Documentation
¶
Index ¶
- func DataPacketValueToPayload(pck *livekit.DataPacket) *livekit.EncryptedPacketPayload
- func DecryptGCMH264Sample(sample, key, sifTrailer []byte) ([]byte, error)
- func DecryptGCMH264SampleCustomCipher(sample, sifTrailer []byte, cipherBlock cipher.Block) ([]byte, error)
- func DecryptGCMH265Sample(sample, key, sifTrailer []byte) ([]byte, error)
- func DecryptGCMH265SampleCustomCipher(sample, sifTrailer []byte, cipherBlock cipher.Block) ([]byte, error)
- func DecryptedPayloadToDataPacketValue(pck *livekit.DataPacket, payload *livekit.EncryptedPacketPayload)
- func EncryptGCMH264Sample(sample, key []byte, kid uint8) ([]byte, error)
- func EncryptGCMH264SampleCustomCipher(sample []byte, kid uint8, cipherBlock cipher.Block) ([]byte, error)
- func EncryptGCMH265Sample(sample, key []byte, kid uint8) ([]byte, error)
- func EncryptGCMH265SampleCustomCipher(sample []byte, kid uint8, cipherBlock cipher.Block) ([]byte, error)
- type DataCryptor
- type DecryptFunc
- type EncryptFunc
- type ExternalKeyProvider
- type GCMFrameDecryptor
- type GCMFrameEncryptor
- type TrackDecryptor
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DataPacketValueToPayload ¶
func DataPacketValueToPayload(pck *livekit.DataPacket) *livekit.EncryptedPacketPayload
DataPacketValueToPayload maps a DataPacket value to an EncryptedPacketPayload.
func DecryptGCMH264Sample ¶
DecryptGCMH264Sample decrypts an H.264 video sample encrypted by EncryptGCMH264Sample or the JS SDK FrameCryptor.
func DecryptGCMH264SampleCustomCipher ¶
func DecryptGCMH264SampleCustomCipher(sample, sifTrailer []byte, cipherBlock cipher.Block) ([]byte, error)
DecryptGCMH264SampleCustomCipher decrypts an H.264 video sample using a cached cipher.Block.
func DecryptGCMH265Sample ¶
DecryptGCMH265Sample decrypts an H.265 video sample.
func DecryptGCMH265SampleCustomCipher ¶
func DecryptGCMH265SampleCustomCipher(sample, sifTrailer []byte, cipherBlock cipher.Block) ([]byte, error)
DecryptGCMH265SampleCustomCipher decrypts an H.265 video sample using a cached cipher.Block.
func DecryptedPayloadToDataPacketValue ¶
func DecryptedPayloadToDataPacketValue(pck *livekit.DataPacket, payload *livekit.EncryptedPacketPayload)
DecryptedPayloadToDataPacketValue maps a decrypted EncryptedPacketPayload back to a DataPacket value.
func EncryptGCMH264Sample ¶
EncryptGCMH264Sample encrypts an H.264 video sample with AES-128-GCM. Use EncryptGCMH264SampleCustomCipher with a cached cipher.Block for better performance.
func EncryptGCMH264SampleCustomCipher ¶
func EncryptGCMH264SampleCustomCipher(sample []byte, kid uint8, cipherBlock cipher.Block) ([]byte, error)
EncryptGCMH264SampleCustomCipher encrypts an H.264 video sample using a cached cipher.Block.
func EncryptGCMH265Sample ¶
EncryptGCMH265Sample encrypts an H.265 video sample with AES-128-GCM.
Types ¶
type DataCryptor ¶
type DataCryptor struct {
// contains filtered or unexported fields
}
DataCryptor handles encryption and decryption of data channel messages. It mirrors the JS SDK's DataCryptor class, using AES-128-GCM with no AAD.
func NewDataCryptor ¶
func NewDataCryptor(keyProvider types.KeyProvider) *DataCryptor
NewDataCryptor creates a cryptor using the given key provider.
func (*DataCryptor) Decrypt ¶
func (dc *DataCryptor) Decrypt(ep *livekit.EncryptedPacket) (*livekit.EncryptedPacketPayload, error)
Decrypt extracts and decrypts an EncryptedPacket, returning the inner payload.
func (*DataCryptor) Encrypt ¶
func (dc *DataCryptor) Encrypt(pck *livekit.DataPacket) (*livekit.DataPacket, error)
Encrypt wraps a DataPacket's value in an EncryptedPacket. The original value is serialized as EncryptedPacketPayload, then encrypted with AES-128-GCM using a random IV and no AAD.
type DecryptFunc ¶
DecryptFunc matches the signature of lksdk.DecryptGCM*SampleCustomCipher functions.
type EncryptFunc ¶
EncryptFunc matches the signature of lksdk.EncryptGCM*SampleCustomCipher functions. Used to inject codec-specific encryption without importing lksdk (avoids circular dep).
type ExternalKeyProvider ¶
type ExternalKeyProvider struct {
// contains filtered or unexported fields
}
ExternalKeyProvider is a simple key provider where keys are set externally. This matches the JS SDK's ExternalE2EEKeyProvider pattern.
func NewExternalKeyProvider ¶
func NewExternalKeyProvider() *ExternalKeyProvider
NewExternalKeyProvider creates a new key provider for externally managed keys.
func (*ExternalKeyProvider) CurrentKeyIndex ¶
func (p *ExternalKeyProvider) CurrentKeyIndex() uint32
CurrentKeyIndex returns the active key index for encryption.
func (*ExternalKeyProvider) GetKey ¶
func (p *ExternalKeyProvider) GetKey(keyIndex uint32) ([]byte, error)
GetKey returns the derived AES key for the given index.
func (*ExternalKeyProvider) SetKeyFromPassphrase ¶
func (p *ExternalKeyProvider) SetKeyFromPassphrase(passphrase string, index uint32) error
SetKeyFromPassphrase derives an AES-128 key from a passphrase using PBKDF2 (matching the JS SDK's derivation: salt="LKFrameEncryptionKey", SHA-256, 100000 iterations, 128-bit output) and stores it at the given index.
type GCMFrameDecryptor ¶
type GCMFrameDecryptor struct {
// contains filtered or unexported fields
}
GCMFrameDecryptor decrypts media frames using AES-128-GCM. It reads the KID (key index) from each frame's trailer to support multi-key scenarios and key rotation.
func NewGCMFrameDecryptor ¶
func NewGCMFrameDecryptor(keyProvider types.KeyProvider, decryptFn DecryptFunc, sifTrailer []byte) *GCMFrameDecryptor
NewGCMFrameDecryptor creates a frame decryptor for the given key provider, codec-specific decrypt function, and SIF trailer bytes.
func (*GCMFrameDecryptor) DecryptFrame ¶
func (d *GCMFrameDecryptor) DecryptFrame(payload []byte) ([]byte, error)
DecryptFrame decrypts a complete media frame. Returns (nil, nil) for server-injected frames (SIF) that should be dropped.
type GCMFrameEncryptor ¶
type GCMFrameEncryptor struct {
// contains filtered or unexported fields
}
GCMFrameEncryptor encrypts media frames using AES-128-GCM. It wraps a KeyProvider and a codec-specific EncryptFunc, caching the cipher block via atomic.Pointer and only taking a mutex during key rotation.
func NewGCMFrameEncryptor ¶
func NewGCMFrameEncryptor(keyProvider types.KeyProvider, encryptFn EncryptFunc) (*GCMFrameEncryptor, error)
NewGCMFrameEncryptor creates a frame encryptor for the given key provider and codec-specific encrypt function.
func (*GCMFrameEncryptor) EncryptFrame ¶
func (e *GCMFrameEncryptor) EncryptFrame(payload []byte) ([]byte, error)
EncryptFrame encrypts a complete media frame.
type TrackDecryptor ¶
type TrackDecryptor struct {
// contains filtered or unexported fields
}
TrackDecryptor reassembles RTP packets from a remote track into complete media frames, then decrypts each frame.
func NewTrackDecryptor ¶
func NewTrackDecryptor(track *webrtc.TrackRemote, decryptor types.FrameDecryptor) *TrackDecryptor
NewTrackDecryptor creates a decryptor for the given remote track. The depacketizer and maxLate are inferred from the track's codec.
func NewTrackDecryptorWithOptions ¶
func NewTrackDecryptorWithOptions(track *webrtc.TrackRemote, decryptor types.FrameDecryptor, maxLate uint16) *TrackDecryptor
NewTrackDecryptorWithOptions creates a decryptor with explicit maxLate.
func (*TrackDecryptor) ReadSample ¶
func (td *TrackDecryptor) ReadSample() (*media.Sample, error)
ReadSample reads RTP packets from the remote track, reassembles them into a complete frame, and decrypts the frame. Returns (nil, nil) for server-injected frames (SIF) that should be dropped. Returns io.EOF when the track is closed.
Source Files
Directories