From 378da62ccb593ae9e6e097c7cb4e5ab97ba66ef8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B8=D0=BB=D1=8F=D0=BD=20=D0=9F=D0=B0=D0=BB=D0=B0?= =?UTF-8?q?=D1=83=D0=B7=D0=BE=D0=B2?= Date: Sun, 12 Feb 2023 14:27:34 +0200 Subject: [PATCH] srtp-utils: Add skeleton code to ease adding crypto suites With this in place enabling an additional crypto suite would only require two changes: - Adding GStreamer capability mapping - Add case in calls_srtp_parse_sdp_crypto_attribute() --- plugins/provider/sip/calls-srtp-utils.c | 47 +++++++++++++++++++++++++ plugins/provider/sip/calls-srtp-utils.h | 5 +++ 2 files changed, 52 insertions(+) diff --git a/plugins/provider/sip/calls-srtp-utils.c b/plugins/provider/sip/calls-srtp-utils.c index 3a24eac..88343fe 100644 --- a/plugins/provider/sip/calls-srtp-utils.c +++ b/plugins/provider/sip/calls-srtp-utils.c @@ -58,9 +58,16 @@ get_key_size_for_suite (calls_srtp_crypto_suite suite) case CALLS_SRTP_SUITE_AES_CM_128_SHA1_32: case CALLS_SRTP_SUITE_AES_CM_128_SHA1_80: return 30; + case CALLS_SRTP_SUITE_AES_192_CM_SHA1_32: + case CALLS_SRTP_SUITE_AES_192_CM_SHA1_80: + return 38; case CALLS_SRTP_SUITE_AES_256_CM_SHA1_32: case CALLS_SRTP_SUITE_AES_256_CM_SHA1_80: return 46; + case CALLS_SRTP_SUITE_AEAD_AES_128_GCM: + return 28; + case CALLS_SRTP_SUITE_AEAD_AES_256_GCM: + return 44; case CALLS_SRTP_SUITE_UNKNOWN: default: @@ -586,10 +593,20 @@ calls_srtp_print_sdp_crypto_attribute (calls_srtp_crypto_attribute *attr, crypto_suite = "AES_CM_128_HMAC_SHA1_32"; else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_80) crypto_suite = "AES_CM_128_HMAC_SHA1_80"; + else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_192_CM_SHA1_32) + crypto_suite = "AES_196_CM_HMAC_SHA1_32"; + else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_192_CM_SHA1_80) + crypto_suite = "AES_196_CM_HMAC_SHA1_80"; else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32) crypto_suite = "AES_256_CM_HMAC_SHA1_32"; else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80) crypto_suite = "AES_256_CM_HMAC_SHA1_80"; + else if (attr->crypto_suite == CALLS_SRTP_SUITE_F8_128_HMAC_SHA1_32) + crypto_suite = "F8_128_HMAC_SHA1_80"; + else if (attr->crypto_suite == CALLS_SRTP_SUITE_AEAD_AES_128_GCM) + crypto_suite = "AEAD_AES_128_GCM"; + else if (attr->crypto_suite == CALLS_SRTP_SUITE_AEAD_AES_256_GCM) + crypto_suite = "AEAD_AES_256_GCM"; else return NULL; @@ -744,6 +761,24 @@ calls_srtp_crypto_get_srtpdec_params (calls_srtp_crypto_attribute *attr, return TRUE; } + if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_192_CM_SHA1_32) { + /* NOT OFFERED BY GSTREAMER + *srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-192-icm"; + *srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-32"; + *srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-192-icm"; + *srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-32"; + */ + return FALSE; + } + if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_192_CM_SHA1_80) { + /* NOT OFFERED BY GSTREAMER + *srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-192-icm"; + *srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-80"; + *srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-192-icm"; + *srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-80"; + */ + return FALSE; + } if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32) { *srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-256-icm"; *srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-32"; @@ -760,6 +795,18 @@ calls_srtp_crypto_get_srtpdec_params (calls_srtp_crypto_attribute *attr, return TRUE; } + if (attr->crypto_suite == CALLS_SRTP_SUITE_F8_128_HMAC_SHA1_32) { + // F8 IS NOT OFFERED BY GSTREAMER + return FALSE; + } + if (attr->crypto_suite == CALLS_SRTP_SUITE_AEAD_AES_128_GCM) { + + return FALSE; + } + if (attr->crypto_suite == CALLS_SRTP_SUITE_AEAD_AES_256_GCM) { + + return FALSE; + } return FALSE; } diff --git a/plugins/provider/sip/calls-srtp-utils.h b/plugins/provider/sip/calls-srtp-utils.h index 8680c21..d807275 100644 --- a/plugins/provider/sip/calls-srtp-utils.h +++ b/plugins/provider/sip/calls-srtp-utils.h @@ -32,8 +32,13 @@ typedef enum { CALLS_SRTP_SUITE_UNKNOWN = 0, CALLS_SRTP_SUITE_AES_CM_128_SHA1_32, /* RFC 4568 */ CALLS_SRTP_SUITE_AES_CM_128_SHA1_80, /* RFC 4568 */ + CALLS_SRTP_SUITE_AES_192_CM_SHA1_32, /* RFC 6188 not supperted by Gst */ + CALLS_SRTP_SUITE_AES_192_CM_SHA1_80, /* RFC 6188 not supperted by Gst */ CALLS_SRTP_SUITE_AES_256_CM_SHA1_32, /* RFC 6188 */ CALLS_SRTP_SUITE_AES_256_CM_SHA1_80, /* RFC 6188 */ + CALLS_SRTP_SUITE_F8_128_HMAC_SHA1_32, /* RFC 4568 but not supported by GstSrtpEnc/GstSrtpDec */ + CALLS_SRTP_SUITE_AEAD_AES_128_GCM, /* RFC 7714 TODO support in the future */ + CALLS_SRTP_SUITE_AEAD_AES_256_GCM /* RFC 7714 TODO support in the future */ } calls_srtp_crypto_suite;