admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
webrtc_m130/pc/g3doc/srtp.md
Artem Titov a617867a45 Reland "Migrate WebRTC documentation to new renderer" 
This reverts commit 0f2ce5cc1c779f9bf33f51f29bfffbcbe105d1b1.

Reason for revert: Downstream infrastructure should be ready now

Original change's description:
> Revert "Migrate WebRTC documentation to new renderer"
>
> This reverts commit 3eceaf46695518f25bef43f155f82ed174827197.
>
> Reason for revert:
>
> Original change's description:
> > Migrate WebRTC documentation to new renderer
> >
> > Bug: b/258408932
> > Change-Id: Ib96f39fe0c3912f9746bcc09d079097a145d6115
> > Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/290987
> > Reviewed-by: Harald Alvestrand <hta@webrtc.org>
> > Commit-Queue: Artem Titov <titovartem@webrtc.org>
> > Cr-Commit-Position: refs/heads/main@{#39205}
>
> Bug: b/258408932
> Change-Id: I16cb4088bee3fc15c2bb88bd692c592b3a7db9fe
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291560
> Bot-Commit: rubber-stamper@appspot.gserviceaccount.com <rubber-stamper@appspot.gserviceaccount.com>
> Owners-Override: Artem Titov <titovartem@webrtc.org>
> Commit-Queue: Artem Titov <titovartem@webrtc.org>
> Cr-Commit-Position: refs/heads/main@{#39209}

Bug: b/258408932
Change-Id: Ia172e4a6ad1cc7953b48eed08776e9d1e44eb074
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291660
Owners-Override: Artem Titov <titovartem@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Bot-Commit: rubber-stamper@appspot.gserviceaccount.com <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Artem Titov <titovartem@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#39231}
2023-01-31 09:30:04 +00:00

73 lines
4.0 KiB
Markdown
Raw Blame History

<!-- go/cmark -->
<!--* freshness: {owner: 'hta' reviewed: '2021-05-13'} *-->
# SRTP in WebRTC
WebRTC mandates encryption of media by means of the Secure Realtime Protocol, or
SRTP, which is described in
[RFC 3711](https://datatracker.ietf.org/doc/html/rfc3711).
The key negotiation in WebRTC happens using DTLS-SRTP which is described in
[RFC 5764](https://datatracker.ietf.org/doc/html/rfc5764). The older
[SDES protocol](https://datatracker.ietf.org/doc/html/rfc4568) is implemented
but not enabled by default.
Unencrypted RTP can be enabled for debugging purposes by setting the
PeerConnections [`disable_encryption`][1] option to true.
## Supported cipher suites
The implementation supports the following cipher suites:
* SRTP_AES128_CM_HMAC_SHA1_80
* SRTP_AEAD_AES_128_GCM
* SRTP_AEAD_AES_256_GCM
The SRTP_AES128_CM_HMAC_SHA1_32 cipher suite is accepted for audio-only
connections if offered by the other side. It is not actively supported, see
[SelectCrypto][2] for details.
The cipher suite ordering allows a non-WebRTC peer to prefer GCM cipher suites,
however they are not selected as default by two instances of the WebRTC library.
## cricket::SrtpSession
The [`cricket::SrtpSession`][3] is providing encryption and decryption of SRTP
packets using [`libsrtp`](https://github.com/cisco/libsrtp). Keys will be
provided by `SrtpTransport` or `DtlsSrtpTransport` in the [`SetSend`][4] and
[`SetRecv`][5] methods.
Encryption and decryption happens in-place in the [`ProtectRtp`][6],
[`ProtectRtcp`][7], [`UnprotectRtp`][8] and [`UnprotectRtcp`][9] methods. The
`SrtpSession` class also takes care of initializing and deinitializing `libsrtp`
by keeping track of how many instances are being used.
## webrtc::SrtpTransport and webrtc::DtlsSrtpTransport
The [`webrtc::SrtpTransport`][10] class is controlling the `SrtpSession`
instances for RTP and RTCP. When
[rtcp-mux](https://datatracker.ietf.org/doc/html/rfc5761) is used, the
`SrtpSession` for RTCP is not needed.
[`webrtc:DtlsSrtpTransport`][11] is a subclass of the `SrtpTransport` that
extracts the keying material when the DTLS handshake is done and configures it
in its base class. It will also become writable only once the DTLS handshake is
done.
## cricket::SrtpFilter
The [`cricket::SrtpFilter`][12] class is used to negotiate SDES.
[1]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/api/peer_connection_interface.h;l=1413;drc=f467b445631189557d44de86a77ca6a0c3e2108d
[2]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/media_session.cc;l=297;drc=3ac73bd0aa5322abee98f1ff8705af64a184bf61
[3]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=33;drc=be66d95ab7f9428028806bbf66cb83800bda9241
[4]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=40;drc=be66d95ab7f9428028806bbf66cb83800bda9241
[5]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=51;drc=be66d95ab7f9428028806bbf66cb83800bda9241
[6]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=62;drc=be66d95ab7f9428028806bbf66cb83800bda9241
[7]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=69;drc=be66d95ab7f9428028806bbf66cb83800bda9241
[8]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=72;drc=be66d95ab7f9428028806bbf66cb83800bda9241
[9]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=73;drc=be66d95ab7f9428028806bbf66cb83800bda9241
[10]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_transport.h;l=37;drc=a4d873786f10eedd72de25ad0d94ad7c53c1f68a
[11]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/dtls_srtp_transport.h;l=31;drc=2f8e0536eb97ce2131e7a74e3ca06077aa0b64b3
[12]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_filter.h;drc=d15a575ec3528c252419149d35977e55269d8a41
Reference in New Issue View Git Blame Copy Permalink