CHECK_BUFFER_EQUAL(plain_texts[i], dst, dst_len); + } + CHECK_OK(srtp_cipher_dealloc(c)); + + printf("]...passed\n"); + + return srtp_err_status_ok; +} +#endif + /* * cipher_driver_test_buffering(ct) tests the cipher's output * buffering for correctness by checking the consistency of successive diff --git a/test/util.c b/test/util.c index 16b678c7d..f4cb5fa22 100644 --- a/test/util.c +++ b/test/util.c @@ -95,9 +95,11 @@ const char *err_status_string(srtp_err_status_t status) void check_ok_impl(srtp_err_status_t status, const char *file, int line) { if (status != srtp_err_status_ok) { + fflush(stdout); fprintf(stderr, "\nerror at %s:%d, unexpected srtp failure: %d (\"%s\")\n", file, line, status, err_status_string(status)); + fflush(stderr); exit(1); } } @@ -108,11 +110,13 @@ void check_return_impl(srtp_err_status_t status, int line) { if (status != expected) { + fflush(stdout); fprintf(stderr, "\nerror at %s:%d, unexpected srtp status: %d != %d (\"%s\" != " "\"%s\")\n", file, line, status, expected, err_status_string(status), err_status_string(expected)); + fflush(stderr); exit(1); } } @@ -123,7 +127,9 @@ void check_impl(bool condition, const char *condition_str) { if (!condition) { + fflush(stdout); fprintf(stderr, "\nerror at %s:%d, %s)\n", file, line, condition_str); + fflush(stderr); exit(1); } } @@ -143,6 +149,7 @@ void check_buffer_equal_impl(const uint8_t *buffer1, { for (size_t i = 0; i < buffer_length; i++) { if (buffer1[i] != buffer2[i]) { + fflush(stdout); fprintf(stderr, "\nerror at %s:%d, buffer1 != buffer2 at index: %zu (%x != " "%x)\n", @@ -151,6 +158,7 @@ void check_buffer_equal_impl(const uint8_t *buffer1, octet_string_hex_string(buffer1, buffer_length)); fprintf(stderr, "buffer2 = %s\n", octet_string_hex_string(buffer2, buffer_length)); + fflush(stderr); exit(1); } } @@ -164,9 +172,11 @@ void check_overrun_impl(const uint8_t *buffer, { for (size_t i = offset; i < buffer_length; i++) { if (buffer[i] != OVERRUN_CHECK_BYTE) { + fflush(stdout); printf("\nerror at %s:%d, overrun detected in buffer at index %zu " "(expected %x, found %x)\n", file, line, i, OVERRUN_CHECK_BYTE, buffer[i]); + fflush(stderr); exit(1); } } From eeb02e9ade5f4c579e691c998b6ad65e3743ef55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pascal=20B=C3=BChler?= Date: Tue, 14 Jan 2025 18:45:46 +0100 Subject: [PATCH 2/2] call wc_AesSetKey between each encryption operation When building using wolfssl on Apple silicon and armasm enabled, a call to wc_AesSetIV was not enough to reset the context between each operation. Calling wc_AesSetKey will reset it but may incur a performance penalty. --- crypto/cipher/aes_icm_wssl.c | 13 +++++++------ crypto/include/aes_icm_ext.h | 3 ++- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/crypto/cipher/aes_icm_wssl.c b/crypto/cipher/aes_icm_wssl.c index 41cb38eef..b0e07dfcb 100644 --- a/crypto/cipher/aes_icm_wssl.c +++ b/crypto/cipher/aes_icm_wssl.c @@ -256,12 +256,11 @@ static srtp_err_status_t srtp_aes_icm_wolfssl_context_init(void *cv, break; } - /* Counter mode always encrypts. */ - err = wc_AesSetKey(c->ctx, key, c->key_size, NULL, AES_ENCRYPTION); - if (err < 0) { - debug_print(srtp_mod_aes_icm, "wolfSSL error code: %d", err); - return srtp_err_status_fail; + /* Store key. */ + if (c->key_size > sizeof(c->key)) { + return srtp_err_status_bad_param; } + memcpy(c->key, key, c->key_size); return srtp_err_status_ok; } @@ -290,7 +289,9 @@ static srtp_err_status_t srtp_aes_icm_wolfssl_set_iv( debug_print(srtp_mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); - err = wc_AesSetIV(c->ctx, c->counter.v8); + /* Counter mode always encrypts. */ + err = wc_AesSetKey(c->ctx, c->key, c->key_size, c->counter.v8, + AES_ENCRYPTION); if (err < 0) { debug_print(srtp_mod_aes_icm, "wolfSSL error code: %d", err); return srtp_err_status_fail; diff --git a/crypto/include/aes_icm_ext.h b/crypto/include/aes_icm_ext.h index 6a56648e5..9000294e3 100644 --- a/crypto/include/aes_icm_ext.h +++ b/crypto/include/aes_icm_ext.h @@ -69,7 +69,8 @@ typedef struct { typedef struct { v128_t counter; /* holds the counter value */ v128_t offset; /* initial offset value */ - int key_size; + uint8_t key[SRTP_AES_256_KEY_LEN]; + size_t key_size; Aes *ctx; } srtp_aes_icm_ctx_t;