Skip to content

Fix srtp_unprotect_rtcp_mki when RTP auth != RTCP #737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 11, 2024
Merged

Fix srtp_unprotect_rtcp_mki when RTP auth != RTCP #737

merged 1 commit into from
Dec 11, 2024

Conversation

@pabuhler
Copy link
Member

@pabuhler pabuhler commented Dec 11, 2024

srtp_get_session_keys, which is used by both srtp_unprotect_mki and srtp_unprotect_rtcp_mki, determines the tag len from rtp_auth.

This fails when rtp_auth differ from rtcp_auth. E.g. when SRTP is used with weak authentication but SRTCP must not (RFC 3711).

This commit splits the function in two:
srtp_get_session_keys_rtp
srtp_get_session_keys_rtcp

And adds a short auth policy test to test/srtp_driver.

(cherry picked from commit 63a19f4)

Cherry picked from #733

@vopatek @pabuhler
Fix srtp_unprotect_rtcp_mki when RTP auth != RTCP
d7ed43a 
srtp_get_session_keys, which is used by both srtp_unprotect_mki and
srtp_unprotect_rtcp_mki, determines the tag len from rtp_auth.

This fails when rtp_auth differ from rtcp_auth. E.g. when SRTP is used
with weak authentication but SRTCP must not (RFC 3711).

This commit splits the function in two:
srtp_get_session_keys_rtp
srtp_get_session_keys_rtcp

And adds a short auth policy test to test/srtp_driver.

(cherry picked from commit 63a19f4)
@pabuhler pabuhler mentioned this pull request Dec 11, 2024
Merged
vopatek
vopatek approved these changes Dec 11, 2024
View reviewed changes
Copy link
Contributor

@vopatek vopatek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thanks!

@pabuhler pabuhler merged commit 7d20c51 into cisco:main Dec 11, 2024
39 checks passed
@pabuhler pabuhler deleted the cherry-pick-pr-773-to-main branch December 11, 2024 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@vopatek vopatek vopatek approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pabuhler @vopatek