xref: /aosp_15_r20/external/webrtc/pc/g3doc/srtp.md (revision d9f758449e529ab9291ac668be2861e7a55c2422) 
1<?% config.freshness.reviewed = '2021-05-13' %?>
2<?% config.freshness.owner = 'hta' %?>
3
4# SRTP in WebRTC
5
6WebRTC mandates encryption of media by means of the Secure Realtime Protocol, or
7SRTP, which is described in
8[RFC 3711](https://datatracker.ietf.org/doc/html/rfc3711).
9
10The key negotiation in WebRTC happens using DTLS-SRTP which is described in
11[RFC 5764](https://datatracker.ietf.org/doc/html/rfc5764). The older
12[SDES protocol](https://datatracker.ietf.org/doc/html/rfc4568) is implemented
13but not enabled by default.
14
15Unencrypted RTP can be enabled for debugging purposes by setting the
16PeerConnections [`disable_encryption`][1] option to true.
17
18## Supported cipher suites
19
20The implementation supports the following cipher suites:
21
22*   SRTP_AES128_CM_HMAC_SHA1_80
23*   SRTP_AEAD_AES_128_GCM
24*   SRTP_AEAD_AES_256_GCM
25
26The SRTP_AES128_CM_HMAC_SHA1_32 cipher suite is accepted for audio-only
27connections if offered by the other side. It is not actively supported, see
28[SelectCrypto][2] for details.
29
30The cipher suite ordering allows a non-WebRTC peer to prefer GCM cipher suites,
31however they are not selected as default by two instances of the WebRTC library.
32
33## cricket::SrtpSession
34
35The [`cricket::SrtpSession`][3] is providing encryption and decryption of SRTP
36packets using [`libsrtp`](https://github.com/cisco/libsrtp). Keys will be
37provided by `SrtpTransport` or `DtlsSrtpTransport` in the [`SetSend`][4] and
38[`SetRecv`][5] methods.
39
40Encryption and decryption happens in-place in the [`ProtectRtp`][6],
41[`ProtectRtcp`][7], [`UnprotectRtp`][8] and [`UnprotectRtcp`][9] methods. The
42`SrtpSession` class also takes care of initializing and deinitializing `libsrtp`
43by keeping track of how many instances are being used.
44
45## webrtc::SrtpTransport and webrtc::DtlsSrtpTransport
46
47The [`webrtc::SrtpTransport`][10] class is controlling the `SrtpSession`
48instances for RTP and RTCP. When
49[rtcp-mux](https://datatracker.ietf.org/doc/html/rfc5761) is used, the
50`SrtpSession` for RTCP is not needed.
51
52[`webrtc:DtlsSrtpTransport`][11] is a subclass of the `SrtpTransport` that
53extracts the keying material when the DTLS handshake is done and configures it
54in its base class. It will also become writable only once the DTLS handshake is
55done.
56
57## cricket::SrtpFilter
58
59The [`cricket::SrtpFilter`][12] class is used to negotiate SDES.
60
61[1]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/api/peer_connection_interface.h;l=1413;drc=f467b445631189557d44de86a77ca6a0c3e2108d
62[2]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/media_session.cc;l=297;drc=3ac73bd0aa5322abee98f1ff8705af64a184bf61
63[3]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=33;drc=be66d95ab7f9428028806bbf66cb83800bda9241
64[4]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=40;drc=be66d95ab7f9428028806bbf66cb83800bda9241
65[5]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=51;drc=be66d95ab7f9428028806bbf66cb83800bda9241
66[6]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=62;drc=be66d95ab7f9428028806bbf66cb83800bda9241
67[7]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=69;drc=be66d95ab7f9428028806bbf66cb83800bda9241
68[8]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=72;drc=be66d95ab7f9428028806bbf66cb83800bda9241
69[9]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=73;drc=be66d95ab7f9428028806bbf66cb83800bda9241
70[10]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_transport.h;l=37;drc=a4d873786f10eedd72de25ad0d94ad7c53c1f68a
71[11]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/dtls_srtp_transport.h;l=31;drc=2f8e0536eb97ce2131e7a74e3ca06077aa0b64b3
72[12]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_filter.h;drc=d15a575ec3528c252419149d35977e55269d8a41
73