| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * libjingle | 2 * libjingle |
| 3 * Copyright 2009 Google Inc. | 3 * Copyright 2009 Google Inc. |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions are met: | 6 * modification, are permitted provided that the following conditions are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright notice, | 8 * 1. Redistributions of source code must retain the above copyright notice, |
| 9 * this list of conditions and the following disclaimer. | 9 * this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright notice, | 10 * 2. Redistributions in binary form must reproduce the above copyright notice, |
| (...skipping 129 matching lines...) Loading... |
| 140 return DoSetAnswer(answer_params, source, true); | 140 return DoSetAnswer(answer_params, source, true); |
| 141 } | 141 } |
| 142 | 142 |
| 143 bool SrtpFilter::SetProvisionalAnswer( | 143 bool SrtpFilter::SetProvisionalAnswer( |
| 144 const std::vector<CryptoParams>& answer_params, | 144 const std::vector<CryptoParams>& answer_params, |
| 145 ContentSource source) { | 145 ContentSource source) { |
| 146 return DoSetAnswer(answer_params, source, false); | 146 return DoSetAnswer(answer_params, source, false); |
| 147 } | 147 } |
| 148 | 148 |
| 149 bool SrtpFilter::SetRtpParams(const std::string& send_cs, | 149 bool SrtpFilter::SetRtpParams(const std::string& send_cs, |
| 150 const uint8* send_key, int send_key_len, | 150 const uint8_t* send_key, |
| 151 int send_key_len, |
| 151 const std::string& recv_cs, | 152 const std::string& recv_cs, |
| 152 const uint8* recv_key, int recv_key_len) { | 153 const uint8_t* recv_key, |
| 154 int recv_key_len) { |
| 153 if (IsActive()) { | 155 if (IsActive()) { |
| 154 LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active"; | 156 LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active"; |
| 155 return false; | 157 return false; |
| 156 } | 158 } |
| 157 CreateSrtpSessions(); | 159 CreateSrtpSessions(); |
| 158 if (!send_session_->SetSend(send_cs, send_key, send_key_len)) | 160 if (!send_session_->SetSend(send_cs, send_key, send_key_len)) |
| 159 return false; | 161 return false; |
| 160 | 162 |
| 161 if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) | 163 if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) |
| 162 return false; | 164 return false; |
| 163 | 165 |
| 164 state_ = ST_ACTIVE; | 166 state_ = ST_ACTIVE; |
| 165 | 167 |
| 166 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" | 168 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" |
| 167 << " send cipher_suite " << send_cs | 169 << " send cipher_suite " << send_cs |
| 168 << " recv cipher_suite " << recv_cs; | 170 << " recv cipher_suite " << recv_cs; |
| 169 return true; | 171 return true; |
| 170 } | 172 } |
| 171 | 173 |
| 172 // This function is provided separately because DTLS-SRTP behaves | 174 // This function is provided separately because DTLS-SRTP behaves |
| 173 // differently in RTP/RTCP mux and non-mux modes. | 175 // differently in RTP/RTCP mux and non-mux modes. |
| 174 // | 176 // |
| 175 // - In the non-muxed case, RTP and RTCP are keyed with different | 177 // - In the non-muxed case, RTP and RTCP are keyed with different |
| 176 // keys (from different DTLS handshakes), and so we need a new | 178 // keys (from different DTLS handshakes), and so we need a new |
| 177 // SrtpSession. | 179 // SrtpSession. |
| 178 // - In the muxed case, they are keyed with the same keys, so | 180 // - In the muxed case, they are keyed with the same keys, so |
| 179 // this function is not needed | 181 // this function is not needed |
| 180 bool SrtpFilter::SetRtcpParams(const std::string& send_cs, | 182 bool SrtpFilter::SetRtcpParams(const std::string& send_cs, |
| 181 const uint8* send_key, int send_key_len, | 183 const uint8_t* send_key, |
| 184 int send_key_len, |
| 182 const std::string& recv_cs, | 185 const std::string& recv_cs, |
| 183 const uint8* recv_key, int recv_key_len) { | 186 const uint8_t* recv_key, |
| 187 int recv_key_len) { |
| 184 // This can only be called once, but can be safely called after | 188 // This can only be called once, but can be safely called after |
| 185 // SetRtpParams | 189 // SetRtpParams |
| 186 if (send_rtcp_session_ || recv_rtcp_session_) { | 190 if (send_rtcp_session_ || recv_rtcp_session_) { |
| 187 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active"; | 191 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active"; |
| 188 return false; | 192 return false; |
| 189 } | 193 } |
| 190 | 194 |
| 191 send_rtcp_session_.reset(new SrtpSession()); | 195 send_rtcp_session_.reset(new SrtpSession()); |
| 192 SignalSrtpError.repeat(send_rtcp_session_->SignalSrtpError); | 196 SignalSrtpError.repeat(send_rtcp_session_->SignalSrtpError); |
| 193 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_); | 197 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_); |
| (...skipping 15 matching lines...) Loading... |
| 209 | 213 |
| 210 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { | 214 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { |
| 211 if (!IsActive()) { | 215 if (!IsActive()) { |
| 212 LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active"; | 216 LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active"; |
| 213 return false; | 217 return false; |
| 214 } | 218 } |
| 215 ASSERT(send_session_ != NULL); | 219 ASSERT(send_session_ != NULL); |
| 216 return send_session_->ProtectRtp(p, in_len, max_len, out_len); | 220 return send_session_->ProtectRtp(p, in_len, max_len, out_len); |
| 217 } | 221 } |
| 218 | 222 |
| 219 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len, | 223 bool SrtpFilter::ProtectRtp(void* p, |
| 220 int64* index) { | 224 int in_len, |
| 225 int max_len, |
| 226 int* out_len, |
| 227 int64_t* index) { |
| 221 if (!IsActive()) { | 228 if (!IsActive()) { |
| 222 LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active"; | 229 LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active"; |
| 223 return false; | 230 return false; |
| 224 } | 231 } |
| 225 ASSERT(send_session_ != NULL); | 232 ASSERT(send_session_ != NULL); |
| 226 return send_session_->ProtectRtp(p, in_len, max_len, out_len, index); | 233 return send_session_->ProtectRtp(p, in_len, max_len, out_len, index); |
| 227 } | 234 } |
| 228 | 235 |
| 229 bool SrtpFilter::ProtectRtcp(void* p, int in_len, int max_len, int* out_len) { | 236 bool SrtpFilter::ProtectRtcp(void* p, int in_len, int max_len, int* out_len) { |
| 230 if (!IsActive()) { | 237 if (!IsActive()) { |
| (...skipping 23 matching lines...) Loading... |
| 254 return false; | 261 return false; |
| 255 } | 262 } |
| 256 if (recv_rtcp_session_) { | 263 if (recv_rtcp_session_) { |
| 257 return recv_rtcp_session_->UnprotectRtcp(p, in_len, out_len); | 264 return recv_rtcp_session_->UnprotectRtcp(p, in_len, out_len); |
| 258 } else { | 265 } else { |
| 259 ASSERT(recv_session_ != NULL); | 266 ASSERT(recv_session_ != NULL); |
| 260 return recv_session_->UnprotectRtcp(p, in_len, out_len); | 267 return recv_session_->UnprotectRtcp(p, in_len, out_len); |
| 261 } | 268 } |
| 262 } | 269 } |
| 263 | 270 |
| 264 bool SrtpFilter::GetRtpAuthParams(uint8** key, int* key_len, int* tag_len) { | 271 bool SrtpFilter::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) { |
| 265 if (!IsActive()) { | 272 if (!IsActive()) { |
| 266 LOG(LS_WARNING) << "Failed to GetRtpAuthParams: SRTP not active"; | 273 LOG(LS_WARNING) << "Failed to GetRtpAuthParams: SRTP not active"; |
| 267 return false; | 274 return false; |
| 268 } | 275 } |
| 269 | 276 |
| 270 ASSERT(send_session_ != NULL); | 277 ASSERT(send_session_ != NULL); |
| 271 return send_session_->GetRtpAuthParams(key, key_len, tag_len); | 278 return send_session_->GetRtpAuthParams(key, key_len, tag_len); |
| 272 } | 279 } |
| 273 | 280 |
| 274 void SrtpFilter::set_signal_silent_time(uint32 signal_silent_time_in_ms) { | 281 void SrtpFilter::set_signal_silent_time(uint32_t signal_silent_time_in_ms) { |
| 275 signal_silent_time_in_ms_ = signal_silent_time_in_ms; | 282 signal_silent_time_in_ms_ = signal_silent_time_in_ms; |
| 276 if (IsActive()) { | 283 if (IsActive()) { |
| 277 ASSERT(send_session_ != NULL); | 284 ASSERT(send_session_ != NULL); |
| 278 send_session_->set_signal_silent_time(signal_silent_time_in_ms); | 285 send_session_->set_signal_silent_time(signal_silent_time_in_ms); |
| 279 ASSERT(recv_session_ != NULL); | 286 ASSERT(recv_session_ != NULL); |
| 280 recv_session_->set_signal_silent_time(signal_silent_time_in_ms); | 287 recv_session_->set_signal_silent_time(signal_silent_time_in_ms); |
| 281 if (send_rtcp_session_) | 288 if (send_rtcp_session_) |
| 282 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms); | 289 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms); |
| 283 if (recv_rtcp_session_) | 290 if (recv_rtcp_session_) |
| 284 recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms); | 291 recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms); |
| (...skipping 124 matching lines...) Loading... |
| 409 applied_send_params_.key_params == send_params.key_params && | 416 applied_send_params_.key_params == send_params.key_params && |
| 410 applied_recv_params_.cipher_suite == recv_params.cipher_suite && | 417 applied_recv_params_.cipher_suite == recv_params.cipher_suite && |
| 411 applied_recv_params_.key_params == recv_params.key_params) { | 418 applied_recv_params_.key_params == recv_params.key_params) { |
| 412 LOG(LS_INFO) << "Applying the same SRTP parameters again. No-op."; | 419 LOG(LS_INFO) << "Applying the same SRTP parameters again. No-op."; |
| 413 | 420 |
| 414 // We do not want to reset the ROC if the keys are the same. So just return. | 421 // We do not want to reset the ROC if the keys are the same. So just return. |
| 415 return true; | 422 return true; |
| 416 } | 423 } |
| 417 // TODO(juberti): Zero these buffers after use. | 424 // TODO(juberti): Zero these buffers after use. |
| 418 bool ret; | 425 bool ret; |
| 419 uint8 send_key[SRTP_MASTER_KEY_LEN], recv_key[SRTP_MASTER_KEY_LEN]; | 426 uint8_t send_key[SRTP_MASTER_KEY_LEN], recv_key[SRTP_MASTER_KEY_LEN]; |
| 420 ret = (ParseKeyParams(send_params.key_params, send_key, sizeof(send_key)) && | 427 ret = (ParseKeyParams(send_params.key_params, send_key, sizeof(send_key)) && |
| 421 ParseKeyParams(recv_params.key_params, recv_key, sizeof(recv_key))); | 428 ParseKeyParams(recv_params.key_params, recv_key, sizeof(recv_key))); |
| 422 if (ret) { | 429 if (ret) { |
| 423 CreateSrtpSessions(); | 430 CreateSrtpSessions(); |
| 424 ret = (send_session_->SetSend(send_params.cipher_suite, | 431 ret = (send_session_->SetSend(send_params.cipher_suite, |
| 425 send_key, sizeof(send_key)) && | 432 send_key, sizeof(send_key)) && |
| 426 recv_session_->SetRecv(recv_params.cipher_suite, | 433 recv_session_->SetRecv(recv_params.cipher_suite, |
| 427 recv_key, sizeof(recv_key))); | 434 recv_key, sizeof(recv_key))); |
| 428 } | 435 } |
| 429 if (ret) { | 436 if (ret) { |
| 430 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" | 437 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" |
| 431 << " send cipher_suite " << send_params.cipher_suite | 438 << " send cipher_suite " << send_params.cipher_suite |
| 432 << " recv cipher_suite " << recv_params.cipher_suite; | 439 << " recv cipher_suite " << recv_params.cipher_suite; |
| 433 applied_send_params_ = send_params; | 440 applied_send_params_ = send_params; |
| 434 applied_recv_params_ = recv_params; | 441 applied_recv_params_ = recv_params; |
| 435 } else { | 442 } else { |
| 436 LOG(LS_WARNING) << "Failed to apply negotiated SRTP parameters"; | 443 LOG(LS_WARNING) << "Failed to apply negotiated SRTP parameters"; |
| 437 } | 444 } |
| 438 return ret; | 445 return ret; |
| 439 } | 446 } |
| 440 | 447 |
| 441 bool SrtpFilter::ResetParams() { | 448 bool SrtpFilter::ResetParams() { |
| 442 offer_params_.clear(); | 449 offer_params_.clear(); |
| 443 state_ = ST_INIT; | 450 state_ = ST_INIT; |
| 444 LOG(LS_INFO) << "SRTP reset to init state"; | 451 LOG(LS_INFO) << "SRTP reset to init state"; |
| 445 return true; | 452 return true; |
| 446 } | 453 } |
| 447 | 454 |
| 448 bool SrtpFilter::ParseKeyParams(const std::string& key_params, | 455 bool SrtpFilter::ParseKeyParams(const std::string& key_params, |
| 449 uint8* key, int len) { | 456 uint8_t* key, |
| 457 int len) { |
| 450 // example key_params: "inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2" | 458 // example key_params: "inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2" |
| 451 | 459 |
| 452 // Fail if key-method is wrong. | 460 // Fail if key-method is wrong. |
| 453 if (key_params.find("inline:") != 0) { | 461 if (key_params.find("inline:") != 0) { |
| 454 return false; | 462 return false; |
| 455 } | 463 } |
| 456 | 464 |
| 457 // Fail if base64 decode fails, or the key is the wrong size. | 465 // Fail if base64 decode fails, or the key is the wrong size. |
| 458 std::string key_b64(key_params.substr(7)), key_str; | 466 std::string key_b64(key_params.substr(7)), key_str; |
| 459 if (!rtc::Base64::Decode(key_b64, rtc::Base64::DO_STRICT, | 467 if (!rtc::Base64::Decode(key_b64, rtc::Base64::DO_STRICT, |
| (...skipping 32 matching lines...) Loading... |
| 492 SrtpSession::~SrtpSession() { | 500 SrtpSession::~SrtpSession() { |
| 493 { | 501 { |
| 494 rtc::GlobalLockScope ls(&lock_); | 502 rtc::GlobalLockScope ls(&lock_); |
| 495 sessions()->erase(std::find(sessions()->begin(), sessions()->end(), this)); | 503 sessions()->erase(std::find(sessions()->begin(), sessions()->end(), this)); |
| 496 } | 504 } |
| 497 if (session_) { | 505 if (session_) { |
| 498 srtp_dealloc(session_); | 506 srtp_dealloc(session_); |
| 499 } | 507 } |
| 500 } | 508 } |
| 501 | 509 |
| 502 bool SrtpSession::SetSend(const std::string& cs, const uint8* key, int len) { | 510 bool SrtpSession::SetSend(const std::string& cs, const uint8_t* key, int len) { |
| 503 return SetKey(ssrc_any_outbound, cs, key, len); | 511 return SetKey(ssrc_any_outbound, cs, key, len); |
| 504 } | 512 } |
| 505 | 513 |
| 506 bool SrtpSession::SetRecv(const std::string& cs, const uint8* key, int len) { | 514 bool SrtpSession::SetRecv(const std::string& cs, const uint8_t* key, int len) { |
| 507 return SetKey(ssrc_any_inbound, cs, key, len); | 515 return SetKey(ssrc_any_inbound, cs, key, len); |
| 508 } | 516 } |
| 509 | 517 |
| 510 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { | 518 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { |
| 511 if (!session_) { | 519 if (!session_) { |
| 512 LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session"; | 520 LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session"; |
| 513 return false; | 521 return false; |
| 514 } | 522 } |
| 515 | 523 |
| 516 int need_len = in_len + rtp_auth_tag_len_; // NOLINT | 524 int need_len = in_len + rtp_auth_tag_len_; // NOLINT |
| 517 if (max_len < need_len) { | 525 if (max_len < need_len) { |
| 518 LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length " | 526 LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length " |
| 519 << max_len << " is less than the needed " << need_len; | 527 << max_len << " is less than the needed " << need_len; |
| 520 return false; | 528 return false; |
| 521 } | 529 } |
| 522 | 530 |
| 523 *out_len = in_len; | 531 *out_len = in_len; |
| 524 int err = srtp_protect(session_, p, out_len); | 532 int err = srtp_protect(session_, p, out_len); |
| 525 uint32 ssrc; | 533 uint32_t ssrc; |
| 526 if (GetRtpSsrc(p, in_len, &ssrc)) { | 534 if (GetRtpSsrc(p, in_len, &ssrc)) { |
| 527 srtp_stat_->AddProtectRtpResult(ssrc, err); | 535 srtp_stat_->AddProtectRtpResult(ssrc, err); |
| 528 } | 536 } |
| 529 int seq_num; | 537 int seq_num; |
| 530 GetRtpSeqNum(p, in_len, &seq_num); | 538 GetRtpSeqNum(p, in_len, &seq_num); |
| 531 if (err != err_status_ok) { | 539 if (err != err_status_ok) { |
| 532 LOG(LS_WARNING) << "Failed to protect SRTP packet, seqnum=" | 540 LOG(LS_WARNING) << "Failed to protect SRTP packet, seqnum=" |
| 533 << seq_num << ", err=" << err << ", last seqnum=" | 541 << seq_num << ", err=" << err << ", last seqnum=" |
| 534 << last_send_seq_num_; | 542 << last_send_seq_num_; |
| 535 return false; | 543 return false; |
| 536 } | 544 } |
| 537 last_send_seq_num_ = seq_num; | 545 last_send_seq_num_ = seq_num; |
| 538 return true; | 546 return true; |
| 539 } | 547 } |
| 540 | 548 |
| 541 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len, | 549 bool SrtpSession::ProtectRtp(void* p, |
| 542 int64* index) { | 550 int in_len, |
| 551 int max_len, |
| 552 int* out_len, |
| 553 int64_t* index) { |
| 543 if (!ProtectRtp(p, in_len, max_len, out_len)) { | 554 if (!ProtectRtp(p, in_len, max_len, out_len)) { |
| 544 return false; | 555 return false; |
| 545 } | 556 } |
| 546 return (index) ? GetSendStreamPacketIndex(p, in_len, index) : true; | 557 return (index) ? GetSendStreamPacketIndex(p, in_len, index) : true; |
| 547 } | 558 } |
| 548 | 559 |
| 549 bool SrtpSession::ProtectRtcp(void* p, int in_len, int max_len, int* out_len) { | 560 bool SrtpSession::ProtectRtcp(void* p, int in_len, int max_len, int* out_len) { |
| 550 if (!session_) { | 561 if (!session_) { |
| 551 LOG(LS_WARNING) << "Failed to protect SRTCP packet: no SRTP Session"; | 562 LOG(LS_WARNING) << "Failed to protect SRTCP packet: no SRTP Session"; |
| 552 return false; | 563 return false; |
| 553 } | 564 } |
| 554 | 565 |
| 555 int need_len = in_len + sizeof(uint32) + rtcp_auth_tag_len_; // NOLINT | 566 int need_len = in_len + sizeof(uint32_t) + rtcp_auth_tag_len_; // NOLINT |
| 556 if (max_len < need_len) { | 567 if (max_len < need_len) { |
| 557 LOG(LS_WARNING) << "Failed to protect SRTCP packet: The buffer length " | 568 LOG(LS_WARNING) << "Failed to protect SRTCP packet: The buffer length " |
| 558 << max_len << " is less than the needed " << need_len; | 569 << max_len << " is less than the needed " << need_len; |
| 559 return false; | 570 return false; |
| 560 } | 571 } |
| 561 | 572 |
| 562 *out_len = in_len; | 573 *out_len = in_len; |
| 563 int err = srtp_protect_rtcp(session_, p, out_len); | 574 int err = srtp_protect_rtcp(session_, p, out_len); |
| 564 srtp_stat_->AddProtectRtcpResult(err); | 575 srtp_stat_->AddProtectRtcpResult(err); |
| 565 if (err != err_status_ok) { | 576 if (err != err_status_ok) { |
| 566 LOG(LS_WARNING) << "Failed to protect SRTCP packet, err=" << err; | 577 LOG(LS_WARNING) << "Failed to protect SRTCP packet, err=" << err; |
| 567 return false; | 578 return false; |
| 568 } | 579 } |
| 569 return true; | 580 return true; |
| 570 } | 581 } |
| 571 | 582 |
| 572 bool SrtpSession::UnprotectRtp(void* p, int in_len, int* out_len) { | 583 bool SrtpSession::UnprotectRtp(void* p, int in_len, int* out_len) { |
| 573 if (!session_) { | 584 if (!session_) { |
| 574 LOG(LS_WARNING) << "Failed to unprotect SRTP packet: no SRTP Session"; | 585 LOG(LS_WARNING) << "Failed to unprotect SRTP packet: no SRTP Session"; |
| 575 return false; | 586 return false; |
| 576 } | 587 } |
| 577 | 588 |
| 578 *out_len = in_len; | 589 *out_len = in_len; |
| 579 int err = srtp_unprotect(session_, p, out_len); | 590 int err = srtp_unprotect(session_, p, out_len); |
| 580 uint32 ssrc; | 591 uint32_t ssrc; |
| 581 if (GetRtpSsrc(p, in_len, &ssrc)) { | 592 if (GetRtpSsrc(p, in_len, &ssrc)) { |
| 582 srtp_stat_->AddUnprotectRtpResult(ssrc, err); | 593 srtp_stat_->AddUnprotectRtpResult(ssrc, err); |
| 583 } | 594 } |
| 584 if (err != err_status_ok) { | 595 if (err != err_status_ok) { |
| 585 LOG(LS_WARNING) << "Failed to unprotect SRTP packet, err=" << err; | 596 LOG(LS_WARNING) << "Failed to unprotect SRTP packet, err=" << err; |
| 586 return false; | 597 return false; |
| 587 } | 598 } |
| 588 return true; | 599 return true; |
| 589 } | 600 } |
| 590 | 601 |
| 591 bool SrtpSession::UnprotectRtcp(void* p, int in_len, int* out_len) { | 602 bool SrtpSession::UnprotectRtcp(void* p, int in_len, int* out_len) { |
| 592 if (!session_) { | 603 if (!session_) { |
| 593 LOG(LS_WARNING) << "Failed to unprotect SRTCP packet: no SRTP Session"; | 604 LOG(LS_WARNING) << "Failed to unprotect SRTCP packet: no SRTP Session"; |
| 594 return false; | 605 return false; |
| 595 } | 606 } |
| 596 | 607 |
| 597 *out_len = in_len; | 608 *out_len = in_len; |
| 598 int err = srtp_unprotect_rtcp(session_, p, out_len); | 609 int err = srtp_unprotect_rtcp(session_, p, out_len); |
| 599 srtp_stat_->AddUnprotectRtcpResult(err); | 610 srtp_stat_->AddUnprotectRtcpResult(err); |
| 600 if (err != err_status_ok) { | 611 if (err != err_status_ok) { |
| 601 LOG(LS_WARNING) << "Failed to unprotect SRTCP packet, err=" << err; | 612 LOG(LS_WARNING) << "Failed to unprotect SRTCP packet, err=" << err; |
| 602 return false; | 613 return false; |
| 603 } | 614 } |
| 604 return true; | 615 return true; |
| 605 } | 616 } |
| 606 | 617 |
| 607 bool SrtpSession::GetRtpAuthParams(uint8** key, int* key_len, | 618 bool SrtpSession::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) { |
| 608 int* tag_len) { | |
| 609 #if defined(ENABLE_EXTERNAL_AUTH) | 619 #if defined(ENABLE_EXTERNAL_AUTH) |
| 610 ExternalHmacContext* external_hmac = NULL; | 620 ExternalHmacContext* external_hmac = NULL; |
| 611 // stream_template will be the reference context for other streams. | 621 // stream_template will be the reference context for other streams. |
| 612 // Let's use it for getting the keys. | 622 // Let's use it for getting the keys. |
| 613 srtp_stream_ctx_t* srtp_context = session_->stream_template; | 623 srtp_stream_ctx_t* srtp_context = session_->stream_template; |
| 614 if (srtp_context && srtp_context->rtp_auth) { | 624 if (srtp_context && srtp_context->rtp_auth) { |
| 615 external_hmac = reinterpret_cast<ExternalHmacContext*>( | 625 external_hmac = reinterpret_cast<ExternalHmacContext*>( |
| 616 srtp_context->rtp_auth->state); | 626 srtp_context->rtp_auth->state); |
| 617 } | 627 } |
| 618 | 628 |
| 619 if (!external_hmac) { | 629 if (!external_hmac) { |
| 620 LOG(LS_ERROR) << "Failed to get auth keys from libsrtp!."; | 630 LOG(LS_ERROR) << "Failed to get auth keys from libsrtp!."; |
| 621 return false; | 631 return false; |
| 622 } | 632 } |
| 623 | 633 |
| 624 *key = external_hmac->key; | 634 *key = external_hmac->key; |
| 625 *key_len = external_hmac->key_length; | 635 *key_len = external_hmac->key_length; |
| 626 *tag_len = rtp_auth_tag_len_; | 636 *tag_len = rtp_auth_tag_len_; |
| 627 return true; | 637 return true; |
| 628 #else | 638 #else |
| 629 return false; | 639 return false; |
| 630 #endif | 640 #endif |
| 631 } | 641 } |
| 632 | 642 |
| 633 bool SrtpSession::GetSendStreamPacketIndex(void* p, int in_len, int64* index) { | 643 bool SrtpSession::GetSendStreamPacketIndex(void* p, |
| 644 int in_len, |
| 645 int64_t* index) { |
| 634 srtp_hdr_t* hdr = reinterpret_cast<srtp_hdr_t*>(p); | 646 srtp_hdr_t* hdr = reinterpret_cast<srtp_hdr_t*>(p); |
| 635 srtp_stream_ctx_t* stream = srtp_get_stream(session_, hdr->ssrc); | 647 srtp_stream_ctx_t* stream = srtp_get_stream(session_, hdr->ssrc); |
| 636 if (stream == NULL) | 648 if (stream == NULL) |
| 637 return false; | 649 return false; |
| 638 | 650 |
| 639 // Shift packet index, put into network byte order | 651 // Shift packet index, put into network byte order |
| 640 *index = static_cast<int64>( | 652 *index = static_cast<int64_t>( |
| 641 rtc::NetworkToHost64(rdbx_get_packet_index(&stream->rtp_rdbx) << 16)); | 653 rtc::NetworkToHost64(rdbx_get_packet_index(&stream->rtp_rdbx) << 16)); |
| 642 return true; | 654 return true; |
| 643 } | 655 } |
| 644 | 656 |
| 645 void SrtpSession::set_signal_silent_time(uint32 signal_silent_time_in_ms) { | 657 void SrtpSession::set_signal_silent_time(uint32_t signal_silent_time_in_ms) { |
| 646 srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms); | 658 srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms); |
| 647 } | 659 } |
| 648 | 660 |
| 649 bool SrtpSession::SetKey(int type, const std::string& cs, | 661 bool SrtpSession::SetKey(int type, |
| 650 const uint8* key, int len) { | 662 const std::string& cs, |
| 663 const uint8_t* key, |
| 664 int len) { |
| 651 if (session_) { | 665 if (session_) { |
| 652 LOG(LS_ERROR) << "Failed to create SRTP session: " | 666 LOG(LS_ERROR) << "Failed to create SRTP session: " |
| 653 << "SRTP session already created"; | 667 << "SRTP session already created"; |
| 654 return false; | 668 return false; |
| 655 } | 669 } |
| 656 | 670 |
| 657 if (!Init()) { | 671 if (!Init()) { |
| 658 return false; | 672 return false; |
| 659 } | 673 } |
| 660 | 674 |
| (...skipping 12 matching lines...) Loading... |
| 673 return false; | 687 return false; |
| 674 } | 688 } |
| 675 | 689 |
| 676 if (!key || len != SRTP_MASTER_KEY_LEN) { | 690 if (!key || len != SRTP_MASTER_KEY_LEN) { |
| 677 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key"; | 691 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key"; |
| 678 return false; | 692 return false; |
| 679 } | 693 } |
| 680 | 694 |
| 681 policy.ssrc.type = static_cast<ssrc_type_t>(type); | 695 policy.ssrc.type = static_cast<ssrc_type_t>(type); |
| 682 policy.ssrc.value = 0; | 696 policy.ssrc.value = 0; |
| 683 policy.key = const_cast<uint8*>(key); | 697 policy.key = const_cast<uint8_t*>(key); |
| 684 // TODO(astor) parse window size from WSH session-param | 698 // TODO(astor) parse window size from WSH session-param |
| 685 policy.window_size = 1024; | 699 policy.window_size = 1024; |
| 686 policy.allow_repeat_tx = 1; | 700 policy.allow_repeat_tx = 1; |
| 687 // If external authentication option is enabled, supply custom auth module | 701 // If external authentication option is enabled, supply custom auth module |
| 688 // id EXTERNAL_HMAC_SHA1 in the policy structure. | 702 // id EXTERNAL_HMAC_SHA1 in the policy structure. |
| 689 // We want to set this option only for rtp packets. | 703 // We want to set this option only for rtp packets. |
| 690 // By default policy structure is initialized to HMAC_SHA1. | 704 // By default policy structure is initialized to HMAC_SHA1. |
| 691 #if defined(ENABLE_EXTERNAL_AUTH) | 705 #if defined(ENABLE_EXTERNAL_AUTH) |
| 692 // Enable external HMAC authentication only for outgoing streams. | 706 // Enable external HMAC authentication only for outgoing streams. |
| 693 if (type == ssrc_any_outbound) { | 707 if (type == ssrc_any_outbound) { |
| (...skipping 98 matching lines...) Loading... |
| 792 | 806 |
| 793 // On some systems, SRTP is not (yet) available. | 807 // On some systems, SRTP is not (yet) available. |
| 794 | 808 |
| 795 SrtpSession::SrtpSession() { | 809 SrtpSession::SrtpSession() { |
| 796 LOG(WARNING) << "SRTP implementation is missing."; | 810 LOG(WARNING) << "SRTP implementation is missing."; |
| 797 } | 811 } |
| 798 | 812 |
| 799 SrtpSession::~SrtpSession() { | 813 SrtpSession::~SrtpSession() { |
| 800 } | 814 } |
| 801 | 815 |
| 802 bool SrtpSession::SetSend(const std::string& cs, const uint8* key, int len) { | 816 bool SrtpSession::SetSend(const std::string& cs, const uint8_t* key, int len) { |
| 803 return SrtpNotAvailable(__FUNCTION__); | 817 return SrtpNotAvailable(__FUNCTION__); |
| 804 } | 818 } |
| 805 | 819 |
| 806 bool SrtpSession::SetRecv(const std::string& cs, const uint8* key, int len) { | 820 bool SrtpSession::SetRecv(const std::string& cs, const uint8_t* key, int len) { |
| 807 return SrtpNotAvailable(__FUNCTION__); | 821 return SrtpNotAvailable(__FUNCTION__); |
| 808 } | 822 } |
| 809 | 823 |
| 810 bool SrtpSession::ProtectRtp(void* data, int in_len, int max_len, | 824 bool SrtpSession::ProtectRtp(void* data, int in_len, int max_len, |
| 811 int* out_len) { | 825 int* out_len) { |
| 812 return SrtpNotAvailable(__FUNCTION__); | 826 return SrtpNotAvailable(__FUNCTION__); |
| 813 } | 827 } |
| 814 | 828 |
| 815 bool SrtpSession::ProtectRtcp(void* data, int in_len, int max_len, | 829 bool SrtpSession::ProtectRtcp(void* data, int in_len, int max_len, |
| 816 int* out_len) { | 830 int* out_len) { |
| 817 return SrtpNotAvailable(__FUNCTION__); | 831 return SrtpNotAvailable(__FUNCTION__); |
| 818 } | 832 } |
| 819 | 833 |
| 820 bool SrtpSession::UnprotectRtp(void* data, int in_len, int* out_len) { | 834 bool SrtpSession::UnprotectRtp(void* data, int in_len, int* out_len) { |
| 821 return SrtpNotAvailable(__FUNCTION__); | 835 return SrtpNotAvailable(__FUNCTION__); |
| 822 } | 836 } |
| 823 | 837 |
| 824 bool SrtpSession::UnprotectRtcp(void* data, int in_len, int* out_len) { | 838 bool SrtpSession::UnprotectRtcp(void* data, int in_len, int* out_len) { |
| 825 return SrtpNotAvailable(__FUNCTION__); | 839 return SrtpNotAvailable(__FUNCTION__); |
| 826 } | 840 } |
| 827 | 841 |
| 828 void SrtpSession::set_signal_silent_time(uint32 signal_silent_time) { | 842 void SrtpSession::set_signal_silent_time(uint32_t signal_silent_time) { |
| 829 // Do nothing. | 843 // Do nothing. |
| 830 } | 844 } |
| 831 | 845 |
| 832 #endif // HAVE_SRTP | 846 #endif // HAVE_SRTP |
| 833 | 847 |
| 834 /////////////////////////////////////////////////////////////////////////////// | 848 /////////////////////////////////////////////////////////////////////////////// |
| 835 // SrtpStat | 849 // SrtpStat |
| 836 | 850 |
| 837 #ifdef HAVE_SRTP | 851 #ifdef HAVE_SRTP |
| 838 | 852 |
| 839 SrtpStat::SrtpStat() | 853 SrtpStat::SrtpStat() |
| 840 : signal_silent_time_(1000) { | 854 : signal_silent_time_(1000) { |
| 841 } | 855 } |
| 842 | 856 |
| 843 void SrtpStat::AddProtectRtpResult(uint32 ssrc, int result) { | 857 void SrtpStat::AddProtectRtpResult(uint32_t ssrc, int result) { |
| 844 FailureKey key; | 858 FailureKey key; |
| 845 key.ssrc = ssrc; | 859 key.ssrc = ssrc; |
| 846 key.mode = SrtpFilter::PROTECT; | 860 key.mode = SrtpFilter::PROTECT; |
| 847 switch (result) { | 861 switch (result) { |
| 848 case err_status_ok: | 862 case err_status_ok: |
| 849 key.error = SrtpFilter::ERROR_NONE; | 863 key.error = SrtpFilter::ERROR_NONE; |
| 850 break; | 864 break; |
| 851 case err_status_auth_fail: | 865 case err_status_auth_fail: |
| 852 key.error = SrtpFilter::ERROR_AUTH; | 866 key.error = SrtpFilter::ERROR_AUTH; |
| 853 break; | 867 break; |
| 854 default: | 868 default: |
| 855 key.error = SrtpFilter::ERROR_FAIL; | 869 key.error = SrtpFilter::ERROR_FAIL; |
| 856 } | 870 } |
| 857 HandleSrtpResult(key); | 871 HandleSrtpResult(key); |
| 858 } | 872 } |
| 859 | 873 |
| 860 void SrtpStat::AddUnprotectRtpResult(uint32 ssrc, int result) { | 874 void SrtpStat::AddUnprotectRtpResult(uint32_t ssrc, int result) { |
| 861 FailureKey key; | 875 FailureKey key; |
| 862 key.ssrc = ssrc; | 876 key.ssrc = ssrc; |
| 863 key.mode = SrtpFilter::UNPROTECT; | 877 key.mode = SrtpFilter::UNPROTECT; |
| 864 switch (result) { | 878 switch (result) { |
| 865 case err_status_ok: | 879 case err_status_ok: |
| 866 key.error = SrtpFilter::ERROR_NONE; | 880 key.error = SrtpFilter::ERROR_NONE; |
| 867 break; | 881 break; |
| 868 case err_status_auth_fail: | 882 case err_status_auth_fail: |
| 869 key.error = SrtpFilter::ERROR_AUTH; | 883 key.error = SrtpFilter::ERROR_AUTH; |
| 870 break; | 884 break; |
| (...skipping 15 matching lines...) Loading... |
| 886 AddUnprotectRtpResult(0U, result); | 900 AddUnprotectRtpResult(0U, result); |
| 887 } | 901 } |
| 888 | 902 |
| 889 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) { | 903 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) { |
| 890 // Handle some cases where error should be signalled right away. For other | 904 // Handle some cases where error should be signalled right away. For other |
| 891 // errors, trigger error for the first time seeing it. After that, silent | 905 // errors, trigger error for the first time seeing it. After that, silent |
| 892 // the same error for a certain amount of time (default 1 sec). | 906 // the same error for a certain amount of time (default 1 sec). |
| 893 if (key.error != SrtpFilter::ERROR_NONE) { | 907 if (key.error != SrtpFilter::ERROR_NONE) { |
| 894 // For errors, signal first time and wait for 1 sec. | 908 // For errors, signal first time and wait for 1 sec. |
| 895 FailureStat* stat = &(failures_[key]); | 909 FailureStat* stat = &(failures_[key]); |
| 896 uint32 current_time = rtc::Time(); | 910 uint32_t current_time = rtc::Time(); |
| 897 if (stat->last_signal_time == 0 || | 911 if (stat->last_signal_time == 0 || |
| 898 rtc::TimeDiff(current_time, stat->last_signal_time) > | 912 rtc::TimeDiff(current_time, stat->last_signal_time) > |
| 899 static_cast<int>(signal_silent_time_)) { | 913 static_cast<int>(signal_silent_time_)) { |
| 900 SignalSrtpError(key.ssrc, key.mode, key.error); | 914 SignalSrtpError(key.ssrc, key.mode, key.error); |
| 901 stat->last_signal_time = current_time; | 915 stat->last_signal_time = current_time; |
| 902 } | 916 } |
| 903 } | 917 } |
| 904 } | 918 } |
| 905 | 919 |
| 906 #else // !HAVE_SRTP | 920 #else // !HAVE_SRTP |
| 907 | 921 |
| 908 // On some systems, SRTP is not (yet) available. | 922 // On some systems, SRTP is not (yet) available. |
| 909 | 923 |
| 910 SrtpStat::SrtpStat() | 924 SrtpStat::SrtpStat() |
| 911 : signal_silent_time_(1000) { | 925 : signal_silent_time_(1000) { |
| 912 LOG(WARNING) << "SRTP implementation is missing."; | 926 LOG(WARNING) << "SRTP implementation is missing."; |
| 913 } | 927 } |
| 914 | 928 |
| 915 void SrtpStat::AddProtectRtpResult(uint32 ssrc, int result) { | 929 void SrtpStat::AddProtectRtpResult(uint32_t ssrc, int result) { |
| 916 SrtpNotAvailable(__FUNCTION__); | 930 SrtpNotAvailable(__FUNCTION__); |
| 917 } | 931 } |
| 918 | 932 |
| 919 void SrtpStat::AddUnprotectRtpResult(uint32 ssrc, int result) { | 933 void SrtpStat::AddUnprotectRtpResult(uint32_t ssrc, int result) { |
| 920 SrtpNotAvailable(__FUNCTION__); | 934 SrtpNotAvailable(__FUNCTION__); |
| 921 } | 935 } |
| 922 | 936 |
| 923 void SrtpStat::AddProtectRtcpResult(int result) { | 937 void SrtpStat::AddProtectRtcpResult(int result) { |
| 924 SrtpNotAvailable(__FUNCTION__); | 938 SrtpNotAvailable(__FUNCTION__); |
| 925 } | 939 } |
| 926 | 940 |
| 927 void SrtpStat::AddUnprotectRtcpResult(int result) { | 941 void SrtpStat::AddUnprotectRtcpResult(int result) { |
| 928 SrtpNotAvailable(__FUNCTION__); | 942 SrtpNotAvailable(__FUNCTION__); |
| 929 } | 943 } |
| 930 | 944 |
| 931 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) { | 945 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) { |
| 932 SrtpNotAvailable(__FUNCTION__); | 946 SrtpNotAvailable(__FUNCTION__); |
| 933 } | 947 } |
| 934 | 948 |
| 935 #endif // HAVE_SRTP | 949 #endif // HAVE_SRTP |
| 936 | 950 |
| 937 } // namespace cricket | 951 } // namespace cricket |
| OLD | NEW |
|---|
Chromium Code Reviews