Exemplo n.º 1
0
        /// <summary>
        /// 4.3.3.  AES-CM PRF
        ///
        /// The currently defined PRF, keyed by 128, 192, or 256 bit master key,
        /// has input block size m = 128 and can produce n-bit outputs for n up
        /// to 2^23.  PRF_n(k_master,x) SHALL be AES in Counter Mode as described
        /// in Section 4.1.1, applied to key k_master, and IV equal to (x*2^16),
        /// and with the output keystream truncated to the n first (left-most)
        /// bits.  (Requiring n/128, rounded up, applications of AES.)
        ///
        /// https://tools.ietf.org/html/rfc3711#section-4.3.3
        /// </summary>
        private static byte[] PseudoRandomFunction(byte[] masterKey, byte[] x, int keyLength)
        {
            var iv = new byte[SrtpConstants.SrtpPseudoRandomFunctionInputBlockSize];

            x.CopyTo(iv, 0);

            return(AesCounterMode.GenerateKeystreamSegment(masterKey, iv, keyLength));
        }
Exemplo n.º 2
0
        private static byte[] EncryptPayloadWithAesCtrMode(SrtpDerivedkeys derivedKeys, uint ssrc, byte[] rtpBody, int packetIndex)
        {
            var sessionKey = derivedKeys.SessionKey;
            var cipherSalt = derivedKeys.CipherSalt;

            // where the 128-bit integer value IV SHALL be defined by the SSRC, the
            // SRTP packet index i, and the SRTP session salting key k_s, as below.
            //
            //  IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (i * 2^16)

            var iv =
                cipherSalt.ShiftLeft(16)
                .Xor(BitConverter.GetBytes(IPAddress.HostToNetworkOrder(ssrc)).ShiftLeft(64))
                .Xor(BitConverter.GetBytes(IPAddress.HostToNetworkOrder(packetIndex)).ShiftLeft(16));

            var encrypted = AesCounterMode.Encrypt(sessionKey, iv, rtpBody);

            return(encrypted);
        }