@@ -8,7 +8,6 @@ use util::marshal::*;
8
8
use super :: { Cipher , CipherInner } ;
9
9
use crate :: error:: { Error , Result } ;
10
10
use crate :: key_derivation:: * ;
11
- use crate :: protection_profile:: ProtectionProfile ;
12
11
13
12
type Aes128Ctr = ctr:: Ctr128BE < aes:: Aes128 > ;
14
13
@@ -19,8 +18,8 @@ pub(crate) struct CipherAesCmHmacSha1 {
19
18
}
20
19
21
20
impl CipherAesCmHmacSha1 {
22
- pub fn new ( profile : ProtectionProfile , master_key : & [ u8 ] , master_salt : & [ u8 ] ) -> Result < Self > {
23
- let inner = CipherInner :: new ( profile , master_key, master_salt) ?;
21
+ pub fn new ( master_key : & [ u8 ] , master_salt : & [ u8 ] ) -> Result < Self > {
22
+ let inner = CipherInner :: new ( master_key, master_salt) ?;
24
23
25
24
let srtp_session_key = aes_cm_key_derivation (
26
25
LABEL_SRTP_ENCRYPTION ,
@@ -46,19 +45,8 @@ impl CipherAesCmHmacSha1 {
46
45
}
47
46
48
47
impl Cipher for CipherAesCmHmacSha1 {
49
- /// Get RTP authenticated tag length.
50
- fn rtp_auth_tag_len ( & self ) -> usize {
51
- self . inner . profile . rtp_auth_tag_len ( )
52
- }
53
-
54
- /// Get RTCP authenticated tag length.
55
- fn rtcp_auth_tag_len ( & self ) -> usize {
56
- self . inner . profile . rtcp_auth_tag_len ( )
57
- }
58
-
59
- /// Get AEAD auth key length of the cipher.
60
- fn aead_auth_tag_len ( & self ) -> usize {
61
- self . inner . profile . aead_auth_tag_len ( )
48
+ fn auth_tag_len ( & self ) -> usize {
49
+ self . inner . auth_tag_len ( )
62
50
}
63
51
64
52
fn get_rtcp_index ( & self , input : & [ u8 ] ) -> usize {
@@ -71,7 +59,7 @@ impl Cipher for CipherAesCmHmacSha1 {
71
59
header : & rtp:: header:: Header ,
72
60
roc : u32 ,
73
61
) -> Result < Bytes > {
74
- let mut writer = Vec :: with_capacity ( plaintext. len ( ) + self . rtp_auth_tag_len ( ) ) ;
62
+ let mut writer = Vec :: with_capacity ( plaintext. len ( ) + self . auth_tag_len ( ) ) ;
75
63
76
64
// Write the plaintext to the destination buffer.
77
65
writer. extend_from_slice ( plaintext) ;
@@ -89,7 +77,7 @@ impl Cipher for CipherAesCmHmacSha1 {
89
77
stream. apply_keystream ( & mut writer[ header. marshal_size ( ) ..] ) ;
90
78
91
79
// Generate the auth tag.
92
- let auth_tag = & self . inner . generate_srtp_auth_tag ( & writer, roc) [ ..self . rtp_auth_tag_len ( ) ] ;
80
+ let auth_tag = & self . inner . generate_srtp_auth_tag ( & writer, roc) [ ..self . auth_tag_len ( ) ] ;
93
81
writer. extend ( auth_tag) ;
94
82
95
83
Ok ( Bytes :: from ( writer) )
@@ -102,19 +90,19 @@ impl Cipher for CipherAesCmHmacSha1 {
102
90
roc : u32 ,
103
91
) -> Result < Bytes > {
104
92
let encrypted_len = encrypted. len ( ) ;
105
- if encrypted_len < self . rtp_auth_tag_len ( ) {
106
- return Err ( Error :: SrtpTooSmall ( encrypted_len, self . rtp_auth_tag_len ( ) ) ) ;
93
+ if encrypted_len < self . auth_tag_len ( ) {
94
+ return Err ( Error :: SrtpTooSmall ( encrypted_len, self . auth_tag_len ( ) ) ) ;
107
95
}
108
96
109
- let mut writer = Vec :: with_capacity ( encrypted_len - self . rtp_auth_tag_len ( ) ) ;
97
+ let mut writer = Vec :: with_capacity ( encrypted_len - self . auth_tag_len ( ) ) ;
110
98
111
99
// Split the auth tag and the cipher text into two parts.
112
- let actual_tag = & encrypted[ encrypted_len - self . rtp_auth_tag_len ( ) ..] ;
113
- let cipher_text = & encrypted[ ..encrypted_len - self . rtp_auth_tag_len ( ) ] ;
100
+ let actual_tag = & encrypted[ encrypted_len - self . auth_tag_len ( ) ..] ;
101
+ let cipher_text = & encrypted[ ..encrypted_len - self . auth_tag_len ( ) ] ;
114
102
115
103
// Generate the auth tag we expect to see from the ciphertext.
116
104
let expected_tag =
117
- & self . inner . generate_srtp_auth_tag ( cipher_text, roc) [ ..self . rtp_auth_tag_len ( ) ] ;
105
+ & self . inner . generate_srtp_auth_tag ( cipher_text, roc) [ ..self . auth_tag_len ( ) ] ;
118
106
119
107
// See if the auth tag actually matches.
120
108
// We use a constant time comparison to prevent timing attacks.
@@ -144,7 +132,7 @@ impl Cipher for CipherAesCmHmacSha1 {
144
132
145
133
fn encrypt_rtcp ( & mut self , decrypted : & [ u8 ] , srtcp_index : usize , ssrc : u32 ) -> Result < Bytes > {
146
134
let mut writer =
147
- Vec :: with_capacity ( decrypted. len ( ) + SRTCP_INDEX_SIZE + self . rtcp_auth_tag_len ( ) ) ;
135
+ Vec :: with_capacity ( decrypted. len ( ) + SRTCP_INDEX_SIZE + self . auth_tag_len ( ) ) ;
148
136
149
137
// Write the decrypted to the destination buffer.
150
138
writer. extend_from_slice ( decrypted) ;
@@ -167,22 +155,22 @@ impl Cipher for CipherAesCmHmacSha1 {
167
155
writer. put_u32 ( srtcp_index as u32 | ( 1u32 << 31 ) ) ;
168
156
169
157
// Generate the auth tag.
170
- let auth_tag = & self . inner . generate_srtcp_auth_tag ( & writer) [ ..self . rtcp_auth_tag_len ( ) ] ;
158
+ let auth_tag = & self . inner . generate_srtcp_auth_tag ( & writer) [ ..self . auth_tag_len ( ) ] ;
171
159
writer. extend ( auth_tag) ;
172
160
173
161
Ok ( Bytes :: from ( writer) )
174
162
}
175
163
176
164
fn decrypt_rtcp ( & mut self , encrypted : & [ u8 ] , srtcp_index : usize , ssrc : u32 ) -> Result < Bytes > {
177
165
let encrypted_len = encrypted. len ( ) ;
178
- if encrypted_len < self . rtcp_auth_tag_len ( ) + SRTCP_INDEX_SIZE {
166
+ if encrypted_len < self . auth_tag_len ( ) + SRTCP_INDEX_SIZE {
179
167
return Err ( Error :: SrtcpTooSmall (
180
168
encrypted_len,
181
- self . rtcp_auth_tag_len ( ) + SRTCP_INDEX_SIZE ,
169
+ self . auth_tag_len ( ) + SRTCP_INDEX_SIZE ,
182
170
) ) ;
183
171
}
184
172
185
- let tail_offset = encrypted_len - ( self . rtcp_auth_tag_len ( ) + SRTCP_INDEX_SIZE ) ;
173
+ let tail_offset = encrypted_len - ( self . auth_tag_len ( ) + SRTCP_INDEX_SIZE ) ;
186
174
if tail_offset < 8 {
187
175
return Err ( Error :: ErrTooShortRtcp ) ;
188
176
}
@@ -197,18 +185,18 @@ impl Cipher for CipherAesCmHmacSha1 {
197
185
}
198
186
199
187
// Split the auth tag and the cipher text into two parts.
200
- let actual_tag = & encrypted[ encrypted_len - self . rtcp_auth_tag_len ( ) ..] ;
201
- if actual_tag. len ( ) != self . rtcp_auth_tag_len ( ) {
188
+ let actual_tag = & encrypted[ encrypted_len - self . auth_tag_len ( ) ..] ;
189
+ if actual_tag. len ( ) != self . auth_tag_len ( ) {
202
190
return Err ( Error :: RtcpInvalidLengthAuthTag (
203
191
actual_tag. len ( ) ,
204
- self . rtcp_auth_tag_len ( ) ,
192
+ self . auth_tag_len ( ) ,
205
193
) ) ;
206
194
}
207
195
208
- let cipher_text = & encrypted[ ..encrypted_len - self . rtcp_auth_tag_len ( ) ] ;
196
+ let cipher_text = & encrypted[ ..encrypted_len - self . auth_tag_len ( ) ] ;
209
197
210
198
// Generate the auth tag we expect to see from the ciphertext.
211
- let expected_tag = & self . inner . generate_srtcp_auth_tag ( cipher_text) [ ..self . rtcp_auth_tag_len ( ) ] ;
199
+ let expected_tag = & self . inner . generate_srtcp_auth_tag ( cipher_text) [ ..self . auth_tag_len ( ) ] ;
212
200
213
201
// See if the auth tag actually matches.
214
202
// We use a constant time comparison to prevent timing attacks.
0 commit comments