Home | History | Annotate | Download | only in doc

Lines Matching full:packet

51        3.3.  SRTP Packet Processing . . . . . . . . . . . . . . . . . 11
52              3.3.1.  Packet Index Determination, and ROC, s_l Update. 13
141    SRTP can achieve high throughput and low packet expansion.  SRTP
216    *  limited packet expansion to support the bandwidth economy goal,
219       layers used by RTP, in particular high tolerance to packet loss
267    equivalent SRTP packet on the sending side, and intercepts SRTP
268    packets and passes an equivalent RTP packet up the stack on the
274    feedback to RTP senders, or maintain packet sequence counters.  SRTCP
294       The format of an SRTP packet is illustrated in Figure 1.
321    Figure 1.  The format of an SRTP packet.  *Encrypted Portion is the
324    The "Encrypted Portion" of an SRTP packet consists of the encryption
326    equivalent RTP packet.  The Encrypted Portion MAY be the exact size
364               particular packet.  Note that the MKI SHALL NOT identify
373               data.  The Authenticated Portion of an SRTP packet
375               Portion of the SRTP packet.  Thus, if both encryption and
420       SRTP extracts from the RTP packet header, the ROC is maintained by
423       We define the index of the SRTP packet corresponding to a given
496       RTCP index is explicitly carried in each SRTCP packet,
525    SRTP/SRTCP parameter sharing above, separate replay lists and packet
559    port are the ones in the SRTP packet.  It is assumed that, when
585    If no valid context can be found for a packet corresponding to a
586    certain context identifier, that packet MUST be discarded.
588 3.3.  SRTP Packet Processing
594    construct an SRTP packet:
599    2. Determine the index of the SRTP packet using the rollover counter,
601       sequence number in the RTP packet, as described in Section 3.3.1.
613       packet (see Section 4.1, for the defined ciphers).  This step uses
618    6. If the MKI indicator is set to one, append the MKI to the packet.
621       Authenticated Portion of the packet, as described in Section 4.2.
636       to the packet.
638    8. If necessary, update the ROC as in Section 3.3.1, using the packet
641    To authenticate and decrypt an SRTP packet, the receiver SHALL do the
648       packet.  The algorithm uses the rollover counter and highest
650       number in the SRTP packet, as described in Section 3.3.1.
653       the context is set to one, use the MKI in the SRTP packet,
663       the packet has been replayed (Section 3.3.2), using the Replay
664       List and the index as determined in Step 2.  If the packet is
665       judged to be replayed, then the packet MUST be discarded, and the
672       FAILURE" (see Section 4.2), the packet MUST be discarded from
675    6. Decrypt the Encrypted Portion of the packet (see Section 4.1, for
692       the cryptographic context as in Section 3.3.1, using the packet
697       the packet.
699 3.3.1.  Packet Index Determination, and ROC, s_l Update
701    SRTP implementations use an "implicit" packet index for sequencing,
702    i.e., not all of the index is explicitly carried in the SRTP packet.
711    (see security aspects below).  The sender's packet index is then
717    determine the correct index of a packet, which is the location of the
718    packet in the sequence of all SRTP packets.  A robust approach for
728    sequence number (SEQ) of the first observed SRTP packet (unless the
748    After the packet has been processed and authenticated (when enabled
782    particular, 2^15 packets would need to be lost, or a packet would
789    (e.g., packet loss rate) and the cases when synchronization is likely
816    A packet is "replayed" when it is stored by an adversary, and then
823    protection.  Packet indices which lag behind the packet index in the
829    The receiver checks the index of an incoming packet against the
834    After the packet has been authenticated (if necessary the window is
847    packet definition.  The three mandatory fields MUST be appended to an
848    RTCP packet in order to form an equivalent SRTCP packet.  The added
862    According to Section 6.1 of [RFC3550], there is a REQUIRED packet
904    Figure 2.  An example of the format of a Secure RTCP packet,
905    consisting of an underlying RTCP compound packet with a Sender Report
906    and SDES packet.
919    The Encrypted Portion of an SRTCP packet consists of the encryption
921    packet, from the first RTCP packet, i.e., from the ninth (9) octet to
922    the end of the compound packet.  The Authenticated Portion of an
923    SRTCP packet consists of the entire equivalent (eventually compound)
924    RTCP packet, the E flag, and the SRTCP index (after any encryption
930             The E-flag indicates if the current SRTCP packet is
932             the split of a compound RTCP packet into two lower-layer
934             clear.  The E bit set to "1" indicates encrypted packet, and
935             "0" indicates non-encrypted packet.
938             The SRTCP index is a 31-bit counter for the SRTCP packet.
939             The index is explicitly included in each packet, in contrast
941             index MUST be set to zero before the first SRTCP packet is
943             each SRTCP packet is sent.  In particular, after a re-key,
954    SRTCP uses the cryptographic context parameters and packet processing
958       explicitly signaled in the packet.
981    packet was encrypted or not.
994       packet given in this section (which includes the index).  The
1005    protocol (e.g., it has a BYE packet) for RTP.
1007    Precautions must be taken so that the packet expansion in SRTCP (due
1036    longer packet intervals.  The increase in the intervals will be
1071    The encryption transforms defined in SRTP map the SRTP packet index
1073    keystream segment encrypts a single RTP packet.  The process of
1074    encrypting a packet consists of generating the keystream segment
1075    corresponding to the packet, and then bitwise exclusive-oring that
1076    keystream segment onto the payload of the RTP packet to produce the
1077    Encrypted Portion of the SRTP packet.  In case the payload size is
1095                                |     Payload of RTP Packet       |->(*)
1099                                | Encrypted Portion of SRTP Packet|<--+
1124    may still need to be computed for packet authentication, in which
1152    sequence.  Each packet is encrypted with a distinct keystream
1163    SRTP packet index i, and the SRTP session salting key k_s, as below.
1176    packet MUST be used, i SHALL be the 31-bit SRTCP index and k_e, k_s
1179    Note that the initial value, IV, is fixed for each packet and is
1185    needed to encrypt the largest possible RTP packet (except for IPv6
1188    packet that can be encrypted ensures the security of the encryption
1194    implementation MUST ensure that the combination of the SRTP packet
1358    in the RTCP compound packet.  E and SRTCP index are the 1-bit and
1359    31-bit fields added to the packet.
1386    Portion of the packet (as specified in Figure 1) concatenated with
1407    The sender computes the tag of M and appends it to the packet.  The
1444                          packet index ---+
1462    packet and then, when r > 0, a key derivation is performed whenever
1496    determined in the cryptographic context, and index, the packet index
1510    purposes.  The n-bit SRTP key (or salt) for this packet SHALL then be
1640    or default values), add steps to the packet processing, or even add
1741    that a member of the group sent the packet, but does not prevent
1751    offer this form of authentication in the pre-defined packet-integrity
1811    packet being successfully forged is only one in 2^32.  Thus an
1814    single forged packet can be much larger if the application is
1903    11), but has the disadvantage of adding extra bits to each packet.
1921    the current SRTP packet, the corresponding master key can be found by
1929    each packet.  This could be useful, as already noted, for some
1956    packet" and "until further notice".  However, the maximum limit of
1961    inserted in the packet (and its indicator in the crypto context is
2073    significance, to be unique per RTP/RTCP stream and packet.  The pre-
2074    defined SRTP transforms accomplish packet-uniqueness by including the
2075    packet index and stream-uniqueness by inclusion of the SSRC.
2148    MUST keep packet counts.  However, when the session keys for related
2160    an RTCP BYE-packet should be sent and/or if the event should be
2173    Note: in most typical applications (assuming at least one RTCP packet
2192    distinctness of the packet indices.
2215    keystream (so that the encryption or decryption of one packet does
2239    As some RTP packet could contain highly predictable data, e.g., SID,
2297    single forged RTP packet is limited to the decoding of that
2298    particular packet.  Under this condition, the size of the
2474    large difference in the packet rate in the respective directions may
2532    rekeying in a way that the maximum packet limit is not reached on any
2557    join and leave the session at any time, there may be packet loss and
2578    desired granularity, dependent on the packet rate.  High rate re-
2595      an SRTCP packet arrives close to the re-keying time.  The MKI
2860    determine the index i of an SRTP packet with sequence number SEQ.  In
2886    RTP packet header   :   806e5cba50681de55c621599
2888    RTP packet payload  :   70736575646f72616e646f6d6e657373