Encrypting RTCP Packet Data

SRTP generates SRTP packets from the RTCP stream and forwards the SRTP packets to the receiver. SRTP transforms incoming SRTP packets to RTCP packets and passes them up the stack. To ensure the confidentiality of the packet content, data encryption is used. The data packet consists of payload and header. The payload is encrypted. An authentication is performed collectively on the header and the encrypted payload.

Encrypted RTP packet data is encapsulated for transmission in a single lower-layer packet as a unit. The encrypted SRTP packet consists of the encrypted RTCP payload and the RTCP header.

The encrypted packet may be of the exact size of the plain packet or larger. The presence of encryption and the correct usage of key are confirmed by the receiver through header or payload validity checks.

An SRTP session must be created and initialized before an application requests for a RTCP payload encryption.

  1. An application requests for encryption of RTCP packet.
  2. The SRTP DLL checks for the cryptographic context of the input stream. If a match is not found, SRTP DLL checks for the cryptographic context of the session.

  3. The packet is encrypted using ProtectRTCPL() API of the class CSRTPSession.The session keys in the cryptographic context of the current SRTP session are used for encryption.

    1. The prototype for the API ProtectRTCPL() is as described below.
      
                           IMPORT_C HBufC8* ProtectRTCPL(TUint aSSRC, const TDesC8& aPacket); 
                        
      This API is invoked if the session finds a match stream and protect stream. aSSRC is the input parameter that contains the Synchronisation Source (SSRC). Synchronisation Source is the source for the stream of RTP packets identified by a 32 bit numeric. SSRC identifier is a part of the RTCP packet header. aPacket is the input parameter that contains the packet to be protected. The packet includes RTP header and the paleout. The length of descriptor should match the actual data. A mismatch in the length descriptor and actual length may lead to incorrect encryption. The packet includes RTP header and the paleout. HBufC8 is the output parameter that contains the encrypted packet. The API leaves, if a matching stream is not found.
  4. The SRTP DLL updates the count of packets encrypted.

On successful execution of the API, encrypted data is returned.