michael@0: /* michael@0: * ekt.h michael@0: * michael@0: * interface to Encrypted Key Transport for SRTP michael@0: * michael@0: * David McGrew michael@0: * Cisco Systems, Inc. michael@0: */ michael@0: /* michael@0: * michael@0: * Copyright (c) 2001-2005 Cisco Systems, Inc. michael@0: * All rights reserved. michael@0: * michael@0: * Redistribution and use in source and binary forms, with or without michael@0: * modification, are permitted provided that the following conditions michael@0: * are met: michael@0: * michael@0: * Redistributions of source code must retain the above copyright michael@0: * notice, this list of conditions and the following disclaimer. michael@0: * michael@0: * Redistributions in binary form must reproduce the above michael@0: * copyright notice, this list of conditions and the following michael@0: * disclaimer in the documentation and/or other materials provided michael@0: * with the distribution. michael@0: * michael@0: * Neither the name of the Cisco Systems, Inc. nor the names of its michael@0: * contributors may be used to endorse or promote products derived michael@0: * from this software without specific prior written permission. michael@0: * michael@0: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS michael@0: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT michael@0: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS michael@0: * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE michael@0: * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, michael@0: * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES michael@0: * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR michael@0: * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) michael@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, michael@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) michael@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED michael@0: * OF THE POSSIBILITY OF SUCH DAMAGE. michael@0: * michael@0: */ michael@0: michael@0: michael@0: michael@0: /* michael@0: * EKT implementation strategy michael@0: * michael@0: * use stream_template approach michael@0: * michael@0: * in srtp_unprotect, when a new stream appears, check if template has michael@0: * EKT defined, and if it does, then apply EKT processing michael@0: * michael@0: * question: will we want to allow key-sharing templates in addition michael@0: * to EKT templates? could define a new ssrc_type_t that's associated michael@0: * with an EKT, e.g. ssrc_any_ekt. michael@0: * michael@0: * michael@0: */ michael@0: michael@0: #ifndef EKT_H michael@0: #define EKT_H michael@0: michael@0: #ifdef __cplusplus michael@0: extern "C" { michael@0: #endif michael@0: michael@0: #include "srtp_priv.h" michael@0: michael@0: #define EKT_CIPHER_DEFAULT 1 michael@0: #define EKT_CIPHER_AES_128_ECB 1 michael@0: #define EKT_CIPHER_AES_192_KEY_WRAP 2 michael@0: #define EKT_CIPHER_AES_256_KEY_WRAP 3 michael@0: michael@0: typedef uint16_t ekt_spi_t; michael@0: michael@0: michael@0: unsigned michael@0: ekt_octets_after_base_tag(ekt_stream_t ekt); michael@0: michael@0: /* michael@0: * an srtp_policy_t structure can contain a pointer to an michael@0: * ekt_policy_t structure michael@0: * michael@0: * this structure holds all of the high level EKT information, and it michael@0: * is passed into libsrtp to indicate what policy should be in effect michael@0: */ michael@0: michael@0: typedef struct ekt_policy_ctx_t { michael@0: ekt_spi_t spi; /* security parameter index */ michael@0: uint8_t ekt_cipher_type; michael@0: uint8_t *ekt_key; michael@0: struct ekt_policy_ctx_t *next_ekt_policy; michael@0: } ekt_policy_ctx_t; michael@0: michael@0: michael@0: /* michael@0: * an ekt_data_t structure holds the data corresponding to an ekt key, michael@0: * spi, and so on michael@0: */ michael@0: michael@0: typedef struct ekt_data_t { michael@0: ekt_spi_t spi; michael@0: uint8_t ekt_cipher_type; michael@0: aes_expanded_key_t ekt_enc_key; michael@0: aes_expanded_key_t ekt_dec_key; michael@0: struct ekt_data_t *next_ekt_data; michael@0: } ekt_data_t; michael@0: michael@0: /* michael@0: * an srtp_stream_ctx_t can contain an ekt_stream_ctx_t michael@0: * michael@0: * an ekt_stream_ctx_t structure holds all of the EKT information for michael@0: * a specific SRTP stream michael@0: */ michael@0: michael@0: typedef struct ekt_stream_ctx_t { michael@0: ekt_data_t *data; michael@0: uint16_t isn; /* initial sequence number */ michael@0: uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; michael@0: } ekt_stream_ctx_t; michael@0: michael@0: michael@0: michael@0: err_status_t michael@0: ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy); michael@0: michael@0: err_status_t michael@0: ekt_stream_init(ekt_stream_t e, michael@0: ekt_spi_t spi, michael@0: void *ekt_key, michael@0: unsigned ekt_cipher_type); michael@0: michael@0: err_status_t michael@0: ekt_stream_init_from_policy(ekt_stream_t e, ekt_policy_t p); michael@0: michael@0: michael@0: michael@0: err_status_t michael@0: srtp_stream_init_from_ekt(srtp_stream_t stream, michael@0: const void *srtcp_hdr, michael@0: unsigned pkt_octet_len); michael@0: michael@0: michael@0: void michael@0: ekt_write_data(ekt_stream_t ekt, michael@0: uint8_t *base_tag, michael@0: unsigned base_tag_len, michael@0: int *packet_len, michael@0: xtd_seq_num_t pkt_index); michael@0: michael@0: /* michael@0: * We handle EKT by performing some additional steps before michael@0: * authentication (copying the auth tag into a temporary location, michael@0: * zeroizing the "base tag" field in the packet) michael@0: * michael@0: * With EKT, the tag_len parameter is actually the base tag michael@0: * length michael@0: */ michael@0: michael@0: err_status_t michael@0: ekt_tag_verification_preproces(uint8_t *pkt_tag, michael@0: uint8_t *pkt_tag_copy, michael@0: unsigned tag_len); michael@0: michael@0: err_status_t michael@0: ekt_tag_verification_postproces(uint8_t *pkt_tag, michael@0: uint8_t *pkt_tag_copy, michael@0: unsigned tag_len); michael@0: michael@0: michael@0: /* michael@0: * @brief EKT pre-processing for srtcp tag generation michael@0: * michael@0: * This function does the pre-processing of the SRTCP authentication michael@0: * tag format. When EKT is used, it consists of writing the Encrypted michael@0: * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI michael@0: * fields. The Base Authentication Tag field is set to the all-zero michael@0: * value michael@0: * michael@0: * When EKT is not used, this function is a no-op. michael@0: * michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, michael@0: uint8_t *pkt_tag, michael@0: unsigned pkt_octet_len); michael@0: michael@0: /* it's not clear that a tag_generation_postprocess function is needed */ michael@0: michael@0: err_status_t michael@0: srtcp_auth_tag_generation_postprocess(void); michael@0: michael@0: michael@0: #ifdef __cplusplus michael@0: } michael@0: #endif michael@0: michael@0: #endif /* EKT_H */