Added support for NULL ciphers #286
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #286 +/- ##
==========================================
+ Coverage 80.20% 80.73% +0.53%
==========================================
Files 17 17
Lines 1081 1163 +82
==========================================
+ Hits 867 939 +72
- Misses 120 125 +5
- Partials 94 99 +5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
sirzooro
force-pushed
the
add_null_cipher
branch
4 times, most recently
from
902e9e5 to
06be86f
Compare
|
Amazing work @sirzooro thank you so much for doing this, this will make a lot of people happy :) |
| @@ -84,3 +84,37 @@ func MasterKeyIndicator(mki []byte) ContextOption { | |||
| return nil | |||
| } | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
Would it be possible to not have these options, and have everything configured just from Cipher choice?
I am just starting to read the PR, maybe I will understand better as I go :)
There was a problem hiding this comment.
Nope. MIKEY (RFC 3830) and a=crypto SDP attribute (RFC 4568) allows to disable encryption for SRTP and SRTCP independently. I also would have to create 3 additional crypto profiles for every cipher.
Maybe down the road it would be better to change ProtectionProfile to struct and put various additional params there, and pass it to CreateContext instead of options like it is implemented now.
sirzooro
force-pushed
the
add_null_cipher
branch
from
06be86f to
3e3c278
Compare
Added support for NULL ciphers. When they are used, created SRTP and SRTCP packets are authenticated only (no encryption). Received SRTP/SRTCP packets are checked if their authentication tag is valid, and extra SRTP protocol fields are removed before returning then to application. Fixed processing of SRTCP packets with E (encryption) bit cleared, previously duplicate check and tag valiation was not performed, and whole packet was returned as-is (with extra fields) from decryptRTCP. Use of NULL ciphers can be enabled independently for SRTP and SRTCP using SRTPNoEncryption and SRTCPNoEncryption options. They can be used with key exchange protocols which allows to configure them separately. Added support for SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 cipher suites. They use key and salt of the same length as AES_CM_128 ones. Added new tests to verify test vectors from RFCs.
sirzooro
force-pushed
the
add_null_cipher
branch
from
3e3c278 to
5cbacc4
Compare
|
Moved new test-related code to srtp_cipher_utils_test.go file. |
Added support for NULL ciphers. When they are used, created SRTP and SRTCP packets are authenticated only (no encryption).
Received SRTP/SRTCP packets are checked if their authentication tag is valid, and extra SRTP protocol fields are removed before returning then to application.
Fixed processing of SRTCP packets with E (encryption) bit cleared, previously duplicate check and tag validation was not performed, and whole packet was returned as-is (with extra fields) from decryptRTCP.
Use of NULL ciphers can be enabled independently for SRTP and SRTCP using SRTPNoEncryption and SRTCPNoEncryption options. They can be used with key exchange protocols which allows to configure them separately.
Added support for SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 cipher suites. They use key and salt of the same length as AES_CM_128 ones.
Added new tests to verify test vectors from RFCs.
Verified results with ones produced by libsrtp2. All matches except for AEAD SRTP ones - libsrtp2 encrypts packet instead of adding authentication tag only.