VLC 4.0.0-dev
|
Data Structures | |
struct | srtp_proto_t |
struct | srtp_session_t |
Macros | |
#define | debug(...) (void)0 |
Typedefs | |
typedef struct srtp_proto_t | srtp_proto_t |
Enumerations | |
enum | { SRTP_CRYPT , SRTP_AUTH , SRTP_SALT , SRTCP_CRYPT , SRTCP_AUTH , SRTCP_SALT } |
Functions | |
static unsigned | rcc_mode (const srtp_session_t *s) |
static void | proto_destroy (srtp_proto_t *p) |
void | srtp_destroy (srtp_session_t *s) |
Releases all resources associated with a Secure RTP session. More... | |
static int | proto_create (srtp_proto_t *p, int gcipher, int gmd) |
srtp_session_t * | srtp_create (int encr, int auth, unsigned tag_len, int prf, unsigned flags) |
Allocates a Secure RTP one-way session. More... | |
static int | do_ctr_crypt (gcry_cipher_hd_t hd, const void *ctr, uint8_t *data, size_t len) |
Counter Mode encryption/decryption (ctr length = 16 bytes) with non-padded (truncated) text. More... | |
static int | do_derive (gcry_cipher_hd_t prf, const void *salt, const uint8_t *r, size_t rlen, uint8_t label, void *out, size_t outlen) |
AES-CM key derivation (saltlen = 14 bytes) More... | |
int | srtp_setkey (srtp_session_t *s, const void *key, size_t keylen, const void *salt, size_t saltlen) |
Sets (or resets) the master key and master salt for a SRTP session. More... | |
static int | hexdigit (char c) |
static ssize_t | hexstring (const char *in, uint8_t *out, size_t outlen) |
int | srtp_setkeystring (srtp_session_t *s, const char *key, const char *salt) |
Sets (or resets) the master key and master salt for a SRTP session from hexadecimal strings. More... | |
void | srtp_setrcc_rate (srtp_session_t *s, uint16_t rate) |
Sets Roll-over-Counter Carry (RCC) rate for the SRTP session. More... | |
static int | rtp_crypt (gcry_cipher_hd_t hd, uint32_t ssrc, uint32_t roc, uint16_t seq, const uint32_t *salt, uint8_t *data, size_t len) |
AES-CM for RTP (salt = 14 bytes + 2 nul bytes) More... | |
static uint32_t | srtp_compute_roc (const srtp_session_t *s, uint16_t seq) |
Determines SRTP Roll-Over-Counter (in host-byte order) More... | |
static uint16_t | rtp_seq (const uint8_t *buf) |
Returns RTP sequence (in host-byte order) More... | |
static const uint8_t * | rtp_digest (gcry_md_hd_t md, const uint8_t *data, size_t len, uint32_t roc) |
Message Authentication and Integrity for RTP. More... | |
static int | srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len) |
Encrypts/decrypts a RTP packet and updates SRTP context (CTR block cypher mode of operation has identical encryption and decryption function). More... | |
int | srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t bufsize) |
Turns a RTP packet into a SRTP packet: encrypt it, then computes the authentication tag and appends it. More... | |
int | srtp_recv (srtp_session_t *s, uint8_t *buf, size_t *lenp) |
Turns a SRTP packet into a RTP packet: authenticates the packet, then decrypts it. More... | |
static int | rtcp_crypt (gcry_cipher_hd_t hd, uint32_t ssrc, uint32_t index, const uint32_t *salt, uint8_t *data, size_t len) |
AES-CM for RTCP (salt = 14 bytes + 2 nul bytes) More... | |
static const uint8_t * | rtcp_digest (gcry_md_hd_t md, const void *data, size_t len) |
Message Authentication and Integrity for RTCP. More... | |
static int | srtcp_crypt (srtp_session_t *s, uint8_t *buf, size_t len) |
Encrypts/decrypts a RTCP packet and updates SRTCP context (CTR block cypher mode of operation has identical encryption and decryption function). More... | |
int | srtcp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t bufsize) |
Turns a RTCP packet into a SRTCP packet: encrypt it, then computes the authentication tag and appends it. More... | |
int | srtcp_recv (srtp_session_t *s, uint8_t *buf, size_t *lenp) |
Turns a SRTCP packet into a RTCP packet: authenticates the packet, then decrypts it. More... | |
#define debug | ( | ... | ) | (void)0 |
typedef struct srtp_proto_t srtp_proto_t |
|
static |
Counter Mode encryption/decryption (ctr length = 16 bytes) with non-padded (truncated) text.
Referenced by do_derive(), and rtp_crypt().
|
static |
|
static |
Referenced by hexstring().
|
static |
References hexdigit().
Referenced by srtp_setkeystring().
|
static |
References p.
Referenced by srtp_create().
|
static |
References p.
Referenced by srtp_create(), and srtp_destroy().
|
inlinestatic |
References srtp_session_t::flags.
Referenced by srtp_create(), srtp_recv(), and srtp_send().
|
static |
AES-CM for RTCP (salt = 14 bytes + 2 nul bytes)
References rtp_crypt().
Referenced by srtcp_crypt().
|
static |
Message Authentication and Integrity for RTCP.
Referenced by srtcp_recv(), and srtcp_send().
|
static |
AES-CM for RTP (salt = 14 bytes + 2 nul bytes)
References do_ctr_crypt().
Referenced by rtcp_crypt(), and srtp_crypt().
|
static |
Message Authentication and Integrity for RTP.
Referenced by srtp_recv(), and srtp_send().
|
inlinestatic |
Returns RTP sequence (in host-byte order)
Referenced by srtp_compute_roc(), srtp_crypt(), srtp_recv(), and srtp_send().
|
static |
Encrypts/decrypts a RTCP packet and updates SRTCP context (CTR block cypher mode of operation has identical encryption and decryption function).
buf | RTCP packet to be en-/decrypted |
len | RTCP packet length |
References srtp_proto_t::cipher, srtp_session_t::flags, srtp_session_t::rtcp, rtcp_crypt(), srtp_session_t::rtcp_index, srtp_session_t::rtp, srtp_proto_t::salt, SRTCP_UNENCRYPTED, and srtp_proto_t::window.
Referenced by srtcp_send().
int srtcp_recv | ( | srtp_session_t * | s, |
uint8_t * | buf, | ||
size_t * | lenp | ||
) |
Turns a SRTCP packet into a RTCP packet: authenticates the packet, then decrypts it.
buf | RTCP packet to be digested/decrypted |
lenp | pointer to the SRTCP packet length on entry, set to the RTCP length on exit (undefined in case of error) |
References srtp_proto_t::mac, srtp_session_t::rtcp, rtcp_digest(), srtp_crypt(), and srtp_session_t::tag_len.
int srtcp_send | ( | srtp_session_t * | s, |
uint8_t * | buf, | ||
size_t * | lenp, | ||
size_t | bufsize | ||
) |
Turns a RTCP packet into a SRTCP packet: encrypt it, then computes the authentication tag and appends it.
buf | RTCP packet to be encrypted/digested |
lenp | pointer to the RTCP packet length on entry, set to the SRTCP length on exit (undefined in case of error) |
bufsize | size (bytes) of the packet buffer |
References srtp_session_t::flags, srtp_proto_t::mac, srtp_session_t::rtcp, rtcp_digest(), srtp_session_t::rtcp_index, srtcp_crypt(), SRTCP_UNENCRYPTED, and srtp_session_t::tag_len.
|
static |
Determines SRTP Roll-Over-Counter (in host-byte order)
References srtp_session_t::rtp_roc, srtp_session_t::rtp_seq, and rtp_seq().
Referenced by srtp_crypt(), srtp_recv(), and srtp_send().
srtp_session_t * srtp_create | ( | int | encr, |
int | auth, | ||
unsigned | tag_len, | ||
int | prf, | ||
unsigned | flags | ||
) |
Allocates a Secure RTP one-way session.
The same session cannot be used both ways because this would confuse internal cryptographic counters; it is however of course feasible to open multiple simultaneous sessions with the same master key.
encr | encryption algorithm number |
auth | authentication algorithm number |
tag_len | authentication tag byte length (NOT including RCC) |
flags | OR'ed optional flags. |
References srtp_session_t::flags, proto_create(), proto_destroy(), rcc_mode(), srtp_session_t::rtcp, srtp_session_t::rtp, srtp_session_t::rtp_rcc, SRTP_AUTH_HMAC_SHA1, SRTP_AUTH_NULL, SRTP_ENCR_AES_CM, SRTP_ENCR_NULL, SRTP_FLAGS_MASK, SRTP_PRF_AES_CM, and srtp_session_t::tag_len.
Referenced by OpenURL().
|
static |
Encrypts/decrypts a RTP packet and updates SRTP context (CTR block cypher mode of operation has identical encryption and decryption function).
buf | RTP packet to be en-/decrypted |
len | RTP packet length |
References srtp_proto_t::cipher, srtp_session_t::flags, srtp_session_t::rtp, rtp_crypt(), srtp_session_t::rtp_roc, srtp_session_t::rtp_seq, rtp_seq(), srtp_proto_t::salt, srtp_compute_roc(), SRTP_UNENCRYPTED, and srtp_proto_t::window.
Referenced by srtcp_recv(), srtp_recv(), and srtp_send().
void srtp_destroy | ( | srtp_session_t * | s | ) |
Releases all resources associated with a Secure RTP session.
References proto_destroy(), srtp_session_t::rtcp, and srtp_session_t::rtp.
int srtp_recv | ( | srtp_session_t * | s, |
uint8_t * | buf, | ||
size_t * | lenp | ||
) |
Turns a SRTP packet into a RTP packet: authenticates the packet, then decrypts it.
buf | RTP packet to be digested/decrypted |
lenp | pointer to the SRTP packet length on entry, set to the RTP length on exit (undefined in case of error) |
References srtp_session_t::flags, srtp_proto_t::mac, rcc_mode(), srtp_session_t::rtp, rtp_digest(), srtp_session_t::rtp_rcc, srtp_session_t::rtp_roc, rtp_seq(), srtp_compute_roc(), srtp_crypt(), SRTP_UNAUTHENTICATED, and srtp_session_t::tag_len.
Referenced by rtp_process().
int srtp_send | ( | srtp_session_t * | s, |
uint8_t * | buf, | ||
size_t * | lenp, | ||
size_t | bufsize | ||
) |
Turns a RTP packet into a SRTP packet: encrypt it, then computes the authentication tag and appends it.
Note that you can encrypt packet in disorder.
buf | RTP packet to be encrypted/digested |
lenp | pointer to the RTP packet length on entry, set to the SRTP length on exit (undefined on non-ENOSPC error) |
bufsize | size (bytes) of the packet buffer |
References srtp_session_t::flags, srtp_proto_t::mac, rcc_mode(), srtp_session_t::rtp, rtp_digest(), srtp_session_t::rtp_rcc, srtp_session_t::rtp_roc, rtp_seq(), srtp_compute_roc(), srtp_crypt(), SRTP_UNAUTHENTICATED, and srtp_session_t::tag_len.
int srtp_setkey | ( | srtp_session_t * | s, |
const void * | key, | ||
size_t | keylen, | ||
const void * | salt, | ||
size_t | saltlen | ||
) |
Sets (or resets) the master key and master salt for a SRTP session.
This must be done at least once before using srtp_send(), srtp_recv(), srtcp_send() or srtcp_recv(). Also, rekeying is required every 2^48 RTP packets or 2^31 RTCP packets (whichever comes first), otherwise the protocol security might be broken.
References srtp_proto_t::cipher, do_derive(), srtp_session_t::kdr, srtp_proto_t::mac, srtp_session_t::rtcp, srtp_session_t::rtcp_index, srtp_session_t::rtp, srtp_session_t::rtp_roc, srtp_session_t::rtp_seq, srtp_proto_t::salt, SRTCP_AUTH, SRTCP_CRYPT, SRTCP_SALT, SRTP_AUTH, SRTP_CRYPT, and SRTP_SALT.
Referenced by srtp_setkeystring().
int srtp_setkeystring | ( | srtp_session_t * | s, |
const char * | key, | ||
const char * | salt | ||
) |
Sets (or resets) the master key and master salt for a SRTP session from hexadecimal strings.
See also srtp_setkey().
References hexstring(), and srtp_setkey().
Referenced by OpenURL().
void srtp_setrcc_rate | ( | srtp_session_t * | s, |
uint16_t | rate | ||
) |
Sets Roll-over-Counter Carry (RCC) rate for the SRTP session.
If not specified (through this function), the default rate of ONE is assumed (i.e. every RTP packets will carry the RoC). RCC rate is ignored if none of the RCC mode has been selected.
The RCC mode is selected through one of these flags for srtp_create(): SRTP_RCC_MODE1: integrity protection only for RoC carrying packets SRTP_RCC_MODE2: integrity protection for all packets SRTP_RCC_MODE3: no integrity protection
RCC mode 3 is insecure. Compared to plain RTP, it provides confidentiality (through encryption) but is much more prone to DoS. It can only be used if anti-spoofing protection is provided by lower network layers (e.g. IPsec, or trusted routers and proper source address filtering).
If RCC rate is 1, RCC mode 1 and 2 are functionally identical.
rate | RoC Carry rate (MUST NOT be zero) |
References srtp_session_t::rtp_rcc.