[PATCH v2 1/2] Add support for DTLS-SRTP profile negotiation (RFC 5764)
martin at martin.st
Fri Nov 2 00:22:19 CET 2012
On Fri, 2 Nov 2012, Nikos Mavrogiannopoulos wrote:
> On 11/01/2012 04:31 PM, Martin Storsjö wrote:
>> Based on my reading of RFC 5764, one doesn't set any extra context data
>> for the extractor, only the label. Or this is at least my interpretation
>> of "The per-association context value is empty." in section 4.2 in RFC
>> 5764 - the one only extracts one single blob of data using the PRF of
>> the length given in that section (2 master keys and 2 master salts).
> I'm confused on what is a master key. For example the RFC lists:
> cipher: NULL
> cipher_key_length: 0
> cipher_salt_length: 0
> maximum_lifetime: 2^31
> auth_function: HMAC-SHA1
> auth_key_length: 160
> auth_tag_length: 80
> but there is no master key size there. Is the master key size negotiated
> through other means?
No, the master key size isn't negotiated through other means, it's
specified in RFC 3711 section 8.2.
The gnutls_srtp_get_keys function you implemented looks correct to me,
I'll verify it against an existing implementation of DTLS-SRTP as soon as
I get my hands on one.
More information about the Gnutls-devel