mirror of
https://code.videolan.org/rist/librist.git
synced 2026-07-04 15:06:53 +00:00
docs: add SRP for Advanced Profile, update THANKS and Roadmap
- Add SRP passphrase exchange to the Advanced Profile feature list in README and NEWS (already functional, was not documented). - Remove SRP Auth from the Planned section (already implemented). - Add 4 AP+SRP integration tests (auth success, missing creds, password mismatch). - Clone EAP context during AP peer initialization so SRP works when the first packet from a connecting peer is Type 8. - Update THANKS.md with all contributors from git history.
This commit is contained in:
@@ -48,6 +48,8 @@ New Features:
|
||||
- PSK encryption mode 1 (AES-CTR, Main Profile compatible) with
|
||||
per-packet Nonce/IV in the AP header.
|
||||
- Future Nonce Announcement (CI=0x8011) for zero-latency key rotation.
|
||||
- SRP (Secure Remote Password) passphrase exchange, reusing the EAP-SRP
|
||||
state machine from Main Profile over Type 8 encapsulated EAPOL.
|
||||
- Flow ID field (I flag): virt_dst_port and virt_src_port map to/from
|
||||
the AP Outer/Inner Flow ID hierarchy on the wire.
|
||||
- LZ4 payload compression (LPC=1): sender compresses before encryption,
|
||||
@@ -60,8 +62,8 @@ New Features:
|
||||
to the application.
|
||||
- Baseline.Direct conformance for single-flow encrypted point-to-point
|
||||
RIST transport with ARQ.
|
||||
- 18 integration tests (basic, packet loss, encryption, mismatch,
|
||||
flow-id, lz4, lz4+encryption, flow-attr).
|
||||
- 22 integration tests (basic, packet loss, encryption, mismatch,
|
||||
flow-id, lz4, lz4+encryption, flow-attr, SRP auth).
|
||||
- 187 unit tests (wire format, timestamp, seq_index, Type 8, PSK modes,
|
||||
Flow ID mapping, LZ4 roundtrip, flow-attr control roundtrip).
|
||||
|
||||
|
||||
@@ -29,6 +29,7 @@ The goal of this project is to provide a RIST library for **most platforms**.
|
||||
- Native control plane (Keep-Alive, RTT Echo, NACK Bitmask/Range)
|
||||
- Full 32-bit sequence numbering
|
||||
- PSK encryption (AES-CTR mode 1, per-packet Nonce/IV)
|
||||
- SRP (Secure Remote Password) passphrase exchange
|
||||
- Future Nonce Announcement for zero-latency key rotation
|
||||
- Flow ID hierarchy (Outer/Inner/Sub) mapped to stream-id
|
||||
- LZ4 payload compression with automatic receiver detection
|
||||
@@ -93,7 +94,7 @@ If you have an application that needs to operate outside the sweet spot describe
|
||||
|
||||
### Planned
|
||||
|
||||
- VSF TR-06-3 (Advanced Profile) additional conformance levels (DTLS, SRP Auth, Fragmentation)
|
||||
- VSF TR-06-3 (Advanced Profile) additional conformance levels (DTLS, Fragmentation)
|
||||
|
||||
# Tools
|
||||
|
||||
|
||||
@@ -16,5 +16,13 @@ SipRadius LLC for funding this project.
|
||||
|
||||
And all the librist Authors (git shortlog -sn), including:
|
||||
|
||||
Sergio Ammirata, Kuldeep Singh Dhaka, Daniele Lacamera, Antonio Cardace, Gijs Peskens, James Hurley,
|
||||
Marvin Scholz, Stephan Mueller
|
||||
Sergio Ammirata, James Hurley, Daniele Lacamera,
|
||||
Yannick Le Roux, Thierry Lelegard, Carson Riker, Anders Cedronius,
|
||||
Zhao Zhili, Matthew Edge, Peter Kovář, Steve Lhomme, Heiko Nickerl,
|
||||
David Holroyd, Tristan Matthews, RossWang, Christopher Degawa,
|
||||
Dave Evans, Manuel, Samuel Thibault, Reno Dakota, Olivier Crête,
|
||||
Kevin Wang, Kevin Pan, Johan Lescure, Gyan Doshi, Florian Ernst,
|
||||
Derek Prestegard, Denis Slobodskoy, Daisuke Matsunami, Brian Keane,
|
||||
Bill Roberts, Azamat H. Hackimov, Alyssa Ross, Alexandre Janniaux,
|
||||
Alexander Podrezenko, Alex Converse, Kuldeep Singh Dhaka,
|
||||
Antonio Cardace, Marvin Scholz, Stephan Mueller
|
||||
|
||||
@@ -2643,6 +2643,15 @@ static void rist_peer_recv(struct evsocket_ctx *evctx, int fd, short revents, vo
|
||||
}
|
||||
}
|
||||
peer_append(p);
|
||||
#if HAVE_SRP_SUPPORT
|
||||
eap_clone_ctx(peer->eap_ctx, p);
|
||||
{
|
||||
char ip_buf[INET6_ADDRSTRLEN];
|
||||
char *ip = get_ip_str(&p->u.address, ip_buf, INET6_ADDRSTRLEN);
|
||||
if (ip)
|
||||
eap_set_ip_string(p->eap_ctx, ip_buf);
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -99,6 +99,14 @@ test('Advanced profile LZ4 compression client mode', test_send_receive, args: ['
|
||||
test('Advanced profile LZ4 compression + 10% loss', test_send_receive, args: ['2', 'rist://@127.0.0.1:7052', 'rist://127.0.0.1:7052?compression=1', '10'],suite: ['advanced', 'unicast', 'server', 'lz4'])
|
||||
test('Advanced profile LZ4 + AES128 server mode', test_send_receive, args: ['2', 'rist://@127.0.0.1:7053?secret=12345678&aes-type=128', 'rist://127.0.0.1:7053?secret=12345678&aes-type=128&compression=1', '0'],suite: ['advanced', 'unicast', 'server', 'lz4', 'encryption'])
|
||||
|
||||
###SRP authentication (Advanced Profile)
|
||||
if have_srp
|
||||
test('Advanced profile SRP auth server mode AES128', test_send_receive, args: ['2', 'rist://@127.0.0.1:7070?secret=12345678&aes-type=128&username=testuser&password=testpassword', 'rist://127.0.0.1:7070?secret=12345678&aes-type=128&username=testuser&password=testpassword', '0'],suite: ['advanced', 'unicast', 'server', 'encryption', 'srp'], should_fail: false)
|
||||
test('Advanced profile SRP auth client mode AES128', test_send_receive, args: ['2', 'rist://127.0.0.1:7071?secret=12345678&aes-type=128&username=testuser&password=testpassword', 'rist://@127.0.0.1:7071?secret=12345678&aes-type=128&username=testuser&password=testpassword', '0'],suite: ['advanced', 'unicast', 'client', 'encryption', 'srp'], should_fail: false)
|
||||
test('Advanced profile SRP auth client no SRP (should fail)', test_send_receive, args: ['2', 'rist://127.0.0.1:7072?secret=12345678&aes-type=128', 'rist://@127.0.0.1:7072?secret=12345678&aes-type=128&username=testuser&password=testpassword', '0'], suite: ['advanced', 'unicast', 'server', 'encryption', 'srp'], should_fail: true)
|
||||
test('Advanced profile SRP auth password mismatch (should fail)', test_send_receive, args: ['2', 'rist://127.0.0.1:7073?secret=12345678&aes-type=128&username=testuser&password=wrongpassword', 'rist://@127.0.0.1:7073?secret=12345678&aes-type=128&username=testuser&password=testpassword', '0'],suite: ['advanced', 'unicast', 'server', 'encryption', 'srp'], should_fail: true)
|
||||
endif
|
||||
|
||||
#Encryption tests where 1 side has enabled encryption these should fail
|
||||
test('Main profile encryption receive server mode unencrypted, sender client mode', test_send_receive, args: ['1', 'rist://@127.0.0.1:6003', 'rist://127.0.0.1:6003?secret=12345678&aes-type=128', '0'], should_fail: true)
|
||||
test('Main profile encryption receive server mode, sender client mode unencrypted', test_send_receive, args: ['1', 'rist://@127.0.0.1:6004?secret=12345678&aes-type=128', 'rist://127.0.0.1:6004', '0'], should_fail: true)
|
||||
|
||||
Reference in New Issue
Block a user