Initial support for Secure Real-Time Protocol (RFC3711) - refs #321

Uses libgcrypt, as we have it in our deps/contrib already for GnuTLS. This could be used in both "UDP"[1] access and access output plugins, though they should really be called "RTP" instead nowadays. Done: - AES(-128) Counter Mode key derivation and RTP en-/decryption - test vectors for AES-CM - NULL cipher (with the *_UNENCRYPTED flags) - untested To do (missing mandatory features): - RTCP en-/decryption - HMAC-SHA1 authentication - replay attack protection Also to probably do: - integrate with udp access and access output plugins - integrate with RTSP server (err, I won't do that myself) - support for Transform Carrying ROC for SRTP (RFC4771) so we can use it easily for multicast streaming

Initial support for Secure Real-Time Protocol (RFC3711) - refs #321
Uses libgcrypt, as we have it in our deps/contrib already for GnuTLS. This could be used in both "UDP"[1] access and access output plugins, though they should really be called "RTP" instead nowadays. Done: - AES(-128) Counter Mode key derivation and RTP en-/decryption - test vectors for AES-CM - NULL cipher (with the *_UNENCRYPTED flags) - untested To do (missing mandatory features): - RTCP en-/decryption - HMAC-SHA1 authentication - replay attack protection Also to probably do: - integrate with udp access and access output plugins - integrate with RTSP server (err, I won't do that myself) - support for Transform Carrying ROC for SRTP (RFC4771) so we can use it easily for multicast streaming
10ee356e · Rémi Denis-Courmont · 066e58dd · 10ee356e · 10ee356e · 10ee356e
Commit 10ee356e authored Mar 10, 2007 by Rémi Denis-Courmont
7 changed files
--- a/configure.ac
+++ b/configure.ac
@@ -5235,6 +5235,9 @@ AS_IF([test "${enable_gnutls}" != "no"], [
  ])
 ])

+AM_PATH_LIBGCRYPT([1:1.1.94], [have_libgcrypt="yes"], [have_libgcrypt="no"])
+AM_CONDITIONAL([HAVE_LIBGCRYPT], [test "${have_libgcrypt}" = "yes"])
+

 dnl
 dnl  Endianness check, AC_C_BIGENDIAN doesn't work if we are cross-compiling
@@ -5773,6 +5776,7 @@ AC_CONFIG_FILES([
  ipkg/Makefile
  libs/Makefile
  libs/loader/Makefile
+  libs/srtp/Makefile
  modules/Makefile
  mozilla/Makefile
  m4/Makefile

--- a/libs/Makefile.am
+++ b/libs/Makefile.am
-SUBDIRS = loader
-
+SUBDIRS = loader srtp
--- a/libs/srtp/Makefile.am
+++ b/libs/srtp/Makefile.am
+# Secure RTP with libgcrypt
+# Copyright (C) 2007  Rémi Denis-Courmont <rdenis # simphalempin , com>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+AM_CPPFLAGS = @LIBGCRYPT_CFLAGS@
+AM_LDFLAGS = @LIBGCRYPT_LIBS@
+
+if !HAVE_WIN32
+AM_LDFLAGS += -lpthread
+endif
+
+noinst_HEADERS = srtp.h
+
+EXTRA_PROGRAMS = srtp
+if HAVE_LIBGCRYPT
+noinst_LTLIBRARIES = libvlc_srtp.la
+check_PROGRAMS = test-aes
+TESTS = test-aes
+endif
+
+libvlc_srtp_la_SOURCES = srtp.c
+test_aes_SOURCES = test-aes.c
+srtp_SOURCES = recv.c
+srtp_LDADD = libvlc_srtp.la
+
--- a/libs/srtp/recv.c
+++ b/libs/srtp/recv.c
+/*
+ * Secure RTP with libgcrypt
+ * Copyright (C) 2007  Rémi Denis-Courmont <rdenis # simphalempin , com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdint.h>
+#include <stddef.h>
+#include "srtp.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#include <unistd.h>
+#include <netinet/in.h>
+
+int main (void)
+{
+    int fd = socket (AF_INET, SOCK_DGRAM, 0);
+    struct sockaddr_in addr;
+    memset (&addr, 0, sizeof (addr));
+    addr.sin_family = AF_INET;
+#ifdef HAVE_SA_LEN
+    addr.sin_len = sizeof (addr);
+#endif
+    addr.sin_port = htons (10000);
+    addr.sin_addr.s_addr = htonl (0x7f000001);
+    if (bind (fd, (struct sockaddr *)&addr, sizeof (addr)))
+        return 1;
+
+    static const uint8_t key[16] =
+        "\x12\x34\x56\x78\x9A\xBC\xDE\xF0"
+        "\x12\x34\x56\x78\x9A\xBC\xDE\xF0";
+    static const uint8_t salt[14] =
+        "\x12\x34\x56\x78\x90" "\x12\x34\x56\x78\x90" "\x12\x34\x56\x78";
+
+    srtp_session_t *s = srtp_create ("AES_CM_128_HMAC_SHA1_80", 0, 0, 0);
+    if (s == NULL)
+        return 1;
+    if (srtp_setkey (s, key, 16, salt, 14))
+        goto error;
+
+    uint8_t buf[1500];
+    size_t len;
+#if 0
+    memset (buf, 0, sizeof (buf));
+    buf[0] = 2 << 6;
+    buf[1] = 1;
+    memcpy (buf + 2, &(uint16_t){ htons (9527) }, 2);
+    memcpy (buf + 8, "\xde\xad\xbe\xef", 4);
+    memcpy (buf + 4, &(uint32_t){ htonl (1) }, 4);
+    strcpy ((char *)buf + 12, "a\n");
+    len = 12 + strlen ((char *)buf + 12) + 1;
+#endif
+    for (;;)
+    {
+        len = read (fd, buf, sizeof (buf));
+        if (srtp_recv (s, buf, &len))
+            fputs ("Cannot decrypt!\n", stderr);
+        puts ((char *)buf + 12);
+        if (srtp_send (s, buf, &len, sizeof (buf)) || srtp_recv (s, buf, &len))
+            break;
+        puts ((char *)buf + 12);
+    }
+
+error:
+    srtp_destroy (s);
+    close (fd);
+    return 0;
+}
--- a/libs/srtp/srtp.c
+++ b/libs/srtp/srtp.c
+/*
+ * Secure RTP with libgcrypt
+ * Copyright (C) 2007  Rémi Denis-Courmont <rdenis # simphalempin , com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "srtp.h"
+
+#include <stdbool.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+
+#include <gcrypt.h>
+
+#include <netinet/in.h>
+#include <pthread.h>
+
+/* TODO:
+ * Useful stuff:
+ * - ROC profil thingy (multicast really needs this)
+ * - replay protection
+ *
+ * Requirements for conformance:
+ * - suites with NULL cipher
+ * - SRTCP
+ *
+ * Useless stuff (because nothing depends on it):
+ * - non-nul key derivation rate
+ * - MKI payload
+ */
+
+typedef struct srtp_proto_t
+{
+    gcry_cipher_hd_t cipher;
+    gcry_md_hd_t     mac;
+    uint32_t         salt[4];
+    uint8_t          mac_len;
+} srtp_proto_t;
+
+struct srtp_session_t
+{
+    srtp_proto_t rtp;
+    srtp_proto_t rtcp;
+    unsigned flags;
+    unsigned kdr;
+    uint32_t rtcp_index;
+    uint32_t rtp_roc;
+    uint16_t rtp_seq;
+};
+
+enum
+{
+    SRTP_CRYPT,
+    SRTP_AUTH,
+    SRTP_SALT,
+    SRTCP_CRYPT,
+    SRTCP_AUTH,
+    SRTCP_SALT
+};
+
+#ifndef WIN32
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
+
+static bool libgcrypt_usable = false;
+
+static void initonce_libgcrypt (void)
+{
+    if ((gcry_check_version ("1.1.94") == NULL)
+     || gcry_control (GCRYCTL_DISABLE_SECMEM, 0)
+     || gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0)
+#ifndef WIN32
+     || gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread)
+#endif
+       )
+        return;
+
+    libgcrypt_usable = true;
+}
+
+static int init_libgcrypt (void)
+{
+    int retval;
+#ifndef WIN32
+    static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
+    static pthread_once_t once = PTHREAD_ONCE_INIT;
+
+    pthread_mutex_lock (&mutex);
+    pthread_once (&once, initonce_libgcrypt);
+    retval = -libgcrypt_usable;
+    pthread_mutex_unlock (&mutex);
+#else
+# warning FIXME: This is not thread-safe.
+    if (!libgcrypt_usable)
+        initonce_libgcrypt ();
+    retval = -libgcrypt_usable;
+#endif
+
+    return retval;
+
+}
+
+
+static void proto_destroy (srtp_proto_t *p)
+{
+    gcry_md_close (p->mac);
+    gcry_cipher_close (p->cipher);
+}
+
+
+/**
+ * Releases all resources associated with a Secure RTP session.
+ */
+void srtp_destroy (srtp_session_t *s)
+{
+    assert (s != NULL);
+
+    proto_destroy (&s->rtcp);
+    proto_destroy (&s->rtp);
+    free (s);
+}
+
+
+static int proto_create (srtp_proto_t *p, int gcipher, int gmd)
+{
+    if (gcry_cipher_open (&p->cipher, gcipher, GCRY_CIPHER_MODE_CTR, 0) == 0)
+    {
+        if (gcry_md_open (&p->mac, gmd, GCRY_MD_FLAG_HMAC) == 0)
+            return 0;
+        gcry_cipher_close (p->cipher);
+    }
+    return -1;
+}
+
+
+/**
+ * Allocates a Secure RTP session.
+ *
+ * @param name cipher-suite name
+ * @param kdr key derivation rate
+ * @param winsize anti-replay windows size (between 64 and 32767 inclusive)
+ *                0 disable replay attack protection (OK for send only)
+ * @param flags OR'ed optional flags.
+ *
+ * @return NULL in case of error
+ */
+srtp_session_t *
+srtp_create (const char *name, unsigned flags, unsigned kdr, uint16_t winsize)
+{
+    assert (name != NULL);
+
+    if (kdr != 0)
+        return NULL; // FIXME: KDR not implemented yet
+    if (winsize != 0)
+        return NULL; // FIXME: replay protection not implemented yet
+
+    uint8_t mac_len;
+    int cipher = GCRY_CIPHER_AES, md = GCRY_MD_SHA1;
+
+    if (strcmp (name, "AES_CM_128_HMAC_SHA1_80") == 0)
+        mac_len = 80;
+    else
+    if (strcmp (name, "AES_CM_128_HMAC_SHA1_32") == 0)
+        mac_len = 32;
+    else
+    // F8_128_HMAC_SHA1_80 is not implemented
+        return NULL;
+
+    if ((flags & ~SRTP_FLAGS_MASK) || (winsize > 32767) || init_libgcrypt ())
+        return NULL;
+
+    srtp_session_t *s = malloc (sizeof (*s));
+    if (s == NULL)
+        return NULL;
+
+    memset (s, 0, sizeof (*s));
+    s->flags = flags;
+    s->kdr = kdr;
+
+    if (proto_create (&s->rtp, cipher, md) == 0)
+    {
+        if (proto_create (&s->rtcp, cipher, md) == 0)
+            return s;
+        proto_destroy (&s->rtp);
+    }
+
+    free (s);
+    return NULL;
+}
+
+
+/**
+ * AES-CM key derivation (saltlen = 14 bytes)
+ */
+static int
+derive (gcry_cipher_hd_t prf, const void *salt,
+        const uint8_t *r, size_t rlen, uint8_t label,
+        void *out, size_t outlen)
+{
+    uint8_t iv[16];
+
+    memcpy (iv, salt, 14);
+    iv[14] = iv[15] = 0;
+
+    assert (rlen < 14);
+    iv[13 - rlen] ^= label;
+    for (size_t i = 0; i < rlen; i++)
+        iv[sizeof (iv) - rlen + i] ^= r[i];
+
+    /* TODO: retry with CTR mode */
+    while (outlen >= sizeof (iv))
+    {
+        /* AES */
+        if (gcry_cipher_encrypt (prf, out, sizeof (iv), iv, sizeof (iv)))
+            return EINVAL;
+        outlen -= sizeof (iv);
+        out = ((uint8_t *)out) + sizeof (iv);
+
+        /* Increment IV in network byte order */
+        if (++iv[sizeof (iv) - 1] == 0)
+            ++iv[sizeof (iv) -2];
+    }
+
+    if (outlen > 0)
+    {
+        /* Truncated last AES output block */
+        if (gcry_cipher_encrypt (prf, iv, sizeof (iv), NULL, 0))
+            return -1;
+        memcpy (out, iv, outlen);
+    }
+
+    return 0;
+}
+
+
+static int
+proto_derive (srtp_proto_t *p, gcry_cipher_hd_t prf,
+              const void *salt, size_t saltlen,
+              const uint8_t *r, size_t rlen, bool rtcp)
+{
+    if (saltlen != 14)
+        return -1;
+
+    uint8_t cipherkey[16];
+    uint8_t label = rtcp ? SRTCP_CRYPT : SRTP_CRYPT;
+
+    if (derive (prf, salt, r, rlen, label++, cipherkey, 16)
+     || gcry_cipher_setkey (p->cipher, cipherkey, 16)
+     || derive (prf, salt, r, rlen, label++, NULL, 0) /* FIXME HMAC */
+     || derive (prf, salt, r, rlen, label++, p->salt, 14))
+        return -1;
+
+    return 0;
+}
+
+
+/**
+ * SRTP/SRTCP cipher/salt/MAC keys derivation.
+ */
+static int
+srtp_derive (srtp_session_t *s, const void *key, size_t keylen,
+             const void *salt, size_t saltlen)
+{
+    gcry_cipher_hd_t prf;
+    uint8_t r[6];
+
+    /* TODO: retry with CTR mode */
+    if (gcry_cipher_open (&prf, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)
+     || gcry_cipher_setkey (prf, key, keylen))
+        return -1;
+
+    /* RTP key derivation */
+    if (s->kdr != 0)
+    {
+        uint64_t index = (((uint64_t)s->rtp_roc) << 16) | s->rtp_seq;
+        index /= s->kdr;
+
+        for (int i = sizeof (r) - 1; i >= 0; i--)
+        {
+            r[i] = index & 0xff;
+            index = index >> 8;
+        }
+    }
+    else
+        memset (r, 0, sizeof (r));
+
+    if (proto_derive (&s->rtp, prf, salt, saltlen, r, 6, false))
+        return -1;
+
+    /* RTCP key derivation */
+    memcpy (r, &(uint32_t){ htonl (s->rtcp_index) }, 4);
+    if (proto_derive (&s->rtcp, prf, salt, saltlen, r, 4, true))
+        return -1;
+
+    (void)gcry_cipher_close (prf);
+    return 0;
+}
+
+
+
+/**
+ * Sets (or resets) the master key and master salt for a SRTP session.
+ * This must be done at least once before using rtp_send(), rtp_recv(),
+ * rtcp_send() or rtcp_recv(). Also, rekeying is required every
+ * 2^48 RTP packets or 2^31 RTCP packets (whichever comes first),
+ * otherwise the protocol security might be broken.
+ *
+ * @return 0 on success, in case of error:
+ *  EINVAL  invalid or unsupported key/salt sizes combination
+ */
+int
+srtp_setkey (srtp_session_t *s, const void *key, size_t keylen,
+             const void *salt, size_t saltlen)
+{
+    return srtp_derive (s, key, keylen, salt, saltlen) ? EINVAL : 0;
+}
+
+
+/** AES-CM encryption/decryption (ctr length = 16 bytes) */
+static int
+encrypt (gcry_cipher_hd_t hd, uint32_t *ctr, uint8_t *data, size_t len)
+{
+    const size_t ctrlen = 16;
+    while (len >= ctrlen)
+    {
+        if (gcry_cipher_setctr (hd, ctr, ctrlen)
+         || gcry_cipher_encrypt (hd, data, ctrlen, NULL, 0))
+            return -1;
+
+        data += ctrlen;
+        len -= ctrlen;
+        ctr[3] = htonl (ntohl (ctr[3]) + 1);
+    }
+
+    if (len > 0)
+    {
+        /* Truncated last block */
+        uint8_t dummy[ctrlen];
+        memcpy (dummy, data, len);
+        memset (dummy + len, 0, ctrlen - len);
+
+        if (gcry_cipher_setctr (hd, ctr, ctrlen)
+         || gcry_cipher_encrypt (hd, dummy, ctrlen, data, ctrlen))
+            return -1;
+        memcpy (data, dummy, len);
+    }
+
+    return 0;
+}
+
+
+/** AES-CM for RTP (salt = 14 bytes + 2 nul bytes) */
+static inline int
+rtp_encrypt (gcry_cipher_hd_t hd, uint32_t ssrc, uint32_t roc, uint16_t seq,
+             const uint32_t *salt, uint8_t *data, size_t len)
+{
+    /* Determines cryptographic counter (IV) */
+    uint32_t counter[4];
+    counter[0] = salt[0];
+    counter[1] = salt[1] ^ ssrc;
+    counter[2] = salt[2] ^ htonl (roc);
+    counter[3] = salt[3] ^ htonl (seq << 16);
+
+    /* Encryption */
+    return encrypt (hd, counter, data, len);
+}
+
+
+/**
+ * Encrypts/decrypts a RTP packet and updates SRTP context
+ * (CTR block cypher mode of operation has identical encryption and
+ * decryption function).
+ *
+ * @param buf RTP packet to be encrypted/digested
+ * @param len RTP packet length
+ *
+ * @return 0 on success, in case of error:
+ *  EINVAL  malformatted RTP packet
+ */
+static int srtp_encrypt (srtp_session_t *s, uint8_t *buf, size_t len)
+{
+    assert (s != NULL);
+
+    if ((len < 12) || ((buf[0] >> 6) != 2))
+        return EINVAL;
+
+    /* Computes encryption offset */
+    uint16_t offset = 12;
+    offset += (buf[0] & 0xf) * 4; // skips CSRC
+
+    if (buf[0] & 0x10)
+    {
+        uint16_t extlen;
+
+        offset += 4;
+        if (len < offset)
+            return EINVAL;
+
+        memcpy (&extlen, buf + offset - 2, 2);
+        offset += htons (extlen);
+    }
+
+    if (len < offset)
+        return EINVAL;
+
+    /* Determines RTP 48-bits counter and SSRC */
+    uint32_t ssrc;
+    memcpy (&ssrc, buf + 8, 4);
+
+    uint16_t seq = (buf[2] << 8) | buf[3];
+    if (((seq - s->rtp_seq) & 0xffff) < 32768)
+    {
+        if (seq < s->rtp_seq)
+            s->rtp_roc++; /* Sequence number wrap */
+    }
+    else
+    {
+        if (seq > s->rtp_seq)
+            s->rtp_roc--;
+    }
+
+    s->rtp_seq = seq;
+
+    if (s->flags & SRTP_UNENCRYPTED)
+        return 0;
+
+    if (rtp_encrypt (s->rtp.cipher, ssrc, s->rtp_roc, seq, s->rtp.salt,
+                     buf + offset, len - offset))
+        return EINVAL;
+
+    return 0;
+}
+
+
+/**
+ * Turns a RTP packet into a SRTP packet: encrypt it, then computes
+ * the authentication tag and appends it.
+ * Note that you can encrypt packet in disorder.
+ *
+ * @param buf RTP packet to be encrypted/digested
+ * @param lenp pointer to the RTP packet length on entry,
+ *             set to the SRTP length on exit (undefined in case of error)
+ * @param bufsize size (bytes) of the packet buffer
+ *
+ * @return 0 on success, in case of error:
+ *  EINVAL  malformatted RTP packet
+ *  ENOBUFS bufsize is too small
+ */
+int
+srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t bufsize)
+{
+    size_t len = *lenp;
+    int val = srtp_encrypt (s, buf, len);
+    if (val)
+        return val;
+
+    if (bufsize < (len + s->rtp.mac_len))
+        return ENOBUFS;
+
+    /* FIXME: HMAC and anti-replay */
+    return 0;
+}
+
+
+/**
+ * Turns a RTP packet into a SRTP packet: encrypt it, then computes
+ * the authentication tag and appends it.
+ * Note that you can encrypt packet in disorder.
+ *
+ * @param buf RTP packet to be decrypted/digested
+ * @param lenp pointer to the RTP packet length on entry,
+ *             set to the SRTP length on exit (undefined in case of error)
+ *
+ * @return 0 on success, in case of error:
+ *  EINVAL  malformatted RTP packet
+ *  EACCES  authentication failed (spoofed packet or out-of-sync)
+ */
+int
+srtp_recv (srtp_session_t *s, uint8_t *buf, size_t *lenp)
+{
+    size_t len = *lenp;
+    int val = srtp_encrypt (s, buf, len);
+    if (val)
+        return val;
+
+    /* FIXME: HMAC and anti-replay */
+    return 0;
+}
+
--- a/libs/srtp/srtp.h
+++ b/libs/srtp/srtp.h
+/*
+ * Secure RTP with libgcrypt
+ * Copyright (C) 2007  Rémi Denis-Courmont <rdenis # simphalempin , com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#ifndef LIBVLC_SRTP_H
+# define LIBVLC_SRTP_H 1
+
+typedef struct srtp_session_t srtp_session_t;
+
+enum
+{
+	SRTP_UNENCRYPTED=0x1, // do not encrypt SRTP packets
+	SRTCP_UNENCRYPTED=0x2, // do not encrypt SRTCP packets
+	SRTP_NULL_CIPHER=0x3, // use NULL cipher (encrypt nothing)
+	SRTP_UNAUTHENTICATED=0x4, // do not authenticated SRTP packets
+	SRTP_FLAGS_MASK=0x7
+};
+
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+srtp_session_t *srtp_create (const char *name, unsigned flags, unsigned kdr,
+                             uint16_t winsize);
+void srtp_destroy (srtp_session_t *s);
+int srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t maxsize);
+int srtp_recv (srtp_session_t *s, uint8_t *buf, size_t *lenp);
+
+int srtp_setkey (srtp_session_t *s, const void *key, size_t keylen,
+                 const void *salt, size_t saltlen);
+# ifdef __cplusplus
+}
+# endif
+#endif
+
--- a/libs/srtp/test-aes.c
+++ b/libs/srtp/test-aes.c
+/*
+ * Secure RTP with libgcrypt
+ * Copyright (C) 2007  Rémi Denis-Courmont <rdenis # simphalempin , com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#include <stdio.h>
+#include "srtp.c"
+
+static void printhex (const void *buf, size_t len)
+{
+    for (size_t i = 0; i < len; i++)
+        printf ("%02X", ((uint8_t *)buf)[i]);
+    fputc ('\n', stdout);
+}
+
+static void fatal (const char *msg)
+{
+    puts (msg);
+    exit (1);
+}
+
+/** AES-CM key derivation test vectors */
+static void test_derivation (void)
+{
+    static const uint8_t key[16] =
+        "\xE1\xF9\x7A\x0D\x3E\x01\x8B\xE0\xD6\x4F\xA3\x2C\x06\xDE\x41\x39";
+    static const uint8_t salt[14] =
+        "\x0E\xC6\x75\xAD\x49\x8A\xFE\xEB\xB6\x96\x0B\x3A\xAB\xE6";
+
+    static const uint8_t good_cipher[16] =
+        "\xC6\x1E\x7A\x93\x74\x4F\x39\xEE\x10\x73\x4A\xFE\x3F\xF7\xA0\x87";
+    static const uint8_t good_salt[14] =
+        "\x30\xCB\xBC\x08\x86\x3D\x8C\x85\xD4\x9D\xB3\x4A\x9A\xE1";
+    static const uint8_t good_auth[94] =
+        "\xCE\xBE\x32\x1F\x6F\xF7\x71\x6B\x6F\xD4\xAB\x49\xAF\x25\x6A\x15"
+        "\x6D\x38\xBA\xA4\x8F\x0A\x0A\xCF\x3C\x34\xE2\x35\x9E\x6C\xDB\xCE"
+        "\xE0\x49\x64\x6C\x43\xD9\x32\x7A\xD1\x75\x57\x8E\xF7\x22\x70\x98"
+        "\x63\x71\xC1\x0C\x9A\x36\x9A\xC2\xF9\x4A\x8C\x5F\xBC\xDD\xDC\x25"
+        "\x6D\x6E\x91\x9A\x48\xB6\x10\xEF\x17\xC2\x04\x1E\x47\x40\x35\x76"
+        "\x6B\x68\x64\x2C\x59\xBB\xFC\x2F\x34\xDB\x60\xDB\xDF\xB2";
+
+    static const uint8_t r[6] = { 0, 0, 0, 0, 0, 0 };
+    gcry_cipher_hd_t prf;
+    uint8_t out[94];
+
+    puts ("AES-CM key derivation test...");
+    printf (" master key:  ");
+    printhex (key, sizeof (key));
+    printf (" master salt: ");
+    printhex (salt, sizeof (salt));
+
+    if (gcry_cipher_open (&prf, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)
+     || gcry_cipher_setkey (prf, key, sizeof (key)))
+        fatal ("Internal PRF error");
+
+    if (derive (prf, salt, r, sizeof (r), SRTP_CRYPT, out, 16))
+        fatal ("Internal cipher derivation error");
+    printf (" cipher key:  ");
+    printhex (out, 16);
+    if (memcmp (out, good_cipher, 16))
+        fatal ("Test failed");
+
+    if (derive (prf, salt, r, sizeof (r), SRTP_SALT, out, 14))
+        fatal ("Internal salt derivation error");
+    printf (" cipher salt: ");
+    printhex (out, 14);
+    if (memcmp (out, good_salt, 14))
+        fatal ("Test failed");
+
+    if (derive (prf, salt, r, sizeof (r), SRTP_AUTH, out, 94))
+        fatal ("Internal auth key derivation error");
+    printf (" auth key:    ");
+    printhex (out, 94);
+    if (memcmp (out, good_auth, 94))
+        fatal ("Test failed");
+
+    gcry_cipher_close (prf);
+}
+
+/** AES-CM key derivation test vectors */
+static void test_keystream (void)
+{
+    static const uint8_t key[16] =
+        "\x2B\x7E\x15\x16\x28\xAE\xD2\xA6\xAB\xF7\x15\x88\x09\xCF\x4F\x3C";
+    const uint32_t salt[4]=
+        { htonl (0xf0f1f2f3), htonl (0xf4f5f6f7),
+          htonl (0xf8f9fafb), htonl (0xfcfd0000) };
+
+    puts ("AES-CM key stream test...");
+    uint8_t *buf = calloc (0xff02, 16);
+    if (buf == NULL)
+    {
+        fputs ("Not enough memory for test\n", stderr);
+        return;
+    }
+
+    printf (" session key: ");
+    printhex (key, sizeof (key));
+
+    gcry_cipher_hd_t hd;
+    if (gcry_cipher_open (&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR, 0))
+        fatal ("Cipher initialization error");
+    if (gcry_cipher_setkey (hd, key, sizeof (key)))
+        fatal ("Cipher key error");
+
+    if (rtp_encrypt (hd, 0, 0, 0, salt, buf, 0xff020))
+        fatal ("Encryption failure");
+    gcry_cipher_close (hd);
+
+    static const uint8_t good_start[48] =
+        "\xE0\x3E\xAD\x09\x35\xC9\x5E\x80\xE1\x66\xB1\x6D\xD9\x2B\x4E\xB4"
+        "\xD2\x35\x13\x16\x2B\x02\xD0\xF7\x2A\x43\xA2\xFE\x4A\x5F\x97\xAB"
+        "\x41\xE9\x5B\x3B\xB0\xA2\xE8\xDD\x47\x79\x01\xE4\xFC\xA8\x94\xC0";
+    static const uint8_t good_end[48] =
+        "\xEC\x8C\xDF\x73\x98\x60\x7C\xB0\xF2\xD2\x16\x75\xEA\x9E\xA1\xE4"
+        "\x36\x2B\x7C\x3C\x67\x73\x51\x63\x18\xA0\x77\xD7\xFC\x50\x73\xAE"
+        "\x6A\x2C\xC3\x78\x78\x89\x37\x4F\xBE\xB4\xC8\x1B\x17\xBA\x6C\x44";
+
+    printf (" key stream:  ");
+    printhex (buf, sizeof (good_start));
+    printf (" ... cont'd : ");
+    printhex (buf + 0xff020 - sizeof (good_end), sizeof (good_end));
+    if (memcmp (buf, good_start, sizeof (good_start))
+     || memcmp (buf + 0xff020 - sizeof (good_end), good_end,
+                sizeof (good_end)))
+        fatal ("Key stream test failed");
+    free (buf);
+}
+
+static void srtp_test (void)
+{
+    if (init_libgcrypt ())
+        fatal ("Libgcrypt initialization error");
+    test_derivation ();
+    test_keystream ();
+}
+
+int main (void)
+{
+    srtp_test ();
+    return 0;
+}