Skip to content

Commit 4f31ff9

Browse files
holtrop-wolfsslholtrop-wolfssl
committed
Rust wrapper: require fixed length index buffers for SRTP/SRTCP
1 parent 4fb4b3c commit 4f31ff9

File tree

2 files changed

+14
-20
lines changed
  • wolfcrypt/src
  • wrapper/rust/wolfssl-wolfcrypt/src

2 files changed

+14
-20
lines changed

wolfcrypt/src/kdf.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -984,7 +984,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int idxSz, byte label,
984984
* @param [in] saltSz Size of random in bytes.
985985
* @param [in] kdrIdx Key derivation rate. kdr = 0 when -1, otherwise
986986
* kdr = 2^kdrIdx.
987-
* @param [in] index Index value to XOR in.
987+
* @param [in] idx Index value to XOR in.
988988
* @param [out] key1 First key. Label value of 0x00.
989989
* @param [in] key1Sz Size of first key in bytes.
990990
* @param [out] key2 Second key. Label value of 0x01.
@@ -1069,7 +1069,7 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
10691069
* @param [in] saltSz Size of random in bytes.
10701070
* @param [in] kdrIdx Key derivation rate index. kdr = 0 when -1, otherwise
10711071
* kdr = 2^kdrIdx. See wc_SRTP_KDF_kdr_to_idx()
1072-
* @param [in] index Index value to XOR in.
1072+
* @param [in] idx Index value to XOR in.
10731073
* @param [out] key1 First key. Label value of 0x03.
10741074
* @param [in] key1Sz Size of first key in bytes.
10751075
* @param [out] key2 Second key. Label value of 0x04.
@@ -1171,7 +1171,7 @@ int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
11711171
* @param [in] saltSz Size of random in bytes.
11721172
* @param [in] kdrIdx Key derivation rate index. kdr = 0 when -1, otherwise
11731173
* kdr = 2^kdrIdx. See wc_SRTP_KDF_kdr_to_idx()
1174-
* @param [in] index Index value to XOR in.
1174+
* @param [in] idx Index value to XOR in.
11751175
* @param [in] label Label to use when deriving key.
11761176
* @param [out] outKey Derived key.
11771177
* @param [in] outKeySz Size of derived key in bytes.
@@ -1244,7 +1244,7 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt,
12441244
* @param [in] saltSz Size of random in bytes.
12451245
* @param [in] kdrIdx Key derivation rate index. kdr = 0 when -1, otherwise
12461246
* kdr = 2^kdrIdx. See wc_SRTP_KDF_kdr_to_idx()
1247-
* @param [in] index Index value to XOR in.
1247+
* @param [in] idx Index value to XOR in.
12481248
* @param [in] label Label to use when deriving key.
12491249
* @param [out] outKey Derived key.
12501250
* @param [in] outKeySz Size of derived key in bytes.

wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs

Lines changed: 10 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,10 @@ pub const SRTCP_LABEL_SALT: u8 = sys::WC_SRTCP_LABEL_SALT as u8;
4343
pub const SRTP_LABEL_HDR_ENCRYPTION: u8 = sys::WC_SRTP_LABEL_HDR_ENCRYPTION as u8;
4444
#[cfg(kdf_srtp)]
4545
pub const SRTP_LABEL_HDR_SALT: u8 = sys::WC_SRTP_LABEL_HDR_SALT as u8;
46+
#[cfg(kdf_srtp)]
47+
pub const SRTP_INDEX_LEN: usize = sys::WC_SRTP_INDEX_LEN as usize;
48+
#[cfg(kdf_srtp)]
49+
pub const SRTCP_INDEX_LEN: usize = sys::WC_SRTCP_INDEX_LEN as usize;
4650

4751
/// Implement Password Based Key Derivation Function 2 (PBKDF2) converting an
4852
/// input password with a concatenated salt into a more secure key which is
@@ -582,13 +586,8 @@ pub fn ssh_kdf(typ: i32, key_id: u8, k: &[u8], h: &[u8], session_id: &[u8], key:
582586
/// }
583587
/// ```
584588
#[cfg(kdf_srtp)]
585-
pub fn srtp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8],
589+
pub fn srtp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8; SRTP_INDEX_LEN],
586590
key1: &mut [u8], key2: &mut [u8], key3: &mut [u8]) -> Result<(), i32> {
587-
if !(kdr_index == -1 || (0 <= kdr_index && (kdr_index as usize) <= idx.len() * 8)) {
588-
// The kdr_index value must be either -1 or the number of bits that
589-
// will be read from the idx slice.
590-
return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
591-
}
592591
let key_size = crate::buffer_len_to_u32(key.len())?;
593592
let salt_size = crate::buffer_len_to_u32(salt.len())?;
594593
let key1_size = crate::buffer_len_to_u32(key1.len())?;
@@ -637,7 +636,7 @@ pub fn srtp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8],
637636
/// }
638637
/// ```
639638
#[cfg(kdf_srtp)]
640-
pub fn srtp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8],
639+
pub fn srtp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8; SRTP_INDEX_LEN],
641640
label: u8, keyout: &mut [u8]) -> Result<(), i32> {
642641
let key_size = crate::buffer_len_to_u32(key.len())?;
643642
let salt_size = crate::buffer_len_to_u32(salt.len())?;
@@ -679,21 +678,16 @@ pub fn srtp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8],
679678
/// 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90];
680679
/// let salt = [0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56,
681680
/// 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6];
682-
/// let index = [0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca];
681+
/// let index = [0x48u8, 0x71, 0x65, 0x64];
683682
/// let mut key_e = [0u8; 16];
684683
/// let mut key_a = [0u8; 20];
685684
/// let mut key_s = [0u8; 14];
686685
/// srtcp_kdf(&key, &salt, -1, &index, &mut key_e, &mut key_a, &mut key_s).expect("Error with srtcp_kdf()");
687686
/// }
688687
/// ```
689688
#[cfg(kdf_srtp)]
690-
pub fn srtcp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8],
689+
pub fn srtcp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8; SRTCP_INDEX_LEN],
691690
key1: &mut [u8], key2: &mut [u8], key3: &mut [u8]) -> Result<(), i32> {
692-
if !(kdr_index == -1 || (0 <= kdr_index && (kdr_index as usize) <= idx.len() * 8)) {
693-
// The kdr_index value must be either -1 or the number of bits that
694-
// will be read from the idx slice.
695-
return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
696-
}
697691
let key_size = crate::buffer_len_to_u32(key.len())?;
698692
let salt_size = crate::buffer_len_to_u32(salt.len())?;
699693
let key1_size = crate::buffer_len_to_u32(key1.len())?;
@@ -736,13 +730,13 @@ pub fn srtcp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8],
736730
/// 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90];
737731
/// let salt = [0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56,
738732
/// 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6];
739-
/// let index = [0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca];
733+
/// let index = [0x48u8, 0x71, 0x65, 0x64];
740734
/// let mut key_a = [0u8; 20];
741735
/// srtcp_kdf_label(&key, &salt, -1, &index, SRTCP_LABEL_MSG_AUTH, &mut key_a).expect("Error with srtcp_kdf_label()");
742736
/// }
743737
/// ```
744738
#[cfg(kdf_srtp)]
745-
pub fn srtcp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8],
739+
pub fn srtcp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8; SRTCP_INDEX_LEN],
746740
label: u8, keyout: &mut [u8]) -> Result<(), i32> {
747741
let key_size = crate::buffer_len_to_u32(key.len())?;
748742
let salt_size = crate::buffer_len_to_u32(salt.len())?;

0 commit comments

Comments
 (0)