diff options
Diffstat (limited to 'include/ekt.h')
-rw-r--r-- | include/ekt.h | 201 |
1 files changed, 0 insertions, 201 deletions
diff --git a/include/ekt.h b/include/ekt.h deleted file mode 100644 index c43f409..0000000 --- a/include/ekt.h +++ /dev/null @@ -1,201 +0,0 @@ -/* - * ekt.h - * - * interface to Encrypted Key Transport for SRTP - * - * David McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2005 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - - -/* - * EKT implementation strategy - * - * use stream_template approach - * - * in srtp_unprotect, when a new stream appears, check if template has - * EKT defined, and if it does, then apply EKT processing - * - * question: will we want to allow key-sharing templates in addition - * to EKT templates? could define a new ssrc_type_t that's associated - * with an EKT, e.g. ssrc_any_ekt. - * - * - */ - -#ifndef EKT_H -#define EKT_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "srtp_priv.h" - -#define EKT_CIPHER_DEFAULT 1 -#define EKT_CIPHER_AES_128_ECB 1 -#define EKT_CIPHER_AES_192_KEY_WRAP 2 -#define EKT_CIPHER_AES_256_KEY_WRAP 3 - -typedef uint16_t ekt_spi_t; - - -unsigned -ekt_octets_after_base_tag(ekt_stream_t ekt); - -/* - * an srtp_policy_t structure can contain a pointer to an - * ekt_policy_t structure - * - * this structure holds all of the high level EKT information, and it - * is passed into libsrtp to indicate what policy should be in effect - */ - -typedef struct ekt_policy_ctx_t { - ekt_spi_t spi; /* security parameter index */ - uint8_t ekt_cipher_type; - uint8_t *ekt_key; - struct ekt_policy_ctx_t *next_ekt_policy; -} ekt_policy_ctx_t; - - -/* - * an ekt_data_t structure holds the data corresponding to an ekt key, - * spi, and so on - */ - -typedef struct ekt_data_t { - ekt_spi_t spi; - uint8_t ekt_cipher_type; - aes_expanded_key_t ekt_enc_key; - aes_expanded_key_t ekt_dec_key; - struct ekt_data_t *next_ekt_data; -} ekt_data_t; - -/* - * an srtp_stream_ctx_t can contain an ekt_stream_ctx_t - * - * an ekt_stream_ctx_t structure holds all of the EKT information for - * a specific SRTP stream - */ - -typedef struct ekt_stream_ctx_t { - ekt_data_t *data; - uint16_t isn; /* initial sequence number */ - uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; -} ekt_stream_ctx_t; - - - -err_status_t -ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy); - -err_status_t -ekt_stream_init(ekt_stream_t e, - ekt_spi_t spi, - void *ekt_key, - unsigned ekt_cipher_type); - -err_status_t -ekt_stream_init_from_policy(ekt_stream_t e, ekt_policy_t p); - - - -err_status_t -srtp_stream_init_from_ekt(srtp_stream_t stream, - const void *srtcp_hdr, - unsigned pkt_octet_len); - - -void -ekt_write_data(ekt_stream_t ekt, - void *base_tag, - unsigned base_tag_len, - int *packet_len, - xtd_seq_num_t pkt_index); - -/* - * We handle EKT by performing some additional steps before - * authentication (copying the auth tag into a temporary location, - * zeroizing the "base tag" field in the packet) - * - * With EKT, the tag_len parameter is actually the base tag - * length - */ - -err_status_t -ekt_tag_verification_preproces(uint8_t *pkt_tag, - uint8_t *pkt_tag_copy, - unsigned tag_len); - -err_status_t -ekt_tag_verification_postproces(uint8_t *pkt_tag, - uint8_t *pkt_tag_copy, - unsigned tag_len); - - -/* - * @brief EKT pre-processing for srtcp tag generation - * - * This function does the pre-processing of the SRTCP authentication - * tag format. When EKT is used, it consists of writing the Encrypted - * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI - * fields. The Base Authentication Tag field is set to the all-zero - * value - * - * When EKT is not used, this function is a no-op. - * - */ - -err_status_t -srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, - uint8_t *pkt_tag, - unsigned pkt_octet_len); - -/* it's not clear that a tag_generation_postprocess function is needed */ - -err_status_t -srtcp_auth_tag_generation_postprocess(); - - -#ifdef __cplusplus -} -#endif - -#endif /* EKT_H */ |