diff --git a/src/media/srtp.c b/src/media/srtp.c
index f60d0be39fe0e66a1ece95e74d0a531e9a72d51e..6f83c1b84eea1466b9356335e1c691ee5d82b9fe 100644
--- a/src/media/srtp.c
+++ b/src/media/srtp.c
@@ -28,6 +28,20 @@
#include <libavutil/log.h>
#include "srtp.h"
+#ifdef TEST_SRTP_AEAD
+static void dump_memory(const uint8_t *ptr, size_t len)
+{
+ for (size_t i=0; i < len; ++i) {
+ fprintf(stderr, "%02x", ptr[i]);
+ if (((i+1) % 16) == 0)
+ fputc('\n', stderr);
+ else if (((i+1) % 4) == 0)
+ fputc(' ', stderr);
+ }
+ fputc('\n', stderr);
+}
+#endif
+
void ff_srtp_free(struct SRTPContext *s)
{
if (!s)
@@ -35,7 +49,8 @@ void ff_srtp_free(struct SRTPContext *s)
av_freep(&s->aes);
if (s->hmac)
av_hmac_free(s->hmac);
- s->hmac = NULL;
+ //s->hmac = NULL;
+ memset(s, 0, sizeof(*s));
}
static void encrypt_counter(struct AVAES *aes, uint8_t *iv, uint8_t *outbuf,
@@ -62,32 +77,79 @@ static void derive_key(struct AVAES *aes, const uint8_t *salt, int label,
encrypt_counter(aes, input, out, outlen);
}
+static int strp_aead_init(struct SRTPContext *s, gnutls_cipher_algorithm_t cipher,
+ uint8_t master_key_size, const uint8_t *params)
+{
+ s->aes = av_aes_alloc();
+ if (!s->aes)
+ return AVERROR(ENOMEM);
+
+ memcpy(s->master_key, params, master_key_size);
+ memcpy(s->master_salt, params + master_key_size, 12);
+
+ av_aes_init(s->aes, s->master_key, master_key_size * 8, 0);
+
+ derive_key(s->aes, s->master_salt, 0x00, s->rtp_key, master_key_size);
+ derive_key(s->aes, s->master_salt, 0x02, s->rtp_salt, 12);
+
+ derive_key(s->aes, s->master_salt, 0x03, s->rtcp_key, master_key_size);
+ derive_key(s->aes, s->master_salt, 0x05, s->rtcp_salt, 12);
+
+#ifdef TEST_SRTP_AEAD
+ memcpy(s->rtp_key, s->master_key, master_key_size);
+ memcpy(s->rtp_salt, s->master_salt, 12);
+ memcpy(s->rtcp_key, s->master_key, master_key_size);
+ memcpy(s->rtcp_salt, s->master_salt, 12);
+#endif
+
+ gcm_aes256_set_key(&s->aead_rtp_ctx, s->rtp_key);
+ gcm_aes256_set_key(&s->aead_rtcp_ctx, s->rtcp_key);
+
+ return 0;
+}
+
int ff_srtp_set_crypto(struct SRTPContext *s, const char *suite,
const char *params)
{
- uint8_t buf[30];
+ uint8_t buf[32+12];
+ int params_length;
+ gnutls_cipher_algorithm_t aead_cipher;
ff_srtp_free(s);
- // RFC 4568
- if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80") ||
+ // RFC 5764 and RFC 7714
+ if (!strcmp(suite, "AEAD_AES_256_GCM") ||
+ !strcmp(suite, "SRTP_AEAD_AES_256_GCM")) {
+ s->aead = 1;
+ aead_cipher = GNUTLS_CIPHER_AES_256_GCM;
+ params_length = 32+12;
+ } else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80") ||
!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_80")) {
s->rtp_hmac_size = s->rtcp_hmac_size = 10;
+ params_length = 16+14;
} else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_32")) {
s->rtp_hmac_size = s->rtcp_hmac_size = 4;
+ params_length = 16+14;
} else if (!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_32")) {
// RFC 5764 section 4.1.2
s->rtp_hmac_size = 4;
s->rtcp_hmac_size = 10;
+ params_length = 16+14;
} else {
av_log(NULL, AV_LOG_WARNING, "SRTP Crypto suite %s not supported\n",
suite);
return AVERROR(EINVAL);
}
- if (av_base64_decode(buf, params, sizeof(buf)) != sizeof(buf)) {
- av_log(NULL, AV_LOG_WARNING, "Incorrect amount of SRTP params\n");
+ int ret;
+ if ((ret = av_base64_decode(buf, params, sizeof(buf))) != params_length) {
+ av_log(NULL, AV_LOG_WARNING, "Incorrect amount of SRTP params (%d)\n", ret);
return AVERROR(EINVAL);
}
+
+ // AEAD algorithms setup
+ if (s->aead)
+ return strp_aead_init(s, aead_cipher, 32, buf);
+
// MKI and lifetime not handled yet
s->aes = av_aes_alloc();
s->hmac = av_hmac_alloc(AV_HMAC_SHA1);
@@ -123,8 +185,158 @@ static void create_iv(uint8_t *iv, const uint8_t *salt, uint64_t index,
iv[i] ^= salt[i];
}
+static void create_eaed_iv(uint8_t *iv, int rtcp, const uint8_t *salt, uint64_t index,
+ uint32_t ssrc, uint32_t roc, uint16_t seq)
+{
+ int i;
+
+ memset(iv, 0, 12);
+ AV_WB32(&iv[2], ssrc);
+ if (rtcp) {
+ AV_WB32(&iv[8], index);
+ } else {
+ AV_WB32(&iv[6], roc);
+ AV_WB16(&iv[10], seq);
+ }
+#ifdef TEST_SRTP_AEAD
+ fprintf(stderr, "base: ");
+ dump_memory(iv, 12);
+ fprintf(stderr, "salt: ");
+ dump_memory(salt, 12);
+#endif
+
+ for (i = 0; i < 12; i++)
+ iv[i] ^= salt[i];
+
+#ifdef TEST_SRTP_AEAD
+ fprintf(stderr, "iv: ");
+ dump_memory(iv, 12);
+#endif
+}
+
+int srtp_aead_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr)
+{
+ uint8_t iv[12];
+ uint8_t *in = buf;
+ int len = *lenptr;
+#warning seq_largest and roc may be unitialized
+ int av_uninit(seq_largest);
+ uint32_t ssrc, av_uninit(roc);
+ uint64_t index;
+ int rtcp, seq;
+ size_t cipher_len;
+
+ // TODO: Missing replay protection
+
+ if (len < 12)
+ return AVERROR_INVALIDDATA;
+
+ rtcp = RTP_PT_IS_RTCP(buf[1]);
+ if (!rtcp) {
+ seq = AV_RB16(buf + 2);
+ uint32_t v;
+
+ // RFC 3711 section 3.3.1, appendix A
+ seq_largest = s->seq_initialized ? s->seq_largest : seq;
+ v = roc = s->roc;
+ if (seq_largest < 32768) {
+ if (seq - seq_largest > 32768)
+ v = roc - 1;
+ } else {
+ if (seq_largest - 32768 > seq)
+ v = roc + 1;
+ }
+ if (v == roc) {
+ seq_largest = FFMAX(seq_largest, seq);
+ } else if (v == roc + 1) {
+ seq_largest = seq;
+ roc = v;
+ }
+ index = seq + (((uint64_t)v) << 16);
+ }
+
+ if (rtcp) {
+ uint32_t srtcp_index = AV_RB32(buf + len - 4);
+ len -= 4;
+ *lenptr = len;
+
+ ssrc = AV_RB32(buf + 4);
+ index = srtcp_index & 0x7fffffff;
+
+ buf += 8;
+ len -= 8;
+ if (!(srtcp_index & 0x80000000))
+ cipher_len = 0;
+ else
+ cipher_len = len - 16;
+ } else {
+ int ext, csrc;
+ s->seq_initialized = 1;
+ s->seq_largest = seq_largest;
+ s->roc = roc;
+
+ csrc = buf[0] & 0x0f;
+ ext = buf[0] & 0x10;
+ ssrc = AV_RB32(buf + 8);
+
+ *lenptr = len;
+ buf += 12;
+ len -= 12;
+
+ buf += 4 * csrc;
+ len -= 4 * csrc;
+ if (len < 0)
+ return AVERROR_INVALIDDATA;
+
+ if (ext) {
+ if (len < 4)
+ return AVERROR_INVALIDDATA;
+ ext = (AV_RB16(buf + 2) + 1) * 4;
+ if (len < ext)
+ return AVERROR_INVALIDDATA;
+ len -= ext;
+ buf += ext;
+ }
+
+ cipher_len = len - 16; // remove auth tag length
+ }
+
+ create_eaed_iv(iv, rtcp, rtcp ? s->rtcp_salt : s->rtp_salt, index, ssrc, s->roc, seq);
+ gcm_aes256_set_iv(rtcp ? &s->aead_rtcp_ctx : &s->aead_rtp_ctx, 12, iv);
+
+ size_t ptext_len = *lenptr - (buf - in);
+ uint8_t auth_tag[16];
+
+ if (rtcp) {
+ uint8_t auth_data[12]; // need to use a temporary buffer for AAD as update need to be called only one time
+ *(uint64_t*)auth_data = *(uint64_t*)in;
+ ((uint32_t*)auth_data)[2] = *(uint32_t*)(buf + ptext_len);
+ gcm_aes256_update(&s->aead_rtcp_ctx, sizeof(auth_data), auth_data);
+ gcm_aes256_decrypt(&s->aead_rtcp_ctx, cipher_len, buf, buf);
+ gcm_aes256_digest(&s->aead_rtcp_ctx, 16, auth_tag);
+ ptext_len = cipher_len;
+ } else {
+ gcm_aes256_update(&s->aead_rtp_ctx, buf - in, in);
+ gcm_aes256_decrypt(&s->aead_rtp_ctx, cipher_len, buf, buf);
+ gcm_aes256_digest(&s->aead_rtp_ctx, 16, auth_tag);
+ ptext_len = cipher_len;
+ }
+
+ if (memcmp(buf + cipher_len, auth_tag, 16) != 0) {
+ av_log(NULL, AV_LOG_WARNING, "Authentification failed\n");
+ return AVERROR_INVALIDDATA;
+ }
+
+ *lenptr = ptext_len + (buf - in); // plus AAD
+ return 0;
+}
+
int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr)
{
+ /* AEAD algorithm contains MAC algorithm, has it's own IV and remove usage of some SRTP field */
+ if (s->aead == 1)
+ return srtp_aead_decrypt(s, buf, lenptr);
+
uint8_t iv[16] = { 0 }, hmac[20];
int len = *lenptr;
#warning seq_largest and roc may be unitialized
@@ -236,9 +448,98 @@ int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr)
return 0;
}
+int srtp_aead_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
+ uint8_t *out, int outlen)
+{
+ uint8_t iv[12];
+ int i, rtcp;
+ uint32_t ssrc, index=0;
+ uint16_t seq;
+ uint8_t *buf, *salt;
+
+ if (len < 8)
+ return AVERROR_INVALIDDATA;
+
+ memcpy(out, in, len);
+ buf = out;
+
+ rtcp = RTP_PT_IS_RTCP(in[1]);
+ if (rtcp) {
+ salt = s->rtcp_salt;
+ ssrc = AV_RB32(buf + 4);
+ index = s->rtcp_index++;
+ index = 0x5d4;
+ } else {
+ salt = s->rtp_salt;
+ seq = AV_RB16(in + 2);
+ ssrc = AV_RB32(in + 8);
+ if (seq < s->seq_largest)
+ s->roc++;
+ s->seq_largest = seq;
+ index = seq + (((uint64_t)s->roc) << 16);
+ }
+
+ if (rtcp) {
+ buf += 8;
+ len -= 8;
+ } else {
+ // Compute auth and plaintext sizes
+ int csrc = buf[0] & 0x0f;
+ int ext = buf[0] & 0x10;
+
+ buf += 12;
+ len -= 12;
+
+ buf += 4 * csrc;
+ len -= 4 * csrc;
+ if (len < 0)
+ return AVERROR_INVALIDDATA;
+
+ if (ext) {
+ if (len < 4)
+ return AVERROR_INVALIDDATA;
+ ext = (AV_RB16(buf + 2) + 1) * 4;
+ if (len < ext)
+ return AVERROR_INVALIDDATA;
+ len -= ext;
+ buf += ext;
+ }
+ }
+
+ create_eaed_iv(iv, rtcp, rtcp ? s->rtcp_salt : s->rtp_salt, index, ssrc, s->roc, seq);
+ gcm_aes256_set_iv(rtcp ? &s->aead_rtcp_ctx : &s->aead_rtp_ctx, 12, iv);
+
+ size_t ctext_len = outlen - (buf - out);
+ uint8_t auth_tag[16];
+
+ if (rtcp) {
+ AV_WB32(buf + ctext_len - 4, 0x80000000 | index);
+ uint8_t auth_data[12]; // need to use a temporary buffer for AAD as update need to be called only one time
+ *(uint64_t*)auth_data = *(uint64_t*)out;
+ ((uint32_t*)auth_data)[2] = *(uint32_t*)(buf + ctext_len - 4);
+ gcm_aes256_update(&s->aead_rtcp_ctx, sizeof(auth_data), auth_data);
+ gcm_aes256_encrypt(&s->aead_rtcp_ctx, len, buf, buf);
+ gcm_aes256_digest(&s->aead_rtcp_ctx, 16, auth_tag);
+ memcpy(buf+len, auth_tag, 16);
+ ctext_len = len + 16 + 4;
+ } else {
+ gcm_aes256_update(&s->aead_rtp_ctx, buf - out, out);
+ gcm_aes256_encrypt(&s->aead_rtp_ctx, len, buf, buf);
+ gcm_aes256_digest(&s->aead_rtp_ctx, 16, auth_tag);
+ memcpy(buf+len, auth_tag, 16);
+ ctext_len = len + 16;
+ }
+
+ return buf + ctext_len - out;
+}
+
int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
uint8_t *out, int outlen)
{
+ /* AEAD algorithm contains MAC algorithm, has it's own IV and remove usage of some SRTP field */
+ if (s->aead == 1)
+ return srtp_aead_encrypt(s, in, len, out, outlen);
+
uint8_t iv[16] = { 0 }, hmac[20];
uint64_t index;
uint32_t ssrc;
@@ -324,3 +625,211 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
len += hmac_size;
return buf + len - out;
}
+
+#ifdef TEST_SRTP_AEAD
+int test_gcm256(const uint8_t* plain, int plain_len, const uint8_t* cipher, int cipher_len, int rtcp)
+{
+ uint8_t master_salt[32 + 12];
+ char params[sizeof(master_salt)*2];
+ uint8_t tmp_output[FFMAX(plain_len, cipher_len)];
+ int i, res;
+
+ struct SRTPContext ctx;
+
+ memset(&ctx, 0, sizeof(ctx));
+ memset(¶ms, 0, sizeof(params));
+ memset(&tmp_output, 0, sizeof(tmp_output));
+
+ /* master key */
+ for (i=0; i < 32; i++)
+ master_salt[i] = i;
+
+ /* append master salt */
+ strncpy((char*)&master_salt[32], "Quid pro quo", 12);
+
+ /* base64 encode master key|salt */
+ if (!av_base64_encode(params, sizeof(params), master_salt, sizeof(master_salt))) {
+ fprintf(stderr, "!! Base64 encoding failed\n");
+ return -1;
+ }
+
+ if (1) {
+ /* init crypto */
+ printf("[encryption]\n");
+ if (ff_srtp_set_crypto(&ctx, "SRTP_AEAD_AES_256_GCM", params) < 0) {
+ fprintf(stderr, "!! Initialisation failed\n");
+ return -1;
+ }
+
+ /* test encrypt */
+ res = ff_srtp_encrypt(&ctx, plain, plain_len, tmp_output, sizeof(tmp_output));
+ if (res < 0){
+ fprintf(stderr, "!! Encryption failed\n");
+ return -1;
+ }
+
+ printf("result:\n");
+ dump_memory(tmp_output, res);
+ printf("waited:\n");
+ dump_memory(cipher, cipher_len);
+
+ if (res != cipher_len) {
+ fprintf(stderr, "!! Encryption failed: lengths differ (get %d, waited %d)\n",
+ res, cipher_len);
+ return -1;
+ }
+
+ if (memcmp(tmp_output, cipher, cipher_len)) {
+ fprintf(stderr, "!! Encryption failed: wrong result\n");
+ return -1;
+ }
+
+ ff_srtp_free(&ctx);
+ }
+
+ /* Reset data for decryption */
+ memset(&ctx, 0, sizeof(ctx));
+ memset(&tmp_output, 0, sizeof(tmp_output));
+
+ /* init crypto */
+ printf("\n[decryption]\n");
+ if (ff_srtp_set_crypto(&ctx, "SRTP_AEAD_AES_256_GCM", params) < 0) {
+ fprintf(stderr, "!! Initialisation failed\n");
+ return -1;
+ }
+
+ /* test decrypt */
+ memcpy(tmp_output, cipher, cipher_len);
+ res = ff_srtp_decrypt(&ctx, tmp_output, &cipher_len);
+ if (res < 0) {
+ fprintf(stderr, "!! Decryption failed\n");
+ return -1;
+ }
+
+ printf("result:\n");
+ dump_memory(tmp_output, cipher_len);
+ printf("waited:\n");
+ dump_memory(plain, plain_len);
+
+ if (cipher_len != plain_len) {
+ fprintf(stderr, "!! Decryption failed: lengths differ (get %d, waited %d)\n",
+ cipher_len, plain_len);
+ return -1;
+ }
+
+ if (memcmp(tmp_output, plain, plain_len)) {
+ fprintf(stderr, "!! Decryption failed: wrong result\n");
+ return -1;
+ }
+
+ ff_srtp_free(&ctx);
+
+ return 0;
+}
+
+int main(int argc, char** argv)
+{
+ /* Following test vectors are comming from RFC 7714, Ch. 16.2.x and 17.2.x
+ * Notes: only 256bits version is tested.
+ */
+
+ uint8_t rtp_plain[] = {
+ 0x80, 0x40, 0xf1, 0x7b,
+ 0x80, 0x41, 0xf8, 0xd3,
+ 0x55, 0x01, 0xa0, 0xb2,
+ 0x47, 0x61, 0x6c, 0x6c,
+ 0x69, 0x61, 0x20, 0x65,
+ 0x73, 0x74, 0x20, 0x6f,
+ 0x6d, 0x6e, 0x69, 0x73,
+ 0x20, 0x64, 0x69, 0x76,
+ 0x69, 0x73, 0x61, 0x20,
+ 0x69, 0x6e, 0x20, 0x70,
+ 0x61, 0x72, 0x74, 0x65,
+ 0x73, 0x20, 0x74, 0x72,
+ 0x65, 0x73
+ };
+
+ uint8_t rtp_cipher[] = {
+ 0x80, 0x40, 0xf1, 0x7b,
+ 0x80, 0x41, 0xf8, 0xd3,
+ 0x55, 0x01, 0xa0, 0xb2,
+ 0x32, 0xb1, 0xde, 0x78,
+ 0xa8, 0x22, 0xfe, 0x12,
+ 0xef, 0x9f, 0x78, 0xfa,
+ 0x33, 0x2e, 0x33, 0xaa,
+ 0xb1, 0x80, 0x12, 0x38,
+ 0x9a, 0x58, 0xe2, 0xf3,
+ 0xb5, 0x0b, 0x2a, 0x02,
+ 0x76, 0xff, 0xae, 0x0f,
+ 0x1b, 0xa6, 0x37, 0x99,
+ 0xb8, 0x7b, 0x7a, 0xa3,
+ 0xdb, 0x36, 0xdf, 0xff,
+ 0xd6, 0xb0, 0xf9, 0xbb,
+ 0x78, 0x78, 0xd7, 0xa7,
+ 0x6c, 0x13
+ };
+
+ uint8_t rtcp_plain[] = {
+ 0x81, 0xc8, 0x00, 0x0d,
+ 0x4d, 0x61, 0x72, 0x73,
+ 0x4e, 0x54, 0x50, 0x31,
+ 0x4e, 0x54, 0x50, 0x32,
+ 0x52, 0x54, 0x50, 0x20,
+ 0x00, 0x00, 0x04, 0x2a,
+ 0x00, 0x00, 0xe9, 0x30,
+ 0x4c, 0x75, 0x6e, 0x61,
+ 0xde, 0xad, 0xbe, 0xef,
+ 0xde, 0xad, 0xbe, 0xef,
+ 0xde, 0xad, 0xbe, 0xef,
+ 0xde, 0xad, 0xbe, 0xef,
+ 0xde, 0xad, 0xbe, 0xef
+ };
+
+ uint8_t rtcp_cipher[] = {
+ 0x81, 0xc8, 0x00, 0x0d,
+ 0x4d, 0x61, 0x72, 0x73,
+ 0xd5, 0x0a, 0xe4, 0xd1,
+ 0xf5, 0xce, 0x5d, 0x30,
+ 0x4b, 0xa2, 0x97, 0xe4,
+ 0x7d, 0x47, 0x0c, 0x28,
+ 0x2c, 0x3e, 0xce, 0x5d,
+ 0xbf, 0xfe, 0x0a, 0x50,
+ 0xa2, 0xea, 0xa5, 0xc1,
+ 0x11, 0x05, 0x55, 0xbe,
+ 0x84, 0x15, 0xf6, 0x58,
+ 0xc6, 0x1d, 0xe0, 0x47,
+ 0x6f, 0x1b, 0x6f, 0xad,
+ 0x1d, 0x1e, 0xb3, 0x0c,
+ 0x44, 0x46, 0x83, 0x9f,
+ 0x57, 0xff, 0x6f, 0x6c,
+ 0xb2, 0x6a, 0xc3, 0xbe,
+ 0x80, 0x00, 0x05, 0xd4
+ };
+
+ int res, failures = 0;
+
+ printf("**** Testing RTP packet ****\n");
+ res = test_gcm256(rtp_plain, sizeof(rtp_plain),
+ rtp_cipher, sizeof(rtp_cipher), 0);
+ if (res < 0) {
+ fprintf(stderr, "!!!! RTP test failed !!!!\n");
+ failures++;
+ }
+
+ printf("\n**** Testing RTCP packet ****\n");
+ res = test_gcm256(rtcp_plain, sizeof(rtcp_plain),
+ rtcp_cipher, sizeof(rtcp_cipher), 1);
+ if (res < 0) {
+ fprintf(stderr, "!!!! RTP test failed !!!!\n");
+ failures++;
+ }
+
+ if (failures) {
+ fprintf(stderr, "\n==== %u test(s) FAILED ====\n", failures);
+ return -1;
+ }
+
+ fprintf(stderr, "\n==== All tests PASSED ====\n");
+ return 0;
+}
+#endif
diff --git a/src/media/srtp.h b/src/media/srtp.h
index 2bfae60623e8eeb6e3e9c259d639acfece0e9e25..c708bbe4336b6206a9002a4e42282deeb59eed87 100644
--- a/src/media/srtp.h
+++ b/src/media/srtp.h
@@ -23,6 +23,8 @@
#define SRTP_H
#include <stdint.h>
+#include <gnutls/gnutls.h>
+#include <nettle/gcm.h>
struct AVAES;
struct AVHMAC;
@@ -31,15 +33,19 @@ struct SRTPContext {
struct AVAES *aes;
struct AVHMAC *hmac;
int rtp_hmac_size, rtcp_hmac_size;
- uint8_t master_key[16];
+ uint8_t master_key[32];
uint8_t master_salt[14];
- uint8_t rtp_key[16], rtcp_key[16];
+ uint8_t rtp_key[32], rtcp_key[32];
uint8_t rtp_salt[14], rtcp_salt[14];
uint8_t rtp_auth[20], rtcp_auth[20];
int seq_largest, seq_initialized;
uint32_t roc;
uint32_t rtcp_index;
+
+ int aead;
+ struct gcm_aes256_ctx aead_rtp_ctx;
+ struct gcm_aes256_ctx aead_rtcp_ctx;
};
int ff_srtp_set_crypto(struct SRTPContext *s, const char *suite,