werift 0.22.8 → 0.23.0

package/lib/nonstandard/index.mjs

@@ -229,6 +229,105 @@ var BitStream = class {
   }
 };
 
+// ../common/src/crc.ts
+var POLY_CRC32 = 3988292384;
+var POLY_CRC32C = 2197175160;
+function isBufferLike(input) {
+  return typeof input !== "string";
+}
+function generateCRCTable(polynomial) {
+  const table = new Array(256);
+  let c = 0;
+  for (let n = 0; n < 256; ++n) {
+    c = n;
+    c = c & 1 ? polynomial ^ c >>> 1 : c >>> 1;
+    c = c & 1 ? polynomial ^ c >>> 1 : c >>> 1;
+    c = c & 1 ? polynomial ^ c >>> 1 : c >>> 1;
+    c = c & 1 ? polynomial ^ c >>> 1 : c >>> 1;
+    c = c & 1 ? polynomial ^ c >>> 1 : c >>> 1;
+    c = c & 1 ? polynomial ^ c >>> 1 : c >>> 1;
+    c = c & 1 ? polynomial ^ c >>> 1 : c >>> 1;
+    c = c & 1 ? polynomial ^ c >>> 1 : c >>> 1;
+    table[n] = c;
+  }
+  return new Int32Array(table);
+}
+function generateSliceBy16Tables(table0) {
+  const table = new Int32Array(4096);
+  let c = 0;
+  let v = 0;
+  let n = 0;
+  for (n = 0; n < 256; ++n) table[n] = table0[n];
+  for (n = 0; n < 256; ++n) {
+    v = table0[n];
+    for (c = 256 + n; c < 4096; c += 256) {
+      v = table[c] = v >>> 8 ^ table0[v & 255];
+    }
+  }
+  const out = [];
+  for (n = 1; n < 16; ++n) {
+    out[n - 1] = table.subarray(n * 256, n * 256 + 256);
+  }
+  return out;
+}
+function crcGenericString(value, seed, table0) {
+  let crc = seed ^ -1;
+  let i = 0;
+  const len = value.length;
+  let c = 0;
+  let d = 0;
+  while (i < len) {
+    c = value.charCodeAt(i++);
+    if (c < 128) {
+      crc = crc >>> 8 ^ table0[(crc ^ c) & 255];
+    } else if (c < 2048) {
+      crc = crc >>> 8 ^ table0[(crc ^ (192 | c >> 6 & 31)) & 255];
+      crc = crc >>> 8 ^ table0[(crc ^ (128 | c & 63)) & 255];
+    } else if (c >= 55296 && c < 57344) {
+      c = (c & 1023) + 64;
+      d = value.charCodeAt(i++) & 1023;
+      crc = crc >>> 8 ^ table0[(crc ^ (240 | c >> 8 & 7)) & 255];
+      crc = crc >>> 8 ^ table0[(crc ^ (128 | c >> 2 & 63)) & 255];
+      crc = crc >>> 8 ^ table0[(crc ^ (128 | d >> 6 & 15 | (c & 3) << 4)) & 255];
+      crc = crc >>> 8 ^ table0[(crc ^ (128 | d & 63)) & 255];
+    } else {
+      crc = crc >>> 8 ^ table0[(crc ^ (224 | c >> 12 & 15)) & 255];
+      crc = crc >>> 8 ^ table0[(crc ^ (128 | c >> 6 & 63)) & 255];
+      crc = crc >>> 8 ^ table0[(crc ^ (128 | c & 63)) & 255];
+    }
+  }
+  return ~crc >>> 0;
+}
+function crcBuffer(value, seed, table0, tables16) {
+  const [t1, t2, t3, t4, t5, t6, t7, t8, t9, ta, tb, tc, td, te, tf] = tables16;
+  let crc = seed ^ -1;
+  let i = 0;
+  let len = value.length - 15;
+  while (i < len) {
+    crc = tf[value[i++] ^ crc & 255] ^ te[value[i++] ^ crc >>> 8 & 255] ^ td[value[i++] ^ crc >>> 16 & 255] ^ tc[value[i++] ^ crc >>> 24] ^ tb[value[i++]] ^ ta[value[i++]] ^ t9[value[i++]] ^ t8[value[i++]] ^ t7[value[i++]] ^ t6[value[i++]] ^ t5[value[i++]] ^ t4[value[i++]] ^ t3[value[i++]] ^ t2[value[i++]] ^ t1[value[i++]] ^ table0[value[i++]];
+  }
+  for (len += 15; i < len; ) {
+    crc = crc >>> 8 ^ table0[(crc ^ value[i++]) & 255];
+  }
+  return ~crc >>> 0;
+}
+var table32 = generateCRCTable(POLY_CRC32);
+var tables32By16 = generateSliceBy16Tables(table32);
+var table32c = generateCRCTable(POLY_CRC32C);
+var tables32cBy16 = generateSliceBy16Tables(table32c);
+function crc32(input, seed = 0) {
+  if (isBufferLike(input)) {
+    return crcBuffer(input, seed, table32, tables32By16);
+  }
+  return crcGenericString(input, seed, table32);
+}
+function crc32c(input, seed = 0) {
+  if (isBufferLike(input)) {
+    return crcBuffer(input, seed, table32c, tables32cBy16);
+  }
+  return crcGenericString(input, seed, table32c);
+}
+
 // ../common/src/number.ts
 function uint8Add(a, b) {
   return a + b & 255;
@@ -4378,7 +4477,12 @@ import { createHmac as createHmac2 } from "crypto";
 import AES from "aes-js";
 
 // ../rtp/src/srtp/cipher/ctr.ts
-import { createCipheriv as createCipheriv2, createDecipheriv, createHmac } from "crypto";
+import {
+  createCipheriv as createCipheriv2,
+  createDecipheriv,
+  createHmac,
+  timingSafeEqual
+} from "crypto";
 
 // ../rtp/src/srtp/cipher/index.ts
 var CipherAesBase = class {
@@ -4391,7 +4495,7 @@ var CipherAesBase = class {
   encryptRtp(header, payload, rolloverCounter) {
     return Buffer.from([]);
   }
-  decryptRtp(cipherText, rolloverCounter) {
+  decryptRtp(cipherText, rolloverCounter, header) {
     return [];
   }
   encryptRTCP(rawRtcp, srtcpIndex) {
@@ -4402,6 +4506,74 @@ var CipherAesBase = class {
   }
 };
 
+// ../rtp/src/srtp/error.ts
+var SrtpAuthenticationError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "SrtpAuthenticationError";
+  }
+};
+
+// ../rtp/src/srtp/packet.ts
+var minRtpHeaderSize = 12;
+var minRtcpPacketSize = 8;
+function parseSrtpRtpHeader(packet, authTagLength, message = "Failed to authenticate SRTP packet") {
+  const authTagOffset = packet.length - authTagLength;
+  assertAuthenticatedPacketLength(
+    packet.length >= minRtpHeaderSize + authTagLength,
+    message
+  );
+  const header = wrapAuthenticationError(
+    () => RtpHeader.deSerialize(packet.subarray(0, authTagOffset)),
+    message
+  );
+  header.paddingSize = 0;
+  assertAuthenticatedPacketLength(
+    header.payloadOffset >= minRtpHeaderSize && header.payloadOffset <= authTagOffset,
+    message
+  );
+  return header;
+}
+function parseSrtcpHeader(packet, authTagLength, srtcpIndexSize3, message = "Failed to authenticate SRTCP packet") {
+  assertAuthenticatedPacketLength(
+    packet.length >= minRtcpPacketSize + authTagLength + srtcpIndexSize3,
+    message
+  );
+  return wrapAuthenticationError(
+    () => RtcpHeader.deSerialize(packet.subarray(0, RTCP_HEADER_SIZE)),
+    message
+  );
+}
+function assertAuthenticatedPacketLength(condition, message) {
+  if (!condition) {
+    throw new SrtpAuthenticationError(message);
+  }
+}
+function wrapAuthenticationError(parse, message) {
+  try {
+    return parse();
+  } catch {
+    throw new SrtpAuthenticationError(message);
+  }
+}
+function finalizeSrtpRtpHeader(header, packet, message = "Failed to authenticate SRTP packet") {
+  if (!header.padding) {
+    header.paddingSize = 0;
+    return header;
+  }
+  assertAuthenticatedPacketLength(
+    packet.length > header.payloadOffset,
+    message
+  );
+  const paddingSize = packet[packet.length - 1];
+  assertAuthenticatedPacketLength(
+    paddingSize > 0 && paddingSize <= packet.length - header.payloadOffset,
+    message
+  );
+  header.paddingSize = paddingSize;
+  return header;
+}
+
 // ../rtp/src/srtp/cipher/ctr.ts
 var CipherAesCtr = class extends CipherAesBase {
   constructor(srtpSessionKey, srtpSessionSalt, srtcpSessionKey, srtcpSessionSalt, srtpSessionAuthTag, srtcpSessionAuthTag) {
@@ -4427,10 +4599,20 @@ var CipherAesCtr = class extends CipherAesBase {
     );
     return Buffer.concat([headerBuffer, enc, authTag]);
   }
-  decryptRtp(cipherText, rolloverCounter) {
-    const header = RtpHeader.deSerialize(cipherText);
-    const size = cipherText.length - this.authTagLength;
-    cipherText = cipherText.subarray(0, cipherText.length - this.authTagLength);
+  decryptRtp(cipherText, rolloverCounter, header = parseSrtpRtpHeader(cipherText, this.authTagLength)) {
+    const authTagOffset = cipherText.length - this.authTagLength;
+    const encryptedPacket = cipherText.subarray(0, authTagOffset);
+    const actualAuthTag = cipherText.subarray(authTagOffset);
+    const expectedAuthTag = this.generateSrtpAuthTag(
+      rolloverCounter,
+      encryptedPacket.subarray(0, header.payloadOffset),
+      encryptedPacket.subarray(header.payloadOffset)
+    );
+    assertAuthTag(
+      actualAuthTag,
+      expectedAuthTag,
+      "Failed to authenticate SRTP packet"
+    );
     const counter = this.generateCounter(
       header.sequenceNumber,
       rolloverCounter,
@@ -4442,14 +4624,16 @@ var CipherAesCtr = class extends CipherAesBase {
       this.srtpSessionKey,
       counter
     );
-    const payload = cipherText.subarray(header.payloadOffset);
+    const payload = encryptedPacket.subarray(header.payloadOffset);
     const buf = cipher.update(payload);
     const dst = Buffer.concat([
-      cipherText.subarray(0, header.payloadOffset),
-      buf,
-      Buffer.alloc(size - header.payloadOffset - buf.length)
+      encryptedPacket.subarray(0, header.payloadOffset),
+      buf
     ]);
-    return [dst, header];
+    return [
+      dst,
+      finalizeSrtpRtpHeader(header, dst, "Failed to authenticate SRTP packet")
+    ];
   }
   encryptRTCP(rtcpPacket, srtcpIndex) {
     let out = Buffer.from(rtcpPacket);
@@ -4471,15 +4655,29 @@ var CipherAesCtr = class extends CipherAesBase {
     return out;
   }
   decryptRTCP(encrypted) {
-    const header = RtcpHeader.deSerialize(encrypted);
+    const header = parseSrtcpHeader(
+      encrypted,
+      this.authTagLength,
+      srtcpIndexSize
+    );
     const tailOffset = encrypted.length - (this.authTagLength + srtcpIndexSize);
+    const authenticatedPortion = encrypted.subarray(
+      0,
+      encrypted.length - this.authTagLength
+    );
+    const actualTag = encrypted.subarray(encrypted.length - this.authTagLength);
+    const expectedTag = this.generateSrtcpAuthTag(authenticatedPortion);
+    assertAuthTag(
+      actualTag,
+      expectedTag,
+      "Failed to authenticate SRTCP packet"
+    );
     const out = Buffer.from(encrypted).slice(0, tailOffset);
-    const isEncrypted = encrypted[tailOffset] >> 7;
+    const isEncrypted = encrypted[tailOffset] >>> 7;
     if (isEncrypted === 0) return [out, header];
     let srtcpIndex = encrypted.readUInt32BE(tailOffset);
     srtcpIndex &= ~(1 << 31);
     const ssrc = encrypted.readUInt32BE(4);
-    const actualTag = encrypted.subarray(encrypted.length - 10);
     const counter = this.generateCounter(
       srtcpIndex & 65535,
       srtcpIndex >> 16,
@@ -4520,6 +4718,11 @@ var CipherAesCtr = class extends CipherAesBase {
   }
 };
 var srtcpIndexSize = 4;
+function assertAuthTag(actual, expected, message) {
+  if (actual.length !== expected.length || !timingSafeEqual(actual, expected)) {
+    throw new SrtpAuthenticationError(message);
+  }
+}
 
 // ../rtp/src/srtp/cipher/gcm.ts
 import { createCipheriv as createCipheriv3, createDecipheriv as createDecipheriv2 } from "crypto";
@@ -4542,20 +4745,25 @@ var CipherAesGcm = class extends CipherAesBase {
     const dst = Buffer.concat([hdr, enc, authTag]);
     return dst;
   }
-  decryptRtp(cipherText, rolloverCounter) {
-    const header = RtpHeader.deSerialize(cipherText);
+  decryptRtp(cipherText, rolloverCounter, header = parseSrtpRtpHeader(cipherText, this.aeadAuthTagLen)) {
+    const headerBuffer = cipherText.subarray(0, header.payloadOffset);
+    const authTagOffset = cipherText.length - this.aeadAuthTagLen;
+    const authTag = cipherText.subarray(authTagOffset);
     let dst = Buffer.from([]);
     dst = growBufferSize(dst, cipherText.length - this.aeadAuthTagLen);
-    cipherText.slice(0, header.payloadOffset).copy(dst);
+    headerBuffer.copy(dst);
     const iv = this.rtpInitializationVector(header, rolloverCounter);
-    const enc = cipherText.slice(
-      header.payloadOffset,
-      cipherText.length - this.aeadAuthTagLen
-    );
-    const cipher = createDecipheriv2("aes-128-gcm", this.srtpSessionKey, iv);
-    const dec = cipher.update(enc);
+    const enc = cipherText.slice(header.payloadOffset, authTagOffset);
+    const decipher = createDecipheriv2("aes-128-gcm", this.srtpSessionKey, iv);
+    decipher.setAAD(headerBuffer);
+    decipher.setAuthTag(authTag);
+    const dec = decipher.update(enc);
+    finalizeAuthenticatedDecryption(decipher, "SRTP");
     dec.copy(dst, header.payloadOffset);
-    return [dst, header];
+    return [
+      dst,
+      finalizeSrtpRtpHeader(header, dst, "Failed to authenticate SRTP packet")
+    ];
   }
   encryptRTCP(rtcpPacket, srtcpIndex) {
     const ssrc = rtcpPacket.readUInt32BE(4);
@@ -4576,19 +4784,38 @@ var CipherAesGcm = class extends CipherAesBase {
     return dst;
   }
   decryptRTCP(encrypted) {
-    const header = RtcpHeader.deSerialize(encrypted);
-    const aadPos = encrypted.length - srtcpIndexSize2;
-    const dst = Buffer.alloc(aadPos - this.aeadAuthTagLen);
-    encrypted.slice(0, 8).copy(dst);
+    const header = parseSrtcpHeader(
+      encrypted,
+      this.aeadAuthTagLen,
+      srtcpIndexSize2
+    );
+    const srtcpIndexOffset = encrypted.length - srtcpIndexSize2;
+    const authTagOffset = srtcpIndexOffset - this.aeadAuthTagLen;
     const ssrc = encrypted.readUInt32BE(4);
-    let srtcpIndex = encrypted.readUInt32BE(encrypted.length - 4);
-    srtcpIndex &= ~(rtcpEncryptionFlag << 24);
+    const encodedSrtcpIndex = encrypted.readUInt32BE(srtcpIndexOffset);
+    const isEncrypted = encodedSrtcpIndex >>> 31 === 1;
+    const srtcpIndex = encodedSrtcpIndex & ~(rtcpEncryptionFlag << 24);
     const iv = this.rtcpInitializationVector(ssrc, srtcpIndex);
-    const aad = this.rtcpAdditionalAuthenticatedData(encrypted, srtcpIndex);
-    const cipher = createDecipheriv2("aes-128-gcm", this.srtcpSessionKey, iv);
-    cipher.setAAD(aad);
-    const dec = cipher.update(encrypted.slice(8, aadPos));
-    dec.copy(dst, 8);
+    const aad = isEncrypted ? Buffer.concat([
+      encrypted.subarray(0, 8),
+      encrypted.subarray(srtcpIndexOffset)
+    ]) : Buffer.concat([
+      encrypted.subarray(0, authTagOffset),
+      encrypted.subarray(srtcpIndexOffset)
+    ]);
+    const cipherText = isEncrypted ? encrypted.slice(8, authTagOffset) : Buffer.alloc(0);
+    const dst = isEncrypted ? Buffer.alloc(authTagOffset) : Buffer.from(encrypted.subarray(0, authTagOffset));
+    if (isEncrypted) {
+      encrypted.slice(0, 8).copy(dst);
+    }
+    const decipher = createDecipheriv2("aes-128-gcm", this.srtcpSessionKey, iv);
+    decipher.setAAD(aad);
+    decipher.setAuthTag(encrypted.subarray(authTagOffset, srtcpIndexOffset));
+    const dec = decipher.update(cipherText);
+    finalizeAuthenticatedDecryption(decipher, "SRTCP");
+    if (isEncrypted) {
+      dec.copy(dst, 8);
+    }
     return [dst, header];
   }
   // https://tools.ietf.org/html/rfc7714#section-8.1
@@ -4624,6 +4851,15 @@ var CipherAesGcm = class extends CipherAesBase {
 };
 var srtcpIndexSize2 = 4;
 var rtcpEncryptionFlag = 128;
+function finalizeAuthenticatedDecryption(decipher, packetType) {
+  try {
+    decipher.final();
+  } catch {
+    throw new SrtpAuthenticationError(
+      `Failed to authenticate ${packetType} packet`
+    );
+  }
+}
 
 // ../rtp/src/srtp/context/context.ts
 var Context = class {
@@ -4881,12 +5117,29 @@ var SrtpContext = class extends Context {
     return enc;
   }
   decryptRtp(cipherText) {
-    const header = RtpHeader.deSerialize(cipherText);
-    const s = this.getSrtpSsrcState(header.ssrc);
-    this.updateRolloverCount(header.sequenceNumber, s);
-    const dec = this.cipher.decryptRtp(cipherText, s.rolloverCounter);
+    const header = parseSrtpRtpHeader(cipherText, this.rtpAuthTagLength);
+    const existingState = this.srtpSSRCStates[header.ssrc];
+    const nextState = existingState ? { ...existingState } : {
+      ssrc: header.ssrc,
+      rolloverCounter: 0,
+      lastSequenceNumber: 0
+    };
+    this.updateRolloverCount(header.sequenceNumber, nextState);
+    const dec = this.cipher.decryptRtp(
+      cipherText,
+      nextState.rolloverCounter,
+      header
+    );
+    if (existingState) {
+      Object.assign(existingState, nextState);
+    } else {
+      this.srtpSSRCStates[header.ssrc] = nextState;
+    }
     return dec;
   }
+  get rtpAuthTagLength() {
+    return this.profile === ProtectionProfileAeadAes128Gcm ? 16 : 10;
+  }
 };
 
 // ../rtp/src/srtp/srtp.ts
@@ -8409,6 +8662,16 @@ handlers2[16 /* client_key_exchange_16 */] = ({ cipher, dtls }) => (message) =>
   );
   log18(dtls.sessionId, "setup cipher", cipher.cipher.summary);
 };
+handlers2[11 /* certificate_11 */] = ({ cipher, dtls }) => (message) => {
+  log18(dtls.sessionId, "handshake certificate", message);
+  cipher.remoteCertificate = message.certificateList[0];
+};
+handlers2[15 /* certificate_verify_15 */] = ({ cipher, dtls }) => (message) => {
+  if (!cipher.remoteCertificate) {
+    throw new Error("client certificate missing before certificate verify");
+  }
+  log18(dtls.sessionId, "certificate_verify", message.algorithm);
+};
 handlers2[20 /* finished_20 */] = ({ dtls }) => (message) => {
   log18(dtls.sessionId, "finished", message);
 };
@@ -8421,9 +8684,6 @@ var COOKIE = 554869826;
 var IPV4_PROTOCOL = 1;
 var IPV6_PROTOCOL = 2;
 
-// ../ice/src/stun/message.ts
-import crc32 from "buffer-crc32";
-
 // ../ice/src/stun/attributes.ts
 import * as Int64 from "int64-buffer";
 import nodeIp from "ip";
@@ -8808,7 +9068,6 @@ import { jspack as jspack6 } from "@shinyoshiaki/jspack";
 import { jspack as jspack5 } from "@shinyoshiaki/jspack";
 
 // ../sctp/src/chunk.ts
-import crc32c from "turbo-crc32/crc32c.js";
 var Chunk = class _Chunk {
   constructor(flags = 0, _body = Buffer.from("")) {
     this.flags = flags;
@@ -9206,6 +9465,7 @@ var SCTP_TSN_MODULO = 2 ** 32;
 
 // src/transport/sctp.ts
 var log32 = debug("werift:packages/webrtc/src/transport/sctp.ts");
+var DEFAULT_MAX_MESSAGE_SIZE = 65536;
 
 // src/media/rtpReceiver.ts
 var log33 = debug("werift:packages/webrtc/src/media/rtpReceiver.ts");
@@ -9257,7 +9517,8 @@ function generateDefaultPeerConfig() {
     bundlePolicy: "max-compat",
     debug: {},
     midSuffix: false,
-    forceTurnTCP: false
+    forceTurnTCP: false,
+    maxMessageSize: DEFAULT_MAX_MESSAGE_SIZE
   };
 }
 var defaultPeerConfig = generateDefaultPeerConfig();
@@ -9723,6 +9984,7 @@ export {
   SourceDescriptionChunk,
   SourceDescriptionItem,
   SrtcpSession,
+  SrtpAuthenticationError,
   SrtpSession,
   StatusVectorChunk,
   TcpTransport,
@@ -9747,6 +10009,8 @@ export {
   build,
   bytes,
   containerSupportedCodecs,
+  crc32,
+  crc32c,
   createBufferWriter,
   dePacketizeRtpPackets,
   debug,

package/lib/rtp/src/index.d.ts

@@ -22,4 +22,5 @@ export * from "./rtp/rtp";
 export * from "./rtp/rtx";
 export * from "./srtp/srtcp";
 export * from "./srtp/srtp";
+export * from "./srtp/error";
 export * from "./util";

package/lib/rtp/src/index.js

@@ -38,5 +38,6 @@ __exportStar(require("./rtp/rtp"), exports);
 __exportStar(require("./rtp/rtx"), exports);
 __exportStar(require("./srtp/srtcp"), exports);
 __exportStar(require("./srtp/srtp"), exports);
+__exportStar(require("./srtp/error"), exports);
 __exportStar(require("./util"), exports);
 //# sourceMappingURL=index.js.map

package/lib/rtp/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../rtp/src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kBAAgB;AAChB,+CAA6B;AAC7B,mDAAiC;AACjC,0CAAwB;AACxB,2CAAyB;AACzB,gDAA8B;AAC9B,8CAA4B;AAC5B,oEAAkD;AAClD,mDAAiC;AACjC,4CAA0B;AAC1B,8CAA4B;AAC5B,+CAA6B;AAC7B,oDAAkC;AAClC,oDAAkC;AAClC,8CAA4B;AAC5B,4CAA0B;AAC1B,wDAAsC;AACtC,oDAAkC;AAClC,oDAAkC;AAClC,mDAAiC;AACjC,4CAA0B;AAC1B,4CAA0B;AAC1B,+CAA6B;AAC7B,8CAA4B;AAC5B,yCAAuB","sourcesContent":["import \"buffer\";\nexport * from \"./srtp/const\";\nexport * from \"../../common/src\";\nexport * from \"./codec\";\nexport * from \"./helper\";\nexport * from \"./rtcp/header\";\nexport * from \"./rtcp/psfb\";\nexport * from \"./rtcp/psfb/pictureLossIndication\";\nexport * from \"./rtcp/psfb/remb\";\nexport * from \"./rtcp/rr\";\nexport * from \"./rtcp/rtcp\";\nexport * from \"./rtcp/rtpfb\";\nexport * from \"./rtcp/rtpfb/nack\";\nexport * from \"./rtcp/rtpfb/twcc\";\nexport * from \"./rtcp/sdes\";\nexport * from \"./rtcp/sr\";\nexport * from \"./rtp/headerExtension\";\nexport * from \"./rtp/red/encoder\";\nexport * from \"./rtp/red/handler\";\nexport * from \"./rtp/red/packet\";\nexport * from \"./rtp/rtp\";\nexport * from \"./rtp/rtx\";\nexport * from \"./srtp/srtcp\";\nexport * from \"./srtp/srtp\";\nexport * from \"./util\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../rtp/src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kBAAgB;AAChB,+CAA6B;AAC7B,mDAAiC;AACjC,0CAAwB;AACxB,2CAAyB;AACzB,gDAA8B;AAC9B,8CAA4B;AAC5B,oEAAkD;AAClD,mDAAiC;AACjC,4CAA0B;AAC1B,8CAA4B;AAC5B,+CAA6B;AAC7B,oDAAkC;AAClC,oDAAkC;AAClC,8CAA4B;AAC5B,4CAA0B;AAC1B,wDAAsC;AACtC,oDAAkC;AAClC,oDAAkC;AAClC,mDAAiC;AACjC,4CAA0B;AAC1B,4CAA0B;AAC1B,+CAA6B;AAC7B,8CAA4B;AAC5B,+CAA6B;AAC7B,yCAAuB","sourcesContent":["import \"buffer\";\nexport * from \"./srtp/const\";\nexport * from \"../../common/src\";\nexport * from \"./codec\";\nexport * from \"./helper\";\nexport * from \"./rtcp/header\";\nexport * from \"./rtcp/psfb\";\nexport * from \"./rtcp/psfb/pictureLossIndication\";\nexport * from \"./rtcp/psfb/remb\";\nexport * from \"./rtcp/rr\";\nexport * from \"./rtcp/rtcp\";\nexport * from \"./rtcp/rtpfb\";\nexport * from \"./rtcp/rtpfb/nack\";\nexport * from \"./rtcp/rtpfb/twcc\";\nexport * from \"./rtcp/sdes\";\nexport * from \"./rtcp/sr\";\nexport * from \"./rtp/headerExtension\";\nexport * from \"./rtp/red/encoder\";\nexport * from \"./rtp/red/handler\";\nexport * from \"./rtp/red/packet\";\nexport * from \"./rtp/rtp\";\nexport * from \"./rtp/rtx\";\nexport * from \"./srtp/srtcp\";\nexport * from \"./srtp/srtp\";\nexport * from \"./srtp/error\";\nexport * from \"./util\";\n"]}

package/lib/rtp/src/srtp/cipher/ctr.d.ts

@@ -1,13 +1,13 @@
 import { CipherAesBase } from ".";
-import { RtcpHeader } from "../../rtcp/header";
-import { RtpHeader } from "../../rtp/rtp";
+import type { RtcpHeader } from "../../rtcp/header";
+import type { RtpHeader } from "../../rtp/rtp";
 export declare class CipherAesCtr extends CipherAesBase {
     private srtpSessionAuthTag;
     private srtcpSessionAuthTag;
     readonly authTagLength = 10;
     constructor(srtpSessionKey: Buffer, srtpSessionSalt: Buffer, srtcpSessionKey: Buffer, srtcpSessionSalt: Buffer, srtpSessionAuthTag: Buffer, srtcpSessionAuthTag: Buffer);
     encryptRtp(header: RtpHeader, payload: Buffer, rolloverCounter: number): Buffer<ArrayBuffer>;
-    decryptRtp(cipherText: Buffer, rolloverCounter: number): [Buffer, RtpHeader];
+    decryptRtp(cipherText: Buffer, rolloverCounter: number, header?: RtpHeader): [Buffer, RtpHeader];
     encryptRTCP(rtcpPacket: Buffer, srtcpIndex: number): Buffer;
     decryptRTCP(encrypted: Buffer): [Buffer, RtcpHeader];
     generateSrtcpAuthTag(buf: Buffer): Buffer<ArrayBuffer>;

package/lib/rtp/src/srtp/cipher/ctr.js

@@ -3,8 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.CipherAesCtr = void 0;
 const crypto_1 = require("crypto");
 const _1 = require(".");
-const header_1 = require("../../rtcp/header");
-const rtp_1 = require("../../rtp/rtp");
+const error_1 = require("../error");
+const packet_1 = require("../packet");
 class CipherAesCtr extends _1.CipherAesBase {
     constructor(srtpSessionKey, srtpSessionSalt, srtcpSessionKey, srtcpSessionSalt, srtpSessionAuthTag, srtcpSessionAuthTag) {
         super(srtpSessionKey, srtpSessionSalt, srtcpSessionKey, srtcpSessionSalt);
@@ -35,20 +35,24 @@ class CipherAesCtr extends _1.CipherAesBase {
         const authTag = this.generateSrtpAuthTag(rolloverCounter, headerBuffer, enc);
         return Buffer.concat([headerBuffer, enc, authTag]);
     }
-    decryptRtp(cipherText, rolloverCounter) {
-        const header = rtp_1.RtpHeader.deSerialize(cipherText);
-        const size = cipherText.length - this.authTagLength;
-        cipherText = cipherText.subarray(0, cipherText.length - this.authTagLength);
+    decryptRtp(cipherText, rolloverCounter, header = (0, packet_1.parseSrtpRtpHeader)(cipherText, this.authTagLength)) {
+        const authTagOffset = cipherText.length - this.authTagLength;
+        const encryptedPacket = cipherText.subarray(0, authTagOffset);
+        const actualAuthTag = cipherText.subarray(authTagOffset);
+        const expectedAuthTag = this.generateSrtpAuthTag(rolloverCounter, encryptedPacket.subarray(0, header.payloadOffset), encryptedPacket.subarray(header.payloadOffset));
+        assertAuthTag(actualAuthTag, expectedAuthTag, "Failed to authenticate SRTP packet");
         const counter = this.generateCounter(header.sequenceNumber, rolloverCounter, header.ssrc, this.srtpSessionSalt);
         const cipher = (0, crypto_1.createDecipheriv)("aes-128-ctr", this.srtpSessionKey, counter);
-        const payload = cipherText.subarray(header.payloadOffset);
+        const payload = encryptedPacket.subarray(header.payloadOffset);
         const buf = cipher.update(payload);
         const dst = Buffer.concat([
-            cipherText.subarray(0, header.payloadOffset),
+            encryptedPacket.subarray(0, header.payloadOffset),
             buf,
-            Buffer.alloc(size - header.payloadOffset - buf.length),
         ]);
-        return [dst, header];
+        return [
+            dst,
+            (0, packet_1.finalizeSrtpRtpHeader)(header, dst, "Failed to authenticate SRTP packet"),
+        ];
     }
     encryptRTCP(rtcpPacket, srtcpIndex) {
         let out = Buffer.from(rtcpPacket);
@@ -66,17 +70,19 @@ class CipherAesCtr extends _1.CipherAesBase {
         return out;
     }
     decryptRTCP(encrypted) {
-        const header = header_1.RtcpHeader.deSerialize(encrypted);
+        const header = (0, packet_1.parseSrtcpHeader)(encrypted, this.authTagLength, srtcpIndexSize);
         const tailOffset = encrypted.length - (this.authTagLength + srtcpIndexSize);
+        const authenticatedPortion = encrypted.subarray(0, encrypted.length - this.authTagLength);
+        const actualTag = encrypted.subarray(encrypted.length - this.authTagLength);
+        const expectedTag = this.generateSrtcpAuthTag(authenticatedPortion);
+        assertAuthTag(actualTag, expectedTag, "Failed to authenticate SRTCP packet");
         const out = Buffer.from(encrypted).slice(0, tailOffset);
-        const isEncrypted = encrypted[tailOffset] >> 7;
+        const isEncrypted = encrypted[tailOffset] >>> 7;
         if (isEncrypted === 0)
             return [out, header];
         let srtcpIndex = encrypted.readUInt32BE(tailOffset);
         srtcpIndex &= ~(1 << 31);
         const ssrc = encrypted.readUInt32BE(4);
-        // todo impl compare
-        const actualTag = encrypted.subarray(encrypted.length - 10);
         const counter = this.generateCounter(srtcpIndex & 0xffff, srtcpIndex >> 16, ssrc, this.srtcpSessionSalt);
         const cipher = (0, crypto_1.createDecipheriv)("aes-128-ctr", this.srtcpSessionKey, counter);
         const buf = cipher.update(out.subarray(8));
@@ -109,4 +115,9 @@ class CipherAesCtr extends _1.CipherAesBase {
 }
 exports.CipherAesCtr = CipherAesCtr;
 const srtcpIndexSize = 4;
+function assertAuthTag(actual, expected, message) {
+    if (actual.length !== expected.length || !(0, crypto_1.timingSafeEqual)(actual, expected)) {
+        throw new error_1.SrtpAuthenticationError(message);
+    }
+}
 //# sourceMappingURL=ctr.js.map

package/lib/rtp/src/srtp/cipher/ctr.js.map

@@ -1 +1 @@
-{"version":3,"file":"ctr.js","sourceRoot":"","sources":["../../../../../../rtp/src/srtp/cipher/ctr.ts"],"names":[],"mappings":";;;AAAA,mCAAsE;AAEtE,wBAAkC;AAClC,8CAA+C;AAC/C,uCAA0C;AAE1C,MAAa,YAAa,SAAQ,gBAAa;IAG7C,YACE,cAAsB,EACtB,eAAuB,EACvB,eAAuB,EACvB,gBAAwB,EAChB,kBAA0B,EAC1B,mBAA2B;QAEnC,KAAK,CAAC,cAAc,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC;QAH1E;;;;mBAAQ,kBAAkB;WAAQ;QAClC;;;;mBAAQ,mBAAmB;WAAQ;QAR5B;;;;mBAAgB,EAAE;WAAC;IAW5B,CAAC;IAED,UAAU,CAAC,MAAiB,EAAE,OAAe,EAAE,eAAuB;QACpE,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAE5D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAClC,MAAM,CAAC,cAAc,EACrB,eAAe,EACf,MAAM,CAAC,IAAI,EACX,IAAI,CAAC,eAAe,CACrB,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC3E,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnC,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CACtC,eAAe,EACf,YAAY,EACZ,GAAG,CACJ,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,UAAU,CAAC,UAAkB,EAAE,eAAuB;QACpD,MAAM,MAAM,GAAG,eAAS,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEjD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC;QAEpD,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;QAE5E,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAClC,MAAM,CAAC,cAAc,EACrB,eAAe,EACf,MAAM,CAAC,IAAI,EACX,IAAI,CAAC,eAAe,CACrB,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,yBAAgB,EAC7B,aAAa,EACb,IAAI,CAAC,cAAc,EACnB,OAAO,CACR,CAAC;QACF,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;YACxB,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,aAAa,CAAC;YAC5C,GAAG;YACH,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,MAAM,CAAC,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC;SACvD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACvB,CAAC;IAED,WAAW,CAAC,UAAkB,EAAE,UAAkB;QAChD,IAAI,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAEjC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAClC,UAAU,GAAG,MAAM,EACnB,UAAU,IAAI,EAAE,EAChB,IAAI,EACJ,IAAI,CAAC,gBAAgB,CACtB,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,aAAa,EAAE,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAC5E,kCAAkC;QAClC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACjB,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5C,GAAG,CAAC,aAAa,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC9C,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAC/C,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;QAEpC,OAAO,GAAG,CAAC;IACb,CAAC;IAED,WAAW,CAAC,SAAiB;QAC3B,MAAM,MAAM,GAAG,mBAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAEjD,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,aAAa,GAAG,cAAc,CAAC,CAAC;QAC5E,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QAExD,MAAM,WAAW,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,WAAW,KAAK,CAAC;YAAE,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAE5C,IAAI,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QACpD,UAAU,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAEzB,MAAM,IAAI,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAEvC,oBAAoB;QACpB,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAE5D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAClC,UAAU,GAAG,MAAM,EACnB,UAAU,IAAI,EAAE,EAChB,IAAI,EACJ,IAAI,CAAC,gBAAgB,CACtB,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,yBAAgB,EAC7B,aAAa,EACb,IAAI,CAAC,eAAe,EACpB,OAAO,CACR,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACvB,CAAC;IAED,oBAAoB,CAAC,GAAW;QAC9B,MAAM,gBAAgB,GAAG,IAAA,mBAAU,EAAC,MAAM,EAAE,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACtE,OAAO,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,eAAe,CACb,cAAsB,EACtB,eAAuB,EACvB,IAAY,EACZ,WAAmB;QAEnB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjC,OAAO,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/B,OAAO,CAAC,aAAa,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;QAC1C,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAEjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5C,OAAO,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,mBAAmB,CAAC,GAAW,EAAE,GAAG,OAAiB;QACnD,MAAM,eAAe,GAAG,IAAA,mBAAU,EAAC,MAAM,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACpE,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAE1B,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjE,CAAC;CACF;AAzJD,oCAyJC;AAED,MAAM,cAAc,GAAG,CAAC,CAAC","sourcesContent":["import { createCipheriv, createDecipheriv, createHmac } from \"crypto\";\n\nimport { CipherAesBase } from \".\";\nimport { RtcpHeader } from \"../../rtcp/header\";\nimport { RtpHeader } from \"../../rtp/rtp\";\n\nexport class CipherAesCtr extends CipherAesBase {\n  readonly authTagLength = 10;\n\n  constructor(\n    srtpSessionKey: Buffer,\n    srtpSessionSalt: Buffer,\n    srtcpSessionKey: Buffer,\n    srtcpSessionSalt: Buffer,\n    private srtpSessionAuthTag: Buffer,\n    private srtcpSessionAuthTag: Buffer,\n  ) {\n    super(srtpSessionKey, srtpSessionSalt, srtcpSessionKey, srtcpSessionSalt);\n  }\n\n  encryptRtp(header: RtpHeader, payload: Buffer, rolloverCounter: number) {\n    const headerBuffer = header.serialize(header.serializeSize);\n\n    const counter = this.generateCounter(\n      header.sequenceNumber,\n      rolloverCounter,\n      header.ssrc,\n      this.srtpSessionSalt,\n    );\n\n    const cipher = createCipheriv(\"aes-128-ctr\", this.srtpSessionKey, counter);\n    const enc = cipher.update(payload);\n\n    const authTag = this.generateSrtpAuthTag(\n      rolloverCounter,\n      headerBuffer,\n      enc,\n    );\n    return Buffer.concat([headerBuffer, enc, authTag]);\n  }\n\n  decryptRtp(cipherText: Buffer, rolloverCounter: number): [Buffer, RtpHeader] {\n    const header = RtpHeader.deSerialize(cipherText);\n\n    const size = cipherText.length - this.authTagLength;\n\n    cipherText = cipherText.subarray(0, cipherText.length - this.authTagLength);\n\n    const counter = this.generateCounter(\n      header.sequenceNumber,\n      rolloverCounter,\n      header.ssrc,\n      this.srtpSessionSalt,\n    );\n    const cipher = createDecipheriv(\n      \"aes-128-ctr\",\n      this.srtpSessionKey,\n      counter,\n    );\n    const payload = cipherText.subarray(header.payloadOffset);\n    const buf = cipher.update(payload);\n\n    const dst = Buffer.concat([\n      cipherText.subarray(0, header.payloadOffset),\n      buf,\n      Buffer.alloc(size - header.payloadOffset - buf.length),\n    ]);\n\n    return [dst, header];\n  }\n\n  encryptRTCP(rtcpPacket: Buffer, srtcpIndex: number): Buffer {\n    let out = Buffer.from(rtcpPacket);\n    const ssrc = out.readUInt32BE(4);\n\n    const counter = this.generateCounter(\n      srtcpIndex & 0xffff,\n      srtcpIndex >> 16,\n      ssrc,\n      this.srtcpSessionSalt,\n    );\n    const cipher = createCipheriv(\"aes-128-ctr\", this.srtcpSessionKey, counter);\n    // Encrypt everything after header\n    const buf = cipher.update(out.slice(8));\n    buf.copy(out, 8);\n    out = Buffer.concat([out, Buffer.alloc(4)]);\n    out.writeUInt32BE(srtcpIndex, out.length - 4);\n    out[out.length - 4] |= 0x80;\n    const authTag = this.generateSrtcpAuthTag(out);\n    out = Buffer.concat([out, authTag]);\n\n    return out;\n  }\n\n  decryptRTCP(encrypted: Buffer): [Buffer, RtcpHeader] {\n    const header = RtcpHeader.deSerialize(encrypted);\n\n    const tailOffset = encrypted.length - (this.authTagLength + srtcpIndexSize);\n    const out = Buffer.from(encrypted).slice(0, tailOffset);\n\n    const isEncrypted = encrypted[tailOffset] >> 7;\n    if (isEncrypted === 0) return [out, header];\n\n    let srtcpIndex = encrypted.readUInt32BE(tailOffset);\n    srtcpIndex &= ~(1 << 31);\n\n    const ssrc = encrypted.readUInt32BE(4);\n\n    // todo impl compare\n    const actualTag = encrypted.subarray(encrypted.length - 10);\n\n    const counter = this.generateCounter(\n      srtcpIndex & 0xffff,\n      srtcpIndex >> 16,\n      ssrc,\n      this.srtcpSessionSalt,\n    );\n    const cipher = createDecipheriv(\n      \"aes-128-ctr\",\n      this.srtcpSessionKey,\n      counter,\n    );\n    const buf = cipher.update(out.subarray(8));\n    buf.copy(out, 8);\n    return [out, header];\n  }\n\n  generateSrtcpAuthTag(buf: Buffer) {\n    const srtcpSessionAuth = createHmac(\"sha1\", this.srtcpSessionAuthTag);\n    return srtcpSessionAuth.update(buf).digest().slice(0, 10);\n  }\n\n  generateCounter(\n    sequenceNumber: number,\n    rolloverCounter: number,\n    ssrc: number,\n    sessionSalt: Buffer,\n  ) {\n    const counter = Buffer.alloc(16);\n    counter.writeUInt32BE(ssrc, 4);\n    counter.writeUInt32BE(rolloverCounter, 8);\n    counter.writeUInt32BE(Number(BigInt(sequenceNumber) << 16n), 12);\n\n    for (let i = 0; i < sessionSalt.length; i++) {\n      counter[i] ^= sessionSalt[i];\n    }\n    return counter;\n  }\n\n  generateSrtpAuthTag(roc: number, ...buffers: Buffer[]) {\n    const srtpSessionAuth = createHmac(\"sha1\", this.srtpSessionAuthTag);\n    const rocRaw = Buffer.alloc(4);\n    rocRaw.writeUInt32BE(roc);\n\n    for (const buf of buffers) {\n      srtpSessionAuth.update(buf);\n    }\n    return srtpSessionAuth.update(rocRaw).digest().subarray(0, 10);\n  }\n}\n\nconst srtcpIndexSize = 4;\n"]}
+{"version":3,"file":"ctr.js","sourceRoot":"","sources":["../../../../../../rtp/src/srtp/cipher/ctr.ts"],"names":[],"mappings":";;;AAAA,mCAKgB;AAEhB,wBAAkC;AAGlC,oCAAmD;AACnD,sCAImB;AAEnB,MAAa,YAAa,SAAQ,gBAAa;IAG7C,YACE,cAAsB,EACtB,eAAuB,EACvB,eAAuB,EACvB,gBAAwB,EAChB,kBAA0B,EAC1B,mBAA2B;QAEnC,KAAK,CAAC,cAAc,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC;QAH1E;;;;mBAAQ,kBAAkB;WAAQ;QAClC;;;;mBAAQ,mBAAmB;WAAQ;QAR5B;;;;mBAAgB,EAAE;WAAC;IAW5B,CAAC;IAED,UAAU,CAAC,MAAiB,EAAE,OAAe,EAAE,eAAuB;QACpE,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAE5D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAClC,MAAM,CAAC,cAAc,EACrB,eAAe,EACf,MAAM,CAAC,IAAI,EACX,IAAI,CAAC,eAAe,CACrB,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC3E,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnC,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CACtC,eAAe,EACf,YAAY,EACZ,GAAG,CACJ,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,UAAU,CACR,UAAkB,EAClB,eAAuB,EACvB,MAAM,GAAG,IAAA,2BAAkB,EAAC,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC;QAE3D,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC;QAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;QAC9D,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAEzD,MAAM,eAAe,GAAG,IAAI,CAAC,mBAAmB,CAC9C,eAAe,EACf,eAAe,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,aAAa,CAAC,EACjD,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAC/C,CAAC;QACF,aAAa,CACX,aAAa,EACb,eAAe,EACf,oCAAoC,CACrC,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAClC,MAAM,CAAC,cAAc,EACrB,eAAe,EACf,MAAM,CAAC,IAAI,EACX,IAAI,CAAC,eAAe,CACrB,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,yBAAgB,EAC7B,aAAa,EACb,IAAI,CAAC,cAAc,EACnB,OAAO,CACR,CAAC;QACF,MAAM,OAAO,GAAG,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAC/D,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;YACxB,eAAe,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,aAAa,CAAC;YACjD,GAAG;SACJ,CAAC,CAAC;QAEH,OAAO;YACL,GAAG;YACH,IAAA,8BAAqB,EAAC,MAAM,EAAE,GAAG,EAAE,oCAAoC,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,WAAW,CAAC,UAAkB,EAAE,UAAkB;QAChD,IAAI,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAEjC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAClC,UAAU,GAAG,MAAM,EACnB,UAAU,IAAI,EAAE,EAChB,IAAI,EACJ,IAAI,CAAC,gBAAgB,CACtB,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,aAAa,EAAE,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAC5E,kCAAkC;QAClC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACjB,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5C,GAAG,CAAC,aAAa,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC9C,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAC/C,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;QAEpC,OAAO,GAAG,CAAC;IACb,CAAC;IAED,WAAW,CAAC,SAAiB;QAC3B,MAAM,MAAM,GAAG,IAAA,yBAAgB,EAC7B,SAAS,EACT,IAAI,CAAC,aAAa,EAClB,cAAc,CACf,CAAC;QAEF,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,aAAa,GAAG,cAAc,CAAC,CAAC;QAC5E,MAAM,oBAAoB,GAAG,SAAS,CAAC,QAAQ,CAC7C,CAAC,EACD,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CACtC,CAAC;QACF,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;QAC5E,MAAM,WAAW,GAAG,IAAI,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,CAAC;QACpE,aAAa,CACX,SAAS,EACT,WAAW,EACX,qCAAqC,CACtC,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QAExD,MAAM,WAAW,GAAG,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,WAAW,KAAK,CAAC;YAAE,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAE5C,IAAI,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QACpD,UAAU,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAEzB,MAAM,IAAI,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAEvC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAClC,UAAU,GAAG,MAAM,EACnB,UAAU,IAAI,EAAE,EAChB,IAAI,EACJ,IAAI,CAAC,gBAAgB,CACtB,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,yBAAgB,EAC7B,aAAa,EACb,IAAI,CAAC,eAAe,EACpB,OAAO,CACR,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACvB,CAAC;IAED,oBAAoB,CAAC,GAAW;QAC9B,MAAM,gBAAgB,GAAG,IAAA,mBAAU,EAAC,MAAM,EAAE,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACtE,OAAO,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,eAAe,CACb,cAAsB,EACtB,eAAuB,EACvB,IAAY,EACZ,WAAmB;QAEnB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjC,OAAO,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/B,OAAO,CAAC,aAAa,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;QAC1C,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAEjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5C,OAAO,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,mBAAmB,CAAC,GAAW,EAAE,GAAG,OAAiB;QACnD,MAAM,eAAe,GAAG,IAAA,mBAAU,EAAC,MAAM,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACpE,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAE1B,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjE,CAAC;CACF;AArLD,oCAqLC;AAED,MAAM,cAAc,GAAG,CAAC,CAAC;AAEzB,SAAS,aAAa,CAAC,MAAc,EAAE,QAAgB,EAAE,OAAe;IACtE,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,IAAI,CAAC,IAAA,wBAAe,EAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC5E,MAAM,IAAI,+BAAuB,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC","sourcesContent":["import {\n  createCipheriv,\n  createDecipheriv,\n  createHmac,\n  timingSafeEqual,\n} from \"crypto\";\n\nimport { CipherAesBase } from \".\";\nimport type { RtcpHeader } from \"../../rtcp/header\";\nimport type { RtpHeader } from \"../../rtp/rtp\";\nimport { SrtpAuthenticationError } from \"../error\";\nimport {\n  finalizeSrtpRtpHeader,\n  parseSrtcpHeader,\n  parseSrtpRtpHeader,\n} from \"../packet\";\n\nexport class CipherAesCtr extends CipherAesBase {\n  readonly authTagLength = 10;\n\n  constructor(\n    srtpSessionKey: Buffer,\n    srtpSessionSalt: Buffer,\n    srtcpSessionKey: Buffer,\n    srtcpSessionSalt: Buffer,\n    private srtpSessionAuthTag: Buffer,\n    private srtcpSessionAuthTag: Buffer,\n  ) {\n    super(srtpSessionKey, srtpSessionSalt, srtcpSessionKey, srtcpSessionSalt);\n  }\n\n  encryptRtp(header: RtpHeader, payload: Buffer, rolloverCounter: number) {\n    const headerBuffer = header.serialize(header.serializeSize);\n\n    const counter = this.generateCounter(\n      header.sequenceNumber,\n      rolloverCounter,\n      header.ssrc,\n      this.srtpSessionSalt,\n    );\n\n    const cipher = createCipheriv(\"aes-128-ctr\", this.srtpSessionKey, counter);\n    const enc = cipher.update(payload);\n\n    const authTag = this.generateSrtpAuthTag(\n      rolloverCounter,\n      headerBuffer,\n      enc,\n    );\n    return Buffer.concat([headerBuffer, enc, authTag]);\n  }\n\n  decryptRtp(\n    cipherText: Buffer,\n    rolloverCounter: number,\n    header = parseSrtpRtpHeader(cipherText, this.authTagLength),\n  ): [Buffer, RtpHeader] {\n    const authTagOffset = cipherText.length - this.authTagLength;\n    const encryptedPacket = cipherText.subarray(0, authTagOffset);\n    const actualAuthTag = cipherText.subarray(authTagOffset);\n\n    const expectedAuthTag = this.generateSrtpAuthTag(\n      rolloverCounter,\n      encryptedPacket.subarray(0, header.payloadOffset),\n      encryptedPacket.subarray(header.payloadOffset),\n    );\n    assertAuthTag(\n      actualAuthTag,\n      expectedAuthTag,\n      \"Failed to authenticate SRTP packet\",\n    );\n\n    const counter = this.generateCounter(\n      header.sequenceNumber,\n      rolloverCounter,\n      header.ssrc,\n      this.srtpSessionSalt,\n    );\n    const cipher = createDecipheriv(\n      \"aes-128-ctr\",\n      this.srtpSessionKey,\n      counter,\n    );\n    const payload = encryptedPacket.subarray(header.payloadOffset);\n    const buf = cipher.update(payload);\n\n    const dst = Buffer.concat([\n      encryptedPacket.subarray(0, header.payloadOffset),\n      buf,\n    ]);\n\n    return [\n      dst,\n      finalizeSrtpRtpHeader(header, dst, \"Failed to authenticate SRTP packet\"),\n    ];\n  }\n\n  encryptRTCP(rtcpPacket: Buffer, srtcpIndex: number): Buffer {\n    let out = Buffer.from(rtcpPacket);\n    const ssrc = out.readUInt32BE(4);\n\n    const counter = this.generateCounter(\n      srtcpIndex & 0xffff,\n      srtcpIndex >> 16,\n      ssrc,\n      this.srtcpSessionSalt,\n    );\n    const cipher = createCipheriv(\"aes-128-ctr\", this.srtcpSessionKey, counter);\n    // Encrypt everything after header\n    const buf = cipher.update(out.slice(8));\n    buf.copy(out, 8);\n    out = Buffer.concat([out, Buffer.alloc(4)]);\n    out.writeUInt32BE(srtcpIndex, out.length - 4);\n    out[out.length - 4] |= 0x80;\n    const authTag = this.generateSrtcpAuthTag(out);\n    out = Buffer.concat([out, authTag]);\n\n    return out;\n  }\n\n  decryptRTCP(encrypted: Buffer): [Buffer, RtcpHeader] {\n    const header = parseSrtcpHeader(\n      encrypted,\n      this.authTagLength,\n      srtcpIndexSize,\n    );\n\n    const tailOffset = encrypted.length - (this.authTagLength + srtcpIndexSize);\n    const authenticatedPortion = encrypted.subarray(\n      0,\n      encrypted.length - this.authTagLength,\n    );\n    const actualTag = encrypted.subarray(encrypted.length - this.authTagLength);\n    const expectedTag = this.generateSrtcpAuthTag(authenticatedPortion);\n    assertAuthTag(\n      actualTag,\n      expectedTag,\n      \"Failed to authenticate SRTCP packet\",\n    );\n\n    const out = Buffer.from(encrypted).slice(0, tailOffset);\n\n    const isEncrypted = encrypted[tailOffset] >>> 7;\n    if (isEncrypted === 0) return [out, header];\n\n    let srtcpIndex = encrypted.readUInt32BE(tailOffset);\n    srtcpIndex &= ~(1 << 31);\n\n    const ssrc = encrypted.readUInt32BE(4);\n\n    const counter = this.generateCounter(\n      srtcpIndex & 0xffff,\n      srtcpIndex >> 16,\n      ssrc,\n      this.srtcpSessionSalt,\n    );\n    const cipher = createDecipheriv(\n      \"aes-128-ctr\",\n      this.srtcpSessionKey,\n      counter,\n    );\n    const buf = cipher.update(out.subarray(8));\n    buf.copy(out, 8);\n    return [out, header];\n  }\n\n  generateSrtcpAuthTag(buf: Buffer) {\n    const srtcpSessionAuth = createHmac(\"sha1\", this.srtcpSessionAuthTag);\n    return srtcpSessionAuth.update(buf).digest().slice(0, 10);\n  }\n\n  generateCounter(\n    sequenceNumber: number,\n    rolloverCounter: number,\n    ssrc: number,\n    sessionSalt: Buffer,\n  ) {\n    const counter = Buffer.alloc(16);\n    counter.writeUInt32BE(ssrc, 4);\n    counter.writeUInt32BE(rolloverCounter, 8);\n    counter.writeUInt32BE(Number(BigInt(sequenceNumber) << 16n), 12);\n\n    for (let i = 0; i < sessionSalt.length; i++) {\n      counter[i] ^= sessionSalt[i];\n    }\n    return counter;\n  }\n\n  generateSrtpAuthTag(roc: number, ...buffers: Buffer[]) {\n    const srtpSessionAuth = createHmac(\"sha1\", this.srtpSessionAuthTag);\n    const rocRaw = Buffer.alloc(4);\n    rocRaw.writeUInt32BE(roc);\n\n    for (const buf of buffers) {\n      srtpSessionAuth.update(buf);\n    }\n    return srtpSessionAuth.update(rocRaw).digest().subarray(0, 10);\n  }\n}\n\nconst srtcpIndexSize = 4;\n\nfunction assertAuthTag(actual: Buffer, expected: Buffer, message: string) {\n  if (actual.length !== expected.length || !timingSafeEqual(actual, expected)) {\n    throw new SrtpAuthenticationError(message);\n  }\n}\n"]}