|
|
@@ -168,6 +168,8 @@ void DtlsSrtpTransport::incoming(message_ptr message) {
|
|
|
if (srtp_err_status_t err = srtp_unprotect_rtcp(mSrtpIn, message->data(), &size)) {
|
|
|
if (err == srtp_err_status_replay_fail)
|
|
|
PLOG_WARNING << "Incoming SRTCP packet is a replay";
|
|
|
+ else if (err == srtp_err_status_auth_fail)
|
|
|
+ PLOG_WARNING << "Incoming SRTCP packet failed authentication check";
|
|
|
else
|
|
|
PLOG_WARNING << "SRTCP unprotect error, status=" << err;
|
|
|
return;
|
|
|
@@ -178,6 +180,8 @@ void DtlsSrtpTransport::incoming(message_ptr message) {
|
|
|
if (srtp_err_status_t err = srtp_unprotect(mSrtpIn, message->data(), &size)) {
|
|
|
if (err == srtp_err_status_replay_fail)
|
|
|
PLOG_WARNING << "Incoming SRTP packet is a replay";
|
|
|
+ else if (err == srtp_err_status_auth_fail)
|
|
|
+ PLOG_WARNING << "Incoming SRTP packet failed authentication check";
|
|
|
else
|
|
|
PLOG_WARNING << "SRTP unprotect error, status=" << err;
|
|
|
return;
|
|
|
@@ -238,11 +242,11 @@ void DtlsSrtpTransport::postHandshake() {
|
|
|
throw std::runtime_error("Failed to derive SRTP keys: " +
|
|
|
openssl::error_string(ERR_get_error()));
|
|
|
|
|
|
+ // Order is client key, server key, client salt, and server salt
|
|
|
clientKey = material;
|
|
|
- clientSalt = clientKey + SRTP_AES_128_KEY_LEN;
|
|
|
-
|
|
|
- serverKey = material + SRTP_AES_ICM_128_KEY_LEN_WSALT;
|
|
|
- serverSalt = serverKey + SRTP_AES_128_KEY_LEN;
|
|
|
+ serverKey = clientKey + SRTP_AES_128_KEY_LEN;
|
|
|
+ clientSalt = serverKey + SRTP_AES_128_KEY_LEN;
|
|
|
+ serverSalt = clientSalt + SRTP_SALT_LEN;
|
|
|
#endif
|
|
|
|
|
|
unsigned char clientSessionKey[SRTP_AES_ICM_128_KEY_LEN_WSALT];
|
Paul-Louis Ageneau