[Live-devel] Adding support of key management (RFC 4567)
BENMOUSSA Yahia - Contractor
yahia.benmoussa at external.thalesgroup.com
Wed Aug 28 06:16:38 PDT 2019
Hello Ross,
Some RTSP servers (Ex. Gstreamer and some CCTV cameras ) implement RFC 4567 for encryption key management in order to stream media over Secure RTP (SRTP). Please, find attached a wireshark trace showing such kind of key exchange.
We want to use live555 to get encrypted stream from these RTSP servers. Thus, we have implemented section 3.1 (SDP Extensions) and section 3.2 (RTSP Extensions) of RFC 4567.
Actually, if the RTSP server respond with RTP/SAVP media protocol to the DECRIBE command, the protocol name is set to "SRTP". In initializeWithSDP(), we parse SDP lines looking for "a=key-mgmt: prtcl-id keymgmt-data" (Section 3.1 of RFC4567). The parsing is done at both session and subsession levels to set prtcl-id (ex. mikey) and get base64 coded protocol data. Theses informations can then be processed outside live555 to extract the encryption parameters used by the server depending on the used key management protocol (Ex. MIKEY).
Then a new header (KeyMgmt) is added in the SETUP command (Section 3.2 of RFC 4567). This header contains encryption parameters of the client which can be set after client creation. These encryption parameters will serve later to encrypt the RR.
In case of SRTP protocol, we just create SimpleRTPsource to get raw encrypted RTP packets. Based on the encryption parameters sent by the server, we can then decrypt them (outside live555) using an external library (Ex. libsrtp).
If we send you a patch, would you integrate it in your code?
Best regards.
Yahia.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20190828/a41c97b0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SRTP_trace.pcapng
Type: application/octet-stream
Size: 3168 bytes
Desc: SRTP_trace.pcapng
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20190828/a41c97b0/attachment.obj>
More information about the live-devel
mailing list