>From d25b4adc8c8bc39b74359a66bb545745480a5af2 Mon Sep 17 00:00:00 2001 From: Ben Sartor Date: Mon, 12 Jan 2015 16:56:09 +0100 Subject: [PATCH] added zrtp support for AES with 256-bit keys (AES3) --- src/voip/zrtp.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/src/voip/zrtp.c b/src/voip/zrtp.c index d4032c3..5d276d4 100644 --- a/src/voip/zrtp.c +++ b/src/voip/zrtp.c @@ -105,11 +105,11 @@ static int32_t ms_zrtp_srtpSecretsAvailable(void* clientData, bzrtpSrtpSecrets_t ms_fatal("unsupported authentication algorithm by srtp"); } - if ((secrets->cipherAlgo != ZRTP_CIPHER_AES1) && (secrets->cipherAlgo != ZRTP_CIPHER_AES2) && (secrets->cipherAlgo != ZRTP_CIPHER_AES3)) { + if ((secrets->cipherAlgo != ZRTP_CIPHER_AES1) && (secrets->cipherAlgo != ZRTP_CIPHER_AES3)) { ms_fatal("unsupported cipher algorithm by srtp"); } - ms_message("ZRTP secrets are ready for %s; auth tag algo is %s", (part==ZRTP_SRTP_SECRETS_FOR_SENDER)?"sender":"receiver", (secrets->authTagAlgo==ZRTP_AUTHTAG_HS32)?"HS32":"HS80"); + ms_message("ZRTP secrets are ready for %s; auth tag algo is %s and cipher algo is %s", (part==ZRTP_SRTP_SECRETS_FOR_SENDER)?"sender":"receiver", (secrets->authTagAlgo==ZRTP_AUTHTAG_HS32)?"HS32":"HS80", (secrets->cipherAlgo==ZRTP_CIPHER_AES3)?"AES256":"AES128"); if (part==ZRTP_SRTP_SECRETS_FOR_RECEIVER) { @@ -118,9 +118,17 @@ static int32_t ms_zrtp_srtpSecretsAvailable(void* clientData, bzrtpSrtpSecrets_t memcpy(key + secrets->peerSrtpKeyLength, secrets->peerSrtpSalt, secrets->peerSrtpSaltLength); if (secrets->authTagAlgo == ZRTP_AUTHTAG_HS32){ - media_stream_set_srtp_recv_key(userData->stream, MS_AES_128_SHA1_32, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength)); + if (secrets->cipherAlgo == ZRTP_CIPHER_AES3){ + media_stream_set_srtp_recv_key(userData->stream, MS_AES_256_SHA1_32, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength)); + }else{ + media_stream_set_srtp_recv_key(userData->stream, MS_AES_128_SHA1_32, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength)); + } }else if (secrets->authTagAlgo == ZRTP_AUTHTAG_HS80){ - media_stream_set_srtp_recv_key(userData->stream, MS_AES_128_SHA1_80, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength)); + if (secrets->cipherAlgo == ZRTP_CIPHER_AES3){ + media_stream_set_srtp_recv_key(userData->stream, MS_AES_256_SHA1_80, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength)); + }else{ + media_stream_set_srtp_recv_key(userData->stream, MS_AES_128_SHA1_80, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength)); + } }else{ ms_fatal("unsupported auth tag"); } @@ -133,9 +141,17 @@ static int32_t ms_zrtp_srtpSecretsAvailable(void* clientData, bzrtpSrtpSecrets_t memcpy(key + secrets->selfSrtpKeyLength, secrets->selfSrtpSalt, secrets->selfSrtpSaltLength); if (secrets->authTagAlgo == ZRTP_AUTHTAG_HS32){ - media_stream_set_srtp_send_key(userData->stream, MS_AES_128_SHA1_32, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength)); + if (secrets->cipherAlgo == ZRTP_CIPHER_AES3){ + media_stream_set_srtp_send_key(userData->stream, MS_AES_256_SHA1_32, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength)); + }else{ + media_stream_set_srtp_send_key(userData->stream, MS_AES_128_SHA1_32, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength)); + } }else if (secrets->authTagAlgo == ZRTP_AUTHTAG_HS80){ - media_stream_set_srtp_send_key(userData->stream, MS_AES_128_SHA1_80, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength)); + if (secrets->cipherAlgo == ZRTP_CIPHER_AES3){ + media_stream_set_srtp_send_key(userData->stream, MS_AES_256_SHA1_80, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength)); + }else{ + media_stream_set_srtp_send_key(userData->stream, MS_AES_128_SHA1_80, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength)); + } }else{ ms_fatal("unsupported auth tag"); } -- 2.1.4