我正在尝试将SRTP转换为RTP流转换器,但在从正在创建的Master Key获取WebRTC peerconnection时遇到问题。

据我了解,使用DES exchange时,密钥是通过SDP交换进行交换的,并显示在a=crypto字段中。因此,这种情况似乎很简单(如果我错了,请纠正我),但最终无济于事,因为WebRTC标准化现在要求不应该使用DES(现在只有Chrome支持它,将来可能会删除它)。

对于DTLS,在SDP中有指纹字段,这是将来交换中将要使用的certificate desired的哈希吗?[编辑:经过阅读后,我认为不是这种情况]指纹以及在交换中解析DTLS数据包的能力,我应该能够抓住Master Key来解码SRTP流,但是我不知所措,因为我不知道在哪里看甚至100%确定它是可能的。

因此,简而言之,对WebRTCSRTP中的WebRTC PeerConnection创建的Chrome提要进行解码(可能无需通过进入较低层的C++ API并创建我自己的FireFox的实现)(可能是通过对数据包进行嗅探并收集从的SDP交换)?[编辑:令人沮丧的是,似乎无法访问密钥的 private 部分(aka,主密钥)...如果我错了,请纠正]

最佳答案

这是一些使用openssl和libsrtp本机api的代码

#define SRTP_MASTER_KEY_KEY_LEN 16
#define SRTP_MASTER_KEY_SALT_LEN 14
static void dtls_srtp_init( struct transport_dtls *dtls )
{

/*
  When SRTP mode is in effect, different keys are used for ordinary
   DTLS record protection and SRTP packet protection.  These keys are
   generated using a TLS exporter [RFC5705] to generate

   2 * (SRTPSecurityParams.master_key_len +
        SRTPSecurityParams.master_salt_len) bytes of data

   which are assigned as shown below.  The per-association context value
   is empty.

   client_write_SRTP_master_key[SRTPSecurityParams.master_key_len];
   server_write_SRTP_master_key[SRTPSecurityParams.master_key_len];
   client_write_SRTP_master_salt[SRTPSecurityParams.master_salt_len];
   server_write_SRTP_master_salt[SRTPSecurityParams.master_salt_len];
*/
  int code;
  err_status_t     err;
  srtp_policy_t policy;
  char dtls_buffer[SRTP_MASTER_KEY_KEY_LEN * 2 + SRTP_MASTER_KEY_SALT_LEN * 2];
  char client_write_key[SRTP_MASTER_KEY_KEY_LEN + SRTP_MASTER_KEY_SALT_LEN];
  char server_write_key[SRTP_MASTER_KEY_KEY_LEN + SRTP_MASTER_KEY_SALT_LEN];
  size_t offset = 0;

  /*
   The exporter label for this usage is "EXTRACTOR-dtls_srtp".  (The
   "EXTRACTOR" prefix is for historical compatibility.)
   RFC 5764 4.2.  Key Derivation
  */
  const char * label = "EXTRACTOR-dtls_srtp";

  SRTP_PROTECTION_PROFILE * srtp_profile= SSL_get_selected_srtp_profile( dtls->ssl );

/* SSL_export_keying_material exports a value derived from the master secret,
 * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
 * optional context. (Since a zero length context is allowed, the |use_context|
 * flag controls whether a context is included.)
 *
 * It returns 1 on success and zero otherwise.
 */
  code = SSL_export_keying_material(dtls->ssl,
                                    dtls_buffer,
                                    sizeof(dtls_buffer),
                                    label,
                                    strlen( label),
                                    NULL,
                                    0,
                                    PJ_FALSE);

  memcpy(&client_write_key[0], &dtls_buffer[offset], SRTP_MASTER_KEY_KEY_LEN);
  offset += SRTP_MASTER_KEY_KEY_LEN;
  memcpy(&server_write_key[0], &dtls_buffer[offset], SRTP_MASTER_KEY_KEY_LEN);
  offset += SRTP_MASTER_KEY_KEY_LEN;
  memcpy(&client_write_key[SRTP_MASTER_KEY_KEY_LEN], &dtls_buffer[offset], SRTP_MASTER_KEY_SALT_LEN);
  offset += SRTP_MASTER_KEY_SALT_LEN;
  memcpy(&server_write_key[SRTP_MASTER_KEY_KEY_LEN], &dtls_buffer[offset], SRTP_MASTER_KEY_SALT_LEN);

  switch( srtp_profile->id )
  {
  case SRTP_AES128_CM_SHA1_80:
    crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
    crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
    break;
  case SRTP_AES128_CM_SHA1_32:
    crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);   // rtp is 32,
    crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);  // rtcp still 80
    break;
  default:
    assert(0);
  }
  policy.ssrc.value = 0;
  policy.next = NULL;

  /* Init transmit direction */
  policy.ssrc.type = ssrc_any_outbound;
  policy.key = client_write_key;

  err = srtp_create(&dtls->srtp_ctx_rx, &policy);
  if (err != err_status_ok) {
    printf("not working\n");
  }

  /* Init receive direction */
  policy.ssrc.type = ssrc_any_inbound;
  policy.key = server_write_key;

  err = srtp_create(&dtls->srtp_ctx_tx, &policy);
  if (err != err_status_ok) {
    printf("not working\n");
  }

}

09-10 00:28
查看更多