Commit 8e3d1b33 authored by Guillaume Roguez's avatar Guillaume Roguez

srtp: force usage of SRTP_AEAD_AES_256_GCM

Force cipher name from SDP to be SRTP_AEAD_AES_256_GCM (I/O)
and 44-bytes SRTP params.

Change-Id: I5a59f1986e5afb64708a2d013c7be32760bce2bf
Tuleap: #747
parent dbd3f6a5
......@@ -62,7 +62,7 @@ static constexpr int NET_POLL_TIMEOUT = 100; /* poll() timeout in ms */
// Maximal size allowed for a RTP packet.
// This value of 1232 bytes is an IPv6 minimum (1280 - 40 IPv6 header - 8 UDP header).
static const size_t RTP_BUFFER_SIZE = 1232; // also used for RTPC
static const size_t SRTP_BUFFER_SIZE = RTP_BUFFER_SIZE - 10; // minus biggest authentication tag (=> SRTP_AES128_CM_HMAC_SHA1_80)
static const size_t SRTP_BUFFER_SIZE = RTP_BUFFER_SIZE - 16; // minus biggest authentication tag (=> SRTP_AEAD_AES_256_GCM)
enum class DataType : unsigned { RTP=1<<0, RTCP=1<<1 };
......@@ -72,14 +72,14 @@ public:
const char* in_suite, const char* in_key) {
if (out_suite && out_key) {
// XXX: see srtp_open from libavformat/srtpproto.c
if (ff_srtp_set_crypto(&srtp_out, out_suite, out_key) < 0) {
if (ff_srtp_set_crypto(&srtp_out, "SRTP_AEAD_AES_256_GCM", out_key) < 0) {
srtp_close();
throw std::runtime_error("Could not set crypto on output");
}
}
if (in_suite && in_key) {
if (ff_srtp_set_crypto(&srtp_in, in_suite, in_key) < 0) {
if (ff_srtp_set_crypto(&srtp_in, "SRTP_AEAD_AES_256_GCM", in_key) < 0) {
srtp_close();
throw std::runtime_error("Could not set crypto on input");
}
......
......@@ -150,15 +150,18 @@ Sdp::generateSdesAttribute()
{
static constexpr const unsigned cryptoSuite = 0;
std::vector<uint8_t> keyAndSalt;
#if 0
keyAndSalt.resize(ring::CryptoSuites[cryptoSuite].masterKeyLength / 8
+ ring::CryptoSuites[cryptoSuite].masterSaltLength/ 8);
#endif
keyAndSalt.resize(32+12); // AES-GCM-256 master-key + salt
// generate keys
randomFill(keyAndSalt);
std::string tag = "1";
std::string crypto_attr = tag + " "
+ ring::CryptoSuites[cryptoSuite].name
+ " inline:" + base64::encode(keyAndSalt);
+ ring::CryptoSuites[cryptoSuite].name
+ " inline:" + base64::encode(keyAndSalt);
RING_DBG("%s", crypto_attr.c_str());
pj_str_t val { (char*) crypto_attr.c_str(),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment