diff --git a/sflphone-common/src/audio/audiortp/AudioSrtpSession.cpp b/sflphone-common/src/audio/audiortp/AudioSrtpSession.cpp
index e1579e7f3120af2c258933e9992b15e932fdc52a..4715587ff03b8e153f56aee346dd689468e0b440 100644
--- a/sflphone-common/src/audio/audiortp/AudioSrtpSession.cpp
+++ b/sflphone-common/src/audio/audiortp/AudioSrtpSession.cpp
@@ -45,6 +45,8 @@ namespace sfl
AudioSrtpSession::AudioSrtpSession (ManagerImpl * manager, SIPCall * sipcall) :
ost::SymmetricRTPSession (ost::InetHostAddress (sipcall->getLocalIp().c_str()), sipcall->getLocalAudioPort()),
+ _localCryptoSuite(0),
+ _remoteCryptoSuite(0),
AudioRtpSession<AudioSrtpSession> (manager, sipcall)
{
@@ -68,7 +70,7 @@ std::string AudioSrtpSession::getLocalCryptoInfo() {
// cryptographic context tagged 1, 2, 3...
std::string tag = "1";
- std::string crypto_suite = "AES_CM_128_HMAC_SHA1_32";
+ std::string crypto_suite = sfl::CryptoSuites[_localCryptoSuite].name;
// srtp keys formated as the following as the following
// inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
@@ -104,7 +106,7 @@ void AudioSrtpSession::initializeLocalMasterKey(void)
{
// @TODO key may have different length depending on cipher suite
- _localMasterKeyLength = 16;
+ _localMasterKeyLength = sfl::CryptoSuites[_localCryptoSuite].masterKeyLength / 8;
// Allocate memory for key
unsigned char *random_key = new unsigned char[_localMasterKeyLength];
@@ -130,7 +132,7 @@ void AudioSrtpSession::initializeLocalMasterSalt(void)
{
// @TODO key may have different length depending on cipher suite
- _localMasterSaltLength = 14;
+ _localMasterSaltLength = sfl::CryptoSuites[_localCryptoSuite].masterSaltLength / 8;
// Allocate memory for key
unsigned char *random_key = new unsigned char[_localMasterSaltLength];
@@ -174,8 +176,9 @@ std::string AudioSrtpSession::getBase64ConcatenatedKeys()
void AudioSrtpSession::unBase64ConcatenatedKeys(std::string base64keys)
{
- _remoteMasterKeyLength = 16;
- _remoteMasterSaltLength = 14;
+
+ _remoteMasterKeyLength = sfl::CryptoSuites[1].masterKeyLength / 8;
+ _remoteMasterSaltLength = sfl::CryptoSuites[1].masterSaltLength / 8;
// length of decoded data data
int length;
@@ -203,9 +206,9 @@ void AudioSrtpSession::initializeRemoteCryptoContext(void)
SrtpEncryptionAESCM, // encryption algo
SrtpAuthenticationSha1Hmac, // authtication algo
_remoteMasterKey, // Master Key
- 128 / 8, // Master Key length
+ _remoteMasterKeyLength, // Master Key length
_remoteMasterSalt, // Master Salt
- 112 / 8, // Master Salt length
+ _remoteMasterSaltLength, // Master Salt length
128 / 8, // encryption keyl
160 / 8, // authentication key len
112 / 8, // session salt len
@@ -223,9 +226,9 @@ void AudioSrtpSession::initializeLocalCryptoContext(void)
SrtpEncryptionAESCM, // encryption algo
SrtpAuthenticationSha1Hmac, // authtication algo
_localMasterKey, // Master Key
- 128 / 8, // Master Key length
+ _localMasterKeyLength, // Master Key length
_localMasterSalt, // Master Salt
- 112 / 8, // Master Salt length
+ _localMasterSaltLength, // Master Salt length
128 / 8, // encryption keyl
160 / 8, // authentication key len
112 / 8, // session salt len
diff --git a/sflphone-common/src/audio/audiortp/AudioSrtpSession.h b/sflphone-common/src/audio/audiortp/AudioSrtpSession.h
index 6e90eb957335f3c485287fdb947b91fae818932e..7e94a62baedf636d46dc21f8ee47513ec54e9aa8 100644
--- a/sflphone-common/src/audio/audiortp/AudioSrtpSession.h
+++ b/sflphone-common/src/audio/audiortp/AudioSrtpSession.h
@@ -28,6 +28,30 @@ class SdesNegotiator;
class ManagerImpl;
class SIPCall;
+/*
+ Table from RFC 4568 6.2. Crypto-Suites, which define key parameters for supported
+ cipher suite
+
+ +---------------------+-------------+--------------+---------------+
+ | |AES_CM_128_ | AES_CM_128_ | F8_128_ |
+ | |HMAC_SHA1_80 | HMAC_SHA1_32 | HMAC_SHA1_80 |
+ +---------------------+-------------+--------------+---------------+
+ | Master key length | 128 bits | 128 bits | 128 bits |
+ | Master salt length | 112 bits | 112 bits | 112 bits |
+ | SRTP lifetime | 2^48 packets| 2^48 packets | 2^48 packets |
+ | SRTCP lifetime | 2^31 packets| 2^31 packets | 2^31 packets |
+ | Cipher | AES Counter | AES Counter | AES F8 Mode |
+ | | Mode | Mode | |
+ | Encryption key | 128 bits | 128 bits | 128 bits |
+ | MAC | HMAC-SHA1 | HMAC-SHA1 | HMAC-SHA1 |
+ | SRTP auth. tag | 80 bits | 32 bits | 80 bits |
+ | SRTCP auth. tag | 80 bits | 80 bits | 80 bits |
+ | SRTP auth. key len. | 160 bits | 160 bits | 160 bits |
+ | SRTCP auth. key len.| 160 bits | 160 bits | 160 bits |
+ +---------------------+-------------+--------------+---------------+
+*/
+
+
namespace sfl {
class SrtpException: public std::exception
@@ -66,20 +90,30 @@ namespace sfl {
char* decodeBase64(unsigned char *input, int length, int *length_out);
+ /** Default local crypto suite is AES_CM_128_HMAC_SHA1_80*/
+ int _localCryptoSuite;
+
+ /** Remote crypto suite is initialized at AES_CM_128_HMAC_SHA1_80*/
+ int _remoteCryptoSuite;
+
uint8 _localMasterKey[16];
+ /** local master key length in byte */
int _localMasterKeyLength;
uint8 _localMasterSalt[14];
+ /** local master salt length in byte */
int _localMasterSaltLength;
uint8 _remoteMasterKey[16];
+ /** remote master key length in byte */
int _remoteMasterKeyLength;
uint8 _remoteMasterSalt[14];
+ /** remote master salt length in byte */
int _remoteMasterSaltLength;
ost::CryptoContext* _remoteCryptoCtx;
diff --git a/sflphone-common/src/sip/sdp.cpp b/sflphone-common/src/sip/sdp.cpp
index 3d0d25e56b7097ac8ace1461338a838221b6a943..e81b59897827f8c397a9932a0c97fe837912ffac 100644
--- a/sflphone-common/src/sip/sdp.cpp
+++ b/sflphone-common/src/sip/sdp.cpp
@@ -696,6 +696,7 @@ void Sdp::get_remote_sdp_crypto_from_offer (const pjmedia_sdp_session* remote_sd
_debug("****************** Found a Crypto ********************");
std::string attr(attribute->value.ptr, attribute->value.slen);
+
// @TODO our parser require the "acrypto:" to be present
std::string full_attr = "a=crypto:";
full_attr += attr;