-
Notifications
You must be signed in to change notification settings - Fork 52
/
Copy pathsrtp_cipher_utils_test.go
115 lines (96 loc) · 2.9 KB
/
srtp_cipher_utils_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
// SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
// SPDX-License-Identifier: MIT
package srtp
import (
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/sha1" // nolint:gosec
)
// deriveSessionKeys should be used in tests only.
// RFCs test vectors specifes derived keys to use,
// this struct is used to inject them into the cipher in tests.
type derivedSessionKeys struct {
srtpSessionKey []byte
srtpSessionSalt []byte
srtpSessionAuthTag []byte
srtcpSessionKey []byte
srtcpSessionSalt []byte
srtcpSessionAuthTag []byte
}
func newSrtpCipherAesCmHmacSha1WithDerivedKeys(
profile ProtectionProfile,
keys derivedSessionKeys,
encryptSRTP, encryptSRTCP bool,
) (*srtpCipherAesCmHmacSha1, error) {
if profile == ProtectionProfileNullHmacSha1_80 || profile == ProtectionProfileNullHmacSha1_32 {
encryptSRTP = false
encryptSRTCP = false
}
srtpCipher := &srtpCipherAesCmHmacSha1{
ProtectionProfile: profile,
srtpEncrypted: encryptSRTP,
srtcpEncrypted: encryptSRTCP,
}
var err error
if srtpCipher.srtpBlock, err = aes.NewCipher(keys.srtpSessionKey); err != nil {
return nil, err
}
if srtpCipher.srtcpBlock, err = aes.NewCipher(keys.srtcpSessionKey); err != nil {
return nil, err
}
srtpCipher.srtpSessionSalt = keys.srtpSessionSalt
srtpCipher.srtcpSessionSalt = keys.srtcpSessionSalt
srtpCipher.srtcpSessionAuth = hmac.New(sha1.New, keys.srtcpSessionAuthTag)
srtpCipher.srtpSessionAuth = hmac.New(sha1.New, keys.srtpSessionAuthTag)
return srtpCipher, nil
}
func newSrtpCipherAeadAesGcmWithDerivedKeys(
profile ProtectionProfile,
keys derivedSessionKeys,
encryptSRTP, encryptSRTCP bool,
) (*srtpCipherAeadAesGcm, error) {
srtpCipher := &srtpCipherAeadAesGcm{
ProtectionProfile: profile,
srtpEncrypted: encryptSRTP,
srtcpEncrypted: encryptSRTCP,
}
srtpBlock, err := aes.NewCipher(keys.srtpSessionKey)
if err != nil {
return nil, err
}
srtpCipher.srtpCipher, err = cipher.NewGCM(srtpBlock)
if err != nil {
return nil, err
}
srtcpBlock, err := aes.NewCipher(keys.srtcpSessionKey)
if err != nil {
return nil, err
}
srtpCipher.srtcpCipher, err = cipher.NewGCM(srtcpBlock)
if err != nil {
return nil, err
}
srtpCipher.srtpSessionSalt = keys.srtpSessionSalt
srtpCipher.srtcpSessionSalt = keys.srtcpSessionSalt
return srtpCipher, nil
}
// createContextWithCipher creates a new SRTP Context with a pre-created cipher. This is used for testing purposes only.
func createContextWithCipher(profile ProtectionProfile, cipher srtpCipher) (*Context, error) {
ctx := &Context{
srtpSSRCStates: map[uint32]*srtpSSRCState{},
srtcpSSRCStates: map[uint32]*srtcpSSRCState{},
profile: profile,
mkis: map[string]srtpCipher{},
cipher: cipher,
}
err := SRTPNoReplayProtection()(ctx)
if err != nil {
return nil, err
}
err = SRTCPNoReplayProtection()(ctx)
if err != nil {
return nil, err
}
return ctx, nil
}