Next: , Previous: , Up: TLS Extensions   [Contents][Index]


3.6.7 SRTP

The TLS protocol was extended in [RFC5764] to provide keying material to the Secure RTP (SRTP) protocol. The SRTP protocol provides an encapsulation of encrypted data that is optimized for voice data. With the SRTP TLS extension two peers can negotiate keys using TLS or DTLS and obtain keying material for use with SRTP. The available SRTP profiles are listed below.

GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80

128 bit AES with a 80 bit HMAC-SHA1

GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32

128 bit AES with a 32 bit HMAC-SHA1

GNUTLS_SRTP_NULL_HMAC_SHA1_80

NULL cipher with a 80 bit HMAC-SHA1

GNUTLS_SRTP_NULL_HMAC_SHA1_32

NULL cipher with a 32 bit HMAC-SHA1

Figure 3.2: Supported SRTP profiles

To enable use the following functions.

int gnutls_srtp_set_profile (gnutls_session_t session, gnutls_srtp_profile_t profile)
int gnutls_srtp_set_profile_direct (gnutls_session_t session, const char * profiles, const char ** err_pos)

To obtain the negotiated keys use the function below.

Function: int gnutls_srtp_get_keys (gnutls_session_t session, void * key_material, unsigned int key_material_size, gnutls_datum_t * client_key, gnutls_datum_t * client_salt, gnutls_datum_t * server_key, gnutls_datum_t * server_salt)

session: is a gnutls_session_t type.

key_material: Space to hold the generated key material

key_material_size: The maximum size of the key material

client_key: The master client write key, pointing inside the key material

client_salt: The master client write salt, pointing inside the key material

server_key: The master server write key, pointing inside the key material

server_salt: The master server write salt, pointing inside the key material

This is a helper function to generate the keying material for SRTP. It requires the space of the key material to be pre-allocated (should be at least 2x the maximum key size and salt size). The client_key , client_salt , server_key and server_salt are convenience datums that point inside the key material. They may be NULL .

Returns: On success the size of the key material is returned, otherwise, GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not sufficient, or a negative error code.

Since 3.1.4

Other helper functions are listed below.

int gnutls_srtp_get_selected_profile (gnutls_session_t session, gnutls_srtp_profile_t * profile)
const char * gnutls_srtp_get_profile_name (gnutls_srtp_profile_t profile)
int gnutls_srtp_get_profile_id (const char * name, gnutls_srtp_profile_t * profile)

Next: , Previous: , Up: TLS Extensions   [Contents][Index]