Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AEAD] Set AES-GCM auth in the KM message. #2492

Merged
merged 2 commits into from
Oct 18, 2022
Merged

[AEAD] Set AES-GCM auth in the KM message. #2492

merged 2 commits into from
Oct 18, 2022

Conversation

maxsharabayko
Copy link
Collaborator

@maxsharabayko maxsharabayko commented Oct 17, 2022
edited
Loading 

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |S|  V  |   PT  |              Sign             |   Resv1   | KK|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                              KEKI                             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Cipher    |      Auth     |       SE      |     Resv2     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             Resv3             |     SLen/4    |     KLen/4    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                              Salt                             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                          Wrapped Key                          +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The Auth field in the case of GCM must contain not the HCRYPT_AUTH_NONE, but HCRYPT_AUTH_GCM.
According to RFC 5647, "If AES-GCM is selected as the encryption algorithm for a given tunnel, AES-GCM MUST also be selected as the Message Authentication Code (MAC) algorithm. Conversely, if AES-GCM is selected as the MAC algorithm, it MUST also be selected as the encryption algorithm".

Fields Affected

Legend
❌ - no changes.
❗ - changes needed.

Field Meaning To Be Changed?
Version (V) = 1 Related to SRT v1... ❌ ❓
Cipher 2: AES-CTR
4: AES-GCM ➕
Authentication (Auth) Specifies a message authentication code algorithm:
0: None or KEKI indexed crypto context.
1: AES-GCM.

Related issue #2339.
Related SRT Internet Draft updates: Haivision/srt-rfc#115.

@maxsharabayko maxsharabayko added Type: Enhancement Indicates new feature requests [core] Area: Changes in SRT library core labels Oct 17, 2022
@maxsharabayko maxsharabayko added this to the v1.6.0 milestone Oct 17, 2022
@maxsharabayko maxsharabayko mentioned this pull request Oct 17, 2022
Open
25 tasks
@maxsharabayko maxsharabayko merged commit c01c646 into Haivision:master Oct 18, 2022
@maxsharabayko maxsharabayko deleted the develop/km-aead branch October 18, 2022 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
[core] Area: Changes in SRT library core Type: Enhancement Indicates new feature requests
Projects
None yet
Milestone
v1.5.2
Development

Successfully merging this pull request may close these issues.
1 participant
@maxsharabayko