RuhNetConsulting
/
rtpengine
mirror of https://github.com/sipwise/rtpengine
1
1
Fork 0
Code Issues 0 Projects 0 Releases 822 Wiki Activity
Browse Source

TT#108551 add kernel support for AEAD-AES-GCM 

Also amends tests plus additional clean ups

Closes #1133

Change-Id: I0dad7b8aad9cff1b019323c7ac5a356830ab09ad
pull/1164/head
Richard Fuchs 5 years ago
parent
0c4110779d
commit
6602a3a7c5
14 changed files with 2168 additions and 4253 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +37
    -46
      daemon/crypto.c
  2. +1
    -1
      daemon/dtls.c
  3. +2
    -0
      daemon/media_socket.c
  4. +15
    -4
      daemon/rtcp.c
  5. +5
    -1
      daemon/rtp.c
  6. +2
    -1
      include/crypto.h
  7. +1
    -0
      kernel-module/.gitignore
  8. +159
    -6
      kernel-module/xt_RTPENGINE.c
  9. +4
    -0
      kernel-module/xt_RTPENGINE.h
  10. +2
    -0
      perl/NGCP/Rtpengine/AutoTest.pm
  11. +1
    -0
      t/.gitignore
  12. +9
    -9
      t/aead-aes-crypt.c
  13. +1752
    -4067
      t/auto-daemon-tests-reorder.pl
  14. +178
    -118
      t/auto-daemon-tests.pl

+ 37
- 46
daemon/crypto.c View File

@ -195,8 +195,8 @@ struct crypto_suite __crypto_suites[] = {
.session_salt_len = 12,
.srtp_lifetime = 1ULL << 48,
.srtcp_lifetime = 1ULL << 31,
//.kernel_cipher = REC_AES_CM_128,
//.kernel_hmac = REH_HMAC_SHA1,
.kernel_cipher = REC_AEAD_AES_GCM_128,
.kernel_hmac = REH_NULL,
.srtp_auth_tag = 0,
.srtcp_auth_tag = 0,
.srtp_auth_key_len = 0,
@ -205,10 +205,9 @@ struct crypto_suite __crypto_suites[] = {
.decrypt_rtp = aes_gcm_decrypt_rtp,
.encrypt_rtcp = aes_gcm_encrypt_rtcp,
.decrypt_rtcp = aes_gcm_decrypt_rtcp,
//.hash_rtp = hmac_sha1_rtp,
//.hash_rtcp = hmac_sha1_rtcp,
.session_key_init = aes_gcm_session_key_init,
.session_key_cleanup = evp_session_key_cleanup,
.aead_evp = EVP_aes_128_gcm,
},
{
.name = "AEAD_AES_256_GCM",
@ -219,8 +218,8 @@ struct crypto_suite __crypto_suites[] = {
.session_salt_len = 12,
.srtp_lifetime = 1ULL << 48,
.srtcp_lifetime = 1ULL << 31,
//.kernel_cipher = REC_AES_CM_256,
//.kernel_hmac = REH_HMAC_SHA1,
.kernel_cipher = REC_AEAD_AES_GCM_256,
.kernel_hmac = REH_NULL,
.srtp_auth_tag = 0,
.srtcp_auth_tag = 0,
.srtp_auth_key_len = 0,
@ -229,10 +228,9 @@ struct crypto_suite __crypto_suites[] = {
.decrypt_rtp = aes_gcm_decrypt_rtp,
.encrypt_rtcp = aes_gcm_encrypt_rtcp,
.decrypt_rtcp = aes_gcm_decrypt_rtcp,
//.hash_rtp = hmac_sha1_rtp,
//.hash_rtcp = hmac_sha1_rtcp,
.session_key_init = aes_gcm_session_key_init,
.session_key_cleanup = evp_session_key_cleanup,
.aead_evp = EVP_aes_256_gcm,
},
{
.name = "F8_128_HMAC_SHA1_80",
@ -466,23 +464,24 @@ int crypto_gen_session_key(struct crypto_context *c, str *out, unsigned char lab
unsigned char x[14];
int i;
if (!out->len)
return 0;
ZERO(key_id);
/* key_id[1..6] := r; or 1..4 for rtcp
* key_derivation_rate == 0 --> r == 0 */
key_id[0] = label;
assert(sizeof(x) >= c->params.crypto_suite->master_salt_len);
memcpy(x, c->params.master_salt, c->params.crypto_suite->master_salt_len);
// AEAD uses 12 bytes master salt; pad on the right to get 14
// Errata: https://www.rfc-editor.org/errata_search.php?rfc=7714
if (c->params.crypto_suite->master_salt_len == 12) {
memcpy(x, c->params.master_salt, 12);
if (c->params.crypto_suite->master_salt_len == 12)
x[12] = x[13] = '\x00';
} else {
memcpy(x, c->params.master_salt, 14);
}
for (i = 13 - index_len; i < 14; i++)
x[i] = key_id[i - (13 - index_len)] ^ x[i];
prf_n(out, c->params.master_key, c->params.crypto_suite->lib_cipher_ptr, x);
prf_n(out, c->params.master_key, c->params.crypto_suite->aes_evp, x);
ilogs(srtp, LOG_DEBUG, "Generated session key: master key "
"%02x%02x%02x%02x..., "
@ -563,18 +562,16 @@ static int aes_gcm_encrypt_rtp(struct crypto_context *c, struct rtp_header *r, s
*(u_int32_t*)(iv+6) ^= htonl((idx & 0x00ffffffff0000ULL) >> 16);
*(u_int16_t*)(iv+10) ^= htons(idx & 0x00ffffULL);
if (c->params.crypto_suite->session_key_len == 16) {
EVP_EncryptInit_ex(c->session_key_ctx[0], EVP_aes_128_gcm(), NULL, c->session_key, iv);
} else {
EVP_EncryptInit_ex(c->session_key_ctx[0], EVP_aes_256_gcm(), NULL, c->session_key, iv);
}
EVP_EncryptInit_ex(c->session_key_ctx[0], c->params.crypto_suite->aead_evp(), NULL,
(const unsigned char *) c->session_key, iv);
// nominally 12 bytes of AAD
EVP_EncryptUpdate(c->session_key_ctx[0], NULL, &len, (void *)r, s->s - (char *)r);
EVP_EncryptUpdate(c->session_key_ctx[0], s->s, &len, s->s, s->len);
EVP_EncryptUpdate(c->session_key_ctx[0], (unsigned char *) s->s, &len,
(const unsigned char *) s->s, s->len);
ciphertext_len = len;
if (!EVP_EncryptFinal_ex(c->session_key_ctx[0], s->s+len, &len))
if (!EVP_EncryptFinal_ex(c->session_key_ctx[0], (unsigned char *) s->s+len, &len))
return 1;
ciphertext_len += len;
// append the tag to the str buffer
@ -594,20 +591,18 @@ static int aes_gcm_decrypt_rtp(struct crypto_context *c, struct rtp_header *r, s
*(u_int32_t*)(iv+6) ^= htonl((idx & 0x00ffffffff0000ULL) >> 16);
*(u_int16_t*)(iv+10) ^= htons(idx & 0x00ffffULL);
if (c->params.crypto_suite->session_key_len == 16) {
EVP_DecryptInit_ex(c->session_key_ctx[0], EVP_aes_128_gcm(), NULL, c->session_key, iv);
} else {
EVP_DecryptInit_ex(c->session_key_ctx[0], EVP_aes_256_gcm(), NULL, c->session_key, iv);
}
EVP_DecryptInit_ex(c->session_key_ctx[0], c->params.crypto_suite->aead_evp(), NULL,
(const unsigned char *) c->session_key, iv);
// nominally 12 bytes of AAD
EVP_DecryptUpdate(c->session_key_ctx[0], NULL, &len, (void *)r, s->s - (char *)r);
// decrypt partial buffer - the last 16 bytes are the tag
EVP_DecryptUpdate(c->session_key_ctx[0], s->s, &len, s->s, s->len-16);
EVP_DecryptUpdate(c->session_key_ctx[0], (unsigned char *) s->s, &len,
(const unsigned char *) s->s, s->len-16);
plaintext_len = len;
EVP_CIPHER_CTX_ctrl(c->session_key_ctx[0], EVP_CTRL_GCM_SET_TAG, 16, s->s + s->len-16);
if (!EVP_DecryptFinal_ex(c->session_key_ctx[0], s->s+len, &len))
if (!EVP_DecryptFinal_ex(c->session_key_ctx[0], (unsigned char *) s->s+len, &len))
return 1;
plaintext_len += len;
s->len = plaintext_len;
@ -628,19 +623,17 @@ static int aes_gcm_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r,
*(u_int32_t*)(iv+8) ^= htonl(idx & 0x007fffffffULL);
*(u_int32_t*)e_idx = htonl( (idx&0x007fffffffULL) | 0x80000000);
if (c->params.crypto_suite->session_key_len == 16) {
EVP_EncryptInit_ex(c->session_key_ctx[0], EVP_aes_128_gcm(), NULL, c->session_key, iv);
} else {
EVP_EncryptInit_ex(c->session_key_ctx[0], EVP_aes_256_gcm(), NULL, c->session_key, iv);
}
EVP_EncryptInit_ex(c->session_key_ctx[0], c->params.crypto_suite->aead_evp(), NULL,
(const unsigned char *) c->session_key, iv);
// nominally 8 + 4 bytes of AAD
EVP_EncryptUpdate(c->session_key_ctx[0], NULL, &len, (void *)r, s->s - (char *)r);
EVP_EncryptUpdate(c->session_key_ctx[0], NULL, &len, (void *)e_idx, 4);
EVP_EncryptUpdate(c->session_key_ctx[0], s->s, &len, s->s, s->len);
EVP_EncryptUpdate(c->session_key_ctx[0], (unsigned char *) s->s, &len,
(const unsigned char *) s->s, s->len);
ciphertext_len = len;
if (!EVP_EncryptFinal_ex(c->session_key_ctx[0], s->s+len, &len))
if (!EVP_EncryptFinal_ex(c->session_key_ctx[0], (unsigned char *) s->s+len, &len))
return 1;
ciphertext_len += len;
// append the tag to the str buffer
@ -661,21 +654,19 @@ static int aes_gcm_decrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r,
*(u_int32_t*)(iv+8) ^= htonl(idx & 0x007fffffffULL);
*(u_int32_t*)e_idx = htonl( (idx&0x007fffffffULL) | 0x80000000);
if (c->params.crypto_suite->session_key_len == 16) {
EVP_DecryptInit_ex(c->session_key_ctx[0], EVP_aes_128_gcm(), NULL, c->session_key, iv);
} else {
EVP_DecryptInit_ex(c->session_key_ctx[0], EVP_aes_256_gcm(), NULL, c->session_key, iv);
}
EVP_DecryptInit_ex(c->session_key_ctx[0], c->params.crypto_suite->aead_evp(), NULL,
(const unsigned char *) c->session_key, iv);
// nominally 8 + 4 bytes of AAD
EVP_DecryptUpdate(c->session_key_ctx[0], NULL, &len, (void *)r, s->s - (char *)r);
EVP_DecryptUpdate(c->session_key_ctx[0], NULL, &len, (void *)e_idx, 4);
// decrypt partial buffer - the last 16 bytes are the tag
EVP_DecryptUpdate(c->session_key_ctx[0], s->s, &len, s->s, s->len-16);
EVP_DecryptUpdate(c->session_key_ctx[0], (unsigned char *) s->s, &len,
(const unsigned char *) s->s, s->len-16);
plaintext_len = len;
EVP_CIPHER_CTX_ctrl(c->session_key_ctx[0], EVP_CTRL_GCM_SET_TAG, 16, s->s + s->len-16);
if (!EVP_DecryptFinal_ex(c->session_key_ctx[0], s->s+len, &len))
if (!EVP_DecryptFinal_ex(c->session_key_ctx[0], (unsigned char *) s->s+len, &len))
return 1;
plaintext_len += len;
s->len = plaintext_len;
@ -826,7 +817,7 @@ static int aes_cm_session_key_init(struct crypto_context *c) {
c->session_key_ctx[0] = g_slice_alloc(sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(c->session_key_ctx[0]);
#endif
EVP_EncryptInit_ex(c->session_key_ctx[0], c->params.crypto_suite->lib_cipher_ptr, NULL,
EVP_EncryptInit_ex(c->session_key_ctx[0], c->params.crypto_suite->aes_evp, NULL,
(unsigned char *) c->session_key, NULL);
return 0;
}
@ -963,13 +954,13 @@ void crypto_init_main() {
str_init(&cs->name_str, (char *) cs->name);
switch(cs->master_key_len) {
case 16:
cs->lib_cipher_ptr = EVP_aes_128_ecb();
cs->aes_evp = EVP_aes_128_ecb();
break;
case 24:
cs->lib_cipher_ptr = EVP_aes_192_ecb();
cs->aes_evp = EVP_aes_192_ecb();
break;
case 32:
cs->lib_cipher_ptr = EVP_aes_256_ecb();
cs->aes_evp = EVP_aes_256_ecb();
break;
}
}


+ 1
- 1
daemon/dtls.c View File

@ -641,7 +641,7 @@ found:
i += cs->master_salt_len;
memcpy(server.master_salt, &keys[i], cs->master_salt_len);
ilogs(crypto, LOG_INFO, "DTLS-SRTP successfully negotiated");
ilogs(crypto, LOG_INFO, "DTLS-SRTP successfully negotiated using %s", cs->name);
if (d->active) {
/* we're the client */


+ 2
- 0
daemon/media_socket.c View File

@ -1033,6 +1033,8 @@ static int __k_srtp_crypt(struct rtpengine_srtp *s, struct crypto_context *c, st
s->master_key_len = c->params.crypto_suite->master_key_len;
s->session_key_len = c->params.crypto_suite->session_key_len;
memcpy(s->master_salt, c->params.master_salt, c->params.crypto_suite->master_salt_len);
s->master_salt_len = c->params.crypto_suite->master_salt_len;
s->session_salt_len = c->params.crypto_suite->session_salt_len;
if (c->params.session_params.unencrypted_srtp)
s->cipher = REC_NULL;


+ 15
- 4
daemon/rtcp.c View File

@ -861,9 +861,11 @@ int rtcp_avp2savp(str *s, struct crypto_context *c, struct ssrc_ctx *ssrc_ctx) {
rtcp->ssrc, ssrc_ctx->srtcp_index);
crypto_debug_dump(&payload);
int prev_len = payload.len;
if (!c->params.session_params.unencrypted_srtcp && crypto_encrypt_rtcp(c, rtcp, &payload,
ssrc_ctx->srtcp_index))
return -1;
s->len += payload.len - prev_len;
crypto_debug_printf(", enc pl: ");
crypto_debug_dump(&payload);
@ -877,10 +879,12 @@ int rtcp_avp2savp(str *s, struct crypto_context *c, struct ssrc_ctx *ssrc_ctx) {
rtp_append_mki(s, c);
c->params.crypto_suite->hash_rtcp(c, s->s + s->len, &to_auth);
crypto_debug_printf(", auth: ");
crypto_debug_dump_raw(s->s + s->len, c->params.crypto_suite->srtcp_auth_tag);
s->len += c->params.crypto_suite->srtcp_auth_tag;
if (c->params.crypto_suite->srtcp_auth_tag) {
c->params.crypto_suite->hash_rtcp(c, s->s + s->len, &to_auth);
crypto_debug_printf(", auth: ");
crypto_debug_dump_raw(s->s + s->len, c->params.crypto_suite->srtcp_auth_tag);
s->len += c->params.crypto_suite->srtcp_auth_tag;
}
crypto_debug_finish();
@ -923,6 +927,10 @@ int rtcp_savp2avp(str *s, struct crypto_context *c, struct ssrc_ctx *ssrc_ctx) {
crypto_debug_printf(", idx %" PRIu32, idx);
if (!auth_tag.len)
goto decrypt;
// authenticate
assert(sizeof(hmac) >= auth_tag.len);
c->params.crypto_suite->hash_rtcp(c, hmac, &to_auth);
@ -935,6 +943,8 @@ int rtcp_savp2avp(str *s, struct crypto_context *c, struct ssrc_ctx *ssrc_ctx) {
if (str_memcmp(&auth_tag, hmac))
goto error;
decrypt:;
int prev_len = to_decrypt.len;
if ((idx & 0x80000000ULL)) {
if (crypto_decrypt_rtcp(c, rtcp, &to_decrypt, idx & 0x7fffffffULL))
return -1;
@ -945,6 +955,7 @@ int rtcp_savp2avp(str *s, struct crypto_context *c, struct ssrc_ctx *ssrc_ctx) {
*s = to_auth;
s->len -= sizeof(idx);
s->len -= prev_len - to_decrypt.len;
crypto_debug_finish();


+ 5
- 1
daemon/rtp.c View File

@ -118,8 +118,10 @@ int rtp_avp2savp(str *s, struct crypto_context *c, struct ssrc_ctx *ssrc_ctx) {
crypto_debug_dump(&payload);
/* rfc 3711 section 3.1 */
int prev_len = payload.len;
if (!c->params.session_params.unencrypted_srtp && crypto_encrypt_rtp(c, rtp, &payload, index))
return -1;
s->len += payload.len - prev_len;
crypto_debug_printf(", enc pl: ");
crypto_debug_dump(&payload);
@ -212,7 +214,8 @@ int rtp_savp2avp(str *s, struct crypto_context *c, struct ssrc_ctx *ssrc_ctx) {
decrypt_idx:
ssrc_ctx->srtp_index = index;
decrypt:
decrypt:;
int prev_len = to_decrypt.len;
if (!c->params.session_params.unencrypted_srtp && crypto_decrypt_rtp(c, rtp, &to_decrypt, index))
return -1;
@ -220,6 +223,7 @@ decrypt:
crypto_debug_dump(&to_decrypt);
*s = to_auth;
s->len -= prev_len - to_decrypt.len;
crypto_debug_finish();


+ 2
- 1
include/crypto.h View File

@ -56,9 +56,10 @@ struct crypto_suite {
session_key_init_func session_key_init;
session_key_cleanup_func session_key_cleanup;
//const char *dtls_profile_code; // unused
const void *lib_cipher_ptr;
const EVP_CIPHER *aes_evp;
unsigned int idx; // filled in during crypto_init_main()
str name_str; // same as `name`
const EVP_CIPHER *(*aead_evp)(void);
};
struct crypto_session_params {


+ 1
- 0
kernel-module/.gitignore View File

@ -5,3 +5,4 @@
modules.order
Module.symvers
.*.cmd
xt_RTPENGINE.mod

+ 159
- 6
kernel-module/xt_RTPENGINE.c View File

@ -10,6 +10,9 @@
#include <linux/crypto.h>
#include <crypto/aes.h>
#include <crypto/hash.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
#include <crypto/aead.h>
#endif
#include <net/icmp.h>
#include <net/ip.h>
#include <net/ipv6.h>
@ -41,7 +44,7 @@ MODULE_LICENSE("GPL");
#define MAX_ID 64 /* - 1 */
#define MAX_SKB_TAIL_ROOM (sizeof(((struct rtpengine_srtp *) 0)->mki) + 20)
#define MAX_SKB_TAIL_ROOM (sizeof(((struct rtpengine_srtp *) 0)->mki) + 20 + 16)
#define MIPF "%i:%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%u"
#define MIPP(x) (x).family, \
@ -155,6 +158,7 @@ struct re_auto_array;
struct re_call;
struct re_stream;
struct rtpengine_table;
struct crypto_aead;
@ -232,6 +236,10 @@ static int srtp_encrypt_aes_cm(struct re_crypto_context *, struct rtpengine_srtp
struct rtp_parsed *, u_int64_t);
static int srtp_encrypt_aes_f8(struct re_crypto_context *, struct rtpengine_srtp *,
struct rtp_parsed *, u_int64_t);
static int srtp_encrypt_aes_gcm(struct re_crypto_context *, struct rtpengine_srtp *,
struct rtp_parsed *, u_int64_t);
static int srtp_decrypt_aes_gcm(struct re_crypto_context *, struct rtpengine_srtp *,
struct rtp_parsed *, u_int64_t);
static void call_put(struct re_call *call);
static void del_stream(struct re_stream *stream, struct rtpengine_table *);
@ -253,6 +261,7 @@ struct re_crypto_context {
u_int32_t roc;
struct crypto_cipher *tfm[2];
struct crypto_shash *shash;
struct crypto_aead *aead;
const struct re_cipher *cipher;
const struct re_hmac *hmac;
};
@ -389,6 +398,7 @@ struct re_cipher {
enum rtpengine_cipher id;
const char *name;
const char *tfm_name;
const char *aead_name;
int (*decrypt)(struct re_crypto_context *, struct rtpengine_srtp *,
struct rtp_parsed *, u_int64_t);
int (*encrypt)(struct re_crypto_context *, struct rtpengine_srtp *,
@ -572,6 +582,20 @@ static const struct re_cipher re_ciphers[] = {
.decrypt = srtp_encrypt_aes_cm,
.encrypt = srtp_encrypt_aes_cm,
},
[REC_AEAD_AES_GCM_128] = {
.id = REC_AEAD_AES_GCM_128,
.name = "AEAD-AES-GCM-128",
.aead_name = "gcm(aes)",
.decrypt = srtp_decrypt_aes_gcm,
.encrypt = srtp_encrypt_aes_gcm,
},
[REC_AEAD_AES_GCM_256] = {
.id = REC_AEAD_AES_GCM_256,
.name = "AEAD-AES-GCM-256",
.aead_name = "gcm(aes)",
.decrypt = srtp_decrypt_aes_gcm,
.encrypt = srtp_encrypt_aes_gcm,
},
};
static const struct re_hmac re_hmacs[] = {
@ -816,6 +840,10 @@ static void free_crypto_context(struct re_crypto_context *c) {
}
if (c->shash)
crypto_free_shash(c->shash);
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
if (c->aead)
crypto_free_aead(c->aead);
#endif
}
static void target_put(struct rtpengine_target *t) {
@ -1939,7 +1967,11 @@ static int gen_session_key(unsigned char *out, int len, struct rtpengine_srtp *s
key_id[0] = label;
memcpy(x, s->master_salt, 14);
memcpy(x, s->master_salt, s->master_salt_len);
// AEAD uses 12 bytes master salt; pad on the right to get 14
// Errata: https://www.rfc-editor.org/errata_search.php?rfc=7714
if (s->master_salt_len == 12)
x[12] = x[13] = '\x00';
for (i = 13 - 6; i < 14; i++)
x[i] = key_id[i - (13 - 6)] ^ x[i];
@ -1987,10 +2019,10 @@ static int gen_session_keys(struct re_crypto_context *c, struct rtpengine_srtp *
ret = gen_session_key(c->session_key, s->session_key_len, s, 0x00);
if (ret)
goto error;
ret = gen_session_key(c->session_auth_key, 20, s, 0x01);
ret = gen_session_key(c->session_auth_key, 20, s, 0x01); // XXX fixed length auth key
if (ret)
goto error;
ret = gen_session_key(c->session_salt, 14, s, 0x02);
ret = gen_session_key(c->session_salt, s->session_salt_len, s, 0x02);
if (ret)
goto error;
@ -2002,9 +2034,36 @@ static int gen_session_keys(struct re_crypto_context *c, struct rtpengine_srtp *
c->tfm[0] = NULL;
goto error;
}
crypto_cipher_setkey(c->tfm[0], c->session_key, s->session_key_len);
ret = crypto_cipher_setkey(c->tfm[0], c->session_key, s->session_key_len);
if (ret)
goto error;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
if (c->cipher->aead_name) {
err = "failed to load AEAD";
c->aead = crypto_alloc_aead(c->cipher->aead_name, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(c->aead)) {
ret = PTR_ERR(c->aead);
c->aead = NULL;
goto error;
}
ret = -EINVAL;
if (crypto_aead_ivsize(c->aead) != 12)
goto error;
ret = crypto_aead_setkey(c->aead, c->session_key, s->session_key_len);
if (ret)
goto error;
ret = crypto_aead_setauthsize(c->aead, 16);
if (ret)
goto error;
}
#else
err = "No support for AEAD in this kernel";
if (c->cipher->aead_name)
goto error;
#endif
if (c->cipher->session_key_init) {
ret = c->cipher->session_key_init(c, s);
if (ret)
@ -2019,7 +2078,9 @@ static int gen_session_keys(struct re_crypto_context *c, struct rtpengine_srtp *
c->shash = NULL;
goto error;
}
crypto_shash_setkey(c->shash, c->session_auth_key, 20);
ret = crypto_shash_setkey(c->shash, c->session_auth_key, 20);
if (ret)
goto error;
}
switch(s->master_key_len) {
@ -3857,6 +3918,98 @@ static int srtp_encrypt_aes_f8(struct re_crypto_context *c,
return 0;
}
static int srtp_encrypt_aes_gcm(struct re_crypto_context *c,
struct rtpengine_srtp *s, struct rtp_parsed *r,
u_int64_t pkt_idx)
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
unsigned char iv[12];
struct aead_request *req;
struct scatterlist sg[2];
int ret;
if (s->session_salt_len != 12)
return -EINVAL;
if (r->payload_len < 16)
return -EINVAL;
memcpy(iv, c->session_salt, 12);
*(u_int32_t*)(iv+2) ^= r->header->ssrc;
*(u_int32_t*)(iv+6) ^= htonl((pkt_idx & 0x00ffffffff0000ULL) >> 16);
*(u_int16_t*)(iv+10) ^= htons(pkt_idx & 0x00ffffULL);
req = aead_request_alloc(c->aead, GFP_ATOMIC);
if (!req)
return -ENOMEM;
if (IS_ERR(req))
return PTR_ERR(req);
sg_init_table(sg, ARRAY_SIZE(sg));
sg_set_buf(&sg[0], r->header, r->header_len);
sg_set_buf(&sg[1], r->payload, r->payload_len + 16); // guaranteed to have space after skb_copy_expand
aead_request_set_callback(req, 0, NULL, NULL);
aead_request_set_ad(req, r->header_len);
aead_request_set_crypt(req, sg, sg, r->payload_len, iv);
ret = crypto_aead_encrypt(req);
aead_request_free(req);
if (ret == 0)
r->payload_len += 16;
return ret;
#else
return -EOPNOTSUPP;
#endif
}
static int srtp_decrypt_aes_gcm(struct re_crypto_context *c,
struct rtpengine_srtp *s, struct rtp_parsed *r,
u_int64_t pkt_idx)
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
unsigned char iv[12];
struct aead_request *req;
struct scatterlist sg[2];
int ret;
if (s->session_salt_len != 12)
return -EINVAL;
if (r->payload_len < 16)
return -EINVAL;
memcpy(iv, c->session_salt, 12);
*(u_int32_t*)(iv+2) ^= r->header->ssrc;
*(u_int32_t*)(iv+6) ^= htonl((pkt_idx & 0x00ffffffff0000ULL) >> 16);
*(u_int16_t*)(iv+10) ^= htons(pkt_idx & 0x00ffffULL);
req = aead_request_alloc(c->aead, GFP_ATOMIC);
if (!req)
return -ENOMEM;
if (IS_ERR(req))
return PTR_ERR(req);
sg_init_table(sg, ARRAY_SIZE(sg));
sg_set_buf(&sg[0], r->header, r->header_len);
sg_set_buf(&sg[1], r->payload, r->payload_len);
aead_request_set_callback(req, 0, NULL, NULL);
aead_request_set_ad(req, r->header_len);
aead_request_set_crypt(req, sg, sg, r->payload_len, iv);
ret = crypto_aead_decrypt(req);
aead_request_free(req);
if (ret == 0)
r->payload_len -= 16;
return ret;
#else
return -EOPNOTSUPP;
#endif
}
static inline int srtp_encrypt(struct re_crypto_context *c,
struct rtpengine_srtp *s, struct rtp_parsed *r,


+ 4
- 0
kernel-module/xt_RTPENGINE.h View File

@ -54,6 +54,8 @@ enum rtpengine_cipher {
REC_AES_F8,
REC_AES_CM_192,
REC_AES_CM_256,
REC_AEAD_AES_GCM_128,
REC_AEAD_AES_GCM_256,
__REC_LAST
};
@ -73,7 +75,9 @@ struct rtpengine_srtp {
unsigned char master_key[32];
unsigned int master_key_len;
unsigned char master_salt[14];
unsigned int master_salt_len;
unsigned int session_key_len;
unsigned int session_salt_len;
unsigned char mki[256]; /* XXX uses too much memory? */
u_int64_t last_index;
unsigned int auth_tag_len; /* in bytes */


+ 2
- 0
perl/NGCP/Rtpengine/AutoTest.pm View File

@ -122,8 +122,10 @@ sub offer_answer {
$regexp =~ s/ICEBASE/([0-9a-zA-Z]{16})/gs;
$regexp =~ s/ICEUFRAG/([0-9a-zA-Z]{8})/gs;
$regexp =~ s/ICEPWD/([0-9a-zA-Z]{26})/gs;
$regexp =~ s/CRYPTO128S/([0-9a-zA-Z\/+]{38})/gs;
$regexp =~ s/CRYPTO128/([0-9a-zA-Z\/+]{40})/gs;
$regexp =~ s/CRYPTO192/([0-9a-zA-Z\/+]{51})/gs;
$regexp =~ s/CRYPTO256S/([0-9a-zA-Z\/+]{59})/gs;
$regexp =~ s/CRYPTO256/([0-9a-zA-Z\/+]{62})/gs;
$regexp =~ s/LOOPER/([0-9a-f]{12})/gs;
$regexp =~ s/FINGERPRINT256/([0-9a-fA-F:]{95})/gs;


+ 1
- 0
t/.gitignore View File

@ -60,3 +60,4 @@ spandsp_recv_fax_t38
spandsp_send_fax_pcm
spandsp_send_fax_t38
spandsp_logging.h
aead-aes-crypt

+ 9
- 9
t/aead-aes-crypt.c View File

@ -97,7 +97,7 @@ uint8_t answer256_srtcp[72] = {
struct rtpengine_config rtpe_config = {
};
int main(int argc, char *argv)
int main(void)
{
str suite, payload;
@ -122,7 +122,7 @@ int main(int argc, char *argv)
memcpy(working, srtp_pt, 50);
payload.len = 38;
payload.s = working + 12;
payload.s = (char *) working + 12;
rc = crypto_encrypt_rtp(&ctx, (struct rtp_header *)working,
&payload,
@ -132,7 +132,7 @@ int main(int argc, char *argv)
printf("RTP/AEAD-AES-128-GCM Encrypt - PASS\n");
payload.len = 54;
payload.s = working + 12;
payload.s = (char *) working + 12;
rc = crypto_decrypt_rtp(&ctx, (struct rtp_header *)working,
&payload,
@ -145,7 +145,7 @@ int main(int argc, char *argv)
// RTCP
memcpy(working, srtcp_pt, 52);
payload.len = 44;
payload.s = working + 8;
payload.s = (char *) working + 8;
rc = crypto_encrypt_rtcp(&ctx, (struct rtcp_packet *)working,
&payload,
@ -155,7 +155,7 @@ int main(int argc, char *argv)
printf("RTCP/AEAD-AES-128-GCM Encrypt - PASS\n");
payload.len = 60;
payload.s = working + 8;
payload.s = (char *) working + 8;
rc = crypto_decrypt_rtcp(&ctx, (struct rtcp_packet *)working,
&payload,
@ -179,7 +179,7 @@ int main(int argc, char *argv)
memcpy(working, srtp_pt, 50);
payload.len = 38;
payload.s = working + 12;
payload.s = (char *) working + 12;
rc = crypto_encrypt_rtp(&ctx, (struct rtp_header *)working,
&payload,
@ -189,7 +189,7 @@ int main(int argc, char *argv)
printf("RTP/AEAD-AES-256-GCM Encrypt - PASS\n");
payload.len = 54;
payload.s = working + 12;
payload.s = (char *) working + 12;
rc = crypto_decrypt_rtp(&ctx, (struct rtp_header *)working,
&payload,
@ -201,7 +201,7 @@ int main(int argc, char *argv)
// RTCP
memcpy(working, srtcp_pt, 52);
payload.len = 44;
payload.s = working + 8;
payload.s = (char *) working + 8;
rc = crypto_encrypt_rtcp(&ctx, (struct rtcp_packet *)working,
&payload,
@ -211,7 +211,7 @@ int main(int argc, char *argv)
printf("RTCP/AEAD-AES-256-GCM Encrypt - PASS\n");
payload.len = 60;
payload.s = working + 8;
payload.s = (char *) working + 8;
rc = crypto_decrypt_rtcp(&ctx, (struct rtcp_packet *)working,
&payload,


+ 1752
- 4067
t/auto-daemon-tests-reorder.pl
File diff suppressed because it is too large
View File


+ 178
- 118
t/auto-daemon-tests.pl View File

@ -3981,10 +3981,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=setup:actpass
a=fingerprint:sha-1 FINGERPRINT
SDP
@ -4024,10 +4026,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=setup:actpass
a=fingerprint:sha-1 FINGERPRINT
SDP
@ -4073,10 +4077,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('stray answer protocol changes, default', {
@ -4148,10 +4154,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('stray answer protocol changes, proto accept', {
@ -4224,10 +4232,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('stray answer protocol changes, proto accept', {
@ -4595,10 +4605,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=setup:actpass
a=fingerprint:sha-1 FINGERPRINT
a=ptime:20
@ -4711,10 +4723,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=setup:actpass
a=fingerprint:sha-1 FINGERPRINT
a=ptime:20
@ -4842,10 +4856,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=ptime:20
SDP
@ -4936,10 +4952,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=ptime:20
SDP
@ -5034,10 +5052,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=ptime:20
SDP
@ -5094,10 +5114,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=ptime:20
SDP
@ -5331,10 +5353,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
($port_b, undef, $srtp_key_b) = answer('reg SRTP offer, accept, diff suite',
@ -5416,10 +5440,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
($port_b) = answer('OSRTP offer, accept, same suite',
@ -5489,10 +5515,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
($port_b, undef, $srtp_key_b) = answer('OSRTP offer, accept, diff suite',
@ -5571,10 +5599,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
($port_b) = answer('OSRTP offer, reject',
@ -5633,10 +5663,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
($port_b, undef, $srtp_key_a) = answer('OSRTP offer, reject w/ accept flag',
@ -5706,10 +5738,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
($port_b) = answer('non-OSRTP offer with offer flag, accept',
@ -5779,10 +5813,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
($port_b) = answer('non-OSRTP offer with offer flag and protocol, accept',
@ -5853,10 +5889,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
($port_b) = answer('non-OSRTP offer with offer flag, reject',
@ -6040,10 +6078,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192|2^31
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192|2^31
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256|2^31
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256|2^31
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128|2^31
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128|2^31
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128|2^31
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128|2^31
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S|2^31
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S|2^31
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128|2^31
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128|2^31
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128|2^31
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128|2^31
SDP
@ -7498,10 +7538,12 @@ a=crypto:5 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192=
a=crypto:6 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192=
a=crypto:7 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256==
a=crypto:8 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256==
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 AEAD_AES_128_GCM inline:CRYPTO128S==
a=crypto:10 AEAD_AES_256_GCM inline:CRYPTO256S=
a=crypto:11 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:13 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:14 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
($port_b) = answer('gh829 control',
@ -7573,10 +7615,12 @@ a=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:Qk0TvVeyfqfjFd/YebnyyklqSEhJntpVKV1KAh
a=crypto:4 AES_CM_128_HMAC_SHA1_32 inline:Kl3GFJ5Gqz5x07xYkoyHODkVkSpiplZnXsQIw+Q?
a=crypto:5 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192=
a=crypto:6 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192=
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S==
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S=
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
($port_b) = answer('gh829',
@ -9102,10 +9146,12 @@ a=crypto:3 AES_256_CM_HMAC_SHA1_80 inline:8AbZePWwsKhLGX3GlXA+yHYPQ3cgraer/9DkFJ
a=crypto:4 AES_256_CM_HMAC_SHA1_32 inline:2GLk3p/csdno4KlGO1TxCVaEt+bifmDlQ5NjnCb5cJYPURiGRSTBEtEq37db8?
a=crypto:5 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:6 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('gh 661 plain', { ICE => 'remove' }, <<SDP);
@ -9160,9 +9206,11 @@ a=crypto:3 AES_256_CM_HMAC_SHA1_80 inline:8AbZePWwsKhLGX3GlXA+yHYPQ3cgraer/9DkFJ
a=crypto:4 AES_256_CM_HMAC_SHA1_32 inline:2GLk3p/csdno4KlGO1TxCVaEt+bifmDlQ5NjnCb5cJYPURiGRSTBEtEq37db8?
a=crypto:5 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:6 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:7 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:8 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('gh 661 suppress one', { ICE => 'remove' }, <<SDP);
@ -9216,10 +9264,12 @@ a=crypto:3 AES_256_CM_HMAC_SHA1_80 inline:8AbZePWwsKhLGX3GlXA+yHYPQ3cgraer/9DkFJ
a=crypto:4 AES_256_CM_HMAC_SHA1_32 inline:2GLk3p/csdno4KlGO1TxCVaEt+bifmDlQ5NjnCb5cJYPURiGRSTBEtEq37db8?
a=crypto:5 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:6 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('gh 661 remove one', { ICE => 'remove' }, <<SDP);
@ -9273,10 +9323,12 @@ a=crypto:3 AES_256_CM_HMAC_SHA1_80 inline:8AbZePWwsKhLGX3GlXA+yHYPQ3cgraer/9DkFJ
a=crypto:4 AES_256_CM_HMAC_SHA1_32 inline:2GLk3p/csdno4KlGO1TxCVaEt+bifmDlQ5NjnCb5cJYPURiGRSTBEtEq37db8?
a=crypto:5 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:6 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('gh 661 remove first', { ICE => 'remove' }, <<SDP);
@ -9470,10 +9522,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('gh 661 plain from RTP', { ICE => 'remove' }, <<SDP);
@ -9523,9 +9577,11 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:8 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('gh 661 from RTP suppress one', { ICE => 'remove' }, <<SDP);
@ -9574,10 +9630,12 @@ a=crypto:2 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:3 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:4 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:5 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:6 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:7 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:8 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:6 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:7 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:8 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:9 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('gh 661 from RTP suppress first', { ICE => 'remove' }, <<SDP);
@ -10326,10 +10384,12 @@ a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CRYPTO192
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:CRYPTO192
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:CRYPTO256
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:CRYPTO256
a=crypto:7 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:8 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:9 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 NULL_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:7 AEAD_AES_128_GCM inline:CRYPTO128S
a=crypto:8 AEAD_AES_256_GCM inline:CRYPTO256S
a=crypto:9 F8_128_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:10 F8_128_HMAC_SHA1_32 inline:CRYPTO128
a=crypto:11 NULL_HMAC_SHA1_80 inline:CRYPTO128
a=crypto:12 NULL_HMAC_SHA1_32 inline:CRYPTO128
SDP
answer('media playback, SRTP', { replace => ['origin'] }, <<SDP);


Write Preview
Loading…
Cancel
Save