mykey 0.1.1

MIKEY (RFC 3830) — Multimedia Internet KEYing for SRTP key exchange
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

# SAP / SDP Integration

MIKEY messages travel in SDP session descriptions, not as a standalone transport protocol. In an AES67 deployment, session announcements are broadcast over **SAP** (Session Announcement Protocol, RFC 2974), and the MIKEY key management message is embedded in the SDP body as an `a=key-mgmt:mikey` attribute per RFC 4567.

mykey provides helpers to build and parse both layers.

## SDP attribute

The `a=key-mgmt:mikey` attribute carries the MIKEY message as base64:

```
a=key-mgmt:mikey <base64-encoded MIKEY message>
```

```rust
use mykey::sap::{mikey_to_sdp_attribute, mikey_from_sdp_attribute};

// Encode a message into an SDP attribute line
let attr_line = mikey_to_sdp_attribute(&init_msg);
// → "a=key-mgmt:mikey AQAABAAA..."

// Parse an attribute line back into a MikeyMessage
let msg = mikey_from_sdp_attribute(&attr_line)?;
```

## Building a SAP packet

`build_sap_with_mikey` takes an SDP body, inserts the `a=key-mgmt:mikey` attribute before the first `m=` line, and wraps the whole thing in a SAP packet:

```rust
use mykey::sap::build_sap_with_mikey;

let sdp = "v=0\r\no=- 0 0 IN IP4 192.168.1.10\r\ns=My Stream\r\n\
           c=IN IP4 239.0.0.1/32\r\nt=0 0\r\n\
           m=audio 5004 RTP/AVP 96\r\n\
           a=rtpmap:96 L24/48000/8\r\n";

let sap_packet = build_sap_with_mikey(
    "192.168.1.10",   // originating source (used in SAP header)
    0x1234,           // message ID hash
    sdp,
    &init_msg,
)?;

// Broadcast over UDP multicast to 239.255.255.255:9875 (SAP multicast address)
socket.send_to(&sap_packet, "239.255.255.255:9875")?;
```

## Parsing an incoming SAP packet

```rust
use mykey::sap::SapPacket;

let pkt = SapPacket::from_bytes(&udp_payload)?;

println!("msg_id:    {:#06x}", pkt.msg_id_hash);
println!("origin:    {:?}", pkt.originating_source);
println!("deletion:  {}", pkt.is_deletion());

let sdp_body = pkt.payload_str()?;
println!("{}", sdp_body);
```

## Extracting the MIKEY message from SDP

Once you have the SDP body, find the `a=key-mgmt:mikey` line and parse it:

```rust
use mykey::sap::mikey_from_sdp_attribute;

for line in sdp_body.lines() {
    if line.starts_with("a=key-mgmt:mikey") {
        let mikey_msg = mikey_from_sdp_attribute(line)?;
        // Use mikey_msg to complete the DH exchange...
        break;
    }
}
```

## Full initiator flow with SAP

```rust
use mykey::{DhInitiator, srtp::SrtpCryptoSuite};
use mykey::sap::build_sap_with_mikey;

let suite = SrtpCryptoSuite::AES_128_CM_SHA1_80;
let initiator = DhInitiator::new(csc_id, ssrc);
let init_msg = initiator.init_message()?;

let sdp = format!(
    "v=0\r\no=- {csc_id} 0 IN IP4 {src}\r\ns=My Stream\r\n\
     c=IN IP4 239.0.0.1/32\r\nt=0 0\r\n\
     m=audio 5004 RTP/AVP 96\r\na=rtpmap:96 L24/48000/8\r\n",
    src = "192.168.1.10"
);

let sap_bytes = build_sap_with_mikey("192.168.1.10", 0x1234, &sdp, &init_msg)?;
// broadcast sap_bytes on 239.255.255.255:9875
```

## Full responder flow with SAP

```rust
use mykey::{DhResponder, srtp::SrtpCryptoSuite, message::MikeyMessage};
use mykey::sap::{SapPacket, mikey_from_sdp_attribute};

let suite = SrtpCryptoSuite::AES_128_CM_SHA1_80;

// Received SAP packet from multicast
let pkt = SapPacket::from_bytes(&udp_payload)?;
let sdp = pkt.payload_str()?;

let mut init_msg = None;
for line in sdp.lines() {
    if line.starts_with("a=key-mgmt:mikey") {
        init_msg = Some(mikey_from_sdp_attribute(line)?);
        break;
    }
}
let init_msg = init_msg.ok_or(MikeyError::MissingPayload)?;

let responder = DhResponder::new();
let resp_msg = responder.resp_message(csc_id)?;
// Send resp_msg back to initiator (e.g., via unicast SDP answer)

let keys = responder.complete(&init_msg, suite)?;
// keys.master_key and keys.master_salt are ready for your SRTP library
```

## SAP multicast addresses

| Scope | Address | Port |
|---|---|---|
| Global | `224.2.127.254` | `9875` |
| Administrative | `239.255.255.255` | `9875` |
| AES67 (common practice) | Site-local multicast | `9875` |

The SAP port is always 9875. The multicast group depends on the scope of the announcement. For AES67 studio environments, use the appropriate site-local multicast address per your network plan.