srtp-utils: Add support for AES 256 bit crypto suites

As specified by RFC 6188.

plugins/provider/sip/calls-sdp-crypto-context.c

@@ -435,13 +435,27 @@ calls_sdp_crypto_context_generate_offer (CallsSdpCryptoContext *self)
 
   attr = calls_srtp_crypto_attribute_new (1);
   attr->tag = 1;
-  attr->crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80;
+  attr->crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_80;
   calls_srtp_crypto_attribute_init_keys (attr);
 
   self->local_crypto_attributes = g_list_append (NULL, attr);
 
   attr = calls_srtp_crypto_attribute_new (1);
   attr->tag = 2;
+  attr->crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_32;
+  calls_srtp_crypto_attribute_init_keys (attr);
+
+  self->local_crypto_attributes = g_list_append (self->local_crypto_attributes, attr);
+
+  attr = calls_srtp_crypto_attribute_new (1);
+  attr->tag = 3;
+  attr->crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80;
+  calls_srtp_crypto_attribute_init_keys (attr);
+
+  self->local_crypto_attributes = g_list_append (self->local_crypto_attributes, attr);
+
+  attr = calls_srtp_crypto_attribute_new (1);
+  attr->tag = 4;
   attr->crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_32;
   calls_srtp_crypto_attribute_init_keys (attr);
 

plugins/provider/sip/calls-srtp-utils.c

@@ -58,6 +58,9 @@ get_key_size_for_suite (calls_srtp_crypto_suite suite)
   case CALLS_SRTP_SUITE_AES_CM_128_SHA1_32:
   case CALLS_SRTP_SUITE_AES_CM_128_SHA1_80:
     return 30;
+  case CALLS_SRTP_SUITE_AES_256_CM_SHA1_32:
+  case CALLS_SRTP_SUITE_AES_256_CM_SHA1_80:
+    return 46;
 
   case CALLS_SRTP_SUITE_UNKNOWN:
   default:
@@ -357,6 +360,10 @@ calls_srtp_parse_sdp_crypto_attribute (const char *attribute,
     crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_32;
   else if (g_strcmp0 (attr_fields[1], "AES_CM_128_HMAC_SHA1_80") == 0)
     crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80;
+  else if (g_strcmp0 (attr_fields[1], "AES_256_CM_HMAC_SHA1_32") == 0)
+    crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_32;
+  else if (g_strcmp0 (attr_fields[1], "AES_256_CM_HMAC_SHA1_80") == 0)
+    crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_80;
   else
     crypto_suite = CALLS_SRTP_SUITE_UNKNOWN; /* error */
 
@@ -579,6 +586,10 @@ calls_srtp_print_sdp_crypto_attribute (calls_srtp_crypto_attribute *attr,
     crypto_suite = "AES_CM_128_HMAC_SHA1_32";
   else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_80)
     crypto_suite = "AES_CM_128_HMAC_SHA1_80";
+  else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32)
+    crypto_suite = "AES_256_CM_HMAC_SHA1_32";
+  else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80)
+    crypto_suite = "AES_256_CM_HMAC_SHA1_80";
   else
     return NULL;
 
@@ -733,6 +744,22 @@ calls_srtp_crypto_get_srtpdec_params (calls_srtp_crypto_attribute *attr,
 
     return TRUE;
   }
+  if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32) {
+    *srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-256-icm";
+    *srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-32";
+    *srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-256-icm";
+    *srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-32";
+
+    return TRUE;
+  }
+  if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80) {
+    *srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-256-icm";
+    *srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-80";
+    *srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-256-icm";
+    *srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-80";
+
+    return TRUE;
+  }
 
   return FALSE;
 }
@@ -773,6 +800,22 @@ calls_srtp_crypto_get_srtpenc_params (calls_srtp_crypto_attribute *attr,
 
     return TRUE;
   }
+  if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32) {
+    *srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
+    *srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32;
+    *srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
+    *srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32;
+
+    return TRUE;
+  }
+  if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80) {
+    *srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
+    *srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80;
+    *srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
+    *srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80;
+
+    return TRUE;
+  }
 
   return FALSE;
 }

plugins/provider/sip/calls-srtp-utils.h

@@ -32,6 +32,8 @@ typedef enum {
   CALLS_SRTP_SUITE_UNKNOWN = 0,
   CALLS_SRTP_SUITE_AES_CM_128_SHA1_32, /* RFC 4568 */
   CALLS_SRTP_SUITE_AES_CM_128_SHA1_80, /* RFC 4568 */
+  CALLS_SRTP_SUITE_AES_256_CM_SHA1_32, /* RFC 6188 */
+  CALLS_SRTP_SUITE_AES_256_CM_SHA1_80, /* RFC 6188 */
 } calls_srtp_crypto_suite;