Use an IV buffer also for RTCP

Author: atoppi

srtp_cipher_aead_aes_gcm.go

@@ -25,8 +25,9 @@ type srtpCipherAeadAesGcm struct {
 
 	useCryptex bool
 
-	// Pre-allocated buffer for IV to avoid heap allocation in hot path
-	rtpIV [12]byte
+	// Pre-allocated buffers for IV to avoid heap allocation in hot path
+	rtpIV  [12]byte
+	rtcpIV [12]byte
 }
 
 func newSrtpCipherAeadAesGcm(
@@ -258,7 +259,7 @@ func (s *srtpCipherAeadAesGcm) encryptRTCP(dst, decrypted []byte, srtcpIndex uin
 	dst = growBufferSize(dst, aadPos+srtcpIndexSize+len(s.mki))
 	sameBuffer := isSameBuffer(dst, decrypted)
 
-	iv := s.rtcpInitializationVector(srtcpIndex, ssrc)
+	s.rtcpInitializationVector(srtcpIndex, ssrc)
 	if s.srtcpEncrypted {
 		aad := s.rtcpAdditionalAuthenticatedData(decrypted, srtcpIndex)
 		if !sameBuffer {
@@ -267,7 +268,7 @@ func (s *srtpCipherAeadAesGcm) encryptRTCP(dst, decrypted []byte, srtcpIndex uin
 		}
 		// Copy index to the proper place.
 		copy(dst[aadPos:aadPos+srtcpIndexSize], aad[8:12])
-		s.srtcpCipher.Seal(dst[srtcpHeaderSize:srtcpHeaderSize], iv[:], decrypted[srtcpHeaderSize:], aad[:])
+		s.srtcpCipher.Seal(dst[srtcpHeaderSize:srtcpHeaderSize], s.rtcpIV[:], decrypted[srtcpHeaderSize:], aad[:])
 	} else {
 		// Copy the packet unencrypted.
 		if !sameBuffer {
@@ -277,7 +278,7 @@ func (s *srtpCipherAeadAesGcm) encryptRTCP(dst, decrypted []byte, srtcpIndex uin
 		binary.BigEndian.PutUint32(dst[len(decrypted):], srtcpIndex)
 		// Generate the authentication tag.
 		tag := make([]byte, authTagLen)
-		s.srtcpCipher.Seal(tag[0:0], iv[:], nil, dst[:len(decrypted)+srtcpIndexSize])
+		s.srtcpCipher.Seal(tag[0:0], s.rtcpIV[:], nil, dst[:len(decrypted)+srtcpIndexSize])
 		// Copy index to the proper place.
 		copy(dst[aadPos:], dst[len(decrypted):len(decrypted)+srtcpIndexSize])
 		// Copy the auth tag after RTCP payload.
@@ -305,10 +306,10 @@ func (s *srtpCipherAeadAesGcm) decryptRTCP(dst, encrypted []byte, srtcpIndex, ss
 	sameBuffer := isSameBuffer(dst, encrypted)
 
 	isEncrypted := encrypted[aadPos]&srtcpEncryptionFlag != 0
-	iv := s.rtcpInitializationVector(srtcpIndex, ssrc)
+	s.rtcpInitializationVector(srtcpIndex, ssrc)
 	if isEncrypted {
 		aad := s.rtcpAdditionalAuthenticatedData(encrypted, srtcpIndex)
-		if _, err := s.srtcpCipher.Open(dst[srtcpHeaderSize:srtcpHeaderSize], iv[:], encrypted[srtcpHeaderSize:aadPos],
+		if _, err := s.srtcpCipher.Open(dst[srtcpHeaderSize:srtcpHeaderSize], s.rtcpIV[:], encrypted[srtcpHeaderSize:aadPos],
 			aad[:]); err != nil {
 			return nil, fmt.Errorf("%w: %w", ErrFailedToVerifyAuthTag, err)
 		}
@@ -319,7 +320,7 @@ func (s *srtpCipherAeadAesGcm) decryptRTCP(dst, encrypted []byte, srtcpIndex, ss
 		copy(aad, encrypted[:dataEnd])
 		copy(aad[dataEnd:], encrypted[aadPos:aadPos+4])
 		// Verify the auth tag.
-		if _, err := s.srtcpCipher.Open(nil, iv[:], encrypted[dataEnd:aadPos], aad); err != nil {
+		if _, err := s.srtcpCipher.Open(nil, s.rtcpIV[:], encrypted[dataEnd:aadPos], aad); err != nil {
 			return nil, fmt.Errorf("%w: %w", ErrFailedToVerifyAuthTag, err)
 		}
 		// Copy the unencrypted payload.
@@ -359,17 +360,13 @@ func (s *srtpCipherAeadAesGcm) rtpInitializationVector(header *rtp.Header, roc u
 // form the 12-octet IV.
 //
 // https://tools.ietf.org/html/rfc7714#section-9.1
-func (s *srtpCipherAeadAesGcm) rtcpInitializationVector(srtcpIndex uint32, ssrc uint32) [12]byte {
-	var iv [12]byte
+func (s *srtpCipherAeadAesGcm) rtcpInitializationVector(srtcpIndex uint32, ssrc uint32) {
+	binary.BigEndian.PutUint32(s.rtcpIV[2:], ssrc)
+	binary.BigEndian.PutUint32(s.rtcpIV[8:], srtcpIndex)
 
-	binary.BigEndian.PutUint32(iv[2:], ssrc)
-	binary.BigEndian.PutUint32(iv[8:], srtcpIndex)
-
-	for i := range iv {
-		iv[i] ^= s.srtcpSessionSalt[i]
+	for i := range s.rtcpIV {
+		s.rtcpIV[i] ^= s.srtcpSessionSalt[i]
 	}
-
-	return iv
 }
 
 // In an SRTCP packet, a 1-bit Encryption flag is prepended to the