4 * a test driver for libSRTP
11 * Copyright (c) 2001-2006, Cisco Systems, Inc.
12 * All rights reserved.
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
18 * Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
21 * Redistributions in binary form must reproduce the above
22 * copyright notice, this list of conditions and the following
23 * disclaimer in the documentation and/or other materials provided
24 * with the distribution.
26 * Neither the name of the Cisco Systems, Inc. nor the names of its
27 * contributors may be used to endorse or promote products derived
28 * from this software without specific prior written permission.
30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41 * OF THE POSSIBILITY OF SUCH DAMAGE.
46 #include <string.h> /* for memcpy() */
47 #include <time.h> /* for clock() */
48 #include <stdlib.h> /* for malloc(), free() */
49 #include <stdio.h> /* for print(), fflush() */
50 #include "getopt_s.h" /* for local getopt() */
52 #include "srtp_priv.h"
54 #ifdef HAVE_NETINET_IN_H
55 # include <netinet/in.h>
56 #elif defined HAVE_WINSOCK2_H
57 # include <winsock2.h>
60 #define PRINT_REFERENCE_PACKET 1
66 srtp_validate_aes_256(void);
69 srtp_create_big_policy(srtp_policy_t **list);
72 srtp_dealloc_big_policy(srtp_policy_t *list);
75 srtp_test_remove_stream(void);
78 srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy);
81 srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy);
84 srtp_do_timing(const srtp_policy_t *policy);
87 srtp_do_rejection_timing(const srtp_policy_t *policy);
90 srtp_test(const srtp_policy_t *policy);
93 srtcp_test(const srtp_policy_t *policy);
96 srtp_session_print_policy(srtp_t srtp);
99 srtp_print_policy(const srtp_policy_t *policy);
102 srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len);
105 mips_estimate(int num_trials, int *ignore);
107 extern uint8_t test_key[30];
110 usage(char *prog_name) {
111 printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n"
112 " -t run timing test\n"
113 " -r run rejection timing test\n"
114 " -c run codec timing test\n"
115 " -v run validation tests\n"
116 " -d <mod> turn on debugging module <mod>\n"
117 " -l list debugging modules\n", prog_name);
122 * The policy_array is a null-terminated array of policy structs. it
123 * is declared at the end of this file
126 extern const srtp_policy_t *policy_array[];
129 /* the wildcard_policy is declared below; it has a wildcard ssrc */
131 extern const srtp_policy_t wildcard_policy;
134 * mod_driver debug module - debugging module for this test driver
136 * we use the crypto_kernel debugging system in this driver, which
137 * makes the interface uniform and increases portability
140 debug_module_t mod_driver = {
141 0, /* debugging is off by default */
142 "driver" /* printable name for module */
146 main (int argc, char *argv[]) {
148 unsigned do_timing_test = 0;
149 unsigned do_rejection_test = 0;
150 unsigned do_codec_timing = 0;
151 unsigned do_validation = 0;
152 unsigned do_list_mods = 0;
156 * verify that the compiler has interpreted the header data
157 * structure srtp_hdr_t correctly
159 if (sizeof(srtp_hdr_t) != 12) {
160 printf("error: srtp_hdr_t has incorrect size"
161 "(size is %ld bytes, expected 12)\n",
162 (long)sizeof(srtp_hdr_t));
166 /* initialize srtp library */
167 status = srtp_init();
169 printf("error: srtp init failed with error code %d\n", status);
173 /* load srtp_driver debug module */
174 status = crypto_kernel_load_debug_module(&mod_driver);
176 printf("error: load of srtp_driver debug module failed "
177 "with error code %d\n", status);
181 /* process input arguments */
183 q = getopt_s(argc, argv, "trcvld:");
191 do_rejection_test = 1;
203 status = crypto_kernel_set_debug_module(optarg_s, 1);
205 printf("error: set debug module (%s) failed\n", optarg_s);
214 if (!do_validation && !do_timing_test && !do_codec_timing
215 && !do_list_mods && !do_rejection_test)
219 status = crypto_kernel_list_debug_modules();
221 printf("error: list of debug modules failed\n");
227 const srtp_policy_t **policy = policy_array;
228 srtp_policy_t *big_policy;
230 /* loop over policy array, testing srtp and srtcp for each policy */
231 while (*policy != NULL) {
232 printf("testing srtp_protect and srtp_unprotect\n");
233 if (srtp_test(*policy) == err_status_ok)
234 printf("passed\n\n");
239 printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
240 if (srtcp_test(*policy) == err_status_ok)
241 printf("passed\n\n");
249 /* create a big policy list and run tests on it */
250 status = srtp_create_big_policy(&big_policy);
252 printf("unexpected failure with error code %d\n", status);
255 printf("testing srtp_protect and srtp_unprotect with big policy\n");
256 if (srtp_test(big_policy) == err_status_ok)
257 printf("passed\n\n");
262 status = srtp_dealloc_big_policy(big_policy);
264 printf("unexpected failure with error code %d\n", status);
268 /* run test on wildcard policy */
269 printf("testing srtp_protect and srtp_unprotect on "
270 "wildcard ssrc policy\n");
271 if (srtp_test(&wildcard_policy) == err_status_ok)
272 printf("passed\n\n");
279 * run validation test against the reference packets - note
280 * that this test only covers the default policy
282 printf("testing srtp_protect and srtp_unprotect against "
283 "reference packets\n");
284 if (srtp_validate() == err_status_ok)
285 printf("passed\n\n");
292 * run validation test against the reference packets for
295 printf("testing srtp_protect and srtp_unprotect against "
296 "reference packets (AES-256)\n");
297 if (srtp_validate_aes_256() == err_status_ok)
298 printf("passed\n\n");
305 * test the function srtp_remove_stream()
307 printf("testing srtp_remove_stream()...");
308 if (srtp_test_remove_stream() == err_status_ok)
316 if (do_timing_test) {
317 const srtp_policy_t **policy = policy_array;
319 /* loop over policies, run timing test for each */
320 while (*policy != NULL) {
321 srtp_print_policy(*policy);
322 srtp_do_timing(*policy);
327 if (do_rejection_test) {
328 const srtp_policy_t **policy = policy_array;
330 /* loop over policies, run rejection timing test for each */
331 while (*policy != NULL) {
332 srtp_print_policy(*policy);
333 srtp_do_rejection_timing(*policy);
338 if (do_codec_timing) {
339 srtp_policy_t policy;
341 double mips_value = mips_estimate(1000000000, &ignore);
343 crypto_policy_set_rtp_default(&policy.rtp);
344 crypto_policy_set_rtcp_default(&policy.rtcp);
345 policy.ssrc.type = ssrc_specific;
346 policy.ssrc.value = 0xdecafbad;
347 policy.key = test_key;
349 policy.window_size = 128;
350 policy.allow_repeat_tx = 0;
353 printf("mips estimate: %e\n", mips_value);
355 printf("testing srtp processing time for voice codecs:\n");
356 printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
357 printf("G.711\t\t%d\t\t\t%e\n", 80,
358 (double) mips_value * (80 * 8) /
359 srtp_bits_per_second(80, &policy) / .01 );
360 printf("G.711\t\t%d\t\t\t%e\n", 160,
361 (double) mips_value * (160 * 8) /
362 srtp_bits_per_second(160, &policy) / .02);
363 printf("G.726-32\t%d\t\t\t%e\n", 40,
364 (double) mips_value * (40 * 8) /
365 srtp_bits_per_second(40, &policy) / .01 );
366 printf("G.726-32\t%d\t\t\t%e\n", 80,
367 (double) mips_value * (80 * 8) /
368 srtp_bits_per_second(80, &policy) / .02);
369 printf("G.729\t\t%d\t\t\t%e\n", 10,
370 (double) mips_value * (10 * 8) /
371 srtp_bits_per_second(10, &policy) / .01 );
372 printf("G.729\t\t%d\t\t\t%e\n", 20,
373 (double) mips_value * (20 * 8) /
374 srtp_bits_per_second(20, &policy) / .02 );
375 printf("Wideband\t%d\t\t\t%e\n", 320,
376 (double) mips_value * (320 * 8) /
377 srtp_bits_per_second(320, &policy) / .01 );
378 printf("Wideband\t%d\t\t\t%e\n", 640,
379 (double) mips_value * (640 * 8) /
380 srtp_bits_per_second(640, &policy) / .02 );
383 status = srtp_shutdown();
385 printf("error: srtp shutdown failed with error code %d\n", status);
395 * srtp_create_test_packet(len, ssrc) returns a pointer to a
396 * (malloced) example RTP packet whose data field has the length given
397 * by pkt_octet_len and the SSRC value ssrc. The total length of the
398 * packet is twelve octets longer, since the header is at the
399 * beginning. There is room at the end of the packet for a trailer,
400 * and the four octets following the packet are filled with 0xff
401 * values to enable testing for overwrites.
403 * note that the location of the test packet can (and should) be
404 * deallocated with the free() call once it is no longer needed.
408 srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) {
412 int bytes_in_hdr = 12;
414 /* allocate memory for test packet */
415 hdr = (srtp_hdr_t*) malloc(pkt_octet_len + bytes_in_hdr
416 + SRTP_MAX_TRAILER_LEN + 4);
420 hdr->version = 2; /* RTP version two */
421 hdr->p = 0; /* no padding needed */
422 hdr->x = 0; /* no header extension */
423 hdr->cc = 0; /* no CSRCs */
424 hdr->m = 0; /* marker bit */
425 hdr->pt = 0xf; /* payload type */
426 hdr->seq = htons(0x1234); /* sequence number */
427 hdr->ts = htonl(0xdecafbad); /* timestamp */
428 hdr->ssrc = htonl(ssrc); /* synch. source */
430 buffer = (uint8_t *)hdr;
431 buffer += bytes_in_hdr;
433 /* set RTP data to 0xab */
434 for (i=0; i < pkt_octet_len; i++)
437 /* set post-data value to 0xffff to enable overrun checking */
438 for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++)
445 srtp_do_timing(const srtp_policy_t *policy) {
449 * note: the output of this function is formatted so that it
450 * can be used in gnuplot. '#' indicates a comment, and "\r\n"
451 * terminates a record
454 printf("# testing srtp throughput:\r\n");
455 printf("# mesg length (octets)\tthroughput (megabits per second)\r\n");
457 for (len=16; len <= 2048; len *= 2)
458 printf("%d\t\t\t%f\r\n", len,
459 srtp_bits_per_second(len, policy) / 1.0E6);
461 /* these extra linefeeds let gnuplot know that a dataset is done */
467 srtp_do_rejection_timing(const srtp_policy_t *policy) {
471 * note: the output of this function is formatted so that it
472 * can be used in gnuplot. '#' indicates a comment, and "\r\n"
473 * terminates a record
476 printf("# testing srtp rejection throughput:\r\n");
477 printf("# mesg length (octets)\trejections per second\r\n");
479 for (len=8; len <= 2048; len *= 2)
480 printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy));
482 /* these extra linefeeds let gnuplot know that a dataset is done */
488 #define MAX_MSG_LEN 1024
491 srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) {
496 int num_trials = 100000;
502 * allocate and initialize an srtp session
504 status = srtp_create(&srtp, policy);
506 printf("error: srtp_create() failed with error code %d\n", status);
511 * if the ssrc is unspecified, use a predetermined one
513 if (policy->ssrc.type != ssrc_specific) {
516 ssrc = policy->ssrc.value;
520 * create a test packet
522 mesg = srtp_create_test_packet(msg_len_octets, ssrc);
524 return 0.0; /* indicate failure by returning zero */
527 for (i=0; i < num_trials; i++) {
528 len = msg_len_octets + 12; /* add in rtp header length */
530 /* srtp protect message */
531 status = srtp_protect(srtp, mesg, &len);
533 printf("error: srtp_protect() failed with error code %d\n", status);
537 /* increment message number */
539 /* hack sequence to avoid problems with macros for htons/ntohs on some systems */
540 short new_seq = ntohs(mesg->seq) + 1;
541 mesg->seq = htons(new_seq);
544 timer = clock() - timer;
548 status = srtp_dealloc(srtp);
550 printf("error: srtp_dealloc() failed with error code %d\n", status);
554 return (double) (msg_len_octets) * 8 *
555 num_trials * CLOCKS_PER_SEC / timer;
559 srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy) {
565 int num_trials = 1000000;
566 uint32_t ssrc = policy->ssrc.value;
570 * allocate and initialize an srtp session
572 status = srtp_create(&srtp, policy);
574 printf("error: srtp_create() failed with error code %d\n", status);
578 mesg = srtp_create_test_packet(msg_len_octets, ssrc);
580 return 0.0; /* indicate failure by returning zero */
582 len = msg_len_octets;
583 srtp_protect(srtp, (srtp_hdr_t *)mesg, &len);
586 for (i=0; i < num_trials; i++) {
587 len = msg_len_octets;
588 srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len);
590 timer = clock() - timer;
594 status = srtp_dealloc(srtp);
596 printf("error: srtp_dealloc() failed with error code %d\n", status);
600 return (double) num_trials * CLOCKS_PER_SEC / timer;
605 err_check(err_status_t s) {
606 if (s == err_status_ok)
609 fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
614 srtp_test(const srtp_policy_t *policy) {
618 err_status_t status = err_status_ok;
619 srtp_hdr_t *hdr, *hdr2;
622 int msg_len_octets, msg_len_enc;
624 int tag_length = policy->rtp.auth_tag_len;
626 srtp_policy_t *rcvr_policy;
628 err_check(srtp_create(&srtp_sender, policy));
630 /* print out policy */
631 err_check(srtp_session_print_policy(srtp_sender));
634 * initialize data buffer, using the ssrc in the policy unless that
635 * value is a wildcard, in which case we'll just use an arbitrary
638 if (policy->ssrc.type != ssrc_specific)
641 ssrc = policy->ssrc.value;
643 hdr = srtp_create_test_packet(msg_len_octets, ssrc);
646 return err_status_alloc_fail;
647 hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
650 return err_status_alloc_fail;
653 /* set message length */
654 len = msg_len_octets;
656 debug_print(mod_driver, "before protection:\n%s",
657 srtp_packet_to_string(hdr, len));
659 #if PRINT_REFERENCE_PACKET
660 debug_print(mod_driver, "reference packet before protection:\n%s",
661 octet_string_hex_string((uint8_t *)hdr, len));
663 err_check(srtp_protect(srtp_sender, hdr, &len));
665 debug_print(mod_driver, "after protection:\n%s",
666 srtp_packet_to_string(hdr, len));
667 #if PRINT_REFERENCE_PACKET
668 debug_print(mod_driver, "after protection:\n%s",
669 octet_string_hex_string((uint8_t *)hdr, len));
672 /* save protected message and length */
673 memcpy(hdr_enc, hdr, len);
677 * check for overrun of the srtp_protect() function
679 * The packet is followed by a value of 0xfffff; if the value of the
680 * data following the packet is different, then we know that the
681 * protect function is overwriting the end of the packet.
683 pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t)
684 + msg_len_octets + tag_length;
685 for (i = 0; i < 4; i++)
686 if (pkt_end[i] != 0xff) {
687 fprintf(stdout, "overwrite in srtp_protect() function "
688 "(expected %x, found %x in trailing octet %d)\n",
689 0xff, ((uint8_t *)hdr)[i], i);
692 return err_status_algo_fail;
696 * if the policy includes confidentiality, check that ciphertext is
697 * different than plaintext
699 * Note that this check will give false negatives, with some small
700 * probability, especially if the packets are short. For that
701 * reason, we skip this check if the plaintext is less than four
704 if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
705 printf("testing that ciphertext is distinct from plaintext...");
706 status = err_status_algo_fail;
707 for (i=12; i < msg_len_octets+12; i++)
708 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
709 status = err_status_ok;
721 * if the policy uses a 'wildcard' ssrc, then we need to make a copy
722 * of the policy that changes the direction to inbound
724 * we always copy the policy into the rcvr_policy, since otherwise
725 * the compiler would fret about the constness of the policy
727 rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
728 if (rcvr_policy == NULL) {
731 return err_status_alloc_fail;
733 memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
734 if (policy->ssrc.type == ssrc_any_outbound) {
735 rcvr_policy->ssrc.type = ssrc_any_inbound;
738 err_check(srtp_create(&srtp_rcvr, rcvr_policy));
740 err_check(srtp_unprotect(srtp_rcvr, hdr, &len));
742 debug_print(mod_driver, "after unprotection:\n%s",
743 srtp_packet_to_string(hdr, len));
745 /* verify that the unprotected packet matches the origial one */
746 for (i=0; i < msg_len_octets; i++)
747 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
748 fprintf(stdout, "mismatch at octet %d\n", i);
749 status = err_status_algo_fail;
759 * if the policy includes authentication, then test for false positives
761 if (policy->rtp.sec_serv & sec_serv_auth) {
762 char *data = ((char *)hdr) + 12;
764 printf("testing for false positives in replay check...");
766 /* set message length */
769 /* unprotect a second time - should fail with a replay error */
770 status = srtp_unprotect(srtp_rcvr, hdr_enc, &len);
771 if (status != err_status_replay_fail) {
772 printf("failed with error code %d\n", status);
781 printf("testing for false positives in auth check...");
783 /* increment sequence number in header */
786 /* set message length */
787 len = msg_len_octets;
789 /* apply protection */
790 err_check(srtp_protect(srtp_sender, hdr, &len));
792 /* flip bits in packet */
795 /* unprotect, and check for authentication failure */
796 status = srtp_unprotect(srtp_rcvr, hdr, &len);
797 if (status != err_status_auth_fail) {
809 err_check(srtp_dealloc(srtp_sender));
810 err_check(srtp_dealloc(srtp_rcvr));
815 return err_status_ok;
820 srtcp_test(const srtp_policy_t *policy) {
824 err_status_t status = err_status_ok;
825 srtp_hdr_t *hdr, *hdr2;
828 int msg_len_octets, msg_len_enc;
830 int tag_length = policy->rtp.auth_tag_len;
832 srtp_policy_t *rcvr_policy;
834 err_check(srtp_create(&srtcp_sender, policy));
836 /* print out policy */
837 err_check(srtp_session_print_policy(srtcp_sender));
840 * initialize data buffer, using the ssrc in the policy unless that
841 * value is a wildcard, in which case we'll just use an arbitrary
844 if (policy->ssrc.type != ssrc_specific)
847 ssrc = policy->ssrc.value;
849 hdr = srtp_create_test_packet(msg_len_octets, ssrc);
852 return err_status_alloc_fail;
853 hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
856 return err_status_alloc_fail;
859 /* set message length */
860 len = msg_len_octets;
862 debug_print(mod_driver, "before protection:\n%s",
863 srtp_packet_to_string(hdr, len));
865 #if PRINT_REFERENCE_PACKET
866 debug_print(mod_driver, "reference packet before protection:\n%s",
867 octet_string_hex_string((uint8_t *)hdr, len));
869 err_check(srtp_protect_rtcp(srtcp_sender, hdr, &len));
871 debug_print(mod_driver, "after protection:\n%s",
872 srtp_packet_to_string(hdr, len));
873 #if PRINT_REFERENCE_PACKET
874 debug_print(mod_driver, "after protection:\n%s",
875 octet_string_hex_string((uint8_t *)hdr, len));
878 /* save protected message and length */
879 memcpy(hdr_enc, hdr, len);
883 * check for overrun of the srtp_protect() function
885 * The packet is followed by a value of 0xfffff; if the value of the
886 * data following the packet is different, then we know that the
887 * protect function is overwriting the end of the packet.
889 pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t)
890 + msg_len_octets + tag_length;
891 for (i = 0; i < 4; i++)
892 if (pkt_end[i] != 0xff) {
893 fprintf(stdout, "overwrite in srtp_protect_rtcp() function "
894 "(expected %x, found %x in trailing octet %d)\n",
895 0xff, ((uint8_t *)hdr)[i], i);
898 return err_status_algo_fail;
902 * if the policy includes confidentiality, check that ciphertext is
903 * different than plaintext
905 * Note that this check will give false negatives, with some small
906 * probability, especially if the packets are short. For that
907 * reason, we skip this check if the plaintext is less than four
910 if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
911 printf("testing that ciphertext is distinct from plaintext...");
912 status = err_status_algo_fail;
913 for (i=12; i < msg_len_octets+12; i++)
914 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
915 status = err_status_ok;
927 * if the policy uses a 'wildcard' ssrc, then we need to make a copy
928 * of the policy that changes the direction to inbound
930 * we always copy the policy into the rcvr_policy, since otherwise
931 * the compiler would fret about the constness of the policy
933 rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
934 if (rcvr_policy == NULL)
935 return err_status_alloc_fail;
936 memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
937 if (policy->ssrc.type == ssrc_any_outbound) {
938 rcvr_policy->ssrc.type = ssrc_any_inbound;
941 err_check(srtp_create(&srtcp_rcvr, rcvr_policy));
943 err_check(srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len));
945 debug_print(mod_driver, "after unprotection:\n%s",
946 srtp_packet_to_string(hdr, len));
948 /* verify that the unprotected packet matches the origial one */
949 for (i=0; i < msg_len_octets; i++)
950 if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
951 fprintf(stdout, "mismatch at octet %d\n", i);
952 status = err_status_algo_fail;
962 * if the policy includes authentication, then test for false positives
964 if (policy->rtp.sec_serv & sec_serv_auth) {
965 char *data = ((char *)hdr) + 12;
967 printf("testing for false positives in replay check...");
969 /* set message length */
972 /* unprotect a second time - should fail with a replay error */
973 status = srtp_unprotect_rtcp(srtcp_rcvr, hdr_enc, &len);
974 if (status != err_status_replay_fail) {
975 printf("failed with error code %d\n", status);
984 printf("testing for false positives in auth check...");
986 /* increment sequence number in header */
989 /* set message length */
990 len = msg_len_octets;
992 /* apply protection */
993 err_check(srtp_protect_rtcp(srtcp_sender, hdr, &len));
995 /* flip bits in packet */
998 /* unprotect, and check for authentication failure */
999 status = srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len);
1000 if (status != err_status_auth_fail) {
1012 err_check(srtp_dealloc(srtcp_sender));
1013 err_check(srtp_dealloc(srtcp_rcvr));
1018 return err_status_ok;
1023 srtp_session_print_policy(srtp_t srtp) {
1024 char *serv_descr[4] = {
1028 "confidentiality and authentication"
1030 char *direction[3] = {
1035 srtp_stream_t stream;
1037 /* sanity checking */
1039 return err_status_fail;
1041 /* if there's a template stream, print it out */
1042 if (srtp->stream_template != NULL) {
1043 stream = srtp->stream_template;
1044 printf("# SSRC: any %s\r\n"
1045 "# rtp cipher: %s\r\n"
1046 "# rtp auth: %s\r\n"
1047 "# rtp services: %s\r\n"
1048 "# rtcp cipher: %s\r\n"
1049 "# rtcp auth: %s\r\n"
1050 "# rtcp services: %s\r\n"
1051 "# window size: %lu\r\n"
1052 "# tx rtx allowed:%s\r\n",
1053 direction[stream->direction],
1054 stream->rtp_cipher->type->description,
1055 stream->rtp_auth->type->description,
1056 serv_descr[stream->rtp_services],
1057 stream->rtcp_cipher->type->description,
1058 stream->rtcp_auth->type->description,
1059 serv_descr[stream->rtcp_services],
1060 rdbx_get_window_size(&stream->rtp_rdbx),
1061 stream->allow_repeat_tx ? "true" : "false");
1064 /* loop over streams in session, printing the policy of each */
1065 stream = srtp->stream_list;
1066 while (stream != NULL) {
1067 if (stream->rtp_services > sec_serv_conf_and_auth)
1068 return err_status_bad_param;
1070 printf("# SSRC: 0x%08x\r\n"
1071 "# rtp cipher: %s\r\n"
1072 "# rtp auth: %s\r\n"
1073 "# rtp services: %s\r\n"
1074 "# rtcp cipher: %s\r\n"
1075 "# rtcp auth: %s\r\n"
1076 "# rtcp services: %s\r\n"
1077 "# window size: %lu\r\n"
1078 "# tx rtx allowed:%s\r\n",
1080 stream->rtp_cipher->type->description,
1081 stream->rtp_auth->type->description,
1082 serv_descr[stream->rtp_services],
1083 stream->rtcp_cipher->type->description,
1084 stream->rtcp_auth->type->description,
1085 serv_descr[stream->rtcp_services],
1086 rdbx_get_window_size(&stream->rtp_rdbx),
1087 stream->allow_repeat_tx ? "true" : "false");
1089 /* advance to next stream in the list */
1090 stream = stream->next;
1092 return err_status_ok;
1096 srtp_print_policy(const srtp_policy_t *policy) {
1097 err_status_t status;
1100 status = srtp_create(&session, policy);
1103 status = srtp_session_print_policy(session);
1106 status = srtp_dealloc(session);
1109 return err_status_ok;
1113 * srtp_print_packet(...) is for debugging only
1114 * it prints an RTP packet to the stdout
1116 * note that this function is *not* threadsafe
1123 char packet_string[MTU];
1126 srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len) {
1127 int octets_in_rtp_header = 12;
1128 uint8_t *data = ((uint8_t *)hdr)+octets_in_rtp_header;
1129 int hex_len = pkt_octet_len-octets_in_rtp_header;
1131 /* sanity checking */
1132 if ((hdr == NULL) || (pkt_octet_len > MTU))
1135 /* write packet into string */
1136 sprintf(packet_string,
1137 "(s)rtp packet: {\n"
1148 "} (%d octets in total)\n",
1158 octet_string_hex_string(data, hex_len),
1161 return packet_string;
1165 * mips_estimate() is a simple function to estimate the number of
1166 * instructions per second that the host can perform. note that this
1167 * function can be grossly wrong; you may want to have a manual sanity
1168 * check of its output!
1170 * the 'ignore' pointer is there to convince the compiler to not just
1171 * optimize away the function
1175 mips_estimate(int num_trials, int *ignore) {
1177 volatile int i, sum;
1181 for (i=0; i<num_trials; i++)
1185 /* printf("%d\n", sum); */
1188 return (double) num_trials * CLOCKS_PER_SEC / t;
1193 * srtp_validate() verifies the correctness of libsrtp by comparing
1194 * some computed packets against some pre-computed reference values.
1195 * These packets were made with the default SRTP policy.
1201 uint8_t srtp_plaintext_ref[28] = {
1202 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1203 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1204 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1205 0xab, 0xab, 0xab, 0xab
1207 uint8_t srtp_plaintext[38] = {
1208 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1209 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1210 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1211 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
1212 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1214 uint8_t srtp_ciphertext[38] = {
1215 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1216 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
1217 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
1218 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
1219 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
1221 srtp_t srtp_snd, srtp_recv;
1222 err_status_t status;
1224 srtp_policy_t policy;
1227 * create a session with a single stream using the default srtp
1228 * policy and with the SSRC value 0xcafebabe
1230 crypto_policy_set_rtp_default(&policy.rtp);
1231 crypto_policy_set_rtcp_default(&policy.rtcp);
1232 policy.ssrc.type = ssrc_specific;
1233 policy.ssrc.value = 0xcafebabe;
1234 policy.key = test_key;
1236 policy.window_size = 128;
1237 policy.allow_repeat_tx = 0;
1240 status = srtp_create(&srtp_snd, &policy);
1245 * protect plaintext, then compare with ciphertext
1248 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
1249 if (status || (len != 38))
1250 return err_status_fail;
1252 debug_print(mod_driver, "ciphertext:\n %s",
1253 octet_string_hex_string(srtp_plaintext, len));
1254 debug_print(mod_driver, "ciphertext reference:\n %s",
1255 octet_string_hex_string(srtp_ciphertext, len));
1257 if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
1258 return err_status_fail;
1261 * create a receiver session context comparable to the one created
1262 * above - we need to do this so that the replay checking doesn't
1265 status = srtp_create(&srtp_recv, &policy);
1270 * unprotect ciphertext, then compare with plaintext
1272 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
1273 if (status || (len != 28))
1276 if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
1277 return err_status_fail;
1279 status = srtp_dealloc(srtp_snd);
1283 status = srtp_dealloc(srtp_recv);
1287 return err_status_ok;
1292 * srtp_validate_aes_256() verifies the correctness of libsrtp by comparing
1293 * some computed packets against some pre-computed reference values.
1294 * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy.
1299 srtp_validate_aes_256() {
1300 unsigned char aes_256_test_key[46] = {
1301 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
1302 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
1303 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
1304 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
1306 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
1307 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
1309 uint8_t srtp_plaintext_ref[28] = {
1310 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1311 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1312 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1313 0xab, 0xab, 0xab, 0xab
1315 uint8_t srtp_plaintext[38] = {
1316 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1317 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
1318 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
1319 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
1320 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1322 uint8_t srtp_ciphertext[38] = {
1323 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
1324 0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17,
1325 0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74,
1326 0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a,
1327 0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b
1329 srtp_t srtp_snd, srtp_recv;
1330 err_status_t status;
1332 srtp_policy_t policy;
1335 * create a session with a single stream using the default srtp
1336 * policy and with the SSRC value 0xcafebabe
1338 crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
1339 crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp);
1340 policy.ssrc.type = ssrc_specific;
1341 policy.ssrc.value = 0xcafebabe;
1342 policy.key = aes_256_test_key;
1344 policy.window_size = 128;
1345 policy.allow_repeat_tx = 0;
1348 status = srtp_create(&srtp_snd, &policy);
1353 * protect plaintext, then compare with ciphertext
1356 status = srtp_protect(srtp_snd, srtp_plaintext, &len);
1357 if (status || (len != 38))
1358 return err_status_fail;
1360 debug_print(mod_driver, "ciphertext:\n %s",
1361 octet_string_hex_string(srtp_plaintext, len));
1362 debug_print(mod_driver, "ciphertext reference:\n %s",
1363 octet_string_hex_string(srtp_ciphertext, len));
1365 if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
1366 return err_status_fail;
1369 * create a receiver session context comparable to the one created
1370 * above - we need to do this so that the replay checking doesn't
1373 status = srtp_create(&srtp_recv, &policy);
1378 * unprotect ciphertext, then compare with plaintext
1380 status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
1381 if (status || (len != 28))
1384 if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
1385 return err_status_fail;
1387 status = srtp_dealloc(srtp_snd);
1391 status = srtp_dealloc(srtp_recv);
1395 return err_status_ok;
1400 srtp_create_big_policy(srtp_policy_t **list) {
1401 extern const srtp_policy_t *policy_array[];
1402 srtp_policy_t *p, *tmp;
1406 /* sanity checking */
1407 if ((list == NULL) || (policy_array[0] == NULL))
1408 return err_status_bad_param;
1411 * loop over policy list, mallocing a new list and copying values
1412 * into it (and incrementing the SSRC value as we go along)
1415 while (policy_array[i] != NULL) {
1416 p = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
1418 return err_status_bad_param;
1419 memcpy(p, policy_array[i], sizeof(srtp_policy_t));
1420 p->ssrc.type = ssrc_specific;
1421 p->ssrc.value = ssrc++;
1428 return err_status_ok;
1432 srtp_dealloc_big_policy(srtp_policy_t *list) {
1433 srtp_policy_t *p, *next;
1435 for (p = list; p != NULL; p = next) {
1440 return err_status_ok;
1445 srtp_test_remove_stream() {
1446 err_status_t status;
1447 srtp_policy_t *policy_list, policy;
1449 srtp_stream_t stream;
1451 * srtp_get_stream() is a libSRTP internal function that we declare
1452 * here so that we can use it to verify the correct operation of the
1455 extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
1458 status = srtp_create_big_policy(&policy_list);
1462 status = srtp_create(&session, policy_list);
1467 * check for false positives by trying to remove a stream that's not
1470 status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
1471 if (status != err_status_no_ctx)
1472 return err_status_fail;
1475 * check for false negatives by removing stream 0x1, then
1476 * searching for streams 0x0 and 0x2
1478 status = srtp_remove_stream(session, htonl(0x1));
1479 if (status != err_status_ok)
1480 return err_status_fail;
1481 stream = srtp_get_stream(session, htonl(0x0));
1483 return err_status_fail;
1484 stream = srtp_get_stream(session, htonl(0x2));
1486 return err_status_fail;
1488 status = srtp_dealloc(session);
1489 if (status != err_status_ok)
1492 status = srtp_dealloc_big_policy(policy_list);
1493 if (status != err_status_ok)
1496 /* Now test adding and removing a single stream */
1497 crypto_policy_set_rtp_default(&policy.rtp);
1498 crypto_policy_set_rtcp_default(&policy.rtcp);
1499 policy.ssrc.type = ssrc_specific;
1500 policy.ssrc.value = 0xcafebabe;
1501 policy.key = test_key;
1503 policy.window_size = 128;
1504 policy.allow_repeat_tx = 0;
1507 status = srtp_create(&session, NULL);
1508 if (status != err_status_ok)
1511 status = srtp_add_stream(session, &policy);
1512 if (status != err_status_ok)
1515 status = srtp_remove_stream(session, htonl(0xcafebabe));
1516 if (status != err_status_ok)
1519 status = srtp_dealloc(session);
1520 if (status != err_status_ok)
1523 return err_status_ok;
1527 * srtp policy definitions - these definitions are used above
1530 unsigned char test_key[30] = {
1531 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
1532 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
1533 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
1534 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
1538 const srtp_policy_t default_policy = {
1539 { ssrc_any_outbound, 0 }, /* SSRC */
1541 AES_128_ICM, /* cipher type */
1542 30, /* cipher key length in octets */
1543 HMAC_SHA1, /* authentication func type */
1544 16, /* auth key length in octets */
1545 10, /* auth tag length in octets */
1546 sec_serv_conf_and_auth /* security services flag */
1548 { /* SRTCP policy */
1549 AES_128_ICM, /* cipher type */
1550 30, /* cipher key length in octets */
1551 HMAC_SHA1, /* authentication func type */
1552 16, /* auth key length in octets */
1553 10, /* auth tag length in octets */
1554 sec_serv_conf_and_auth /* security services flag */
1557 NULL, /* indicates that EKT is not in use */
1558 128, /* replay window size */
1559 0, /* retransmission not allowed */
1563 const srtp_policy_t aes_tmmh_policy = {
1564 { ssrc_any_outbound, 0 }, /* SSRC */
1566 AES_128_ICM, /* cipher type */
1567 30, /* cipher key length in octets */
1568 UST_TMMHv2, /* authentication func type */
1569 94, /* auth key length in octets */
1570 4, /* auth tag length in octets */
1571 sec_serv_conf_and_auth /* security services flag */
1574 AES_128_ICM, /* cipher type */
1575 30, /* cipher key length in octets */
1576 UST_TMMHv2, /* authentication func type */
1577 94, /* auth key length in octets */
1578 4, /* auth tag length in octets */
1579 sec_serv_conf_and_auth /* security services flag */
1582 NULL, /* indicates that EKT is not in use */
1583 128, /* replay window size */
1584 0, /* retransmission not allowed */
1588 const srtp_policy_t tmmh_only_policy = {
1589 { ssrc_any_outbound, 0 }, /* SSRC */
1591 AES_128_ICM, /* cipher type */
1592 30, /* cipher key length in octets */
1593 UST_TMMHv2, /* authentication func type */
1594 94, /* auth key length in octets */
1595 4, /* auth tag length in octets */
1596 sec_serv_auth /* security services flag */
1599 AES_128_ICM, /* cipher type */
1600 30, /* cipher key length in octets */
1601 UST_TMMHv2, /* authentication func type */
1602 94, /* auth key length in octets */
1603 4, /* auth tag length in octets */
1604 sec_serv_auth /* security services flag */
1607 NULL, /* indicates that EKT is not in use */
1608 128, /* replay window size */
1609 0, /* retransmission not allowed */
1613 const srtp_policy_t aes_only_policy = {
1614 { ssrc_any_outbound, 0 }, /* SSRC */
1616 AES_128_ICM, /* cipher type */
1617 30, /* cipher key length in octets */
1618 NULL_AUTH, /* authentication func type */
1619 0, /* auth key length in octets */
1620 0, /* auth tag length in octets */
1621 sec_serv_conf /* security services flag */
1624 AES_128_ICM, /* cipher type */
1625 30, /* cipher key length in octets */
1626 NULL_AUTH, /* authentication func type */
1627 0, /* auth key length in octets */
1628 0, /* auth tag length in octets */
1629 sec_serv_conf /* security services flag */
1632 NULL, /* indicates that EKT is not in use */
1633 128, /* replay window size */
1634 0, /* retransmission not allowed */
1638 const srtp_policy_t hmac_only_policy = {
1639 { ssrc_any_outbound, 0 }, /* SSRC */
1641 NULL_CIPHER, /* cipher type */
1642 0, /* cipher key length in octets */
1643 HMAC_SHA1, /* authentication func type */
1644 20, /* auth key length in octets */
1645 4, /* auth tag length in octets */
1646 sec_serv_auth /* security services flag */
1649 NULL_CIPHER, /* cipher type */
1650 0, /* cipher key length in octets */
1651 HMAC_SHA1, /* authentication func type */
1652 20, /* auth key length in octets */
1653 4, /* auth tag length in octets */
1654 sec_serv_auth /* security services flag */
1657 NULL, /* indicates that EKT is not in use */
1658 128, /* replay window size */
1659 0, /* retransmission not allowed */
1663 const srtp_policy_t null_policy = {
1664 { ssrc_any_outbound, 0 }, /* SSRC */
1666 NULL_CIPHER, /* cipher type */
1667 0, /* cipher key length in octets */
1668 NULL_AUTH, /* authentication func type */
1669 0, /* auth key length in octets */
1670 0, /* auth tag length in octets */
1671 sec_serv_none /* security services flag */
1674 NULL_CIPHER, /* cipher type */
1675 0, /* cipher key length in octets */
1676 NULL_AUTH, /* authentication func type */
1677 0, /* auth key length in octets */
1678 0, /* auth tag length in octets */
1679 sec_serv_none /* security services flag */
1682 NULL, /* indicates that EKT is not in use */
1683 128, /* replay window size */
1684 0, /* retransmission not allowed */
1688 unsigned char test_256_key[46] = {
1689 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
1690 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
1691 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
1692 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
1694 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
1695 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
1698 const srtp_policy_t aes_256_hmac_policy = {
1699 { ssrc_any_outbound, 0 }, /* SSRC */
1701 AES_ICM, /* cipher type */
1702 46, /* cipher key length in octets */
1703 HMAC_SHA1, /* authentication func type */
1704 20, /* auth key length in octets */
1705 10, /* auth tag length in octets */
1706 sec_serv_conf_and_auth /* security services flag */
1708 { /* SRTCP policy */
1709 AES_ICM, /* cipher type */
1710 46, /* cipher key length in octets */
1711 HMAC_SHA1, /* authentication func type */
1712 20, /* auth key length in octets */
1713 10, /* auth tag length in octets */
1714 sec_serv_conf_and_auth /* security services flag */
1717 NULL, /* indicates that EKT is not in use */
1718 128, /* replay window size */
1719 0, /* retransmission not allowed */
1723 uint8_t ekt_test_key[16] = {
1724 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca,
1725 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b
1730 ekt_policy_ctx_t ekt_test_policy = {
1732 EKT_CIPHER_AES_128_ECB,
1737 const srtp_policy_t hmac_only_with_ekt_policy = {
1738 { ssrc_any_outbound, 0 }, /* SSRC */
1740 NULL_CIPHER, /* cipher type */
1741 0, /* cipher key length in octets */
1742 HMAC_SHA1, /* authentication func type */
1743 20, /* auth key length in octets */
1744 4, /* auth tag length in octets */
1745 sec_serv_auth /* security services flag */
1748 NULL_CIPHER, /* cipher type */
1749 0, /* cipher key length in octets */
1750 HMAC_SHA1, /* authentication func type */
1751 20, /* auth key length in octets */
1752 4, /* auth tag length in octets */
1753 sec_serv_auth /* security services flag */
1756 &ekt_test_policy, /* indicates that EKT is not in use */
1757 128, /* replay window size */
1758 0, /* retransmission not allowed */
1764 * an array of pointers to the policies listed above
1766 * This array is used to test various aspects of libSRTP for
1767 * different cryptographic policies. The order of the elements
1768 * matters - the timing test generates output that can be used
1769 * in a plot (see the gnuplot script file 'timing'). If you
1770 * add to this list, you should do it at the end.
1775 const srtp_policy_t *
1787 &aes_256_hmac_policy,
1788 &hmac_only_with_ekt_policy,
1792 const srtp_policy_t wildcard_policy = {
1793 { ssrc_any_outbound, 0 }, /* SSRC */
1795 AES_128_ICM, /* cipher type */
1796 30, /* cipher key length in octets */
1797 HMAC_SHA1, /* authentication func type */
1798 16, /* auth key length in octets */
1799 10, /* auth tag length in octets */
1800 sec_serv_conf_and_auth /* security services flag */
1802 { /* SRTCP policy */
1803 AES_128_ICM, /* cipher type */
1804 30, /* cipher key length in octets */
1805 HMAC_SHA1, /* authentication func type */
1806 16, /* auth key length in octets */
1807 10, /* auth tag length in octets */
1808 sec_serv_conf_and_auth /* security services flag */
1812 128, /* replay window size */
1813 0, /* retransmission not allowed */