summaryrefslogtreecommitdiff
path: root/modules/gzrtp
diff options
context:
space:
mode:
authorglenvt18 <glenvt18@gmail.com>2017-11-02 21:36:01 +0300
committerAlfred E. Heggestad <alfred.heggestad@gmail.com>2017-11-02 19:36:01 +0100
commit1174f976113306b1e77736bfe9bd5ac9dab598a8 (patch)
treeb74416742189a2c627e7ce8707687d58e6873331 /modules/gzrtp
parentfb79d1c1712a38af087f610dcdefbd58b67e3769 (diff)
modules/gzrtp: move SRTP processing to a separate class (#319)
Add an option to use libre SRTP processing stuff instead of the one provided by ZRTPCPP (-DGZRTP_USE_RE_SRTP).
Diffstat (limited to 'modules/gzrtp')
-rw-r--r--modules/gzrtp/module.mk6
-rw-r--r--modules/gzrtp/srtp.cpp327
-rw-r--r--modules/gzrtp/srtp.h46
-rw-r--r--modules/gzrtp/stream.cpp281
-rw-r--r--modules/gzrtp/stream.h8
5 files changed, 457 insertions, 211 deletions
diff --git a/modules/gzrtp/module.mk b/modules/gzrtp/module.mk
index b95b61d..42e408e 100644
--- a/modules/gzrtp/module.mk
+++ b/modules/gzrtp/module.mk
@@ -22,7 +22,7 @@ ZRTP_PATH ?= ../ZRTPCPP
ZRTP_LIB := $(shell find $(ZRTP_PATH) -name libzrtpcppcore.a)
MOD := gzrtp
-$(MOD)_SRCS += gzrtp.cpp session.cpp stream.cpp messages.cpp
+$(MOD)_SRCS += gzrtp.cpp session.cpp stream.cpp messages.cpp srtp.cpp
$(MOD)_LFLAGS += $(ZRTP_LIB) -lstdc++
$(MOD)_CXXFLAGS += \
-I$(ZRTP_PATH) \
@@ -31,4 +31,8 @@ $(MOD)_CXXFLAGS += \
$(MOD)_CXXFLAGS += -O2 -Wall -fPIC
+# Uncomment this if you want to use libre SRTP facilities instead of the ones
+# provided by ZRTPCPP. In this case only standard ciphers (AES) are supported.
+#$(MOD)_CXXFLAGS += -DGZRTP_USE_RE_SRTP=1
+
include mk/mod.mk
diff --git a/modules/gzrtp/srtp.cpp b/modules/gzrtp/srtp.cpp
new file mode 100644
index 0000000..9aaa4b3
--- /dev/null
+++ b/modules/gzrtp/srtp.cpp
@@ -0,0 +1,327 @@
+/**
+ * @file srtp.cpp GNU ZRTP: SRTP processing
+ *
+ * Copyright (C) 2010 - 2017 Creytiv.com
+ */
+#include <stdint.h>
+
+#include <re.h>
+#include <baresip.h>
+
+#ifdef GZRTP_USE_RE_SRTP
+#include <string.h>
+#else
+#include <srtp/CryptoContext.h>
+#include <srtp/CryptoContextCtrl.h>
+#include <srtp/SrtpHandler.h>
+#endif
+
+#include "srtp.h"
+
+
+Srtp::Srtp(int& err, const SrtpSecret_t *secrets, EnableSecurity part)
+
+{
+ const uint8_t *key, *salt;
+ uint32_t key_len, salt_len;
+
+ err = EPERM;
+
+#ifdef GZRTP_USE_RE_SRTP
+ m_srtp = NULL;
+#else
+ m_cc = NULL;
+ m_cc_ctrl = NULL;
+#endif
+
+ if (part == ForSender) {
+ // To encrypt packets: intiator uses initiator keys,
+ // responder uses responder keys
+ if (secrets->role == Initiator) {
+ key = secrets->keyInitiator;
+ key_len = secrets->initKeyLen / 8;
+ salt = secrets->saltInitiator;
+ salt_len = secrets->initSaltLen / 8;
+ }
+ else {
+ key = secrets->keyResponder;
+ key_len = secrets->respKeyLen / 8;
+ salt = secrets->saltResponder;
+ salt_len = secrets->respSaltLen / 8;
+ }
+ }
+ else if (part == ForReceiver) {
+ // To decrypt packets: intiator uses responder keys,
+ // responder initiator keys
+ if (secrets->role == Initiator) {
+ key = secrets->keyResponder;
+ key_len = secrets->respKeyLen / 8;
+ salt = secrets->saltResponder;
+ salt_len = secrets->respSaltLen / 8;
+ }
+ else {
+ key = secrets->keyInitiator;
+ key_len = secrets->initKeyLen / 8;
+ salt = secrets->saltInitiator;
+ salt_len = secrets->initSaltLen / 8;
+ }
+ }
+ else {
+ err = EINVAL;
+ return;
+ }
+
+#ifdef GZRTP_USE_RE_SRTP
+
+ uint8_t key_buf[32 + 14]; // max key + salt
+ enum srtp_suite suite;
+ struct srtp *st;
+
+ if (secrets->symEncAlgorithm == Aes &&
+ secrets->authAlgorithm == Sha1) {
+
+ if (key_len == 16 && secrets->srtpAuthTagLen == 32)
+ suite = SRTP_AES_CM_128_HMAC_SHA1_32;
+
+ else if (key_len == 16 && secrets->srtpAuthTagLen == 80)
+ suite = SRTP_AES_CM_128_HMAC_SHA1_80;
+
+ else if (key_len == 32 && secrets->srtpAuthTagLen == 32)
+ suite = SRTP_AES_256_CM_HMAC_SHA1_32;
+
+ else if (key_len == 32 && secrets->srtpAuthTagLen == 80)
+ suite = SRTP_AES_256_CM_HMAC_SHA1_80;
+
+ else {
+ err = ENOTSUP;
+ return;
+ }
+ }
+ else {
+ err = ENOTSUP;
+ return;
+ }
+
+ if (salt_len != 14) {
+ err = EINVAL;
+ return;
+ }
+
+ memcpy(key_buf, key, key_len);
+ memcpy(key_buf + key_len, salt, salt_len);
+
+ err = srtp_alloc(&st, suite, key_buf, key_len + salt_len, 0);
+ if (err)
+ return;
+
+ m_auth_tag_len = secrets->srtpAuthTagLen / 8;
+ m_srtp = st;
+
+ err = 0;
+#else
+
+ CryptoContext *cc = NULL;
+ CryptoContextCtrl *cc_ctrl = NULL;
+ int cipher;
+ int authn;
+ int auth_key_len;
+
+ switch (secrets->authAlgorithm) {
+ case Sha1:
+ authn = SrtpAuthenticationSha1Hmac;
+ auth_key_len = 20;
+ break;
+ case Skein:
+ authn = SrtpAuthenticationSkeinHmac;
+ auth_key_len = 32;
+ break;
+ default:
+ err = ENOTSUP;
+ return;
+ }
+
+ switch (secrets->symEncAlgorithm) {
+ case Aes:
+ cipher = SrtpEncryptionAESCM;
+ break;
+ case TwoFish:
+ cipher = SrtpEncryptionTWOCM;
+ break;
+ default:
+ err = ENOTSUP;
+ return;
+ }
+
+ cc = new CryptoContext(
+ 0, // SSRC (used for lookup)
+ 0, // Roll-Over-Counter (ROC)
+ 0L, // keyderivation << 48,
+ cipher, // encryption algo
+ authn, // authtentication algo
+ (uint8_t *)key, // Master Key
+ key_len, // Master Key length
+ (uint8_t *)salt, // Master Salt
+ salt_len, // Master Salt length
+ key_len, // encryption keyl
+ auth_key_len, // authentication key len
+ salt_len, // session salt len
+ secrets->srtpAuthTagLen / 8); // authentication tag lenA
+
+ cc_ctrl = new CryptoContextCtrl(
+ 0, // SSRC (used for lookup)
+ cipher, // encryption algo
+ authn, // authtentication algo
+ (uint8_t *)key, // Master Key
+ key_len, // Master Key length
+ (uint8_t *)salt, // Master Salt
+ salt_len, // Master Salt length
+ key_len, // encryption keyl
+ auth_key_len, // authentication key len
+ salt_len, // session salt len
+ secrets->srtpAuthTagLen / 8); // authentication tag lenA
+
+ if (!cc || !cc_ctrl) {
+ delete cc;
+ delete cc_ctrl;
+
+ err = ENOMEM;
+ return;
+ }
+
+ cc->deriveSrtpKeys(0L);
+ cc_ctrl->deriveSrtcpKeys();
+
+ m_cc = cc;
+ m_cc_ctrl = cc_ctrl;
+
+ err = 0;
+#endif
+}
+
+
+Srtp::~Srtp()
+{
+#ifdef GZRTP_USE_RE_SRTP
+ mem_deref(m_srtp);
+#else
+ delete m_cc;
+ delete m_cc_ctrl;
+#endif
+}
+
+
+int Srtp::protect_int(struct mbuf *mb, bool control)
+{
+ size_t len = mbuf_get_left(mb);
+
+ int32_t extra = (mbuf_get_space(mb) > len)?
+ mbuf_get_space(mb) - len : 0;
+
+#ifdef GZRTP_USE_RE_SRTP
+ if (m_auth_tag_len + (control? 4 : 0) > extra)
+ return ENOMEM;
+
+ if (control)
+ return srtcp_encrypt(m_srtp, mb);
+ else
+ return srtp_encrypt(m_srtp, mb);
+#else
+ if (control) {
+ if (m_cc_ctrl->getTagLength() + 4 +
+ m_cc_ctrl->getMkiLength() > extra)
+ return ENOMEM;
+ }
+ else {
+ if (m_cc->getTagLength() +
+ m_cc->getMkiLength() > extra)
+ return ENOMEM;
+ }
+
+ bool rc;
+
+ if (control)
+ rc = SrtpHandler::protectCtrl(m_cc_ctrl, mbuf_buf(mb),
+ len, &len);
+ else
+ rc = SrtpHandler::protect(m_cc, mbuf_buf(mb), len, &len);
+ if (!rc)
+ return EPROTO;
+
+ if (len > mbuf_get_space(mb)) {
+ // this should never happen
+ error_msg("zrtp: protect: length > space (%u > %u)\n",
+ len, mbuf_get_space(mb));
+ abort();
+ }
+
+ mb->end = mb->pos + len;
+
+ return 0;
+#endif
+}
+
+
+int Srtp::protect(struct mbuf *mb)
+{
+ return protect_int(mb, false);
+}
+
+
+int Srtp::protect_ctrl(struct mbuf *mb)
+{
+ return protect_int(mb, true);
+}
+
+
+// return value:
+// 0 - OK
+// EBADMSG - SRTP/RTP packet decode error
+// EAUTH - SRTP authentication failed
+// EALREADY - SRTP replay check failed
+// other errors
+int Srtp::unprotect_int(struct mbuf *mb, bool control)
+{
+#ifdef GZRTP_USE_RE_SRTP
+ if (control)
+ return srtcp_decrypt(m_srtp, mb);
+ else
+ return srtp_decrypt(m_srtp, mb);
+#else
+ size_t len = mbuf_get_left(mb);
+ uint32_t rc;
+ int err;
+
+ if (control)
+ rc = SrtpHandler::unprotectCtrl(m_cc_ctrl, mbuf_buf(mb),
+ len, &len);
+ else
+ rc = SrtpHandler::unprotect(m_cc, mbuf_buf(mb),
+ len, &len, NULL);
+
+ switch (rc) {
+ case 1: err = 0; break;
+ case 0: err = EBADMSG; break;
+ case -1: err = EAUTH; break;
+ case -2: err = EALREADY; break;
+ default: err = EINVAL;
+ }
+
+ if (!err)
+ mb->end = mb->pos + len;
+
+ return err;
+#endif
+}
+
+
+int Srtp::unprotect(struct mbuf *mb)
+{
+ return unprotect_int(mb, false);
+}
+
+
+int Srtp::unprotect_ctrl(struct mbuf *mb)
+{
+ return unprotect_int(mb, true);
+}
+
diff --git a/modules/gzrtp/srtp.h b/modules/gzrtp/srtp.h
new file mode 100644
index 0000000..d42f4cf
--- /dev/null
+++ b/modules/gzrtp/srtp.h
@@ -0,0 +1,46 @@
+/**
+ * @file srtp.h GNU ZRTP: SRTP processing
+ *
+ * Copyright (C) 2010 - 2017 Creytiv.com
+ */
+#ifndef __SRTP_H
+#define __SRTP_H
+
+
+#include <libzrtpcpp/ZrtpCallback.h>
+
+
+#ifdef GZRTP_USE_RE_SRTP
+struct srtp;
+#else
+class CryptoContext;
+class CryptoContextCtrl;
+#endif
+
+
+class Srtp {
+public:
+ Srtp(int& err, const SrtpSecret_t *secrets, EnableSecurity part);
+ ~Srtp();
+
+ int protect(struct mbuf *mb);
+ int protect_ctrl(struct mbuf *mb);
+ int unprotect(struct mbuf *mb);
+ int unprotect_ctrl(struct mbuf *mb);
+
+private:
+ int protect_int(struct mbuf *mb, bool control);
+ int unprotect_int(struct mbuf *mb, bool control);
+
+#ifdef GZRTP_USE_RE_SRTP
+ int32_t m_auth_tag_len;
+ struct srtp *m_srtp;
+#else
+ CryptoContext *m_cc;
+ CryptoContextCtrl *m_cc_ctrl;
+#endif
+};
+
+
+#endif // __SRTP_H
+
diff --git a/modules/gzrtp/stream.cpp b/modules/gzrtp/stream.cpp
index b367112..d09ca3b 100644
--- a/modules/gzrtp/stream.cpp
+++ b/modules/gzrtp/stream.cpp
@@ -11,12 +11,10 @@
#include <libzrtpcpp/ZRtp.h>
#include <libzrtpcpp/ZrtpStateClass.h>
-#include <srtp/CryptoContext.h>
-#include <srtp/CryptoContextCtrl.h>
-#include <srtp/SrtpHandler.h>
#include "session.h"
#include "stream.h"
+#include "srtp.h"
// A burst of SRTP/SRTCP errors enough to display a warning
@@ -67,7 +65,28 @@ static enum pkt_type get_packet_type(const struct mbuf *mb)
ZRTPConfig::ZRTPConfig(const struct conf *conf, const char *conf_dir)
{
+#ifdef GZRTP_USE_RE_SRTP
+ // Standard ciphers only
+ zrtp.clear();
+
+ zrtp.addAlgo(HashAlgorithm, zrtpHashes.getByName(s256));
+
+ zrtp.addAlgo(CipherAlgorithm, zrtpSymCiphers.getByName(aes3));
+ zrtp.addAlgo(CipherAlgorithm, zrtpSymCiphers.getByName(aes1));
+
+ zrtp.addAlgo(PubKeyAlgorithm, zrtpPubKeys.getByName(ec25));
+ zrtp.addAlgo(PubKeyAlgorithm, zrtpPubKeys.getByName(dh3k));
+ zrtp.addAlgo(PubKeyAlgorithm, zrtpPubKeys.getByName(ec38));
+ zrtp.addAlgo(PubKeyAlgorithm, zrtpPubKeys.getByName(dh2k));
+ zrtp.addAlgo(PubKeyAlgorithm, zrtpPubKeys.getByName(mult));
+
+ zrtp.addAlgo(SasType, zrtpSasTypes.getByName(b32));
+
+ zrtp.addAlgo(AuthLength, zrtpAuthLengths.getByName(hs32));
+ zrtp.addAlgo(AuthLength, zrtpAuthLengths.getByName(hs80));
+#else
zrtp.setStandardConfig();
+#endif
str_ncpy(client_id, "baresip/gzrtp", sizeof(client_id));
@@ -87,37 +106,37 @@ SRTPStat::SRTPStat(const Stream *st, bool srtcp, uint64_t threshold)
}
-void SRTPStat::update(int32_t ret_code, bool quiet)
+void SRTPStat::update(int ret_code, bool quiet)
{
const char *err_msg;
uint64_t *burst;
- // SrtpHandler::unprotect/unprotectCtrl return codes
+ // Srtp::unprotect/unprotect_ctrl return codes
switch (ret_code) {
- case 1:
+ case 0:
++m_ok;
m_decode_burst = 0;
m_auth_burst = 0;
m_replay_burst = 0;
return;
- case 0:
+ case EBADMSG:
++m_decode;
burst = &m_decode_burst;
err_msg = "packet decode error";
break;
- case -1:
+ case EAUTH:
++m_auth;
burst = &m_auth_burst;
err_msg = "authentication failed";
break;
- case -2:
+ case EALREADY:
++m_replay;
burst = &m_replay_burst;
err_msg = "replay check failed";
break;
default:
- warning("zrtp: Unknown return code from unprotect: %d\n",
- ret_code);
+ warning("zrtp: %s unprotect failed: %m\n",
+ (m_control)? "SRTCP" : "SRTP", ret_code);
return;
}
@@ -156,10 +175,8 @@ Stream::Stream(int& err, const ZRTPConfig& config, Session *session,
, m_uh_rtp(NULL)
, m_uh_rtcp(NULL)
, m_media_type(media_type)
- , m_send_cc(NULL)
- , m_recv_cc(NULL)
- , m_send_cc_ctrl(NULL)
- , m_recv_cc_ctrl(NULL)
+ , m_send_srtp(NULL)
+ , m_recv_srtp(NULL)
, m_srtp_stat(this, false, SRTP_ERR_BURST_THRESHOLD)
, m_srtcp_stat(this, true, SRTP_ERR_BURST_THRESHOLD)
{
@@ -275,7 +292,7 @@ void Stream::stop()
// thus make sure we have a second retained shared secret available.
// Refer to RFC 6189bis, chapter 4.6.1 50 packets are about 1 second
// of audio data
- if (!m_zrtp->isMultiStream() && m_recv_cc && m_srtp_stat.ok() < 20) {
+ if (!m_zrtp->isMultiStream() && m_recv_srtp && m_srtp_stat.ok() < 20) {
debug("zrtp: Stream <%s>: received too few valid SRTP "
"packets (%u), storing RS2\n",
@@ -288,17 +305,11 @@ void Stream::stop()
m_zrtp->stopZrtp();
- delete m_send_cc;
- m_send_cc = NULL;
+ delete m_send_srtp;
+ m_send_srtp = NULL;
- delete m_recv_cc;
- m_recv_cc = NULL;
-
- delete m_send_cc_ctrl;
- m_send_cc_ctrl = NULL;
-
- delete m_recv_cc_ctrl;
- m_recv_cc_ctrl = NULL;
+ delete m_recv_srtp;
+ m_recv_srtp = NULL;
debug("zrtp: Stream <%s> stopped\n", media_name());
}
@@ -341,59 +352,30 @@ bool Stream::udp_helper_send(int *err, struct sa *src, struct mbuf *mb)
enum pkt_type ptype = get_packet_type(mb);
size_t len = mbuf_get_left(mb);
- size_t newlen = 0;
- bool rc = false;
+ int rerr = 0;
- if (ptype == PKT_TYPE_RTCP && m_send_cc_ctrl && len > 8) {
+ if (ptype == PKT_TYPE_RTCP && m_send_srtp && len > 8) {
- int32_t extra = (mbuf_get_space(mb) > len)?
- mbuf_get_space(mb) - len : 0;
-
- if (m_send_cc_ctrl->getTagLength() + 4 +
- m_send_cc_ctrl->getMkiLength() > extra) {
- warning("zrtp: Stream <%s>: No space left for SRTCP "
- "packet\n", media_name());
- *err = ENOMEM;
- return true;
- }
-
- rc = SrtpHandler::protectCtrl(m_send_cc_ctrl, mbuf_buf(mb),
- len, &newlen);
+ rerr = m_send_srtp->protect_ctrl(mb);
}
- else if (ptype == PKT_TYPE_RTP && m_send_cc && len > RTP_HEADER_SIZE) {
-
- int32_t extra = (mbuf_get_space(mb) > len)?
- mbuf_get_space(mb) - len : 0;
-
- if (m_send_cc->getTagLength() +
- m_send_cc->getMkiLength() > extra) {
- warning("zrtp: Stream <%s>: No space left for SRTP "
- "packet\n", media_name());
- *err = ENOMEM;
- return true;
- }
+ else if (ptype == PKT_TYPE_RTP && m_send_srtp &&
+ len > RTP_HEADER_SIZE) {
- rc = SrtpHandler::protect(m_send_cc, mbuf_buf(mb),
- len, &newlen);
+ rerr = m_send_srtp->protect(mb);
}
else
return false;
- if (!rc) {
- warning("zrtp: protect/protectCtrl failed, len: %u\n", len);
+ if (rerr) {
+ warning("zrtp: protect/protect_ctrl failed (len=%u): %m\n",
+ len, rerr);
+
+ if (rerr == ENOMEM)
+ *err = rerr;
// drop
return true;
}
- if (newlen > mbuf_get_space(mb)) {
- // this should never happen
- error_msg("zrtp: udp_helper_send: length > space (%u > %u)\n",
- newlen, mbuf_get_space(mb));
- abort();
- }
-
- mb->end = mb->pos + newlen;
-
return false;
}
@@ -415,39 +397,27 @@ bool Stream::udp_helper_recv(struct sa *src, struct mbuf *mb)
return false;
enum pkt_type ptype = get_packet_type(mb);
- size_t len = mbuf_get_left(mb);
- size_t newlen = 0;
- uint32_t rc;
-
- if (ptype == PKT_TYPE_RTCP && m_recv_cc_ctrl) {
+ int err = 0;
- rc = SrtpHandler::unprotectCtrl(m_recv_cc_ctrl, mbuf_buf(mb),
- len, &newlen);
+ if (ptype == PKT_TYPE_RTCP && m_recv_srtp) {
- m_srtcp_stat.update(rc);
+ err = m_recv_srtp->unprotect_ctrl(mb);
- if (rc != 1)
- // drop
- return true;
+ m_srtcp_stat.update(err);
}
- else if (ptype == PKT_TYPE_RTP && m_recv_cc) {
+ else if (ptype == PKT_TYPE_RTP && m_recv_srtp) {
- rc = SrtpHandler::unprotect(m_recv_cc, mbuf_buf(mb),
- len, &newlen, NULL);
+ err = m_recv_srtp->unprotect(mb);
- m_srtp_stat.update(rc);
+ m_srtp_stat.update(err);
- if (rc == 1) {
+ if (!err) {
// Got a good SRTP, check state and if in WaitConfAck
// (an Initiator state) then simulate a conf2Ack,
// refer to RFC 6189, chapter 4.6, last paragraph
if (m_zrtp->inState(WaitConfAck))
m_zrtp->conf2AckSecure();
}
- else {
- // drop
- return true;
- }
}
else if (ptype == PKT_TYPE_ZRTP) {
return recv_zrtp(mb);
@@ -455,7 +425,9 @@ bool Stream::udp_helper_recv(struct sa *src, struct mbuf *mb)
else
return false;
- mb->end = mb->pos + newlen;
+ if (err)
+ // drop
+ return true;
return false;
}
@@ -607,124 +579,27 @@ void Stream::sendInfo(GnuZrtpCodes::MessageSeverity severity, int32_t subCode)
bool Stream::srtpSecretsReady(SrtpSecret_t* secrets, EnableSecurity part)
{
- CryptoContext *cc = NULL;
- CryptoContextCtrl *cc_ctrl = NULL;
- int cipher;
- int authn;
- int auth_key_len;
- const uint8_t *key, *salt;
- uint32_t key_len, salt_len;
+ Srtp *s;
+ int err = 0;
debug("zrtp: Stream <%s>: secrets are ready for %s\n",
media_name(),
(part == ForSender)? "sender" : "receiver");
- switch (secrets->authAlgorithm) {
- case Sha1:
- authn = SrtpAuthenticationSha1Hmac;
- auth_key_len = 20;
- break;
- case Skein:
- authn = SrtpAuthenticationSkeinHmac;
- auth_key_len = 32;
- break;
- default:
- return false;
- }
-
- switch (secrets->symEncAlgorithm) {
- case Aes:
- cipher = SrtpEncryptionAESCM;
- break;
- case TwoFish:
- cipher = SrtpEncryptionTWOCM;
- break;
- default:
- return false;
- }
-
- if (part == ForSender) {
- // To encrypt packets: intiator uses initiator keys,
- // responder uses responder keys
- if (secrets->role == Initiator) {
- key = secrets->keyInitiator;
- key_len = secrets->initKeyLen / 8;
- salt = secrets->saltInitiator;
- salt_len = secrets->initSaltLen / 8;
- }
- else {
- key = secrets->keyResponder;
- key_len = secrets->respKeyLen / 8;
- salt = secrets->saltResponder;
- salt_len = secrets->respSaltLen / 8;
- }
- }
- else if (part == ForReceiver) {
- // To decrypt packets: intiator uses responder keys,
- // responder initiator keys
- if (secrets->role == Initiator) {
- key = secrets->keyResponder;
- key_len = secrets->respKeyLen / 8;
- salt = secrets->saltResponder;
- salt_len = secrets->respSaltLen / 8;
- }
- else {
- key = secrets->keyInitiator;
- key_len = secrets->initKeyLen / 8;
- salt = secrets->saltInitiator;
- salt_len = secrets->initSaltLen / 8;
- }
- }
- else {
+ s = new Srtp(err, secrets, part);
+ if (!s || err) {
+ warning("zrtp: Stream <%s>: Srtp creation failed: %m\n",
+ media_name(), err);
+ delete s;
return false;
}
- cc = new CryptoContext(
- 0, // SSRC (used for lookup)
- 0, // Roll-Over-Counter (ROC)
- 0L, // keyderivation << 48,
- cipher, // encryption algo
- authn, // authtentication algo
- (uint8_t *)key, // Master Key
- key_len, // Master Key length
- (uint8_t *)salt, // Master Salt
- salt_len, // Master Salt length
- key_len, // encryption keyl
- auth_key_len, // authentication key len
- salt_len, // session salt len
- secrets->srtpAuthTagLen / 8); // authentication tag lenA
-
- cc_ctrl = new CryptoContextCtrl(
- 0, // SSRC (used for lookup)
- cipher, // encryption algo
- authn, // authtentication algo
- (uint8_t *)key, // Master Key
- key_len, // Master Key length
- (uint8_t *)salt, // Master Salt
- salt_len, // Master Salt length
- key_len, // encryption keyl
- auth_key_len, // authentication key len
- salt_len, // session salt len
- secrets->srtpAuthTagLen / 8); // authentication tag lenA
-
- if (!cc || !cc_ctrl) {
- delete cc;
- delete cc_ctrl;
-
+ if (part == ForSender)
+ m_send_srtp = s;
+ else if (part == ForReceiver)
+ m_recv_srtp = s;
+ else
return false;
- }
-
- cc->deriveSrtpKeys(0L);
- cc_ctrl->deriveSrtcpKeys();
-
- if (part == ForSender) {
- m_send_cc = cc;
- m_send_cc_ctrl = cc_ctrl;
- }
- else {
- m_recv_cc = cc;
- m_recv_cc_ctrl = cc_ctrl;
- }
return true;
}
@@ -737,17 +612,13 @@ void Stream::srtpSecretsOff(EnableSecurity part)
(part == ForSender)? "sender" : "receiver");
if (part == ForSender) {
- delete m_send_cc;
- delete m_send_cc_ctrl;
- m_send_cc = NULL;
- m_send_cc_ctrl = NULL;
+ delete m_send_srtp;
+ m_send_srtp = NULL;
}
if (part == ForReceiver) {
- delete m_recv_cc;
- delete m_recv_cc_ctrl;
- m_recv_cc = NULL;
- m_recv_cc_ctrl = NULL;
+ delete m_recv_srtp;
+ m_recv_srtp = NULL;
}
}
diff --git a/modules/gzrtp/stream.h b/modules/gzrtp/stream.h
index 4f2f987..7d8736e 100644
--- a/modules/gzrtp/stream.h
+++ b/modules/gzrtp/stream.h
@@ -41,7 +41,7 @@ class Stream;
class SRTPStat {
public:
SRTPStat(const Stream *st, bool srtcp, uint64_t threshold);
- void update(int32_t ret_code, bool quiet = false);
+ void update(int ret_code, bool quiet = false);
void reset();
uint64_t ok() { return m_ok; }
private:
@@ -54,8 +54,7 @@ private:
class Session;
-class CryptoContext;
-class CryptoContextCtrl;
+class Srtp;
class Stream : public ZrtpCallback {
public:
@@ -105,8 +104,7 @@ private:
struct udp_helper *m_uh_rtp;
struct udp_helper *m_uh_rtcp;
StreamMediaType m_media_type;
- CryptoContext *m_send_cc, *m_recv_cc;
- CryptoContextCtrl *m_send_cc_ctrl, *m_recv_cc_ctrl;
+ Srtp *m_send_srtp, *m_recv_srtp;
SRTPStat m_srtp_stat, m_srtcp_stat;
std::string m_sas, m_ciphers;