1
Secure RTP (SRTP) Reference Implementation
7
This package provides an implementation of the Secure Real-time
8
Transport Protocol (SRTP), the Universal Security Transform (UST), and
9
a supporting cryptographic kernel. These mechanisms are documented in
10
the Internet Drafts in the doc/ subdirectory. The SRTP API is
11
documented in include/srtp.h, and the library is in libsrtp.a (after
12
compilation). An overview and reference manual is available in
13
doc/libsrtp.pdf. The PDF documentation is more up to date than this
19
./configure [ options ] # GNU autoconf script
20
make # or gmake if needed; use GNU make
22
The configure script accepts the following options:
24
--help provides a usage summary
25
--disable-debug compile without the runtime debugging system
26
--enable-syslog use syslog for error reporting
27
--disable-stdout use stdout for error reporting
28
--enable-console use /dev/console for error reporting
29
--gdoi use GDOI key management (disabled at present)
31
By default, debbuging is enabled and stdout is used for debugging.
32
You can use the above configure options to have the debugging output
33
sent to syslog or the system console. Alternatively, you can define
34
ERR_REPORTING_FILE in include/conf.h to be any other file that can be
35
opened by libSRTP, and debug messages will be sent to it.
37
This package has been tested on Mac OS X (powerpc-apple-darwin1.4),
38
Cygwin (i686-pc-cygwin), and Sparc (sparc-sun-solaris2.6). Previous
39
versions have been tested on Linux and OpenBSD on both x86 and sparc
42
A quick tour of this package:
44
Makefile targets: all, clean, ...
47
VERSION version number of this package
48
LICENSE legal details (it's a BSD-like license)
49
crypto/ciphers/ ciphers (null, aes_icm, ...)
50
crypto/math/ crypto math routines
51
crypto/hash/ crypto hashing (hmac, tmmhv2, ...)
52
crypto/replay/ replay protection
53
doc/ documentation: rfcs, apis, and suchlike
54
include/ include files for all code in distribution
55
srtp/ secure real-time transport protocol implementation
56
tables/ apps for generating tables (useful in porting)
62
Several test drivers and a simple and portable srtp application
63
are included in the test/ subdirectory.
65
test driver function tested
66
-------------------------------------------------------------
67
kernel_driver crypto kernel (ciphers, auth funcs, rng)
68
srtp_driver srtp in-memory tests (does not use the network)
69
rdbx_driver rdbx (extended replay database)
70
roc_driver extended sequence number functions
71
replay_driver replay database (n.b. not used in libsrtp)
73
auth_driver hash functions
75
The app rtpw is a simple rtp application which reads words from
76
/usr/dict/words and then sends them out one at a time using [s]rtp.
77
Manual srtp keying uses the -k option; automated key management
78
using gdoi will be added later.
80
usage: rtpw [-d <debug>]* [-k <key> [-a][-e]] [-s | -r] dest_ip dest_port
83
Either the -s (sender) or -r (receiver) option must be chosen.
85
The values dest_ip, dest_port are the ip address and udp port to
86
which the dictionary will be sent, respectively.
90
-s (s)rtp sender - causes app to send words
92
-r (s)rtp receive - causes app to receve words
94
-k <key> use srtp master key <key>, where the
95
key is a hexadecimal value (without the
98
-e encrypt/decrypt (for data confidentiality)
99
(requires use of -k option as well)
101
-a message authentication
102
(requires use of -k option as well)
104
-l list debug modules
106
-d <debug> turn on debugging for module <debug>
109
In order to get random 30-byte values for use as key/salt pairs , you
110
can use the following bash function to format the output of
111
/dev/random (where that device is available).
114
cat /dev/random | od --read-bytes=32 --width=32 -x | awk '{ print $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 }'
118
An example of an SRTP session using two rtpw programs follows:
120
set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451
122
[sh1]$ test/rtpw -s -k $k -ea 0.0.0.0 9999
123
Security services: confidentiality message authentication
124
set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
125
setting SSRC to 2078917053
132
[sh2]$ test/rtpw -r -k $k -ea 0.0.0.0 9999
133
security services: confidentiality message authentication
134
set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
135
19 octets received from SSRC 2078917053 word: A
136
19 octets received from SSRC 2078917053 word: a
137
20 octets received from SSRC 2078917053 word: aa
138
21 octets received from SSRC 2078917053 word: aal
143
* The srtp_protect() function assumes that the buffer holding the
144
rtp packet has enough storage allocated that the authentication
145
tag can be written to the end of that packet. If this assumption
146
is not valid, memory corruption will ensue.
148
* Automated tests for the crypto functions are provided through
149
the cipher_type_self_test() and auth_type_self_test() functions.
150
These functions should be used to test each port of this code
153
* Replay protection is contained in the crypto engine, and
154
tests for it are provided.
156
* This implementation provides calls to initialize, protect, and
157
unprotect RTP packets, and makes as few as possible assumptions
158
about how these functions will be called. For example, the
159
caller is not expected to provide packets in order (though if
160
they're called more than 65k out of sequence, synchronization
163
* The sequence number in the rtp packet is used as the low 16 bits
164
of the sender's local packet index. Note that RTP will start its
165
sequence number in a random place, and the SRTP layer just jumps
166
forward to that number at its first invocation. An earlier
167
version of this library used initial sequence numbers that are
168
less than 32,768; this trick is no longer required as the
169
rdbx_estimate_index(...) function has been made smarter.
171
* The replay window is 128 bits in length, and is hard-coded to this