RFC 3711, "The Secure Real-time Transport Protocol (SRTP)", March 2004Source of RFC: avt (rai)
Errata ID: 3712
Status: Held for Document Update
Publication Format(s) : TEXT
Reported By: Christian S Oien
Date Reported: 2013-08-27
Held for Document Update by: Richard Barnes
Date Held: 2014-02-15
Section 4.3.2 says:
Replace the SRTP index by the 32-bit quantity: 0 || SRTCP index (i.e., excluding the E-bit, replacing it with a fixed 0-bit), and use <label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting key.
It should say:
Replace the SRTP index by the 48-bit quantity: 000...0 || 0 || SRTCP index (i.e., excluding the E-bit, replacing it with a fixed 0-bit and padding the result so that it becomes 48 bits wide to match the size of the SRTP index). Since this quantity and the SRTP index are both 48 bits wide, the labels are all located in the same octet in the IV. The labels for the derivations of the SRTCP keys are as follows: <label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting key.
Replacing with a 32-bit quantity means that the DIV operator will
yield a 32-bit quantity. Following the specification of key_id for SRTCP
the <label> will have 32 bits to its right when XOR'ing with master_salt.
The majority of implementations, including libsrtp, invokes this XOR with the
<label> at the same position as for SRTP. According to the specification
this should be done 16 bits to the right of this, when invoking for SRTCP.