1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/calls.git synced 2024-11-14 04:15:37 +00:00
Purism-Calls/plugins/provider/sip/calls-srtp-utils.c
Дилян Палаузов 378da62ccb srtp-utils: Add skeleton code to ease adding crypto suites
With this in place enabling an additional crypto suite
would only require two changes:
- Adding GStreamer capability mapping
- Add case in calls_srtp_parse_sdp_crypto_attribute()
2023-05-09 13:23:43 +00:00

868 lines
28 KiB
C

/*
* Copyright (C) 2022 Purism SPC
*
* This file is part of Calls.
*
* Calls is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Calls is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Calls. If not, see <http://www.gnu.org/licenses/>.
*
* Author: Evangelos Ribeiro Tzaras <evangelos.tzaras@puri.sm>
*
* SPDX-License-Identifier: GPL-3.0-or-later
*
*/
#include "calls-srtp-utils.h"
#include "calls-util.h"
#include <gio/gio.h>
#include <sys/random.h>
/**
* SECTION:srtp-utils
* @short_description: SRTP utilities for SDP parsing
* @Title: CallsSrtpUtils
*
* Utilities for parsing and generating the crypto attribute
* in SDP for SRTP use based on RFC 4568.
*
* Note that limitations of libsrtp are taken into account when checking validity
* of the parsed attribute. These are:
* A maximum of 16 keys,
* key derivation rate must be 0,
* lifetimes other than 2^48 (we actually ignore the specified lifetimes)
*/
/* The default used in libsrtp. No API to change this. See https://github.com/cisco/libsrtp/issues/588 */
#define SRTP_DEFAULT_LIFETIME_POW2 48
#define SRTP_MAX_LIFETIME_POW2 48
/* The default used in libsrtp (and GstSrtpEnc/GstSrtpDec) */
#define SRTP_DEFAULT_WINDOW_SIZE 128
static gsize
get_key_size_for_suite (calls_srtp_crypto_suite suite)
{
switch (suite) {
case CALLS_SRTP_SUITE_AES_CM_128_SHA1_32:
case CALLS_SRTP_SUITE_AES_CM_128_SHA1_80:
return 30;
case CALLS_SRTP_SUITE_AES_192_CM_SHA1_32:
case CALLS_SRTP_SUITE_AES_192_CM_SHA1_80:
return 38;
case CALLS_SRTP_SUITE_AES_256_CM_SHA1_32:
case CALLS_SRTP_SUITE_AES_256_CM_SHA1_80:
return 46;
case CALLS_SRTP_SUITE_AEAD_AES_128_GCM:
return 28;
case CALLS_SRTP_SUITE_AEAD_AES_256_GCM:
return 44;
case CALLS_SRTP_SUITE_UNKNOWN:
default:
return 0;
}
}
static gboolean
validate_crypto_attribute (calls_srtp_crypto_attribute *attr,
GError **error)
{
guint expected_key_salt_length;
gboolean need_mki;
guint expected_mki_length = 0;
calls_srtp_crypto_key_param *key_param;
GSList *mki_list = NULL; /* for checking uniqueness of MKIs */
GSList *key_list = NULL; /* for checking uniqueness of keys */
if (!attr) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Attribute is NULL");
return FALSE;
}
if (attr->tag <= 0 || attr->tag >= 1000000000) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Tag is not valid: %d", attr->tag);
return FALSE;
}
expected_key_salt_length = get_key_size_for_suite (attr->crypto_suite);
if (expected_key_salt_length == 0) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Crypto suite unknown");
return FALSE;
}
/* at least one and a maximum of 16 key parameters */
if (attr->n_key_params == 0 || attr->n_key_params > 16) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Must have between 1 and 16 keys, got %d", attr->n_key_params);
return FALSE;
}
need_mki = attr->n_key_params > 1 ||
attr->key_params[0].mki ||
attr->key_params[0].mki_length;
if (need_mki) {
expected_mki_length = attr->key_params[0].mki_length;
if (expected_mki_length == 0 ||
expected_mki_length > 128) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"MKI length must be between 1 and 128, got %u",
attr->key_params[0].mki_length);
return FALSE;
}
}
for (guint i = 0; i < attr->n_key_params; i++) {
g_autofree guchar *key_salt = NULL;
gsize key_salt_length;
key_param = &attr->key_params[i];
/* must have a key */
if (!key_param->b64_keysalt) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"No key found in parameter %d", i);
goto failed;
}
key_salt = g_base64_decode (key_param->b64_keysalt, &key_salt_length);
/* key must have length consistent with suite */
if (key_salt_length != expected_key_salt_length) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Key %d has length %" G_GSIZE_FORMAT ", but expected %d",
i, key_salt_length, expected_key_salt_length);
goto failed;
}
/* key must be unique */
if (g_slist_find_custom (key_list,
key_param->b64_keysalt,
(GCompareFunc) g_strcmp0)) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Key %d is not unique: %s", i, key_param->b64_keysalt);
goto failed;
}
key_list = g_slist_append (key_list, key_param->b64_keysalt);
/* lifetime in range */
if (key_param->lifetime_type == CALLS_SRTP_LIFETIME_AS_DECIMAL_NUMBER &&
key_param->lifetime >= (1ULL << SRTP_MAX_LIFETIME_POW2)) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Lifetime of key %d out of bounds: Got %" G_GINT64_FORMAT " but maximum is 2^%d",
i, key_param->lifetime, SRTP_MAX_LIFETIME_POW2);
goto failed;
}
if (key_param->lifetime_type == CALLS_SRTP_LIFETIME_AS_POWER_OF_TWO &&
key_param->lifetime >= SRTP_MAX_LIFETIME_POW2) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Lifetime of key %d out of bounds: Got 2^%" G_GINT64_FORMAT " but maximum is 2^%d",
i, key_param->lifetime, SRTP_MAX_LIFETIME_POW2);
goto failed;
}
/* if MKI length is set, it must be the same for all key parameters */
if (need_mki) {
if (key_param->mki_length != expected_mki_length) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"MKI length must be the same for all keys. Key %d has length %d but expected %d",
i, key_param->mki_length, expected_mki_length);
goto failed;
}
/* MKI must not have leading zero */
if (key_param->mki == 0) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"No MKI set for key %d", i);
goto failed;
}
/* MKI must be unique */
if (g_slist_find (mki_list, GINT_TO_POINTER (key_param->mki))) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"MKI for key %d is not unique", i);
goto failed;
}
mki_list = g_slist_append (mki_list, GINT_TO_POINTER (key_param->mki));
}
}
/* check session parameters */
/* libsrtp does only support kdr=0 */
if (attr->kdr != 0) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Key derivation rate must be 0, got %d",
attr->kdr);
goto failed;
}
g_slist_free (mki_list);
g_slist_free (key_list);
return TRUE;
failed:
g_slist_free (mki_list);
g_slist_free (key_list);
return FALSE;
}
/**
* calls_srtp_generate_key_salt:
* @length: Desired length of random data
*
* Generate random data to be used as master key and master salt of desired length @length
*
* Returns: (transfer full): Random data to be used as key and salt in SRTP
* or %NULL if failed. Free with g_free() when done.
*/
guchar *
calls_srtp_generate_key_salt (gsize length)
{
g_autofree guchar *key_salt = NULL;
gsize n_bytes;
g_return_val_if_fail (length > 0, NULL);
key_salt = g_malloc (length);
n_bytes = getrandom (key_salt, length, GRND_NONBLOCK);
if (n_bytes == -1) {
return NULL;
}
return g_steal_pointer (&key_salt);
}
/**
* calls_srtp_generate_key_salt_for_suite:
* @suite: a #calls_srtp_crypto_suite
*
* Generate random data to be used as master key and master salt.
* The required length is determined by the requirements of the @suite
*
* Returns: (transfer full): Random data to be used as key and salt in SRTP
* or %NULL if failed. Free with g_free() when done.
*/
guchar *
calls_srtp_generate_key_salt_for_suite (calls_srtp_crypto_suite suite)
{
gsize size = get_key_size_for_suite (suite);
if (size == 0)
return NULL;
return calls_srtp_generate_key_salt (size);
}
/**
* calls_srtp_parse_sdp_crypto_attribute:
* @attribute: attribute line
* @error: a #GError
*
* Parse textual attribute line into structured data.
*
* Returns: (transfer full): A #calls_srtp_crypto_attribute containing
* parsed attribute data, or %NULL if parsing failed.
*/
calls_srtp_crypto_attribute *
calls_srtp_parse_sdp_crypto_attribute (const char *attribute,
GError **error)
{
g_auto (GStrv) attr_fields = NULL;
g_auto (GStrv) key_info_strv = NULL;
guint n_attr_fields;
guint n_key_params;
char *tag_str;
gint tag;
calls_srtp_crypto_attribute *attr;
calls_srtp_crypto_suite crypto_suite;
gboolean need_mki;
gboolean attr_invalid = FALSE;
g_autofree char *err_msg = NULL;
if (STR_IS_NULL_OR_EMPTY (attribute)) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Cannot parse null or empty strings");
return NULL;
}
if (!g_str_has_prefix (attribute, "a=crypto:")) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Does not look like a SDP crypto attribute: %s",
attribute);
return NULL;
}
attr_fields = g_strsplit (attribute, " ", -1);
n_attr_fields = g_strv_length (attr_fields);
if (n_attr_fields < 3) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Need at least three fields in a SDP crypto attribute: %s",
attribute);
return NULL;
}
tag_str = &attr_fields[0][9]; /* 9 is the length of "a=crypto:" */
/* leading zeros MUST NOT be used */
if (*tag_str == '0') {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Tag must not have a leading zero: %s",
tag_str);
return NULL;
}
tag = (int) strtol (tag_str, NULL, 10);
if (tag == 0) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Tag set to 0: %s", tag_str);
return NULL;
}
if (tag < 0) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Tag must be positive: %s", tag_str);
return NULL;
}
if (tag >= 1000000000) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Tag must have a maximum of 9 digits: %s", tag_str);
return NULL;
}
if (g_strcmp0 (attr_fields[1], "AES_CM_128_HMAC_SHA1_32") == 0)
crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_32;
else if (g_strcmp0 (attr_fields[1], "AES_CM_128_HMAC_SHA1_80") == 0)
crypto_suite = CALLS_SRTP_SUITE_AES_CM_128_SHA1_80;
else if (g_strcmp0 (attr_fields[1], "AES_256_CM_HMAC_SHA1_32") == 0)
crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_32;
else if (g_strcmp0 (attr_fields[1], "AES_256_CM_HMAC_SHA1_80") == 0)
crypto_suite = CALLS_SRTP_SUITE_AES_256_CM_SHA1_80;
else
crypto_suite = CALLS_SRTP_SUITE_UNKNOWN; /* error */
/* key infos are split by ';' */
key_info_strv = g_strsplit (attr_fields[2], ";", -1);
n_key_params = g_strv_length (key_info_strv);
/* libsrtp supports a maximum of 16 master keys */
if (n_key_params > 16) {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"More than 16 keys are not supported by libsrtp");
return NULL;
}
need_mki = n_key_params > 1;
attr = calls_srtp_crypto_attribute_new (n_key_params);
attr->tag = tag;
attr->crypto_suite = crypto_suite;
for (guint i = 0; i < n_key_params; i++) {
char *key_info; /* srtp-key-info = key-salt ["|" lifetime] ["|" mki] */
g_auto (GStrv) key_info_fields = NULL;
guint n_key_infos;
guint key_info_lifetime_index;
guint key_info_mki_index;
calls_srtp_crypto_key_param *key_param = &attr->key_params[i];
if (!g_str_has_prefix (key_info_strv[i], "inline:")) {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("Key method not 'inline': %s", key_info_strv[i]);
break;
}
key_info = &key_info_strv[i][7]; /* 7 is the length of "inline:" */
key_info_fields = g_strsplit (key_info, "|", -1);
n_key_infos = g_strv_length (key_info_fields);
switch (strlen (key_info_fields[0]) % 4) {
case 3:
key_param->b64_keysalt = g_strconcat (key_info_fields[0], "=", NULL);
break;
case 2:
key_param->b64_keysalt = g_strconcat (key_info_fields[0], "==", NULL);
break;
case 1:
g_assert_not_reached (); /* impossible with base64 */
break;
case 0:
default:
key_param->b64_keysalt = g_strdup (key_info_fields[0]);
}
if (n_key_infos == 1) {
key_info_lifetime_index = 0;
key_info_mki_index = 0;
} else if (n_key_infos == 2) {
/* either MKI or lifetime */
if (g_strstr_len (key_info_fields[1], -1, ":")) {
key_info_lifetime_index = 0;
key_info_mki_index = 1;
} else {
key_info_lifetime_index = 1;
key_info_mki_index = 0;
}
} else if (n_key_infos == 3) {
key_info_lifetime_index = 1;
key_info_mki_index = 2;
} else {
/* invalid */
attr_invalid = TRUE;
err_msg = g_strdup_printf ("Unexpected number of key-info fields: %s", key_info);
break;
}
/* lifetime type */
if (key_info_lifetime_index) {
char *lifetime_number;
char *endptr;
if (g_str_has_prefix (key_info_fields[key_info_lifetime_index], "2^")) {
key_param->lifetime_type = CALLS_SRTP_LIFETIME_AS_POWER_OF_TWO;
lifetime_number = &key_info_fields[key_info_lifetime_index][2]; /* 2 is the length of "2^" */
} else {
key_param->lifetime_type = CALLS_SRTP_LIFETIME_AS_DECIMAL_NUMBER;
lifetime_number = key_info_fields[key_info_lifetime_index];
}
if (*lifetime_number == '0') {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("Leading zero in lifetime: %s",
key_info_fields[key_info_lifetime_index]);
break;
}
key_param->lifetime = g_ascii_strtoull (lifetime_number, &endptr, 10);
if (key_param->lifetime == 0) {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("Lifetime set to zero: %s",
key_info_fields[key_info_lifetime_index]);
break;
}
if (*endptr != '\0') {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("Non numeric characters in lifetime: %s",
key_info_fields[key_info_lifetime_index]);
break;
}
/* out of bounds check will be performed during validation of the attribute */
}
if (need_mki && key_info_mki_index == 0) {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("MKI needed, but not found: %s", key_info);
break;
}
if (need_mki) {
g_auto (GStrv) mki_split = g_strsplit (key_info_fields[key_info_mki_index], ":", -1);
guint n_mki = g_strv_length (mki_split);
guint64 mki;
guint64 mki_length;
char *endptr;
if (n_mki != 2) {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("MKI field not separated into two fields by colon: %s",
key_info_fields[key_info_mki_index]);
break;
}
/* no leading zero allowed */
if (*mki_split[0] == '0') {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("Leading zero in MKI: %s", mki_split[0]);
break;
}
if (*mki_split[1] == '0') {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("Leading zero in MKI length: %s", mki_split[1]);
break;
}
mki = g_ascii_strtoull (mki_split[0], &endptr, 10);
if (mki == 0) {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("MKI set to 0: %s", mki_split[0]);
break;
}
if (*endptr != '\0') {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("Non numeric characters found in MKI: %s", mki_split[0]);
break;
}
mki_length = g_ascii_strtoull (mki_split[1], &endptr, 10);
/* number of bytes of the MKI field in the SRTP packet */
if (mki_length == 0 || mki_length > 128) {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("MKI length not between 0 and 128: %s", mki_split[1]);
break;
}
if (*endptr != '\0') {
attr_invalid = TRUE;
err_msg = g_strdup_printf ("Non numeric characters found in MKI length: %s", mki_split[1]);
break;
}
key_param->mki = mki;
key_param->mki_length = (guint) mki_length;
}
}
if (attr_invalid) {
calls_srtp_crypto_attribute_free (attr);
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, err_msg);
return NULL;
}
/* TODO session parameters */
if (!validate_crypto_attribute (attr, error)) {
calls_srtp_crypto_attribute_free (attr);
return NULL;
}
return attr;
}
/**
* calls_srtp_print_sdp_crypto_attribute:
* @attr: Structured crypto attribute
* @error: A #GError
*
* Returns: (transfer full): Textual representation of crypto attribute
* or %NULL if attribute contains invalid data.
*/
char *
calls_srtp_print_sdp_crypto_attribute (calls_srtp_crypto_attribute *attr,
GError **error)
{
const char *crypto_suite;
GString *attr_str;
if (!validate_crypto_attribute (attr, error))
return NULL;
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_32)
crypto_suite = "AES_CM_128_HMAC_SHA1_32";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_80)
crypto_suite = "AES_CM_128_HMAC_SHA1_80";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_192_CM_SHA1_32)
crypto_suite = "AES_196_CM_HMAC_SHA1_32";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_192_CM_SHA1_80)
crypto_suite = "AES_196_CM_HMAC_SHA1_80";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32)
crypto_suite = "AES_256_CM_HMAC_SHA1_32";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80)
crypto_suite = "AES_256_CM_HMAC_SHA1_80";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_F8_128_HMAC_SHA1_32)
crypto_suite = "F8_128_HMAC_SHA1_80";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_AEAD_AES_128_GCM)
crypto_suite = "AEAD_AES_128_GCM";
else if (attr->crypto_suite == CALLS_SRTP_SUITE_AEAD_AES_256_GCM)
crypto_suite = "AEAD_AES_256_GCM";
else
return NULL;
attr_str = g_string_sized_new (96); /* minimal string length is 82 */
g_string_append_printf (attr_str, "a=crypto:%d %s ",
attr->tag, crypto_suite);
/* key parameters */
for (guint i = 0; i < attr->n_key_params; i++) {
calls_srtp_crypto_key_param *key_param = &attr->key_params[i];
int keylen = strlen (key_param->b64_keysalt);
/* https://www.rfc-editor.org/rfc/rfc4568.html#section-6.1 says:
When base64 decoding the key and salt, padding characters (i.e.,
one or two "=" at the end of the base64-encoded data) are discarded
(see [RFC3548] for details).
*/
if (key_param->b64_keysalt[keylen - 2] == '=')
g_string_append_printf (attr_str, "inline:%.*s", keylen - 2, key_param->b64_keysalt);
else if (key_param->b64_keysalt[keylen - 1] == '=')
g_string_append_printf (attr_str, "inline:%.*s", keylen - 1, key_param->b64_keysalt);
else
g_string_append_printf (attr_str, "inline:%s", key_param->b64_keysalt);
if (key_param->lifetime_type == CALLS_SRTP_LIFETIME_AS_DECIMAL_NUMBER)
g_string_append_printf (attr_str, "|%" G_GINT64_FORMAT, key_param->lifetime);
if (key_param->lifetime_type == CALLS_SRTP_LIFETIME_AS_POWER_OF_TWO)
g_string_append_printf (attr_str, "|2^%" G_GINT64_FORMAT, key_param->lifetime);
if (key_param->mki > 0) {
g_string_append_printf(attr_str, "|%" G_GUINT64_FORMAT ":%u",
key_param->mki, key_param->mki_length);
}
if (i + 1 < attr->n_key_params)
g_string_append (attr_str, ";");
}
/* TODO session parameters */
return g_string_free (attr_str, FALSE);
}
/**
* calls_srtp_crypto_attribute_new:
* @n_key_params: The number of key parameters
*
* Returns: (transfer full): A new empty #calls_srtp_crypto_attribute
* with @n_key_params key parameters allocated. Key parameters must be set either
* manually or by using calls_srtp_crypto_attribute_init_keys().
*
* Free the attribute with calls_srtp_crypto_attribute_free() after you are done.
*/
calls_srtp_crypto_attribute *
calls_srtp_crypto_attribute_new (guint n_key_params)
{
calls_srtp_crypto_attribute *attr;
g_return_val_if_fail (n_key_params > 0 || n_key_params < 16, NULL);
attr = g_new0 (calls_srtp_crypto_attribute, 1);
attr->key_params = g_new0 (calls_srtp_crypto_key_param, n_key_params);
attr->n_key_params = n_key_params;
return attr;
}
/**
* calls_srtp_crypto_attribute_init_keys:
* @attr: A #calls_srtp_crypto_attribute
*
* Generate key material and set sane default parameters for each
* key parameter.
*/
gboolean
calls_srtp_crypto_attribute_init_keys (calls_srtp_crypto_attribute *attr)
{
gsize key_size;
gboolean need_mki;
g_return_val_if_fail (attr, FALSE);
key_size = get_key_size_for_suite (attr->crypto_suite);
if (key_size == 0)
return FALSE;
need_mki = attr->n_key_params > 1;
for (uint i = 0; i < attr->n_key_params; i++) {
g_autofree guchar *key = calls_srtp_generate_key_salt (key_size);
g_free (attr->key_params[i].b64_keysalt);
attr->key_params[i].b64_keysalt = g_base64_encode (key, key_size);
if (need_mki) {
attr->key_params[i].mki = i + 1;
attr->key_params[i].mki_length = 4;
}
}
return TRUE;
}
/**
* calls_srtp_crypto_attribute_free:
* @attr: A #calls_srtp_crypto_attribute
*
* Frees all memory allocated for @attr.
*/
void
calls_srtp_crypto_attribute_free (calls_srtp_crypto_attribute *attr)
{
for (guint i = 0; i < attr->n_key_params; i++) {
g_free (attr->key_params[i].b64_keysalt);
}
g_free (attr->key_params);
g_free (attr->b64_fec_key);
g_free (attr);
}
/**
* calls_srtp_crypto_get_srtpdec_params:
* @attr: A #calls_srtp_crypto_attribute
* @srtp_cipher (out): SRTP cipher
* @srtp_auth (out): SRTP auth
* @srtcp_cipher (out): SRTCP cipher
* @srtcp_auth (out): SRTCP auth
*
* Sets the parameters suitable for #GstSrtpDec (as a #GstCaps).
*/
gboolean
calls_srtp_crypto_get_srtpdec_params (calls_srtp_crypto_attribute *attr,
const char **srtp_cipher,
const char **srtp_auth,
const char **srtcp_cipher,
const char **srtcp_auth)
{
g_return_val_if_fail (attr, FALSE);
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_32) {
*srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-128-icm";
*srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-32";
*srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-128-icm";
*srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-32";
return TRUE;
} else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_80) {
*srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-128-icm";
*srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-80";
*srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-128-icm";
*srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-80";
return TRUE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_192_CM_SHA1_32) {
/* NOT OFFERED BY GSTREAMER
*srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-192-icm";
*srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-32";
*srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-192-icm";
*srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-32";
*/
return FALSE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_192_CM_SHA1_80) {
/* NOT OFFERED BY GSTREAMER
*srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-192-icm";
*srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-80";
*srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-192-icm";
*srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-80";
*/
return FALSE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32) {
*srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-256-icm";
*srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-32";
*srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-256-icm";
*srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-32";
return TRUE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80) {
*srtp_cipher = attr->unencrypted_srtp ? "null" : "aes-256-icm";
*srtp_auth = attr->unauthenticated_srtp ? "null" : "hmac-sha1-80";
*srtcp_cipher = attr->unencrypted_srtcp ? "null" : "aes-256-icm";
*srtcp_auth = attr->unencrypted_srtcp ? "null" : "hmac-sha1-80";
return TRUE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_F8_128_HMAC_SHA1_32) {
// F8 IS NOT OFFERED BY GSTREAMER
return FALSE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_AEAD_AES_128_GCM) {
return FALSE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_AEAD_AES_256_GCM) {
return FALSE;
}
return FALSE;
}
/**
* calls_srtp_crypto_get_srtpenc_params:
* @attr: A #calls_srtp_crypto_attribute
* @srtp_cipher (out): SRTP cipher
* @srtp_auth (out): SRTP auth
* @srtcp_cipher (out): SRTCP cipher
* @srtcp_auth (out): SRTCP auth
*
* Sets the parameters suitable for #GstSrtpDec (as a #GstCaps).
*/
gboolean
calls_srtp_crypto_get_srtpenc_params (calls_srtp_crypto_attribute *attr,
GstSrtpCipherType *srtp_cipher,
GstSrtpAuthType *srtp_auth,
GstSrtpCipherType *srtcp_cipher,
GstSrtpAuthType *srtcp_auth)
{
g_return_val_if_fail (attr, FALSE);
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_32) {
*srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_128_ICM;
*srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32;
*srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_128_ICM;
*srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32;
return TRUE;
} else if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_CM_128_SHA1_80) {
*srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_128_ICM;
*srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80;
*srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_128_ICM;
*srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80;
return TRUE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_32) {
*srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
*srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32;
*srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
*srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_32;
return TRUE;
}
if (attr->crypto_suite == CALLS_SRTP_SUITE_AES_256_CM_SHA1_80) {
*srtp_cipher = attr->unencrypted_srtp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
*srtp_auth = attr->unauthenticated_srtp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80;
*srtcp_cipher = attr->unencrypted_srtcp ? GST_SRTP_CIPHER_NULL : GST_SRTP_CIPHER_AES_256_ICM;
*srtcp_auth = attr->unencrypted_srtcp ? GST_SRTP_AUTH_NULL : GST_SRTP_AUTH_HMAC_SHA1_80;
return TRUE;
}
return FALSE;
}