SRTP-KDF: use two bytes of index

One byte of index creates up to 4096 bytes for a key.
Increase output size to match specification.
This commit is contained in:
Sean Parkinson
2026-02-03 08:32:39 +10:00
parent c807903088
commit b1d3529419
2 changed files with 41 additions and 2 deletions
+3 -2
View File
@@ -896,8 +896,7 @@ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx,
block[i] = 0;
}
XMEMCPY(block + WC_SRTP_MAX_SALT - saltSz, salt, saltSz);
block[WC_SRTP_MAX_SALT] = 0;
/* block[15] is counter. */
/* block[14-15] are counter. */
/* When kdrIdx is -1, don't XOR in index. */
if (kdrIdx >= 0) {
@@ -947,6 +946,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int idxSz, byte label,
block[WC_SRTP_MAX_SALT - idxSz - 1] ^= label;
for (i = 0; (ret == 0) && (i < blocks); i++) {
/* Set counter. */
block[14] = (byte)(i >> 8);
block[15] = (byte)i;
/* Encrypt block into key buffer. */
ret = wc_AesEcbEncrypt(aes, key, block, WC_AES_BLOCK_SIZE);
@@ -959,6 +959,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int idxSz, byte label,
if ((ret == 0) && (keySz > 0)) {
byte enc[WC_AES_BLOCK_SIZE];
/* Set counter. */
block[14] = (byte)(i >> 8);
block[15] = (byte)i;
/* Encrypt block into temporary. */
ret = wc_AesEcbEncrypt(aes, enc, block, WC_AES_BLOCK_SIZE);
+38
View File
@@ -31783,6 +31783,8 @@ typedef struct Srtp_Kdf_Tv {
word32 ksSz;
} Srtp_Kdf_Tv;
#define SRTP_KDF_LONG_KEY 5000
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
{
wc_test_ret_t ret = 0;
@@ -32034,6 +32036,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
unsigned char keyE[32];
unsigned char keyA[20];
unsigned char keyS[14];
#ifndef BENCH_EMBEDDED
WC_DECLARE_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_DECLARE_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_DECLARE_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
#endif
#ifndef BENCH_EMBEDDED
WC_ALLOC_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_ALLOC_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_ALLOC_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
#endif
WOLFSSL_ENTER("srtpkdf_test");
for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) {
@@ -32284,6 +32298,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
return WC_TEST_RET_ENC_NC;
}
#ifndef BENCH_EMBEDDED
/* Check that long messages can be created. */
ret = wc_SRTP_KDF(tv[0].key, tv[0].keySz, tv[0].salt, tv[0].saltSz,
tv[0].kdfIdx, tv[0].index_c, keyELong, SRTP_KDF_LONG_KEY, keyALong,
SRTP_KDF_LONG_KEY, keySLong, SRTP_KDF_LONG_KEY);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Check that two bytes of counter are being used. */
if (XMEMCMP(keyELong, keyELong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
return WC_TEST_RET_ENC_NC;
}
if (XMEMCMP(keyELong, keyALong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
return WC_TEST_RET_ENC_NC;
}
if (XMEMCMP(keyELong, keySLong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
return WC_TEST_RET_ENC_NC;
}
WC_FREE_VAR(keyELong, HEAP_HINT);
WC_FREE_VAR(keyALong, HEAP_HINT);
WC_FREE_VAR(keySLong, HEAP_HINT);
#endif
return 0;
}
#endif