.TH "CryptoContext" 3 "ccRTP" \" -*- nroff -*- .ad l .nh .SH NAME CryptoContext \- The implementation for a SRTP cryptographic context\&. .SH SYNOPSIS .br .PP .PP \fC#include \fP .SS "Public Member Functions" .in +1c .ti -1c .RI "\fBCryptoContext\fP (uint32 ssrc)" .br .RI "Constructor for empty SRTP cryptographic context\&. " .ti -1c .RI "\fBCryptoContext\fP (uint32 ssrc, int32 roc, int64 keyDerivRate, const int32 ealg, const int32 aalg, uint8 *masterKey, int32 masterKeyLength, uint8 *masterSalt, int32 masterSaltLength, int32 ekeyl, int32 akeyl, int32 skeyl, int32 tagLength)" .br .RI "Constructor for an active SRTP cryptographic context\&. " .ti -1c .RI "\fB~CryptoContext\fP ()" .br .RI "Destructor\&. " .ti -1c .RI "void \fBsetRoc\fP (uint32 r)" .br .RI "Set the Roll-Over-Counter\&. " .ti -1c .RI "uint32 \fBgetRoc\fP () const" .br .RI "Get the Roll-Over-Counter\&. " .ti -1c .RI "void \fBsrtpEncrypt\fP (\fBRTPPacket\fP *rtp, uint64 index, uint32 ssrc)" .br .RI "Perform SRTP encryption\&. " .ti -1c .RI "void \fBsrtpAuthenticate\fP (\fBRTPPacket\fP *rtp, uint32 roc, uint8 *tag)" .br .RI "Compute the authentication tag\&. " .ti -1c .RI "void \fBderiveSrtpKeys\fP (uint64 index)" .br .RI "Perform key derivation according to SRTP specification\&. " .ti -1c .RI "uint64 \fBguessIndex\fP (uint16 newSeqNumber)" .br .RI "Compute (guess) the new SRTP index based on the sequence number of a received RTP packet\&. " .ti -1c .RI "bool \fBcheckReplay\fP (uint16 newSeqNumber)" .br .RI "Check for packet replay\&. " .ti -1c .RI "void \fBupdate\fP (uint16 newSeqNumber)" .br .RI "Update the SRTP packet index\&. " .ti -1c .RI "int32 \fBgetTagLength\fP () const" .br .RI "Get the length of the SRTP authentication tag in bytes\&. " .ti -1c .RI "int32 \fBgetMkiLength\fP () const" .br .RI "Get the length of the MKI in bytes\&. " .ti -1c .RI "uint32 \fBgetSsrc\fP () const" .br .RI "Get the SSRC of this SRTP Cryptograhic context\&. " .ti -1c .RI "\fBCryptoContext\fP * \fBnewCryptoContextForSSRC\fP (uint32 ssrc, int roc, int64 keyDerivRate)" .br .RI "Derive a new Crypto Context for use with a new SSRC\&. " .in -1c .SH "Detailed Description" .PP The implementation for a SRTP cryptographic context\&. This class holds data and provides functions that implement a cryptographic context for SRTP, Refer to RFC 3711, chapter 3\&.2 for some more detailed information about the SRTP cryptographic context\&. .PP Each SRTP cryptographic context maintains a RTP source identified by its SSRC\&. Thus you can independently protect each source inside a RTP session\&. .PP Key management mechanisms negotiate the parameters for the SRTP cryptographic context, such as master key, key length, authentication length and so on\&. The key management mechanisms are not part of SRTP\&. Refer to MIKEY (RFC 3880) or to Phil Zimmermann's ZRTP protocol (draft-zimmermann-avt-zrtp-01)\&. After key management negotiated the data the application can setup the SRTP cryptographic context and enable SRTP processing\&. .PP Currently this implementation supports RTP only, not RTCP\&. .PP \fBAuthor\fP .RS 4 Israel Abad i_abad@terra.es .PP Erik Eliasson eliasson@it.kth.se .PP Johan Bilien jobi@via.ecp.fr .PP Joachim Orrblad joachim@orrblad.com .PP Werner Dittmann Werner.Dittmann@t-online.de .RE .PP .SH "Constructor & Destructor Documentation" .PP .SS "CryptoContext::CryptoContext (uint32 ssrc)" .PP Constructor for empty SRTP cryptographic context\&. This constructor creates an empty SRTP cryptographic context were all algorithms are set to the null algorithm, that is no SRTP processing is performed\&. .PP \fBParameters\fP .RS 4 \fIssrc\fP The RTP SSRC that this SRTP cryptographic context protects\&. .RE .PP .SS "CryptoContext::CryptoContext (uint32 ssrc, int32 roc, int64 keyDerivRate, const int32 ealg, const int32 aalg, uint8 * masterKey, int32 masterKeyLength, uint8 * masterSalt, int32 masterSaltLength, int32 ekeyl, int32 akeyl, int32 skeyl, int32 tagLength)" .PP Constructor for an active SRTP cryptographic context\&. This constructor creates an active SRTP cryptographic context were algorithms are enabled, keys are computed and so on\&. This SRTP cryptographic context can protect a RTP SSRC stream\&. .PP \fBParameters\fP .RS 4 \fIssrc\fP The RTP SSRC that this SRTP cryptographic context protects\&. .br \fIroc\fP The initial Roll-Over-Counter according to RFC 3711\&. These are the upper 32 bit of the overall 48 bit SRTP packet index\&. Refer to chapter 3\&.2\&.1 of the RFC\&. .br \fIkeyDerivRate\fP The key derivation rate defines when to recompute the SRTP session keys\&. Refer to chapter 4\&.3\&.1 in the RFC\&. .br \fIealg\fP The encryption algorithm to use\&. Possible values are \fC SrtpEncryptionNull, SrtpEncryptionAESCM, SrtpEncryptionAESF8 \fP\&. See chapter 4\&.1\&.1 for AESCM (Counter mode) and 4\&.1\&.2 for AES F8 mode\&. .br \fIaalg\fP The authentication algorithm to use\&. Possible values are \fC SrtpEncryptionNull, SrtpAuthenticationSha1Hmac\fP\&. The only active algorithm here is SHA1 HMAC, a SHA1 based hashed message authentication code as defined in RFC 2104\&. .br \fImasterKey\fP Pointer to the master key for this SRTP cryptographic context\&. Must point to \fCmasterKeyLength\fP bytes\&. Refer to chapter 3\&.2\&.1 of the RFC about the role of the master key\&. .br \fImasterKeyLength\fP The length in bytes of the master key in bytes\&. The length must match the selected encryption algorithm\&. Because SRTP uses AES based encryption only, then master key length may be 16 or 32 bytes (128 or 256 bit master key) .br \fImasterSalt\fP SRTP uses the master salt to computer the initialization vector that in turn is input to compute the session key, session authentication key and the session salt\&. .br \fImasterSaltLength\fP The length in bytes of the master salt data in bytes\&. SRTP uses AES as encryption algorithm\&. AES encrypts 16 byte blocks (independent of the key length)\&. According to RFC3711 the standard value for the master salt length should be 112 bit (14 bytes)\&. .br \fIekeyl\fP The length in bytes of the session encryption key that SRTP shall compute and use\&. Usually the same length as for the master key length\&. But you may use a different length as well\&. Be carefull that the key management mechanisms supports different key lengths\&. .br \fIakeyl\fP The length in bytes of the session authentication key\&. SRTP computes this key and uses it as input to the authentication algorithm\&. The standard value is 160 bits (20 bytes)\&. .br \fIskeyl\fP The length in bytes of the session salt\&. SRTP computes this salt key and uses it as input during encryption\&. The length usually is the same as the master salt length\&. .br \fItagLength\fP The length is bytes of the authentication tag that SRTP appends to the RTP packet\&. Refer to chapter 4\&.2\&. in the RFC 3711\&. .RE .PP .SS "CryptoContext::~CryptoContext ()" .PP Destructor\&. Cleans the SRTP cryptographic context\&. .SH "Member Function Documentation" .PP .SS "bool CryptoContext::checkReplay (uint16 newSeqNumber)" .PP Check for packet replay\&. The method check if a received packet is either to old or was already received\&. .PP The method supports a 64 packet history relative the the given sequence number\&. .PP \fBParameters\fP .RS 4 \fInewSeqNumber\fP The sequence number of the received RTP packet in host order\&. .RE .PP \fBReturns\fP .RS 4 \fCtrue\fP if no replay, \fCfalse\fP if packet is too old ar was already received\&. .RE .PP .SS "void CryptoContext::deriveSrtpKeys (uint64 index)" .PP Perform key derivation according to SRTP specification\&. This method computes the session key, session authentication key and the session salt key\&. This method must be called at least once after the SRTP Cryptograhic context was set up\&. .PP \fBParameters\fP .RS 4 \fIindex\fP The 48 bit SRTP packet index\&. See the \fCguessIndex\fP method\&. .RE .PP .SS "int32 CryptoContext::getMkiLength () const\fC [inline]\fP" .PP Get the length of the MKI in bytes\&. .PP \fBReturns\fP .RS 4 the length of the MKI\&. .RE .PP .SS "uint32 CryptoContext::getRoc () const\fC [inline]\fP" .PP Get the Roll-Over-Counter\&. Ths method get the upper 32 bit of the 48 bit SRTP packet index (the roll-over-part) .PP \fBReturns\fP .RS 4 The roll-over-counter .RE .PP .SS "uint32 CryptoContext::getSsrc () const\fC [inline]\fP" .PP Get the SSRC of this SRTP Cryptograhic context\&. .PP \fBReturns\fP .RS 4 the SSRC\&. .RE .PP .SS "int32 CryptoContext::getTagLength () const\fC [inline]\fP" .PP Get the length of the SRTP authentication tag in bytes\&. .PP \fBReturns\fP .RS 4 the length of the authentication tag\&. .RE .PP .SS "uint64 CryptoContext::guessIndex (uint16 newSeqNumber)" .PP Compute (guess) the new SRTP index based on the sequence number of a received RTP packet\&. The method uses the algorithm show in RFC3711, Appendix A, to compute the new index\&. .PP \fBParameters\fP .RS 4 \fInewSeqNumber\fP The sequence number of the received RTP packet in host order\&. .RE .PP \fBReturns\fP .RS 4 The new SRTP packet index .RE .PP .SS "\fBCryptoContext\fP * CryptoContext::newCryptoContextForSSRC (uint32 ssrc, int roc, int64 keyDerivRate)" .PP Derive a new Crypto Context for use with a new SSRC\&. This method returns a new Crypto Context initialized with the data of this crypto context\&. Replacing the SSRC, Roll-over-Counter, and the key derivation rate the application cab use this Crypto Context to encrypt / decrypt a new stream (Synchronization source) inside one RTP session\&. .PP Before the application can use this crypto context it must call the \fCderiveSrtpKeys\fP method\&. .PP \fBParameters\fP .RS 4 \fIssrc\fP The SSRC for this context .br \fIroc\fP The Roll-Over-Counter for this context .br \fIkeyDerivRate\fP The key derivation rate for this context .RE .PP \fBReturns\fP .RS 4 a new \fBCryptoContext\fP with all relevant data set\&. .RE .PP .SS "void CryptoContext::setRoc (uint32 r)\fC [inline]\fP" .PP Set the Roll-Over-Counter\&. Ths method sets the upper 32 bit of the 48 bit SRTP packet index (the roll-over-part) .PP \fBParameters\fP .RS 4 \fIr\fP The roll-over-counter .RE .PP .SS "void CryptoContext::srtpAuthenticate (\fBRTPPacket\fP * rtp, uint32 roc, uint8 * tag)" .PP Compute the authentication tag\&. Compute the authentication tag according the the parameters in the SRTP Cryptograhic context\&. .PP \fBParameters\fP .RS 4 \fIrtp\fP The RTP packet that contains the data to authenticate\&. .br \fIroc\fP The 32 bit SRTP roll-over-counter\&. .br \fItag\fP Points to a buffer that hold the computed tag\&. This buffer must be able to hold \fCtagLength\fP bytes\&. .RE .PP .SS "void CryptoContext::srtpEncrypt (\fBRTPPacket\fP * rtp, uint64 index, uint32 ssrc)" .PP Perform SRTP encryption\&. This method encrypts \fIand\fP decrypts SRTP payload data\&. Plain data gets encrypted, encrypted data get decrypted\&. .PP \fBParameters\fP .RS 4 \fIrtp\fP The RTP packet that contains the data to encrypt\&. .br \fIindex\fP The 48 bit SRTP packet index\&. See the \fCguessIndex\fP method\&. .br \fIssrc\fP The RTP SSRC data in \fIhost\fP order\&. .RE .PP .SS "void CryptoContext::update (uint16 newSeqNumber)" .PP Update the SRTP packet index\&. Call this method after all checks were successful\&. See chapter 3\&.3\&.1 in the RFC when to update the ROC and ROC processing\&. .PP \fBParameters\fP .RS 4 \fInewSeqNumber\fP The sequence number of the received RTP packet in host order\&. .RE .PP .SH "Author" .PP Generated automatically by Doxygen for ccRTP from the source code\&.