aboutsummaryrefslogtreecommitdiff
path: root/plugins/ice/src
diff options
context:
space:
mode:
authorMarvin W <git@larma.de>2021-03-29 13:20:12 +0200
committerMarvin W <git@larma.de>2021-03-29 13:20:12 +0200
commit5e58f2988382fffb70602cf308f6686b4731f0da (patch)
tree0e2ea3c441aaad189b3ad9ba200420d294f5061f /plugins/ice/src
parentc7d1ee4dc5a08715ed68ed69e918f5ec9cbd4b40 (diff)
downloaddino-5e58f2988382fffb70602cf308f6686b4731f0da.tar.gz
dino-5e58f2988382fffb70602cf308f6686b4731f0da.zip
Migrate to libsrtp2
Diffstat (limited to 'plugins/ice/src')
-rw-r--r--plugins/ice/src/dtls_srtp.vala49
1 files changed, 31 insertions, 18 deletions
diff --git a/plugins/ice/src/dtls_srtp.vala b/plugins/ice/src/dtls_srtp.vala
index a21c242b..b742ccab 100644
--- a/plugins/ice/src/dtls_srtp.vala
+++ b/plugins/ice/src/dtls_srtp.vala
@@ -12,8 +12,7 @@ public class DtlsSrtp {
private uint pull_timeout = uint.MAX;
private string peer_fingerprint;
- private Crypto.Srtp.Session encrypt_session;
- private Crypto.Srtp.Session decrypt_session;
+ private Crypto.Srtp.Session srtp_session = new Crypto.Srtp.Session();
public static DtlsSrtp setup() throws GLib.Error {
var obj = new DtlsSrtp();
@@ -30,9 +29,19 @@ public class DtlsSrtp {
}
public uint8[] process_incoming_data(uint component_id, uint8[] data) {
- if (decrypt_session != null) {
- if (component_id == 1) return decrypt_session.decrypt_rtp(data);
- if (component_id == 2) return decrypt_session.decrypt_rtcp(data);
+ if (srtp_session.has_decrypt) {
+ try {
+ if (component_id == 1) {
+ if (data.length >= 2 && data[1] >= 192 && data[1] < 224) {
+ return srtp_session.decrypt_rtcp(data);
+ }
+ return srtp_session.decrypt_rtp(data);
+ }
+ if (component_id == 2) return srtp_session.decrypt_rtcp(data);
+ } catch (Error e) {
+ warning("%s (%d)", e.message, e.code);
+ return null;
+ }
} else if (component_id == 1) {
on_data_rec(data);
}
@@ -40,9 +49,19 @@ public class DtlsSrtp {
}
public uint8[] process_outgoing_data(uint component_id, uint8[] data) {
- if (encrypt_session != null) {
- if (component_id == 1) return encrypt_session.encrypt_rtp(data);
- if (component_id == 2) return encrypt_session.encrypt_rtcp(data);
+ if (srtp_session.has_encrypt) {
+ try {
+ if (component_id == 1) {
+ if (data.length >= 2 && data[1] >= 192 && data[1] < 224) {
+ return srtp_session.encrypt_rtcp(data);
+ }
+ return srtp_session.encrypt_rtp(data);
+ }
+ if (component_id == 2) return srtp_session.encrypt_rtcp(data);
+ } catch (Error e) {
+ warning("%s (%d)", e.message, e.code);
+ return null;
+ }
}
return null;
}
@@ -123,19 +142,13 @@ public class DtlsSrtp {
warning("SRTP client/server key/salt null");
}
- Crypto.Srtp.Session encrypt_session = new Crypto.Srtp.Session(Crypto.Srtp.Encryption.AES_CM, Crypto.Srtp.Authentication.HMAC_SHA1, 10, Crypto.Srtp.Prf.AES_CM, 0);
- Crypto.Srtp.Session decrypt_session = new Crypto.Srtp.Session(Crypto.Srtp.Encryption.AES_CM, Crypto.Srtp.Authentication.HMAC_SHA1, 10, Crypto.Srtp.Prf.AES_CM, 0);
-
if (server) {
- encrypt_session.setkey(server_key.extract(), server_salt.extract());
- decrypt_session.setkey(client_key.extract(), client_salt.extract());
+ srtp_session.set_encryption_key(Crypto.Srtp.AES_CM_128_HMAC_SHA1_80, server_key.extract(), server_salt.extract());
+ srtp_session.set_decryption_key(Crypto.Srtp.AES_CM_128_HMAC_SHA1_80, client_key.extract(), client_salt.extract());
} else {
- encrypt_session.setkey(client_key.extract(), client_salt.extract());
- decrypt_session.setkey(server_key.extract(), server_salt.extract());
+ srtp_session.set_encryption_key(Crypto.Srtp.AES_CM_128_HMAC_SHA1_80, client_key.extract(), client_salt.extract());
+ srtp_session.set_decryption_key(Crypto.Srtp.AES_CM_128_HMAC_SHA1_80, server_key.extract(), server_salt.extract());
}
-
- this.encrypt_session = (owned)encrypt_session;
- this.decrypt_session = (owned)decrypt_session;
}
private static ssize_t pull_function(void* transport_ptr, uint8[] buffer) {