DTLS-SRTP support functions added
June 9 , 2006
Several new functions have been added to libSRTP to support the "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time Transport Protocol (SRTP)", or DTLS-SRTP for short (draft-mcgrew-tls-srtp-00.txt). These additions are convenience functions to aid in the use of the library, and test functions to verify the correct behavior of the library. No changes have been made that affect the existing documented API.
These changes appear in CVS, but not in a released version yet.
A single enum has been added:
srtp_profile_t, which enumerates the SRTP Protection Profiles defined by DTLS-SRTP. The new functions are
These functions are documented in the libSRTP Overview and Reference Manual. All of these functions are tested in the new application dtls_srtp_driver.c.
See the function test_dtls_srtp in that file for example usage.
The API is backwards compatible with earlier releases. Work is underway to integrate libSRTP with the DTLS implementation in reSIProcate; see the test application for example. A new release will be issued after the integration work has stabilized and been tested.
Please note that recent changes to the Sourceforge CVS setup have changed the instructions for anonymous CVS access.
May 7, 2006
A new release, 1.4.2, fixes several bugs and extends portability. The API is backwards compatible with earlier releases.
This version may not interoperate with earlier versions of libSRTP, because bugs that affect the computation of the authentication tag have been fixed. Users of Secure RTCP in particular should update to the newer version.
|CVS is live!
September 26, 2005
The sourceforge CVS repository is now up and working, and has the latest version of the code in it. Thanks to Cullen for setting it up! For more info, see the CVS page.
A new release, 1.4.1, fixes several known bugs. However, it is already out of date; several more fixes and improvements are in the CVS version at present. A new release will be put out once the flux settles down.
September 15, 2005
This version incorporates fixes for all of the known bugs, including those for Secure RTCP (that's "C" as in control), and is available for download. Thanks to Randell Jesup, Steve Underwood, Alex Vanzella, Will Clark, and others for contributions and comments. Please report any problems with this release on the srtp-users mail list. The online documentation has also been updated.
- Support for ISMA encryption is provided via the --enable-generic-aesicm flag to the ./configure script. This is the only real feature added in this release. A new makefile target, called libaesicm.a , is now built. This library is used by the mpeg4ip project to pre-encrypt streaming media.
- The crypto is now better separated from the rest of the code.
- Some extraneous files have been removed.
- Better integer tracking (e.g. unsigned long replaced with uint32_t).
- Rudimentary support for compilers that lack 64-bit data types.
- Minor portability improvements.
- Minor corrections in documentation.
August 16, 2004
The ECRYPT program has announced the State of the Art of Stream Cipher (SASC) Workshop, which aims to provide a more complete understanding of the current state of stream cipher design and analysis. Steve Babbage has kindly provided guidance on the requirements input for which the workshop is looking.
This news does not directly bear on SRTP, but is likely to be of interest to the community.
May 5, 2004
First release after the code has been updated to match the RFC. Available for download.
- Includes HMAC-SHA1
- Authenticates the rollover counter after the encrypted portion
- Lots of other minor changes
|Secure RTP Draft Standard Available
May 5 , 2004
The IETF Request For Comments has issued. The definitive reference for SRTP is now RFC 3711.
July 22, 2002
A new document which better describes the interface to libsrtp is now available. The Secure RTP Library API Documentation is included in the distribution as doc/libsrtp.pdf and is also available online.
July 22, 2002
Fixes a small but important bug. Available at srtp-1.0.6.tgz
- Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero() after buffer allocation.
- Eliminated references to no-longer-existing variables in debugging code in srtp/srtp.c. This fixes the compilation failure that occured when using PRINT_DEBUG in that file.
- Corrected spelling of Richard Priestley's name in credits. Sorry Richard!
June 20, 2002
Minor but important bug fixed. Available at srtp-1.0.5.tgz
- Fixed octet_string_set_to_zero(), which was writing one more zero octet than it should. This bug caused srtp_protect() and srtp_unprotect() to overwrite the byte that followed the srtp packet.
- Changed sizeof(uint32_t) to srtp_get_trailer_length() in srtp-driver.c. This is just defensive coding.
- Added NULL check to malloc in srtp_alloc().
June 17, 2002
Many minor fixes and two big changes (thanks for the bug reports). Available at srtp-1.0.4.tgz.
- Removed 'ssrc' from the srtp_init_aes_128_prf() function argument list. This is so that applications which do not a priori know the ssrc which they will be receiving can still use libsrtp. Now the SSRC value is gleaned from the rtp header and exored into the counter mode offset in the srtp_protect() and srtp_unprotect() functions, if that cipher is used. This change cascaed through many other functions, including srtp_init_from_hex(), srtp_sender_init() and srtp_receiver_init() in rtp.c, and also changing the CLI to test/rtpw. In the future, another function call will be added to the library that enables multiple ssrc/key pairs to be installed into the same srtp session, so that libsrtp works with multiple srtp senders. For now, this functionality is lacking.
- Removed the GDOI interface to the rtpw demo program. This will be added again at a later date, after the SRTP and GDOI distributions stabilize. For now, I've left in the GDOI #defines and autoconf definitions so that they'll be in place when needed.
- Updated tmmhv2_compute() so that it didn't assume any particular alginment of the output tag.
- Changed bit field variables in srtp.h to unsigned char from unsigned int in order to avoid a potential endianness issue.
- Fixed rdbx_estimate_index() to handle all input cases. This solves the now notorious "abaft" bug in the rtpw demo app on linux/intel, in which spurious replay protection failures happen after that word is received.
- Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed from rijndael_icm_set_segment().
- Added error checking and handling to srtp_sender_init() and srtp_receiver_init().
- Changed srtp_alloc() so that it does what you'd expect: allocate an srtp_ctx_t structure. This hides the library internals.
|Fixed HTML bugs.
May 13, 2002
The HTML in the webpages at the libsrtp home page at srtp.sourceforge.net/ was corrected so that these pages display correctly in the Netscape web browser.
May 7, 2002
A bugfix release of libsrtp. Available at srtp-1.0.2.tgz This release fixes several minor problems, including:
- Fixed the function rdbx_estimate_index(...) which didn't work properly for some inputs when dealing with the random initial rtp sequence number.
May 6, 2002
First release of libsrtp. Available at srtp-1.0.1.tgz There are several minor problems with this release.
|Last updated July 9, 2006.