[botan-devel] DTLS-SRTP support

Iñaki Baz Castillo ibc at aliax.net
Tue Jul 15 12:11:52 EDT 2014


I would like to use Botan library within my C++ project which is a
WebRTC server. WebRTC requires DTLS and the extension DTLS-SRTP
defined in RFC 5764 [*].

Such a extension is used to negotiate the cipher used for the SRTP
session key and the key itself. The OpenSSL API is basically as

// Once the DTLS connection is established:

uint8_t material[SRTP_MASTER_LENGTH * 2];
uint8_t localMasterKey[SRTP_MASTER_LENGTH];
uint8_t remoteMasterKey[SRTP_MASTER_LENGTH];
uint8_t *local_key, *local_salt, *remote_key, *remote_salt;

SSL_export_keying_material(ssl, material, SRTP_MASTER_LENGTH * 2,
"EXTRACTOR-dtls_srtp", 19, NULL, 0, 0);

if (dtls_setup == SETUP_ACTIVE) {
  local_key = material;
  remote_key = local_key + SRTP_MASTER_KEY_LENGTH;
  local_salt = remote_key + SRTP_MASTER_KEY_LENGTH;
  remote_salt = local_salt + SRTP_MASTER_SALT_LENGTH;
} else {
  remote_key = material;
  local_key = remote_key + SRTP_MASTER_KEY_LENGTH;
  remote_salt = local_key + SRTP_MASTER_KEY_LENGTH;
  local_salt = remote_salt + SRTP_MASTER_SALT_LENGTH;

// After this we can get the local and remote master keys for SRTP and
use them within libsrtp.

Given that Botan implements DTLS, may you please add support for this
extension so Botan becomes another WebRTC capable DTLS library?

Thanks a lot.

[*] DTLS Extension to Establish Keys for SRTP:

Iñaki Baz Castillo
<ibc at aliax.net>

More information about the botan-devel mailing list