Added support to cipher RTP pcap

.gitignore

@@ -1,3 +1,7 @@
+marseillaise-rtp.pcap
+srtp-decrypt
+tags
+
 # Object files
 *.o
 

Makefile

@@ -1,7 +1,13 @@
-CFLAGS=-g -Os -Wall
+CFLAGS=-g -Os -Wall -Werror
 
-all: srtp.o srtp-decrypt.o
-	$(CC) -o srtp-decrypt srtp-decrypt.o srtp.o -lpcap -lgcrypt
+all: srtp.o srtp-util.o
+	$(CC) -o srtp-util srtp-util.o srtp.o -lpcap -lgcrypt
+
+clean:
+	rm -rf srtp-util *.o
 
 check:
-	./srtp-decrypt -k aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz < ./marseillaise-srtp.pcap | text2pcap -t "%M:%S." -u 10000,10000 - - > ./marseillaise-rtp.pcap
+	# Decrypt the pcap
+	./srtp-util -k aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz < ./marseillaise-srtp.pcap | text2pcap -t "%M:%S." -u 10000,10000 - - > ./marseillaise-rtp.pcap
+	# Encrypt already decrypted pcap
+	./srtp-util -E -k aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz < ./marseillaise-rtp.pcap | text2pcap -t "%M:%S." -u 10000,10000 - - > ./marseillaise-srtp-new.pcap

README.md

@@ -1,20 +1,17 @@
-srtp-decrypt
-============
+## srtp-util
+srtp-util is a tool that deciphers SRTP / ciphers RTP packets contained in a network capture. It needs the Master Key
+exchanged by other means to do its job. The output is dumped in such a way that output can be fed to text2pcap, to recreate a pcap.
 
-srtp-decrypt is a tool that deciphers SRTP packets contained in a network capture. It needs the Master Key exchanged by other means to do its job.
-Deciphered RTP is dumped in such a way that output can be fed to text2pcap, to recreate a deciphered capture.
+_Refer Makefile for usage example_
 
-dependencies
-============
+## dependencies
+SRTP part has been taken from VLC project. It depends on `libgcrypt` for ciphering and MAC.
+Pcap processing is based on `libpcap`.
 
-SRTP part has been taken from VLC project. It depends on libgcrypt for ciphering and MAC.
-Pcap processing is based on libpcap.
+Typically, on Debian, 
+`# apt-get install libpcap-dev libgcrypt-dev.`
 
-Typically, on Debian, # apt-get install libpcap-dev libgcrypt-dev.
-
-caveats
-=======
-
-Isolating a single RTP flow from a network capture is a hard job, too hard to be done in this tool. Hence, srtp-decrypt expects to process a single RTP flow.
+## caveats
+Isolating a single RTP flow from a network capture is a hard job, too hard to be done in this tool. Hence, srtp-util expects to process a single RTP flow.
 Network capture shall not contain ICMP, ARP or reverse RTP flow for example, as those packets will not be deciphered correctly by the tool.
 Moreover, RTP offset in frames is expected to be constant, by default 42, but can be set to 46 in case of 802.1q tagging.

srtp-decrypt.c → srtp-util.c

@@ -50,6 +50,7 @@ static void decode_sdes(unsigned char *in,
 }
 
 static srtp_session_t *s = NULL;
+static int is_srtp_encrypt = 0;
 
 static void hexdump(const void *ptr, size_t size) {
   int i, j;
@@ -66,10 +67,11 @@ static void hexdump(const void *ptr, size_t size) {
 
 static int rtp_offset = -1; 
 static int frame_nr = -1;
-static int decoded_packets = 0;
+static int processed_packets = 0;
 static struct timeval start_tv = {0, 0};
 
-static void handle_pkt(u_char *arg, const struct pcap_pkthdr *hdr,
+
+static void process_rtp(u_char *arg, const struct pcap_pkthdr *hdr,
   const u_char *bytes) {
   unsigned char buffer[2048];
   size_t pktsize;
@@ -90,19 +92,24 @@ static void handle_pkt(u_char *arg, const struct pcap_pkthdr *hdr,
     start_tv = hdr->ts;
   } 
 
-  if (decoded_packets == 0) {
+  if (processed_packets == 0) {
     srtp_init_seq (s, buffer);
   }
 
-  ret = srtp_recv(s, buffer, &pktsize);
+  if(is_srtp_encrypt) {
+    ret = srtp_send(s, buffer, &pktsize, sizeof(buffer));
+  } else {
+    ret = srtp_recv(s, buffer, &pktsize);
+  }
+
   if (ret != 0) {
     fprintf(stderr, "frame %d dropped: decoding failed '%s'\n", frame_nr,
       strerror(ret));
 
     return;
   }
 
-  decoded_packets++;
+  processed_packets++;
 
   timersub(&hdr->ts, &start_tv, &delta);
   printf("%02ld:%02ld.%06lu\n", delta.tv_sec/60, delta.tv_sec%60, delta.tv_usec);
@@ -125,7 +132,7 @@ int main(int argc, char **argv) {
   int taglen = 10;
   struct bpf_program pcap_filter;
 
-  while ((c = getopt(argc, argv, "k:d:t:")) != -1) {
+  while ((c = getopt(argc, argv, "k:d:t:E")) != -1) {
     switch (c) {
     case 'k':
       sdes = (unsigned char *) optarg;
@@ -136,6 +143,9 @@ int main(int argc, char **argv) {
     case 't':
       taglen = atoi(optarg);
       break;
+    case 'E':
+      is_srtp_encrypt = 1;
+      break;
     default:
       usage(argv[0]);
     }
@@ -172,7 +182,7 @@ int main(int argc, char **argv) {
     }  
   }
 
-  pcap_loop(pcap, 0, handle_pkt, NULL);
+  pcap_loop(pcap, 0, process_rtp, NULL);
 
   srtp_destroy(s);