kenmirrors/freeswitch
1
0
Fork 0
mirror of https://github.com/signalwire/freeswitch.git synced 2025-08-13 09:36:46 +00:00
Code Issues Projects Releases Wiki Activity

This commit resolves issue #46. The GCM mode was using the wrong master SALT length. The master SALT should be 96 bits instead of 112 bits. Note, GCM mode uses the legacy CTR mode for the KDF. The legagacy CTR mode cipher implementations assume a 112 bit SALT. Changes to the cipher abstraction layer API are required to provide the ability to specify the SALT length. For now this commit modifies the SRTP layer to ensure the SALT is zero-appended before initializing the KDF. This commit also provides public definitions for the GCM cipher suite master key sizes to avoid confusion for application developers.

Browse Source
This commit is contained in:
jfigus
2014-04-08 09:15:49 -04:00
committed by Travis Cross
parent 7bc92a11af
commit a31491d5b6
8 changed files with 65 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libs/srtp/crypto/test/cipher_driver.c
View File

@@ -200,11 +200,11 @@ main(int argc, char *argv[]) {
cipher_driver_test_array_throughput(&aes_icm_256, 46, num_cipher);
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) {
cipher_driver_test_array_throughput(&aes_gcm_128_openssl, 30, num_cipher);
cipher_driver_test_array_throughput(&aes_gcm_128_openssl, AES_128_GCM_KEYSIZE_WSALT, num_cipher);
}
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) {
cipher_driver_test_array_throughput(&aes_gcm_256_openssl, 46, num_cipher);
cipher_driver_test_array_throughput(&aes_gcm_256_openssl, AES_256_GCM_KEYSIZE_WSALT, num_cipher);
}
#endif
}
@@ -287,7 +287,7 @@ main(int argc, char *argv[]) {
#ifdef OPENSSL
/* run the throughput test on the aes_gcm_128_openssl cipher */
status = cipher_type_alloc(&aes_gcm_128_openssl, &c, 30);
status = cipher_type_alloc(&aes_gcm_128_openssl, &c, AES_128_GCM_KEYSIZE_WSALT);
if (status) {
fprintf(stderr, "error: can't allocate GCM 128 cipher\n");
exit(status);
@@ -306,7 +306,7 @@ main(int argc, char *argv[]) {
check_status(status);
/* run the throughput test on the aes_gcm_256_openssl cipher */
status = cipher_type_alloc(&aes_gcm_256_openssl, &c, 46);
status = cipher_type_alloc(&aes_gcm_256_openssl, &c, AES_256_GCM_KEYSIZE_WSALT);
if (status) {
fprintf(stderr, "error: can't allocate GCM 256 cipher\n");
exit(status);