From 947e0d998f4c679d21bef5f33aa015c76b7db735 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pascal=20B=C3=BChler?= Date: Mon, 25 Mar 2024 08:40:26 +0100 Subject: [PATCH] align behavior when using keystream prefix The keystream prefix needs to be placed in auth tag before the auth is calculated. This was done for all protect / unprotect functions except unprotect_rtcp. Now functionality is aligned. --- srtp/srtp.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/srtp/srtp.c b/srtp/srtp.c index 004a074cf..80608ecf5 100644 --- a/srtp/srtp.c +++ b/srtp/srtp.c @@ -4263,6 +4263,21 @@ srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, return srtp_err_status_cipher_fail; } + /* + * if we're authenticating using a universal hash, put the keystream + * prefix into the authentication tag + */ + prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth); + if (prefix_len) { + status = + srtp_cipher_output(session_keys->rtcp_cipher, tmp_tag, &prefix_len); + debug_print(mod_srtp, "keystream prefix: %s", + srtp_octet_string_hex_string(tmp_tag, prefix_len)); + if (status) { + return srtp_err_status_cipher_fail; + } + } + /* initialize auth func context */ status = srtp_auth_start(session_keys->rtcp_auth); if (status) { @@ -4285,21 +4300,6 @@ srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, return srtp_err_status_auth_fail; } - /* - * if we're authenticating using a universal hash, put the keystream - * prefix into the authentication tag - */ - prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth); - if (prefix_len) { - status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, - &prefix_len); - debug_print(mod_srtp, "keystream prefix: %s", - srtp_octet_string_hex_string(auth_tag, prefix_len)); - if (status) { - return srtp_err_status_cipher_fail; - } - } - /* if we're decrypting, exor keystream into the message */ if (enc_start) { status = srtp_cipher_decrypt(session_keys->rtcp_cipher, enc_start,