add Aes128CmHmacSha1_32 support

srtp/src/cipher/cipher_aead_aes_gcm.rs

@@ -146,7 +146,11 @@ impl Cipher for CipherAeadAesGcm {
 
 impl CipherAeadAesGcm {
     /// Create a new AEAD instance.
-    pub(crate) fn new(profile: ProtectionProfile, master_key: &[u8], master_salt: &[u8]) -> Result<CipherAeadAesGcm> {
+    pub(crate) fn new(
+        profile: ProtectionProfile,
+        master_key: &[u8],
+        master_salt: &[u8],
+    ) -> Result<CipherAeadAesGcm> {
         let srtp_session_key = aes_cm_key_derivation(
             LABEL_SRTP_ENCRYPTION,
             master_key,

srtp/src/cipher/cipher_aes_cm_hmac_sha1/ctrcipher.rs

@@ -205,7 +205,8 @@ impl Cipher for CipherAesCmHmacSha1 {
         let cipher_text = &encrypted[..encrypted_len - self.rtcp_auth_tag_len()];
 
         // Generate the auth tag we expect to see from the ciphertext.
-        let expected_tag = &self.inner.generate_srtcp_auth_tag(cipher_text)[..self.rtcp_auth_tag_len()];
+        let expected_tag =
+            &self.inner.generate_srtcp_auth_tag(cipher_text)[..self.rtcp_auth_tag_len()];
 
         // See if the auth tag actually matches.
         // We use a constant time comparison to prevent timing attacks.

srtp/src/cipher/cipher_aes_cm_hmac_sha1/opensslcipher.rs

@@ -5,11 +5,11 @@ use subtle::ConstantTimeEq;
 use util::marshal::*;
 
 use super::{Cipher, CipherInner};
+use crate::protection_profile::ProtectionProfile;
 use crate::{
     error::{Error, Result},
     key_derivation::*,
 };
-use crate::protection_profile::ProtectionProfile;
 
 pub(crate) struct CipherAesCmHmacSha1 {
     inner: CipherInner,
@@ -167,7 +167,8 @@ impl Cipher for CipherAesCmHmacSha1 {
     fn encrypt_rtcp(&mut self, decrypted: &[u8], srtcp_index: usize, ssrc: u32) -> Result<Bytes> {
         let decrypted_len = decrypted.len();
 
-        let mut writer = Vec::with_capacity(decrypted_len + SRTCP_INDEX_SIZE + self.rtcp_auth_tag_len());
+        let mut writer =
+            Vec::with_capacity(decrypted_len + SRTCP_INDEX_SIZE + self.rtcp_auth_tag_len());
 
         // Write the decrypted to the destination buffer.
         writer.extend_from_slice(&decrypted[..HEADER_LENGTH + SSRC_LENGTH]);
@@ -238,7 +239,8 @@ impl Cipher for CipherAesCmHmacSha1 {
         let cipher_text = &encrypted[..encrypted_len - self.rtcp_auth_tag_len()];
 
         // Generate the auth tag we expect to see from the ciphertext.
-        let expected_tag = &self.inner.generate_srtcp_auth_tag(cipher_text)[..self.rtcp_auth_tag_len()];
+        let expected_tag =
+            &self.inner.generate_srtcp_auth_tag(cipher_text)[..self.rtcp_auth_tag_len()];
 
         // See if the auth tag actually matches.
         // We use a constant time comparison to prevent timing attacks.

webrtc/src/dtls_transport/mod.rs

@@ -46,6 +46,7 @@ pub(crate) fn default_srtp_protection_profiles() -> Vec<SrtpProtectionProfile> {
         SrtpProtectionProfile::Srtp_Aead_Aes_128_Gcm,
         SrtpProtectionProfile::Srtp_Aead_Aes_256_Gcm,
         SrtpProtectionProfile::Srtp_Aes128_Cm_Hmac_Sha1_80,
+        SrtpProtectionProfile::Srtp_Aes128_Cm_Hmac_Sha1_32,
     ]
 }
 
@@ -421,6 +422,9 @@ impl RTCDtlsTransport {
                 dtls::extension::extension_use_srtp::SrtpProtectionProfile::Srtp_Aes128_Cm_Hmac_Sha1_80 => {
                     srtp::protection_profile::ProtectionProfile::Aes128CmHmacSha1_80
                 }
+                dtls::extension::extension_use_srtp::SrtpProtectionProfile::Srtp_Aes128_Cm_Hmac_Sha1_32 => {
+                    srtp::protection_profile::ProtectionProfile::Aes128CmHmacSha1_32
+                }
                 _ => {
                     if let Err(err) = dtls_conn.close().await {
                         log::error!("{}", err);