In tandem, we must deprecate (but not rename) the old encryption modes in CryptoMode (Normal, Suffix, Lite) -- this change should be non-breaking if executed correctly. aead_aes256_gcm_rtpsize should be the new default choice.
There is one non-trivial part of this, which is that the new encryption modes finally treat RTP correctly, and are compliant with the SRTP spec. From what I recall, this places extension headers into the plaintext segment and moves the auth tag formally into the RTP body segment instead of interposed between the RTP header and its extensions. Supporting both modes will be finicky but otherwise doable.
We have a (sudden) deadline of November 18th to implement Discord's new encryption modes for voice:
In tandem, we must deprecate (but not rename) the old encryption modes in
CryptoMode(Normal,Suffix,Lite) -- this change should be non-breaking if executed correctly.aead_aes256_gcm_rtpsizeshould be the new default choice.There is one non-trivial part of this, which is that the new encryption modes finally treat RTP correctly, and are compliant with the SRTP spec. From what I recall, this places extension headers into the plaintext segment and moves the auth tag formally into the RTP body segment instead of interposed between the RTP header and its extensions. Supporting both modes will be finicky but otherwise doable.
Relevant RFCs: