cisco / libsrtp

Library for SRTP (Secure Realtime Transport Protocol)

Other

1.19k stars 472 forks source link

error: srtp unprotection failed with code 13 #575

Closed snowuyl closed 2 years ago

snowuyl commented 2 years ago

Sender ffmpeg -re -i ./1080p_30fps_217s.ts -f rtp_mpegts -acodec ac3 -srtp_out_suite AES_CM_128_HMAC_SHA1_80 -srtp_out_params Ky7cUDT2GnI0XKWYbXv9AYmqbcLsqzL9mvdN9t/G srtp://127.0.0.1:20000

Receiver ./rtpw -b Ky7cUDT2GnI0XKWYbXv9AYmqbcLsqzL9mvdN9t/G -a -e 128 -r 127.0.0.1 20000 Using libsrtp2 2.5.0 [0x2050000] security services: confidentiality message authentication set master key/salt to 2b2edc5034f61a72345ca5986d7bfd01/89aa6dc2ecab32fd9af74df6dfc6 error: srtp unprotection failed with code 13 rtp_recvfrom return -1

snowuyl commented 2 years ago

I found FFmpeg doesn't have fixed ssrc. But rtpw.c fixed ssrc to 0xdeadbeef.

snowuyl commented 2 years ago

I used 2.3.0 to test again, but it still failed. ./rtpw -k $key -a -e 128 -r 127.0.0.1 20000 Using libsrtp2 2.3.0 [0x2030000] security services: confidentiality message authentication set master key/salt to 4142434445464748494a4b4c4d4e4f50/5152535455565758595a31323334 error: srtp unprotection failed with code 13

pabuhler commented 2 years ago

@snowuyl can we close this as well ? ie did you try with lager message size ?

snowuyl commented 2 years ago

I have increased MAX_WORD_LEN to 2048. But it still failed. The following is log messages. export key="4142434445464748494A4B4C4D4E4F505152535455565758595A31323334" ./rtpw -k $key -a -e 128 -r 127.0.0.1 20000 Using libsrtp2 2.5.0 [0x2050000] MAX_WORD_LEN=2048 security services: confidentiality message authentication main calls srtp_crypto_policy_set_rtp_default() set master key/salt to 4142434445464748494a4b4c4d4e4f50/5152535455565758595a31323334 srtp_add_stream E srtp_add_stream return srtp_err_status_ok srtp_unprotect_mki return srtp_err_status_no_ctx error: srtp unprotection failed with code 13 rtp_recvfrom 2 return -1 srtp_unprotect_mki return srtp_err_status_no_ctx error: srtp unprotection failed with code 13 rtp_recvfrom 2 return -1 srtp_unprotect_mki return srtp_err_status_no_ctx error: srtp unprotection failed with code 13 rtp_recvfrom 2 return -1

snowuyl commented 2 years ago

Since stream and ctx->stream_template are NULL, srtp_unprotect_mki() return srtp_err_status_no_ctx.

srtp_err_status_t srtp_unprotect_mki(srtp_ctx_t ctx, void srtp_hdr, int *pkt_octet_len, unsigned int use_mki) { ... if (stream == NULL) {

    if (ctx->stream_template != NULL) {
        stream = ctx->stream_template;
        debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)",
                    ntohl(hdr->ssrc));

set estimated packet index to sequence number from header,

and set delta equal to the same value */

ifdef NO_64BIT_MATH

    est = (srtp_xtd_seq_num_t)make64(0, ntohs(hdr->seq));
    delta = low32(est);

else

    est = (srtp_xtd_seq_num_t)ntohs(hdr->seq);
    delta = (int)est;

endif

} else {
    /*
     * no stream corresponding to SSRC found, and we don't do
     * key-sharing, so return an error
     */
    printf("%s return srtp_err_status_no_ctx\n", __func__); 
    return srtp_err_status_no_ctx;
}

... }

pabuhler commented 2 years ago

I guess this is because of the fixed SSRC, once again rtpw could be changed to be more configurable or flexible but it is not what it is intended to be used for. If you ask me this is not an issue.

snowuyl commented 2 years ago

You are right. This issue is related FFmpeg uses dynamic ssrc but rtpw uses fixed ssrc. I will appreciate if rtpw can support dynamic ssrc in the near future.

pabuhler commented 2 years ago

@snowuyl great that it is understood. I have no plans to add support for it as like i have mentioned this is not the use case for rtpw, but if you create a PR and it looks ok then maybe it will be merged in.