1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/calls.git synced 2024-11-04 23:51:17 +00:00

srtp-utils: Add support for AES 256 bit crypto suites

As specified by RFC 6188.
This commit is contained in:
Дилян Палаузов 2023-02-12 14:26:25 +02:00 committed by Evangelos Ribeiro Tzaras
parent 8ca3597646
commit 267eecf049
3 changed files with 60 additions and 1 deletions

View file

@ -435,13 +435,27 @@ calls_sdp_crypto_context_generate_offer (CallsSdpCryptoContext *self)
attr = calls_srtp_crypto_attribute_new (1); attr = calls_srtp_crypto_attribute_new (1);
attr->tag = 1; attr->tag = 1;
attr->crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80; attr->crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_80;
calls_srtp_crypto_attribute_init_keys (attr); calls_srtp_crypto_attribute_init_keys (attr);
self->local_crypto_attributes = g_list_append (NULL, attr); self->local_crypto_attributes = g_list_append (NULL, attr);
attr = calls_srtp_crypto_attribute_new (1); attr = calls_srtp_crypto_attribute_new (1);
attr->tag = 2; attr->tag = 2;
attr->crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_32;
calls_srtp_crypto_attribute_init_keys (attr);
self->local_crypto_attributes = g_list_append (self->local_crypto_attributes, attr);
attr = calls_srtp_crypto_attribute_new (1);
attr->tag = 3;
attr->crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80;
calls_srtp_crypto_attribute_init_keys (attr);
self->local_crypto_attributes = g_list_append (self->local_crypto_attributes, attr);
attr = calls_srtp_crypto_attribute_new (1);
attr->tag = 4;
attr->crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_32; attr->crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_32;
calls_srtp_crypto_attribute_init_keys (attr); calls_srtp_crypto_attribute_init_keys (attr);

View file

@ -58,6 +58,9 @@ get_key_size_for_suite (calls_srtp_crypto_suite suite)
case CALLS_SRTP_SUITE_AES_CM_128_SHA1_32: case CALLS_SRTP_SUITE_AES_CM_128_SHA1_32:
case CALLS_SRTP_SUITE_AES_CM_128_SHA1_80: case CALLS_SRTP_SUITE_AES_CM_128_SHA1_80:
return 30; return 30;
case CALLS_SRTP_SUITE_AES_256_CM_SHA1_32:
case CALLS_SRTP_SUITE_AES_256_CM_SHA1_80:
return 46;
case CALLS_SRTP_SUITE_UNKNOWN: case CALLS_SRTP_SUITE_UNKNOWN:
default: default:
@ -357,6 +360,10 @@ calls_srtp_parse_sdp_crypto_attribute (const char *attribute,
crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_32; crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_32;
else if (g_strcmp0 (attr_fields[1], "AES_CM_128_HMAC_SHA1_80") == 0) else if (g_strcmp0 (attr_fields[1], "AES_CM_128_HMAC_SHA1_80") == 0)
crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80; crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80;
else if (g_strcmp0 (attr_fields[1], "AES_256_CM_HMAC_SHA1_32") == 0)
crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_32;
else if (g_strcmp0 (attr_fields[1], "AES_256_CM_HMAC_SHA1_80") == 0)
crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_80;
else else
crypto_suite = CALLS_SRTP_SUITE_UNKNOWN; /* error */ crypto_suite = CALLS_SRTP_SUITE_UNKNOWN; /* error */
@ -579,6 +586,10 @@ calls_srtp_print_sdp_crypto_attribute (calls_srtp_crypto_attribute *attr,
crypto_suite = "AES_CM_128_HMAC_SHA1_32"; crypto_suite = "AES_CM_128_HMAC_SHA1_32";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_80) else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_80)
crypto_suite = "AES_CM_128_HMAC_SHA1_80"; crypto_suite = "AES_CM_128_HMAC_SHA1_80";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32)
crypto_suite = "AES_256_CM_HMAC_SHA1_32";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80)
crypto_suite = "AES_256_CM_HMAC_SHA1_80";
else else
return NULL; return NULL;
@ -733,6 +744,22 @@ calls_srtp_crypto_get_srtpdec_params (calls_srtp_crypto_attribute *attr,
return TRUE; return TRUE;
} }
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32) {
*srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-256-icm";
*srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-32";
*srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-256-icm";
*srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-32";
return TRUE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80) {
*srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-256-icm";
*srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-80";
*srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-256-icm";
*srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-80";
return TRUE;
}
return FALSE; return FALSE;
} }
@ -773,6 +800,22 @@ calls_srtp_crypto_get_srtpenc_params (calls_srtp_crypto_attribute *attr,
return TRUE; return TRUE;
} }
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32) {
*srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
*srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32;
*srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
*srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32;
return TRUE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80) {
*srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
*srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80;
*srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
*srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80;
return TRUE;
}
return FALSE; return FALSE;
} }

View file

@ -32,6 +32,8 @@ typedef enum {
CALLS_SRTP_SUITE_UNKNOWN = 0, CALLS_SRTP_SUITE_UNKNOWN = 0,
CALLS_SRTP_SUITE_AES_CM_128_SHA1_32, /* RFC 4568 */ CALLS_SRTP_SUITE_AES_CM_128_SHA1_32, /* RFC 4568 */
CALLS_SRTP_SUITE_AES_CM_128_SHA1_80, /* RFC 4568 */ CALLS_SRTP_SUITE_AES_CM_128_SHA1_80, /* RFC 4568 */
CALLS_SRTP_SUITE_AES_256_CM_SHA1_32, /* RFC 6188 */
CALLS_SRTP_SUITE_AES_256_CM_SHA1_80, /* RFC 6188 */
} calls_srtp_crypto_suite; } calls_srtp_crypto_suite;