| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2009 The WebRTC project authors. All Rights Reserved. | 2 * Copyright 2009 The WebRTC project authors. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 47 extern "C" debug_module_t mod_aes_icm; | 47 extern "C" debug_module_t mod_aes_icm; |
| 48 extern "C" debug_module_t mod_aes_hmac; | 48 extern "C" debug_module_t mod_aes_hmac; |
| 49 #endif | 49 #endif |
| 50 #else | 50 #else |
| 51 // SrtpFilter needs that constant. | 51 // SrtpFilter needs that constant. |
| 52 #define SRTP_MASTER_KEY_LEN 30 | 52 #define SRTP_MASTER_KEY_LEN 30 |
| 53 #endif // HAVE_SRTP | 53 #endif // HAVE_SRTP |
| 54 | 54 |
| 55 namespace cricket { | 55 namespace cricket { |
| 56 | 56 |
| 57 const int SRTP_MASTER_KEY_BASE64_LEN = SRTP_MASTER_KEY_LEN * 4 / 3; | |
| 58 const int SRTP_MASTER_KEY_KEY_LEN = 16; | |
| 59 const int SRTP_MASTER_KEY_SALT_LEN = 14; | |
| 60 | |
| 61 #ifndef HAVE_SRTP | 57 #ifndef HAVE_SRTP |
| 62 | 58 |
| 63 // This helper function is used on systems that don't (yet) have SRTP, | 59 // This helper function is used on systems that don't (yet) have SRTP, |
| 64 // to log that the functions that require it won't do anything. | 60 // to log that the functions that require it won't do anything. |
| 65 namespace { | 61 namespace { |
| 66 bool SrtpNotAvailable(const char *func) { | 62 bool SrtpNotAvailable(const char *func) { |
| 67 LOG(LS_ERROR) << func << ": SRTP is not available on your system."; | 63 LOG(LS_ERROR) << func << ": SRTP is not available on your system."; |
| 68 return false; | 64 return false; |
| 69 } | 65 } |
| 70 } // anonymous namespace | 66 } // anonymous namespace |
| (...skipping 580 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 651 << "SRTP session already created"; | 647 << "SRTP session already created"; |
| 652 return false; | 648 return false; |
| 653 } | 649 } |
| 654 | 650 |
| 655 if (!Init()) { | 651 if (!Init()) { |
| 656 return false; | 652 return false; |
| 657 } | 653 } |
| 658 | 654 |
| 659 srtp_policy_t policy; | 655 srtp_policy_t policy; |
| 660 memset(&policy, 0, sizeof(policy)); | 656 memset(&policy, 0, sizeof(policy)); |
| 661 | |
| 662 if (cs == rtc::SRTP_AES128_CM_SHA1_80) { | 657 if (cs == rtc::SRTP_AES128_CM_SHA1_80) { |
| 663 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); | 658 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); |
| 664 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); | 659 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); |
| 665 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) { | 660 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) { |
| 666 crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); // rtp is 32, | 661 crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); // rtp is 32, |
| 667 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // rtcp still 80 | 662 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // rtcp still 80 |
| 663 } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) { |
| 664 crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); |
| 665 crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp); |
| 666 } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) { |
| 667 crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp); |
| 668 crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp); |
| 668 } else { | 669 } else { |
| 669 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" | 670 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" |
| 670 << " cipher_suite " << cs; | 671 << " cipher_suite " << cs; |
| 671 return false; | 672 return false; |
| 672 } | 673 } |
| 673 | 674 |
| 674 if (!key || len != SRTP_MASTER_KEY_LEN) { | 675 int expected_key_len; |
| 676 int expected_salt_len; |
| 677 if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len, |
| 678 &expected_salt_len)) { |
| 679 // This should never happen. |
| 680 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" |
| 681 << " cipher_suite without length information" << cs; |
| 682 return false; |
| 683 } |
| 684 |
| 685 if (!key || len != (expected_key_len + expected_salt_len)) { |
| 675 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key"; | 686 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key"; |
| 676 return false; | 687 return false; |
| 677 } | 688 } |
| 678 | 689 |
| 679 policy.ssrc.type = static_cast<ssrc_type_t>(type); | 690 policy.ssrc.type = static_cast<ssrc_type_t>(type); |
| 680 policy.ssrc.value = 0; | 691 policy.ssrc.value = 0; |
| 681 policy.key = const_cast<uint8_t*>(key); | 692 policy.key = const_cast<uint8_t*>(key); |
| 682 // TODO(astor) parse window size from WSH session-param | 693 // TODO(astor) parse window size from WSH session-param |
| 683 policy.window_size = 1024; | 694 policy.window_size = 1024; |
| 684 policy.allow_repeat_tx = 1; | 695 policy.allow_repeat_tx = 1; |
| 685 // If external authentication option is enabled, supply custom auth module | 696 // If external authentication option is enabled, supply custom auth module |
| 686 // id EXTERNAL_HMAC_SHA1 in the policy structure. | 697 // id EXTERNAL_HMAC_SHA1 in the policy structure. |
| 687 // We want to set this option only for rtp packets. | 698 // We want to set this option only for rtp packets. |
| 688 // By default policy structure is initialized to HMAC_SHA1. | 699 // By default policy structure is initialized to HMAC_SHA1. |
| 689 #if defined(ENABLE_EXTERNAL_AUTH) | 700 #if defined(ENABLE_EXTERNAL_AUTH) |
| 690 // Enable external HMAC authentication only for outgoing streams. | 701 // Enable external HMAC authentication only for outgoing streams. |
| 691 if (type == ssrc_any_outbound) { | 702 if (type == ssrc_any_outbound) { |
| 692 policy.rtp.auth_type = EXTERNAL_HMAC_SHA1; | 703 policy.rtp.auth_type = EXTERNAL_HMAC_SHA1; |
| 693 } | 704 } |
| 694 #endif | 705 #endif |
| 695 policy.next = NULL; | 706 policy.next = NULL; |
| 696 | 707 |
| 697 int err = srtp_create(&session_, &policy); | 708 int err = srtp_create(&session_, &policy); |
| 698 if (err != err_status_ok) { | 709 if (err != err_status_ok) { |
| 699 session_ = NULL; | 710 session_ = NULL; |
| 700 LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err; | 711 LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err; |
| 701 return false; | 712 return false; |
| 702 } | 713 } |
| 703 | 714 |
| 704 | |
| 705 rtp_auth_tag_len_ = policy.rtp.auth_tag_len; | 715 rtp_auth_tag_len_ = policy.rtp.auth_tag_len; |
| 706 rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len; | 716 rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len; |
| 707 return true; | 717 return true; |
| 708 } | 718 } |
| 709 | 719 |
| 710 bool SrtpSession::Init() { | 720 bool SrtpSession::Init() { |
| 711 rtc::GlobalLockScope ls(&lock_); | 721 rtc::GlobalLockScope ls(&lock_); |
| 712 | 722 |
| 713 if (!inited_) { | 723 if (!inited_) { |
| 714 int err; | 724 int err; |
| (...skipping 211 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 926 SrtpNotAvailable(__FUNCTION__); | 936 SrtpNotAvailable(__FUNCTION__); |
| 927 } | 937 } |
| 928 | 938 |
| 929 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) { | 939 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) { |
| 930 SrtpNotAvailable(__FUNCTION__); | 940 SrtpNotAvailable(__FUNCTION__); |
| 931 } | 941 } |
| 932 | 942 |
| 933 #endif // HAVE_SRTP | 943 #endif // HAVE_SRTP |
| 934 | 944 |
| 935 } // namespace cricket | 945 } // namespace cricket |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1528843005:
Add support for GCM cipher suites from RFC 7714. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master