FS-5937 --resolve

Makefile.am

@@ -652,13 +652,14 @@ pristine:
 	git clean -fdx
 	git reset --hard
 
-update-clean: clean libs/openzap/Makefile python-reconf lua-reconf spandsp-reconf
+update-clean: clean libs/openzap/Makefile python-reconf lua-reconf spandsp-reconf srtp-reconf
 	cd libs/sofia-sip && $(MAKE) clean
 	cd libs/openzap && $(MAKE) clean
 	cd libs/portaudio && $(MAKE) clean
 	cd libs/speex && $(MAKE) clean
 	cd libs/esl && $(MAKE) clean
 	cd libs/sqlite && $(MAKE) clean
+	cd libs/srtp && $(MAKE) clean
 
 swigall:
 	@echo reswigging all
@@ -688,6 +689,10 @@ pa-reconf:
 	cd libs/portaudio && sh ./configure.gnu
 	$(MAKE) mod_portaudio-clean
 
+srtp-reconf:
+	cd libs/srtp && $(MAKE) clean
+	cd libs/srtp && sh ./configure.gnu
+
 oz-reconf:
 	cd libs/openzap && $(MAKE) clean
 	cd libs/openzap && autoreconf -fi

src/include/switch_rtp.h

@@ -50,6 +50,7 @@ SWITCH_BEGIN_EXTERN_C
 #define SWITCH_RTP_KEY_LEN 30
 #define SWITCH_RTP_CRYPTO_KEY_32 "AES_CM_128_HMAC_SHA1_32"
 #define SWITCH_RTP_CRYPTO_KEY_80 "AES_CM_128_HMAC_SHA1_80"
+#define SWITCH_RTP_CRYPTO_KEY_8 "AES_GCM_128_8"
 	typedef enum {
 	SWITCH_RTP_CRYPTO_SEND,
 	SWITCH_RTP_CRYPTO_RECV,
@@ -63,6 +64,9 @@ typedef enum {
 	AES_CM_128_HMAC_SHA1_80,
 	AES_CM_128_HMAC_SHA1_32,
 	AES_CM_256_HMAC_SHA1_80,
+	AES_CM_192_HMAC_SHA1_80,
+	AES_GCM_256_8,
+	AES_GCM_128_8,
 	AES_CM_128_NULL_AUTH
 } switch_rtp_crypto_key_type_t;
 

src/switch_core_media.c

@@ -824,6 +824,14 @@ static switch_status_t switch_core_media_build_crypto(switch_media_handle_t *smh
 
 	if (ctype == AES_CM_128_HMAC_SHA1_80) {
 		type_str = SWITCH_RTP_CRYPTO_KEY_80;
+	} else if (ctype == AES_GCM_256_8) {
+		type_str = SWITCH_RTP_CRYPTO_KEY_8;
+	} else if (ctype == AES_GCM_128_8) {
+		type_str = SWITCH_RTP_CRYPTO_KEY_8;
+	} else if (ctype == AES_CM_256_HMAC_SHA1_80) {
+		type_str = SWITCH_RTP_CRYPTO_KEY_80;
+	} else if (ctype == AES_CM_192_HMAC_SHA1_80) {
+		type_str = SWITCH_RTP_CRYPTO_KEY_80;
 	} else {
 		type_str = SWITCH_RTP_CRYPTO_KEY_32;
 	}
@@ -893,6 +901,8 @@ switch_status_t switch_core_media_add_crypto(switch_secure_settings_t *ssec, con
 			type = AES_CM_128_HMAC_SHA1_32;
 		} else if (!strncasecmp(p, SWITCH_RTP_CRYPTO_KEY_80, strlen(SWITCH_RTP_CRYPTO_KEY_80))) {
 			type = AES_CM_128_HMAC_SHA1_80;
+		} else if (!strncasecmp(p, SWITCH_RTP_CRYPTO_KEY_8, strlen(SWITCH_RTP_CRYPTO_KEY_8))) {
+			type = AES_GCM_128_8;
 		} else {
 			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Parse Error near [%s]\n", p);
 			goto bad;
@@ -1037,6 +1047,11 @@ SWITCH_DECLARE(int) switch_core_session_check_incoming_crypto(switch_core_sessio
 					switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 1);
 					switch_rtp_add_crypto_key(engine->rtp_session, SWITCH_RTP_CRYPTO_SEND, atoi(crypto), engine->ssec.crypto_type,
 											  engine->ssec.local_raw_key, SWITCH_RTP_KEY_LEN);
+				} else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_8, crypto)) {
+					switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_8);
+					switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_GCM_128_8, SWITCH_RTP_CRYPTO_SEND, 1);
+					switch_rtp_add_crypto_key(engine->rtp_session, SWITCH_RTP_CRYPTO_SEND, atoi(crypto), engine->ssec.crypto_type,
+											  engine->ssec.local_raw_key, SWITCH_RTP_KEY_LEN);
 				} else {
 					switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "Crypto Setup Failed!.\n");
 				}
@@ -1073,6 +1088,9 @@ SWITCH_DECLARE(int) switch_core_session_check_incoming_crypto(switch_core_sessio
 			} else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_80, crypto)) {
 				switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_80);
 				switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 1);
+			} else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_8, crypto)) {
+				switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_8);
+				switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_GCM_128_8, SWITCH_RTP_CRYPTO_SEND, 1);
 			} else {
 				switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "Crypto Setup Failed!.\n");
 			}
@@ -1106,6 +1124,12 @@ SWITCH_DECLARE(void) switch_core_session_check_outgoing_crypto(switch_core_sessi
 										   SWITCH_MEDIA_TYPE_AUDIO, 1, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 0);
 			switch_core_media_build_crypto(session->media_handle,
 										   SWITCH_MEDIA_TYPE_VIDEO, 1, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 0);
+		} else if (!strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_8)) {
+			switch_channel_set_flag(channel, CF_SECURE);
+			switch_core_media_build_crypto(session->media_handle,
+										   SWITCH_MEDIA_TYPE_AUDIO, 1, AES_GCM_128_8, SWITCH_RTP_CRYPTO_SEND, 0);
+			switch_core_media_build_crypto(session->media_handle,
+										   SWITCH_MEDIA_TYPE_VIDEO, 1, AES_GCM_128_8, SWITCH_RTP_CRYPTO_SEND, 0);
 		}
 	}
 	

src/switch_rtp.c

@@ -3049,6 +3049,24 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_crypto_key(switch_rtp_t *rtp_sess
 		}
 		break;
 
+	case AES_GCM_256_8:
+		crypto_policy_set_aes_gcm_256_8_auth(&policy->rtp);
+		crypto_policy_set_aes_gcm_256_8_auth(&policy->rtcp);
+
+		if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) {
+			switch_channel_set_variable(channel, "rtp_has_crypto", "AES_GCM_256_8");
+		}
+		break;
+
+	case AES_GCM_128_8:
+		crypto_policy_set_aes_gcm_128_8_auth(&policy->rtp);
+		crypto_policy_set_aes_gcm_128_8_auth(&policy->rtcp);
+
+		if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) {
+			switch_channel_set_variable(channel, "rtp_has_crypto", "AES_GCM_128_8");
+		}
+		break;
+
 	case AES_CM_256_HMAC_SHA1_80:
 		crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy->rtp);
 		crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy->rtcp);