summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleix Conchillo FlaquƩ <aleix@oblong.com>2014-05-20 14:48:37 -0700
committerWim Taymans <wtaymans@redhat.com>2014-06-19 16:06:27 +0200
commit32432b5c614cbbda9e0425c01619e5c0d54d6110 (patch)
treefc4cb940815c79440d501fade34096066df3ed63
parentfc06329e87c6bf0eae0ffe49827ffac1d31c13bc (diff)
mikey: add different key length parameters
Add encryption and authentication key length parameters to MIKEY. For the encoders, the key lengths are obtained from the cipher and auth algorithms set in the caps. For the decoders, they are obtained while parsing the key management from the client. Fixes https://bugzilla.gnome.org/show_bug.cgi?id=730472
-rw-r--r--gst/rtsp-server/rtsp-client.c24
-rw-r--r--gst/rtsp-server/rtsp-sdp.c34
-rw-r--r--gst/rtsp-server/rtsp-sdp.h6
3 files changed, 64 insertions, 0 deletions
diff --git a/gst/rtsp-server/rtsp-client.c b/gst/rtsp-server/rtsp-client.c
index cf79bda..3cbe67e 100644
--- a/gst/rtsp-server/rtsp-client.c
+++ b/gst/rtsp-server/rtsp-client.c
@@ -1545,6 +1545,18 @@ mikey_apply_policy (GstCaps * caps, GstMIKEYMessage * msg, guint8 policy)
break;
}
break;
+ case GST_MIKEY_SP_SRTP_ENC_KEY_LEN:
+ switch (param->val[0]) {
+ case AES_128_KEY_LEN:
+ srtp_cipher = "aes-128-icm";
+ break;
+ case AES_256_KEY_LEN:
+ srtp_cipher = "aes-256-icm";
+ break;
+ default:
+ break;
+ }
+ break;
case GST_MIKEY_SP_SRTP_AUTH_ALG:
switch (param->val[0]) {
case 0:
@@ -1558,6 +1570,18 @@ mikey_apply_policy (GstCaps * caps, GstMIKEYMessage * msg, guint8 policy)
break;
}
break;
+ case GST_MIKEY_SP_SRTP_AUTH_KEY_LEN:
+ switch (param->val[0]) {
+ case HMAC_32_KEY_LEN:
+ srtp_auth = "hmac-sha1-32";
+ break;
+ case HMAC_80_KEY_LEN:
+ srtp_auth = "hmac-sha1-80";
+ break;
+ default:
+ break;
+ }
+ break;
case GST_MIKEY_SP_SRTP_SRTP_ENC:
break;
case GST_MIKEY_SP_SRTP_SRTCP_ENC:
diff --git a/gst/rtsp-server/rtsp-sdp.c b/gst/rtsp-server/rtsp-sdp.c
index 13af74d..c4e74a3 100644
--- a/gst/rtsp-server/rtsp-sdp.c
+++ b/gst/rtsp-server/rtsp-sdp.c
@@ -72,6 +72,32 @@ update_sdp_from_tags (GstRTSPStream * stream, GstSDPMedia * stream_media)
gst_object_unref (src_pad);
}
+static guint8
+enc_key_length_from_cipher_name (const gchar * cipher)
+{
+ if (g_strcmp0 (cipher, "aes-128-icm") == 0)
+ return AES_128_KEY_LEN;
+ else if (g_strcmp0 (cipher, "aes-256-icm") == 0)
+ return AES_256_KEY_LEN;
+ else {
+ GST_ERROR ("encryption algorithm '%s' not supported", cipher);
+ return 0;
+ }
+}
+
+static guint8
+auth_key_length_from_auth_name (const gchar * auth)
+{
+ if (g_strcmp0 (auth, "hmac-sha1-32") == 0)
+ return HMAC_32_KEY_LEN;
+ else if (g_strcmp0 (auth, "hmac-sha1-80") == 0)
+ return HMAC_80_KEY_LEN;
+ else {
+ GST_ERROR ("authentication algorithm '%s' not supported", auth);
+ return 0;
+ }
+}
+
static void
make_media (GstSDPMessage * sdp, GstSDPInfo * info, GstRTSPMedia * media,
GstRTSPStream * stream, GstStructure * s, GstRTSPProfile profile)
@@ -226,9 +252,17 @@ make_media (GstSDPMessage * sdp, GstSDPInfo * info, GstRTSPMedia * media,
byte = 1;
gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_ENC_ALG, 1,
&byte);
+ /* Encryption key length */
+ byte = enc_key_length_from_cipher_name (srtpcipher);
+ gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_ENC_KEY_LEN, 1,
+ &byte);
/* only HMAC-SHA1 */
gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_AUTH_ALG, 1,
&byte);
+ /* Authentication key length */
+ byte = auth_key_length_from_auth_name (srtpauth);
+ gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_AUTH_KEY_LEN, 1,
+ &byte);
/* we enable encryption on RTP and RTCP */
gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_SRTP_ENC, 1,
&byte);
diff --git a/gst/rtsp-server/rtsp-sdp.h b/gst/rtsp-server/rtsp-sdp.h
index 7732f36..d0783a7 100644
--- a/gst/rtsp-server/rtsp-sdp.h
+++ b/gst/rtsp-server/rtsp-sdp.h
@@ -27,6 +27,12 @@
G_BEGIN_DECLS
+#define AES_128_KEY_LEN 16
+#define AES_256_KEY_LEN 32
+
+#define HMAC_32_KEY_LEN 4
+#define HMAC_80_KEY_LEN 10
+
typedef struct {
gboolean is_ipv6;
const gchar *server_ip;