Update srtp to rely on stream sessions structure and not complete stream structure

- needed to support reinvite and new stream creation keeping current session

Update srtp to rely on stream sessions structure and not complete stream structure
- needed to support reinvite and new stream creation keeping current session
44b25ea4 · johan · 7060908c · 44b25ea4 · 44b25ea4 · 44b25ea4
Commit 44b25ea4 authored Jan 12, 2015 by johan
10 changed files
--- a/include/mediastreamer2/dtls_srtp.h
+++ b/include/mediastreamer2/dtls_srtp.h
@@ -28,7 +28,7 @@ extern "C"{
 #endif

 /* defined in mediastream.h */
-struct _MediaStream;
+struct _MSMediaStreamSessions;

 typedef enum {
 	MSDtlsSrtpRoleInvalid,
@@ -47,13 +47,12 @@ typedef struct _MSDtlsSrtpContext MSDtlsSrtpContext;

 MS2_PUBLIC bool_t ms_dtls_available(void);

-MS2_PUBLIC MSDtlsSrtpContext* ms_dtls_srtp_context_new(struct _MediaStream *stream, MSDtlsSrtpParams *params);
+MS2_PUBLIC MSDtlsSrtpContext* ms_dtls_srtp_context_new(struct _MSMediaStreamSessions *sessions, MSDtlsSrtpParams *params);
 MS2_PUBLIC void ms_dtls_srtp_start(MSDtlsSrtpContext* context);
 MS2_PUBLIC void ms_dtls_srtp_context_destroy(MSDtlsSrtpContext *ctx);

 MS2_PUBLIC void ms_dtls_srtp_set_role(MSDtlsSrtpContext *context, MSDtlsSrtpRole role);
 MS2_PUBLIC MSDtlsSrtpRole ms_dtls_srtp_get_role(MSDtlsSrtpContext *context);
-MS2_PUBLIC MSDtlsSrtpContext* ms_dtls_multistream_new(struct _MediaStream *stream, MSDtlsSrtpContext* activeContext, RtpSession *s, MSDtlsSrtpParams *params);
 MS2_PUBLIC void ms_dtls_srtp_set_peer_fingerprint(MSDtlsSrtpContext *context, const char *peer_fingerprint);

 MS2_PUBLIC int ms_dtls_srtp_generate_self_signed_certificate(char *certif, char *pkey, char *fingerprint);

--- a/include/mediastreamer2/ms_srtp.h
+++ b/include/mediastreamer2/ms_srtp.h
@@ -27,7 +27,7 @@
 extern "C"{
 #endif
 /* defined in mediastream.h */
-struct _MediaStream;
+struct _MSMediaStreamSessions;

 /*
 * Crypto suite used configure encrypted stream*/
@@ -68,49 +68,49 @@ MS2_PUBLIC bool_t ms_srtp_supported(void);
 * Set srtp receiver key for the given media stream.
 * If no srtp session exists on the stream it is created, if it already exists srtp policy is created/modified for the receiver side of the stream.
 *
- * @param[in/out]	stream	The mediastream to operate on
- * @param[in]		suite	The srtp crypto suite to use
- * @param[in]		key	Srtp master key and master salt in a base 64 NULL terminated string
+ * @param[in/out]	sessions	The sessions associated to the current media stream
+ * @param[in]		suite		The srtp crypto suite to use
+ * @param[in]		key		Srtp master key and master salt in a base 64 NULL terminated string
 * @return	0 on success, error code otherwise
 */
-MS2_PUBLIC int media_stream_set_srtp_recv_key_b64(struct _MediaStream *stream, MSCryptoSuite suite, const char* key);
+MS2_PUBLIC int media_stream_set_srtp_recv_key_b64(struct _MSMediaStreamSessions *sessions, MSCryptoSuite suite, const char* key);

 /**
 * Set srtp receiver key for the given media stream.
 * If no srtp session exists on the stream it is created, if it already exists srtp policy is created/modified for the receiver side of the stream.
 *
- * @param[in/out]	stream		The mediastream to operate on
+ * @param[in/out]	sessions	The sessions associated to the current media stream
 * @param[in]		suite		The srtp crypto suite to use
 * @param[in]		key		Srtp master key and master salt
 * @param[in]		key_length	key buffer length
 * @param[in]		stream_type	Srtp suite is applied to RTP stream, RTCP stream or both
 * @return	0 on success, error code otherwise
 */
-MS2_PUBLIC int media_stream_set_srtp_recv_key(struct _MediaStream *stream, MSCryptoSuite suite, const char* key, size_t key_length, MSSrtpStreamType stream_type);
+MS2_PUBLIC int media_stream_set_srtp_recv_key(struct _MSMediaStreamSessions *sessions, MSCryptoSuite suite, const char* key, size_t key_length, MSSrtpStreamType stream_type);

 /**
 * Set srtp sender key for the given media stream.
 * If no srtp session exists on the stream it is created, if it already exists srtp policy is created/modified for the sender side of the stream.
 *
- * @param[in/out]	stream	The mediastream to operate on
+ * @param[in/out]	sessions	The sessions associated to the current media stream
 * @param[in]		suite	The srtp crypto suite to use
 * @param[in]		key	Srtp master key and master salt in a base 64 NULL terminated string
 * @return	0 on success, error code otherwise
 */
-MS2_PUBLIC int media_stream_set_srtp_send_key_b64(struct _MediaStream *stream, MSCryptoSuite suite, const char* key);
+MS2_PUBLIC int media_stream_set_srtp_send_key_b64(struct _MSMediaStreamSessions *sessions, MSCryptoSuite suite, const char* key);

 /**
 * Set srtp sender key for the given media stream.
 * If no srtp session exists on the stream it is created, if it already exists srtp policy is created/modified for the sender side of the stream.
 *
- * @param[in/out]	stream		The mediastream to operate on
+ * @param[in/out]	stream	The mediastream to operate on
 * @param[in]		suite		The srtp crypto suite to use
 * @param[in]		key		Srtp master key and master salt
 * @param[in]		key_length	key buffer length
 * @param[in]		stream_type	Srtp suite is applied to RTP stream, RTCP stream or both
 * @return	0 on success, error code otherwise
 */
-MS2_PUBLIC int media_stream_set_srtp_send_key(struct _MediaStream *stream, MSCryptoSuite suite, const char* key, size_t key_length, MSSrtpStreamType stream_type);
+MS2_PUBLIC int media_stream_set_srtp_send_key(struct _MSMediaStreamSessions *sessions, MSCryptoSuite suite, const char* key, size_t key_length, MSSrtpStreamType stream_type);

 /**
 * Deallocate ressources for a srtp session

--- a/src/crypto/ms_srtp.c
+++ b/src/crypto/ms_srtp.c
@@ -188,71 +188,71 @@ static int ms_srtp_transport_modifier_new(srtp_t srtp, RtpTransportModifier **rt
 	return 0;
 }

-static int ms_check_srtp_session_created(struct _MediaStream *stream,  MSSrtpStreamType stream_type){
+static int ms_check_srtp_session_created(struct _MSMediaStreamSessions *sessions,  MSSrtpStreamType stream_type){
 	if (stream_type == MSSRTP_ALL_STREAMS) { /* This is the usual case when both RTP and RTCP share the same key */
-		if (stream->sessions.srtp_session==NULL){
+		if (sessions->srtp_session==NULL){
 			err_status_t err;
-			srtp_t session;
+			srtp_t srtp_session;
 			RtpTransport *rtp=NULL,*rtcp=NULL;
 			RtpTransportModifier *rtp_modifier, *rtcp_modifier;

-			err = srtp_create(&session, NULL);
+			err = srtp_create(&srtp_session, NULL);
 			if (err != 0) {
 				ms_error("Failed to create srtp session (%d)", err);
 				return -1;
 			}

-			stream->sessions.srtp_session=session;
-			ms_srtp_transport_modifier_new(session,&rtp_modifier,&rtcp_modifier);
-			rtp_session_get_transports(stream->sessions.rtp_session,&rtp,&rtcp);
+			sessions->srtp_session=srtp_session;
+			ms_srtp_transport_modifier_new(srtp_session,&rtp_modifier,&rtcp_modifier);
+			rtp_session_get_transports(sessions->rtp_session,&rtp,&rtcp);
 			meta_rtp_transport_append_modifier(rtp, rtp_modifier);
 			meta_rtp_transport_append_modifier(rtcp, rtcp_modifier);
-			stream->sessions.is_secured=TRUE;
+			sessions->is_secured=TRUE;
 		}
 	} else if (stream_type == MSSRTP_RTP_STREAM) { /* Allocate only the RTP stream */
-		if (stream->sessions.srtp_session==NULL){
+		if (sessions->srtp_session==NULL){
 			err_status_t err;
-			srtp_t session;
+			srtp_t srtp_session;
 			RtpTransport *rtp=NULL;
 			RtpTransportModifier *rtp_modifier;

-			err = srtp_create(&session, NULL);
+			err = srtp_create(&srtp_session, NULL);
 			if (err != 0) {
 				ms_error("Failed to create srtp session (%d)", err);
 				return -1;
 			}

-			stream->sessions.srtp_session=session;
-			ms_srtp_transport_modifier_new(session,&rtp_modifier, NULL);
-			rtp_session_get_transports(stream->sessions.rtp_session,&rtp,NULL);
+			sessions->srtp_session=srtp_session;
+			ms_srtp_transport_modifier_new(srtp_session,&rtp_modifier, NULL);
+			rtp_session_get_transports(sessions->rtp_session,&rtp,NULL);
 			meta_rtp_transport_append_modifier(rtp, rtp_modifier);
-			if (stream->sessions.srtp_rtcp_session!=NULL) {
-				stream->sessions.is_secured=TRUE;
+			if (sessions->srtp_rtcp_session!=NULL) {
+				sessions->is_secured=TRUE;
 			} else {
-				stream->sessions.is_secured=FALSE;
+				sessions->is_secured=FALSE;
 			}
 		}
 	} else if (stream_type == MSSRTP_RTCP_STREAM) { /* Allocate only the RTCP stream */
-		if (stream->sessions.srtp_rtcp_session==NULL){
+		if (sessions->srtp_rtcp_session==NULL){
 			err_status_t err;
-			srtp_t session;
+			srtp_t srtp_session;
 			RtpTransport *rtcp=NULL;
 			RtpTransportModifier *rtcp_modifier;

-			err = srtp_create(&session, NULL);
+			err = srtp_create(&srtp_session, NULL);
 			if (err != 0) {
 				ms_error("Failed to create srtp session (%d)", err);
 				return -1;
 			}

-			stream->sessions.srtp_rtcp_session=session;
-			ms_srtp_transport_modifier_new(session,NULL,&rtcp_modifier);
-			rtp_session_get_transports(stream->sessions.rtp_session,NULL,&rtcp);
+			sessions->srtp_rtcp_session=srtp_session;
+			ms_srtp_transport_modifier_new(srtp_session,NULL,&rtcp_modifier);
+			rtp_session_get_transports(sessions->rtp_session,NULL,&rtcp);
 			meta_rtp_transport_append_modifier(rtcp, rtcp_modifier);
-			if (stream->sessions.srtp_session!=NULL) {
-				stream->sessions.is_secured=TRUE;
+			if (sessions->srtp_session!=NULL) {
+				sessions->is_secured=TRUE;
 			} else {
-				stream->sessions.is_secured=FALSE;
+				sessions->is_secured=FALSE;
 			}
 		}
 	}
@@ -394,7 +394,7 @@ bool_t ms_srtp_supported(void){
 }


-int media_stream_set_srtp_recv_key_b64(struct _MediaStream *stream, MSCryptoSuite suite, const char* b64_key){
+int media_stream_set_srtp_recv_key_b64(struct _MSMediaStreamSessions *sessions, MSCryptoSuite suite, const char* b64_key){
 	int retval;

 	/* decode b64 key */
@@ -408,39 +408,39 @@ int media_stream_set_srtp_recv_key_b64(struct _MediaStream *stream, MSCryptoSuit
 	}

 	/* pass decoded key to set_recv_key function */
-	retval = media_stream_set_srtp_recv_key(stream, suite, key, key_length, MSSRTP_ALL_STREAMS);
+	retval = media_stream_set_srtp_recv_key(sessions, suite, key, key_length, MSSRTP_ALL_STREAMS);

 	ms_free(key);

 	return retval;
 }

-int media_stream_set_srtp_recv_key(struct _MediaStream *stream, MSCryptoSuite suite, const char* key, size_t key_length, MSSrtpStreamType stream_type){
+int media_stream_set_srtp_recv_key(struct _MSMediaStreamSessions *sessions, MSCryptoSuite suite, const char* key, size_t key_length, MSSrtpStreamType stream_type){

 	uint32_t ssrc,send_ssrc;
 	srtp_stream_ctx_t *srtp_stream = NULL;
 	bool_t updated=FALSE;
 	srtp_t srtp_session;

-	if (ms_check_srtp_session_created(stream, stream_type)==-1) {
+	if (ms_check_srtp_session_created(sessions, stream_type)==-1) {
 		return -1;
 	}

 	switch(stream_type){
 		case MSSRTP_ALL_STREAMS:
 		case MSSRTP_RTP_STREAM:
-			srtp_session = stream->sessions.srtp_session;
+			srtp_session = sessions->srtp_session;
 			break;
 		case MSSRTP_RTCP_STREAM:
-			srtp_session = stream->sessions.srtp_rtcp_session;
+			srtp_session = sessions->srtp_rtcp_session;
 			break;
 		default:
-			ms_error("Invalid stream_type %d in set_srtp_recv_key on stream [%p]", stream_type, stream);
+			ms_error("Invalid stream_type %d in set_srtp_recv_key on sessions [%p]", stream_type, sessions);
 			return -1;
 	}

 	/*check if a previous key was configured, in which case remove it*/
-	send_ssrc=rtp_session_get_send_ssrc(stream->sessions.rtp_session);
+	send_ssrc=rtp_session_get_send_ssrc(sessions->rtp_session);
 	srtp_stream = find_other_ssrc(srtp_session,htonl(send_ssrc));
 	if (srtp_stream != NULL) {
 		ssrc = srtp_stream->ssrc;
@@ -452,13 +452,13 @@ int media_stream_set_srtp_recv_key(struct _MediaStream *stream, MSCryptoSuite su
 	if (srtp_remove_stream(srtp_session, htonl(ssrc))==0) {
 		updated=TRUE;
 	}
-	ssrc=rtp_session_get_recv_ssrc(stream->sessions.rtp_session);
+	ssrc=rtp_session_get_recv_ssrc(sessions->rtp_session);
 	ms_message("media_stream_set_srtp_recv_key(): %s key %02x..%02x\nsrtp session is %p ssrc %08x",updated ? "changing to" : "starting with", (uint8_t)key[0], (uint8_t)key[key_length-1], srtp_session, ssrc);
 	
 	return ms_add_srtp_stream(srtp_session,suite, ssrc, key, key_length, TRUE, stream_type);
 }

-int media_stream_set_srtp_send_key_b64(struct _MediaStream *stream, MSCryptoSuite suite, const char* b64_key){
+int media_stream_set_srtp_send_key_b64(struct _MSMediaStreamSessions *sessions, MSCryptoSuite suite, const char* b64_key){
 	int retval;

 	/* decode b64 key */
@@ -472,38 +472,38 @@ int media_stream_set_srtp_send_key_b64(struct _MediaStream *stream, MSCryptoSuit
 	}

 	/* pass decoded key to set_send_key function */
-	retval = media_stream_set_srtp_send_key(stream, suite, key, key_length, MSSRTP_ALL_STREAMS);
+	retval = media_stream_set_srtp_send_key(sessions, suite, key, key_length, MSSRTP_ALL_STREAMS);

 	ms_free(key);

 	return retval;
 }

-int media_stream_set_srtp_send_key(struct _MediaStream *stream, MSCryptoSuite suite, const char* key, size_t key_length, MSSrtpStreamType stream_type){
+int media_stream_set_srtp_send_key(struct _MSMediaStreamSessions *sessions, MSCryptoSuite suite, const char* key, size_t key_length, MSSrtpStreamType stream_type){

 	uint32_t ssrc;
 	bool_t updated=FALSE;
 	srtp_t srtp_session;

-	if (ms_check_srtp_session_created(stream, stream_type)==-1) {
+	if (ms_check_srtp_session_created(sessions, stream_type)==-1) {
 		return -1;
 	}

 	switch(stream_type){
 		case MSSRTP_ALL_STREAMS:
 		case MSSRTP_RTP_STREAM:
-			srtp_session = stream->sessions.srtp_session;
+			srtp_session = sessions->srtp_session;
 			break;
 		case MSSRTP_RTCP_STREAM:
-			srtp_session = stream->sessions.srtp_rtcp_session;
+			srtp_session = sessions->srtp_rtcp_session;
 			break;
 		default:
-			ms_error("Invalid stream_type %d in set_srtp_send_key on stream [%p]", stream_type, stream);
+			ms_error("Invalid stream_type %d in set_srtp_send_key on sessions [%p]", stream_type, sessions);
 			return -1;
 	}

 	/*check if a previous key was configured, in which case remove it*/
-	ssrc=rtp_session_get_send_ssrc(stream->sessions.rtp_session);
+	ssrc=rtp_session_get_send_ssrc(sessions->rtp_session);
 	if (ssrc!=0){
 		/*careful: remove_stream takes the SSRC in network byte order...*/
 		if (srtp_remove_stream(srtp_session,htonl(ssrc))==0)

--- a/src/voip/audiostream.c
+++ b/src/voip/audiostream.c
@@ -1112,6 +1112,9 @@ AudioStream *audio_stream_new_with_sessions(const MSMediaStreamSessions *session

 	stream->ms.type = MSAudio;
 	stream->ms.sessions=*sessions;
+	if (sessions->dtls_context != NULL) {
+		ms_dtls_srtp_set_stream_sessions(sessions->dtls_context, &(stream->ms.sessions));
+	}
 	rtp_session_resync(stream->ms.sessions.rtp_session);
 	/*some filters are created right now to allow configuration by the application before start() */
 	stream->ms.rtpsend=ms_filter_new(MS_RTP_SEND_ID);
@@ -1361,7 +1364,8 @@ bool_t audio_stream_zrtp_enabled(const AudioStream *stream) {
 void audio_stream_enable_dtls(AudioStream *stream, MSDtlsSrtpParams *params){
 #ifdef HAVE_DTLS
 	if (stream->ms.sessions.dtls_context==NULL) {
-		stream->ms.sessions.dtls_context=ms_dtls_srtp_context_new((MediaStream *)stream, params);
+		printf("Start DTLS audio stream context\n");
+		stream->ms.sessions.dtls_context=ms_dtls_srtp_context_new(&(stream->ms.sessions), params);
 	}
 #endif
 }

--- a/src/voip/dtls_srtp.c
+++ b/src/voip/dtls_srtp.c
@@ -73,8 +73,7 @@ typedef struct _DtlsRawPacket {
 #define READ_TIMEOUT_MS 1000

 struct _MSDtlsSrtpContext{
-	RtpSession *session;
-	MediaStream *stream;
+	MSMediaStreamSessions *stream_sessions;
 	MSDtlsSrtpRole role; /**< can be unset(at init on caller side), client or server */
 	char peer_fingerprint[256]; /**< used to store peer fingerprint passed through SDP */

@@ -103,6 +102,11 @@ static ORTP_INLINE uint64_t get_timeval_in_millis() {

 /* DTLS API */

+void ms_dtls_srtp_set_stream_sessions(MSDtlsSrtpContext *dtls_context, MSMediaStreamSessions *stream_sessions) {
+	if (dtls_context!=NULL) {
+		dtls_context->stream_sessions = stream_sessions;
+	}
+}
 bool_t ms_dtls_available(){return TRUE;}

 static int ms_dtls_srtp_rtp_process_on_send(struct _RtpTransportModifier *t, mblk_t *msg){
@@ -128,11 +132,11 @@ static int ms_dtls_srtp_rtcp_process_on_send(struct _RtpTransportModifier *t, mb
 */
 static int ms_dtls_srtp_rtp_sendData (void *ctx, const unsigned char *data, size_t length ){
 	MSDtlsSrtpContext *context = (MSDtlsSrtpContext *)ctx;
-	RtpSession *session = context->session;
+	RtpSession *session = context->stream_sessions->rtp_session;
 	RtpTransport *rtpt=NULL;
 	mblk_t *msg;

-	ms_message("DTLS Send RTP packet len %d", (int)length);
+	ms_message("DTLS Send RTP packet len %d sessions: %p rtp session %p", (int)length, context->stream_sessions, context->stream_sessions->rtp_session);

 	/* get RTP transport from session */
 	rtp_session_get_transports(session,&rtpt,NULL);
@@ -159,11 +163,11 @@ static int ms_dtls_srtp_rtp_sendData (void *ctx, const unsigned char *data, size
 */
 static int ms_dtls_srtp_rtcp_sendData (void *ctx, const unsigned char *data, size_t length ){
 	MSDtlsSrtpContext *context = (MSDtlsSrtpContext *)ctx;
-	RtpSession *session = context->session;
+	RtpSession *session = context->stream_sessions->rtp_session;
 	RtpTransport *rtcpt=NULL;
 	mblk_t *msg;

-	ms_message("DTLS Send RTCP packet len %d", (int)length);
+	ms_message("DTLS Send RTCP packet len %d sessions: %p rtp session %p", (int)length, context->stream_sessions, context->stream_sessions->rtp_session);

 	/* get RTCP transport from session */
 	rtp_session_get_transports(session,NULL,&rtcpt);
@@ -234,7 +238,7 @@ void ms_dtls_srtp_set_role(MSDtlsSrtpContext *context, MSDtlsSrtpRole role) {
 			ssl_cookie_setup( &(context->rtp_dtls_context->cookie_ctx), ctr_drbg_random, &(context->rtp_dtls_context->ctr_drbg) );
 			ssl_set_dtls_cookies( &(context->rtp_dtls_context->ssl), ssl_cookie_write, ssl_cookie_check, &(context->rtp_dtls_context->cookie_ctx) );
 			ssl_session_reset( &(context->rtp_dtls_context->ssl) );
-			ssl_set_client_transport_id(&(context->rtp_dtls_context->ssl), (const unsigned char *)(&(context->session->snd.ssrc)), 4);
+			ssl_set_client_transport_id(&(context->rtp_dtls_context->ssl), (const unsigned char *)(&(context->stream_sessions->rtp_session->snd.ssrc)), 4);
 			//ssl_cache_init( &(context->rtp_dtls_context->cache) );
 			//ssl_set_session_cache( &(context->rtp_dtls_context->ssl), ssl_cache_get, &(context->rtp_dtls_context->cache), ssl_cache_set, &(context->rtp_dtls_context->cache) );

@@ -242,7 +246,7 @@ void ms_dtls_srtp_set_role(MSDtlsSrtpContext *context, MSDtlsSrtpRole role) {
 			ssl_cookie_setup( &(context->rtcp_dtls_context->cookie_ctx), ctr_drbg_random, &(context->rtcp_dtls_context->ctr_drbg) );
 			ssl_set_dtls_cookies( &(context->rtcp_dtls_context->ssl), ssl_cookie_write, ssl_cookie_check, &(context->rtcp_dtls_context->cookie_ctx) );
 			ssl_session_reset( &(context->rtcp_dtls_context->ssl) );
-			ssl_set_client_transport_id(&(context->rtcp_dtls_context->ssl), (const unsigned char *)(&(context->session->snd.ssrc)), 4);
+			ssl_set_client_transport_id(&(context->rtcp_dtls_context->ssl), (const unsigned char *)(&(context->stream_sessions->rtp_session->snd.ssrc)), 4);
 			//ssl_cache_init( &(context->rtcp_dtls_context->cache) );
 			//ssl_set_session_cache( &(context->rtcp_dtls_context->ssl), ssl_cache_get, &(context->rtcp_dtls_context->cache), ssl_cache_set, &(context->rtcp_dtls_context->cache) );
 		}
@@ -355,7 +359,7 @@ static bool_t ms_dtls_srtp_process_dtls_packet(mblk_t *msg, MSDtlsSrtpContext *c
 	if ((*(msg->b_rptr)>19) && (*(msg->b_rptr)<64)) {

 		DtlsRawPacket *incoming_dtls_packet;
-		printf("DTLS packet arrives on session %p\n", ctx->stream->sessions.rtp_session);
+		printf("DTLS packet arrives on sessions %p  rtp session %p\n", ctx->stream_sessions, ctx->stream_sessions->rtp_session);
 		incoming_dtls_packet = (DtlsRawPacket *)ms_malloc0(sizeof(DtlsRawPacket));
 		//DtlsRawPacket *incoming_dtls_packet = (DtlsRawPacket *)ms_malloc0(sizeof(DtlsRawPacket));
 		incoming_dtls_packet->next=NULL;
@@ -393,7 +397,7 @@ static bool_t ms_dtls_srtp_process_dtls_packet(mblk_t *msg, MSDtlsSrtpContext *c
 		/* when we are server, we may issue a hello verify, so reset session, keep cookies(transport id) and expect an other Hello from client */
 		if (*ret==POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED) {
 			ssl_session_reset(ssl);
-			ssl_set_client_transport_id(ssl, (const unsigned char *)(&(ctx->session->snd.ssrc)), 4);
+			ssl_set_client_transport_id(ssl, (const unsigned char *)(&(ctx->stream_sessions->rtp_session->snd.ssrc)), 4);
 		}

 		/* if we are client, manage the retransmission timer */
@@ -433,7 +437,7 @@ static void ms_dtls_srtp_check_channels_status(MSDtlsSrtpContext *ctx) {
 		ev=ortp_event_new(ORTP_EVENT_DTLS_ENCRYPTION_CHANGED);
 		eventData=ortp_event_get_data(ev);
 		eventData->info.dtls_stream_encrypted=1;
-		rtp_session_dispatch_event(ctx->session, ev);
+		rtp_session_dispatch_event(ctx->stream_sessions->rtp_session, ev);
 		ms_message("DTLS Event dispatched to all: secrets are on");
 	} else {
 		printf ("DTLS check status but at least one is not done");
@@ -458,6 +462,7 @@ static int ms_dtls_srtp_rtp_process_on_receive(struct _RtpTransportModifier *t,

 	/* check if it is a DTLS packet and process it */
 	if (ms_dtls_srtp_process_dtls_packet(msg, ctx, &ret, TRUE) == TRUE){
+		printf("Received DTLS RTP packet len %d handshake returns -%04x session is [%p]\n", (int)msgLength, -ret, ctx->stream_sessions->rtp_session);
 		
 		if ((ret==0) && (ctx->rtp_channel_status == DTLS_STATUS_CONTEXT_READY)) { /* handshake is over, give the keys to srtp : 128 bits client write - 128 bits server write - 112 bits client salt - 112 server salt */
 			MSCryptoSuite agreed_srtp_protection_profile = MS_CRYPTO_SUITE_INVALID;
@@ -482,28 +487,30 @@ static int ms_dtls_srtp_rtp_process_on_receive(struct _RtpTransportModifier *t,
 					for (i=0; i<ctx->rtp_dtls_context->ssl.dtls_srtp_keys_len; i++) {
 						printf("%02x",ctx->rtp_dtls_context->ssl.dtls_srtp_keys[i]);
 					}
-					printf("\n set srtp keys on session [%p]\n", ctx->stream->sessions.rtp_session);
+					printf("\n set srtp keys on session [%p]\n", ctx->stream_sessions->rtp_session);

 					if (ctx->role == MSDtlsSrtpRoleIsServer) {
 						printf("On est serveur\n");
+						fflush(NULL);
 						/* reception(client write) key and salt +16bits padding */
 						memcpy(key, ctx->rtp_dtls_context->ssl.dtls_srtp_keys, DTLS_SRTP_KEY_LEN);
 						memcpy(key + DTLS_SRTP_KEY_LEN, ctx->rtp_dtls_context->ssl.dtls_srtp_keys+2*DTLS_SRTP_KEY_LEN, DTLS_SRTP_SALT_LEN);
-						media_stream_set_srtp_recv_key(ctx->stream, agreed_srtp_protection_profile, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTP_STREAM);
+						media_stream_set_srtp_recv_key(ctx->stream_sessions, agreed_srtp_protection_profile, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTP_STREAM);
 						/* emission(server write) key and salt +16bits padding */
 						memcpy(key, ctx->rtp_dtls_context->ssl.dtls_srtp_keys+DTLS_SRTP_KEY_LEN, DTLS_SRTP_KEY_LEN);
 						memcpy(key + DTLS_SRTP_KEY_LEN, ctx->rtp_dtls_context->ssl.dtls_srtp_keys+2*DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, DTLS_SRTP_SALT_LEN);
-						media_stream_set_srtp_send_key(ctx->stream, agreed_srtp_protection_profile, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTP_STREAM);
+						media_stream_set_srtp_send_key(ctx->stream_sessions, agreed_srtp_protection_profile, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTP_STREAM);
 					} else if (ctx->role == MSDtlsSrtpRoleIsClient){ /* this enpoint act as DTLS client */
 						printf("On est client\n");
+						fflush(NULL);
 						/* emission(client write) key and salt +16bits padding */
 						memcpy(key, ctx->rtp_dtls_context->ssl.dtls_srtp_keys, DTLS_SRTP_KEY_LEN);
 						memcpy(key + DTLS_SRTP_KEY_LEN, ctx->rtp_dtls_context->ssl.dtls_srtp_keys+2*DTLS_SRTP_KEY_LEN, DTLS_SRTP_SALT_LEN);
-						media_stream_set_srtp_send_key(ctx->stream, agreed_srtp_protection_profile, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTP_STREAM);
+						media_stream_set_srtp_send_key(ctx->stream_sessions, agreed_srtp_protection_profile, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTP_STREAM);
 						/* reception(server write) key and salt +16bits padding */
 						memcpy(key, ctx->rtp_dtls_context->ssl.dtls_srtp_keys+DTLS_SRTP_KEY_LEN, DTLS_SRTP_KEY_LEN);
 						memcpy(key + DTLS_SRTP_KEY_LEN, ctx->rtp_dtls_context->ssl.dtls_srtp_keys+2*DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, DTLS_SRTP_SALT_LEN);
-						media_stream_set_srtp_recv_key(ctx->stream, agreed_srtp_protection_profile, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTP_STREAM);
+						media_stream_set_srtp_recv_key(ctx->stream_sessions, agreed_srtp_protection_profile, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTP_STREAM);
 					}

 					ms_free(key);
@@ -515,7 +522,7 @@ static int ms_dtls_srtp_rtp_process_on_receive(struct _RtpTransportModifier *t,
 			}
 			ret = ssl_close_notify( &(ctx->rtp_dtls_context->ssl) );
 			printf("DTLS : close ssl returns %d", ret);
-			printf("set srtp keys on session [%p] done\n", ctx->stream->sessions.rtp_session);
+			printf("set srtp keys on session [%p] done\n", ctx->stream_sessions->rtp_session);
 		}
 		return 0;
 	}
@@ -540,7 +547,7 @@ static int ms_dtls_srtp_rtcp_process_on_receive(struct _RtpTransportModifier *t,

 	/* check if it is a DTLS packet and process it */
 	if (ms_dtls_srtp_process_dtls_packet(msg, ctx, &ret, FALSE) == TRUE){
-		printf("Received DTLS RTCP packet len %d handshake returns -%04x session is [%p]\n", (int)msgLength, -ret, ctx->stream->sessions.rtp_session);
+		printf("Received DTLS RTCP packet len %d handshake returns -%04x session is [%p]\n", (int)msgLength, -ret, ctx->stream_sessions->rtp_session);

 		if ((ret==0) && (ctx->rtcp_channel_status == DTLS_STATUS_CONTEXT_READY)) { /* rtcp handshake is over, give the keys to srtp : 128 bits client write - 128 bits server write - 112 bits client salt - 112 server salt */
 			uint8_t *key = (uint8_t *)ms_malloc0(256);
@@ -567,28 +574,30 @@ static int ms_dtls_srtp_rtcp_process_on_receive(struct _RtpTransportModifier *t,
 					for (i=0; i<ctx->rtcp_dtls_context->ssl.dtls_srtp_keys_len; i++) {
 						printf("%02x",ctx->rtcp_dtls_context->ssl.dtls_srtp_keys[i]);
 					}
-					printf("\n set srtp keys on session [%p]\n", ctx->stream->sessions.rtp_session);
+					printf("\n set srtp keys on session [%p]\n", ctx->stream_sessions->rtp_session);

 					if (ctx->role == MSDtlsSrtpRoleIsServer) {
 						printf("On est serveur\n");
+						fflush(NULL);
 						/* reception(client write) key and salt +16bits padding */
 						memcpy(key, ctx->rtcp_dtls_context->ssl.dtls_srtp_keys, DTLS_SRTP_KEY_LEN);
 						memcpy(key + DTLS_SRTP_KEY_LEN, ctx->rtcp_dtls_context->ssl.dtls_srtp_keys+2*DTLS_SRTP_KEY_LEN, DTLS_SRTP_SALT_LEN);
-						media_stream_set_srtp_recv_key(ctx->stream, MS_AES_128_SHA1_80, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTCP_STREAM);
+						media_stream_set_srtp_recv_key(ctx->stream_sessions, MS_AES_128_SHA1_80, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTCP_STREAM);
 						/* emission(server write) key and salt +16bits padding */
 						memcpy(key, ctx->rtcp_dtls_context->ssl.dtls_srtp_keys+DTLS_SRTP_KEY_LEN, DTLS_SRTP_KEY_LEN);
 						memcpy(key + DTLS_SRTP_KEY_LEN, ctx->rtcp_dtls_context->ssl.dtls_srtp_keys+2*DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, DTLS_SRTP_SALT_LEN);
-						media_stream_set_srtp_send_key(ctx->stream, MS_AES_128_SHA1_80, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTCP_STREAM);
+						media_stream_set_srtp_send_key(ctx->stream_sessions, MS_AES_128_SHA1_80, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTCP_STREAM);
 					} else if (ctx->role == MSDtlsSrtpRoleIsClient){ /* this enpoint act as DTLS client */
 						printf("On est client\n");
+						fflush(NULL);
 						/* emission(client write) key and salt +16bits padding */
 						memcpy(key, ctx->rtcp_dtls_context->ssl.dtls_srtp_keys, DTLS_SRTP_KEY_LEN);
 						memcpy(key + DTLS_SRTP_KEY_LEN, ctx->rtcp_dtls_context->ssl.dtls_srtp_keys+2*DTLS_SRTP_KEY_LEN, DTLS_SRTP_SALT_LEN);
-						media_stream_set_srtp_send_key(ctx->stream, MS_AES_128_SHA1_80, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTCP_STREAM);
+						media_stream_set_srtp_send_key(ctx->stream_sessions, MS_AES_128_SHA1_80, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTCP_STREAM);
 						/* reception(server write) key and salt +16bits padding */
 						memcpy(key, ctx->rtcp_dtls_context->ssl.dtls_srtp_keys+DTLS_SRTP_KEY_LEN, DTLS_SRTP_KEY_LEN);
 						memcpy(key + DTLS_SRTP_KEY_LEN, ctx->rtcp_dtls_context->ssl.dtls_srtp_keys+2*DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, DTLS_SRTP_SALT_LEN);
-						media_stream_set_srtp_recv_key(ctx->stream, MS_AES_128_SHA1_80, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTCP_STREAM);
+						media_stream_set_srtp_recv_key(ctx->stream_sessions, MS_AES_128_SHA1_80, (const char *)key, DTLS_SRTP_KEY_LEN+DTLS_SRTP_SALT_LEN, MSSRTP_RTCP_STREAM);
 					}

 					ms_free(key);
@@ -702,9 +711,9 @@ int ms_dtls_srtp_initialise_polarssl_dtls_context(DtlsPolarsslContext *dtlsConte

 }

-MSDtlsSrtpContext* ms_dtls_srtp_context_new(MediaStream *stream, MSDtlsSrtpParams *params){
+MSDtlsSrtpContext* ms_dtls_srtp_context_new(MSMediaStreamSessions *sessions, MSDtlsSrtpParams *params){
 	MSDtlsSrtpContext *userData;
-	RtpSession *s = stream->sessions.rtp_session;
+	RtpSession *s = sessions->rtp_session;

 	/* Create and init the polar ssl DTLS contexts */
 	DtlsPolarsslContext *rtp_dtls_context = ms_new0(DtlsPolarsslContext,1);
@@ -720,8 +729,7 @@ MSDtlsSrtpContext* ms_dtls_srtp_context_new(MediaStream *stream, MSDtlsSrtpParam
 	userData->rtp_time_reference = 0;
 	userData->rtcp_time_reference = 0;

-	userData->session=s;
-	userData->stream=stream;
+	userData->stream_sessions=sessions;
 	userData->rtp_channel_status = 0;
 	userData->rtcp_channel_status = 0;
 	userData->rtp_incoming_buffer = NULL;

--- a/src/voip/mediastream.c
+++ b/src/voip/mediastream.c
@@ -246,7 +246,7 @@ bool_t media_stream_dtls_supported(void){

 /*deprecated*/
 bool_t media_stream_enable_srtp(MediaStream *stream, MSCryptoSuite suite, const char *snd_key, const char *rcv_key) {
-	return media_stream_set_srtp_recv_key_b64(stream,suite,rcv_key)==0 && media_stream_set_srtp_send_key_b64(stream,suite,snd_key)==0;
+	return media_stream_set_srtp_recv_key_b64(&(stream->sessions),suite,rcv_key)==0 && media_stream_set_srtp_send_key_b64(&(stream->sessions),suite,snd_key)==0;
 }

 const MSQualityIndicator *media_stream_get_quality_indicator(MediaStream *stream){

--- a/src/voip/private.h
+++ b/src/voip/private.h
@@ -97,6 +97,12 @@ MS2_PUBLIC int ms_srtp_init(void);
 */
 MS2_PUBLIC void ms_srtp_shutdown(void);

+/**
+ * Set the backlink in dtls_context to stream sessions context. Used when reinvite force creation of a new stream with same session data
+ * @param[in/out]	dtls_context	Dtls context, contains a link to stream session context needed to access srtp context
+ * @param[in]		stream_sessions	Pointer to the new stream session structure
+ */
+MS2_PUBLIC void ms_dtls_srtp_set_stream_sessions(MSDtlsSrtpContext *dtls_context, MSMediaStreamSessions *stream_sessions);
 #ifdef __cplusplus
 }
 #endif

--- a/src/voip/videostream.c
+++ b/src/voip/videostream.c
@@ -253,6 +253,9 @@ VideoStream *video_stream_new_with_sessions(const MSMediaStreamSessions *session

 	stream->ms.type = MSVideo;
 	stream->ms.sessions=*sessions;
+	if (sessions->dtls_context != NULL) {
+		ms_dtls_srtp_set_stream_sessions(sessions->dtls_context, &(stream->ms.sessions));
+	}
 	rtp_session_resync(stream->ms.sessions.rtp_session);
 	stream->ms.qi=ms_quality_indicator_new(stream->ms.sessions.rtp_session);
 	ms_quality_indicator_set_label(stream->ms.qi,"video");
@@ -1263,7 +1266,8 @@ void video_stream_enable_zrtp(VideoStream *vstream, AudioStream *astream, MSZrtp

 void video_stream_enable_dtls(VideoStream *stream, MSDtlsSrtpParams *params){
 	if (stream->ms.sessions.dtls_context==NULL) {
-		stream->ms.sessions.dtls_context=ms_dtls_srtp_context_new((MediaStream *)stream, params);
+		printf("Start DTLS video stream context\n");
+		stream->ms.sessions.dtls_context=ms_dtls_srtp_context_new(&(stream->ms.sessions), params);
 	}
 }


--- a/src/voip/zrtp.c
+++ b/src/voip/zrtp.c
@@ -118,9 +118,9 @@ static int32_t ms_zrtp_srtpSecretsAvailable(void* clientData, bzrtpSrtpSecrets_t
 		memcpy(key + secrets->peerSrtpKeyLength, secrets->peerSrtpSalt, secrets->peerSrtpSaltLength);

 		if (secrets->authTagAlgo == ZRTP_AUTHTAG_HS32){
-			media_stream_set_srtp_recv_key(userData->stream, MS_AES_128_SHA1_32, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			media_stream_set_srtp_recv_key(&(userData->stream->sessions), MS_AES_128_SHA1_32, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength), MSSRTP_ALL_STREAMS);
 		}else if (secrets->authTagAlgo == ZRTP_AUTHTAG_HS80){
-			media_stream_set_srtp_recv_key(userData->stream, MS_AES_128_SHA1_80, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength), MSSRTP_ALL_STREAMS);
+			media_stream_set_srtp_recv_key(&(userData->stream->sessions), MS_AES_128_SHA1_80, (const char *)key, (secrets->peerSrtpKeyLength+secrets->peerSrtpSaltLength), MSSRTP_ALL_STREAMS);