public SrtpPolicy GetSrtcpPolicy()
{
SrtpPolicy sp = new SrtpPolicy(encType, encKeyLength, authType, authKeyLength, rtcpAuthTagLength,
saltLength);
return(sp);
}
protected virtual void PrepareSrtpSharedSecret()
{
//Set master secret back to security parameters (only works in old bouncy castle versions)
//mContext.SecurityParameters.MasterSecret = masterSecret;
SrtpParameters srtpParams =
SrtpParameters.GetSrtpParametersForProfile(clientSrtpData.ProtectionProfiles[0]);
int keyLen = srtpParams.GetCipherKeyLength();
int saltLen = srtpParams.GetCipherSaltLength();
srtpPolicy = srtpParams.GetSrtpPolicy();
srtcpPolicy = srtpParams.GetSrtcpPolicy();
srtpMasterClientKey = new byte[keyLen];
srtpMasterServerKey = new byte[keyLen];
srtpMasterClientSalt = new byte[saltLen];
srtpMasterServerSalt = new byte[saltLen];
// 2* (key + salt length) / 8. From http://tools.ietf.org/html/rfc5764#section-4-2
// No need to divide by 8 here since lengths are already in bits
byte[] sharedSecret = GetKeyingMaterial(2 * (keyLen + saltLen));
/*
*
* See: http://tools.ietf.org/html/rfc5764#section-4.2
*
* sharedSecret is an equivalent of :
*
* struct {
* client_write_SRTP_master_key[SRTPSecurityParams.master_key_len];
* server_write_SRTP_master_key[SRTPSecurityParams.master_key_len];
* client_write_SRTP_master_salt[SRTPSecurityParams.master_salt_len];
* server_write_SRTP_master_salt[SRTPSecurityParams.master_salt_len];
* } ;
*
* Here, client = local configuration, server = remote.
* NOTE [ivelin]: 'local' makes sense if this code is used from a DTLS SRTP client.
* Here we run as a server, so 'local' referring to the client is actually confusing.
*
* l(k) = KEY length
* s(k) = salt lenght
*
* So we have the following repartition :
* l(k) 2*l(k)+s(k)
* 2*l(k) 2*(l(k)+s(k))
* +------------------------+------------------------+---------------+-------------------+
* + local key | remote key | local salt | remote salt |
* +------------------------+------------------------+---------------+-------------------+
*/
Buffer.BlockCopy(sharedSecret, 0, srtpMasterClientKey, 0, keyLen);
Buffer.BlockCopy(sharedSecret, keyLen, srtpMasterServerKey, 0, keyLen);
Buffer.BlockCopy(sharedSecret, 2 * keyLen, srtpMasterClientSalt, 0, saltLen);
Buffer.BlockCopy(sharedSecret, (2 * keyLen + saltLen), srtpMasterServerSalt, 0, saltLen);
}
/**
* Construct an empty SRTPCryptoContext using ssrc.
* The other parameters are set to default null value.
*
* @param ssrc SSRC of this SRTPCryptoContext
*/
public SrtcpCryptoContext(long ssrcIn)
{
ssrcCtx = ssrcIn;
mki = null;
masterKey = null;
masterSalt = null;
encKey = null;
authKey = null;
saltKey = null;
policy = null;
tagStore = null;
}
/**
* Construct an empty SRTPCryptoContext using ssrc. The other parameters are
* set to default null value.
*
* @param ssrcIn
* SSRC of this SRTPCryptoContext
*/
public SrtpCryptoContext(long ssrcIn)
{
ssrcCtx = ssrcIn;
mki = null;
roc = 0;
guessedROC = 0;
seqNum = 0;
keyDerivationRate = 0;
masterKey = null;
masterSalt = null;
encKey = null;
authKey = null;
saltKey = null;
seqNumSet = false;
policy = null;
tagStore = null;
}
/**
* Construct a normal SRTPCryptoContext based on the given parameters.
*
* @param ssrcIn
* the RTP SSRC that this SRTP cryptographic context protects.
* @param rocIn
* the initial Roll-Over-Counter according to RFC 3711. These are
* the upper 32 bit of the overall 48 bit SRTP packet index.
* Refer to chapter 3.2.1 of the RFC.
* @param kdr
* the key derivation rate defines when to recompute the SRTP
* session keys. Refer to chapter 4.3.1 in the RFC.
* @param masterK
* byte array holding the master key for this SRTP cryptographic
* context. Refer to chapter 3.2.1 of the RFC about the role of
* the master key.
* @param masterS
* byte array holding the master salt for this SRTP cryptographic
* context. It is used to computer the initialization vector that
* in turn is input to compute the session key, session
* authentication key and the session salt.
* @param policyIn
* SRTP policy for this SRTP cryptographic context, defined the
* encryption algorithm, the authentication algorithm, etc
*/
public SrtpCryptoContext(long ssrcIn, int rocIn, long kdr, byte[] masterK,
byte[] masterS, SrtpPolicy policyIn)
{
ssrcCtx = ssrcIn;
mki = null;
roc = rocIn;
guessedROC = 0;
seqNum = 0;
keyDerivationRate = kdr;
seqNumSet = false;
policy = policyIn;
masterKey = new byte[policy.EncKeyLength];
Array.Copy(masterK, 0, masterKey, 0, masterK.Length);
masterSalt = new byte[policy.SaltKeyLength];
Array.Copy(masterS, 0, masterSalt, 0, masterS.Length);
mac = new HMac(new Sha1Digest());
switch (policy.EncType)
{
case SrtpPolicy.NULL_ENCRYPTION:
encKey = null;
saltKey = null;
break;
case SrtpPolicy.AESF8_ENCRYPTION:
cipherF8 = new AesEngine();
cipher = new AesEngine();
encKey = new byte[policy.EncKeyLength];
saltKey = new byte[policy.SaltKeyLength];
break;
//$FALL-THROUGH$
case SrtpPolicy.AESCM_ENCRYPTION:
cipher = new AesEngine();
encKey = new byte[policy.EncKeyLength];
saltKey = new byte[policy.SaltKeyLength];
break;
case SrtpPolicy.TWOFISHF8_ENCRYPTION:
cipherF8 = new TwofishEngine();
cipher = new TwofishEngine();
encKey = new byte[this.policy.EncKeyLength];
saltKey = new byte[this.policy.SaltKeyLength];
break;
case SrtpPolicy.TWOFISH_ENCRYPTION:
cipher = new TwofishEngine();
encKey = new byte[this.policy.EncKeyLength];
saltKey = new byte[this.policy.SaltKeyLength];
break;
}
switch (policy.AuthType)
{
case SrtpPolicy.NULL_AUTHENTICATION:
authKey = null;
tagStore = null;
break;
case SrtpPolicy.HMACSHA1_AUTHENTICATION:
mac = new HMac(new Sha1Digest());
authKey = new byte[policy.AuthKeyLength];
tagStore = new byte[mac.GetMacSize()];
break;
default:
tagStore = null;
break;
}
}
/**
* Construct a normal SRTPCryptoContext based on the given parameters.
*
* @param ssrc
* the RTP SSRC that this SRTP cryptographic context protects.
* @param masterKey
* byte array holding the master key for this SRTP cryptographic
* context. Refer to chapter 3.2.1 of the RFC about the role of
* the master key.
* @param masterSalt
* byte array holding the master salt for this SRTP cryptographic
* context. It is used to computer the initialization vector that
* in turn is input to compute the session key, session
* authentication key and the session salt.
* @param policy
* SRTP policy for this SRTP cryptographic context, defined the
* encryption algorithm, the authentication algorithm, etc
*/
public SrtcpCryptoContext(long ssrcIn, byte[] masterK, byte[] masterS, SrtpPolicy policyIn)
{
ssrcCtx = ssrcIn;
mki = null;
policy = policyIn;
masterKey = new byte[policy.EncKeyLength];
System.Array.Copy(masterK, 0, masterKey, 0, masterK.Length);
masterSalt = new byte[policy.SaltKeyLength];
System.Array.Copy(masterS, 0, masterSalt, 0, masterS.Length);
switch (policy.EncType)
{
case SrtpPolicy.NULL_ENCRYPTION:
encKey = null;
saltKey = null;
break;
case SrtpPolicy.AESF8_ENCRYPTION:
cipherF8 = new AesEngine();
cipher = new AesEngine();
encKey = new byte[this.policy.EncKeyLength];
saltKey = new byte[this.policy.SaltKeyLength];
break;
case SrtpPolicy.AESCM_ENCRYPTION:
cipher = new AesEngine();
encKey = new byte[this.policy.EncKeyLength];
saltKey = new byte[this.policy.SaltKeyLength];
break;
case SrtpPolicy.TWOFISHF8_ENCRYPTION:
cipherF8 = new TwofishEngine();
cipher = new TwofishEngine();
encKey = new byte[this.policy.EncKeyLength];
saltKey = new byte[this.policy.SaltKeyLength];
break;
case SrtpPolicy.TWOFISH_ENCRYPTION:
cipher = new TwofishEngine();
encKey = new byte[this.policy.EncKeyLength];
saltKey = new byte[this.policy.SaltKeyLength];
break;
}
switch (policy.AuthType)
{
case SrtpPolicy.NULL_AUTHENTICATION:
authKey = null;
tagStore = null;
break;
case SrtpPolicy.HMACSHA1_AUTHENTICATION:
mac = new HMac(new Sha1Digest());
authKey = new byte[policy.AuthKeyLength];
tagStore = new byte[mac.GetMacSize()];
break;
case SrtpPolicy.SKEIN_AUTHENTICATION:
authKey = new byte[policy.AuthKeyLength];
tagStore = new byte[policy.AuthTagLength];
break;
default:
tagStore = null;
break;
}
}
