srtp-utils: Add support for AES 256 bit crypto suites

As specified by RFC 6188.
2024-06-25 21:29:32 +00:00 · 2023-02-12 14:26:25 +02:00 · 2023-02-12 14:26:25 +02:00 · 267eecf049
parent 8ca3597646
commit 267eecf049
3 changed files with 60 additions and 1 deletions
--- a/plugins/provider/sip/calls-sdp-crypto-context.c
+++ b/plugins/provider/sip/calls-sdp-crypto-context.c
@ -435,13 +435,27 @@ calls_sdp_crypto_context_generate_offer (CallsSdpCryptoContext *self)

  attr = calls_srtp_crypto_attribute_new (1);
  attr->tag = 1;
-  attr->crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80;
+  attr->crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_80;
  calls_srtp_crypto_attribute_init_keys (attr);

  self->local_crypto_attributes = g_list_append (NULL, attr);

  attr = calls_srtp_crypto_attribute_new (1);
  attr->tag = 2;
+  attr->crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_32;
+  calls_srtp_crypto_attribute_init_keys (attr);
+
+  self->local_crypto_attributes = g_list_append (self->local_crypto_attributes, attr);
+
+  attr = calls_srtp_crypto_attribute_new (1);
+  attr->tag = 3;
+  attr->crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80;
+  calls_srtp_crypto_attribute_init_keys (attr);
+
+  self->local_crypto_attributes = g_list_append (self->local_crypto_attributes, attr);
+
+  attr = calls_srtp_crypto_attribute_new (1);
+  attr->tag = 4;
  attr->crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_32;
  calls_srtp_crypto_attribute_init_keys (attr);

--- a/plugins/provider/sip/calls-srtp-utils.c
+++ b/plugins/provider/sip/calls-srtp-utils.c
@ -58,6 +58,9 @@ get_key_size_for_suite (calls_srtp_crypto_suite suite)
  case CALLS_SRTP_SUITE_AES_CM_128_SHA1_32:
  case CALLS_SRTP_SUITE_AES_CM_128_SHA1_80:
    return 30;
+  case CALLS_SRTP_SUITE_AES_256_CM_SHA1_32:
+  case CALLS_SRTP_SUITE_AES_256_CM_SHA1_80:
+    return 46;

  case CALLS_SRTP_SUITE_UNKNOWN:
  default:
@ -357,6 +360,10 @@ calls_srtp_parse_sdp_crypto_attribute (const char *attribute,
    crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_32;
  else if (g_strcmp0 (attr_fields[1], "AES_CM_128_HMAC_SHA1_80") == 0)
    crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80;
+  else if (g_strcmp0 (attr_fields[1], "AES_256_CM_HMAC_SHA1_32") == 0)
+    crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_32;
+  else if (g_strcmp0 (attr_fields[1], "AES_256_CM_HMAC_SHA1_80") == 0)
+    crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_80;
  else
    crypto_suite = CALLS_SRTP_SUITE_UNKNOWN; /* error */

@ -579,6 +586,10 @@ calls_srtp_print_sdp_crypto_attribute (calls_srtp_crypto_attribute *attr,
    crypto_suite = "AES_CM_128_HMAC_SHA1_32";
  else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_80)
    crypto_suite = "AES_CM_128_HMAC_SHA1_80";
+  else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32)
+    crypto_suite = "AES_256_CM_HMAC_SHA1_32";
+  else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80)
+    crypto_suite = "AES_256_CM_HMAC_SHA1_80";
  else
    return NULL;

@ -733,6 +744,22 @@ calls_srtp_crypto_get_srtpdec_params (calls_srtp_crypto_attribute *attr,

    return TRUE;
  }
+  if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32) {
+    *srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-256-icm";
+    *srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-32";
+    *srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-256-icm";
+    *srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-32";
+
+    return TRUE;
+  }
+  if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80) {
+    *srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-256-icm";
+    *srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-80";
+    *srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-256-icm";
+    *srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-80";
+
+    return TRUE;
+  }

  return FALSE;
 }
@ -773,6 +800,22 @@ calls_srtp_crypto_get_srtpenc_params (calls_srtp_crypto_attribute *attr,

    return TRUE;
  }
+  if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32) {
+    *srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
+    *srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32;
+    *srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
+    *srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32;
+
+    return TRUE;
+  }
+  if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80) {
+    *srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
+    *srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80;
+    *srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
+    *srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80;
+
+    return TRUE;
+  }

  return FALSE;
 }
--- a/plugins/provider/sip/calls-srtp-utils.h
+++ b/plugins/provider/sip/calls-srtp-utils.h
@ -32,6 +32,8 @@ typedef enum {
  CALLS_SRTP_SUITE_UNKNOWN = 0,
  CALLS_SRTP_SUITE_AES_CM_128_SHA1_32, /* RFC 4568 */
  CALLS_SRTP_SUITE_AES_CM_128_SHA1_80, /* RFC 4568 */
+  CALLS_SRTP_SUITE_AES_256_CM_SHA1_32, /* RFC 6188 */
+  CALLS_SRTP_SUITE_AES_256_CM_SHA1_80, /* RFC 6188 */
 } calls_srtp_crypto_suite;