Add cryptographic (SRTP) negotiation to SDP

Update SipAudioCall.java to do sdp negotiation of RTP/SAVP (if TLS is
selected as the transport) first and fall back to RTP/AVP later.  The
standard (RFC 4568) says that only one cipher can be used for the
transmission, so this is in effect a cipher agreement but that we must
have separate keys for sending and recieving which are sent by both
parties in SDP.  For this reason, we have to have access to both the
SDP we sent and the one we received.  This patch looks bigger because
it adds looping over the media type for the both RTP/AVP and RTP/SAVP
case.

Change-Id: I28eaf39199dea7a31497bace67085c7bf30c9792
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Author: James Bottomley

src/java/android/net/rtp/AudioStream.java

@@ -19,6 +19,7 @@
 import java.net.InetAddress;
 import java.net.SocketException;
 
+import android.annotation.Nullable;
 /**
  * An AudioStream is a {@link RtpStream} which carrys audio payloads over
  * Real-time Transport Protocol (RTP). Two different classes are developed in
@@ -46,6 +47,9 @@ public class AudioStream extends RtpStream {
     private AudioCodec mCodec;
     private int mDtmfType = -1;
     private AudioGroup mGroup;
+    private String mCipher = null;
+    private byte[] mLocalKey = null;
+    private byte[] mRemoteKey = null;
 
     /**
      * Creates an AudioStream on the given local address. Note that the local
@@ -164,4 +168,31 @@ public void setDtmfType(int type) {
         }
         mDtmfType = type;
     }
+
+    @Nullable
+    public String getCipher() {
+        return mCipher;
+    }
+
+    @Nullable
+    public byte[] getLocalKey() {
+        return mLocalKey;
+    }
+
+    @Nullable
+    public byte[] getRemoteKey() {
+        return mRemoteKey;
+    }
+
+    public void setCipher(@Nullable String cipher) {
+        mCipher = cipher;
+    }
+
+    public void setLocalKey(@Nullable byte[] localKey) {
+        mLocalKey = localKey;
+    }
+
+    public void setRemoteKey(@Nullable byte[] remoteKey) {
+        mRemoteKey = remoteKey;
+    }
 }

src/java/android/net/rtp/Crypto.java

@@ -0,0 +1,119 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+ * Copyright (C) 2023 James.Bottomley@HansenPartnership.com
+ */
+
+package android.net.rtp;
+
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+
+import android.annotation.NonNull;
+
+/**
+ * This class defines a collection of encryptions to be used with
+ * {@link AudioStream}s. Their parameters are designed to be exchanged
+ * using Session Description Protocol (SDP) which is described in
+ * RFC4566 and RFC4568 (security extensions including a=crypto:
+ * parameter).  The crypto strings come from RFC3711 (AES_CM) and
+ * RFC7714 (AES_GCM) and the tag values match those defined by IANA
+ * for DTLS.  Note the media in a remote offer may not have tags
+ * matching the IANA ones, so validity is by crypto string only.
+ *
+ * This class is simplified to eliminate components not used by
+ * asterisk such as key lifetime and Master Key Index (MKI).
+ *
+ * @see AudioStream
+ */
+public class Crypto {
+    /**
+     * The RTP payload type of the encoding.
+     */
+    private int tag;
+    private final String cipher;
+    private final byte[] key;
+    /*
+     * Should have lifetime and MKI here, but this has only been
+     * tested with asterisk which doesn't do either
+     */
+
+    @NonNull
+    private static final Crypto CM_32 = new Crypto(2, "AES_CM_128_HMAC_SHA1_32", 30);
+    @NonNull
+    private static final Crypto CM_80 = new Crypto(1, "AES_CM_128_HMAC_SHA1_80", 30);
+    @NonNull
+    private static final Crypto GCM_16 = new Crypto(7, "AEAD_AES_128_GCM", 28);
+    @NonNull
+    private static final Crypto GCM_8 = new Crypto(9, "AEAD_AES_128_GCM_8", 28);
+
+    @NonNull
+    private static final Crypto[] sCryptos = { GCM_16, GCM_8, CM_80, CM_32 };
+
+    /*
+     * This can be called with just a cipher suite, in which case we
+     * populate the key or with an entire rest of line, in which case
+     * we pick up the key from it (and ignore any lifetime or MKI
+     * parameters)
+     */
+    public Crypto(int tag, @NonNull String rest) {
+        this.tag = tag;
+        String[] splits = rest.split(" ");
+        this.cipher = splits[0];
+
+        if (!splits[1].startsWith("inline:"))
+            throw new IllegalArgumentException("SDP a=crypto: Key string does not start with inline: but \"" + splits[1] + "\"");
+        String[] keys = splits[1].substring(7).split("\\|");
+        this.key = Base64.getDecoder().decode(keys[0]);
+        // ignore lifetime and MKI
+    }
+
+    private Crypto(int tag, String cipher, int keylen) {
+        this.tag = tag;
+        this.key = new byte[keylen];
+        new Random().nextBytes(this.key);
+        this.cipher = cipher;
+    }
+
+    /**
+     * Returns system supported Cryptos
+     */
+    @NonNull
+    public static List<Crypto> getCryptos() {
+	return Arrays.asList(sCryptos);
+    }
+
+    public int getTag() {
+        return tag;
+    }
+
+    @NonNull
+    public String getCipher() {
+        return cipher;
+    }
+
+    @NonNull
+    public byte[] getKey() {
+        return key;
+    }
+
+    @NonNull
+    public String getRest() {
+        String bkey = new String(Base64.getEncoder().encode(key));
+
+        return cipher + " inline:" + bkey;
+    }
+    public boolean valid() {
+        for (Crypto s : sCryptos) {
+            if (cipher.equals(s.cipher))
+                return true;
+        }
+        return false;
+    }
+
+    public String toString() {
+        return getTag() + " " + getRest();
+    }
+}

src/java/android/net/sip/SimpleSessionDescription.java

@@ -20,6 +20,8 @@
 import java.util.Arrays;
 import java.util.Locale;
 
+import android.net.rtp.Crypto;
+
 /**
  * An object used to manipulate messages of Session Description Protocol (SDP).
  * It is mainly designed for the uses of Session Initiation Protocol (SIP).
@@ -113,7 +115,7 @@ public SimpleSessionDescription(String message) {
      * @param type The media type, e.g. {@code "audio"}.
      * @param port The first transport port used by this media.
      * @param portCount The number of contiguous ports used by this media.
-     * @param protocol The transport protocol, e.g. {@code "RTP/AVP"}.
+     * @param protocol The transport protocol, e.g. {@code "RTP/SAVP"}.
      */
     public Media newMedia(String type, int port, int portCount,
             String protocol) {
@@ -122,6 +124,18 @@ public Media newMedia(String type, int port, int portCount,
         return media;
     }
 
+    /**
+     * Creates a new media description in this session description.
+     *
+     * @param m The original Media
+     * @param protocol The transport protocol, e.g. {@code "RTP/AVP"}.
+     */
+    public Media newMediaNoCrypt(Media m, String protocol) {
+        Media media = new Media(m, protocol);
+        mMedia.add(media);
+        return media;
+    }
+
     /**
      * Returns all the media descriptions in this session description.
      */
@@ -240,6 +254,7 @@ public static class Media extends Fields {
         private final int mPortCount;
         private final String mProtocol;
         private ArrayList<String> mFormats = new ArrayList<String>();
+        private ArrayList<Integer> mCryptoTags = new ArrayList<Integer>();
 
         private Media(String type, int port, int portCount, String protocol) {
             super("icbka");
@@ -249,6 +264,21 @@ private Media(String type, int port, int portCount, String protocol) {
             mProtocol = protocol;
         }
 
+        private Media(Media m, String protocol) {
+            super(m);
+
+            mType = m.mType;
+            mPort = m.mPort;
+            mPortCount = m.mPortCount;
+            mProtocol = protocol;
+            mFormats = m.mFormats;
+
+            // strip the "a=crypto:" lines
+            int i;
+            while ((i = super.find("a=crypto", ':')) != -1)
+                mLines.remove(i);
+        }
+
         /**
          * Returns the media type.
          */
@@ -357,6 +387,38 @@ public void setRtpPayload(int type, String rtpmap, String fmtp) {
             super.set("a=fmtp:" + format, ' ', fmtp);
         }
 
+        public void addCrypto(Crypto c) {
+            mCryptoTags.remove(Integer.valueOf(c.getTag()));
+            mCryptoTags.add(Integer.valueOf(c.getTag()));
+
+            super.set("a=crypto:" + c.getTag(), ' ', c.getRest());
+        }
+
+        public ArrayList<Crypto> getCryptos() {
+            ArrayList l = new ArrayList<Crypto>();
+            for (Integer mI : mCryptoTags) {
+		int i = mI.intValue();
+                l.add(new Crypto(i, super.get("a=crypto:" + i, ' ')));
+            }
+
+            return l;
+        }
+
+        void parse(String line) {
+            super.parse(line);
+            if (!line.startsWith("a=crypto:")) {
+                return;
+            }
+            String[] parts = line.split("[: ]");
+            int tag = Integer.valueOf(parts[1]);
+            if (tag <= 0) {
+                throw new IllegalArgumentException("Invalid SDP: crypto tag: "
+                                                   + line);
+            }
+            mCryptoTags.remove(Integer.valueOf(tag));
+            mCryptoTags.add(Integer.valueOf(tag));
+        }
+
         /**
          * Removes a RTP payload and its {@code rtpmap} and {@code fmtp}
          * attributes.
@@ -389,10 +451,18 @@ private void write(StringBuilder buffer) {
      */
     private static class Fields {
         private final String mOrder;
-        private final ArrayList<String> mLines = new ArrayList<String>();
+        protected final ArrayList<String> mLines;
 
         Fields(String order) {
             mOrder = order;
+            mLines = new ArrayList<String>();
+        }
+
+        Fields(Fields f) {
+            this(f.mOrder);
+            for (String s : f.mLines) {
+                mLines.add(s);
+            }
         }
 
         /**
@@ -524,13 +594,14 @@ private void write(StringBuilder buffer) {
         /**
          * Invokes {@link #set} after splitting the line into three parts.
          */
-        private void parse(String line) {
+        void parse(String line) {
             char type = line.charAt(0);
             if (mOrder.indexOf(type) == -1) {
                 return;
             }
             char delimiter = '=';
-            if (line.startsWith("a=rtpmap:") || line.startsWith("a=fmtp:")) {
+            if (line.startsWith("a=rtpmap:") || line.startsWith("a=fmtp:")
+                || line.startsWith("a=crypto:")) {
                 delimiter = ' ';
             } else if (type == 'b' || type == 'a') {
                 delimiter = ':';