[botan-devel] DTLS-SRTP support

Jack Lloyd lloyd at randombit.net
Fri Aug 1 09:59:08 EDT 2014


Hi,

This would be pretty easy to add as key material export is already
supported, but I don't have the time right now to work on it myself.
It would mostly involve defining the extension structure and adding
another API to the Policy class to specify which SRTP profiles are
desired. If you're interested in writing it yourself I'd be happy
to help, otherwise I may be able to get to it later this year.

However one additional problem remains, which is that currently the
DTLS implementation does not handle timeouts or retransmissions during
the handshake. So it works fine with reliable datagrams like SCTP but,
at the moment, likely rather less well on UDP over the Internet. And
it may be a while before I have a free day or three blocked off for
that, summer is a busy season for me.

Jack

On Tue, Jul 15, 2014 at 06:11:52PM +0200, Iñaki Baz Castillo wrote:
> Hi,
> 
> I would like to use Botan library within my C++ project which is a
> WebRTC server. WebRTC requires DTLS and the extension DTLS-SRTP
> defined in RFC 5764 [*].
> 
> Such a extension is used to negotiate the cipher used for the SRTP
> session key and the key itself. The OpenSSL API is basically as
> follows:
> 
> -------------------------------
> // Once the DTLS connection is established:
> 
> uint8_t material[SRTP_MASTER_LENGTH * 2];
> uint8_t localMasterKey[SRTP_MASTER_LENGTH];
> uint8_t remoteMasterKey[SRTP_MASTER_LENGTH];
> uint8_t *local_key, *local_salt, *remote_key, *remote_salt;
> 
> SSL_export_keying_material(ssl, material, SRTP_MASTER_LENGTH * 2,
> "EXTRACTOR-dtls_srtp", 19, NULL, 0, 0);
> 
> if (dtls_setup == SETUP_ACTIVE) {
>   local_key = material;
>   remote_key = local_key + SRTP_MASTER_KEY_LENGTH;
>   local_salt = remote_key + SRTP_MASTER_KEY_LENGTH;
>   remote_salt = local_salt + SRTP_MASTER_SALT_LENGTH;
> } else {
>   remote_key = material;
>   local_key = remote_key + SRTP_MASTER_KEY_LENGTH;
>   remote_salt = local_key + SRTP_MASTER_KEY_LENGTH;
>   local_salt = remote_salt + SRTP_MASTER_SALT_LENGTH;
> }
> 
> // After this we can get the local and remote master keys for SRTP and
> use them within libsrtp.
> -------------------------------
> 
> 
> Given that Botan implements DTLS, may you please add support for this
> extension so Botan becomes another WebRTC capable DTLS library?
> 
> Thanks a lot.
> 
> 
> 
> [*] DTLS Extension to Establish Keys for SRTP:
> http://tools.ietf.org/html/rfc5764
> 
> -- 
> Iñaki Baz Castillo
> <ibc at aliax.net>
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel


More information about the botan-devel mailing list