diff --git a/src/include/switch_rtp.h b/src/include/switch_rtp.h index a072fa59fa..e807476490 100644 --- a/src/include/switch_rtp.h +++ b/src/include/switch_rtp.h @@ -50,7 +50,8 @@ SWITCH_BEGIN_EXTERN_C #define SWITCH_RTP_KEY_LEN 30 #define SWITCH_RTP_CRYPTO_KEY_32 "AES_CM_128_HMAC_SHA1_32" #define SWITCH_RTP_CRYPTO_KEY_80 "AES_CM_128_HMAC_SHA1_80" -#define SWITCH_RTP_CRYPTO_KEY_8 "AEAD_AES_128_GCM_8" +#define SWITCH_RTP_CRYPTO_KEY_128_8 "AEAD_AES_128_GCM_8" +#define SWITCH_RTP_CRYPTO_KEY_256_8 "AEAD_AES_256_GCM_8" typedef enum { SWITCH_RTP_CRYPTO_SEND, SWITCH_RTP_CRYPTO_RECV, diff --git a/src/switch_core_media.c b/src/switch_core_media.c index 5cd60d34c3..e2b92b6177 100644 --- a/src/switch_core_media.c +++ b/src/switch_core_media.c @@ -825,9 +825,9 @@ static switch_status_t switch_core_media_build_crypto(switch_media_handle_t *smh if (ctype == AES_CM_128_HMAC_SHA1_80) { type_str = SWITCH_RTP_CRYPTO_KEY_80; } else if (ctype == AEAD_AES_256_GCM_8) { - type_str = SWITCH_RTP_CRYPTO_KEY_8; + type_str = SWITCH_RTP_CRYPTO_KEY_256_8; } else if (ctype == AEAD_AES_128_GCM_8) { - type_str = SWITCH_RTP_CRYPTO_KEY_8; + type_str = SWITCH_RTP_CRYPTO_KEY_128_8; } else if (ctype == AES_CM_256_HMAC_SHA1_80) { type_str = SWITCH_RTP_CRYPTO_KEY_80; } else if (ctype == AES_CM_192_HMAC_SHA1_80) { @@ -901,8 +901,10 @@ switch_status_t switch_core_media_add_crypto(switch_secure_settings_t *ssec, con type = AES_CM_128_HMAC_SHA1_32; } else if (!strncasecmp(p, SWITCH_RTP_CRYPTO_KEY_80, strlen(SWITCH_RTP_CRYPTO_KEY_80))) { type = AES_CM_128_HMAC_SHA1_80; - } else if (!strncasecmp(p, SWITCH_RTP_CRYPTO_KEY_8, strlen(SWITCH_RTP_CRYPTO_KEY_8))) { + } else if (!strncasecmp(p, SWITCH_RTP_CRYPTO_KEY_256_8, strlen(SWITCH_RTP_CRYPTO_KEY_256_8))) { type = AEAD_AES_128_GCM_8; + } else if (!strncasecmp(p, SWITCH_RTP_CRYPTO_KEY_128_8, strlen(SWITCH_RTP_CRYPTO_KEY_128_8))) { + type = AEAD_AES_256_GCM_8; } else { switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Parse Error near [%s]\n", p); goto bad; @@ -1047,8 +1049,13 @@ SWITCH_DECLARE(int) switch_core_session_check_incoming_crypto(switch_core_sessio switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 1); switch_rtp_add_crypto_key(engine->rtp_session, SWITCH_RTP_CRYPTO_SEND, atoi(crypto), engine->ssec.crypto_type, engine->ssec.local_raw_key, SWITCH_RTP_KEY_LEN); - } else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_8, crypto)) { - switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_8); + } else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_256_8, crypto)) { + switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_256_8); + switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AEAD_AES_256_GCM_8, SWITCH_RTP_CRYPTO_SEND, 1); + switch_rtp_add_crypto_key(engine->rtp_session, SWITCH_RTP_CRYPTO_SEND, atoi(crypto), engine->ssec.crypto_type, + engine->ssec.local_raw_key, SWITCH_RTP_KEY_LEN); + } else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_128_8, crypto)) { + switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_128_8); switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AEAD_AES_128_GCM_8, SWITCH_RTP_CRYPTO_SEND, 1); switch_rtp_add_crypto_key(engine->rtp_session, SWITCH_RTP_CRYPTO_SEND, atoi(crypto), engine->ssec.crypto_type, engine->ssec.local_raw_key, SWITCH_RTP_KEY_LEN); @@ -1088,8 +1095,11 @@ SWITCH_DECLARE(int) switch_core_session_check_incoming_crypto(switch_core_sessio } else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_80, crypto)) { switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_80); switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 1); - } else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_8, crypto)) { - switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_8); + } else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_256_8, crypto)) { + switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_256_8); + switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AEAD_AES_256_GCM_8, SWITCH_RTP_CRYPTO_SEND, 1); + } else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_128_8, crypto)) { + switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_128_8); switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AEAD_AES_128_GCM_8, SWITCH_RTP_CRYPTO_SEND, 1); } else { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "Crypto Setup Failed!.\n"); @@ -1124,7 +1134,13 @@ SWITCH_DECLARE(void) switch_core_session_check_outgoing_crypto(switch_core_sessi SWITCH_MEDIA_TYPE_AUDIO, 1, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 0); switch_core_media_build_crypto(session->media_handle, SWITCH_MEDIA_TYPE_VIDEO, 1, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 0); - } else if (!strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_8)) { + } else if (!strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_256_8)) { + switch_channel_set_flag(channel, CF_SECURE); + switch_core_media_build_crypto(session->media_handle, + SWITCH_MEDIA_TYPE_AUDIO, 1, AEAD_AES_256_GCM_8, SWITCH_RTP_CRYPTO_SEND, 0); + switch_core_media_build_crypto(session->media_handle, + SWITCH_MEDIA_TYPE_VIDEO, 1, AEAD_AES_256_GCM_8, SWITCH_RTP_CRYPTO_SEND, 0); + } else if (!strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_128_8)) { switch_channel_set_flag(channel, CF_SECURE); switch_core_media_build_crypto(session->media_handle, SWITCH_MEDIA_TYPE_AUDIO, 1, AEAD_AES_128_GCM_8, SWITCH_RTP_CRYPTO_SEND, 0); @@ -2754,8 +2770,11 @@ SWITCH_DECLARE(uint8_t) switch_core_media_negotiate_sdp(switch_core_session_t *s } if (sdp_type == SDP_TYPE_REQUEST && (var = switch_channel_get_variable(session->channel, "rtp_secure_media"))) { - if (!switch_true(var) && strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_32) && - strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_80) && strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_8)) { + if (!switch_true(var) + && strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_32) + && strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_80) + && strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_128_8) + && strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_256_8)) { got_crypto = -1; } }