Merge pull request #151 from paullouisageneau/fix-srtp-key-openssl

Fix SRTP key derivation with OpenSSL

src/dtlssrtptransport.cpp

@@ -168,6 +168,8 @@ void DtlsSrtpTransport::incoming(message_ptr message) {
 			if (srtp_err_status_t err = srtp_unprotect_rtcp(mSrtpIn, message->data(), &size)) {
 				if (err == srtp_err_status_replay_fail)
 					PLOG_WARNING << "Incoming SRTCP packet is a replay";
+				else if (err == srtp_err_status_auth_fail)
+					PLOG_WARNING << "Incoming SRTCP packet failed authentication check";
 				else
 					PLOG_WARNING << "SRTCP unprotect error, status=" << err;
 				return;
@@ -178,6 +180,8 @@ void DtlsSrtpTransport::incoming(message_ptr message) {
 			if (srtp_err_status_t err = srtp_unprotect(mSrtpIn, message->data(), &size)) {
 				if (err == srtp_err_status_replay_fail)
 					PLOG_WARNING << "Incoming SRTP packet is a replay";
+				else if (err == srtp_err_status_auth_fail)
+					PLOG_WARNING << "Incoming SRTP packet failed authentication check";
 				else
 					PLOG_WARNING << "SRTP unprotect error, status=" << err;
 				return;
@@ -238,11 +242,11 @@ void DtlsSrtpTransport::postHandshake() {
 		throw std::runtime_error("Failed to derive SRTP keys: " +
 		                         openssl::error_string(ERR_get_error()));
 
+	// Order is client key, server key, client salt, and server salt
 	clientKey = material;
-	clientSalt = clientKey + SRTP_AES_128_KEY_LEN;
-
-	serverKey = material + SRTP_AES_ICM_128_KEY_LEN_WSALT;
-	serverSalt = serverKey + SRTP_AES_128_KEY_LEN;
+	serverKey = clientKey + SRTP_AES_128_KEY_LEN;
+	clientSalt = serverKey + SRTP_AES_128_KEY_LEN;
+	serverSalt = clientSalt + SRTP_SALT_LEN;
 #endif
 
 	unsigned char clientSessionKey[SRTP_AES_ICM_128_KEY_LEN_WSALT];