optimizations and openssl

Author: alexlapa

srtp/Cargo.toml

@@ -36,6 +36,7 @@ tokio = { version = "1.19", features = ["full"] }
 log = "0.4.16"
 aead = { version = "0.4.3", features = ["std"] }
 aes-gcm = { version = "0.10.1", features = ["std"] }
+openssl = { version = "0.10.45", features = ["vendored"] }
 
 [dev-dependencies]
 criterion = { version = "0.4.0", features = ["async_futures"] }

srtp/benches/srtp_bench.rs

@@ -16,6 +16,7 @@ fn benchmark_buffer(c: &mut Criterion) {
     .unwrap();
 
     let mut pld = BytesMut::new();
+
     for i in 0..1000 {
         pld.extend_from_slice(&[i as u8]);
     }

srtp/src/cipher/cipher_aes_cm_hmac_sha1.rs

@@ -1,7 +1,5 @@
-use std::io::BufWriter;
-
 use aes::cipher::generic_array::GenericArray;
-use byteorder::{BigEndian, ByteOrder, WriteBytesExt};
+use byteorder::{BigEndian, ByteOrder};
 use bytes::{BufMut, Bytes, BytesMut};
 use ctr::cipher::{NewCipher, StreamCipher, StreamCipherSeek};
 use hmac::{Hmac, Mac};
@@ -14,6 +12,11 @@ use crate::error::{Error, Result};
 use crate::key_derivation::*;
 use crate::protection_profile::*;
 
+use openssl::cipher;
+use openssl::cipher_ctx::CipherCtx;
+use openssl::error::ErrorStack;
+use openssl::symm::{Cipher as OpenSslCipher, Crypter, Mode};
+
 type HmacSha1 = Hmac<Sha1>;
 type Aes128Ctr = ctr::Ctr128BE<aes::Aes128>;
 
@@ -28,6 +31,8 @@ pub(crate) struct CipherAesCmHmacSha1 {
     srtcp_session_salt: Vec<u8>,
     srtcp_session_auth: HmacSha1,
     //srtcp_session_auth_tag: Vec<u8>,
+
+    ctx: CipherCtx
 }
 
 impl CipherAesCmHmacSha1 {
@@ -84,6 +89,11 @@ impl CipherAesCmHmacSha1 {
         let srtcp_session_auth = HmacSha1::new_from_slice(&srtcp_session_auth_tag)
             .map_err(|e| Error::Other(e.to_string()))?;
 
+        let t = openssl::cipher::Cipher::aes_128_ctr();
+        let mut ctx = CipherCtx::new().expect("a reusable cipher context");
+        ctx.encrypt_init(Some(t), Some(&srtp_session_key[..]), None)
+            .expect("enc init");
+
         Ok(CipherAesCmHmacSha1 {
             srtp_session_key,
             srtp_session_salt,
@@ -93,6 +103,7 @@ impl CipherAesCmHmacSha1 {
             srtcp_session_salt,
             srtcp_session_auth,
             //srtcp_session_auth_tag,
+            ctx,
         })
     }
 
@@ -110,25 +121,19 @@ impl CipherAesCmHmacSha1 {
     /// - Authenticated portion of the packet is everything BEFORE MKI
     /// - k_a is the session message authentication key
     /// - n_tag is the bit-length of the output authentication tag
-    fn generate_srtp_auth_tag(&mut self, buf: &[u8], roc: u32) -> Result<Vec<u8>> {
+    fn generate_srtp_auth_tag(&mut self, buf: &[u8], roc: u32) -> Vec<u8> {
         self.srtp_session_auth.reset();
 
         self.srtp_session_auth.update(buf);
 
         // For SRTP only, we need to hash the rollover counter as well.
-        let mut roc_buf: Vec<u8> = vec![];
-        {
-            let mut writer = BufWriter::<&mut Vec<u8>>::new(roc_buf.as_mut());
-            writer.write_u32::<BigEndian>(roc)?;
-        }
-
-        self.srtp_session_auth.update(&roc_buf);
+        self.srtp_session_auth.update(&roc.to_be_bytes());
 
         let result = self.srtp_session_auth.clone().finalize();
         let code_bytes = result.into_bytes();
 
         // Truncate the hash to the first AUTH_TAG_SIZE bytes.
-        Ok(code_bytes[0..self.auth_tag_len()].to_vec())
+        code_bytes[0..self.auth_tag_len()].to_vec()
     }
 
     /// https://tools.ietf.org/html/rfc3711#section-4.2
@@ -172,34 +177,30 @@ impl Cipher for CipherAesCmHmacSha1 {
         header: &rtp::header::Header,
         roc: u32,
     ) -> Result<Bytes> {
+        let header_len = header.marshal_size();
         let mut writer =
-            BytesMut::with_capacity(header.marshal_size() + payload.len() + self.auth_tag_len());
+            BytesMut::with_capacity(header_len + payload.len() + self.auth_tag_len());
 
         // Copy the header unencrypted.
-        let data = header.marshal()?;
-        writer.extend(data);
-
-        // Write the plaintext header to the destination buffer.
-        writer.extend_from_slice(payload);
-
+        writer.extend(header.marshal());
         // Encrypt the payload
-        let counter = generate_counter(
+        let nonce = generate_counter(
             header.sequence_number,
             roc,
             header.ssrc,
             &self.srtp_session_salt,
-        )?;
-        let key = GenericArray::from_slice(&self.srtp_session_key);
-        let nonce = GenericArray::from_slice(&counter);
-        let mut stream = Aes128Ctr::new(key, nonce);
-        let payload_offset = header.marshal_size();
-        stream.apply_keystream(&mut writer[payload_offset..]);
+        );
+
+        writer.put_bytes(0, payload.len());
+        self.ctx.encrypt_init(None, None, Some(&nonce)).unwrap();
+        let count = self.ctx.cipher_update(&payload, Some(&mut writer[header_len..])).unwrap();
+        self.ctx.cipher_final(&mut writer[count..]).unwrap();
 
         // Generate the auth tag.
-        let auth_tag = self.generate_srtp_auth_tag(&writer, roc)?;
+        let auth_tag = self.generate_srtp_auth_tag(&writer, roc);
         writer.extend(auth_tag);
 
-        Ok(writer.freeze())
+        Ok(Bytes::from(writer))
     }
 
     fn decrypt_rtp(
@@ -219,7 +220,7 @@ impl Cipher for CipherAesCmHmacSha1 {
         let cipher_text = &encrypted[..encrypted.len() - self.auth_tag_len()];
 
         // Generate the auth tag we expect to see from the ciphertext.
-        let expected_tag = self.generate_srtp_auth_tag(cipher_text, roc)?;
+        let expected_tag = self.generate_srtp_auth_tag(cipher_text, roc);
 
         // See if the auth tag actually matches.
         // We use a constant time comparison to prevent timing attacks.
@@ -236,7 +237,7 @@ impl Cipher for CipherAesCmHmacSha1 {
             roc,
             header.ssrc,
             &self.srtp_session_salt,
-        )?;
+        );
 
         let key = GenericArray::from_slice(&self.srtp_session_key);
         let nonce = GenericArray::from_slice(&counter);
@@ -261,7 +262,7 @@ impl Cipher for CipherAesCmHmacSha1 {
             (srtcp_index >> 16) as u32,
             ssrc,
             &self.srtcp_session_salt,
-        )?;
+        );
 
         let key = GenericArray::from_slice(&self.srtcp_session_key);
         let nonce = GenericArray::from_slice(&counter);
@@ -325,7 +326,7 @@ impl Cipher for CipherAesCmHmacSha1 {
             (srtcp_index >> 16) as u32,
             ssrc,
             &self.srtcp_session_salt,
-        )?;
+        );
 
         let key = GenericArray::from_slice(&self.srtcp_session_key);
         let nonce = GenericArray::from_slice(&counter);

srtp/src/context/context_test.rs

@@ -109,11 +109,11 @@ fn test_valid_packet_counter() -> Result<()> {
         ssrc: 4160032510,
         ..Default::default()
     };
-    let expected_counter = vec![
+    let expected_counter = [
         0xcf, 0x90, 0x1e, 0xa5, 0xda, 0xd3, 0x2c, 0x15, 0x00, 0xa2, 0x24, 0xae, 0xae, 0xaf, 0x00,
         0x00,
     ];
-    let counter = generate_counter(32846, s.rollover_counter, s.ssrc, &srtp_session_salt)?;
+    let counter = generate_counter(32846, s.rollover_counter, s.ssrc, &srtp_session_salt);
     assert_eq!(
         counter, expected_counter,
         "Session Key {counter:?} does not match expected {expected_counter:?}",

srtp/src/context/mod.rs

@@ -160,15 +160,14 @@ impl Context {
         })
     }
 
-    fn get_srtp_ssrc_state(&mut self, ssrc: u32) -> Option<&mut SrtpSsrcState> {
+    fn get_srtp_ssrc_state(&mut self, ssrc: u32) -> &mut SrtpSsrcState {
         let s = SrtpSsrcState {
             ssrc,
             replay_detector: Some((self.new_srtp_replay_detector)()),
             ..Default::default()
         };
 
-        self.srtp_ssrc_states.entry(ssrc).or_insert(s);
-        self.srtp_ssrc_states.get_mut(&ssrc)
+        self.srtp_ssrc_states.entry(ssrc).or_insert(s)
     }
 
     fn get_srtcp_ssrc_state(&mut self, ssrc: u32) -> Option<&mut SrtcpSsrcState> {
@@ -188,9 +187,7 @@ impl Context {
 
     /// set_roc sets SRTP rollover counter value of specified SSRC.
     fn set_roc(&mut self, ssrc: u32, roc: u32) {
-        if let Some(s) = self.get_srtp_ssrc_state(ssrc) {
-            s.rollover_counter = roc;
-        }
+        self.get_srtp_ssrc_state(ssrc).rollover_counter = roc;
     }
 
     /// index returns SRTCP index value of specified SSRC.

srtp/src/context/srtp.rs

@@ -12,30 +12,26 @@ impl Context {
     ) -> Result<Bytes> {
         let roc;
         {
-            if let Some(state) = self.get_srtp_ssrc_state(header.ssrc) {
-                if let Some(replay_detector) = &mut state.replay_detector {
-                    if !replay_detector.check(header.sequence_number as u64) {
-                        return Err(Error::SrtpSsrcDuplicated(
-                            header.ssrc,
-                            header.sequence_number,
-                        ));
-                    }
+            let state = self.get_srtp_ssrc_state(header.ssrc);
+            if let Some(replay_detector) = &mut state.replay_detector {
+                if !replay_detector.check(header.sequence_number as u64) {
+                    return Err(Error::SrtpSsrcDuplicated(
+                        header.ssrc,
+                        header.sequence_number,
+                    ));
                 }
-
-                roc = state.next_rollover_count(header.sequence_number);
-            } else {
-                return Err(Error::SsrcMissingFromSrtp(header.ssrc));
             }
+
+            roc = state.next_rollover_count(header.sequence_number);
         }
 
         let dst = self.cipher.decrypt_rtp(encrypted, header, roc)?;
         {
-            if let Some(state) = self.get_srtp_ssrc_state(header.ssrc) {
-                if let Some(replay_detector) = &mut state.replay_detector {
-                    replay_detector.accept();
-                }
-                state.update_rollover_count(header.sequence_number);
+            let state = self.get_srtp_ssrc_state(header.ssrc);
+            if let Some(replay_detector) = &mut state.replay_detector {
+                replay_detector.accept();
             }
+            state.update_rollover_count(header.sequence_number);
         }
 
         Ok(dst)
@@ -53,24 +49,13 @@ impl Context {
         plaintext: &[u8],
         header: &rtp::header::Header,
     ) -> Result<Bytes> {
-        let roc;
-        {
-            if let Some(state) = self.get_srtp_ssrc_state(header.ssrc) {
-                roc = state.next_rollover_count(header.sequence_number);
-            } else {
-                return Err(Error::SsrcMissingFromSrtp(header.ssrc));
-            }
-        }
+        let roc = self.get_srtp_ssrc_state(header.ssrc).next_rollover_count(header.sequence_number);
 
         let dst = self
             .cipher
             .encrypt_rtp(&plaintext[header.marshal_size()..], header, roc)?;
 
-        {
-            if let Some(state) = self.get_srtp_ssrc_state(header.ssrc) {
-                state.update_rollover_count(header.sequence_number);
-            }
-        }
+        self.get_srtp_ssrc_state(header.ssrc).update_rollover_count(header.sequence_number);
 
         Ok(dst)
     }

srtp/src/key_derivation.rs

@@ -1,9 +1,6 @@
-use std::io::BufWriter;
-
 use aes::cipher::generic_array::GenericArray;
 use aes::cipher::NewBlockCipher;
 use aes::{Aes128, BlockEncrypt};
-use byteorder::{BigEndian, WriteBytesExt};
 
 use crate::error::{Error, Result};
 
@@ -74,22 +71,24 @@ pub(crate) fn generate_counter(
     rollover_counter: u32,
     ssrc: u32,
     session_salt: &[u8],
-) -> Result<Vec<u8>> {
+) -> [u8; 16] {
     assert!(session_salt.len() <= 16);
 
-    let mut counter: Vec<u8> = vec![0; 16];
-    {
-        let mut writer = BufWriter::<&mut [u8]>::new(counter[4..].as_mut());
-        writer.write_u32::<BigEndian>(ssrc)?;
-        writer.write_u32::<BigEndian>(rollover_counter)?;
-        writer.write_u32::<BigEndian>((sequence_number as u32) << 16)?;
-    }
+    let mut counter = [0; 16];
+
+    let ssrc_be = ssrc.to_be_bytes();
+    let rollover_be = rollover_counter.to_be_bytes();
+    let seq_be = ((sequence_number as u32) << 16).to_be_bytes();
+
+    counter[4..8].copy_from_slice(&ssrc_be);
+    counter[8..12].copy_from_slice(&rollover_be);
+    counter[12..16].copy_from_slice(&seq_be);
 
     for i in 0..session_salt.len() {
         counter[i] ^= session_salt[i];
     }
 
-    Ok(counter)
+    counter
 }
 
 #[cfg(test)]

srtp/src/main.rs

@@ -18,7 +18,7 @@ fn main() {
         pld.extend_from_slice(&[i as u8]);
     }
 
-    for i in 1..=100000u32 {
+    for i in 1..=10000000u32 {
         let pkt = rtp::packet::Packet {
             header: rtp::header::Header {
                 sequence_number: i as u16,