mikey: add different key length parameters

Add encryption and authentication key length parameters to MIKEY. For
the encoders, the key lengths are obtained from the cipher and auth
algorithms set in the caps. For the decoders, they are obtained while
parsing the key management from the client.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=730472

diff --git a/gst/rtsp-server/rtsp-client.c b/gst/rtsp-server/rtsp-client.c
index cf79bda..3cbe67e 100644 (file)
--- a/gst/rtsp-server/rtsp-client.c
+++ b/gst/rtsp-server/rtsp-client.c
@@ -1545,6 +1545,18 @@ mikey_apply_policy (GstCaps * caps, GstMIKEYMessage * msg, guint8 policy)
               break;
           }
           break;
+        case GST_MIKEY_SP_SRTP_ENC_KEY_LEN:
+          switch (param->val[0]) {
+            case AES_128_KEY_LEN:
+              srtp_cipher = "aes-128-icm";
+              break;
+            case AES_256_KEY_LEN:
+              srtp_cipher = "aes-256-icm";
+              break;
+            default:
+              break;
+          }
+          break;
         case GST_MIKEY_SP_SRTP_AUTH_ALG:
           switch (param->val[0]) {
             case 0:
@@ -1558,6 +1570,18 @@ mikey_apply_policy (GstCaps * caps, GstMIKEYMessage * msg, guint8 policy)
               break;
           }
           break;
+        case GST_MIKEY_SP_SRTP_AUTH_KEY_LEN:
+          switch (param->val[0]) {
+            case HMAC_32_KEY_LEN:
+              srtp_auth = "hmac-sha1-32";
+              break;
+            case HMAC_80_KEY_LEN:
+              srtp_auth = "hmac-sha1-80";
+              break;
+            default:
+              break;
+          }
+          break;
         case GST_MIKEY_SP_SRTP_SRTP_ENC:
           break;
         case GST_MIKEY_SP_SRTP_SRTCP_ENC:

diff --git a/gst/rtsp-server/rtsp-sdp.c b/gst/rtsp-server/rtsp-sdp.c
index 13af74d..c4e74a3 100644 (file)
--- a/gst/rtsp-server/rtsp-sdp.c
+++ b/gst/rtsp-server/rtsp-sdp.c
@@ -72,6 +72,32 @@ update_sdp_from_tags (GstRTSPStream * stream, GstSDPMedia * stream_media)
   gst_object_unref (src_pad);
 }
 
+static guint8
+enc_key_length_from_cipher_name (const gchar * cipher)
+{
+  if (g_strcmp0 (cipher, "aes-128-icm") == 0)
+    return AES_128_KEY_LEN;
+  else if (g_strcmp0 (cipher, "aes-256-icm") == 0)
+    return AES_256_KEY_LEN;
+  else {
+    GST_ERROR ("encryption algorithm '%s' not supported", cipher);
+    return 0;
+  }
+}
+
+static guint8
+auth_key_length_from_auth_name (const gchar * auth)
+{
+  if (g_strcmp0 (auth, "hmac-sha1-32") == 0)
+    return HMAC_32_KEY_LEN;
+  else if (g_strcmp0 (auth, "hmac-sha1-80") == 0)
+    return HMAC_80_KEY_LEN;
+  else {
+    GST_ERROR ("authentication algorithm '%s' not supported", auth);
+    return 0;
+  }
+}
+
 static void
 make_media (GstSDPMessage * sdp, GstSDPInfo * info, GstRTSPMedia * media,
     GstRTSPStream * stream, GstStructure * s, GstRTSPProfile profile)
@@ -226,9 +252,17 @@ make_media (GstSDPMessage * sdp, GstSDPInfo * info, GstRTSPMedia * media,
     byte = 1;
     gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_ENC_ALG, 1,
         &byte);
+    /* Encryption key length */
+    byte = enc_key_length_from_cipher_name (srtpcipher);
+    gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_ENC_KEY_LEN, 1,
+        &byte);
     /* only HMAC-SHA1 */
     gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_AUTH_ALG, 1,
         &byte);
+    /* Authentication key length */
+    byte = auth_key_length_from_auth_name (srtpauth);
+    gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_AUTH_KEY_LEN, 1,
+        &byte);
     /* we enable encryption on RTP and RTCP */
     gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_SRTP_ENC, 1,
         &byte);

diff --git a/gst/rtsp-server/rtsp-sdp.h b/gst/rtsp-server/rtsp-sdp.h
index 7732f36..d0783a7 100644 (file)
--- a/gst/rtsp-server/rtsp-sdp.h
+++ b/gst/rtsp-server/rtsp-sdp.h
@@ -27,6 +27,12 @@
 
 G_BEGIN_DECLS
 
+#define AES_128_KEY_LEN 16
+#define AES_256_KEY_LEN 32
+
+#define HMAC_32_KEY_LEN 4
+#define HMAC_80_KEY_LEN 10
+
 typedef struct {
   gboolean is_ipv6;
   const gchar *server_ip;