@agentdance/node-webrtc-srtp 1.0.0

package/dist/auth.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Compute the SRTP authentication tag.
+ *
+ * auth_tag = first `tagLength` bytes of
+ *            HMAC-SHA1(k_a, RTP_header || RTP_payload || ROC_be32)
+ *
+ * @param authKey    20-byte HMAC-SHA1 session authentication key
+ * @param rtpHeader  The full RTP header (variable length)
+ * @param rtpPayload The plain RTP payload (pre-encryption for sender,
+ *                   already encrypted on sender side per RFC 3711 §3.1)
+ * @param roc        Roll-Over Counter (big-endian 32-bit appended)
+ * @param tagLength  10 for 80-bit profile, 4 for 32-bit profile
+ */
+export declare function computeSrtpAuthTag(authKey: Buffer, rtpHeader: Buffer, rtpPayload: Buffer, roc: number, tagLength: 10 | 4): Buffer;
+/**
+ * Compute the SRTCP authentication tag.
+ *
+ * auth_tag = first `tagLength` bytes of
+ *            HMAC-SHA1(k_a, RTCP_packet || E_SRTCP_index_be32)
+ *
+ * @param authKey       20-byte HMAC-SHA1 session authentication key
+ * @param rtcpPacket    The full (partially encrypted) RTCP packet bytes
+ * @param eSrtcpIndex   The 32-bit word: E(1) || SRTCP_index(31)
+ * @param tagLength     10 for 80-bit profile, 4 for 32-bit profile
+ */
+export declare function computeSrtcpAuthTag(authKey: Buffer, rtcpPacket: Buffer, eSrtcpIndex: number, tagLength: 10 | 4): Buffer;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAMA;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,EAAE,GAAG,CAAC,GAChB,MAAM,CASR;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,EAAE,GAAG,CAAC,GAChB,MAAM,CAQR"}

package/dist/auth.js

@@ -0,0 +1,46 @@
+import { createHmac } from 'node:crypto';
+// ---------------------------------------------------------------------------
+// HMAC-SHA1 authentication tags  (RFC 3711 §4.2)
+// ---------------------------------------------------------------------------
+/**
+ * Compute the SRTP authentication tag.
+ *
+ * auth_tag = first `tagLength` bytes of
+ *            HMAC-SHA1(k_a, RTP_header || RTP_payload || ROC_be32)
+ *
+ * @param authKey    20-byte HMAC-SHA1 session authentication key
+ * @param rtpHeader  The full RTP header (variable length)
+ * @param rtpPayload The plain RTP payload (pre-encryption for sender,
+ *                   already encrypted on sender side per RFC 3711 §3.1)
+ * @param roc        Roll-Over Counter (big-endian 32-bit appended)
+ * @param tagLength  10 for 80-bit profile, 4 for 32-bit profile
+ */
+export function computeSrtpAuthTag(authKey, rtpHeader, rtpPayload, roc, tagLength) {
+    const rocBuf = Buffer.allocUnsafe(4);
+    rocBuf.writeUInt32BE(roc >>> 0, 0);
+    const hmac = createHmac('sha1', authKey);
+    hmac.update(rtpHeader);
+    hmac.update(rtpPayload);
+    hmac.update(rocBuf);
+    return hmac.digest().subarray(0, tagLength);
+}
+/**
+ * Compute the SRTCP authentication tag.
+ *
+ * auth_tag = first `tagLength` bytes of
+ *            HMAC-SHA1(k_a, RTCP_packet || E_SRTCP_index_be32)
+ *
+ * @param authKey       20-byte HMAC-SHA1 session authentication key
+ * @param rtcpPacket    The full (partially encrypted) RTCP packet bytes
+ * @param eSrtcpIndex   The 32-bit word: E(1) || SRTCP_index(31)
+ * @param tagLength     10 for 80-bit profile, 4 for 32-bit profile
+ */
+export function computeSrtcpAuthTag(authKey, rtcpPacket, eSrtcpIndex, tagLength) {
+    const indexBuf = Buffer.allocUnsafe(4);
+    indexBuf.writeUInt32BE(eSrtcpIndex >>> 0, 0);
+    const hmac = createHmac('sha1', authKey);
+    hmac.update(rtcpPacket);
+    hmac.update(indexBuf);
+    return hmac.digest().subarray(0, tagLength);
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,8EAA8E;AAC9E,iDAAiD;AACjD,8EAA8E;AAE9E;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAe,EACf,SAAiB,EACjB,UAAkB,EAClB,GAAW,EACX,SAAiB;IAEjB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IAEnC,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACvB,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACxB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACpB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAe,EACf,UAAkB,EAClB,WAAmB,EACnB,SAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IACvC,QAAQ,CAAC,aAAa,CAAC,WAAW,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IAE7C,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACxB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;AAC9C,CAAC"}

package/dist/cipher.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Generate `length` bytes of AES-128-CM (Counter Mode) keystream.
+ *
+ * @param key    16-byte AES key
+ * @param iv     16-byte IV (the initial counter block, lower 16 bits = 0)
+ * @param length Number of keystream bytes to return
+ */
+export declare function aes128cmKeystream(key: Buffer, iv: Buffer, length: number): Buffer;
+/**
+ * Compute the 128-bit SRTP IV:
+ *   IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (index * 2^16)
+ *
+ * Bit-position reference (big-endian 128-bit / 16-byte buffer):
+ *   k_s  * 2^16  → salt (14 bytes) placed at buffer bytes [2..15]
+ *   SSRC * 2^64  → SSRC (4 bytes)  placed at buffer bytes [4..7]
+ *   i    * 2^16  → index (6 bytes) placed at buffer bytes [8..13]
+ */
+export declare function computeSrtpIv(salt: Buffer, ssrc: number, index: bigint): Buffer;
+/**
+ * Compute the 128-bit SRTCP IV.
+ * Identical formula to SRTP; the SRTCP index is 31-bit.
+ */
+export declare function computeSrtcpIv(salt: Buffer, ssrc: number, index: number): Buffer;
+//# sourceMappingURL=cipher.d.ts.map

package/dist/cipher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cipher.d.ts","sourceRoot":"","sources":["../src/cipher.ts"],"names":[],"mappings":"AAMA;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CASjF;AAMD;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAkB/E;AAMD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAEhF"}

package/dist/cipher.js

@@ -0,0 +1,61 @@
+import { createCipheriv } from 'node:crypto';
+// ---------------------------------------------------------------------------
+// AES-128-CM keystream  (RFC 3711 §4.1.1)
+// ---------------------------------------------------------------------------
+/**
+ * Generate `length` bytes of AES-128-CM (Counter Mode) keystream.
+ *
+ * @param key    16-byte AES key
+ * @param iv     16-byte IV (the initial counter block, lower 16 bits = 0)
+ * @param length Number of keystream bytes to return
+ */
+export function aes128cmKeystream(key, iv, length) {
+    if (key.length !== 16)
+        throw new RangeError('AES-128-CM requires a 16-byte key');
+    if (iv.length !== 16)
+        throw new RangeError('AES-128-CM IV must be 16 bytes');
+    // Encrypt a zero plaintext; CTR mode emits the keystream directly.
+    const plaintext = Buffer.alloc(length, 0);
+    const cipher = createCipheriv('aes-128-ctr', key, iv);
+    const ks = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    return ks.subarray(0, length);
+}
+// ---------------------------------------------------------------------------
+// IV computation for SRTP  (RFC 3711 §4.1)
+// ---------------------------------------------------------------------------
+/**
+ * Compute the 128-bit SRTP IV:
+ *   IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (index * 2^16)
+ *
+ * Bit-position reference (big-endian 128-bit / 16-byte buffer):
+ *   k_s  * 2^16  → salt (14 bytes) placed at buffer bytes [2..15]
+ *   SSRC * 2^64  → SSRC (4 bytes)  placed at buffer bytes [4..7]
+ *   i    * 2^16  → index (6 bytes) placed at buffer bytes [8..13]
+ */
+export function computeSrtpIv(salt, ssrc, index) {
+    if (salt.length !== 14)
+        throw new RangeError('SRTP salt must be 14 bytes');
+    // Start from all zeros; copy salt into bytes [2..15].
+    const iv = Buffer.alloc(16, 0);
+    salt.copy(iv, 2);
+    // XOR SSRC into bytes [4..7].
+    iv.writeUInt32BE((iv.readUInt32BE(4) ^ (ssrc >>> 0)) >>> 0, 4);
+    // XOR 48-bit index into bytes [8..13].
+    // index high 32 bits → bytes [8..11], index low 16 bits → bytes [12..13].
+    const idxHi = Number((index >> 16n) & 0xffffffffn);
+    const idxLo = Number(index & 0xffffn);
+    iv.writeUInt32BE((iv.readUInt32BE(8) ^ idxHi) >>> 0, 8);
+    iv.writeUInt16BE((iv.readUInt16BE(12) ^ idxLo) & 0xffff, 12);
+    return iv;
+}
+// ---------------------------------------------------------------------------
+// IV computation for SRTCP  (RFC 3711 §4.1)
+// ---------------------------------------------------------------------------
+/**
+ * Compute the 128-bit SRTCP IV.
+ * Identical formula to SRTP; the SRTCP index is 31-bit.
+ */
+export function computeSrtcpIv(salt, ssrc, index) {
+    return computeSrtpIv(salt, ssrc, BigInt(index));
+}
+//# sourceMappingURL=cipher.js.map

package/dist/cipher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cipher.js","sourceRoot":"","sources":["../src/cipher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAW,EAAE,EAAU,EAAE,MAAc;IACvE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,UAAU,CAAC,mCAAmC,CAAC,CAAC;IACjF,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,UAAU,CAAC,gCAAgC,CAAC,CAAC;IAE7E,mEAAmE;IACnE,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACrE,OAAO,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,8EAA8E;AAC9E,2CAA2C;AAC3C,8EAA8E;AAE9E;;;;;;;;GAQG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY,EAAE,IAAY,EAAE,KAAa;IACrE,IAAI,IAAI,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,UAAU,CAAC,4BAA4B,CAAC,CAAC;IAE3E,sDAAsD;IACtD,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC/B,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAEjB,8BAA8B;IAC9B,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IAE/D,uCAAuC;IACvC,0EAA0E;IAC1E,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,KAAK,IAAI,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC,CAAC;IACtC,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,GAAG,MAAM,EAAE,EAAE,CAAC,CAAC;IAE7D,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,8EAA8E;AAC9E,4CAA4C;AAC5C,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,IAAY,EAAE,IAAY,EAAE,KAAa;IACtE,OAAO,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AAClD,CAAC"}

package/dist/context.d.ts

@@ -0,0 +1,30 @@
+import { SrtpKeyingMaterial, SrtpContext, SrtcpContext } from './types.js';
+/**
+ * Derive a session key using the AES-CM key derivation function.
+ *
+ * The PRF key is the master key; the PRF input (IV) is:
+ *   PRF_input = master_salt XOR (label * 2^48) XOR (r * 2^???)
+ *
+ * For KDR=0 (the common case), r=0 and the second XOR term vanishes.
+ * The label is placed at byte offset 7 in the 14-byte salt (bit position 48).
+ *
+ * RFC 3711 §4.3.1:
+ *   x = label * 2^48  (label occupies bits 48-55 of the 112-bit salt field)
+ *
+ * @param masterKey  16-byte AES master key
+ * @param masterSalt 14-byte master salt
+ * @param label      0x00=enc, 0x01=auth, 0x02=salt
+ * @param length     Desired output length in bytes
+ * @param r          Key derivation rate index (default 0)
+ */
+export declare function deriveSessionKey(masterKey: Buffer, masterSalt: Buffer, label: number, length: number, r?: bigint): Buffer;
+/**
+ * Derive all three SRTP session keys from the supplied master keying material
+ * and return an initialised SrtpContext.
+ */
+export declare function createSrtpContext(material: SrtpKeyingMaterial): SrtpContext;
+/**
+ * Derive all three SRTCP session keys and return an initialised SrtcpContext.
+ */
+export declare function createSrtcpContext(material: SrtpKeyingMaterial): SrtcpContext;
+//# sourceMappingURL=context.d.ts.map

package/dist/context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,kBAAkB,EAClB,WAAW,EACX,YAAY,EACb,MAAM,YAAY,CAAC;AAQpB;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,gBAAgB,CAC9B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,CAAC,GAAE,MAAW,GACb,MAAM,CAgCR;AAcD;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,kBAAkB,GAAG,WAAW,CAmB3E;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,kBAAkB,GAAG,YAAY,CAiB7E"}

package/dist/context.js

@@ -0,0 +1,104 @@
+import { ProtectionProfile, } from './types.js';
+import { aes128cmKeystream } from './cipher.js';
+import { ReplayWindow } from './replay.js';
+// ---------------------------------------------------------------------------
+// AES-128-CM PRF  (RFC 3711 §4.3.1)
+// ---------------------------------------------------------------------------
+/**
+ * Derive a session key using the AES-CM key derivation function.
+ *
+ * The PRF key is the master key; the PRF input (IV) is:
+ *   PRF_input = master_salt XOR (label * 2^48) XOR (r * 2^???)
+ *
+ * For KDR=0 (the common case), r=0 and the second XOR term vanishes.
+ * The label is placed at byte offset 7 in the 14-byte salt (bit position 48).
+ *
+ * RFC 3711 §4.3.1:
+ *   x = label * 2^48  (label occupies bits 48-55 of the 112-bit salt field)
+ *
+ * @param masterKey  16-byte AES master key
+ * @param masterSalt 14-byte master salt
+ * @param label      0x00=enc, 0x01=auth, 0x02=salt
+ * @param length     Desired output length in bytes
+ * @param r          Key derivation rate index (default 0)
+ */
+export function deriveSessionKey(masterKey, masterSalt, label, length, r = 0n) {
+    if (masterSalt.length !== 14)
+        throw new RangeError('masterSalt must be 14 bytes');
+    // Build the 112-bit (14-byte) x value, then zero-pad to 16 bytes (right-pad
+    // with two 0x00 bytes) to form the IV for AES-CM.
+    //
+    // x = master_salt XOR (label << 48) XOR (r << kdr_shift)
+    // For KDR = 0 the r term is zero.
+    //
+    // label << 48 places the label byte at offset 6 (0-indexed) in the 14-byte
+    // big-endian integer.
+    const x = Buffer.from(masterSalt);
+    // XOR in label at byte offset 7 (label is at bit position 48 of the
+    // 112-bit big-endian value, i.e. byte index 7 counting from the MSB).
+    x.writeUInt8(x.readUInt8(7) ^ (label & 0xff), 7);
+    // If r != 0 we XOR it into the low 8 bytes of x (bytes 6..13).
+    // KDR=0 is the common case so this branch is rarely taken.
+    if (r !== 0n) {
+        for (let i = 0; i < 8; i++) {
+            const shift = BigInt((7 - i) * 8);
+            const off = 6 + i;
+            x.writeUInt8(x.readUInt8(off) ^ Number((r >> shift) & 0xffn), off);
+        }
+    }
+    // Zero-pad to 16 bytes (append two 0x00 bytes) → this is the AES-CM IV
+    const iv = Buffer.alloc(16, 0);
+    x.copy(iv, 0); // x occupies bytes 0..13; bytes 14,15 remain 0
+    return aes128cmKeystream(masterKey, iv, length);
+}
+// ---------------------------------------------------------------------------
+// Tag length helpers
+// ---------------------------------------------------------------------------
+function authTagLength(profile) {
+    return profile === ProtectionProfile.AES_128_CM_HMAC_SHA1_32 ? 4 : 10;
+}
+// ---------------------------------------------------------------------------
+// Context factories
+// ---------------------------------------------------------------------------
+/**
+ * Derive all three SRTP session keys from the supplied master keying material
+ * and return an initialised SrtpContext.
+ */
+export function createSrtpContext(material) {
+    const { masterKey, masterSalt, profile } = material;
+    const sessionEncKey = deriveSessionKey(masterKey, masterSalt, 0x00, 16);
+    const sessionSaltKey = deriveSessionKey(masterKey, masterSalt, 0x02, 14);
+    // Auth key is only meaningful for CM profiles; for GCM we still derive it
+    // (harmless) but it won't be used for packet authentication.
+    const sessionAuthKey = deriveSessionKey(masterKey, masterSalt, 0x01, 20);
+    return {
+        profile,
+        sessionEncKey,
+        sessionAuthKey,
+        sessionSaltKey,
+        index: 0n,
+        rolloverCounter: 0,
+        lastSeq: -1,
+        replayWindow: new ReplayWindow(),
+    };
+}
+/**
+ * Derive all three SRTCP session keys and return an initialised SrtcpContext.
+ */
+export function createSrtcpContext(material) {
+    const { masterKey, masterSalt, profile } = material;
+    // SRTCP uses separate labels (same label values, different contexts per
+    // spec; in practice the same KDF is used with the same master key/salt).
+    const sessionEncKey = deriveSessionKey(masterKey, masterSalt, 0x00, 16);
+    const sessionSaltKey = deriveSessionKey(masterKey, masterSalt, 0x02, 14);
+    const sessionAuthKey = deriveSessionKey(masterKey, masterSalt, 0x01, 20);
+    return {
+        profile,
+        sessionEncKey,
+        sessionAuthKey,
+        sessionSaltKey,
+        index: 0,
+        replayWindow: new ReplayWindow(),
+    };
+}
+//# sourceMappingURL=context.js.map

package/dist/context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AACA,OAAO,EACL,iBAAiB,GAIlB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,gBAAgB,CAC9B,SAAiB,EACjB,UAAkB,EAClB,KAAa,EACb,MAAc,EACd,IAAY,EAAE;IAEd,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;IAElF,4EAA4E;IAC5E,kDAAkD;IAClD,EAAE;IACF,yDAAyD;IACzD,kCAAkC;IAClC,EAAE;IACF,2EAA2E;IAC3E,sBAAsB;IACtB,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAElC,oEAAoE;IACpE,sEAAsE;IACtE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjD,+DAA+D;IAC/D,2DAA2D;IAC3D,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAClC,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YAClB,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,+CAA+C;IAE9D,OAAO,iBAAiB,CAAC,SAAS,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,SAAS,aAAa,CAAC,OAA0B;IAC/C,OAAO,OAAO,KAAK,iBAAiB,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACxE,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAA4B;IAC5D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC;IAEpD,MAAM,aAAa,GAAG,gBAAgB,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,gBAAgB,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IACzE,0EAA0E;IAC1E,6DAA6D;IAC7D,MAAM,cAAc,GAAG,gBAAgB,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAEzE,OAAO;QACL,OAAO;QACP,aAAa;QACb,cAAc;QACd,cAAc;QACd,KAAK,EAAE,EAAE;QACT,eAAe,EAAE,CAAC;QAClB,OAAO,EAAE,CAAC,CAAC;QACX,YAAY,EAAE,IAAI,YAAY,EAAE;KACjC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA4B;IAC7D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC;IAEpD,wEAAwE;IACxE,yEAAyE;IACzE,MAAM,aAAa,GAAG,gBAAgB,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,gBAAgB,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IACzE,MAAM,cAAc,GAAG,gBAAgB,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAEzE,OAAO;QACL,OAAO;QACP,aAAa;QACb,cAAc;QACd,cAAc;QACd,KAAK,EAAE,CAAC;QACR,YAAY,EAAE,IAAI,YAAY,EAAE;KACjC,CAAC;AACJ,CAAC"}

package/dist/gcm.d.ts

@@ -0,0 +1,14 @@
+import { SrtpContext } from './types.js';
+/**
+ * Encrypt and authenticate an SRTP packet using AES-128-GCM.
+ *
+ * Packet layout after protection:
+ *   RTP Header (AAD, unchanged) | Encrypted Payload | GCM Auth Tag (16 bytes)
+ */
+export declare function gcmSrtpProtect(ctx: SrtpContext, rtpPacket: Buffer): Buffer;
+/**
+ * Authenticate and decrypt a GCM-protected SRTP packet.
+ * Returns null if authentication fails or replay is detected.
+ */
+export declare function gcmSrtpUnprotect(ctx: SrtpContext, srtpPacket: Buffer): Buffer | null;
+//# sourceMappingURL=gcm.d.ts.map

package/dist/gcm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gcm.d.ts","sourceRoot":"","sources":["../src/gcm.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAsEzC;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAsB1E;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CA+BpF"}

package/dist/gcm.js

@@ -0,0 +1,151 @@
+import { createCipheriv, createDecipheriv } from 'node:crypto';
+// ---------------------------------------------------------------------------
+// AES-128-GCM  (RFC 7714)
+// ---------------------------------------------------------------------------
+// GCM auth tag is always 16 bytes (128-bit).
+const GCM_TAG_LENGTH = 16;
+// GCM nonce/IV is 12 bytes.
+const GCM_IV_LENGTH = 12;
+/**
+ * Build the 12-byte GCM IV from the 12-byte salt, SSRC, and packet index.
+ *
+ * RFC 7714 §8.1:
+ *   IV = salt XOR (SSRC placed at bytes 4..7) XOR (index placed at bytes 4..11)
+ *
+ * More precisely for SRTP (48-bit index):
+ *   - Bytes 0..3: salt[0..3] XOR 0 XOR 0   (no SSRC/index contribution)
+ *   - Bytes 4..7: salt[4..7] XOR SSRC_be32 XOR index_hi32
+ *   - Bytes 8..11: salt[8..11] XOR 0 XOR index_lo32
+ *
+ * Wait – GCM salt is typically 12 bytes, not 14.  When used inside the
+ * standard AES-CM derivation pipeline the 14-byte session salt is trimmed
+ * to 12 bytes by dropping the two trailing zero bytes (they were zero-padded
+ * anyway in the PRF output, but in practice the caller passes the full 14).
+ * We take the first 12 bytes of the supplied salt.
+ */
+function buildGcmIv(salt, ssrc, index) {
+    // Use first 12 bytes; remaining 2 are the PRF zero-padding.
+    const iv = Buffer.alloc(GCM_IV_LENGTH, 0);
+    salt.copy(iv, 0, 0, GCM_IV_LENGTH);
+    // XOR SSRC into bytes 4..7
+    iv.writeUInt32BE(iv.readUInt32BE(4) ^ (ssrc >>> 0), 4);
+    // XOR 48-bit index (big-endian 6 bytes) into bytes 6..11.
+    // Store index into a temporary 8-byte buffer; bytes [2..7] hold the 48-bit value.
+    const idxBytes = Buffer.allocUnsafe(8);
+    idxBytes.writeBigUInt64BE(index & 0xffffffffffffn, 0);
+    // bytes 6..7 overlap with the SSRC field – XOR as a 16-bit word
+    iv.writeUInt16BE(iv.readUInt16BE(6) ^ idxBytes.readUInt16BE(2), 6);
+    // bytes 8..11 – XOR as a 32-bit word
+    iv.writeUInt32BE(iv.readUInt32BE(8) ^ idxBytes.readUInt32BE(4), 8);
+    return iv;
+}
+// ---------------------------------------------------------------------------
+// Parse minimal RTP header to extract SSRC and payload offset
+// ---------------------------------------------------------------------------
+function parseRtpHeader(packet) {
+    if (packet.length < 12)
+        throw new RangeError('RTP packet too short');
+    const cc = packet[0] & 0x0f;
+    const x = (packet[0] & 0x10) !== 0;
+    let headerLen = 12 + cc * 4;
+    if (x) {
+        if (packet.length < headerLen + 4)
+            throw new RangeError('RTP header extension truncated');
+        const extLen = packet.readUInt16BE(headerLen + 2);
+        headerLen += 4 + extLen * 4;
+    }
+    const ssrc = packet.readUInt32BE(8);
+    return { ssrc, headerLen };
+}
+// ---------------------------------------------------------------------------
+// GCM protect / unprotect
+// ---------------------------------------------------------------------------
+/**
+ * Encrypt and authenticate an SRTP packet using AES-128-GCM.
+ *
+ * Packet layout after protection:
+ *   RTP Header (AAD, unchanged) | Encrypted Payload | GCM Auth Tag (16 bytes)
+ */
+export function gcmSrtpProtect(ctx, rtpPacket) {
+    const { ssrc, headerLen } = parseRtpHeader(rtpPacket);
+    const seq = rtpPacket.readUInt16BE(2);
+    // Compute packet index and update context state.
+    const index = computeIndex(ctx, seq);
+    const iv = buildGcmIv(ctx.sessionSaltKey, ssrc, index);
+    const header = rtpPacket.subarray(0, headerLen);
+    const payload = rtpPacket.subarray(headerLen);
+    const cipher = createCipheriv('aes-128-gcm', ctx.sessionEncKey, iv);
+    cipher.setAAD(header);
+    const encrypted = Buffer.concat([cipher.update(payload), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    // Update context
+    ctx.index = index;
+    ctx.rolloverCounter = Number(index >> 16n) >>> 0;
+    ctx.lastSeq = seq;
+    return Buffer.concat([header, encrypted, tag]);
+}
+/**
+ * Authenticate and decrypt a GCM-protected SRTP packet.
+ * Returns null if authentication fails or replay is detected.
+ */
+export function gcmSrtpUnprotect(ctx, srtpPacket) {
+    if (srtpPacket.length < 12 + GCM_TAG_LENGTH)
+        return null;
+    const { ssrc, headerLen } = parseRtpHeader(srtpPacket);
+    const seq = srtpPacket.readUInt16BE(2);
+    const index = estimateIndex(ctx, seq);
+    if (!ctx.replayWindow.check(index))
+        return null;
+    const header = srtpPacket.subarray(0, headerLen);
+    const encryptedPayload = srtpPacket.subarray(headerLen, srtpPacket.length - GCM_TAG_LENGTH);
+    const tag = srtpPacket.subarray(srtpPacket.length - GCM_TAG_LENGTH);
+    const iv = buildGcmIv(ctx.sessionSaltKey, ssrc, index);
+    try {
+        const decipher = createDecipheriv('aes-128-gcm', ctx.sessionEncKey, iv);
+        decipher.setAAD(header);
+        decipher.setAuthTag(tag);
+        const decrypted = Buffer.concat([decipher.update(encryptedPayload), decipher.final()]);
+        ctx.replayWindow.update(index);
+        ctx.index = index;
+        ctx.rolloverCounter = Number(index >> 16n) >>> 0;
+        ctx.lastSeq = seq;
+        return Buffer.concat([header, decrypted]);
+    }
+    catch {
+        return null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Index helpers (shared logic – duplicated from protect/unprotect to keep
+// gcm.ts self-contained; in a real project you'd factor these out)
+// ---------------------------------------------------------------------------
+function computeIndex(ctx, seq) {
+    if (ctx.lastSeq === -1) {
+        return BigInt(ctx.rolloverCounter) << 16n | BigInt(seq);
+    }
+    const roc = BigInt(ctx.rolloverCounter);
+    const lastSeq = ctx.lastSeq;
+    // If seq wraps forward (65535 → 0), increment ROC
+    if (seq < lastSeq && lastSeq - seq > 0x8000) {
+        return (roc + 1n) << 16n | BigInt(seq);
+    }
+    return roc << 16n | BigInt(seq);
+}
+function estimateIndex(ctx, seq) {
+    if (ctx.lastSeq === -1) {
+        return BigInt(ctx.rolloverCounter) << 16n | BigInt(seq);
+    }
+    // RFC 3711 §3.3.1 index estimation
+    const v = BigInt(ctx.rolloverCounter);
+    const diff = seq - ctx.lastSeq;
+    if (diff > 0x8000) {
+        // seq is much less than lastSeq → different ROC (wrap back?)
+        return (v === 0n ? 0n : v - 1n) << 16n | BigInt(seq);
+    }
+    else if (diff < -0x8000) {
+        // seq is much greater → ROC incremented
+        return (v + 1n) << 16n | BigInt(seq);
+    }
+    return v << 16n | BigInt(seq);
+}
+//# sourceMappingURL=gcm.js.map

package/dist/gcm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gcm.js","sourceRoot":"","sources":["../src/gcm.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/D,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,6CAA6C;AAC7C,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,4BAA4B;AAC5B,MAAM,aAAa,GAAG,EAAE,CAAC;AAEzB;;;;;;;;;;;;;;;;GAgBG;AACH,SAAS,UAAU,CAAC,IAAY,EAAE,IAAY,EAAE,KAAa;IAC3D,4DAA4D;IAC5D,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAC1C,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC;IAEnC,2BAA2B;IAC3B,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEvD,0DAA0D;IAC1D,kFAAkF;IAClF,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IACvC,QAAQ,CAAC,gBAAgB,CAAC,KAAK,GAAG,eAAe,EAAE,CAAC,CAAC,CAAC;IACtD,gEAAgE;IAChE,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnE,qCAAqC;IACrC,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEnE,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,8EAA8E;AAC9E,8DAA8D;AAC9D,8EAA8E;AAE9E,SAAS,cAAc,CAAC,MAAc;IACpC,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;QAAE,MAAM,IAAI,UAAU,CAAC,sBAAsB,CAAC,CAAC;IACrE,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAE,GAAG,IAAI,CAAC;IAC7B,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,IAAI,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5B,IAAI,CAAC,EAAE,CAAC;QACN,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS,GAAG,CAAC;YAAE,MAAM,IAAI,UAAU,CAAC,gCAAgC,CAAC,CAAC;QAC1F,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;QAClD,SAAS,IAAI,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;IAC9B,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACpC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;AAC7B,CAAC;AAED,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,GAAgB,EAAE,SAAiB;IAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAEtC,iDAAiD;IACjD,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAErC,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAE9C,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IACpE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACtB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC1E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhC,iBAAiB;IACjB,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC;IAClB,GAAG,CAAC,eAAe,GAAG,MAAM,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACjD,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC;IAElB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;AACjD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAgB,EAAE,UAAkB;IACnE,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc;QAAE,OAAO,IAAI,CAAC;IAEzD,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;IACvD,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAEvC,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAEtC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhD,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IACjD,MAAM,gBAAgB,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC,MAAM,GAAG,cAAc,CAAC,CAAC;IAC5F,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAG,cAAc,CAAC,CAAC;IAEpE,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACxE,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACxB,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAEvF,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/B,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC;QAClB,GAAG,CAAC,eAAe,GAAG,MAAM,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACjD,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC;QAElB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,0EAA0E;AAC1E,mEAAmE;AACnE,8EAA8E;AAE9E,SAAS,YAAY,CAAC,GAAgB,EAAE,GAAW;IACjD,IAAI,GAAG,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,CAAC;QACvB,OAAO,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1D,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAE5B,kDAAkD;IAClD,IAAI,GAAG,GAAG,OAAO,IAAI,OAAO,GAAG,GAAG,GAAG,MAAM,EAAE,CAAC;QAC5C,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,GAAG,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,aAAa,CAAC,GAAgB,EAAE,GAAW;IAClD,IAAI,GAAG,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,CAAC;QACvB,OAAO,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1D,CAAC;IACD,mCAAmC;IACnC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC;IAE/B,IAAI,IAAI,GAAG,MAAM,EAAE,CAAC;QAClB,6DAA6D;QAC7D,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACvD,CAAC;SAAM,IAAI,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QAC1B,wCAAwC;QACxC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,CAAC,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;AAChC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+export { ProtectionProfile } from './types.js';
+export type { SrtpKeyingMaterial, SrtpContext, SrtcpContext } from './types.js';
+export { createSrtpContext, createSrtcpContext, deriveSessionKey } from './context.js';
+export { aes128cmKeystream, computeSrtpIv, computeSrtcpIv } from './cipher.js';
+export { computeSrtpAuthTag, computeSrtcpAuthTag } from './auth.js';
+export { gcmSrtpProtect, gcmSrtpUnprotect } from './gcm.js';
+export { ReplayWindow } from './replay.js';
+export { srtpProtect, srtcpProtect } from './protect.js';
+export { srtpUnprotect, srtcpUnprotect } from './unprotect.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAEhF,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEvF,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE/E,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAEpE,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAE5D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEzD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/index.js

@@ -0,0 +1,10 @@
+// Public API – re-export everything from the srtp package.
+export { ProtectionProfile } from './types.js';
+export { createSrtpContext, createSrtcpContext, deriveSessionKey } from './context.js';
+export { aes128cmKeystream, computeSrtpIv, computeSrtcpIv } from './cipher.js';
+export { computeSrtpAuthTag, computeSrtcpAuthTag } from './auth.js';
+export { gcmSrtpProtect, gcmSrtpUnprotect } from './gcm.js';
+export { ReplayWindow } from './replay.js';
+export { srtpProtect, srtcpProtect } from './protect.js';
+export { srtpUnprotect, srtcpUnprotect } from './unprotect.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAG/C,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEvF,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE/E,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAEpE,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAE5D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEzD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/protect.d.ts

@@ -0,0 +1,21 @@
+import { SrtpContext, SrtcpContext } from './types.js';
+/**
+ * Protect (encrypt + authenticate) an RTP packet.
+ *
+ * Output layout:
+ *   RTP Header (unchanged) | Encrypted Payload | Auth Tag (10 or 4 bytes)
+ *
+ * GCM profiles are handled by delegating to `gcmSrtpProtect`.
+ */
+export declare function srtpProtect(ctx: SrtpContext, rtpPacket: Buffer): Buffer;
+/**
+ * Protect (encrypt + authenticate) an RTCP packet.
+ *
+ * Output layout:
+ *   RTCP Header (8 bytes, unencrypted) |
+ *   Encrypted Remainder |
+ *   E (1 bit, always 1) | SRTCP Index (31 bits) |
+ *   Auth Tag (10 bytes)
+ */
+export declare function srtcpProtect(ctx: SrtcpContext, rtcpPacket: Buffer): Buffer;
+//# sourceMappingURL=protect.d.ts.map

package/dist/protect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protect.d.ts","sourceRoot":"","sources":["../src/protect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAqB,MAAM,YAAY,CAAC;AA8D1E;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAsCvE;AAMD;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAoC1E"}