From ea5b4f2895523c9e4b077d54b3360d6bc17bc5b4 Mon Sep 17 00:00:00 2001 From: Evangelos Ribeiro Tzaras Date: Mon, 25 Apr 2022 09:47:24 +0200 Subject: [PATCH] sip: media-pipeline: Use cryptographic parameters Allows setting up cryptographic parameters with calls_sip_media_pipeline_set_crypto() and use them to set GstCaps for GstSrtpDec and GObject properties for GstSrtpEnc --- plugins/sip/calls-sip-media-pipeline.c | 167 ++++++++++++++++- plugins/sip/calls-sip-media-pipeline.h | 4 + plugins/sip/calls-srtp-utils.c | 78 ++++++++ plugins/sip/calls-srtp-utils.h | 27 +++ tests/test-srtp.c | 247 +++++++++++++++++++++++++ 5 files changed, 515 insertions(+), 8 deletions(-) diff --git a/plugins/sip/calls-sip-media-pipeline.c b/plugins/sip/calls-sip-media-pipeline.c index 1e58294..f007401 100644 --- a/plugins/sip/calls-sip-media-pipeline.c +++ b/plugins/sip/calls-sip-media-pipeline.c @@ -26,6 +26,7 @@ #include "calls-media-pipeline-enums.h" #include "calls-sip-media-pipeline.h" +#include "calls-srtp-utils.h" #include "util.h" #include @@ -148,6 +149,8 @@ struct _CallsSipMediaPipeline { /* SRTP */ gboolean use_srtp; + calls_srtp_crypto_attribute *crypto_own; + calls_srtp_crypto_attribute *crypto_theirs; GstElement *srtpenc; GstElement *srtpdec; @@ -380,13 +383,109 @@ on_srtpdec_request_key (GstElement *srtpdec, guint ssrc, gpointer user_data) { - /* TODO get key */ - return gst_caps_new_simple ("application/x-srtp", - "srtp-cipher", G_TYPE_STRING, "null", - "srtcp-cipher", G_TYPE_STRING, "null", - "srtp-auth", G_TYPE_STRING, "null", - "srtcp-auth", G_TYPE_STRING, "null", + CallsSipMediaPipeline *self = CALLS_SIP_MEDIA_PIPELINE (user_data); + + GstCaps *caps; + + const char *srtp_cipher = "null"; + const char *srtcp_cipher = "null"; + const char *srtp_auth = "null"; + const char *srtcp_auth = "null"; + + gboolean need_mki; + + if (!calls_srtp_crypto_get_srtpdec_params (self->crypto_theirs, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)) + return NULL; + + if (self->crypto_theirs->n_key_params == 0 || + self->crypto_theirs->n_key_params > 16) { + g_warning ("Got %u key parameters, but can only handle between 1 and 16", + self->crypto_theirs->n_key_params); + + return NULL; + } + + need_mki = self->crypto_theirs->n_key_params > 1; + + if (self->crypto_theirs->n_key_params == 1) { + /* g_autofree guchar *key_salt = NULL; */ + guchar *key_salt = NULL; + gsize key_salt_length; + g_autoptr (GstBuffer) key_buffer = NULL; + + key_salt = g_base64_decode (self->crypto_theirs->key_params[0].b64_keysalt, + &key_salt_length); + key_buffer = gst_buffer_new_wrapped (key_salt, key_salt_length); + + /* TODO Setting up MKI buffer not implemented yet */ + if (self->crypto_theirs->key_params[0].mki) { + g_warning ("Using MKI is not implemented yet"); + return NULL; + } + + return gst_caps_new_simple ("application/x-srtp", + "srtp-key", GST_TYPE_BUFFER, key_buffer, + "srtp-cipher", G_TYPE_STRING, srtp_cipher, + "srtcp-cipher", G_TYPE_STRING, srtcp_cipher, + "srtp-auth", G_TYPE_STRING, srtp_auth, + "srtcp-auth", G_TYPE_STRING, srtcp_auth, + NULL); + + } + + /* TODO Setting up MKI buffer not implemented yet */ + g_warning ("Using MKI is not implemented yet"); + return NULL; + + caps = gst_caps_new_simple ("application/x-srtp", + "srtp-cipher", G_TYPE_STRING, srtp_cipher, + "srtcp-cipher", G_TYPE_STRING, srtcp_cipher, + "srtp-auth", G_TYPE_STRING, srtp_auth, + "srtcp-auth", G_TYPE_STRING, srtcp_auth, NULL); + + + for (guint i = 0; i < self->crypto_theirs->n_key_params; i++) { + GstStructure *structure; + + g_autofree char *structure_name = g_strdup_printf ("key-%u", i); + + guchar *key_salt = NULL; + gsize key_salt_length; + g_autoptr (GstBuffer) key_buffer = NULL; + g_autoptr (GstBuffer) mki_buffer = NULL; + + key_salt = g_base64_decode (self->crypto_theirs->key_params[0].b64_keysalt, + &key_salt_length); + key_buffer = gst_buffer_new_wrapped (key_salt, key_salt_length); + + + if (i == 0 && need_mki) { + structure = gst_structure_new (structure_name, + "srtp-key", GST_TYPE_BUFFER, key_buffer, + "mki", GST_TYPE_BUFFER, mki_buffer, + NULL); + } else if (i == 0 && !need_mki) { + structure = gst_structure_new (structure_name, + "srtp-key", GST_TYPE_BUFFER, key_buffer, + NULL); + } else { + g_autofree char *key_field_name = g_strdup_printf ("srtp-key%u", i+1); + g_autofree char *mki_field_name = g_strdup_printf ("mki%u", i+1); + + structure = gst_structure_new (structure_name, + key_field_name, GST_TYPE_BUFFER, key_buffer, + mki_field_name, GST_TYPE_BUFFER, mki_buffer, + NULL); + } + gst_caps_append_structure (caps, structure); + } + + return caps; } @@ -543,8 +642,6 @@ pipeline_init (CallsSipMediaPipeline *self, self); MAKE_ELEMENT (srtpenc, "srtpenc", "srtpenc"); - g_object_set (self->srtpenc, - "rtp-cipher", 0, "rtp-auth", 0, "rtcp-cipher", 0, "rtcp-auth", 0, NULL); #if GST_CHECK_VERSION (1, 20, 0) tmppad = gst_element_request_pad_simple (self->srtpenc, "rtp_sink_0"); @@ -1060,6 +1157,60 @@ calls_sip_media_pipeline_set_codec (CallsSipMediaPipeline *self, } +void +calls_sip_media_pipeline_set_crypto (CallsSipMediaPipeline *self, + calls_srtp_crypto_attribute *crypto_own, + calls_srtp_crypto_attribute *crypto_theirs) +{ + guchar *key_salt = NULL; + gsize key_salt_length; + GstSrtpCipherType srtp_cipher; + GstSrtpAuthType srtp_auth; + GstSrtpCipherType srtcp_cipher; + GstSrtpAuthType srtcp_auth; + + g_autoptr (GstBuffer) key_buffer = NULL; + + g_return_if_fail (CALLS_IS_SIP_MEDIA_PIPELINE (self)); + g_return_if_fail (crypto_own); + g_return_if_fail (crypto_theirs); + g_return_if_fail (crypto_own->crypto_suite == crypto_theirs->crypto_suite); + g_return_if_fail (crypto_own->tag == crypto_theirs->tag); + + if (self->use_srtp) + return; + + self->use_srtp = TRUE; + self->crypto_own = crypto_own; + self->crypto_theirs = crypto_theirs; + + if (!calls_srtp_crypto_get_srtpenc_params (crypto_own, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)) { + g_autofree char *attr_str = + calls_srtp_print_sdp_crypto_attribute (crypto_own, NULL); + g_warning ("Could not get srtpenc parameters from attribute: %s", attr_str); + return; + } + + /* TODO MKI stuff */ + + key_salt = g_base64_decode (crypto_own->key_params[0].b64_keysalt, + &key_salt_length); + key_buffer = gst_buffer_new_wrapped (key_salt, key_salt_length); + + g_object_set (self->srtpenc, + "key", key_buffer, + "rtp-cipher", srtp_cipher, + "rtp-auth", srtp_auth, + "rtcp-cipher", srtcp_cipher, + "rtcp-auth", srtcp_auth, + NULL); +} + + static void diagnose_used_ports_in_socket (GSocket *socket) { diff --git a/plugins/sip/calls-sip-media-pipeline.h b/plugins/sip/calls-sip-media-pipeline.h index 951cc92..720aa55 100644 --- a/plugins/sip/calls-sip-media-pipeline.h +++ b/plugins/sip/calls-sip-media-pipeline.h @@ -24,6 +24,7 @@ #pragma once +#include "calls-srtp-utils.h" #include "gst-rfc3551.h" #include @@ -67,6 +68,9 @@ G_DECLARE_FINAL_TYPE (CallsSipMediaPipeline, calls_sip_media_pipeline, CALLS, SI CallsSipMediaPipeline* calls_sip_media_pipeline_new (MediaCodecInfo *codec); void calls_sip_media_pipeline_set_codec (CallsSipMediaPipeline *self, MediaCodecInfo *info); +void calls_sip_media_pipeline_set_crypto (CallsSipMediaPipeline *self, + calls_srtp_crypto_attribute *crypto_own, + calls_srtp_crypto_attribute *crypto_theirs); void calls_sip_media_pipeline_start (CallsSipMediaPipeline *self); void calls_sip_media_pipeline_stop (CallsSipMediaPipeline *self); void calls_sip_media_pipeline_pause (CallsSipMediaPipeline *self, diff --git a/plugins/sip/calls-srtp-utils.c b/plugins/sip/calls-srtp-utils.c index a7a87e6..1cde3f7 100644 --- a/plugins/sip/calls-srtp-utils.c +++ b/plugins/sip/calls-srtp-utils.c @@ -691,3 +691,81 @@ calls_srtp_crypto_attribute_free (calls_srtp_crypto_attribute *attr) g_free (attr->b64_fec_key); g_free (attr); } + +/** + * calls_srtp_crypto_get_srtpdec_params: + * @attr: A #calls_srtp_crypto_attribute + * @srtp_cipher (out): SRTP cipher + * @srtp_auth (out): SRTP auth + * @srtcp_cipher (out): SRTCP cipher + * @srtcp_auth (out): SRTCP auth + * + * Sets the parameters suitable for #GstSrtpDec (as a #GstCaps). + */ +gboolean +calls_srtp_crypto_get_srtpdec_params (calls_srtp_crypto_attribute *attr, + const char **srtp_cipher, + const char **srtp_auth, + const char **srtcp_cipher, + const char **srtcp_auth) +{ + g_return_val_if_fail (attr, FALSE); + + if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_128_SHA1_32) { + *srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-128-icm"; + *srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-32"; + *srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-128-icm"; + *srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-32"; + + return TRUE; + } else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_128_SHA1_80) { + *srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-128-icm"; + *srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-80"; + *srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-128-icm"; + *srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-80"; + + return TRUE; + } + + return FALSE; +} + + +/** + * calls_srtp_crypto_get_srtpenc_params: + * @attr: A #calls_srtp_crypto_attribute + * @srtp_cipher (out): SRTP cipher + * @srtp_auth (out): SRTP auth + * @srtcp_cipher (out): SRTCP cipher + * @srtcp_auth (out): SRTCP auth + * + * Sets the parameters suitable for #GstSrtpDec (as a #GstCaps). + */ +gboolean +calls_srtp_crypto_get_srtpenc_params (calls_srtp_crypto_attribute *attr, + GstSrtpCipherType *srtp_cipher, + GstSrtpAuthType *srtp_auth, + GstSrtpCipherType *srtcp_cipher, + GstSrtpAuthType *srtcp_auth) +{ + g_return_val_if_fail (attr, FALSE); + + if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_128_SHA1_32) { + *srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_128_ICM; + *srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32; + *srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_128_ICM; + *srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32; + + return TRUE; + } else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_128_SHA1_80) { + + *srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_128_ICM; + *srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80; + *srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_128_ICM; + *srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80; + + return TRUE; + } + + return FALSE; +} diff --git a/plugins/sip/calls-srtp-utils.h b/plugins/sip/calls-srtp-utils.h index 72d37ca..781136a 100644 --- a/plugins/sip/calls-srtp-utils.h +++ b/plugins/sip/calls-srtp-utils.h @@ -49,6 +49,23 @@ typedef enum { } calls_srtp_lifetime_type; +/* from GStreamer */ +typedef enum { + GST_SRTP_CIPHER_NULL, + GST_SRTP_CIPHER_AES_128_ICM, + GST_SRTP_CIPHER_AES_256_ICM, + GST_SRTP_CIPHER_AES_128_GCM, + GST_SRTP_CIPHER_AES_256_GCM +} GstSrtpCipherType; + + +typedef enum { + GST_SRTP_AUTH_NULL, + GST_SRTP_AUTH_HMAC_SHA1_32, + GST_SRTP_AUTH_HMAC_SHA1_80 +} GstSrtpAuthType; + + typedef struct { char *b64_keysalt; calls_srtp_lifetime_type lifetime_type; @@ -98,6 +115,16 @@ calls_srtp_crypto_attribute *calls_srtp_crypto_attribute_new (guint n_ gboolean calls_srtp_crypto_attribute_init_keys (calls_srtp_crypto_attribute *attr); void calls_srtp_crypto_attribute_free (calls_srtp_crypto_attribute *attr); char *calls_srtp_generate_crypto_for_offer (void); +gboolean calls_srtp_crypto_get_srtpdec_params (calls_srtp_crypto_attribute *attr, + const char **srtp_cipher, + const char **srtp_auth, + const char **srtcp_cipher, + const char **srtcp_auth); +gboolean calls_srtp_crypto_get_srtpenc_params (calls_srtp_crypto_attribute *attr, + GstSrtpCipherType *srtp_cipher, + GstSrtpAuthType *srtp_auth, + GstSrtpCipherType *srtcp_cipher, + GstSrtpAuthType *srtcp_auth); G_DEFINE_AUTOPTR_CLEANUP_FUNC (calls_srtp_crypto_attribute, calls_srtp_crypto_attribute_free) diff --git a/tests/test-srtp.c b/tests/test-srtp.c index 1d35231..e8228b9 100644 --- a/tests/test-srtp.c +++ b/tests/test-srtp.c @@ -223,6 +223,252 @@ test_parse (void) } +static void +test_srtp_params (void) +{ + calls_srtp_crypto_attribute *attr = calls_srtp_crypto_attribute_new (1); + const char *srtp_cipher; + const char *srtp_auth; + const char *srtcp_cipher; + const char *srtcp_auth; + GstSrtpCipherType srtp_cipher_enum; + GstSrtpAuthType srtp_auth_enum; + GstSrtpCipherType srtcp_cipher_enum; + GstSrtpAuthType srtcp_auth_enum; + + attr->crypto_suite = CALLS_SRTP_SUITE_AES_128_SHA1_32; + attr->unencrypted_srtp = FALSE; + attr->unauthenticated_srtp = FALSE; + attr->unencrypted_srtcp = FALSE; + + g_assert_true (calls_srtp_crypto_get_srtpdec_params (attr, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)); + g_assert_cmpstr (srtp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtp_auth, ==, "hmac-sha1-32"); + g_assert_cmpstr (srtcp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtcp_auth, ==, "hmac-sha1-32"); + + g_assert_true (calls_srtp_crypto_get_srtpenc_params (attr, + &srtp_cipher_enum, + &srtp_auth_enum, + &srtcp_cipher_enum, + &srtcp_auth_enum)); + + g_assert_cmpint (srtp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_32); + g_assert_cmpint (srtcp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtcp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_32); + + + attr->crypto_suite = CALLS_SRTP_SUITE_AES_128_SHA1_32; + attr->unencrypted_srtp = TRUE; + attr->unauthenticated_srtp = FALSE; + attr->unencrypted_srtcp = FALSE; + + g_assert_true (calls_srtp_crypto_get_srtpdec_params (attr, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)); + g_assert_cmpstr (srtp_cipher, ==, "null"); + g_assert_cmpstr (srtp_auth, ==, "hmac-sha1-32"); + g_assert_cmpstr (srtcp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtcp_auth, ==, "hmac-sha1-32"); + + g_assert_true (calls_srtp_crypto_get_srtpenc_params (attr, + &srtp_cipher_enum, + &srtp_auth_enum, + &srtcp_cipher_enum, + &srtcp_auth_enum)); + + g_assert_cmpint (srtp_cipher_enum, ==, GST_SRTP_CIPHER_NULL); + g_assert_cmpint (srtp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_32); + g_assert_cmpint (srtcp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtcp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_32); + + + attr->crypto_suite = CALLS_SRTP_SUITE_AES_128_SHA1_32; + attr->unencrypted_srtp = FALSE; + attr->unauthenticated_srtp = TRUE; + attr->unencrypted_srtcp = FALSE; + + g_assert_true (calls_srtp_crypto_get_srtpdec_params (attr, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)); + g_assert_cmpstr (srtp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtp_auth, ==, "null"); + g_assert_cmpstr (srtcp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtcp_auth, ==, "hmac-sha1-32"); + + g_assert_true (calls_srtp_crypto_get_srtpenc_params (attr, + &srtp_cipher_enum, + &srtp_auth_enum, + &srtcp_cipher_enum, + &srtcp_auth_enum)); + + g_assert_cmpint (srtp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtp_auth_enum, ==, GST_SRTP_AUTH_NULL); + g_assert_cmpint (srtcp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtcp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_32); + + + attr->crypto_suite = CALLS_SRTP_SUITE_AES_128_SHA1_32; + attr->unencrypted_srtp = FALSE; + attr->unauthenticated_srtp = FALSE; + attr->unencrypted_srtcp = TRUE; + + g_assert_true (calls_srtp_crypto_get_srtpdec_params (attr, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)); + g_assert_cmpstr (srtp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtp_auth, ==, "hmac-sha1-32"); + g_assert_cmpstr (srtcp_cipher, ==, "null"); + g_assert_cmpstr (srtcp_auth, ==, "null"); + + g_assert_true (calls_srtp_crypto_get_srtpenc_params (attr, + &srtp_cipher_enum, + &srtp_auth_enum, + &srtcp_cipher_enum, + &srtcp_auth_enum)); + + g_assert_cmpint (srtp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_32); + g_assert_cmpint (srtcp_cipher_enum, ==, GST_SRTP_CIPHER_NULL); + g_assert_cmpint (srtcp_auth_enum, ==, GST_SRTP_AUTH_NULL); + + + attr->crypto_suite = CALLS_SRTP_SUITE_AES_128_SHA1_80; + attr->unencrypted_srtp = FALSE; + attr->unauthenticated_srtp = FALSE; + attr->unencrypted_srtcp = FALSE; + + g_assert_true (calls_srtp_crypto_get_srtpdec_params (attr, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)); + g_assert_cmpstr (srtp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtp_auth, ==, "hmac-sha1-80"); + g_assert_cmpstr (srtcp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtcp_auth, ==, "hmac-sha1-80"); + + g_assert_true (calls_srtp_crypto_get_srtpenc_params (attr, + &srtp_cipher_enum, + &srtp_auth_enum, + &srtcp_cipher_enum, + &srtcp_auth_enum)); + + g_assert_cmpint (srtp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_80); + g_assert_cmpint (srtcp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtcp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_80); + + + attr->crypto_suite = CALLS_SRTP_SUITE_AES_128_SHA1_80; + attr->unencrypted_srtp = TRUE; + attr->unauthenticated_srtp = FALSE; + attr->unencrypted_srtcp = FALSE; + + g_assert_true (calls_srtp_crypto_get_srtpdec_params (attr, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)); + g_assert_cmpstr (srtp_cipher, ==, "null"); + g_assert_cmpstr (srtp_auth, ==, "hmac-sha1-80"); + g_assert_cmpstr (srtcp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtcp_auth, ==, "hmac-sha1-80"); + + g_assert_true (calls_srtp_crypto_get_srtpenc_params (attr, + &srtp_cipher_enum, + &srtp_auth_enum, + &srtcp_cipher_enum, + &srtcp_auth_enum)); + + g_assert_cmpint (srtp_cipher_enum, ==, GST_SRTP_CIPHER_NULL); + g_assert_cmpint (srtp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_80); + g_assert_cmpint (srtcp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtcp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_80); + + + attr->crypto_suite = CALLS_SRTP_SUITE_AES_128_SHA1_80; + attr->unencrypted_srtp = FALSE; + attr->unauthenticated_srtp = TRUE; + attr->unencrypted_srtcp = FALSE; + + g_assert_true (calls_srtp_crypto_get_srtpdec_params (attr, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)); + g_assert_cmpstr (srtp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtp_auth, ==, "null"); + g_assert_cmpstr (srtcp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtcp_auth, ==, "hmac-sha1-80"); + + g_assert_true (calls_srtp_crypto_get_srtpenc_params (attr, + &srtp_cipher_enum, + &srtp_auth_enum, + &srtcp_cipher_enum, + &srtcp_auth_enum)); + + g_assert_cmpint (srtp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtp_auth_enum, ==, GST_SRTP_AUTH_NULL); + g_assert_cmpint (srtcp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtcp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_80); + + + attr->crypto_suite = CALLS_SRTP_SUITE_AES_128_SHA1_80; + attr->unencrypted_srtp = FALSE; + attr->unauthenticated_srtp = FALSE; + attr->unencrypted_srtcp = TRUE; + + g_assert_true (calls_srtp_crypto_get_srtpdec_params (attr, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)); + g_assert_cmpstr (srtp_cipher, ==, "aes-128-icm"); + g_assert_cmpstr (srtp_auth, ==, "hmac-sha1-80"); + g_assert_cmpstr (srtcp_cipher, ==, "null"); + g_assert_cmpstr (srtcp_auth, ==, "null"); + + g_assert_true (calls_srtp_crypto_get_srtpenc_params (attr, + &srtp_cipher_enum, + &srtp_auth_enum, + &srtcp_cipher_enum, + &srtcp_auth_enum)); + + g_assert_cmpint (srtp_cipher_enum, ==, GST_SRTP_CIPHER_AES_128_ICM); + g_assert_cmpint (srtp_auth_enum, ==, GST_SRTP_AUTH_HMAC_SHA1_80); + g_assert_cmpint (srtcp_cipher_enum, ==, GST_SRTP_CIPHER_NULL); + g_assert_cmpint (srtcp_auth_enum, ==, GST_SRTP_AUTH_NULL); + + + attr->crypto_suite = CALLS_SRTP_SUITE_UNKNOWN; + + g_assert_false (calls_srtp_crypto_get_srtpdec_params (attr, + &srtp_cipher, + &srtp_auth, + &srtcp_cipher, + &srtcp_auth)); + + g_assert_false (calls_srtp_crypto_get_srtpenc_params (attr, + &srtp_cipher_enum, + &srtp_auth_enum, + &srtcp_cipher_enum, + &srtcp_auth_enum)); + calls_srtp_crypto_attribute_free (attr); +} + + int main (int argc, char *argv[]) @@ -231,6 +477,7 @@ main (int argc, g_test_add_func ("/Calls/SRTP-SDP/crypto_attribute_validity", test_crypto_attribute_validity); g_test_add_func ("/Calls/SRTP-SDP/parse", test_parse); + g_test_add_func ("/Calls/SRTP/srtp_params", test_srtp_params); return g_test_run (); }