Encrypting RTP Packet Data

SRTP generates SRTP packets from the RTP stream and forwards the packets to the receiver. SRTP transforms incoming SRTP packets to RTP packets and passes them up the stack. To ensure the confidentiality of the packet content, data encryption is used.

The data packet consists of payload and header. The payload is encrypted. An authentication is performed collectively on the header and the encrypted payload.

Encrypted RTP packet data is encapsulated for transmission in a single lower-layer packet as a unit. The encrypted SRTP packet consists of the encrypted RTP payload and RTP header. The encrypted packet may be the exact size of the plain packet or larger.

The presence of encryption and the correct usage of key are confirmed by the receiver through header and payload validity checks.

An SRTP session must be created and initialized before an application requests for a RTP payload encryption.

  1. An application requests for encryption of RTP packet.
  2. The SRTP DLL checks for the cryptographic context of the input stream. If a match is not found, SRTP DLL checks for the cryptographic context of the session.

  3. The packet is encrypted using ProtectRTPL() API of the class CSRTPSession.The session keys in the cryptographic context of the current SRTP session are used for encryption.

    1. The prototype for the API ProtectRTPL() is as described below.
      
                           IMPORT_C HBufC8* ProtectRTPL(TUint aSSRC, const TDesC8& aPacket); 
                        
      This API is invoked if the session finds a match stream and protect stream. aSSRC is the input parameter that contains the Synchronisation Source (SSRC). Synchronisation Source is the source for stream of RTP packets identified by a 32 bit numeric. SSRC identifier is a part of the RTP packet header. aPacket is the input parameter that contains the packet to be protected(encrypted). The packet includes RTP header and the paleout. The length of descriptor should match the actual data length. A mismatch in the length descriptor and actual length may lead to incorrect encryption. HBufC8 is the output parameter that contains the encrypted packet. The API leaves, if a matching stream is not found.
  4. The SRTP DLL updates the count of packets encrypted.

On successful execution of the API, encrypted data is returned.