SRTP (GnuTLS 3.8.4)

3.6.7 SRTP

The TLS protocol was extended in [RFC5764] to provide keying material to the Secure RTP (SRTP) protocol. The SRTP protocol provides an encapsulation of encrypted data that is optimized for voice data. With the SRTP TLS extension two peers can negotiate keys using TLS or DTLS and obtain keying material for use with SRTP. The available SRTP profiles are listed below.

GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1
GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
GNUTLS_SRTP_AEAD_AES_128_GCM: 128 bit AES with GCM
GNUTLS_SRTP_AEAD_AES_256_GCM: 256 bit AES with GCM

Figure 3.2: Supported SRTP profiles

To enable use the following functions.

int gnutls_srtp_set_profile (gnutls_session_t session, gnutls_srtp_profile_t profile)
int gnutls_srtp_set_profile_direct (gnutls_session_t session, const char * profiles, const char ** err_pos)

To obtain the negotiated keys use the function below.

Function: int gnutls_srtp_get_keys (gnutls_session_t session, void * key_material, unsigned int key_material_size, gnutls_datum_t * client_key, gnutls_datum_t * client_salt, gnutls_datum_t * server_key, gnutls_datum_t * server_salt)

session: is a gnutls_session_t type.

key_material: Space to hold the generated key material

key_material_size: The maximum size of the key material

client_key: The master client write key, pointing inside the key material

client_salt: The master client write salt, pointing inside the key material

server_key: The master server write key, pointing inside the key material

server_salt: The master server write salt, pointing inside the key material

This is a helper function to generate the keying material for SRTP. It requires the space of the key material to be pre-allocated (should be at least 2x the maximum key size and salt size). The client_key , client_salt , server_key and server_salt are convenience datums that point inside the key material. They may be NULL .

Returns: On success the size of the key material is returned, otherwise, GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not sufficient, or a negative error code.

Since 3.1.4

Other helper functions are listed below.

int gnutls_srtp_get_selected_profile (gnutls_session_t session, gnutls_srtp_profile_t * profile)
const char * gnutls_srtp_get_profile_name (gnutls_srtp_profile_t profile)
int gnutls_srtp_get_profile_id (const char * name, gnutls_srtp_profile_t * profile)