update srtp to master part 1

91eb5b23 · Michael Jerris · 6e38bb1a · 91eb5b23 · 91eb5b23 · 91eb5b23
--- a/libs/srtp/README
+++ b/libs/srtp/README
@@ -28,7 +28,7 @@ The configure script accepts the following options:
   --enable-console    use /dev/console for error reporting
   --gdoi              use GDOI key management (disabled at present)

-By default, debbuging is enabled and stdout is used for debugging.
+By default, debugging is enabled and stdout is used for debugging.
 You can use the above configure options to have the debugging output
 sent to syslog or the system console.  Alternatively, you can define
 ERR_REPORTING_FILE in include/conf.h to be any other file that can be
@@ -89,7 +89,7 @@ or     rtpw -l

  -s		(s)rtp sender - causes app to send words

-  -r		(s)rtp receive - causes app to receve words
+  -r		(s)rtp receive - causes app to receive words

  -k <key>      use srtp master key <key>, where the
 		key is a hexadecimal value (without the

--- a/libs/srtp/VERSION
+++ b/libs/srtp/VERSION
-1.4.4
+1.4.5
--- a/libs/srtp/crypto/ae_xfm/xfm.c
+++ b/libs/srtp/crypto/ae_xfm/xfm.c
@@ -177,7 +177,7 @@ aes_128_cbc_hmac_sha1_96_inv(void *key,

 #define ENC 1

-#define DEBUG 0
+#define DEBUG_PRINT 0

 err_status_t
 aes_128_cbc_hmac_sha1_96_enc(void *key,            
@@ -208,7 +208,7 @@ aes_128_cbc_hmac_sha1_96_enc(void *key,

  } else {

-#if DEBUG
+#if DEBUG_PRINT
    printf("ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
 #endif

@@ -236,7 +236,7 @@ aes_128_cbc_hmac_sha1_96_enc(void *key,
    status = aes_cbc_set_iv(&aes_ctx, iv);
    if (status) return status;

-#if DEBUG
+#if DEBUG_PRINT
    printf("plaintext len:  %d\n", *opaque_len);
    printf("iv:         %s\n", octet_string_hex_string(iv, IV_LEN));
    printf("plaintext:  %s\n", octet_string_hex_string(opaque, *opaque_len));
@@ -248,7 +248,7 @@ aes_128_cbc_hmac_sha1_96_enc(void *key,
    if (status) return status;
 #endif

-#if DEBUG
+#if DEBUG_PRINT
    printf("ciphertext len: %d\n", *opaque_len);
    printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
 #endif
@@ -266,7 +266,7 @@ aes_128_cbc_hmac_sha1_96_enc(void *key,

    status = hmac_update(&hmac_ctx, clear, clear_len);
    if (status) return status;
-#if DEBUG
+#if DEBUG_PRINT
    printf("hmac input: %s\n", 
 	   octet_string_hex_string(clear, clear_len));
 #endif
@@ -274,14 +274,14 @@ aes_128_cbc_hmac_sha1_96_enc(void *key,
    auth_tag += *opaque_len;    
    status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
    if (status) return status;
-#if DEBUG
+#if DEBUG_PRINT
    printf("hmac input: %s\n", 
 	   octet_string_hex_string(opaque, *opaque_len));
 #endif
    /* bump up the opaque_len to reflect the authentication tag */
    *opaque_len += TAG_LEN;

-#if DEBUG
+#if DEBUG_PRINT
    printf("prot data len:  %d\n", *opaque_len);
    printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
 #endif
@@ -321,7 +321,7 @@ aes_128_cbc_hmac_sha1_96_dec(void *key,
    return err_status_fail;

  } else {
-#if DEBUG
+#if DEBUG_PRINT
    printf("DEC using key %s\n", octet_string_hex_string(key, KEY_LEN));
 #endif

@@ -336,7 +336,7 @@ aes_128_cbc_hmac_sha1_96_dec(void *key,
    status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
    if (status) return status;

-#if DEBUG
+#if DEBUG_PRINT
    printf("prot data len:  %d\n", *opaque_len);
    printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
 #endif
@@ -347,7 +347,7 @@ aes_128_cbc_hmac_sha1_96_dec(void *key,
     */
    ciphertext_len = *opaque_len - TAG_LEN;

-#if DEBUG
+#if DEBUG_PRINT
    printf("ciphertext len: %d\n", ciphertext_len);
 #endif    
    /* verify the authentication tag */
@@ -365,7 +365,7 @@ aes_128_cbc_hmac_sha1_96_dec(void *key,
    status = hmac_update(&hmac_ctx, clear, clear_len);
    if (status) return status;

-#if DEBUG
+#if DEBUG_PRINT
    printf("hmac input: %s\n", 
 	   octet_string_hex_string(clear, clear_len));
 #endif
@@ -373,7 +373,7 @@ aes_128_cbc_hmac_sha1_96_dec(void *key,
    status = hmac_compute(&hmac_ctx, opaque, ciphertext_len, TAG_LEN, tmp_tag);
    if (status) return status;

-#if DEBUG
+#if DEBUG_PRINT
    printf("hmac input: %s\n", 
 	   octet_string_hex_string(opaque, ciphertext_len));
 #endif
@@ -384,7 +384,7 @@ aes_128_cbc_hmac_sha1_96_dec(void *key,
     */
    auth_tag = (unsigned char *)opaque;
    auth_tag += ciphertext_len;  
-#if DEBUG
+#if DEBUG_PRINT
    printf("auth_tag: %s\n", octet_string_hex_string(auth_tag, TAG_LEN));
    printf("tmp_tag:  %s\n", octet_string_hex_string(tmp_tag, TAG_LEN));
 #endif
@@ -402,7 +402,7 @@ aes_128_cbc_hmac_sha1_96_dec(void *key,
    status = aes_cbc_set_iv(&aes_ctx, iv);
    if (status) return status;

-#if DEBUG
+#if DEBUG_PRINT
    printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
    printf("iv:         %s\n", octet_string_hex_string(iv, IV_LEN));
 #endif
@@ -412,7 +412,7 @@ aes_128_cbc_hmac_sha1_96_dec(void *key,
    if (status) return status;
 #endif

-#if DEBUG
+#if DEBUG_PRINT
    printf("plaintext len:  %d\n", ciphertext_len);
    printf("plaintext:  %s\n", 
 	   octet_string_hex_string(opaque, ciphertext_len));
@@ -464,14 +464,14 @@ null_enc(void *key,

  } else {

-#if DEBUG
+#if DEBUG_PRINT
    printf("NULL ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
    printf("NULL_TAG_LEN:  %d\n", NULL_TAG_LEN);
    printf("plaintext len:  %d\n", *opaque_len);
 #endif
    for (i=0; i < IV_LEN; i++)
      init_vec[i] = i + (i * 16);
-#if DEBUG
+#if DEBUG_PRINT
    printf("iv:                %s\n", 
 	   octet_string_hex_string(iv, IV_LEN));
    printf("plaintext:         %s\n", 
@@ -482,7 +482,7 @@ null_enc(void *key,
    for (i=0; i < NULL_TAG_LEN; i++)
      auth_tag[i] = i + (i * 16);
    *opaque_len += NULL_TAG_LEN;
-#if DEBUG
+#if DEBUG_PRINT
    printf("protected data len: %d\n", *opaque_len);
    printf("protected data:    %s\n", 
 	   octet_string_hex_string(opaque, *opaque_len));
@@ -517,7 +517,7 @@ null_dec(void *key,

  } else {

-#if DEBUG
+#if DEBUG_PRINT
    printf("NULL DEC using key %s\n", octet_string_hex_string(key, KEY_LEN));

    printf("protected data len: %d\n", *opaque_len);
@@ -526,11 +526,11 @@ null_dec(void *key,
 #endif
    auth_tag = opaque;
    auth_tag += (*opaque_len - NULL_TAG_LEN);
-#if DEBUG
+#if DEBUG_PRINT
    printf("iv:         %s\n", octet_string_hex_string(iv, IV_LEN));
 #endif
    *opaque_len -= NULL_TAG_LEN;
-#if DEBUG
+#if DEBUG_PRINT
    printf("plaintext len:  %d\n", *opaque_len);
    printf("plaintext:  %s\n", 
 	   octet_string_hex_string(opaque, *opaque_len));

--- a/libs/srtp/crypto/cipher/aes_icm.c
+++ b/libs/srtp/crypto/cipher/aes_icm.c
@@ -168,7 +168,7 @@ aes_icm_dealloc(cipher_t *c) {
 err_status_t
 aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) {
  err_status_t status;
-  int base_key_len;
+  int base_key_len, copy_len;

  if (key_len > 16 && key_len < 30) /* Ismacryp */
    base_key_len = 16;
@@ -177,15 +177,21 @@ aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) {
  else
    return err_status_bad_param;

-  /* set counter and initial values to 'offset' value */
-  /* Note this copies past the end of the 'key' array by 2 bytes! */
-  v128_copy_octet_string(&c->counter, key + base_key_len);
-  v128_copy_octet_string(&c->offset, key + base_key_len);
+  /*
+   * set counter and initial values to 'offset' value, being careful not to
+   * go past the end of the key buffer
+   */
+  v128_set_to_zero(&c->counter);
+  v128_set_to_zero(&c->offset);
+
+  copy_len = key_len - base_key_len;
+  /* force last two octets of the offset to be left zero (for srtp compatibility) */
+  if (copy_len > 14)
+    copy_len = 14;
+
+  memcpy(&c->counter, key + base_key_len, copy_len);
+  memcpy(&c->offset, key + base_key_len, copy_len);

-  /* force last two octets of the offset to zero (for srtp compatibility) */
-  c->offset.v8[14] = c->offset.v8[15] = 0;
-  c->counter.v8[14] = c->counter.v8[15] = 0;
-  
  debug_print(mod_aes_icm, 
 	      "key:  %s", octet_string_hex_string(key, base_key_len)); 
  debug_print(mod_aes_icm, 
@@ -381,7 +387,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
  for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) {

    /* fill buffer with new keystream */
-    aes_icm_advance_ismacryp(c, (uint8_t)forIsmacryp);
+    aes_icm_advance_ismacryp(c, forIsmacryp);

    /*
     * add keystream into the data buffer (this would be a lot faster
@@ -429,7 +435,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
  if ((bytes_to_encr & 0xf) != 0) {
    
    /* fill buffer with new keystream */
-    aes_icm_advance_ismacryp(c, (uint8_t)forIsmacryp);
+    aes_icm_advance_ismacryp(c, forIsmacryp);
    
    for (i=0; i < (bytes_to_encr & 0xf); i++)
      *buf++ ^= c->keystream_buffer.v8[i];

--- a/libs/srtp/crypto/include/datatypes.h
+++ b/libs/srtp/crypto/include/datatypes.h
@@ -409,12 +409,16 @@ static inline uint32_t be32_to_cpu(uint32_t v) {
 #  define be32_to_cpu(x)	ntohl((x))
 # endif /* HAVE_X86 */

+static inline uint64_t be64_to_cpu(uint64_t v) {
 # ifdef NO_64BIT_MATH
   /* use the make64 functions to do 64-bit math */
-#  define be64_to_cpu(v) (make64(htonl(low32(v)),htonl(high32(v))))
+   v = make64(htonl(low32(v)),htonl(high32(v)));
 # else
-#  define be64_to_cpu(v) ((ntohl((uint32_t)(v >> 32))) | (((uint64_t)ntohl((uint32_t)v)) << 32))
+   /* use the native 64-bit math */
+   v= (uint64_t)((be32_to_cpu((uint32_t)(v >> 32))) | (((uint64_t)be32_to_cpu((uint32_t)v)) << 32));
 # endif
+   return v;
+}

 #endif /* ! SRTP_KERNEL_LINUX */


--- a/libs/srtp/crypto/kernel/alloc.c
+++ b/libs/srtp/crypto/kernel/alloc.c
@@ -73,8 +73,9 @@ crypto_alloc(size_t size) {

  if (ptr) {
    debug_print(mod_alloc, "(location: %p) allocated", ptr);
-  } else
+  } else {
    debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size);
+  }

  return ptr;
 }

--- a/libs/srtp/crypto/math/stat.c
+++ b/libs/srtp/crypto/math/stat.c
@@ -24,7 +24,7 @@ debug_module_t mod_stat = {
 err_status_t
 stat_test_monobit(uint8_t *data) {
  uint8_t *data_end = data + STAT_TEST_DATA_LEN;
-  int ones_count;
+  uint16_t ones_count;

  ones_count = 0;
  while (data < data_end) {

--- a/libs/srtp/crypto/replay/rdbx.c
+++ b/libs/srtp/crypto/replay/rdbx.c
@@ -292,7 +292,7 @@ rdbx_add_index(rdbx_t *rdbx, int delta) {
  
  if (delta > 0) {
    /* shift forward by delta */
-    index_advance(&rdbx->index, (sequence_number_t)delta);
+    index_advance(&rdbx->index, delta);
    bitvector_left_shift(&rdbx->bitmask, delta);
    bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1);
  } else {

--- a/libs/srtp/crypto/test/stat_driver.c
+++ b/libs/srtp/crypto/test/stat_driver.c
@@ -51,6 +51,7 @@ main (int argc, char *argv[]) {

  printf("statistical tests driver\n");

+  v128_set_to_zero(&nonce);
  for (i=0; i < 2500; i++)
    buffer[i] = 0;


--- a/libs/srtp/doc/libsrtp.pdf
+++ b/libs/srtp/doc/libsrtp.pdf
--- a/libs/srtp/include/srtp.h
+++ b/libs/srtp/include/srtp.h
@@ -304,6 +304,11 @@ srtp_shutdown(void);
 * packet, and assumes that the RTP packet is aligned on a 32-bit
 * boundary.
 *
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN 
+ * into the location in memory immediately following the RTP packet.   
+ * Callers MUST ensure that this much writable memory is available in 
+ * the buffer that holds the RTP packet.
+ * 
 * @param ctx is the SRTP context to use in processing the packet.
 *
 * @param rtp_hdr is a pointer to the RTP packet (before the call); after
@@ -823,6 +828,11 @@ append_salt_to_key(unsigned char *key, unsigned int bytes_in_key,
 * packet, and assumes that the RTCP packet is aligned on a 32-bit
 * boundary.
 *
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4 
+ * into the location in memory immediately following the RTCP packet.   
+ * Callers MUST ensure that this much writable memory is available in 
+ * the buffer that holds the RTCP packet.
+ * 
 * @param ctx is the SRTP context to use in processing the packet.
 *
 * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after

--- a/libs/srtp/include/srtp_priv.h
+++ b/libs/srtp/include/srtp_priv.h
@@ -69,29 +69,29 @@
 */

 typedef struct {
-  unsigned cc:4;	/* CSRC count             */
-  unsigned x:1;	/* header extension flag  */
-  unsigned p:1;	/* padding flag           */
-  unsigned version:2; /* protocol version    */
-  unsigned pt:7;	/* payload type           */
-  unsigned m:1;	/* marker bit             */
-  unsigned seq:16;		/* sequence number        */
-  unsigned ts:32;		/* timestamp              */
-  unsigned ssrc:32;	/* synchronization source */
+  unsigned char cc:4;	/* CSRC count             */
+  unsigned char x:1;	/* header extension flag  */
+  unsigned char p:1;	/* padding flag           */
+  unsigned char version:2; /* protocol version    */
+  unsigned char pt:7;	/* payload type           */
+  unsigned char m:1;	/* marker bit             */
+  uint16_t seq;		/* sequence number        */
+  uint32_t ts;		/* timestamp              */
+  uint32_t ssrc;	/* synchronization source */
 } srtp_hdr_t;

 #else /*  BIG_ENDIAN */

 typedef struct {
-  unsigned version:2; /* protocol version    */
-  unsigned p:1;	/* padding flag           */
-  unsigned x:1;	/* header extension flag  */
-  unsigned cc:4;	/* CSRC count             */
-  unsigned m:1;	/* marker bit             */
+  unsigned char version:2; /* protocol version    */
+  unsigned char p:1;	/* padding flag           */
+  unsigned char x:1;	/* header extension flag  */
+  unsigned char cc:4;	/* CSRC count             */
+  unsigned char m:1;	/* marker bit             */
  unsigned pt:7;	/* payload type           */
-  unsigned seq:16;		/* sequence number        */
-  unsigned ts:32;		/* timestamp              */
-  unsigned ssrc:32;	/* synchronization source */
+  uint16_t seq;		/* sequence number        */
+  uint32_t ts;		/* timestamp              */
+  uint32_t ssrc;	/* synchronization source */
 } srtp_hdr_t;

 #endif
@@ -112,12 +112,12 @@ typedef struct {
 #ifndef WORDS_BIGENDIAN

 typedef struct {
-  unsigned rc:5;		/* reception report count */
-  unsigned p:1;		/* padding flag           */
-  unsigned version:2;	/* protocol version       */
-  unsigned pt:8;		/* payload type           */
-  unsigned len:16;			/* length                 */
-  unsigned ssrc:32;	       	/* synchronization source */
+  unsigned char rc:5;		/* reception report count */
+  unsigned char p:1;		/* padding flag           */
+  unsigned char version:2;	/* protocol version       */
+  unsigned char pt:8;		/* payload type           */
+  uint16_t len;			/* length                 */
+  uint32_t ssrc;	       	/* synchronization source */
 } srtcp_hdr_t;

 typedef struct {
@@ -131,10 +131,10 @@ typedef struct {
 #else /*  BIG_ENDIAN */

 typedef struct {
-  unsigned version:2;	/* protocol version       */
-  unsigned p:1;		/* padding flag           */
-  unsigned rc:5;		/* reception report count */
-  unsigned pt:8;		/* payload type           */
+  unsigned char version:2;	/* protocol version       */
+  unsigned char p:1;		/* padding flag           */
+  unsigned char rc:5;		/* reception report count */
+  unsigned char pt:8;		/* payload type           */
  uint16_t len;			/* length                 */
  uint32_t ssrc;	       	/* synchronization source */
 } srtcp_hdr_t;

--- a/libs/srtp/srtp/ekt.c
+++ b/libs/srtp/srtp/ekt.c
@@ -170,7 +170,6 @@ srtp_stream_init_from_ekt(srtp_stream_t stream,
  err_status_t err;
  const uint8_t *master_key;
  srtp_policy_t srtp_policy;
-  unsigned master_key_len;
  uint32_t roc;

  /*
@@ -182,7 +181,6 @@ srtp_stream_init_from_ekt(srtp_stream_t stream,

  if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB)
    return err_status_bad_param;
-  master_key_len = 16;

  /* decrypt the Encrypted Master Key field */
  master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len);

--- a/libs/srtp/srtp/srtp.c
+++ b/libs/srtp/srtp/srtp.c
@@ -838,7 +838,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
    * estimate the packet index using the start of the replay window   
    * and the sequence number from the header
    */
-   delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs((uint16_t)hdr->seq));
+   delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
   status = rdbx_check(&stream->rtp_rdbx, delta);
   if (status) {
     if (status != err_status_replay_fail || !stream->allow_repeat_tx)
@@ -999,7 +999,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
      est = (xtd_seq_num_t) make64(0,ntohs(hdr->seq));
      delta = low32(est);
 #else
-      est = (xtd_seq_num_t) ntohs((uint16_t)hdr->seq);
+      est = (xtd_seq_num_t) ntohs(hdr->seq);
      delta = (int)est;
 #endif
    } else {
@@ -1013,7 +1013,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
  } else {
  
    /* estimate packet index from seq. num. in header */
-    delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs((uint16_t)hdr->seq));
+    delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
    
    /* check replay database */
    status = rdbx_check(&stream->rtp_rdbx, delta);
@@ -1817,6 +1817,8 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
  srtp_stream_ctx_t *stream;
  int prefix_len;
  uint32_t seq_num;
+  int e_bit_in_packet;     /* whether the E-bit was found in the packet */
+  int sec_serv_confidentiality; /* whether confidentiality was requested */

  /* we assume the hdr is 32-bit aligned to start */
  /*
@@ -1855,6 +1857,9 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
    } 
  }
  
+  sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf ||
+      stream->rtcp_services == sec_serv_conf_and_auth;
+
  /* get tag length from stream context */
  tag_len = auth_get_tag_length(stream->rtcp_auth); 

@@ -1873,8 +1878,13 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
   *	 multiples of 32-bits (RFC 3550 6.1)
   */
  trailer = (uint32_t *) ((char *) hdr +
-		     *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t)));
-  if (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) {
+      *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t)));
+  e_bit_in_packet =
+      (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT;
+  if (e_bit_in_packet != sec_serv_confidentiality) {
+    return err_status_cant_check;
+  }
+  if (sec_serv_confidentiality) {
    enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;  
  } else {
    enc_octet_len = 0;
@@ -2085,7 +2095,9 @@ crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
    crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
    break;
  case srtp_profile_aes128_cm_sha1_32:
-    crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
+    /* We do not honor the 32-bit auth tag request since
+     * this is not compliant with RFC 3711 */
+    crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
    break;
  case srtp_profile_null_sha1_80:
    crypto_policy_set_null_cipher_hmac_sha1_80(policy);
@@ -2094,7 +2106,9 @@ crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
    crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
    break;
  case srtp_profile_aes256_cm_sha1_32:
-    crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
+    /* We do not honor the 32-bit auth tag request since
+     * this is not compliant with RFC 3711 */
+    crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
    break;
    /* the following profiles are not (yet) supported */
  case srtp_profile_null_sha1_32: