Documentation ¶
Overview ¶
Package srtp implements Secure Real-time Transport Protocol
Index ¶
- type Config
- type Context
- func (c *Context) DecryptRTCP(dst, encrypted []byte, header *rtcp.Header) ([]byte, error)
- func (c *Context) DecryptRTP(dst, encrypted []byte, header *rtp.Header) ([]byte, error)
- func (c *Context) EncryptRTCP(dst, decrypted []byte, header *rtcp.Header) ([]byte, error)
- func (c *Context) EncryptRTP(dst []byte, plaintext []byte, header *rtp.Header) ([]byte, error)
- func (c *Context) Index(ssrc uint32) (uint32, bool)
- func (c *Context) ROC(ssrc uint32) (uint32, bool)
- func (c *Context) SetIndex(ssrc uint32, index uint32)
- func (c *Context) SetROC(ssrc uint32, roc uint32)
- type ContextOption
- type KeyingMaterialExporter
- type ProtectionProfile
- type ReadStreamSRTCP
- type ReadStreamSRTP
- type SessionKeys
- type SessionSRTCP
- type SessionSRTP
- type WriteStreamSRTCP
- type WriteStreamSRTP
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { Keys SessionKeys Profile ProtectionProfile BufferFactory func(packetType packetio.BufferPacketType, ssrc uint32) io.ReadWriteCloser LoggerFactory logging.LoggerFactory AcceptStreamTimeout time.Time // List of local/remote context options. // ReplayProtection is enabled on remote context by default. // Default replay protection window size is 64. LocalOptions, RemoteOptions []ContextOption }
Config is used to configure a session. You can provide either a KeyingMaterialExporter to export keys or directly pass the keys themselves. After a Config is passed to a session it must not be modified.
func (*Config) ExtractSessionKeysFromDTLS ¶
func (c *Config) ExtractSessionKeysFromDTLS(exporter KeyingMaterialExporter, isClient bool) error
ExtractSessionKeysFromDTLS allows setting the Config SessionKeys by extracting them from DTLS. This behavior is defined in RFC5764: https://tools.ietf.org/html/rfc5764
type Context ¶
type Context struct {
// contains filtered or unexported fields
}
Context represents a SRTP cryptographic context. Context can only be used for one-way operations. it must either used ONLY for encryption or ONLY for decryption. Note that Context does not provide any concurrency protection: access to a Context from multiple goroutines requires external synchronization.
func CreateContext ¶
func CreateContext(masterKey, masterSalt []byte, profile ProtectionProfile, opts ...ContextOption) (c *Context, err error)
CreateContext creates a new SRTP Context.
CreateContext receives variable number of ContextOption-s. Passing multiple options which set the same parameter let the last one valid. Following example create SRTP Context with replay protection with window size of 256.
decCtx, err := srtp.CreateContext(key, salt, profile, srtp.SRTPReplayProtection(256))
func (*Context) DecryptRTCP ¶
DecryptRTCP decrypts a buffer that contains a RTCP packet
func (*Context) DecryptRTP ¶
DecryptRTP decrypts a RTP packet with an encrypted payload
func (*Context) EncryptRTCP ¶
EncryptRTCP Encrypts a RTCP packet
func (*Context) EncryptRTP ¶
EncryptRTP marshals and encrypts an RTP packet, writing to the dst buffer provided. If the dst buffer does not have the capacity to hold `len(plaintext) + 10` bytes, a new one will be allocated and returned. If a rtp.Header is provided, it will be Unmarshaled using the plaintext.
type ContextOption ¶
ContextOption represents option of Context using the functional options pattern.
func SRTCPNoReplayProtection ¶
func SRTCPNoReplayProtection() ContextOption
SRTCPNoReplayProtection disables SRTCP replay protection.
func SRTCPReplayProtection ¶
func SRTCPReplayProtection(windowSize uint) ContextOption
SRTCPReplayProtection sets SRTCP replay protection window size.
func SRTPNoReplayProtection ¶
func SRTPNoReplayProtection() ContextOption
SRTPNoReplayProtection disables SRTP replay protection.
func SRTPReplayProtection ¶
func SRTPReplayProtection(windowSize uint) ContextOption
SRTPReplayProtection sets SRTP replay protection window size.
type KeyingMaterialExporter ¶
type KeyingMaterialExporter interface {
ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error)
}
KeyingMaterialExporter allows package SRTP to extract keying material
type ProtectionProfile ¶
type ProtectionProfile uint16
ProtectionProfile specifies Cipher and AuthTag details, similar to TLS cipher suite
const ( ProtectionProfileAes128CmHmacSha1_80 ProtectionProfile = 0x0001 ProtectionProfileAes128CmHmacSha1_32 ProtectionProfile = 0x0002 ProtectionProfileAeadAes128Gcm ProtectionProfile = 0x0007 ProtectionProfileAeadAes256Gcm ProtectionProfile = 0x0008 )
Supported protection profiles See https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
type ReadStreamSRTCP ¶
type ReadStreamSRTCP struct {
// contains filtered or unexported fields
}
ReadStreamSRTCP handles decryption for a single RTCP SSRC
func (*ReadStreamSRTCP) Close ¶
func (r *ReadStreamSRTCP) Close() error
Close removes the ReadStream from the session and cleans up any associated state
func (*ReadStreamSRTCP) GetSSRC ¶
func (r *ReadStreamSRTCP) GetSSRC() uint32
GetSSRC returns the SSRC we are demuxing for
func (*ReadStreamSRTCP) Read ¶
func (r *ReadStreamSRTCP) Read(buf []byte) (int, error)
Read reads and decrypts full RTCP packet from the nextConn
func (*ReadStreamSRTCP) ReadRTCP ¶
ReadRTCP reads and decrypts full RTCP packet and its header from the nextConn
func (*ReadStreamSRTCP) SetReadDeadline ¶
func (r *ReadStreamSRTCP) SetReadDeadline(t time.Time) error
SetReadDeadline sets the deadline for the Read operation. Setting to zero means no deadline.
type ReadStreamSRTP ¶
type ReadStreamSRTP struct {
// contains filtered or unexported fields
}
ReadStreamSRTP handles decryption for a single RTP SSRC
func (*ReadStreamSRTP) Close ¶
func (r *ReadStreamSRTP) Close() error
Close removes the ReadStream from the session and cleans up any associated state
func (*ReadStreamSRTP) GetSSRC ¶
func (r *ReadStreamSRTP) GetSSRC() uint32
GetSSRC returns the SSRC we are demuxing for
func (*ReadStreamSRTP) Read ¶
func (r *ReadStreamSRTP) Read(buf []byte) (int, error)
Read reads and decrypts full RTP packet from the nextConn
func (*ReadStreamSRTP) ReadRTP ¶
ReadRTP reads and decrypts full RTP packet and its header from the nextConn
func (*ReadStreamSRTP) SetReadDeadline ¶
func (r *ReadStreamSRTP) SetReadDeadline(t time.Time) error
SetReadDeadline sets the deadline for the Read operation. Setting to zero means no deadline.
type SessionKeys ¶
type SessionKeys struct { LocalMasterKey []byte LocalMasterSalt []byte RemoteMasterKey []byte RemoteMasterSalt []byte }
SessionKeys bundles the keys required to setup an SRTP session
type SessionSRTCP ¶
type SessionSRTCP struct {
// contains filtered or unexported fields
}
SessionSRTCP implements io.ReadWriteCloser and provides a bi-directional SRTCP session SRTCP itself does not have a design like this, but it is common in most applications for local/remote to each have their own keying material. This provides those patterns instead of making everyone re-implement
func NewSessionSRTCP ¶
func NewSessionSRTCP(conn net.Conn, config *Config) (*SessionSRTCP, error)
NewSessionSRTCP creates a SRTCP session using conn as the underlying transport.
func (*SessionSRTCP) AcceptStream ¶
func (s *SessionSRTCP) AcceptStream() (*ReadStreamSRTCP, uint32, error)
AcceptStream returns a stream to handle RTCP for a single SSRC
func (*SessionSRTCP) OpenReadStream ¶
func (s *SessionSRTCP) OpenReadStream(ssrc uint32) (*ReadStreamSRTCP, error)
OpenReadStream opens a read stream for the given SSRC, it can be used if you want a certain SSRC, but don't want to wait for AcceptStream
func (*SessionSRTCP) OpenWriteStream ¶
func (s *SessionSRTCP) OpenWriteStream() (*WriteStreamSRTCP, error)
OpenWriteStream returns the global write stream for the Session
type SessionSRTP ¶
type SessionSRTP struct {
// contains filtered or unexported fields
}
SessionSRTP implements io.ReadWriteCloser and provides a bi-directional SRTP session SRTP itself does not have a design like this, but it is common in most applications for local/remote to each have their own keying material. This provides those patterns instead of making everyone re-implement
func NewSessionSRTP ¶
func NewSessionSRTP(conn net.Conn, config *Config) (*SessionSRTP, error)
NewSessionSRTP creates a SRTP session using conn as the underlying transport.
func (*SessionSRTP) AcceptStream ¶
func (s *SessionSRTP) AcceptStream() (*ReadStreamSRTP, uint32, error)
AcceptStream returns a stream to handle RTCP for a single SSRC
func (*SessionSRTP) OpenReadStream ¶
func (s *SessionSRTP) OpenReadStream(ssrc uint32) (*ReadStreamSRTP, error)
OpenReadStream opens a read stream for the given SSRC, it can be used if you want a certain SSRC, but don't want to wait for AcceptStream
func (*SessionSRTP) OpenWriteStream ¶
func (s *SessionSRTP) OpenWriteStream() (*WriteStreamSRTP, error)
OpenWriteStream returns the global write stream for the Session
type WriteStreamSRTCP ¶
type WriteStreamSRTCP struct {
// contains filtered or unexported fields
}
WriteStreamSRTCP is stream for a single Session that is used to encrypt RTCP
func (*WriteStreamSRTCP) SetWriteDeadline ¶
func (w *WriteStreamSRTCP) SetWriteDeadline(t time.Time) error
SetWriteDeadline sets the deadline for the Write operation. Setting to zero means no deadline.
type WriteStreamSRTP ¶
type WriteStreamSRTP struct {
// contains filtered or unexported fields
}
WriteStreamSRTP is stream for a single Session that is used to encrypt RTP
func (*WriteStreamSRTP) SetWriteDeadline ¶
func (w *WriteStreamSRTP) SetWriteDeadline(t time.Time) error
SetWriteDeadline sets the deadline for the Write operation. Setting to zero means no deadline.