couple of questions on srtpenc/srtpdec configuration

Hi,
I am trying to figure out how to configure the srtpenc/srtpdec elements but I am confused about the mapping of terms/properties used in the documentation (given by gst-inspect)  and those used in RFC5764 (SRTP Extension for DTLS).

RFC5764 specifies a "srtp_mki" called "SRTP Master Key Identifier". This parameter is optional, indeed the chrome browser uses a zero-length value for this parameter in its DTLS handshake.

srtpenc has a single property "key" called "Master key."

Question: I am assuming the srtpenc property "key" is NOT the RFC5764 "srtp_mki" value.  Is this assumption correct?  (It would seem strange to me that the single key property for the element would be an optional parameter for the SRTP/DTLS connection even though they are both called a Master key. If this is true, then a chrome WebRTC client could never connect to a GStreamer srtpenc element pipeline).

RFC5764 specifies the use of the exporter label "EXTRACTOR=dtls_srtp" for generating the key from the negotiated crypto. I am using the following openssl API routine:

SSL_export_keying_material(....., "EXTRACTOR-dtls_srtp", .....)

Question: I am assuming the output of this openssl API routine is what should be used for the srtpenc property "key"   Is this assumption correct?

I have studied the source code of a different project that uses libsrtp for SRTP.  These examples show the generation of the 4 subkeys: client_write_SRTP_master_key, server_write_SRTP_master_key, client_write_SRTP_master_salt, and server_write_SRTP_master_salt.

Question: I am assuming that the srtpenc element internally generates those 4 required subkeys from the main "key" property so that application code does not explicitly have to generate these subkeys.   Is this assumption correct?

These examples also show that libsrtp key generation is dependent on the operation mode of the DTLS connection that will use the keys, that is, whether the DTLS connection is running in client or server mode (the order of the key vs salt subkeys is different for client vs server mode). Yet there is no similar client/server distinction property for the srtpenc element.

Question: I am assuming that this DTLS mode dependency for key generation is only applicable to libsrtp library, and not in general for SRTP keys for use with srtpenc, that is, all of that dependency is dealt with internally and therefore of no concern at the application pipeline code layer.   Is this assumption correct?

Thanks,
-Andres

Hi,

First, you may want to have a look at the dtlssrtpenc/dec elements,
they probably do exactly what you want to do. And even if they don't,
they are a good example of how to implement DTLS-SRTP with the
srtpenc/dec elements.

On Thu, 2016-07-28 at 13:14 -0700, Andres Gonzalez wrote:
> Question: I am assuming the srtpenc property "key" is NOT the RFC5764
> "srtp_mki" value.  Is this assumption correct?

The srtpenc/dec elements indeed don't offer the MKI, because libsrtp
doesn't support it.. And as far as I know, no one really uses it.

> Question: I am assuming the output of *this* openssl API routine is
> what
> should be used for the srtpenc property "key"   Is this assumption
> correct?

Yes, you have to give the right one depending on if you're the client
or server, one goes to the encoder and the other to the decoder.

Those are not subkeys. On the client, you need to give the client
key+salt to the encoder and the server key+salt to the decoder, and the
opposite at the server.

See example in the gst-plugins-bad/ext/dtls


No, the mode is a DTLS thing, not a SRTP thing, SRTP has no client or
server. It just has a encoder and a decoder, and they both need the
same key to be able to decode what was encoded. That said, normally you
use a different key for each direction.

--
Olivier Crête
[hidden email]
_______________________________________________
gstreamer-devel mailing list
[hidden email]
https://lists.freedesktop.org/mailman/listinfo/gstreamer-devel