| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * ekt.h | 2 * ekt.h |
| 3 * | 3 * |
| 4 * interface to Encrypted Key Transport for SRTP | 4 * interface to Encrypted Key Transport for SRTP |
| 5 * | 5 * |
| 6 * David McGrew | 6 * David McGrew |
| 7 * Cisco Systems, Inc. | 7 * Cisco Systems, Inc. |
| 8 */ | 8 */ |
| 9 /* | 9 /* |
| 10 * | 10 * |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 55 * question: will we want to allow key-sharing templates in addition | 55 * question: will we want to allow key-sharing templates in addition |
| 56 * to EKT templates? could define a new ssrc_type_t that's associated | 56 * to EKT templates? could define a new ssrc_type_t that's associated |
| 57 * with an EKT, e.g. ssrc_any_ekt. | 57 * with an EKT, e.g. ssrc_any_ekt. |
| 58 * | 58 * |
| 59 * | 59 * |
| 60 */ | 60 */ |
| 61 | 61 |
| 62 #ifndef EKT_H | 62 #ifndef EKT_H |
| 63 #define EKT_H | 63 #define EKT_H |
| 64 | 64 |
| 65 #include "srtp_priv.h" |
| 66 |
| 65 #ifdef __cplusplus | 67 #ifdef __cplusplus |
| 66 extern "C" { | 68 extern "C" { |
| 67 #endif | 69 #endif |
| 68 | 70 |
| 69 #include "srtp_priv.h" | 71 #define SRTP_EKT_CIPHER_DEFAULT 1 |
| 72 #define SRTP_EKT_CIPHER_AES_128_ECB 1 |
| 73 #define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2 |
| 74 #define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3 |
| 70 | 75 |
| 71 #define EKT_CIPHER_DEFAULT 1 | 76 typedef uint16_t srtp_ekt_spi_t; |
| 72 #define EKT_CIPHER_AES_128_ECB 1 | |
| 73 #define EKT_CIPHER_AES_192_KEY_WRAP 2 | |
| 74 #define EKT_CIPHER_AES_256_KEY_WRAP 3 | |
| 75 | |
| 76 typedef uint16_t ekt_spi_t; | |
| 77 | 77 |
| 78 | 78 |
| 79 unsigned | 79 unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt); |
| 80 ekt_octets_after_base_tag(ekt_stream_t ekt); | |
| 81 | 80 |
| 82 /* | 81 /* |
| 83 * an srtp_policy_t structure can contain a pointer to an | 82 * an srtp_policy_t structure can contain a pointer to an |
| 84 * ekt_policy_t structure | 83 * srtp_ekt_policy_t structure |
| 85 * | 84 * |
| 86 * this structure holds all of the high level EKT information, and it | 85 * this structure holds all of the high level EKT information, and it |
| 87 * is passed into libsrtp to indicate what policy should be in effect | 86 * is passed into libsrtp to indicate what policy should be in effect |
| 88 */ | 87 */ |
| 89 | 88 |
| 90 typedef struct ekt_policy_ctx_t { | 89 typedef struct srtp_ekt_policy_ctx_t { |
| 91 ekt_spi_t spi; /* security parameter index */ | 90 srtp_ekt_spi_t spi; /* security parameter index */ |
| 92 uint8_t ekt_cipher_type; | 91 uint8_t ekt_cipher_type; |
| 93 uint8_t *ekt_key; | 92 uint8_t *ekt_key; |
| 94 struct ekt_policy_ctx_t *next_ekt_policy; | 93 struct srtp_ekt_policy_ctx_t *next_ekt_policy; |
| 95 } ekt_policy_ctx_t; | 94 } srtp_ekt_policy_ctx_t; |
| 96 | 95 |
| 97 | 96 |
| 98 /* | 97 /* |
| 99 * an ekt_data_t structure holds the data corresponding to an ekt key, | 98 * an srtp_ekt_data_t structure holds the data corresponding to an ekt key, |
| 100 * spi, and so on | 99 * spi, and so on |
| 101 */ | 100 */ |
| 102 | 101 |
| 103 typedef struct ekt_data_t { | 102 typedef struct srtp_ekt_data_t { |
| 104 ekt_spi_t spi; | 103 srtp_ekt_spi_t spi; |
| 105 uint8_t ekt_cipher_type; | 104 uint8_t ekt_cipher_type; |
| 106 aes_expanded_key_t ekt_enc_key; | 105 srtp_aes_expanded_key_t ekt_enc_key; |
| 107 aes_expanded_key_t ekt_dec_key; | 106 srtp_aes_expanded_key_t ekt_dec_key; |
| 108 struct ekt_data_t *next_ekt_data; | 107 struct ekt_data_t *next_ekt_data; |
| 109 } ekt_data_t; | 108 } srtp_ekt_data_t; |
| 110 | 109 |
| 111 /* | 110 /* |
| 112 * an srtp_stream_ctx_t can contain an ekt_stream_ctx_t | 111 * an srtp_stream_ctx_t can contain an srtp_ekt_stream_ctx_t |
| 113 * | 112 * |
| 114 * an ekt_stream_ctx_t structure holds all of the EKT information for | 113 * an srtp_ekt_stream_ctx_t structure holds all of the EKT information for |
| 115 * a specific SRTP stream | 114 * a specific SRTP stream |
| 116 */ | 115 */ |
| 117 | 116 |
| 118 typedef struct ekt_stream_ctx_t { | 117 typedef struct srtp_ekt_stream_ctx_t { |
| 119 ekt_data_t *data; | 118 srtp_ekt_data_t *data; |
| 120 uint16_t isn; /* initial sequence number */ | 119 uint16_t» isn; /* initial sequence number */ |
| 121 uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; | 120 uint8_t» encrypted_master_key[SRTP_MAX_KEY_LEN]; |
| 122 } ekt_stream_ctx_t; | 121 } srtp_ekt_stream_ctx_t; |
| 123 | 122 |
| 124 | 123 |
| 125 | 124 |
| 126 err_status_t | 125 srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy
_t policy); |
| 127 ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy); | |
| 128 | 126 |
| 129 err_status_t | 127 srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e, srtp_ekt_spi_t spi,
void *ekt_key, unsigned ekt_cipher_type); |
| 130 ekt_stream_init(ekt_stream_t e, | |
| 131 » » ekt_spi_t spi, | |
| 132 » » void *ekt_key, | |
| 133 » » unsigned ekt_cipher_type); | |
| 134 | 128 |
| 135 err_status_t | 129 srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e, srtp_ekt
_policy_t p); |
| 136 ekt_stream_init_from_policy(ekt_stream_t e, ekt_policy_t p); | |
| 137 | 130 |
| 138 | 131 |
| 139 | 132 |
| 140 err_status_t | 133 srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *sr
tcp_hdr, unsigned pkt_octet_len); |
| 141 srtp_stream_init_from_ekt(srtp_stream_t stream,»» » | |
| 142 » » » const void *srtcp_hdr, | |
| 143 » » » unsigned pkt_octet_len); | |
| 144 | 134 |
| 145 | 135 |
| 146 void | 136 void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base
_tag_len, int *packet_len, srtp_xtd_seq_num_t pkt_index);» » |
| 147 ekt_write_data(ekt_stream_t ekt, | |
| 148 » uint8_t *base_tag, | |
| 149 » unsigned base_tag_len, | |
| 150 » int *packet_len, | |
| 151 » xtd_seq_num_t pkt_index);» » | |
| 152 | 137 |
| 153 /* | 138 /* |
| 154 * We handle EKT by performing some additional steps before | 139 * We handle EKT by performing some additional steps before |
| 155 * authentication (copying the auth tag into a temporary location, | 140 * authentication (copying the auth tag into a temporary location, |
| 156 * zeroizing the "base tag" field in the packet) | 141 * zeroizing the "base tag" field in the packet) |
| 157 * | 142 * |
| 158 * With EKT, the tag_len parameter is actually the base tag | 143 * With EKT, the tag_len parameter is actually the base tag |
| 159 * length | 144 * length |
| 160 */ | 145 */ |
| 146 srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag, uint8_t
*pkt_tag_copy, unsigned tag_len); |
| 161 | 147 |
| 162 err_status_t | 148 srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, uint8_t
*pkt_tag_copy, unsigned tag_len); |
| 163 ekt_tag_verification_preproces(uint8_t *pkt_tag, | |
| 164 » » » uint8_t *pkt_tag_copy, | |
| 165 » » » unsigned tag_len); | |
| 166 | |
| 167 err_status_t | |
| 168 ekt_tag_verification_postproces(uint8_t *pkt_tag, | |
| 169 » » » » uint8_t *pkt_tag_copy, | |
| 170 » » » » unsigned tag_len); | |
| 171 | 149 |
| 172 | 150 |
| 173 /* | 151 /* |
| 174 * @brief EKT pre-processing for srtcp tag generation | 152 * @brief EKT pre-processing for srtcp tag generation |
| 175 * | 153 * |
| 176 * This function does the pre-processing of the SRTCP authentication | 154 * This function does the pre-processing of the SRTCP authentication |
| 177 * tag format. When EKT is used, it consists of writing the Encrypted | 155 * tag format. When EKT is used, it consists of writing the Encrypted |
| 178 * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI | 156 * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI |
| 179 * fields. The Base Authentication Tag field is set to the all-zero | 157 * fields. The Base Authentication Tag field is set to the all-zero |
| 180 * value | 158 * value |
| 181 * | 159 * |
| 182 * When EKT is not used, this function is a no-op. | 160 * When EKT is not used, this function is a no-op. |
| 183 * | 161 * |
| 184 */ | 162 */ |
| 185 | 163 srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_st
ream_t *s, uint8_t *pkt_tag, unsigned pkt_octet_len); |
| 186 err_status_t | |
| 187 srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, | |
| 188 » » » » » » uint8_t *pkt_tag, | |
| 189 » » » » » » unsigned pkt_octet_len); | |
| 190 | 164 |
| 191 /* it's not clear that a tag_generation_postprocess function is needed */ | 165 /* it's not clear that a tag_generation_postprocess function is needed */ |
| 192 | 166 srtp_err_status_t srtcp_auth_tag_generation_postprocess(void); |
| 193 err_status_t | |
| 194 srtcp_auth_tag_generation_postprocess(void); | |
| 195 | 167 |
| 196 | 168 |
| 197 #ifdef __cplusplus | 169 #ifdef __cplusplus |
| 198 } | 170 } |
| 199 #endif | 171 #endif |
| 200 | 172 |
| 201 #endif /* EKT_H */ | 173 #endif /* EKT_H */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2344973002:
Update libsrtp to version 2.0 (Closed)
