|
1 /* |
|
2 * Copyright (c) 2004 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: Contains an SRTP specific cryptographic context. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #ifndef __SRTP_CRYPTOHANDLER_SRTP_H__ |
|
22 #define __SRTP_CRYPTOHANDLER_SRTP_H__ |
|
23 |
|
24 // INCLUDES |
|
25 #include <e32base.h> |
|
26 #include "srtpcryptocontext.h" |
|
27 #include "srtpcryptohandler.h" |
|
28 #include "msrtpcryptohandlercontextrtp.h" |
|
29 |
|
30 |
|
31 // FORWARD DECLARATIONS |
|
32 class CSRTPStream; |
|
33 |
|
34 /** |
|
35 * Contains RTP specific handling of cryptographic context. |
|
36 */ |
|
37 class CSRTPCryptoHandlerSRTP : public CSRTPCryptoHandler, |
|
38 public MSRTPCryptoHandlerContextRTP |
|
39 { |
|
40 public: // Construction |
|
41 /** |
|
42 * Two-phased constructor. |
|
43 * @param aStream aStream for this cryptohandler. |
|
44 * @leave KErrNone if success, system-wide error code otherwise |
|
45 */ |
|
46 static CSRTPCryptoHandlerSRTP* NewL( CSRTPStream& aStream ); |
|
47 /** |
|
48 * Two-phased constructor. |
|
49 * @param aStream aStream for this cryptohandler. |
|
50 * @leave KErrNone if success, system-wide error code otherwise |
|
51 */ |
|
52 static CSRTPCryptoHandlerSRTP* NewLC( CSRTPStream& aStream); |
|
53 |
|
54 |
|
55 |
|
56 /** |
|
57 * Calculate authentication tag for an RTP packet. |
|
58 * Authentication is based on the current |
|
59 * TSRTPAuthAlg algorithm setting in CryptoContext |
|
60 * If the operation fails, the function leaves |
|
61 * with a system error code. |
|
62 * @leave KErrNone if success, system-wide error code otherwise, |
|
63 */ |
|
64 HBufC8* CalculateAuthTagL(); |
|
65 |
|
66 ~CSRTPCryptoHandlerSRTP( ); |
|
67 |
|
68 |
|
69 private: // from MSRTPCryptoHandlerContext |
|
70 /* |
|
71 * Initialize plain packet class (CSRTPPacketRTP) |
|
72 * @param aPacket RTP packet. |
|
73 * @leave KErrNone if success, system-wide error code otherwise |
|
74 * @return void |
|
75 */ |
|
76 void InitializePlainPacketL(const TDesC8& aPacket); |
|
77 |
|
78 /* |
|
79 * Initialize encrypted packet class (CSRTPPacketSRTP) |
|
80 * @param aPacket SRTP packet. |
|
81 * @leave KErrNone if success, system-wide error code otherwise |
|
82 * @return void |
|
83 */ |
|
84 void InitializeEncryptedPacketL(const TDesC8& aPacket); |
|
85 |
|
86 /* |
|
87 * Derive session encryption, salting and authentication keys |
|
88 * for RTP |
|
89 * @return void |
|
90 */ |
|
91 void DeriveSessionKeysL(); |
|
92 |
|
93 /* |
|
94 * Encrypt plain RTP packet |
|
95 * @leave KErrNone if success, system-wide error code otherwise |
|
96 * @return encrypted packet |
|
97 */ |
|
98 HBufC8* EncryptL(); |
|
99 |
|
100 /* |
|
101 * Decrypt ciphered SRTP packet |
|
102 * @leave KErrNone if success, system-wide error code otherwise |
|
103 * @return plain packet |
|
104 */ |
|
105 HBufC8* DecryptL(); |
|
106 |
|
107 /* |
|
108 * Check that crypto context MKI and |
|
109 * packet MKI match. |
|
110 * @leave KErrNone if success, system-wide error code otherwise |
|
111 * @return void |
|
112 */ |
|
113 void CheckMasterKeyIdentifierL(); |
|
114 |
|
115 /* |
|
116 * Perform the authentication step |
|
117 * @leave KErrNone if success, system-wide error code otherwise |
|
118 * @return void |
|
119 */ |
|
120 void AuthenticateL(); |
|
121 |
|
122 /* |
|
123 * Perform the replay protection step |
|
124 * @leave KErrNone if success, system-wide error code otherwise |
|
125 * @return void |
|
126 */ |
|
127 void ReplayProtectionL(); |
|
128 |
|
129 /* |
|
130 * function for querying whether master key or salt has been updated |
|
131 * @return master keys update status |
|
132 */ |
|
133 TBool MasterKeysUpdated(); |
|
134 |
|
135 /* |
|
136 * function for updating Replay index after ReplayProtection Check |
|
137 * @return void |
|
138 */ |
|
139 void AddReplayIndex() ; |
|
140 |
|
141 |
|
142 private: // from MSRTPCryptoHandlerContextRTP |
|
143 /* |
|
144 * Determines the index i |
|
145 * of an SRTP packet with given sequence number SEQ on sender's side. |
|
146 * @return void |
|
147 */ |
|
148 void CountSenderPacketIndexL(); |
|
149 |
|
150 /* |
|
151 * Implements pseudocode on RFC 3711 Appendix A |
|
152 * for determining the index i of an SRTP packet with given sequence number SEQ |
|
153 * and current s_l value in receiver side |
|
154 * @leave KErrNone if success, system-wide error code otherwise |
|
155 * @return void |
|
156 */ |
|
157 void CountReceiverPacketIndexL(); |
|
158 |
|
159 /* |
|
160 * Assign receiver counter s_l to the value of first sequence number. |
|
161 * @return void |
|
162 */ |
|
163 void SetReceiver_s_l(); |
|
164 |
|
165 /* |
|
166 * Conditionally update ROC in sender's side: |
|
167 * Each time SEQ wraps MOD 2^16, the sender side must |
|
168 * increment ROC by one MOD 2^32. |
|
169 * @return void |
|
170 */ |
|
171 void UpdateROC(); |
|
172 |
|
173 /* |
|
174 * Conditionally update s_l and ROC based on v value. |
|
175 * See RFC 3711 section 3.3.1 for more information |
|
176 * @leave KErrNone if success, system-wide error code otherwise |
|
177 * @return void |
|
178 */ |
|
179 void Update_s_l_and_RocL(); |
|
180 |
|
181 /* |
|
182 * Add auth tag to the given packet. |
|
183 * @param aSrtpPacketPtr packet pointer |
|
184 * @leave KErrNone if success, system-wide error code otherwise, |
|
185 * @return void |
|
186 */ |
|
187 void AddAuthTagToPacketL(TUint8* aSrtpPacketPtr); |
|
188 |
|
189 /* |
|
190 * Check if packets is carrying Roll-Over Counter |
|
191 * @return TBool return True if it should carry, otherwise return False. |
|
192 */ |
|
193 TBool CarryROC(); |
|
194 |
|
195 /* |
|
196 * Call AuthenticateL in MSRTPAuthentication -interface |
|
197 * to get authentication tag based on algorithm |
|
198 * that is currently set in crypto context |
|
199 * @param aAuthenticatedArea portion of data to be authenticated |
|
200 * @param aRoc Roll-Over counter |
|
201 * @leave KErrNone if success, system-wide error code otherwise, |
|
202 * @return authentication tag |
|
203 */ |
|
204 HBufC8* DoAuthenticationL(const TDesC8& aAuthenticatedArea, |
|
205 const TDesC8& aRoc); |
|
206 private: // methods |
|
207 |
|
208 /* |
|
209 * Count IV and transform payload |
|
210 * @return HBufC8*, transformed encrypted / decrypted paylod |
|
211 */ |
|
212 HBufC8* CountIV_And_TransformL(); |
|
213 |
|
214 /* |
|
215 * Add MKI to the given packet. |
|
216 * Common for RTP and RTCP. |
|
217 * @param aSrtpPacketPtr packet pointer |
|
218 * @return void |
|
219 */ |
|
220 void AddMKIToPacket(TUint8* aSrtpPacketPtr); |
|
221 |
|
222 |
|
223 /* |
|
224 * Count sender packet index when receiving the packet under RCC mode 1 |
|
225 * based on the attached sender ROC |
|
226 * @return TUint64 sender packet index. |
|
227 */ |
|
228 TInt64 CountSndIndxbySndROC(); |
|
229 |
|
230 void ConstructL(); |
|
231 |
|
232 void ReKeyCheck(); |
|
233 |
|
234 TBool CSRTPCryptoHandlerSRTP::IfAddAuthTag(); |
|
235 |
|
236 CSRTPCryptoHandlerSRTP( CSRTPStream& aStream ); |
|
237 |
|
238 |
|
239 private: // data |
|
240 TUint32 iROC; // //only using when RCC mode as sender Roc |
|
241 TUint16 iS_L; // s_l, highest received SEQ |
|
242 TUint16 iCurrentSeq; // current sequence number |
|
243 TUint64 iPktIndex; //packet index |
|
244 TInt32 iV; // local v value |
|
245 TInt iReplayIndexDelta; |
|
246 TUint64 iSRTPMasterKeyLifeTime; |
|
247 private: |
|
248 #ifdef EUNIT_TESTING |
|
249 friend class UT_CSRTPCryptoHandlerSRTP; |
|
250 friend class UT_CSRTPCryptoHandler; |
|
251 #endif |
|
252 |
|
253 }; |
|
254 |
|
255 #endif // __SRTP_CRYPTOHANDLER_SRTP_H__ |