Changes between Version 3 and Version 4 of SRTP


Ignore:
Timestamp:
Jan 23, 2008 6:49:30 PM (16 years ago)
Author:
bennylp
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • SRTP

    v3 v4  
    5555=== pjmedia_transport_srtp Implementation === 
    5656 
    57 As we know, media transport is separated from the stream object (which does the encoding/decoding of PCM frames, (de)packetization of RTP packets, and de-jitter buffering). The connection between stream and media transport is established when the stream is created (because during stream creation we need to specify media transport), and the interconnection can be depicted from the diagram below: 
     57As we know, media transport is separated from the stream object (which does the encoding/decoding of PCM frames, (de)packetization of RTP/RTCP packets, and de-jitter buffering). The connection between stream and media transport is established when the stream is created (we need to specify media transport during stream creation), and the interconnection can be depicted from the diagram below: 
    5858 
     59[[Image(media-transport.PNG)]] 
    5960 
     61I think the diagram above is self-explanatory. 
    6062 
     63With SRTP, the SRTP is implemented as some kind of "adapter", which is plugged between the stream and the actual media transport that does sending/receiving RTP/RTCP packets. When SRTP is used, the interconnection between stream and transport is like the diagram below: 
    6164 
     65[[Image(media-srtp-transport.PNG)]] 
    6266 
     67So to stream, the SRTP transport behaves as if it is a media transport (because it '''is''' a media transport), and to the media transport it behaves as if it is a stream. The SRTP object will forward RTP packets back and forth from stream to the actual transport and vice versa, encrypting/decrypting the RTP/RTCP packets as necessary. 
    6368 
    64  
     69The neat thing about this design is the SRTP "adapter" then can be used to encrypt any kind of media transports. We currently have UDP and ICE media transports that can benefit SRTP, and we could add SRTP to any media transports that will be added in the future. 
    6570 
    6671---- 
     
    7176=== Using SRTP in PJSUA-LIB === 
    7277 
     78The use of SRTP is controlled by settings in both pjsua_config and pjsua_acc_config. The settings in pjsua_config specifies the default settings for all accounts, and the settings in pjsua_acc_config can be used to further set the behavior for that specific account. 
     79 
     80In both pjsua_config and pjsua_acc_config, there are two configuration items to control: 
     81 
     82 '''use_srtp''':: 
     83  This option controls whether secure media transport (SRTP) should be used for this account. Valid values are: 
     84   - PJMEDIA_SRTP_DISABLED (0): SRTP is disabled, and incoming call with RTP/SAVP transport will be rejected. 
     85   - PJMEDIA_SRTP_OPTIONAL (1): SRTP will be advertised and SRTP will be used if remote supports it, but the call may fall back to unsecure media. 
     86   - PJMEDIA_SRTP_MANDATORY (2): secure media is mandatory, and the call can only proceed if secure media can be established. 
     87  The default value for this option is PJSUA_DEFAULT_USE_SRTP, which is zero (disabled). 
     88 
     89 '''srtp_secure_signaling''':: 
     90  This option controls whether SRTP requires secure signaling to be used. This option is only used when {{{use_srtp}}} option above is non-zero. Valid values are: 
     91     - 0: SRTP does not require secure signaling 
     92     - 1: SRTP requires secure transport such as TLS 
     93     - 2: SRTP requires secure end-to-end transport (SIPS) 
     94  The default value for this option is PJSUA_DEFAULT_SRTP_SECURE_SIGNALING, which is 1 (require TLS transport). 
     95 
     96 
     97 
     98 
     99=== pjsua === 
     100 
     101New option '''---use-srtp''' is added, with valid values are 0, 1, or 2. This corresponds to {{{use_srtp}}} setting above. 
     102 
     103Sample usage: 
     104{{{ 
     105 $ ./pjsua --use-tls --use-srtp=1 
     106}}} 
     107 
     108Note: we need to enable TLS since by default SRTP requires secure signaling to be used (see ''srtp_secure_signaling'' setting above). If you want to use SRTP with non-secure transport (which is not recommended unless for testing purpose only!), you can modify ''srtp_secure_signaling'' setting in pjsua application. 
     109 
     110 
    73111=== Using SRTP Transport Directly === 
     112 
     113The SRTP transport may also be used directly without having to involve SDP negotiations. However, you will need to have a different mechanism to exchange keys between endpoints. 
     114 
     115To use SRTP transport directly: 
     116 - Call pjmedia_transport_srtp_create() to create the SRTP adapter, giving it the actual media transport instance (such as UDP transport). 
     117 - Call pjmedia_transport_srtp_start() to active SRTP session, giving it both local and remote crypto settings and keys. 
     118 - Call pjmedia_transport_attach() to configure the remote RTP/RTCP addresses and attach your RTP and RTCP callbacks. 
     119 - Call pjmedia_transport_send_rtp() and pjmedia_transport_send_rtcp() to send RTP/RTCP packets. 
     120 - Once you done with your session, call pjmedia_transport_close() to destroy the SRTP adapter (and optionally the actual transport which is attached to the SRTP adapter, depending on whether ''close_member_tp'' flag is set in the options when creating the SRTP adapter).