Tristan Matthews | 0a329cc | 2013-07-17 13:20:14 -0400 | [diff] [blame] | 1 | /* |
| 2 | * srtp.h |
| 3 | * |
| 4 | * interface to libsrtp |
| 5 | * |
| 6 | * David A. McGrew |
| 7 | * Cisco Systems, Inc. |
| 8 | */ |
| 9 | /* |
| 10 | * |
| 11 | * Copyright (c) 2001-2006, Cisco Systems, Inc. |
| 12 | * All rights reserved. |
| 13 | * |
| 14 | * Redistribution and use in source and binary forms, with or without |
| 15 | * modification, are permitted provided that the following conditions |
| 16 | * are met: |
| 17 | * |
| 18 | * Redistributions of source code must retain the above copyright |
| 19 | * notice, this list of conditions and the following disclaimer. |
| 20 | * |
| 21 | * Redistributions in binary form must reproduce the above |
| 22 | * copyright notice, this list of conditions and the following |
| 23 | * disclaimer in the documentation and/or other materials provided |
| 24 | * with the distribution. |
| 25 | * |
| 26 | * Neither the name of the Cisco Systems, Inc. nor the names of its |
| 27 | * contributors may be used to endorse or promote products derived |
| 28 | * from this software without specific prior written permission. |
| 29 | * |
| 30 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 31 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 32 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 33 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 34 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| 35 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 36 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| 37 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 38 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 39 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 40 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 41 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 42 | * |
| 43 | */ |
| 44 | |
| 45 | |
| 46 | #ifndef SRTP_H |
| 47 | #define SRTP_H |
| 48 | |
| 49 | #ifdef __cplusplus |
| 50 | extern "C" { |
| 51 | #endif |
| 52 | |
| 53 | #ifdef _MSC_VER |
| 54 | # ifdef WIN64 |
| 55 | # pragma pack(8) |
| 56 | # else |
| 57 | # pragma pack(4) |
| 58 | # endif |
| 59 | #endif |
| 60 | |
| 61 | #include "crypto_kernel.h" |
| 62 | |
| 63 | /** |
| 64 | * @defgroup SRTP Secure RTP |
| 65 | * |
| 66 | * @brief libSRTP provides functions for protecting RTP and RTCP. See |
| 67 | * Section @ref Overview for an introduction to the use of the library. |
| 68 | * |
| 69 | * @{ |
| 70 | */ |
| 71 | |
| 72 | /* |
| 73 | * SRTP_MASTER_KEY_LEN is the nominal master key length supported by libSRTP |
| 74 | */ |
| 75 | |
| 76 | #define SRTP_MASTER_KEY_LEN 30 |
| 77 | |
| 78 | /* |
| 79 | * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP |
| 80 | */ |
| 81 | #define SRTP_MAX_KEY_LEN 64 |
| 82 | |
| 83 | /* |
| 84 | * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP |
| 85 | */ |
| 86 | |
| 87 | #define SRTP_MAX_TAG_LEN 12 |
| 88 | |
| 89 | /** |
| 90 | * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer |
| 91 | * (authentication tag and MKI) supported by libSRTP. This value is |
| 92 | * the maximum number of octets that will be added to an RTP packet by |
| 93 | * srtp_protect(). |
| 94 | * |
| 95 | * @brief the maximum number of octets added by srtp_protect(). |
| 96 | */ |
| 97 | #define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN |
| 98 | |
| 99 | /* |
| 100 | * nota bene: since libSRTP doesn't support the use of the MKI, the |
| 101 | * SRTP_MAX_TRAILER_LEN value is just the maximum tag length |
| 102 | */ |
| 103 | |
| 104 | /** |
| 105 | * @brief sec_serv_t describes a set of security services. |
| 106 | * |
| 107 | * A sec_serv_t enumeration is used to describe the particular |
| 108 | * security services that will be applied by a particular crypto |
| 109 | * policy (or other mechanism). |
| 110 | */ |
| 111 | |
| 112 | typedef enum { |
| 113 | sec_serv_none = 0, /**< no services */ |
| 114 | sec_serv_conf = 1, /**< confidentiality */ |
| 115 | sec_serv_auth = 2, /**< authentication */ |
| 116 | sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */ |
| 117 | } sec_serv_t; |
| 118 | |
| 119 | /** |
| 120 | * @brief crypto_policy_t describes a particular crypto policy that |
| 121 | * can be applied to an SRTP stream. |
| 122 | * |
| 123 | * A crypto_policy_t describes a particular cryptographic policy that |
| 124 | * can be applied to an SRTP or SRTCP stream. An SRTP session policy |
| 125 | * consists of a list of these policies, one for each SRTP stream |
| 126 | * in the session. |
| 127 | */ |
| 128 | |
| 129 | typedef struct crypto_policy_t { |
| 130 | cipher_type_id_t cipher_type; /**< An integer representing |
| 131 | * the type of cipher. */ |
| 132 | int cipher_key_len; /**< The length of the cipher key |
| 133 | * in octets. */ |
| 134 | auth_type_id_t auth_type; /**< An integer representing the |
| 135 | * authentication function. */ |
| 136 | int auth_key_len; /**< The length of the authentication |
| 137 | * function key in octets. */ |
| 138 | int auth_tag_len; /**< The length of the authentication |
| 139 | * tag in octets. */ |
| 140 | sec_serv_t sec_serv; /**< The flag indicating the security |
| 141 | * services to be applied. */ |
| 142 | } crypto_policy_t; |
| 143 | |
| 144 | |
| 145 | /** |
| 146 | * @brief ssrc_type_t describes the type of an SSRC. |
| 147 | * |
| 148 | * An ssrc_type_t enumeration is used to indicate a type of SSRC. See |
| 149 | * @ref srtp_policy_t for more informataion. |
| 150 | */ |
| 151 | |
| 152 | typedef enum { |
| 153 | ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */ |
| 154 | ssrc_specific = 1, /**< Indicates a specific SSRC value */ |
| 155 | ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value |
| 156 | (i.e. a value that is used in the |
| 157 | function srtp_unprotect()) */ |
| 158 | ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value |
| 159 | (i.e. a value that is used in the |
| 160 | function srtp_protect()) */ |
| 161 | } ssrc_type_t; |
| 162 | |
| 163 | /** |
| 164 | * @brief An ssrc_t represents a particular SSRC value, or a `wildcard' SSRC. |
| 165 | * |
| 166 | * An ssrc_t represents a particular SSRC value (if its type is |
| 167 | * ssrc_specific), or a wildcard SSRC value that will match all |
| 168 | * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound |
| 169 | * SSRCs (if its type is ssrc_any_inbound). |
| 170 | * |
| 171 | */ |
| 172 | |
| 173 | typedef struct { |
| 174 | ssrc_type_t type; /**< The type of this particular SSRC */ |
| 175 | unsigned int value; /**< The value of this SSRC, if it is not a wildcard */ |
| 176 | } ssrc_t; |
| 177 | |
| 178 | |
| 179 | /** |
| 180 | * @brief represents the policy for an SRTP session. |
| 181 | * |
| 182 | * A single srtp_policy_t struct represents the policy for a single |
| 183 | * SRTP stream, and a linked list of these elements represents the |
| 184 | * policy for an entire SRTP session. Each element contains the SRTP |
| 185 | * and SRTCP crypto policies for that stream, a pointer to the SRTP |
| 186 | * master key for that stream, the SSRC describing that stream, or a |
| 187 | * flag indicating a `wildcard' SSRC value, and a `next' field that |
| 188 | * holds a pointer to the next element in the list of policy elements, |
| 189 | * or NULL if it is the last element. |
| 190 | * |
| 191 | * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an |
| 192 | * inbound stream that for which there is no explicit SSRC entry in |
| 193 | * another policy element. Similarly, the value SSRC_ANY_OUTBOUND |
| 194 | * will matches any SSRC from an outbound stream that does not appear |
| 195 | * in another policy element. Note that wildcard SSRCs &b cannot be |
| 196 | * used to match both inbound and outbound traffic. This restriction |
| 197 | * is intentional, and it allows libSRTP to ensure that no security |
| 198 | * lapses result from accidental re-use of SSRC values during key |
| 199 | * sharing. |
| 200 | * |
| 201 | * |
| 202 | * @warning The final element of the list @b must have its `next' pointer |
| 203 | * set to NULL. |
| 204 | */ |
| 205 | |
| 206 | typedef struct srtp_policy_t { |
| 207 | ssrc_t ssrc; /**< The SSRC value of stream, or the |
| 208 | * flags SSRC_ANY_INBOUND or |
| 209 | * SSRC_ANY_OUTBOUND if key sharing |
| 210 | * is used for this policy element. |
| 211 | */ |
| 212 | crypto_policy_t rtp; /**< SRTP crypto policy. */ |
| 213 | crypto_policy_t rtcp; /**< SRTCP crypto policy. */ |
| 214 | unsigned char *key; /**< Pointer to the SRTP master key for |
| 215 | * this stream. */ |
| 216 | struct srtp_policy_t *next; /**< Pointer to next stream policy. */ |
| 217 | } srtp_policy_t; |
| 218 | |
| 219 | |
| 220 | |
| 221 | |
| 222 | /** |
| 223 | * @brief An srtp_t points to an SRTP session structure. |
| 224 | * |
| 225 | * The typedef srtp_t is a pointer to a structure that represents |
| 226 | * an SRTP session. This datatype is intentially opaque in |
| 227 | * order to separate the interface from the implementation. |
| 228 | * |
| 229 | * An SRTP session consists of all of the traffic sent to the RTP and |
| 230 | * RTCP destination transport addresses, using the RTP/SAVP (Secure |
| 231 | * Audio/Video Profile). A session can be viewed as a set of SRTP |
| 232 | * streams, each of which originates with a different participant. |
| 233 | */ |
| 234 | |
| 235 | typedef struct srtp_ctx_t *srtp_t; |
| 236 | |
| 237 | |
| 238 | /** |
| 239 | * @brief An srtp_stream_t points to an SRTP stream structure. |
| 240 | * |
| 241 | * The typedef srtp_stream_t is a pointer to a structure that |
| 242 | * represents an SRTP stream. This datatype is intentionally |
| 243 | * opaque in order to separate the interface from the implementation. |
| 244 | * |
| 245 | * An SRTP stream consists of all of the traffic sent to an SRTP |
| 246 | * session by a single participant. A session can be viewed as |
| 247 | * a set of streams. |
| 248 | * |
| 249 | */ |
| 250 | typedef struct srtp_stream_ctx_t *srtp_stream_t; |
| 251 | |
| 252 | |
| 253 | |
| 254 | /** |
| 255 | * @brief srtp_init() initializes the srtp library. |
| 256 | * |
| 257 | * @warning This function @b must be called before any other srtp |
| 258 | * functions. |
| 259 | */ |
| 260 | |
| 261 | err_status_t |
| 262 | srtp_init(void); |
| 263 | |
| 264 | /** |
| 265 | * @brief srtp_deinit() deinitializes the srtp library. |
| 266 | * |
| 267 | * @warning This function @b must be called on quitting application or |
| 268 | * after srtp is no longer used. |
| 269 | */ |
| 270 | |
| 271 | err_status_t |
| 272 | srtp_deinit(void); |
| 273 | |
| 274 | /** |
| 275 | * @brief srtp_protect() is the Secure RTP sender-side packet processing |
| 276 | * function. |
| 277 | * |
| 278 | * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP |
| 279 | * protection to the RTP packet rtp_hdr (which has length *len_ptr) using |
| 280 | * the SRTP context ctx. If err_status_ok is returned, then rtp_hdr |
| 281 | * points to the resulting SRTP packet and *len_ptr is the number of |
| 282 | * octets in that packet; otherwise, no assumptions should be made |
| 283 | * about the value of either data elements. |
| 284 | * |
| 285 | * The sequence numbers of the RTP packets presented to this function |
| 286 | * need not be consecutive, but they @b must be out of order by less |
| 287 | * than 2^15 = 32,768 packets. |
| 288 | * |
| 289 | * @warning This function assumes that it can write the authentication |
| 290 | * tag into the location in memory immediately following the RTP |
| 291 | * packet, and assumes that the RTP packet is aligned on a 32-bit |
| 292 | * boundary. |
| 293 | * |
| 294 | * @param ctx is the SRTP context to use in processing the packet. |
| 295 | * |
| 296 | * @param rtp_hdr is a pointer to the RTP packet (before the call); after |
| 297 | * the function returns, it points to the srtp packet. |
| 298 | * |
| 299 | * @param len_ptr is a pointer to the length in octets of the complete |
| 300 | * RTP packet (header and body) before the function call, and of the |
| 301 | * complete SRTP packet after the call, if err_status_ok was returned. |
| 302 | * Otherwise, the value of the data to which it points is undefined. |
| 303 | * |
| 304 | * @return |
| 305 | * - err_status_ok no problems |
| 306 | * - err_status_replay_fail rtp sequence number was non-increasing |
| 307 | * - @e other failure in cryptographic mechanisms |
| 308 | */ |
| 309 | |
| 310 | err_status_t |
| 311 | srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); |
| 312 | |
| 313 | /** |
| 314 | * @brief srtp_unprotect() is the Secure RTP receiver-side packet |
| 315 | * processing function. |
| 316 | * |
| 317 | * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies |
| 318 | * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr |
| 319 | * (which has length *len_ptr), using the SRTP context ctx. If |
| 320 | * err_status_ok is returned, then srtp_hdr points to the resulting |
| 321 | * RTP packet and *len_ptr is the number of octets in that packet; |
| 322 | * otherwise, no assumptions should be made about the value of either |
| 323 | * data elements. |
| 324 | * |
| 325 | * The sequence numbers of the RTP packets presented to this function |
| 326 | * need not be consecutive, but they @b must be out of order by less |
| 327 | * than 2^15 = 32,768 packets. |
| 328 | * |
| 329 | * @warning This function assumes that the SRTP packet is aligned on a |
| 330 | * 32-bit boundary. |
| 331 | * |
| 332 | * @param ctx is a pointer to the srtp_t which applies to the |
| 333 | * particular packet. |
| 334 | * |
| 335 | * @param srtp_hdr is a pointer to the header of the SRTP packet |
| 336 | * (before the call). after the function returns, it points to the |
| 337 | * rtp packet if err_status_ok was returned; otherwise, the value of |
| 338 | * the data to which it points is undefined. |
| 339 | * |
| 340 | * @param len_ptr is a pointer to the length in octets of the complete |
| 341 | * srtp packet (header and body) before the function call, and of the |
| 342 | * complete rtp packet after the call, if err_status_ok was returned. |
| 343 | * Otherwise, the value of the data to which it points is undefined. |
| 344 | * |
| 345 | * @return |
| 346 | * - err_status_ok if the RTP packet is valid. |
| 347 | * - err_status_auth_fail if the SRTP packet failed the message |
| 348 | * authentication check. |
| 349 | * - err_status_replay_fail if the SRTP packet is a replay (e.g. packet has |
| 350 | * already been processed and accepted). |
| 351 | * - [other] if there has been an error in the cryptographic mechanisms. |
| 352 | * |
| 353 | */ |
| 354 | |
| 355 | err_status_t |
| 356 | srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); |
| 357 | |
| 358 | |
| 359 | /** |
| 360 | * @brief srtp_create() allocates and initializes an SRTP session. |
| 361 | |
| 362 | * The function call srtp_create(session, policy, key) allocates and |
| 363 | * initializes an SRTP session context, applying the given policy and |
| 364 | * key. |
| 365 | * |
| 366 | * @param session is the SRTP session to which the policy is to be added. |
| 367 | * |
| 368 | * @param policy is the srtp_policy_t struct that describes the policy |
| 369 | * for the session. The struct may be a single element, or it may be |
| 370 | * the head of a list, in which case each element of the list is |
| 371 | * processed. It may also be NULL, in which case streams should be added |
| 372 | * later using srtp_add_stream(). The final element of the list @b must |
| 373 | * have its `next' field set to NULL. |
| 374 | * |
| 375 | * @return |
| 376 | * - err_status_ok if creation succeded. |
| 377 | * - err_status_alloc_fail if allocation failed. |
| 378 | * - err_status_init_fail if initialization failed. |
| 379 | */ |
| 380 | |
| 381 | err_status_t |
| 382 | srtp_create(srtp_t *session, const srtp_policy_t *policy); |
| 383 | |
| 384 | |
| 385 | /** |
| 386 | * @brief srtp_add_stream() allocates and initializes an SRTP stream |
| 387 | * within a given SRTP session. |
| 388 | * |
| 389 | * The function call srtp_add_stream(session, policy) allocates and |
| 390 | * initializes a new SRTP stream within a given, previously created |
| 391 | * session, applying the policy given as the other argument to that |
| 392 | * stream. |
| 393 | * |
| 394 | * @return values: |
| 395 | * - err_status_ok if stream creation succeded. |
| 396 | * - err_status_alloc_fail if stream allocation failed |
| 397 | * - err_status_init_fail if stream initialization failed. |
| 398 | */ |
| 399 | |
| 400 | err_status_t |
| 401 | srtp_add_stream(srtp_t session, |
| 402 | const srtp_policy_t *policy); |
| 403 | |
| 404 | |
| 405 | /** |
| 406 | * @brief srtp_remove_stream() deallocates an SRTP stream. |
| 407 | * |
| 408 | * The function call srtp_remove_stream(session, ssrc) removes |
| 409 | * the SRTP stream with the SSRC value ssrc from the SRTP session |
| 410 | * context given by the argument session. |
| 411 | * |
| 412 | * @param session is the SRTP session from which the stream |
| 413 | * will be removed. |
| 414 | * |
| 415 | * @param ssrc is the SSRC value of the stream to be removed. |
| 416 | * |
| 417 | * @warning Wildcard SSRC values cannot be removed from a |
| 418 | * session. |
| 419 | * |
| 420 | * @return |
| 421 | * - err_status_ok if the stream deallocation succeded. |
| 422 | * - [other] otherwise. |
| 423 | * |
| 424 | */ |
| 425 | |
| 426 | err_status_t |
| 427 | srtp_remove_stream(srtp_t session, unsigned int ssrc); |
| 428 | |
| 429 | /** |
| 430 | * @brief crypto_policy_set_rtp_default() sets a crypto policy |
| 431 | * structure to the SRTP default policy for RTP protection. |
| 432 | * |
| 433 | * @param p is a pointer to the policy structure to be set |
| 434 | * |
| 435 | * The function call crypto_policy_set_rtp_default(&p) sets the |
| 436 | * crypto_policy_t at location p to the SRTP default policy for RTP |
| 437 | * protection, as defined in the specification. This function is a |
| 438 | * convenience that helps to avoid dealing directly with the policy |
| 439 | * data structure. You are encouraged to initialize policy elements |
| 440 | * with this function call. Doing so may allow your code to be |
| 441 | * forward compatible with later versions of libSRTP that include more |
| 442 | * elements in the crypto_policy_t datatype. |
| 443 | * |
| 444 | * @return void. |
| 445 | * |
| 446 | */ |
| 447 | |
| 448 | void |
| 449 | crypto_policy_set_rtp_default(crypto_policy_t *p); |
| 450 | |
| 451 | /** |
| 452 | * @brief crypto_policy_set_rtcp_default() sets a crypto policy |
| 453 | * structure to the SRTP default policy for RTCP protection. |
| 454 | * |
| 455 | * @param p is a pointer to the policy structure to be set |
| 456 | * |
| 457 | * The function call crypto_policy_set_rtcp_default(&p) sets the |
| 458 | * crypto_policy_t at location p to the SRTP default policy for RTCP |
| 459 | * protection, as defined in the specification. This function is a |
| 460 | * convenience that helps to avoid dealing directly with the policy |
| 461 | * data structure. You are encouraged to initialize policy elements |
| 462 | * with this function call. Doing so may allow your code to be |
| 463 | * forward compatible with later versions of libSRTP that include more |
| 464 | * elements in the crypto_policy_t datatype. |
| 465 | * |
| 466 | * @return void. |
| 467 | * |
| 468 | */ |
| 469 | |
| 470 | void |
| 471 | crypto_policy_set_rtcp_default(crypto_policy_t *p); |
| 472 | |
| 473 | /** |
| 474 | * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto |
| 475 | * policy structure to the SRTP default policy for RTP protection. |
| 476 | * |
| 477 | * @param p is a pointer to the policy structure to be set |
| 478 | * |
| 479 | * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a |
| 480 | * synonym for crypto_policy_set_rtp_default(). It conforms to the |
| 481 | * naming convention used in |
| 482 | * http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt |
| 483 | * |
| 484 | * @return void. |
| 485 | * |
| 486 | */ |
| 487 | |
| 488 | #define crypto_policy_set_aes_cm_128_hmac_sha1_80(p) crypto_policy_set_rtp_default(p) |
| 489 | |
| 490 | |
| 491 | /** |
| 492 | * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto |
| 493 | * policy structure to a short-authentication tag policy |
| 494 | * |
| 495 | * @param p is a pointer to the policy structure to be set |
| 496 | * |
| 497 | * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p) |
| 498 | * sets the crypto_policy_t at location p to use policy |
| 499 | * AES_CM_128_HMAC_SHA1_32 as defined in |
| 500 | * draft-ietf-mmusic-sdescriptions-12.txt. This policy uses AES-128 |
| 501 | * Counter Mode encryption and HMAC-SHA1 authentication, with an |
| 502 | * authentication tag that is only 32 bits long. This length is |
| 503 | * considered adequate only for protecting audio and video media that |
| 504 | * use a stateless playback function. See Section 7.5 of RFC 3711 |
| 505 | * (http://www.ietf.org/rfc/rfc3711.txt). |
| 506 | * |
| 507 | * This function is a convenience that helps to avoid dealing directly |
| 508 | * with the policy data structure. You are encouraged to initialize |
| 509 | * policy elements with this function call. Doing so may allow your |
| 510 | * code to be forward compatible with later versions of libSRTP that |
| 511 | * include more elements in the crypto_policy_t datatype. |
| 512 | * |
| 513 | * @warning This crypto policy is intended for use in SRTP, but not in |
| 514 | * SRTCP. It is recommended that a policy that uses longer |
| 515 | * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 |
| 516 | * (http://www.ietf.org/rfc/rfc3711.txt). |
| 517 | * |
| 518 | * @return void. |
| 519 | * |
| 520 | */ |
| 521 | |
| 522 | void |
| 523 | crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p); |
| 524 | |
| 525 | |
| 526 | |
| 527 | /** |
| 528 | * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto |
| 529 | * policy structure to an encryption-only policy |
| 530 | * |
| 531 | * @param p is a pointer to the policy structure to be set |
| 532 | * |
| 533 | * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets |
| 534 | * the crypto_policy_t at location p to use the SRTP default cipher |
| 535 | * (AES-128 Counter Mode), but to use no authentication method. This |
| 536 | * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 |
| 537 | * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). |
| 538 | * |
| 539 | * This function is a convenience that helps to avoid dealing directly |
| 540 | * with the policy data structure. You are encouraged to initialize |
| 541 | * policy elements with this function call. Doing so may allow your |
| 542 | * code to be forward compatible with later versions of libSRTP that |
| 543 | * include more elements in the crypto_policy_t datatype. |
| 544 | * |
| 545 | * @warning This policy is NOT RECOMMENDED for SRTP unless it is |
| 546 | * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see |
| 547 | * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). |
| 548 | * |
| 549 | * @return void. |
| 550 | * |
| 551 | */ |
| 552 | |
| 553 | void |
| 554 | crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p); |
| 555 | |
| 556 | |
| 557 | /** |
| 558 | * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto |
| 559 | * policy structure to an authentication-only policy |
| 560 | * |
| 561 | * @param p is a pointer to the policy structure to be set |
| 562 | * |
| 563 | * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p) |
| 564 | * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80 |
| 565 | * bit authentication tag to provide message authentication, but to |
| 566 | * use no encryption. This policy is NOT RECOMMENDED for SRTP unless |
| 567 | * there is a requirement to forego encryption. |
| 568 | * |
| 569 | * This function is a convenience that helps to avoid dealing directly |
| 570 | * with the policy data structure. You are encouraged to initialize |
| 571 | * policy elements with this function call. Doing so may allow your |
| 572 | * code to be forward compatible with later versions of libSRTP that |
| 573 | * include more elements in the crypto_policy_t datatype. |
| 574 | * |
| 575 | * @warning This policy is NOT RECOMMENDED for SRTP unless there is a |
| 576 | * requirement to forego encryption. |
| 577 | * |
| 578 | * @return void. |
| 579 | * |
| 580 | */ |
| 581 | |
| 582 | void |
| 583 | crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p); |
| 584 | |
| 585 | /** |
| 586 | * @brief srtp_dealloc() deallocates storage for an SRTP session |
| 587 | * context. |
| 588 | * |
| 589 | * The function call srtp_dealloc(s) deallocates storage for the |
| 590 | * SRTP session context s. This function should be called no more |
| 591 | * than one time for each of the contexts allocated by the function |
| 592 | * srtp_create(). |
| 593 | * |
| 594 | * @param s is the srtp_t for the session to be deallocated. |
| 595 | * |
| 596 | * @return |
| 597 | * - err_status_ok if there no problems. |
| 598 | * - err_status_dealloc_fail a memory deallocation failure occured. |
| 599 | */ |
| 600 | |
| 601 | err_status_t |
| 602 | srtp_dealloc(srtp_t s); |
| 603 | |
| 604 | |
| 605 | /* |
| 606 | * @brief identifies a particular SRTP profile |
| 607 | * |
| 608 | * An srtp_profile_t enumeration is used to identify a particular SRTP |
| 609 | * profile (that is, a set of algorithms and parameters). These |
| 610 | * profiles are defined in the DTLS-SRTP draft. |
| 611 | */ |
| 612 | |
| 613 | typedef enum { |
| 614 | srtp_profile_reserved = 0, |
| 615 | srtp_profile_aes128_cm_sha1_80 = 1, |
| 616 | srtp_profile_aes128_cm_sha1_32 = 2, |
| 617 | srtp_profile_aes256_cm_sha1_80 = 3, |
| 618 | srtp_profile_aes256_cm_sha1_32 = 4, |
| 619 | srtp_profile_null_sha1_80 = 5, |
| 620 | srtp_profile_null_sha1_32 = 6, |
| 621 | } srtp_profile_t; |
| 622 | |
| 623 | |
| 624 | /** |
| 625 | * @brief crypto_policy_set_from_profile_for_rtp() sets a crypto policy |
| 626 | * structure to the appropriate value for RTP based on an srtp_profile_t |
| 627 | * |
| 628 | * @param p is a pointer to the policy structure to be set |
| 629 | * |
| 630 | * The function call crypto_policy_set_rtp_default(&policy, profile) |
| 631 | * sets the crypto_policy_t at location policy to the policy for RTP |
| 632 | * protection, as defined by the srtp_profile_t profile. |
| 633 | * |
| 634 | * This function is a convenience that helps to avoid dealing directly |
| 635 | * with the policy data structure. You are encouraged to initialize |
| 636 | * policy elements with this function call. Doing so may allow your |
| 637 | * code to be forward compatible with later versions of libSRTP that |
| 638 | * include more elements in the crypto_policy_t datatype. |
| 639 | * |
| 640 | * @return values |
| 641 | * - err_status_ok no problems were encountered |
| 642 | * - err_status_bad_param the profile is not supported |
| 643 | * |
| 644 | */ |
| 645 | err_status_t |
| 646 | crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy, |
| 647 | srtp_profile_t profile); |
| 648 | |
| 649 | |
| 650 | |
| 651 | |
| 652 | /** |
| 653 | * @brief crypto_policy_set_from_profile_for_rtcp() sets a crypto policy |
| 654 | * structure to the appropriate value for RTCP based on an srtp_profile_t |
| 655 | * |
| 656 | * @param p is a pointer to the policy structure to be set |
| 657 | * |
| 658 | * The function call crypto_policy_set_rtcp_default(&policy, profile) |
| 659 | * sets the crypto_policy_t at location policy to the policy for RTCP |
| 660 | * protection, as defined by the srtp_profile_t profile. |
| 661 | * |
| 662 | * This function is a convenience that helps to avoid dealing directly |
| 663 | * with the policy data structure. You are encouraged to initialize |
| 664 | * policy elements with this function call. Doing so may allow your |
| 665 | * code to be forward compatible with later versions of libSRTP that |
| 666 | * include more elements in the crypto_policy_t datatype. |
| 667 | * |
| 668 | * @return values |
| 669 | * - err_status_ok no problems were encountered |
| 670 | * - err_status_bad_param the profile is not supported |
| 671 | * |
| 672 | */ |
| 673 | err_status_t |
| 674 | crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy, |
| 675 | srtp_profile_t profile); |
| 676 | |
| 677 | /** |
| 678 | * @brief returns the master key length for a given SRTP profile |
| 679 | */ |
| 680 | unsigned int |
| 681 | srtp_profile_get_master_key_length(srtp_profile_t profile); |
| 682 | |
| 683 | |
| 684 | /** |
| 685 | * @brief returns the master salt length for a given SRTP profile |
| 686 | */ |
| 687 | unsigned int |
| 688 | srtp_profile_get_master_salt_length(srtp_profile_t profile); |
| 689 | |
| 690 | /** |
| 691 | * @brief appends the salt to the key |
| 692 | * |
| 693 | * The function call append_salt_to_key(k, klen, s, slen) |
| 694 | * copies the string s to the location at klen bytes following |
| 695 | * the location k. |
| 696 | * |
| 697 | * @warning There must be at least bytes_in_salt + bytes_in_key bytes |
| 698 | * available at the location pointed to by key. |
| 699 | * |
| 700 | */ |
| 701 | |
| 702 | void |
| 703 | append_salt_to_key(unsigned char *key, unsigned int bytes_in_key, |
| 704 | unsigned char *salt, unsigned int bytes_in_salt); |
| 705 | |
| 706 | |
| 707 | |
| 708 | /** |
| 709 | * @} |
| 710 | */ |
| 711 | |
| 712 | |
| 713 | |
| 714 | /** |
| 715 | * @defgroup SRTCP Secure RTCP |
| 716 | * @ingroup SRTP |
| 717 | * |
| 718 | * @brief Secure RTCP functions are used to protect RTCP traffic. |
| 719 | * |
| 720 | * RTCP is the control protocol for RTP. libSRTP protects RTCP |
| 721 | * traffic in much the same way as it does RTP traffic. The function |
| 722 | * srtp_protect_rtcp() applies cryptographic protections to outbound |
| 723 | * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on |
| 724 | * inbound RTCP packets. |
| 725 | * |
| 726 | * A note on the naming convention: srtp_protect_rtcp() has an srtp_t |
| 727 | * as its first argument, and thus has `srtp_' as its prefix. The |
| 728 | * trailing `_rtcp' indicates the protocol on which it acts. |
| 729 | * |
| 730 | * @{ |
| 731 | */ |
| 732 | |
| 733 | /** |
| 734 | * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet |
| 735 | * processing function. |
| 736 | * |
| 737 | * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies |
| 738 | * SRTCP protection to the RTCP packet rtcp_hdr (which has length |
| 739 | * *len_ptr) using the SRTP session context ctx. If err_status_ok is |
| 740 | * returned, then rtp_hdr points to the resulting SRTCP packet and |
| 741 | * *len_ptr is the number of octets in that packet; otherwise, no |
| 742 | * assumptions should be made about the value of either data elements. |
| 743 | * |
| 744 | * @warning This function assumes that it can write the authentication |
| 745 | * tag into the location in memory immediately following the RTCP |
| 746 | * packet, and assumes that the RTCP packet is aligned on a 32-bit |
| 747 | * boundary. |
| 748 | * |
| 749 | * @param ctx is the SRTP context to use in processing the packet. |
| 750 | * |
| 751 | * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after |
| 752 | * the function returns, it points to the srtp packet. |
| 753 | * |
| 754 | * @param pkt_octet_len is a pointer to the length in octets of the |
| 755 | * complete RTCP packet (header and body) before the function call, |
| 756 | * and of the complete SRTCP packet after the call, if err_status_ok |
| 757 | * was returned. Otherwise, the value of the data to which it points |
| 758 | * is undefined. |
| 759 | * |
| 760 | * @return |
| 761 | * - err_status_ok if there were no problems. |
| 762 | * - [other] if there was a failure in |
| 763 | * the cryptographic mechanisms. |
| 764 | */ |
| 765 | |
| 766 | |
| 767 | err_status_t |
| 768 | srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len); |
| 769 | |
| 770 | /** |
| 771 | * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet |
| 772 | * processing function. |
| 773 | * |
| 774 | * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr) |
| 775 | * verifies the Secure RTCP protection of the SRTCP packet pointed to |
| 776 | * by srtcp_hdr (which has length *len_ptr), using the SRTP session |
| 777 | * context ctx. If err_status_ok is returned, then srtcp_hdr points |
| 778 | * to the resulting RTCP packet and *len_ptr is the number of octets |
| 779 | * in that packet; otherwise, no assumptions should be made about the |
| 780 | * value of either data elements. |
| 781 | * |
| 782 | * @warning This function assumes that the SRTCP packet is aligned on a |
| 783 | * 32-bit boundary. |
| 784 | * |
| 785 | * @param ctx is a pointer to the srtp_t which applies to the |
| 786 | * particular packet. |
| 787 | * |
| 788 | * @param srtcp_hdr is a pointer to the header of the SRTCP packet |
| 789 | * (before the call). After the function returns, it points to the |
| 790 | * rtp packet if err_status_ok was returned; otherwise, the value of |
| 791 | * the data to which it points is undefined. |
| 792 | * |
| 793 | * @param pkt_octet_len is a pointer to the length in octets of the |
| 794 | * complete SRTCP packet (header and body) before the function call, |
| 795 | * and of the complete rtp packet after the call, if err_status_ok was |
| 796 | * returned. Otherwise, the value of the data to which it points is |
| 797 | * undefined. |
| 798 | * |
| 799 | * @return |
| 800 | * - err_status_ok if the RTCP packet is valid. |
| 801 | * - err_status_auth_fail if the SRTCP packet failed the message |
| 802 | * authentication check. |
| 803 | * - err_status_replay_fail if the SRTCP packet is a replay (e.g. has |
| 804 | * already been processed and accepted). |
| 805 | * - [other] if there has been an error in the cryptographic mechanisms. |
| 806 | * |
| 807 | */ |
| 808 | |
| 809 | err_status_t |
| 810 | srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len); |
| 811 | |
| 812 | /** |
| 813 | * @} |
| 814 | */ |
| 815 | |
| 816 | /** |
| 817 | * @defgroup SRTPevents SRTP events and callbacks |
| 818 | * @ingroup SRTP |
| 819 | * |
| 820 | * @brief libSRTP can use a user-provided callback function to |
| 821 | * handle events. |
| 822 | * |
| 823 | * |
| 824 | * libSRTP allows a user to provide a callback function to handle |
| 825 | * events that need to be dealt with outside of the data plane (see |
| 826 | * the enum srtp_event_t for a description of these events). Dealing |
| 827 | * with these events is not a strict necessity; they are not |
| 828 | * security-critical, but the application may suffer if they are not |
| 829 | * handled. The function srtp_set_event_handler() is used to provide |
| 830 | * the callback function. |
| 831 | * |
| 832 | * A default event handler that merely reports on the events as they |
| 833 | * happen is included. It is also possible to set the event handler |
| 834 | * function to NULL, in which case all events will just be silently |
| 835 | * ignored. |
| 836 | * |
| 837 | * @{ |
| 838 | */ |
| 839 | |
| 840 | /** |
| 841 | * @brief srtp_event_t defines events that need to be handled |
| 842 | * |
| 843 | * The enum srtp_event_t defines events that need to be handled |
| 844 | * outside the `data plane', such as SSRC collisions and |
| 845 | * key expirations. |
| 846 | * |
| 847 | * When a key expires or the maximum number of packets has been |
| 848 | * reached, an SRTP stream will enter an `expired' state in which no |
| 849 | * more packets can be protected or unprotected. When this happens, |
| 850 | * it is likely that you will want to either deallocate the stream |
| 851 | * (using srtp_stream_dealloc()), and possibly allocate a new one. |
| 852 | * |
| 853 | * When an SRTP stream expires, the other streams in the same session |
| 854 | * are unaffected, unless key sharing is used by that stream. In the |
| 855 | * latter case, all of the streams in the session will expire. |
| 856 | */ |
| 857 | |
| 858 | typedef enum { |
| 859 | event_ssrc_collision, /**< |
| 860 | * An SSRC collision occured. |
| 861 | */ |
| 862 | event_key_soft_limit, /**< An SRTP stream reached the soft key |
| 863 | * usage limit and will expire soon. |
| 864 | */ |
| 865 | event_key_hard_limit, /**< An SRTP stream reached the hard |
| 866 | * key usage limit and has expired. |
| 867 | */ |
| 868 | event_packet_index_limit /**< An SRTP stream reached the hard |
| 869 | * packet limit (2^48 packets). |
| 870 | */ |
| 871 | } srtp_event_t; |
| 872 | |
| 873 | /** |
| 874 | * @brief srtp_event_data_t is the structure passed as a callback to |
| 875 | * the event handler function |
| 876 | * |
| 877 | * The struct srtp_event_data_t holds the data passed to the event |
| 878 | * handler function. |
| 879 | */ |
| 880 | |
| 881 | typedef struct srtp_event_data_t { |
| 882 | srtp_t session; /**< The session in which the event happend. */ |
| 883 | srtp_stream_t stream; /**< The stream in which the event happend. */ |
| 884 | srtp_event_t event; /**< An enum indicating the type of event. */ |
| 885 | } srtp_event_data_t; |
| 886 | |
| 887 | /** |
| 888 | * @brief srtp_event_handler_func_t is the function prototype for |
| 889 | * the event handler. |
| 890 | * |
| 891 | * The typedef srtp_event_handler_func_t is the prototype for the |
| 892 | * event handler function. It has as its only argument an |
| 893 | * srtp_event_data_t which describes the event that needs to be handled. |
| 894 | * There can only be a single, global handler for all events in |
| 895 | * libSRTP. |
| 896 | */ |
| 897 | |
| 898 | typedef void (srtp_event_handler_func_t)(srtp_event_data_t *data); |
| 899 | |
| 900 | /** |
| 901 | * @brief sets the event handler to the function supplied by the caller. |
| 902 | * |
| 903 | * The function call srtp_install_event_handler(func) sets the event |
| 904 | * handler function to the value func. The value NULL is acceptable |
| 905 | * as an argument; in this case, events will be ignored rather than |
| 906 | * handled. |
| 907 | * |
| 908 | * @param func is a pointer to a fuction that takes an srtp_event_data_t |
| 909 | * pointer as an argument and returns void. This function |
| 910 | * will be used by libSRTP to handle events. |
| 911 | */ |
| 912 | |
| 913 | err_status_t |
| 914 | srtp_install_event_handler(srtp_event_handler_func_t func); |
| 915 | |
| 916 | /** |
| 917 | * @} |
| 918 | */ |
| 919 | /* in host order, so outside the #if */ |
| 920 | #define SRTCP_E_BIT 0x80000000 |
| 921 | /* for byte-access */ |
| 922 | #define SRTCP_E_BYTE_BIT 0x80 |
| 923 | #define SRTCP_INDEX_MASK 0x7fffffff |
| 924 | |
| 925 | #ifdef _MSC_VER |
| 926 | #pragma pack() |
| 927 | #endif |
| 928 | |
| 929 | #ifdef __cplusplus |
| 930 | } |
| 931 | #endif |
| 932 | |
| 933 | #endif /* SRTP_H */ |