/// <summary> /// 4.3.3. AES-CM PRF /// /// The currently defined PRF, keyed by 128, 192, or 256 bit master key, /// has input block size m = 128 and can produce n-bit outputs for n up /// to 2^23. PRF_n(k_master,x) SHALL be AES in Counter Mode as described /// in Section 4.1.1, applied to key k_master, and IV equal to (x*2^16), /// and with the output keystream truncated to the n first (left-most) /// bits. (Requiring n/128, rounded up, applications of AES.) /// /// https://tools.ietf.org/html/rfc3711#section-4.3.3 /// </summary> private static byte[] PseudoRandomFunction(byte[] masterKey, byte[] x, int keyLength) { var iv = new byte[SrtpConstants.SrtpPseudoRandomFunctionInputBlockSize]; x.CopyTo(iv, 0); return(AesCounterMode.GenerateKeystreamSegment(masterKey, iv, keyLength)); }
private static byte[] EncryptPayloadWithAesCtrMode(SrtpDerivedkeys derivedKeys, uint ssrc, byte[] rtpBody, int packetIndex) { var sessionKey = derivedKeys.SessionKey; var cipherSalt = derivedKeys.CipherSalt; // where the 128-bit integer value IV SHALL be defined by the SSRC, the // SRTP packet index i, and the SRTP session salting key k_s, as below. // // IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (i * 2^16) var iv = cipherSalt.ShiftLeft(16) .Xor(BitConverter.GetBytes(IPAddress.HostToNetworkOrder(ssrc)).ShiftLeft(64)) .Xor(BitConverter.GetBytes(IPAddress.HostToNetworkOrder(packetIndex)).ShiftLeft(16)); var encrypted = AesCounterMode.Encrypt(sessionKey, iv, rtpBody); return(encrypted); }