New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encryption support #229
Comments
Hi @gavv is this issue still open, can i take a look at it ? |
Hi @Caynosadler! The issue is open, you're welcome to work on it. For now we don't have RTCP (#14) and RTSP (#216) support yet. They're planned on 0.2. So we can start with SRTP support. We can start with a simple scheme with pre-shared master key provided via command-line both at sender and receiver. When we'll get it working, we can add some key-exchange mechanism like ZRTP. I'd prefer to rely on some well-established library for encryption. There are some requirements to such a library:
We can either find libraries for SRTP and ZRTP, or we can select one or a few lower-level generic cryptographic libraries that are not protocol-aware but instead implement all necessary ciphers. In the later case we'll have to implement the protocol part by ourselves. I'm OK with that. Do you have any suggestions? |
IIRC ccRTP provides a full RTP stack. On the other hand, we have our own and it's tightly integrated in our pipeline. Using foreign RTP stack for SRTP would be a pain I guess. |
Then I suggest we go with this
|
I've just took a look at libSRTP and it looks promising. It fulfills almost all requirements: portable, doesn't implement its own network loop, doesn't force its own RTP stack (you just pass bytes to it), permissive license. The only thing missing is using custom allocator. This requirement is not critical though. I suggest to try it. Specifically, we can start with the following:
These docs may be helpful: https://roc-project.github.io/roc/docs/internals.html A note regarding rtp::SRTPWriter. It will need to obtain the byte representation of packet::Packet. You'll have to use packet::IComposer for that. Take a look at fec::Writer. It uses IComposer for the same reason. |
However, there are a few important questions we need to answer first. We use FECFRAME, which uses two separate streams for source and repair packets. Two modes are possible: 1) both streams are RTP 2) source stream is RTP, and repair stream use custom FECFRAME-specific protocol. FECFRAME supports multiple FEC schemes. Each FEC scheme defines which mode to use. Some schemes define RTP payload formats for their repair packets and thus the first mode is used. Other schemes define custom header format for repair packets and thus the second mode is used. Also, all FEC schemes define custom footer added to RTP source packets. Currently we support Reed-Solomon and LDPC-Staircase. Both schemes use second mode, i.e. repair packets are non-RTP. We have plans to support Raptor (#236), which uses the first mode, i.e. repair packets are RTP. So the questions are:
The following RFCs may be useful:
I didn't read the last two yet. |
Answering my questions:
Only with FEC schemes that use RTP for repair packets. SRTP requires RTP header to be present.
Only with Raptor. Reed-Solomon and LDPC don't use RTP for repair packets and there is no standardized way to pack them into RTP.
RTP over DTLS. |
So there are SRTP and RTP over DTLS:
In other words, SRTP is widely used and standard, but DTLS is needed to support all FEC schemes. For these reasons, I think we should implement both of them and allow the user to make a choice. I think we can close this issue and open two new issues instead:
Then we'll open issues for other related features (key management, integration with RTSP, complete support of RTP/SAVP(F), etc). @Caynosadler What do you think? Would you like to work on one of those issues? |
@gavv yeah i think that works, we can open two new issues first I'll like to take up the Implementation of minimal SRTP codecs using libSRTP, with pre-shared keys / certificates. |
Two new issues: @Caynosadler please leave a comment there so I can assign you. Closing this one. |
We need to add support for encryption of RTP, RTCP, and RTSP traffic. For that purpose, we likely want to use SRTP, SRTCP, and encrypted RTSP.
We need to choose protocols and a library for encryption and integrate it in our pipeline.
The text was updated successfully, but these errors were encountered: