[asterisk-dev] Adding support for MKI in res_srtp

[Jean Aunis]

Hello,

I'm working on a patch to add support for MKI in res_srtp.

For those who may not be familiar with the subject, MKI is a re-keying 
mechanism for SRTP which involves appending a Master Key Identifier 
(MKI) inside each SRTP packet in order to change the master key in use.

Master key and MKI negotiation is out of scope of this patch.

Before going forward, I'd like to submit to you the changes I plan in 
res_srtp's API, just to know if I'm going in the right direction or if I 
should design it another way.

First, I would add a method in *ast_srtp_policy_res* to add several 
master keys (together with their MKI) to the SRTP policy. It returns the 
index at which the key was inserted, which can be used later to 
reference the master key:

*struct ast_srtp_policy_res {
         [...]
+       int (*add_master_key)(struct ast_srtp_policy *policy, const 
unsigned char *key, size_t key_len, const unsigned char *salt, size_t 
salt_len, const unsigned char *mki, size_t mki_len);
  };*

Second, I would add two methods in *ast_srtp_res* to enable or disable 
MKI usage for incoming and outgoing SRTP packets. The MKI to use for 
outgoing packets is referenced by its index, as returned by 
*ast_srtp_policy_res.**add_master_key* :

*struct ast_srtp_res {
         [...]
+       int (*use_inbound_mki)(struct ast_srtp *srtp, int enable);**
**+       int (*use_outbound_mki)(struct ast_srtp *srtp, int enable, int 
mki_index);
  };*

Also attached a patch file summarizing these changes.

Any feedback will be appreciated!

Regards,

Jean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20221006/8f6865b2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mki_support.patch
Type: text/x-patch
Size: 1909 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20221006/8f6865b2/attachment.bin>