This commit resolves issue #46. The GCM mode was using the wrong master SALT length. The master SALT should be 96 bits instead of 112 bits. Note, GCM mode uses the legacy CTR mode for the KDF. The legagacy CTR mode cipher implementations assume a 112 bit SALT. Changes to the cipher abstraction layer API are required to provide the ability to specify the SALT length. For now this commit modifies the SRTP layer to ensure the SALT is zero-appended before initializing the KDF. This commit also provides public definitions for the GCM cipher suite master key sizes to avoid confusion for application developers.

2025-08-13 01:26:58 +00:00 · 2014-04-08 09:15:49 -04:00
parent 7bc92a11af
commit a31491d5b6
8 changed files with 65 additions and 43 deletions
--- a/libs/srtp/include/srtp.h
+++ b/libs/srtp/include/srtp.h
@@ -94,6 +94,10 @@ extern "C" {
 * as part of the IV formation logic applied to each RTP packet.
 */
 #define SRTP_AEAD_SALT_LEN	12
+#define AES_128_GCM_KEYSIZE_WSALT   SRTP_AEAD_SALT_LEN + 16
+#define AES_192_GCM_KEYSIZE_WSALT   SRTP_AEAD_SALT_LEN + 24
+#define AES_256_GCM_KEYSIZE_WSALT   SRTP_AEAD_SALT_LEN + 32
+

 /* 
 * nota bene: since libSRTP doesn't support the use of the MKI, the