fixed rtpw policy-setting, added policy functions
diff --git a/doc/libsrtp.pdf b/doc/libsrtp.pdf
index 8688275..4fc7f43 100644
--- a/doc/libsrtp.pdf
+++ b/doc/libsrtp.pdf
Binary files differ
diff --git a/include/srtp.h b/include/srtp.h
index 6f938f8..ea46d9c 100644
--- a/include/srtp.h
+++ b/include/srtp.h
@@ -458,6 +458,122 @@
crypto_policy_set_rtcp_default(crypto_policy_t *p);
/**
+ * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto
+ * policy structure to the SRTP default policy for RTP protection.
+ *
+ * @param p is a pointer to the policy strucutre to be set to the
+ * default policy.
+ *
+ * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a
+ * synonym for crypto_policy_set_rtp_default(). It conforms to the
+ * naming convention used in
+ * http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt
+ *
+ * @return void.
+ *
+ */
+
+#define crypto_policy_set_aes_cm_128_hmac_sha1_80(p) crypto_policy_set_rtp_default(p)
+
+
+/**
+ * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto
+ * policy structure to a short-authentication tag policy
+ *
+ * @param p is a pointer to the policy strucutre to be set to the
+ * default policy.
+ *
+ * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)
+ * sets the crypto_policy_t at location p to use policy
+ * AES_CM_128_HMAC_SHA1_32 as defined in
+ * draft-ietf-mmusic-sdescriptions-12.txt. This policy uses AES-128
+ * Counter Mode encryption and HMAC-SHA1 authentication, with an
+ * authentication tag that is only 32 bits long. This length is
+ * considered adequate only for protecting audio and video media that
+ * use a stateless playback function. See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @warning This crypto policy is intended for use in SRTP, but not in
+ * SRTCP. It is recommended that a policy that uses longer
+ * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+
+void
+crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p);
+
+
+
+/**
+ * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto
+ * policy structure to an encryption-only policy
+ *
+ * @param p is a pointer to the policy strucutre to be set to the
+ * default policy.
+ *
+ * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-128 Counter Mode), but to use no authentication method. This
+ * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
+ * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless it is
+ * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
+ * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+
+void
+crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p);
+
+
+/**
+ * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto
+ * policy structure to an authentication-only policy
+ *
+ * @param p is a pointer to the policy strucutre to be set to the
+ * default policy.
+ *
+ * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p)
+ * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80
+ * bit authentication tag to provide message authentication, but to
+ * use no encryption. This policy is NOT RECOMMENDED for SRTP unless
+ * there is a requirement to forego encryption.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless there is a
+ * requirement to forego encryption.
+ *
+ * @return void.
+ *
+ */
+
+void
+crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p);
+
+/**
* @brief srtp_dealloc() deallocates storage for an SRTP session
* context.
*
diff --git a/srtp/srtp.c b/srtp/srtp.c
index 54d543c..b8c2dc6 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -1361,6 +1361,61 @@
}
+void
+crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p) {
+
+ /*
+ * corresponds to draft-ietf-mmusic-sdescriptions-12.txt
+ *
+ * note that this crypto policy is intended for SRTP, but not SRTCP
+ */
+
+ p->cipher_type = AES_128_ICM;
+ p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */
+ p->auth_type = HMAC_SHA1;
+ p->auth_key_len = 20; /* 160 bit key */
+ p->auth_tag_len = 4; /* 32 bit tag */
+ p->sec_serv = sec_serv_conf_and_auth;
+
+}
+
+
+void
+crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p) {
+
+ /*
+ * corresponds to draft-ietf-mmusic-sdescriptions-12.txt
+ *
+ * note that this crypto policy is intended for SRTP, but not SRTCP
+ */
+
+ p->cipher_type = AES_128_ICM;
+ p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */
+ p->auth_type = NULL_AUTH;
+ p->auth_key_len = 0;
+ p->auth_tag_len = 0;
+ p->sec_serv = sec_serv_conf;
+
+}
+
+
+void
+crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p) {
+
+ /*
+ * corresponds to draft-ietf-mmusic-sdescriptions-12.txt
+ */
+
+ p->cipher_type = NULL_CIPHER;
+ p->cipher_key_len = 0;
+ p->auth_type = HMAC_SHA1;
+ p->auth_key_len = 20;
+ p->auth_tag_len = 10;
+ p->sec_serv = sec_serv_auth;
+
+}
+
+
/*
* secure rtcp functions
*/
diff --git a/test/rtpw.c b/test/rtpw.c
index b14facb..906080d 100644
--- a/test/rtpw.c
+++ b/test/rtpw.c
@@ -307,8 +307,23 @@
* with only the security services requested on the command line,
* using the right SSRC value
*/
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ switch (sec_servs) {
+ case sec_serv_conf_and_auth:
+ crypto_policy_set_rtp_default(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ case sec_serv_conf:
+ crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ case sec_serv_auth:
+ crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ default:
+ printf("error: unknown security service requested\n");
+ return -1;
+ }
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = ssrc;
policy.key = (uint8_t *) key;