michael@0: /* michael@0: * srtp.h michael@0: * michael@0: * interface to libsrtp michael@0: * michael@0: * David A. McGrew michael@0: * Cisco Systems, Inc. michael@0: */ michael@0: /* michael@0: * michael@0: * Copyright (c) 2001-2006, Cisco Systems, Inc. michael@0: * All rights reserved. michael@0: * michael@0: * Redistribution and use in source and binary forms, with or without michael@0: * modification, are permitted provided that the following conditions michael@0: * are met: michael@0: * michael@0: * Redistributions of source code must retain the above copyright michael@0: * notice, this list of conditions and the following disclaimer. michael@0: * michael@0: * Redistributions in binary form must reproduce the above michael@0: * copyright notice, this list of conditions and the following michael@0: * disclaimer in the documentation and/or other materials provided michael@0: * with the distribution. michael@0: * michael@0: * Neither the name of the Cisco Systems, Inc. nor the names of its michael@0: * contributors may be used to endorse or promote products derived michael@0: * from this software without specific prior written permission. michael@0: * michael@0: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS michael@0: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT michael@0: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS michael@0: * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE michael@0: * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, michael@0: * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES michael@0: * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR michael@0: * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) michael@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, michael@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) michael@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED michael@0: * OF THE POSSIBILITY OF SUCH DAMAGE. michael@0: * michael@0: */ michael@0: michael@0: michael@0: #ifndef SRTP_H michael@0: #define SRTP_H michael@0: michael@0: #ifdef __cplusplus michael@0: extern "C" { michael@0: #endif michael@0: michael@0: #include "crypto_kernel.h" michael@0: michael@0: /** michael@0: * @defgroup SRTP Secure RTP michael@0: * michael@0: * @brief libSRTP provides functions for protecting RTP and RTCP. See michael@0: * Section @ref Overview for an introduction to the use of the library. michael@0: * michael@0: * @{ michael@0: */ michael@0: michael@0: /* michael@0: * SRTP_MASTER_KEY_LEN is the nominal master key length supported by libSRTP michael@0: */ michael@0: michael@0: #define SRTP_MASTER_KEY_LEN 30 michael@0: michael@0: /* michael@0: * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP michael@0: */ michael@0: #define SRTP_MAX_KEY_LEN 64 michael@0: michael@0: /* michael@0: * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP michael@0: */ michael@0: michael@0: #define SRTP_MAX_TAG_LEN 12 michael@0: michael@0: /** michael@0: * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer michael@0: * (authentication tag and MKI) supported by libSRTP. This value is michael@0: * the maximum number of octets that will be added to an RTP packet by michael@0: * srtp_protect(). michael@0: * michael@0: * @brief the maximum number of octets added by srtp_protect(). michael@0: */ michael@0: #define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN michael@0: michael@0: /* michael@0: * nota bene: since libSRTP doesn't support the use of the MKI, the michael@0: * SRTP_MAX_TRAILER_LEN value is just the maximum tag length michael@0: */ michael@0: michael@0: /** michael@0: * @brief sec_serv_t describes a set of security services. michael@0: * michael@0: * A sec_serv_t enumeration is used to describe the particular michael@0: * security services that will be applied by a particular crypto michael@0: * policy (or other mechanism). michael@0: */ michael@0: michael@0: typedef enum { michael@0: sec_serv_none = 0, /**< no services */ michael@0: sec_serv_conf = 1, /**< confidentiality */ michael@0: sec_serv_auth = 2, /**< authentication */ michael@0: sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */ michael@0: } sec_serv_t; michael@0: michael@0: /** michael@0: * @brief crypto_policy_t describes a particular crypto policy that michael@0: * can be applied to an SRTP stream. michael@0: * michael@0: * A crypto_policy_t describes a particular cryptographic policy that michael@0: * can be applied to an SRTP or SRTCP stream. An SRTP session policy michael@0: * consists of a list of these policies, one for each SRTP stream michael@0: * in the session. michael@0: */ michael@0: michael@0: typedef struct crypto_policy_t { michael@0: cipher_type_id_t cipher_type; /**< An integer representing michael@0: * the type of cipher. */ michael@0: int cipher_key_len; /**< The length of the cipher key michael@0: * in octets. */ michael@0: auth_type_id_t auth_type; /**< An integer representing the michael@0: * authentication function. */ michael@0: int auth_key_len; /**< The length of the authentication michael@0: * function key in octets. */ michael@0: int auth_tag_len; /**< The length of the authentication michael@0: * tag in octets. */ michael@0: sec_serv_t sec_serv; /**< The flag indicating the security michael@0: * services to be applied. */ michael@0: } crypto_policy_t; michael@0: michael@0: michael@0: /** michael@0: * @brief ssrc_type_t describes the type of an SSRC. michael@0: * michael@0: * An ssrc_type_t enumeration is used to indicate a type of SSRC. See michael@0: * @ref srtp_policy_t for more informataion. michael@0: */ michael@0: michael@0: typedef enum { michael@0: ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */ michael@0: ssrc_specific = 1, /**< Indicates a specific SSRC value */ michael@0: ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value michael@0: (i.e. a value that is used in the michael@0: function srtp_unprotect()) */ michael@0: ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value michael@0: (i.e. a value that is used in the michael@0: function srtp_protect()) */ michael@0: } ssrc_type_t; michael@0: michael@0: /** michael@0: * @brief An ssrc_t represents a particular SSRC value, or a `wildcard' SSRC. michael@0: * michael@0: * An ssrc_t represents a particular SSRC value (if its type is michael@0: * ssrc_specific), or a wildcard SSRC value that will match all michael@0: * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound michael@0: * SSRCs (if its type is ssrc_any_inbound). michael@0: * michael@0: */ michael@0: michael@0: typedef struct { michael@0: ssrc_type_t type; /**< The type of this particular SSRC */ michael@0: unsigned int value; /**< The value of this SSRC, if it is not a wildcard */ michael@0: } ssrc_t; michael@0: michael@0: michael@0: /** michael@0: * @brief points to an EKT policy michael@0: */ michael@0: typedef struct ekt_policy_ctx_t *ekt_policy_t; michael@0: michael@0: michael@0: /** michael@0: * @brief points to EKT stream data michael@0: */ michael@0: typedef struct ekt_stream_ctx_t *ekt_stream_t; michael@0: michael@0: michael@0: /** michael@0: * @brief represents the policy for an SRTP session. michael@0: * michael@0: * A single srtp_policy_t struct represents the policy for a single michael@0: * SRTP stream, and a linked list of these elements represents the michael@0: * policy for an entire SRTP session. Each element contains the SRTP michael@0: * and SRTCP crypto policies for that stream, a pointer to the SRTP michael@0: * master key for that stream, the SSRC describing that stream, or a michael@0: * flag indicating a `wildcard' SSRC value, and a `next' field that michael@0: * holds a pointer to the next element in the list of policy elements, michael@0: * or NULL if it is the last element. michael@0: * michael@0: * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an michael@0: * inbound stream that for which there is no explicit SSRC entry in michael@0: * another policy element. Similarly, the value SSRC_ANY_OUTBOUND michael@0: * will matches any SSRC from an outbound stream that does not appear michael@0: * in another policy element. Note that wildcard SSRCs &b cannot be michael@0: * used to match both inbound and outbound traffic. This restriction michael@0: * is intentional, and it allows libSRTP to ensure that no security michael@0: * lapses result from accidental re-use of SSRC values during key michael@0: * sharing. michael@0: * michael@0: * michael@0: * @warning The final element of the list @b must have its `next' pointer michael@0: * set to NULL. michael@0: */ michael@0: michael@0: typedef struct srtp_policy_t { michael@0: ssrc_t ssrc; /**< The SSRC value of stream, or the michael@0: * flags SSRC_ANY_INBOUND or michael@0: * SSRC_ANY_OUTBOUND if key sharing michael@0: * is used for this policy element. michael@0: */ michael@0: crypto_policy_t rtp; /**< SRTP crypto policy. */ michael@0: crypto_policy_t rtcp; /**< SRTCP crypto policy. */ michael@0: unsigned char *key; /**< Pointer to the SRTP master key for michael@0: * this stream. */ michael@0: ekt_policy_t ekt; /**< Pointer to the EKT policy structure michael@0: * for this stream (if any) */ michael@0: unsigned long window_size; /**< The window size to use for replay michael@0: * protection. */ michael@0: int allow_repeat_tx; /**< Whether retransmissions of michael@0: * packets with the same sequence number michael@0: * are allowed. (Note that such repeated michael@0: * transmissions must have the same RTP michael@0: * payload, or a severe security weakness michael@0: * is introduced!) */ michael@0: struct srtp_policy_t *next; /**< Pointer to next stream policy. */ michael@0: } srtp_policy_t; michael@0: michael@0: michael@0: michael@0: michael@0: /** michael@0: * @brief An srtp_t points to an SRTP session structure. michael@0: * michael@0: * The typedef srtp_t is a pointer to a structure that represents michael@0: * an SRTP session. This datatype is intentially opaque in michael@0: * order to separate the interface from the implementation. michael@0: * michael@0: * An SRTP session consists of all of the traffic sent to the RTP and michael@0: * RTCP destination transport addresses, using the RTP/SAVP (Secure michael@0: * Audio/Video Profile). A session can be viewed as a set of SRTP michael@0: * streams, each of which originates with a different participant. michael@0: */ michael@0: michael@0: typedef struct srtp_ctx_t *srtp_t; michael@0: michael@0: michael@0: /** michael@0: * @brief An srtp_stream_t points to an SRTP stream structure. michael@0: * michael@0: * The typedef srtp_stream_t is a pointer to a structure that michael@0: * represents an SRTP stream. This datatype is intentionally michael@0: * opaque in order to separate the interface from the implementation. michael@0: * michael@0: * An SRTP stream consists of all of the traffic sent to an SRTP michael@0: * session by a single participant. A session can be viewed as michael@0: * a set of streams. michael@0: * michael@0: */ michael@0: typedef struct srtp_stream_ctx_t *srtp_stream_t; michael@0: michael@0: michael@0: michael@0: /** michael@0: * @brief srtp_init() initializes the srtp library. michael@0: * michael@0: * @warning This function @b must be called before any other srtp michael@0: * functions. michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_init(void); michael@0: michael@0: /** michael@0: * @brief srtp_shutdown() de-initializes the srtp library. michael@0: * michael@0: * @warning No srtp functions may be called after calling this function. michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_shutdown(void); michael@0: michael@0: /** michael@0: * @brief srtp_protect() is the Secure RTP sender-side packet processing michael@0: * function. michael@0: * michael@0: * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP michael@0: * protection to the RTP packet rtp_hdr (which has length *len_ptr) using michael@0: * the SRTP context ctx. If err_status_ok is returned, then rtp_hdr michael@0: * points to the resulting SRTP packet and *len_ptr is the number of michael@0: * octets in that packet; otherwise, no assumptions should be made michael@0: * about the value of either data elements. michael@0: * michael@0: * The sequence numbers of the RTP packets presented to this function michael@0: * need not be consecutive, but they @b must be out of order by less michael@0: * than 2^15 = 32,768 packets. michael@0: * michael@0: * @warning This function assumes that it can write the authentication michael@0: * tag into the location in memory immediately following the RTP michael@0: * packet, and assumes that the RTP packet is aligned on a 32-bit michael@0: * boundary. michael@0: * michael@0: * @param ctx is the SRTP context to use in processing the packet. michael@0: * michael@0: * @param rtp_hdr is a pointer to the RTP packet (before the call); after michael@0: * the function returns, it points to the srtp packet. michael@0: * michael@0: * @param len_ptr is a pointer to the length in octets of the complete michael@0: * RTP packet (header and body) before the function call, and of the michael@0: * complete SRTP packet after the call, if err_status_ok was returned. michael@0: * Otherwise, the value of the data to which it points is undefined. michael@0: * michael@0: * @return michael@0: * - err_status_ok no problems michael@0: * - err_status_replay_fail rtp sequence number was non-increasing michael@0: * - @e other failure in cryptographic mechanisms michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); michael@0: michael@0: /** michael@0: * @brief srtp_unprotect() is the Secure RTP receiver-side packet michael@0: * processing function. michael@0: * michael@0: * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies michael@0: * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr michael@0: * (which has length *len_ptr), using the SRTP context ctx. If michael@0: * err_status_ok is returned, then srtp_hdr points to the resulting michael@0: * RTP packet and *len_ptr is the number of octets in that packet; michael@0: * otherwise, no assumptions should be made about the value of either michael@0: * data elements. michael@0: * michael@0: * The sequence numbers of the RTP packets presented to this function michael@0: * need not be consecutive, but they @b must be out of order by less michael@0: * than 2^15 = 32,768 packets. michael@0: * michael@0: * @warning This function assumes that the SRTP packet is aligned on a michael@0: * 32-bit boundary. michael@0: * michael@0: * @param ctx is a pointer to the srtp_t which applies to the michael@0: * particular packet. michael@0: * michael@0: * @param srtp_hdr is a pointer to the header of the SRTP packet michael@0: * (before the call). after the function returns, it points to the michael@0: * rtp packet if err_status_ok was returned; otherwise, the value of michael@0: * the data to which it points is undefined. michael@0: * michael@0: * @param len_ptr is a pointer to the length in octets of the complete michael@0: * srtp packet (header and body) before the function call, and of the michael@0: * complete rtp packet after the call, if err_status_ok was returned. michael@0: * Otherwise, the value of the data to which it points is undefined. michael@0: * michael@0: * @return michael@0: * - err_status_ok if the RTP packet is valid. michael@0: * - err_status_auth_fail if the SRTP packet failed the message michael@0: * authentication check. michael@0: * - err_status_replay_fail if the SRTP packet is a replay (e.g. packet has michael@0: * already been processed and accepted). michael@0: * - [other] if there has been an error in the cryptographic mechanisms. michael@0: * michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); michael@0: michael@0: michael@0: /** michael@0: * @brief srtp_create() allocates and initializes an SRTP session. michael@0: michael@0: * The function call srtp_create(session, policy, key) allocates and michael@0: * initializes an SRTP session context, applying the given policy and michael@0: * key. michael@0: * michael@0: * @param session is the SRTP session to which the policy is to be added. michael@0: * michael@0: * @param policy is the srtp_policy_t struct that describes the policy michael@0: * for the session. The struct may be a single element, or it may be michael@0: * the head of a list, in which case each element of the list is michael@0: * processed. It may also be NULL, in which case streams should be added michael@0: * later using srtp_add_stream(). The final element of the list @b must michael@0: * have its `next' field set to NULL. michael@0: * michael@0: * @return michael@0: * - err_status_ok if creation succeded. michael@0: * - err_status_alloc_fail if allocation failed. michael@0: * - err_status_init_fail if initialization failed. michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_create(srtp_t *session, const srtp_policy_t *policy); michael@0: michael@0: michael@0: /** michael@0: * @brief srtp_add_stream() allocates and initializes an SRTP stream michael@0: * within a given SRTP session. michael@0: * michael@0: * The function call srtp_add_stream(session, policy) allocates and michael@0: * initializes a new SRTP stream within a given, previously created michael@0: * session, applying the policy given as the other argument to that michael@0: * stream. michael@0: * michael@0: * @return values: michael@0: * - err_status_ok if stream creation succeded. michael@0: * - err_status_alloc_fail if stream allocation failed michael@0: * - err_status_init_fail if stream initialization failed. michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_add_stream(srtp_t session, michael@0: const srtp_policy_t *policy); michael@0: michael@0: michael@0: /** michael@0: * @brief srtp_remove_stream() deallocates an SRTP stream. michael@0: * michael@0: * The function call srtp_remove_stream(session, ssrc) removes michael@0: * the SRTP stream with the SSRC value ssrc from the SRTP session michael@0: * context given by the argument session. michael@0: * michael@0: * @param session is the SRTP session from which the stream michael@0: * will be removed. michael@0: * michael@0: * @param ssrc is the SSRC value of the stream to be removed. michael@0: * michael@0: * @warning Wildcard SSRC values cannot be removed from a michael@0: * session. michael@0: * michael@0: * @return michael@0: * - err_status_ok if the stream deallocation succeded. michael@0: * - [other] otherwise. michael@0: * michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_remove_stream(srtp_t session, unsigned int ssrc); michael@0: michael@0: /** michael@0: * @brief crypto_policy_set_rtp_default() sets a crypto policy michael@0: * structure to the SRTP default policy for RTP protection. michael@0: * michael@0: * @param p is a pointer to the policy structure to be set michael@0: * michael@0: * The function call crypto_policy_set_rtp_default(&p) sets the michael@0: * crypto_policy_t at location p to the SRTP default policy for RTP michael@0: * protection, as defined in the specification. This function is a michael@0: * convenience that helps to avoid dealing directly with the policy michael@0: * data structure. You are encouraged to initialize policy elements michael@0: * with this function call. Doing so may allow your code to be michael@0: * forward compatible with later versions of libSRTP that include more michael@0: * elements in the crypto_policy_t datatype. michael@0: * michael@0: * @return void. michael@0: * michael@0: */ michael@0: michael@0: void michael@0: crypto_policy_set_rtp_default(crypto_policy_t *p); michael@0: michael@0: /** michael@0: * @brief crypto_policy_set_rtcp_default() sets a crypto policy michael@0: * structure to the SRTP default policy for RTCP protection. michael@0: * michael@0: * @param p is a pointer to the policy structure to be set michael@0: * michael@0: * The function call crypto_policy_set_rtcp_default(&p) sets the michael@0: * crypto_policy_t at location p to the SRTP default policy for RTCP michael@0: * protection, as defined in the specification. This function is a michael@0: * convenience that helps to avoid dealing directly with the policy michael@0: * data structure. You are encouraged to initialize policy elements michael@0: * with this function call. Doing so may allow your code to be michael@0: * forward compatible with later versions of libSRTP that include more michael@0: * elements in the crypto_policy_t datatype. michael@0: * michael@0: * @return void. michael@0: * michael@0: */ michael@0: michael@0: void michael@0: crypto_policy_set_rtcp_default(crypto_policy_t *p); michael@0: michael@0: /** michael@0: * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto michael@0: * policy structure to the SRTP default policy for RTP protection. michael@0: * michael@0: * @param p is a pointer to the policy structure to be set michael@0: * michael@0: * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a michael@0: * synonym for crypto_policy_set_rtp_default(). It conforms to the michael@0: * naming convention used in RFC 4568 (SDP Security Descriptions for michael@0: * Media Streams). michael@0: * michael@0: * @return void. michael@0: * michael@0: */ michael@0: michael@0: #define crypto_policy_set_aes_cm_128_hmac_sha1_80(p) crypto_policy_set_rtp_default(p) michael@0: michael@0: michael@0: /** michael@0: * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto michael@0: * policy structure to a short-authentication tag policy michael@0: * michael@0: * @param p is a pointer to the policy structure to be set michael@0: * michael@0: * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p) michael@0: * sets the crypto_policy_t at location p to use policy michael@0: * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568. michael@0: * This policy uses AES-128 michael@0: * Counter Mode encryption and HMAC-SHA1 authentication, with an michael@0: * authentication tag that is only 32 bits long. This length is michael@0: * considered adequate only for protecting audio and video media that michael@0: * use a stateless playback function. See Section 7.5 of RFC 3711 michael@0: * (http://www.ietf.org/rfc/rfc3711.txt). michael@0: * michael@0: * This function is a convenience that helps to avoid dealing directly michael@0: * with the policy data structure. You are encouraged to initialize michael@0: * policy elements with this function call. Doing so may allow your michael@0: * code to be forward compatible with later versions of libSRTP that michael@0: * include more elements in the crypto_policy_t datatype. michael@0: * michael@0: * @warning This crypto policy is intended for use in SRTP, but not in michael@0: * SRTCP. It is recommended that a policy that uses longer michael@0: * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 michael@0: * (http://www.ietf.org/rfc/rfc3711.txt). michael@0: * michael@0: * @return void. michael@0: * michael@0: */ michael@0: michael@0: void michael@0: crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p); michael@0: michael@0: michael@0: michael@0: /** michael@0: * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto michael@0: * policy structure to an encryption-only policy michael@0: * michael@0: * @param p is a pointer to the policy structure to be set michael@0: * michael@0: * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets michael@0: * the crypto_policy_t at location p to use the SRTP default cipher michael@0: * (AES-128 Counter Mode), but to use no authentication method. This michael@0: * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 michael@0: * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). michael@0: * michael@0: * This function is a convenience that helps to avoid dealing directly michael@0: * with the policy data structure. You are encouraged to initialize michael@0: * policy elements with this function call. Doing so may allow your michael@0: * code to be forward compatible with later versions of libSRTP that michael@0: * include more elements in the crypto_policy_t datatype. michael@0: * michael@0: * @warning This policy is NOT RECOMMENDED for SRTP unless it is michael@0: * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see michael@0: * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). michael@0: * michael@0: * @return void. michael@0: * michael@0: */ michael@0: michael@0: void michael@0: crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p); michael@0: michael@0: michael@0: /** michael@0: * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto michael@0: * policy structure to an authentication-only policy michael@0: * michael@0: * @param p is a pointer to the policy structure to be set michael@0: * michael@0: * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p) michael@0: * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80 michael@0: * bit authentication tag to provide message authentication, but to michael@0: * use no encryption. This policy is NOT RECOMMENDED for SRTP unless michael@0: * there is a requirement to forego encryption. michael@0: * michael@0: * This function is a convenience that helps to avoid dealing directly michael@0: * with the policy data structure. You are encouraged to initialize michael@0: * policy elements with this function call. Doing so may allow your michael@0: * code to be forward compatible with later versions of libSRTP that michael@0: * include more elements in the crypto_policy_t datatype. michael@0: * michael@0: * @warning This policy is NOT RECOMMENDED for SRTP unless there is a michael@0: * requirement to forego encryption. michael@0: * michael@0: * @return void. michael@0: * michael@0: */ michael@0: michael@0: void michael@0: crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p); michael@0: michael@0: michael@0: /** michael@0: * @brief crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto michael@0: * policy structure to a encryption and authentication policy using AES-256 michael@0: * for RTP protection. michael@0: * michael@0: * @param p is a pointer to the policy structure to be set michael@0: * michael@0: * The function call crypto_policy_set_aes_cm_256_hmac_sha1_80(&p) michael@0: * sets the crypto_policy_t at location p to use policy michael@0: * AES_CM_256_HMAC_SHA1_80 as defined in michael@0: * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256 michael@0: * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit michael@0: * authentication tag. michael@0: * michael@0: * This function is a convenience that helps to avoid dealing directly michael@0: * with the policy data structure. You are encouraged to initialize michael@0: * policy elements with this function call. Doing so may allow your michael@0: * code to be forward compatible with later versions of libSRTP that michael@0: * include more elements in the crypto_policy_t datatype. michael@0: * michael@0: * @return void. michael@0: * michael@0: */ michael@0: michael@0: void crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p); michael@0: michael@0: michael@0: /** michael@0: * @brief crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto michael@0: * policy structure to a short-authentication tag policy using AES-256 michael@0: * encryption. michael@0: * michael@0: * @param p is a pointer to the policy structure to be set michael@0: * michael@0: * The function call crypto_policy_set_aes_cm_256_hmac_sha1_32(&p) michael@0: * sets the crypto_policy_t at location p to use policy michael@0: * AES_CM_256_HMAC_SHA1_32 as defined in michael@0: * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256 michael@0: * Counter Mode encryption and HMAC-SHA1 authentication, with an michael@0: * authentication tag that is only 32 bits long. This length is michael@0: * considered adequate only for protecting audio and video media that michael@0: * use a stateless playback function. See Section 7.5 of RFC 3711 michael@0: * (http://www.ietf.org/rfc/rfc3711.txt). michael@0: * michael@0: * This function is a convenience that helps to avoid dealing directly michael@0: * with the policy data structure. You are encouraged to initialize michael@0: * policy elements with this function call. Doing so may allow your michael@0: * code to be forward compatible with later versions of libSRTP that michael@0: * include more elements in the crypto_policy_t datatype. michael@0: * michael@0: * @warning This crypto policy is intended for use in SRTP, but not in michael@0: * SRTCP. It is recommended that a policy that uses longer michael@0: * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 michael@0: * (http://www.ietf.org/rfc/rfc3711.txt). michael@0: * michael@0: * @return void. michael@0: * michael@0: */ michael@0: michael@0: void michael@0: crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p); michael@0: michael@0: michael@0: /** michael@0: * @brief srtp_dealloc() deallocates storage for an SRTP session michael@0: * context. michael@0: * michael@0: * The function call srtp_dealloc(s) deallocates storage for the michael@0: * SRTP session context s. This function should be called no more michael@0: * than one time for each of the contexts allocated by the function michael@0: * srtp_create(). michael@0: * michael@0: * @param s is the srtp_t for the session to be deallocated. michael@0: * michael@0: * @return michael@0: * - err_status_ok if there no problems. michael@0: * - err_status_dealloc_fail a memory deallocation failure occured. michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_dealloc(srtp_t s); michael@0: michael@0: michael@0: /* michael@0: * @brief identifies a particular SRTP profile michael@0: * michael@0: * An srtp_profile_t enumeration is used to identify a particular SRTP michael@0: * profile (that is, a set of algorithms and parameters). These michael@0: * profiles are defined in the DTLS-SRTP draft. michael@0: */ michael@0: michael@0: typedef enum { michael@0: srtp_profile_reserved = 0, michael@0: srtp_profile_aes128_cm_sha1_80 = 1, michael@0: srtp_profile_aes128_cm_sha1_32 = 2, michael@0: srtp_profile_aes256_cm_sha1_80 = 3, michael@0: srtp_profile_aes256_cm_sha1_32 = 4, michael@0: srtp_profile_null_sha1_80 = 5, michael@0: srtp_profile_null_sha1_32 = 6, michael@0: } srtp_profile_t; michael@0: michael@0: michael@0: /** michael@0: * @brief crypto_policy_set_from_profile_for_rtp() sets a crypto policy michael@0: * structure to the appropriate value for RTP based on an srtp_profile_t michael@0: * michael@0: * @param p is a pointer to the policy structure to be set michael@0: * michael@0: * The function call crypto_policy_set_rtp_default(&policy, profile) michael@0: * sets the crypto_policy_t at location policy to the policy for RTP michael@0: * protection, as defined by the srtp_profile_t profile. michael@0: * michael@0: * This function is a convenience that helps to avoid dealing directly michael@0: * with the policy data structure. You are encouraged to initialize michael@0: * policy elements with this function call. Doing so may allow your michael@0: * code to be forward compatible with later versions of libSRTP that michael@0: * include more elements in the crypto_policy_t datatype. michael@0: * michael@0: * @return values michael@0: * - err_status_ok no problems were encountered michael@0: * - err_status_bad_param the profile is not supported michael@0: * michael@0: */ michael@0: err_status_t michael@0: crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy, michael@0: srtp_profile_t profile); michael@0: michael@0: michael@0: michael@0: michael@0: /** michael@0: * @brief crypto_policy_set_from_profile_for_rtcp() sets a crypto policy michael@0: * structure to the appropriate value for RTCP based on an srtp_profile_t michael@0: * michael@0: * @param p is a pointer to the policy structure to be set michael@0: * michael@0: * The function call crypto_policy_set_rtcp_default(&policy, profile) michael@0: * sets the crypto_policy_t at location policy to the policy for RTCP michael@0: * protection, as defined by the srtp_profile_t profile. michael@0: * michael@0: * This function is a convenience that helps to avoid dealing directly michael@0: * with the policy data structure. You are encouraged to initialize michael@0: * policy elements with this function call. Doing so may allow your michael@0: * code to be forward compatible with later versions of libSRTP that michael@0: * include more elements in the crypto_policy_t datatype. michael@0: * michael@0: * @return values michael@0: * - err_status_ok no problems were encountered michael@0: * - err_status_bad_param the profile is not supported michael@0: * michael@0: */ michael@0: err_status_t michael@0: crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy, michael@0: srtp_profile_t profile); michael@0: michael@0: /** michael@0: * @brief returns the master key length for a given SRTP profile michael@0: */ michael@0: unsigned int michael@0: srtp_profile_get_master_key_length(srtp_profile_t profile); michael@0: michael@0: michael@0: /** michael@0: * @brief returns the master salt length for a given SRTP profile michael@0: */ michael@0: unsigned int michael@0: srtp_profile_get_master_salt_length(srtp_profile_t profile); michael@0: michael@0: /** michael@0: * @brief appends the salt to the key michael@0: * michael@0: * The function call append_salt_to_key(k, klen, s, slen) michael@0: * copies the string s to the location at klen bytes following michael@0: * the location k. michael@0: * michael@0: * @warning There must be at least bytes_in_salt + bytes_in_key bytes michael@0: * available at the location pointed to by key. michael@0: * michael@0: */ michael@0: michael@0: void michael@0: append_salt_to_key(unsigned char *key, unsigned int bytes_in_key, michael@0: unsigned char *salt, unsigned int bytes_in_salt); michael@0: michael@0: michael@0: michael@0: /** michael@0: * @} michael@0: */ michael@0: michael@0: michael@0: michael@0: /** michael@0: * @defgroup SRTCP Secure RTCP michael@0: * @ingroup SRTP michael@0: * michael@0: * @brief Secure RTCP functions are used to protect RTCP traffic. michael@0: * michael@0: * RTCP is the control protocol for RTP. libSRTP protects RTCP michael@0: * traffic in much the same way as it does RTP traffic. The function michael@0: * srtp_protect_rtcp() applies cryptographic protections to outbound michael@0: * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on michael@0: * inbound RTCP packets. michael@0: * michael@0: * A note on the naming convention: srtp_protect_rtcp() has an srtp_t michael@0: * as its first argument, and thus has `srtp_' as its prefix. The michael@0: * trailing `_rtcp' indicates the protocol on which it acts. michael@0: * michael@0: * @{ michael@0: */ michael@0: michael@0: /** michael@0: * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet michael@0: * processing function. michael@0: * michael@0: * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies michael@0: * SRTCP protection to the RTCP packet rtcp_hdr (which has length michael@0: * *len_ptr) using the SRTP session context ctx. If err_status_ok is michael@0: * returned, then rtp_hdr points to the resulting SRTCP packet and michael@0: * *len_ptr is the number of octets in that packet; otherwise, no michael@0: * assumptions should be made about the value of either data elements. michael@0: * michael@0: * @warning This function assumes that it can write the authentication michael@0: * tag into the location in memory immediately following the RTCP michael@0: * packet, and assumes that the RTCP packet is aligned on a 32-bit michael@0: * boundary. michael@0: * michael@0: * @param ctx is the SRTP context to use in processing the packet. michael@0: * michael@0: * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after michael@0: * the function returns, it points to the srtp packet. michael@0: * michael@0: * @param pkt_octet_len is a pointer to the length in octets of the michael@0: * complete RTCP packet (header and body) before the function call, michael@0: * and of the complete SRTCP packet after the call, if err_status_ok michael@0: * was returned. Otherwise, the value of the data to which it points michael@0: * is undefined. michael@0: * michael@0: * @return michael@0: * - err_status_ok if there were no problems. michael@0: * - [other] if there was a failure in michael@0: * the cryptographic mechanisms. michael@0: */ michael@0: michael@0: michael@0: err_status_t michael@0: srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len); michael@0: michael@0: /** michael@0: * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet michael@0: * processing function. michael@0: * michael@0: * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr) michael@0: * verifies the Secure RTCP protection of the SRTCP packet pointed to michael@0: * by srtcp_hdr (which has length *len_ptr), using the SRTP session michael@0: * context ctx. If err_status_ok is returned, then srtcp_hdr points michael@0: * to the resulting RTCP packet and *len_ptr is the number of octets michael@0: * in that packet; otherwise, no assumptions should be made about the michael@0: * value of either data elements. michael@0: * michael@0: * @warning This function assumes that the SRTCP packet is aligned on a michael@0: * 32-bit boundary. michael@0: * michael@0: * @param ctx is a pointer to the srtp_t which applies to the michael@0: * particular packet. michael@0: * michael@0: * @param srtcp_hdr is a pointer to the header of the SRTCP packet michael@0: * (before the call). After the function returns, it points to the michael@0: * rtp packet if err_status_ok was returned; otherwise, the value of michael@0: * the data to which it points is undefined. michael@0: * michael@0: * @param pkt_octet_len is a pointer to the length in octets of the michael@0: * complete SRTCP packet (header and body) before the function call, michael@0: * and of the complete rtp packet after the call, if err_status_ok was michael@0: * returned. Otherwise, the value of the data to which it points is michael@0: * undefined. michael@0: * michael@0: * @return michael@0: * - err_status_ok if the RTCP packet is valid. michael@0: * - err_status_auth_fail if the SRTCP packet failed the message michael@0: * authentication check. michael@0: * - err_status_replay_fail if the SRTCP packet is a replay (e.g. has michael@0: * already been processed and accepted). michael@0: * - [other] if there has been an error in the cryptographic mechanisms. michael@0: * michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len); michael@0: michael@0: /** michael@0: * @} michael@0: */ michael@0: michael@0: /** michael@0: * @defgroup SRTPevents SRTP events and callbacks michael@0: * @ingroup SRTP michael@0: * michael@0: * @brief libSRTP can use a user-provided callback function to michael@0: * handle events. michael@0: * michael@0: * michael@0: * libSRTP allows a user to provide a callback function to handle michael@0: * events that need to be dealt with outside of the data plane (see michael@0: * the enum srtp_event_t for a description of these events). Dealing michael@0: * with these events is not a strict necessity; they are not michael@0: * security-critical, but the application may suffer if they are not michael@0: * handled. The function srtp_set_event_handler() is used to provide michael@0: * the callback function. michael@0: * michael@0: * A default event handler that merely reports on the events as they michael@0: * happen is included. It is also possible to set the event handler michael@0: * function to NULL, in which case all events will just be silently michael@0: * ignored. michael@0: * michael@0: * @{ michael@0: */ michael@0: michael@0: /** michael@0: * @brief srtp_event_t defines events that need to be handled michael@0: * michael@0: * The enum srtp_event_t defines events that need to be handled michael@0: * outside the `data plane', such as SSRC collisions and michael@0: * key expirations. michael@0: * michael@0: * When a key expires or the maximum number of packets has been michael@0: * reached, an SRTP stream will enter an `expired' state in which no michael@0: * more packets can be protected or unprotected. When this happens, michael@0: * it is likely that you will want to either deallocate the stream michael@0: * (using srtp_stream_dealloc()), and possibly allocate a new one. michael@0: * michael@0: * When an SRTP stream expires, the other streams in the same session michael@0: * are unaffected, unless key sharing is used by that stream. In the michael@0: * latter case, all of the streams in the session will expire. michael@0: */ michael@0: michael@0: typedef enum { michael@0: event_ssrc_collision, /**< michael@0: * An SSRC collision occured. michael@0: */ michael@0: event_key_soft_limit, /**< An SRTP stream reached the soft key michael@0: * usage limit and will expire soon. michael@0: */ michael@0: event_key_hard_limit, /**< An SRTP stream reached the hard michael@0: * key usage limit and has expired. michael@0: */ michael@0: event_packet_index_limit /**< An SRTP stream reached the hard michael@0: * packet limit (2^48 packets). michael@0: */ michael@0: } srtp_event_t; michael@0: michael@0: /** michael@0: * @brief srtp_event_data_t is the structure passed as a callback to michael@0: * the event handler function michael@0: * michael@0: * The struct srtp_event_data_t holds the data passed to the event michael@0: * handler function. michael@0: */ michael@0: michael@0: typedef struct srtp_event_data_t { michael@0: srtp_t session; /**< The session in which the event happend. */ michael@0: srtp_stream_t stream; /**< The stream in which the event happend. */ michael@0: srtp_event_t event; /**< An enum indicating the type of event. */ michael@0: } srtp_event_data_t; michael@0: michael@0: /** michael@0: * @brief srtp_event_handler_func_t is the function prototype for michael@0: * the event handler. michael@0: * michael@0: * The typedef srtp_event_handler_func_t is the prototype for the michael@0: * event handler function. It has as its only argument an michael@0: * srtp_event_data_t which describes the event that needs to be handled. michael@0: * There can only be a single, global handler for all events in michael@0: * libSRTP. michael@0: */ michael@0: michael@0: typedef void (srtp_event_handler_func_t)(srtp_event_data_t *data); michael@0: michael@0: /** michael@0: * @brief sets the event handler to the function supplied by the caller. michael@0: * michael@0: * The function call srtp_install_event_handler(func) sets the event michael@0: * handler function to the value func. The value NULL is acceptable michael@0: * as an argument; in this case, events will be ignored rather than michael@0: * handled. michael@0: * michael@0: * @param func is a pointer to a fuction that takes an srtp_event_data_t michael@0: * pointer as an argument and returns void. This function michael@0: * will be used by libSRTP to handle events. michael@0: */ michael@0: michael@0: err_status_t michael@0: srtp_install_event_handler(srtp_event_handler_func_t func); michael@0: michael@0: /** michael@0: * @} michael@0: */ michael@0: /* in host order, so outside the #if */ michael@0: #define SRTCP_E_BIT 0x80000000 michael@0: /* for byte-access */ michael@0: #define SRTCP_E_BYTE_BIT 0x80 michael@0: #define SRTCP_INDEX_MASK 0x7fffffff michael@0: michael@0: #ifdef __cplusplus michael@0: } michael@0: #endif michael@0: michael@0: #endif /* SRTP_H */