talk/session/media/srtpfilter.cc - Issue 1528843005: Add support for GCM cipher suites from RFC 7714.

Side by Side Diff: talk/session/media/srtpfilter.cc

Issue 1528843005: Add support for GCM cipher suites from RFC 7714. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master

Patch Set: Added PeerConnection tests using GCM ciphers, fixed passing of flag through DtlsTransportChannel. Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * libjingle	2 * libjingle

3 * Copyright 2009 Google Inc.	3 * Copyright 2009 Google Inc.

4 *	4 *

5 * Redistribution and use in source and binary forms, with or without	5 * Redistribution and use in source and binary forms, with or without

6 * modification, are permitted provided that the following conditions are met:	6 * modification, are permitted provided that the following conditions are met:

7 *	7 *

8 * 1. Redistributions of source code must retain the above copyright notice,	8 * 1. Redistributions of source code must retain the above copyright notice,

9 * this list of conditions and the following disclaimer.	9 * this list of conditions and the following disclaimer.

10 * 2. Redistributions in binary form must reproduce the above copyright notice,	10 * 2. Redistributions in binary form must reproduce the above copyright notice,

(...skipping 55 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
66 extern "C" debug_module_t mod_aes_icm;	66 extern "C" debug_module_t mod_aes_icm;

67 extern "C" debug_module_t mod_aes_hmac;	67 extern "C" debug_module_t mod_aes_hmac;

68 #endif	68 #endif

69 #else	69 #else

70 // SrtpFilter needs that constant.	70 // SrtpFilter needs that constant.

71 #define SRTP_MASTER_KEY_LEN 30	71 #define SRTP_MASTER_KEY_LEN 30

72 #endif // HAVE_SRTP	72 #endif // HAVE_SRTP

73	73

74 namespace cricket {	74 namespace cricket {

75	75

76 const int SRTP_MASTER_KEY_BASE64_LEN = SRTP_MASTER_KEY_LEN * 4 / 3;

77 const int SRTP_MASTER_KEY_KEY_LEN = 16;

78 const int SRTP_MASTER_KEY_SALT_LEN = 14;

79

80 #ifndef HAVE_SRTP	76 #ifndef HAVE_SRTP

81	77

82 // This helper function is used on systems that don't (yet) have SRTP,	78 // This helper function is used on systems that don't (yet) have SRTP,

83 // to log that the functions that require it won't do anything.	79 // to log that the functions that require it won't do anything.

84 namespace {	80 namespace {

85 bool SrtpNotAvailable(const char *func) {	81 bool SrtpNotAvailable(const char *func) {

86 LOG(LS_ERROR) << func << ": SRTP is not available on your system.";	82 LOG(LS_ERROR) << func << ": SRTP is not available on your system.";

87 return false;	83 return false;

88 }	84 }

89 } // anonymous namespace	85 } // anonymous namespace

(...skipping 577 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
667 return false;	663 return false;

668 }	664 }

669	665

670 if (!Init()) {	666 if (!Init()) {

671 return false;	667 return false;

672 }	668 }

673	669

674 srtp_policy_t policy;	670 srtp_policy_t policy;

675 memset(&policy, 0, sizeof(policy));	671 memset(&policy, 0, sizeof(policy));

676	672

	673 int expected_key_len;

677 if (cs == rtc::SRTP_AES128_CM_SHA1_80) {	674 if (cs == rtc::SRTP_AES128_CM_SHA1_80) {

678 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);	675 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);

679 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);	676 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);

	677 // Master key is 128 bits key + 112 bits salt.

	678 expected_key_len = 16 + 14;

680 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) {	679 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) {

681 crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); // rtp is 32,	680 crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); // rtp is 32,

682 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // rtcp still 80	681 crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // rtcp still 80

	682 // Master key is 128 bits key + 112 bits salt.

	683 expected_key_len = 16 + 14;

	684 } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) {

	685 crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);

	686 crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);

	687 // Master key is 128 bits key + 96 bits salt.

	688 expected_key_len = 16 + 12;

	689 } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) {

	690 crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);

	691 crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);

	692 // Master key is 256 bits key + 96 bits salt.

	693 expected_key_len = 32 + 12;
	pthatcher1 2015/12/18 20:31:32 This seems duplicative with the new SrtpCryptoSuit This seems duplicative with the new SrtpCryptoSuiteParams function you added. Can you use that here to avoid duplicating information in the code base? joachim 2015/12/19 15:26:23 Right, I wrote that code before adding the new fun Show quoted text On 2015/12/18 20:31:32, pthatcher1 wrote: > This seems duplicative with the new SrtpCryptoSuiteParams function you added. > Can you use that here to avoid duplicating information in the code base? Right, I wrote that code before adding the new function. Changed.
683 } else {	694 } else {

684 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"	695 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"

685 << " cipher_suite " << cs;	696 << " cipher_suite " << cs;

686 return false;	697 return false;

687 }	698 }

688	699

689 if (!key \|\| len != SRTP_MASTER_KEY_LEN) {	700 if (!key \|\| len != expected_key_len) {

690 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key";	701 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key";

691 return false;	702 return false;

692 }	703 }

693	704

694 policy.ssrc.type = static_cast<ssrc_type_t>(type);	705 policy.ssrc.type = static_cast<ssrc_type_t>(type);

695 policy.ssrc.value = 0;	706 policy.ssrc.value = 0;

696 policy.key = const_cast<uint8_t*>(key);	707 policy.key = const_cast<uint8_t*>(key);

697 // TODO(astor) parse window size from WSH session-param	708 // TODO(astor) parse window size from WSH session-param

698 policy.window_size = 1024;	709 policy.window_size = 1024;

699 policy.allow_repeat_tx = 1;	710 policy.allow_repeat_tx = 1;

700 // If external authentication option is enabled, supply custom auth module	711 // If external authentication option is enabled, supply custom auth module

701 // id EXTERNAL_HMAC_SHA1 in the policy structure.	712 // id EXTERNAL_HMAC_SHA1 in the policy structure.

702 // We want to set this option only for rtp packets.	713 // We want to set this option only for rtp packets.

703 // By default policy structure is initialized to HMAC_SHA1.	714 // By default policy structure is initialized to HMAC_SHA1.

704 #if defined(ENABLE_EXTERNAL_AUTH)	715 #if defined(ENABLE_EXTERNAL_AUTH)

705 // Enable external HMAC authentication only for outgoing streams.	716 // Enable external HMAC authentication only for outgoing streams.

706 if (type == ssrc_any_outbound) {	717 if (type == ssrc_any_outbound) {

707 policy.rtp.auth_type = EXTERNAL_HMAC_SHA1;	718 policy.rtp.auth_type = EXTERNAL_HMAC_SHA1;

708 }	719 }

709 #endif	720 #endif

710 policy.next = NULL;	721 policy.next = NULL;

711	722

712 int err = srtp_create(&session_, &policy);	723 int err = srtp_create(&session_, &policy);

713 if (err != err_status_ok) {	724 if (err != err_status_ok) {

714 session_ = NULL;	725 session_ = NULL;

715 LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err;	726 LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err;

716 return false;	727 return false;

717 }	728 }

718	729

719

720 rtp_auth_tag_len_ = policy.rtp.auth_tag_len;	730 rtp_auth_tag_len_ = policy.rtp.auth_tag_len;

721 rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len;	731 rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len;

722 return true;	732 return true;

723 }	733 }

724	734

725 bool SrtpSession::Init() {	735 bool SrtpSession::Init() {

726 rtc::GlobalLockScope ls(&lock_);	736 rtc::GlobalLockScope ls(&lock_);

727	737

728 if (!inited_) {	738 if (!inited_) {

729 int err;	739 int err;

(...skipping 211 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
941 SrtpNotAvailable(__FUNCTION__);	951 SrtpNotAvailable(__FUNCTION__);

942 }	952 }

943	953

944 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) {	954 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) {

945 SrtpNotAvailable(__FUNCTION__);	955 SrtpNotAvailable(__FUNCTION__);

946 }	956 }

947	957

948 #endif // HAVE_SRTP	958 #endif // HAVE_SRTP

949	959

950 } // namespace cricket	960 } // namespace cricket

OLD	NEW

« talk/session/media/mediasession.cc ('K') | « talk/session/media/srtpfilter.h ('k') | webrtc/base/opensslstreamadapter.cc » ('j') | no next file with comments »