fix: support new voice encryption modes (Pycord-Development#2651)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Ice Wolfy <[email protected]>
Co-authored-by: Paillat <[email protected]>

(cherry picked from commit 8e2185c)

Author: NeloBlivion

discord/sinks/core.py

@@ -107,12 +107,25 @@ def __init__(self, data, client):
         self.data = bytearray(data)
         self.client = client
 
-        self.header = data[:12]
-        self.data = self.data[12:]
-
         unpacker = struct.Struct(">xxHII")
-        self.sequence, self.timestamp, self.ssrc = unpacker.unpack_from(self.header)
-        self.decrypted_data = getattr(self.client, f"_decrypt_{self.client.mode}")(self.header, self.data)
+        self.sequence, self.timestamp, self.ssrc = unpacker.unpack_from(self.data[:12])
+
+        # RFC3550 5.1: RTP Fixed Header Fields
+        if self.client.mode.endswith("_rtpsize"):
+            # If It Has CSRC Chunks
+            cutoff = 12 + (data[0] & 0b00_0_0_1111) * 4
+            # If It Has A Extension
+            if data[0] & 0b00_0_1_0000:
+                cutoff += 4
+        else:
+            cutoff = 12
+
+        self.header = data[:cutoff]
+        self.data = self.data[cutoff:]
+
+        self.decrypted_data = getattr(self.client, f"_decrypt_{self.client.mode}")(
+            self.header, self.data
+        )
         self.decoded_data = None
 
         self.user_id = None

discord/types/voice.py

@@ -32,7 +32,12 @@
 from .member import MemberWithUser
 from .snowflake import Snowflake
 
-SupportedModes = Literal["xsalsa20_poly1305_lite", "xsalsa20_poly1305_suffix", "xsalsa20_poly1305"]
+SupportedModes = Literal[
+    "xsalsa20_poly1305_lite",
+    "xsalsa20_poly1305_suffix",
+    "xsalsa20_poly1305",
+    "aead_xchacha20_poly1305_rtpsize",
+]
 
 
 class _VoiceState(TypedDict):

discord/voice_client.py

@@ -271,6 +271,7 @@ def __init__(self, client: Client, channel: abc.Connectable):
         "xsalsa20_poly1305_lite",
         "xsalsa20_poly1305_suffix",
         "xsalsa20_poly1305",
+        "aead_xchacha20_poly1305_rtpsize",
     )
 
     @property
@@ -564,19 +565,22 @@ def _get_voice_packet(self, data):
         return encrypt_packet(header, data)
 
     def _encrypt_xsalsa20_poly1305(self, header: bytes, data) -> bytes:
+        # Deprecated, remove in 2.7
         box = nacl.secret.SecretBox(bytes(self.secret_key))
         nonce = bytearray(24)
         nonce[:12] = header
 
         return header + box.encrypt(bytes(data), bytes(nonce)).ciphertext
 
     def _encrypt_xsalsa20_poly1305_suffix(self, header: bytes, data) -> bytes:
+        # Deprecated, remove in 2.7
         box = nacl.secret.SecretBox(bytes(self.secret_key))
         nonce = nacl.utils.random(nacl.secret.SecretBox.NONCE_SIZE)
 
         return header + box.encrypt(bytes(data), nonce).ciphertext + nonce
 
     def _encrypt_xsalsa20_poly1305_lite(self, header: bytes, data) -> bytes:
+        # Deprecated, remove in 2.7
         box = nacl.secret.SecretBox(bytes(self.secret_key))
         nonce = bytearray(24)
 
@@ -585,7 +589,22 @@ def _encrypt_xsalsa20_poly1305_lite(self, header: bytes, data) -> bytes:
 
         return header + box.encrypt(bytes(data), bytes(nonce)).ciphertext + nonce[:4]
 
+    def _encrypt_aead_xchacha20_poly1305_rtpsize(self, header: bytes, data) -> bytes:
+        # Required as of Nov 18 2024
+        box = nacl.secret.Aead(bytes(self.secret_key))
+        nonce = bytearray(24)
+
+        nonce[:4] = struct.pack(">I", self._lite_nonce)
+        self.checked_add("_lite_nonce", 1, 4294967295)
+
+        return (
+            header
+            + box.encrypt(bytes(data), bytes(header), bytes(nonce)).ciphertext
+            + nonce[:4]
+        )
+
     def _decrypt_xsalsa20_poly1305(self, header, data):
+        # Deprecated, remove in 2.7
         box = nacl.secret.SecretBox(bytes(self.secret_key))
 
         nonce = bytearray(24)
@@ -594,6 +613,7 @@ def _decrypt_xsalsa20_poly1305(self, header, data):
         return self.strip_header_ext(box.decrypt(bytes(data), bytes(nonce)))
 
     def _decrypt_xsalsa20_poly1305_suffix(self, header, data):
+        # Deprecated, remove in 2.7
         box = nacl.secret.SecretBox(bytes(self.secret_key))
 
         nonce_size = nacl.secret.SecretBox.NONCE_SIZE
@@ -602,6 +622,7 @@ def _decrypt_xsalsa20_poly1305_suffix(self, header, data):
         return self.strip_header_ext(box.decrypt(bytes(data[:-nonce_size]), nonce))
 
     def _decrypt_xsalsa20_poly1305_lite(self, header, data):
+        # Deprecated, remove in 2.7
         box = nacl.secret.SecretBox(bytes(self.secret_key))
 
         nonce = bytearray(24)
@@ -610,6 +631,18 @@ def _decrypt_xsalsa20_poly1305_lite(self, header, data):
 
         return self.strip_header_ext(box.decrypt(bytes(data), bytes(nonce)))
 
+    def _decrypt_aead_xchacha20_poly1305_rtpsize(self, header, data):
+        # Required as of Nov 18 2024
+        box = nacl.secret.Aead(bytes(self.secret_key))
+
+        nonce = bytearray(24)
+        nonce[:4] = data[-4:]
+        data = data[:-4]
+
+        return self.strip_header_ext(
+            box.decrypt(bytes(data), bytes(header), bytes(nonce))
+        )
+
     @staticmethod
     def strip_header_ext(data):
         if len(data) > 4 and data[0] == 0xBE and data[1] == 0xDE:
@@ -724,11 +757,12 @@ def unpack_audio(self, data):
         data: :class:`bytes`
             Bytes received by Discord via the UDP connection used for sending and receiving voice data.
         """
-        if 200 <= data[1] <= 204:
-            # RTCP received.
-            # RTCP provides information about the connection
-            # as opposed to actual audio data, so it's not
-            # important at the moment.
+        if data[1] != 0x78:
+            # We Should Ignore Any Payload Types We Do Not Understand
+            # Ref RFC 3550 5.1 payload type
+            # At Some Point We Noted That We Should Ignore Only Types 200 - 204 inclusive.
+            # They Were Marked As RTCP: Provides Information About The Connection
+            # This Was Too Broad Of A Whitelist, It Is Unclear If This Is Too Narrow Of A Whitelist
             return
         if self.paused:
             return