srtp.h 70 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759
  1. /*
  2. * srtp.h
  3. *
  4. * interface to libsrtp
  5. *
  6. * David A. McGrew
  7. * Cisco Systems, Inc.
  8. */
  9. /*
  10. *
  11. * Copyright (c) 2001-2017, Cisco Systems, Inc.
  12. * All rights reserved.
  13. *
  14. * Redistribution and use in source and binary forms, with or without
  15. * modification, are permitted provided that the following conditions
  16. * are met:
  17. *
  18. * Redistributions of source code must retain the above copyright
  19. * notice, this list of conditions and the following disclaimer.
  20. *
  21. * Redistributions in binary form must reproduce the above
  22. * copyright notice, this list of conditions and the following
  23. * disclaimer in the documentation and/or other materials provided
  24. * with the distribution.
  25. *
  26. * Neither the name of the Cisco Systems, Inc. nor the names of its
  27. * contributors may be used to endorse or promote products derived
  28. * from this software without specific prior written permission.
  29. *
  30. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  31. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  32. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  33. * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  34. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
  35. * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  36. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  37. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  38. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  39. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  40. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  41. * OF THE POSSIBILITY OF SUCH DAMAGE.
  42. *
  43. */
  44. #ifndef SRTP_SRTP_H
  45. #define SRTP_SRTP_H
  46. #include <stdint.h>
  47. #ifdef __cplusplus
  48. extern "C" {
  49. #endif
  50. /**
  51. * @defgroup SRTP Secure RTP
  52. *
  53. * @brief libSRTP provides functions for protecting RTP and RTCP. See
  54. * Section @ref Overview for an introduction to the use of the library.
  55. *
  56. * @{
  57. */
  58. /*
  59. * SRTP_MASTER_KEY_LEN is the nominal master key length supported by libSRTP
  60. */
  61. #define SRTP_MASTER_KEY_LEN 30
  62. /*
  63. * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP
  64. */
  65. #define SRTP_MAX_KEY_LEN 64
  66. /*
  67. * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP
  68. */
  69. #define SRTP_MAX_TAG_LEN 16
  70. /**
  71. * SRTP_MAX_MKI_LEN is the maximum size the MKI could be which is
  72. * 128 bytes
  73. */
  74. #define SRTP_MAX_MKI_LEN 128
  75. /**
  76. * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer
  77. * (authentication tag and MKI) supported by libSRTP. This value is
  78. * the maixmum number of octets that will be added to an RTP packet by
  79. * srtp_protect().
  80. *
  81. * @brief the maximum number of octets added by srtp_protect().
  82. */
  83. #define SRTP_MAX_TRAILER_LEN (SRTP_MAX_TAG_LEN + SRTP_MAX_MKI_LEN)
  84. /**
  85. * SRTP_MAX_NUM_MASTER_KEYS is the maximum number of Master keys for
  86. * MKI supported by libSRTP.
  87. *
  88. */
  89. #define SRTP_MAX_NUM_MASTER_KEYS 16
  90. #define SRTP_SALT_LEN 14
  91. /*
  92. * SRTP_AEAD_SALT_LEN is the length of the SALT values used with
  93. * GCM mode. GCM mode requires an IV. The SALT value is used
  94. * as part of the IV formation logic applied to each RTP packet.
  95. */
  96. #define SRTP_AEAD_SALT_LEN 12
  97. #define SRTP_AES_128_KEY_LEN 16
  98. #define SRTP_AES_192_KEY_LEN 24
  99. #define SRTP_AES_256_KEY_LEN 32
  100. #define SRTP_AES_ICM_128_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_128_KEY_LEN)
  101. #define SRTP_AES_ICM_192_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_192_KEY_LEN)
  102. #define SRTP_AES_ICM_256_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_256_KEY_LEN)
  103. #define SRTP_AES_GCM_128_KEY_LEN_WSALT \
  104. (SRTP_AEAD_SALT_LEN + SRTP_AES_128_KEY_LEN)
  105. #define SRTP_AES_GCM_192_KEY_LEN_WSALT \
  106. (SRTP_AEAD_SALT_LEN + SRTP_AES_192_KEY_LEN)
  107. #define SRTP_AES_GCM_256_KEY_LEN_WSALT \
  108. (SRTP_AEAD_SALT_LEN + SRTP_AES_256_KEY_LEN)
  109. /**
  110. * @brief A srtp_cipher_type_id_t is an identifier for a particular cipher
  111. * type.
  112. *
  113. * A srtp_cipher_type_id_t is an integer that represents a particular
  114. * cipher type, e.g. the Advanced Encryption Standard (AES). A
  115. * SRTP_NULL_CIPHER is avaliable; this cipher leaves the data unchanged,
  116. * and can be selected to indicate that no encryption is to take
  117. * place.
  118. *
  119. * @ingroup Ciphers
  120. */
  121. typedef uint32_t srtp_cipher_type_id_t;
  122. /**
  123. * @brief An srtp_auth_type_id_t is an identifier for a particular
  124. * authentication
  125. * function.
  126. *
  127. * An srtp_auth_type_id_t is an integer that represents a particular
  128. * authentication function type, e.g. HMAC-SHA1. A SRTP_NULL_AUTH is
  129. * avaliable; this authentication function performs no computation,
  130. * and can be selected to indicate that no authentication is to take
  131. * place.
  132. *
  133. * @ingroup Authentication
  134. */
  135. typedef uint32_t srtp_auth_type_id_t;
  136. /**
  137. * @brief srtp_err_status_t defines error codes.
  138. *
  139. * The enumeration srtp_err_status_t defines error codes. Note that the
  140. * value of srtp_err_status_ok is equal to zero, which can simplify error
  141. * checking somewhat.
  142. *
  143. */
  144. typedef enum {
  145. srtp_err_status_ok = 0, /**< nothing to report */
  146. srtp_err_status_fail = 1, /**< unspecified failure */
  147. srtp_err_status_bad_param = 2, /**< unsupported parameter */
  148. srtp_err_status_alloc_fail = 3, /**< couldn't allocate memory */
  149. srtp_err_status_dealloc_fail = 4, /**< couldn't deallocate properly */
  150. srtp_err_status_init_fail = 5, /**< couldn't initialize */
  151. srtp_err_status_terminus = 6, /**< can't process as much data as */
  152. /**< requested */
  153. srtp_err_status_auth_fail = 7, /**< authentication failure */
  154. srtp_err_status_cipher_fail = 8, /**< cipher failure */
  155. srtp_err_status_replay_fail = 9, /**< replay check failed (bad index) */
  156. srtp_err_status_replay_old = 10, /**< replay check failed (index too */
  157. /**< old) */
  158. srtp_err_status_algo_fail = 11, /**< algorithm failed test routine */
  159. srtp_err_status_no_such_op = 12, /**< unsupported operation */
  160. srtp_err_status_no_ctx = 13, /**< no appropriate context found */
  161. srtp_err_status_cant_check = 14, /**< unable to perform desired */
  162. /**< validation */
  163. srtp_err_status_key_expired = 15, /**< can't use key any more */
  164. srtp_err_status_socket_err = 16, /**< error in use of socket */
  165. srtp_err_status_signal_err = 17, /**< error in use POSIX signals */
  166. srtp_err_status_nonce_bad = 18, /**< nonce check failed */
  167. srtp_err_status_read_fail = 19, /**< couldn't read data */
  168. srtp_err_status_write_fail = 20, /**< couldn't write data */
  169. srtp_err_status_parse_err = 21, /**< error parsing data */
  170. srtp_err_status_encode_err = 22, /**< error encoding data */
  171. srtp_err_status_semaphore_err = 23, /**< error while using semaphores */
  172. srtp_err_status_pfkey_err = 24, /**< error while using pfkey */
  173. srtp_err_status_bad_mki = 25, /**< error MKI present in packet is */
  174. /**< invalid */
  175. srtp_err_status_pkt_idx_old = 26, /**< packet index is too old to */
  176. /**< consider */
  177. srtp_err_status_pkt_idx_adv = 27 /**< packet index advanced, reset */
  178. /**< needed */
  179. } srtp_err_status_t;
  180. typedef struct srtp_ctx_t_ srtp_ctx_t;
  181. /**
  182. * @brief srtp_sec_serv_t describes a set of security services.
  183. *
  184. * A srtp_sec_serv_t enumeration is used to describe the particular
  185. * security services that will be applied by a particular crypto
  186. * policy (or other mechanism).
  187. */
  188. typedef enum {
  189. sec_serv_none = 0, /**< no services */
  190. sec_serv_conf = 1, /**< confidentiality */
  191. sec_serv_auth = 2, /**< authentication */
  192. sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */
  193. } srtp_sec_serv_t;
  194. /**
  195. * @brief srtp_crypto_policy_t describes a particular crypto policy that
  196. * can be applied to an SRTP stream.
  197. *
  198. * A srtp_crypto_policy_t describes a particular cryptographic policy that
  199. * can be applied to an SRTP or SRTCP stream. An SRTP session policy
  200. * consists of a list of these policies, one for each SRTP stream
  201. * in the session.
  202. */
  203. typedef struct srtp_crypto_policy_t {
  204. srtp_cipher_type_id_t cipher_type; /**< An integer representing */
  205. /**< the type of cipher. */
  206. int cipher_key_len; /**< The length of the cipher key */
  207. /**< in octets. */
  208. srtp_auth_type_id_t auth_type; /**< An integer representing the */
  209. /**< authentication function. */
  210. int auth_key_len; /**< The length of the authentication */
  211. /**< function key in octets. */
  212. int auth_tag_len; /**< The length of the authentication */
  213. /**< tag in octets. */
  214. srtp_sec_serv_t sec_serv; /**< The flag indicating the security */
  215. /**< services to be applied. */
  216. } srtp_crypto_policy_t;
  217. /**
  218. * @brief srtp_ssrc_type_t describes the type of an SSRC.
  219. *
  220. * An srtp_ssrc_type_t enumeration is used to indicate a type of SSRC. See
  221. * @ref srtp_policy_t for more informataion.
  222. */
  223. typedef enum {
  224. ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */
  225. ssrc_specific = 1, /**< Indicates a specific SSRC value */
  226. ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value */
  227. /**< (i.e. a value that is used in the */
  228. /**< function srtp_unprotect()) */
  229. ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value */
  230. /**< (i.e. a value that is used in the */
  231. /**< function srtp_protect()) */
  232. } srtp_ssrc_type_t;
  233. /**
  234. * @brief An srtp_ssrc_t represents a particular SSRC value, or a `wildcard'
  235. * SSRC.
  236. *
  237. * An srtp_ssrc_t represents a particular SSRC value (if its type is
  238. * ssrc_specific), or a wildcard SSRC value that will match all
  239. * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound
  240. * SSRCs (if its type is ssrc_any_inbound).
  241. */
  242. typedef struct {
  243. srtp_ssrc_type_t type; /**< The type of this particular SSRC */
  244. unsigned int value; /**< The value of this SSRC, if it is not a */
  245. /**< wildcard */
  246. } srtp_ssrc_t;
  247. /**
  248. * @brief points to an EKT policy
  249. */
  250. typedef struct srtp_ekt_policy_ctx_t *srtp_ekt_policy_t;
  251. /**
  252. * @brief points to EKT stream data
  253. */
  254. typedef struct srtp_ekt_stream_ctx_t *srtp_ekt_stream_t;
  255. /**
  256. * @brief srtp_master_key_t represents a master key. There will
  257. * be a Master Key Index and the Master Key associated with the
  258. * Master Key Index. Need to also keep track of the Master Key
  259. * Index Size to correctly read it from a packet.
  260. */
  261. typedef struct srtp_master_key_t {
  262. unsigned char *key;
  263. unsigned char *mki_id;
  264. unsigned int mki_size;
  265. } srtp_master_key_t;
  266. /**
  267. * @brief represents the policy for an SRTP session.
  268. *
  269. * A single srtp_policy_t struct represents the policy for a single
  270. * SRTP stream, and a linked list of these elements represents the
  271. * policy for an entire SRTP session. Each element contains the SRTP
  272. * and SRTCP crypto policies for that stream, a pointer to the SRTP
  273. * master key for that stream, the SSRC describing that stream, or a
  274. * flag indicating a `wildcard' SSRC value, and a `next' field that
  275. * holds a pointer to the next element in the list of policy elements,
  276. * or NULL if it is the last element.
  277. *
  278. * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an
  279. * inbound stream that for which there is no explicit SSRC entry in
  280. * another policy element. Similarly, the value SSRC_ANY_OUTBOUND
  281. * will matches any SSRC from an outbound stream that does not appear
  282. * in another policy element. Note that wildcard SSRCs &b cannot be
  283. * used to match both inbound and outbound traffic. This restriction
  284. * is intentional, and it allows libSRTP to ensure that no security
  285. * lapses result from accidental re-use of SSRC values during key
  286. * sharing.
  287. *
  288. * @warning The final element of the list @b must have its `next' pointer
  289. * set to NULL.
  290. */
  291. typedef struct srtp_policy_t {
  292. srtp_ssrc_t ssrc; /**< The SSRC value of stream, or the */
  293. /**< flags SSRC_ANY_INBOUND or */
  294. /**< SSRC_ANY_OUTBOUND if key sharing */
  295. /**< is used for this policy element. */
  296. srtp_crypto_policy_t rtp; /**< SRTP crypto policy. */
  297. srtp_crypto_policy_t rtcp; /**< SRTCP crypto policy. */
  298. unsigned char *key; /**< Pointer to the SRTP master key for */
  299. /**< this stream. */
  300. srtp_master_key_t **keys; /** Array of Master Key structures */
  301. unsigned long num_master_keys; /** Number of master keys */
  302. srtp_ekt_policy_t ekt; /**< Pointer to the EKT policy structure */
  303. /**< for this stream (if any) */
  304. unsigned long window_size; /**< The window size to use for replay */
  305. /**< protection. */
  306. int allow_repeat_tx; /**< Whether retransmissions of */
  307. /**< packets with the same sequence */
  308. /**< number are allowed. */
  309. /**< (Note that such repeated */
  310. /**< transmissions must have the same */
  311. /**< RTP payload, or a severe security */
  312. /**< weakness is introduced!) */
  313. int *enc_xtn_hdr; /**< List of header ids to encrypt. */
  314. int enc_xtn_hdr_count; /**< Number of entries in list of header */
  315. /**< ids. */
  316. struct srtp_policy_t *next; /**< Pointer to next stream policy. */
  317. } srtp_policy_t;
  318. /**
  319. * @brief An srtp_t points to an SRTP session structure.
  320. *
  321. * The typedef srtp_t is a pointer to a structure that represents
  322. * an SRTP session. This datatype is intentially opaque in
  323. * order to separate the interface from the implementation.
  324. *
  325. * An SRTP session consists of all of the traffic sent to the RTP and
  326. * RTCP destination transport addresses, using the RTP/SAVP (Secure
  327. * Audio/Video Profile). A session can be viewed as a set of SRTP
  328. * streams, each of which originates with a different participant.
  329. */
  330. typedef srtp_ctx_t *srtp_t;
  331. /**
  332. * @brief srtp_init() initializes the srtp library.
  333. *
  334. * @warning This function @b must be called before any other srtp
  335. * functions.
  336. */
  337. srtp_err_status_t srtp_init(void);
  338. /**
  339. * @brief srtp_shutdown() de-initializes the srtp library.
  340. *
  341. * @warning No srtp functions may be called after calling this function.
  342. */
  343. srtp_err_status_t srtp_shutdown(void);
  344. /**
  345. * @brief srtp_protect() is the Secure RTP sender-side packet processing
  346. * function.
  347. *
  348. * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP
  349. * protection to the RTP packet rtp_hdr (which has length *len_ptr) using
  350. * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr
  351. * points to the resulting SRTP packet and *len_ptr is the number of
  352. * octets in that packet; otherwise, no assumptions should be made
  353. * about the value of either data elements.
  354. *
  355. * The sequence numbers of the RTP packets presented to this function
  356. * need not be consecutive, but they @b must be out of order by less
  357. * than 2^15 = 32,768 packets.
  358. *
  359. * @warning This function assumes that it can write the authentication
  360. * tag into the location in memory immediately following the RTP
  361. * packet, and assumes that the RTP packet is aligned on a 32-bit
  362. * boundary.
  363. *
  364. * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN
  365. * into the location in memory immediately following the RTP packet.
  366. * Callers MUST ensure that this much writable memory is available in
  367. * the buffer that holds the RTP packet.
  368. *
  369. * @param ctx is the SRTP context to use in processing the packet.
  370. *
  371. * @param rtp_hdr is a pointer to the RTP packet (before the call); after
  372. * the function returns, it points to the srtp packet.
  373. *
  374. * @param len_ptr is a pointer to the length in octets of the complete
  375. * RTP packet (header and body) before the function call, and of the
  376. * complete SRTP packet after the call, if srtp_err_status_ok was returned.
  377. * Otherwise, the value of the data to which it points is undefined.
  378. *
  379. * @return
  380. * - srtp_err_status_ok no problems
  381. * - srtp_err_status_replay_fail rtp sequence number was non-increasing
  382. * - @e other failure in cryptographic mechanisms
  383. */
  384. srtp_err_status_t srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr);
  385. /**
  386. * @brief srtp_protect_mki() is the Secure RTP sender-side packet processing
  387. * function that can utilize MKI.
  388. *
  389. * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP
  390. * protection to the RTP packet rtp_hdr (which has length *len_ptr) using
  391. * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr
  392. * points to the resulting SRTP packet and *len_ptr is the number of
  393. * octets in that packet; otherwise, no assumptions should be made
  394. * about the value of either data elements.
  395. *
  396. * The sequence numbers of the RTP packets presented to this function
  397. * need not be consecutive, but they @b must be out of order by less
  398. * than 2^15 = 32,768 packets.
  399. *
  400. * @warning This function assumes that it can write the authentication
  401. * tag into the location in memory immediately following the RTP
  402. * packet, and assumes that the RTP packet is aligned on a 32-bit
  403. * boundary.
  404. *
  405. * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN
  406. * into the location in memory immediately following the RTP packet.
  407. * Callers MUST ensure that this much writable memory is available in
  408. * the buffer that holds the RTP packet.
  409. *
  410. * @param ctx is the SRTP context to use in processing the packet.
  411. *
  412. * @param rtp_hdr is a pointer to the RTP packet (before the call); after
  413. * the function returns, it points to the srtp packet.
  414. *
  415. * @param pkt_octet_len is a pointer to the length in octets of the complete
  416. * RTP packet (header and body) before the function call, and of the
  417. * complete SRTP packet after the call, if srtp_err_status_ok was returned.
  418. * Otherwise, the value of the data to which it points is undefined.
  419. *
  420. * @param use_mki is a boolean to tell the system if mki is being used. If
  421. * set to false then will use the first set of session keys. If set to true
  422. * will
  423. * use the session keys identified by the mki_index
  424. *
  425. * @param mki_index integer value specifying which set of session keys should be
  426. * used if use_mki is set to true.
  427. *
  428. * @return
  429. * - srtp_err_status_ok no problems
  430. * - srtp_err_status_replay_fail rtp sequence number was non-increasing
  431. * - @e other failure in cryptographic mechanisms
  432. */
  433. srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx,
  434. void *rtp_hdr,
  435. int *pkt_octet_len,
  436. unsigned int use_mki,
  437. unsigned int mki_index);
  438. /**
  439. * @brief srtp_unprotect() is the Secure RTP receiver-side packet
  440. * processing function.
  441. *
  442. * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies
  443. * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr
  444. * (which has length *len_ptr), using the SRTP context ctx. If
  445. * srtp_err_status_ok is returned, then srtp_hdr points to the resulting
  446. * RTP packet and *len_ptr is the number of octets in that packet;
  447. * otherwise, no assumptions should be made about the value of either
  448. * data elements.
  449. *
  450. * The sequence numbers of the RTP packets presented to this function
  451. * need not be consecutive, but they @b must be out of order by less
  452. * than 2^15 = 32,768 packets.
  453. *
  454. * @warning This function assumes that the SRTP packet is aligned on a
  455. * 32-bit boundary.
  456. *
  457. * @param ctx is the SRTP session which applies to the particular packet.
  458. *
  459. * @param srtp_hdr is a pointer to the header of the SRTP packet
  460. * (before the call). after the function returns, it points to the
  461. * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
  462. * the data to which it points is undefined.
  463. *
  464. * @param len_ptr is a pointer to the length in octets of the complete
  465. * srtp packet (header and body) before the function call, and of the
  466. * complete rtp packet after the call, if srtp_err_status_ok was returned.
  467. * Otherwise, the value of the data to which it points is undefined.
  468. *
  469. * @return
  470. * - srtp_err_status_ok if the RTP packet is valid.
  471. * - srtp_err_status_auth_fail if the SRTP packet failed the message
  472. * authentication check.
  473. * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet
  474. * has already been processed and accepted).
  475. * - [other] if there has been an error in the cryptographic mechanisms.
  476. *
  477. */
  478. srtp_err_status_t srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr);
  479. /**
  480. * @brief srtp_unprotect_mki() is the Secure RTP receiver-side packet
  481. * processing function that checks for MKI.
  482. *
  483. * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies
  484. * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr
  485. * (which has length *len_ptr), using the SRTP context ctx. If
  486. * srtp_err_status_ok is returned, then srtp_hdr points to the resulting
  487. * RTP packet and *len_ptr is the number of octets in that packet;
  488. * otherwise, no assumptions should be made about the value of either
  489. * data elements.
  490. *
  491. * The sequence numbers of the RTP packets presented to this function
  492. * need not be consecutive, but they @b must be out of order by less
  493. * than 2^15 = 32,768 packets.
  494. *
  495. * @warning This function assumes that the SRTP packet is aligned on a
  496. * 32-bit boundary.
  497. *
  498. * @param ctx is the SRTP session which applies to the particular packet.
  499. *
  500. * @param srtp_hdr is a pointer to the header of the SRTP packet
  501. * (before the call). after the function returns, it points to the
  502. * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
  503. * the data to which it points is undefined.
  504. *
  505. * @param len_ptr is a pointer to the length in octets of the complete
  506. * srtp packet (header and body) before the function call, and of the
  507. * complete rtp packet after the call, if srtp_err_status_ok was returned.
  508. * Otherwise, the value of the data to which it points is undefined.
  509. *
  510. * @param use_mki is a boolean to tell the system if mki is being used. If
  511. * set to false then will use the first set of session keys. If set to true
  512. * will
  513. * use the session keys identified by the mki_index
  514. *
  515. * @return
  516. * - srtp_err_status_ok if the RTP packet is valid.
  517. * - srtp_err_status_auth_fail if the SRTP packet failed the message
  518. * authentication check.
  519. * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet
  520. * has already been processed and accepted).
  521. * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI id
  522. * - [other] if there has been an error in the cryptographic mechanisms.
  523. *
  524. */
  525. srtp_err_status_t srtp_unprotect_mki(srtp_t ctx,
  526. void *srtp_hdr,
  527. int *len_ptr,
  528. unsigned int use_mki);
  529. /**
  530. * @brief srtp_create() allocates and initializes an SRTP session.
  531. * The function call srtp_create(session, policy) allocates and
  532. * initializes an SRTP session context, applying the given policy.
  533. *
  534. * @param session is a pointer to the SRTP session to which the policy is
  535. * to be added.
  536. *
  537. * @param policy is the srtp_policy_t struct that describes the policy
  538. * for the session. The struct may be a single element, or it may be
  539. * the head of a list, in which case each element of the list is
  540. * processed. It may also be NULL, in which case streams should be added
  541. * later using srtp_add_stream(). The final element of the list @b must
  542. * have its `next' field set to NULL.
  543. *
  544. * @return
  545. * - srtp_err_status_ok if creation succeded.
  546. * - srtp_err_status_alloc_fail if allocation failed.
  547. * - srtp_err_status_init_fail if initialization failed.
  548. */
  549. srtp_err_status_t srtp_create(srtp_t *session, const srtp_policy_t *policy);
  550. /**
  551. * @brief srtp_add_stream() allocates and initializes an SRTP stream
  552. * within a given SRTP session.
  553. *
  554. * The function call srtp_add_stream(session, policy) allocates and
  555. * initializes a new SRTP stream within a given, previously created
  556. * session, applying the policy given as the other argument to that
  557. * stream.
  558. *
  559. * @return values:
  560. * - srtp_err_status_ok if stream creation succeded.
  561. * - srtp_err_status_alloc_fail if stream allocation failed
  562. * - srtp_err_status_init_fail if stream initialization failed.
  563. */
  564. srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy);
  565. /**
  566. * @brief srtp_remove_stream() deallocates an SRTP stream.
  567. *
  568. * The function call srtp_remove_stream(session, ssrc) removes
  569. * the SRTP stream with the SSRC value ssrc from the SRTP session
  570. * context given by the argument session.
  571. *
  572. * @param session is the SRTP session from which the stream
  573. * will be removed.
  574. *
  575. * @param ssrc is the SSRC value of the stream to be removed
  576. * in network byte order.
  577. *
  578. * @warning Wildcard SSRC values cannot be removed from a
  579. * session.
  580. *
  581. * @return
  582. * - srtp_err_status_ok if the stream deallocation succeded.
  583. * - [other] otherwise.
  584. *
  585. */
  586. srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc);
  587. /**
  588. * @brief srtp_update() udpates all streams in the session.
  589. *
  590. * The function call srtp_update(session, policy) updates
  591. * all the streams in the session applying the given policy
  592. * and key. The exsisting ROC value of all streams will be
  593. * preserved.
  594. *
  595. * @param session is the SRTP session that contains the streams
  596. * to be updated.
  597. *
  598. * @param policy is the srtp_policy_t struct that describes the policy
  599. * for the session. The struct may be a single element, or it may be
  600. * the head of a list, in which case each element of the list is
  601. * processed. The final element of the list @b must
  602. * have its `next' field set to NULL.
  603. *
  604. * @return
  605. * - srtp_err_status_ok if stream creation succeded.
  606. * - srtp_err_status_alloc_fail if stream allocation failed
  607. * - srtp_err_status_init_fail if stream initialization failed.
  608. * - [other] otherwise.
  609. *
  610. */
  611. srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy);
  612. /**
  613. * @brief srtp_update_stream() udpates a SRTP stream.
  614. *
  615. * The function call srtp_update_stream(session, policy) updates
  616. * the stream(s) in the session that match applying the given
  617. * policy and key. The exsisting ROC value of all stream(s) will
  618. * be preserved.
  619. *
  620. * @param session is the SRTP session that contains the streams
  621. * to be updated.
  622. *
  623. * @param policy is the srtp_policy_t struct that describes the policy
  624. * for the session.
  625. *
  626. * @return
  627. * - srtp_err_status_ok if stream creation succeded.
  628. * - srtp_err_status_alloc_fail if stream allocation failed
  629. * - srtp_err_status_init_fail if stream initialization failed.
  630. * - [other] otherwise.
  631. *
  632. */
  633. srtp_err_status_t srtp_update_stream(srtp_t session,
  634. const srtp_policy_t *policy);
  635. /**
  636. * @brief srtp_crypto_policy_set_rtp_default() sets a crypto policy
  637. * structure to the SRTP default policy for RTP protection.
  638. *
  639. * @param p is a pointer to the policy structure to be set
  640. *
  641. * The function call crypto_policy_set_rtp_default(&p) sets the
  642. * crypto_policy_t at location p to the SRTP default policy for RTP
  643. * protection, as defined in the specification. This function is a
  644. * convenience that helps to avoid dealing directly with the policy
  645. * data structure. You are encouraged to initialize policy elements
  646. * with this function call. Doing so may allow your code to be
  647. * forward compatible with later versions of libSRTP that include more
  648. * elements in the crypto_policy_t datatype.
  649. *
  650. * @return void.
  651. *
  652. */
  653. void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p);
  654. /**
  655. * @brief srtp_crypto_policy_set_rtcp_default() sets a crypto policy
  656. * structure to the SRTP default policy for RTCP protection.
  657. *
  658. * @param p is a pointer to the policy structure to be set
  659. *
  660. * The function call srtp_crypto_policy_set_rtcp_default(&p) sets the
  661. * srtp_crypto_policy_t at location p to the SRTP default policy for RTCP
  662. * protection, as defined in the specification. This function is a
  663. * convenience that helps to avoid dealing directly with the policy
  664. * data structure. You are encouraged to initialize policy elements
  665. * with this function call. Doing so may allow your code to be
  666. * forward compatible with later versions of libSRTP that include more
  667. * elements in the srtp_crypto_policy_t datatype.
  668. *
  669. * @return void.
  670. *
  671. */
  672. void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p);
  673. /**
  674. * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto
  675. * policy structure to the SRTP default policy for RTP protection.
  676. *
  677. * @param p is a pointer to the policy structure to be set
  678. *
  679. * The function srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() is a
  680. * synonym for srtp_crypto_policy_set_rtp_default(). It conforms to the
  681. * naming convention used in RFC 4568 (SDP Security Descriptions for
  682. * Media Streams).
  683. *
  684. * @return void.
  685. *
  686. */
  687. #define srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(p) \
  688. srtp_crypto_policy_set_rtp_default(p)
  689. /**
  690. * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto
  691. * policy structure to a short-authentication tag policy
  692. *
  693. * @param p is a pointer to the policy structure to be set
  694. *
  695. * The function call srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)
  696. * sets the srtp_crypto_policy_t at location p to use policy
  697. * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568.
  698. * This policy uses AES-128
  699. * Counter Mode encryption and HMAC-SHA1 authentication, with an
  700. * authentication tag that is only 32 bits long. This length is
  701. * considered adequate only for protecting audio and video media that
  702. * use a stateless playback function. See Section 7.5 of RFC 3711
  703. * (http://www.ietf.org/rfc/rfc3711.txt).
  704. *
  705. * This function is a convenience that helps to avoid dealing directly
  706. * with the policy data structure. You are encouraged to initialize
  707. * policy elements with this function call. Doing so may allow your
  708. * code to be forward compatible with later versions of libSRTP that
  709. * include more elements in the srtp_crypto_policy_t datatype.
  710. *
  711. * @warning This crypto policy is intended for use in SRTP, but not in
  712. * SRTCP. It is recommended that a policy that uses longer
  713. * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711
  714. * (http://www.ietf.org/rfc/rfc3711.txt).
  715. *
  716. * @return void.
  717. *
  718. */
  719. void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p);
  720. /**
  721. * @brief srtp_crypto_policy_set_aes_cm_128_null_auth() sets a crypto
  722. * policy structure to an encryption-only policy
  723. *
  724. * @param p is a pointer to the policy structure to be set
  725. *
  726. * The function call srtp_crypto_policy_set_aes_cm_128_null_auth(&p) sets
  727. * the srtp_crypto_policy_t at location p to use the SRTP default cipher
  728. * (AES-128 Counter Mode), but to use no authentication method. This
  729. * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
  730. * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
  731. *
  732. * This function is a convenience that helps to avoid dealing directly
  733. * with the policy data structure. You are encouraged to initialize
  734. * policy elements with this function call. Doing so may allow your
  735. * code to be forward compatible with later versions of libSRTP that
  736. * include more elements in the srtp_crypto_policy_t datatype.
  737. *
  738. * @warning This policy is NOT RECOMMENDED for SRTP unless it is
  739. * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
  740. * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
  741. *
  742. * @return void.
  743. *
  744. */
  745. void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p);
  746. /**
  747. * @brief srtp_crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto
  748. * policy structure to an authentication-only policy
  749. *
  750. * @param p is a pointer to the policy structure to be set
  751. *
  752. * The function call srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&p)
  753. * sets the srtp_crypto_policy_t at location p to use HMAC-SHA1 with an 80
  754. * bit authentication tag to provide message authentication, but to
  755. * use no encryption. This policy is NOT RECOMMENDED for SRTP unless
  756. * there is a requirement to forego encryption.
  757. *
  758. * This function is a convenience that helps to avoid dealing directly
  759. * with the policy data structure. You are encouraged to initialize
  760. * policy elements with this function call. Doing so may allow your
  761. * code to be forward compatible with later versions of libSRTP that
  762. * include more elements in the srtp_crypto_policy_t datatype.
  763. *
  764. * @warning This policy is NOT RECOMMENDED for SRTP unless there is a
  765. * requirement to forego encryption.
  766. *
  767. * @return void.
  768. *
  769. */
  770. void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p);
  771. /**
  772. * @brief srtp_crypto_policy_set_null_cipher_hmac_null() sets a crypto
  773. * policy structure to use no encryption or authentication.
  774. *
  775. * @param p is a pointer to the policy structure to be set
  776. *
  777. * The function call srtp_crypto_policy_set_null_cipher_hmac_null(&p)
  778. * sets the srtp_crypto_policy_t at location p to use no encryption and
  779. * no authentication. This policy should only be used for testing and
  780. * troubleshootingl.
  781. *
  782. * This function is a convenience that helps to avoid dealing directly
  783. * with the policy data structure. You are encouraged to initialize
  784. * policy elements with this function call. Doing so may allow your
  785. * code to be forward compatible with later versions of libSRTP that
  786. * include more elements in the srtp_crypto_policy_t datatype.
  787. *
  788. * @warning This policy is NOT RECOMMENDED for SRTP unless there is a
  789. * requirement to forego encryption and authentication.
  790. *
  791. * @return void.
  792. *
  793. */
  794. void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p);
  795. /**
  796. * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto
  797. * policy structure to a encryption and authentication policy using AES-256
  798. * for RTP protection.
  799. *
  800. * @param p is a pointer to the policy structure to be set
  801. *
  802. * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&p)
  803. * sets the srtp_crypto_policy_t at location p to use policy
  804. * AES_CM_256_HMAC_SHA1_80 as defined in RFC 6188. This policy uses AES-256
  805. * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit
  806. * authentication tag.
  807. *
  808. * This function is a convenience that helps to avoid dealing directly
  809. * with the policy data structure. You are encouraged to initialize
  810. * policy elements with this function call. Doing so may allow your
  811. * code to be forward compatible with later versions of libSRTP that
  812. * include more elements in the srtp_crypto_policy_t datatype.
  813. *
  814. * @return void.
  815. *
  816. */
  817. void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p);
  818. /**
  819. * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto
  820. * policy structure to a short-authentication tag policy using AES-256
  821. * encryption.
  822. *
  823. * @param p is a pointer to the policy structure to be set
  824. *
  825. * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(&p)
  826. * sets the srtp_crypto_policy_t at location p to use policy
  827. * AES_CM_256_HMAC_SHA1_32 as defined in RFC 6188. This policy uses AES-256
  828. * Counter Mode encryption and HMAC-SHA1 authentication, with an
  829. * authentication tag that is only 32 bits long. This length is
  830. * considered adequate only for protecting audio and video media that
  831. * use a stateless playback function. See Section 7.5 of RFC 3711
  832. * (http://www.ietf.org/rfc/rfc3711.txt).
  833. *
  834. * This function is a convenience that helps to avoid dealing directly
  835. * with the policy data structure. You are encouraged to initialize
  836. * policy elements with this function call. Doing so may allow your
  837. * code to be forward compatible with later versions of libSRTP that
  838. * include more elements in the srtp_crypto_policy_t datatype.
  839. *
  840. * @warning This crypto policy is intended for use in SRTP, but not in
  841. * SRTCP. It is recommended that a policy that uses longer
  842. * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711
  843. * (http://www.ietf.org/rfc/rfc3711.txt).
  844. *
  845. * @return void.
  846. *
  847. */
  848. void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p);
  849. /**
  850. * @brief srtp_crypto_policy_set_aes_cm_256_null_auth() sets a crypto
  851. * policy structure to an encryption-only policy
  852. *
  853. * @param p is a pointer to the policy structure to be set
  854. *
  855. * The function call srtp_crypto_policy_set_aes_cm_256_null_auth(&p) sets
  856. * the srtp_crypto_policy_t at location p to use the SRTP default cipher
  857. * (AES-256 Counter Mode), but to use no authentication method. This
  858. * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
  859. * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
  860. *
  861. * This function is a convenience that helps to avoid dealing directly
  862. * with the policy data structure. You are encouraged to initialize
  863. * policy elements with this function call. Doing so may allow your
  864. * code to be forward compatible with later versions of libSRTP that
  865. * include more elements in the srtp_crypto_policy_t datatype.
  866. *
  867. * @warning This policy is NOT RECOMMENDED for SRTP unless it is
  868. * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
  869. * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
  870. *
  871. * @return void.
  872. *
  873. */
  874. void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p);
  875. /**
  876. * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80() sets a crypto
  877. * policy structure to a encryption and authentication policy using AES-192
  878. * for RTP protection.
  879. *
  880. * @param p is a pointer to the policy structure to be set
  881. *
  882. * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(&p)
  883. * sets the crypto_policy_t at location p to use policy
  884. * AES_CM_192_HMAC_SHA1_80 as defined in RFC 6188. This policy uses AES-192
  885. * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit
  886. * authentication tag.
  887. *
  888. * This function is a convenience that helps to avoid dealing directly
  889. * with the policy data structure. You are encouraged to initialize
  890. * policy elements with this function call. Doing so may allow your
  891. * code to be forward compatible with later versions of libSRTP that
  892. * include more elements in the crypto_policy_t datatype.
  893. *
  894. * @return void.
  895. *
  896. */
  897. void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p);
  898. /**
  899. * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32() sets a crypto
  900. * policy structure to a short-authentication tag policy using AES-192
  901. * encryption.
  902. *
  903. * @param p is a pointer to the policy structure to be set
  904. *
  905. * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(&p)
  906. * sets the crypto_policy_t at location p to use policy
  907. * AES_CM_192_HMAC_SHA1_32 as defined in RFC 6188. This policy uses AES-192
  908. * Counter Mode encryption and HMAC-SHA1 authentication, with an
  909. * authentication tag that is only 32 bits long. This length is
  910. * considered adequate only for protecting audio and video media that
  911. * use a stateless playback function. See Section 7.5 of RFC 3711
  912. * (http://www.ietf.org/rfc/rfc3711.txt).
  913. *
  914. * This function is a convenience that helps to avoid dealing directly
  915. * with the policy data structure. You are encouraged to initialize
  916. * policy elements with this function call. Doing so may allow your
  917. * code to be forward compatible with later versions of libSRTP that
  918. * include more elements in the crypto_policy_t datatype.
  919. *
  920. * @warning This crypto policy is intended for use in SRTP, but not in
  921. * SRTCP. It is recommended that a policy that uses longer
  922. * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711
  923. * (http://www.ietf.org/rfc/rfc3711.txt).
  924. *
  925. * @return void.
  926. *
  927. */
  928. void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p);
  929. /**
  930. * @brief srtp_crypto_policy_set_aes_cm_192_null_auth() sets a crypto
  931. * policy structure to an encryption-only policy
  932. *
  933. * @param p is a pointer to the policy structure to be set
  934. *
  935. * The function call srtp_crypto_policy_set_aes_cm_192_null_auth(&p) sets
  936. * the crypto_policy_t at location p to use the SRTP default cipher
  937. * (AES-192 Counter Mode), but to use no authentication method. This
  938. * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
  939. * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
  940. *
  941. * This function is a convenience that helps to avoid dealing directly
  942. * with the policy data structure. You are encouraged to initialize
  943. * policy elements with this function call. Doing so may allow your
  944. * code to be forward compatible with later versions of libSRTP that
  945. * include more elements in the crypto_policy_t datatype.
  946. *
  947. * @warning This policy is NOT RECOMMENDED for SRTP unless it is
  948. * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
  949. * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
  950. *
  951. * @return void.
  952. *
  953. */
  954. void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p);
  955. /**
  956. * @brief srtp_crypto_policy_set_aes_gcm_128_8_auth() sets a crypto
  957. * policy structure to an AEAD encryption policy.
  958. *
  959. * @param p is a pointer to the policy structure to be set
  960. *
  961. * The function call srtp_crypto_policy_set_aes_gcm_128_8_auth(&p) sets
  962. * the srtp_crypto_policy_t at location p to use the SRTP default cipher
  963. * (AES-128 Galois Counter Mode) with 8 octet auth tag. This
  964. * policy applies confidentiality and authentication to both the
  965. * RTP and RTCP packets.
  966. *
  967. * This function is a convenience that helps to avoid dealing directly
  968. * with the policy data structure. You are encouraged to initialize
  969. * policy elements with this function call. Doing so may allow your
  970. * code to be forward compatible with later versions of libSRTP that
  971. * include more elements in the srtp_crypto_policy_t datatype.
  972. *
  973. * @return void.
  974. *
  975. */
  976. void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p);
  977. /**
  978. * @brief srtp_crypto_policy_set_aes_gcm_256_8_auth() sets a crypto
  979. * policy structure to an AEAD encryption policy
  980. *
  981. * @param p is a pointer to the policy structure to be set
  982. *
  983. * The function call srtp_crypto_policy_set_aes_gcm_256_8_auth(&p) sets
  984. * the srtp_crypto_policy_t at location p to use the SRTP default cipher
  985. * (AES-256 Galois Counter Mode) with 8 octet auth tag. This
  986. * policy applies confidentiality and authentication to both the
  987. * RTP and RTCP packets.
  988. *
  989. * This function is a convenience that helps to avoid dealing directly
  990. * with the policy data structure. You are encouraged to initialize
  991. * policy elements with this function call. Doing so may allow your
  992. * code to be forward compatible with later versions of libSRTP that
  993. * include more elements in the srtp_crypto_policy_t datatype.
  994. *
  995. * @return void.
  996. *
  997. */
  998. void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p);
  999. /**
  1000. * @brief srtp_crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto
  1001. * policy structure to an AEAD authentication-only policy
  1002. *
  1003. * @param p is a pointer to the policy structure to be set
  1004. *
  1005. * The function call srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets
  1006. * the srtp_crypto_policy_t at location p to use the SRTP default cipher
  1007. * (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy
  1008. * applies confidentiality and authentication to the RTP packets,
  1009. * but only authentication to the RTCP packets.
  1010. *
  1011. * This function is a convenience that helps to avoid dealing directly
  1012. * with the policy data structure. You are encouraged to initialize
  1013. * policy elements with this function call. Doing so may allow your
  1014. * code to be forward compatible with later versions of libSRTP that
  1015. * include more elements in the srtp_crypto_policy_t datatype.
  1016. *
  1017. * @return void.
  1018. *
  1019. */
  1020. void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p);
  1021. /**
  1022. * @brief srtp_crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto
  1023. * policy structure to an AEAD authentication-only policy
  1024. *
  1025. * @param p is a pointer to the policy structure to be set
  1026. *
  1027. * The function call srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets
  1028. * the srtp_crypto_policy_t at location p to use the SRTP default cipher
  1029. * (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy
  1030. * applies confidentiality and authentication to the RTP packets,
  1031. * but only authentication to the RTCP packets.
  1032. *
  1033. * This function is a convenience that helps to avoid dealing directly
  1034. * with the policy data structure. You are encouraged to initialize
  1035. * policy elements with this function call. Doing so may allow your
  1036. * code to be forward compatible with later versions of libSRTP that
  1037. * include more elements in the srtp_crypto_policy_t datatype.
  1038. *
  1039. * @return void.
  1040. *
  1041. */
  1042. void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p);
  1043. /**
  1044. * @brief srtp_crypto_policy_set_aes_gcm_128_16_auth() sets a crypto
  1045. * policy structure to an AEAD encryption policy.
  1046. *
  1047. * @param p is a pointer to the policy structure to be set
  1048. *
  1049. * The function call srtp_crypto_policy_set_aes_gcm_128_16_auth(&p) sets
  1050. * the srtp_crypto_policy_t at location p to use the SRTP default cipher
  1051. * (AES-128 Galois Counter Mode) with 16 octet auth tag. This
  1052. * policy applies confidentiality and authentication to both the
  1053. * RTP and RTCP packets.
  1054. *
  1055. * This function is a convenience that helps to avoid dealing directly
  1056. * with the policy data structure. You are encouraged to initialize
  1057. * policy elements with this function call. Doing so may allow your
  1058. * code to be forward compatible with later versions of libSRTP that
  1059. * include more elements in the srtp_crypto_policy_t datatype.
  1060. *
  1061. * @return void.
  1062. *
  1063. */
  1064. void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p);
  1065. /**
  1066. * @brief srtp_crypto_policy_set_aes_gcm_256_16_auth() sets a crypto
  1067. * policy structure to an AEAD encryption policy
  1068. *
  1069. * @param p is a pointer to the policy structure to be set
  1070. *
  1071. * The function call srtp_crypto_policy_set_aes_gcm_256_16_auth(&p) sets
  1072. * the srtp_crypto_policy_t at location p to use the SRTP default cipher
  1073. * (AES-256 Galois Counter Mode) with 16 octet auth tag. This
  1074. * policy applies confidentiality and authentication to both the
  1075. * RTP and RTCP packets.
  1076. *
  1077. * This function is a convenience that helps to avoid dealing directly
  1078. * with the policy data structure. You are encouraged to initialize
  1079. * policy elements with this function call. Doing so may allow your
  1080. * code to be forward compatible with later versions of libSRTP that
  1081. * include more elements in the srtp_crypto_policy_t datatype.
  1082. *
  1083. * @return void.
  1084. *
  1085. */
  1086. void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p);
  1087. /**
  1088. * @brief srtp_dealloc() deallocates storage for an SRTP session
  1089. * context.
  1090. *
  1091. * The function call srtp_dealloc(s) deallocates storage for the
  1092. * SRTP session context s. This function should be called no more
  1093. * than one time for each of the contexts allocated by the function
  1094. * srtp_create().
  1095. *
  1096. * @param s is the srtp_t for the session to be deallocated.
  1097. *
  1098. * @return
  1099. * - srtp_err_status_ok if there no problems.
  1100. * - srtp_err_status_dealloc_fail a memory deallocation failure occured.
  1101. */
  1102. srtp_err_status_t srtp_dealloc(srtp_t s);
  1103. /*
  1104. * @brief identifies a particular SRTP profile
  1105. *
  1106. * An srtp_profile_t enumeration is used to identify a particular SRTP
  1107. * profile (that is, a set of algorithms and parameters). These profiles
  1108. * are defined for DTLS-SRTP:
  1109. * https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
  1110. */
  1111. typedef enum {
  1112. srtp_profile_reserved = 0,
  1113. srtp_profile_aes128_cm_sha1_80 = 1,
  1114. srtp_profile_aes128_cm_sha1_32 = 2,
  1115. srtp_profile_null_sha1_80 = 5,
  1116. srtp_profile_null_sha1_32 = 6,
  1117. srtp_profile_aead_aes_128_gcm = 7,
  1118. srtp_profile_aead_aes_256_gcm = 8,
  1119. } srtp_profile_t;
  1120. /**
  1121. * @brief srtp_crypto_policy_set_from_profile_for_rtp() sets a crypto policy
  1122. * structure to the appropriate value for RTP based on an srtp_profile_t
  1123. *
  1124. * @param policy is a pointer to the policy structure to be set
  1125. *
  1126. * @param profile is an enumeration for the policy to be set
  1127. *
  1128. * The function call srtp_crypto_policy_set_rtp_default(&policy, profile)
  1129. * sets the srtp_crypto_policy_t at location policy to the policy for RTP
  1130. * protection, as defined by the srtp_profile_t profile.
  1131. *
  1132. * This function is a convenience that helps to avoid dealing directly
  1133. * with the policy data structure. You are encouraged to initialize
  1134. * policy elements with this function call. Doing so may allow your
  1135. * code to be forward compatible with later versions of libSRTP that
  1136. * include more elements in the srtp_crypto_policy_t datatype.
  1137. *
  1138. * @return values
  1139. * - srtp_err_status_ok no problems were encountered
  1140. * - srtp_err_status_bad_param the profile is not supported
  1141. *
  1142. */
  1143. srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(
  1144. srtp_crypto_policy_t *policy,
  1145. srtp_profile_t profile);
  1146. /**
  1147. * @brief srtp_crypto_policy_set_from_profile_for_rtcp() sets a crypto policy
  1148. * structure to the appropriate value for RTCP based on an srtp_profile_t
  1149. *
  1150. * @param policy is a pointer to the policy structure to be set
  1151. *
  1152. * @param profile is an enumeration for the policy to be set
  1153. *
  1154. * The function call srtp_crypto_policy_set_rtcp_default(&policy, profile)
  1155. * sets the srtp_crypto_policy_t at location policy to the policy for RTCP
  1156. * protection, as defined by the srtp_profile_t profile.
  1157. *
  1158. * This function is a convenience that helps to avoid dealing directly
  1159. * with the policy data structure. You are encouraged to initialize
  1160. * policy elements with this function call. Doing so may allow your
  1161. * code to be forward compatible with later versions of libSRTP that
  1162. * include more elements in the srtp_crypto_policy_t datatype.
  1163. *
  1164. * @return values
  1165. * - srtp_err_status_ok no problems were encountered
  1166. * - srtp_err_status_bad_param the profile is not supported
  1167. *
  1168. */
  1169. srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp(
  1170. srtp_crypto_policy_t *policy,
  1171. srtp_profile_t profile);
  1172. /**
  1173. * @brief returns the master key length for a given SRTP profile
  1174. */
  1175. unsigned int srtp_profile_get_master_key_length(srtp_profile_t profile);
  1176. /**
  1177. * @brief returns the master salt length for a given SRTP profile
  1178. */
  1179. unsigned int srtp_profile_get_master_salt_length(srtp_profile_t profile);
  1180. /**
  1181. * @brief appends the salt to the key
  1182. *
  1183. * The function call srtp_append_salt_to_key(k, klen, s, slen)
  1184. * copies the string s to the location at klen bytes following
  1185. * the location k.
  1186. *
  1187. * @warning There must be at least bytes_in_salt + bytes_in_key bytes
  1188. * available at the location pointed to by key.
  1189. *
  1190. */
  1191. void srtp_append_salt_to_key(unsigned char *key,
  1192. unsigned int bytes_in_key,
  1193. unsigned char *salt,
  1194. unsigned int bytes_in_salt);
  1195. /**
  1196. * @}
  1197. */
  1198. /**
  1199. * @defgroup SRTCP Secure RTCP
  1200. * @ingroup SRTP
  1201. *
  1202. * @brief Secure RTCP functions are used to protect RTCP traffic.
  1203. *
  1204. * RTCP is the control protocol for RTP. libSRTP protects RTCP
  1205. * traffic in much the same way as it does RTP traffic. The function
  1206. * srtp_protect_rtcp() applies cryptographic protections to outbound
  1207. * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on
  1208. * inbound RTCP packets.
  1209. *
  1210. * A note on the naming convention: srtp_protect_rtcp() has an srtp_t
  1211. * as its first argument, and thus has `srtp_' as its prefix. The
  1212. * trailing `_rtcp' indicates the protocol on which it acts.
  1213. *
  1214. * @{
  1215. */
  1216. /**
  1217. * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet
  1218. * processing function.
  1219. *
  1220. * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies
  1221. * SRTCP protection to the RTCP packet rtcp_hdr (which has length
  1222. * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is
  1223. * returned, then rtp_hdr points to the resulting SRTCP packet and
  1224. * *len_ptr is the number of octets in that packet; otherwise, no
  1225. * assumptions should be made about the value of either data elements.
  1226. *
  1227. * @warning This function assumes that it can write the authentication
  1228. * tag into the location in memory immediately following the RTCP
  1229. * packet, and assumes that the RTCP packet is aligned on a 32-bit
  1230. * boundary.
  1231. *
  1232. * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4
  1233. * into the location in memory immediately following the RTCP packet.
  1234. * Callers MUST ensure that this much writable memory is available in
  1235. * the buffer that holds the RTCP packet.
  1236. *
  1237. * @param ctx is the SRTP context to use in processing the packet.
  1238. *
  1239. * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after
  1240. * the function returns, it points to the srtp packet.
  1241. *
  1242. * @param pkt_octet_len is a pointer to the length in octets of the
  1243. * complete RTCP packet (header and body) before the function call,
  1244. * and of the complete SRTCP packet after the call, if srtp_err_status_ok
  1245. * was returned. Otherwise, the value of the data to which it points
  1246. * is undefined.
  1247. *
  1248. * @return
  1249. * - srtp_err_status_ok if there were no problems.
  1250. * - [other] if there was a failure in
  1251. * the cryptographic mechanisms.
  1252. */
  1253. srtp_err_status_t srtp_protect_rtcp(srtp_t ctx,
  1254. void *rtcp_hdr,
  1255. int *pkt_octet_len);
  1256. /**
  1257. * @brief srtp_protect_rtcp_mki() is the Secure RTCP sender-side packet
  1258. * processing function that can utilize mki.
  1259. *
  1260. * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies
  1261. * SRTCP protection to the RTCP packet rtcp_hdr (which has length
  1262. * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is
  1263. * returned, then rtp_hdr points to the resulting SRTCP packet and
  1264. * *len_ptr is the number of octets in that packet; otherwise, no
  1265. * assumptions should be made about the value of either data elements.
  1266. *
  1267. * @warning This function assumes that it can write the authentication
  1268. * tag into the location in memory immediately following the RTCP
  1269. * packet, and assumes that the RTCP packet is aligned on a 32-bit
  1270. * boundary.
  1271. *
  1272. * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4
  1273. * into the location in memory immediately following the RTCP packet.
  1274. * Callers MUST ensure that this much writable memory is available in
  1275. * the buffer that holds the RTCP packet.
  1276. *
  1277. * @param ctx is the SRTP context to use in processing the packet.
  1278. *
  1279. * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after
  1280. * the function returns, it points to the srtp packet.
  1281. *
  1282. * @param pkt_octet_len is a pointer to the length in octets of the
  1283. * complete RTCP packet (header and body) before the function call,
  1284. * and of the complete SRTCP packet after the call, if srtp_err_status_ok
  1285. * was returned. Otherwise, the value of the data to which it points
  1286. * is undefined.
  1287. *
  1288. * @param use_mki is a boolean to tell the system if mki is being used. If
  1289. * set to false then will use the first set of session keys. If set to true
  1290. * will
  1291. * use the session keys identified by the mki_index
  1292. *
  1293. * @param mki_index integer value specifying which set of session kesy should be
  1294. * used if use_mki is set to true.
  1295. *
  1296. * @return
  1297. * - srtp_err_status_ok if there were no problems.
  1298. * - [other] if there was a failure in
  1299. * the cryptographic mechanisms.
  1300. */
  1301. srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx,
  1302. void *rtcp_hdr,
  1303. int *pkt_octet_len,
  1304. unsigned int use_mki,
  1305. unsigned int mki_index);
  1306. /**
  1307. * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet
  1308. * processing function.
  1309. *
  1310. * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr)
  1311. * verifies the Secure RTCP protection of the SRTCP packet pointed to
  1312. * by srtcp_hdr (which has length *len_ptr), using the SRTP session
  1313. * context ctx. If srtp_err_status_ok is returned, then srtcp_hdr points
  1314. * to the resulting RTCP packet and *len_ptr is the number of octets
  1315. * in that packet; otherwise, no assumptions should be made about the
  1316. * value of either data elements.
  1317. *
  1318. * @warning This function assumes that the SRTCP packet is aligned on a
  1319. * 32-bit boundary.
  1320. *
  1321. * @param ctx is a pointer to the srtp_t which applies to the
  1322. * particular packet.
  1323. *
  1324. * @param srtcp_hdr is a pointer to the header of the SRTCP packet
  1325. * (before the call). After the function returns, it points to the
  1326. * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
  1327. * the data to which it points is undefined.
  1328. *
  1329. * @param pkt_octet_len is a pointer to the length in octets of the
  1330. * complete SRTCP packet (header and body) before the function call,
  1331. * and of the complete rtp packet after the call, if srtp_err_status_ok was
  1332. * returned. Otherwise, the value of the data to which it points is
  1333. * undefined.
  1334. *
  1335. * @return
  1336. * - srtp_err_status_ok if the RTCP packet is valid.
  1337. * - srtp_err_status_auth_fail if the SRTCP packet failed the message
  1338. * authentication check.
  1339. * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has
  1340. * already been processed and accepted).
  1341. * - [other] if there has been an error in the cryptographic mechanisms.
  1342. *
  1343. */
  1344. srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx,
  1345. void *srtcp_hdr,
  1346. int *pkt_octet_len);
  1347. /**
  1348. * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet
  1349. * processing function.
  1350. *
  1351. * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr)
  1352. * verifies the Secure RTCP protection of the SRTCP packet pointed to
  1353. * by srtcp_hdr (which has length *len_ptr), using the SRTP session
  1354. * context ctx. If srtp_err_status_ok is returned, then srtcp_hdr points
  1355. * to the resulting RTCP packet and *len_ptr is the number of octets
  1356. * in that packet; otherwise, no assumptions should be made about the
  1357. * value of either data elements.
  1358. *
  1359. * @warning This function assumes that the SRTCP packet is aligned on a
  1360. * 32-bit boundary.
  1361. *
  1362. * @param ctx is a pointer to the srtp_t which applies to the
  1363. * particular packet.
  1364. *
  1365. * @param srtcp_hdr is a pointer to the header of the SRTCP packet
  1366. * (before the call). After the function returns, it points to the
  1367. * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
  1368. * the data to which it points is undefined.
  1369. *
  1370. * @param pkt_octet_len is a pointer to the length in octets of the
  1371. * complete SRTCP packet (header and body) before the function call,
  1372. * and of the complete rtp packet after the call, if srtp_err_status_ok was
  1373. * returned. Otherwise, the value of the data to which it points is
  1374. * undefined.
  1375. *
  1376. * @param use_mki is a boolean to tell the system if mki is being used. If
  1377. * set to false then will use the first set of session keys. If set to true
  1378. * will use the session keys identified by the mki_index
  1379. *
  1380. * @return
  1381. * - srtp_err_status_ok if the RTCP packet is valid.
  1382. * - srtp_err_status_auth_fail if the SRTCP packet failed the message
  1383. * authentication check.
  1384. * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has
  1385. * already been processed and accepted).
  1386. * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI
  1387. * id
  1388. * - [other] if there has been an error in the
  1389. * cryptographic mechanisms.
  1390. *
  1391. */
  1392. srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx,
  1393. void *srtcp_hdr,
  1394. int *pkt_octet_len,
  1395. unsigned int use_mki);
  1396. /**
  1397. * @}
  1398. */
  1399. /**
  1400. * @defgroup User data associated to a SRTP session.
  1401. * @ingroup SRTP
  1402. *
  1403. * @brief Store custom user data within a SRTP session.
  1404. *
  1405. * @{
  1406. */
  1407. /**
  1408. * @brief srtp_set_user_data() stores the given pointer into the SRTP
  1409. * session for later retrieval.
  1410. *
  1411. * @param ctx is the srtp_t context in which the given data pointer is
  1412. * stored.
  1413. *
  1414. * @param data is a pointer to the custom information (struct, function,
  1415. * etc) associated with the SRTP session.
  1416. *
  1417. * @return void.
  1418. *
  1419. */
  1420. void srtp_set_user_data(srtp_t ctx, void *data);
  1421. /**
  1422. * @brief srtp_get_user_data() retrieves the pointer to the custom data
  1423. * previously stored with srtp_set_user_data().
  1424. *
  1425. * This function is mostly useful for retrieving data associated to a
  1426. * SRTP session when an event fires. The user can then get such a custom
  1427. * data by calling this function with the session field of the
  1428. * srtp_event_data_t struct as argument.
  1429. *
  1430. * @param ctx is the srtp_t context in which the given data pointer was
  1431. * stored.
  1432. *
  1433. * @return void* pointer to the user data.
  1434. *
  1435. */
  1436. void *srtp_get_user_data(srtp_t ctx);
  1437. /**
  1438. * @}
  1439. */
  1440. /**
  1441. * @defgroup SRTPevents SRTP events and callbacks
  1442. * @ingroup SRTP
  1443. *
  1444. * @brief libSRTP can use a user-provided callback function to
  1445. * handle events.
  1446. *
  1447. *
  1448. * libSRTP allows a user to provide a callback function to handle
  1449. * events that need to be dealt with outside of the data plane (see
  1450. * the enum srtp_event_t for a description of these events). Dealing
  1451. * with these events is not a strict necessity; they are not
  1452. * security-critical, but the application may suffer if they are not
  1453. * handled. The function srtp_set_event_handler() is used to provide
  1454. * the callback function.
  1455. *
  1456. * A default event handler that merely reports on the events as they
  1457. * happen is included. It is also possible to set the event handler
  1458. * function to NULL, in which case all events will just be silently
  1459. * ignored.
  1460. *
  1461. * @{
  1462. */
  1463. /**
  1464. * @brief srtp_event_t defines events that need to be handled
  1465. *
  1466. * The enum srtp_event_t defines events that need to be handled
  1467. * outside the `data plane', such as SSRC collisions and
  1468. * key expirations.
  1469. *
  1470. * When a key expires or the maximum number of packets has been
  1471. * reached, an SRTP stream will enter an `expired' state in which no
  1472. * more packets can be protected or unprotected. When this happens,
  1473. * it is likely that you will want to either deallocate the stream
  1474. * (using srtp_remove_stream()), and possibly allocate a new one.
  1475. *
  1476. * When an SRTP stream expires, the other streams in the same session
  1477. * are unaffected, unless key sharing is used by that stream. In the
  1478. * latter case, all of the streams in the session will expire.
  1479. */
  1480. typedef enum {
  1481. event_ssrc_collision, /**< An SSRC collision occured. */
  1482. event_key_soft_limit, /**< An SRTP stream reached the soft key */
  1483. /**< usage limit and will expire soon. */
  1484. event_key_hard_limit, /**< An SRTP stream reached the hard */
  1485. /**< key usage limit and has expired. */
  1486. event_packet_index_limit /**< An SRTP stream reached the hard */
  1487. /**< packet limit (2^48 packets). */
  1488. } srtp_event_t;
  1489. /**
  1490. * @brief srtp_event_data_t is the structure passed as a callback to
  1491. * the event handler function
  1492. *
  1493. * The struct srtp_event_data_t holds the data passed to the event
  1494. * handler function.
  1495. */
  1496. typedef struct srtp_event_data_t {
  1497. srtp_t session; /**< The session in which the event happend. */
  1498. uint32_t ssrc; /**< The ssrc in host order of the stream in which */
  1499. /**< the event happend */
  1500. srtp_event_t event; /**< An enum indicating the type of event. */
  1501. } srtp_event_data_t;
  1502. /**
  1503. * @brief srtp_event_handler_func_t is the function prototype for
  1504. * the event handler.
  1505. *
  1506. * The typedef srtp_event_handler_func_t is the prototype for the
  1507. * event handler function. It has as its only argument an
  1508. * srtp_event_data_t which describes the event that needs to be handled.
  1509. * There can only be a single, global handler for all events in
  1510. * libSRTP.
  1511. */
  1512. typedef void(srtp_event_handler_func_t)(srtp_event_data_t *data);
  1513. /**
  1514. * @brief sets the event handler to the function supplied by the caller.
  1515. *
  1516. * The function call srtp_install_event_handler(func) sets the event
  1517. * handler function to the value func. The value NULL is acceptable
  1518. * as an argument; in this case, events will be ignored rather than
  1519. * handled.
  1520. *
  1521. * @param func is a pointer to a fuction that takes an srtp_event_data_t
  1522. * pointer as an argument and returns void. This function
  1523. * will be used by libSRTP to handle events.
  1524. */
  1525. srtp_err_status_t srtp_install_event_handler(srtp_event_handler_func_t func);
  1526. /**
  1527. * @brief Returns the version string of the library.
  1528. *
  1529. */
  1530. const char *srtp_get_version_string(void);
  1531. /**
  1532. * @brief Returns the numeric representation of the library version.
  1533. *
  1534. */
  1535. unsigned int srtp_get_version(void);
  1536. /**
  1537. * @brief srtp_set_debug_module(mod_name, v)
  1538. *
  1539. * sets dynamic debugging to the value v (0 for off, 1 for on) for the
  1540. * debug module with the name mod_name
  1541. *
  1542. * returns err_status_ok on success, err_status_fail otherwise
  1543. */
  1544. srtp_err_status_t srtp_set_debug_module(const char *mod_name, int v);
  1545. /**
  1546. * @brief srtp_list_debug_modules() outputs a list of debugging modules
  1547. *
  1548. */
  1549. srtp_err_status_t srtp_list_debug_modules(void);
  1550. /**
  1551. * @brief srtp_log_level_t defines log levels.
  1552. *
  1553. * The enumeration srtp_log_level_t defines log levels reported
  1554. * in the srtp_log_handler_func_t.
  1555. *
  1556. */
  1557. typedef enum {
  1558. srtp_log_level_error, /**< log level is reporting an error message */
  1559. srtp_log_level_warning, /**< log level is reporting a warning message */
  1560. srtp_log_level_info, /**< log level is reporting an info message */
  1561. srtp_log_level_debug /**< log level is reporting a debug message */
  1562. } srtp_log_level_t;
  1563. /**
  1564. * @brief srtp_log_handler_func_t is the function prototype for
  1565. * the log handler.
  1566. *
  1567. * The typedef srtp_event_handler_func_t is the prototype for the
  1568. * event handler function. It has as srtp_log_level_t, log
  1569. * message and data as arguments.
  1570. * There can only be a single, global handler for all log messages in
  1571. * libSRTP.
  1572. */
  1573. typedef void(srtp_log_handler_func_t)(srtp_log_level_t level,
  1574. const char *msg,
  1575. void *data);
  1576. /**
  1577. * @brief sets the log handler to the function supplied by the caller.
  1578. *
  1579. * The function call srtp_install_log_handler(func) sets the log
  1580. * handler function to the value func. The value NULL is acceptable
  1581. * as an argument; in this case, log messages will be ignored.
  1582. * This function can be called before srtp_init() inorder to capture
  1583. * any logging during start up.
  1584. *
  1585. * @param func is a pointer to a fuction of type srtp_log_handler_func_t.
  1586. * This function will be used by libSRTP to output log messages.
  1587. * @param data is a user pointer that will be returned as the data argument in
  1588. * func.
  1589. */
  1590. srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func,
  1591. void *data);
  1592. /**
  1593. * @brief srtp_get_protect_trailer_length(session, use_mki, mki_index, length)
  1594. *
  1595. * Determines the length of the amount of data Lib SRTP will add to the
  1596. * packet during the protect process. The length is returned in the length
  1597. * parameter
  1598. *
  1599. * returns err_status_ok on success, err_status_bad_mki if the MKI index is
  1600. * invalid
  1601. *
  1602. */
  1603. srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session,
  1604. uint32_t use_mki,
  1605. uint32_t mki_index,
  1606. uint32_t *length);
  1607. /**
  1608. * @brief srtp_get_protect_rtcp_trailer_length(session, use_mki, mki_index,
  1609. * length)
  1610. *
  1611. * Determines the length of the amount of data Lib SRTP will add to the
  1612. * packet during the protect process. The length is returned in the length
  1613. * parameter
  1614. *
  1615. * returns err_status_ok on success, err_status_bad_mki if the MKI index is
  1616. * invalid
  1617. *
  1618. */
  1619. srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session,
  1620. uint32_t use_mki,
  1621. uint32_t mki_index,
  1622. uint32_t *length);
  1623. /**
  1624. * @brief srtp_set_stream_roc(session, ssrc, roc)
  1625. *
  1626. * Set the roll-over-counter on a session for a given SSRC
  1627. *
  1628. * returns err_status_ok on success, srtp_err_status_bad_param if there is no
  1629. * stream found
  1630. *
  1631. */
  1632. srtp_err_status_t srtp_set_stream_roc(srtp_t session,
  1633. uint32_t ssrc,
  1634. uint32_t roc);
  1635. /**
  1636. * @brief srtp_get_stream_roc(session, ssrc, roc)
  1637. *
  1638. * Get the roll-over-counter on a session for a given SSRC
  1639. *
  1640. * returns err_status_ok on success, srtp_err_status_bad_param if there is no
  1641. * stream found
  1642. *
  1643. */
  1644. srtp_err_status_t srtp_get_stream_roc(srtp_t session,
  1645. uint32_t ssrc,
  1646. uint32_t *roc);
  1647. /**
  1648. * @}
  1649. */
  1650. /* in host order, so outside the #if */
  1651. #define SRTCP_E_BIT 0x80000000
  1652. /* for byte-access */
  1653. #define SRTCP_E_BYTE_BIT 0x80
  1654. #define SRTCP_INDEX_MASK 0x7fffffff
  1655. #ifdef __cplusplus
  1656. }
  1657. #endif
  1658. #endif /* SRTP_SRTP_H */