srtp.h 43 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267
  1. /*
  2. * srtp.h
  3. *
  4. * interface to libsrtp
  5. *
  6. * David A. McGrew
  7. * Cisco Systems, Inc.
  8. */
  9. /*
  10. *
  11. * Copyright (c) 2001-2006, Cisco Systems, Inc.
  12. * All rights reserved.
  13. *
  14. * Redistribution and use in source and binary forms, with or without
  15. * modification, are permitted provided that the following conditions
  16. * are met:
  17. *
  18. * Redistributions of source code must retain the above copyright
  19. * notice, this list of conditions and the following disclaimer.
  20. *
  21. * Redistributions in binary form must reproduce the above
  22. * copyright notice, this list of conditions and the following
  23. * disclaimer in the documentation and/or other materials provided
  24. * with the distribution.
  25. *
  26. * Neither the name of the Cisco Systems, Inc. nor the names of its
  27. * contributors may be used to endorse or promote products derived
  28. * from this software without specific prior written permission.
  29. *
  30. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  31. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  32. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  33. * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  34. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
  35. * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  36. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  37. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  38. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  39. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  40. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  41. * OF THE POSSIBILITY OF SUCH DAMAGE.
  42. *
  43. */
  44. #ifndef SRTP_H
  45. #define SRTP_H
  46. #ifdef __cplusplus
  47. extern "C" {
  48. #endif
  49. #include <stdint.h>
  50. #include "crypto.h"
  51. #include "crypto_types.h"
  52. #include "err.h"
  53. /**
  54. * @defgroup SRTP Secure RTP
  55. *
  56. * @brief libSRTP provides functions for protecting RTP and RTCP. See
  57. * Section @ref Overview for an introduction to the use of the library.
  58. *
  59. * @{
  60. */
  61. /*
  62. * SRTP_MASTER_KEY_LEN is the nominal master key length supported by libSRTP
  63. */
  64. #define SRTP_MASTER_KEY_LEN 30
  65. /*
  66. * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP
  67. */
  68. #define SRTP_MAX_KEY_LEN 64
  69. /*
  70. * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP
  71. */
  72. #define SRTP_MAX_TAG_LEN 12
  73. /**
  74. * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer
  75. * (authentication tag and MKI) supported by libSRTP. This value is
  76. * the maximum number of octets that will be added to an RTP packet by
  77. * srtp_protect().
  78. *
  79. * @brief the maximum number of octets added by srtp_protect().
  80. */
  81. #define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN
  82. /*
  83. * SRTP_AEAD_SALT_LEN is the length of the SALT values used with
  84. * GCM mode. GCM mode requires an IV. The SALT value is used
  85. * as part of the IV formation logic applied to each RTP packet.
  86. */
  87. #define SRTP_AEAD_SALT_LEN 12
  88. #define AES_128_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 16
  89. #define AES_192_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 24
  90. #define AES_256_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 32
  91. /*
  92. * nota bene: since libSRTP doesn't support the use of the MKI, the
  93. * SRTP_MAX_TRAILER_LEN value is just the maximum tag length
  94. */
  95. /**
  96. * @brief sec_serv_t describes a set of security services.
  97. *
  98. * A sec_serv_t enumeration is used to describe the particular
  99. * security services that will be applied by a particular crypto
  100. * policy (or other mechanism).
  101. */
  102. typedef enum {
  103. sec_serv_none = 0, /**< no services */
  104. sec_serv_conf = 1, /**< confidentiality */
  105. sec_serv_auth = 2, /**< authentication */
  106. sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */
  107. }
  108. sec_serv_t;
  109. /**
  110. * @brief crypto_policy_t describes a particular crypto policy that
  111. * can be applied to an SRTP stream.
  112. *
  113. * A crypto_policy_t describes a particular cryptographic policy that
  114. * can be applied to an SRTP or SRTCP stream. An SRTP session policy
  115. * consists of a list of these policies, one for each SRTP stream
  116. * in the session.
  117. */
  118. typedef struct crypto_policy_t {
  119. cipher_type_id_t cipher_type; /**< An integer representing
  120. * the type of cipher. */
  121. int cipher_key_len; /**< The length of the cipher key
  122. * in octets. */
  123. auth_type_id_t auth_type; /**< An integer representing the
  124. * authentication function. */
  125. int auth_key_len; /**< The length of the authentication
  126. * function key in octets. */
  127. int auth_tag_len; /**< The length of the authentication
  128. * tag in octets. */
  129. sec_serv_t sec_serv; /**< The flag indicating the security
  130. * services to be applied. */
  131. } crypto_policy_t;
  132. /**
  133. * @brief ssrc_type_t describes the type of an SSRC.
  134. *
  135. * An ssrc_type_t enumeration is used to indicate a type of SSRC. See
  136. * @ref srtp_policy_t for more informataion.
  137. */
  138. typedef enum {
  139. ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */
  140. ssrc_specific = 1, /**< Indicates a specific SSRC value */
  141. ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value
  142. (i.e. a value that is used in the
  143. function srtp_unprotect()) */
  144. ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value
  145. (i.e. a value that is used in the
  146. function srtp_protect()) */
  147. } ssrc_type_t;
  148. /**
  149. * @brief An ssrc_t represents a particular SSRC value, or a `wildcard' SSRC.
  150. *
  151. * An ssrc_t represents a particular SSRC value (if its type is
  152. * ssrc_specific), or a wildcard SSRC value that will match all
  153. * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound
  154. * SSRCs (if its type is ssrc_any_inbound).
  155. *
  156. */
  157. typedef struct {
  158. ssrc_type_t type; /**< The type of this particular SSRC */
  159. unsigned int value; /**< The value of this SSRC, if it is not a wildcard */
  160. } ssrc_t;
  161. /**
  162. * @brief points to an EKT policy
  163. */
  164. typedef struct ekt_policy_ctx_t *ekt_policy_t;
  165. /**
  166. * @brief points to EKT stream data
  167. */
  168. typedef struct ekt_stream_ctx_t *ekt_stream_t;
  169. /**
  170. * @brief represents the policy for an SRTP session.
  171. *
  172. * A single srtp_policy_t struct represents the policy for a single
  173. * SRTP stream, and a linked list of these elements represents the
  174. * policy for an entire SRTP session. Each element contains the SRTP
  175. * and SRTCP crypto policies for that stream, a pointer to the SRTP
  176. * master key for that stream, the SSRC describing that stream, or a
  177. * flag indicating a `wildcard' SSRC value, and a `next' field that
  178. * holds a pointer to the next element in the list of policy elements,
  179. * or NULL if it is the last element.
  180. *
  181. * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an
  182. * inbound stream that for which there is no explicit SSRC entry in
  183. * another policy element. Similarly, the value SSRC_ANY_OUTBOUND
  184. * will matches any SSRC from an outbound stream that does not appear
  185. * in another policy element. Note that wildcard SSRCs &b cannot be
  186. * used to match both inbound and outbound traffic. This restriction
  187. * is intentional, and it allows libSRTP to ensure that no security
  188. * lapses result from accidental re-use of SSRC values during key
  189. * sharing.
  190. *
  191. *
  192. * @warning The final element of the list @b must have its `next' pointer
  193. * set to NULL.
  194. */
  195. typedef struct srtp_policy_t {
  196. ssrc_t ssrc; /**< The SSRC value of stream, or the
  197. * flags SSRC_ANY_INBOUND or
  198. * SSRC_ANY_OUTBOUND if key sharing
  199. * is used for this policy element.
  200. */
  201. crypto_policy_t rtp; /**< SRTP crypto policy. */
  202. crypto_policy_t rtcp; /**< SRTCP crypto policy. */
  203. unsigned char *key; /**< Pointer to the SRTP master key for
  204. * this stream. */
  205. ekt_policy_t ekt; /**< Pointer to the EKT policy structure
  206. * for this stream (if any) */
  207. unsigned long window_size; /**< The window size to use for replay
  208. * protection. */
  209. int allow_repeat_tx; /**< Whether retransmissions of
  210. * packets with the same sequence number
  211. * are allowed. (Note that such repeated
  212. * transmissions must have the same RTP
  213. * payload, or a severe security weakness
  214. * is introduced!) */
  215. struct srtp_policy_t *next; /**< Pointer to next stream policy. */
  216. } srtp_policy_t;
  217. /**
  218. * @brief An srtp_t points to an SRTP session structure.
  219. *
  220. * The typedef srtp_t is a pointer to a structure that represents
  221. * an SRTP session. This datatype is intentially opaque in
  222. * order to separate the interface from the implementation.
  223. *
  224. * An SRTP session consists of all of the traffic sent to the RTP and
  225. * RTCP destination transport addresses, using the RTP/SAVP (Secure
  226. * Audio/Video Profile). A session can be viewed as a set of SRTP
  227. * streams, each of which originates with a different participant.
  228. */
  229. typedef struct srtp_ctx_t *srtp_t;
  230. /**
  231. * @brief An srtp_stream_t points to an SRTP stream structure.
  232. *
  233. * The typedef srtp_stream_t is a pointer to a structure that
  234. * represents an SRTP stream. This datatype is intentionally
  235. * opaque in order to separate the interface from the implementation.
  236. *
  237. * An SRTP stream consists of all of the traffic sent to an SRTP
  238. * session by a single participant. A session can be viewed as
  239. * a set of streams.
  240. *
  241. */
  242. typedef struct srtp_stream_ctx_t *srtp_stream_t;
  243. /**
  244. * @brief srtp_init() initializes the srtp library.
  245. *
  246. * @warning This function @b must be called before any other srtp
  247. * functions.
  248. */
  249. err_status_t
  250. srtp_init(void);
  251. /**
  252. * @brief srtp_shutdown() de-initializes the srtp library.
  253. *
  254. * @warning No srtp functions may be called after calling this function.
  255. */
  256. err_status_t
  257. srtp_shutdown(void);
  258. /**
  259. * @brief srtp_protect() is the Secure RTP sender-side packet processing
  260. * function.
  261. *
  262. * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP
  263. * protection to the RTP packet rtp_hdr (which has length *len_ptr) using
  264. * the SRTP context ctx. If err_status_ok is returned, then rtp_hdr
  265. * points to the resulting SRTP packet and *len_ptr is the number of
  266. * octets in that packet; otherwise, no assumptions should be made
  267. * about the value of either data elements.
  268. *
  269. * The sequence numbers of the RTP packets presented to this function
  270. * need not be consecutive, but they @b must be out of order by less
  271. * than 2^15 = 32,768 packets.
  272. *
  273. * @warning This function assumes that it can write the authentication
  274. * tag into the location in memory immediately following the RTP
  275. * packet, and assumes that the RTP packet is aligned on a 32-bit
  276. * boundary.
  277. *
  278. * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN
  279. * into the location in memory immediately following the RTP packet.
  280. * Callers MUST ensure that this much writable memory is available in
  281. * the buffer that holds the RTP packet.
  282. *
  283. * @param ctx is the SRTP context to use in processing the packet.
  284. *
  285. * @param rtp_hdr is a pointer to the RTP packet (before the call); after
  286. * the function returns, it points to the srtp packet.
  287. *
  288. * @param len_ptr is a pointer to the length in octets of the complete
  289. * RTP packet (header and body) before the function call, and of the
  290. * complete SRTP packet after the call, if err_status_ok was returned.
  291. * Otherwise, the value of the data to which it points is undefined.
  292. *
  293. * @return
  294. * - err_status_ok no problems
  295. * - err_status_replay_fail rtp sequence number was non-increasing
  296. * - @e other failure in cryptographic mechanisms
  297. */
  298. err_status_t
  299. srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr);
  300. /**
  301. * @brief srtp_unprotect() is the Secure RTP receiver-side packet
  302. * processing function.
  303. *
  304. * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies
  305. * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr
  306. * (which has length *len_ptr), using the SRTP context ctx. If
  307. * err_status_ok is returned, then srtp_hdr points to the resulting
  308. * RTP packet and *len_ptr is the number of octets in that packet;
  309. * otherwise, no assumptions should be made about the value of either
  310. * data elements.
  311. *
  312. * The sequence numbers of the RTP packets presented to this function
  313. * need not be consecutive, but they @b must be out of order by less
  314. * than 2^15 = 32,768 packets.
  315. *
  316. * @warning This function assumes that the SRTP packet is aligned on a
  317. * 32-bit boundary.
  318. *
  319. * @param ctx is the SRTP session which applies to the particular packet.
  320. *
  321. * @param srtp_hdr is a pointer to the header of the SRTP packet
  322. * (before the call). after the function returns, it points to the
  323. * rtp packet if err_status_ok was returned; otherwise, the value of
  324. * the data to which it points is undefined.
  325. *
  326. * @param len_ptr is a pointer to the length in octets of the complete
  327. * srtp packet (header and body) before the function call, and of the
  328. * complete rtp packet after the call, if err_status_ok was returned.
  329. * Otherwise, the value of the data to which it points is undefined.
  330. *
  331. * @return
  332. * - err_status_ok if the RTP packet is valid.
  333. * - err_status_auth_fail if the SRTP packet failed the message
  334. * authentication check.
  335. * - err_status_replay_fail if the SRTP packet is a replay (e.g. packet has
  336. * already been processed and accepted).
  337. * - [other] if there has been an error in the cryptographic mechanisms.
  338. *
  339. */
  340. err_status_t
  341. srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr);
  342. /**
  343. * @brief srtp_create() allocates and initializes an SRTP session.
  344. * The function call srtp_create(session, policy, key) allocates and
  345. * initializes an SRTP session context, applying the given policy and
  346. * key.
  347. *
  348. * @param session is a pointer to the SRTP session to which the policy is
  349. * to be added.
  350. *
  351. * @param policy is the srtp_policy_t struct that describes the policy
  352. * for the session. The struct may be a single element, or it may be
  353. * the head of a list, in which case each element of the list is
  354. * processed. It may also be NULL, in which case streams should be added
  355. * later using srtp_add_stream(). The final element of the list @b must
  356. * have its `next' field set to NULL.
  357. *
  358. * @return
  359. * - err_status_ok if creation succeded.
  360. * - err_status_alloc_fail if allocation failed.
  361. * - err_status_init_fail if initialization failed.
  362. */
  363. err_status_t
  364. srtp_create(srtp_t *session, const srtp_policy_t *policy);
  365. /**
  366. * @brief srtp_add_stream() allocates and initializes an SRTP stream
  367. * within a given SRTP session.
  368. *
  369. * The function call srtp_add_stream(session, policy) allocates and
  370. * initializes a new SRTP stream within a given, previously created
  371. * session, applying the policy given as the other argument to that
  372. * stream.
  373. *
  374. * @return values:
  375. * - err_status_ok if stream creation succeded.
  376. * - err_status_alloc_fail if stream allocation failed
  377. * - err_status_init_fail if stream initialization failed.
  378. */
  379. err_status_t
  380. srtp_add_stream(srtp_t session,
  381. const srtp_policy_t *policy);
  382. /**
  383. * @brief srtp_remove_stream() deallocates an SRTP stream.
  384. *
  385. * The function call srtp_remove_stream(session, ssrc) removes
  386. * the SRTP stream with the SSRC value ssrc from the SRTP session
  387. * context given by the argument session.
  388. *
  389. * @param session is the SRTP session from which the stream
  390. * will be removed.
  391. *
  392. * @param ssrc is the SSRC value of the stream to be removed.
  393. *
  394. * @warning Wildcard SSRC values cannot be removed from a
  395. * session.
  396. *
  397. * @return
  398. * - err_status_ok if the stream deallocation succeded.
  399. * - [other] otherwise.
  400. *
  401. */
  402. err_status_t
  403. srtp_remove_stream(srtp_t session, unsigned int ssrc);
  404. /**
  405. * @brief crypto_policy_set_rtp_default() sets a crypto policy
  406. * structure to the SRTP default policy for RTP protection.
  407. *
  408. * @param p is a pointer to the policy structure to be set
  409. *
  410. * The function call crypto_policy_set_rtp_default(&p) sets the
  411. * crypto_policy_t at location p to the SRTP default policy for RTP
  412. * protection, as defined in the specification. This function is a
  413. * convenience that helps to avoid dealing directly with the policy
  414. * data structure. You are encouraged to initialize policy elements
  415. * with this function call. Doing so may allow your code to be
  416. * forward compatible with later versions of libSRTP that include more
  417. * elements in the crypto_policy_t datatype.
  418. *
  419. * @return void.
  420. *
  421. */
  422. void
  423. crypto_policy_set_rtp_default(crypto_policy_t *p);
  424. /**
  425. * @brief crypto_policy_set_rtcp_default() sets a crypto policy
  426. * structure to the SRTP default policy for RTCP protection.
  427. *
  428. * @param p is a pointer to the policy structure to be set
  429. *
  430. * The function call crypto_policy_set_rtcp_default(&p) sets the
  431. * crypto_policy_t at location p to the SRTP default policy for RTCP
  432. * protection, as defined in the specification. This function is a
  433. * convenience that helps to avoid dealing directly with the policy
  434. * data structure. You are encouraged to initialize policy elements
  435. * with this function call. Doing so may allow your code to be
  436. * forward compatible with later versions of libSRTP that include more
  437. * elements in the crypto_policy_t datatype.
  438. *
  439. * @return void.
  440. *
  441. */
  442. void
  443. crypto_policy_set_rtcp_default(crypto_policy_t *p);
  444. /**
  445. * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto
  446. * policy structure to the SRTP default policy for RTP protection.
  447. *
  448. * @param p is a pointer to the policy structure to be set
  449. *
  450. * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a
  451. * synonym for crypto_policy_set_rtp_default(). It conforms to the
  452. * naming convention used in RFC 4568 (SDP Security Descriptions for
  453. * Media Streams).
  454. *
  455. * @return void.
  456. *
  457. */
  458. #define crypto_policy_set_aes_cm_128_hmac_sha1_80(p) crypto_policy_set_rtp_default(p)
  459. /**
  460. * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto
  461. * policy structure to a short-authentication tag policy
  462. *
  463. * @param p is a pointer to the policy structure to be set
  464. *
  465. * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)
  466. * sets the crypto_policy_t at location p to use policy
  467. * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568.
  468. * This policy uses AES-128
  469. * Counter Mode encryption and HMAC-SHA1 authentication, with an
  470. * authentication tag that is only 32 bits long. This length is
  471. * considered adequate only for protecting audio and video media that
  472. * use a stateless playback function. See Section 7.5 of RFC 3711
  473. * (http://www.ietf.org/rfc/rfc3711.txt).
  474. *
  475. * This function is a convenience that helps to avoid dealing directly
  476. * with the policy data structure. You are encouraged to initialize
  477. * policy elements with this function call. Doing so may allow your
  478. * code to be forward compatible with later versions of libSRTP that
  479. * include more elements in the crypto_policy_t datatype.
  480. *
  481. * @warning This crypto policy is intended for use in SRTP, but not in
  482. * SRTCP. It is recommended that a policy that uses longer
  483. * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711
  484. * (http://www.ietf.org/rfc/rfc3711.txt).
  485. *
  486. * @return void.
  487. *
  488. */
  489. void
  490. crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p);
  491. /**
  492. * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto
  493. * policy structure to an encryption-only policy
  494. *
  495. * @param p is a pointer to the policy structure to be set
  496. *
  497. * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets
  498. * the crypto_policy_t at location p to use the SRTP default cipher
  499. * (AES-128 Counter Mode), but to use no authentication method. This
  500. * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
  501. * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
  502. *
  503. * This function is a convenience that helps to avoid dealing directly
  504. * with the policy data structure. You are encouraged to initialize
  505. * policy elements with this function call. Doing so may allow your
  506. * code to be forward compatible with later versions of libSRTP that
  507. * include more elements in the crypto_policy_t datatype.
  508. *
  509. * @warning This policy is NOT RECOMMENDED for SRTP unless it is
  510. * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
  511. * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
  512. *
  513. * @return void.
  514. *
  515. */
  516. void
  517. crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p);
  518. /**
  519. * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto
  520. * policy structure to an authentication-only policy
  521. *
  522. * @param p is a pointer to the policy structure to be set
  523. *
  524. * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p)
  525. * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80
  526. * bit authentication tag to provide message authentication, but to
  527. * use no encryption. This policy is NOT RECOMMENDED for SRTP unless
  528. * there is a requirement to forego encryption.
  529. *
  530. * This function is a convenience that helps to avoid dealing directly
  531. * with the policy data structure. You are encouraged to initialize
  532. * policy elements with this function call. Doing so may allow your
  533. * code to be forward compatible with later versions of libSRTP that
  534. * include more elements in the crypto_policy_t datatype.
  535. *
  536. * @warning This policy is NOT RECOMMENDED for SRTP unless there is a
  537. * requirement to forego encryption.
  538. *
  539. * @return void.
  540. *
  541. */
  542. void
  543. crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p);
  544. /**
  545. * @brief crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto
  546. * policy structure to a encryption and authentication policy using AES-256
  547. * for RTP protection.
  548. *
  549. * @param p is a pointer to the policy structure to be set
  550. *
  551. * The function call crypto_policy_set_aes_cm_256_hmac_sha1_80(&p)
  552. * sets the crypto_policy_t at location p to use policy
  553. * AES_CM_256_HMAC_SHA1_80 as defined in
  554. * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256
  555. * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit
  556. * authentication tag.
  557. *
  558. * This function is a convenience that helps to avoid dealing directly
  559. * with the policy data structure. You are encouraged to initialize
  560. * policy elements with this function call. Doing so may allow your
  561. * code to be forward compatible with later versions of libSRTP that
  562. * include more elements in the crypto_policy_t datatype.
  563. *
  564. * @return void.
  565. *
  566. */
  567. void crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p);
  568. /**
  569. * @brief crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto
  570. * policy structure to a short-authentication tag policy using AES-256
  571. * encryption.
  572. *
  573. * @param p is a pointer to the policy structure to be set
  574. *
  575. * The function call crypto_policy_set_aes_cm_256_hmac_sha1_32(&p)
  576. * sets the crypto_policy_t at location p to use policy
  577. * AES_CM_256_HMAC_SHA1_32 as defined in
  578. * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256
  579. * Counter Mode encryption and HMAC-SHA1 authentication, with an
  580. * authentication tag that is only 32 bits long. This length is
  581. * considered adequate only for protecting audio and video media that
  582. * use a stateless playback function. See Section 7.5 of RFC 3711
  583. * (http://www.ietf.org/rfc/rfc3711.txt).
  584. *
  585. * This function is a convenience that helps to avoid dealing directly
  586. * with the policy data structure. You are encouraged to initialize
  587. * policy elements with this function call. Doing so may allow your
  588. * code to be forward compatible with later versions of libSRTP that
  589. * include more elements in the crypto_policy_t datatype.
  590. *
  591. * @warning This crypto policy is intended for use in SRTP, but not in
  592. * SRTCP. It is recommended that a policy that uses longer
  593. * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711
  594. * (http://www.ietf.org/rfc/rfc3711.txt).
  595. *
  596. * @return void.
  597. *
  598. */
  599. void
  600. crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p);
  601. /**
  602. * @brief crypto_policy_set_aes_cm_256_null_auth() sets a crypto
  603. * policy structure to an encryption-only policy
  604. *
  605. * @param p is a pointer to the policy structure to be set
  606. *
  607. * The function call crypto_policy_set_aes_cm_256_null_auth(&p) sets
  608. * the crypto_policy_t at location p to use the SRTP default cipher
  609. * (AES-256 Counter Mode), but to use no authentication method. This
  610. * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
  611. * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
  612. *
  613. * This function is a convenience that helps to avoid dealing directly
  614. * with the policy data structure. You are encouraged to initialize
  615. * policy elements with this function call. Doing so may allow your
  616. * code to be forward compatible with later versions of libSRTP that
  617. * include more elements in the crypto_policy_t datatype.
  618. *
  619. * @warning This policy is NOT RECOMMENDED for SRTP unless it is
  620. * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
  621. * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
  622. *
  623. * @return void.
  624. *
  625. */
  626. void
  627. crypto_policy_set_aes_cm_256_null_auth(crypto_policy_t *p);
  628. /**
  629. * @brief crypto_policy_set_aes_gcm_128_8_auth() sets a crypto
  630. * policy structure to an AEAD encryption policy.
  631. *
  632. * @param p is a pointer to the policy structure to be set
  633. *
  634. * The function call crypto_policy_set_aes_gcm_128_8_auth(&p) sets
  635. * the crypto_policy_t at location p to use the SRTP default cipher
  636. * (AES-128 Galois Counter Mode) with 8 octet auth tag. This
  637. * policy applies confidentiality and authentication to both the
  638. * RTP and RTCP packets.
  639. *
  640. * This function is a convenience that helps to avoid dealing directly
  641. * with the policy data structure. You are encouraged to initialize
  642. * policy elements with this function call. Doing so may allow your
  643. * code to be forward compatible with later versions of libSRTP that
  644. * include more elements in the crypto_policy_t datatype.
  645. *
  646. * @return void.
  647. *
  648. */
  649. void
  650. crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p);
  651. /**
  652. * @brief crypto_policy_set_aes_gcm_256_8_auth() sets a crypto
  653. * policy structure to an AEAD encryption policy
  654. *
  655. * @param p is a pointer to the policy structure to be set
  656. *
  657. * The function call crypto_policy_set_aes_gcm_256_8_auth(&p) sets
  658. * the crypto_policy_t at location p to use the SRTP default cipher
  659. * (AES-256 Galois Counter Mode) with 8 octet auth tag. This
  660. * policy applies confidentiality and authentication to both the
  661. * RTP and RTCP packets.
  662. *
  663. * This function is a convenience that helps to avoid dealing directly
  664. * with the policy data structure. You are encouraged to initialize
  665. * policy elements with this function call. Doing so may allow your
  666. * code to be forward compatible with later versions of libSRTP that
  667. * include more elements in the crypto_policy_t datatype.
  668. *
  669. * @return void.
  670. *
  671. */
  672. void
  673. crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p);
  674. /**
  675. * @brief crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto
  676. * policy structure to an AEAD authentication-only policy
  677. *
  678. * @param p is a pointer to the policy structure to be set
  679. *
  680. * The function call crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets
  681. * the crypto_policy_t at location p to use the SRTP default cipher
  682. * (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy
  683. * applies confidentiality and authentication to the RTP packets,
  684. * but only authentication to the RTCP packets.
  685. *
  686. * This function is a convenience that helps to avoid dealing directly
  687. * with the policy data structure. You are encouraged to initialize
  688. * policy elements with this function call. Doing so may allow your
  689. * code to be forward compatible with later versions of libSRTP that
  690. * include more elements in the crypto_policy_t datatype.
  691. *
  692. * @return void.
  693. *
  694. */
  695. void
  696. crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p);
  697. /**
  698. * @brief crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto
  699. * policy structure to an AEAD authentication-only policy
  700. *
  701. * @param p is a pointer to the policy structure to be set
  702. *
  703. * The function call crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets
  704. * the crypto_policy_t at location p to use the SRTP default cipher
  705. * (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy
  706. * applies confidentiality and authentication to the RTP packets,
  707. * but only authentication to the RTCP packets.
  708. *
  709. * This function is a convenience that helps to avoid dealing directly
  710. * with the policy data structure. You are encouraged to initialize
  711. * policy elements with this function call. Doing so may allow your
  712. * code to be forward compatible with later versions of libSRTP that
  713. * include more elements in the crypto_policy_t datatype.
  714. *
  715. * @return void.
  716. *
  717. */
  718. void
  719. crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p);
  720. /**
  721. * @brief crypto_policy_set_aes_gcm_128_16_auth() sets a crypto
  722. * policy structure to an AEAD encryption policy.
  723. *
  724. * @param p is a pointer to the policy structure to be set
  725. *
  726. * The function call crypto_policy_set_aes_gcm_128_16_auth(&p) sets
  727. * the crypto_policy_t at location p to use the SRTP default cipher
  728. * (AES-128 Galois Counter Mode) with 16 octet auth tag. This
  729. * policy applies confidentiality and authentication to both the
  730. * RTP and RTCP packets.
  731. *
  732. * This function is a convenience that helps to avoid dealing directly
  733. * with the policy data structure. You are encouraged to initialize
  734. * policy elements with this function call. Doing so may allow your
  735. * code to be forward compatible with later versions of libSRTP that
  736. * include more elements in the crypto_policy_t datatype.
  737. *
  738. * @return void.
  739. *
  740. */
  741. void
  742. crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p);
  743. /**
  744. * @brief crypto_policy_set_aes_gcm_256_16_auth() sets a crypto
  745. * policy structure to an AEAD encryption policy
  746. *
  747. * @param p is a pointer to the policy structure to be set
  748. *
  749. * The function call crypto_policy_set_aes_gcm_256_16_auth(&p) sets
  750. * the crypto_policy_t at location p to use the SRTP default cipher
  751. * (AES-256 Galois Counter Mode) with 16 octet auth tag. This
  752. * policy applies confidentiality and authentication to both the
  753. * RTP and RTCP packets.
  754. *
  755. * This function is a convenience that helps to avoid dealing directly
  756. * with the policy data structure. You are encouraged to initialize
  757. * policy elements with this function call. Doing so may allow your
  758. * code to be forward compatible with later versions of libSRTP that
  759. * include more elements in the crypto_policy_t datatype.
  760. *
  761. * @return void.
  762. *
  763. */
  764. void
  765. crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p);
  766. /**
  767. * @brief srtp_dealloc() deallocates storage for an SRTP session
  768. * context.
  769. *
  770. * The function call srtp_dealloc(s) deallocates storage for the
  771. * SRTP session context s. This function should be called no more
  772. * than one time for each of the contexts allocated by the function
  773. * srtp_create().
  774. *
  775. * @param s is the srtp_t for the session to be deallocated.
  776. *
  777. * @return
  778. * - err_status_ok if there no problems.
  779. * - err_status_dealloc_fail a memory deallocation failure occured.
  780. */
  781. err_status_t
  782. srtp_dealloc(srtp_t s);
  783. /*
  784. * @brief identifies a particular SRTP profile
  785. *
  786. * An srtp_profile_t enumeration is used to identify a particular SRTP
  787. * profile (that is, a set of algorithms and parameters). These
  788. * profiles are defined in the DTLS-SRTP draft.
  789. */
  790. typedef enum {
  791. srtp_profile_reserved = 0,
  792. srtp_profile_aes128_cm_sha1_80 = 1,
  793. srtp_profile_aes128_cm_sha1_32 = 2,
  794. srtp_profile_aes256_cm_sha1_80 = 3,
  795. srtp_profile_aes256_cm_sha1_32 = 4,
  796. srtp_profile_null_sha1_80 = 5,
  797. srtp_profile_null_sha1_32 = 6,
  798. } srtp_profile_t;
  799. /**
  800. * @brief crypto_policy_set_from_profile_for_rtp() sets a crypto policy
  801. * structure to the appropriate value for RTP based on an srtp_profile_t
  802. *
  803. * @param p is a pointer to the policy structure to be set
  804. *
  805. * The function call crypto_policy_set_rtp_default(&policy, profile)
  806. * sets the crypto_policy_t at location policy to the policy for RTP
  807. * protection, as defined by the srtp_profile_t profile.
  808. *
  809. * This function is a convenience that helps to avoid dealing directly
  810. * with the policy data structure. You are encouraged to initialize
  811. * policy elements with this function call. Doing so may allow your
  812. * code to be forward compatible with later versions of libSRTP that
  813. * include more elements in the crypto_policy_t datatype.
  814. *
  815. * @return values
  816. * - err_status_ok no problems were encountered
  817. * - err_status_bad_param the profile is not supported
  818. *
  819. */
  820. err_status_t
  821. crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy,
  822. srtp_profile_t profile);
  823. /**
  824. * @brief crypto_policy_set_from_profile_for_rtcp() sets a crypto policy
  825. * structure to the appropriate value for RTCP based on an srtp_profile_t
  826. *
  827. * @param p is a pointer to the policy structure to be set
  828. *
  829. * The function call crypto_policy_set_rtcp_default(&policy, profile)
  830. * sets the crypto_policy_t at location policy to the policy for RTCP
  831. * protection, as defined by the srtp_profile_t profile.
  832. *
  833. * This function is a convenience that helps to avoid dealing directly
  834. * with the policy data structure. You are encouraged to initialize
  835. * policy elements with this function call. Doing so may allow your
  836. * code to be forward compatible with later versions of libSRTP that
  837. * include more elements in the crypto_policy_t datatype.
  838. *
  839. * @return values
  840. * - err_status_ok no problems were encountered
  841. * - err_status_bad_param the profile is not supported
  842. *
  843. */
  844. err_status_t
  845. crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
  846. srtp_profile_t profile);
  847. /**
  848. * @brief returns the master key length for a given SRTP profile
  849. */
  850. unsigned int
  851. srtp_profile_get_master_key_length(srtp_profile_t profile);
  852. /**
  853. * @brief returns the master salt length for a given SRTP profile
  854. */
  855. unsigned int
  856. srtp_profile_get_master_salt_length(srtp_profile_t profile);
  857. /**
  858. * @brief appends the salt to the key
  859. *
  860. * The function call append_salt_to_key(k, klen, s, slen)
  861. * copies the string s to the location at klen bytes following
  862. * the location k.
  863. *
  864. * @warning There must be at least bytes_in_salt + bytes_in_key bytes
  865. * available at the location pointed to by key.
  866. *
  867. */
  868. void
  869. append_salt_to_key(unsigned char *key, unsigned int bytes_in_key,
  870. unsigned char *salt, unsigned int bytes_in_salt);
  871. /**
  872. * @}
  873. */
  874. /**
  875. * @defgroup SRTCP Secure RTCP
  876. * @ingroup SRTP
  877. *
  878. * @brief Secure RTCP functions are used to protect RTCP traffic.
  879. *
  880. * RTCP is the control protocol for RTP. libSRTP protects RTCP
  881. * traffic in much the same way as it does RTP traffic. The function
  882. * srtp_protect_rtcp() applies cryptographic protections to outbound
  883. * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on
  884. * inbound RTCP packets.
  885. *
  886. * A note on the naming convention: srtp_protect_rtcp() has an srtp_t
  887. * as its first argument, and thus has `srtp_' as its prefix. The
  888. * trailing `_rtcp' indicates the protocol on which it acts.
  889. *
  890. * @{
  891. */
  892. /**
  893. * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet
  894. * processing function.
  895. *
  896. * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies
  897. * SRTCP protection to the RTCP packet rtcp_hdr (which has length
  898. * *len_ptr) using the SRTP session context ctx. If err_status_ok is
  899. * returned, then rtp_hdr points to the resulting SRTCP packet and
  900. * *len_ptr is the number of octets in that packet; otherwise, no
  901. * assumptions should be made about the value of either data elements.
  902. *
  903. * @warning This function assumes that it can write the authentication
  904. * tag into the location in memory immediately following the RTCP
  905. * packet, and assumes that the RTCP packet is aligned on a 32-bit
  906. * boundary.
  907. *
  908. * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4
  909. * into the location in memory immediately following the RTCP packet.
  910. * Callers MUST ensure that this much writable memory is available in
  911. * the buffer that holds the RTCP packet.
  912. *
  913. * @param ctx is the SRTP context to use in processing the packet.
  914. *
  915. * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after
  916. * the function returns, it points to the srtp packet.
  917. *
  918. * @param pkt_octet_len is a pointer to the length in octets of the
  919. * complete RTCP packet (header and body) before the function call,
  920. * and of the complete SRTCP packet after the call, if err_status_ok
  921. * was returned. Otherwise, the value of the data to which it points
  922. * is undefined.
  923. *
  924. * @return
  925. * - err_status_ok if there were no problems.
  926. * - [other] if there was a failure in
  927. * the cryptographic mechanisms.
  928. */
  929. err_status_t
  930. srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len);
  931. /**
  932. * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet
  933. * processing function.
  934. *
  935. * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr)
  936. * verifies the Secure RTCP protection of the SRTCP packet pointed to
  937. * by srtcp_hdr (which has length *len_ptr), using the SRTP session
  938. * context ctx. If err_status_ok is returned, then srtcp_hdr points
  939. * to the resulting RTCP packet and *len_ptr is the number of octets
  940. * in that packet; otherwise, no assumptions should be made about the
  941. * value of either data elements.
  942. *
  943. * @warning This function assumes that the SRTCP packet is aligned on a
  944. * 32-bit boundary.
  945. *
  946. * @param ctx is a pointer to the srtp_t which applies to the
  947. * particular packet.
  948. *
  949. * @param srtcp_hdr is a pointer to the header of the SRTCP packet
  950. * (before the call). After the function returns, it points to the
  951. * rtp packet if err_status_ok was returned; otherwise, the value of
  952. * the data to which it points is undefined.
  953. *
  954. * @param pkt_octet_len is a pointer to the length in octets of the
  955. * complete SRTCP packet (header and body) before the function call,
  956. * and of the complete rtp packet after the call, if err_status_ok was
  957. * returned. Otherwise, the value of the data to which it points is
  958. * undefined.
  959. *
  960. * @return
  961. * - err_status_ok if the RTCP packet is valid.
  962. * - err_status_auth_fail if the SRTCP packet failed the message
  963. * authentication check.
  964. * - err_status_replay_fail if the SRTCP packet is a replay (e.g. has
  965. * already been processed and accepted).
  966. * - [other] if there has been an error in the cryptographic mechanisms.
  967. *
  968. */
  969. err_status_t
  970. srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len);
  971. /**
  972. * @}
  973. */
  974. /**
  975. * @defgroup User data associated to a SRTP session.
  976. * @ingroup SRTP
  977. *
  978. * @brief Store custom user data within a SRTP session.
  979. *
  980. * @{
  981. */
  982. /**
  983. * @brief srtp_set_user_data() stores the given pointer into the SRTP
  984. * session for later retrieval.
  985. *
  986. * @param ctx is the srtp_t context in which the given data pointer is
  987. * stored.
  988. *
  989. * @param data is a pointer to the custom information (struct, function,
  990. * etc) associated with the SRTP session.
  991. *
  992. * @return void.
  993. *
  994. */
  995. void
  996. srtp_set_user_data(srtp_t ctx, void *data);
  997. /**
  998. * @brief srtp_get_user_data() retrieves the pointer to the custom data
  999. * previously stored with srtp_set_user_data().
  1000. *
  1001. * This function is mostly useful for retrieving data associated to a
  1002. * SRTP session when an event fires. The user can then get such a custom
  1003. * data by calling this function with the session field of the
  1004. * srtp_event_data_t struct as argument.
  1005. *
  1006. * @param ctx is the srtp_t context in which the given data pointer was
  1007. * stored.
  1008. *
  1009. * @return void* pointer to the user data.
  1010. *
  1011. */
  1012. void*
  1013. srtp_get_user_data(srtp_t ctx);
  1014. /**
  1015. * @}
  1016. */
  1017. /**
  1018. * @defgroup SRTPevents SRTP events and callbacks
  1019. * @ingroup SRTP
  1020. *
  1021. * @brief libSRTP can use a user-provided callback function to
  1022. * handle events.
  1023. *
  1024. *
  1025. * libSRTP allows a user to provide a callback function to handle
  1026. * events that need to be dealt with outside of the data plane (see
  1027. * the enum srtp_event_t for a description of these events). Dealing
  1028. * with these events is not a strict necessity; they are not
  1029. * security-critical, but the application may suffer if they are not
  1030. * handled. The function srtp_set_event_handler() is used to provide
  1031. * the callback function.
  1032. *
  1033. * A default event handler that merely reports on the events as they
  1034. * happen is included. It is also possible to set the event handler
  1035. * function to NULL, in which case all events will just be silently
  1036. * ignored.
  1037. *
  1038. * @{
  1039. */
  1040. /**
  1041. * @brief srtp_event_t defines events that need to be handled
  1042. *
  1043. * The enum srtp_event_t defines events that need to be handled
  1044. * outside the `data plane', such as SSRC collisions and
  1045. * key expirations.
  1046. *
  1047. * When a key expires or the maximum number of packets has been
  1048. * reached, an SRTP stream will enter an `expired' state in which no
  1049. * more packets can be protected or unprotected. When this happens,
  1050. * it is likely that you will want to either deallocate the stream
  1051. * (using srtp_stream_dealloc()), and possibly allocate a new one.
  1052. *
  1053. * When an SRTP stream expires, the other streams in the same session
  1054. * are unaffected, unless key sharing is used by that stream. In the
  1055. * latter case, all of the streams in the session will expire.
  1056. */
  1057. typedef enum {
  1058. event_ssrc_collision, /**<
  1059. * An SSRC collision occured.
  1060. */
  1061. event_key_soft_limit, /**< An SRTP stream reached the soft key
  1062. * usage limit and will expire soon.
  1063. */
  1064. event_key_hard_limit, /**< An SRTP stream reached the hard
  1065. * key usage limit and has expired.
  1066. */
  1067. event_packet_index_limit /**< An SRTP stream reached the hard
  1068. * packet limit (2^48 packets).
  1069. */
  1070. } srtp_event_t;
  1071. /**
  1072. * @brief srtp_event_data_t is the structure passed as a callback to
  1073. * the event handler function
  1074. *
  1075. * The struct srtp_event_data_t holds the data passed to the event
  1076. * handler function.
  1077. */
  1078. typedef struct srtp_event_data_t {
  1079. srtp_t session; /**< The session in which the event happend. */
  1080. srtp_stream_t stream; /**< The stream in which the event happend. */
  1081. srtp_event_t event; /**< An enum indicating the type of event. */
  1082. } srtp_event_data_t;
  1083. /**
  1084. * @brief srtp_event_handler_func_t is the function prototype for
  1085. * the event handler.
  1086. *
  1087. * The typedef srtp_event_handler_func_t is the prototype for the
  1088. * event handler function. It has as its only argument an
  1089. * srtp_event_data_t which describes the event that needs to be handled.
  1090. * There can only be a single, global handler for all events in
  1091. * libSRTP.
  1092. */
  1093. typedef void (srtp_event_handler_func_t)(srtp_event_data_t *data);
  1094. /**
  1095. * @brief sets the event handler to the function supplied by the caller.
  1096. *
  1097. * The function call srtp_install_event_handler(func) sets the event
  1098. * handler function to the value func. The value NULL is acceptable
  1099. * as an argument; in this case, events will be ignored rather than
  1100. * handled.
  1101. *
  1102. * @param func is a pointer to a fuction that takes an srtp_event_data_t
  1103. * pointer as an argument and returns void. This function
  1104. * will be used by libSRTP to handle events.
  1105. */
  1106. err_status_t
  1107. srtp_install_event_handler(srtp_event_handler_func_t func);
  1108. /**
  1109. * @brief Returns the version string of the library.
  1110. *
  1111. */
  1112. const char *srtp_get_version_string(void);
  1113. /**
  1114. * @brief Returns the numeric representation of the library version.
  1115. *
  1116. */
  1117. unsigned int srtp_get_version(void);
  1118. /**
  1119. * @}
  1120. */
  1121. /* in host order, so outside the #if */
  1122. #define SRTCP_E_BIT 0x80000000
  1123. /* for byte-access */
  1124. #define SRTCP_E_BYTE_BIT 0x80
  1125. #define SRTCP_INDEX_MASK 0x7fffffff
  1126. #ifdef __cplusplus
  1127. }
  1128. #endif
  1129. #endif /* SRTP_H */