2 files changed, 63 insertions, 28 deletions
diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index 048209ce1..6610ef126 100644
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -51,6 +51,7 @@ ASTERISK_REGISTER_FILE()
 #include "asterisk/acl.h"
 #include "asterisk/sdp_srtp.h"
 #include "asterisk/dsp.h"
+#include "asterisk/linkedlists.h"       /* for AST_LIST_NEXT */
 
 #include "asterisk/res_pjsip.h"
 #include "asterisk/res_pjsip_session.h"
@@ -938,6 +939,7 @@ static int add_crypto_to_stream(struct ast_sip_session *session,
 	enum ast_rtp_dtls_hash hash;
 	const char *crypto_attribute;
 	struct ast_rtp_engine_dtls *dtls;
+	struct ast_sdp_srtp *tmp;
 	static const pj_str_t STR_NEW = { "new", 3 };
 	static const pj_str_t STR_EXISTING = { "existing", 8 };
 	static const pj_str_t STR_ACTIVE = { "active", 6 };
@@ -957,16 +959,22 @@ static int add_crypto_to_stream(struct ast_sip_session *session,
 			}
 		}
 
-		crypto_attribute = ast_sdp_srtp_get_attrib(session_media->srtp,
-			0 /* DTLS running? No */,
-			session->endpoint->media.rtp.srtp_tag_32 /* 32 byte tag length? */);
-		if (!crypto_attribute) {
-			/* No crypto attribute to add, bad news */
-			return -1;
-		}
+		tmp = session_media->srtp;
+
+		do {
+			crypto_attribute = ast_sdp_srtp_get_attrib(tmp,
+				0 /* DTLS running? No */,
+				session->endpoint->media.rtp.srtp_tag_32 /* 32 byte tag length? */);
+			if (!crypto_attribute) {
+				/* No crypto attribute to add, bad news */
+				return -1;
+			}
+
+			attr = pjmedia_sdp_attr_create(pool, "crypto",
+				pj_cstr(&stmp, crypto_attribute));
+			media->attr[media->attr_count++] = attr;
+		} while ((tmp = AST_LIST_NEXT(tmp, sdp_srtp_list)));
 
-		attr = pjmedia_sdp_attr_create(pool, "crypto", pj_cstr(&stmp, crypto_attribute));
-		media->attr[media->attr_count++] = attr;
 		break;
 	case AST_SIP_MEDIA_ENCRYPT_DTLS:
 		if (setup_dtls_srtp(session, session_media)) {
diff --git a/res/res_srtp.c b/res/res_srtp.c
index 0b1fb73e7..59fda76dd 100644
--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -35,7 +35,7 @@
 
 /* See https://wiki.asterisk.org/wiki/display/AST/Secure+Calling */
 
-#include "asterisk.h"
+#include "asterisk.h"                   /* for NULL, size_t, memcpy, etc */
 
 ASTERISK_REGISTER_FILE()
 
@@ -46,12 +46,13 @@ ASTERISK_REGISTER_FILE()
 #include <srtp/crypto_kernel.h>
 #endif
 
-#include "asterisk/lock.h"
-#include "asterisk/sched.h"
-#include "asterisk/module.h"
-#include "asterisk/options.h"
-#include "asterisk/rtp_engine.h"
-#include "asterisk/astobj2.h"
+#include "asterisk/astobj2.h"           /* for ao2_t_ref, etc */
+#include "asterisk/frame.h"             /* for AST_FRIENDLY_OFFSET */
+#include "asterisk/logger.h"            /* for ast_log, ast_debug, etc */
+#include "asterisk/module.h"            /* for ast_module_info, etc */
+#include "asterisk/res_srtp.h"          /* for ast_srtp_cb, ast_srtp_suite, etc */
+#include "asterisk/rtp_engine.h"        /* for ast_rtp_engine_register_srtp, etc */
+#include "asterisk/utils.h"             /* for ast_free, ast_calloc */
 
 struct ast_srtp {
 	struct ast_rtp_instance *rtp;
@@ -257,23 +258,49 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
 {
 	switch (suite) {
 	case AST_AES_CM_128_HMAC_SHA1_80:
-		p->cipher_type = AES_128_ICM;
-		p->cipher_key_len = 30;
-		p->auth_type = HMAC_SHA1;
-		p->auth_key_len = 20;
-		p->auth_tag_len = 10;
-		p->sec_serv = sec_serv_conf_and_auth;
+		crypto_policy_set_aes_cm_128_hmac_sha1_80(p);
 		return 0;
 
 	case AST_AES_CM_128_HMAC_SHA1_32:
-		p->cipher_type = AES_128_ICM;
-		p->cipher_key_len = 30;
-		p->auth_type = HMAC_SHA1;
-		p->auth_key_len = 20;
-		p->auth_tag_len = 4;
-		p->sec_serv = sec_serv_conf_and_auth;
+		crypto_policy_set_aes_cm_128_hmac_sha1_32(p);
 		return 0;
 
+#ifdef HAVE_SRTP_192
+	case AST_AES_CM_192_HMAC_SHA1_80:
+		crypto_policy_set_aes_cm_192_hmac_sha1_80(p);
+		return 0;
+
+	case AST_AES_CM_192_HMAC_SHA1_32:
+		crypto_policy_set_aes_cm_192_hmac_sha1_32(p);
+		return 0;
+#endif
+#ifdef HAVE_SRTP_256
+	case AST_AES_CM_256_HMAC_SHA1_80:
+		crypto_policy_set_aes_cm_256_hmac_sha1_80(p);
+		return 0;
+
+	case AST_AES_CM_256_HMAC_SHA1_32:
+		crypto_policy_set_aes_cm_256_hmac_sha1_32(p);
+		return 0;
+#endif
+#ifdef HAVE_SRTP_GCM
+	case AST_AES_GCM_128:
+		crypto_policy_set_aes_gcm_128_16_auth(p);
+		return 0;
+
+	case AST_AES_GCM_256:
+		crypto_policy_set_aes_gcm_256_16_auth(p);
+		return 0;
+
+	case AST_AES_GCM_128_8:
+		crypto_policy_set_aes_gcm_128_8_auth(p);
+		return 0;
+
+	case AST_AES_GCM_256_8:
+		crypto_policy_set_aes_gcm_256_8_auth(p);
+		return 0;
+#endif
+
 	default:
 		ast_log(LOG_ERROR, "Invalid crypto suite: %u\n", suite);
 		return -1;