Open juberti opened 4 years ago
work is happening here: https://github.com/murillo128/libsrtp/tree/cryptex
I have created a PR on libsrtp so we can do an early review of the code and get feedback as soon as possible on the design.
The PR adds a new attribute on the libsrtp policy use_cryptex
which controls when cryptex is used on srtp_protect
. For srtp_unprotect
the 0xc0de
and 0xc2de
values of the define by profile attribute of the header extension is used for checking if cryptex has to be applied or not.
The code replaces the defined by profile in protect and unprotect so the application only needs to set the use_cryptex=true
and no other modification is required. In case that the csrcs
are set but the x
bit is not set, the library returns an error as there might not be enough extra space in the buffer to add the empty header, it would be the app responsability to add it. I think using csrcs but no header extensions would be quite rare so I think it is the best tradeoff.
The modified code passes the previous tests so I hope there are no regressions when cryptex is not enabled, but I have not added any test for the new code yet as I am not sure where is the best way to add the tests for cryptex, @fluffy can you advise please?
I have an implementation for the jitsi-srtp library at https://github.com/jitsi/jitsi-srtp/pull/29 . We should generate some test vectors so we can confirm interop...
that would be awesome.
I would say that we need to do one set for aead and non-aead suites, and each should cover at least
I've added a bunch of test packets to my jitsi-srtp PR -- do you want to try to test them against libsrtp and see if your implementation agrees?
sure, will do it this sunday
I have fixed the AAD issue and added test with the same tests vectors as you have on your jitsi PR. Everything seems to be working fine.
I will send a PR for adding them to the spec.
See https://github.com/cisco/libsrtp/pull/511 (still open)
@murillo128 has volunteered