diff options
Diffstat (limited to 'netwerk/srtp/src/include')
-rw-r--r-- | netwerk/srtp/src/include/config.h | 6 | ||||
-rw-r--r-- | netwerk/srtp/src/include/ekt.h | 201 | ||||
-rw-r--r-- | netwerk/srtp/src/include/getopt_s.h | 60 | ||||
-rw-r--r-- | netwerk/srtp/src/include/rtp.h | 139 | ||||
-rw-r--r-- | netwerk/srtp/src/include/rtp_priv.h | 74 | ||||
-rw-r--r-- | netwerk/srtp/src/include/srtp.h | 1006 | ||||
-rw-r--r-- | netwerk/srtp/src/include/srtp_priv.h | 256 | ||||
-rw-r--r-- | netwerk/srtp/src/include/ut_sim.h | 80 |
8 files changed, 1822 insertions, 0 deletions
diff --git a/netwerk/srtp/src/include/config.h b/netwerk/srtp/src/include/config.h new file mode 100644 index 000000000..75e05e897 --- /dev/null +++ b/netwerk/srtp/src/include/config.h @@ -0,0 +1,6 @@ +/* + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ +/* empty file; config done via Makefile.in & configure.in */ diff --git a/netwerk/srtp/src/include/ekt.h b/netwerk/srtp/src/include/ekt.h new file mode 100644 index 000000000..b0d888bac --- /dev/null +++ b/netwerk/srtp/src/include/ekt.h @@ -0,0 +1,201 @@ +/* + * ekt.h + * + * interface to Encrypted Key Transport for SRTP + * + * David McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2005 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + + +/* + * EKT implementation strategy + * + * use stream_template approach + * + * in srtp_unprotect, when a new stream appears, check if template has + * EKT defined, and if it does, then apply EKT processing + * + * question: will we want to allow key-sharing templates in addition + * to EKT templates? could define a new ssrc_type_t that's associated + * with an EKT, e.g. ssrc_any_ekt. + * + * + */ + +#ifndef EKT_H +#define EKT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "srtp_priv.h" + +#define EKT_CIPHER_DEFAULT 1 +#define EKT_CIPHER_AES_128_ECB 1 +#define EKT_CIPHER_AES_192_KEY_WRAP 2 +#define EKT_CIPHER_AES_256_KEY_WRAP 3 + +typedef uint16_t ekt_spi_t; + + +unsigned +ekt_octets_after_base_tag(ekt_stream_t ekt); + +/* + * an srtp_policy_t structure can contain a pointer to an + * ekt_policy_t structure + * + * this structure holds all of the high level EKT information, and it + * is passed into libsrtp to indicate what policy should be in effect + */ + +typedef struct ekt_policy_ctx_t { + ekt_spi_t spi; /* security parameter index */ + uint8_t ekt_cipher_type; + uint8_t *ekt_key; + struct ekt_policy_ctx_t *next_ekt_policy; +} ekt_policy_ctx_t; + + +/* + * an ekt_data_t structure holds the data corresponding to an ekt key, + * spi, and so on + */ + +typedef struct ekt_data_t { + ekt_spi_t spi; + uint8_t ekt_cipher_type; + aes_expanded_key_t ekt_enc_key; + aes_expanded_key_t ekt_dec_key; + struct ekt_data_t *next_ekt_data; +} ekt_data_t; + +/* + * an srtp_stream_ctx_t can contain an ekt_stream_ctx_t + * + * an ekt_stream_ctx_t structure holds all of the EKT information for + * a specific SRTP stream + */ + +typedef struct ekt_stream_ctx_t { + ekt_data_t *data; + uint16_t isn; /* initial sequence number */ + uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; +} ekt_stream_ctx_t; + + + +err_status_t +ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy); + +err_status_t +ekt_stream_init(ekt_stream_t e, + ekt_spi_t spi, + void *ekt_key, + unsigned ekt_cipher_type); + +err_status_t +ekt_stream_init_from_policy(ekt_stream_t e, ekt_policy_t p); + + + +err_status_t +srtp_stream_init_from_ekt(srtp_stream_t stream, + const void *srtcp_hdr, + unsigned pkt_octet_len); + + +void +ekt_write_data(ekt_stream_t ekt, + uint8_t *base_tag, + unsigned base_tag_len, + int *packet_len, + xtd_seq_num_t pkt_index); + +/* + * We handle EKT by performing some additional steps before + * authentication (copying the auth tag into a temporary location, + * zeroizing the "base tag" field in the packet) + * + * With EKT, the tag_len parameter is actually the base tag + * length + */ + +err_status_t +ekt_tag_verification_preproces(uint8_t *pkt_tag, + uint8_t *pkt_tag_copy, + unsigned tag_len); + +err_status_t +ekt_tag_verification_postproces(uint8_t *pkt_tag, + uint8_t *pkt_tag_copy, + unsigned tag_len); + + +/* + * @brief EKT pre-processing for srtcp tag generation + * + * This function does the pre-processing of the SRTCP authentication + * tag format. When EKT is used, it consists of writing the Encrypted + * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI + * fields. The Base Authentication Tag field is set to the all-zero + * value + * + * When EKT is not used, this function is a no-op. + * + */ + +err_status_t +srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, + uint8_t *pkt_tag, + unsigned pkt_octet_len); + +/* it's not clear that a tag_generation_postprocess function is needed */ + +err_status_t +srtcp_auth_tag_generation_postprocess(void); + + +#ifdef __cplusplus +} +#endif + +#endif /* EKT_H */ diff --git a/netwerk/srtp/src/include/getopt_s.h b/netwerk/srtp/src/include/getopt_s.h new file mode 100644 index 000000000..2a6ece34e --- /dev/null +++ b/netwerk/srtp/src/include/getopt_s.h @@ -0,0 +1,60 @@ +/* + * getopt.h + * + * interface to a minimal implementation of the getopt() function, + * written so that test applications that use that function can run on + * non-POSIX platforms + * + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef GETOPT_S_H +#define GETOPT_S_H + +/* + * getopt_s(), optarg_s, and optind_s are small, locally defined + * versions of the POSIX standard getopt() interface. + */ + +int +getopt_s(int argc, char * const argv[], const char *optstring); + +extern char *optarg_s; /* defined in getopt.c */ + +extern int optind_s; /* defined in getopt.c */ + +#endif /* GETOPT_S_H */ diff --git a/netwerk/srtp/src/include/rtp.h b/netwerk/srtp/src/include/rtp.h new file mode 100644 index 000000000..0e0119cf7 --- /dev/null +++ b/netwerk/srtp/src/include/rtp.h @@ -0,0 +1,139 @@ +/* + * rtp.h + * + * rtp interface for srtp reference implementation + * + * David A. McGrew + * Cisco Systems, Inc. + * + * data types: + * + * rtp_msg_t an rtp message (the data that goes on the wire) + * rtp_sender_t sender side socket and rtp info + * rtp_receiver_t receiver side socket and rtp info + * + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef RTP_H +#define RTP_H + +#ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +#elif defined HAVE_WINSOCK2_H +# include <winsock2.h> +#endif + +#include "srtp.h" + +typedef struct rtp_sender_ctx_t *rtp_sender_t; + +typedef struct rtp_receiver_ctx_t *rtp_receiver_t; + +int +rtp_sendto(rtp_sender_t sender, const void* msg, int len); + +int +rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len); + +int +rtp_receiver_init(rtp_receiver_t rcvr, int sock, + struct sockaddr_in addr, unsigned int ssrc); + +int +rtp_sender_init(rtp_sender_t sender, int sock, + struct sockaddr_in addr, unsigned int ssrc); + +/* + * srtp_sender_init(...) initializes an rtp_sender_t + */ + +int +srtp_sender_init(rtp_sender_t rtp_ctx, /* structure to be init'ed */ + struct sockaddr_in name, /* socket name */ + sec_serv_t security_services, /* sec. servs. to be used */ + unsigned char *input_key /* master key/salt in hex */ + ); + +int +srtp_receiver_init(rtp_receiver_t rtp_ctx, /* structure to be init'ed */ + struct sockaddr_in name, /* socket name */ + sec_serv_t security_services, /* sec. servs. to be used */ + unsigned char *input_key /* master key/salt in hex */ + ); + + +int +rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy); + +int +rtp_sender_deinit_srtp(rtp_sender_t sender); + +int +rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy); + +int +rtp_receiver_deinit_srtp(rtp_receiver_t sender); + + +rtp_sender_t +rtp_sender_alloc(void); + +void +rtp_sender_dealloc(rtp_sender_t rtp_ctx); + +rtp_receiver_t +rtp_receiver_alloc(void); + +void +rtp_receiver_dealloc(rtp_receiver_t rtp_ctx); + + +/* + * RTP_HEADER_LEN indicates the size of an RTP header + */ +#define RTP_HEADER_LEN 12 + +/* + * RTP_MAX_BUF_LEN defines the largest RTP packet in the rtp.c implementation + */ +#define RTP_MAX_BUF_LEN 16384 + + +#endif /* RTP_H */ diff --git a/netwerk/srtp/src/include/rtp_priv.h b/netwerk/srtp/src/include/rtp_priv.h new file mode 100644 index 000000000..142138667 --- /dev/null +++ b/netwerk/srtp/src/include/rtp_priv.h @@ -0,0 +1,74 @@ +/* + * rtp_priv.h + * + * private, internal header file for RTP + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef RTP_PRIV_H +#define RTP_PRIV_H + +#include "srtp_priv.h" +#include "rtp.h" + +typedef srtp_hdr_t rtp_hdr_t; + +typedef struct { + srtp_hdr_t header; + char body[RTP_MAX_BUF_LEN]; +} rtp_msg_t; + +typedef struct rtp_sender_ctx_t { + rtp_msg_t message; + int socket; + srtp_ctx_t *srtp_ctx; + struct sockaddr_in addr; /* reciever's address */ +} rtp_sender_ctx_t; + +typedef struct rtp_receiver_ctx_t { + rtp_msg_t message; + int socket; + srtp_ctx_t *srtp_ctx; + struct sockaddr_in addr; /* receiver's address */ +} rtp_receiver_ctx_t; + + +#endif /* RTP_PRIV_H */ diff --git a/netwerk/srtp/src/include/srtp.h b/netwerk/srtp/src/include/srtp.h new file mode 100644 index 000000000..eb95e7d47 --- /dev/null +++ b/netwerk/srtp/src/include/srtp.h @@ -0,0 +1,1006 @@ +/* + * srtp.h + * + * interface to libsrtp + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef SRTP_H +#define SRTP_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "crypto_kernel.h" + +/** + * @defgroup SRTP Secure RTP + * + * @brief libSRTP provides functions for protecting RTP and RTCP. See + * Section @ref Overview for an introduction to the use of the library. + * + * @{ + */ + +/* + * SRTP_MASTER_KEY_LEN is the nominal master key length supported by libSRTP + */ + +#define SRTP_MASTER_KEY_LEN 30 + +/* + * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP + */ +#define SRTP_MAX_KEY_LEN 64 + +/* + * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP + */ + +#define SRTP_MAX_TAG_LEN 12 + +/** + * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer + * (authentication tag and MKI) supported by libSRTP. This value is + * the maximum number of octets that will be added to an RTP packet by + * srtp_protect(). + * + * @brief the maximum number of octets added by srtp_protect(). + */ +#define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN + +/* + * nota bene: since libSRTP doesn't support the use of the MKI, the + * SRTP_MAX_TRAILER_LEN value is just the maximum tag length + */ + +/** + * @brief sec_serv_t describes a set of security services. + * + * A sec_serv_t enumeration is used to describe the particular + * security services that will be applied by a particular crypto + * policy (or other mechanism). + */ + +typedef enum { + sec_serv_none = 0, /**< no services */ + sec_serv_conf = 1, /**< confidentiality */ + sec_serv_auth = 2, /**< authentication */ + sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */ +} sec_serv_t; + +/** + * @brief crypto_policy_t describes a particular crypto policy that + * can be applied to an SRTP stream. + * + * A crypto_policy_t describes a particular cryptographic policy that + * can be applied to an SRTP or SRTCP stream. An SRTP session policy + * consists of a list of these policies, one for each SRTP stream + * in the session. + */ + +typedef struct crypto_policy_t { + cipher_type_id_t cipher_type; /**< An integer representing + * the type of cipher. */ + int cipher_key_len; /**< The length of the cipher key + * in octets. */ + auth_type_id_t auth_type; /**< An integer representing the + * authentication function. */ + int auth_key_len; /**< The length of the authentication + * function key in octets. */ + int auth_tag_len; /**< The length of the authentication + * tag in octets. */ + sec_serv_t sec_serv; /**< The flag indicating the security + * services to be applied. */ +} crypto_policy_t; + + +/** + * @brief ssrc_type_t describes the type of an SSRC. + * + * An ssrc_type_t enumeration is used to indicate a type of SSRC. See + * @ref srtp_policy_t for more informataion. + */ + +typedef enum { + ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */ + ssrc_specific = 1, /**< Indicates a specific SSRC value */ + ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value + (i.e. a value that is used in the + function srtp_unprotect()) */ + ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value + (i.e. a value that is used in the + function srtp_protect()) */ +} ssrc_type_t; + +/** + * @brief An ssrc_t represents a particular SSRC value, or a `wildcard' SSRC. + * + * An ssrc_t represents a particular SSRC value (if its type is + * ssrc_specific), or a wildcard SSRC value that will match all + * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound + * SSRCs (if its type is ssrc_any_inbound). + * + */ + +typedef struct { + ssrc_type_t type; /**< The type of this particular SSRC */ + unsigned int value; /**< The value of this SSRC, if it is not a wildcard */ +} ssrc_t; + + +/** + * @brief points to an EKT policy + */ +typedef struct ekt_policy_ctx_t *ekt_policy_t; + + +/** + * @brief points to EKT stream data + */ +typedef struct ekt_stream_ctx_t *ekt_stream_t; + + +/** + * @brief represents the policy for an SRTP session. + * + * A single srtp_policy_t struct represents the policy for a single + * SRTP stream, and a linked list of these elements represents the + * policy for an entire SRTP session. Each element contains the SRTP + * and SRTCP crypto policies for that stream, a pointer to the SRTP + * master key for that stream, the SSRC describing that stream, or a + * flag indicating a `wildcard' SSRC value, and a `next' field that + * holds a pointer to the next element in the list of policy elements, + * or NULL if it is the last element. + * + * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an + * inbound stream that for which there is no explicit SSRC entry in + * another policy element. Similarly, the value SSRC_ANY_OUTBOUND + * will matches any SSRC from an outbound stream that does not appear + * in another policy element. Note that wildcard SSRCs &b cannot be + * used to match both inbound and outbound traffic. This restriction + * is intentional, and it allows libSRTP to ensure that no security + * lapses result from accidental re-use of SSRC values during key + * sharing. + * + * + * @warning The final element of the list @b must have its `next' pointer + * set to NULL. + */ + +typedef struct srtp_policy_t { + ssrc_t ssrc; /**< The SSRC value of stream, or the + * flags SSRC_ANY_INBOUND or + * SSRC_ANY_OUTBOUND if key sharing + * is used for this policy element. + */ + crypto_policy_t rtp; /**< SRTP crypto policy. */ + crypto_policy_t rtcp; /**< SRTCP crypto policy. */ + unsigned char *key; /**< Pointer to the SRTP master key for + * this stream. */ + ekt_policy_t ekt; /**< Pointer to the EKT policy structure + * for this stream (if any) */ + unsigned long window_size; /**< The window size to use for replay + * protection. */ + int allow_repeat_tx; /**< Whether retransmissions of + * packets with the same sequence number + * are allowed. (Note that such repeated + * transmissions must have the same RTP + * payload, or a severe security weakness + * is introduced!) */ + struct srtp_policy_t *next; /**< Pointer to next stream policy. */ +} srtp_policy_t; + + + + +/** + * @brief An srtp_t points to an SRTP session structure. + * + * The typedef srtp_t is a pointer to a structure that represents + * an SRTP session. This datatype is intentially opaque in + * order to separate the interface from the implementation. + * + * An SRTP session consists of all of the traffic sent to the RTP and + * RTCP destination transport addresses, using the RTP/SAVP (Secure + * Audio/Video Profile). A session can be viewed as a set of SRTP + * streams, each of which originates with a different participant. + */ + +typedef struct srtp_ctx_t *srtp_t; + + +/** + * @brief An srtp_stream_t points to an SRTP stream structure. + * + * The typedef srtp_stream_t is a pointer to a structure that + * represents an SRTP stream. This datatype is intentionally + * opaque in order to separate the interface from the implementation. + * + * An SRTP stream consists of all of the traffic sent to an SRTP + * session by a single participant. A session can be viewed as + * a set of streams. + * + */ +typedef struct srtp_stream_ctx_t *srtp_stream_t; + + + +/** + * @brief srtp_init() initializes the srtp library. + * + * @warning This function @b must be called before any other srtp + * functions. + */ + +err_status_t +srtp_init(void); + +/** + * @brief srtp_shutdown() de-initializes the srtp library. + * + * @warning No srtp functions may be called after calling this function. + */ + +err_status_t +srtp_shutdown(void); + +/** + * @brief srtp_protect() is the Secure RTP sender-side packet processing + * function. + * + * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP + * protection to the RTP packet rtp_hdr (which has length *len_ptr) using + * the SRTP context ctx. If err_status_ok is returned, then rtp_hdr + * points to the resulting SRTP packet and *len_ptr is the number of + * octets in that packet; otherwise, no assumptions should be made + * about the value of either data elements. + * + * The sequence numbers of the RTP packets presented to this function + * need not be consecutive, but they @b must be out of order by less + * than 2^15 = 32,768 packets. + * + * @warning This function assumes that it can write the authentication + * tag into the location in memory immediately following the RTP + * packet, and assumes that the RTP packet is aligned on a 32-bit + * boundary. + * + * @param ctx is the SRTP context to use in processing the packet. + * + * @param rtp_hdr is a pointer to the RTP packet (before the call); after + * the function returns, it points to the srtp packet. + * + * @param len_ptr is a pointer to the length in octets of the complete + * RTP packet (header and body) before the function call, and of the + * complete SRTP packet after the call, if err_status_ok was returned. + * Otherwise, the value of the data to which it points is undefined. + * + * @return + * - err_status_ok no problems + * - err_status_replay_fail rtp sequence number was non-increasing + * - @e other failure in cryptographic mechanisms + */ + +err_status_t +srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); + +/** + * @brief srtp_unprotect() is the Secure RTP receiver-side packet + * processing function. + * + * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies + * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr + * (which has length *len_ptr), using the SRTP context ctx. If + * err_status_ok is returned, then srtp_hdr points to the resulting + * RTP packet and *len_ptr is the number of octets in that packet; + * otherwise, no assumptions should be made about the value of either + * data elements. + * + * The sequence numbers of the RTP packets presented to this function + * need not be consecutive, but they @b must be out of order by less + * than 2^15 = 32,768 packets. + * + * @warning This function assumes that the SRTP packet is aligned on a + * 32-bit boundary. + * + * @param ctx is a pointer to the srtp_t which applies to the + * particular packet. + * + * @param srtp_hdr is a pointer to the header of the SRTP packet + * (before the call). after the function returns, it points to the + * rtp packet if err_status_ok was returned; otherwise, the value of + * the data to which it points is undefined. + * + * @param len_ptr is a pointer to the length in octets of the complete + * srtp packet (header and body) before the function call, and of the + * complete rtp packet after the call, if err_status_ok was returned. + * Otherwise, the value of the data to which it points is undefined. + * + * @return + * - err_status_ok if the RTP packet is valid. + * - err_status_auth_fail if the SRTP packet failed the message + * authentication check. + * - err_status_replay_fail if the SRTP packet is a replay (e.g. packet has + * already been processed and accepted). + * - [other] if there has been an error in the cryptographic mechanisms. + * + */ + +err_status_t +srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); + + +/** + * @brief srtp_create() allocates and initializes an SRTP session. + + * The function call srtp_create(session, policy, key) allocates and + * initializes an SRTP session context, applying the given policy and + * key. + * + * @param session is the SRTP session to which the policy is to be added. + * + * @param policy is the srtp_policy_t struct that describes the policy + * for the session. The struct may be a single element, or it may be + * the head of a list, in which case each element of the list is + * processed. It may also be NULL, in which case streams should be added + * later using srtp_add_stream(). The final element of the list @b must + * have its `next' field set to NULL. + * + * @return + * - err_status_ok if creation succeded. + * - err_status_alloc_fail if allocation failed. + * - err_status_init_fail if initialization failed. + */ + +err_status_t +srtp_create(srtp_t *session, const srtp_policy_t *policy); + + +/** + * @brief srtp_add_stream() allocates and initializes an SRTP stream + * within a given SRTP session. + * + * The function call srtp_add_stream(session, policy) allocates and + * initializes a new SRTP stream within a given, previously created + * session, applying the policy given as the other argument to that + * stream. + * + * @return values: + * - err_status_ok if stream creation succeded. + * - err_status_alloc_fail if stream allocation failed + * - err_status_init_fail if stream initialization failed. + */ + +err_status_t +srtp_add_stream(srtp_t session, + const srtp_policy_t *policy); + + +/** + * @brief srtp_remove_stream() deallocates an SRTP stream. + * + * The function call srtp_remove_stream(session, ssrc) removes + * the SRTP stream with the SSRC value ssrc from the SRTP session + * context given by the argument session. + * + * @param session is the SRTP session from which the stream + * will be removed. + * + * @param ssrc is the SSRC value of the stream to be removed. + * + * @warning Wildcard SSRC values cannot be removed from a + * session. + * + * @return + * - err_status_ok if the stream deallocation succeded. + * - [other] otherwise. + * + */ + +err_status_t +srtp_remove_stream(srtp_t session, unsigned int ssrc); + +/** + * @brief crypto_policy_set_rtp_default() sets a crypto policy + * structure to the SRTP default policy for RTP protection. + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_rtp_default(&p) sets the + * crypto_policy_t at location p to the SRTP default policy for RTP + * protection, as defined in the specification. This function is a + * convenience that helps to avoid dealing directly with the policy + * data structure. You are encouraged to initialize policy elements + * with this function call. Doing so may allow your code to be + * forward compatible with later versions of libSRTP that include more + * elements in the crypto_policy_t datatype. + * + * @return void. + * + */ + +void +crypto_policy_set_rtp_default(crypto_policy_t *p); + +/** + * @brief crypto_policy_set_rtcp_default() sets a crypto policy + * structure to the SRTP default policy for RTCP protection. + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_rtcp_default(&p) sets the + * crypto_policy_t at location p to the SRTP default policy for RTCP + * protection, as defined in the specification. This function is a + * convenience that helps to avoid dealing directly with the policy + * data structure. You are encouraged to initialize policy elements + * with this function call. Doing so may allow your code to be + * forward compatible with later versions of libSRTP that include more + * elements in the crypto_policy_t datatype. + * + * @return void. + * + */ + +void +crypto_policy_set_rtcp_default(crypto_policy_t *p); + +/** + * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto + * policy structure to the SRTP default policy for RTP protection. + * + * @param p is a pointer to the policy structure to be set + * + * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a + * synonym for crypto_policy_set_rtp_default(). It conforms to the + * naming convention used in RFC 4568 (SDP Security Descriptions for + * Media Streams). + * + * @return void. + * + */ + +#define crypto_policy_set_aes_cm_128_hmac_sha1_80(p) crypto_policy_set_rtp_default(p) + + +/** + * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto + * policy structure to a short-authentication tag policy + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p) + * sets the crypto_policy_t at location p to use policy + * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568. + * This policy uses AES-128 + * Counter Mode encryption and HMAC-SHA1 authentication, with an + * authentication tag that is only 32 bits long. This length is + * considered adequate only for protecting audio and video media that + * use a stateless playback function. See Section 7.5 of RFC 3711 + * (http://www.ietf.org/rfc/rfc3711.txt). + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @warning This crypto policy is intended for use in SRTP, but not in + * SRTCP. It is recommended that a policy that uses longer + * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 + * (http://www.ietf.org/rfc/rfc3711.txt). + * + * @return void. + * + */ + +void +crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p); + + + +/** + * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto + * policy structure to an encryption-only policy + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets + * the crypto_policy_t at location p to use the SRTP default cipher + * (AES-128 Counter Mode), but to use no authentication method. This + * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 + * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @warning This policy is NOT RECOMMENDED for SRTP unless it is + * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see + * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). + * + * @return void. + * + */ + +void +crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p); + + +/** + * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto + * policy structure to an authentication-only policy + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p) + * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80 + * bit authentication tag to provide message authentication, but to + * use no encryption. This policy is NOT RECOMMENDED for SRTP unless + * there is a requirement to forego encryption. + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @warning This policy is NOT RECOMMENDED for SRTP unless there is a + * requirement to forego encryption. + * + * @return void. + * + */ + +void +crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p); + + +/** + * @brief crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto + * policy structure to a encryption and authentication policy using AES-256 + * for RTP protection. + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_aes_cm_256_hmac_sha1_80(&p) + * sets the crypto_policy_t at location p to use policy + * AES_CM_256_HMAC_SHA1_80 as defined in + * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256 + * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit + * authentication tag. + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @return void. + * + */ + +void crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p); + + +/** + * @brief crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto + * policy structure to a short-authentication tag policy using AES-256 + * encryption. + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_aes_cm_256_hmac_sha1_32(&p) + * sets the crypto_policy_t at location p to use policy + * AES_CM_256_HMAC_SHA1_32 as defined in + * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256 + * Counter Mode encryption and HMAC-SHA1 authentication, with an + * authentication tag that is only 32 bits long. This length is + * considered adequate only for protecting audio and video media that + * use a stateless playback function. See Section 7.5 of RFC 3711 + * (http://www.ietf.org/rfc/rfc3711.txt). + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @warning This crypto policy is intended for use in SRTP, but not in + * SRTCP. It is recommended that a policy that uses longer + * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 + * (http://www.ietf.org/rfc/rfc3711.txt). + * + * @return void. + * + */ + +void +crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p); + + +/** + * @brief srtp_dealloc() deallocates storage for an SRTP session + * context. + * + * The function call srtp_dealloc(s) deallocates storage for the + * SRTP session context s. This function should be called no more + * than one time for each of the contexts allocated by the function + * srtp_create(). + * + * @param s is the srtp_t for the session to be deallocated. + * + * @return + * - err_status_ok if there no problems. + * - err_status_dealloc_fail a memory deallocation failure occured. + */ + +err_status_t +srtp_dealloc(srtp_t s); + + +/* + * @brief identifies a particular SRTP profile + * + * An srtp_profile_t enumeration is used to identify a particular SRTP + * profile (that is, a set of algorithms and parameters). These + * profiles are defined in the DTLS-SRTP draft. + */ + +typedef enum { + srtp_profile_reserved = 0, + srtp_profile_aes128_cm_sha1_80 = 1, + srtp_profile_aes128_cm_sha1_32 = 2, + srtp_profile_aes256_cm_sha1_80 = 3, + srtp_profile_aes256_cm_sha1_32 = 4, + srtp_profile_null_sha1_80 = 5, + srtp_profile_null_sha1_32 = 6, +} srtp_profile_t; + + +/** + * @brief crypto_policy_set_from_profile_for_rtp() sets a crypto policy + * structure to the appropriate value for RTP based on an srtp_profile_t + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_rtp_default(&policy, profile) + * sets the crypto_policy_t at location policy to the policy for RTP + * protection, as defined by the srtp_profile_t profile. + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @return values + * - err_status_ok no problems were encountered + * - err_status_bad_param the profile is not supported + * + */ +err_status_t +crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy, + srtp_profile_t profile); + + + + +/** + * @brief crypto_policy_set_from_profile_for_rtcp() sets a crypto policy + * structure to the appropriate value for RTCP based on an srtp_profile_t + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_rtcp_default(&policy, profile) + * sets the crypto_policy_t at location policy to the policy for RTCP + * protection, as defined by the srtp_profile_t profile. + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @return values + * - err_status_ok no problems were encountered + * - err_status_bad_param the profile is not supported + * + */ +err_status_t +crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy, + srtp_profile_t profile); + +/** + * @brief returns the master key length for a given SRTP profile + */ +unsigned int +srtp_profile_get_master_key_length(srtp_profile_t profile); + + +/** + * @brief returns the master salt length for a given SRTP profile + */ +unsigned int +srtp_profile_get_master_salt_length(srtp_profile_t profile); + +/** + * @brief appends the salt to the key + * + * The function call append_salt_to_key(k, klen, s, slen) + * copies the string s to the location at klen bytes following + * the location k. + * + * @warning There must be at least bytes_in_salt + bytes_in_key bytes + * available at the location pointed to by key. + * + */ + +void +append_salt_to_key(unsigned char *key, unsigned int bytes_in_key, + unsigned char *salt, unsigned int bytes_in_salt); + + + +/** + * @} + */ + + + +/** + * @defgroup SRTCP Secure RTCP + * @ingroup SRTP + * + * @brief Secure RTCP functions are used to protect RTCP traffic. + * + * RTCP is the control protocol for RTP. libSRTP protects RTCP + * traffic in much the same way as it does RTP traffic. The function + * srtp_protect_rtcp() applies cryptographic protections to outbound + * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on + * inbound RTCP packets. + * + * A note on the naming convention: srtp_protect_rtcp() has an srtp_t + * as its first argument, and thus has `srtp_' as its prefix. The + * trailing `_rtcp' indicates the protocol on which it acts. + * + * @{ + */ + +/** + * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet + * processing function. + * + * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies + * SRTCP protection to the RTCP packet rtcp_hdr (which has length + * *len_ptr) using the SRTP session context ctx. If err_status_ok is + * returned, then rtp_hdr points to the resulting SRTCP packet and + * *len_ptr is the number of octets in that packet; otherwise, no + * assumptions should be made about the value of either data elements. + * + * @warning This function assumes that it can write the authentication + * tag into the location in memory immediately following the RTCP + * packet, and assumes that the RTCP packet is aligned on a 32-bit + * boundary. + * + * @param ctx is the SRTP context to use in processing the packet. + * + * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after + * the function returns, it points to the srtp packet. + * + * @param pkt_octet_len is a pointer to the length in octets of the + * complete RTCP packet (header and body) before the function call, + * and of the complete SRTCP packet after the call, if err_status_ok + * was returned. Otherwise, the value of the data to which it points + * is undefined. + * + * @return + * - err_status_ok if there were no problems. + * - [other] if there was a failure in + * the cryptographic mechanisms. + */ + + +err_status_t +srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len); + +/** + * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet + * processing function. + * + * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr) + * verifies the Secure RTCP protection of the SRTCP packet pointed to + * by srtcp_hdr (which has length *len_ptr), using the SRTP session + * context ctx. If err_status_ok is returned, then srtcp_hdr points + * to the resulting RTCP packet and *len_ptr is the number of octets + * in that packet; otherwise, no assumptions should be made about the + * value of either data elements. + * + * @warning This function assumes that the SRTCP packet is aligned on a + * 32-bit boundary. + * + * @param ctx is a pointer to the srtp_t which applies to the + * particular packet. + * + * @param srtcp_hdr is a pointer to the header of the SRTCP packet + * (before the call). After the function returns, it points to the + * rtp packet if err_status_ok was returned; otherwise, the value of + * the data to which it points is undefined. + * + * @param pkt_octet_len is a pointer to the length in octets of the + * complete SRTCP packet (header and body) before the function call, + * and of the complete rtp packet after the call, if err_status_ok was + * returned. Otherwise, the value of the data to which it points is + * undefined. + * + * @return + * - err_status_ok if the RTCP packet is valid. + * - err_status_auth_fail if the SRTCP packet failed the message + * authentication check. + * - err_status_replay_fail if the SRTCP packet is a replay (e.g. has + * already been processed and accepted). + * - [other] if there has been an error in the cryptographic mechanisms. + * + */ + +err_status_t +srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len); + +/** + * @} + */ + +/** + * @defgroup SRTPevents SRTP events and callbacks + * @ingroup SRTP + * + * @brief libSRTP can use a user-provided callback function to + * handle events. + * + * + * libSRTP allows a user to provide a callback function to handle + * events that need to be dealt with outside of the data plane (see + * the enum srtp_event_t for a description of these events). Dealing + * with these events is not a strict necessity; they are not + * security-critical, but the application may suffer if they are not + * handled. The function srtp_set_event_handler() is used to provide + * the callback function. + * + * A default event handler that merely reports on the events as they + * happen is included. It is also possible to set the event handler + * function to NULL, in which case all events will just be silently + * ignored. + * + * @{ + */ + +/** + * @brief srtp_event_t defines events that need to be handled + * + * The enum srtp_event_t defines events that need to be handled + * outside the `data plane', such as SSRC collisions and + * key expirations. + * + * When a key expires or the maximum number of packets has been + * reached, an SRTP stream will enter an `expired' state in which no + * more packets can be protected or unprotected. When this happens, + * it is likely that you will want to either deallocate the stream + * (using srtp_stream_dealloc()), and possibly allocate a new one. + * + * When an SRTP stream expires, the other streams in the same session + * are unaffected, unless key sharing is used by that stream. In the + * latter case, all of the streams in the session will expire. + */ + +typedef enum { + event_ssrc_collision, /**< + * An SSRC collision occured. + */ + event_key_soft_limit, /**< An SRTP stream reached the soft key + * usage limit and will expire soon. + */ + event_key_hard_limit, /**< An SRTP stream reached the hard + * key usage limit and has expired. + */ + event_packet_index_limit /**< An SRTP stream reached the hard + * packet limit (2^48 packets). + */ +} srtp_event_t; + +/** + * @brief srtp_event_data_t is the structure passed as a callback to + * the event handler function + * + * The struct srtp_event_data_t holds the data passed to the event + * handler function. + */ + +typedef struct srtp_event_data_t { + srtp_t session; /**< The session in which the event happend. */ + srtp_stream_t stream; /**< The stream in which the event happend. */ + srtp_event_t event; /**< An enum indicating the type of event. */ +} srtp_event_data_t; + +/** + * @brief srtp_event_handler_func_t is the function prototype for + * the event handler. + * + * The typedef srtp_event_handler_func_t is the prototype for the + * event handler function. It has as its only argument an + * srtp_event_data_t which describes the event that needs to be handled. + * There can only be a single, global handler for all events in + * libSRTP. + */ + +typedef void (srtp_event_handler_func_t)(srtp_event_data_t *data); + +/** + * @brief sets the event handler to the function supplied by the caller. + * + * The function call srtp_install_event_handler(func) sets the event + * handler function to the value func. The value NULL is acceptable + * as an argument; in this case, events will be ignored rather than + * handled. + * + * @param func is a pointer to a fuction that takes an srtp_event_data_t + * pointer as an argument and returns void. This function + * will be used by libSRTP to handle events. + */ + +err_status_t +srtp_install_event_handler(srtp_event_handler_func_t func); + +/** + * @} + */ +/* in host order, so outside the #if */ +#define SRTCP_E_BIT 0x80000000 +/* for byte-access */ +#define SRTCP_E_BYTE_BIT 0x80 +#define SRTCP_INDEX_MASK 0x7fffffff + +#ifdef __cplusplus +} +#endif + +#endif /* SRTP_H */ diff --git a/netwerk/srtp/src/include/srtp_priv.h b/netwerk/srtp/src/include/srtp_priv.h new file mode 100644 index 000000000..cf2274eb6 --- /dev/null +++ b/netwerk/srtp/src/include/srtp_priv.h @@ -0,0 +1,256 @@ +/* + * srtp_priv.h + * + * private internal data structures and functions for libSRTP + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef SRTP_PRIV_H +#define SRTP_PRIV_H + +#include "srtp.h" +#include "rdbx.h" +#include "rdb.h" +#include "integers.h" + +/* + * an srtp_hdr_t represents the srtp header + * + * in this implementation, an srtp_hdr_t is assumed to be 32-bit aligned + * + * (note that this definition follows that of RFC 1889 Appendix A, but + * is not identical) + */ + +#ifndef WORDS_BIGENDIAN + +/* + * srtp_hdr_t represents an RTP or SRTP header. The bit-fields in + * this structure should be declared "unsigned int" instead of + * "unsigned char", but doing so causes the MS compiler to not + * fully pack the bit fields. + */ + +typedef struct { + unsigned char cc:4; /* CSRC count */ + unsigned char x:1; /* header extension flag */ + unsigned char p:1; /* padding flag */ + unsigned char version:2; /* protocol version */ + unsigned char pt:7; /* payload type */ + unsigned char m:1; /* marker bit */ + uint16_t seq; /* sequence number */ + uint32_t ts; /* timestamp */ + uint32_t ssrc; /* synchronization source */ +} srtp_hdr_t; + +#else /* BIG_ENDIAN */ + +typedef struct { + unsigned char version:2; /* protocol version */ + unsigned char p:1; /* padding flag */ + unsigned char x:1; /* header extension flag */ + unsigned char cc:4; /* CSRC count */ + unsigned char m:1; /* marker bit */ + unsigned pt:7; /* payload type */ + uint16_t seq; /* sequence number */ + uint32_t ts; /* timestamp */ + uint32_t ssrc; /* synchronization source */ +} srtp_hdr_t; + +#endif + +typedef struct { + uint16_t profile_specific; /* profile-specific info */ + uint16_t length; /* number of 32-bit words in extension */ +} srtp_hdr_xtnd_t; + + +/* + * srtcp_hdr_t represents a secure rtcp header + * + * in this implementation, an srtcp header is assumed to be 32-bit + * alinged + */ + +#ifndef WORDS_BIGENDIAN + +typedef struct { + unsigned char rc:5; /* reception report count */ + unsigned char p:1; /* padding flag */ + unsigned char version:2; /* protocol version */ + unsigned char pt:8; /* payload type */ + uint16_t len; /* length */ + uint32_t ssrc; /* synchronization source */ +} srtcp_hdr_t; + +typedef struct { + unsigned int index:31; /* srtcp packet index in network order! */ + unsigned int e:1; /* encrypted? 1=yes */ + /* optional mikey/etc go here */ + /* and then the variable-length auth tag */ +} srtcp_trailer_t; + + +#else /* BIG_ENDIAN */ + +typedef struct { + unsigned char version:2; /* protocol version */ + unsigned char p:1; /* padding flag */ + unsigned char rc:5; /* reception report count */ + unsigned char pt:8; /* payload type */ + uint16_t len; /* length */ + uint32_t ssrc; /* synchronization source */ +} srtcp_hdr_t; + +typedef struct { + unsigned int version:2; /* protocol version */ + unsigned int p:1; /* padding flag */ + unsigned int count:5; /* varies by packet type */ + unsigned int pt:8; /* payload type */ + uint16_t length; /* len of uint32s of packet less header */ +} rtcp_common_t; + +typedef struct { + unsigned int e:1; /* encrypted? 1=yes */ + unsigned int index:31; /* srtcp packet index */ + /* optional mikey/etc go here */ + /* and then the variable-length auth tag */ +} srtcp_trailer_t; + +#endif + + +/* + * the following declarations are libSRTP internal functions + */ + +/* + * srtp_get_stream(ssrc) returns a pointer to the stream corresponding + * to ssrc, or NULL if no stream exists for that ssrc + */ + +srtp_stream_t +srtp_get_stream(srtp_t srtp, uint32_t ssrc); + + +/* + * srtp_stream_init_keys(s, k) (re)initializes the srtp_stream_t s by + * deriving all of the needed keys using the KDF and the key k. + */ + + +err_status_t +srtp_stream_init_keys(srtp_stream_t srtp, const void *key); + +/* + * srtp_stream_init(s, p) initializes the srtp_stream_t s to + * use the policy at the location p + */ +err_status_t +srtp_stream_init(srtp_stream_t srtp, + const srtp_policy_t *p); + + +/* + * libsrtp internal datatypes + */ + +typedef enum direction_t { + dir_unknown = 0, + dir_srtp_sender = 1, + dir_srtp_receiver = 2 +} direction_t; + +/* + * an srtp_stream_t has its own SSRC, encryption key, authentication + * key, sequence number, and replay database + * + * note that the keys might not actually be unique, in which case the + * cipher_t and auth_t pointers will point to the same structures + */ + +typedef struct srtp_stream_ctx_t { + uint32_t ssrc; + cipher_t *rtp_cipher; + auth_t *rtp_auth; + rdbx_t rtp_rdbx; + sec_serv_t rtp_services; + cipher_t *rtcp_cipher; + auth_t *rtcp_auth; + rdb_t rtcp_rdb; + sec_serv_t rtcp_services; + key_limit_ctx_t *limit; + direction_t direction; + int allow_repeat_tx; + ekt_stream_t ekt; + struct srtp_stream_ctx_t *next; /* linked list of streams */ +} srtp_stream_ctx_t; + + +/* + * an srtp_ctx_t holds a stream list and a service description + */ + +typedef struct srtp_ctx_t { + srtp_stream_ctx_t *stream_list; /* linked list of streams */ + srtp_stream_ctx_t *stream_template; /* act as template for other streams */ +} srtp_ctx_t; + + + +/* + * srtp_handle_event(srtp, srtm, evnt) calls the event handling + * function, if there is one. + * + * This macro is not included in the documentation as it is + * an internal-only function. + */ + +#define srtp_handle_event(srtp, strm, evnt) \ + if(srtp_event_handler) { \ + srtp_event_data_t data; \ + data.session = srtp; \ + data.stream = strm; \ + data.event = evnt; \ + srtp_event_handler(&data); \ +} + + +#endif /* SRTP_PRIV_H */ diff --git a/netwerk/srtp/src/include/ut_sim.h b/netwerk/srtp/src/include/ut_sim.h new file mode 100644 index 000000000..c25feeb65 --- /dev/null +++ b/netwerk/srtp/src/include/ut_sim.h @@ -0,0 +1,80 @@ +/* + * ut-sim.h + * + * an unreliable transport simulator + * (for testing replay databases and suchlike) + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + + +#ifndef UT_SIM_H +#define UT_SIM_H + +#include "integers.h" /* for uint32_t */ + +#define UT_BUF 160 /* maximum amount of packet reorder */ + +typedef struct { + uint32_t index; + uint32_t buffer[UT_BUF]; +} ut_connection; + +/* + * ut_init(&u) initializes the ut_connection + * + * this function should always be the first one called on a new + * ut_connection + */ + +void +ut_init(ut_connection *utc); + +/* + * ut_next_index(&u) returns the next index from the simulated + * unreliable connection + */ + +uint32_t +ut_next_index(ut_connection *utc); + + +#endif /* UT_SIM_H */ |