diff --git a/srt/crypt.go b/srt/crypt.go index e2e66cf..5ee6477 100644 --- a/srt/crypt.go +++ b/srt/crypt.go @@ -145,3 +145,23 @@ func (crypt *CryptHandler) Unwrap(wrapped_key []byte, passphrase string, key_typ } return true } + +func (crypt *CryptHandler) Decrypt(pkt *Packet) { + var sek cipher.Block + switch pkt.header_info.(*DataHeader).msg_flags & 0x6 { + case 2: + sek = crypt.even_sek + case 4: + sek = crypt.odd_sek + default: + return + } + + IV := make([]byte, crypt.key_len) + binary.BigEndian.PutUint32(IV[10:14], pkt.header_info.(*DataHeader).seq_num) + for i := 0; i < 14; i++ { + IV[i] ^= crypt.salt[i] + } + ctr := cipher.NewCTR(sek, IV) + ctr.XORKeyStream(pkt.cif.([]byte), pkt.cif.([]byte)) +} diff --git a/srt/protocol.go b/srt/protocol.go index 5128c1e..3f2c7fc 100644 --- a/srt/protocol.go +++ b/srt/protocol.go @@ -182,6 +182,7 @@ func (agent *SRTManager) process_conclusion(packet *Packet) (*Packet) { // else return since needed resp_packet.cif.(*HandshakeCIF).hs_extensions = append(resp_packet.cif.(*HandshakeCIF).hs_extensions, v) v.ext_type = 4 + agent.crypt = crypt_handler } } agent.pings[0][1] = time.Now() @@ -285,6 +286,9 @@ func (agent *SRTManager) process_data(packet *Packet) (*Packet) { case DATA: // if data, add to storage, linking, etc // then check if ack or nack can be generated (every 10 ms) + if agent.crypt != nil { + agent.crypt.Decrypt(packet) + } agent.handle_data_storage(packet) if time.Now().Sub(agent.pings[len(agent.pings) - 1][0]).Milliseconds() >= 10 { return agent.create_ack_report()