feat: v8 encryption modes (#264)

This PR adds support for the new AEAD cryptosystems advertised by Discord, AES256-GCM and XChaCha20Poly1305. These schemes will shortly become mandatory, and provider stronger integrity/authentication guarantees over the cleartext portions of any voice packet by correctly specifying additional authenticated data. To provide smooth switchover, we've added basic negotiation over the `CryptoMode`. This ensures that any clients who are manually specifying one of the legacy modes will automatically migrate to `Aes256Gcm` when Discord cease to advertise their original preference. Closes #246. --------- Co-authored-by: Kyle Simpson <kyleandrew.simpson@gmail.com>
2024-11-11 21:30:15 +09:00
parent fe9b156906
commit 10ce458456
17 changed files with 705 additions and 173 deletions
--- a/src/driver/test_impls.rs
+++ b/src/driver/test_impls.rs
@@ -1,8 +1,12 @@
 #![allow(missing_docs)]

+use super::{
+    scheduler::*,
+    tasks::{message::*, mixer::Mixer},
+    *,
+};
 use crate::{
    constants::*,
-    driver::crypto::KEY_SIZE,
    input::{
        cached::Compressed,
        codecs::{CODEC_REGISTRY, PROBE},
@@ -11,17 +15,11 @@ use crate::{
    test_utils,
    tracks::LoopState,
 };
-use crypto_secretbox::{KeyInit, XSalsa20Poly1305 as Cipher};
+use crypto_secretbox::XSalsa20Poly1305;
 use flume::Receiver;
 use std::{io::Cursor, net::UdpSocket, sync::Arc};
 use tokio::runtime::Handle;

-use super::{
-    scheduler::*,
-    tasks::{message::*, mixer::Mixer},
-    *,
-};
-
 // create a dummied task + interconnect.
 // measure perf at varying numbers of sources (binary 1--64) without passthrough support.

@@ -65,18 +63,25 @@ impl Mixer {
            .connect("127.0.0.1:5316")
            .expect("Failed to connect to local dest port.");

+        #[allow(deprecated)]
+        let mode = CryptoMode::Normal;
+        let cipher = mode
+            .cipher_from_key(&[0u8; XSalsa20Poly1305::KEY_SIZE])
+            .unwrap();
+        let crypto_state = mode.into();
+
        #[cfg(feature = "receive")]
        let fake_conn = MixerConnection {
-            cipher: Cipher::new_from_slice(&[0u8; KEY_SIZE]).unwrap(),
-            crypto_state: CryptoState::Normal,
+            cipher,
+            crypto_state,
            udp_rx: udp_receiver_tx,
            udp_tx,
        };

        #[cfg(not(feature = "receive"))]
        let fake_conn = MixerConnection {
-            cipher: Cipher::new_from_slice(&[0u8; KEY_SIZE]).unwrap(),
-            crypto_state: CryptoState::Normal,
+            cipher,
+            crypto_state,
            udp_tx,
        };