I have been working to create an RTP/RTCP client and server implementation as a project. I have hit a block when it comes to parsing incoming packets because I am having trouble understanding the encryption method. I have read RFC 3550 several times. Section 9 explains confidentiality and security. I've read about DES-CBC mode here.
Observations I've deduced about encryption
- RTP/RTCP packets are encrypted as a unit, meaning ALL bytes are encrypted
- Encrypted RTCP packets are prefixed with a 32-bit random number
- Encrypted RTP packets are randomized by the timestamp and sequence number
- DES-CBC is the default mode
- DES-CBC mode requires a 64-bit key
- DES-CBC mode requires a 64-bit initialization vector (IV)
- DES-CBC has a block size of 64 bits
What I'm confused about:
DES-CBC states that it uses the "Privacy Enhancement for Internet Electronic Mail" (PEM) protocol, but the RTP RFC makes no mention of this. In addition, the encryption diagrams do not include any PEM headers or elements.
Diagram
UDP packet UDP packet
----------------------------- ------------------------------
[random][RR][SDES #CNAME ...] [SR #senderinfo #site1 #site2]
----------------------------- ------------------------------
encrypted not encrypted
So my questions are:
- Where does the key come from or what header elements make up the key?
- What is the initialization vector for RTP/RTCP?
- How do I parse an encrypted packet vs an unencrypted one?
- Does RTP/RTCP use the PEM protocol? If so, how?
DES-CBC is a way for encrypting data and it can be used for all different protocols that need it's data to be encrypted.
Encryption keys are generated during connection initialization(at connect time) and can be generated using different ways but generally using Public key cryptography(ex:
RSAandDH) and using certificates to prevent MITM attacks which is where the PEM standards are used.The IV(initialization vector) is randomly generated number that will be used to ensure that same plaintext will not be encrypted to same ciphertext if using same key (That's why it's Random).
For encrypted packets you decrypt first using key(SECRET) you got at connection time then use IV which is sent with data packets(NOT secret) to reverse encryption process. For unencrypted packets you just parse the data since there is no KEY and IV data is just plaintext.
PEM is not protocol in the sense as network protocols such SSH. This definition I think is accurate enough from wikipedia
so if your client is using encryption there is a very big chance that it will be using PEM standards for symmetric key initialization.
NOTE: timestamp and sequence number are different from IV these fields are RTP header fields which can serve a similar purpose but they are different from CBC mode IV.