OLD | NEW |
1 /* | 1 /* |
2 * libjingle | 2 * libjingle |
3 * Copyright 2009 Google Inc. | 3 * Copyright 2009 Google Inc. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are met: | 6 * modification, are permitted provided that the following conditions are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright notice, | 8 * 1. Redistributions of source code must retain the above copyright notice, |
9 * this list of conditions and the following disclaimer. | 9 * this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright notice, | 10 * 2. Redistributions in binary form must reproduce the above copyright notice, |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
139 ContentSource source) { | 139 ContentSource source) { |
140 return DoSetAnswer(answer_params, source, true); | 140 return DoSetAnswer(answer_params, source, true); |
141 } | 141 } |
142 | 142 |
143 bool SrtpFilter::SetProvisionalAnswer( | 143 bool SrtpFilter::SetProvisionalAnswer( |
144 const std::vector<CryptoParams>& answer_params, | 144 const std::vector<CryptoParams>& answer_params, |
145 ContentSource source) { | 145 ContentSource source) { |
146 return DoSetAnswer(answer_params, source, false); | 146 return DoSetAnswer(answer_params, source, false); |
147 } | 147 } |
148 | 148 |
149 bool SrtpFilter::SetRtpParams(int send_cs, | 149 bool SrtpFilter::SetRtpParams(const std::string& send_cs, |
150 const uint8_t* send_key, | 150 const uint8_t* send_key, |
151 int send_key_len, | 151 int send_key_len, |
152 int recv_cs, | 152 const std::string& recv_cs, |
153 const uint8_t* recv_key, | 153 const uint8_t* recv_key, |
154 int recv_key_len) { | 154 int recv_key_len) { |
155 if (IsActive()) { | 155 if (IsActive()) { |
156 LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active"; | 156 LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active"; |
157 return false; | 157 return false; |
158 } | 158 } |
159 CreateSrtpSessions(); | 159 CreateSrtpSessions(); |
160 if (!send_session_->SetSend(send_cs, send_key, send_key_len)) | 160 if (!send_session_->SetSend(send_cs, send_key, send_key_len)) |
161 return false; | 161 return false; |
162 | 162 |
163 if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) | 163 if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) |
164 return false; | 164 return false; |
165 | 165 |
166 state_ = ST_ACTIVE; | 166 state_ = ST_ACTIVE; |
167 | 167 |
168 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" | 168 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" |
169 << " send cipher_suite " << send_cs | 169 << " send cipher_suite " << send_cs |
170 << " recv cipher_suite " << recv_cs; | 170 << " recv cipher_suite " << recv_cs; |
171 return true; | 171 return true; |
172 } | 172 } |
173 | 173 |
174 // This function is provided separately because DTLS-SRTP behaves | 174 // This function is provided separately because DTLS-SRTP behaves |
175 // differently in RTP/RTCP mux and non-mux modes. | 175 // differently in RTP/RTCP mux and non-mux modes. |
176 // | 176 // |
177 // - In the non-muxed case, RTP and RTCP are keyed with different | 177 // - In the non-muxed case, RTP and RTCP are keyed with different |
178 // keys (from different DTLS handshakes), and so we need a new | 178 // keys (from different DTLS handshakes), and so we need a new |
179 // SrtpSession. | 179 // SrtpSession. |
180 // - In the muxed case, they are keyed with the same keys, so | 180 // - In the muxed case, they are keyed with the same keys, so |
181 // this function is not needed | 181 // this function is not needed |
182 bool SrtpFilter::SetRtcpParams(int send_cs, | 182 bool SrtpFilter::SetRtcpParams(const std::string& send_cs, |
183 const uint8_t* send_key, | 183 const uint8_t* send_key, |
184 int send_key_len, | 184 int send_key_len, |
185 int recv_cs, | 185 const std::string& recv_cs, |
186 const uint8_t* recv_key, | 186 const uint8_t* recv_key, |
187 int recv_key_len) { | 187 int recv_key_len) { |
188 // This can only be called once, but can be safely called after | 188 // This can only be called once, but can be safely called after |
189 // SetRtpParams | 189 // SetRtpParams |
190 if (send_rtcp_session_ || recv_rtcp_session_) { | 190 if (send_rtcp_session_ || recv_rtcp_session_) { |
191 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active"; | 191 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active"; |
192 return false; | 192 return false; |
193 } | 193 } |
194 | 194 |
195 send_rtcp_session_.reset(new SrtpSession()); | 195 send_rtcp_session_.reset(new SrtpSession()); |
(...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
421 // We do not want to reset the ROC if the keys are the same. So just return. | 421 // We do not want to reset the ROC if the keys are the same. So just return. |
422 return true; | 422 return true; |
423 } | 423 } |
424 // TODO(juberti): Zero these buffers after use. | 424 // TODO(juberti): Zero these buffers after use. |
425 bool ret; | 425 bool ret; |
426 uint8_t send_key[SRTP_MASTER_KEY_LEN], recv_key[SRTP_MASTER_KEY_LEN]; | 426 uint8_t send_key[SRTP_MASTER_KEY_LEN], recv_key[SRTP_MASTER_KEY_LEN]; |
427 ret = (ParseKeyParams(send_params.key_params, send_key, sizeof(send_key)) && | 427 ret = (ParseKeyParams(send_params.key_params, send_key, sizeof(send_key)) && |
428 ParseKeyParams(recv_params.key_params, recv_key, sizeof(recv_key))); | 428 ParseKeyParams(recv_params.key_params, recv_key, sizeof(recv_key))); |
429 if (ret) { | 429 if (ret) { |
430 CreateSrtpSessions(); | 430 CreateSrtpSessions(); |
431 ret = (send_session_->SetSend( | 431 ret = (send_session_->SetSend(send_params.cipher_suite, |
432 rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), send_key, | 432 send_key, sizeof(send_key)) && |
433 sizeof(send_key)) && | 433 recv_session_->SetRecv(recv_params.cipher_suite, |
434 recv_session_->SetRecv( | 434 recv_key, sizeof(recv_key))); |
435 rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), recv_key, | |
436 sizeof(recv_key))); | |
437 } | 435 } |
438 if (ret) { | 436 if (ret) { |
439 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" | 437 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" |
440 << " send cipher_suite " << send_params.cipher_suite | 438 << " send cipher_suite " << send_params.cipher_suite |
441 << " recv cipher_suite " << recv_params.cipher_suite; | 439 << " recv cipher_suite " << recv_params.cipher_suite; |
442 applied_send_params_ = send_params; | 440 applied_send_params_ = send_params; |
443 applied_recv_params_ = recv_params; | 441 applied_recv_params_ = recv_params; |
444 } else { | 442 } else { |
445 LOG(LS_WARNING) << "Failed to apply negotiated SRTP parameters"; | 443 LOG(LS_WARNING) << "Failed to apply negotiated SRTP parameters"; |
446 } | 444 } |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
502 SrtpSession::~SrtpSession() { | 500 SrtpSession::~SrtpSession() { |
503 { | 501 { |
504 rtc::GlobalLockScope ls(&lock_); | 502 rtc::GlobalLockScope ls(&lock_); |
505 sessions()->erase(std::find(sessions()->begin(), sessions()->end(), this)); | 503 sessions()->erase(std::find(sessions()->begin(), sessions()->end(), this)); |
506 } | 504 } |
507 if (session_) { | 505 if (session_) { |
508 srtp_dealloc(session_); | 506 srtp_dealloc(session_); |
509 } | 507 } |
510 } | 508 } |
511 | 509 |
512 bool SrtpSession::SetSend(int cs, const uint8_t* key, int len) { | 510 bool SrtpSession::SetSend(const std::string& cs, const uint8_t* key, int len) { |
513 return SetKey(ssrc_any_outbound, cs, key, len); | 511 return SetKey(ssrc_any_outbound, cs, key, len); |
514 } | 512 } |
515 | 513 |
516 bool SrtpSession::SetRecv(int cs, const uint8_t* key, int len) { | 514 bool SrtpSession::SetRecv(const std::string& cs, const uint8_t* key, int len) { |
517 return SetKey(ssrc_any_inbound, cs, key, len); | 515 return SetKey(ssrc_any_inbound, cs, key, len); |
518 } | 516 } |
519 | 517 |
520 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { | 518 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { |
521 if (!session_) { | 519 if (!session_) { |
522 LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session"; | 520 LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session"; |
523 return false; | 521 return false; |
524 } | 522 } |
525 | 523 |
526 int need_len = in_len + rtp_auth_tag_len_; // NOLINT | 524 int need_len = in_len + rtp_auth_tag_len_; // NOLINT |
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
653 // Shift packet index, put into network byte order | 651 // Shift packet index, put into network byte order |
654 *index = static_cast<int64_t>( | 652 *index = static_cast<int64_t>( |
655 rtc::NetworkToHost64(rdbx_get_packet_index(&stream->rtp_rdbx) << 16)); | 653 rtc::NetworkToHost64(rdbx_get_packet_index(&stream->rtp_rdbx) << 16)); |
656 return true; | 654 return true; |
657 } | 655 } |
658 | 656 |
659 void SrtpSession::set_signal_silent_time(uint32_t signal_silent_time_in_ms) { | 657 void SrtpSession::set_signal_silent_time(uint32_t signal_silent_time_in_ms) { |
660 srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms); | 658 srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms); |
661 } | 659 } |
662 | 660 |
663 bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, int len) { | 661 bool SrtpSession::SetKey(int type, |
| 662 const std::string& cs, |
| 663 const uint8_t* key, |
| 664 int len) { |
664 if (session_) { | 665 if (session_) { |
665 LOG(LS_ERROR) << "Failed to create SRTP session: " | 666 LOG(LS_ERROR) << "Failed to create SRTP session: " |
666 << "SRTP session already created"; | 667 << "SRTP session already created"; |
667 return false; | 668 return false; |
668 } | 669 } |
669 | 670 |
670 if (!Init()) { | 671 if (!Init()) { |
671 return false; | 672 return false; |
672 } | 673 } |
673 | 674 |
674 srtp_policy_t policy; | 675 srtp_policy_t policy; |
675 memset(&policy, 0, sizeof(policy)); | 676 memset(&policy, 0, sizeof(policy)); |
676 | 677 |
677 if (cs == rtc::SRTP_AES128_CM_SHA1_80) { | 678 if (cs == rtc::CS_AES_CM_128_HMAC_SHA1_80) { |
678 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); | 679 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); |
679 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); | 680 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); |
680 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) { | 681 } else if (cs == rtc::CS_AES_CM_128_HMAC_SHA1_32) { |
681 crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); // rtp is 32, | 682 crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); // rtp is 32, |
682 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // rtcp still 80 | 683 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // rtcp still 80 |
683 } else { | 684 } else { |
684 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" | 685 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" |
685 << " cipher_suite " << cs; | 686 << " cipher_suite " << cs.c_str(); |
686 return false; | 687 return false; |
687 } | 688 } |
688 | 689 |
689 if (!key || len != SRTP_MASTER_KEY_LEN) { | 690 if (!key || len != SRTP_MASTER_KEY_LEN) { |
690 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key"; | 691 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key"; |
691 return false; | 692 return false; |
692 } | 693 } |
693 | 694 |
694 policy.ssrc.type = static_cast<ssrc_type_t>(type); | 695 policy.ssrc.type = static_cast<ssrc_type_t>(type); |
695 policy.ssrc.value = 0; | 696 policy.ssrc.value = 0; |
(...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
941 SrtpNotAvailable(__FUNCTION__); | 942 SrtpNotAvailable(__FUNCTION__); |
942 } | 943 } |
943 | 944 |
944 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) { | 945 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) { |
945 SrtpNotAvailable(__FUNCTION__); | 946 SrtpNotAvailable(__FUNCTION__); |
946 } | 947 } |
947 | 948 |
948 #endif // HAVE_SRTP | 949 #endif // HAVE_SRTP |
949 | 950 |
950 } // namespace cricket | 951 } // namespace cricket |
OLD | NEW |