README
¶
Pion SRTP
A Go implementation of SRTP
See DESIGN.md for an overview of features and future goals.
Roadmap
The library is used as a part of our WebRTC implementation. Please refer to that roadmap to track our major milestones.
Community
Pion has an active community on the Golang Slack. Sign up and join the #pion channel for discussions and support. You can also use Pion mailing list.
We are always looking to support your projects. Please reach out if you have something to build!
If you need commercial support or don't want to use public methods you can contact us at team@pion.ly
Contributing
Check out the contributing wiki to join the group of amazing people making this project possible:
- Sean DuBois - Original Author
- Michiel De Backker - io.Writer interfaces
- Tobias Fridén SRTP authentication verification
- chenkaiC4 - Fix GolangCI Linter
- Luke Curley - Performance
- Chris Hiszpanski - Fix out-of-bounds access
- Yutaka Takeda - Fix log messages
License
MIT License - see LICENSE for full text
Documentation
¶
Index ¶
- type Config
- type Context
- func (c *Context) DecryptRTCP(dst, encrypted []byte, header *rtcp.Header) ([]byte, error)
- func (c *Context) DecryptRTP(dst, encrypted []byte, header *rtp.Header) ([]byte, error)
- func (c *Context) EncryptRTCP(dst, decrypted []byte, header *rtcp.Header) ([]byte, error)
- func (c *Context) EncryptRTP(dst []byte, plaintext []byte, header *rtp.Header) ([]byte, error)
- type KeyingMaterialExporter
- type ProtectionProfile
- type ReadStreamSRTCP
- type ReadStreamSRTP
- type SessionKeys
- type SessionSRTCP
- type SessionSRTP
- func (s *SessionSRTP) AcceptStream() (*ReadStreamSRTP, uint32, error)
- func (s *SessionSRTP) Close() error
- func (s *SessionSRTP) OpenReadStream(SSRC uint32) (*ReadStreamSRTP, error)
- func (s *SessionSRTP) OpenWriteStream() (*WriteStreamSRTP, error)
- func (s *SessionSRTP) Start(localMasterKey, localMasterSalt, remoteMasterKey, remoteMasterSalt []byte, ...) error
- type WriteStreamSRTCP
- type WriteStreamSRTP
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶ added in v1.0.2
type Config struct {
Keys SessionKeys
Profile ProtectionProfile
}
Config is used to configure a session. You can provide either a KeyingMaterialExporter to export keys or directly pass the keys themselves. After a Config is passed to a session it must not be modified.
func (*Config) ExtractSessionKeysFromDTLS ¶ added in v1.0.2
func (c *Config) ExtractSessionKeysFromDTLS(exporter KeyingMaterialExporter, isClient bool) error
ExtractSessionKeysFromDTLS allows setting the Config SessionKeys by extracting them from DTLS. This behavior is defined in RFC5764: https://tools.ietf.org/html/rfc5764
type Context ¶
type Context struct {
// contains filtered or unexported fields
}
Context represents a SRTP cryptographic context Context can only be used for one-way operations it must either used ONLY for encryption or ONLY for decryption
func CreateContext ¶
func CreateContext(masterKey, masterSalt []byte, profile ProtectionProfile) (c *Context, err error)
CreateContext creates a new SRTP Context
func (*Context) DecryptRTCP ¶
DecryptRTCP decrypts a buffer that contains a RTCP packet
func (*Context) DecryptRTP ¶
DecryptRTP decrypts a RTP packet with an encrypted payload
func (*Context) EncryptRTCP ¶
EncryptRTCP Encrypts a RTCP packet
func (*Context) EncryptRTP ¶
EncryptRTP marshals and encrypts an RTP packet, writing to the dst buffer provided. If the dst buffer does not have the capacity to hold `len(plaintext) + 10` bytes, a new one will be allocated and returned. If a rtp.Header is provided, it will be Unmarshaled using the plaintext.
type KeyingMaterialExporter ¶ added in v1.0.2
type KeyingMaterialExporter interface {
ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error)
}
KeyingMaterialExporter allows package SRTP to extract keying material
type ProtectionProfile ¶
type ProtectionProfile uint16
ProtectionProfile specifies Cipher and AuthTag details, similar to TLS cipher suite
const (
ProtectionProfileAes128CmHmacSha1_80 ProtectionProfile = 0x0001
)
Supported protection profiles
type ReadStreamSRTCP ¶
type ReadStreamSRTCP struct {
// contains filtered or unexported fields
}
ReadStreamSRTCP handles decryption for a single RTCP SSRC
func (*ReadStreamSRTCP) Close ¶ added in v1.0.3
func (r *ReadStreamSRTCP) Close() error
Close removes the ReadStream from the session and cleans up any associated state
func (*ReadStreamSRTCP) GetSSRC ¶
func (r *ReadStreamSRTCP) GetSSRC() uint32
GetSSRC returns the SSRC we are demuxing for
type ReadStreamSRTP ¶
type ReadStreamSRTP struct {
// contains filtered or unexported fields
}
ReadStreamSRTP handles decryption for a single RTP SSRC
func (*ReadStreamSRTP) Close ¶ added in v1.0.3
func (r *ReadStreamSRTP) Close() error
Close removes the ReadStream from the session and cleans up any associated state
func (*ReadStreamSRTP) GetSSRC ¶
func (r *ReadStreamSRTP) GetSSRC() uint32
GetSSRC returns the SSRC we are demuxing for
type SessionKeys ¶ added in v1.0.2
type SessionKeys struct {
LocalMasterKey []byte
LocalMasterSalt []byte
RemoteMasterKey []byte
RemoteMasterSalt []byte
}
SessionKeys bundles the keys required to setup an SRTP session
type SessionSRTCP ¶
type SessionSRTCP struct {
// contains filtered or unexported fields
}
SessionSRTCP implements io.ReadWriteCloser and provides a bi-directional SRTCP session SRTCP itself does not have a design like this, but it is common in most applications for local/remote to each have their own keying material. This provides those patterns instead of making everyone re-implement
func NewSessionSRTCP ¶ added in v1.0.2
func NewSessionSRTCP(conn net.Conn, config *Config) (*SessionSRTCP, error)
NewSessionSRTCP creates a SRTCP session using conn as the underlying transport.
func (*SessionSRTCP) AcceptStream ¶
func (s *SessionSRTCP) AcceptStream() (*ReadStreamSRTCP, uint32, error)
AcceptStream returns a stream to handle RTCP for a single SSRC
func (*SessionSRTCP) OpenReadStream ¶
func (s *SessionSRTCP) OpenReadStream(SSRC uint32) (*ReadStreamSRTCP, error)
OpenReadStream opens a read stream for the given SSRC, it can be used if you want a certain SSRC, but don't want to wait for AcceptStream
func (*SessionSRTCP) OpenWriteStream ¶
func (s *SessionSRTCP) OpenWriteStream() (*WriteStreamSRTCP, error)
OpenWriteStream returns the global write stream for the Session
type SessionSRTP ¶
type SessionSRTP struct {
// contains filtered or unexported fields
}
SessionSRTP implements io.ReadWriteCloser and provides a bi-directional SRTP session SRTP itself does not have a design like this, but it is common in most applications for local/remote to each have their own keying material. This provides those patterns instead of making everyone re-implement
func NewSessionSRTP ¶ added in v1.0.2
func NewSessionSRTP(conn net.Conn, config *Config) (*SessionSRTP, error)
NewSessionSRTP creates a SRTP session using conn as the underlying transport.
func (*SessionSRTP) AcceptStream ¶
func (s *SessionSRTP) AcceptStream() (*ReadStreamSRTP, uint32, error)
AcceptStream returns a stream to handle RTCP for a single SSRC
func (*SessionSRTP) OpenReadStream ¶
func (s *SessionSRTP) OpenReadStream(SSRC uint32) (*ReadStreamSRTP, error)
OpenReadStream opens a read stream for the given SSRC, it can be used if you want a certain SSRC, but don't want to wait for AcceptStream
func (*SessionSRTP) OpenWriteStream ¶
func (s *SessionSRTP) OpenWriteStream() (*WriteStreamSRTP, error)
OpenWriteStream returns the global write stream for the Session
func (*SessionSRTP) Start ¶
func (s *SessionSRTP) Start(localMasterKey, localMasterSalt, remoteMasterKey, remoteMasterSalt []byte, profile ProtectionProfile, nextConn net.Conn) error
Start initializes any crypto context and allows reading/writing to begin
type WriteStreamSRTCP ¶
type WriteStreamSRTCP struct {
// contains filtered or unexported fields
}
WriteStreamSRTCP is stream for a single Session that is used to encrypt RTCP
type WriteStreamSRTP ¶
type WriteStreamSRTP struct {
// contains filtered or unexported fields
}
WriteStreamSRTP is stream for a single Session that is used to encrypt RTP
Source Files