Add support for GCM cipher suites from RFC 7714.

webrtc/pc/srtpfilter.cc

 /*
  *  Copyright 2009 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
 #include "webrtc/pc/srtpfilter.h"
 
 #include <string.h>
 
 #include <algorithm>
 
 #include "webrtc/base/base64.h"
+#include "webrtc/base/buffer.h"
 #include "webrtc/base/byteorder.h"
 #include "webrtc/base/checks.h"
 #include "webrtc/base/common.h"
 #include "webrtc/base/logging.h"
 #include "webrtc/base/stringencode.h"
 #include "webrtc/base/timeutils.h"
 #include "webrtc/media/base/rtputils.h"
 
 // Enable this line to turn on SRTP debugging
 // #define SRTP_DEBUG
@@ skipping 13 matching lines @@
 #endif  // ENABLE_EXTERNAL_AUTH
 #if !defined(NDEBUG)
 extern "C" debug_module_t mod_srtp;
 extern "C" debug_module_t mod_auth;
 extern "C" debug_module_t mod_cipher;
 extern "C" debug_module_t mod_stat;
 extern "C" debug_module_t mod_alloc;
 extern "C" debug_module_t mod_aes_icm;
 extern "C" debug_module_t mod_aes_hmac;
 #endif
-#else
-// SrtpFilter needs that constant.
-#define SRTP_MASTER_KEY_LEN 30
 #endif  // HAVE_SRTP
 
 namespace cricket {
 
-const int SRTP_MASTER_KEY_BASE64_LEN = SRTP_MASTER_KEY_LEN * 4 / 3;
-const int SRTP_MASTER_KEY_KEY_LEN = 16;
-const int SRTP_MASTER_KEY_SALT_LEN = 14;
-
 #ifndef HAVE_SRTP
 
 // This helper function is used on systems that don't (yet) have SRTP,
 // to log that the functions that require it won't do anything.
 namespace {
 bool SrtpNotAvailable(const char *func) {
   LOG(LS_ERROR) << func << ": SRTP is not available on your system.";
   return false;
 }
 }  // anonymous namespace
@@ skipping 324 matching lines @@
   // CryptoParams is unchanged.
   if (applied_send_params_.cipher_suite == send_params.cipher_suite &&
       applied_send_params_.key_params == send_params.key_params &&
       applied_recv_params_.cipher_suite == recv_params.cipher_suite &&
       applied_recv_params_.key_params == recv_params.key_params) {
     LOG(LS_INFO) << "Applying the same SRTP parameters again. No-op.";
 
     // We do not want to reset the ROC if the keys are the same. So just return.
     return true;
   }
+
+  int send_suite = rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite);
+  int recv_suite = rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite);
+  if (send_suite == rtc::SRTP_INVALID_CRYPTO_SUITE ||
+      recv_suite == rtc::SRTP_INVALID_CRYPTO_SUITE) {
+    LOG(LS_WARNING) << "Unknown crypto suite(s) received:"
+                    << " send cipher_suite " << send_params.cipher_suite
+                    << " recv cipher_suite " << recv_params.cipher_suite;
+    return false;
+  }
+
+  int send_key_len, send_salt_len;
+  int recv_key_len, recv_salt_len;
+  if (!rtc::GetSrtpKeyAndSaltLengths(send_suite, &send_key_len,
+                                     &send_salt_len) ||
+      !rtc::GetSrtpKeyAndSaltLengths(recv_suite, &recv_key_len,
+                                     &recv_salt_len)) {
+    LOG(LS_WARNING) << "Could not get lengths for crypto suite(s):"
+                    << " send cipher_suite " << send_params.cipher_suite
+                    << " recv cipher_suite " << recv_params.cipher_suite;
+    return false;
+  }
+
   // TODO(juberti): Zero these buffers after use.
   bool ret;
-  uint8_t send_key[SRTP_MASTER_KEY_LEN], recv_key[SRTP_MASTER_KEY_LEN];
-  ret = (ParseKeyParams(send_params.key_params, send_key, sizeof(send_key)) &&
-         ParseKeyParams(recv_params.key_params, recv_key, sizeof(recv_key)));
+  rtc::Buffer send_key(send_key_len + send_salt_len);
+  rtc::Buffer recv_key(recv_key_len + recv_salt_len);
+  ret = (ParseKeyParams(send_params.key_params, send_key.data(),
+                        send_key.size()) &&
+         ParseKeyParams(recv_params.key_params, recv_key.data(),
+                        recv_key.size()));
   if (ret) {
     CreateSrtpSessions();
     ret = (send_session_->SetSend(
-               rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), send_key,
-               sizeof(send_key)) &&
+               rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite),
+               send_key.data(), send_key.size()) &&
            recv_session_->SetRecv(
-               rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), recv_key,
-               sizeof(recv_key)));
+               rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite),
+               recv_key.data(), recv_key.size()));
   }
   if (ret) {
     LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
                  << " send cipher_suite " << send_params.cipher_suite
                  << " recv cipher_suite " << recv_params.cipher_suite;
     applied_send_params_ = send_params;
     applied_recv_params_ = recv_params;
   } else {
     LOG(LS_WARNING) << "Failed to apply negotiated SRTP parameters";
   }
   return ret;
 }
 
 bool SrtpFilter::ResetParams() {
   offer_params_.clear();
   state_ = ST_INIT;
   send_session_ = nullptr;
   recv_session_ = nullptr;
   send_rtcp_session_ = nullptr;
   recv_rtcp_session_ = nullptr;
   LOG(LS_INFO) << "SRTP reset to init state";
   return true;
 }
 
 bool SrtpFilter::ParseKeyParams(const std::string& key_params,
                                 uint8_t* key,
-                                int len) {
+                                size_t len) {
   // example key_params: "inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2"
 
   // Fail if key-method is wrong.
   if (key_params.find("inline:") != 0) {
     return false;
   }
 
   // Fail if base64 decode fails, or the key is the wrong size.
   std::string key_b64(key_params.substr(7)), key_str;
   if (!rtc::Base64::Decode(key_b64, rtc::Base64::DO_STRICT,
-                           &key_str, nullptr) ||
-      static_cast<int>(key_str.size()) != len) {
+                           &key_str, nullptr) || key_str.size() != len) {
     return false;
   }
 
   memcpy(key, key_str.c_str(), len);
   return true;
 }
 
 ///////////////////////////////////////////////////////////////////////////////
 // SrtpSession
 
@@ skipping 13 matching lines @@
   SignalSrtpError.repeat(srtp_stat_->SignalSrtpError);
 }
 
 SrtpSession::~SrtpSession() {
   if (session_) {
     srtp_set_user_data(session_, nullptr);
     srtp_dealloc(session_);
   }
 }
 
-bool SrtpSession::SetSend(int cs, const uint8_t* key, int len) {
+bool SrtpSession::SetSend(int cs, const uint8_t* key, size_t len) {
   return SetKey(ssrc_any_outbound, cs, key, len);
 }
 
-bool SrtpSession::SetRecv(int cs, const uint8_t* key, int len) {
+bool SrtpSession::SetRecv(int cs, const uint8_t* key, size_t len) {
   return SetKey(ssrc_any_inbound, cs, key, len);
 }
 
 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) {
   RTC_DCHECK(thread_checker_.CalledOnValidThread());
   if (!session_) {
     LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session";
     return false;
   }
 
@@ skipping 133 matching lines @@
   // Shift packet index, put into network byte order
   *index = static_cast<int64_t>(
       rtc::NetworkToHost64(rdbx_get_packet_index(&stream->rtp_rdbx) << 16));
   return true;
 }
 
 void SrtpSession::set_signal_silent_time(int signal_silent_time_in_ms) {
   srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms);
 }
 
-bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, int len) {
+bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) {
   RTC_DCHECK(thread_checker_.CalledOnValidThread());
   if (session_) {
     LOG(LS_ERROR) << "Failed to create SRTP session: "
                   << "SRTP session already created";
     return false;
   }
 
   if (!Init()) {
     return false;
   }
 
   srtp_policy_t policy;
   memset(&policy, 0, sizeof(policy));
-
   if (cs == rtc::SRTP_AES128_CM_SHA1_80) {
     crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
     crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
   } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) {
     crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);   // rtp is 32,
     crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);  // rtcp still 80
+#if !defined(ENABLE_EXTERNAL_AUTH)
+    // TODO(jbauch): Re-enable once https://crbug.com/628400 is resolved.
+  } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) {
+    crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+    crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
+  } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) {
+    crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
+    crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
+#endif  // ENABLE_EXTERNAL_AUTH
   } else {
     LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"
                     << " cipher_suite " << cs;
     return false;
   }
 
-  if (!key || len != SRTP_MASTER_KEY_LEN) {
+  int expected_key_len;
+  int expected_salt_len;
+  if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len,
+      &expected_salt_len)) {
+    // This should never happen.
+    LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"
+                    << " cipher_suite without length information" << cs;
+    return false;
+  }
+
+  if (!key ||
+      len != static_cast<size_t>(expected_key_len + expected_salt_len)) {
     LOG(LS_WARNING) << "Failed to create SRTP session: invalid key";
     return false;
   }
 
   policy.ssrc.type = static_cast<ssrc_type_t>(type);
   policy.ssrc.value = 0;
   policy.key = const_cast<uint8_t*>(key);
   // TODO(astor) parse window size from WSH session-param
   policy.window_size = 1024;
   policy.allow_repeat_tx = 1;
@@ skipping 235 matching lines @@
   SrtpNotAvailable(__FUNCTION__);
 }
 
 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) {
   SrtpNotAvailable(__FUNCTION__);
 }
 
 #endif  // HAVE_SRTP
 
 }  // namespace cricket