[botan-devel] DTLS-SRTP support

Iñaki Baz Castillo ibc at aliax.net
Tue Jul 15 12:11:52 EDT 2014


Hi,

I would like to use Botan library within my C++ project which is a
WebRTC server. WebRTC requires DTLS and the extension DTLS-SRTP
defined in RFC 5764 [*].

Such a extension is used to negotiate the cipher used for the SRTP
session key and the key itself. The OpenSSL API is basically as
follows:

-------------------------------
// Once the DTLS connection is established:

uint8_t material[SRTP_MASTER_LENGTH * 2];
uint8_t localMasterKey[SRTP_MASTER_LENGTH];
uint8_t remoteMasterKey[SRTP_MASTER_LENGTH];
uint8_t *local_key, *local_salt, *remote_key, *remote_salt;

SSL_export_keying_material(ssl, material, SRTP_MASTER_LENGTH * 2,
"EXTRACTOR-dtls_srtp", 19, NULL, 0, 0);

if (dtls_setup == SETUP_ACTIVE) {
  local_key = material;
  remote_key = local_key + SRTP_MASTER_KEY_LENGTH;
  local_salt = remote_key + SRTP_MASTER_KEY_LENGTH;
  remote_salt = local_salt + SRTP_MASTER_SALT_LENGTH;
} else {
  remote_key = material;
  local_key = remote_key + SRTP_MASTER_KEY_LENGTH;
  remote_salt = local_key + SRTP_MASTER_KEY_LENGTH;
  local_salt = remote_salt + SRTP_MASTER_SALT_LENGTH;
}

// After this we can get the local and remote master keys for SRTP and
use them within libsrtp.
-------------------------------


Given that Botan implements DTLS, may you please add support for this
extension so Botan becomes another WebRTC capable DTLS library?

Thanks a lot.



[*] DTLS Extension to Establish Keys for SRTP:
http://tools.ietf.org/html/rfc5764

-- 
Iñaki Baz Castillo
<ibc at aliax.net>


More information about the botan-devel mailing list