roc-toolkit icon indicating copy to clipboard operation
roc-toolkit copied to clipboard

Published 20 hours ago verified publisher icon roc-streaming

DTLS encoder and decoder

Open gavv opened this issue 5 years ago • 4 comments

Last revised: Oct 2023

Overview

Create minimal DTLS encoder and decoder. See #229 for background.

DTLS works on transport level. Instead of sending RTP packets over UDP, we will pack RTP packets into DTLS packets and send DTLS packets over UDP.

Basically DTLS encoder should protect the whole RTP packet (RTP header + RTP payload) and add DTLS header and footer, and DTLS decoder should remove DTLS header and footer and unprotect the RTP packet.

Preparations

First, we should choose a library that implements DTLS. Several implementations exist, e.g. OpenSSL. We have specific requirements to such a library:

  • It should be well-maintained.
  • It should be portable (linux, unix, macos, windows).
  • It should allow to use our own network loop. It should be possible to use it on packet level instead of the socket level. We will use it to encrypt and decrypt our packets, but not to send and receive packets.
  • Preferably, it should allow to use custom user-provided allocator. So that we can configure it to use our own.
  • Preferably, its license should not be very strict: some permissive license or LGPL would be OK.

Implementation

Then, we should add corresponding dependency and target directory to scons, and implement DtlsEncoder and DtlsDecoder.

See #317 for detailed instructions. It provides steps for adding SRTP support. DTLS support will be basically the same.

We should place new classes into a new module roc_tls. See #200 for instruction on adding a new module.

Just like with SRTP, we should start with some form of self-signed pre-shared certificates configured via command-line. We will add key management later.

Reading

  • https://tools.ietf.org/html/draft-tschofenig-avt-rtp-dtls-00
  • https://tools.ietf.org/html/draft-fischl-mmusic-sdp-dtls-04

gavv avatar Jan 13 '20 10:01 gavv

Most likely, we should start with OpenSSL.

Here are related usage examples:

  • https://github.com/nplab/DTLS-Examples/tree/master/src
  • https://github.com/stepheny/openssl-dtls-custom-bio

gavv avatar May 24 '20 07:05 gavv

I think we should start with OpenSSL. We already integrated it into our build system.

Here are related usage examples:

  • https://github.com/nplab/DTLS-Examples/tree/master/src
  • https://github.com/stepheny/openssl-dtls-custom-bio

gavv avatar Sep 30 '23 08:09 gavv