successful encryption

srt/crypt.go

@@ -145,3 +145,23 @@ func (crypt *CryptHandler) Unwrap(wrapped_key []byte, passphrase string, key_typ
 	}
 	return true
 }
+
+func (crypt *CryptHandler) Decrypt(pkt *Packet) {
+	var sek cipher.Block
+	switch pkt.header_info.(*DataHeader).msg_flags & 0x6 {
+	case 2:
+		sek = crypt.even_sek
+	case 4:
+		sek = crypt.odd_sek
+	default:
+		return
+	}
+	
+	IV := make([]byte, crypt.key_len)
+	binary.BigEndian.PutUint32(IV[10:14], pkt.header_info.(*DataHeader).seq_num)
+	for i := 0; i < 14; i++ {
+		IV[i] ^= crypt.salt[i]
+	}
+	ctr := cipher.NewCTR(sek, IV)
+	ctr.XORKeyStream(pkt.cif.([]byte), pkt.cif.([]byte))
+}

srt/protocol.go

@@ -182,6 +182,7 @@ func (agent *SRTManager) process_conclusion(packet *Packet) (*Packet) {
 					// else return since needed
 					resp_packet.cif.(*HandshakeCIF).hs_extensions = append(resp_packet.cif.(*HandshakeCIF).hs_extensions, v)
 					v.ext_type = 4
+					agent.crypt = crypt_handler
 				}
 			}
 			agent.pings[0][1] = time.Now()
@@ -285,6 +286,9 @@ func (agent *SRTManager) process_data(packet *Packet) (*Packet) {
 	case DATA:
 		// if data, add to storage, linking, etc
 		// then check if ack or nack can be generated (every 10 ms)
+		if agent.crypt != nil {
+			agent.crypt.Decrypt(packet)
+		}
 		agent.handle_data_storage(packet)
 		if time.Now().Sub(agent.pings[len(agent.pings) - 1][0]).Milliseconds() >= 10 {
 			return agent.create_ack_report()