1 /* 2 * ekt.h 3 * 4 * interface to Encrypted Key Transport for SRTP 5 * 6 * David McGrew 7 * Cisco Systems, Inc. 8 */ 9 /* 10 * 11 * Copyright (c) 2001-2017 Cisco Systems, Inc. 12 * All rights reserved. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 18 * Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 21 * Redistributions in binary form must reproduce the above 22 * copyright notice, this list of conditions and the following 23 * disclaimer in the documentation and/or other materials provided 24 * with the distribution. 25 * 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 * contributors may be used to endorse or promote products derived 28 * from this software without specific prior written permission. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 41 * OF THE POSSIBILITY OF SUCH DAMAGE. 42 * 43 */ 44 45 /* 46 * EKT implementation strategy 47 * 48 * use stream_template approach 49 * 50 * in srtp_unprotect, when a new stream appears, check if template has 51 * EKT defined, and if it does, then apply EKT processing 52 * 53 * question: will we want to allow key-sharing templates in addition 54 * to EKT templates? could define a new ssrc_type_t that's associated 55 * with an EKT, e.g. ssrc_any_ekt. 56 * 57 * 58 */ 59 60 #ifndef SRTP_EKT_H 61 #define SRTP_EKT_H 62 63 // left in commented out as reminder to not include private headers 64 //#include "srtp_priv.h" 65 66 #ifdef __cplusplus 67 extern "C" { 68 #endif 69 70 #define SRTP_EKT_CIPHER_DEFAULT 1 71 #define SRTP_EKT_CIPHER_AES_128_ECB 1 72 #define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2 73 #define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3 74 75 typedef uint16_t srtp_ekt_spi_t; 76 77 unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt); 78 79 /* 80 * an srtp_policy_t structure can contain a pointer to an 81 * srtp_ekt_policy_t structure 82 * 83 * this structure holds all of the high level EKT information, and it 84 * is passed into libsrtp to indicate what policy should be in effect 85 */ 86 87 typedef struct srtp_ekt_policy_ctx_t { 88 srtp_ekt_spi_t spi; /* security parameter index */ 89 uint8_t ekt_cipher_type; 90 uint8_t *ekt_key; 91 struct srtp_ekt_policy_ctx_t *next_ekt_policy; 92 } srtp_ekt_policy_ctx_t; 93 94 /* 95 * an srtp_ekt_data_t structure holds the data corresponding to an ekt key, 96 * spi, and so on 97 */ 98 99 typedef struct srtp_ekt_data_t { 100 srtp_ekt_spi_t spi; 101 uint8_t ekt_cipher_type; 102 srtp_aes_expanded_key_t ekt_enc_key; 103 srtp_aes_expanded_key_t ekt_dec_key; 104 struct ekt_data_t *next_ekt_data; 105 } srtp_ekt_data_t; 106 107 /* 108 * an srtp_stream_ctx_t can contain an srtp_ekt_stream_ctx_t 109 * 110 * an srtp_ekt_stream_ctx_t structure holds all of the EKT information for 111 * a specific SRTP stream 112 */ 113 114 typedef struct srtp_ekt_stream_ctx_t { 115 srtp_ekt_data_t *data; 116 uint16_t isn; /* initial sequence number */ 117 uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; 118 } srtp_ekt_stream_ctx_t; 119 120 srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, 121 srtp_ekt_policy_t policy); 122 123 srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e, 124 srtp_ekt_spi_t spi, 125 void *ekt_key, 126 unsigned ekt_cipher_type); 127 128 srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e, 129 srtp_ekt_policy_t p); 130 131 srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, 132 const void *srtcp_hdr, 133 unsigned pkt_octet_len); 134 135 void srtp_ekt_write_data(srtp_ekt_stream_t ekt, 136 uint8_t *base_tag, 137 unsigned base_tag_len, 138 int *packet_len, 139 srtp_xtd_seq_num_t pkt_index); 140 141 /* 142 * We handle EKT by performing some additional steps before 143 * authentication (copying the auth tag into a temporary location, 144 * zeroizing the "base tag" field in the packet) 145 * 146 * With EKT, the tag_len parameter is actually the base tag 147 * length 148 */ 149 srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag, 150 uint8_t *pkt_tag_copy, 151 unsigned tag_len); 152 153 srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, 154 uint8_t *pkt_tag_copy, 155 unsigned tag_len); 156 157 /* 158 * @brief EKT pre-processing for srtcp tag generation 159 * 160 * This function does the pre-processing of the SRTCP authentication 161 * tag format. When EKT is used, it consists of writing the Encrypted 162 * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI 163 * fields. The Base Authentication Tag field is set to the all-zero 164 * value 165 * 166 * When EKT is not used, this function is a no-op. 167 * 168 */ 169 srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess( 170 const srtp_stream_t *s, 171 uint8_t *pkt_tag, 172 unsigned pkt_octet_len); 173 174 /* it's not clear that a tag_generation_postprocess function is needed */ 175 srtp_err_status_t srtcp_auth_tag_generation_postprocess(void); 176 177 #ifdef __cplusplus 178 } 179 #endif 180 181 #endif /* SRTP_EKT_H */ 182