srtp

package module
v2.0.0-...-4d906dc Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2023 License: MIT Imports: 20 Imported by: 0

README


Pion SRTP

A Go implementation of SRTP

Pion SRTP Sourcegraph Widget Slack Widget
Build Status GoDoc Coverage Status Go Report Card


See DESIGN.md for an overview of features and future goals.

Roadmap

The library is used as a part of our WebRTC implementation. Please refer to that roadmap to track our major milestones.

Community

Pion has an active community on the Golang Slack. Sign up and join the #pion channel for discussions and support. You can also use Pion mailing list.

We are always looking to support your projects. Please reach out if you have something to build!

If you need commercial support or don't want to use public methods you can contact us at team@pion.ly

Contributing

Check out the contributing wiki to join the group of amazing people making this project possible:

License

MIT License - see LICENSE for full text

Documentation

Overview

Package srtp implements Secure Real-time Transport Protocol

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	Keys          SessionKeys
	Profile       ProtectionProfile
	BufferFactory func(packetType packetio.BufferPacketType, ssrc uint32) io.ReadWriteCloser
	LoggerFactory logging.LoggerFactory

	// List of local/remote context options.
	// ReplayProtection is enabled on remote context by default.
	// Default replay protection window size is 64.
	LocalOptions, RemoteOptions []ContextOption
}

Config is used to configure a session. You can provide either a KeyingMaterialExporter to export keys or directly pass the keys themselves. After a Config is passed to a session it must not be modified.

func (*Config) ExtractSessionKeysFromDTLS 

func (c *Config) ExtractSessionKeysFromDTLS(exporter KeyingMaterialExporter, isClient bool) error

ExtractSessionKeysFromDTLS allows setting the Config SessionKeys by extracting them from DTLS. This behavior is defined in RFC5764: https://tools.ietf.org/html/rfc5764

type Context 

type Context struct {
	// contains filtered or unexported fields
}

Context represents a SRTP cryptographic context. Context can only be used for one-way operations. it must either used ONLY for encryption or ONLY for decryption. Note that Context does not provide any concurrency protection: access to a Context from multiple goroutines requires external synchronization.

func CreateContext 

func CreateContext(masterKey, masterSalt []byte, profile ProtectionProfile, opts ...ContextOption) (c *Context, err error)

CreateContext creates a new SRTP Context.

CreateContext receives variable number of ContextOption-s. Passing multiple options which set the same parameter let the last one valid. Following example create SRTP Context with replay protection with window size of 256. 

decCtx, err := srtp.CreateContext(key, salt, profile, srtp.SRTPReplayProtection(256))

func (*Context) DecryptRTCP 

func (c *Context) DecryptRTCP(dst, encrypted []byte, header *rtcp.Header) ([]byte, error)

DecryptRTCP decrypts a buffer that contains a RTCP packet

func (*Context) DecryptRTP 

func (c *Context) DecryptRTP(dst, encrypted []byte, header *rtp.Header) ([]byte, error)

DecryptRTP decrypts a RTP packet with an encrypted payload

func (*Context) EncryptRTCP 

func (c *Context) EncryptRTCP(dst, decrypted []byte, header *rtcp.Header) ([]byte, error)

EncryptRTCP Encrypts a RTCP packet

func (*Context) EncryptRTP 

func (c *Context) EncryptRTP(dst []byte, plaintext []byte, header *rtp.Header) ([]byte, error)

EncryptRTP marshals and encrypts an RTP packet, writing to the dst buffer provided. If the dst buffer does not have the capacity to hold `len(plaintext) + 10` bytes, a new one will be allocated and returned. If a rtp.Header is provided, it will be Unmarshaled using the plaintext.

func (*Context) Index 

func (c *Context) Index(ssrc uint32) (uint32, bool)

Index returns SRTCP index value of specified SSRC.

func (*Context) ROC 

func (c *Context) ROC(ssrc uint32) (uint32, bool)

ROC returns SRTP rollover counter value of specified SSRC.

func (*Context) SetIndex 

func (c *Context) SetIndex(ssrc uint32, index uint32)

SetIndex sets SRTCP index value of specified SSRC.

func (*Context) SetROC 

func (c *Context) SetROC(ssrc uint32, roc uint32)

SetROC sets SRTP rollover counter value of specified SSRC.

type ContextOption 

type ContextOption func(*Context) error

ContextOption represents option of Context using the functional options pattern.

func SRTCPNoReplayProtection 

func SRTCPNoReplayProtection() ContextOption

SRTCPNoReplayProtection disables SRTCP replay protection.

func SRTCPReplayProtection 

func SRTCPReplayProtection(windowSize uint) ContextOption

SRTCPReplayProtection sets SRTCP replay protection window size.

func SRTPNoReplayProtection 

func SRTPNoReplayProtection() ContextOption

SRTPNoReplayProtection disables SRTP replay protection.

func SRTPReplayProtection 

func SRTPReplayProtection(windowSize uint) ContextOption

SRTPReplayProtection sets SRTP replay protection window size.

type KeyingMaterialExporter 

type KeyingMaterialExporter interface {
	ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error)
}

KeyingMaterialExporter allows package SRTP to extract keying material

type ProtectionProfile 

type ProtectionProfile uint16

ProtectionProfile specifies Cipher and AuthTag details, similar to TLS cipher suite 

const (
	ProtectionProfileAes128CmHmacSha1_80 ProtectionProfile = 0x0001
	ProtectionProfileAes128CmHmacSha1_32 ProtectionProfile = 0x0002
	ProtectionProfileAeadAes128Gcm       ProtectionProfile = 0x0007
)

Supported protection profiles See https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml

type ReadStreamSRTCP 

type ReadStreamSRTCP struct {
	// contains filtered or unexported fields
}

ReadStreamSRTCP handles decryption for a single RTCP SSRC

func (*ReadStreamSRTCP) Close 

func (r *ReadStreamSRTCP) Close() error

Close removes the ReadStream from the session and cleans up any associated state

func (*ReadStreamSRTCP) GetSSRC 

func (r *ReadStreamSRTCP) GetSSRC() uint32

GetSSRC returns the SSRC we are demuxing for

func (*ReadStreamSRTCP) Read 

func (r *ReadStreamSRTCP) Read(buf []byte) (int, error)

Read reads and decrypts full RTCP packet from the nextConn

func (*ReadStreamSRTCP) ReadRTCP 

func (r *ReadStreamSRTCP) ReadRTCP(buf []byte) (int, *rtcp.Header, error)

ReadRTCP reads and decrypts full RTCP packet and its header from the nextConn

func (*ReadStreamSRTCP) SetReadDeadline 

func (r *ReadStreamSRTCP) SetReadDeadline(t time.Time) error

SetReadDeadline sets the deadline for the Read operation. Setting to zero means no deadline.

type ReadStreamSRTP 

type ReadStreamSRTP struct {
	// contains filtered or unexported fields
}

ReadStreamSRTP handles decryption for a single RTP SSRC

func (*ReadStreamSRTP) Close 

func (r *ReadStreamSRTP) Close() error

Close removes the ReadStream from the session and cleans up any associated state

func (*ReadStreamSRTP) GetSSRC 

func (r *ReadStreamSRTP) GetSSRC() uint32

GetSSRC returns the SSRC we are demuxing for

func (*ReadStreamSRTP) Read 

func (r *ReadStreamSRTP) Read(buf []byte) (int, error)

Read reads and decrypts full RTP packet from the nextConn

func (*ReadStreamSRTP) ReadRTP 

func (r *ReadStreamSRTP) ReadRTP(buf []byte) (int, *rtp.Header, error)

ReadRTP reads and decrypts full RTP packet and its header from the nextConn

func (*ReadStreamSRTP) SetReadDeadline 

func (r *ReadStreamSRTP) SetReadDeadline(t time.Time) error

SetReadDeadline sets the deadline for the Read operation. Setting to zero means no deadline.

type SessionKeys 

type SessionKeys struct {
	LocalMasterKey   []byte
	LocalMasterSalt  []byte
	RemoteMasterKey  []byte
	RemoteMasterSalt []byte
}

SessionKeys bundles the keys required to setup an SRTP session

type SessionSRTCP 

type SessionSRTCP struct {
	// contains filtered or unexported fields
}

SessionSRTCP implements io.ReadWriteCloser and provides a bi-directional SRTCP session SRTCP itself does not have a design like this, but it is common in most applications for local/remote to each have their own keying material. This provides those patterns instead of making everyone re-implement

func NewSessionSRTCP 

func NewSessionSRTCP(conn net.Conn, config *Config) (*SessionSRTCP, error)

NewSessionSRTCP creates a SRTCP session using conn as the underlying transport.

func (*SessionSRTCP) AcceptStream 

func (s *SessionSRTCP) AcceptStream() (*ReadStreamSRTCP, uint32, error)

AcceptStream returns a stream to handle RTCP for a single SSRC

func (*SessionSRTCP) Close 

func (s *SessionSRTCP) Close() error

Close ends the session

func (*SessionSRTCP) OpenReadStream 

func (s *SessionSRTCP) OpenReadStream(ssrc uint32) (*ReadStreamSRTCP, error)

OpenReadStream opens a read stream for the given SSRC, it can be used if you want a certain SSRC, but don't want to wait for AcceptStream

func (*SessionSRTCP) OpenWriteStream 

func (s *SessionSRTCP) OpenWriteStream() (*WriteStreamSRTCP, error)

OpenWriteStream returns the global write stream for the Session

type SessionSRTP 

type SessionSRTP struct {
	// contains filtered or unexported fields
}

SessionSRTP implements io.ReadWriteCloser and provides a bi-directional SRTP session SRTP itself does not have a design like this, but it is common in most applications for local/remote to each have their own keying material. This provides those patterns instead of making everyone re-implement

func NewSessionSRTP 

func NewSessionSRTP(conn net.Conn, config *Config) (*SessionSRTP, error)

NewSessionSRTP creates a SRTP session using conn as the underlying transport.

func (*SessionSRTP) AcceptStream 

func (s *SessionSRTP) AcceptStream() (*ReadStreamSRTP, uint32, error)

AcceptStream returns a stream to handle RTCP for a single SSRC

func (*SessionSRTP) Close 

func (s *SessionSRTP) Close() error

Close ends the session

func (*SessionSRTP) OpenReadStream 

func (s *SessionSRTP) OpenReadStream(ssrc uint32) (*ReadStreamSRTP, error)

OpenReadStream opens a read stream for the given SSRC, it can be used if you want a certain SSRC, but don't want to wait for AcceptStream

func (*SessionSRTP) OpenWriteStream 

func (s *SessionSRTP) OpenWriteStream() (*WriteStreamSRTP, error)

OpenWriteStream returns the global write stream for the Session

type WriteStreamSRTCP 

type WriteStreamSRTCP struct {
	// contains filtered or unexported fields
}

WriteStreamSRTCP is stream for a single Session that is used to encrypt RTCP

func (*WriteStreamSRTCP) SetWriteDeadline 

func (w *WriteStreamSRTCP) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the deadline for the Write operation. Setting to zero means no deadline.

func (*WriteStreamSRTCP) Write 

func (w *WriteStreamSRTCP) Write(b []byte) (int, error)

Write encrypts and writes a full RTCP packets to the nextConn

func (*WriteStreamSRTCP) WriteRTCP 

func (w *WriteStreamSRTCP) WriteRTCP(header *rtcp.Header, payload []byte) (int, error)

WriteRTCP encrypts a RTCP header and its payload to the nextConn

type WriteStreamSRTP 

type WriteStreamSRTP struct {
	// contains filtered or unexported fields
}

WriteStreamSRTP is stream for a single Session that is used to encrypt RTP

func (*WriteStreamSRTP) SetWriteDeadline 

func (w *WriteStreamSRTP) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the deadline for the Write operation. Setting to zero means no deadline.

func (*WriteStreamSRTP) Write 

func (w *WriteStreamSRTP) Write(b []byte) (int, error)

Write encrypts and writes a full RTP packets to the nextConn

func (*WriteStreamSRTP) WriteRTP 

func (w *WriteStreamSRTP) WriteRTP(header *rtp.Header, payload []byte) (int, error)

WriteRTP encrypts a RTP packet and writes to the connection

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.