<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello,</p>
<p>I'm working on a patch to add support for MKI in res_srtp.</p>
<p>For those who may not be familiar with the subject, MKI is a
re-keying mechanism for SRTP which involves appending a Master Key
Identifier (MKI) inside each SRTP packet in order to change the
master key in use.</p>
<p>Master key and MKI negotiation is out of scope of this patch.<br>
</p>
<p>Before going forward, I'd like to submit to you the changes I
plan in res_srtp's API, just to know if I'm going in the right
direction or if I should design it another way.</p>
<p>First, I would add a method in <font face="monospace"><b>ast_srtp_policy_res</b></font>
to add several master keys (together with their MKI) to the SRTP
policy. It returns the index at which the key was inserted, which
can be used later to reference the master key:</p>
<p><b><font face="monospace">struct ast_srtp_policy_res {<br>
[...]<br>
+ int (*add_master_key)(struct ast_srtp_policy *policy,
const unsigned char *key, size_t key_len, const unsigned char
*salt, size_t salt_len, const unsigned char *mki, size_t
mki_len);<br>
};</font></b></p>
<p>Second, I would add two methods in <font face="monospace"><b>ast_srtp_res</b></font>
to enable or disable MKI usage for incoming and outgoing SRTP
packets. The MKI to use for outgoing packets is referenced by its
index, as returned by <b><font face="monospace">ast_srtp_policy_res.</font></b><b><font
face="monospace">add_master_key</font></b> :</p>
<p><b><font face="monospace">struct ast_srtp_res {<br>
[...]<br>
+ int (*use_inbound_mki)(struct ast_srtp *srtp, int
enable);</font></b><b><br>
</b><b><font face="monospace">+ int
(*use_outbound_mki)(struct ast_srtp *srtp, int enable, int
mki_index);<br>
};</font></b><br>
</p>
<p>Also attached a patch file summarizing these changes.</p>
<p>Any feedback will be appreciated!</p>
<p>Regards,</p>
<p>Jean</p>
</body>
</html>