xref: /aosp_15_r20/external/libsrtp2/include/ekt.h (revision 90e502c7aef8d77d0622bb67d75435c6190cfc1a) 
1*90e502c7SAndroid Build Coastguard Worker /*
2*90e502c7SAndroid Build Coastguard Worker  * ekt.h
3*90e502c7SAndroid Build Coastguard Worker  *
4*90e502c7SAndroid Build Coastguard Worker  * interface to Encrypted Key Transport for SRTP
5*90e502c7SAndroid Build Coastguard Worker  *
6*90e502c7SAndroid Build Coastguard Worker  * David McGrew
7*90e502c7SAndroid Build Coastguard Worker  * Cisco Systems, Inc.
8*90e502c7SAndroid Build Coastguard Worker  */
9*90e502c7SAndroid Build Coastguard Worker /*
10*90e502c7SAndroid Build Coastguard Worker  *
11*90e502c7SAndroid Build Coastguard Worker  * Copyright (c) 2001-2017 Cisco Systems, Inc.
12*90e502c7SAndroid Build Coastguard Worker  * All rights reserved.
13*90e502c7SAndroid Build Coastguard Worker  *
14*90e502c7SAndroid Build Coastguard Worker  * Redistribution and use in source and binary forms, with or without
15*90e502c7SAndroid Build Coastguard Worker  * modification, are permitted provided that the following conditions
16*90e502c7SAndroid Build Coastguard Worker  * are met:
17*90e502c7SAndroid Build Coastguard Worker  *
18*90e502c7SAndroid Build Coastguard Worker  *   Redistributions of source code must retain the above copyright
19*90e502c7SAndroid Build Coastguard Worker  *   notice, this list of conditions and the following disclaimer.
20*90e502c7SAndroid Build Coastguard Worker  *
21*90e502c7SAndroid Build Coastguard Worker  *   Redistributions in binary form must reproduce the above
22*90e502c7SAndroid Build Coastguard Worker  *   copyright notice, this list of conditions and the following
23*90e502c7SAndroid Build Coastguard Worker  *   disclaimer in the documentation and/or other materials provided
24*90e502c7SAndroid Build Coastguard Worker  *   with the distribution.
25*90e502c7SAndroid Build Coastguard Worker  *
26*90e502c7SAndroid Build Coastguard Worker  *   Neither the name of the Cisco Systems, Inc. nor the names of its
27*90e502c7SAndroid Build Coastguard Worker  *   contributors may be used to endorse or promote products derived
28*90e502c7SAndroid Build Coastguard Worker  *   from this software without specific prior written permission.
29*90e502c7SAndroid Build Coastguard Worker  *
30*90e502c7SAndroid Build Coastguard Worker  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31*90e502c7SAndroid Build Coastguard Worker  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32*90e502c7SAndroid Build Coastguard Worker  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33*90e502c7SAndroid Build Coastguard Worker  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34*90e502c7SAndroid Build Coastguard Worker  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35*90e502c7SAndroid Build Coastguard Worker  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36*90e502c7SAndroid Build Coastguard Worker  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37*90e502c7SAndroid Build Coastguard Worker  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38*90e502c7SAndroid Build Coastguard Worker  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39*90e502c7SAndroid Build Coastguard Worker  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40*90e502c7SAndroid Build Coastguard Worker  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41*90e502c7SAndroid Build Coastguard Worker  * OF THE POSSIBILITY OF SUCH DAMAGE.
42*90e502c7SAndroid Build Coastguard Worker  *
43*90e502c7SAndroid Build Coastguard Worker  */
44*90e502c7SAndroid Build Coastguard Worker 
45*90e502c7SAndroid Build Coastguard Worker /*
46*90e502c7SAndroid Build Coastguard Worker  * EKT implementation strategy
47*90e502c7SAndroid Build Coastguard Worker  *
48*90e502c7SAndroid Build Coastguard Worker  * use stream_template approach
49*90e502c7SAndroid Build Coastguard Worker  *
50*90e502c7SAndroid Build Coastguard Worker  * in srtp_unprotect, when a new stream appears, check if template has
51*90e502c7SAndroid Build Coastguard Worker  * EKT defined, and if it does, then apply EKT processing
52*90e502c7SAndroid Build Coastguard Worker  *
53*90e502c7SAndroid Build Coastguard Worker  * question: will we want to allow key-sharing templates in addition
54*90e502c7SAndroid Build Coastguard Worker  * to EKT templates?  could define a new ssrc_type_t that's associated
55*90e502c7SAndroid Build Coastguard Worker  * with an EKT, e.g.  ssrc_any_ekt.
56*90e502c7SAndroid Build Coastguard Worker  *
57*90e502c7SAndroid Build Coastguard Worker  *
58*90e502c7SAndroid Build Coastguard Worker  */
59*90e502c7SAndroid Build Coastguard Worker 
60*90e502c7SAndroid Build Coastguard Worker #ifndef SRTP_EKT_H
61*90e502c7SAndroid Build Coastguard Worker #define SRTP_EKT_H
62*90e502c7SAndroid Build Coastguard Worker 
63*90e502c7SAndroid Build Coastguard Worker // left in commented out as reminder to not include private headers
64*90e502c7SAndroid Build Coastguard Worker //#include "srtp_priv.h"
65*90e502c7SAndroid Build Coastguard Worker 
66*90e502c7SAndroid Build Coastguard Worker #ifdef __cplusplus
67*90e502c7SAndroid Build Coastguard Worker extern "C" {
68*90e502c7SAndroid Build Coastguard Worker #endif
69*90e502c7SAndroid Build Coastguard Worker 
70*90e502c7SAndroid Build Coastguard Worker #define SRTP_EKT_CIPHER_DEFAULT 1
71*90e502c7SAndroid Build Coastguard Worker #define SRTP_EKT_CIPHER_AES_128_ECB 1
72*90e502c7SAndroid Build Coastguard Worker #define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2
73*90e502c7SAndroid Build Coastguard Worker #define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3
74*90e502c7SAndroid Build Coastguard Worker 
75*90e502c7SAndroid Build Coastguard Worker typedef uint16_t srtp_ekt_spi_t;
76*90e502c7SAndroid Build Coastguard Worker 
77*90e502c7SAndroid Build Coastguard Worker unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt);
78*90e502c7SAndroid Build Coastguard Worker 
79*90e502c7SAndroid Build Coastguard Worker /*
80*90e502c7SAndroid Build Coastguard Worker  * an srtp_policy_t structure can contain a pointer to an
81*90e502c7SAndroid Build Coastguard Worker  * srtp_ekt_policy_t structure
82*90e502c7SAndroid Build Coastguard Worker  *
83*90e502c7SAndroid Build Coastguard Worker  * this structure holds all of the high level EKT information, and it
84*90e502c7SAndroid Build Coastguard Worker  * is passed into libsrtp to indicate what policy should be in effect
85*90e502c7SAndroid Build Coastguard Worker  */
86*90e502c7SAndroid Build Coastguard Worker 
87*90e502c7SAndroid Build Coastguard Worker typedef struct srtp_ekt_policy_ctx_t {
88*90e502c7SAndroid Build Coastguard Worker     srtp_ekt_spi_t spi; /* security parameter index */
89*90e502c7SAndroid Build Coastguard Worker     uint8_t ekt_cipher_type;
90*90e502c7SAndroid Build Coastguard Worker     uint8_t *ekt_key;
91*90e502c7SAndroid Build Coastguard Worker     struct srtp_ekt_policy_ctx_t *next_ekt_policy;
92*90e502c7SAndroid Build Coastguard Worker } srtp_ekt_policy_ctx_t;
93*90e502c7SAndroid Build Coastguard Worker 
94*90e502c7SAndroid Build Coastguard Worker /*
95*90e502c7SAndroid Build Coastguard Worker  * an srtp_ekt_data_t structure holds the data corresponding to an ekt key,
96*90e502c7SAndroid Build Coastguard Worker  * spi, and so on
97*90e502c7SAndroid Build Coastguard Worker  */
98*90e502c7SAndroid Build Coastguard Worker 
99*90e502c7SAndroid Build Coastguard Worker typedef struct srtp_ekt_data_t {
100*90e502c7SAndroid Build Coastguard Worker     srtp_ekt_spi_t spi;
101*90e502c7SAndroid Build Coastguard Worker     uint8_t ekt_cipher_type;
102*90e502c7SAndroid Build Coastguard Worker     srtp_aes_expanded_key_t ekt_enc_key;
103*90e502c7SAndroid Build Coastguard Worker     srtp_aes_expanded_key_t ekt_dec_key;
104*90e502c7SAndroid Build Coastguard Worker     struct ekt_data_t *next_ekt_data;
105*90e502c7SAndroid Build Coastguard Worker } srtp_ekt_data_t;
106*90e502c7SAndroid Build Coastguard Worker 
107*90e502c7SAndroid Build Coastguard Worker /*
108*90e502c7SAndroid Build Coastguard Worker  * an srtp_stream_ctx_t can contain an srtp_ekt_stream_ctx_t
109*90e502c7SAndroid Build Coastguard Worker  *
110*90e502c7SAndroid Build Coastguard Worker  * an srtp_ekt_stream_ctx_t structure holds all of the EKT information for
111*90e502c7SAndroid Build Coastguard Worker  * a specific SRTP stream
112*90e502c7SAndroid Build Coastguard Worker  */
113*90e502c7SAndroid Build Coastguard Worker 
114*90e502c7SAndroid Build Coastguard Worker typedef struct srtp_ekt_stream_ctx_t {
115*90e502c7SAndroid Build Coastguard Worker     srtp_ekt_data_t *data;
116*90e502c7SAndroid Build Coastguard Worker     uint16_t isn; /* initial sequence number  */
117*90e502c7SAndroid Build Coastguard Worker     uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN];
118*90e502c7SAndroid Build Coastguard Worker } srtp_ekt_stream_ctx_t;
119*90e502c7SAndroid Build Coastguard Worker 
120*90e502c7SAndroid Build Coastguard Worker srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data,
121*90e502c7SAndroid Build Coastguard Worker                                  srtp_ekt_policy_t policy);
122*90e502c7SAndroid Build Coastguard Worker 
123*90e502c7SAndroid Build Coastguard Worker srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e,
124*90e502c7SAndroid Build Coastguard Worker                                        srtp_ekt_spi_t spi,
125*90e502c7SAndroid Build Coastguard Worker                                        void *ekt_key,
126*90e502c7SAndroid Build Coastguard Worker                                        unsigned ekt_cipher_type);
127*90e502c7SAndroid Build Coastguard Worker 
128*90e502c7SAndroid Build Coastguard Worker srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e,
129*90e502c7SAndroid Build Coastguard Worker                                                    srtp_ekt_policy_t p);
130*90e502c7SAndroid Build Coastguard Worker 
131*90e502c7SAndroid Build Coastguard Worker srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream,
132*90e502c7SAndroid Build Coastguard Worker                                             const void *srtcp_hdr,
133*90e502c7SAndroid Build Coastguard Worker                                             unsigned pkt_octet_len);
134*90e502c7SAndroid Build Coastguard Worker 
135*90e502c7SAndroid Build Coastguard Worker void srtp_ekt_write_data(srtp_ekt_stream_t ekt,
136*90e502c7SAndroid Build Coastguard Worker                          uint8_t *base_tag,
137*90e502c7SAndroid Build Coastguard Worker                          unsigned base_tag_len,
138*90e502c7SAndroid Build Coastguard Worker                          int *packet_len,
139*90e502c7SAndroid Build Coastguard Worker                          srtp_xtd_seq_num_t pkt_index);
140*90e502c7SAndroid Build Coastguard Worker 
141*90e502c7SAndroid Build Coastguard Worker /*
142*90e502c7SAndroid Build Coastguard Worker  * We handle EKT by performing some additional steps before
143*90e502c7SAndroid Build Coastguard Worker  * authentication (copying the auth tag into a temporary location,
144*90e502c7SAndroid Build Coastguard Worker  * zeroizing the "base tag" field in the packet)
145*90e502c7SAndroid Build Coastguard Worker  *
146*90e502c7SAndroid Build Coastguard Worker  * With EKT, the tag_len parameter is actually the base tag
147*90e502c7SAndroid Build Coastguard Worker  * length
148*90e502c7SAndroid Build Coastguard Worker  */
149*90e502c7SAndroid Build Coastguard Worker srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag,
150*90e502c7SAndroid Build Coastguard Worker                                                       uint8_t *pkt_tag_copy,
151*90e502c7SAndroid Build Coastguard Worker                                                       unsigned tag_len);
152*90e502c7SAndroid Build Coastguard Worker 
153*90e502c7SAndroid Build Coastguard Worker srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag,
154*90e502c7SAndroid Build Coastguard Worker                                                        uint8_t *pkt_tag_copy,
155*90e502c7SAndroid Build Coastguard Worker                                                        unsigned tag_len);
156*90e502c7SAndroid Build Coastguard Worker 
157*90e502c7SAndroid Build Coastguard Worker /*
158*90e502c7SAndroid Build Coastguard Worker  * @brief EKT pre-processing for srtcp tag generation
159*90e502c7SAndroid Build Coastguard Worker  *
160*90e502c7SAndroid Build Coastguard Worker  * This function does the pre-processing of the SRTCP authentication
161*90e502c7SAndroid Build Coastguard Worker  * tag format.  When EKT is used, it consists of writing the Encrypted
162*90e502c7SAndroid Build Coastguard Worker  * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI
163*90e502c7SAndroid Build Coastguard Worker  * fields.  The Base Authentication Tag field is set to the all-zero
164*90e502c7SAndroid Build Coastguard Worker  * value
165*90e502c7SAndroid Build Coastguard Worker  *
166*90e502c7SAndroid Build Coastguard Worker  * When EKT is not used, this function is a no-op.
167*90e502c7SAndroid Build Coastguard Worker  *
168*90e502c7SAndroid Build Coastguard Worker  */
169*90e502c7SAndroid Build Coastguard Worker srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess(
170*90e502c7SAndroid Build Coastguard Worker     const srtp_stream_t *s,
171*90e502c7SAndroid Build Coastguard Worker     uint8_t *pkt_tag,
172*90e502c7SAndroid Build Coastguard Worker     unsigned pkt_octet_len);
173*90e502c7SAndroid Build Coastguard Worker 
174*90e502c7SAndroid Build Coastguard Worker /* it's not clear that a tag_generation_postprocess function is needed */
175*90e502c7SAndroid Build Coastguard Worker srtp_err_status_t srtcp_auth_tag_generation_postprocess(void);
176*90e502c7SAndroid Build Coastguard Worker 
177*90e502c7SAndroid Build Coastguard Worker #ifdef __cplusplus
178*90e502c7SAndroid Build Coastguard Worker }
179*90e502c7SAndroid Build Coastguard Worker #endif
180*90e502c7SAndroid Build Coastguard Worker 
181*90e502c7SAndroid Build Coastguard Worker #endif /* SRTP_EKT_H */
182