public SrtpPolicy GetSrtcpPolicy() { SrtpPolicy sp = new SrtpPolicy(encType, encKeyLength, authType, authKeyLength, rtcpAuthTagLength, saltLength); return(sp); }
protected virtual void PrepareSrtpSharedSecret() { //Set master secret back to security parameters (only works in old bouncy castle versions) //mContext.SecurityParameters.MasterSecret = masterSecret; SrtpParameters srtpParams = SrtpParameters.GetSrtpParametersForProfile(clientSrtpData.ProtectionProfiles[0]); int keyLen = srtpParams.GetCipherKeyLength(); int saltLen = srtpParams.GetCipherSaltLength(); srtpPolicy = srtpParams.GetSrtpPolicy(); srtcpPolicy = srtpParams.GetSrtcpPolicy(); srtpMasterClientKey = new byte[keyLen]; srtpMasterServerKey = new byte[keyLen]; srtpMasterClientSalt = new byte[saltLen]; srtpMasterServerSalt = new byte[saltLen]; // 2* (key + salt length) / 8. From http://tools.ietf.org/html/rfc5764#section-4-2 // No need to divide by 8 here since lengths are already in bits byte[] sharedSecret = GetKeyingMaterial(2 * (keyLen + saltLen)); /* * * See: http://tools.ietf.org/html/rfc5764#section-4.2 * * sharedSecret is an equivalent of : * * struct { * client_write_SRTP_master_key[SRTPSecurityParams.master_key_len]; * server_write_SRTP_master_key[SRTPSecurityParams.master_key_len]; * client_write_SRTP_master_salt[SRTPSecurityParams.master_salt_len]; * server_write_SRTP_master_salt[SRTPSecurityParams.master_salt_len]; * } ; * * Here, client = local configuration, server = remote. * NOTE [ivelin]: 'local' makes sense if this code is used from a DTLS SRTP client. * Here we run as a server, so 'local' referring to the client is actually confusing. * * l(k) = KEY length * s(k) = salt lenght * * So we have the following repartition : * l(k) 2*l(k)+s(k) * 2*l(k) 2*(l(k)+s(k)) * +------------------------+------------------------+---------------+-------------------+ * + local key | remote key | local salt | remote salt | * +------------------------+------------------------+---------------+-------------------+ */ Buffer.BlockCopy(sharedSecret, 0, srtpMasterClientKey, 0, keyLen); Buffer.BlockCopy(sharedSecret, keyLen, srtpMasterServerKey, 0, keyLen); Buffer.BlockCopy(sharedSecret, 2 * keyLen, srtpMasterClientSalt, 0, saltLen); Buffer.BlockCopy(sharedSecret, (2 * keyLen + saltLen), srtpMasterServerSalt, 0, saltLen); }
/** * Construct an empty SRTPCryptoContext using ssrc. * The other parameters are set to default null value. * * @param ssrc SSRC of this SRTPCryptoContext */ public SrtcpCryptoContext(long ssrcIn) { ssrcCtx = ssrcIn; mki = null; masterKey = null; masterSalt = null; encKey = null; authKey = null; saltKey = null; policy = null; tagStore = null; }
/** * Construct an empty SRTPCryptoContext using ssrc. The other parameters are * set to default null value. * * @param ssrcIn * SSRC of this SRTPCryptoContext */ public SrtpCryptoContext(long ssrcIn) { ssrcCtx = ssrcIn; mki = null; roc = 0; guessedROC = 0; seqNum = 0; keyDerivationRate = 0; masterKey = null; masterSalt = null; encKey = null; authKey = null; saltKey = null; seqNumSet = false; policy = null; tagStore = null; }
/** * Construct a normal SRTPCryptoContext based on the given parameters. * * @param ssrcIn * the RTP SSRC that this SRTP cryptographic context protects. * @param rocIn * the initial Roll-Over-Counter according to RFC 3711. These are * the upper 32 bit of the overall 48 bit SRTP packet index. * Refer to chapter 3.2.1 of the RFC. * @param kdr * the key derivation rate defines when to recompute the SRTP * session keys. Refer to chapter 4.3.1 in the RFC. * @param masterK * byte array holding the master key for this SRTP cryptographic * context. Refer to chapter 3.2.1 of the RFC about the role of * the master key. * @param masterS * byte array holding the master salt for this SRTP cryptographic * context. It is used to computer the initialization vector that * in turn is input to compute the session key, session * authentication key and the session salt. * @param policyIn * SRTP policy for this SRTP cryptographic context, defined the * encryption algorithm, the authentication algorithm, etc */ public SrtpCryptoContext(long ssrcIn, int rocIn, long kdr, byte[] masterK, byte[] masterS, SrtpPolicy policyIn) { ssrcCtx = ssrcIn; mki = null; roc = rocIn; guessedROC = 0; seqNum = 0; keyDerivationRate = kdr; seqNumSet = false; policy = policyIn; masterKey = new byte[policy.EncKeyLength]; Array.Copy(masterK, 0, masterKey, 0, masterK.Length); masterSalt = new byte[policy.SaltKeyLength]; Array.Copy(masterS, 0, masterSalt, 0, masterS.Length); mac = new HMac(new Sha1Digest()); switch (policy.EncType) { case SrtpPolicy.NULL_ENCRYPTION: encKey = null; saltKey = null; break; case SrtpPolicy.AESF8_ENCRYPTION: cipherF8 = new AesEngine(); cipher = new AesEngine(); encKey = new byte[policy.EncKeyLength]; saltKey = new byte[policy.SaltKeyLength]; break; //$FALL-THROUGH$ case SrtpPolicy.AESCM_ENCRYPTION: cipher = new AesEngine(); encKey = new byte[policy.EncKeyLength]; saltKey = new byte[policy.SaltKeyLength]; break; case SrtpPolicy.TWOFISHF8_ENCRYPTION: cipherF8 = new TwofishEngine(); cipher = new TwofishEngine(); encKey = new byte[this.policy.EncKeyLength]; saltKey = new byte[this.policy.SaltKeyLength]; break; case SrtpPolicy.TWOFISH_ENCRYPTION: cipher = new TwofishEngine(); encKey = new byte[this.policy.EncKeyLength]; saltKey = new byte[this.policy.SaltKeyLength]; break; } switch (policy.AuthType) { case SrtpPolicy.NULL_AUTHENTICATION: authKey = null; tagStore = null; break; case SrtpPolicy.HMACSHA1_AUTHENTICATION: mac = new HMac(new Sha1Digest()); authKey = new byte[policy.AuthKeyLength]; tagStore = new byte[mac.GetMacSize()]; break; default: tagStore = null; break; } }
/** * Construct a normal SRTPCryptoContext based on the given parameters. * * @param ssrc * the RTP SSRC that this SRTP cryptographic context protects. * @param masterKey * byte array holding the master key for this SRTP cryptographic * context. Refer to chapter 3.2.1 of the RFC about the role of * the master key. * @param masterSalt * byte array holding the master salt for this SRTP cryptographic * context. It is used to computer the initialization vector that * in turn is input to compute the session key, session * authentication key and the session salt. * @param policy * SRTP policy for this SRTP cryptographic context, defined the * encryption algorithm, the authentication algorithm, etc */ public SrtcpCryptoContext(long ssrcIn, byte[] masterK, byte[] masterS, SrtpPolicy policyIn) { ssrcCtx = ssrcIn; mki = null; policy = policyIn; masterKey = new byte[policy.EncKeyLength]; System.Array.Copy(masterK, 0, masterKey, 0, masterK.Length); masterSalt = new byte[policy.SaltKeyLength]; System.Array.Copy(masterS, 0, masterSalt, 0, masterS.Length); switch (policy.EncType) { case SrtpPolicy.NULL_ENCRYPTION: encKey = null; saltKey = null; break; case SrtpPolicy.AESF8_ENCRYPTION: cipherF8 = new AesEngine(); cipher = new AesEngine(); encKey = new byte[this.policy.EncKeyLength]; saltKey = new byte[this.policy.SaltKeyLength]; break; case SrtpPolicy.AESCM_ENCRYPTION: cipher = new AesEngine(); encKey = new byte[this.policy.EncKeyLength]; saltKey = new byte[this.policy.SaltKeyLength]; break; case SrtpPolicy.TWOFISHF8_ENCRYPTION: cipherF8 = new TwofishEngine(); cipher = new TwofishEngine(); encKey = new byte[this.policy.EncKeyLength]; saltKey = new byte[this.policy.SaltKeyLength]; break; case SrtpPolicy.TWOFISH_ENCRYPTION: cipher = new TwofishEngine(); encKey = new byte[this.policy.EncKeyLength]; saltKey = new byte[this.policy.SaltKeyLength]; break; } switch (policy.AuthType) { case SrtpPolicy.NULL_AUTHENTICATION: authKey = null; tagStore = null; break; case SrtpPolicy.HMACSHA1_AUTHENTICATION: mac = new HMac(new Sha1Digest()); authKey = new byte[policy.AuthKeyLength]; tagStore = new byte[mac.GetMacSize()]; break; case SrtpPolicy.SKEIN_AUTHENTICATION: authKey = new byte[policy.AuthKeyLength]; tagStore = new byte[policy.AuthTagLength]; break; default: tagStore = null; break; } }