Algorithm - SRTP KDF

Functions

	Name
int	wc_SRTP_KDF(const byte * key, word32 keySz, const byte * salt, word32 saltSz, int kdrIdx, const byte * idx, byte * key1, word32 key1Sz, byte * key2, word32 key2Sz, byte * key3, word32 key3Sz) This function derives keys using SRTP KDF algorithm.
int	wc_SRTCP_KDF(const byte * key, word32 keySz, const byte * salt, word32 saltSz, int kdrIdx, const byte * idx, byte * key1, word32 key1Sz, byte * key2, word32 key2Sz, byte * key3, word32 key3Sz) This function derives keys using SRTCP KDF algorithm.
int	wc_SRTP_KDF_label(const byte * key, word32 keySz, const byte * salt, word32 saltSz, int kdrIdx, const byte * idx, byte label, byte * outKey, word32 outKeySz) This function derives a key with label using SRTP KDF algorithm.
int	wc_SRTCP_KDF_label(const byte * key, word32 keySz, const byte * salt, word32 saltSz, int kdrIdx, const byte * idx, byte label, byte * outKey, word32 outKeySz) This function derives key with label using SRTCP KDF algorithm.
int	wc_SRTP_KDF_kdr_to_idx(word32 kdr) This function converts a kdr value to an index to use in SRTP/SRTCP KDF API.

Functions Documentation

function wc_SRTP_KDF

int wc_SRTP_KDF(
    const byte * key,
    word32 keySz,
    const byte * salt,
    word32 saltSz,
    int kdrIdx,
    const byte * idx,
    byte * key1,
    word32 key1Sz,
    byte * key2,
    word32 key2Sz,
    byte * key3,
    word32 key3Sz
)

This function derives keys using SRTP KDF algorithm.

Parameters:

• key Key to use with encryption.
• keySz Size of key in bytes.
• salt Random non-secret value.
• saltSz Size of random in bytes.
• kdrIdx Key derivation rate. kdr = 0 when -1, otherwise kdr = 2^kdrIdx.
• idx Index value to XOR in.
• key1 First key. Label value of 0x00.
• key1Sz Size of first key in bytes.
• key2 Second key. Label value of 0x01.
• key2Sz Size of second key in bytes.
• key3 Third key. Label value of 0x02.
• key3Sz Size of third key in bytes.

See:

• wc_SRTCP_KDF
• wc_SRTP_KDF_label
• wc_SRTCP_KDF_label
• wc_SRTP_KDF_kdr_to_idx

Return:

• 0 Returned upon successful key derivation.
• BAD_FUNC_ARG Returned when key or salt is NULL
• BAD_FUNC_ARG Returned when key length is not 16, 24 or 32.
• BAD_FUNC_ARG Returned when saltSz is larger than 14.
• BAD_FUNC_ARG Returned when kdrIdx is less than -1 or larger than 24.
• MEMORY_E on dynamic memory allocation failure.

Example

unsigned char key[16] = { ... };
unsigned char salt[14] = { ... };
unsigned char idx[6] = { ... };
unsigned char keyE[16];
unsigned char keyA[20];
unsigned char keyS[14];
int kdrIdx = 0; // Use all of index
int ret;

ret = wc_SRTP_KDF(key, sizeof(key), salt, sizeof(salt), kdrIdx, idx,
    keyE, sizeof(keyE), keyA, sizeof(keyA), keyS, sizeof(keyS));
if (ret != 0) {
    WOLFSSL_MSG("wc_SRTP_KDF failed");
}

function wc_SRTCP_KDF

int wc_SRTCP_KDF(
    const byte * key,
    word32 keySz,
    const byte * salt,
    word32 saltSz,
    int kdrIdx,
    const byte * idx,
    byte * key1,
    word32 key1Sz,
    byte * key2,
    word32 key2Sz,
    byte * key3,
    word32 key3Sz
)

This function derives keys using SRTCP KDF algorithm.

Parameters:

• key Key to use with encryption.
• keySz Size of key in bytes.
• salt Random non-secret value.
• saltSz Size of random in bytes.
• kdrIdx Key derivation rate. kdr = 0 when -1, otherwise kdr = 2^kdrIdx.
• idx Index value to XOR in.
• key1 First key. Label value of 0x00.
• key1Sz Size of first key in bytes.
• key2 Second key. Label value of 0x01.
• key2Sz Size of second key in bytes.
• key3 Third key. Label value of 0x02.
• key3Sz Size of third key in bytes.

See:

• wc_SRTP_KDF
• wc_SRTP_KDF_label
• wc_SRTCP_KDF_label
• wc_SRTP_KDF_kdr_to_idx

Return:

• 0 Returned upon successful key derivation.
• BAD_FUNC_ARG Returned when key or salt is NULL
• BAD_FUNC_ARG Returned when key length is not 16, 24 or 32.
• BAD_FUNC_ARG Returned when saltSz is larger than 14.
• BAD_FUNC_ARG Returned when kdrIdx is less than -1 or larger than 24.
• MEMORY_E on dynamic memory allocation failure.

Example

unsigned char key[16] = { ... };
unsigned char salt[14] = { ... };
unsigned char idx[4] = { ... };
unsigned char keyE[16];
unsigned char keyA[20];
unsigned char keyS[14];
int kdrIdx = 0; // Use all of index
int ret;

ret = wc_SRTCP_KDF(key, sizeof(key), salt, sizeof(salt), kdrIdx, idx,
    keyE, sizeof(keyE), keyA, sizeof(keyA), keyS, sizeof(keyS));
if (ret != 0) {
    WOLFSSL_MSG("wc_SRTP_KDF failed");
}

function wc_SRTP_KDF_label

int wc_SRTP_KDF_label(
    const byte * key,
    word32 keySz,
    const byte * salt,
    word32 saltSz,
    int kdrIdx,
    const byte * idx,
    byte label,
    byte * outKey,
    word32 outKeySz
)

This function derives a key with label using SRTP KDF algorithm.

Parameters:

• key Key to use with encryption.
• keySz Size of key in bytes.
• salt Random non-secret value.
• saltSz Size of random in bytes.
• kdrIdx Key derivation rate. kdr = 0 when -1, otherwise kdr = 2^kdrIdx.
• idx Index value to XOR in.
• label Label to use when deriving key.
• outKey Derived key.
• outKeySz Size of derived key in bytes.

See:

• wc_SRTP_KDF
• wc_SRTCP_KDF
• wc_SRTCP_KDF_label
• wc_SRTP_KDF_kdr_to_idx

Return:

• 0 Returned upon successful key derivation.
• BAD_FUNC_ARG Returned when key, salt or outKey is NULL
• BAD_FUNC_ARG Returned when key length is not 16, 24 or 32.
• BAD_FUNC_ARG Returned when saltSz is larger than 14.
• BAD_FUNC_ARG Returned when kdrIdx is less than -1 or larger than 24.
• MEMORY_E on dynamic memory allocation failure.

Example

unsigned char key[16] = { ... };
unsigned char salt[14] = { ... };
unsigned char idx[6] = { ... };
unsigned char keyE[16];
int kdrIdx = 0; // Use all of index
int ret;

ret = wc_SRTP_KDF_label(key, sizeof(key), salt, sizeof(salt), kdrIdx, idx,
    WC_SRTP_LABEL_ENCRYPTION, keyE, sizeof(keyE));
if (ret != 0) {
    WOLFSSL_MSG("wc_SRTP_KDF failed");
}

function wc_SRTCP_KDF_label

int wc_SRTCP_KDF_label(
    const byte * key,
    word32 keySz,
    const byte * salt,
    word32 saltSz,
    int kdrIdx,
    const byte * idx,
    byte label,
    byte * outKey,
    word32 outKeySz
)

This function derives key with label using SRTCP KDF algorithm.

Parameters:

• key Key to use with encryption.
• keySz Size of key in bytes.
• salt Random non-secret value.
• saltSz Size of random in bytes.
• kdrIdx Key derivation rate. kdr = 0 when -1, otherwise kdr = 2^kdrIdx.
• idx Index value to XOR in.
• label Label to use when deriving key.
• outKey Derived key.
• outKeySz Size of derived key in bytes.

See:

• wc_SRTP_KDF
• wc_SRTCP_KDF
• wc_SRTP_KDF_label
• wc_SRTP_KDF_kdr_to_idx

Return:

• 0 Returned upon successful key derivation.
• BAD_FUNC_ARG Returned when key, salt or outKey is NULL
• BAD_FUNC_ARG Returned when key length is not 16, 24 or 32.
• BAD_FUNC_ARG Returned when saltSz is larger than 14.
• BAD_FUNC_ARG Returned when kdrIdx is less than -1 or larger than 24.
• MEMORY_E on dynamic memory allocation failure.

Example

unsigned char key[16] = { ... };
unsigned char salt[14] = { ... };
unsigned char idx[4] = { ... };
unsigned char keyE[16];
int kdrIdx = 0; // Use all of index
int ret;

ret = wc_SRTCP_KDF_label(key, sizeof(key), salt, sizeof(salt), kdrIdx,
    idx, WC_SRTCP_LABEL_ENCRYPTION, keyE, sizeof(keyE));
if (ret != 0) {
    WOLFSSL_MSG("wc_SRTP_KDF failed");
}

function wc_SRTP_KDF_kdr_to_idx

int wc_SRTP_KDF_kdr_to_idx(
    word32 kdr
)

This function converts a kdr value to an index to use in SRTP/SRTCP KDF API.

Parameters:

• kdr Key derivation rate to convert.

See:

• wc_SRTP_KDF
• wc_SRTCP_KDF
• wc_SRTP_KDF_label
• wc_SRTCP_KDF_label

Return: Key derivation rate as an index.

Example

word32 kdr = 0x00000010;
int kdrIdx;
int ret;

kdrIdx = wc_SRTP_KDF_kdr_to_idx(kdr);

---

Updated on 2025-11-12 at 01:14:39 +0000