netwerk/srtp/src/include/srtp.h@6474c204b198
netwerk/srtp/src/include/srtp.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 /*
2 * srtp.h
3 *
4 * interface to libsrtp
5 *
6 * David A. McGrew
7 * Cisco Systems, Inc.
8 */
9 /*
10 *
11 * Copyright (c) 2001-2006, Cisco Systems, Inc.
12 * All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 *
18 * Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 *
21 * Redistributions in binary form must reproduce the above
22 * copyright notice, this list of conditions and the following
23 * disclaimer in the documentation and/or other materials provided
24 * with the distribution.
25 *
26 * Neither the name of the Cisco Systems, Inc. nor the names of its
27 * contributors may be used to endorse or promote products derived
28 * from this software without specific prior written permission.
29 *
30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41 * OF THE POSSIBILITY OF SUCH DAMAGE.
42 *
43 */
46 #ifndef SRTP_H
47 #define SRTP_H
49 #ifdef __cplusplus
50 extern "C" {
51 #endif
53 #include "crypto_kernel.h"
55 /**
56 * @defgroup SRTP Secure RTP
57 *
58 * @brief libSRTP provides functions for protecting RTP and RTCP. See
59 * Section @ref Overview for an introduction to the use of the library.
60 *
61 * @{
62 */
64 /*
65 * SRTP_MASTER_KEY_LEN is the nominal master key length supported by libSRTP
66 */
68 #define SRTP_MASTER_KEY_LEN 30
70 /*
71 * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP
72 */
73 #define SRTP_MAX_KEY_LEN 64
75 /*
76 * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP
77 */
79 #define SRTP_MAX_TAG_LEN 12
81 /**
82 * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer
83 * (authentication tag and MKI) supported by libSRTP. This value is
84 * the maximum number of octets that will be added to an RTP packet by
85 * srtp_protect().
86 *
87 * @brief the maximum number of octets added by srtp_protect().
88 */
89 #define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN
91 /*
92 * nota bene: since libSRTP doesn't support the use of the MKI, the
93 * SRTP_MAX_TRAILER_LEN value is just the maximum tag length
94 */
96 /**
97 * @brief sec_serv_t describes a set of security services.
98 *
99 * A sec_serv_t enumeration is used to describe the particular
100 * security services that will be applied by a particular crypto
101 * policy (or other mechanism).
102 */
104 typedef enum {
105 sec_serv_none = 0, /**< no services */
106 sec_serv_conf = 1, /**< confidentiality */
107 sec_serv_auth = 2, /**< authentication */
108 sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */
109 } sec_serv_t;
111 /**
112 * @brief crypto_policy_t describes a particular crypto policy that
113 * can be applied to an SRTP stream.
114 *
115 * A crypto_policy_t describes a particular cryptographic policy that
116 * can be applied to an SRTP or SRTCP stream. An SRTP session policy
117 * consists of a list of these policies, one for each SRTP stream
118 * in the session.
119 */
121 typedef struct crypto_policy_t {
122 cipher_type_id_t cipher_type; /**< An integer representing
123 * the type of cipher. */
124 int cipher_key_len; /**< The length of the cipher key
125 * in octets. */
126 auth_type_id_t auth_type; /**< An integer representing the
127 * authentication function. */
128 int auth_key_len; /**< The length of the authentication
129 * function key in octets. */
130 int auth_tag_len; /**< The length of the authentication
131 * tag in octets. */
132 sec_serv_t sec_serv; /**< The flag indicating the security
133 * services to be applied. */
134 } crypto_policy_t;
137 /**
138 * @brief ssrc_type_t describes the type of an SSRC.
139 *
140 * An ssrc_type_t enumeration is used to indicate a type of SSRC. See
141 * @ref srtp_policy_t for more informataion.
142 */
144 typedef enum {
145 ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */
146 ssrc_specific = 1, /**< Indicates a specific SSRC value */
147 ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value
148 (i.e. a value that is used in the
149 function srtp_unprotect()) */
150 ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value
151 (i.e. a value that is used in the
152 function srtp_protect()) */
153 } ssrc_type_t;
155 /**
156 * @brief An ssrc_t represents a particular SSRC value, or a `wildcard' SSRC.
157 *
158 * An ssrc_t represents a particular SSRC value (if its type is
159 * ssrc_specific), or a wildcard SSRC value that will match all
160 * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound
161 * SSRCs (if its type is ssrc_any_inbound).
162 *
163 */
165 typedef struct {
166 ssrc_type_t type; /**< The type of this particular SSRC */
167 unsigned int value; /**< The value of this SSRC, if it is not a wildcard */
168 } ssrc_t;
171 /**
172 * @brief points to an EKT policy
173 */
174 typedef struct ekt_policy_ctx_t *ekt_policy_t;
177 /**
178 * @brief points to EKT stream data
179 */
180 typedef struct ekt_stream_ctx_t *ekt_stream_t;
183 /**
184 * @brief represents the policy for an SRTP session.
185 *
186 * A single srtp_policy_t struct represents the policy for a single
187 * SRTP stream, and a linked list of these elements represents the
188 * policy for an entire SRTP session. Each element contains the SRTP
189 * and SRTCP crypto policies for that stream, a pointer to the SRTP
190 * master key for that stream, the SSRC describing that stream, or a
191 * flag indicating a `wildcard' SSRC value, and a `next' field that
192 * holds a pointer to the next element in the list of policy elements,
193 * or NULL if it is the last element.
194 *
195 * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an
196 * inbound stream that for which there is no explicit SSRC entry in
197 * another policy element. Similarly, the value SSRC_ANY_OUTBOUND
198 * will matches any SSRC from an outbound stream that does not appear
199 * in another policy element. Note that wildcard SSRCs &b cannot be
200 * used to match both inbound and outbound traffic. This restriction
201 * is intentional, and it allows libSRTP to ensure that no security
202 * lapses result from accidental re-use of SSRC values during key
203 * sharing.
204 *
205 *
206 * @warning The final element of the list @b must have its `next' pointer
207 * set to NULL.
208 */
210 typedef struct srtp_policy_t {
211 ssrc_t ssrc; /**< The SSRC value of stream, or the
212 * flags SSRC_ANY_INBOUND or
213 * SSRC_ANY_OUTBOUND if key sharing
214 * is used for this policy element.
215 */
216 crypto_policy_t rtp; /**< SRTP crypto policy. */
217 crypto_policy_t rtcp; /**< SRTCP crypto policy. */
218 unsigned char *key; /**< Pointer to the SRTP master key for
219 * this stream. */
220 ekt_policy_t ekt; /**< Pointer to the EKT policy structure
221 * for this stream (if any) */
222 unsigned long window_size; /**< The window size to use for replay
223 * protection. */
224 int allow_repeat_tx; /**< Whether retransmissions of
225 * packets with the same sequence number
226 * are allowed. (Note that such repeated
227 * transmissions must have the same RTP
228 * payload, or a severe security weakness
229 * is introduced!) */
230 struct srtp_policy_t *next; /**< Pointer to next stream policy. */
231 } srtp_policy_t;
236 /**
237 * @brief An srtp_t points to an SRTP session structure.
238 *
239 * The typedef srtp_t is a pointer to a structure that represents
240 * an SRTP session. This datatype is intentially opaque in
241 * order to separate the interface from the implementation.
242 *
243 * An SRTP session consists of all of the traffic sent to the RTP and
244 * RTCP destination transport addresses, using the RTP/SAVP (Secure
245 * Audio/Video Profile). A session can be viewed as a set of SRTP
246 * streams, each of which originates with a different participant.
247 */
249 typedef struct srtp_ctx_t *srtp_t;
252 /**
253 * @brief An srtp_stream_t points to an SRTP stream structure.
254 *
255 * The typedef srtp_stream_t is a pointer to a structure that
256 * represents an SRTP stream. This datatype is intentionally
257 * opaque in order to separate the interface from the implementation.
258 *
259 * An SRTP stream consists of all of the traffic sent to an SRTP
260 * session by a single participant. A session can be viewed as
261 * a set of streams.
262 *
263 */
264 typedef struct srtp_stream_ctx_t *srtp_stream_t;
268 /**
269 * @brief srtp_init() initializes the srtp library.
270 *
271 * @warning This function @b must be called before any other srtp
272 * functions.
273 */
275 err_status_t
276 srtp_init(void);
278 /**
279 * @brief srtp_shutdown() de-initializes the srtp library.
280 *
281 * @warning No srtp functions may be called after calling this function.
282 */
284 err_status_t
285 srtp_shutdown(void);
287 /**
288 * @brief srtp_protect() is the Secure RTP sender-side packet processing
289 * function.
290 *
291 * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP
292 * protection to the RTP packet rtp_hdr (which has length *len_ptr) using
293 * the SRTP context ctx. If err_status_ok is returned, then rtp_hdr
294 * points to the resulting SRTP packet and *len_ptr is the number of
295 * octets in that packet; otherwise, no assumptions should be made
296 * about the value of either data elements.
297 *
298 * The sequence numbers of the RTP packets presented to this function
299 * need not be consecutive, but they @b must be out of order by less
300 * than 2^15 = 32,768 packets.
301 *
302 * @warning This function assumes that it can write the authentication
303 * tag into the location in memory immediately following the RTP
304 * packet, and assumes that the RTP packet is aligned on a 32-bit
305 * boundary.
306 *
307 * @param ctx is the SRTP context to use in processing the packet.
308 *
309 * @param rtp_hdr is a pointer to the RTP packet (before the call); after
310 * the function returns, it points to the srtp packet.
311 *
312 * @param len_ptr is a pointer to the length in octets of the complete
313 * RTP packet (header and body) before the function call, and of the
314 * complete SRTP packet after the call, if err_status_ok was returned.
315 * Otherwise, the value of the data to which it points is undefined.
316 *
317 * @return
318 * - err_status_ok no problems
319 * - err_status_replay_fail rtp sequence number was non-increasing
320 * - @e other failure in cryptographic mechanisms
321 */
323 err_status_t
324 srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr);
326 /**
327 * @brief srtp_unprotect() is the Secure RTP receiver-side packet
328 * processing function.
329 *
330 * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies
331 * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr
332 * (which has length *len_ptr), using the SRTP context ctx. If
333 * err_status_ok is returned, then srtp_hdr points to the resulting
334 * RTP packet and *len_ptr is the number of octets in that packet;
335 * otherwise, no assumptions should be made about the value of either
336 * data elements.
337 *
338 * The sequence numbers of the RTP packets presented to this function
339 * need not be consecutive, but they @b must be out of order by less
340 * than 2^15 = 32,768 packets.
341 *
342 * @warning This function assumes that the SRTP packet is aligned on a
343 * 32-bit boundary.
344 *
345 * @param ctx is a pointer to the srtp_t which applies to the
346 * particular packet.
347 *
348 * @param srtp_hdr is a pointer to the header of the SRTP packet
349 * (before the call). after the function returns, it points to the
350 * rtp packet if err_status_ok was returned; otherwise, the value of
351 * the data to which it points is undefined.
352 *
353 * @param len_ptr is a pointer to the length in octets of the complete
354 * srtp packet (header and body) before the function call, and of the
355 * complete rtp packet after the call, if err_status_ok was returned.
356 * Otherwise, the value of the data to which it points is undefined.
357 *
358 * @return
359 * - err_status_ok if the RTP packet is valid.
360 * - err_status_auth_fail if the SRTP packet failed the message
361 * authentication check.
362 * - err_status_replay_fail if the SRTP packet is a replay (e.g. packet has
363 * already been processed and accepted).
364 * - [other] if there has been an error in the cryptographic mechanisms.
365 *
366 */
368 err_status_t
369 srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr);
372 /**
373 * @brief srtp_create() allocates and initializes an SRTP session.
375 * The function call srtp_create(session, policy, key) allocates and
376 * initializes an SRTP session context, applying the given policy and
377 * key.
378 *
379 * @param session is the SRTP session to which the policy is to be added.
380 *
381 * @param policy is the srtp_policy_t struct that describes the policy
382 * for the session. The struct may be a single element, or it may be
383 * the head of a list, in which case each element of the list is
384 * processed. It may also be NULL, in which case streams should be added
385 * later using srtp_add_stream(). The final element of the list @b must
386 * have its `next' field set to NULL.
387 *
388 * @return
389 * - err_status_ok if creation succeded.
390 * - err_status_alloc_fail if allocation failed.
391 * - err_status_init_fail if initialization failed.
392 */
394 err_status_t
395 srtp_create(srtp_t *session, const srtp_policy_t *policy);
398 /**
399 * @brief srtp_add_stream() allocates and initializes an SRTP stream
400 * within a given SRTP session.
401 *
402 * The function call srtp_add_stream(session, policy) allocates and
403 * initializes a new SRTP stream within a given, previously created
404 * session, applying the policy given as the other argument to that
405 * stream.
406 *
407 * @return values:
408 * - err_status_ok if stream creation succeded.
409 * - err_status_alloc_fail if stream allocation failed
410 * - err_status_init_fail if stream initialization failed.
411 */
413 err_status_t
414 srtp_add_stream(srtp_t session,
415 const srtp_policy_t *policy);
418 /**
419 * @brief srtp_remove_stream() deallocates an SRTP stream.
420 *
421 * The function call srtp_remove_stream(session, ssrc) removes
422 * the SRTP stream with the SSRC value ssrc from the SRTP session
423 * context given by the argument session.
424 *
425 * @param session is the SRTP session from which the stream
426 * will be removed.
427 *
428 * @param ssrc is the SSRC value of the stream to be removed.
429 *
430 * @warning Wildcard SSRC values cannot be removed from a
431 * session.
432 *
433 * @return
434 * - err_status_ok if the stream deallocation succeded.
435 * - [other] otherwise.
436 *
437 */
439 err_status_t
440 srtp_remove_stream(srtp_t session, unsigned int ssrc);
442 /**
443 * @brief crypto_policy_set_rtp_default() sets a crypto policy
444 * structure to the SRTP default policy for RTP protection.
445 *
446 * @param p is a pointer to the policy structure to be set
447 *
448 * The function call crypto_policy_set_rtp_default(&p) sets the
449 * crypto_policy_t at location p to the SRTP default policy for RTP
450 * protection, as defined in the specification. This function is a
451 * convenience that helps to avoid dealing directly with the policy
452 * data structure. You are encouraged to initialize policy elements
453 * with this function call. Doing so may allow your code to be
454 * forward compatible with later versions of libSRTP that include more
455 * elements in the crypto_policy_t datatype.
456 *
457 * @return void.
458 *
459 */
461 void
462 crypto_policy_set_rtp_default(crypto_policy_t *p);
464 /**
465 * @brief crypto_policy_set_rtcp_default() sets a crypto policy
466 * structure to the SRTP default policy for RTCP protection.
467 *
468 * @param p is a pointer to the policy structure to be set
469 *
470 * The function call crypto_policy_set_rtcp_default(&p) sets the
471 * crypto_policy_t at location p to the SRTP default policy for RTCP
472 * protection, as defined in the specification. This function is a
473 * convenience that helps to avoid dealing directly with the policy
474 * data structure. You are encouraged to initialize policy elements
475 * with this function call. Doing so may allow your code to be
476 * forward compatible with later versions of libSRTP that include more
477 * elements in the crypto_policy_t datatype.
478 *
479 * @return void.
480 *
481 */
483 void
484 crypto_policy_set_rtcp_default(crypto_policy_t *p);
486 /**
487 * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto
488 * policy structure to the SRTP default policy for RTP protection.
489 *
490 * @param p is a pointer to the policy structure to be set
491 *
492 * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a
493 * synonym for crypto_policy_set_rtp_default(). It conforms to the
494 * naming convention used in RFC 4568 (SDP Security Descriptions for
495 * Media Streams).
496 *
497 * @return void.
498 *
499 */
501 #define crypto_policy_set_aes_cm_128_hmac_sha1_80(p) crypto_policy_set_rtp_default(p)
504 /**
505 * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto
506 * policy structure to a short-authentication tag policy
507 *
508 * @param p is a pointer to the policy structure to be set
509 *
510 * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)
511 * sets the crypto_policy_t at location p to use policy
512 * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568.
513 * This policy uses AES-128
514 * Counter Mode encryption and HMAC-SHA1 authentication, with an
515 * authentication tag that is only 32 bits long. This length is
516 * considered adequate only for protecting audio and video media that
517 * use a stateless playback function. See Section 7.5 of RFC 3711
518 * (http://www.ietf.org/rfc/rfc3711.txt).
519 *
520 * This function is a convenience that helps to avoid dealing directly
521 * with the policy data structure. You are encouraged to initialize
522 * policy elements with this function call. Doing so may allow your
523 * code to be forward compatible with later versions of libSRTP that
524 * include more elements in the crypto_policy_t datatype.
525 *
526 * @warning This crypto policy is intended for use in SRTP, but not in
527 * SRTCP. It is recommended that a policy that uses longer
528 * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711
529 * (http://www.ietf.org/rfc/rfc3711.txt).
530 *
531 * @return void.
532 *
533 */
535 void
536 crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p);
540 /**
541 * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto
542 * policy structure to an encryption-only policy
543 *
544 * @param p is a pointer to the policy structure to be set
545 *
546 * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets
547 * the crypto_policy_t at location p to use the SRTP default cipher
548 * (AES-128 Counter Mode), but to use no authentication method. This
549 * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
550 * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
551 *
552 * This function is a convenience that helps to avoid dealing directly
553 * with the policy data structure. You are encouraged to initialize
554 * policy elements with this function call. Doing so may allow your
555 * code to be forward compatible with later versions of libSRTP that
556 * include more elements in the crypto_policy_t datatype.
557 *
558 * @warning This policy is NOT RECOMMENDED for SRTP unless it is
559 * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
560 * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
561 *
562 * @return void.
563 *
564 */
566 void
567 crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p);
570 /**
571 * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto
572 * policy structure to an authentication-only policy
573 *
574 * @param p is a pointer to the policy structure to be set
575 *
576 * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p)
577 * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80
578 * bit authentication tag to provide message authentication, but to
579 * use no encryption. This policy is NOT RECOMMENDED for SRTP unless
580 * there is a requirement to forego encryption.
581 *
582 * This function is a convenience that helps to avoid dealing directly
583 * with the policy data structure. You are encouraged to initialize
584 * policy elements with this function call. Doing so may allow your
585 * code to be forward compatible with later versions of libSRTP that
586 * include more elements in the crypto_policy_t datatype.
587 *
588 * @warning This policy is NOT RECOMMENDED for SRTP unless there is a
589 * requirement to forego encryption.
590 *
591 * @return void.
592 *
593 */
595 void
596 crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p);
599 /**
600 * @brief crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto
601 * policy structure to a encryption and authentication policy using AES-256
602 * for RTP protection.
603 *
604 * @param p is a pointer to the policy structure to be set
605 *
606 * The function call crypto_policy_set_aes_cm_256_hmac_sha1_80(&p)
607 * sets the crypto_policy_t at location p to use policy
608 * AES_CM_256_HMAC_SHA1_80 as defined in
609 * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256
610 * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit
611 * authentication tag.
612 *
613 * This function is a convenience that helps to avoid dealing directly
614 * with the policy data structure. You are encouraged to initialize
615 * policy elements with this function call. Doing so may allow your
616 * code to be forward compatible with later versions of libSRTP that
617 * include more elements in the crypto_policy_t datatype.
618 *
619 * @return void.
620 *
621 */
623 void crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p);
626 /**
627 * @brief crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto
628 * policy structure to a short-authentication tag policy using AES-256
629 * encryption.
630 *
631 * @param p is a pointer to the policy structure to be set
632 *
633 * The function call crypto_policy_set_aes_cm_256_hmac_sha1_32(&p)
634 * sets the crypto_policy_t at location p to use policy
635 * AES_CM_256_HMAC_SHA1_32 as defined in
636 * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256
637 * Counter Mode encryption and HMAC-SHA1 authentication, with an
638 * authentication tag that is only 32 bits long. This length is
639 * considered adequate only for protecting audio and video media that
640 * use a stateless playback function. See Section 7.5 of RFC 3711
641 * (http://www.ietf.org/rfc/rfc3711.txt).
642 *
643 * This function is a convenience that helps to avoid dealing directly
644 * with the policy data structure. You are encouraged to initialize
645 * policy elements with this function call. Doing so may allow your
646 * code to be forward compatible with later versions of libSRTP that
647 * include more elements in the crypto_policy_t datatype.
648 *
649 * @warning This crypto policy is intended for use in SRTP, but not in
650 * SRTCP. It is recommended that a policy that uses longer
651 * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711
652 * (http://www.ietf.org/rfc/rfc3711.txt).
653 *
654 * @return void.
655 *
656 */
658 void
659 crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p);
662 /**
663 * @brief srtp_dealloc() deallocates storage for an SRTP session
664 * context.
665 *
666 * The function call srtp_dealloc(s) deallocates storage for the
667 * SRTP session context s. This function should be called no more
668 * than one time for each of the contexts allocated by the function
669 * srtp_create().
670 *
671 * @param s is the srtp_t for the session to be deallocated.
672 *
673 * @return
674 * - err_status_ok if there no problems.
675 * - err_status_dealloc_fail a memory deallocation failure occured.
676 */
678 err_status_t
679 srtp_dealloc(srtp_t s);
682 /*
683 * @brief identifies a particular SRTP profile
684 *
685 * An srtp_profile_t enumeration is used to identify a particular SRTP
686 * profile (that is, a set of algorithms and parameters). These
687 * profiles are defined in the DTLS-SRTP draft.
688 */
690 typedef enum {
691 srtp_profile_reserved = 0,
692 srtp_profile_aes128_cm_sha1_80 = 1,
693 srtp_profile_aes128_cm_sha1_32 = 2,
694 srtp_profile_aes256_cm_sha1_80 = 3,
695 srtp_profile_aes256_cm_sha1_32 = 4,
696 srtp_profile_null_sha1_80 = 5,
697 srtp_profile_null_sha1_32 = 6,
698 } srtp_profile_t;
701 /**
702 * @brief crypto_policy_set_from_profile_for_rtp() sets a crypto policy
703 * structure to the appropriate value for RTP based on an srtp_profile_t
704 *
705 * @param p is a pointer to the policy structure to be set
706 *
707 * The function call crypto_policy_set_rtp_default(&policy, profile)
708 * sets the crypto_policy_t at location policy to the policy for RTP
709 * protection, as defined by the srtp_profile_t profile.
710 *
711 * This function is a convenience that helps to avoid dealing directly
712 * with the policy data structure. You are encouraged to initialize
713 * policy elements with this function call. Doing so may allow your
714 * code to be forward compatible with later versions of libSRTP that
715 * include more elements in the crypto_policy_t datatype.
716 *
717 * @return values
718 * - err_status_ok no problems were encountered
719 * - err_status_bad_param the profile is not supported
720 *
721 */
722 err_status_t
723 crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy,
724 srtp_profile_t profile);
729 /**
730 * @brief crypto_policy_set_from_profile_for_rtcp() sets a crypto policy
731 * structure to the appropriate value for RTCP based on an srtp_profile_t
732 *
733 * @param p is a pointer to the policy structure to be set
734 *
735 * The function call crypto_policy_set_rtcp_default(&policy, profile)
736 * sets the crypto_policy_t at location policy to the policy for RTCP
737 * protection, as defined by the srtp_profile_t profile.
738 *
739 * This function is a convenience that helps to avoid dealing directly
740 * with the policy data structure. You are encouraged to initialize
741 * policy elements with this function call. Doing so may allow your
742 * code to be forward compatible with later versions of libSRTP that
743 * include more elements in the crypto_policy_t datatype.
744 *
745 * @return values
746 * - err_status_ok no problems were encountered
747 * - err_status_bad_param the profile is not supported
748 *
749 */
750 err_status_t
751 crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
752 srtp_profile_t profile);
754 /**
755 * @brief returns the master key length for a given SRTP profile
756 */
757 unsigned int
758 srtp_profile_get_master_key_length(srtp_profile_t profile);
761 /**
762 * @brief returns the master salt length for a given SRTP profile
763 */
764 unsigned int
765 srtp_profile_get_master_salt_length(srtp_profile_t profile);
767 /**
768 * @brief appends the salt to the key
769 *
770 * The function call append_salt_to_key(k, klen, s, slen)
771 * copies the string s to the location at klen bytes following
772 * the location k.
773 *
774 * @warning There must be at least bytes_in_salt + bytes_in_key bytes
775 * available at the location pointed to by key.
776 *
777 */
779 void
780 append_salt_to_key(unsigned char *key, unsigned int bytes_in_key,
781 unsigned char *salt, unsigned int bytes_in_salt);
785 /**
786 * @}
787 */
791 /**
792 * @defgroup SRTCP Secure RTCP
793 * @ingroup SRTP
794 *
795 * @brief Secure RTCP functions are used to protect RTCP traffic.
796 *
797 * RTCP is the control protocol for RTP. libSRTP protects RTCP
798 * traffic in much the same way as it does RTP traffic. The function
799 * srtp_protect_rtcp() applies cryptographic protections to outbound
800 * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on
801 * inbound RTCP packets.
802 *
803 * A note on the naming convention: srtp_protect_rtcp() has an srtp_t
804 * as its first argument, and thus has `srtp_' as its prefix. The
805 * trailing `_rtcp' indicates the protocol on which it acts.
806 *
807 * @{
808 */
810 /**
811 * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet
812 * processing function.
813 *
814 * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies
815 * SRTCP protection to the RTCP packet rtcp_hdr (which has length
816 * *len_ptr) using the SRTP session context ctx. If err_status_ok is
817 * returned, then rtp_hdr points to the resulting SRTCP packet and
818 * *len_ptr is the number of octets in that packet; otherwise, no
819 * assumptions should be made about the value of either data elements.
820 *
821 * @warning This function assumes that it can write the authentication
822 * tag into the location in memory immediately following the RTCP
823 * packet, and assumes that the RTCP packet is aligned on a 32-bit
824 * boundary.
825 *
826 * @param ctx is the SRTP context to use in processing the packet.
827 *
828 * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after
829 * the function returns, it points to the srtp packet.
830 *
831 * @param pkt_octet_len is a pointer to the length in octets of the
832 * complete RTCP packet (header and body) before the function call,
833 * and of the complete SRTCP packet after the call, if err_status_ok
834 * was returned. Otherwise, the value of the data to which it points
835 * is undefined.
836 *
837 * @return
838 * - err_status_ok if there were no problems.
839 * - [other] if there was a failure in
840 * the cryptographic mechanisms.
841 */
844 err_status_t
845 srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len);
847 /**
848 * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet
849 * processing function.
850 *
851 * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr)
852 * verifies the Secure RTCP protection of the SRTCP packet pointed to
853 * by srtcp_hdr (which has length *len_ptr), using the SRTP session
854 * context ctx. If err_status_ok is returned, then srtcp_hdr points
855 * to the resulting RTCP packet and *len_ptr is the number of octets
856 * in that packet; otherwise, no assumptions should be made about the
857 * value of either data elements.
858 *
859 * @warning This function assumes that the SRTCP packet is aligned on a
860 * 32-bit boundary.
861 *
862 * @param ctx is a pointer to the srtp_t which applies to the
863 * particular packet.
864 *
865 * @param srtcp_hdr is a pointer to the header of the SRTCP packet
866 * (before the call). After the function returns, it points to the
867 * rtp packet if err_status_ok was returned; otherwise, the value of
868 * the data to which it points is undefined.
869 *
870 * @param pkt_octet_len is a pointer to the length in octets of the
871 * complete SRTCP packet (header and body) before the function call,
872 * and of the complete rtp packet after the call, if err_status_ok was
873 * returned. Otherwise, the value of the data to which it points is
874 * undefined.
875 *
876 * @return
877 * - err_status_ok if the RTCP packet is valid.
878 * - err_status_auth_fail if the SRTCP packet failed the message
879 * authentication check.
880 * - err_status_replay_fail if the SRTCP packet is a replay (e.g. has
881 * already been processed and accepted).
882 * - [other] if there has been an error in the cryptographic mechanisms.
883 *
884 */
886 err_status_t
887 srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len);
889 /**
890 * @}
891 */
893 /**
894 * @defgroup SRTPevents SRTP events and callbacks
895 * @ingroup SRTP
896 *
897 * @brief libSRTP can use a user-provided callback function to
898 * handle events.
899 *
900 *
901 * libSRTP allows a user to provide a callback function to handle
902 * events that need to be dealt with outside of the data plane (see
903 * the enum srtp_event_t for a description of these events). Dealing
904 * with these events is not a strict necessity; they are not
905 * security-critical, but the application may suffer if they are not
906 * handled. The function srtp_set_event_handler() is used to provide
907 * the callback function.
908 *
909 * A default event handler that merely reports on the events as they
910 * happen is included. It is also possible to set the event handler
911 * function to NULL, in which case all events will just be silently
912 * ignored.
913 *
914 * @{
915 */
917 /**
918 * @brief srtp_event_t defines events that need to be handled
919 *
920 * The enum srtp_event_t defines events that need to be handled
921 * outside the `data plane', such as SSRC collisions and
922 * key expirations.
923 *
924 * When a key expires or the maximum number of packets has been
925 * reached, an SRTP stream will enter an `expired' state in which no
926 * more packets can be protected or unprotected. When this happens,
927 * it is likely that you will want to either deallocate the stream
928 * (using srtp_stream_dealloc()), and possibly allocate a new one.
929 *
930 * When an SRTP stream expires, the other streams in the same session
931 * are unaffected, unless key sharing is used by that stream. In the
932 * latter case, all of the streams in the session will expire.
933 */
935 typedef enum {
936 event_ssrc_collision, /**<
937 * An SSRC collision occured.
938 */
939 event_key_soft_limit, /**< An SRTP stream reached the soft key
940 * usage limit and will expire soon.
941 */
942 event_key_hard_limit, /**< An SRTP stream reached the hard
943 * key usage limit and has expired.
944 */
945 event_packet_index_limit /**< An SRTP stream reached the hard
946 * packet limit (2^48 packets).
947 */
948 } srtp_event_t;
950 /**
951 * @brief srtp_event_data_t is the structure passed as a callback to
952 * the event handler function
953 *
954 * The struct srtp_event_data_t holds the data passed to the event
955 * handler function.
956 */
958 typedef struct srtp_event_data_t {
959 srtp_t session; /**< The session in which the event happend. */
960 srtp_stream_t stream; /**< The stream in which the event happend. */
961 srtp_event_t event; /**< An enum indicating the type of event. */
962 } srtp_event_data_t;
964 /**
965 * @brief srtp_event_handler_func_t is the function prototype for
966 * the event handler.
967 *
968 * The typedef srtp_event_handler_func_t is the prototype for the
969 * event handler function. It has as its only argument an
970 * srtp_event_data_t which describes the event that needs to be handled.
971 * There can only be a single, global handler for all events in
972 * libSRTP.
973 */
975 typedef void (srtp_event_handler_func_t)(srtp_event_data_t *data);
977 /**
978 * @brief sets the event handler to the function supplied by the caller.
979 *
980 * The function call srtp_install_event_handler(func) sets the event
981 * handler function to the value func. The value NULL is acceptable
982 * as an argument; in this case, events will be ignored rather than
983 * handled.
984 *
985 * @param func is a pointer to a fuction that takes an srtp_event_data_t
986 * pointer as an argument and returns void. This function
987 * will be used by libSRTP to handle events.
988 */
990 err_status_t
991 srtp_install_event_handler(srtp_event_handler_func_t func);
993 /**
994 * @}
995 */
996 /* in host order, so outside the #if */
997 #define SRTCP_E_BIT 0x80000000
998 /* for byte-access */
999 #define SRTCP_E_BYTE_BIT 0x80
1000 #define SRTCP_INDEX_MASK 0x7fffffff
1002 #ifdef __cplusplus
1003 }
1004 #endif
1006 #endif /* SRTP_H */
