search

juberti / cryptex

IETF Internet-Draft for Completely Encrypting RTP Header Extensions and Contributing Sources
Other
3 stars 4 forks source link

Tracking bug for libsrtp update for cryptex #5

Open juberti opened 4 years ago

juberti commented 4 years ago

@murillo128 has volunteered

murillo128 commented 3 years ago

work is happening here: https://github.com/murillo128/libsrtp/tree/cryptex

murillo128 commented 3 years ago

I have created a PR on libsrtp so we can do an early review of the code and get feedback as soon as possible on the design.

The PR adds a new attribute on the libsrtp policy use_cryptex which controls when cryptex is used on srtp_protect. For srtp_unprotect the 0xc0de and 0xc2de values of the define by profile attribute of the header extension is used for checking if cryptex has to be applied or not.

The code replaces the defined by profile in protect and unprotect so the application only needs to set the use_cryptex=true and no other modification is required. In case that the csrcs are set but the x bit is not set, the library returns an error as there might not be enough extra space in the buffer to add the empty header, it would be the app responsability to add it. I think using csrcs but no header extensions would be quite rare so I think it is the best tradeoff.

The modified code passes the previous tests so I hope there are no regressions when cryptex is not enabled, but I have not added any test for the new code yet as I am not sure where is the best way to add the tests for cryptex, @fluffy can you advise please?

JonathanLennox commented 3 years ago

I have an implementation for the jitsi-srtp library at https://github.com/jitsi/jitsi-srtp/pull/29 . We should generate some test vectors so we can confirm interop...

murillo128 commented 3 years ago

that would be awesome.

I would say that we need to do one set for aead and non-aead suites, and each should cover at least

JonathanLennox commented 3 years ago

I've added a bunch of test packets to my jitsi-srtp PR -- do you want to try to test them against libsrtp and see if your implementation agrees?

murillo128 commented 3 years ago

sure, will do it this sunday

murillo128 commented 3 years ago

I have fixed the AAD issue and added test with the same tests vectors as you have on your jitsi PR. Everything seems to be working fine.

I will send a PR for adding them to the spec.

juberti commented 2 years ago

See https://github.com/cisco/libsrtp/pull/511 (still open)