1/* 2 * srtp.h 3 * 4 * interface to libsrtp 5 * 6 * David A. McGrew 7 * Cisco Systems, Inc. 8 */ 9/* 10 * 11 * Copyright (c) 2001-2006, Cisco Systems, Inc. 12 * All rights reserved. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 18 * Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 21 * Redistributions in binary form must reproduce the above 22 * copyright notice, this list of conditions and the following 23 * disclaimer in the documentation and/or other materials provided 24 * with the distribution. 25 * 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 * contributors may be used to endorse or promote products derived 28 * from this software without specific prior written permission. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 41 * OF THE POSSIBILITY OF SUCH DAMAGE. 42 * 43 */ 44 45 46#ifndef SRTP_H 47#define SRTP_H 48 49#ifdef __cplusplus 50extern "C" { 51#endif 52 53#include "crypto_kernel.h" 54 55/** 56 * @defgroup SRTP Secure RTP 57 * 58 * @brief libSRTP provides functions for protecting RTP and RTCP. See 59 * Section @ref Overview for an introduction to the use of the library. 60 * 61 * @{ 62 */ 63 64/* 65 * SRTP_MASTER_KEY_LEN is the nominal master key length supported by libSRTP 66 */ 67 68#define SRTP_MASTER_KEY_LEN 30 69 70/* 71 * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP 72 */ 73#define SRTP_MAX_KEY_LEN 64 74 75/* 76 * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP 77 */ 78 79#define SRTP_MAX_TAG_LEN 12 80 81/** 82 * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer 83 * (authentication tag and MKI) supported by libSRTP. This value is 84 * the maximum number of octets that will be added to an RTP packet by 85 * srtp_protect(). 86 * 87 * @brief the maximum number of octets added by srtp_protect(). 88 */ 89#define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN 90 91/* 92 * nota bene: since libSRTP doesn't support the use of the MKI, the 93 * SRTP_MAX_TRAILER_LEN value is just the maximum tag length 94 */ 95 96/** 97 * @brief sec_serv_t describes a set of security services. 98 * 99 * A sec_serv_t enumeration is used to describe the particular 100 * security services that will be applied by a particular crypto 101 * policy (or other mechanism). 102 */ 103 104typedef enum { 105 sec_serv_none = 0, /**< no services */ 106 sec_serv_conf = 1, /**< confidentiality */ 107 sec_serv_auth = 2, /**< authentication */ 108 sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */ 109} sec_serv_t; 110 111/** 112 * @brief crypto_policy_t describes a particular crypto policy that 113 * can be applied to an SRTP stream. 114 * 115 * A crypto_policy_t describes a particular cryptographic policy that 116 * can be applied to an SRTP or SRTCP stream. An SRTP session policy 117 * consists of a list of these policies, one for each SRTP stream 118 * in the session. 119 */ 120 121typedef struct crypto_policy_t { 122 cipher_type_id_t cipher_type; /**< An integer representing 123 * the type of cipher. */ 124 int cipher_key_len; /**< The length of the cipher key 125 * in octets. */ 126 auth_type_id_t auth_type; /**< An integer representing the 127 * authentication function. */ 128 int auth_key_len; /**< The length of the authentication 129 * function key in octets. */ 130 int auth_tag_len; /**< The length of the authentication 131 * tag in octets. */ 132 sec_serv_t sec_serv; /**< The flag indicating the security 133 * services to be applied. */ 134} crypto_policy_t; 135 136 137/** 138 * @brief ssrc_type_t describes the type of an SSRC. 139 * 140 * An ssrc_type_t enumeration is used to indicate a type of SSRC. See 141 * @ref srtp_policy_t for more informataion. 142 */ 143 144typedef enum { 145 ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */ 146 ssrc_specific = 1, /**< Indicates a specific SSRC value */ 147 ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value 148 (i.e. a value that is used in the 149 function srtp_unprotect()) */ 150 ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value 151 (i.e. a value that is used in the 152 function srtp_protect()) */ 153} ssrc_type_t; 154 155/** 156 * @brief An ssrc_t represents a particular SSRC value, or a `wildcard' SSRC. 157 * 158 * An ssrc_t represents a particular SSRC value (if its type is 159 * ssrc_specific), or a wildcard SSRC value that will match all 160 * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound 161 * SSRCs (if its type is ssrc_any_inbound). 162 * 163 */ 164 165typedef struct { 166 ssrc_type_t type; /**< The type of this particular SSRC */ 167 unsigned int value; /**< The value of this SSRC, if it is not a wildcard */ 168} ssrc_t; 169 170 171/** 172 * @brief points to an EKT policy 173 */ 174typedef struct ekt_policy_ctx_t *ekt_policy_t; 175 176 177/** 178 * @brief points to EKT stream data 179 */ 180typedef struct ekt_stream_ctx_t *ekt_stream_t; 181 182 183/** 184 * @brief represents the policy for an SRTP session. 185 * 186 * A single srtp_policy_t struct represents the policy for a single 187 * SRTP stream, and a linked list of these elements represents the 188 * policy for an entire SRTP session. Each element contains the SRTP 189 * and SRTCP crypto policies for that stream, a pointer to the SRTP 190 * master key for that stream, the SSRC describing that stream, or a 191 * flag indicating a `wildcard' SSRC value, and a `next' field that 192 * holds a pointer to the next element in the list of policy elements, 193 * or NULL if it is the last element. 194 * 195 * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an 196 * inbound stream that for which there is no explicit SSRC entry in 197 * another policy element. Similarly, the value SSRC_ANY_OUTBOUND 198 * will matches any SSRC from an outbound stream that does not appear 199 * in another policy element. Note that wildcard SSRCs &b cannot be 200 * used to match both inbound and outbound traffic. This restriction 201 * is intentional, and it allows libSRTP to ensure that no security 202 * lapses result from accidental re-use of SSRC values during key 203 * sharing. 204 * 205 * 206 * @warning The final element of the list @b must have its `next' pointer 207 * set to NULL. 208 */ 209 210typedef struct srtp_policy_t { 211 ssrc_t ssrc; /**< The SSRC value of stream, or the 212 * flags SSRC_ANY_INBOUND or 213 * SSRC_ANY_OUTBOUND if key sharing 214 * is used for this policy element. 215 */ 216 crypto_policy_t rtp; /**< SRTP crypto policy. */ 217 crypto_policy_t rtcp; /**< SRTCP crypto policy. */ 218 unsigned char *key; /**< Pointer to the SRTP master key for 219 * this stream. */ 220 ekt_policy_t ekt; /**< Pointer to the EKT policy structure 221 * for this stream (if any) */ 222 unsigned long window_size; /**< The window size to use for replay 223 * protection. */ 224 int allow_repeat_tx; /**< Whether retransmissions of 225 * packets with the same sequence number 226 * are allowed. (Note that such repeated 227 * transmissions must have the same RTP 228 * payload, or a severe security weakness 229 * is introduced!) */ 230 struct srtp_policy_t *next; /**< Pointer to next stream policy. */ 231} srtp_policy_t; 232 233 234 235 236/** 237 * @brief An srtp_t points to an SRTP session structure. 238 * 239 * The typedef srtp_t is a pointer to a structure that represents 240 * an SRTP session. This datatype is intentially opaque in 241 * order to separate the interface from the implementation. 242 * 243 * An SRTP session consists of all of the traffic sent to the RTP and 244 * RTCP destination transport addresses, using the RTP/SAVP (Secure 245 * Audio/Video Profile). A session can be viewed as a set of SRTP 246 * streams, each of which originates with a different participant. 247 */ 248 249typedef struct srtp_ctx_t *srtp_t; 250 251 252/** 253 * @brief An srtp_stream_t points to an SRTP stream structure. 254 * 255 * The typedef srtp_stream_t is a pointer to a structure that 256 * represents an SRTP stream. This datatype is intentionally 257 * opaque in order to separate the interface from the implementation. 258 * 259 * An SRTP stream consists of all of the traffic sent to an SRTP 260 * session by a single participant. A session can be viewed as 261 * a set of streams. 262 * 263 */ 264typedef struct srtp_stream_ctx_t *srtp_stream_t; 265 266 267 268/** 269 * @brief srtp_init() initializes the srtp library. 270 * 271 * @warning This function @b must be called before any other srtp 272 * functions. 273 */ 274 275err_status_t 276srtp_init(void); 277 278/** 279 * @brief srtp_shutdown() de-initializes the srtp library. 280 * 281 * @warning No srtp functions may be called after calling this function. 282 */ 283 284err_status_t 285srtp_shutdown(void); 286 287/** 288 * @brief srtp_protect() is the Secure RTP sender-side packet processing 289 * function. 290 * 291 * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP 292 * protection to the RTP packet rtp_hdr (which has length *len_ptr) using 293 * the SRTP context ctx. If err_status_ok is returned, then rtp_hdr 294 * points to the resulting SRTP packet and *len_ptr is the number of 295 * octets in that packet; otherwise, no assumptions should be made 296 * about the value of either data elements. 297 * 298 * The sequence numbers of the RTP packets presented to this function 299 * need not be consecutive, but they @b must be out of order by less 300 * than 2^15 = 32,768 packets. 301 * 302 * @warning This function assumes that it can write the authentication 303 * tag into the location in memory immediately following the RTP 304 * packet, and assumes that the RTP packet is aligned on a 32-bit 305 * boundary. 306 * 307 * @param ctx is the SRTP context to use in processing the packet. 308 * 309 * @param rtp_hdr is a pointer to the RTP packet (before the call); after 310 * the function returns, it points to the srtp packet. 311 * 312 * @param len_ptr is a pointer to the length in octets of the complete 313 * RTP packet (header and body) before the function call, and of the 314 * complete SRTP packet after the call, if err_status_ok was returned. 315 * Otherwise, the value of the data to which it points is undefined. 316 * 317 * @return 318 * - err_status_ok no problems 319 * - err_status_replay_fail rtp sequence number was non-increasing 320 * - @e other failure in cryptographic mechanisms 321 */ 322 323err_status_t 324srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); 325 326/** 327 * @brief srtp_unprotect() is the Secure RTP receiver-side packet 328 * processing function. 329 * 330 * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies 331 * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr 332 * (which has length *len_ptr), using the SRTP context ctx. If 333 * err_status_ok is returned, then srtp_hdr points to the resulting 334 * RTP packet and *len_ptr is the number of octets in that packet; 335 * otherwise, no assumptions should be made about the value of either 336 * data elements. 337 * 338 * The sequence numbers of the RTP packets presented to this function 339 * need not be consecutive, but they @b must be out of order by less 340 * than 2^15 = 32,768 packets. 341 * 342 * @warning This function assumes that the SRTP packet is aligned on a 343 * 32-bit boundary. 344 * 345 * @param ctx is a pointer to the srtp_t which applies to the 346 * particular packet. 347 * 348 * @param srtp_hdr is a pointer to the header of the SRTP packet 349 * (before the call). after the function returns, it points to the 350 * rtp packet if err_status_ok was returned; otherwise, the value of 351 * the data to which it points is undefined. 352 * 353 * @param len_ptr is a pointer to the length in octets of the complete 354 * srtp packet (header and body) before the function call, and of the 355 * complete rtp packet after the call, if err_status_ok was returned. 356 * Otherwise, the value of the data to which it points is undefined. 357 * 358 * @return 359 * - err_status_ok if the RTP packet is valid. 360 * - err_status_auth_fail if the SRTP packet failed the message 361 * authentication check. 362 * - err_status_replay_fail if the SRTP packet is a replay (e.g. packet has 363 * already been processed and accepted). 364 * - [other] if there has been an error in the cryptographic mechanisms. 365 * 366 */ 367 368err_status_t 369srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); 370 371 372/** 373 * @brief srtp_create() allocates and initializes an SRTP session. 374 375 * The function call srtp_create(session, policy, key) allocates and 376 * initializes an SRTP session context, applying the given policy and 377 * key. 378 * 379 * @param session is the SRTP session to which the policy is to be added. 380 * 381 * @param policy is the srtp_policy_t struct that describes the policy 382 * for the session. The struct may be a single element, or it may be 383 * the head of a list, in which case each element of the list is 384 * processed. It may also be NULL, in which case streams should be added 385 * later using srtp_add_stream(). The final element of the list @b must 386 * have its `next' field set to NULL. 387 * 388 * @return 389 * - err_status_ok if creation succeded. 390 * - err_status_alloc_fail if allocation failed. 391 * - err_status_init_fail if initialization failed. 392 */ 393 394err_status_t 395srtp_create(srtp_t *session, const srtp_policy_t *policy); 396 397 398/** 399 * @brief srtp_add_stream() allocates and initializes an SRTP stream 400 * within a given SRTP session. 401 * 402 * The function call srtp_add_stream(session, policy) allocates and 403 * initializes a new SRTP stream within a given, previously created 404 * session, applying the policy given as the other argument to that 405 * stream. 406 * 407 * @return values: 408 * - err_status_ok if stream creation succeded. 409 * - err_status_alloc_fail if stream allocation failed 410 * - err_status_init_fail if stream initialization failed. 411 */ 412 413err_status_t 414srtp_add_stream(srtp_t session, 415 const srtp_policy_t *policy); 416 417 418/** 419 * @brief srtp_remove_stream() deallocates an SRTP stream. 420 * 421 * The function call srtp_remove_stream(session, ssrc) removes 422 * the SRTP stream with the SSRC value ssrc from the SRTP session 423 * context given by the argument session. 424 * 425 * @param session is the SRTP session from which the stream 426 * will be removed. 427 * 428 * @param ssrc is the SSRC value of the stream to be removed. 429 * 430 * @warning Wildcard SSRC values cannot be removed from a 431 * session. 432 * 433 * @return 434 * - err_status_ok if the stream deallocation succeded. 435 * - [other] otherwise. 436 * 437 */ 438 439err_status_t 440srtp_remove_stream(srtp_t session, unsigned int ssrc); 441 442/** 443 * @brief crypto_policy_set_rtp_default() sets a crypto policy 444 * structure to the SRTP default policy for RTP protection. 445 * 446 * @param p is a pointer to the policy structure to be set 447 * 448 * The function call crypto_policy_set_rtp_default(&p) sets the 449 * crypto_policy_t at location p to the SRTP default policy for RTP 450 * protection, as defined in the specification. This function is a 451 * convenience that helps to avoid dealing directly with the policy 452 * data structure. You are encouraged to initialize policy elements 453 * with this function call. Doing so may allow your code to be 454 * forward compatible with later versions of libSRTP that include more 455 * elements in the crypto_policy_t datatype. 456 * 457 * @return void. 458 * 459 */ 460 461void 462crypto_policy_set_rtp_default(crypto_policy_t *p); 463 464/** 465 * @brief crypto_policy_set_rtcp_default() sets a crypto policy 466 * structure to the SRTP default policy for RTCP protection. 467 * 468 * @param p is a pointer to the policy structure to be set 469 * 470 * The function call crypto_policy_set_rtcp_default(&p) sets the 471 * crypto_policy_t at location p to the SRTP default policy for RTCP 472 * protection, as defined in the specification. This function is a 473 * convenience that helps to avoid dealing directly with the policy 474 * data structure. You are encouraged to initialize policy elements 475 * with this function call. Doing so may allow your code to be 476 * forward compatible with later versions of libSRTP that include more 477 * elements in the crypto_policy_t datatype. 478 * 479 * @return void. 480 * 481 */ 482 483void 484crypto_policy_set_rtcp_default(crypto_policy_t *p); 485 486/** 487 * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto 488 * policy structure to the SRTP default policy for RTP protection. 489 * 490 * @param p is a pointer to the policy structure to be set 491 * 492 * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a 493 * synonym for crypto_policy_set_rtp_default(). It conforms to the 494 * naming convention used in RFC 4568 (SDP Security Descriptions for 495 * Media Streams). 496 * 497 * @return void. 498 * 499 */ 500 501#define crypto_policy_set_aes_cm_128_hmac_sha1_80(p) crypto_policy_set_rtp_default(p) 502 503 504/** 505 * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto 506 * policy structure to a short-authentication tag policy 507 * 508 * @param p is a pointer to the policy structure to be set 509 * 510 * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p) 511 * sets the crypto_policy_t at location p to use policy 512 * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568. 513 * This policy uses AES-128 514 * Counter Mode encryption and HMAC-SHA1 authentication, with an 515 * authentication tag that is only 32 bits long. This length is 516 * considered adequate only for protecting audio and video media that 517 * use a stateless playback function. See Section 7.5 of RFC 3711 518 * (http://www.ietf.org/rfc/rfc3711.txt). 519 * 520 * This function is a convenience that helps to avoid dealing directly 521 * with the policy data structure. You are encouraged to initialize 522 * policy elements with this function call. Doing so may allow your 523 * code to be forward compatible with later versions of libSRTP that 524 * include more elements in the crypto_policy_t datatype. 525 * 526 * @warning This crypto policy is intended for use in SRTP, but not in 527 * SRTCP. It is recommended that a policy that uses longer 528 * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 529 * (http://www.ietf.org/rfc/rfc3711.txt). 530 * 531 * @return void. 532 * 533 */ 534 535void 536crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p); 537 538 539 540/** 541 * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto 542 * policy structure to an encryption-only policy 543 * 544 * @param p is a pointer to the policy structure to be set 545 * 546 * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets 547 * the crypto_policy_t at location p to use the SRTP default cipher 548 * (AES-128 Counter Mode), but to use no authentication method. This 549 * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 550 * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 551 * 552 * This function is a convenience that helps to avoid dealing directly 553 * with the policy data structure. You are encouraged to initialize 554 * policy elements with this function call. Doing so may allow your 555 * code to be forward compatible with later versions of libSRTP that 556 * include more elements in the crypto_policy_t datatype. 557 * 558 * @warning This policy is NOT RECOMMENDED for SRTP unless it is 559 * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see 560 * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 561 * 562 * @return void. 563 * 564 */ 565 566void 567crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p); 568 569 570/** 571 * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto 572 * policy structure to an authentication-only policy 573 * 574 * @param p is a pointer to the policy structure to be set 575 * 576 * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p) 577 * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80 578 * bit authentication tag to provide message authentication, but to 579 * use no encryption. This policy is NOT RECOMMENDED for SRTP unless 580 * there is a requirement to forego encryption. 581 * 582 * This function is a convenience that helps to avoid dealing directly 583 * with the policy data structure. You are encouraged to initialize 584 * policy elements with this function call. Doing so may allow your 585 * code to be forward compatible with later versions of libSRTP that 586 * include more elements in the crypto_policy_t datatype. 587 * 588 * @warning This policy is NOT RECOMMENDED for SRTP unless there is a 589 * requirement to forego encryption. 590 * 591 * @return void. 592 * 593 */ 594 595void 596crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p); 597 598 599/** 600 * @brief crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto 601 * policy structure to a encryption and authentication policy using AES-256 602 * for RTP protection. 603 * 604 * @param p is a pointer to the policy structure to be set 605 * 606 * The function call crypto_policy_set_aes_cm_256_hmac_sha1_80(&p) 607 * sets the crypto_policy_t at location p to use policy 608 * AES_CM_256_HMAC_SHA1_80 as defined in 609 * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256 610 * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit 611 * authentication tag. 612 * 613 * This function is a convenience that helps to avoid dealing directly 614 * with the policy data structure. You are encouraged to initialize 615 * policy elements with this function call. Doing so may allow your 616 * code to be forward compatible with later versions of libSRTP that 617 * include more elements in the crypto_policy_t datatype. 618 * 619 * @return void. 620 * 621 */ 622 623void crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p); 624 625 626/** 627 * @brief crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto 628 * policy structure to a short-authentication tag policy using AES-256 629 * encryption. 630 * 631 * @param p is a pointer to the policy structure to be set 632 * 633 * The function call crypto_policy_set_aes_cm_256_hmac_sha1_32(&p) 634 * sets the crypto_policy_t at location p to use policy 635 * AES_CM_256_HMAC_SHA1_32 as defined in 636 * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256 637 * Counter Mode encryption and HMAC-SHA1 authentication, with an 638 * authentication tag that is only 32 bits long. This length is 639 * considered adequate only for protecting audio and video media that 640 * use a stateless playback function. See Section 7.5 of RFC 3711 641 * (http://www.ietf.org/rfc/rfc3711.txt). 642 * 643 * This function is a convenience that helps to avoid dealing directly 644 * with the policy data structure. You are encouraged to initialize 645 * policy elements with this function call. Doing so may allow your 646 * code to be forward compatible with later versions of libSRTP that 647 * include more elements in the crypto_policy_t datatype. 648 * 649 * @warning This crypto policy is intended for use in SRTP, but not in 650 * SRTCP. It is recommended that a policy that uses longer 651 * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 652 * (http://www.ietf.org/rfc/rfc3711.txt). 653 * 654 * @return void. 655 * 656 */ 657 658void 659crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p); 660 661 662/** 663 * @brief srtp_dealloc() deallocates storage for an SRTP session 664 * context. 665 * 666 * The function call srtp_dealloc(s) deallocates storage for the 667 * SRTP session context s. This function should be called no more 668 * than one time for each of the contexts allocated by the function 669 * srtp_create(). 670 * 671 * @param s is the srtp_t for the session to be deallocated. 672 * 673 * @return 674 * - err_status_ok if there no problems. 675 * - err_status_dealloc_fail a memory deallocation failure occured. 676 */ 677 678err_status_t 679srtp_dealloc(srtp_t s); 680 681 682/* 683 * @brief identifies a particular SRTP profile 684 * 685 * An srtp_profile_t enumeration is used to identify a particular SRTP 686 * profile (that is, a set of algorithms and parameters). These 687 * profiles are defined in the DTLS-SRTP draft. 688 */ 689 690typedef enum { 691 srtp_profile_reserved = 0, 692 srtp_profile_aes128_cm_sha1_80 = 1, 693 srtp_profile_aes128_cm_sha1_32 = 2, 694 srtp_profile_aes256_cm_sha1_80 = 3, 695 srtp_profile_aes256_cm_sha1_32 = 4, 696 srtp_profile_null_sha1_80 = 5, 697 srtp_profile_null_sha1_32 = 6, 698} srtp_profile_t; 699 700 701/** 702 * @brief crypto_policy_set_from_profile_for_rtp() sets a crypto policy 703 * structure to the appropriate value for RTP based on an srtp_profile_t 704 * 705 * @param p is a pointer to the policy structure to be set 706 * 707 * The function call crypto_policy_set_rtp_default(&policy, profile) 708 * sets the crypto_policy_t at location policy to the policy for RTP 709 * protection, as defined by the srtp_profile_t profile. 710 * 711 * This function is a convenience that helps to avoid dealing directly 712 * with the policy data structure. You are encouraged to initialize 713 * policy elements with this function call. Doing so may allow your 714 * code to be forward compatible with later versions of libSRTP that 715 * include more elements in the crypto_policy_t datatype. 716 * 717 * @return values 718 * - err_status_ok no problems were encountered 719 * - err_status_bad_param the profile is not supported 720 * 721 */ 722err_status_t 723crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy, 724 srtp_profile_t profile); 725 726 727 728 729/** 730 * @brief crypto_policy_set_from_profile_for_rtcp() sets a crypto policy 731 * structure to the appropriate value for RTCP based on an srtp_profile_t 732 * 733 * @param p is a pointer to the policy structure to be set 734 * 735 * The function call crypto_policy_set_rtcp_default(&policy, profile) 736 * sets the crypto_policy_t at location policy to the policy for RTCP 737 * protection, as defined by the srtp_profile_t profile. 738 * 739 * This function is a convenience that helps to avoid dealing directly 740 * with the policy data structure. You are encouraged to initialize 741 * policy elements with this function call. Doing so may allow your 742 * code to be forward compatible with later versions of libSRTP that 743 * include more elements in the crypto_policy_t datatype. 744 * 745 * @return values 746 * - err_status_ok no problems were encountered 747 * - err_status_bad_param the profile is not supported 748 * 749 */ 750err_status_t 751crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy, 752 srtp_profile_t profile); 753 754/** 755 * @brief returns the master key length for a given SRTP profile 756 */ 757unsigned int 758srtp_profile_get_master_key_length(srtp_profile_t profile); 759 760 761/** 762 * @brief returns the master salt length for a given SRTP profile 763 */ 764unsigned int 765srtp_profile_get_master_salt_length(srtp_profile_t profile); 766 767/** 768 * @brief appends the salt to the key 769 * 770 * The function call append_salt_to_key(k, klen, s, slen) 771 * copies the string s to the location at klen bytes following 772 * the location k. 773 * 774 * @warning There must be at least bytes_in_salt + bytes_in_key bytes 775 * available at the location pointed to by key. 776 * 777 */ 778 779void 780append_salt_to_key(unsigned char *key, unsigned int bytes_in_key, 781 unsigned char *salt, unsigned int bytes_in_salt); 782 783 784 785/** 786 * @} 787 */ 788 789 790 791/** 792 * @defgroup SRTCP Secure RTCP 793 * @ingroup SRTP 794 * 795 * @brief Secure RTCP functions are used to protect RTCP traffic. 796 * 797 * RTCP is the control protocol for RTP. libSRTP protects RTCP 798 * traffic in much the same way as it does RTP traffic. The function 799 * srtp_protect_rtcp() applies cryptographic protections to outbound 800 * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on 801 * inbound RTCP packets. 802 * 803 * A note on the naming convention: srtp_protect_rtcp() has an srtp_t 804 * as its first argument, and thus has `srtp_' as its prefix. The 805 * trailing `_rtcp' indicates the protocol on which it acts. 806 * 807 * @{ 808 */ 809 810/** 811 * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet 812 * processing function. 813 * 814 * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies 815 * SRTCP protection to the RTCP packet rtcp_hdr (which has length 816 * *len_ptr) using the SRTP session context ctx. If err_status_ok is 817 * returned, then rtp_hdr points to the resulting SRTCP packet and 818 * *len_ptr is the number of octets in that packet; otherwise, no 819 * assumptions should be made about the value of either data elements. 820 * 821 * @warning This function assumes that it can write the authentication 822 * tag into the location in memory immediately following the RTCP 823 * packet, and assumes that the RTCP packet is aligned on a 32-bit 824 * boundary. 825 * 826 * @param ctx is the SRTP context to use in processing the packet. 827 * 828 * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after 829 * the function returns, it points to the srtp packet. 830 * 831 * @param pkt_octet_len is a pointer to the length in octets of the 832 * complete RTCP packet (header and body) before the function call, 833 * and of the complete SRTCP packet after the call, if err_status_ok 834 * was returned. Otherwise, the value of the data to which it points 835 * is undefined. 836 * 837 * @return 838 * - err_status_ok if there were no problems. 839 * - [other] if there was a failure in 840 * the cryptographic mechanisms. 841 */ 842 843 844err_status_t 845srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len); 846 847/** 848 * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet 849 * processing function. 850 * 851 * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr) 852 * verifies the Secure RTCP protection of the SRTCP packet pointed to 853 * by srtcp_hdr (which has length *len_ptr), using the SRTP session 854 * context ctx. If err_status_ok is returned, then srtcp_hdr points 855 * to the resulting RTCP packet and *len_ptr is the number of octets 856 * in that packet; otherwise, no assumptions should be made about the 857 * value of either data elements. 858 * 859 * @warning This function assumes that the SRTCP packet is aligned on a 860 * 32-bit boundary. 861 * 862 * @param ctx is a pointer to the srtp_t which applies to the 863 * particular packet. 864 * 865 * @param srtcp_hdr is a pointer to the header of the SRTCP packet 866 * (before the call). After the function returns, it points to the 867 * rtp packet if err_status_ok was returned; otherwise, the value of 868 * the data to which it points is undefined. 869 * 870 * @param pkt_octet_len is a pointer to the length in octets of the 871 * complete SRTCP packet (header and body) before the function call, 872 * and of the complete rtp packet after the call, if err_status_ok was 873 * returned. Otherwise, the value of the data to which it points is 874 * undefined. 875 * 876 * @return 877 * - err_status_ok if the RTCP packet is valid. 878 * - err_status_auth_fail if the SRTCP packet failed the message 879 * authentication check. 880 * - err_status_replay_fail if the SRTCP packet is a replay (e.g. has 881 * already been processed and accepted). 882 * - [other] if there has been an error in the cryptographic mechanisms. 883 * 884 */ 885 886err_status_t 887srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len); 888 889/** 890 * @} 891 */ 892 893/** 894 * @defgroup SRTPevents SRTP events and callbacks 895 * @ingroup SRTP 896 * 897 * @brief libSRTP can use a user-provided callback function to 898 * handle events. 899 * 900 * 901 * libSRTP allows a user to provide a callback function to handle 902 * events that need to be dealt with outside of the data plane (see 903 * the enum srtp_event_t for a description of these events). Dealing 904 * with these events is not a strict necessity; they are not 905 * security-critical, but the application may suffer if they are not 906 * handled. The function srtp_set_event_handler() is used to provide 907 * the callback function. 908 * 909 * A default event handler that merely reports on the events as they 910 * happen is included. It is also possible to set the event handler 911 * function to NULL, in which case all events will just be silently 912 * ignored. 913 * 914 * @{ 915 */ 916 917/** 918 * @brief srtp_event_t defines events that need to be handled 919 * 920 * The enum srtp_event_t defines events that need to be handled 921 * outside the `data plane', such as SSRC collisions and 922 * key expirations. 923 * 924 * When a key expires or the maximum number of packets has been 925 * reached, an SRTP stream will enter an `expired' state in which no 926 * more packets can be protected or unprotected. When this happens, 927 * it is likely that you will want to either deallocate the stream 928 * (using srtp_stream_dealloc()), and possibly allocate a new one. 929 * 930 * When an SRTP stream expires, the other streams in the same session 931 * are unaffected, unless key sharing is used by that stream. In the 932 * latter case, all of the streams in the session will expire. 933 */ 934 935typedef enum { 936 event_ssrc_collision, /**< 937 * An SSRC collision occured. 938 */ 939 event_key_soft_limit, /**< An SRTP stream reached the soft key 940 * usage limit and will expire soon. 941 */ 942 event_key_hard_limit, /**< An SRTP stream reached the hard 943 * key usage limit and has expired. 944 */ 945 event_packet_index_limit /**< An SRTP stream reached the hard 946 * packet limit (2^48 packets). 947 */ 948} srtp_event_t; 949 950/** 951 * @brief srtp_event_data_t is the structure passed as a callback to 952 * the event handler function 953 * 954 * The struct srtp_event_data_t holds the data passed to the event 955 * handler function. 956 */ 957 958typedef struct srtp_event_data_t { 959 srtp_t session; /**< The session in which the event happend. */ 960 srtp_stream_t stream; /**< The stream in which the event happend. */ 961 srtp_event_t event; /**< An enum indicating the type of event. */ 962} srtp_event_data_t; 963 964/** 965 * @brief srtp_event_handler_func_t is the function prototype for 966 * the event handler. 967 * 968 * The typedef srtp_event_handler_func_t is the prototype for the 969 * event handler function. It has as its only argument an 970 * srtp_event_data_t which describes the event that needs to be handled. 971 * There can only be a single, global handler for all events in 972 * libSRTP. 973 */ 974 975typedef void (srtp_event_handler_func_t)(srtp_event_data_t *data); 976 977/** 978 * @brief sets the event handler to the function supplied by the caller. 979 * 980 * The function call srtp_install_event_handler(func) sets the event 981 * handler function to the value func. The value NULL is acceptable 982 * as an argument; in this case, events will be ignored rather than 983 * handled. 984 * 985 * @param func is a pointer to a fuction that takes an srtp_event_data_t 986 * pointer as an argument and returns void. This function 987 * will be used by libSRTP to handle events. 988 */ 989 990err_status_t 991srtp_install_event_handler(srtp_event_handler_func_t func); 992 993/** 994 * @} 995 */ 996/* in host order, so outside the #if */ 997#define SRTCP_E_BIT 0x80000000 998/* for byte-access */ 999#define SRTCP_E_BYTE_BIT 0x80 1000#define SRTCP_INDEX_MASK 0x7fffffff 1001 1002#ifdef __cplusplus 1003} 1004#endif 1005 1006#endif /* SRTP_H */ 1007