VLC 4.0.0-dev
srtp.c File Reference
Include dependency graph for srtp.c:

Data Structures

struct  srtp_proto_t
 
struct  srtp_session_t
 

Macros

#define debug(...)   (void)0
 

Typedefs

typedef struct srtp_proto_t srtp_proto_t
 

Enumerations

enum  {
  SRTP_CRYPT , SRTP_AUTH , SRTP_SALT , SRTCP_CRYPT ,
  SRTCP_AUTH , SRTCP_SALT
}
 

Functions

static unsigned rcc_mode (const srtp_session_t *s)
 
static void proto_destroy (srtp_proto_t *p)
 
void srtp_destroy (srtp_session_t *s)
 Releases all resources associated with a Secure RTP session. More...
 
static int proto_create (srtp_proto_t *p, int gcipher, int gmd)
 
srtp_session_tsrtp_create (int encr, int auth, unsigned tag_len, int prf, unsigned flags)
 Allocates a Secure RTP one-way session. More...
 
static int do_ctr_crypt (gcry_cipher_hd_t hd, const void *ctr, uint8_t *data, size_t len)
 Counter Mode encryption/decryption (ctr length = 16 bytes) with non-padded (truncated) text. More...
 
static int do_derive (gcry_cipher_hd_t prf, const void *salt, const uint8_t *r, size_t rlen, uint8_t label, void *out, size_t outlen)
 AES-CM key derivation (saltlen = 14 bytes) More...
 
int srtp_setkey (srtp_session_t *s, const void *key, size_t keylen, const void *salt, size_t saltlen)
 Sets (or resets) the master key and master salt for a SRTP session. More...
 
static int hexdigit (char c)
 
static ssize_t hexstring (const char *in, uint8_t *out, size_t outlen)
 
int srtp_setkeystring (srtp_session_t *s, const char *key, const char *salt)
 Sets (or resets) the master key and master salt for a SRTP session from hexadecimal strings. More...
 
void srtp_setrcc_rate (srtp_session_t *s, uint16_t rate)
 Sets Roll-over-Counter Carry (RCC) rate for the SRTP session. More...
 
static int rtp_crypt (gcry_cipher_hd_t hd, uint32_t ssrc, uint32_t roc, uint16_t seq, const uint32_t *salt, uint8_t *data, size_t len)
 AES-CM for RTP (salt = 14 bytes + 2 nul bytes) More...
 
static uint32_t srtp_compute_roc (const srtp_session_t *s, uint16_t seq)
 Determines SRTP Roll-Over-Counter (in host-byte order) More...
 
static uint16_t rtp_seq (const uint8_t *buf)
 Returns RTP sequence (in host-byte order) More...
 
static const uint8_t * rtp_digest (gcry_md_hd_t md, const uint8_t *data, size_t len, uint32_t roc)
 Message Authentication and Integrity for RTP. More...
 
static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
 Encrypts/decrypts a RTP packet and updates SRTP context (CTR block cypher mode of operation has identical encryption and decryption function). More...
 
int srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t bufsize)
 Turns a RTP packet into a SRTP packet: encrypt it, then computes the authentication tag and appends it. More...
 
int srtp_recv (srtp_session_t *s, uint8_t *buf, size_t *lenp)
 Turns a SRTP packet into a RTP packet: authenticates the packet, then decrypts it. More...
 
static int rtcp_crypt (gcry_cipher_hd_t hd, uint32_t ssrc, uint32_t index, const uint32_t *salt, uint8_t *data, size_t len)
 AES-CM for RTCP (salt = 14 bytes + 2 nul bytes) More...
 
static const uint8_t * rtcp_digest (gcry_md_hd_t md, const void *data, size_t len)
 Message Authentication and Integrity for RTCP. More...
 
static int srtcp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
 Encrypts/decrypts a RTCP packet and updates SRTCP context (CTR block cypher mode of operation has identical encryption and decryption function). More...
 
int srtcp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t bufsize)
 Turns a RTCP packet into a SRTCP packet: encrypt it, then computes the authentication tag and appends it. More...
 
int srtcp_recv (srtp_session_t *s, uint8_t *buf, size_t *lenp)
 Turns a SRTCP packet into a RTCP packet: authenticates the packet, then decrypts it. More...
 

Macro Definition Documentation

◆ debug

#define debug (   ...)    (void)0

Typedef Documentation

◆ srtp_proto_t

typedef struct srtp_proto_t srtp_proto_t

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
SRTP_CRYPT 
SRTP_AUTH 
SRTP_SALT 
SRTCP_CRYPT 
SRTCP_AUTH 
SRTCP_SALT 

Function Documentation

◆ do_ctr_crypt()

static int do_ctr_crypt ( gcry_cipher_hd_t  hd,
const void *  ctr,
uint8_t *  data,
size_t  len 
)
static

Counter Mode encryption/decryption (ctr length = 16 bytes) with non-padded (truncated) text.

Referenced by do_derive(), and rtp_crypt().

◆ do_derive()

static int do_derive ( gcry_cipher_hd_t  prf,
const void *  salt,
const uint8_t *  r,
size_t  rlen,
uint8_t  label,
void *  out,
size_t  outlen 
)
static

AES-CM key derivation (saltlen = 14 bytes)

References do_ctr_crypt().

Referenced by srtp_setkey().

◆ hexdigit()

static int hexdigit ( char  c)
static

Referenced by hexstring().

◆ hexstring()

static ssize_t hexstring ( const char *  in,
uint8_t *  out,
size_t  outlen 
)
static

References hexdigit().

Referenced by srtp_setkeystring().

◆ proto_create()

static int proto_create ( srtp_proto_t p,
int  gcipher,
int  gmd 
)
static

References p.

Referenced by srtp_create().

◆ proto_destroy()

static void proto_destroy ( srtp_proto_t p)
static

References p.

Referenced by srtp_create(), and srtp_destroy().

◆ rcc_mode()

static unsigned rcc_mode ( const srtp_session_t s)
inlinestatic

References srtp_session_t::flags.

Referenced by srtp_create(), srtp_recv(), and srtp_send().

◆ rtcp_crypt()

static int rtcp_crypt ( gcry_cipher_hd_t  hd,
uint32_t  ssrc,
uint32_t  index,
const uint32_t *  salt,
uint8_t *  data,
size_t  len 
)
static

AES-CM for RTCP (salt = 14 bytes + 2 nul bytes)

References rtp_crypt().

Referenced by srtcp_crypt().

◆ rtcp_digest()

static const uint8_t * rtcp_digest ( gcry_md_hd_t  md,
const void *  data,
size_t  len 
)
static

Message Authentication and Integrity for RTCP.

Referenced by srtcp_recv(), and srtcp_send().

◆ rtp_crypt()

static int rtp_crypt ( gcry_cipher_hd_t  hd,
uint32_t  ssrc,
uint32_t  roc,
uint16_t  seq,
const uint32_t *  salt,
uint8_t *  data,
size_t  len 
)
static

AES-CM for RTP (salt = 14 bytes + 2 nul bytes)

References do_ctr_crypt().

Referenced by rtcp_crypt(), and srtp_crypt().

◆ rtp_digest()

static const uint8_t * rtp_digest ( gcry_md_hd_t  md,
const uint8_t *  data,
size_t  len,
uint32_t  roc 
)
static

Message Authentication and Integrity for RTP.

Referenced by srtp_recv(), and srtp_send().

◆ rtp_seq()

static uint16_t rtp_seq ( const uint8_t *  buf)
inlinestatic

Returns RTP sequence (in host-byte order)

Referenced by srtp_compute_roc(), srtp_crypt(), srtp_recv(), and srtp_send().

◆ srtcp_crypt()

static int srtcp_crypt ( srtp_session_t s,
uint8_t *  buf,
size_t  len 
)
static

Encrypts/decrypts a RTCP packet and updates SRTCP context (CTR block cypher mode of operation has identical encryption and decryption function).

Parameters
bufRTCP packet to be en-/decrypted
lenRTCP packet length
Returns
0 on success, in case of error: EINVAL malformatted RTCP packet

References srtp_proto_t::cipher, srtp_session_t::flags, srtp_session_t::rtcp, rtcp_crypt(), srtp_session_t::rtcp_index, srtp_session_t::rtp, srtp_proto_t::salt, SRTCP_UNENCRYPTED, and srtp_proto_t::window.

Referenced by srtcp_send().

◆ srtcp_recv()

int srtcp_recv ( srtp_session_t s,
uint8_t *  buf,
size_t *  lenp 
)

Turns a SRTCP packet into a RTCP packet: authenticates the packet, then decrypts it.

Parameters
bufRTCP packet to be digested/decrypted
lenppointer to the SRTCP packet length on entry, set to the RTCP length on exit (undefined in case of error)
Returns
0 on success, in case of error: EINVAL malformatted SRTCP packet EACCES authentication failed (spoofed packet or out-of-sync)

References srtp_proto_t::mac, srtp_session_t::rtcp, rtcp_digest(), srtp_crypt(), and srtp_session_t::tag_len.

◆ srtcp_send()

int srtcp_send ( srtp_session_t s,
uint8_t *  buf,
size_t *  lenp,
size_t  bufsize 
)

Turns a RTCP packet into a SRTCP packet: encrypt it, then computes the authentication tag and appends it.

Parameters
bufRTCP packet to be encrypted/digested
lenppointer to the RTCP packet length on entry, set to the SRTCP length on exit (undefined in case of error)
bufsizesize (bytes) of the packet buffer
Returns
0 on success, in case of error: EINVAL malformatted RTCP packet or internal error ENOSPC bufsize is too small (to add index and authentication tag)

References srtp_session_t::flags, srtp_proto_t::mac, srtp_session_t::rtcp, rtcp_digest(), srtp_session_t::rtcp_index, srtcp_crypt(), SRTCP_UNENCRYPTED, and srtp_session_t::tag_len.

◆ srtp_compute_roc()

static uint32_t srtp_compute_roc ( const srtp_session_t s,
uint16_t  seq 
)
static

Determines SRTP Roll-Over-Counter (in host-byte order)

References srtp_session_t::rtp_roc, srtp_session_t::rtp_seq, and rtp_seq().

Referenced by srtp_crypt(), srtp_recv(), and srtp_send().

◆ srtp_create()

srtp_session_t * srtp_create ( int  encr,
int  auth,
unsigned  tag_len,
int  prf,
unsigned  flags 
)

Allocates a Secure RTP one-way session.

The same session cannot be used both ways because this would confuse internal cryptographic counters; it is however of course feasible to open multiple simultaneous sessions with the same master key.

Parameters
encrencryption algorithm number
authauthentication algorithm number
tag_lenauthentication tag byte length (NOT including RCC)
flagsOR'ed optional flags.
Returns
NULL in case of error

References srtp_session_t::flags, proto_create(), proto_destroy(), rcc_mode(), srtp_session_t::rtcp, srtp_session_t::rtp, srtp_session_t::rtp_rcc, SRTP_AUTH_HMAC_SHA1, SRTP_AUTH_NULL, SRTP_ENCR_AES_CM, SRTP_ENCR_NULL, SRTP_FLAGS_MASK, SRTP_PRF_AES_CM, and srtp_session_t::tag_len.

Referenced by OpenURL().

◆ srtp_crypt()

static int srtp_crypt ( srtp_session_t s,
uint8_t *  buf,
size_t  len 
)
static

Encrypts/decrypts a RTP packet and updates SRTP context (CTR block cypher mode of operation has identical encryption and decryption function).

Parameters
bufRTP packet to be en-/decrypted
lenRTP packet length
Returns
0 on success, in case of error: EINVAL malformatted RTP packet EACCES replayed packet or out-of-window or sync lost

References srtp_proto_t::cipher, srtp_session_t::flags, srtp_session_t::rtp, rtp_crypt(), srtp_session_t::rtp_roc, srtp_session_t::rtp_seq, rtp_seq(), srtp_proto_t::salt, srtp_compute_roc(), SRTP_UNENCRYPTED, and srtp_proto_t::window.

Referenced by srtcp_recv(), srtp_recv(), and srtp_send().

◆ srtp_destroy()

void srtp_destroy ( srtp_session_t s)

Releases all resources associated with a Secure RTP session.

References proto_destroy(), srtp_session_t::rtcp, and srtp_session_t::rtp.

Referenced by Close(), and OpenURL().

◆ srtp_recv()

int srtp_recv ( srtp_session_t s,
uint8_t *  buf,
size_t *  lenp 
)

Turns a SRTP packet into a RTP packet: authenticates the packet, then decrypts it.

Parameters
bufRTP packet to be digested/decrypted
lenppointer to the SRTP packet length on entry, set to the RTP length on exit (undefined in case of error)
Returns
0 on success, in case of error: EINVAL malformatted SRTP packet EACCES authentication failed (spoofed packet or out-of-sync)

References srtp_session_t::flags, srtp_proto_t::mac, rcc_mode(), srtp_session_t::rtp, rtp_digest(), srtp_session_t::rtp_rcc, srtp_session_t::rtp_roc, rtp_seq(), srtp_compute_roc(), srtp_crypt(), SRTP_UNAUTHENTICATED, and srtp_session_t::tag_len.

Referenced by rtp_process().

◆ srtp_send()

int srtp_send ( srtp_session_t s,
uint8_t *  buf,
size_t *  lenp,
size_t  bufsize 
)

Turns a RTP packet into a SRTP packet: encrypt it, then computes the authentication tag and appends it.

Note that you can encrypt packet in disorder.

Parameters
bufRTP packet to be encrypted/digested
lenppointer to the RTP packet length on entry, set to the SRTP length on exit (undefined on non-ENOSPC error)
bufsizesize (bytes) of the packet buffer
Returns
0 on success, in case of error: EINVAL malformatted RTP packet or internal error ENOSPC bufsize is too small to add authentication tag (<lenp> will hold the required byte size) EACCES packet would trigger a replay error on receiver

References srtp_session_t::flags, srtp_proto_t::mac, rcc_mode(), srtp_session_t::rtp, rtp_digest(), srtp_session_t::rtp_rcc, srtp_session_t::rtp_roc, rtp_seq(), srtp_compute_roc(), srtp_crypt(), SRTP_UNAUTHENTICATED, and srtp_session_t::tag_len.

◆ srtp_setkey()

int srtp_setkey ( srtp_session_t s,
const void *  key,
size_t  keylen,
const void *  salt,
size_t  saltlen 
)

Sets (or resets) the master key and master salt for a SRTP session.

This must be done at least once before using srtp_send(), srtp_recv(), srtcp_send() or srtcp_recv(). Also, rekeying is required every 2^48 RTP packets or 2^31 RTCP packets (whichever comes first), otherwise the protocol security might be broken.

Returns
0 on success, in case of error: EINVAL invalid or unsupported key/salt sizes combination

References srtp_proto_t::cipher, do_derive(), srtp_session_t::kdr, srtp_proto_t::mac, srtp_session_t::rtcp, srtp_session_t::rtcp_index, srtp_session_t::rtp, srtp_session_t::rtp_roc, srtp_session_t::rtp_seq, srtp_proto_t::salt, SRTCP_AUTH, SRTCP_CRYPT, SRTCP_SALT, SRTP_AUTH, SRTP_CRYPT, and SRTP_SALT.

Referenced by srtp_setkeystring().

◆ srtp_setkeystring()

int srtp_setkeystring ( srtp_session_t s,
const char *  key,
const char *  salt 
)

Sets (or resets) the master key and master salt for a SRTP session from hexadecimal strings.

See also srtp_setkey().

Returns
0 on success, in case of error: EINVAL invalid or unsupported key/salt sizes combination

References hexstring(), and srtp_setkey().

Referenced by OpenURL().

◆ srtp_setrcc_rate()

void srtp_setrcc_rate ( srtp_session_t s,
uint16_t  rate 
)

Sets Roll-over-Counter Carry (RCC) rate for the SRTP session.

If not specified (through this function), the default rate of ONE is assumed (i.e. every RTP packets will carry the RoC). RCC rate is ignored if none of the RCC mode has been selected.

The RCC mode is selected through one of these flags for srtp_create(): SRTP_RCC_MODE1: integrity protection only for RoC carrying packets SRTP_RCC_MODE2: integrity protection for all packets SRTP_RCC_MODE3: no integrity protection

RCC mode 3 is insecure. Compared to plain RTP, it provides confidentiality (through encryption) but is much more prone to DoS. It can only be used if anti-spoofing protection is provided by lower network layers (e.g. IPsec, or trusted routers and proper source address filtering).

If RCC rate is 1, RCC mode 1 and 2 are functionally identical.

Parameters
rateRoC Carry rate (MUST NOT be zero)

References srtp_session_t::rtp_rcc.