support new voice ecnryption modes (#431)

Co-authored-by: viztea <[email protected]>

Author: topi314

_examples/echo/echo.go

@@ -23,6 +23,7 @@ var (
 	token     = os.Getenv("disgo_token")
 	guildID   = snowflake.GetEnv("disgo_guild_id")
 	channelID = snowflake.GetEnv("disgo_channel_id")
+	userID    = snowflake.GetEnv("disgo_user_id")
 )
 
 func main() {
@@ -76,6 +77,7 @@ func play(client *bot.Client) {
 	if _, err := conn.UDP().Write(voice.SilenceAudioFrame); err != nil {
 		panic("error sending silence: " + err.Error())
 	}
+
 	for {
 		packet, err := conn.UDP().ReadPacket()
 		if err != nil {
@@ -86,6 +88,9 @@ func play(client *bot.Client) {
 			slog.Info("error while reading from reader", slog.Any("err", err))
 			continue
 		}
+		if voiceUserID := conn.UserIDBySSRC(packet.SSRC); voiceUserID != userID {
+			continue
+		}
 		if _, err = conn.UDP().Write(packet.Opus); err != nil {
 			if errors.Is(err, net.ErrClosed) {
 				slog.Info("connection closed")

voice/audio_sender.go

@@ -14,10 +14,10 @@ var SilenceAudioFrame = []byte{0xF8, 0xFF, 0xFE}
 
 const (
 	// OpusFrameSizeMs is the size of an opus frame in milliseconds.
-	OpusFrameSizeMs int = 20
+	OpusFrameSizeMs = 20
 
 	// OpusFrameSize is the size of an opus frame in bytes.
-	OpusFrameSize int = 960
+	OpusFrameSize = 960
 
 	// OpusFrameSizeBytes is the size of an opus frame in bytes.
 	OpusFrameSizeBytes = OpusFrameSize * 2 * 2

voice/conn.go

@@ -204,19 +204,28 @@ func (c *connImpl) handleMessage(gateway Gateway, op Opcode, sequenceNumber int,
 			c.config.Logger.Error("voice: failed to open voiceudp conn", slog.Any("err", err))
 			break
 		}
+
+		encryptionMode, err := ChooseEncryptionMode(d.Modes)
+		if err != nil {
+			c.config.Logger.Error("voice: failed to choose encryption mode", slog.Any("err", err))
+			break
+		}
+
 		if err = c.Gateway().Send(ctx, OpcodeSelectProtocol, GatewayMessageDataSelectProtocol{
 			Protocol: ProtocolUDP,
 			Data: GatewayMessageDataSelectProtocolData{
 				Address: ourAddress,
 				Port:    ourPort,
-				Mode:    EncryptionModeNormal,
+				Mode:    encryptionMode,
 			},
 		}); err != nil {
 			c.config.Logger.Error("voice: failed to send select protocol", slog.Any("err", err))
 		}
 
 	case GatewayMessageDataSessionDescription:
-		c.udp.SetSecretKey(d.SecretKey)
+		if err := c.udp.SetSecretKey(d.Mode, d.SecretKey); err != nil {
+			c.config.Logger.Error("voice: failed to set secret key", slog.Any("err", err))
+		}
 		c.openedChan <- struct{}{}
 
 	case GatewayMessageDataSpeaking:

voice/encryption_modes.go

@@ -0,0 +1,150 @@
+package voice
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"encoding/binary"
+	"fmt"
+
+	"golang.org/x/crypto/chacha20poly1305"
+)
+
+// NewEncrypter creates a new Encrypter based on the given encryption mode and secret key.
+// If the encryption mode is not supported, an error is returned.
+func NewEncrypter(encryptionMode EncryptionMode, secretKey []byte) (Encrypter, error) {
+	switch encryptionMode {
+	case EncryptionModeNone:
+		return NewNoopEncrypter(), nil
+	case EncryptionModeAEADAES256GCMRTPSize, EncryptionModeAEADXChaCha20Poly1305RTPSize:
+		return NewAEADEncrypter(encryptionMode, secretKey)
+
+	default:
+		return nil, fmt.Errorf("unknown encryption mode: %s", encryptionMode)
+	}
+}
+
+// Encrypter is used to encrypt RTP packets before sending them to Discord.
+//
+// The header is the 12 byte RTP header.
+// The data is the opus encoded audio data.
+//
+// The returned byte slice is the encrypted packet ready to be sent to Discord.
+//
+// [NoopEncrypter] does not encrypt the data and is used for testing purposes only.
+// [AEADEncrypter] is the required aead_xchacha20_poly1305_rtpsize encryption mode by Discord.
+// [AEADAES256GCMRTPSize] is the preferred aead_aes256_gcm_rtpsize encryption mode by Discord.
+// See https://discord.com/developers/docs/topics/voice-connections#transport-encryption-and-sending-voice for more information.
+type Encrypter interface {
+	// Encrypt encrypts the given RTP header and opus data and returns the encrypted packet.
+	Encrypt(header [RTPHeaderSize]byte, data []byte) []byte
+
+	// Decrypt decrypts the given packet and returns the RTP header and opus data.
+	Decrypt(rtpHeaderSize int, packet []byte) ([]byte, error)
+}
+
+// NewNoopEncrypter creates a new NoopEncrypter.
+func NewNoopEncrypter() *NoopEncrypter {
+	return &NoopEncrypter{
+		buf:    make([]byte, RTPHeaderSize, MaxOpusFrameSize+RTPHeaderSize),
+		recBuf: make([]byte, 0, MaxOpusFrameSize+RTPHeaderSize),
+	}
+}
+
+// NoopEncrypter is used to not encrypt RTP packets. This is only for testing purposes.
+// Do not use this in production as Discord requires encryption.
+type NoopEncrypter struct {
+	buf    []byte
+	recBuf []byte
+}
+
+func (n *NoopEncrypter) Encrypt(header [RTPHeaderSize]byte, data []byte) []byte {
+	n.buf = n.buf[:RTPHeaderSize]
+
+	copy(n.buf, header[:])
+	n.buf = append(n.buf, data...)
+
+	return n.buf
+}
+
+func (n *NoopEncrypter) Decrypt(rtpHeaderSize int, packet []byte) ([]byte, error) {
+	n.recBuf = n.recBuf[:0]
+	copy(n.recBuf, packet)
+
+	return n.recBuf[rtpHeaderSize:], nil
+}
+
+// NewAEADEncrypter creates a new AEADEncrypter with the given encryption mode and secret key.
+func NewAEADEncrypter(encryptionMode EncryptionMode, secretKey []byte) (*AEADEncrypter, error) {
+	var aead cipher.AEAD
+
+	switch encryptionMode {
+	case EncryptionModeAEADAES256GCMRTPSize:
+		block, err := aes.NewCipher(secretKey)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create AES cipher: %w", err)
+		}
+
+		c, err := cipher.NewGCM(block)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create GCM cipher: %w", err)
+		}
+		aead = c
+	case EncryptionModeAEADXChaCha20Poly1305RTPSize:
+		c, err := chacha20poly1305.NewX(secretKey)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create XChaCha20-Poly1305 cipher: %w", err)
+		}
+		aead = c
+	default:
+		return nil, fmt.Errorf("unknown encryption mode: %s", encryptionMode)
+	}
+
+	maxFrameSize := MaxOpusFrameSize + RTPHeaderSize + aead.NonceSize() + aead.Overhead()
+
+	return &AEADEncrypter{
+		cipher:   aead,
+		buf:      make([]byte, RTPHeaderSize, maxFrameSize),
+		nonce:    make([]byte, aead.NonceSize()),
+		seq:      0,
+		recBuf:   make([]byte, 0, maxFrameSize),
+		recNonce: make([]byte, aead.NonceSize()),
+	}, nil
+}
+
+// AEADEncrypter is used to encrypt RTP packets using AEAD ciphers.
+type AEADEncrypter struct {
+	cipher cipher.AEAD
+	buf    []byte
+	nonce  []byte
+	seq    uint32
+
+	recBuf   []byte
+	recNonce []byte
+}
+
+func (a *AEADEncrypter) Encrypt(header [RTPHeaderSize]byte, data []byte) []byte {
+	a.buf = a.buf[:RTPHeaderSize]
+
+	binary.LittleEndian.PutUint32(a.nonce, a.seq)
+	a.seq++
+
+	copy(a.buf, header[:])
+	a.buf = a.cipher.Seal(a.buf, a.nonce, data, header[:])
+	a.buf = append(a.buf, a.nonce[:4]...)
+
+	return a.buf
+}
+
+func (a *AEADEncrypter) Decrypt(rtpHeaderSize int, packet []byte) ([]byte, error) {
+	a.recBuf = a.recBuf[:0]
+
+	copy(a.recNonce, packet[len(packet)-4:])
+
+	var err error
+	a.recBuf, err = a.cipher.Open(a.recBuf, a.recNonce, packet[rtpHeaderSize:len(packet)-4], packet[:rtpHeaderSize])
+	if err != nil {
+		return nil, err
+	}
+
+	return a.recBuf, nil
+}

voice/gateway_messages.go

@@ -118,10 +118,10 @@ type GatewayMessageDataIdentify struct {
 func (GatewayMessageDataIdentify) voiceGatewayMessageData() {}
 
 type GatewayMessageDataReady struct {
-	SSRC  uint32   `json:"ssrc"`
-	IP    string   `json:"ip"`
-	Port  int      `json:"port"`
-	Modes []string `json:"modes"`
+	SSRC  uint32           `json:"ssrc"`
+	IP    string           `json:"ip"`
+	Port  int              `json:"port"`
+	Modes []EncryptionMode `json:"modes"`
 }
 
 func (GatewayMessageDataReady) voiceGatewayMessageData() {}
@@ -148,8 +148,8 @@ type GatewayMessageDataHeartbeat struct {
 func (GatewayMessageDataHeartbeat) voiceGatewayMessageData() {}
 
 type GatewayMessageDataSessionDescription struct {
-	Mode      string   `json:"mode"`
-	SecretKey [32]byte `json:"secret_key"`
+	Mode      EncryptionMode `json:"mode"`
+	SecretKey []byte         `json:"secret_key"`
 }
 
 func (GatewayMessageDataSessionDescription) voiceGatewayMessageData() {}
@@ -176,13 +176,35 @@ type GatewayMessageDataSelectProtocolData struct {
 // EncryptionMode is the encryption mode used for voice data.
 type EncryptionMode string
 
-// All possible EncryptionMode(s) https://discord.com/developers/docs/topics/voice-connections#establishing-a-voice-udp-connection-encryption-modes.
+// All possible EncryptionMode(s) https://discord.com/developers/docs/topics/voice-connections#transport-encryption-and-sending-voice.
 const (
-	EncryptionModeNormal EncryptionMode = "xsalsa20_poly1305"
-	EncryptionModeSuffix EncryptionMode = "xsalsa20_poly1305_suffix"
-	EncryptionModeLite   EncryptionMode = "xsalsa20_poly1305_lite"
+	// EncryptionModeNone is no encryption. This mode is not supported by Discord.
+	EncryptionModeNone EncryptionMode = ""
+	// EncryptionModeAEADAES256GCMRTPSize is the preferred encryption mode.
+	EncryptionModeAEADAES256GCMRTPSize EncryptionMode = "aead_aes256_gcm_rtpsize"
+	// EncryptionModeAEADXChaCha20Poly1305RTPSize is the required encryption mode.
+	EncryptionModeAEADXChaCha20Poly1305RTPSize EncryptionMode = "aead_xchacha20_poly1305_rtpsize"
 )
 
+// AllEncryptionModes is a list of all supported EncryptionMode(s).
+var AllEncryptionModes = []EncryptionMode{
+	EncryptionModeAEADAES256GCMRTPSize,         // preferred
+	EncryptionModeAEADXChaCha20Poly1305RTPSize, // required
+}
+
+// ChooseEncryptionMode chooses the best supported encryption mode from the given list of modes.
+// It returns an error if no supported mode is found.
+func ChooseEncryptionMode(modes []EncryptionMode) (EncryptionMode, error) {
+	for _, preferred := range AllEncryptionModes {
+		for _, mode := range modes {
+			if mode == preferred {
+				return mode, nil
+			}
+		}
+	}
+	return "", fmt.Errorf("no supported encryption mode found in %v", modes)
+}
+
 type GatewayMessageDataSpeaking struct {
 	Speaking SpeakingFlags `json:"speaking"`
 	Delay    int           `json:"delay"`