[asterisk-dev] Adding support for MKI in res_srtp

Joshua C. Colp jcolp at sangoma.com
Thu Oct 6 05:35:03 CDT 2022 

On Thu, Oct 6, 2022 at 7:27 AM Jean Aunis <jean.aunis at prescom.fr> wrote:

> Hello,
>
> I'm working on a patch to add support for MKI in res_srtp.
>
> For those who may not be familiar with the subject, MKI is a re-keying
> mechanism for SRTP which involves appending a Master Key Identifier (MKI)
> inside each SRTP packet in order to change the master key in use.
>
> Master key and MKI negotiation is out of scope of this patch.
>
> Before going forward, I'd like to submit to you the changes I plan in
> res_srtp's API, just to know if I'm going in the right direction or if I
> should design it another way.
>
> First, I would add a method in *ast_srtp_policy_res* to add several
> master keys (together with their MKI) to the SRTP policy. It returns the
> index at which the key was inserted, which can be used later to reference
> the master key:
>
>
>
>
> *struct ast_srtp_policy_res {         [...] +       int
> (*add_master_key)(struct ast_srtp_policy *policy, const unsigned char *key,
> size_t key_len, const unsigned char *salt, size_t salt_len, const unsigned
> char *mki, size_t mki_len);  };*
>
> Second, I would add two methods in *ast_srtp_res* to enable or disable
> MKI usage for incoming and outgoing SRTP packets. The MKI to use for
> outgoing packets is referenced by its index, as returned by
> *ast_srtp_policy_res.**add_master_key* :
>
>
>
> *struct ast_srtp_res {         [...] +       int (*use_inbound_mki)(struct
> ast_srtp *srtp, int enable);*
>
> *+       int (*use_outbound_mki)(struct ast_srtp *srtp, int enable, int
> mki_index);  };*
>
> Also attached a patch file summarizing these changes.
>
> Any feedback will be appreciated!
>

>From a general perspective it seems sane, but that's without any further
knowledge of MKI.

-- 
Joshua C. Colp
Asterisk Project Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20221006/64fb5d4a/attachment.html>

More information about the asterisk-dev mailing list