>From f0e19e1ae731ad6350bc735ba7110ef269b0dcd9 Mon Sep 17 00:00:00 2001
From: Ben Sartor <address@hidden>
Date: Mon, 12 Jan 2015 16:56:09 +0100
Subject: [PATCH 1/3] added zrtp support for AES with 256-bit keys (AES3)

---
 src/crypto/zrtp.c | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/src/crypto/zrtp.c b/src/crypto/zrtp.c
index 70ae955..5575ae7 100644
--- a/src/crypto/zrtp.c
+++ b/src/crypto/zrtp.c
@@ -114,11 +114,11 @@ static int32_t ms_zrtp_srtpSecretsAvailable(void* clientData, bzrtpSrtpSecrets_t
 		ms_fatal("unsupported authentication algorithm by srtp");
 	}
 
-	if ((secrets->cipherAlgo != ZRTP_CIPHER_AES1) && (secrets->cipherAlgo != ZRTP_CIPHER_AES2) && (secrets->cipherAlgo != ZRTP_CIPHER_AES3)) {
+	if ((secrets->cipherAlgo != ZRTP_CIPHER_AES1) && (secrets->cipherAlgo != ZRTP_CIPHER_AES3)) {
 		ms_fatal("unsupported cipher algorithm by srtp");
 	}
 
-	ms_message("ZRTP secrets are ready for %s; auth tag algo is %s", (part==ZRTP_SRTP_SECRETS_FOR_SENDER)?"sender":"receiver", (secrets->authTagAlgo==ZRTP_AUTHTAG_HS32)?"HS32":"HS80");
+	ms_message("ZRTP secrets are ready for %s; auth tag algo is %s and cipher algo is %s", (part==ZRTP_SRTP_SECRETS_FOR_SENDER)?"sender":"receiver", (secrets->authTagAlgo==ZRTP_AUTHTAG_HS32)?"HS32":"HS80", (secrets->cipherAlgo==ZRTP_CIPHER_AES3)?"AES256":"AES128");
 
 
 	if (part==ZRTP_SRTP_SECRETS_FOR_RECEIVER) {
@@ -127,9 +127,17 @@ static int32_t ms_zrtp_srtpSecretsAvailable(void* clientData, bzrtpSrtpSecrets_t
 		memcpy(key + secrets->peerSrtpKeyLength, secrets->peerSrtpSalt, secrets->peerSrtpSaltLength);
 
 		if (secrets->authTagAlgo == ZRTP_AUTHTAG_HS32){
-			media_stream_set_srtp_recv_key(userData->stream_sessions, MS_AES_128_SHA1_32, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			if (secrets->cipherAlgo == ZRTP_CIPHER_AES3){
+				media_stream_set_srtp_recv_key(userData->stream_sessions, MS_AES_256_SHA1_32, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			}else{
+				media_stream_set_srtp_recv_key(userData->stream_sessions, MS_AES_128_SHA1_32, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			}
 		}else if (secrets->authTagAlgo == ZRTP_AUTHTAG_HS80){
-			media_stream_set_srtp_recv_key(userData->stream_sessions, MS_AES_128_SHA1_80, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			if (secrets->cipherAlgo == ZRTP_CIPHER_AES3){
+				media_stream_set_srtp_recv_key(userData->stream_sessions, MS_AES_256_SHA1_80, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			}else{
+				media_stream_set_srtp_recv_key(userData->stream_sessions, MS_AES_128_SHA1_80, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			}
 		}else{
 			ms_fatal("unsupported auth tag");
 		}
@@ -142,9 +150,17 @@ static int32_t ms_zrtp_srtpSecretsAvailable(void* clientData, bzrtpSrtpSecrets_t
 		memcpy(key + secrets->selfSrtpKeyLength, secrets->selfSrtpSalt, secrets->selfSrtpSaltLength);
 
 		if (secrets->authTagAlgo == ZRTP_AUTHTAG_HS32){
-			media_stream_set_srtp_send_key(userData->stream_sessions, MS_AES_128_SHA1_32, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			if (secrets->cipherAlgo == ZRTP_CIPHER_AES3){
+				media_stream_set_srtp_send_key(userData->stream_sessions, MS_AES_256_SHA1_32, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			}else{
+				media_stream_set_srtp_send_key(userData->stream_sessions, MS_AES_128_SHA1_32, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			}
 		}else if (secrets->authTagAlgo == ZRTP_AUTHTAG_HS80){
-			media_stream_set_srtp_send_key(userData->stream_sessions, MS_AES_128_SHA1_80, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			if (secrets->cipherAlgo == ZRTP_CIPHER_AES3){
+				media_stream_set_srtp_send_key(userData->stream_sessions, MS_AES_256_SHA1_80, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			}else{
+				media_stream_set_srtp_send_key(userData->stream_sessions, MS_AES_128_SHA1_80, (const char *)key, (secrets->selfSrtpKeyLength+secrets->selfSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			}
 		}else{
 			ms_fatal("unsupported auth tag");
 		}
-- 
2.1.4