srtp: support AES-GCM profiles

This adds support for SRTP_AEAD_AES_128_GCM and SRTP_AEAD_AES_256_GCM
profiles defined in RFC 7714.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/NEWS b/NEWS
index a45cbc89e86ffd312b27c9f3bfc468a661d7308a..7a81687268db6e7c6bffaa6135b18bd97eae5cce 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,8 @@ and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
 
 ** API and ABI modifications:
 GNUTLS_NO_STATUS_REQUEST: New flag
+GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member
+GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member
 
 * Version 3.7.8 (released 2022-09-27)
 

diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c
index b2e36b3a0617853d0f34a8b64cac25574547f16b..ec9ae31acbd6386bc967a70a8165db650b0bbe8a 100644 (file)
--- a/lib/ext/srtp.c
+++ b/lib/ext/srtp.c
@@ -64,21 +64,35 @@ typedef struct {
 
 static const srtp_profile_st profile_names[] = {
        {
-        "SRTP_AES128_CM_HMAC_SHA1_80",
-        GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80,
-        16, 14},
+               "SRTP_AES128_CM_HMAC_SHA1_80",
+               GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80,
+               16, 14
+       },
        {
-        "SRTP_AES128_CM_HMAC_SHA1_32",
-        GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32,
-        16, 14},
+               "SRTP_AES128_CM_HMAC_SHA1_32",
+               GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32,
+               16, 14
+       },
        {
-        "SRTP_NULL_HMAC_SHA1_80",
-        GNUTLS_SRTP_NULL_HMAC_SHA1_80,
-        16, 14},
+               "SRTP_NULL_HMAC_SHA1_80",
+               GNUTLS_SRTP_NULL_HMAC_SHA1_80,
+               16, 14
+       },
        {
-        "SRTP_NULL_SHA1_32",
-        GNUTLS_SRTP_NULL_HMAC_SHA1_32,
-        16, 14},
+               "SRTP_NULL_SHA1_32",
+               GNUTLS_SRTP_NULL_HMAC_SHA1_32,
+               16, 14
+       },
+       {
+               "SRTP_AEAD_AES_128_GCM",
+               GNUTLS_SRTP_AEAD_AES_128_GCM,
+               16, 12
+       },
+       {
+               "SRTP_AEAD_AES_256_GCM",
+               GNUTLS_SRTP_AEAD_AES_256_GCM,
+               32, 12
+       },
        {
         NULL,
         0, 0, 0}

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 830ce5f95c05c5893de6ada11a0cf4cd10cd63af..bbb4336ae97f99db5ee3c3e6e09026cb5d9b9699 100644 (file)
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1704,6 +1704,8 @@ int gnutls_session_ticket_send(gnutls_session_t session, unsigned nr, unsigned f
  * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
  * @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
  * @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
+ * @GNUTLS_SRTP_AEAD_AES_128_GCM: 128 bit AES with GCM
+ * @GNUTLS_SRTP_AEAD_AES_256_GCM: 256 bit AES with GCM
  *
  * Enumeration of different SRTP protection profiles.
  */
@@ -1711,7 +1713,9 @@ typedef enum {
        GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001,
        GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002,
        GNUTLS_SRTP_NULL_HMAC_SHA1_80 = 0x0005,
-       GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006
+       GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006,
+       GNUTLS_SRTP_AEAD_AES_128_GCM = 0x0007,
+       GNUTLS_SRTP_AEAD_AES_256_GCM = 0x0008
 } gnutls_srtp_profile_t;
 
 int gnutls_srtp_set_profile(gnutls_session_t session,