Module sframe::frame

Frame-based API

This API provides low-level access to encryption and decryption at the frame level, offering more granular control.

Usage

It allows the use of arbitrary buffers, enabling the creation of views to avoid unnecessary copies:

• MediaFrameView for unencrypted data
• EncryptedFrameView for encrypted data

For encryption and decryption, a buffer must be provided implementing the FrameBuffer trait to allocate the necessary memory. For convenience, this trait has already been implemented for Vec<u8>.

Additionally, owning variants with an internal buffer are available, which dynamically allocate the necessary memory for encryption and decryption:

• MediaFrame for unencrypted data
• EncryptedFrame for encrypted data

Example

use sframe::{
    frame::{EncryptedFrameView, MediaFrameView},
    key::{DecryptionKey, EncryptionKey},
    CipherSuiteVariant,
};

let key_id = 42u64;
let enc_key = EncryptionKey::derive_from(CipherSuiteVariant::AesGcm256Sha512, key_id, "pw123").unwrap();
let frame_count = 1u8;
let payload = "Something secret";

let mut encrypt_buffer = Vec::new();
let mut decrypt_buffer = Vec::new();
let media_frame = MediaFrameView::new(frame_count, payload);

let encrypted_frame = media_frame.encrypt_into(&enc_key, &mut encrypt_buffer).unwrap();

let mut dec_key = DecryptionKey::derive_from(CipherSuiteVariant::AesGcm256Sha512, key_id, "pw123").unwrap();
let decrypted_media_frame = encrypted_frame
    .decrypt_into(&mut dec_key, &mut decrypt_buffer)
    .unwrap();

assert_eq!(decrypted_media_frame, media_frame);

Additionally, to see how the API is used with another buffer type, you can check out the bip_frame_buffer example.

Structs

• EncryptedFrame
  An abstraction of an encrypted frame in the format as of sframe draft 09 4.2, owing an internal buffer containing the cipher text and optionally associated meta data (e.g. be a media header).
• EncryptedFrameView
  A view on a buffer which contains an encrypted frame in the format as of sframe draft 09 4.2. The frame is assumed to be stored in the buffer as follows:
• MediaFrame
  A an abstraction of a media frame owning an internal buffer. Can optionally have meta data (e.g. a header) associated to it.
• MediaFrameView
  A view on a buffer (as a continuous slice of memory), representing a media frame. Can optionally have meta data (e.g. a header) associated to it, which is considered for authentication.
• ReplayAttackProtection
  This implementation allows to detect replay attacks by omitting frames with to old frame counters, see sframe draft 09 9.3. The window of allowed frame counts is given with a certain tolerance.

Traits

• FrameBuffer
  Representation of a frame buffer which allows to allocate continuous slices of memory as bytes Already implemented for Vec<u8>
• FrameValidation
  Allows to validate frames by their sframe header before the decryption
• Truncate
  During decryption a larger buffer is temporarily needed than the size of resulting decrypted payload. Due to this, the size of the buffer can be truncated after the decryption was successful. However, as this is purely optional and sometimes only informative (depending on the buffer design), the truncation is implemented as a NOOP per default.

Type Aliases

• FrameValidationBox
  Box to any implementation of the FrameValidation trait