On Thu, Oct 6, 2022 at 7:27 AM Jean Aunis <jean.au...@prescom.fr> wrote:
> Hello, > > I'm working on a patch to add support for MKI in res_srtp. > > For those who may not be familiar with the subject, MKI is a re-keying > mechanism for SRTP which involves appending a Master Key Identifier (MKI) > inside each SRTP packet in order to change the master key in use. > > Master key and MKI negotiation is out of scope of this patch. > > Before going forward, I'd like to submit to you the changes I plan in > res_srtp's API, just to know if I'm going in the right direction or if I > should design it another way. > > First, I would add a method in *ast_srtp_policy_res* to add several > master keys (together with their MKI) to the SRTP policy. It returns the > index at which the key was inserted, which can be used later to reference > the master key: > > > > > *struct ast_srtp_policy_res { [...] + int > (*add_master_key)(struct ast_srtp_policy *policy, const unsigned char *key, > size_t key_len, const unsigned char *salt, size_t salt_len, const unsigned > char *mki, size_t mki_len); };* > > Second, I would add two methods in *ast_srtp_res* to enable or disable > MKI usage for incoming and outgoing SRTP packets. The MKI to use for > outgoing packets is referenced by its index, as returned by > *ast_srtp_policy_res.**add_master_key* : > > > > *struct ast_srtp_res { [...] + int (*use_inbound_mki)(struct > ast_srtp *srtp, int enable);* > > *+ int (*use_outbound_mki)(struct ast_srtp *srtp, int enable, int > mki_index); };* > > Also attached a patch file summarizing these changes. > > Any feedback will be appreciated! > >From a general perspective it seems sane, but that's without any further knowledge of MKI. -- Joshua C. Colp Asterisk Project Lead Sangoma Technologies Check us out at www.sangoma.com and www.asterisk.org
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev