SRTP

In VoLTE/IMS Node testing, the SRTP tab on the Gm > Media tab allows you to define the SRTP traffic profile and resource allocation. Available in the Network Host test case, when Proxy is enabled and Enable SRTP on the WebRTC Control.

The Secure Real-time Transport Protocol (SRTP) is designed to protect media against eavesdropping or alternation when being transported across a network. Prior to sending data out, sending source encrypts packets data and adds authentication/integrity code then sends. Receiving source verifies integrity of received packets, decrypt data before playing back to users.

SRTP is often deployed with an accompanied key management protocol based upon which sending and receiving sources get correct information (i.e. encryption type) for performing their tasks. We will support SDES. Session Description Protocol (SDP) Security Descriptions for Media Streams. 3GPP TS 33.328 proposes 2 key management solutions for SRTP. KMS (not supported at this time) and SDES.

SRTP has been deployed at UE for e2e support. Both ends will need to implement a key management protocol (i.e. SDES) and SRTP.

Key Management
Number of Cryptographic Suites

Suite 1 through Suite 4

Encryption Type
Key Derivation (PRF)

Key Parameters

Number of Master Keys
Include Key Lifetime (2^x)
Use Salt Key

Session Parameters

Include Key Derivation (KDR = 2^x)
Include UNCRYPTED_SRTCP

Integrity Type

Include Master Key Indication (MKI)
MKI Length (octets)

Include UNCRYPTED_SRTP
Include Unauthenticated SRTP

Apply Test Data File to Parameter Values

Key Management

SDES is only supported option at this time.

GmSrtpKeyMgmt

WebRtcSrtpKeyMgmt

Number of Cryptographic Suites

Must enter at least 1 Cryptographic suite or up to 4. Cryptographic suite describes local capability (i.e. encryption transform) of a subscriber/endpoint and its information will be used in negotiation with peers for selecting a common suite to protect RTP packets. Detail description of cryptographic suites will be discussed in the following sub-sessions.

Range: 1 to 4

Default: 1

GmSrtpNumSuites

WebRtcSrtpNumSuites

Suite 1 to 4

Encryption Type

Select an Encryption Type. Two supported options.

AES-CM-128 (default) – Advanced Encryption Standard in Counter Mode with 128-bit key length. This encryption type will be chosen by default.

AES-F8-128 – Advanced Encryption Standard in F8 mode with 128-bit key length

GmSrtpEncryptType1	GmSrtpEncryptType2	GmSrtpEncryptType3	GmSrtpEncryptType4
WebRtcSrtpEncryptType1	WebRtcSrtpEncryptType2	WebRtcSrtpEncryptType3	WebRtcSrtpEncryptType4

Key Derivation (PRF)

One Key Derivation Supported.

AES-CM-128 (default) – Advanced Encryption Standard in Counter Mode with 128-bit key length. This encryption type will be chosen by default.

GmSrtpKeyDerivative1	GmSrtpKeyDerivative2	GmSrtpKeyDerivative3	GmSrtpKeyDerivative4
WebRtcSrtpKeyDerivative1	WebRtcSrtpKeyDerivative2	WebRtcSrtpKeyDerivative3	WebRtcSrtpKeyDerivative4

Integrity Type

Select an Integrity/Authentication type for each Cryptographic Suite.

Options : HMAC-SHA1-80 (default), HMAC-SHA1-32

GmSrtpIntegrityType1	GmSrtpIntegrityType2	GmSrtpIntegrityType3	GmSrtpIntegrityType4
WebRtcSrtpIntegrityType1	WebRtcSrtpIntegrityType2	WebRtcSrtpIntegrityType3	WebRtcSrtpIntegrityType4

Key Parameters

Number of Master Keys

This entry is used for specifying how many pairs of master key/master salt need to be generated for this cryptographic suite. A valid input value will be in range from 1 to 3 inclusive and a default value is set to 1.

GmSrtpNumMasterKeys1	GmSrtpNumMasterKeys2	GmSrtpNumMasterKeys3	GmSrtpNumMasterKeys4
WebRtcSrtpNumMasterKeys1	WebRtcSrtpNumMasterKeys2	WebRtcSrtpNumMasterKeys3	WebRtcSrtpNumMasterKeys4

Include Master Key Indication (MKI) MKI Length (Octets)

Include Master Key Indicator (MKI) and MKI Length (Octets): A TRUE/FALSE value is optionally used to specify whether MKI is inserted into each SRTP packet. However, when there are more than one pair of master key/salt are used in a session, this indicator must be always set to TRUE. When the indicator is set to TRUE, users is required to enter MKI length and MKI length is initially default to 4 octets.

GmSrtpIncMki1

GmSrtpIncMki2

GmSrtpIncMik3

GmSrtpIncMki4

GmSrtpMkiLen1

GmSrtpMkiLen2

GmSrtpMikLen3

GmSrtpMkiLen4

WebRtcSrtpIncMki1

WebRtcSrtpIncMki2

WebRtcSrtpIncMik3

WebRtcSrtpIncMki4

WebRtcSrtpMkiLen1

WebRtcSrtpMkiLen2

WebRtcSrtpMikLen3

WebRtcSrtpMkiLen4

Include Key Lifetime (2^x)

Include Key lifetime (2^x): This entry is optionally used for specifying user-defined key lifetime value. An entered value should not exceed a max packet lifetime of a chosen encryption algorithm (see RFC 4568 Crypto-Suites and Parameters" ) for max packet lifetime). When not included, key lifetime is set to a maximum packet lifetime of a chosen encryption algorithm.

GmSrtpIncKeyLifetime1

GmSrtpIncKeyLifetime2

GmSrtpIncKeyLifetime3

GmSrtpIncKeyLifetime4

GmSrtpKeyLifetime1

GmSrtpKeyLifetime2

GmSrtpIncLifetime3

GmSrtpIncLifetime4

WebRtcSrtpIncKeyLifetime1

WebRtcSrtpIncKeyLifetime2

WebRtcSrtpIncKeyLifetime3

WebRtcSrtpIncKeyLifetime4

WebRtcSrtpKeyLifetime1

WebRtcSrtpKeyLifetime2

WebRtcSrtpIncLifetime3

WebRtcSrtpIncLifetime4

Use Salt Key

Include Salt Key.

GmSrtpUseSaltKey1

GmSrtpUseSaltKey2

GmSrtpUseSaltKey3

GmSrtpUseSaltKey4

WebRtcSrtpUseSaltKey1

WebRtcSrtpUseSaltKey2

WebRtcSrtpUseSaltKey3

WebRtcSrtpUseSaltKey4

Session Parameters

Include Key Derivation Rate (KDR=2^x)

Key Derivation Rate (KDR=2^x) – optionally used for specifying how frequent session key will be derived from a master key. If not specified, a default rate is 1 (2^0). Valid value is in a set {1,2,3…,24} which denotes a power of 2 from 2^1to 2^24.

GmSrtpIncKeyDerivRate1

GmSrtpIncKeyDerivRate2

GmSrtpIncKeyDerivRate3

GmSrtpIncKeyDerivRate4

GmSrtpKeyDerivRate1

GmSrtpKeyDerivRate2

GmSrtpKeyDerivRate3

GmSrtpKeyDerivRate4

WebRtcSrtpIncKeyDerivRate1

WebRtcSrtpIncKeyDerivRate2

WebRtcSrtpIncKeyDerivRate3

WebRtcSrtpIncKeyDerivRate4

WevRtcSrtpKeyDerivRate1

WebRtcSrtpKeyDerivRate2

WebRtcSrtpKeyDerivRate3

WebRtcSrtpKeyDerivRate4

Include UNCRYPTED_SRTP

Include UNCRYPTED_SRTP – a TRUE/FALSE value is optionally used for specifying RTP packets will be unencrypted. If not used, RTP packets are encrypted by default.

GmSrtpIncUnencryptSrtp1

GmSrtpIncUnencryptSrtp2

GmSrtpIncUnencryptSrtp3

GmSrtpIncUnencryptSrtp4

WebRtcSrtpIncUnencryptSrtp1

WebRtcSrtpIncUnencryptSrtp2

WebRtcSrtpIncUnencryptSrtp3

WebRtcSrtpIncUnencryptSrtp4

Include UNCRYPTED_SRTCP

Include UNCRYPTED_SRTCP – a TRUE/FALSE value is optionally used for specifying RTCP packets will be unencrypted. If not used, RTCP packets are encrypted by default.

GmSrtpIncUnencryptSrtcp1

GmSrtpIncUnencryptSrtcp2

GmSrtpIncUnencryptSrtcp3

GmSrtpIncUnencryptSrtcp4

WebRtcSrtpIncUnencryptSrtcp1

WebRtcSrtpIncUnencryptSrtcp2

WebRtcSrtpIncUnencryptSrtcp3

WebRtcSrtpIncUnencryptSrtcp4

Include Unauthenticated SRTP

Include UNAUTHENTICATED_SRTP – a TRUE/FALSE value is optionally used for specifying SRTP packets are not authenticated. If not used, SRTP packets are authenticated by default.

GmSrtpIncUnauthSrtp1

GmSrtpIncUnauthSrtp2

GmSrtpIncUnauthSrtp3

GmSrtpIncUnauthSrtp4

WebRtcSrtpIncUnauthSrtp1

WebRtcSrtpIncUnauthSrtp2

WebRtcSrtpIncUnauthSrtp3

WebRtcSrtpIncUnauthSrtp4

Apply Test Data File to Parameter Values

See About Applying Parameter ValuesAbout Applying Parameter Values.

See Test Data Files for further explanation and sample files. If a sample is not found for the specific TDF, you can obtain a sample file from your Technical Support representative. You may also use the following options to select an existing TDF or create/edit TDF-CSV files (TDF-CSV Editor).

For most TDF Parameters used for Applying Parameters, each row in the file is the overridden value for a different “Session”, aka a different UE. But some TDFs are done in other dimensions, like Bearers, eNodeBs, Subscribers (2 per UE sometimes) or even Hosts, etc. Tooltips on the TDF Parameter:

Note that the “ID” is a unique ID. Please Provide the ID when reporting issues with a TDF. For TDFs that do not apply / override Parameters, but instead are just their own configuration or data or media files you won’t see TDF ID row details.

TIP: When including large files, please be aware of memory limitations, since the TDF Editor shares memory with the Client.

NOTE: The available TDF options vary. on the L3-7 | IPSec tab > IKE with RSA Settings you may only select the Certificate TDF from TAS (these are non-CSV TDFs).

In addition, where applicable, any rules for defining TDFs are included in specific Test Cases. (For example, In MME Node test case, see MME Node - Provisioning TDF.)

From the DMF Window, press Shift+Alt+A to display the Save DMF as Tcl window. Click the Save to File button to save as Tcl file. See additional details on Using the Tcl API.

Select/Create a new TDF-CSV

Allows you to create a new TDF by entering a file name that doesn’t already exist or select an existing file by entering a file name that already exists.

Click to open the Select Existing or Create window.

Navigate to the relevant library/folder,
Enter the name of the file:
If the file name already exists, the file is selected and applied in the test case.
If the file name does not exist, a message displays that says you are creating a new TDF and the embedded TDF-CSV will be launched.
- Click Yes to launch the TDF-CSV Editor and create/save the new TDF-CSV.
- Click No to select a different file

NOTE: If you do not have permission to save in the selected library, an error displays when you try to create a new file.

TIP: You may also navigate to the relevant library/folder and select file, and click OK.

Upload a New TDF to TAS

Click to import a new TDF file from your local folder and select in the test Case (instead of having to go to TDF Admin).

Navigate to the file on your local folder and select.
Then navigate to the location (library) where you want to save it on the TAS. You may rename the file, if required.

View Edit Selected TDF in TDF-CSV Editor

Available only when you have selected a TDF on TAS. Click to open the selected file in TDF-CSV Editor (in place, that is, within the Test Case).

Edit the file and save. You may also click Save As to save the edited TDF-CSV to a different library and also rename the file, if required.

NOTE: You may also select a TDF from a library to which you do not have write permissions, edit the file as required, and save (Save As) only to a different library with the same file name or a different name.

The only options available are Save As and Cancel.

Open Selected TDF in Standalone TDF-CSV Editor

Available only when you have selected a TDF on TAS. Select to retrieve the CSV file and open it in the stand alone TDF-CSV Editor.

Generate Stub TDF-CSV

TIP: Available only when a CSV specification has been defined for in the Test Case for the TDF widget ( View TDF Actions/Options Menu)

Opens an example context specific test data parametersexample context specific test data parameters, which you may save as a .CSV file or open in the TDF-CSV Editor.

Launch Standalone TDF-CSV Editor

Click to open a blank TDF-CSV Editor.

The Launch Standalone TDF-CSV editor options handles very large TDFs that may use too much Client memory if opened within the Test Case/in the embedded editor. You may set the standalone TDF-CSV Editor memory high to edit large TDFs.

GmSrtpCfgFileEn1

GmSrtpCfgFileEn2

GmSrtpCfgFileEn3

GmSrtpCfgFileEn4

GmSrtpCfgFile1

GmSrtpCfgFile2

GmSrtpCfgFile3

GmSrtpCfgFile4

WebRtcSrtpCfgFileEn1

WebRtcSrtpCfgFileEn2

WebRtcSrtpCfgFileEn3

WebRtcSrtpCfgFileEn4

WebRtcSrtpCfgFile1

WebRtcSrtpCfgFile2

WebRtcSrtpCfgFile3

WebRtcSrtpCfgFile4

The Following Snippet was taken from RFC 4568 providing an overview description of Cryptographic Suites and their Parameters.

^ Back to Top