rtc_srtp/context/
srtp.rs

1use super::*;
2use shared::{
3    error::{Error, Result},
4    marshal::{MarshalSize, Unmarshal},
5};
6
7use bytes::BytesMut;
8
9impl Context {
10    pub fn decrypt_rtp_with_header(
11        &mut self,
12        encrypted: &[u8],
13        header: &rtp::Header,
14    ) -> Result<BytesMut> {
15        let auth_tag_len = self.cipher.rtp_auth_tag_len();
16        if encrypted.len() < header.marshal_size() + auth_tag_len {
17            return Err(Error::ErrTooShortRtp);
18        }
19
20        let state = self.get_srtp_ssrc_state(header.ssrc);
21        let (roc, diff, _) = state.next_rollover_count(header.sequence_number);
22        if let Some(replay_detector) = &mut state.replay_detector
23            && !replay_detector.check(header.sequence_number as u64)
24        {
25            return Err(Error::SrtpSsrcDuplicated(
26                header.ssrc,
27                header.sequence_number,
28            ));
29        }
30
31        let dst = self.cipher.decrypt_rtp(encrypted, header, roc)?;
32        {
33            let state = self.get_srtp_ssrc_state(header.ssrc);
34            if let Some(replay_detector) = &mut state.replay_detector {
35                replay_detector.accept();
36            }
37            state.update_rollover_count(header.sequence_number, diff);
38        }
39
40        Ok(dst)
41    }
42
43    /// DecryptRTP decrypts a RTP packet with an encrypted payload
44    pub fn decrypt_rtp(&mut self, encrypted: &[u8]) -> Result<BytesMut> {
45        let mut buf = encrypted;
46        let header = rtp::Header::unmarshal(&mut buf)?;
47        self.decrypt_rtp_with_header(encrypted, &header)
48    }
49
50    pub fn encrypt_rtp_with_header(
51        &mut self,
52        plaintext: &[u8],
53        header: &rtp::Header,
54    ) -> Result<BytesMut> {
55        let (roc, diff, ovf) = self
56            .get_srtp_ssrc_state(header.ssrc)
57            .next_rollover_count(header.sequence_number);
58        if ovf {
59            // ... when 2^48 SRTP packets or 2^31 SRTCP packets have been secured with the same key
60            // (whichever occurs before), the key management MUST be called to provide new master key(s)
61            // (previously stored and used keys MUST NOT be used again), or the session MUST be terminated.
62            // https://www.rfc-editor.org/rfc/rfc3711#section-9.2
63            return Err(Error::ErrExceededMaxPackets);
64        }
65
66        let dst = self.cipher.encrypt_rtp(plaintext, header, roc)?;
67
68        self.get_srtp_ssrc_state(header.ssrc)
69            .update_rollover_count(header.sequence_number, diff);
70
71        Ok(dst)
72    }
73
74    /// EncryptRTP marshals and encrypts an RTP packet, writing to the dst buffer provided.
75    /// If the dst buffer does not have the capacity to hold `len(plaintext) + 10` bytes, a new one will be allocated and returned.
76    pub fn encrypt_rtp(&mut self, plaintext: &[u8]) -> Result<BytesMut> {
77        let mut buf = plaintext;
78        let header = rtp::Header::unmarshal(&mut buf)?;
79        self.encrypt_rtp_with_header(plaintext, &header)
80    }
81}
rtc_srtp/context/srtp.rs

rtc_srtp/context/
srtp.rs
