couple of questions on srtpenc/srtpdec configuration

Andres Gonzalez andres.agoralabs at gmail.com
Thu Jul 28 20:14:18 UTC 2016


Hi,
I am trying to figure out how to configure the srtpenc/srtpdec elements but
I am confused about the mapping of terms/properties used in the
documentation (given by gst-inspect)  and those used in RFC5764 (SRTP
Extension for DTLS).

RFC5764 specifies a "srtp_mki" called "SRTP Master Key Identifier". This
parameter is optional, indeed the chrome browser uses a zero-length value
for this parameter in its DTLS handshake.

srtpenc has a single property "key" called "Master key."

Question: I am assuming the srtpenc property "key" is NOT the RFC5764
"srtp_mki" value.  Is this assumption correct?  (It would seem strange to me
that the *single* key property for the element would be an *optional*
parameter for the SRTP/DTLS connection even though they are both called a
Master key. If this is true, then a chrome WebRTC client could never connect
to a GStreamer srtpenc element pipeline).

RFC5764 specifies the use of the exporter label "EXTRACTOR=dtls_srtp" for
generating the key from the negotiated crypto. I am using the following
openssl API routine:

SSL_export_keying_material(....., "EXTRACTOR-dtls_srtp", .....)

Question: I am assuming the output of *this* openssl API routine is what
should be used for the srtpenc property "key"   Is this assumption correct?

I have studied the source code of a different project that uses libsrtp for
SRTP.  These examples show the generation of the 4 subkeys:
client_write_SRTP_master_key, server_write_SRTP_master_key,
client_write_SRTP_master_salt, and server_write_SRTP_master_salt.

Question: I am assuming that the srtpenc element internally generates those
4 required subkeys from the main "key" property so that application code
does not explicitly have to generate these subkeys.   Is this assumption
correct?

These examples also show that libsrtp key generation is dependent on the
operation mode of the DTLS connection that will use the keys, that is,
whether the DTLS connection is running in client or server mode (the order
of the key vs salt subkeys is different for client vs server mode). Yet
there is no similar client/server distinction property for the srtpenc
element.

Question: I am assuming that this DTLS mode dependency for key generation is
only applicable to libsrtp library, and not in general for SRTP keys for use
with srtpenc, that is, all of that dependency is dealt with internally and
therefore of no concern at the application pipeline code layer.   Is this
assumption correct?

Thanks,
-Andres



--
View this message in context: http://gstreamer-devel.966125.n4.nabble.com/couple-of-questions-on-srtpenc-srtpdec-configuration-tp4678893.html
Sent from the GStreamer-devel mailing list archive at Nabble.com.


More information about the gstreamer-devel mailing list