From 5819adefe5dff74eac9555fc672b63a7b950871f Mon Sep 17 00:00:00 2001 From: Maxim Sharabayko Date: Tue, 30 Jul 2024 14:36:27 +0200 Subject: [PATCH] [core] Improved AES GCM encryption, changed GCM IV length to 12 bytes (#2962). SRT version raised to 1.5.4. --- CMakeLists.txt | 2 +- haicrypt/cryspr.c | 78 ++++++++++++++++++++-------------------- haicrypt/haicrypt.h | 2 ++ haicrypt/hcrypt.c | 12 +++++++ haicrypt/hcrypt.h | 19 ++++++++++ haicrypt/hcrypt_ctx.h | 1 + haicrypt/hcrypt_ctx_rx.c | 2 +- haicrypt/hcrypt_ctx_tx.c | 3 +- srtcore/core.cpp | 14 ++++---- srtcore/crypto.cpp | 30 ++++++++++++---- srtcore/crypto.h | 20 ++++++----- 11 files changed, 120 insertions(+), 63 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 47d9b88df..6500e364b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -8,7 +8,7 @@ # cmake_minimum_required (VERSION 2.8.12 FATAL_ERROR) -set (SRT_VERSION 1.5.3) +set (SRT_VERSION 1.5.4) set (CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/scripts") include(haiUtil) # needed for set_version_variables diff --git a/haicrypt/cryspr.c b/haicrypt/cryspr.c index 2e3a68a59..a078aad73 100644 --- a/haicrypt/cryspr.c +++ b/haicrypt/cryspr.c @@ -17,6 +17,10 @@ written by CRYSPR/4SRT Initial implementation. *****************************************************************************/ +#ifndef _WIN32 +#include /* htonl */ +#endif + #include "hcrypt.h" #include "cryspr.h" @@ -429,6 +433,8 @@ static int crysprFallback_MsEncrypt( /* Auth tag produced by AES GCM. */ unsigned char tag[HAICRYPT_AUTHTAG_MAX]; + /* Additional authenticated data used by AES-GCM. */ + unsigned char aad[HAICRYPT_AAD_MAX]; /* * Get buffer room from the internal circular output buffer. @@ -452,33 +458,30 @@ static int crysprFallback_MsEncrypt( /* Get input packet index (in network order) */ hcrypt_Pki pki = hcryptMsg_GetPki(ctx->msg_info, in_data[0].pfx, 1); - /* - * Compute the Initial Vector - * IV (128-bit): - * 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 - * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ - * | 0s | pki | ctr | - * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ - * XOR - * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+ - * | nonce + - * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+ - * - * pki (32-bit): packet index - * ctr (16-bit): block counter - * nonce (112-bit): number used once (salt) - */ - hcrypt_SetCtrIV((unsigned char *)&pki, ctx->salt, iv); - if (ctx->mode == HCRYPT_CTX_MODE_AESGCM) { - const int iret = cryspr_cb->cryspr->aes_gcm_cipher(true, aes_key, iv, in_data[0].pfx, pfx_len, in_data[0].payload, in_data[0].len, + const bool old_aead = ctx->use_gcm_153; // SRT v1.5.2 to v1.5.3. + if (old_aead) + { + hcrypt_SetCtrIV((unsigned char*)&pki, ctx->salt, iv); + memcpy(aad, in_data[0].pfx, sizeof(aad)); + } + else + { + hcrypt_SetGcmIV((unsigned char*)&pki, ctx->salt, iv); + + for (size_t i = 0; i < sizeof(aad) / 4; ++i) + *((uint32_t*)aad + i) = htonl(*((uint32_t*)in_data[0].pfx + i)); + } + + const int iret = cryspr_cb->cryspr->aes_gcm_cipher(true, aes_key, iv, aad, sizeof(aad), in_data[0].payload, in_data[0].len, &out_msg[pfx_len], tag); if (iret) { return(iret); } } else { + hcrypt_SetCtrIV((unsigned char *)&pki, ctx->salt, iv); #if CRYSPR_HAS_AESCTR cryspr_cb->cryspr->aes_ctr_cipher(true, aes_key, iv, in_data[0].payload, in_data[0].len, &out_msg[pfx_len]); @@ -599,28 +602,26 @@ static int crysprFallback_MsDecrypt(CRYSPR_cb *cryspr_cb, hcrypt_Ctx *ctx, /* Get input packet index (in network order) */ hcrypt_Pki pki = hcryptMsg_GetPki(ctx->msg_info, in_data[0].pfx, 1); - /* - * Compute the Initial Vector - * IV (128-bit): - * 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 - * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ - * | 0s | pki | ctr | - * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ - * XOR - * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+ - * | nonce + - * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+ - * - * pki (32-bit): packet index - * ctr (16-bit): block counter - * nonce (112-bit): number used once (salt) - */ - hcrypt_SetCtrIV((unsigned char *)&pki, ctx->salt, iv); - if (ctx->mode == HCRYPT_CTX_MODE_AESGCM) { + /* Additional authenticated data used by AES-GCM. */ + unsigned char aad[HAICRYPT_AAD_MAX]; + const bool old_aead = ctx->use_gcm_153; // SRT v1.5.2 to v1.5.3. + if (old_aead) + { + hcrypt_SetCtrIV((unsigned char*)&pki, ctx->salt, iv); + memcpy(aad, in_data[0].pfx, sizeof(aad)); + } + else + { + hcrypt_SetGcmIV((unsigned char*)&pki, ctx->salt, iv); + + for (size_t i = 0; i < sizeof(aad) / 4; ++i) + *((uint32_t*)aad + i) = htonl(*((uint32_t*)in_data[0].pfx + i)); + } + unsigned char* tag = in_data[0].payload + in_data[0].len - HAICRYPT_AUTHTAG_MAX; - int liret = cryspr_cb->cryspr->aes_gcm_cipher(false, aes_key, iv, in_data[0].pfx, ctx->msg_info->pfx_len, in_data[0].payload, in_data[0].len - HAICRYPT_AUTHTAG_MAX, + int liret = cryspr_cb->cryspr->aes_gcm_cipher(false, aes_key, iv, aad, sizeof(aad), in_data[0].payload, in_data[0].len - HAICRYPT_AUTHTAG_MAX, out_txt, tag); if (liret) { return(liret); @@ -628,6 +629,7 @@ static int crysprFallback_MsDecrypt(CRYSPR_cb *cryspr_cb, hcrypt_Ctx *ctx, out_len = in_data[0].len - HAICRYPT_AUTHTAG_MAX; } else { + hcrypt_SetCtrIV((unsigned char*)&pki, ctx->salt, iv); #if CRYSPR_HAS_AESCTR cryspr_cb->cryspr->aes_ctr_cipher(false, aes_key, iv, in_data[0].payload, in_data[0].len, out_txt); diff --git a/haicrypt/haicrypt.h b/haicrypt/haicrypt.h index b6e83ad7a..da0ad3493 100644 --- a/haicrypt/haicrypt.h +++ b/haicrypt/haicrypt.h @@ -37,6 +37,7 @@ HaiCrypt_Cryspr HaiCryptCryspr_Get_Instance (void); /* Return a default crys #define HAICRYPT_KEY_MAX_SZ 32 /* MAX key */ #define HAICRYPT_SECRET_MAX_SZ (HAICRYPT_PWD_MAX_SZ > HAICRYPT_KEY_MAX_SZ ? HAICRYPT_PWD_MAX_SZ : HAICRYPT_KEY_MAX_SZ) #define HAICRYPT_AUTHTAG_MAX 16 /* maximum length of the auth tag (e.g. GCM) */ +#define HAICRYPT_AAD_MAX 16 /* maximum length of the additional authenticated data (GCM mode) */ #define HAICRYPT_SALT_SZ 16 @@ -96,6 +97,7 @@ typedef struct hcrypt_Session_str* HaiCrypt_Handle; int HaiCrypt_SetLogLevel(int level, int logfa); int HaiCrypt_Create(const HaiCrypt_Cfg *cfg, HaiCrypt_Handle *phhc); +int HaiCrypt_UpdateGcm153(HaiCrypt_Handle hhc, unsigned use_gcm_153); int HaiCrypt_Clone(HaiCrypt_Handle hhcSrc, HaiCrypt_CryptoDir tx, HaiCrypt_Handle *phhc); int HaiCrypt_Close(HaiCrypt_Handle hhc); int HaiCrypt_Tx_GetBuf(HaiCrypt_Handle hhc, size_t data_len, unsigned char **in_p); diff --git a/haicrypt/hcrypt.c b/haicrypt/hcrypt.c index dc3f06801..a2b81d832 100644 --- a/haicrypt/hcrypt.c +++ b/haicrypt/hcrypt.c @@ -178,6 +178,18 @@ int HaiCrypt_Create(const HaiCrypt_Cfg *cfg, HaiCrypt_Handle *phhc) return(0); } +int HaiCrypt_UpdateGcm153(HaiCrypt_Handle hhc, unsigned use_gcm_153) +{ + ASSERT(hhc != NULL); + hcrypt_Session* crypto = hhc; + if (!crypto) + return (-1); + + crypto->ctx_pair[0].use_gcm_153 = use_gcm_153; + crypto->ctx_pair[1].use_gcm_153 = use_gcm_153; + return (0); +} + int HaiCrypt_ExtractConfig(HaiCrypt_Handle hhcSrc, HaiCrypt_Cfg* pcfg) { hcrypt_Session *crypto = (hcrypt_Session *)hhcSrc; diff --git a/haicrypt/hcrypt.h b/haicrypt/hcrypt.h index 34e744e8a..e28a29777 100644 --- a/haicrypt/hcrypt.h +++ b/haicrypt/hcrypt.h @@ -135,6 +135,25 @@ typedef struct hcrypt_Session_str { hcrypt_XorStream(&(iv)[0], (nonce), 112/8); \ } while(0) +/* HaiCrypt-TP GCM mode IV (96-bit) - SRT 1.5.4: + * 0 1 2 3 4 5 6 7 8 9 10 11 + * +---+---+---+---+---+---+---+---+---+---+---+---+ + * | 0s | pki | + * +---+---+---+---+---+---+---+---+---+---+---+---+ + * XOR + * +---+---+---+---+---+---+---+---+---+---+---+---+ + * | nonce + + * +---+---+---+---+---+---+---+---+---+---+---+---+ + * + * pki (32-bit): packet index + * nonce (96-bit): number used once (salt) + */ +#define hcrypt_SetGcmIV(pki, nonce, iv) do { \ + memset(&(iv)[0], 0, 96/8); \ + memcpy(&(iv)[8], (pki), HCRYPT_PKI_SZ); \ + hcrypt_XorStream(&(iv)[0], (nonce), 96/8); \ + } while(0) + #define hcrypt_XorStream(dst, strm, len) do { \ int __XORSTREAMi; \ for (__XORSTREAMi = 0 \ diff --git a/haicrypt/hcrypt_ctx.h b/haicrypt/hcrypt_ctx.h index 3a46fd40f..0d962c430 100644 --- a/haicrypt/hcrypt_ctx.h +++ b/haicrypt/hcrypt_ctx.h @@ -70,6 +70,7 @@ typedef struct tag_hcrypt_Ctx { #define HCRYPT_CTX_MODE_AESCBC 3 /* Cipher-block chaining mode */ #define HCRYPT_CTX_MODE_AESGCM 4 /* AES GCM authenticated encryption */ unsigned mode; + bool use_gcm_153; /* AES-GCM compatibility mode (SRT v1.5.3 and earlier) */ struct { size_t key_len; diff --git a/haicrypt/hcrypt_ctx_rx.c b/haicrypt/hcrypt_ctx_rx.c index 9fcba6c30..2b67490d3 100644 --- a/haicrypt/hcrypt_ctx_rx.c +++ b/haicrypt/hcrypt_ctx_rx.c @@ -28,8 +28,8 @@ int hcryptCtx_Rx_Init(hcrypt_Session *crypto, hcrypt_Ctx *ctx, const HaiCrypt_Cf ctx->mode = (cfg->flags & HAICRYPT_CFG_F_GCM) ? HCRYPT_CTX_MODE_AESGCM : HCRYPT_CTX_MODE_AESCTR; } ctx->status = HCRYPT_CTX_S_INIT; - ctx->msg_info = crypto->msg_info; + ctx->use_gcm_153 = false; // Default initialization. if (cfg && hcryptCtx_SetSecret(crypto, ctx, &cfg->secret)) { return(-1); diff --git a/haicrypt/hcrypt_ctx_tx.c b/haicrypt/hcrypt_ctx_tx.c index 9ed5ba36c..e66c9497b 100644 --- a/haicrypt/hcrypt_ctx_tx.c +++ b/haicrypt/hcrypt_ctx_tx.c @@ -35,7 +35,7 @@ int hcryptCtx_Tx_Init(hcrypt_Session *crypto, hcrypt_Ctx *ctx, const HaiCrypt_Cf ctx->mode = (cfg->flags & HAICRYPT_CFG_F_GCM) ? HCRYPT_CTX_MODE_AESGCM : HCRYPT_CTX_MODE_AESCTR; ctx->status = HCRYPT_CTX_S_INIT; - + ctx->use_gcm_153 = false; // Default initialization. ctx->msg_info = crypto->msg_info; if (hcryptCtx_SetSecret(crypto, ctx, &cfg->secret)) { @@ -184,7 +184,6 @@ int hcryptCtx_Tx_Refresh(hcrypt_Session *crypto) ASSERT(HCRYPT_CTX_S_SARDY <= new_ctx->status); /* Keep same KEK, configuration, and salt */ -// memcpy(&new_ctx->aes_kek, &ctx->aes_kek, sizeof(new_ctx->aes_kek)); memcpy(&new_ctx->cfg, &ctx->cfg, sizeof(new_ctx->cfg)); new_ctx->salt_len = ctx->salt_len; diff --git a/srtcore/core.cpp b/srtcore/core.cpp index b802bdec9..908bf748c 100644 --- a/srtcore/core.cpp +++ b/srtcore/core.cpp @@ -2021,7 +2021,7 @@ bool srt::CUDT::processSrtMsg(const CPacket *ctrlpkt) { uint32_t srtdata_out[SRTDATA_MAXSIZE]; size_t len_out = 0; - res = m_pCryptoControl->processSrtMsg_KMREQ(srtdata, len, CUDT::HS_VERSION_UDT4, + res = m_pCryptoControl->processSrtMsg_KMREQ(srtdata, len, CUDT::HS_VERSION_UDT4, m_uPeerSrtVersion, (srtdata_out), (len_out)); if (res == SRT_CMD_KMRSP) { @@ -2058,7 +2058,7 @@ bool srt::CUDT::processSrtMsg(const CPacket *ctrlpkt) case SRT_CMD_KMRSP: { // KMRSP doesn't expect any following action - m_pCryptoControl->processSrtMsg_KMRSP(srtdata, len, CUDT::HS_VERSION_UDT4); + m_pCryptoControl->processSrtMsg_KMRSP(srtdata, len, m_uPeerSrtVersion); return true; // nothing to do } @@ -2647,7 +2647,7 @@ bool srt::CUDT::interpretSrtHandshake(const CHandShake& hs, return false; } - int res = m_pCryptoControl->processSrtMsg_KMREQ(begin + 1, bytelen, HS_VERSION_SRT1, + int res = m_pCryptoControl->processSrtMsg_KMREQ(begin + 1, bytelen, HS_VERSION_SRT1, m_uPeerSrtVersion, (out_data), (*pw_len)); if (res != SRT_CMD_KMRSP) { @@ -2694,7 +2694,7 @@ bool srt::CUDT::interpretSrtHandshake(const CHandShake& hs, } else if (cmd == SRT_CMD_KMRSP) { - int res = m_pCryptoControl->processSrtMsg_KMRSP(begin + 1, bytelen, HS_VERSION_SRT1); + int res = m_pCryptoControl->processSrtMsg_KMRSP(begin + 1, bytelen, m_uPeerSrtVersion); if (m_config.bEnforcedEnc && res == -1) { if (m_pCryptoControl->m_SndKmState == SRT_KM_S_BADSECRET) @@ -6023,13 +6023,15 @@ bool srt::CUDT::createCrypter(HandshakeSide side, bool bidirectional) // they have outdated values. m_pCryptoControl->setCryptoSecret(m_config.CryptoSecret); + const bool useGcm153 = m_uPeerSrtVersion <= SrtVersion(1, 5, 3); + if (bidirectional || m_config.bDataSender) { HLOGC(rslog.Debug, log << CONID() << "createCrypter: setting RCV/SND KeyLen=" << m_config.iSndCryptoKeyLen); m_pCryptoControl->setCryptoKeylen(m_config.iSndCryptoKeyLen); } - return m_pCryptoControl->init(side, m_config, bidirectional); + return m_pCryptoControl->init(side, m_config, bidirectional, useGcm153); } SRT_REJECT_REASON srt::CUDT::setupCC() @@ -7763,7 +7765,7 @@ bool srt::CUDT::updateCC(ETransmissionEvent evt, const EventVariant arg) // - m_dCWndSize m_tdSendInterval = microseconds_from((int64_t)m_CongCtl->pktSndPeriod_us()); const double cgwindow = m_CongCtl->cgWindowSize(); - m_iCongestionWindow = cgwindow; + m_iCongestionWindow = (int) cgwindow; #if ENABLE_HEAVY_LOGGING HLOGC(rslog.Debug, log << CONID() << "updateCC: updated values from congctl: interval=" << FormatDuration(m_tdSendInterval) diff --git a/srtcore/crypto.cpp b/srtcore/crypto.cpp index fdd643f22..e7fe0be89 100644 --- a/srtcore/crypto.cpp +++ b/srtcore/crypto.cpp @@ -138,7 +138,7 @@ void srt::CCryptoControl::createFakeSndContext() int srt::CCryptoControl::processSrtMsg_KMREQ( const uint32_t* srtdata SRT_ATR_UNUSED, size_t bytelen SRT_ATR_UNUSED, - int hsv SRT_ATR_UNUSED, + int hsv SRT_ATR_UNUSED, unsigned srtv SRT_ATR_UNUSED, uint32_t pw_srtdata_out[], size_t& w_srtlen) { //Receiver @@ -172,6 +172,8 @@ int srt::CCryptoControl::processSrtMsg_KMREQ( (m_iCryptoMode == CSrtConfig::CIPHER_MODE_AUTO && kmdata[HCRYPT_MSG_KM_OFS_CIPHER] == HCRYPT_CIPHER_AES_GCM) || (m_iCryptoMode == CSrtConfig::CIPHER_MODE_AES_GCM); + m_bUseGcm153 = srtv <= SrtVersion(1, 5, 3); + // What we have to do: // If encryption is on (we know that by having m_KmSecret nonempty), create // the crypto context (if bidirectional, create for both sending and receiving). @@ -331,6 +333,13 @@ int srt::CCryptoControl::processSrtMsg_KMREQ( HLOGC(cnlog.Debug, log << "processSrtMsg_KMREQ: NOT REPLAYING the key update to TX CRYPTO CTX."); } +#ifdef SRT_ENABLE_ENCRYPTION + if (m_hRcvCrypto != NULL) + HaiCrypt_UpdateGcm153(m_hRcvCrypto, m_bUseGcm153); + if (m_hSndCrypto != NULL) + HaiCrypt_UpdateGcm153(m_hSndCrypto, m_bUseGcm153); +#endif + return SRT_CMD_KMRSP; HSv4_ErrorReport: @@ -359,7 +368,7 @@ int srt::CCryptoControl::processSrtMsg_KMREQ( return SRT_CMD_KMRSP; } -int srt::CCryptoControl::processSrtMsg_KMRSP(const uint32_t* srtdata, size_t len, int /* XXX unused? hsv*/) +int srt::CCryptoControl::processSrtMsg_KMRSP(const uint32_t* srtdata, size_t len, unsigned srtv) { /* All 32-bit msg fields (if present) swapped on reception * But HaiCrypt expect network order message @@ -371,9 +380,6 @@ int srt::CCryptoControl::processSrtMsg_KMRSP(const uint32_t* srtdata, size_t len int retstatus = -1; - // Unused? - //bool bidirectional = hsv > CUDT::HS_VERSION_UDT4; - // Since now, when CCryptoControl::decrypt() encounters an error, it will print it, ONCE, // until the next KMREQ is received as a key regeneration. m_bErrorReported = false; @@ -459,6 +465,14 @@ int srt::CCryptoControl::processSrtMsg_KMRSP(const uint32_t* srtdata, size_t len } HLOGC(cnlog.Debug, log << "processSrtMsg_KMRSP: key[0]: len=" << m_SndKmMsg[0].MsgLen << " retry=" << m_SndKmMsg[0].iPeerRetry << "; key[1]: len=" << m_SndKmMsg[1].MsgLen << " retry=" << m_SndKmMsg[1].iPeerRetry); + + m_bUseGcm153 = srtv <= SrtVersion(1, 5, 3); +#ifdef SRT_ENABLE_ENCRYPTION + if (m_hRcvCrypto != NULL) + HaiCrypt_UpdateGcm153(m_hRcvCrypto, m_bUseGcm153); + if (m_hSndCrypto != NULL) + HaiCrypt_UpdateGcm153(m_hSndCrypto, m_bUseGcm153); +#endif } LOGP(cnlog.Note, FormatKmMessage("processSrtMsg_KMRSP", SRT_CMD_KMRSP, len)); @@ -593,6 +607,7 @@ srt::CCryptoControl::CCryptoControl(SRTSOCKET id) , m_KmRefreshRatePkt(0) , m_KmPreAnnouncePkt(0) , m_iCryptoMode(CSrtConfig::CIPHER_MODE_AUTO) + , m_bUseGcm153(false) , m_bErrorReported(false) { m_KmSecret.len = 0; @@ -606,7 +621,7 @@ srt::CCryptoControl::CCryptoControl(SRTSOCKET id) m_hRcvCrypto = NULL; } -bool srt::CCryptoControl::init(HandshakeSide side, const CSrtConfig& cfg, bool bidirectional SRT_ATR_UNUSED) +bool srt::CCryptoControl::init(HandshakeSide side, const CSrtConfig& cfg, bool bidirectional SRT_ATR_UNUSED, bool bUseGcm153 SRT_ATR_UNUSED) { // NOTE: initiator creates m_hSndCrypto. When bidirectional, // it creates also m_hRcvCrypto with the same key length. @@ -620,6 +635,7 @@ bool srt::CCryptoControl::init(HandshakeSide side, const CSrtConfig& cfg, bool b // Set UNSECURED state as default m_RcvKmState = SRT_KM_S_UNSECURED; m_iCryptoMode = cfg.iCryptoMode; + m_bUseGcm153 = bUseGcm153; #ifdef SRT_ENABLE_ENCRYPTION if (!cfg.bTSBPD && m_iCryptoMode == CSrtConfig::CIPHER_MODE_AUTO) @@ -807,7 +823,7 @@ srt::EncryptionStatus srt::CCryptoControl::encrypt(CPacket& w_packet SRT_ATR_UNU { return ENCS_FAILED; } - else if ( rc > 0 ) + else if (rc > 0) { // XXX what happens if the encryption is said to be "succeeded", // but the length is 0? Shouldn't this be treated as unwanted? diff --git a/srtcore/crypto.h b/srtcore/crypto.h index 370d5529c..613ded8dd 100644 --- a/srtcore/crypto.h +++ b/srtcore/crypto.h @@ -68,6 +68,7 @@ class CCryptoControl int m_KmRefreshRatePkt; int m_KmPreAnnouncePkt; int m_iCryptoMode; + bool m_bUseGcm153; // Older AES-GCM version existed up to SRT v1.5.3. HaiCrypt_Secret m_KmSecret; //Key material shared secret // Sender @@ -127,15 +128,18 @@ class CCryptoControl // Needed for CUDT void updateKmState(int cmd, size_t srtlen); - // Detailed processing - int processSrtMsg_KMREQ(const uint32_t* srtdata, size_t len, int hsv, + /// Process the KM request message. + /// @param srtv peer's SRT version. + int processSrtMsg_KMREQ(const uint32_t* srtdata, size_t len, int hsv, unsigned srtv, uint32_t srtdata_out[], size_t&); - // This returns: - // 1 - the given payload is the same as the currently used key - // 0 - there's no key in agent or the payload is error message with agent NOSECRET. - // -1 - the payload is error message with other state or it doesn't match the key - int processSrtMsg_KMRSP(const uint32_t* srtdata, size_t len, int hsv); + /// Process the KM response message. + /// @param srtv peer's SRT version. + /// @returns + /// 1 - the given payload is the same as the currently used key + /// 0 - there's no key in agent or the payload is error message with agent NOSECRET. + /// -1 - the payload is error message with other state or it doesn't match the key + int processSrtMsg_KMRSP(const uint32_t* srtdata, size_t len, unsigned srtv); void createFakeSndContext(); const unsigned char* getKmMsg_data(size_t ki) const { return m_SndKmMsg[ki].Msg; } @@ -207,7 +211,7 @@ class CCryptoControl std::string CONID() const; std::string FormatKmMessage(std::string hdr, int cmd, size_t srtlen); - bool init(HandshakeSide, const CSrtConfig&, bool); + bool init(HandshakeSide, const CSrtConfig&, bool bidir, bool bUseGcm153); SRT_ATTR_EXCLUDES(m_mtxLock) void close();