Bug 703264 – srtp: Key is required even if cipher and auth are null

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 703264 - srtp: Key is required even if cipher and auth are null


Summary:	srtp: Key is required even if cipher and auth are null


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-bad
Version:	1.x
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	1.1.4
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-06-28 15:24 UTC by Morgan Lindqvist
Modified:	2013-08-12 16:30 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Morgan Lindqvist 2013-06-28 15:24:16 UTC

When using the srtp plugin in gstreamer it is not always known if the remote side will support encryption when the local gstreamer pipeline is connected. 

This results in that one needs to have advanced logic to bypass the srtp element, or rebuild the pipeline, if the remote side do not support encryption.

A nice solution to this would be if the srtp pluging could be configured to not encrypt/decrypt the data going throught it.

One option would be to have this check in gst_srtp_dec_chain() and gst_srtp_enc_chain(). It could be based on a new property or if the keys/authetication information is set to NULL.

Comment 1 Olivier Crête 2013-06-28 16:28:07 UTC

Can't your set rtp-auth=null rtcp-auth=null rtp-cipher=null rtcp-cipher=null ? But ooops, it still expects a key it seems.

Comment 2 Olivier Crête 2013-06-29 00:36:30 UTC

Now you don't have to set a key..

commit ad7ffe64a66ab48d81671651031c449149db4973
Author: Olivier Crête <olivier.crete@collabora.com>
Date:   Fri Jun 28 20:15:08 2013 -0400

    srtp: Don't require a key if both auth and cipher are null

Comment 3 Morgan Lindqvist 2013-08-06 14:03:58 UTC

This fix did not solve the whole problem.

The request was to be able to disable the SRTP element if the remote side did not support SRTP (without need for modifying the pipeline).

The above solution only makes it possible to disable encryption and authentication for RTP and encryption for RTCP without having to provide a key. The authentication is still there for RTCP. Since the SRTP RTCP receiver requires the authentication information the current solution drops all incoming RTCP reports.

The logic in the srtp library that correctly drops the RTCP messages can be found here.
https://github.com/cisco/libsrtp/blob/master/srtp/srtp.c#L1895

The logic that always set the header can be found here:
https://github.com/cisco/libsrtp/blob/master/srtp/srtp.c#L1707

The reason for this behaviour is that the specification requires that RTCP always is authenticated when SRTP is used.

One way of solving this would be to enable pass-through if all encryption and authentication is disabled. This would also avoid copying of buffers.

Comment 4 Olivier Crête 2013-08-12 16:30:17 UTC

Again, oops, my bad. I had completely forgotten about RTCP  Added passthrough support

commit d346e7560682a824caf38add63cb3a55164de808
Author: Olivier Crête <olivier.crete@collabora.com>
Date:   Mon Aug 12 12:27:33 2013 -0400

    srtp: Let packets through without touching them if no crypto or auth is set

commit a10e800dfdb2d7cc742711fbbb8b2ab6b51da5d1
Author: Olivier Crête <olivier.crete@collabora.com>
Date:   Mon Aug 12 12:27:16 2013 -0400

    srtpdec: Refactor code a bit
    
    Simplify the error handling case and get the packet push out of the if()